diff --git a/.gitignore b/.gitignore
index 857a978d1..e45d7f853 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,27 +1,213 @@
-*.user
-*/**/Makefile.in
-*/**/autom4te.cache/*
-*/**/compile
-*/**/config.guess
-*/**/config.h.in*
-*/**/config.log
-*/**/config.status
-*/**/config.sub
-*/**/depcomp
-*/**/configure
-!*/**/configure/
-*/**/install-sh
-*/**/ltmain.sh
-*/**/missing
-*/build/Makefile
-*/build/libtool
-*/build/rpmbuild
-*/m4
-*~
-stage/*
-build/*
 
-# Created by https://www.gitignore.io/api/macos,windows,linux
+# Created by https://www.gitignore.io/api/c,c++,java,linux,macos,windows,eclipse,autotools,executable,visualstudio
+
+### Autotools ###
+# http://www.gnu.org/software/automake
+
+.autotools
+Makefile
+Makefile.in
+ar-lib
+mdate-sh
+py-compile
+test-driver
+ylwrap
+
+# http://www.gnu.org/software/autoconf
+
+autom4te.cache
+autoscan.log
+autoscan-*.log
+aclocal.m4
+libtool.m4
+ltoptions.m4
+ltsugar.m4
+ltversion.m4
+lt~obsolete.m4
+compile
+config.guess
+config.h.in
+config.sub
+config.status
+configure
+configure.scan
+depcomp
+install-sh
+missing
+stamp-h1
+output.*
+traces.*
+requests
+
+# https://www.gnu.org/software/libtool/
+
+ltmain.sh
+
+# http://www.gnu.org/software/texinfo
+
+texinfo.tex
+
+### C ###
+# Prerequisites
+*.d
+
+# Object files
+*.o
+*.ko
+*.obj
+*.elf
+
+# Linker output
+*.ilk
+*.map
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Libraries
+*.lib
+*.a
+*.la
+*.lai
+*.lo
+*.Plo
+*.Po
+
+# Shared objects (inc. Windows DLLs)
+*.dll
+*.so
+*.so.*
+*.dylib
+
+# Executables
+*.exe
+*.out
+*.app
+*.i*86
+*.x86_64
+*.hex
+
+# Debug files
+*.dSYM/
+*.su
+*.idb
+*.pdb
+
+# Kernel Module Compile Results
+*.mod*
+*.cmd
+.tmp_versions/
+modules.order
+Module.symvers
+Mkfile.old
+dkms.conf
+
+### C++ ###
+# Prerequisites
+
+# Compiled Object files
+*.slo
+
+# Precompiled Headers
+
+# Compiled Dynamic libraries
+
+# Fortran module files
+*.mod
+*.smod
+
+# Compiled Static libraries
+*.lai
+
+# Executables
+
+### Eclipse ###
+
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+.project
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+# Scala IDE specific (Scala & Java development for Eclipse)
+.cache-main
+.scala_dependencies
+.worksheet
+
+### Executable ###
+*.bat
+*.cgi
+*.com
+*.gadget
+*.jar
+*.pif
+*.vb
+*.wsf
+
+### Java ###
+# Compiled class file
+*.class
+MANIFEST.MF
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.war
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
 
 ### Linux ###
 *~
@@ -46,7 +232,6 @@ build/*
 # Icon must end with two \r
 Icon
 
-
 # Thumbnails
 ._*
 
@@ -87,4 +272,309 @@ $RECYCLE.BIN/
 # Windows shortcuts
 *.lnk
 
-# End of https://www.gitignore.io/api/macos,windows,linux
+### VisualStudio ###
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
+
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+
+# Visual Studio 2015 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+**/Properties/launchSettings.json
+
+*_i.c
+*_p.c
+*_i.h
+*.meta
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp_proj
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# TODO: Comment the next line if you want to checkin your web deploy settings
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/packages/*
+# except build/, which is used as an MSBuild target.
+!**/packages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/packages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Typescript v1 declaration files
+typings/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# JetBrains Rider
+.idea/
+*.sln.iml
+
+# CodeRush
+.cr/
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# End of https://www.gitignore.io/api/c,c++,java,linux,macos,windows,eclipse,autotools,executable,visualstudio
+
+
+# lightwave files
+
+build/confdefs.h
+build/libtool
+build/include/
+build/stage/
+build/config/
+build/lwraft/
+build/vmafd/
+build/vmca/
+build/vmdir/
+build/vmdns/
+build/vmevent/
+build/vmidentity/
+build/vmmetrics/
+build/rpmbuild/
+
+# hmake files
+.hmake
+.hmakerc
diff --git a/BUILD.MD b/BUILD.MD
index da9345128..f2f7cb8cd 100644
--- a/BUILD.MD
+++ b/BUILD.MD
@@ -1,7 +1,6 @@
 Building the Lightwave STS Container
 ====================================
 
- 
 
 Deliverables
 ------------
diff --git a/HyperMake b/HyperMake
new file mode 100644
index 000000000..b36645c50
--- /dev/null
+++ b/HyperMake
@@ -0,0 +1,64 @@
+---
+format: hypermake.v0
+
+name: lightwave
+description: Lightwave
+
+targets:
+  rebuild-toolchain:
+    description: build toolchain image
+    watches:
+      - support/toolchain/docker/photon
+    build: support/toolchain/docker/photon
+    cache: false
+
+  toolchain:
+    description: place-holder for future dependencies
+
+  bootstrap-lightwave:
+    description: Bootstraps build
+    after:
+      - toolchain
+    watches:
+      - '**/**/*.am'
+      - '**/**/*.ac'
+    cmds:
+      - ./support/scripts/bootstrap.sh
+
+  build-lightwave:
+    description: build Lightwave source code for linux
+    after:
+      - bootstrap-lightwave
+    watches:
+      - support/scripts/build.sh
+      - '**/**/*.cpp'
+      - '**/**/*.c'
+      - '**/**/*.h'
+      - '**/**/*.java'
+    cmds:
+      - ./support/scripts/build.sh
+
+  build:
+    description: build source code
+    after:
+      - 'build-*'
+
+  pack:
+    description: Create RPM Package
+    after:
+      - build
+    cmds:
+      - ./support/scripts/pack.sh
+
+  clean:
+    description: Cleanup
+    always: true
+    cmds:
+      - ./support/scripts/clean.sh
+
+settings:
+  default-targets:
+    - build
+    - pack
+  docker:
+    image: 'vmware/lightwave-toolchain-photon:0.0.1'
diff --git a/Makefile b/Makefile
deleted file mode 100644
index c02e702b3..000000000
--- a/Makefile
+++ /dev/null
@@ -1,372 +0,0 @@
-#
-# Copyright 2015 VMware, Inc
-#
-
-SRCROOT := .
-MAKEROOT=$(SRCROOT)/support/make
-include $(MAKEROOT)/makedefs.mk
-
-PACKAGES=\
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMEVENT_CLIENT_DEVEL_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_C_CLIENT_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_DEVEL_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_DEVEL_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_DEVEL_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_DEVEL_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_PYTHON_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_DEVEL_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(CFG_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_SERVER_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_CLIENTS_RPM) \
-    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_RAFT_RPM)
-
-all: $(LIGHTWAVE_STAGE_DIR) $(PACKAGES)
-
-lw-raft: $(LIGHTWAVE_STAGE_DIR) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_RAFT_RPM)
-
-appliance: $(PHOTON_OVA) $(LIGHTWAVE_OVA)
-
-appliance-sandbox: $(PACKAGES) $(PHOTON_OVA) $(LIGHTWAVE_SB_OVA)
-
-$(PHOTON_OVA): $(LIGHTWAVE_STAGE_DIR)
-	$(MKDIR) -p $(LIGHTWAVE_STAGE_DIR)/lw-appliance
-	cd $(SRCROOT)/appliance/photon-ova && ./build.sh $(LIGHTWAVE_STAGE_DIR)/lw-appliance
-
-$(LIGHTWAVE_SB_OVA): $(LIGHTWAVE_STAGE_DIR)
-	$(MKDIR) -p $(LIGHTWAVE_STAGE_DIR)/lw-appliance
-	cd $(SRCROOT)/appliance && $(APPLIANCE_BUILDER) -p $(LIGHTWAVE_STAGE_DIR)/lw-appliance -s
-	-$(MV) $(LIGHTWAVE_OVA_STAGE)/lightwave.ova $(LIGHTWAVE_SB_OVA)
-
-$(LIGHTWAVE_OVA): $(LIGHTWAVE_STAGE_DIR)
-	$(MKDIR) -p $(LIGHTWAVE_STAGE_DIR)/lw-appliance
-	cd $(SRCROOT)/appliance && $(APPLIANCE_BUILDER) -p $(LIGHTWAVE_STAGE_DIR)/lw-appliance
-	-$(MV) $(LIGHTWAVE_OVA_STAGE)/lightwave.ova $(LIGHTWAVE_OVA)
-
-appliance-clean: lightwave-ova-clean photon_ova_clean
-	-$(RM) -f $(LIGHTWAVE_STAGE_DIR)/lw-appliance/*.ova
-	-$(RM) -f $(LIGHTWAVE_STAGE_DIR)/lw-appliance/*.iso
-	-$(RM) -rf $(LIGHTWAVE_STAGE_DIR)/lw-appliance/packer_cache
-	-$(RM) -rf $(LIGHTWAVE_STAGE_DIR)/lw-appliance
-
-lightwave-ova-clean:
-	-$(RM) -rf $(LIGHTWAVE_STAGE_DIR)/lw-appliance/lw-ova-build
-	-$(RM) -rf $(SRCROOT)/appliance/packer_cache
-
-photon_ova_clean:
-	-$(RM) -rf $(LIGHTWAVE_STAGE_DIR)/lw-appliance/photon-ova-build
-	-$(RM) -rf $(SRCROOT)/appliance/photon-ova/packer_cache
-
-container: $(DOCKER_IMAGE)
-
-$(DOCKER_IMAGE) : $(PACKAGES)
-	$(CP) -f $(DOCKER_SRCROOT)/Dockerfile $(LIGHTWAVE_STAGE_DIR)/Dockerfile
-	$(CP) -f $(DOCKER_SRCROOT)/lightwave-init $(LIGHTWAVE_STAGE_DIR)/lightwave-init
-	$(CP) -f $(DOCKER_SRCROOT)/configure-lightwave-server.service $(LIGHTWAVE_STAGE_DIR)/configure-lightwave-server.service
-	$(CP) -f $(DOCKER_SRCROOT)/configure-identity-server.service $(LIGHTWAVE_STAGE_DIR)/configure-identity-server.service
-	$(DOCKER_BUILDER) $(LIGHTWAVE_STAGE_DIR) $@
-
-container-published : container-published-prepare
-	docker build -t $(DOCKER_IMAGE_TAG) --no-cache $(LIGHTWAVE_STAGE_DIR)/docker-published && \
-	docker save $(DOCKER_IMAGE_TAG) > $(DOCKER_IMAGE) && \
-	docker rmi $(DOCKER_IMAGE_TAG)
-
-container-published-prepare: $(LIGHTWAVE_STAGE_DIR)
-	$(MKDIR) -p $(LIGHTWAVE_STAGE_DIR)/docker-published && \
-	$(CP) -f $(DOCKER_SRCROOT)/Dockerfile $(LIGHTWAVE_STAGE_DIR)/docker-published/Dockerfile && \
-	$(CP) -f $(DOCKER_SRCROOT)/configure-lightwave-server.service $(LIGHTWAVE_STAGE_DIR)/docker-published/configure-lightwave-server.service && \
-	$(CP) -f $(DOCKER_SRCROOT)/configure-identity-server.service $(LIGHTWAVE_STAGE_DIR)/docker-published/configure-identity-server.service && \
-	systemctl start docker
-
-client-container: $(DOCKER_CLIENT_IMAGE)
-
-$(DOCKER_CLIENT_IMAGE) : $(PACKAGES)
-	$(CP) -f $(DOCKER_SRCROOT)/Dockerfile.client $(LIGHTWAVE_STAGE_DIR)/Dockerfile
-	$(CP) -f $(DOCKER_SRCROOT)/configure-lightwave-client.service $(LIGHTWAVE_STAGE_DIR)/configure-lightwave-client.service
-	$(DOCKER_CLIENT_BUILDER) $(LIGHTWAVE_STAGE_DIR) $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_SERVER_RPM): $(LW_SERVER_PKGDIR)/$(LW_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(LW_SERVER_PKGDIR)/$(LW_SERVER_RPM):
-	@cd $(SRCROOT)/lw-server && make
-
-lw-build-clean:
-	$(RMDIR) $(LW_BUILD_SRCROOT)
-
-lw-server-clean:
-	@cd $(SRCROOT)/lw-server && make clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR) ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR) && $(RM) -f $(LW_SERVER_RPM); \
-	fi
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_CLIENTS_RPM): $(LW_CLIENTS_PKGDIR)/$(LW_CLIENTS_RPM)
-	$(CP) -f $< $@
-
-$(LW_CLIENTS_PKGDIR)/$(LW_CLIENTS_RPM):
-	@cd $(SRCROOT)/lw-clients && make
-
-lw-clients-clean:
-	@cd $(SRCROOT)/lw-clients && make clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR) ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR) && $(RM) -f $(LW_CLIENTS_RPM); \
-	fi
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(LW_RAFT_RPM): $(LW_RAFT_PKGDIR)/$(LW_RAFT_RPM)
-	$(CP) -f $< $@
-
-$(LW_RAFT_PKGDIR)/$(LW_RAFT_RPM):
-	@cd $(SRCROOT)/lw-raft && make
-
-lw-raft-clean:
-	@cd $(SRCROOT)/lw-raft && make clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR) ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR) && $(RM) -f $(LW_RAFT_RPM); \
-	fi
-
-vmevent-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMEVENT_CLIENT_DEVEL_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMEVENT_CLIENT_DEVEL_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMEVENT_CLIENT_DEVEL_RPM): $(VMEVENT_PKGDIR)/$(VMEVENT_CLIENT_DEVEL_RPM)
-	$(CP) -f $< $@
-
-$(VMEVENT_PKGDIR)/$(VMEVENT_CLIENT_DEVEL_RPM): $(LIGHTWAVE_STAGE_DIR)
-	@cd $(SRCROOT)/vmevent/build && make -f Makefile.bootstrap
-
-vmevent-clean:
-	@cd $(SRCROOT)/vmevent/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR) ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMEVENT_RPMS); \
-	fi
-
-vmsts-c-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_C_CLIENT_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_C_CLIENT_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_C_CLIENT_RPM):$(VMSTS_PKGDIR)/$(VMSTS_C_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(VMSTS_PKGDIR)/$(VMSTS_C_CLIENT_RPM):
-	@cd $(SRCROOT)/vmidentity/build && make -f Makefile.cclient.bootstrap
-
-vmsts-c-client-clean:
-	@cd $(SRCROOT)/vmidentity/build && make -f Makefile.cclient.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR) ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMSTS_C_CLIENT_RPM); \
-	fi
-
-vmdir-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_DEVEL_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_DEVEL_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_RPM):$(VMDIR_PKGDIR)/$(VMDIR_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_CLIENT_DEVEL_RPM):$(VMDIR_PKGDIR)/$(VMDIR_CLIENT_DEVEL_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDIR_SERVER_RPM):$(VMDIR_PKGDIR)/$(VMDIR_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(VMDIR_PKGDIR)/$(VMDIR_CLIENT_RPM):$(VMDIR_PKGDIR)/$(VMDIR_SERVER_RPM)
-
-$(VMDIR_PKGDIR)/$(VMDIR_CLIENT_DEVEL_RPM):$(VMDIR_PKGDIR)/$(VMDIR_SERVER_RPM)
-
-$(VMDIR_PKGDIR)/$(VMDIR_SERVER_RPM):$(LIGHTWAVE_STAGE_DIR) vmevent-client-install vmsts-c-client-install
-	@cd $(SRCROOT)/vmdir/build && make -f Makefile.bootstrap
-
-vmdir-clean:
-	@cd $(SRCROOT)/vmdir/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMDIR_RPMS); \
-	fi
-
-lwraft-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_DEVEL_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_DEVEL_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_RPM):$(LWRAFT_PKGDIR)/$(LWRAFT_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_CLIENT_DEVEL_RPM):$(LWRAFT_PKGDIR)/$(LWRAFT_CLIENT_DEVEL_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(LWRAFT_SERVER_RPM):$(LWRAFT_PKGDIR)/$(LWRAFT_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(LWRAFT_PKGDIR)/$(LWRAFT_CLIENT_RPM):$(LWRAFT_PKGDIR)/$(LWRAFT_SERVER_RPM)
-
-$(LWRAFT_PKGDIR)/$(LWRAFT_CLIENT_DEVEL_RPM):$(LWRAFT_PKGDIR)/$(LWRAFT_SERVER_RPM)
-
-$(LWRAFT_PKGDIR)/$(LWRAFT_SERVER_RPM):$(LIGHTWAVE_STAGE_DIR) vmevent-client-install
-	@cd $(SRCROOT)/lwraft/build && make -f Makefile.bootstrap
-
-lwraft-clean:
-	@cd $(SRCROOT)/lwraft/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(LWRAFT_RPMS); \
-	fi
-
-vmdns-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_DEVEL_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_DEVEL_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_RPM):$(VMDNS_PKGDIR)/$(VMDNS_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_CLIENT_DEVEL_RPM):$(VMDNS_PKGDIR)/$(VMDNS_CLIENT_DEVEL_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMDNS_SERVER_RPM):$(VMDNS_PKGDIR)/$(VMDNS_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(VMDNS_PKGDIR)/$(VMDNS_CLIENT_RPM):$(VMDNS_PKGDIR)/$(VMDNS_SERVER_RPM)
-
-$(VMDNS_PKGDIR)/$(VMDNS_CLIENT_DEVEL_RPM):$(VMDNS_PKGDIR)/$(VMDNS_SERVER_RPM)
-
-$(VMDNS_PKGDIR)/$(VMDNS_SERVER_RPM):$(LIGHTWAVE_STAGE_DIR) vmdir-client-install
-	@cd $(SRCROOT)/vmdns/build && make -f Makefile.bootstrap
-
-vmdns-clean:
-	@cd $(SRCROOT)/vmdns/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMDNS_RPMS); \
-	fi
-
-vmafd-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_DEVEL_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_PYTHON_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_DEVEL_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_PYTHON_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_PYTHON_RPM):$(VMAFD_PKGDIR)/$(VMAFD_CLIENT_PYTHON_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_RPM):$(VMAFD_PKGDIR)/$(VMAFD_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_CLIENT_DEVEL_RPM):$(VMAFD_PKGDIR)/$(VMAFD_CLIENT_DEVEL_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMAFD_SERVER_RPM):$(VMAFD_PKGDIR)/$(VMAFD_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(VMAFD_PKGDIR)/$(VMAFD_CLIENT_RPM) : $(VMAFD_PKGDIR)/$(VMAFD_SERVER_RPM)
-
-$(VMAFD_PKGDIR)/$(VMAFD_CLIENT_DEVEL_RPM) : $(VMAFD_PKGDIR)/$(VMAFD_SERVER_RPM)
-
-$(VMAFD_PKGDIR)/$(VMAFD_CLIENT_PYTHON_RPM) : $(VMAFD_PKGDIR)/$(VMAFD_SERVER_RPM)
-
-$(VMAFD_PKGDIR)/$(VMAFD_SERVER_RPM): $(LIGHTWAVE_STAGE_DIR) vmdns-client-install
-	@cd $(SRCROOT)/vmafd/build && make -f Makefile.bootstrap
-
-vmafd-clean:
-	@cd $(SRCROOT)/vmafd/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMAFD_RPMS); \
-	fi
-
-vmca-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_DEVEL_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_RPM) $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_DEVEL_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_RPM):$(VMCA_PKGDIR)/$(VMCA_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_CLIENT_DEVEL_RPM):$(VMCA_PKGDIR)/$(VMCA_CLIENT_DEVEL_RPM)
-	$(CP) -f $< $@
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMCA_SERVER_RPM):$(VMCA_PKGDIR)/$(VMCA_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(VMCA_PKGDIR)/$(VMCA_CLIENT_RPM):$(VMCA_PKGDIR)/$(VMCA_SERVER_RPM)
-
-$(VMCA_PKGDIR)/$(VMCA_CLIENT_DEVEL_RPM):$(VMCA_PKGDIR)/$(VMCA_SERVER_RPM)
-
-$(VMCA_PKGDIR)/$(VMCA_SERVER_RPM): $(LIGHTWAVE_STAGE_DIR) vmafd-client-install
-	@cd $(SRCROOT)/vmca/build && make -f Makefile.bootstrap
-
-vmca-clean:
-	@cd $(SRCROOT)/vmca/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMCA_RPMS); \
-	fi
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_SERVER_RPM):$(VMSTS_PKGDIR)/$(VMSTS_SERVER_RPM)
-	$(CP) -f $< $@
-
-$(VMSTS_PKGDIR)/$(VMSTS_SERVER_RPM): $(LIGHTWAVE_STAGE_DIR) vmca-client-install
-	@cd $(SRCROOT)/vmidentity/build && make -f Makefile.bootstrap
-
-vmsts-client-install: $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_CLIENT_RPM)
-	$(RPM) -Uvh --force --nodeps $(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_CLIENT_RPM)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(VMSTS_CLIENT_RPM):$(VMSTS_PKGDIR)/$(VMSTS_CLIENT_RPM)
-	$(CP) -f $< $@
-
-$(VMSTS_PKGDIR)/$(VMSTS_CLIENT_RPM):$(VMSTS_PKGDIR)/$(VMSTS_SERVER_RPM)
-
-vmsts-clean:
-	@cd $(SRCROOT)/vmidentity/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(VMSTS_RPMS); \
-	fi
-	$(RMDIR) $(VMSTS_REST_VMDIR_CLIENT_TARGET)
-	$(RMDIR) $(VMSTS_REST_VMDIR_COMMON_TARGET)
-	$(RMDIR) $(VMSTS_REST_VMDIR_SERVER_TARGET)
-	$(RMDIR) $(VMSTS_REST_IDM_TARGET)
-
-$(LIGHTWAVE_STAGE_DIR)/x86_64/$(CFG_RPM) : $(CFG_PKGDIR)/$(CFG_RPM)
-	$(CP) -f $< $@
-
-$(CFG_PKGDIR)/$(CFG_RPM): $(LIGHTWAVE_STAGE_DIR) vmca-client-install vmsts-client-install
-	@cd $(SRCROOT)/config/build && make -f Makefile.bootstrap
-
-config-clean:
-	@cd $(SRCROOT)/config/build && make -f Makefile.bootstrap clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR)/x86_64 ]; then \
-	    cd $(LIGHTWAVE_STAGE_DIR)/x86_64 && $(RM) -f $(CFG_RPM); \
-	fi
-
-properties-clean:
-	@cd $(VMSTS_PROPERTY_FILES) &&\
-	$(RM) -f messages.properties &&\
-	$(RM) -f messages_de.properties &&\
-	$(RM) -f messages_es.properties &&\
-	$(RM) -f messages_fr.properties &&\
-	$(RM) -f messages_it.properties &&\
-	$(RM) -f messages_ja.properties &&\
-	$(RM) -f messages_ko.properties &&\
-	$(RM) -f messages_nl.properties &&\
-	$(RM) -f messages_pt.properties &&\
-	$(RM) -f messages_ru.properties &&\
-	$(RM) -f messages_zh_CN.properties &&\
-	$(RM) -f messages_zh_TW.properties
-
-diagnostics-folder-clean:
-	@if [ -d $(VMSTS_DIAGNOSTICS_LIB) ]; then \
-	    $(RMDIR) $(VMSTS_DIAGNOSTICS_LIB); \
-	fi
-
-resources-folder-clean:
-	@if [ -d $(VMSTS_LWUI_SRC_MAIN_RESOURCES) ]; then \
-	    $(RMDIR) $(VMSTS_LWUI_SRC_MAIN_RESOURCES); \
-	fi
-
-docker-clean:
-	@$(RM) -rf $(LIGHTWAVE_STAGE_DIR)/docker-published
-
-clean: config-clean vmca-clean vmafd-clean vmdns-clean lwraft-clean vmdir-clean vmsts-c-client-clean vmevent-clean \
-		lw-server-clean lw-clients-clean vmsts-clean docker-clean lw-build-clean \
-		properties-clean diagnostics-folder-clean resources-folder-clean \
-		appliance-clean lw-raft-clean
-	@if [ -d $(LIGHTWAVE_STAGE_DIR) ]; then \
-	    $(RMDIR) $(LIGHTWAVE_STAGE_DIR); \
-	fi
-	@$(RM) -f $(DOCKER_IMAGE)
-
-$(LIGHTWAVE_STAGE_DIR):
-	@$(MKDIR) -p $@/x86_64
-
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 000000000..6b5a3350a
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,104 @@
+#
+# Copyright 2017 VMware, Inc
+#
+
+SRCROOT = @top_srcdir@
+BUILDROOT = @abs_top_builddir@
+STAGEDIR = $(BUILDROOT)/stage
+MAKEROOT=$(SRCROOT)/support/make
+include $(MAKEROOT)/makedefs.mk
+
+SUBDIRS = \
+        vmmetrics \
+        vmevent \
+        vmidentity/ssoclients \
+        lwraft \
+        vmdir \
+        vmdns \
+        vmafd \
+        vmca \
+        vmidentity \
+        config
+
+PACKAGES=\
+    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LIGHTWAVE_RPM) \
+    $(LIGHTWAVE_STAGE_DIR)/x86_64/$(LIGHTWAVE_CLIENT_RPM)
+
+RPMBUILD=/usr/bin/rpmbuild
+
+RPMBUILD_ROOT=$(CURDIR)/rpmbuild
+RPMBUILD_BUILD=$(RPMBUILD_ROOT)/BUILD
+RPMBUILD_SPECS=$(RPMBUILD_ROOT)/SPECS
+RPMBUILD_RPMS=$(RPMBUILD_ROOT)/RPMS
+RPMBUILD_SRCS=$(RPMBUILD_ROOT)/SOURCES
+RPMBUILD_SRPMS=$(RPMBUILD_ROOT)/SRPMS
+RPMBUILD_TMP=$(RPMBUILD_ROOT)/tmp
+
+RPMBUILD_DIRS= \
+    $(RPMBUILD_BUILD) \
+    $(RPMBUILD_SPECS) \
+    $(RPMBUILD_RPMS)  \
+    $(RPMBUILD_SRCS) \
+    $(RPMBUILD_SRPMS) \
+    $(RPMBUILD_TMP)
+
+PKG_SPEC=lightwave.spec
+
+.PHONY: package stage
+
+stage:
+	make -C $(BUILDROOT) DESTDIR=$(STAGEDIR) install
+
+package: stage $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
+	cd $(RPMBUILD_ROOT) && \
+	$(RPMBUILD) \
+              -v \
+              --bb \
+              --noclean \
+              --define "_topdir $(RPMBUILD_ROOT)" \
+              --define "_prefix /opt/vmware" \
+              --define "_bindir /opt/vmware/bin" \
+              --define "_sbindir /opt/vmware/sbin" \
+              --define "_lib64dir /opt/vmware/lib64" \
+              --define "_datadir /opt/vmware/share" \
+              --define "_logdir $(LIGHTWAVE_LOGDIR)" \
+              --define "_includedir /opt/vmware/include" \
+              --define "_localstatedir /var/lib/vmware" \
+              --define "_likewise_open_prefix /opt/likewise" \
+              --define "_vmevent_prefix /opt/vmware" \
+              --define "_vmevent_ver $(VMEVENT_MAJOR_VER).$(VMEVENT_MINOR_VER)" \
+              --define "_vmdir_prefix /opt/vmware" \
+              --define "_vmafd_prefix /opt/vmware" \
+              --define "_vmca_prefix /opt/vmware" \
+              --define "_vmdns_prefix /opt/vmware" \
+              --define "_vmsts_prefix /opt/vmware" \
+              --define "_javahome $(JAVA_HOME)" \
+              --define "_anthome $(ANT_HOME)" \
+              --define "_version $(LW_SERVER_MAJOR_VER).$(LW_SERVER_MINOR_VER).$(LW_SERVER_RELEASE_VER)" \
+              --define "_patch $(LW_SERVER_PATCH_VER)" \
+              --buildroot $(STAGEDIR) \
+              SPECS/$(PKG_SPEC)
+
+$(RPMBUILD_SPECS)/$(PKG_SPEC) : $(CURDIR)/package/rpm/$(PKG_SPEC) | $(RPMBUILD_SPECS)
+	@$(CP) -f $< $@
+
+$(RPMBUILD_DIRS):
+	@$(MKDIR) -p $@
+
+$(RPMBUILD_SPECS):
+	@$(MKDIR) -p $@
+
+$(RPMBUILD_RPMS):
+	@$(MKDIR) -p $@
+
+$(RPMBUILD_SRCS):
+	@$(MKDIR) -p $@
+
+$(RPMBUILD_SRPMS):
+	@$(MKDIR) -p $@
+
+$(RPMBUILD_TMP):
+	@$(MKDIR) -p $@
+
+$(RPMBUILD_ROOT):
+	@$(MKDIR) -p $@
diff --git a/README.md b/README.md
index 1d4ab03cc..b557a1286 100644
--- a/README.md
+++ b/README.md
@@ -63,50 +63,20 @@ distribution.
 2.  Ensure likewise-open-devel-6.2.*.x86\_64.rpm is installed on your Photon
     system.*
 
-3.  *Run* make\* in [workspace root]
+3.  *Run* ./build_photon.sh\* in [workspace]/build
 
 4.  As part of a successful build, the following RPMs should be created in the
-    [workspace root]/stage folder
+    [workspace]/build/stage directory
 
-    1.  vmware-event-devel-1.2.0-0.x86\_64.rpm
+    1. lightwave-1.3.0-0.x86\_64.rpm
 
-    2.  vmware-directory-client-1.2.0-0.x86\_64.rpm
+    2. lightwave-client-1.3.0-0.x86\_64.rpm
 
-    3.  vmware-directory-1.2.0-0.x86\_64.rpm
+    3. lightwave-devel-1.3.0-0.x86\_64.rpm
 
-    4.  vmware-directory-client-devel-1.2.0-0.x86\_64.rpm
+    4. lightwave-post-1.3.0-0.x86\_64.rpm
 
-    5.  vmware-dns-client-1.2.0-0.x86\_64.rpm
-
-    6.  vmware-dns-1.2.0-0.x86\_64.rpm
-
-    7.  vmware-dns-client-devel-1.2.0-0.x86\_64.rpm
-
-    8.  vmware-afd-client-1.2.0-0.x86\_64.rpm
-
-    9.  vmware-afd-1.2.0-0.x86\_64.rpm
-
-    10. vmware-afd-client-devel-1.2.0-0.x86\_64.rpm
-
-    11. vmware-ca-1.2.0-0.x86\_64.rpm
-
-    12. vmware-ca-client-1.2.0-0.x86\_64.rpm
-
-    13. vmware-ca-client-devel-1.2.0-0.x86\_64.rpm
-
-    14. vmware-sts-1.2.0-0.x86\_64.rpm
-
-    15. vmware-sts-client-1.2.0-0.x86\_64.rpm
-
-    16. vmware-ic-config-1.2.0-0.x86\_64.rpm
-
-    17. vmware-lightwave-clients-1.2.0-0.x86\_64.rpm
-
-    18. vmware-lightwave-server-1.2.0-0.x86\_64.rpm
-
-    19. vmware-sts-1.2.0-0.x86\_64.rpm
-
-    20. vmware-sts-client-1.2.0-0.x86\_64.rpm
+    5. lightwave-server-1.3.0-0.x86\_64.rpm
 
 Deployment
 ----------
@@ -162,33 +132,14 @@ skip_if_unavailable=True
 
 You must first install the following packages on your Photon instance
 
-1.  vmware-directory-client-1.2.0-0.x86\_64.rpm
-
-2.  vmware-directory-1.2.0-0.x86\_64.rpm
+1. lightwave-client-1.3.0-0.x86\_64.rpm
 
-3.  vmware-dns-client-1.2.0-0.x86\_64.rpm
+2. lightwave-server-1.3.0-0.x86\_64.rpm
 
-4.  vmware-dns-1.2.0-0.x86\_64.rpm
-
-5.  vmware-afd-client-6.6.2-0.x86\_64.rpm
-
-6.  vmware-afd-1.2.0-0.x86\_64.rpm
-
-7.  vmware-ca-client-1.2.0-0.x86\_64.rpm
-
-8.  vmware-ca-1.2.0-0.x86\_64.rpm
-
-9.  vmware-ic-config-1.2.0-0.x86\_64.rpm
-
-10. vmware-sts-client-1.2.0-0.x86\_64.rpm
-
-11. vmware-sts-1.2.0-0.x86\_64.rpm
-
-Alternately, you can install the vmware-lightwave-server-1.2.0-0.x86\_64.rpm
-which is a meta RPM with dependencies on all the above RPMs.
+3. lightwave-1.3.0-0.x86\_64.rpm
 
 If using the YUM repositories for the pre-built binaries, install the Lightwave
-Domain Controller using "tdnf install vmware-lightwave-server".
+Domain Controller using "tdnf install lightwave".
 
 #### Instantiating a domain controller
 
@@ -219,22 +170,7 @@ Notes:
 The following packages are required to join the Photon system to the Lightwave
 Domain.
 
-1.  vmware-directory-client-1.2.0-0.x86\_64.rpm
-
-2.  vmware-dns-client-1.2.0-0.x86\_64.rpm
-
-3.  vmware-afd-client-1.2.0-0.x86\_64.rpm
-
-4.  vmware-afd-1.2.0-0.x86\_64.rpm
-
-5.  vmware-ca-client-1.2.0-0.x86\_64.rpm
-
-6.  vmware-sts-client-1.2.0-0.x86\_64.rpm
-
-7.  vmware-ic-config-1.2.0-0.x86\_64.rpm
-
-Alternately, you can install the vmware-lightwave-clients-1.2.0-0.x86\_64.rpm
-which is a meta RPM with dependencies on all the above RPMs.
+1. lightwave-client-1.3.0-0.x86\_64.rpm
 
 If using the YUM repositories for the pre-built binaries, install the Lightwave
 Domain Client using "tdnf install vmware-lightwave-clients".
diff --git a/appliance/lightwave-packer.json b/appliance/lightwave-packer.json
index 072d114ff..550efa1a2 100644
--- a/appliance/lightwave-packer.json
+++ b/appliance/lightwave-packer.json
@@ -75,10 +75,6 @@
             "type": "shell",
             "inline": "systemctl enable configure-guest"
         },
-        {
-            "type": "shell",
-            "inline": "systemctl disable vmware-idmd"
-        },
         {
             "type": "shell",
             "inline": "systemctl disable vmware-stsd"
diff --git a/appliance/packer/scripts/install-lightwave.sh b/appliance/packer/scripts/install-lightwave.sh
index 949d59968..178c892ec 100755
--- a/appliance/packer/scripts/install-lightwave.sh
+++ b/appliance/packer/scripts/install-lightwave.sh
@@ -21,6 +21,7 @@ if [ "$#" -ge 1 ]; then
     tdnf -y install createrepo
     createrepo "/tmp/vmware/lightwave"
     sed -i -e "s/https:\/\/dl.bintray.com/file:\/\/\/tmp/" -e "s/gpgcheck=1/gpgcheck=0/" /etc/yum.repos.d/lightwave.repo
+    tdnf makecache
 fi
 
 sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf
@@ -34,6 +35,11 @@ tdnf install -y jaxws-ri
 tdnf install -y procps-ng
 tdnf install -y vmware-lightwave-server-1.2.0
 
+if [ "$#" -ge 1 ]; then
+    sed -i -e "s/file:\/\/\/tmp/https:\/\/dl.bintray.com/" -e "s/gpgcheck=0/gpgcheck=1/" /etc/yum.repos.d/lightwave.repo
+    tdnf makecache
+fi
+
 # open iptables ports
 # EXPOSE 22 53/udp 53 88/udp 88 389 443 636 2012 2014 2020
 echo "iptables -I INPUT -p tcp --dport 22 -j ACCEPT" >> /etc/systemd/scripts/iptables
diff --git a/build/build_centos.sh b/build/build_centos.sh
new file mode 100755
index 000000000..92e80a300
--- /dev/null
+++ b/build/build_centos.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+autoreconf -vif .. \
+  && \
+../configure \
+    CFLAGS="-Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare" \
+    --prefix=/opt/vmware \
+    --libdir=/opt/vmware/lib64 \
+    --localstatedir=/var/lib/vmware \
+    --with-config=./config \
+    --enable-rest=no \
+    --with-maven=/usr/share/maven \
+    --with-ant=/usr/share/ant \
+  && \
+ make \
+  && \
+ make package
diff --git a/build/build_fedora.sh b/build/build_fedora.sh
new file mode 100755
index 000000000..92e80a300
--- /dev/null
+++ b/build/build_fedora.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+autoreconf -vif .. \
+  && \
+../configure \
+    CFLAGS="-Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare" \
+    --prefix=/opt/vmware \
+    --libdir=/opt/vmware/lib64 \
+    --localstatedir=/var/lib/vmware \
+    --with-config=./config \
+    --enable-rest=no \
+    --with-maven=/usr/share/maven \
+    --with-ant=/usr/share/ant \
+  && \
+ make \
+  && \
+ make package
diff --git a/build/build_photon.sh b/build/build_photon.sh
new file mode 100755
index 000000000..06196d1ad
--- /dev/null
+++ b/build/build_photon.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+autoreconf -vif .. \
+  && \
+../configure \
+    CFLAGS="-Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare" \
+    --prefix=/opt/vmware \
+    --libdir=/opt/vmware/lib64 \
+    --localstatedir=/var/lib/vmware \
+    --with-config=./config \
+  && \
+ make \
+  && \
+ make package
diff --git a/build/build_ubuntu.sh b/build/build_ubuntu.sh
new file mode 100755
index 000000000..3d6469607
--- /dev/null
+++ b/build/build_ubuntu.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+autoreconf -vif ..
+
+STAGEDIR=$PWD/stage
+
+../configure \
+     LDFLAGS=-ldl \
+     LIBS=-ldl \
+     STAGEDIR=$STAGEDIR \
+     CFLAGS="-Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare" \
+    --prefix=/opt/vmware \
+    --libdir=/opt/vmware/lib64 \
+    --localstatedir=/var/lib/vmware \
+    --with-vmevent=$STAGEDIR/opt/vmware \
+    --with-vmdir=$STAGEDIR/opt/vmware \
+    --with-vmdns=$STAGEDIR/opt/vmware \
+    --with-afd=$STAGEDIR/opt/vmware \
+    --with-vmca=$STAGEDIR/opt/vmware \
+    --with-sts=$STAGEDIR/opt/vmware \
+    --with-oidc=$STAGEDIR/opt/vmware \
+    --with-likewise=/opt/likewise \
+    --with-logdir=/var/log/lightwave \
+    --with-ssl=/usr \
+    --with-sqlite=/usr \
+    --with-jansson=/usr \
+    --with-copenapi=/usr \
+    --with-java=/usr/lib/jvm/java-1.8.0-openjdk-amd64 \
+    --with-maven=/usr/share/maven \
+    --with-ant=/usr/share/ant \
+    --with-boost=/usr \
+    --with-python=/usr \
+    --with-sasl=/usr \
+    --with-config=./config \
+    --with-version="1.3.0" \
+    --with-datastore=mdb \
+    --enable-server=yes \
+    --enable-krb5-default=yes \
+    --enable-lightwave-build=yes \
+    --enable-rest=no \
+    ac_cv_header_vmevent=yes \
+    ac_cv_header_vmdirclient_h=yes \
+    ac_cv_lib_vmdirclient_VmDirSetupHostInstance=yes \
+    ac_cv_lib_vmdirclient_VmDirConnectionOpen=yes \
+    ac_cv_header_vmdns_h=yes \
+    ac_cv_lib_vmdnsclient_VmDnsOpenServerA=yes \
+    ac_cv_header_vmafdclient_h=yes \
+    ac_cv_lib_vmafdclient_VmAfdGetDomainNameA=yes \
+    ac_cv_header_vmca_h=yes \
+    ac_cv_lib_vmcaclient_VMCACreateSelfSignedCertificateA=yes
+
+make
diff --git a/build/package/debian/README.source b/build/package/debian/README.source
new file mode 100644
index 000000000..55e2ebadc
--- /dev/null
+++ b/build/package/debian/README.source
@@ -0,0 +1,10 @@
+lightwave for Debian
+-------------------
+
+<this file describes information about the source package, see Debian policy
+manual section 4.14. You WILL either need to modify or delete this file>
+
+
+
+ -- Suresh Chellappan <schellappan@vmware.com>  Wed, 03 May 2017 16:33:56 -0700
+
diff --git a/build/package/debian/changelog b/build/package/debian/changelog
new file mode 100644
index 000000000..37dc55371
--- /dev/null
+++ b/build/package/debian/changelog
@@ -0,0 +1,5 @@
+lightwave (1.3.0-0) unstable; urgency=medium
+
+  * Initial release (Closes: #nnnn)  <nnnn is the bug number of your ITP>
+
+ -- Suresh Chellappan <schellappan@vmware.com>  Wed, 03 May 2017 16:33:56 -0700
diff --git a/build/package/debian/compat b/build/package/debian/compat
new file mode 100644
index 000000000..ec635144f
--- /dev/null
+++ b/build/package/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/build/package/debian/control b/build/package/debian/control
new file mode 100644
index 000000000..9256e6aec
--- /dev/null
+++ b/build/package/debian/control
@@ -0,0 +1,65 @@
+Source: lightwave
+Section: network
+Priority: optional
+Maintainer: Suresh Chellappan <schellappan@vmware.com>
+Build-Depends: dpkg-dev (>= 1.16.1~), 
+               debhelper (>= 9), 
+               autoconf (>= 2.59), 
+               libtool (>= 1.5.2), 
+               automake, 
+               autotools-dev, 
+               dh-autoreconf,
+               heimdal-multidev,
+               krb5-multidev,
+               libdb-dev,
+               libkrb5-dev,
+               libldap2-dev,
+               libsqlite3-dev,
+               libssl-dev,
+               libboost-all-dev,
+               openjdk-8-jre
+Homepage: http://github.com/vmware/lightwave/
+Standards-Version: 1.3.0
+
+Package: lightwave-client
+Section: libs
+Architecture: any
+Depends:  coreutils (>= 8.22), 
+          libssl1.0.0 (>= 1.0.2), 
+          libkrb5-3 (>= 1.14),
+          libsasl2-2 (>= 2.1), 
+          likewise-open (>= 6.2.9), 
+          openjdk-8-jre (>= 1.8.0.45),
+          libboost-dev
+${misc:Depends}
+Description: Client libraries and Authentication services
+
+Package: lightwave-server
+Section: network
+Architecture: any
+Depends:  ${misc:Depends}, 
+          openjdk-8-jre,
+          tomcat8,
+          lightwave-client (= ${binary:Version})
+Description: lightwave server
+
+Package: lightwave-dev
+Section: libdevel
+Architecture: any
+Depends:  ${misc:Depends}
+Description: lightwave developer library
+
+Package: lightwave-raft
+Section: libdevel
+Architecture: any
+Depends:  ${misc:Depends}, 
+          lightwave-client (= ${binary:Version})
+Description: lightwave raft service
+
+Package: lightwave-dbg
+Section: debug
+Architecture: any
+Priority: extra
+Depends: ${misc:Depends}
+Multi-Arch: foreign
+Description: lightwave debugging symbols
diff --git a/build/package/debian/copyright b/build/package/debian/copyright
new file mode 100644
index 000000000..374e3a7ca
--- /dev/null
+++ b/build/package/debian/copyright
@@ -0,0 +1,9 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: lightwave
+Source: <url://example.com>
+
+# If you want to use GPL v2 or later for the /debian/* files use 
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2017 Suresh Chellappan <schellappan@vmware.com>
+License: Apache License
diff --git a/build/package/debian/lightwave-client.install b/build/package/debian/lightwave-client.install
new file mode 100644
index 000000000..5b487644b
--- /dev/null
+++ b/build/package/debian/lightwave-client.install
@@ -0,0 +1,69 @@
+opt/vmware/bin/cdc-cli
+opt/vmware/bin/certool
+opt/vmware/bin/dir-cli
+opt/vmware/bin/domainjoin
+opt/vmware/bin/lw-support-bundle.sh
+opt/vmware/bin/sl-cli
+opt/vmware/bin/vmafd-cli
+opt/vmware/bin/vmdns-cli
+opt/vmware/bin/vdcaclmgr
+opt/vmware/bin/vdcpromo
+opt/vmware/bin/vecs-cli
+
+opt/vmware/lib64/libvecsjni.so*
+opt/vmware/lib64/libcdcjni.so*
+opt/vmware/lib64/libheartbeatjni.so*
+opt/vmware/lib64/libvmafcfgapi.so*
+opt/vmware/lib64/libvmafdclient.so*
+opt/vmware/lib64/libvmeventclient.so*
+opt/vmware/lib64/libvmcaclient.so*
+opt/vmware/lib64/libvmdirclient.so*
+opt/vmware/lib64/libkrb5crypto.so*
+opt/vmware/lib64/libvmkdcserv.so*
+opt/vmware/lib64/libcsrp.so*
+opt/vmware/lib64/libgssapi_ntlm.so*
+opt/vmware/lib64/libgssapi_srp.so*
+opt/vmware/lib64/libgssapi_unix.so*
+opt/vmware/lib64/libvmdnsclient.so*
+opt/vmware/lib64/libcfgutils.so*
+opt/vmware/lib64/libidm.so*
+opt/vmware/lib64/libssoafdclient.so*
+opt/vmware/lib64/libssocommon.so*
+opt/vmware/lib64/libssocoreclient.so*
+opt/vmware/lib64/libssoidmclient.so*
+opt/vmware/lib64/libssooidc.so*
+opt/vmware/lib64/libssovmdirclient.so*
+opt/vmware/lib64/libvmdirauth.so*
+
+opt/vmware/share/config/java.security.linux
+opt/vmware/share/config/certool.cfg
+opt/vmware/share/config/vmdir-client.reg
+opt/vmware/share/config/vmdns-client.reg
+opt/vmware/share/config/vmafd.reg
+opt/vmware/share/config/vmafdd-syslog-ng.conf
+
+usr/lib/jvm/default-java/jre/lib/ext/vmware-endpoint-certificate-store.jar
+usr/lib/jvm/default-java/jre/lib/ext/client-domain-controller-cache.jar
+usr/lib/jvm/default-java/jre/lib/ext/afd-heartbeat-service.jar
+
+opt/vmware/jars/authentication-framework.jar
+opt/vmware/jars/vmware-identity-rest-idm-samples.jar
+opt/vmware/jars/vmware-vmca-client.jar
+opt/vmware/jars/samltoken.jar
+opt/vmware/jars/vmware-identity-rest-idm-common.jar
+opt/vmware/jars/vmware-directory-rest-common.jar
+opt/vmware/jars/vmware-directory-rest-client.jar
+opt/vmware/jars/vmware-identity-rest-core-common.jar
+opt/vmware/jars/vmware-identity-websso-client.jar
+opt/vmware/jars/vmware-identity-platform.jar
+opt/vmware/jars/vmware-identity-wsTrustClient.jar
+opt/vmware/jars/vmware-identity-rest-afd-common.jar
+opt/vmware/jars/openidconnect-common.jar
+opt/vmware/jars/openidconnect-client-lib.jar
+opt/vmware/jars/vmware-identity-idm-client.jar
+opt/vmware/jars/vmware-identity-idm-interface.jar
+opt/vmware/jars/vmware-identity-rest-afd-client.jar
+opt/vmware/jars/vmware-identity-rest-core-client.jar
+opt/vmware/jars/vmware-identity-rest-idm-client.jar
+
+etc/vmware/java/vmware-override-java.security
diff --git a/build/package/debian/lightwave-client.postinst b/build/package/debian/lightwave-client.postinst
new file mode 100644
index 000000000..7423a8b0f
--- /dev/null
+++ b/build/package/debian/lightwave-client.postinst
@@ -0,0 +1,117 @@
+#!/bin/sh
+# postinst script for lightwave
+#
+# see: dh_installdeb(1)
+
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+SERVICE_DIR=/lib/systemd/system
+KRB5_LIB_DIR=/usr/lib/x86_64-linux-gnu
+GSS_CONF_DIR=/etc/gss
+DATA_DIR=/opt/vmware/share
+LOG_DIR=/var/log/lightwave
+LOG_CONF_DIR=/etc/syslog-ng/lightwave.conf.d
+VMAFD_DB_DIR=/var/lib/vmware/vmafd
+LIKEWISE_BIN_DIR=/opt/likewise/bin
+LIB64_DIR=/opt/vmware/lib64
+
+/bin/mkdir -m 755 -p $LOG_DIR
+
+# add libgssapi_srp.so to GSSAPI plugin directory
+if [ ! -h $KRB5_LIB_DIR/gss/libgssapi_srp.so ]; then
+    /bin/mkdir -p $KRB5_LIB_DIR/gss
+    /bin/ln -s $LIB64_DIR/libgssapi_srp.so $KRB5_LIB_DIR/gss/libgssapi_srp.so
+fi
+
+# Add GSSAPI SRP plugin configuration to GSS mech file
+if [ -f $GSS_CONF_DIR/mech ]; then
+    if [ `grep -c  "1.2.840.113554.1.2.10" $GSS_CONF_DIR/mech` -lt 1 ]; then
+        echo "srp  1.2.840.113554.1.2.10 libgssapi_srp.so" >> $GSS_CONF_DIR/mech
+    fi
+fi
+
+# Restore commented out NTLM mech oid if found
+if [ `grep -c  "#ntlm " $GSS_CONF_DIR/mech` -ge 1 ]; then
+    /bin/mv $GSS_CONF_DIR/mech $GSS_CONF_DIR/mech-$$
+    /bin/cat $GSS_CONF_DIR/mech-$$ | sed 's|^#ntlm|ntlm|' > $GSS_CONF_DIR/mech
+    if [ -s $GSS_CONF_DIR/mech ]; then
+        /bin/rm $GSS_CONF_DIR/mech-$$
+    fi
+fi
+
+/bin/mkdir -m 700 -p $VMAFD_DB_DIR
+/bin/mkdir -m 700 -p $VMAFD_DB_DIR/vecs
+/bin/mkdir -m 700 -p $VMAFD_DB_DIR/clr
+
+/bin/mkdir -m 755 -p $LOG_DIR
+/bin/mkdir -m 755 -p $LOG_CONF_DIR
+if [ -e $LOG_CONF_DIR/vmafdd-syslog-ng.conf ]; then
+    /bin/rm $LOG_CONF_DIR/vmafdd-syslog-ng.conf
+fi
+/bin/ln -s $DATA_DIR/config/vmafdd-syslog-ng.conf $LOG_CONF_DIR/vmafdd-syslog-ng.conf
+
+case "$1" in
+    configure)
+
+            #
+            # New Installation
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmafd.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdir-client.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdns-client.reg
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    /opt/likewise/sbin/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmafd.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdir-client.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdns-client.reg
+                if [ $started_lwregd = true ]; then
+                    kill `pidof lwregd`
+                    wait
+                fi
+            fi
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-client.postrm b/build/package/debian/lightwave-client.postrm
new file mode 100644
index 000000000..a77991125
--- /dev/null
+++ b/build/package/debian/lightwave-client.postrm
@@ -0,0 +1,36 @@
+#!/bin/sh
+# postrm script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+/sbin/ldconfig
+
+case "$1" in
+    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-client.preinst b/build/package/debian/lightwave-client.preinst
new file mode 100644
index 000000000..a4ad1abbc
--- /dev/null
+++ b/build/package/debian/lightwave-client.preinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+# preinst script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    install|upgrade)
+
+    /bin/systemctl >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        if [ -z "`pidof lwsmd`" ]; then
+            /bin/systemctl start lwsmd
+        fi
+    fi
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-client.prerm b/build/package/debian/lightwave-client.prerm
new file mode 100644
index 000000000..24bafc77d
--- /dev/null
+++ b/build/package/debian/lightwave-client.prerm
@@ -0,0 +1,75 @@
+#!/bin/sh
+# prerm script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+LIKEWISE_BIN_DIR=/opt/likewise/bin
+LOG_CONF_DIR=/etc/syslog-ng/lightwave.conf.d
+KRB5_LIB_DIR=/usr/lib/x86_64-linux-gnu
+GSS_CONF_DIR=/etc/gss
+
+case "$1" in
+    remove|deconfigure)
+
+            #
+            # Uninstall
+            #
+            $LIKEWISE_BIN_DIR/lwsm info vmafd > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                echo "Stopping the AFD Service..."
+                $LIKEWISE_BIN_DIR/lwsm stop vmafd
+                echo "Removing service configuration..."
+                $LIKEWISE_BIN_DIR/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmafd'
+                echo "Restarting service control manager..."
+                /bin/systemctl restart lwsmd
+                sleep 2
+                echo "Autostart services..."
+                $LIKEWISE_BIN_DIR/lwsm autostart
+            fi
+
+            # Cleanup GSSAPI SRP symlink
+            if [ -h $KRB5_LIB_DIR/gss/libgssapi_srp.so ]; then
+                /bin/rm -f $KRB5_LIB_DIR/gss/libgssapi_srp.so
+            fi
+
+            # Remove GSSAPI SRP Plugin configuration from GSS mech file
+            if [ -f $GSS_CONF_DIR/mech ]; then
+                if [ `grep -c "1.2.840.113554.1.2.10" $GSS_CONF_DIR/mech` -gt 0 ]; then
+                    /bin/cat $GSS_CONF_DIR/mech | sed '/1.2.840.113554.1.2.10/d' > "/tmp/mech-$$"
+                    if [ -s /tmp/mech-$$ ]; then
+                        /bin/mv "/tmp/mech-$$" $GSS_CONF_DIR/mech
+                    fi
+                fi
+            fi
+
+            if [ -h $LOG_CONF_DIR/vmafdd-syslog-ng.conf ]; then
+                /bin/rm -f $LOG_CONF_DIR/vmafdd-syslog-ng.conf
+            fi
+
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-dev.install b/build/package/debian/lightwave-dev.install
new file mode 100644
index 000000000..a0e3ae68e
--- /dev/null
+++ b/build/package/debian/lightwave-dev.install
@@ -0,0 +1,57 @@
+opt/vmware/include/vmafd.h
+opt/vmware/include/vmafdtypes.h
+opt/vmware/include/vmafdclient.h
+opt/vmware/include/vecsclient.h
+opt/vmware/include/cdcclient.h
+opt/vmware/include/vmsuperlogging.h
+opt/vmware/include/vmca.h
+opt/vmware/include/vmcatypes.h
+opt/vmware/include/vmdir.h
+opt/vmware/include/vmdirauth.h
+opt/vmware/include/vmdirclient.h
+opt/vmware/include/vmdirerrors.h
+opt/vmware/include/vmdirtypes.h
+opt/vmware/include/vmdns.h
+opt/vmware/include/vmdnstypes.h
+
+opt/vmware/lib64/libcdcjni.a
+opt/vmware/lib64/libcdcjni.la
+opt/vmware/lib64/libvecsjni.a
+opt/vmware/lib64/libvecsjni.la
+opt/vmware/lib64/libheartbeatjni.a
+opt/vmware/lib64/libheartbeatjni.la
+opt/vmware/lib64/libvmafdclient.a
+opt/vmware/lib64/libvmafdclient.la
+opt/vmware/lib64/libvmafcfgapi.a
+opt/vmware/lib64/libvmafcfgapi.la
+opt/vmware/lib64/libvmeventclient.a
+opt/vmware/lib64/libvmeventclient.la
+opt/vmware/lib64/libvmcaclient.a
+opt/vmware/lib64/libvmcaclient.la
+opt/vmware/lib64/libvmdirclient.a
+opt/vmware/lib64/libvmdirclient.la
+opt/vmware/lib64/libcsrp.a
+opt/vmware/lib64/libcsrp.la
+opt/vmware/lib64/libgssapi_ntlm.a
+opt/vmware/lib64/libgssapi_ntlm.la
+opt/vmware/lib64/libgssapi_srp.a
+opt/vmware/lib64/libgssapi_srp.la
+opt/vmware/lib64/libgssapi_unix.a
+opt/vmware/lib64/libgssapi_unix.la
+opt/vmware/lib64/libvmdnsclient.a
+opt/vmware/lib64/libvmdnsclient.la
+
+#
+# TBD - not sure if these should be included or excluded
+#
+opt/vmware/include/oidc.h
+opt/vmware/include/oidc_types.h
+opt/vmware/include/ssoafdclient.h
+opt/vmware/include/ssocoreclient.h
+opt/vmware/include/ssoerrors.h
+opt/vmware/include/ssoidmclient.h
+opt/vmware/include/ssotypes.h
+opt/vmware/include/ssocommon.h
+opt/vmware/include/ssovmdirclient.h
+opt/vmware/include/vmevent.h
+
diff --git a/config/m4/README b/build/package/debian/lightwave-raft.install
similarity index 100%
rename from config/m4/README
rename to build/package/debian/lightwave-raft.install
diff --git a/build/package/debian/lightwave-raft.postinst b/build/package/debian/lightwave-raft.postinst
new file mode 100644
index 000000000..1fbe0c1ac
--- /dev/null
+++ b/build/package/debian/lightwave-raft.postinst
@@ -0,0 +1,37 @@
+#!/bin/sh
+# postinst script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-raft.postrm b/build/package/debian/lightwave-raft.postrm
new file mode 100644
index 000000000..b25911799
--- /dev/null
+++ b/build/package/debian/lightwave-raft.postrm
@@ -0,0 +1,38 @@
+#!/bin/sh
+# postrm script for lightwave
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+/sbin/ldconfig
+
+case "$1" in
+    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-raft.preinst b/build/package/debian/lightwave-raft.preinst
new file mode 100644
index 000000000..20401f0e6
--- /dev/null
+++ b/build/package/debian/lightwave-raft.preinst
@@ -0,0 +1,41 @@
+#!/bin/sh
+# preinst script for lightwave
+#
+# see: dh_installdeb(1)
+
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    install|upgrade)
+    
+    /bin/systemctl >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        if [ -z "`pidof lwsmd`" ]; then
+            /bin/systemctl start lwsmd
+        fi
+    fi
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-raft.prerm b/build/package/debian/lightwave-raft.prerm
new file mode 100644
index 000000000..5cc909e72
--- /dev/null
+++ b/build/package/debian/lightwave-raft.prerm
@@ -0,0 +1,36 @@
+#!/bin/sh
+# prerm script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    remove|upgrade|deconfigure)
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-server.install b/build/package/debian/lightwave-server.install
new file mode 100644
index 000000000..75d93a01f
--- /dev/null
+++ b/build/package/debian/lightwave-server.install
@@ -0,0 +1,73 @@
+lib/systemd/system/firewall.service
+lib/systemd/system/vmware-stsd.service
+opt/vmware/bin/configure-identity-server
+opt/vmware/bin/configure-lightwave-server
+opt/vmware/bin/domainjoin.sh
+opt/vmware/bin/ic-join
+opt/vmware/bin/ic-promote
+opt/vmware/bin/test-ldapbind
+opt/vmware/bin/test-logon
+opt/vmware/bin/test-svr
+opt/vmware/bin/unix_srp
+opt/vmware/bin/vdcadmintool
+opt/vmware/bin/vdcbackup
+opt/vmware/bin/vdcleavefed
+opt/vmware/bin/vdcmetric
+opt/vmware/bin/vdcpass
+opt/vmware/bin/vdcrepadmin
+opt/vmware/bin/vdcresetMachineActCred
+opt/vmware/bin/vdcschema
+opt/vmware/bin/vdcsetupldu
+opt/vmware/bin/vdcsrp
+opt/vmware/bin/vdcupgrade
+opt/vmware/bin/vmdir_upgrade.sh
+opt/vmware/bin/vmkdc_admin
+opt/vmware/jars/openidconnect-protocol.jar
+opt/vmware/jars/openidconnect-server.jar
+opt/vmware/jars/samlauthority.jar
+opt/vmware/jars/sts.jar
+opt/vmware/jars/vmware-directory-rest-server.jar
+opt/vmware/jars/vmware-identity-diagnostics.jar
+opt/vmware/jars/vmware-identity-idm-server.jar
+opt/vmware/jars/vmware-identity-install.jar
+opt/vmware/jars/vmware-identity-rest-afd-server.jar
+opt/vmware/jars/vmware-identity-rest-core-server.jar
+opt/vmware/jars/vmware-identity-rest-idm-server.jar
+opt/vmware/jars/vmware-identity-sso-config.jar
+opt/vmware/jars/websso.jar
+opt/vmware/lib64/sasl2/libsaslvmdirdb.so
+opt/vmware/lib64/sasl2/libsaslvmdirdb.so.0
+opt/vmware/lib64/sasl2/libsaslvmdirdb.so.0.0.0
+opt/vmware/sbin/configure-build.sh
+opt/vmware/sbin/sso-config.sh
+opt/vmware/sbin/vmafdd
+opt/vmware/sbin/vmcad
+opt/vmware/sbin/vmdird
+opt/vmware/sbin/vmdnsd
+opt/vmware/sbin/vmware-stsd.sh
+opt/vmware/share/config/firewall.json
+opt/vmware/share/config/idm/idm.reg
+opt/vmware/share/config/idm/log4j2.xml
+opt/vmware/share/config/idm/server.policy
+opt/vmware/share/config/idm/ssoconfig.log4j2.xml
+opt/vmware/share/config/saslvmdird.conf
+opt/vmware/share/config/setfirewallrules.py
+opt/vmware/share/config/vmca.reg
+opt/vmware/share/config/vmcad-syslog-ng.conf
+opt/vmware/share/config/vmdir-rest.json
+opt/vmware/share/config/vmdir.reg
+opt/vmware/share/config/vmdird-syslog-ng.conf
+opt/vmware/share/config/vmdirschema.ldif
+opt/vmware/share/config/vmdns.reg
+opt/vmware/share/config/vmdnsd-syslog-ng.conf
+opt/vmware/vmware-sts/bin/setenv.sh
+opt/vmware/vmware-sts/bin/vmware-identity-tomcat-extensions.jar
+opt/vmware/vmware-sts/conf/catalina.policy
+opt/vmware/vmware-sts/conf/catalina.properties
+opt/vmware/vmware-sts/conf/context.xml
+opt/vmware/vmware-sts/conf/logging.properties
+opt/vmware/vmware-sts/conf/server.xml
+opt/vmware/vmware-sts/conf/tomcat-users.xml
+opt/vmware/vmware-sts/conf/web.xml
+opt/vmware/vmware-sts/webapps/ROOT.war
+opt/vmware/vmware-sts/webapps/lightwaveui.war
\ No newline at end of file
diff --git a/build/package/debian/lightwave-server.postinst b/build/package/debian/lightwave-server.postinst
new file mode 100644
index 000000000..21699ebec
--- /dev/null
+++ b/build/package/debian/lightwave-server.postinst
@@ -0,0 +1,173 @@
+#!/bin/sh
+# postinst script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+/sbin/ldconfig
+
+SERVICE_DIR=/lib/systemd/system
+SASL2_PLUGIN_DIR=/usr/lib/x86_64-linux-gnu/sasl2
+DATA_DIR=/opt/vmware/share
+LOG_DIR=/var/log/lightwave
+LOG_CONF_DIR=/etc/syslog-ng/lightwave.conf.d
+VMCA_DB_DIR=/var/lib/vmware/vmca
+VMDIR_DB_DIR=/var/lib/vmware/vmdir
+LIKEWISE_BIN_DIR=/opt/likewise/bin
+
+
+# config
+
+/bin/systemctl enable firewall.service >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    /bin/ln -s lib/systemd/system/firewall.service /etc/systemd/system/multi-user.target.wants/firewall.service
+fi
+
+/bin/systemctl >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+    /bin/systemctl daemon-reload
+fi
+/bin/systemctl start firewall.service
+
+# vmdir
+
+/bin/mkdir -m 700 -p $VMDIR_DB_DIR
+
+if [ -e $SASL2_PLUGIN_DIR/vmdird.conf ]; then
+    /bin/rm $SASL2_PLUGIN_DIR/vmdird.conf
+fi
+
+# add vmdird.conf to sasl2 directory
+/bin/ln -s $DATA_DIR/config/saslvmdird.conf $SASL2_PLUGIN_DIR/vmdird.conf
+
+/bin/mkdir -m 755 -p $LOG_CONF_DIR
+if [ -e $LOG_CONF_DIR/vmdird-syslog-ng.conf ]; then
+    /bin/rm $LOG_CONF_DIR/vmdird-syslog-ng.conf
+fi
+/bin/ln -s $DATA_DIR/config/vmdird-syslog-ng.conf $LOG_CONF_DIR/vmdird-syslog-ng.conf
+
+# vmdns
+
+/bin/mkdir -m 755 -p $LOG_DIR
+/bin/mkdir -m 755 -p $LOG_CONF_DIR
+if [ -e $LOG_CONF_DIR/vmdnsd-syslog-ng.conf ]; then
+    /bin/rm $LOG_CONF_DIR/vmdnsd-syslog-ng.conf
+fi
+/bin/ln -s $DATA_DIR/config/vmdnsd-syslog-ng.conf $LOG_CONF_DIR/vmdnsd-syslog-ng.conf
+
+# vmca
+
+/bin/mkdir -m 700 -p $VMCA_DB_DIR
+/bin/mkdir -m 755 -p $LOG_DIR
+/bin/mkdir -m 755 -p $LOG_CONF_DIR
+if [ -e $LOG_CONF_DIR/vmcad-syslog-ng.conf ]; then
+    /bin/rm $LOG_CONF_DIR/vmcad-syslog-ng.conf
+fi
+/bin/ln -s $DATA_DIR/config/vmcad-syslog-ng.conf $LOG_CONF_DIR/vmcad-syslog-ng.conf
+
+case "$1" in
+    configure)
+
+            #
+            # New Installation
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdir.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdns.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmca.reg
+                $LIKEWISE_BIN_DIR/lwsm -q refresh
+                sleep 2
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    /opt/likewise/sbin/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdir.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmdns.reg
+                $LIKEWISE_BIN_DIR/lwregshell import $DATA_DIR/config/vmca.reg
+                if [ $started_lwregd = true ]; then
+                    kill -TERM `pidof lwregd`
+                    wait
+                fi
+            fi
+
+        /bin/systemctl enable vmware-stsd.service >/dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            /bin/ln -s /lib/systemd/system/vmware-stsd.service /etc/systemd/system/multi-user.target.wants/vmware-stsd.service
+        fi
+        /bin/systemctl >/dev/null 2>&1
+        if [ $? -eq 0 ]; then
+            /bin/systemctl daemon-reload
+        fi
+
+
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+if [ -x $LIKEWISE_BIN_DIR/lwregshell ]
+then
+    $LIKEWISE_BIN_DIR/lwregshell list_keys "[HKEY_THIS_MACHINE\Software\VMware\Identity]" > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        # add key if not exist
+        $LIKEWISE_BIN_DIR/lwregshell add_key "[HKEY_THIS_MACHINE\Software]"
+        $LIKEWISE_BIN_DIR/lwregshell add_key "[HKEY_THIS_MACHINE\Software\VMware]"
+        $LIKEWISE_BIN_DIR/lwregshell add_key "[HKEY_THIS_MACHINE\Software\VMware\Identity]"
+    fi
+
+    $LIKEWISE_BIN_DIR/lwregshell list_values "[HKEY_THIS_MACHINE\Software\VMware\Identity]" | grep "Release" > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        # add value if not exist
+        $LIKEWISE_BIN_DIR/lwregshell add_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Release" REG_SZ "Lightwave"
+    fi
+
+    $LIKEWISE_BIN_DIR/lwregshell list_values "[HKEY_THIS_MACHINE\Software\VMware\Identity]" | grep "Version" > /dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        # add value if not exist
+        $LIKEWISE_BIN_DIR/lwregshell add_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Version" REG_SZ "1.3.0"
+    else
+        # set value if exists
+        $LIKEWISE_BIN_DIR/lwregshell set_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Version" "1.3.0"
+    fi
+fi
+
+echo "Lightwave server installed.."
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-server.postrm b/build/package/debian/lightwave-server.postrm
new file mode 100644
index 000000000..d1839abd9
--- /dev/null
+++ b/build/package/debian/lightwave-server.postrm
@@ -0,0 +1,53 @@
+#!/bin/sh
+# postrm script for lightwave
+#
+# see: dh_installdeb(1)
+
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+LIKEWISE_BIN_DIR=/opt/likewise/bin
+SASL2_PLUGIN_DIR=/usr/lib/x86_64-linux-gnu/sasl2
+
+/sbin/ldconfig
+
+case "$1" in
+    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+
+        if [ -x $LIKEWISE_BIN_DIR/lwregshell ]
+        then
+            $LIKEWISE_BIN_DIR/lwregshell list_keys "[HKEY_THIS_MACHINE\Software\VMware\Identity]" > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                # delete key if exist
+                $LIKEWISE_BIN_DIR/lwregshell delete_tree "[HKEY_THIS_MACHINE\Software\VMware\Identity]"
+            fi
+        fi
+
+        if [ -e $SASL2_PLUGIN_DIR/vmdird.conf ]; then
+            /bin/rm $SASL2_PLUGIN_DIR/vmdird.conf
+    fi
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-server.preinst b/build/package/debian/lightwave-server.preinst
new file mode 100644
index 000000000..a4ad1abbc
--- /dev/null
+++ b/build/package/debian/lightwave-server.preinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+# preinst script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    install|upgrade)
+
+    /bin/systemctl >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        if [ -z "`pidof lwsmd`" ]; then
+            /bin/systemctl start lwsmd
+        fi
+    fi
+    ;;
+
+    abort-upgrade)
+    ;;
+
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/lightwave-server.prerm b/build/package/debian/lightwave-server.prerm
new file mode 100644
index 000000000..bb9a24c8b
--- /dev/null
+++ b/build/package/debian/lightwave-server.prerm
@@ -0,0 +1,100 @@
+#!/bin/sh
+# prerm script for lightwave
+#
+# see: dh_installdeb(1)
+
+# summary of how this script can be called:
+#        * <prerm> `remove'
+#        * <old-prerm> `upgrade' <new-version>
+#        * <new-prerm> `failed-upgrade' <old-version>
+#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+#        * <deconfigured's-prerm> `deconfigure' `in-favour'
+#          <package-being-installed> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+LIKEWISE_BIN_DIR=/opt/likewise/bin
+LOG_CONF_DIR=/etc/syslog-ng/lightwave.conf.d
+
+case "$1" in
+    remove|deconfigure)
+
+            #
+            # Uninstall
+            #
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                 if [ -f /etc/systemd/system/vmware-stsd.service ]; then
+                     /bin/systemctl stop vmware-stsd.service
+                     /bin/systemctl disable vmware-stsd.service
+                     /bin/rm -f /etc/systemd/system/vmware-stsd.service
+                     /bin/systemctl daemon-reload
+                 fi
+            fi
+
+           $LIKEWISE_BIN_DIR/lwsm info vmca > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                echo "Stopping the Certificate Authority Service..."
+               $LIKEWISE_BIN_DIR/lwsm stop vmca
+                echo "Removing service configuration..."
+               $LIKEWISE_BIN_DIR/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmca'
+                echo "Restarting service control manager..."
+                /bin/systemctl restart lwsmd
+                sleep 2
+                echo "Autostart services..."
+               $LIKEWISE_BIN_DIR/lwsm autostart
+            fi
+
+           $LIKEWISE_BIN_DIR/lwsm info vmdir > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+               $LIKEWISE_BIN_DIR/lwsm stop vmdir
+               $LIKEWISE_BIN_DIR/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmdir'
+                /bin/systemctl restart lwsmd
+               $LIKEWISE_BIN_DIR/lwsm autostart
+            fi
+
+           $LIKEWISE_BIN_DIR/lwsm info vmdns > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+               $LIKEWISE_BIN_DIR/lwsm stop vmdns
+               $LIKEWISE_BIN_DIR/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmdns'
+                /bin/systemctl restart lwsmd
+               $LIKEWISE_BIN_DIR/lwsm autostart
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                 if [ -f /etc/systemd/system/firewall.service ]; then
+                     /bin/systemctl stop firewall.service
+                     /bin/systemctl disable firewall.service
+                     /bin/rm -f /etc/systemd/system/firewall.service
+                     /bin/systemctl daemon-reload
+                 fi
+            fi
+
+            if [ -h $LOG_CONF_DIR/vmdird-syslog-ng.conf ]; then
+                /bin/rm -f $LOG_CONF_DIR/vmdird-syslog-ng.conf
+            fi
+            if [ -h $LOG_CONF_DIR/vmcad-syslog-ng.conf ]; then
+                /bin/rm -f $LOG_CONF_DIR/vmcad-syslog-ng.conf
+            fi
+            if [ -h $LOG_CONF_DIR/vmdnsd-syslog-ng.conf ]; then
+                /bin/rm -f $LOG_CONF_DIR/vmdnsd-syslog-ng.conf
+            fi
+    ;;
+
+    failed-upgrade)
+    ;;
+
+    *)
+        echo "prerm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/build/package/debian/rules b/build/package/debian/rules
new file mode 100755
index 000000000..cd63e0faa
--- /dev/null
+++ b/build/package/debian/rules
@@ -0,0 +1,116 @@
+#!/usr/bin/make -f
+#-*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+DESTDIR=$(CURDIR)/debian/tmp
+
+DDEBUG=`if (echo $(DEB_BUILD_OPTIONS) | grep -q debug) then \
+		echo "--enable-debug"; \
+	else \
+		echo ""; \
+	fi`
+
+export DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
+export DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+export CFLAGS += -Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare 
+
+configure: configure-stamp
+configure-stamp:
+	dh_testdir
+	dh_autoreconf --as-needed
+	dh_autotools-dev_updateconfig
+	../../configure     \
+		LDFLAGS=-ldl \
+		LIBS=-ldl \
+		STAGEDIR=$(DESTDIR) \
+		--prefix=/opt/vmware \
+		--libdir=/opt/vmware/lib64 \
+		--localstatedir=/var/lib/vmware \
+		--with-vmevent=$(DESTDIR)/opt/vmware \
+		--with-vmdir=$(DESTDIR)/opt/vmware \
+		--with-vmdns=$(DESTDIR)/opt/vmware \
+		--with-afd=$(DESTDIR)/opt/vmware \
+		--with-vmca=$(DESTDIR)/opt/vmware \
+		--with-sts=$(DESTDIR)/opt/vmware \
+		--with-oidc=$(DESTDIR)/opt/vmware \
+		--with-likewise=/opt/likewise \
+		--with-logdir=/var/log/lightwave \
+		--with-ssl=/usr \
+		--with-sqlite=/usr \
+		--with-jansson=/usr \
+		--with-copenapi=/usr \
+		--with-java=/usr/lib/jvm/default-java \
+		--with-maven=/usr/share/maven \
+		--with-ant=/usr/share/ant \
+		--with-boost=/usr \
+		--with-python=/usr \
+		--with-sasl-include=/usr/include \
+		--with-sasl-libs=/usr/lib/x86_64-linux-gnu \
+		--with-sasl-plugins=/usr/lib/x86_64-linux-gnu/sasl2 \
+		--with-config=./config \
+		--with-version="1.3.0" \
+		--with-datastore=mdb \
+		--enable-server=yes \
+		--enable-krb5-default=yes \
+		--enable-lightwave-build=yes \
+		--enable-rest=no \
+		--enable-debug=yes \
+		ac_cv_header_vmevent=yes \
+		ac_cv_header_vmdirclient_h=yes \
+		ac_cv_lib_vmdirclient_VmDirSetupHostInstance=yes \
+		ac_cv_lib_vmdirclient_VmDirConnectionOpen=yes \
+		ac_cv_header_vmdns_h=yes \
+		ac_cv_lib_vmdnsclient_VmDnsOpenServerA=yes \
+		ac_cv_header_vmafdclient_h=yes \
+		ac_cv_lib_vmafdclient_VmAfdGetDomainNameA=yes \
+		ac_cv_header_vmca_h=yes \
+		ac_cv_lib_vmcaclient_VMCACreateSelfSignedCertificateA=yes
+
+	touch $@
+
+build-arch: build-stamp
+build-indep: build-stamp
+
+build: build-arch build-indep
+build-stamp: configure
+	dh_testdir
+	$(MAKE)
+	touch $@
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f configure-stamp build-stamp
+	rm -f config.log config.h
+	[ ! -f Makefile ] || $(MAKE) distclean
+	rm -f config.h
+	dh_autotools-dev_restoreconfig
+	dh_autoreconf_clean
+	dh_clean
+
+install: build
+	dh_testdir
+	dh_testroot
+
+	$(MAKE) install DESTDIR=$(DESTDIR)
+
+binary-arch: build install
+	dh_testdir
+	dh_testroot
+	dh_install -a --sourcedir=$(DESTDIR)
+	dh_installman -a
+	dh_installdocs -a
+	dh_strip -a --dbg-package=lightwave-dbg
+	dh_compress -a
+	dh_fixperms -a
+	dh_makeshlibs -a
+	dh_installdeb -a
+	dh_gencontrol -a
+	dh_builddeb -a
+
+binary: binary-indep binary-arch
+.PHONY: build build-indep build-arch clean configure binary-indep binary-arch binary
diff --git a/build/package/rpm/lightwave.spec b/build/package/rpm/lightwave.spec
new file mode 100644
index 000000000..c36c91419
--- /dev/null
+++ b/build/package/rpm/lightwave.spec
@@ -0,0 +1,1237 @@
+Name:    lightwave
+Summary: VMware Lightwave
+Version: %{_version}
+Release: %{_patch}
+Group:   Applications/System
+Vendor:  VMware, Inc.
+License: VMware
+URL:     http://www.vmware.com
+BuildArch: x86_64
+
+Requires: openssl >= 1.0.2, coreutils >= 8.22, cyrus-sasl >= 2.1, likewise-open >= 6.2.11, gawk >= 4.1.3, boost = 1.60.0, lightwave-server = %{_version}, lightwave-client = %{_version}
+BuildRequires: openssl-devel >= 1.0.2, coreutils >= 8.22, likewise-open-devel >= 6.2.11, python2-devel >= 2.7.8, boost-devel = 1.60.0
+
+%if 0%{?fedora} >= 21
+Requires: java-1.8.0-openjdk >= 1.8.0.131, krb5-libs >= 1.14, sqlite >= 3.14, tomcat >= 8.5.16, apache-commons-daemon >= 1.0.15, apache-commons-daemon-jsvc >= 1.0.15
+BuildRequires: java-1.8.0-openjdk >= 1.8.0.131, ant >= 1.9.4, maven >= 3.3.9
+%else
+Requires: openjre >= 1.8.0.131, krb5 >= 1.14, sqlite-autoconf >= 3.14, apache-tomcat >= 8.5.16, commons-daemon >= 1.0.15
+BuildRequires: openjdk >= 1.8.0.131, apache-ant >= 1.9.4, apache-maven >= 3.3.9
+%endif
+
+%description
+VMware Lightwave Server
+
+#
+# The _unpackaged_files_terminate_build macro, if set to 1,
+# tells rpmbuild to exit if it finds files that are in the
+# $RPM_BUILD_ROOT directory but not listed as part of the
+# package.
+#
+# Set this macro to 0 to turn off the Fascist build policy
+#
+%define _unpackaged_files_terminate_build 0
+
+%define _jarsdir %{_prefix}/jars
+%define _bindir %{_prefix}/bin
+%define _webappsdir %{_prefix}/vmware-sts/webapps
+%define _configdir %{_prefix}/share/config
+%define _servicedir /lib/systemd/system
+
+%if 0%{?_likewise_open_prefix:1} == 0
+%define _likewise_open_prefix /opt/likewise
+%endif
+
+%define _likewise_open_bindir %{_likewise_open_prefix}/bin
+%define _likewise_open_sbindir %{_likewise_open_prefix}/sbin
+
+%if 0%{?_javahome:1} == 0
+%define _javahome %{_javahome}
+%endif
+
+%if 0%{?_vmdir_prefix:1} == 0
+%define _vmdir_prefix /opt/vmware
+%endif
+
+%if 0%{?_vmafd_prefix:1} == 0
+%define _vmafd_prefix /opt/vmware
+%endif
+
+%if 0%{?_vmca_prefix:1} == 0
+%define _vmca_prefix /opt/vmware
+%endif
+
+%if 0%{?_vmdns_prefix:1} == 0
+%define _vmdns_prefix /opt/vmware
+%endif
+
+%if 0%{?_vmsts_prefix:1} == 0
+%define _vmsts_prefix /opt/vmware
+%endif
+
+%if 0%{?_sasl_prefix:1} == 0
+%define _sasl_prefix /usr
+%endif
+
+%if 0%{?_krb5_prefix:1} == 0
+%define _krb5_prefix /usr
+%endif
+
+%if 0%{?_vmevent_prefix:1} == 0
+%define _vmevent_prefix /opt/vmware
+%endif
+
+%if 0%{?_jansson_prefix:1} == 0
+%define _jansson_prefix /usr
+%endif
+
+%if 0%{?_copenapi_prefix:1} == 0
+%define _copenapi_prefix /usr
+%endif
+
+%if 0%{?_oidc_prefix:1} == 0
+%define _oidc_prefix /opt/vmware
+%endif
+
+%define _sasl2dir %{_sasl_prefix}/lib64/sasl2
+%define _krb5_lib_dir %{_krb5_prefix}/lib64
+%define _krb5_gss_conf_dir /etc/gss
+%define _logdir /var/log/lightwave
+%define _logconfdir /etc/syslog-ng/lightwave.conf.d
+%define _pymodulesdir /opt/vmware/site-packages/identity
+%define _jreextdir %{_javahome}/jre/lib/ext
+
+%define _post_dbdir   %{_localstatedir}/post
+%define _vmca_dbdir   %{_localstatedir}/vmca
+%define _vmdir_dbdir  %{_localstatedir}/vmdir
+%define _vmafd_dbdir  %{_localstatedir}/vmafd
+%define _vmsts_dbdir  %{_localstatedir}/vmsts
+
+%define _vecsdir %{_vmafd_dbdir}/vecs
+%define _crlsdir %{_vmafd_dbdir}/crl
+
+%package client
+Summary: Lightwave Client
+Requires: openssl >= 1.0.2, coreutils >= 8.22, cyrus-sasl >= 2.1, likewise-open >= 6.2.11, gawk >= 4.1.3, boost = 1.60.0
+%if 0%{?fedora} >= 21
+Requires: krb5-libs >= 1.14, sqlite >= 3.14
+%else
+Requires: krb5 >= 1.14, sqlite-autoconf >= 3.14
+%endif
+%description client
+Client libraries to communicate with Lightwave services
+
+%package server
+Summary: Lightwave Server
+Requires: lightwave-client = %{_version}
+%description server
+Lightwave services
+
+%package devel
+Summary: Lightwave Client Development Library
+Requires: lightwave-client = %{_version}
+%description devel
+Development libraries to communicate with Lightwave services
+
+%package post
+Summary: Lightwave POST Service
+Requires: lightwave-client >= %{_version}
+%description post
+Lightwave POST service
+
+%pre
+
+    # First argument is 1 => New Installation
+    # First argument is 2 => Upgrade
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            if [ ! -d %{_backupdir} ];
+            then
+                /bin/mkdir "%{_backupdir}"
+            fi
+            /bin/cp "%{_prefix}/vmware-sts/conf/server.xml" "%{_backupdir}/server.xml"
+            ;;
+    esac
+
+
+%pre server
+
+    # First argument is 1 => New Installation
+    # First argument is 2 => Upgrade
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                # Not in chroot
+                if [ -z "`pidof lwsmd`" ]; then
+                    /bin/systemctl >/dev/null 2>&1
+                    if [ $? -ne 0 ]; then
+                        /bin/systemctl start lwsmd
+                    fi
+                fi
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            ;;
+
+    esac
+
+%pre client
+    # First argument is 1 => New Installation
+    # First argument is 2 => Upgrade
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                if [ -z "`pidof lwsmd`" ]; then
+                    /bin/systemctl start lwsmd
+                fi
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%pre post
+
+    # First argument is 1 => New Installation
+    # First argument is 2 => Upgrade
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                if [ -z "`pidof lwsmd`" ]; then
+                    /bin/systemctl start lwsmd
+                fi
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%post
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            /bin/systemctl enable vmware-stsd.service >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                /bin/ln -s /lib/systemd/system/vmware-stsd.service /etc/systemd/system/multi-user.target.wants/vmware-stsd.service
+            fi
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                /bin/systemctl daemon-reload
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            %{_sbindir}/configure-build.sh "%{_backupdir}"
+            ;;
+    esac
+
+    if [ -x "%{_lwisbindir}/lwregshell" ]
+    then
+        %{_lwisbindir}/lwregshell list_keys "[HKEY_THIS_MACHINE\Software\VMware\Identity]" > /dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            # add key if not exist
+            %{_lwisbindir}/lwregshell add_key "[HKEY_THIS_MACHINE\Software\VMware\Identity]"
+        fi
+
+        %{_lwisbindir}/lwregshell list_values "[HKEY_THIS_MACHINE\Software\VMware\Identity]" | grep "Release" > /dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            # add value if not exist
+            %{_lwisbindir}/lwregshell add_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Release" REG_SZ "Lightwave"
+        fi
+
+        %{_lwisbindir}/lwregshell list_values "[HKEY_THIS_MACHINE\Software\VMware\Identity]" | grep "Version" > /dev/null 2>&1
+        if [ $? -ne 0 ]; then
+            # add value if not exist
+            %{_lwisbindir}/lwregshell add_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Version" REG_SZ "%{_version}"
+        else
+            # set value if exists
+            %{_lwisbindir}/lwregshell set_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Version" "%{_version}"
+        fi
+    fi
+
+%post server
+
+    # First argument is 1 => New Installation
+    # First argument is 2 => Upgrade
+
+    /sbin/ldconfig
+
+    # start the firewall service
+    /bin/systemctl restart firewall.service
+    if [ $? -ne 0 ]; then
+        echo "Firewall service not restarted"
+    fi
+    # vmdir
+
+    /bin/mkdir -m 700 -p %{_vmdir_dbdir}
+
+    if [ -a %{_sasl2dir}/vmdird.conf ]; then
+        /bin/rm %{_sasl2dir}/vmdird.conf
+    fi
+
+    # add vmdird.conf to sasl2 directory
+    /bin/ln -s %{_datadir}/config/saslvmdird.conf %{_sasl2dir}/vmdird.conf
+
+    /bin/mkdir -m 755 -p %{_logconfdir}
+    if [ -a %{_logconfdir}/vmdird-syslog-ng.conf ]; then
+        /bin/rm %{_logconfdir}/vmdird-syslog-ng.conf
+    fi
+    /bin/ln -s %{_datadir}/config/vmdird-syslog-ng.conf %{_logconfdir}/vmdird-syslog-ng.conf
+
+# vmdns
+
+    /bin/mkdir -m 755 -p %{_logdir}
+    /bin/mkdir -m 755 -p %{_logconfdir}
+    if [ -a %{_logconfdir}/vmdnsd-syslog-ng.conf ]; then
+        /bin/rm %{_logconfdir}/vmdnsd-syslog-ng.conf
+    fi
+    /bin/ln -s %{_datadir}/config/vmdnsd-syslog-ng.conf %{_logconfdir}/vmdnsd-syslog-ng.conf
+
+# vmca
+
+    /bin/mkdir -m 700 -p %{_vmca_dbdir}
+    /bin/mkdir -m 755 -p %{_logdir}
+    /bin/mkdir -m 755 -p %{_logconfdir}
+    if [ -a %{_logconfdir}/vmcad-syslog-ng.conf ]; then
+        /bin/rm %{_logconfdir}/vmcad-syslog-ng.conf
+    fi
+    /bin/ln -s %{_datadir}/config/vmcad-syslog-ng.conf %{_logconfdir}/vmcad-syslog-ng.conf
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmca.reg
+                %{_likewise_open_bindir}/lwsm -q refresh
+                sleep 5
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    %{_likewise_open_sbindir}/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmca.reg
+                if [ $started_lwregd = true ]; then
+                    kill -TERM `pidof lwregd`
+                    wait
+                fi
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdir.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmca.reg
+                %{_likewise_open_bindir}/lwsm -q refresh
+                sleep 5
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    %{_likewise_open_sbindir}/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdir.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmca.reg
+                if [ $started_lwregd = true ]; then
+                    kill -TERM `pidof lwregd`
+                    wait
+                fi
+            fi
+            ;;
+    esac
+
+%post client
+
+    # First argument is 1 => New Installation
+    # First argument is 2 => Upgrade
+
+    # config firewall service for server/post
+
+    /bin/systemctl enable firewall.service >/dev/null 2>&1
+    if [ $? -ne 0 ]; then
+        /bin/ln -s %{_servicedir}/firewall.service /etc/systemd/system/multi-user.target.wants/firewall.service
+    fi
+
+    /bin/systemctl >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        /bin/systemctl daemon-reload
+    fi
+    /bin/systemctl restart firewall.service
+
+    /bin/mkdir -m 755 -p %{_logdir}
+
+    SRP_MECH_OID="1.2.840.113554.1.2.10"
+    UNIX_MECH_OID="1.3.6.1.4.1.6876.11711.2.1.2"
+
+    # add libgssapi_srp.so to GSSAPI plugin directory
+    if [ ! -h %{_krb5_lib_dir}/gss/libgssapi_srp.so ]; then
+        /bin/ln -s %{_lib64dir}/libgssapi_srp.so %{_krb5_lib_dir}/gss/libgssapi_srp.so
+    fi
+
+    # Add GSSAPI SRP plugin configuration to GSS mech file
+    if [ -f %{_krb5_gss_conf_dir}/mech ]; then
+        if [ `grep -c  "$SRP_MECH_OID" %{_krb5_gss_conf_dir}/mech` -lt 1 ]; then
+            echo "srp $SRP_MECH_OID libgssapi_srp.so" >> %{_krb5_gss_conf_dir}/mech
+        fi
+    fi
+
+    # Add GSSAPI UNIX plugin configuration to GSS mech file
+    if [ -f %{_krb5_gss_conf_dir}/mech ]; then
+        if [ `grep -c  "$UNIX_MECH_OID" %{_krb5_gss_conf_dir}/mech` -lt 1 ]; then
+            echo "#unix  $UNIX_MECH_OID libgssapi_unix.so" >> %{_krb5_gss_conf_dir}/mech
+        fi
+    fi
+
+    # Restore commented out NTLM mech oid if found
+    if [ `grep -c  "#ntlm " %{_krb5_gss_conf_dir}/mech` -ge 1 ]; then
+        /bin/mv %{_krb5_gss_conf_dir}/mech %{_krb5_gss_conf_dir}/mech-$$
+        /bin/cat %{_krb5_gss_conf_dir}/mech-$$ | sed 's|^#ntlm|ntlm|' > %{_krb5_gss_conf_dir}/mech
+        if [ -s %{_krb5_gss_conf_dir}/mech ]; then
+            /bin/rm %{_krb5_gss_conf_dir}/mech-$$
+        fi
+    fi
+
+    /bin/mkdir -m 700 -p %{_vmafd_dbdir}
+    /bin/mkdir -m 700 -p %{_vecsdir}
+    /bin/mkdir -m 700 -p %{_crlsdir}
+
+    /bin/mkdir -m 755 -p %{_logdir}
+    /bin/mkdir -m 755 -p %{_logconfdir}
+    if [ -a %{_logconfdir}/vmafdd-syslog-ng.conf ]; then
+        /bin/rm %{_logconfdir}/vmafdd-syslog-ng.conf
+    fi
+    /bin/ln -s %{_datadir}/config/vmafdd-syslog-ng.conf %{_logconfdir}/vmafdd-syslog-ng.conf
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmafd.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir-client.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns-client.reg
+                %{_likewise_open_bindir}/lwsm -q refresh
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    %{_likewise_open_sbindir}/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmafd.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir-client.reg
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns-client.reg
+                if [ $started_lwregd = true ]; then
+                    kill `pidof lwregd`
+                    wait
+                fi
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmafd.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdir-client.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns-client.reg
+                %{_likewise_open_bindir}/lwsm -q refresh
+                sleep 5
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    %{_likewise_open_sbindir}/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmafd.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdir-client.reg
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns-client.reg
+                if [ $started_lwregd = true ]; then
+                    kill `pidof lwregd`
+                    wait
+                fi
+            fi
+            ;;
+    esac
+
+%post post
+
+    # start the firewall service
+    /bin/systemctl restart firewall.service
+    if [ $? -ne 0 ]; then
+        echo "Firewall service not restarted"
+    fi
+
+    # make post db directory
+    /bin/mkdir -m 700 -p %{_post_dbdir}
+
+    if [ -a %{_sasl2dir}/postd.conf ]; then
+        /bin/rm %{_sasl2dir}/postd.conf
+    fi
+
+    # add postd.conf to sasl2 directory
+    /bin/ln -s %{_datadir}/config/saslpostd.conf %{_sasl2dir}/postd.conf
+
+    /bin/mkdir -m 755 -p %{_logdir}
+    /bin/mkdir -m 755 -p %{_logconfdir}
+    if [ -a %{_logconfdir}/postd-syslog-ng.conf ]; then
+        /bin/rm %{_logconfdir}/postd-syslog-ng.conf
+    fi
+    /bin/ln -s %{_datadir}/config/postd-syslog-ng.conf %{_logconfdir}/postd-syslog-ng.conf
+
+    case "$1" in
+        1)
+            #
+            # New Installation
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/post.reg
+                %{_likewise_open_bindir}/lwsm -q refresh
+                sleep 5
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    %{_likewise_open_sbindir}/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/post.reg
+                if [ $started_lwregd = true ]; then
+                    kill -TERM `pidof lwregd`
+                    wait
+                fi
+            fi
+            ;;
+
+        2)
+            #
+            # Upgrade
+            #
+            try_starting_lwregd_svc=true
+
+            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -ne 0 ]; then
+                try_starting_lwregd_svc=false
+            fi
+
+            if [ $try_starting_lwregd_svc = true ]; then
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/post.reg
+                %{_likewise_open_bindir}/lwsm -q refresh
+                sleep 5
+            else
+                started_lwregd=false
+                if [ -z "`pidof lwregd`" ]; then
+                    echo "Starting lwregd"
+                    %{_likewise_open_sbindir}/lwregd &
+                    started_lwregd=true
+                    sleep 5
+                fi
+                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/post.reg
+                if [ $started_lwregd = true ]; then
+                    kill -TERM `pidof lwregd`
+                    wait
+                fi
+            fi
+            ;;
+    esac
+
+%preun
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                 if [ -f /etc/systemd/system/vmware-stsd.service ]; then
+                     /bin/systemctl stop vmware-stsd.service
+                     /bin/systemctl disable vmware-stsd.service
+                     /bin/rm -f /etc/systemd/system/vmware-stsd.service
+                     /bin/systemctl daemon-reload
+                 fi
+            fi
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%preun server
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+
+            %{_likewise_open_bindir}/lwsm info vmca > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                %{_likewise_open_bindir}/lwsm stop vmca
+                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmca'
+            fi
+
+            %{_likewise_open_bindir}/lwsm info vmdir > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                %{_likewise_open_bindir}/lwsm stop vmdir
+                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmdir'
+            fi
+
+            %{_likewise_open_bindir}/lwsm info vmdns > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                %{_likewise_open_bindir}/lwsm stop vmdns
+                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmdns'
+            fi
+
+            /bin/systemctl restart lwsmd
+            sleep 5
+
+            if [ -h %{_logconfdir}/vmdird-syslog-ng.conf ]; then
+                /bin/rm -f %{_logconfdir}/vmdird-syslog-ng.conf
+            fi
+            if [ -h %{_logconfdir}/vmcad-syslog-ng.conf ]; then
+                /bin/rm -f %{_logconfdir}/vmcad-syslog-ng.conf
+            fi
+            if [ -h %{_logconfdir}/vmdnsd-syslog-ng.conf ]; then
+                /bin/rm -f %{_logconfdir}/vmdnsd-syslog-ng.conf
+            fi
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%preun client
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+            %{_likewise_open_bindir}/lwsm info vmafd > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                %{_likewise_open_bindir}/lwsm stop vmafd
+                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmafd'
+                /bin/systemctl restart lwsmd
+                sleep 5
+            fi
+
+            /bin/systemctl >/dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                 if [ -f /etc/systemd/system/firewall.service ]; then
+                     /bin/systemctl stop firewall.service
+                     /bin/systemctl disable firewall.service
+                     /bin/rm -f /etc/systemd/system/multi-user.target.wants/firewall.service
+                     /bin/systemctl daemon-reload
+                 fi
+            fi
+
+            if [ -h %{_logconfdir}/vmafdd-syslog-ng.conf ]; then
+                /bin/rm -f %{_logconfdir}/vmafdd-syslog-ng.conf
+            fi
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%preun post
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+            %{_likewise_open_bindir}/lwsm info post > /dev/null 2>&1
+            if [ $? -eq 0 ]; then
+                %{_likewise_open_bindir}/lwsm stop post
+                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\post'
+                /bin/systemctl restart lwsmd
+                sleep 5
+            fi
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%postun
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    /sbin/ldconfig
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+
+            if [ -x "%{_lwisbindir}/lwregshell" ]
+            then
+                %{_lwisbindir}/lwregshell list_keys "[HKEY_THIS_MACHINE\Software\VMware\Identity]" > /dev/null 2>&1
+                if [ $? -eq 0 ]; then
+                    # delete key if exist
+                    %{_lwisbindir}/lwregshell delete_tree "[HKEY_THIS_MACHINE\Software\VMware\Identity]"
+                fi
+            fi
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%postun server
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    /sbin/ldconfig
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+            if [ -f %{_vmdir_dbdir}/data.mdb ]; then
+                # backup db if exists
+                mv %{_vmdir_dbdir}/data.mdb %{_vmdir_dbdir}/data.mdb.bak
+            fi
+
+            echo "Existing database files kept at [%{_vmdir_dbdir}]."
+
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+    if [ -a %{_sasl2dir}/vmdird.conf ]; then
+        /bin/rm %{_sasl2dir}/vmdird.conf
+    fi
+
+%postun client
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    /sbin/ldconfig
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+
+            # Un-configure SRP/UNIX mech authentication plugins
+            SRP_MECH_OID="1.2.840.113554.1.2.10"
+            UNIX_MECH_OID="1.3.6.1.4.1.6876.11711.2.1.2"
+
+            # Cleanup GSSAPI SRP symlink
+            if [ -h %{_libdir}/gss/libgssapi_srp.so ]; then
+                rm -f %{_libdir}/gss/libgssapi_srp.so
+            fi
+
+            # Cleanup GSSAPI UNIX symlink
+            if [ -h %{_libdir}/gss/libgssapi_unix.so ]; then
+                rm -f %{_libdir}/gss/libgssapi_unix.so
+            fi
+
+            # Remove GSSAPI SRP plugin configuration from GSS mech file
+            if [ -f %{_krb5_gss_conf_dir} ]; then
+                if [ `grep -c  "$SRP_MECH_OID" %{_krb5_gss_conf_dir}` -gt 0 ]; then
+                    cat %{_krb5_gss_conf_dir} | sed "/$SRP_MECH_OID/d" > "/tmp/mech-$$"
+                    if [ -s /tmp/mech-$$ ]; then
+                        mv "/tmp/mech-$$" %{_krb5_gss_conf_dir}
+                    fi
+                fi
+            fi
+
+            # Remove GSSAPI UNIX plugin configuration from GSS mech file
+            if [ -f %{_krb5_gss_conf_dir} ]; then
+                if [ `grep -c  "$UNIX_MECH_OID" %{_krb5_gss_conf_dir}` -gt 0 ]; then
+                    cat %{_krb5_gss_conf_dir} | sed "/$UNIX_MECH_OID/d" > "/tmp/mech-$$"
+                    if [ -s /tmp/mech-$$ ]; then
+                        mv "/tmp/mech-$$" %{_krb5_gss_conf_dir}
+                    fi
+                fi
+            fi
+
+            # Cleanup vmafd db and files
+            if [ -d %{_vmafd_dbdir} ]; then
+                rm -rf %{_vmafd_dbdir}
+            fi
+
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+%postun post
+
+    # First argument is 0 => Uninstall
+    # First argument is 1 => Upgrade
+
+    /sbin/ldconfig
+
+    case "$1" in
+        0)
+            #
+            # Uninstall
+            #
+            echo "Existing database files kept at [%{_post_dbdir}]."
+            ;;
+
+        1)
+            #
+            # Upgrade
+            #
+            ;;
+    esac
+
+    if [ -a %{_sasl2dir}/postd.conf ]; then
+        /bin/rm %{_sasl2dir}/postd.conf
+    fi
+
+%files
+
+%defattr(-,root,root,0755)
+
+%{_bindir}/configure-sts
+%{_bindir}/configure-identity-server
+
+%{_sbindir}/vmware-stsd.sh
+%{_sbindir}/configure-build.sh
+%{_sbindir}/sso-config.sh
+
+%{_datadir}/config/idm/*
+
+%{_jarsdir}/samlauthority.jar
+%{_jarsdir}/vmware-identity-diagnostics.jar
+%{_jarsdir}/vmware-identity-idm-server.jar
+%{_jarsdir}/vmware-identity-rest-afd-server.jar
+%{_jarsdir}/vmware-identity-rest-core-server.jar
+%{_jarsdir}/vmware-identity-rest-idm-server.jar
+%{_jarsdir}/vmware-directory-rest-server.jar
+%{_jarsdir}/vmware-identity-install.jar
+%{_jarsdir}/vmware-identity-sso-config.jar
+%{_jarsdir}/websso.jar
+%{_jarsdir}/sts.jar
+%{_jarsdir}/openidconnect-protocol.jar
+%{_jarsdir}/openidconnect-server.jar
+%{_jarsdir}/commons-lang-2.6.jar
+%{_jarsdir}/commons-logging-1.2.jar
+%{_jarsdir}/jna-4.2.1.jar
+%{_jarsdir}/httpclient-4.5.1.jar
+%{_jarsdir}/slf4j-api-1.7.25.jar
+%{_jarsdir}/log4j-api-2.8.2.jar
+%{_jarsdir}/log4j-slf4j-impl-2.8.2.jar
+%{_jarsdir}/log4j-core-2.8.2.jar
+
+%{_webappsdir}/lightwaveui.war
+%{_webappsdir}/ROOT.war
+
+%{_servicedir}/vmware-stsd.service
+
+%config %attr(600, root, root) %{_prefix}/vmware-sts/bin/setenv.sh
+%config %attr(600, root, root) %{_prefix}/vmware-sts/bin/vmware-identity-tomcat-extensions.jar
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/catalina.policy
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/catalina.properties
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/context.xml
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/logging.properties
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/server.xml
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/web.xml
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/tomcat-users.xml
+%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/vmsts-telegraf.conf
+
+%files server
+
+%defattr(-,root,root,0755)
+
+%{_bindir}/ic-promote
+%{_bindir}/configure-lightwave-server
+%{_bindir}/test-ldapbind
+%{_bindir}/test-logon
+%{_bindir}/test-svr
+%{_bindir}/vdcadmintool
+%{_bindir}/vdcbackup
+%{_bindir}/vdcleavefed
+%{_bindir}/vdcpass
+%{_bindir}/vdcrepadmin
+%{_bindir}/vdcsetupldu
+%{_bindir}/vdcsrp
+%{_bindir}/unix_srp
+%{_bindir}/vdcupgrade
+%{_bindir}/vmkdc_admin
+%{_bindir}/vdcmetric
+%{_bindir}/vdcschema
+%{_bindir}/vmdir_upgrade.sh
+%{_bindir}/vdcresetMachineActCred
+
+%{_sbindir}/vmcad
+%{_sbindir}/vmdird
+%{_sbindir}/vmdnsd
+
+%{_lib64dir}/sasl2/libsaslvmdirdb.so*
+
+%{_datadir}/config/vmca.reg
+%{_datadir}/config/vmcad-syslog-ng.conf
+%{_datadir}/config/vmca-telegraf.conf
+
+%{_datadir}/config/saslvmdird.conf
+%{_datadir}/config/vmdir.reg
+%{_datadir}/config/vmdirschema.ldif
+%{_datadir}/config/vmdird-syslog-ng.conf
+%{_datadir}/config/vmdir-rest.json
+%{_datadir}/config/vmdir-telegraf.conf
+
+%{_datadir}/config/vmdns.reg
+%{_datadir}/config/vmdns-rest.json
+%{_datadir}/config/vmdnsd-syslog-ng.conf
+%{_datadir}/config/vmdns-telegraf.conf
+
+%{_configdir}/lw-firewall-server.json
+
+
+%files client
+
+%defattr(-,root,root)
+
+%{_bindir}/ic-join
+%{_bindir}/cdc-cli
+%{_bindir}/certool
+%{_bindir}/dir-cli
+%{_bindir}/domainjoin
+%{_bindir}/domainjoin.sh
+%{_bindir}/lw-support-bundle.sh
+%{_bindir}/sl-cli
+%{_bindir}/vmafd-cli
+%{_bindir}/vmdns-cli
+%{_bindir}/vdcaclmgr
+%{_bindir}/vdcpromo
+%{_bindir}/vecs-cli
+%{_lib64dir}/libkrb5crypto.so*
+%{_lib64dir}/libcsrp.so*
+
+%{_sbindir}/vmafdd
+
+%{_lib64dir}/libvecsjni.so*
+%{_lib64dir}/libcdcjni.so*
+%{_lib64dir}/libheartbeatjni.so*
+%{_lib64dir}/libvmafcfgapi.so*
+%{_lib64dir}/libvmafdclient.so*
+%{_lib64dir}/libvmeventclient.so*
+%{_lib64dir}/libvmcaclient.so*
+%{_lib64dir}/libvmdirclient.so*
+%{_lib64dir}/libvmkdcserv.so*
+%{_lib64dir}/libgssapi_ntlm.so*
+%{_lib64dir}/libgssapi_srp.so*
+%{_lib64dir}/libgssapi_unix.so*
+%{_lib64dir}/libvmdnsclient.so*
+%{_lib64dir}/libcfgutils.so*
+%{_lib64dir}/libidm.so*
+%{_lib64dir}/libpostclient.so*
+%{_lib64dir}/libssoafdclient.so*
+%{_lib64dir}/libssocommon.so*
+%{_lib64dir}/libssocoreclient.so*
+%{_lib64dir}/libssoidmclient.so*
+%{_lib64dir}/libssooidc.so*
+%{_lib64dir}/libssovmdirclient.so*
+%{_lib64dir}/libvmdirauth.so*
+%{_lib64dir}/libvmmetrics.so*
+
+%{_datadir}/config/java.security.linux
+%{_datadir}/config/certool.cfg
+%{_datadir}/config/vmafd.reg
+%{_datadir}/config/vmdir-client.reg
+%{_datadir}/config/vmdns-client.reg
+%{_datadir}/config/vmafdd-syslog-ng.conf
+%{_datadir}/config/telegraf.conf
+%{_datadir}/config/vmafd-telegraf.conf
+
+%{_jreextdir}/vmware-endpoint-certificate-store.jar
+%{_jreextdir}/client-domain-controller-cache.jar
+%{_jreextdir}/afd-heartbeat-service.jar
+
+%{_jarsdir}/authentication-framework.jar
+%{_jarsdir}/vmware-identity-rest-idm-samples.jar
+%{_jarsdir}/vmware-vmca-client.jar
+%{_jarsdir}/samltoken.jar
+%{_jarsdir}/vmware-identity-rest-idm-common.jar
+%{_jarsdir}/vmware-directory-rest-common.jar
+%{_jarsdir}/vmware-directory-rest-client.jar
+%{_jarsdir}/vmware-identity-rest-core-common.jar
+%{_jarsdir}/vmware-identity-websso-client.jar
+%{_jarsdir}/vmware-identity-platform.jar
+%{_jarsdir}/vmware-identity-wsTrustClient.jar
+%{_jarsdir}/vmware-identity-rest-afd-common.jar
+%{_jarsdir}/openidconnect-common.jar
+%{_jarsdir}/openidconnect-client-lib.jar
+%{_jarsdir}/vmware-identity-idm-client.jar
+%{_jarsdir}/vmware-identity-idm-interface.jar
+%{_jarsdir}/vmware-identity-rest-afd-client.jar
+%{_jarsdir}/vmware-identity-rest-core-client.jar
+%{_jarsdir}/vmware-identity-rest-idm-client.jar
+
+%{_configdir}/lw-firewall-client.json
+%{_configdir}/setfirewallrules.py
+
+%{_servicedir}/firewall.service
+
+%{_sysconfdir}/vmware/java/vmware-override-java.security
+
+%files post
+
+%defattr(-,root,root)
+
+%{_sbindir}/postd
+
+%{_bindir}/postadmintool
+%{_bindir}/postaclmgr
+%{_bindir}/postschema
+%{_bindir}/post-cli
+
+%{_lib64dir}/sasl2/libsaslpostdb.so*
+
+%{_datadir}/config/saslpostd.conf
+%{_datadir}/config/postschema.ldif
+%{_datadir}/config/post-rest.json
+%{_datadir}/config/post.reg
+%{_datadir}/config/postd-syslog-ng.conf
+%{_datadir}/config/post-client.reg
+%{_datadir}/config/post-telegraf.conf
+
+%{_configdir}/lw-firewall-post.json
+
+%files devel
+
+%defattr(-,root,root)
+
+%{_includedir}/vmafd.h
+%{_includedir}/vmafdtypes.h
+%{_includedir}/vmafdclient.h
+%{_includedir}/vecsclient.h
+%{_includedir}/cdcclient.h
+%{_includedir}/vmsuperlogging.h
+%{_includedir}/vmca.h
+%{_includedir}/vmcatypes.h
+%{_includedir}/vmdir.h
+%{_includedir}/vmdirauth.h
+%{_includedir}/vmdirclient.h
+%{_includedir}/vmdirerrors.h
+%{_includedir}/vmdirtypes.h
+%{_includedir}/vmdns.h
+%{_includedir}/vmdnstypes.h
+%{_includedir}/vmmetrics.h
+
+%{_lib64dir}/libcdcjni.a
+%{_lib64dir}/libcdcjni.la
+%{_lib64dir}/libvecsjni.a
+%{_lib64dir}/libvecsjni.la
+%{_lib64dir}/libheartbeatjni.a
+%{_lib64dir}/libheartbeatjni.la
+%{_lib64dir}/libvmafdclient.a
+%{_lib64dir}/libvmafdclient.la
+%{_lib64dir}/libvmafcfgapi.a
+%{_lib64dir}/libvmafcfgapi.la
+%{_lib64dir}/libvmeventclient.a
+%{_lib64dir}/libvmeventclient.la
+%{_lib64dir}/libvmcaclient.a
+%{_lib64dir}/libvmcaclient.la
+%{_lib64dir}/libvmdirclient.a
+%{_lib64dir}/libvmdirclient.la
+%{_lib64dir}/libvmdnsclient.a
+%{_lib64dir}/libvmdnsclient.la
+%{_lib64dir}/libvmmetrics.a
+%{_lib64dir}/libvmmetrics.la
+
+%{_includedir}/oidc.h
+%{_includedir}/oidc_types.h
+%{_includedir}/ssoafdclient.h
+%{_includedir}/ssocoreclient.h
+%{_includedir}/ssoerrors.h
+%{_includedir}/ssoidmclient.h
+%{_includedir}/ssotypes.h
+%{_includedir}/ssocommon.h
+%{_includedir}/ssovmdirclient.h
+%{_includedir}/vmevent.h
+
+%exclude %{_bindir}/vdcvmdirpromo
+%exclude %{_bindir}/vmdirclienttest
+%exclude %{_bindir}/*test
+
+%exclude %{_lib64dir}/*.la
+%exclude %{_lib64dir}/*.a
+%exclude %{_lib64dir}/sasl2/*.a
+%exclude %{_lib64dir}/sasl2/*.la
+%exclude %{_lib64dir}/libcommonunittests.*
+%exclude %{_lib64dir}/libmisctests.*
+%exclude %{_lib64dir}/libmultitenancytests.*
+%exclude %{_lib64dir}/libpasswordapistests.*
+%exclude %{_lib64dir}/libsearchtests.*
+%exclude %{_lib64dir}/libsecuritydescriptortests.*
+
+%exclude %{_prefix}/site-packages/identity/*
+%exclude %{_webappsdir}/openidconnect-sample-rp.war
+
+# %doc ChangeLog README COPYING
+
+%changelog
diff --git a/config/Makefile.am b/config/Makefile.am
index decf9804b..34e23c6b0 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -3,6 +3,5 @@ ACLOCAL_AMFLAGS = -I m4
 SUBDIRS = \
     jdepends \
     cfgutils \
-    pscsetup \
     tools \
     scripts
diff --git a/config/build/Makefile.bootstrap b/config/build/Makefile.bootstrap
index 06dff3809..de94e5f0d 100644
--- a/config/build/Makefile.bootstrap
+++ b/config/build/Makefile.bootstrap
@@ -50,7 +50,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/include/config.h.in* \
     $(SRCROOT)/install-sh \
     $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
+    $(SRCROOT)/missing \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=vmware-ic-config.spec
 
diff --git a/config/build/ant/defaults.xml b/config/build/ant/defaults.xml
index cb50e3d7a..3b6949b27 100644
--- a/config/build/ant/defaults.xml
+++ b/config/build/ant/defaults.xml
@@ -67,7 +67,7 @@
    <!-- - - - - - build directories - - - - - -->
 
    <!-- map from GoBuild-style (all uppercase) to local style names -->
-   <property name="BUILD_ROOT" location="../../build/${PRODUCT_NAME}" />
+   <property name="BUILD_ROOT" location="${build_dir}/${PRODUCT_NAME}" />
    <property name="buildRoot" location="${BUILD_ROOT}" />
 
    <property name="PUBLISH_DIR" location="${buildRoot}/publish" />
diff --git a/config/build/ant/libraries.xml b/config/build/ant/libraries.xml
index 7a6ffda53..22a5b5ca0 100644
--- a/config/build/ant/libraries.xml
+++ b/config/build/ant/libraries.xml
@@ -5,28 +5,28 @@
    <!-- - - - - - Ant Task Libraries - - - - - -->
 
    <property name="libs.ant-contrib-home"
-             location="/var/opt/ant-contrib" />
-
-   <fileset id="jar-set.LOG4J2" dir="${MAINSRCROOT}/build/depends">
-        <include name="log4j-1.2-api-2.0.2.jar"/>
-        <include name="log4j-api-2.2.jar"/>
-        <include name="log4j-core-2.2.jar"/>
-        <include name="log4j-slf4j-impl-2.2.jar"/>
-        <include name="slf4j-api-1.7.10.jar"/>
-        <include name="jcl-over-slf4j-1.7.10.jar"/>
+             location="${ant.home}" />
+
+   <fileset id="jar-set.LOG4J2" dir="${build_dir}/depends">
+        <include name="log4j-1.2-api-2.8.2.jar"/>
+        <include name="log4j-api-2.8.2.jar"/>
+        <include name="log4j-core-2.8.2.jar"/>
+        <include name="log4j-slf4j-impl-2.8.2.jar"/>
+        <include name="slf4j-api-1.7.25.jar"/>
+        <include name="jcl-over-slf4j-1.7.25.jar"/>
   </fileset>
 
-  <fileset id="jar-set.apache-commons-lang" dir="${MAINSRCROOT}/build/depends">
+  <fileset id="jar-set.apache-commons-lang" dir="${build_dir}/depends">
         <include name="commons-lang-2.5.jar"/>
    </fileset>
 
 
-   <fileset id="jar-set.jna" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.jna" dir="${build_dir}/depends">
         <include name="jna.jar"/>
         <include name="platform.jar"/>
    </fileset>
 
-   <fileset id="jar-set.commons-codec" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.commons-codec" dir="${build_dir}/depends">
         <include name="commons-codec-1.4.jar" />
    </fileset>
 
diff --git a/config/build/package/rpm/vmware-ic-config.spec b/config/build/package/rpm/vmware-ic-config.spec
deleted file mode 100644
index 9d99ecaa5..000000000
--- a/config/build/package/rpm/vmware-ic-config.spec
+++ /dev/null
@@ -1,134 +0,0 @@
-Name:    vmware-ic-config
-Summary: VMware Infrastructure Controller Configuration Tool
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, likewise-open >= 6.2.10, vmware-directory-client = %{version}, vmware-afd-client = %{version}, vmware-ca-client = %{version}, gawk >= 4.1.3
-BuildRequires: coreutils >= 8.22, openssl-devel >= 1.0.2, likewise-open-devel >= 6.2.10, vmware-directory-client-devel = %{version}, vmware-afd-client-devel = %{version}, vmware-ca-client-devel = %{version}
-
-%define _jarsdir %{_prefix}/jars
-%define _bindir %{_prefix}/bin
-%define _configdir %{_prefix}/share/config
-%define _serviceddir /lib/systemd/system
-%if 0%{?_likewise_open_prefix:1} == 0
-%define _likewise_open_prefix /opt/likewise
-%endif
-
-%if 0%{?_javahome:1} == 0
-%define _javahome %{_javahome}
-%endif
-
-%if 0%{?_vmdir_prefix:1} == 0
-%define _vmdir_prefix /opt/vmware
-%endif
-
-%if 0%{?_vmafd_prefix:1} == 0
-%define _vmafd_prefix /opt/vmware
-%endif
-
-%if 0%{?_vmca_prefix:1} == 0
-%define _vmca_prefix /opt/vmware
-%endif
-
-%if 0%{?_vmdns_prefix:1} == 0
-%define _vmdns_prefix /opt/vmware
-%endif
-
-%if 0%{?_vmsts_prefix:1} == 0
-%define _vmsts_prefix /opt/vmware
-%endif
-
-%description
-VMware Infrastructure Controller Configuration Tool
-
-%build
-
-cd build
-autoreconf -mif .. &&
-../configure --prefix=%{_prefix} \
-             --libdir=%{_lib64dir} \
-             --with-java=%{_javahome} \
-             --with-ant=%{_anthome} \
-             --with-likewise=%{_likewise_open_prefix} \
-             --with-vmdir=%{_vmdir_prefix} \
-             --with-vmca=%{_vmca_prefix} \
-             --with-vmdns=%{_vmdns_prefix} \
-             --with-afd=%{_vmafd_prefix} \
-             --with-sts=%{_vmsts_prefix} \
-             --with-ssl=/usr
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=%{buildroot}
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-%post
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /sbin/ldconfig
-
-    /bin/systemctl enable firewall.service >/dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        /bin/ln -s %{_serviceddir}/firewall.service /etc/systemd/system/multi-user.target.wants/firewall.service 
-    fi
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        /bin/systemctl daemon-reload
-    fi
-    /bin/systemctl start firewall.service
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-
-         if [ -f /etc/systemd/system/firewall.service ]; then
-             /bin/systemctl stop firewall.service
-             /bin/systemctl disable firewall.service
-             /bin/rm -f /etc/systemd/system/firewall.service
-             /bin/systemctl daemon-reload
-         fi
-
-    fi
-
-%postun
-
-    /sbin/ldconfig
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%files
-%defattr(-,root,root,0755)
-%{_bindir}/ic-promote
-%{_bindir}/ic-join
-%{_bindir}/configure-lightwave-server
-%{_bindir}/configure-identity-server
-%{_bindir}/domainjoin.sh
-%{_lib64dir}/*.so*
-%{_jarsdir}/*.jar
-%{_configdir}/firewall.json
-%{_configdir}/setfirewallrules.py
-%{_serviceddir}/firewall.service
-
-%exclude %{_lib64dir}/*.a
-%exclude %{_lib64dir}/*.la
-
-# %doc ChangeLog README COPYING
-
-%changelog
diff --git a/config/cfgutils/Makefile.am b/config/cfgutils/Makefile.am
index df3abe83b..bc724be9b 100644
--- a/config/cfgutils/Makefile.am
+++ b/config/cfgutils/Makefile.am
@@ -14,29 +14,30 @@ libcfgutils_la_SOURCES = \
     validate.c
 
 libcfgutils_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    @LW_INCLUDES@ \
-    @VMCA_INCLUDES@ \
-    @VMAFD_INCLUDES@ \
-    @VMDIR_INCLUDES@ \
-    @VMDNS_INCLUDES@
+    -I$(top_srcdir)/config/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
+    @LW_INCLUDES@
 
 libcfgutils_la_LIBADD = \
-    @VMDNS_LIBS@ \
-    @VMCA_LIBS@ \
-    @VMAFD_LIBS@ \
-    @VMDIR_LIBS@ \
+    @top_builddir@/vmafd/client/libvmafdclient.la \
+    @top_builddir@/vmca/client/libvmcaclient.la \
+    @top_builddir@/vmdns/client/libvmdnsclient.la \
+    @top_builddir@/vmdir/client/libvmdirclient.la \
     @LWSM_LIBS@ \
+    @LWADVAPI_LIBS@ \
     @DCERPC_LIBS@ \
+    @LWIO_LIBS@ \
+    @SCHANNEL_LIBS@ \
+    @LWMSG_LIBS@ \
+    @LWREG_LIBS@ \
+    @LWBASE_LIBS@ \
     @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @CRYPTO_LIBS@
 
 libcfgutils_la_LDFLAGS = \
-    @VMDNS_LDFLAGS@ \
-    @VMCA_LDFLAGS@ \
-    @VMAFD_LDFLAGS@ \
-    @VMDIR_LDFLAGS@ \
     @LW_LDFLAGS@ \
     @OPENSSL_LDFLAGS@
-
diff --git a/config/cfgutils/certificate.c b/config/cfgutils/certificate.c
index d2fe67610..f796a7501 100644
--- a/config/cfgutils/certificate.c
+++ b/config/cfgutils/certificate.c
@@ -378,7 +378,6 @@ VmwDeployCreateMachineSSLCert(
 
 DWORD
 VmwDeployAddTrustedRoot(
-    PCSTR pszServername,
     PCSTR pszCACert
     )
 {
@@ -386,7 +385,7 @@ VmwDeployAddTrustedRoot(
     PCSTR pszHostname = "localhost";
     PVECS_STORE pStore = NULL;
 
-    if (IsNullOrEmptyString(pszServername) || IsNullOrEmptyString(pszCACert))
+    if (IsNullOrEmptyString(pszCACert))
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_DEPLOY_ERROR(dwError);
@@ -410,7 +409,7 @@ VmwDeployAddTrustedRoot(
     dwError =  VecsAddEntryA(
                 pStore,
                 CERT_ENTRY_TYPE_TRUSTED_CERT,
-                pszServername,
+                NULL,
                 pszCACert,
                 NULL,
                 NULL,
diff --git a/config/cfgutils/cfgutils.c b/config/cfgutils/cfgutils.c
index bff0e02b1..f57378de2 100644
--- a/config/cfgutils/cfgutils.c
+++ b/config/cfgutils/cfgutils.c
@@ -266,6 +266,7 @@ VmwDeploySetupServerPartner(
 
     dwError = VmwDeployValidatePartnerCredentials(
                     pParams->pszServer,
+                    VMW_ADMIN_NAME,
                     pParams->pszPassword,
                     pParams->pszDomainName);
     BAIL_ON_DEPLOY_ERROR(dwError);
@@ -396,7 +397,7 @@ VmwDeploySetupServerCommon(
     VMW_DEPLOY_LOG_INFO(
          "Adding VMCA's root certificate to VMware endpoint certificate store");
 
-    dwError = VmwDeployAddTrustedRoot(pParams->pszHostname, pszCACert);
+    dwError = VmwDeployAddTrustedRoot(pszCACert);
     BAIL_ON_DEPLOY_ERROR(dwError);
 
     VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
@@ -516,8 +517,12 @@ VmwDeploySetupClientWithDC(
         BAIL_ON_DEPLOY_ERROR(dwError);
     }
 
+    pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
+                            ? pParams->pszMachineAccount : VMW_ADMIN_NAME;
+
     dwError = VmwDeployValidatePartnerCredentials(
                     pParams->pszServer,
+                    pszUsername,
                     pParams->pszPassword,
                     pParams->pszDomainName);
     BAIL_ON_DEPLOY_ERROR(dwError);
@@ -557,35 +562,23 @@ VmwDeploySetupClientWithDC(
             "Joining system to directory service at [%s]",
             VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszServer));
 
-    pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
-                            ? pParams->pszMachineAccount : VMW_ADMIN_NAME;
-
-    dwError = VmAfdJoinVmDirA(
+    dwError = VmAfdJoinVmDirWithSiteA(
                     pParams->pszServer,
+                    pParams->pszDomainName,
                     pszUsername,
                     pParams->pszPassword,
                     pParams->pszMachineAccount ?
                             pParams->pszMachineAccount : pParams->pszHostname,
-                    pParams->pszDomainName,
-                    pParams->pszOrgUnit);
-    BAIL_ON_DEPLOY_ERROR(dwError);
-
-    VMW_DEPLOY_LOG_INFO(
-                    "Get root certificate from VMware Certificate Authority");
-
-    dwError = VmwDeployGetRootCACert(
-                    pParams->pszServer,
-                    pParams->pszDomainName,
-                    pszUsername,
-                    pParams->pszPassword,
-                    &pszCACert);
+                    pParams->pszOrgUnit,
+                    NULL,
+                    pParams->bMachinePreJoined ?
+                        VMAFD_JOIN_FLAGS_CLIENT_PREJOINED : 0);
     BAIL_ON_DEPLOY_ERROR(dwError);
 
     VMW_DEPLOY_LOG_INFO(
-         "Adding VMCA's root certificate to VMware endpoint certificate store");
+            "Refreshing root certificates from VMware Certificate Authority");
 
-    dwError = VmwDeployAddTrustedRoot(pParams->pszServer, pszCACert);
-    BAIL_ON_DEPLOY_ERROR(dwError);
+    VmAfdLocalTriggerRootCertsRefresh();
 
     VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
 
@@ -667,20 +660,6 @@ VmwDeploySetupClient(
         BAIL_ON_DEPLOY_ERROR(dwError);
     }
 
-    pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
-                            ? pParams->pszMachineAccount : VMW_ADMIN_NAME;
-
-    VMW_DEPLOY_LOG_INFO(
-            "Validating Domain credentials for user [%s@%s]",
-            VMW_DEPLOY_SAFE_LOG_STRING(pszUsername),
-            VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
-
-    dwError = VmAfdJoinValidateDomainCredentialsA(
-                    pParams->pszDomainName,
-                    pszUsername,
-                    pParams->pszPassword);
-    BAIL_ON_DEPLOY_ERROR(dwError);
-
     if (pParams->bDisableAfdListener)
     {
         VMW_DEPLOY_LOG_INFO("Disabling AFD Listener");
@@ -704,6 +683,20 @@ VmwDeploySetupClient(
         BAIL_ON_DEPLOY_ERROR(dwError);
     }
 
+    pszUsername = (pParams->bUseMachineAccount && pParams->pszMachineAccount)
+                            ? pParams->pszMachineAccount : VMW_ADMIN_NAME;
+
+    VMW_DEPLOY_LOG_INFO(
+            "Validating Domain credentials for user [%s@%s]",
+            VMW_DEPLOY_SAFE_LOG_STRING(pszUsername),
+            VMW_DEPLOY_SAFE_LOG_STRING(pParams->pszDomainName));
+
+    dwError = VmAfdJoinValidateDomainCredentialsA(
+                    pParams->pszDomainName,
+                    pszUsername,
+                    pParams->pszPassword);
+    BAIL_ON_DEPLOY_ERROR(dwError);
+
     VMW_DEPLOY_LOG_INFO("Setting configuration values");
 
     dwError = VmAfdSetCAPathA(pszHostname, VMW_DEFAULT_CA_PATH);
@@ -711,35 +704,25 @@ VmwDeploySetupClient(
 
     VMW_DEPLOY_LOG_INFO("Performing domain join operation");
 
-    dwError = VmAfdJoinVmDir2A(
+    dwError = VmAfdJoinVmDirWithSiteA(
+                    NULL,
                     pParams->pszDomainName,
                     pszUsername,
                     pParams->pszPassword,
                     pParams->pszMachineAccount ?
                         pParams->pszMachineAccount : pParams->pszHostname,
                     pParams->pszOrgUnit,
+                    NULL,
                     pParams->bMachinePreJoined ?
                         VMAFD_JOIN_FLAGS_CLIENT_PREJOINED : 0);
     BAIL_ON_DEPLOY_ERROR(dwError);
 
-    dwError = VmAfdGetDCNameA(pszHostname, &pszDC);
-    BAIL_ON_DEPLOY_ERROR(dwError);
-
     VMW_DEPLOY_LOG_INFO(
-                    "Get root certificate from VMware Certificate Authority");
-
-    dwError = VmwDeployGetRootCACert(
-                    pszDC,
-                    pParams->pszDomainName,
-                    pszUsername,
-                    pParams->pszPassword,
-                    &pszCACert);
-    BAIL_ON_DEPLOY_ERROR(dwError);
+            "Refreshing root certificates from VMware Certificate Authority");
 
-    VMW_DEPLOY_LOG_INFO(
-         "Adding VMCA's root certificate to VMware endpoint certificate store");
+    VmAfdLocalTriggerRootCertsRefresh();
 
-    dwError = VmwDeployAddTrustedRoot(pszDC, pszCACert);
+    dwError = VmAfdGetDCNameA(pszHostname, &pszDC);
     BAIL_ON_DEPLOY_ERROR(dwError);
 
     VMW_DEPLOY_LOG_INFO("Generating Machine SSL cert");
diff --git a/config/cfgutils/includes.h b/config/cfgutils/includes.h
index 6a03f8a26..80ef9ab01 100644
--- a/config/cfgutils/includes.h
+++ b/config/cfgutils/includes.h
@@ -34,21 +34,10 @@
 #include <ldap.h>
 #endif
 
-#ifdef HAVE_VMDIRCLIENT_H
 #include <vmdirclient.h>
-#endif
-
-#ifdef HAVE_VMCA_H
 #include <vmca.h>
-#endif
-
-#ifdef HAVE_VMDNS_H
 #include <vmdns.h>
-#endif
-
-#ifdef HAVE_VMAFDCLIENT_H
 #include <vmafdclient.h>
-#endif
 
 #include <cfgdefs.h>
 
diff --git a/config/cfgutils/prototypes.h b/config/cfgutils/prototypes.h
index 9b9f1d80a..c034ddfa6 100644
--- a/config/cfgutils/prototypes.h
+++ b/config/cfgutils/prototypes.h
@@ -48,7 +48,6 @@ VmwDeployCreateMachineSSLCert(
 
 DWORD
 VmwDeployAddTrustedRoot(
-    PCSTR pszServername,
     PCSTR pszCACert
     );
 
diff --git a/config/cfgutils/sysutils.c b/config/cfgutils/sysutils.c
index e67699916..eae5cfb7a 100644
--- a/config/cfgutils/sysutils.c
+++ b/config/cfgutils/sysutils.c
@@ -21,27 +21,61 @@ VmwDeployGetHostname(
     PSTR* ppszHostname
     )
 {
-    DWORD dwError = 0;
-    CHAR  szHostname[HOST_NAME_MAX + 1] = "";
-    PSTR  pszHostname = NULL;
-
-    if (gethostname(szHostname, sizeof(szHostname)-1) < 0)
+    DWORD  dwError = 0;
+    struct addrinfo* pHostInfo = NULL;
+    PSTR   pszHostname = NULL;
+    struct addrinfo hints = {0};
+    CHAR  szName[HOST_NAME_MAX + 1] = "";
+    PSTR pszName = NULL;
+    int sts = 0;
+
+    sts = gethostname(szName, sizeof(szName)-1);
+    if (sts < 0)
     {
         dwError = LwErrnoToWin32Error(errno);
         BAIL_ON_DEPLOY_ERROR(dwError);
     }
 
-    dwError = VmwDeployAllocateStringA(szHostname, &pszHostname);
+    hints.ai_family = AF_UNSPEC;
+    hints.ai_socktype = 0;
+    hints.ai_protocol = 0;
+    hints.ai_flags = AI_CANONNAME;
+
+    sts = getaddrinfo(szName,
+                      NULL,
+                      &hints,
+                      &pHostInfo);
+    if (sts < 0 || !pHostInfo->ai_canonname || !*pHostInfo->ai_canonname)
+    {
+        pszName = szName;
+    }
+    else
+    {
+        pszName = pHostInfo->ai_canonname;
+    }
+
+    dwError = VmwDeployAllocateStringA(
+                pszName,
+                &pszHostname);
     BAIL_ON_DEPLOY_ERROR(dwError);
 
     *ppszHostname = pszHostname;
 
 cleanup:
 
+    if (pHostInfo)
+    {
+        freeaddrinfo(pHostInfo);
+    }
+
     return dwError;
 
 error:
 
+    if (pszHostname)
+    {
+        VmwDeployFreeMemory(pszHostname);
+    }
     *ppszHostname = NULL;
 
     goto cleanup;
diff --git a/config/cfgutils/validate.c b/config/cfgutils/validate.c
index fab59b038..f21b44dce 100644
--- a/config/cfgutils/validate.c
+++ b/config/cfgutils/validate.c
@@ -296,12 +296,12 @@ VmwDeployGetPartnerSiteName(
 DWORD
 VmwDeployValidatePartnerCredentials(
     PCSTR pszServer,
+    PCSTR pszUsername,
     PCSTR pszPassword,
     PCSTR pszDomain
     )
 {
     DWORD dwError = 0;
-    PCSTR pszUsername = VMW_ADMIN_NAME;
     PSTR  pszLdapURI = NULL;
     PVMDIR_CONNECTION pConnection = NULL;
 
diff --git a/config/configure.ac b/config/configure.ac
deleted file mode 100644
index c96685744..000000000
--- a/config/configure.ac
+++ /dev/null
@@ -1,486 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([ic-config], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-
-    linux*:x86_64)
-	;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-# Ant component
-
-AC_ARG_WITH([ant],
-    [AC_HELP_STRING([--with-ant=<dir>], [use Ant binaries rooted at prefix <dir> ])],
-    [
-        ANT_HOME="$withval"
-        ANT_CLASSPATH=$ANT_HOME/lib/ant.jar:$ANT_HOME/lib/ant-launcher.jar
-    ])
-
-AC_PATH_PROG([ANT], [ant], [no], [$PATH:$JAVA_HOME/bin:$ANT_HOME/bin])
-
-if test x"$ANT" = x"no"; then
-    AC_MSG_ERROR([ANT compiler not found])
-fi
-
-AC_SUBST(ANT_HOME)
-AC_SUBST(ANT_CLASSPATH)
-
-# Java component
-
-AC_ARG_WITH([java],
-    [AC_HELP_STRING([--with-java=<dir>], [use Java binaries rooted at prefix <dir> ])],
-    [
-        JAVA_HOME="$withval"
-        JAVA=$JAVA_HOME/bin/java
-        TOOLS_CLASSPATH=$JAVA_HOME/lib/tools.jar
-    ])
-
-AC_PATH_PROG([JAVAC], [javac], [no], [$PATH:$JAVA_HOME/bin])
-
-if test x"$JAVAC" = x"no"; then
-    AC_MSG_ERROR([JAVAC compiler not found])
-fi
-
-AC_SUBST(JAVA_HOME)
-AC_SUBST(JAVA)
-AC_SUBST(TOOLS_CLASSPATH)
-
-# Likewise components
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/likewise/lib64 -Wl,-rpath-link,/opt/likewise/lib64"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$(LW_BASE_PATH)/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES $OPENSSL_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h lwrpcrt/lwrpcrt.h dce/rpc.h)
-AC_CHECK_HEADERS(lwsm/lwsm.h)
-AC_CHECK_HEADERS(reg/lwreg.h)
-AC_CHECK_HEADERS(reg/regutil.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# VMDIR component
-
-AC_ARG_WITH([vmdir],
-    [AC_HELP_STRING([--with-vmdir=<dir>], [use VMDIR binaries rooted at prefix <dir> ])],
-    [
-        VMDIR_BASE_PATH="$withval"
-        VMDIR_INCLUDES="-I$withval/include"
-        VMDIR_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([vmdir-includes],
-    [AC_HELP_STRING([--with-vmdir-includes=<dir>], [use VMDIR headers located in prefix <dir> ])],
-    [
-        VMDIR_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([vmdir-libs],
-    [AC_HELP_STRING([--with-vmdir-libs=<dir>], [use VMDIR libraries located in prefix <dir> ])],
-    [
-        VMDIR_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(VMDIR_BASE_PATH)
-AC_SUBST(VMDIR_INCLUDES)
-AC_SUBST(VMDIR_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMDIR_INCLUDES $DCERPC_INCLUDES"
-AC_CHECK_HEADER(vmdirclient.h,
-[
-    AC_DEFINE([HAVE_VMDIRCLIENT_H],
-              [1],
-              [Define to 1 if you have vmdirclient.h header file])
-],
-[
-],
-[
-    #include <lw/base.h>
-    #include <stdio.h> 
-])
-AC_CHECK_HEADERS(ldap.h lber.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-vmdircfgdir="$VMDIR_BASE_PATH/share/config"
-AS_AC_EXPAND(VMDIR_CONFIG_PATH, $vmdircfgdir)
-AC_DEFINE_UNQUOTED(VMDIR_CONFIG_PATH, "$vmdircfgdir", [VMware Directory Config Path])
-
-# vmafd component
-
-AC_ARG_WITH([afd],
-    [AC_HELP_STRING([--with-afd=<dir>], [use afd-server binaries rooted at prefix <dir> ])],
-    [
-        VMAFD_BASE_PATH="$withval"
-        VMAFD_INCLUDES="-I$withval/include"
-        VMAFD_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([afd-includes],
-    [AC_HELP_STRING([--with-afd-includes=<dir>], [use afd-server headers located in prefix <dir> ])],
-    [
-        VMAFD_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([afd-libs],
-    [AC_HELP_STRING([--with-afd-libs=<dir>], [use afd-server libraries located in prefix <dir> ])],
-    [
-        VMAFD_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(VMAFD_BASE_PATH)
-AC_SUBST(VMAFD_INCLUDES)
-AC_SUBST(VMAFD_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMAFD_INCLUDES $LW_INCLUDES"
-AC_CHECK_HEADERS(vmafdclient.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# vmca component
-
-AC_ARG_WITH([vmca],
-    [AC_HELP_STRING([--with-vmca=<dir>], [use vmca binaries rooted at prefix <dir> ])],
-    [
-        VMCA_BASE_PATH="$withval"
-        VMCA_INCLUDES="-I$withval/include"
-        VMCA_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([vmca-includes],
-    [AC_HELP_STRING([--with-vmca-includes=<dir>], [use vmca headers located in prefix <dir> ])],
-    [
-        VMCA_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([vmca-libs],
-    [AC_HELP_STRING([--with-vmca-libs=<dir>], [use vmca libraries located in prefix <dir> ])],
-    [
-        VMCA_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(VMCA_INCLUDES)
-AC_SUBST(VMCA_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMCA_INCLUDES $LW_INCLUDES"
-AC_CHECK_HEADERS(vmca.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# vmdns component
-
-AC_ARG_WITH([vmdns],
-    [AC_HELP_STRING([--with-vmdns=<dir>], [use vmdns binaries rooted at prefix <dir> ])],
-    [
-        VMDNS_BASE_PATH="$withval"
-        VMDNS_INCLUDES="-I$withval/include"
-        VMDNS_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([vmdns-includes],
-    [AC_HELP_STRING([--with-vmdns-includes=<dir>], [use vmdns headers located in prefix <dir> ])],
-    [
-        VMDNS_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([vmdns-libs],
-    [AC_HELP_STRING([--with-vmdns-libs=<dir>], [use vmdns libraries located in prefix <dir> ])],
-    [
-        VMDNS_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(VMDNS_INCLUDES)
-AC_SUBST(VMDNS_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMDNS_INCLUDES $LW_INCLUDES"
-AC_CHECK_HEADERS(vmdns.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# vmsts component
-
-AC_ARG_WITH([sts],
-    [AC_HELP_STRING([--with-sts=<dir>], [use VMware STS Client binaries rooted at prefix <dir> ])],
-    [
-        VMSTS_HOME="$withval"
-        VMSTS_CLASSPATH=$VMSTS_HOME/jars
-    ])
-
-AC_SUBST(VMSTS_HOME)
-AC_SUBST(VMSTS_CLASSPATH)
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h sys/stat.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h sys/un.h dirent.h termios.h term.h)
-AC_CHECK_HEADERS(arpa/inet.h)
-
-# openssl component
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([uuid],[uuid_copy], [UUID_LIBS="-luuid"], [], [$LW_LDFLAGS -luuid])
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB(
-    [ldap_r],
-    [ldap_initialize],
-    [LDAP_LIBS="-lldap_r -llber -lsasl2"],
-    [],
-    [$LW_LDFLAGS -llber -lsasl2 $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-AC_CHECK_LIB(
-    [lwadvapi],
-    [LwAllocateMemory],
-    [LWADVAPI_LIBS="-llwadvapi -llwadvapi_nothr"],
-    [],
-    [$LW_LDFLAGS $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    $UUID_LIBS $LDAP_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwadvapi_nothr])
-AC_CHECK_LIB(
-    [lwsm],
-    [LwSmStartService],
-    [LWSM_LIBS="-llwsm -llwsmcommon"],
-    [],
-    [$LW_LDFLAGS $LWMSG_LIBS $LWADVAPI_LIBS $LWBASE_LIBS $GSSAPI_LIBS $UUID_LIBS $LDAP_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwsmcommon]
-    )
-AC_CHECK_LIB(
-    [domainjoin],
-    [DJJoinDomain],
-    [DOMAINJOIN_LIBS="-ldomainjoin -lcentutils -leventlog -leventlogutils -llsaclient -llsacommon -llwnetclientapi -llwnetcommon -llwsm -llwsmcommon"],
-    [],
-    [$LW_LDFLAGS -ldomainjoin -lcentutils -leventlog -leventlogutils -llsaclient -llsacommon -llwnetclientapi -llwnetcommon -llwsm -llwsmcommon $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwadvapi_nothr])
-AC_CHECK_LIB(
-    [vmdirclient],
-    [VmDirConnectionOpen],
-    [VMDIR_LIBS="-lvmdirclient"],
-    [],
-    [$VMDIR_LDFLAGS -lvmdirclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [vmafdclient],
-    [VmAfdGetDomainNameA],
-    [VMAFD_LIBS="-lvmafdclient"],
-    [],
-    [$VMAFD_LDFLAGS -lvmafdclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [vmcaclient],
-    [VMCACreateSelfSignedCertificateA],
-    [VMCA_LIBS="-lvmcaclient"],
-    [],
-    [$VMCA_LDFLAGS -lvmcaclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [vmdnsclient],
-    [VmDnsOpenServerA],
-    [VMDNS_LIBS="-lvmdnsclient"],
-    [],
-    [$VMDNS_LDFLAGS -lvmdnsclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(DOMAINJOIN_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(LWADVAPI_LIBS)
-AC_SUBST(LWSM_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(VMDIR_LIBS)
-AC_SUBST(VMAFD_LIBS)
-AC_SUBST(VMCA_LIBS)
-AC_SUBST(VMDNS_LIBS)
-
-#AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-#if test x"$IDL" = x"no"; then
-#    AC_MSG_ERROR([DCERPC IDL compiler not found])
-#fi
-
-pscsetupbindir=$prefix/bin
-AC_SUBST(pscsetupbindir)
-
-systemddir=/lib/systemd/system
-AC_SUBST(systemddir)
-
-scriptsconfdir="$datadir/config"
-AC_SUBST(scriptsconfdir)
-
-pscsetupjarsdir=$prefix/jars
-AC_SUBST(pscsetupjarsdir)
-
-AC_CONFIG_FILES([Makefile
-                 jdepends/Makefile
-                 cfgutils/Makefile
-                 pscsetup/Makefile
-                 tools/Makefile
-                 tools/ic-promote/Makefile
-                 tools/ic-join/Makefile
-                 scripts/Makefile
-                 scripts/configure-lightwave-server
-                 scripts/configure-identity-server
-                ])
-AC_OUTPUT
-
diff --git a/config/include/cfgutils.h b/config/include/cfgutils.h
index 3f43637a9..0b38dc126 100644
--- a/config/include/cfgutils.h
+++ b/config/include/cfgutils.h
@@ -209,6 +209,7 @@ VmwDeployValidateSiteName(
 DWORD
 VmwDeployValidatePartnerCredentials(
     PCSTR pszServer,
+    PCSTR pszUsername,
     PCSTR pszPassword,
     PCSTR pszDomainName
     );
diff --git a/config/jdepends/Makefile.am b/config/jdepends/Makefile.am
index cc0f19ddf..9ec6bef01 100644
--- a/config/jdepends/Makefile.am
+++ b/config/jdepends/Makefile.am
@@ -1,9 +1,5 @@
-
 CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
 
-all: install-exec-local
-
-install-exec-local:
+all-local:
 	@echo "Downloading dependencies for Configuration"
-	cd @top_srcdir@/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
-
+	cd @top_srcdir@/config/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Dlibs.ant-contrib-home="@abs_top_builddir@/config/depends" -Dbuild_dir="@abs_top_builddir@/config" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/config/jdepends/build.xml b/config/jdepends/build.xml
index 815443d0d..64c9d496a 100644
--- a/config/jdepends/build.xml
+++ b/config/jdepends/build.xml
@@ -5,9 +5,9 @@
 <project name="vmware-config-depends" default="build" basedir=".">
 
    <property name="MAINSRCROOT" value="${basedir}/.." />
-   <property file="../product.properties" />
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}" />
-   <property name="depends" value="${MAINSRCROOT}/build/depends" />
+   <property file="${MAINSRCROOT}/product.properties" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}" />
+   <property name="depends" value="${build_dir}/depends" />
 
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
@@ -27,15 +27,16 @@
           <url url="http://central.maven.org/maven2/net/java/dev/jna/jna/4.2.1/jna-4.2.1.jar" />
           <url url="http://central.maven.org/maven2/net/java/dev/jna/jna-platform/4.2.1/jna-platform-4.2.1.jar" />
           <url url="http://central.maven.org/maven2/commons-codec/commons-codec/1.4/commons-codec-1.4.jar" />
-          <url url="http://central.maven.org/maven2/org/slf4j/jcl-over-slf4j/1.7.10/jcl-over-slf4j-1.7.10.jar" />
-          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-1.2-api/2.0.2/log4j-1.2-api-2.0.2.jar" />
-          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.2/log4j-core-2.2.jar" />
-          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.2/log4j-api-2.2.jar" />
-          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.2/log4j-slf4j-impl-2.2.jar" />
-          <url url="http://central.maven.org/maven2/org/slf4j/jcl-over-slf4j/1.7.10/jcl-over-slf4j-1.7.10.jar" />
+          <url url="http://central.maven.org/maven2/org/slf4j/jcl-over-slf4j/1.7.25/jcl-over-slf4j-1.7.25.jar" />
+          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-1.2-api/2.8.2/log4j-1.2-api-2.8.2.jar" />
+          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.8.2/log4j-core-2.8.2.jar" />
+          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.8.2/log4j-api-2.8.2.jar" />
+          <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.8.2/log4j-slf4j-impl-2.8.2.jar" />
+          <url url="http://central.maven.org/maven2/org/slf4j/jcl-over-slf4j/1.7.25/jcl-over-slf4j-1.7.25.jar" />
 
           <!-- TEST DEPENDENCIES -->
            <url url="http://central.maven.org/maven2/org/powermock/powermock-easymock-release-full/1.6.2/powermock-easymock-release-full-1.6.2-full.jar" />
+           <url url="http://central.maven.org/maven2/ant-contrib/ant-contrib/1.0b3/ant-contrib-1.0b3.jar" />
 
          </resources>
      </copy>
diff --git a/config/pscsetup/Makefile.am b/config/pscsetup/Makefile.am
deleted file mode 100644
index 64e2043ae..000000000
--- a/config/pscsetup/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-
-CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
-
-pscsetupjars_DATA= \
-    @top_builddir@/vmware-config/packages/pscsetup.jar
-
-@top_builddir@/vmware-config/packages/pscsetup.jar : jar
-
-all: jar
-
-jar:
-	@echo "Building Jar : pscsetup.jar"
-	cd @top_srcdir@/pscsetup && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -DVMSTS_CLASSPATH="@VMSTS_CLASSPATH@" -Dant.home="@ANT_HOME@" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
-
diff --git a/config/pscsetup/build.xml b/config/pscsetup/build.xml
deleted file mode 100644
index 097ff3806..000000000
--- a/config/pscsetup/build.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Copyright 2011 VMware, Inc. All rights reserved. VMware confidential.
--->
-<project name="pscsetup" default="build" basedir=".">
-
-	<property name="target-sets" value="main, test" />
-
-        <property file="../product.properties" />
-        <property name="MAINSRCROOT" value="${basedir}/.."/>
-        <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}"/>
-        <property name="VMSTS_PACKAGE_BASE" value="${MAINSRCROOT}/../vmidentity/build/vmware-sts/packages" />
-        <property name="vmsts.classpath" value="${VMSTS_CLASSPATH}" />
-        <property name="build.packages.vmware-identity-platform"
-             value="${vmsts.classpath}/vmware-identity-platform.jar" />
-        <property name="build.packages.vmware-identity-install" 
-             value="${VMSTS_PACKAGE_BASE}/vmware-identity-install.jar" />
-        <property name="build.packages.vmware-authentication-framework"
-             value="${vmsts.classpath}/authentication-framework.jar" />
-        <property name="build.packages.vmware-vmca-client"
-             value="${vmsts.classpath}/vmware-vmca-client.jar" />
-        <property name="build.packages.vmware-vecs"
-             value="${vmsts.classpath}/vmware-endpoint-certificate-store.jar" />
-
-        <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
-        <import file="${MAINSRCROOT}/build/ant/presets.xml" />
-	
-        <property name="manifest_mf" value="MANIFEST.MF" />
-	<property name="src.main.resources.manifest_mf" value="${src.main.resources}/${manifest_mf}" description="Instructs the 'package' task to use this manifest file." />
-
-	<path id="classpath.main">
-      <pathelement location="${build.packages.vmware-identity-platform}" />
-      <pathelement location="{build.packages.vmware}" />
-      <pathelement location="${build.packages.vmware-identity-install}" />
-      <pathelement location="${build.packages.vmware-vmca-client}" />
-      <pathelement location="${build.packages.vmware-authentication-framework}" />
-      <pathelement location="${build.packages.vmware-vecs}" />
-      <fileset refid="jar-set.jna" />
-      <fileset refid="jar-set.commons-codec" />	
-      <fileset refid="jar-set.LOG4J2" />
-      <fileset refid="jar-set.apache-commons-lang" />
-     
-     </path>
-   <!--  
-    <path id="classpath.test">
-		<path refid="classpath.main" />
-		<pathelement location="${build.packages.main}" />
-		<fileset refid="jar-set.log4j" />
-		<fileset refid="jar-set.junit" />
-		<fileset dir="${tcRoot}/noarch/apache-commons-lang-2.5">
-			<include name="commons-lang-2.5.jar" />
-		</fileset>
-		<fileset dir="${tcRoot}/noarch/jna-3.5.1">
-			<include name="jna.jar" />
-			<include name="platform.jar" />
-		</fileset>
-	</path>
- -->
-
-   <import file="${MAINSRCROOT}/build/ant/buildcycle-template.xml" />
-
-</project>
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/AuthenticationFrameworkInstaller.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/AuthenticationFrameworkInstaller.java
deleted file mode 100644
index e1b2f65c9..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/AuthenticationFrameworkInstaller.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package com.vmware.pscsetup;
-
-import com.vmware.pscsetup.interop.DeployUtilsAdapter;
-import com.vmware.identity.configure.IPlatformComponentInstaller;
-import com.vmware.identity.configure.PlatformInstallComponent;
-import com.vmware.identity.interop.Validate;
-
-public class AuthenticationFrameworkInstaller implements
-	IPlatformComponentInstaller {
-
-    private static  final String ID ="vmware-authentication-framework";
-    private static  final String Name ="VMware Authentication Framework";
-    private static  final String Description ="VMware Directory service, VMware Certificate service, VMware Authentication framework";
-    private DomainControllerStandaloneParams params;
-
-    public AuthenticationFrameworkInstaller(
-	    DomainControllerStandaloneParams params) {
-	Validate.validateNotNull(params, "Domain Controller Params");
-	this.params = params;
-    }
-
-    @Override
-    public void install() throws Exception {
-	if (params instanceof DomainControllerPartnerParams) {
-	    DeployUtilsAdapter
-		    .configurePartner((DomainControllerPartnerParams) params);
-	} else {
-	    DeployUtilsAdapter.configureStandalone(params);
-	}
-    }
-
-    @Override
-    public void upgrade() {
-	// TODO Auto-generated method stub
-
-    }
-
-    @Override
-    public void uninstall() {
-	// TODO Auto-generated method stub
-
-    }
-    @Override
-     public void migrate() {
- 
-     }
- 
-
-
-    @Override
-    public PlatformInstallComponent getComponentInfo() {
-	return new PlatformInstallComponent(ID, Name, Description);
-    }
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/DirectorySetupMode.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/DirectorySetupMode.java
deleted file mode 100644
index 030b672e9..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/DirectorySetupMode.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- *
- * Copyright 2014 VMware, Inc.  All rights reserved.
- */
-
-package com.vmware.pscsetup;
-
-public enum DirectorySetupMode {
-	UNKNOWN(0),
-	STANDALONE(1),
-	PARTNER(2),
-	CLIENT(3);
-
-    int _mode;
-
-    private DirectorySetupMode(int mode)
-    {
-        this._mode = mode;
-    }
-
-    public int getCode()
-    {
-        return this._mode;
-    }
-
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/DomainControllerPartnerParams.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/DomainControllerPartnerParams.java
deleted file mode 100644
index a4c06cf8e..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/DomainControllerPartnerParams.java
+++ /dev/null
@@ -1,17 +0,0 @@
-/**
- *
- * Copyright 2014 VMware, Inc.  All rights reserved.
- */
-
-package com.vmware.pscsetup;
-
-public class DomainControllerPartnerParams extends DomainControllerStandaloneParams {
-	private String server;
-	public String getServer() {
-		return server;
-	}
-
-	public void setServer(String server) {
-		this.server = server;
-	}
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/DomainControllerStandaloneParams.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/DomainControllerStandaloneParams.java
deleted file mode 100644
index d28b8fd0a..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/DomainControllerStandaloneParams.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/**
- *
- * Copyright 2014 VMware, Inc.  All rights reserved.
- */
-
-package com.vmware.pscsetup;
-
-public class DomainControllerStandaloneParams {
-    private String hostname;
-    private String password;
-    private String site;
-    private String domainName;
-    private String dns_forwarders;
-    private String subjectAltName;
-
-    public String getDomainName() {
-	return domainName;
-    }
-
-    public void setDomainName(String domainName) {
-	this.domainName = domainName;
-    }
-
-    public String getHostname() {
-	return hostname;
-    }
-
-    public void setHostname(String hostname) {
-	this.hostname = hostname;
-    }
-
-    public String getPassword() {
-	return password;
-    }
-
-    public void setPassword(String password) {
-	this.password = password;
-    }
-
-    public String getSite() {
-	return site;
-    }
-
-    public void setSite(String site) {
-	this.site = site;
-    }
-
-    public void setDNSForwarders(String forwarders) {
-        this.dns_forwarders = forwarders;
-    }
-
-    public String getDNSForwarders() {
-        return dns_forwarders;
-    }
-
-    public void setSubjectAltName(String subject) {
-        this.subjectAltName = subject;
-    }
-
-    public String getSubjectAltName() {
-        return subjectAltName;
-    }
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/PlatformServicesController.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/PlatformServicesController.java
deleted file mode 100644
index 71b85813a..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/PlatformServicesController.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/* **********************************************************************
- * Copyright 2014 VMware, Inc.  All rights reserved. VMware Confidential
- * *********************************************************************/
-
-package com.vmware.pscsetup;
-
-import java.net.InetAddress;
-
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import com.vmware.identity.configure.DeployUtilsErrors;
-import com.vmware.identity.configure.DomainControllerNativeException;
-import com.vmware.identity.configure.IPlatformComponentInstaller;
-import com.vmware.identity.configure.IPlatformInstallObserver;
-import com.vmware.identity.configure.PlatformInstallComponent;
-import com.vmware.identity.interop.Validate;
-import com.vmware.pscsetup.interop.DeployUtilsAdapter;
-
-public class PlatformServicesController {
-
-	private IPlatformInstallObserver observer = null;
-
-	public boolean setupInstanceStandalone(
-			DomainControllerStandaloneParams standaloneParams)
-			throws DomainControllerNativeException {
-
-		Validate.validateNotNull(standaloneParams.getPassword(), "Password");
-		Validate.validateNotEmpty(standaloneParams.getDomainName(), "Domain");
-
-		setupInstance(standaloneParams);
-
-		return true;
-	}
-
-	public boolean setupInstancePartner(
-			DomainControllerPartnerParams partnerParams)
-			throws DomainControllerNativeException {
-
-		Validate.validateNotNull(partnerParams.getPassword(), "Password");
-		Validate.validateNotEmpty(partnerParams.getServer(), "Server");
-		Validate.validateNotEmpty(partnerParams.getDomainName(), "Domain");
-
-		setupInstance(partnerParams);
-
-		return true;
-	}
-
-	private void setupInstance(DomainControllerStandaloneParams params)
-			throws DomainControllerNativeException {
-		if (params.getHostname() == null || params.getHostname().isEmpty())
-			try {
-				params.setHostname(InetAddress.getLocalHost().getHostName());
-			} catch (UnknownHostException e) {
-				throw new DomainControllerNativeException(
-						DeployUtilsErrors.ERROR_INVALID_NETNAME.getErrorCode(),
-						e);
-			}
-
-		checkPrerequisites(params);
-
-		List<IPlatformComponentInstaller> components = getComponents(params);
-		List<PlatformInstallComponent> componentsInfo = new ArrayList<>();
-
-		if (observer != null) {
-			for (IPlatformComponentInstaller comp : components) {
-				componentsInfo.add(comp.getComponentInfo());
-			}
-			observer.beginInstall(componentsInfo);
-		}
-
-		boolean status = true;
-		try {
-			for (IPlatformComponentInstaller comp : components) {
-				try {
-					if (observer != null)
-						observer.beginComponentInstall(comp.getComponentInfo()
-								.getId());
-
-					comp.install();
-
-				} catch (DomainControllerNativeException e) {
-					status = false;
-					throw e;
-				} catch (Exception e) {
-					status = false;
-					throw new DomainControllerNativeException(-1, e);
-				} finally {
-					if (observer != null)
-						observer.endComponentInstall(comp.getComponentInfo()
-								.getId(), status);
-				}
-			}
-		} finally {
-			if (observer != null)
-				observer.endInstall(status);
-		}
-
-	}
-
-	public boolean validatePartnerCredentials(String server, String password,
-			String domain) throws DomainControllerNativeException {
-		DeployUtilsAdapter.validatePartnerCredentials(server, password, domain);
-
-		return true;
-	}
-
-	public String getPartnerDomain(String server)
-			throws DomainControllerNativeException {
-		return DeployUtilsAdapter.getPartnerDomain(server);
-	}
-
-	public String getPartnerSiteName(String server)
-			throws DomainControllerNativeException {
-		return DeployUtilsAdapter.getPartnerSiteName(server);
-	}
-
-	public void setPlatformInstallObserver(IPlatformInstallObserver observer) {
-		this.observer = observer;
-	}
-
-	private List<IPlatformComponentInstaller> getComponents(
-			DomainControllerStandaloneParams standaloneParams) {
-		List<IPlatformComponentInstaller> components = new ArrayList<IPlatformComponentInstaller>();
-	        components.add(new AuthenticationFrameworkInstaller(standaloneParams));
-		return components;
-	}
-
-	private void checkPrerequisites(DomainControllerStandaloneParams params) {
-		Validate.validateNotEmpty(params.getHostname(), "Hostname");
-
-		Set<String> illegalHostanames = new HashSet<String>();
-		illegalHostanames.add("localhost.localdomain");
-		illegalHostanames.add("localhost");
-		illegalHostanames.add("localhost.localdom");
-		if (illegalHostanames.contains(params.getHostname().toLowerCase())) {
-			throw new IllegalArgumentException(String.format(
-					"Invalid host name - %s", params.getHostname()));
-		}
-	}
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/PlatformServicesControllerDeploy.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/PlatformServicesControllerDeploy.java
deleted file mode 100644
index f3145827a..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/PlatformServicesControllerDeploy.java
+++ /dev/null
@@ -1,123 +0,0 @@
-/* **********************************************************************
- * Copyright 2014 VMware, Inc.  All rights reserved. VMware Confidential
- * *********************************************************************/
-
-package com.vmware.pscsetup;
-
-import java.io.Console;
-
-import com.vmware.identity.configure.DomainControllerNativeException;
-import com.vmware.identity.configure.PlatformInstallObserverDefault;
-
-public class PlatformServicesControllerDeploy {
-
-    private static PlatformServicesController psc = new PlatformServicesController();
-
-	public static void main(String[] args) {
-
-		DomainControllerStandaloneParams params = build(args);
-
-		if (params.getPassword() == null || params.getPassword().isEmpty()) {
-			Console cons = System.console();
-			char[] passwd;
-			if (cons != null
-					&& (passwd = cons.readPassword("Password:")) != null) {
-				params.setPassword(new String(passwd));
-			}
-		}
-
-		if (params instanceof DomainControllerPartnerParams) {
-			try {
-				psc.setPlatformInstallObserver(new PlatformInstallObserverDefault());
-				psc.setupInstancePartner((DomainControllerPartnerParams) params);
-			} catch (DomainControllerNativeException e) {
-				System.err.println("Errorcode: " + e.getErrorCode());
-				e.printStackTrace(System.err);
-				System.exit(e.getErrorCode());
-			}
-		} else {
-			try {
-				psc.setPlatformInstallObserver(new PlatformInstallObserverDefault());
-				psc.setupInstanceStandalone(params);
-			} catch (DomainControllerNativeException e) {
-				System.err.printf("Errorcode: " + e.getErrorCode());
-				e.printStackTrace(System.err);
-				System.exit(e.getErrorCode());
-			}
-		}
-    }
-
-    private static DomainControllerStandaloneParams build(String[] args) {
-	DomainControllerStandaloneParams params = new DomainControllerStandaloneParams();
-	ParseMode mode = ParseMode.PARSE_MODE_OPEN;
-
-	if (args.length < 2 || !args[0].equals("--mode"))
-	    throw new IllegalArgumentException(
-		    "Parameter --mode is required first (--mode standalone or --mode partner)");
-
-	DirectorySetupMode setupMode = Enum.valueOf(DirectorySetupMode.class,
-		args[1].toUpperCase());
-	if (setupMode == DirectorySetupMode.STANDALONE)
-	    params = new DomainControllerStandaloneParams();
-	else if (setupMode == DirectorySetupMode.PARTNER)
-	    params = new DomainControllerPartnerParams();
-
-	for (String arg : args) {
-            switch (mode) {
-            case PARSE_MODE_OPEN:
-                if (arg.equals("--hostname")) {
-                    mode = ParseMode.PARSE_MODE_HOSTNAME;
-                } else if (arg.equals("--password")) {
-                    mode = ParseMode.PARSE_MODE_PASSWORD;
-                } else if (arg.equals("--domain")) {
-                    mode = ParseMode.PARSE_MODE_DOMAIN;
-                } else if (arg.equals("--server")) {
-                    mode = ParseMode.PARSE_MODE_SERVER;
-                } else if (arg.equals("--site")) {
-                    mode = ParseMode.PARSE_MODE_SITE;
-                } else if (arg.equals("--dns-forwarders")) {
-                    mode = ParseMode.PARSE_MODE_DNS_FORWARDERS;
-                } else if (arg.equals("--ssl-subject-alt-name")) {
-                    mode = ParseMode.PARSE_MODE_SSL_SUBJECT_ALT_NAME;
-                }
-                break;
-            case PARSE_MODE_HOSTNAME:
-                params.setHostname(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            case PARSE_MODE_PASSWORD:
-                params.setPassword(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            case PARSE_MODE_DOMAIN:
-                params.setDomainName(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            case PARSE_MODE_SITE:
-                params.setSite(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            case PARSE_MODE_SERVER:
-                if (setupMode == DirectorySetupMode.PARTNER)
-                    ((DomainControllerPartnerParams) params).setServer(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            case PARSE_MODE_DNS_FORWARDERS:
-                params.setDNSForwarders(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            case PARSE_MODE_SSL_SUBJECT_ALT_NAME:
-                params.setSubjectAltName(arg);
-                mode = ParseMode.PARSE_MODE_OPEN;
-                break;
-            default:
-                break;
-            }
-	}
-	return params;
-    }
-
-    enum ParseMode {
-	    PARSE_MODE_OPEN, PARSE_MODE_MODE, PARSE_MODE_HOSTNAME, PARSE_MODE_DOMAIN, PARSE_MODE_PASSWORD, PARSE_MODE_SITE, PARSE_MODE_SERVER, PARSE_MODE_DNS_FORWARDERS, PARSE_MODE_SSL_SUBJECT_ALT_NAME
-    }
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsAdapter.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsAdapter.java
deleted file mode 100644
index 050d0e151..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsAdapter.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/**
- *
- * Copyright 2014 VMware, Inc.  All rights reserved.
- */
-
-package com.vmware.pscsetup.interop;
-
-import com.sun.jna.Library;
-import com.sun.jna.Native;
-import com.sun.jna.Pointer;
-import com.sun.jna.ptr.PointerByReference;
-import com.vmware.pscsetup.DirectorySetupMode;
-import com.vmware.pscsetup.DomainControllerPartnerParams;
-import com.vmware.pscsetup.DomainControllerStandaloneParams;
-import com.vmware.identity.configure.DomainControllerNativeException;
-
-public class DeployUtilsAdapter extends NativeAdapter {
-	public interface DeployUtilsLibrary extends Library {
-		DeployUtilsLibrary INSTANCE = (DeployUtilsLibrary) Native.loadLibrary(
-				"cfgutils", DeployUtilsLibrary.class);
-
-		int VmwDeploySetupInstance(Pointer pParams);
-
-		int VmwDeployValidatePartnerCredentials(String pszServer,
-				String pszPassword, String pszDomain);
-
-		int VmwDeployGetPartnerDomain(String pszServer,
-				PointerByReference ppszDomain);
-
-		int VmwDeployGetPartnerSiteName(String pszServer,
-				PointerByReference ppszDomain);
-
-		void VmwDeployFreeMemory(Pointer pMemory);
-
-	}
-
-	public static void configureStandalone(
-			DomainControllerStandaloneParams params)
-			throws DomainControllerNativeException {
-
-		DeployUtilsParamsNative paramsNative = new DeployUtilsParamsNative(
-				params.getHostname(), params.getDomainName(),
-				params.getPassword(), DirectorySetupMode.STANDALONE.getCode(),
-				null, params.getSite(),
-                                params.getDNSForwarders(),
-                                params.getSubjectAltName());
-
-		setupInstance(paramsNative);
-	}
-
-	public static void configurePartner(DomainControllerPartnerParams params)
-			throws DomainControllerNativeException {
-
-		DeployUtilsParamsNative paramsNative = new DeployUtilsParamsNative(
-				params.getHostname(), params.getDomainName(), params.getPassword(),
-				DirectorySetupMode.PARTNER.getCode(), params.getServer(),
-				params.getSite(),
-                                params.getDNSForwarders(),
-                                params.getSubjectAltName());
-
-		setupInstance(paramsNative);
-
-	}
-
-	public static void validatePartnerCredentials(String server,
-			String password, String domain)
-			throws DomainControllerNativeException {
-		int errorCode = DeployUtilsLibrary.INSTANCE
-				.VmwDeployValidatePartnerCredentials(server, password, domain);
-		DeployUtilsAdapterErrorHandler.handleErrorCode(errorCode);
-	}
-
-	public static String getPartnerDomain(String server) throws DomainControllerNativeException {
-		PointerByReference ppDomain = new PointerByReference();
-		try {
-			int errorCode = DeployUtilsLibrary.INSTANCE
-					.VmwDeployGetPartnerDomain(server, ppDomain);
-			DeployUtilsAdapterErrorHandler.handleErrorCode(errorCode);
-			return ppDomain.getValue().getString(0);
-		} finally {
-			if (ppDomain.getValue() != Pointer.NULL)
-			{
-				DeployUtilsLibrary.INSTANCE.VmwDeployFreeMemory(ppDomain.getValue());
-			}
-		}
-
-	}
-
-	public static String getPartnerSiteName(String server) throws DomainControllerNativeException {
-		PointerByReference ppSite = new PointerByReference();
-		try {
-			int errorCode = DeployUtilsLibrary.INSTANCE
-					.VmwDeployGetPartnerSiteName(server, ppSite);
-			DeployUtilsAdapterErrorHandler.handleErrorCode(errorCode);
-			return ppSite.getValue().getString(0);
-		} finally {
-			if (ppSite.getValue() != Pointer.NULL)
-			{
-				DeployUtilsLibrary.INSTANCE.VmwDeployFreeMemory(ppSite.getValue());
-			}
-		}
-	}
-
-	private static void setupInstance(DeployUtilsParamsNative paramsNative)
-			throws DomainControllerNativeException {
-		int errorCode = DeployUtilsLibrary.INSTANCE
-				.VmwDeploySetupInstance(paramsNative.getPointer());
-		DeployUtilsAdapterErrorHandler.handleErrorCode(errorCode);
-	}
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsAdapterErrorHandler.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsAdapterErrorHandler.java
deleted file mode 100644
index 220cc633f..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsAdapterErrorHandler.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package com.vmware.pscsetup.interop;
-
-import java.util.HashMap;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import com.vmware.identity.configure.DeployUtilsErrors;
-import com.vmware.identity.configure.DomainControllerNativeException;
-
-class DeployUtilsAdapterErrorHandler {
-
-	interface ErrorHandler {
-		void handlerError(int errorCode) throws DomainControllerNativeException;
-	}
-
-	private static final Log log = LogFactory
-			.getLog(DeployUtilsAdapterErrorHandler.class);
-
-	private static final HashMap<Integer, ErrorHandler> deployUtilsToHandler = new HashMap<Integer, ErrorHandler>();
-
-	static {
-		deployUtilsToHandler.put(
-				DeployUtilsErrors.ERROR_ACCESS_DENIED.getErrorCode(),
-				new ErrorHandler() {
-
-					@Override
-					public void handlerError(int errorCode)
-							throws DomainControllerNativeException {
-
-						log.error("DomainControllerAccessDeniedException "
-								+ errorCode);
-						throw new DomainControllerAccessDeniedException(
-								errorCode);
-					};
-
-				});
-
-		deployUtilsToHandler.put(
-				DeployUtilsErrors.ERROR_INVALID_PARAMETER.getErrorCode(),
-				new ErrorHandler() {
-
-					@Override
-					public void handlerError(int errorCode)
-							throws DomainControllerNativeException {
-
-						log.error("DomainControllerInvalidParameterException "
-								+ errorCode);
-						throw new DomainControllerInvalidParameterException(
-								errorCode);
-					};
-
-				});
-
-		deployUtilsToHandler.put(
-				DeployUtilsErrors.ERROR_INVALID_NETNAME.getErrorCode(),
-				new ErrorHandler() {
-
-					@Override
-					public void handlerError(int errorCode)
-							throws DomainControllerNativeException {
-
-						log.error("DomainControllerInvalidHostnameException "
-								+ errorCode);
-						throw new DomainControllerInvalidHostnameException(
-								errorCode);
-					};
-
-				});
-
-		deployUtilsToHandler.put(
-				DeployUtilsErrors.ERROR_PASSWORD_RESTRICTION.getErrorCode(),
-				new ErrorHandler() {
-
-					@Override
-					public void handlerError(int errorCode)
-							throws DomainControllerNativeException {
-
-						log.error("DomainControllerInvalidPasswordException "
-								+ errorCode);
-						throw new DomainControllerInvalidPasswordException(
-								errorCode);
-					};
-
-				});
-
-		deployUtilsToHandler.put(
-				DeployUtilsErrors.LW_ERROR_PASSWORD_RESTRICTION.getErrorCode(),
-				new ErrorHandler() {
-
-					@Override
-					public void handlerError(int errorCode)
-							throws DomainControllerNativeException {
-
-						log.error("DomainControllerInvalidPasswordException "
-								+ errorCode);
-						throw new DomainControllerInvalidPasswordException(
-								errorCode);
-					};
-
-				});
-	}
-
-	public static void handleErrorCode(int errorCode)
-			throws DomainControllerNativeException {
-		if (errorCode != 0) {
-			ErrorHandler handler = deployUtilsToHandler.get(errorCode);
-			if (handler != null) {
-				handler.handlerError(errorCode);
-			} else {
-				throw new DomainControllerNativeException(errorCode);
-			}
-		}
-	}
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsParamsNative.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsParamsNative.java
deleted file mode 100644
index d04f32e2e..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DeployUtilsParamsNative.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/**
- *
- * Copyright 2014 VMware, Inc.  All rights reserved.
- */
-
-package com.vmware.pscsetup.interop;
-
-import java.util.Arrays;
-import java.util.List;
-
-import com.sun.jna.Structure;
-
-public class DeployUtilsParamsNative extends Structure {
-    public String pszHostname;
-    public String pszMachineAccount;
-    public String pszOrgUnit;
-    public String pszDomainName;
-    public String pszPassword;
-    public int    dir_svc_mode;
-    public String pszServer;
-    public String pszSite;
-    public String pszDNSForwarders;
-    public String pszSubjectAltName;
-    public int    bDisableVmAfdListener;
-
-    public DeployUtilsParamsNative(
-            String hostname,
-            String domainName,
-            String password,
-            int mode,
-            String server,
-            String site,
-            String forwarders,
-            String subjectAltName) {
-
-        this.pszHostname = hostname;
-        this.pszMachineAccount = "";
-        this.pszOrgUnit = "";
-        this.pszDomainName = domainName;
-        this.pszPassword = password;
-        this.dir_svc_mode = mode;
-        this.pszServer = server;
-        this.pszSite = site;
-        this.pszDNSForwarders = forwarders;
-        this.pszSubjectAltName = subjectAltName;
-        this.bDisableVmAfdListener = 0;
-        write();
-    }
-
-    @Override
-    protected List<String> getFieldOrder() {
-        return Arrays.asList(new String[] {
-                "pszHostname",
-                "pszMachineAccount",
-                "pszOrgUnit",
-                "pszDomainName",
-                "pszPassword",
-                "dir_svc_mode",
-                "pszServer",
-                "pszSite",
-                "pszDNSForwarders",
-                "pszSubjectAltName",
-                "bDisableVmAfdListener"});
-    }
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerAccessDeniedException.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerAccessDeniedException.java
deleted file mode 100644
index 6adc46c67..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerAccessDeniedException.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.vmware.pscsetup.interop;
-
-import com.vmware.identity.configure.DomainControllerNativeException;
-
-public class DomainControllerAccessDeniedException extends DomainControllerNativeException{
-
-	private static final long serialVersionUID = 7296694862269963267L;
-
-	public DomainControllerAccessDeniedException(int errCode) {
-		super(errCode);
-	}
-
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidHostnameException.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidHostnameException.java
deleted file mode 100644
index 86a3818a8..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidHostnameException.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.vmware.pscsetup.interop;
-
-import com.vmware.identity.configure.DomainControllerNativeException;
-
-public class DomainControllerInvalidHostnameException extends DomainControllerNativeException {
-
-	private static final long serialVersionUID = -4425593677902862166L;
-
-	public DomainControllerInvalidHostnameException(int errCode) {
-		super(errCode);
-	}
-
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidParameterException.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidParameterException.java
deleted file mode 100644
index 8a6b3d58b..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidParameterException.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.vmware.pscsetup.interop;
-
-import com.vmware.identity.configure.DomainControllerNativeException;
-
-public class DomainControllerInvalidParameterException extends DomainControllerNativeException {
-
-	private static final long serialVersionUID = 7443396024801194306L;
-
-	public DomainControllerInvalidParameterException(int errCode) {
-		super(errCode);
-	}
-
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidPasswordException.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidPasswordException.java
deleted file mode 100644
index de2042348..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/DomainControllerInvalidPasswordException.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.vmware.pscsetup.interop;
-
-import com.vmware.identity.configure.DomainControllerNativeException;
-
-public class DomainControllerInvalidPasswordException extends DomainControllerNativeException {
-
-	private static final long serialVersionUID = 1890674391299348626L;
-
-	public DomainControllerInvalidPasswordException(int errCode) {
-		super(errCode);
-	}
-
-}
diff --git a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/NativeAdapter.java b/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/NativeAdapter.java
deleted file mode 100644
index bc8133b75..000000000
--- a/config/pscsetup/src/main/java/com/vmware/pscsetup/interop/NativeAdapter.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- *
- * Copyright 2011 VMware, Inc.  All rights reserved.
- */
-
-/**
- * VMware Identity Service
- *
- * Native Adapter
- *
- * @author:  Sriram Nambakam <snambakam@vmware.com>
- *
- * @version: 1.0
- * @since:   2011-12-7
- *
- */
-
-package com.vmware.pscsetup.interop;
-
-import java.io.File;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.List;
-
-import org.apache.commons.lang.SystemUtils;
-import com.vmware.identity.configure.WinInstallerHelper;
-
-import com.sun.jna.platform.win32.Advapi32Util;
-import com.sun.jna.platform.win32.WinReg;
-
-abstract class NativeAdapter {
-	static {
-		final String propName = "jna.library.path";
-
-		final String LINUX_VMWARE_DEPLOY_PATH = "/opt/vmware/lib64";
-
-		final String WIN_REG_DEPLOY_PATH = "SOFTWARE\\VMWare, Inc.\\VMware IC-Deploy";
-		final String WIN_REG_INSTALL_KEY = "InstallPath";
-		String WIN_VMWARE_DEPLOY_PATH = null;
-
-		if (SystemUtils.IS_OS_WINDOWS) {
-		    WIN_VMWARE_DEPLOY_PATH = WinInstallerHelper.readRegEdit(WIN_REG_DEPLOY_PATH, WIN_REG_INSTALL_KEY);
-		}
-
-		List<String> paths = null;
-		if (SystemUtils.IS_OS_LINUX) {
-			paths = Arrays.asList(LINUX_VMWARE_DEPLOY_PATH);
-		} else if (SystemUtils.IS_OS_WINDOWS) {
-			if (winRegistryValueExists(WIN_REG_DEPLOY_PATH, WIN_REG_INSTALL_KEY)) {
-				WIN_VMWARE_DEPLOY_PATH = Advapi32Util.registryGetStringValue(
-						WinReg.HKEY_LOCAL_MACHINE, WIN_REG_DEPLOY_PATH,
-						WIN_REG_INSTALL_KEY);
-			}
-
-			paths = Arrays.asList(WIN_VMWARE_DEPLOY_PATH);
-		} else {
-			throw new IllegalStateException(
-					"Only Windows and Linux platforms are supported");
-		}
-
-		// Check if the paths exist
-		for (String pathString : paths) {
-			Path path = Paths.get(pathString);
-			if (Files.notExists(path)) {
-				throw new IllegalStateException("Path \"" + pathString
-						+ "\" does not exist");
-			}
-		}
-
-		String propValue = System.getProperty(propName);
-
-		StringBuilder jnalibpath = new StringBuilder(propValue == null ? ""
-				: propValue);
-
-		for (String path : paths) {
-			File libDir = new File(path);
-
-			if (libDir.exists() && libDir.isDirectory()) {
-				if (jnalibpath.length() > 0) {
-					jnalibpath.append(File.pathSeparator);
-				}
-
-				jnalibpath.append(path);
-			}
-		}
-
-		propValue = jnalibpath.substring(0);
-
-		if (!propValue.isEmpty()) {
-			System.setProperty(propName, propValue);
-		}
-	}
-
-	private static boolean winRegistryValueExists(String key, String value) {
-		return Advapi32Util.registryKeyExists(WinReg.HKEY_LOCAL_MACHINE, key)
-				&& Advapi32Util.registryValueExists(WinReg.HKEY_LOCAL_MACHINE,
-						key, value);
-	}
-}
diff --git a/config/pscsetup/src/main/resources/MANIFEST.MF b/config/pscsetup/src/main/resources/MANIFEST.MF
deleted file mode 100644
index f05785b71..000000000
--- a/config/pscsetup/src/main/resources/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Main-Class: com.vmware.pscsetup.PlatformServicesControllerDeploy
-Class-Path: ./ jna.jar platform.jar commons-logging-1.1.1.jar log4j-1.2.16.jar commons-lang-2.5.jar commons-codec-1.4.jar authentication-framework.jar vmware-endpoint-certificate-store.jar vmware-vmca-client.jar vmware-identity-idm-interface.jar vmware-identity-idm-client.jar vmware-identity-platform.jar lookupservice-bindings-client.jar lookupservice.jar slf4j-api-1.7.2.jar slf4j-log4j12-1.7.2.jar httpclient-4.3.3.jar
diff --git a/config/pscsetup/src/test/java/com/vmware/pscsetup/PlatformServicesControllerTest.java b/config/pscsetup/src/test/java/com/vmware/pscsetup/PlatformServicesControllerTest.java
deleted file mode 100644
index b234fbbda..000000000
--- a/config/pscsetup/src/test/java/com/vmware/pscsetup/PlatformServicesControllerTest.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package com.vmware.pscsetup;
-
-import junit.framework.Assert;
-
-import org.junit.Test;
-
-import com.vmware.identity.configure.PlatformInstallObserverDefault;
-
-public class PlatformServicesControllerTest {
-    private static String hostname = "";
-    private static String domainName = "vsphere.local";
-    private static String password = "Ca$hc0w1";
-    private static String site = "Bellevue";
-    private static String server = "10.160.90.212";
-
-    @Test
-    public void testsetupInstanceStandalone() throws Exception {
-	DomainControllerStandaloneParams standaloneParams = new DomainControllerStandaloneParams();
-	standaloneParams.setHostname(hostname);
-	standaloneParams.setDomainName(domainName);
-	standaloneParams.setPassword(password);
-	standaloneParams.setSite(site);
-	try {
-	    PlatformServicesController psc = new PlatformServicesController();
-	    psc.setPlatformInstallObserver(new PlatformInstallObserverDefault());
-	    psc.setupInstanceStandalone(standaloneParams);
-	} catch (Exception e) {
-	    Assert.fail(e.toString());
-	}
-    }
-
-    // @Test
-    // public void testsetupInstancePartner() {
-    // DomainControllerPartnerParams partnerParams = new
-    // DomainControllerPartnerParams();
-    // partnerParams.setHostname(hostname);
-    // partnerParams.setServer(server);
-    // partnerParams.setPassword(password);
-    // partnerParams.setDomainName(domainName);
-    // partnerParams.setSite(site);
-    // try {
-    // PlatformServicesController psc = new PlatformServicesController();
-    // psc.setPlatformInstallObserver(new PlatformInstallObserver());
-    // psc.setupInstancePartner(partnerParams);
-    // } catch (Exception e) {
-    // Assert.fail(e.toString());
-    // }
-    // }
-
-    // @Test
-    // public void testGetPartnerDomain() {
-    // try {
-    // new PlatformServicesController().getPartnerDomain(server);
-    // } catch (DomainControllerNativeException e) {
-    // Assert.fail(e.toString());
-    // }
-    //
-    // }
-    //
-    // @Test
-    // public void testValidatePartnerCredentials() {
-    // try {
-    // new PlatformServicesController().validatePartnerCredentials(server,
-    // password, domainName);
-    // } catch (DomainControllerNativeException e) {
-    // Assert.fail(e.toString());
-    // }
-    //
-    // }
-}
diff --git a/config/scripts/Makefile.am b/config/scripts/Makefile.am
index 248bd6bf3..d4dbb6a93 100644
--- a/config/scripts/Makefile.am
+++ b/config/scripts/Makefile.am
@@ -1,11 +1,14 @@
 bin_SCRIPTS = \
-    @top_builddir@/scripts/configure-lightwave-server \
-    @top_builddir@/scripts/configure-identity-server \
-    @top_srcdir@/scripts/domainjoin.sh 
+    @top_builddir@/config/scripts/configure-lightwave-server \
+    @top_builddir@/config/scripts/configure-identity-server \
+    @top_builddir@/config/scripts/configure-sts \
+    @top_srcdir@/config/scripts/domainjoin.sh
 
 scriptsconf_SCRIPTS = \
-    setfirewallrules.py \
-    firewall.json 
+ setfirewallrules.py \
+ lw-firewall-server.json \
+ lw-firewall-post.json \
+ lw-firewall-client.json
 
 systemd_SCRIPTS = firewall.service
 
diff --git a/config/scripts/configure-lightwave-server.in b/config/scripts/configure-lightwave-server.in
index ef3ac07f5..21f118cf6 100755
--- a/config/scripts/configure-lightwave-server.in
+++ b/config/scripts/configure-lightwave-server.in
@@ -2,12 +2,12 @@
 
 LW_BIN_DIR=/opt/likewise/bin
 LW_SBIN_DIR=/opt/likewise/sbin
-LW_DEFAULT_VERSION="1.2.0"
+LW_DEFAULT_VERSION="1.3.0"
 LW_KEY="[HKEY_THIS_MACHINE\\Services\\lw-server]"
 
 _get_lw_version(){
 
-    LW_VERSION=`rpm -qid vmware-lightwave-server | grep -i Version | cut -d ':' -f2 | tr -d '[[:space:]]'`
+    LW_VERSION=`rpm -qid lightwave-server | grep -i Version | cut -d ':' -f2 | tr -d '[[:space:]]'`
 
     if [ -z $LW_VERSION ]; then
         LW_VERSION=$LW_DEFAULT_VERSION
@@ -82,7 +82,8 @@ LOTUS_HOSTNAME=
 LOTUS_DNS_FORWARDERS=
 LOTUS_SSL_SUBJECT_ALT_NAME=
 DISABLE_DNS=0
-USAGE="configure-lightwave-server --password <password> [--domain <domain-name>] [--server <partner-host-name>] [--site <site-name>] [--hostname <hostname | IP Address>] [--dns-forwarders <comma-separated list of IP Addresses>] [--ssl-subject-alt-name <SSL Subject Alternative Name>] [--disable-dns] [--config-file <configuration file>]"
+DISABLE_STS=0
+USAGE="configure-lightwave-server --password <password> [--domain <domain-name>] [--server <partner-host-name>] [--site <site-name>] [--hostname <hostname | IP Address>] [--dns-forwarders <comma-separated list of IP Addresses>] [--ssl-subject-alt-name <SSL Subject Alternative Name>] [--disable-dns] [--disable-sts] [--config-file <configuration file>]"
 export SUPPORT_RHTTP_PROXY=0
 
 # Read passed parameters.
@@ -123,6 +124,9 @@ if [ $# -gt 0 ]; then
                     "--disable-dns")
                       DISABLE_DNS=1
                       ;;
+                    "--disable-sts")
+                      DISABLE_STS=1
+                      ;;
                     *)
                       echo "Invalid parameter : $arg"
                       echo $USAGE
@@ -185,6 +189,7 @@ if [ -f "$LOTUS_CONFIG_FILE" ]; then
     LOTUS_DNS_FORWARDERS=$(grep "^dns-forwarders=" $LOTUS_CONFIG_FILE | $AWK -F"=" '{print $2}')
     LOTUS_SSL_SUBJECT_ALT_NAME=$(grep "^ssl-subject-alt-name=" $LOTUS_CONFIG_FILE | $AWK -F"=" '{print $2}')
     DISABLE_DNS=$(grep "^disable-dns=" $LOTUS_CONFIG_FILE | $AWK -F"=" '{print $2}')
+    DISABLE_STS=$(grep "^disable-sts=" $LOTUS_CONFIG_FILE | $AWK -F"=" '{print $2}')
 fi
 
 if [ -z "$LOTUS_HOSTNAME" ]; then
@@ -261,9 +266,9 @@ if [[ ! -f /.dockerenv ]]; then
 fi
 
 # Setup vmafd, vmdir and SSO STS server.
-JAVA_HOME=${JAVA_HOME:-@JAVA_HOME@}
+JAVA_HOME=/etc/alternatives/jre
 JAVA_SEC_PROP=/etc/vmware/java/vmware-override-java.security
-VMWARE_DIR=/opt/vmware
+VMWARE_DIR=${prefix:-@prefix@}
 CLASSPATH=$CLASSPATH:$VMWARE_DIR/jars/*
 BIN_DIR=$VMWARE_DIR/bin
 SBIN_DIR=$VMWARE_DIR/sbin
@@ -361,39 +366,42 @@ else
 
     case "$LOTUS_DEPLOYMENT" in
         "standalone")
-            $JAVA_HOME/bin/java -Djava.security.properties=$JAVA_SEC_PROP -cp $CLASSPATH \
-                                com.vmware.pscsetup.PlatformServicesControllerDeploy \
-                                --mode "standalone" --domain $LOTUS_DOMAIN_DEFAULT --password "$LOTUS_ADMIN_PASSWORD_DEFAULT" \
-                                --site $LOTUS_SITE_NAME \
-                                --hostname $LOTUS_HOSTNAME \
-                                $LOTUS_DNS_FORWARDERS_ARG \
-                                $LOTUS_SSL_SUBJECT_ALT_NAME_ARG
+            $BIN_DIR/ic-promote \
+                --domain $LOTUS_DOMAIN_DEFAULT \
+                --password "$LOTUS_ADMIN_PASSWORD_DEFAULT" \
+                --site $LOTUS_SITE_NAME \
+                $LOTUS_SSL_SUBJECT_ALT_NAME_ARG
             ;;
         "partner")
-            $JAVA_HOME/bin/java -Djava.security.properties=$JAVA_SEC_PROP -cp $CLASSPATH \
-                                com.vmware.pscsetup.PlatformServicesControllerDeploy \
-                                --mode "partner" --domain $LOTUS_DOMAIN_DEFAULT --password "$LOTUS_ADMIN_PASSWORD_DEFAULT" \
-                                --site $LOTUS_SITE_NAME \
-                                --server $LOTUS_PARTNER_HOSTNAME \
-                                --hostname $LOTUS_HOSTNAME \
-                                $LOTUS_DNS_FORWARDERS_ARG \
-                                $LOTUS_SSL_SUBJECT_ALT_NAME_ARG
+            $BIN_DIR/ic-promote \
+                --domain $LOTUS_DOMAIN_DEFAULT \
+                --password "$LOTUS_ADMIN_PASSWORD_DEFAULT" \
+                --site $LOTUS_SITE_NAME \
+                --partner $LOTUS_PARTNER_HOSTNAME \
+                $LOTUS_SSL_SUBJECT_ALT_NAME_ARG
             ;;
     esac
 
-    # configure vmidentity if we are not running in a container
-    if [ ! -f /.dockerenv ]; then
-           $JAVA_HOME/bin/java -Djava.security.properties=$JAVA_SEC_PROP -Dinstall.log.file=/var/log/vmware/sso/install-upgrade.log \
-                    -cp $CLASSPATH com.vmware.identity.configure.VMIdentityStandaloneInstaller \
-                    --hostname $LOTUS_HOSTNAME --username $LOTUS_ADMIN_DEFAULT  --domain $LOTUS_DOMAIN_DEFAULT --password $LOTUS_ADMIN_PASSWORD_DEFAULT $LOTUS_SSL_SUBJECT_ALT_NAME_ARG
-    fi
-
     if [ $? -ne 0 ]; then
         echo  "PSC Installation failed."
         _exit 1
     fi
 
-    # Set installed version on installation success.
+case $DISABLE_STS in
+    0)
+        echo "Secure Token Service Installation - Started"
+	$BIN_DIR/configure-sts --domain $LOTUS_DOMAIN_DEFAULT  --password "$LOTUS_ADMIN_PASSWORD_DEFAULT"
+        if [ $? -ne 0 ]; then
+            echo "Secure Token Service Installation - Failed"
+            _exit 1
+        fi
+        ;;
+    *)
+        ;;
+esac
+
+
+  # Set installed version on installation success.
     _set_installed_version
 
     echo "Setup complete."
diff --git a/config/scripts/configure-sts.in b/config/scripts/configure-sts.in
new file mode 100644
index 000000000..1648aea30
--- /dev/null
+++ b/config/scripts/configure-sts.in
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+# Set up for Secure Token Service Installer
+JAVA_HOME=/etc/alternatives/jre
+JAVA_SEC_PROP=/etc/vmware/java/vmware-override-java.security
+JAVA=/etc/alternatives/java
+VMWARE_DIR=/opt/vmware
+CLASSPATH=$CLASSPATH:$VMWARE_DIR/jars/*
+
+# Lotus Defaults
+LOTUS_DOMAIN_DEFAULT=lightwave.local
+LOTUS_ADMIN_DEFAULT=Administrator
+LOTUS_ADMIN_PASSWORD_DEFAULT=
+LOTUS_HOSTNAME=
+LOTUS_ADMIN_PASSWORD_DEFAULT=
+LOTUS_SSL_SUBJECT_ALT_NAME=
+
+USAGE="configure-sts --password <password> [--domain <domain-name>] [--server <partner-host-name>] [--site <site-name>] [--hostname <hostname | IP Address>] [--ssl-subject-alt-name <SSL Subject Alternative name]"
+
+_exit(){
+    if [ $RUN_LWSM ]; then
+        $LW_BIN_DIR/lwsm shutdown
+
+        while [ `pidof lwsmd` ];  do
+            sleep 1
+        done
+    fi
+
+    exit $1
+}
+
+# Read passed parameters.
+if [ $# -gt 0 ]; then
+
+   MODE="open"
+
+   for arg in "$@"
+   do
+        case "$MODE" in
+            "open")
+                case "$arg" in
+                    "--domain")
+                      MODE="domain"
+                      ;;
+                    "--password")
+                      MODE="password"
+                      ;;
+                    "--server")
+                      LOTUS_DEPLOYMENT=partner
+                      MODE="server"
+                      ;;
+                    "--site")
+                      MODE="site"
+                      ;;
+                    "--hostname")
+                      MODE="hostname"
+                      ;;
+                    "--ssl-subject-alt-name")
+                      MODE="ssl-subject-alt-name"
+                      ;;
+                    *)
+                      echo "Invalid parameter : $arg"
+                      echo $USAGE
+                      exit 1
+                      ;;
+                esac
+                ;;
+             "domain")
+                LOTUS_DOMAIN_DEFAULT=$arg
+                MODE=open
+                ;;
+             "password")
+                LOTUS_ADMIN_PASSWORD_DEFAULT=$arg
+                MODE=open
+                ;;
+             "server")
+                LOTUS_PARTNER_HOSTNAME=$arg
+                MODE=open
+                ;;
+             "site")
+                LOTUS_SITE_NAME=$arg
+                MODE=open
+                ;;
+             "hostname")
+                LOTUS_HOSTNAME=$arg
+                MODE=open
+                ;;
+             "ssl-subject-alt-name")
+                LOTUS_SSL_SUBJECT_ALT_NAME=$arg
+                MODE=open
+                ;;
+             *)
+                echo "Invalid mode : $MODE"
+                echo $USAGE
+                exit 1
+                ;;
+        esac
+   done
+else
+   echo $USAGE
+   exit 1
+fi
+
+if [ -z "$LOTUS_HOSTNAME" ]; then
+    LOTUS_HOSTNAME=`hostname -f`
+fi
+
+$JAVA -Djava.security.properties=$JAVA_SEC_PROP -Dinstall.log.file=/var/log/vmware/sso/install-upgrade.log \
+                    -cp $CLASSPATH com.vmware.identity.configure.VMIdentityStandaloneInstaller \
+--hostname $LOTUS_HOSTNAME --username $LOTUS_ADMIN_DEFAULT --domain $LOTUS_DOMAIN_DEFAULT --password $LOTUS_ADMIN_PASSWORD_DEFAULT $LOTUS_SSL_SUBJECT_ALT_NAME_ARG
+
+if [ $? -ne 0 ]; then
+        echo  "Failed to start Secure Token Service."
+        _exit 1
+fi
+
+echo "Secure Token Service was installed Successfully ! "
+
diff --git a/config/scripts/firewall.json b/config/scripts/firewall.json
deleted file mode 100644
index 015b91922..000000000
--- a/config/scripts/firewall.json
+++ /dev/null
@@ -1,213 +0,0 @@
-{
-    "sts": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "443",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "443",
-                "portoffset": 0
-            }
-        ]
-
-    },
-    "vmdns": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "53",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "udp",
-                "porttype": "dst",
-                "port": "53",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2015",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "53",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "udp",
-                "porttype": "dst",
-                "port": "53",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2015",
-                "portoffset": 0
-            }
-        ]
-
-    },
-    "vmkdc": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "88",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "udp",
-                "porttype": "dst",
-                "port": "88",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2012",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2012",
-                "portoffset": 0
-            }
-        ]
-    },
-    "vmca": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2014",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2014",
-                "portoffset": 0
-            }
-        ]
-
-    },
-    "vmafd": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2020",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "2020",
-                "portoffset": 0
-            }
-        ]
-
-    },
-    "lwio": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "445",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "445",
-                "portoffset": 0
-            }
-        ]
-    },
-    "vmdir": {
-        "enable": "true",
-        "ip4_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "389",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "icmp"
-            },
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "636",
-                "portoffset": 0
-            }
-        ],
-        "ip6_rules": [
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "389",
-                "portoffset": 0
-            },
-            {
-                "direction": "inbound",
-                "protocol": "tcp",
-                "porttype": "dst",
-                "port": "636",
-                "portoffset": 0
-            }
-        ]
-    }
-}
diff --git a/config/scripts/lw-firewall-client.json b/config/scripts/lw-firewall-client.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/config/scripts/lw-firewall-client.json
@@ -0,0 +1 @@
+{}
diff --git a/config/scripts/lw-firewall-post.json b/config/scripts/lw-firewall-post.json
new file mode 100644
index 000000000..41509d137
--- /dev/null
+++ b/config/scripts/lw-firewall-post.json
@@ -0,0 +1,70 @@
+{
+    "post": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "38900",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "63600",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "icmp"
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7577",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7578",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "38900",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "63600",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7577",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7578",
+                "portoffset": 0
+            }
+        ]
+
+    }
+}
diff --git a/config/scripts/lw-firewall-server.json b/config/scripts/lw-firewall-server.json
new file mode 100644
index 000000000..b24b000ad
--- /dev/null
+++ b/config/scripts/lw-firewall-server.json
@@ -0,0 +1,241 @@
+{
+    "sts": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "443",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "443",
+                "portoffset": 0
+            }
+        ]
+
+    },
+    "vmdns": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "53",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "udp",
+                "porttype": "dst",
+                "port": "53",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2015",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "53",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "udp",
+                "porttype": "dst",
+                "port": "53",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2015",
+                "portoffset": 0
+            }
+        ]
+
+    },
+    "vmkdc": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "88",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "udp",
+                "porttype": "dst",
+                "port": "88",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2012",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2012",
+                "portoffset": 0
+            }
+        ]
+    },
+    "vmca": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2014",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2014",
+                "portoffset": 0
+            }
+        ]
+
+    },
+    "vmafd": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2020",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "2020",
+                "portoffset": 0
+            }
+        ]
+
+    },
+    "lwio": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "445",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "445",
+                "portoffset": 0
+            }
+        ]
+    },
+    "vmdir": {
+        "enable": "true",
+        "ip4_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "389",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "icmp"
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "636",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7477",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7478",
+                "portoffset": 0
+            }
+        ],
+        "ip6_rules": [
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "389",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "636",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7477",
+                "portoffset": 0
+            },
+            {
+                "direction": "inbound",
+                "protocol": "tcp",
+                "porttype": "dst",
+                "port": "7478",
+                "portoffset": 0
+            }
+        ]
+    }
+}
diff --git a/config/scripts/setfirewallrules.py b/config/scripts/setfirewallrules.py
index c8938fabe..d5112d7c3 100644
--- a/config/scripts/setfirewallrules.py
+++ b/config/scripts/setfirewallrules.py
@@ -3,6 +3,7 @@
 import os.path
 import sys
 import subprocess
+import glob
 
 LIGHTWAVE_CHAIN = 'LIGHTWAVE'
 dir_map = {'inbound': LIGHTWAVE_CHAIN}
@@ -122,19 +123,11 @@ def run_command(cmd, stdin=None):
     return rc, stdout, stderr
 
 def main():
-    json_file = "/opt/vmware/share/config/firewall.json"
+    json_files = glob.glob('/opt/vmware/share/config/lw-firewall*.json')
     error = 1
     syslog.openlog()
     syslog.syslog('Setting Lightwave firewall rules')
 
-
-    if not os.path.exists(json_file):
-        syslog.syslog(syslog.LOG_ERR, "Error: " + json_file + " not found")
-        return
-
-    with open(json_file) as file:
-        rules = json.load(file)
-
     # remove existing rules
     flush_ip4rules()
     flush_ip6rules()
@@ -143,31 +136,39 @@ def main():
     set_lightwave_chain()
     set_ip6_lightwave_chain()
 
-    #apply rules per json file
-    for service in rules:
-        if 'ip4_rules' in rules[service]:
-            for ip4_rules in rules[service]['ip4_rules']:
-                if 'port' in ip4_rules.keys():
-                    cmd = [IPTABLES, '-I', dir_map[ip4_rules['direction']],
-                           '-p', ip4_rules['protocol'], '--dport', ip4_rules['port'],
-                           '-j', 'ACCEPT']
-                else:
-                    cmd = [IPTABLES, '-I', dir_map[ip4_rules['direction']], '-p',
-                           ip4_rules['protocol'], '-j', 'ACCEPT']
-                (rc, stdout, stderr) = run_command(cmd)
-                if rc != 0:
-                    syslog.syslog(syslog.LOG_ERR, "Error: Service " + service + " port " + ip4_rules['port'] +
-                                  " rule was not applied. (" + stderr + ")")
-
-
-        if 'ip6_rules' in rules[service]:
-            for ip6_rules in rules[service]['ip6_rules']:
-                cmd = [IP6TABLES, '-I', dir_map[ip6_rules['direction']], '-p', ip6_rules['protocol'],
-                       '--dport', ip6_rules['port'], '-j', 'ACCEPT']
-                (rc, stdout, stderr) = run_command(cmd)
-                if rc != 0:
-                    syslog.syslog(syslog.LOG_ERR, "Error: Service " + service + " port " + ip6_rules['port'] +
-                                  " rule was not applied. (" + stderr + ")")
+    for json_file in json_files:
+        if not os.path.exists(json_file):
+            syslog.syslog(syslog.LOG_ERR, "Error: " + json_file + " not found")
+            return
+
+        with open(json_file) as file:
+            rules = json.load(file)
+
+        #apply rules per json file
+        for service in rules:
+            if 'ip4_rules' in rules[service]:
+                for ip4_rules in rules[service]['ip4_rules']:
+                    if 'port' in ip4_rules.keys():
+                        cmd = [IPTABLES, '-I', dir_map[ip4_rules['direction']],
+                               '-p', ip4_rules['protocol'], '--dport', ip4_rules['port'],
+                               '-j', 'ACCEPT']
+                    else:
+                        cmd = [IPTABLES, '-I', dir_map[ip4_rules['direction']], '-p',
+                               ip4_rules['protocol'], '-j', 'ACCEPT']
+                    (rc, stdout, stderr) = run_command(cmd)
+                    if rc != 0:
+                        syslog.syslog(syslog.LOG_ERR, "Error: Service " + service + " port " + ip4_rules['port'] +
+                                      " rule was not applied. (" + stderr + ")")
+
+
+            if 'ip6_rules' in rules[service]:
+                for ip6_rules in rules[service]['ip6_rules']:
+                    cmd = [IP6TABLES, '-I', dir_map[ip6_rules['direction']], '-p', ip6_rules['protocol'],
+                           '--dport', ip6_rules['port'], '-j', 'ACCEPT']
+                    (rc, stdout, stderr) = run_command(cmd)
+                    if rc != 0:
+                        syslog.syslog(syslog.LOG_ERR, "Error: Service " + service + " port " + ip6_rules['port'] +
+                                      " rule was not applied. (" + stderr + ")")
 
 
 if __name__ == "__main__":
diff --git a/config/tools/ic-join/Makefile.am b/config/tools/ic-join/Makefile.am
index f6e9d8516..41d6beb32 100644
--- a/config/tools/ic-join/Makefile.am
+++ b/config/tools/ic-join/Makefile.am
@@ -4,18 +4,20 @@ ic_join_SOURCES = \
     main.c
 
 ic_join_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    @VMDIR_INCLUDES@ \
-    @VMAFD_INCLUDES@ \
+    -I$(top_srcdir)/config/include \
+    -I$(top_srcdir)/config/include/public \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@
 
 ic_join_LDADD = \
-    @top_builddir@/cfgutils/libcfgutils.la \
-    @VMAFD_LIBS@ \
-    @VMCA_LIBS@ \
-    @VMDNS_LIBS@ \
-    @VMDIR_LIBS@ \
+    @top_builddir@/config/cfgutils/libcfgutils.la \
+    @top_builddir@/vmafd/client/libvmafdclient.la \
+    @top_builddir@/vmca/client/libvmcaclient.la \
+    @top_builddir@/vmdns/client/libvmdnsclient.la \
+    @top_builddir@/vmdir/client/libvmdirclient.la \
     @LWSM_LIBS@ \
     @LWADVAPI_LIBS@ \
     @LWIO_LIBS@ \
@@ -30,9 +32,5 @@ ic_join_LDADD = \
     @PTHREAD_LIBS@
 
 ic_join_LDFLAGS = \
-    @VMDNS_LDFLAGS@ \
-    @VMCA_LDFLAGS@ \
-    @VMAFD_LDFLAGS@ \
-    @VMDIR_LDFLAGS@ \
     @LW_LDFLAGS@ \
     @OPENSSL_LDFLAGS@
diff --git a/config/tools/ic-join/main.c b/config/tools/ic-join/main.c
index 943a7546a..af67dbc1c 100644
--- a/config/tools/ic-join/main.c
+++ b/config/tools/ic-join/main.c
@@ -245,7 +245,8 @@ ParseArgs(
                 {
                     bDisableAfdListener = TRUE;
                 }
-                else if (!strcmp(pszArg, "--use-machine-accout"))
+                else if (!strcmp(pszArg, "--use-machine-account") ||
+                         !strcmp(pszArg, "--use-machine-accout"))
                 {
                     bUseMachineAccount = TRUE;
                 }
diff --git a/config/tools/ic-promote/Makefile.am b/config/tools/ic-promote/Makefile.am
index cf2db9944..e4fd35842 100644
--- a/config/tools/ic-promote/Makefile.am
+++ b/config/tools/ic-promote/Makefile.am
@@ -4,25 +4,29 @@ ic_promote_SOURCES = \
     main.c
 
 ic_promote_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    @VMDIR_INCLUDES@ \
-    @VMAFD_INCLUDES@ \
+    -I$(top_srcdir)/config/include \
+    -I$(top_srcdir)/config/include/public \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@
 
 ic_promote_LDADD = \
-    @top_builddir@/cfgutils/libcfgutils.la \
-    @VMAFD_LIBS@ \
-    @VMDNS_LIBS@ \
-    @VMCA_LIBS@ \
-    @VMDIR_LIBS@ \
+    @top_builddir@/config/cfgutils/libcfgutils.la \
+    @top_builddir@/vmafd/client/libvmafdclient.la \
+    @top_builddir@/vmca/client/libvmcaclient.la \
+    @top_builddir@/vmdns/client/libvmdnsclient.la \
+    @top_builddir@/vmdir/client/libvmdirclient.la \
     @LWSM_LIBS@ \
-    @LWADVAPI_LIBS@ \
+    @DCERPC_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
+    @LWADVAPI_LIBS@ \
     @CRYPTO_LIBS@ \
     @GSSAPI_LIBS@ \
     @UUID_LIBS@ \
@@ -30,9 +34,5 @@ ic_promote_LDADD = \
     @PTHREAD_LIBS@
 
 ic_promote_LDFLAGS = \
-    @VMDNS_LDFLAGS@ \
-    @VMCA_LDFLAGS@ \
-    @VMAFD_LDFLAGS@ \
-    @VMDIR_LDFLAGS@ \
     @LW_LDFLAGS@ \
     @OPENSSL_LDFLAGS@
diff --git a/configure.ac b/configure.ac
new file mode 100644
index 000000000..374c252f2
--- /dev/null
+++ b/configure.ac
@@ -0,0 +1,1727 @@
+AC_PREREQ([2.69])
+AC_INIT([lightwave], [1.3.0])
+AC_CONFIG_AUX_DIR([.])
+AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
+m4_pattern_allow([AM_PROG_AR])
+AM_PROG_AR
+LT_INIT
+AC_PROG_CC
+AC_PROG_CXX(g++)
+AC_PROG_LIBTOOL
+AC_PREFIX_DEFAULT(/opt/vmware)
+
+AC_CONFIG_HEADERS([include/config.h])
+AC_CONFIG_MACRO_DIR([m4])
+
+dnl Check supported operating systems
+dnl
+
+case "${host_os}:${host_cpu}" in
+    linux*:x86_64)
+        PLATFORM_LIB_PREFIX=lib64
+        ;;
+    linux*:aarch64)
+        PLATFORM_LIB_PREFIX=lib
+        ;;
+    darwin*:x86_64)
+        PLATFORM_LIB_PREFIX=lib
+        ;;
+    *)
+        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
+        ;;
+esac
+
+CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
+CXXFLAGS="$CXXFLAGS -frtti"
+
+AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
+AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
+
+AC_SUBST(AM_CPPFLAGS)
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_CXXFLAGS)
+
+AC_HEADER_STDC
+AC_CHECK_HEADERS(pthread.h errno.h sys/types.h sys/stat.h stdio.h string.h strings.h)
+AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
+AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
+AC_CHECK_HEADERS(ctype.h netinet/in.h arpa/inet.h fcntl.h sys/un.h dirent.h termios.h term.h)
+AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
+AC_CHECK_HEADERS(limits.h)
+
+AC_C_CONST
+AC_TYPE_SIZE_T
+
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS(strerror)
+
+#--------------------------------------------------------------------
+
+AC_ARG_ENABLE([debug],
+    [AC_HELP_STRING([--enable-debug],
+                    [enable debugging (default: disabled)])],
+    [
+        if test x"$enableval" = x"yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -g -O0"
+            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG -DVMCA_DEBUG"
+        fi
+    ])
+
+#--------------------------------------------------------------------
+
+ADDACL_CHECK_ENABLED="yes"
+AC_ARG_ENABLE([addacl],
+    [AC_HELP_STRING([--enable-addacl],
+                    [enable acl check on add (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            ADDACL_CHECK_ENABLED="no"
+        fi
+    ])
+
+if test x"$ADDACL_CHECK_ENABLED" = x"no"
+then
+AC_DEFINE_UNQUOTED(ADDACL_CHECK_DISABLED, "1", [ Disable ACL checks on add ])
+fi
+
+#--------------------------------------------------------------------
+
+MODACL_CHECK_ENABLED="yes"
+AC_ARG_ENABLE([modacl],
+    [AC_HELP_STRING([--enable-modacl],
+                    [enable acl check on modify (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            MODACL_CHECK_ENABLED="no"
+        fi
+    ])
+
+if test x"$MODACL_CHECK_ENABLED" = x"no"
+then
+AC_DEFINE_UNQUOTED(MODACL_CHECK_DISABLED, "1", [ Disable ACL checks on modify ])
+fi
+
+#--------------------------------------------------------------------
+
+DELACL_CHECK_ENABLED="yes"
+AC_ARG_ENABLE([delacl],
+    [AC_HELP_STRING([--enable-delacl],
+                    [enable acl check on delete (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            DELACL_CHECK_ENABLED="no"
+        fi
+    ])
+
+if test x"$DELACL_CHECK_ENABLED" = x"no"
+then
+AC_DEFINE_UNQUOTED(DELACL_CHECK_DISABLED, "1", [ Disable ACL checks on delete ])
+fi
+
+#--------------------------------------------------------------------
+
+SEAACL_CHECK_ENABLED="yes"
+AC_ARG_ENABLE([seaacl],
+    [AC_HELP_STRING([--enable-seaacl],
+                    [enable acl check on search (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            SEAACL_CHECK_ENABLED="no"
+        fi
+    ])
+
+if test x"$SEAACL_CHECK_ENABLED" = x"no"
+then
+AC_DEFINE_UNQUOTED(SEAACL_CHECK_DISABLED, "1", [ Disable ACL checks on search ])
+fi
+
+#--------------------------------------------------------------------
+# rest head flag
+
+REST_ENABLED=true
+AC_ARG_ENABLE([rest],
+    [AC_HELP_STRING([--enable-rest],
+                    [enable rest heads (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            REST_ENABLED=false
+        fi
+    ])
+
+if $REST_ENABLED
+then
+AC_DEFINE_UNQUOTED(REST_ENABLED, 1, [ Enable rest heads ])
+fi
+
+AM_CONDITIONAL(REST_ENABLED, [$REST_ENABLED])
+
+#--------------------------------------------------------------------
+# datastore flag
+
+AC_ARG_WITH([datastore],
+    [AC_HELP_STRING([--with-datastore=<datastore>],
+                    [use backend datastore <datastore>])],
+    [
+        DATASTORE="$withval"
+    ],
+    [
+        DATASTORE="mdb"
+    ])
+
+#--------------------------------------------------------------------
+# lightwave build flag
+
+ENABLE_LIGHTWAVE_BUILD=true
+AC_ARG_ENABLE([lightwave-build],
+    [AC_HELP_STRING([--enable-lightwave-build],
+                    [enable lightwave build (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            ENABLE_LIGHTWAVE_BUILD=false
+        fi
+    ])
+
+if $ENABLE_LIGHTWAVE_BUILD
+then
+AC_DEFINE_UNQUOTED(LIGHTWAVE_BUILD, 1, [ enable lightwave specific build ])
+fi
+
+AM_CONDITIONAL(LIGHTWAVE_BUILD, [$LIGHTWAVE_BUILD])
+
+#--------------------------------------------------------------------
+# client only build
+
+ENABLE_SERVER=true
+AC_ARG_ENABLE([server],
+    [AC_HELP_STRING([--enable-server],
+                    [enable full build (default: yes)])],
+    [
+        if test x"$enableval" = x"yes"
+        then
+            ENABLE_SERVER=true
+        else
+            ENABLE_SERVER=false
+        fi
+    ])
+
+AM_CONDITIONAL(ENABLE_SERVER, [$ENABLE_SERVER])
+
+#--------------------------------------------------------------------
+# openssl component
+
+case "${host_os}:${host_cpu}" in
+    linux*:x86_64)
+    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib64
+    ;;
+    darwin*:x86_64)
+    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
+    ;;
+    linux*:aarch64)
+    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
+    ;;
+    *)
+    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
+    ;;
+esac
+
+AC_ARG_WITH([ssl],
+    [AC_HELP_STRING([--with-ssl=<dir>],
+                    [use SSL binaries rooted at prefix <dir>])],
+    [
+        OPENSSL_BASE_PATH="$withval"
+    ],
+    [
+        OPENSSL_BASE_PATH="/usr"
+    ])
+
+AC_ARG_WITH([ssl-includes],
+    [AC_HELP_STRING([--with-ssl-includes=<dir>],
+                    [use SSL headers located in prefix <dir>])],
+    [
+        OPENSSL_INCLUDES="-DOPENSSL_NO_KRB5 -I$withval"
+    ],
+    [
+        OPENSSL_INCLUDES="-DOPENSSL_NO_KRB5 -I$OPENSSL_BASE_PATH/include"
+    ])
+
+AC_ARG_WITH([ssl-libs],
+    [AC_HELP_STRING([--with-ssl-libs=<dir>],
+                    [use SSL libraries located in prefix <dir>])],
+    [
+        OPENSSL_LDFLAGS="-L$withval"
+    ],
+    [
+        OPENSSL_LDFLAGS="-L$OPENSSL_BASE_PATH/$PLATFORM_LIB_PREFIX -Wl,-rpath,$OPEN_SSL_DEFAULT_PATH"
+    ])
+
+AC_SUBST(OPENSSL_BASE_PATH)
+AC_SUBST(OPENSSL_INCLUDES)
+AC_SUBST(OPENSSL_LDFLAGS)
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $LW_INCLUDES"
+AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h)
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+# zlib component
+
+AC_ARG_WITH([zlib],
+    [AC_HELP_STRING([--with-zlib=<dir>],
+                    [use zlib binaries rooted at prefix <dir>])],
+    [
+        ZLIB_BASE_PATH="$withval"
+    ],
+    [
+        ZLIB_BASE_PATH="/usr"
+    ])
+
+ZLIB_INCLUDES="-I$ZLIB_BASE_PATH/include"
+ZLIB_LDFLAGS="-L$ZLIB_BASE_PATH/lib -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
+
+AC_SUBST(ZLIB_BASE_PATH)
+AC_SUBST(ZLIB_INCLUDES)
+AC_SUBST(ZLIB_LDFLAGS)
+
+#--------------------------------------------------------------------
+# bzip component
+
+AC_ARG_WITH([bzip],
+    [AC_HELP_STRING([--with-bzip=<dir>],
+                    [use BZIP binaries rooted at prefix <dir>])],
+    [
+        BZIP_BASE_PATH="$withval"
+    ],
+    [
+        BZIP_BASE_PATH="/usr"
+    ])
+
+BZIP_INCLUDES="-I$BZIP_BASE_PATH/include"
+BZIP_LDFLAGS="-L$BZIP_BASE_PATH/lib -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
+
+AC_SUBST(BZIP_BASE_PATH)
+AC_SUBST(BZIP_INCLUDES)
+AC_SUBST(BZIP_LDFLAGS)
+
+#--------------------------------------------------------------------
+# Cyrus SASL
+
+AC_ARG_WITH([sasl],
+    [AC_HELP_STRING([--with-sasl=<dir>],
+                    [use SASL binaries rooted at prefix <dir>])],
+    [
+        SASL_BASE_PATH="$withval"
+    ],
+    [
+        SASL_BASE_PATH="/usr"
+    ])
+
+AC_ARG_WITH([sasl-includes],
+    [AC_HELP_STRING([--with-sasl-includes=<dir>],
+                    [use SASL headers located in prefix <dir>])],
+    [
+        SASL_INCLUDES="-I$withval"
+    ],
+    [
+        SASL_INCLUDES="-I$SASL_BASE_PATH/include"
+    ])
+
+AC_ARG_WITH([sasl-libs],
+    [AC_HELP_STRING([--with-sasl-libs=<dir>],
+                    [use SASL libraries located in prefix <dir>])],
+    [
+        SASL_LIBPATH="$withval"
+        SASL_LDFLAGS="-L$withval"
+    ],
+    [
+        SASL_LIBPATH="$SASL_BASE_PATH/lib64"
+        SASL_LDFLAGS="-L$SASL_BASE_PATH/lib64"
+    ])
+
+AC_ARG_WITH([sasl-plugins],
+    [AC_HELP_STRING([--with-sasl-plugins=<dir>],
+                    [assume SASL plugins at runtime are located in <dir>])],
+    [
+        SASL_PLUGINSPATH="$withval"
+    ],
+    [
+        SASL_PLUGINSPATH="$SASL_BASE_PATH/lib64/sasl2"
+    ])
+
+AC_SUBST(SASL_BASE_PATH)
+AC_SUBST(SASL_INCLUDES)
+AC_SUBST(SASL_LDFLAGS)
+
+AC_DEFINE_UNQUOTED(VMDIR_CONFIG_SASL2_LIB_PATH, "$SASL_PLUGINSPATH", [SASL2 Library path])
+
+#--------------------------------------------------------------------
+# Jansson
+
+AC_ARG_WITH([jansson],
+    [AC_HELP_STRING([--with-jansson=<dir>],
+                    [use jansson binaries rooted at prefix <dir>])],
+    [
+        JANSSON_BASE_PATH="$withval"
+    ],
+    [
+        JANSSON_BASE_PATH="/usr"
+    ])
+
+JANSSON_INCLUDES="-I$JANSSON_BASE_PATH/include"
+JANSSON_LDFLAGS="-L$JANSSON_BASE_PATH/lib"
+
+AC_CHECK_HEADERS(jansson.h)
+AC_SUBST(JANSSON_BASE_PATH)
+AC_SUBST(JANSSON_INCLUDES)
+AC_SUBST(JANSSON_LDFLAGS)
+
+#--------------------------------------------------------------------
+# Copenapi
+
+AC_ARG_WITH([copenapi],
+    [AC_HELP_STRING([--with-copenapi=<dir>],
+                    [use copenapi binaries rooted at prefix <dir>])],
+    [
+        COPENAPI_BASE_PATH="$withval"
+    ],
+    [
+        COPENAPI_BASE_PATH="/usr"
+    ])
+
+COPENAPI_INCLUDES="-I$COPENAPI_BASE_PATH/include"
+COPENAPI_LDFLAGS="-L$COPENAPI_BASE_PATH/lib"
+
+AC_CHECK_HEADERS(copenapi/copenapi.h)
+AC_SUBST(COPENAPI_BASE_PATH)
+AC_SUBST(COPENAPI_INCLUDES)
+AC_SUBST(COPENAPI_LDFLAGS)
+
+#--------------------------------------------------------------------
+# C rest engine
+
+AC_ARG_WITH([c-rest-engine],
+    [AC_HELP_STRING([--with-c-rest-engine=<dir>],
+                    [use c-rest-engine server binaries rooted at prefix <dir>])],
+    [
+        CRESTENGINE_BASE_PATH="$withval"
+    ],
+    [
+        CRESTENGINE_BASE_PATH="/usr"
+    ])
+
+CRESTENGINE_INCLUDES="-I$CRESTENGINE_BASE_PATH/include"
+CRESTENGINE_LDFLAGS="-L$CRESTENGINE_BASE_PATH/lib"
+
+AC_CHECK_HEADERS(vmrest.h)
+AC_SUBST(CRESTENGINE_BASE_PATH)
+AC_SUBST(CRESTENGINE_INCLUDES)
+AC_SUBST(CRESTENGINE_LDFLAGS)
+
+#--------------------------------------------------------------------
+# Likewise components
+
+AC_ARG_WITH([likewise],
+    [AC_HELP_STRING([--with-likewise=<dir>],
+                    [use likewise binaries rooted at prefix <dir>])],
+    [
+        LW_BASE_PATH="$withval"
+    ],
+    [
+        LW_BASE_PATH="/opt/likewise"
+    ])
+
+case "${host_os}:${host_cpu}" in
+    linux*:x86_64)
+    LIKEWISE_DEFAULT_PATH=$LW_BASE_PATH/lib64
+    ;;
+    darwin*:x86_64)
+    LIKEWISE_DEFAULT_PATH=$LW_BASE_PATH/lib
+    ;;
+    linux*:aarch64)
+    LIKEWISE_DEFAULT_PATH=$LW_BASE_PATH/lib
+    ;;
+    *)
+    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
+    ;;
+esac
+
+AC_ARG_WITH([likewise-rpath],
+    [AC_HELP_STRING([--with-likewise-rpath=<dir>],
+                    [use likewise libraries located at <dir> at runtime])],
+    [
+        LW_RPATH="$withval"
+    ],
+    [
+        LW_RPATH=$LIKEWISE_DEFAULT_PATH
+    ])
+
+AC_ARG_WITH([likewise-includes],
+    [AC_HELP_STRING([--with-likewise-includes=<dir>],
+                    [use likewise headers located in prefix <dir>])],
+    [
+        LW_INCLUDES="-I$withval"
+    ],
+    [
+        LW_INCLUDES="-I$LW_BASE_PATH/include"
+    ])
+
+AC_ARG_WITH([likewise-libs],
+    [AC_HELP_STRING([--with-likewise-libs=<dir>],
+                    [use likewise libraries located in prefix <dir>])],
+    [
+        LW_LDFLAGS="-L$withval -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval"
+    ],
+    [
+        LW_LDFLAGS="-L$LW_BASE_PATH/$PLATFORM_LIB_PREFIX -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$LW_BASE_PATH/$PLATFORM_LIB_PREFIX"
+    ])
+
+AC_SUBST(LW_BASE_PATH)
+AC_SUBST(LW_INCLUDES)
+AC_SUBST(LW_LDFLAGS)
+
+#--------------------------------------------------------------------
+
+DCERPC_PATH=$LW_BASE_PATH/bin
+DCERPC_INCLUDES=$LW_INCLUDES
+DCERPC_LDFLAGS=$LW_LDFLAGS
+
+AC_ARG_WITH([dcerpc],
+    [AC_HELP_STRING([--with-dcerpc=<dir>],
+                    [use DCERPC binaries rooted at prefix <dir>])],
+    [
+        DCERPC_BASE_PATH="$withval/bin"
+    ],
+    [
+        DCERPC_BASE_PATH="$LW_BASE_PATH"
+    ])
+
+DCERPC_PATH="$DCERPC_BASE_PATH/bin"
+
+AC_ARG_WITH([dcerpc-includes],
+    [AC_HELP_STRING([--with-dcerpc-includes=<dir>],
+                    [use DCERPC headers located in prefix <dir>])],
+    [
+        DCERPC_INCLUDES="-I$withval"
+    ],
+    [
+        DCERPC_INCLUDES="-I$DCERPC_BASE_PATH/include"
+    ])
+
+AC_ARG_WITH([dcerpc-libs],
+    [AC_HELP_STRING([--with-dcerpc-libs=<dir>],
+                    [use DCERPC libraries located in prefix <dir>])],
+    [
+        DCERPC_LDFLAGS="-L$withval"
+    ],
+    [
+        DCERPC_LDFLAGS="-L$DCERPC_BASE_PATH/lib64"
+    ])
+
+AC_SUBST(DCERPC_PATH)
+AC_SUBST(DCERPC_INCLUDES)
+AC_SUBST(DCERPC_LDFLAGS)
+
+for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
+    j=`echo $i | grep '^-I'`
+    if test x != x"$j"
+    then
+        IDLFLAGS="$IDLFLAGS $j"
+    fi
+done
+
+AC_SUBST(IDLFLAGS)
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $LW_INCLUDES $OPENSSL_INCLUDES"
+AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h lwrpcrt/lwrpcrt.h dce/rpc.h)
+AC_CHECK_HEADERS(lwsm/lwsm.h)
+AC_CHECK_HEADERS(reg/lwreg.h)
+AC_CHECK_HEADERS(reg/regutil.h)
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+
+AC_ARG_ENABLE([pac],
+     AS_HELP_STRING([--disable-pac], [Disable Kerberos PAC]))
+AM_CONDITIONAL([VMDIR_ENABLE_PAC], [test "x$enable_pac" != "xno"]])
+if test x"$enable_pac" != x"no"
+then
+AC_DEFINE_UNQUOTED(VMDIR_ENABLE_PAC, 1, [ Enable PAC ])
+fi
+
+#--------------------------------------------------------------------
+# POPT components
+
+AC_ARG_WITH([popt],
+    [AC_HELP_STRING([--with-popt=<dir>],
+                    [use POPT binaries rooted at prefix <dir>])],
+    [
+        POPT_BASE_PATH="$withval"
+    ],
+    [
+        POPT_BASE_PATH="/usr"
+    ])
+
+POPT_INCLUDES="-I$POPT_BASE_PATH/include"
+POPT_LDFLAGS="-L$POPT_BASE_PATH/lib"
+
+AC_SUBST(POPT_BASE_PATH)
+AC_SUBST(POPT_INCLUDES)
+AC_SUBST(POPT_LDFLAGS)
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $POPT_INCLUDES"
+AC_CHECK_HEADERS(popt.h)
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+# SQLITE components
+
+AC_ARG_WITH([sqlite],
+    [AC_HELP_STRING([--with-sqlite=<dir>],
+                    [use SQLITE binaries rooted at prefix <dir>])],
+    [
+        SQLITE_BASE_PATH="$withval"
+    ],
+    [
+        SQLITE_BASE_PATH="/usr"
+    ])
+
+SQLITE_INCLUDES="-I$SQLITE_BASE_PATH/include"
+SQLITE_LDFLAGS="-L$SQLITE_BASE_PATH/lib"
+
+AC_SUBST(SQLITE_BASE_PATH)
+AC_SUBST(SQLITE_INCLUDES)
+AC_SUBST(SQLITE_LDFLAGS)
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $SQLITE_INCLUDES"
+AC_CHECK_HEADERS(sqlite3.h)
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+# BOOST components
+
+AC_ARG_WITH([boost],
+    [AC_HELP_STRING([--with-boost=<dir>],
+                    [use BOOST binaries rooted at prefix <dir>])],
+    [
+        BOOST_BASE_PATH="$withval"
+    ],
+    [
+        BOOST_BASE_PATH="/usr"
+    ])
+
+AC_ARG_WITH([boost-includes],
+    [AC_HELP_STRING([--with-boost-includes=<dir>],
+                    [use BOOST headers located in prefix <dir>])],
+    [
+        BOOST_INCLUDES="-I$withval"
+    ],
+    [
+        BOOST_INCLUDES="-I$BOOST_BASE_PATH/include"
+    ])
+
+AC_ARG_WITH([boost-libs],
+    [AC_HELP_STRING([--with-boost-libs=<dir>],
+                    [use BOOST libraries located in prefix <dir>])],
+    [
+        BOOST_LDFLAGS="-L$withval"
+    ],
+    [
+        BOOST_LDFLAGS="-L$BOOST_BASE_PATH/lib"
+    ])
+
+AC_ARG_WITH([boost-python-lib],
+    [AC_HELP_STRING([--with-boost-python-lib=<dir>],
+                    [use BOOST Python library extension])],
+    [
+        BOOST_PYTHON_EXT="$withval"
+        BOOST_PYTHON_LDFLAGS="$BOOST_BASE_PATH/lib/libboost_python-$BOOST_PYTHON_EXT.a"
+    ])
+
+AC_SUBST(BOOST_BASE_PATH)
+AC_SUBST(BOOST_INCLUDES)
+AC_SUBST(BOOST_LDFLAGS)
+AC_SUBST(BOOST_PYTHON_EXT)
+AC_SUBST(BOOST_PYTHON_LDFLAGS)
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $BOOST_INCLUDES"
+AC_LANG_PUSH([C++])
+AC_CHECK_HEADERS(boost/asio.hpp)
+AC_LANG_POP([C++])
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+# Python components
+
+AC_ARG_WITH([python],
+    [AC_HELP_STRING([--with-python=<dir>],
+                   [use Python binaries rooted at prefix <dir>])],
+    [
+        PYTHON_BASE_PATH="$withval"
+    ],
+    [
+        PYTHON_BASE_PATH="/usr"
+    ])
+
+AC_ARG_WITH([python-includes],
+    [AC_HELP_STRING([--with-python-includes=<dir>],
+                    [use Python headers located in prefix <dir>])],
+    [
+        PYTHON_INCLUDES="-I$withval"
+    ],
+    [
+        PYTHON_INCLUDES="-I$PYTHON_BASE_PATH/include/python2.7"
+    ])
+
+AC_ARG_WITH([python-libs],
+    [AC_HELP_STRING([--with-python-libs=<dir>],
+                    [use Python libraries located in prefix <dir>])],
+    [
+        PYTHON_LDFLAGS="-L$withval"
+    ],
+    [
+        PYTHON_LDFLAGS="-L$PYTHON_BASE_PATH/lib"
+    ])
+
+AC_SUBST(PYTHON_BASE_PATH)
+AC_SUBST(PYTHON_INCLUDES)
+AC_SUBST(PYTHON_LDFLAGS)
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES"
+AC_CHECK_HEADERS(python.h)
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+# Maven component
+
+AC_ARG_WITH([maven],
+    [AC_HELP_STRING([--with-maven=<dir>],
+                    [use Apache Maven  binaries rooted at prefix <dir>])],
+    [
+        MAVEN_HOME="$withval"
+    ],
+    [
+        MAVEN_HOME="/var/opt/apache-maven"
+    ])
+
+AC_SUBST(MAVEN_HOME)
+
+#--------------------------------------------------------------------
+# Java
+
+AC_ARG_WITH([java],
+    [AC_HELP_STRING([--with-java=<dir>],
+                    [use java binaries rooted at prefix <dir>])],
+    [
+        JAVA_HOME="$withval"
+    ],
+    [
+        JAVA_HOME="/etc/alternatives/jre/../"
+    ])
+
+AC_ARG_WITH([java-includes],
+    [AC_HELP_STRING([--with-java-includes=<dir>],
+                    [use java headers located in prefix <dir>])],
+    [
+        JDK_INCLUDES="-I$withval"
+    ],
+    [
+        JDK_INCLUDES="-I$JAVA_HOME/include -I$JAVA_HOME/include/linux"
+    ])
+
+AC_ARG_WITH([java-libs],
+    [AC_HELP_STRING([--with-java-libs=<dir>],
+                    [use java libraries located in prefix <dir>])],
+    [
+        JDK_LDFLAGS="-L$withval"
+    ],
+    [
+        JDK_LDFLAGS="-L$JAVA_HOME/lib"
+    ])
+
+TOOLS_CLASSPATH=$JAVA_HOME/lib/tools.jar
+
+AC_SUBST(JAVA_HOME)
+AC_SUBST(JDK_INCLUDES)
+AC_SUBST(JDK_LDFLAGS)
+AC_SUBST(TOOLS_CLASSPATH)
+
+JDK_PATH=$JAVA_HOME/bin
+AC_SUBST(JDK_PATH)
+
+JAVA=$JAVA_HOME/bin/java
+AC_SUBST(JAVA)
+
+JRE_EXT=$JAVA_HOME/jre/lib/ext
+AC_SUBST(JRE_EXT)
+
+AC_PATH_PROG([JAVAH], [javah], [no], [$PATH:$JDK_PATH])
+
+if test x"$JAVAH" = x"no"; then
+    AC_MSG_ERROR([JAVAH compiler not found])
+fi
+
+#--------------------------------------------------------------------
+
+AC_CHECK_LIB([dl],
+    [dlopen],
+    [DL_LIBS="-ldl"])
+
+AC_CHECK_LIB([pthread],
+    [pthread_self],
+    [PTHREAD_LIBS="-lpthread"])
+
+AC_CHECK_LIB([z],
+    [inflate],
+    [ZLIB_LIBS="-lz"],
+    [],
+    [$ZLIB_LDFLAGS])
+
+AC_CHECK_LIB([bz2],
+    [BZ2_bzdopen],
+    [BZIP_LIBS="-lbz2"],
+    [],
+    [$BZIP_LDFLAGS])
+
+AC_CHECK_LIB([uuid],
+    [uuid_copy],
+    [UUID_LIBS="-luuid"],
+    [],
+    [$LW_LDFLAGS -luuid])
+
+AC_CHECK_LIB([crypto],
+    [MD5_Init],
+    [CRYPTO_LIBS="-lcrypto -lssl"],
+    [],
+    [$OPENSSL_LDFLAGS])
+
+AC_CHECK_LIB([lber],
+    [ber_scanf],
+    [LBER_LIBS="-llber"],
+    [],
+    [$LW_LDFLAGS -llber])
+
+AC_CHECK_LIB([gssapi_krb5],
+    [gss_accept_sec_context],
+    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
+    [],
+    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
+
+AC_CHECK_LIB([sasl2],
+    [sasl_server_init],
+    [SASL_LIBS="-lsasl2"],
+    [],
+    [$SASL_LDFLAGS])
+
+AC_CHECK_LIB([ldap_r],
+    [ldap_initialize],
+    [LDAP_LIBS="-lldap_r -llber"],
+    [],
+    [$LW_LDFLAGS -llber $SASL_LDFLAGS $SASL_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
+
+AC_CHECK_LIB([lwbase],
+    [LwRtlMemoryAllocate],
+    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
+    [],
+    [$LW_LDFLAGS -llwbase_nothr])
+
+AC_CHECK_LIB([lwadvapi],
+    [LwFreeMemory],
+    [LWADVAPI_LIBS="-llwadvapi -llwadvapi_nothr"],
+    [],
+    [$LW_LDFLAGS -llwadvapi_nothr $LWBASE_LIBS $LDAP_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
+
+AC_CHECK_LIB([lwmsg],
+    [lwmsg_connection_new],
+    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
+    [],
+    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
+
+AC_CHECK_LIB([regclient],
+    [LwRegOpenKeyExW],
+    [LWREG_LIBS="-lregclient -lregcommon"],
+    [],
+    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
+
+AC_CHECK_LIB([rsutils],
+    [RegUtilSetValue],
+    [LWRSUTILS_LIBS="-lrsutils"],
+    [],
+    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
+
+AC_CHECK_LIB([schannel],
+    [schn_init_creds],
+    [SCHANNEL_LIBS="-lschannel"],
+    [],
+    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
+
+AC_CHECK_LIB([lwioclient],
+    [LwNtCreateFile],
+    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
+    [],
+    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
+     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS])
+
+AC_CHECK_LIB([dcerpc],
+    [rpc__init],
+    [DCERPC_LIBS="-ldcerpc"],
+    [],
+    [$DCERPC_LDFLAGS $OPENSSL_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $CRYPTO_LIBS $LWIO_LIBS
+     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
+
+AC_CHECK_LIB([jansson],
+    [json_object],
+    [JANSSON_LIBS="-ljansson"],
+    [],
+    [$JANSSON_LDFLAGS])
+
+AC_CHECK_LIB([curl],
+    [main],
+    [CURL_LIBS="-lcurl"],
+    [],
+    [$CURL_LDFLAGS])
+
+AC_CHECK_LIB([copenapi],
+    [coapi_load_from_file],
+    [COPENAPI_LIBS="-lcopenapi"]
+    [],
+    [$COPENAPI_LDFLAGS])
+
+AC_CHECK_LIB([restengine],
+    [VmRESTInit],
+    [CRESTENGINE_LIBS="-lrestengine"],
+    [],
+    [$CRESTENGINE_LDFLAGS])
+
+AC_CHECK_LIB([shadow],
+    [getspnam],
+    [SHADOW_LIBS="-lshadow"])
+
+AC_CHECK_LIB([popt],
+    [poptGetArg],
+    [POPT_LIBS="-lpopt"],
+    [],
+    [$POPT_LDFLAGS])
+
+#
+# Use -lxcrypt on SLES11, which contains advanced hash algorithms
+#
+AC_CHECK_LIB([xcrypt],
+    [crypt_r],
+    [CRYPT_LIBS="-L/usr/lib64 -lxcrypt $DL_LIBS"],
+    [CRYPT_LIBS="no"],
+    [-L/usr/lib64 $DL_LIBS])
+if test x"$CRYPT_LIBS" = x"no"; then
+    AC_CHECK_LIB([crypt],
+        [crypt_r],
+        [CRYPT_LIBS="-lcrypt"],
+        [CRYPT_LIBS=""])
+fi
+
+AC_CHECK_LIB([lwsm],
+    [LwSmStartService],
+    [LWSM_LIBS="-llwsm -llwsmcommon"],
+    [],
+    [$LW_LDFLAGS $LWMSG_LIBS $LWADVAPI_LIBS $LWBASE_LIBS $GSSAPI_LIBS
+     $UUID_LIBS $LDAP_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwsmcommon])
+
+AC_CHECK_LIB([domainjoin],
+    [DJJoinDomain],
+    [DOMAINJOIN_LIBS="-ldomainjoin -lcentutils -leventlog -leventlogutils -llsaclient -llsacommon -llwnetclientapi -llwnetcommon -llwsm -llwsmcommon"],
+    [],
+    [$LW_LDFLAGS -ldomainjoin -lcentutils -leventlog -leventlogutils -llsaclient -llsacommon -llwnetclientapi -llwnetcommon -llwsm -llwsmcommon $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwadvapi_nothr])
+
+AC_LANG_PUSH([C++])
+
+AC_CHECK_LIB([boost_unit_test_framework-gcc41-mt-1_55],
+    [main],
+    [BOOST_LIBS="-lboost_system-gcc41-mt-s-1_55 -lboost_filesystem-gcc41-mt-s-1_55 -lboost_program_options-gcc41-mt-s-1_55"],
+    [],
+    [$BOOST_LDFLAGS])
+
+AC_CHECK_LIB([boost_unit_test_framework-xgcc42-mt-1_55],
+    [main],
+    [BOOST_LIBS="-lboost_system-xgcc42-mt-s-1_55 -lboost_filesystem-xgcc42-mt-s-1_55 -lboost_program_options-xgcc42-mt-s-1_55"],
+    [],
+    [$BOOST_LDFLAGS])
+
+AC_CHECK_LIB([boost_unit_test_framework],
+    [main],
+    [BOOST_LIBS="-lboost_thread -lboost_system -lboost_filesystem -lboost_program_options"],
+    [],
+    [$BOOST_LDFLAGS])
+
+AC_LANG_POP([C++])
+
+AC_CHECK_LIB([sqlite3],
+    [sqlite3_open],
+    [SQLITE_LIBS="-lsqlite3"],
+    [],
+    [$SQLITE_LDFLAGS $DL_LIBS $PTHREAD_LIBS])
+
+AC_CHECK_LIB([python2.7],
+    [PyArg_Parse],
+    [PYTHON_LIBS="-lpython2.7"],
+    [],
+    [$PYTHON_LDFLAGS])
+
+#--------------------------------------------------------------------
+
+AC_SUBST(DL_LIBS)
+AC_SUBST(PTHREAD_LIBS)
+AC_SUBST(MDB_LIBS)
+AC_SUBST(ZLIB_LIBS)
+AC_SUBST(BZIP_LIBS)
+AC_SUBST(GSSAPI_LIBS)
+AC_SUBST(LWBASE_LIBS)
+AC_SUBST(LWADVAPI_LIBS)
+AC_SUBST(LWMSG_LIBS)
+AC_SUBST(LWREG_LIBS)
+AC_SUBST(LWRSUTILS_LIBS)
+AC_SUBST(CRYPTO_LIBS)
+AC_SUBST(SCHANNEL_LIBS)
+AC_SUBST(LWIO_LIBS)
+AC_SUBST(DCERPC_LIBS)
+AC_SUBST(UUID_LIBS)
+AC_SUBST(LDAP_LIBS)
+AC_SUBST(LBER_LIBS)
+AC_SUBST(SHADOW_LIBS)
+AC_SUBST(CRYPT_LIBS)
+AC_SUBST(SASL_LIBS)
+AC_SUBST(JANSSON_LIBS)
+AC_SUBST(COPENAPI_LIBS)
+AC_SUBST(CRESTENGINE_LIBS)
+AC_SUBST(DOMAINJOIN_LIBS)
+AC_SUBST(BOOST_LIBS)
+AC_SUBST(PYTHON_LIBS)
+AC_SUBST(SQLITE_LIBS)
+AC_SUBST(LWSM_LIBS)
+AC_SUBST(POPT_LIBS)
+AC_SUBST(DOMAINJOIN_LIBS)
+AC_SUBST(LWSM_LIBS)
+AC_SUBST(CARES_LIBS)
+AC_SUBST(CURL_LIBS)
+
+#--------------------------------------------------------------------
+
+AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
+
+if test x"$IDL" = x"no"; then
+    AC_MSG_ERROR([DCERPC IDL compiler not found])
+fi
+
+#--------------------------------------------------------------------
+
+if test x"$localstatedir" = x"/var"; then
+    vmdirdbdir="$localstatedir/lib/vmware/vmdir"
+else
+    vmdirdbdir="$localstatedir/vmdir"
+fi
+AC_SUBST(vmdirdbdir)
+AS_AC_EXPAND(VMDIR_DB_DIR, ["${vmdirdbdir}"])
+AC_DEFINE_UNQUOTED(VMDIR_DB_DIR, "$VMDIR_DB_DIR", [Database directory])
+
+#--------------------------------------------------------------------
+
+AS_AC_EXPAND(VMDIR_SBIN, ["${sbindir}"])
+VMDIR_SBIN_DIR=$VMDIR_SBIN
+AC_SUBST(VMDIR_SBIN_DIR)
+
+vmdirlibdir=$prefix/lib64
+AC_SUBST(vmdirlibdir)
+AS_AC_EXPAND(VMDIR_LIB_DIR, $vmdirlibdir)
+AC_DEFINE_UNQUOTED(VMDIR_LIB_DIR, "$VMDIR_LIB_DIR", [Lib directory])
+
+vmdirsasldir=$vmdirlibdir/sasl2
+AC_SUBST(vmdirsasldir)
+
+#--------------------------------------------------------------------
+
+AC_ARG_WITH([logdir],
+   [AC_HELP_STRING([--with-logdir], [set the logging directory])],
+   [
+       LOG_BASE_PATH="$withval"
+   ],
+   [
+       LOG_BASE_PATH="/var/log/lightwave"
+   ])
+
+vmdirlogdir=$LOG_BASE_PATH/vmdir
+AC_SUBST(vmdirlogdir)
+AS_AC_EXPAND(VMDIR_LOG_DIR, $vmdirlogdir)
+AC_DEFINE_UNQUOTED(VMDIR_LOG_DIR, "$VMDIR_LOG_DIR", [Log directory])
+
+lwraftlogdir=$LOG_BASE_PATH/post
+AC_SUBST(lwraftlogdir)
+AS_AC_EXPAND(LWRAFT_LOG_DIR, $lwraftlogdir)
+AC_DEFINE_UNQUOTED(LWRAFT_LOG_DIR, "$LWRAFT_LOG_DIR", [Log directory])
+
+#--------------------------------------------------------------------
+
+AC_ARG_WITH([psc-version],
+    [AC_HELP_STRING([--with-psc-version], [set the PSC version (default: 1.0)])],
+    [
+        psc_version="$withval"
+    ],
+    [
+        psc_version="1.0"
+    ])
+AC_SUBST(psc_version)
+AS_AC_EXPAND(VDIR_PSC_VERSION, $psc_version)
+AC_DEFINE_UNQUOTED(VDIR_PSC_VERSION, "$VDIR_PSC_VERSION", [PSC version])
+
+#--------------------------------------------------------------------
+
+vmdirconfdir="$datadir/config"
+AC_SUBST(vmdirconfdir)
+AS_AC_EXPAND(VMDIR_CONFIG_DIR, $vmdirconfdir)
+AC_DEFINE_UNQUOTED(VMDIR_CONFIG_DIR, "$VMDIR_CONFIG_DIR", [Config directory])
+
+AS_AC_EXPAND(VMDIR_PREFIX, ["${prefix}"])
+VMDIR_PREFIX_DIR=$VMDIR_PREFIX
+AC_SUBST(VMDIR_PREFIX_DIR)
+
+if test x"$localstatedir" = x"/var"; then
+    lwraftdbdir="$localstatedir/lib/vmware/post"
+else
+    lwraftdbdir="$localstatedir/post"
+fi
+AC_SUBST(lwraftdbdir)
+AS_AC_EXPAND(LWRAFT_DB_DIR, $lwraftdbdir)
+AC_DEFINE_UNQUOTED(LWRAFT_DB_DIR, "$LWRAFT_DB_DIR", [Database directory])
+
+AS_AC_EXPAND(LWRAFT_SBIN, ["${sbindir}"])
+LWRAFT_SBIN_DIR=$LWRAFT_SBIN
+AC_SUBST(LWRAFT_SBIN_DIR)
+
+lwraftlibdir=$prefix/lib64
+AC_SUBST(lwraftlibdir)
+AS_AC_EXPAND(LWRAFT_LIB_DIR, $lwraftlibdir)
+AC_DEFINE_UNQUOTED(LWRAFT_LIB_DIR, "$LWRAFT_LIB_DIR", [Lib directory])
+
+postsasldir=$lwraftlibdir/sasl2
+AC_SUBST(postsasldir)
+
+lwraftconfdir="$datadir/config"
+AC_SUBST(lwraftconfdir)
+AS_AC_EXPAND(LWRAFT_CONFIG_DIR, $lwraftconfdir)
+AC_DEFINE_UNQUOTED(LWRAFT_CONFIG_DIR, "$LWRAFT_CONFIG_DIR", [Config directory])
+
+AS_AC_EXPAND(LWRAFT_PREFIX, ["${prefix}"])
+LWRAFT_PREFIX_DIR=$LWRAFT_PREFIX
+AC_SUBST(LWRAFT_PREFIX_DIR)
+
+AS_AC_EXPAND(VMDNS_PREFIX_DIR, ["${prefix}"])
+AS_AC_EXPAND(VMDNS_SBIN_DIR, ["${sbindir}"])
+
+vmdnsconfdir="$datadir/config"
+AC_SUBST(vmdnsconfdir)
+AS_AC_EXPAND(VMDNS_CONFIG_DIR, $vmdnsconfdir)
+AC_DEFINE_UNQUOTED(VMDNS_CONFIG_DIR, "$VMDNS_CONFIG_DIR", [Config dns])
+
+initddir=$sysconfdir/init.d
+AC_SUBST(initddir)
+
+bootstrapdir=$VMDNS_PREFIX_DIR/firstboot
+AC_SUBST(bootstrapdir)
+
+firewalldir=$VMDNS_PREFIX_DIR/firewall
+AC_SUBST(firewalldir)
+
+#--------------------------------------------------------------------
+# vmdir-provider notify only build
+
+VMDIR_PROVIDER_ENABLED=true
+AC_ARG_ENABLE([notify-vmdir-provider],
+    [AC_HELP_STRING([--enable-notify-vmdir-provider],
+                    [enable vmdir provider notification (default: enabled)])],
+    [
+        if test x"$enableval" = x"no"
+        then
+            VMDIR_PROVIDER_ENABLED=false
+        fi
+    ])
+
+if $VMDIR_PROVIDER_ENABLED
+then
+AC_DEFINE_UNQUOTED(NOTIFY_VMDIR_PROVIDER, 1, [Notify VMDir Provider of Join/Leave])
+fi
+
+AM_CONDITIONAL(NOTIFY_VMDIR_PROVIDER, [$NOTIFY_VMDIR_PROVIDER])
+
+#--------------------------------------------------------------------
+# ESX Platform
+ 
+DCERPC_DEPENDENCY="lsass dcerpc"
+AC_SUBST(DCERPC_DEPENDENCY)
+AC_ARG_ENABLE([esx],
+    [AC_HELP_STRING([--enable-esx], [enable acl check on modify (default: enabled)])],
+    [
+        if test x"$enableval" = x"yes"
+        then
+            AC_DEFINE_UNQUOTED(PLATFORM_VMWARE_ESX, "1", [ Built to run on VMware ESXi ])
+            DCERPC_DEPENDENCY="lsass"
+        else
+            DCERPC_DEPENDENCY="lsass dcerpc"
+        fi
+    ])
+
+#--------------------------------------------------------------------
+# Ant component
+
+AC_ARG_WITH([ant],
+    [AC_HELP_STRING([--with-ant=<dir>], [use Ant binaries rooted at prefix <dir> ])],
+    [
+        ANT_HOME="$withval"
+    ],
+    [
+        ANT_HOME="/var/opt/apache-ant"
+    ])
+
+ANT_CLASSPATH=$ANT_HOME/lib/ant.jar:$ANT_HOME/lib/ant-launcher.jar
+
+AC_PATH_PROG([ANT], [ant], [no], [$PATH:$JAVA_HOME/bin:$ANT_HOME/bin])
+
+if test x"$ANT" = x"no"; then
+    AC_MSG_ERROR([ANT compiler not found])
+fi
+
+AC_SUBST(ANT_HOME)
+AC_SUBST(ANT_CLASSPATH)
+
+#--------------------------------------------------------------------
+
+KRB5_DEFAULT_ENABLED="yes"
+AC_ARG_ENABLE([krb5-default],
+    [AC_HELP_STRING([--enable-krb5-default], [enable default krb5.conf/krb5.keytab (default: disabled)])],
+    [
+        if test x"$enableval" = x"yes"
+        then
+            AC_DEFINE_UNQUOTED(USE_DEFAULT_KRB5_PATHS, "1", [ Use /etc/krb5.conf /etc/krb5.keytab ])
+            KRB5_DEFAULT_ENABLED="yes"
+        else
+            KRB5_DEFAULT_ENABLED="no"
+        fi
+    ])
+
+AS_AC_EXPAND(VMAFD_BIN_DIR, $prefix)
+AC_SUBST(VMAFD_BIN_DIR)
+
+AS_AC_EXPAND(VMAFD_SBIN_DIR, ["${sbindir}"])
+AC_SUBST(VMAFD_SBIN_DIR)
+
+#--------------------------------------------------------------------
+
+if test x"$localstatedir" = x"/var"; then
+    vmafddbdir="$localstatedir/lib/vmware/vmafd"
+else
+    vmafddbdir="$localstatedir/vmafd"
+fi
+AC_SUBST(vmafddbdir)
+AS_AC_EXPAND(VMAFD_DB_DIR, $vmafddbdir)
+AC_DEFINE_UNQUOTED(VMAFD_DB_DIR, "$VMAFD_DB_DIR", [Database directory])
+
+vmafdconfdir="$datadir/config"
+AC_SUBST(vmafdconfdir)
+AS_AC_EXPAND(VMAFD_CONFIG_DIR, $vmafdconfdir)
+AC_SUBST(VMAFD_CONFIG_DIR)
+AC_DEFINE_UNQUOTED(VMAFD_CONFIG_DIR, "$VMAFD_CONFIG_DIR", [Config afd])
+
+if test x"$KRB5_DEFAULT_ENABLED" = x"yes"; then
+VMAFD_KEYTAB_CONFIG_DIR="/etc"
+VMAFD_KRB5CONF_FILENAME="krb5.conf"
+VMAFD_KRB5CONF_FILEPATH="/etc/${VMAFD_KRB5CONF_FILENAME}"
+else
+VMAFD_KEYTAB_CONFIG_DIR="$VMAFD_CONFIG_DIR"
+VMAFD_KRB5CONF_FILENAME="krb5.lotus.conf"
+VMAFD_KRB5CONF_FILEPATH="/etc/${VMAFD_KRB5CONF_FILENAME}"
+fi
+AC_DEFINE_UNQUOTED(VMAFD_KEYTAB_CONFIG_DIR, "$VMAFD_KEYTAB_CONFIG_DIR", [Config afd])
+AC_SUBST(VMAFD_KEYTAB_CONFIG_DIR)
+AC_SUBST(VMAFD_KRB5CONF_FILENAME)
+AC_SUBST(VMAFD_KRB5CONF_FILEPATH)
+
+#--------------------------------------------------------------------
+
+initddir=$sysconfdir/init.d
+AC_SUBST(initddir)
+
+pymodulesdir=$prefix/site-packages/identity
+AC_SUBST(pymodulesdir)
+
+javaetcdir=/etc/vmware/java
+AC_SUBST(javaetcdir)
+
+vmafdjarsdir="$prefix/jars"
+AC_SUBST(vmafdjarsdir)
+
+jreextdir=$JRE_EXT
+AC_SUBST(jreextdir)
+
+#--------------------------------------------------------------------
+
+AC_ARG_ENABLE([gcov],
+    [AC_HELP_STRING([--enable-gcov], [enable code coverage (default: disabled)])],
+    [
+        if test x"$enableval" = x"yes"
+        then
+            AM_CFLAGS="$AM_CFLAGS -g -O0 -fprofile-arcs -ftestcoverage"
+            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DVMCA_DEBUG"
+        fi
+    ])
+
+#--------------------------------------------------------------------
+
+ENABLE_PYTHON=false
+AC_ARG_ENABLE([python],
+    [AC_HELP_STRING([--enable-python], [enable python module (default: disabled)])],
+    [
+        if test x"$enableval" = x"yes"
+        then
+            ENABLE_PYTHON=true
+        fi
+    ])
+AM_CONDITIONAL(ENABLE_PYTHON, [$ENABLE_PYTHON])
+
+saved_CPPFLAGS="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $BOOST_INCLUDES"
+AC_LANG_PUSH([C++])
+AC_CHECK_HEADERS(boost/asio.hpp)
+AC_LANG_POP([C++])
+CPPFLAGS="$saved_CPPFLAGS"
+
+#--------------------------------------------------------------------
+
+AC_LANG_PUSH([C++])
+saved_LIBS="$LIBS"
+LOG4CPP_LIBS="-llog4cpp"
+AC_LANG_PUSH([C++])
+saved_LIBS="$LIBS"
+LOG4CPP_LIBS="-static -llog4cpp"
+
+AS_AC_EXPAND(VMCA_BIN_DIR, $prefix)
+AC_SUBST(VMCA_BIN_DIR)
+
+AS_AC_EXPAND(VMCA_SBIN_DIR, ["${sbindir}"])
+AC_SUBST(VMCA_SBIN_DIR)
+
+if test x"$localstatedir" = x"/var"; then
+    vmcadbdir="$localstatedir/lib/vmware/vmca"
+else
+    vmcadbdir="$localstatedir/vmca"
+fi
+AC_SUBST(vmcadbdir)
+AS_AC_EXPAND(VMCA_DB_DIR, $vmcadbdir)
+AC_SUBST(VMCA_DB_DIR)
+AC_DEFINE_UNQUOTED(VMCA_DB_DIR, "$VMCA_DB_DIR", [Database directory])
+
+AS_AC_EXPAND(VMCA_INSTALL_DIR, $prefix)
+AC_DEFINE_UNQUOTED(VMCA_INSTALL_DIR, "$VMCA_INSTALL_DIR", [Install folder])
+
+vmcaconfdir="$datadir/config"
+AC_SUBST(vmcaconfdir)
+
+AS_AC_EXPAND(VMCA_CONFIG_DIR, $vmcaconfdir)
+AC_SUBST(VMCA_CONFIG_DIR)
+
+AC_DEFINE_UNQUOTED(VMCA_CONFIG_DIR, "$VMCA_CONFIG_DIR", [Config directory])
+
+vmcatoolsdir=$prefix/bin
+AC_SUBST(vmcatoolsdir)
+
+vmcapyutilsdir=$prefix/site-packages/cis
+AC_SUBST(vmcapyutilsdir)
+
+vmcajarsdir="$prefix/jars"
+AC_SUBST(vmcajarsdir)
+
+#--------------------------------------------------------------------
+# CURL components
+
+AC_ARG_WITH([curl],
+    [AC_HELP_STRING([--with-curl=<dir>], [use CURL binaries rooted at prefix <dir> ])],
+    [
+        CURL_BASE_PATH="$withval"
+    ],
+    [
+        CURL_BASE_PATH="/usr"
+    ])
+
+CURL_INCLUDES="-I$CURL_BASE_PATH/include"
+CURL_LDFLAGS="-L$CURL_BASE_PATH/lib"
+
+AC_SUBST(CURL_BASE_PATH)
+AC_SUBST(CURL_INCLUDES)
+AC_SUBST(CURL_LDFLAGS)
+
+#--------------------------------------------------------------------
+# Commons Daemon component
+
+AC_ARG_WITH([commons-daemon],
+    [AC_HELP_STRING([--with-commons-daemon=<dir>], [use Commons daemon binaries rooted at prefix <dir> ])],
+    [
+        COMMONS_DAEMON_HOME="$withval"
+    ],
+    [
+        COMMONS_DAEMON_HOME="/usr"
+    ])
+
+JSVC="$COMMONS_DAEMON_HOME/bin/jsvc"
+
+AC_SUBST(COMMONS_DAEMON_HOME)
+AC_SUBST(JSVC)
+
+#--------------------------------------------------------------------
+# JAX-WS component
+
+AC_ARG_WITH([jax-ws],
+    [AC_HELP_STRING([--with-jax-ws=<dir>], [use JAX WS binaries rooted at prefix <dir> ])],
+    [
+        JAX_WS_HOME="$withval"
+    ],
+    [
+        JAX_WS_HOME="/opt/jaxws-ri-2.2.10"
+    ])
+
+AC_SUBST(JAX_WS_HOME)
+
+#--------------------------------------------------------------------
+# Tomcat component
+
+AC_ARG_WITH([tomcat],
+    [AC_HELP_STRING([--with-tomcat=<dir>], [use Apache Tomcat binaries rooted at prefix <dir> ])],
+    [
+        TOMCAT_HOME="$withval"
+    ],
+    [
+        TOMCAT_HOME="/var/opt/apache-tomcat"
+    ])
+
+TOMCAT_CLASSPATH=$TOMCAT_HOME/lib/servlet-api.jar
+
+AC_SUBST(TOMCAT_HOME)
+AC_SUBST(TOMCAT_CLASSPATH)
+
+#--------------------------------------------------------------------
+
+if test x"$localstatedir" = x"/var"; then
+    vmstsdbdir="$localstatedir/lib/vmware/vmsts"
+else
+    vmstsdbdir="$localstatedir/vmsts"
+fi
+AC_SUBST(vmstsdbdir)
+AS_AC_EXPAND(VMSTS_DB_DIR, $vmstsdbdir)
+AC_SUBST(VMSTS_DB_DIR)
+AC_DEFINE_UNQUOTED(VMSTS_DB_DIR, "$VMSTS_DB_DIR", [Database directory])
+
+VMSTS_PREFIX_DIR="$prefix"
+AC_SUBST(VMSTS_PREFIX_DIR)
+
+VMSTS_SBIN_DIR="$prefix/sbin"
+AC_SUBST(VMSTS_SBIN_DIR)
+
+vmstsjarsdir="$prefix/jars"
+AC_SUBST(vmstsjarsdir)
+
+vmstswebappsdir="$prefix/vmware-sts/webapps"
+AC_SUBST(vmstswebappsdir)
+
+vmstsconfdir="$prefix/vmware-sts/conf"
+AC_SUBST(vmstsconfdir)
+
+vmstsbindir="$prefix/vmware-sts/bin"
+AC_SUBST(vmstsbindir)
+
+vmidmconfdir="$datadir/config/idm"
+AC_SUBST(vmidmconfdir)
+
+systemddir="/lib/systemd/system"
+AC_SUBST(systemddir)
+
+#--------------------------------------------------------------------
+
+vmdircfgdir="$prefix/share/config"
+AS_AC_EXPAND(VMDIR_CONFIG_PATH, $vmdircfgdir)
+AC_DEFINE_UNQUOTED(VMDIR_CONFIG_PATH, "$vmdircfgdir", [VMware Directory Config Path])
+
+# vmsts component
+
+pscsetupbindir=$prefix/bin
+AC_SUBST(pscsetupbindir)
+
+systemddir=/lib/systemd/system
+AC_SUBST(systemddir)
+
+scriptsconfdir="$datadir/config"
+AC_SUBST(scriptsconfdir)
+
+pscsetupjarsdir=$prefix/jars
+AC_SUBST(pscsetupjarsdir)
+
+#--------------------------------------------------------------------
+
+vmmetricsconfdir="$datadir/config"
+AC_SUBST(vmmetricsconfdir)
+
+AC_CONFIG_FILES([Makefile
+                 vmmetrics/Makefile
+                 vmmetrics/include/Makefile
+                 vmmetrics/include/public/Makefile
+                 vmmetrics/config/Makefile
+                 vmmetrics/testing/Makefile
+                 vmevent/Makefile
+                 vmevent/include/Makefile
+                 vmevent/include/public/Makefile
+                 lwraft/Makefile
+                 lwraft/include/Makefile
+                 lwraft/include/public/Makefile
+                 lwraft/config/Makefile
+                 lwraft/kdccommon/Makefile
+                 lwraft/common/Makefile
+                 lwraft/server/Makefile
+                 lwraft/server/kdcsrvcommon/Makefile
+                 lwraft/server/kdckrb5/Makefile
+                 lwraft/server/kdctools/Makefile
+                 lwraft/server/common/Makefile
+                 lwraft/server/backend/Makefile
+                 lwraft/server/mdb-store/Makefile
+                 lwraft/server/indexcfg/Makefile
+                 lwraft/server/middle-layer/Makefile
+                 lwraft/server/schema/Makefile
+                 lwraft/server/acl/Makefile
+                 lwraft/server/ldap-head/Makefile
+                 lwraft/server/rest-head/Makefile
+                 lwraft/server/replication/Makefile
+                 lwraft/server/saslvmdirdb/Makefile
+                 lwraft/server/vmdir/Makefile
+                 lwraft/client/Makefile
+                 lwraft/config/post.reg
+                 lwraft/testing/Makefile
+                 lwraft/testing/query/Makefile
+                 lwraft/testing/kerberos/Makefile
+                 lwraft/testing/test_lib/Makefile
+                 lwraft/testing/test_runner/Makefile
+                 lwraft/testing/integration_tests/Makefile
+                 lwraft/testing/integration_tests/acls/Makefile
+                 lwraft/testing/unittests/Makefile
+                 lwraft/testing/unittests/libcommon/Makefile
+                 lwraft/tools/Makefile
+                 lwraft/tools/lwraftpromo/Makefile
+                 lwraft/tools/lwraft-cli/Makefile
+                 lwraft/tools/vdcaclmgr/Makefile
+                 lwraft/tools/vdcadmintool/Makefile
+                 lwraft/tools/vdcschema/Makefile
+                 lwraft/thirdparty/Makefile
+                 lwraft/thirdparty/openldap/Makefile
+                 lwraft/thirdparty/openldap/libraries/Makefile
+                 lwraft/thirdparty/openldap/libraries/mdb/Makefile
+                 lwraft/thirdparty/heimdal/Makefile
+                 lwraft/thirdparty/heimdal/asn1/Makefile
+                 lwraft/thirdparty/heimdal/krb5-crypto/Makefile
+                 lwraft/thirdparty/heimdal/ntlm/Makefile
+                 lwraft/thirdparty/csrp/Makefile
+                 vmdir/Makefile
+                 vmdir/include/Makefile
+                 vmdir/include/public/Makefile
+                 vmdir/config/Makefile
+                 vmdir/kdccommon/Makefile
+                 vmdir/common/Makefile
+                 vmdir/server/Makefile
+                 vmdir/server/kdcsrvcommon/Makefile
+                 vmdir/server/kdckrb5/Makefile
+                 vmdir/server/kdctools/Makefile
+                 vmdir/server/vmkdc_mit_tools/Makefile
+                 vmdir/server/vmkdc/Makefile
+                 vmdir/server/common/Makefile
+                 vmdir/server/backend/Makefile
+                 vmdir/server/mdb-store/Makefile
+                 vmdir/server/indexcfg/Makefile
+                 vmdir/server/middle-layer/Makefile
+                 vmdir/server/schema/Makefile
+                 vmdir/server/acl/Makefile
+                 vmdir/server/ldap-head/Makefile
+                 vmdir/server/rest-head/Makefile
+                 vmdir/server/replication/Makefile
+                 vmdir/server/saslvmdirdb/Makefile
+                 vmdir/server/vmdir/Makefile
+                 vmdir/client/Makefile
+                 vmdir/config/vmdir.reg
+                 vmdir/testing/Makefile
+                 vmdir/testing/query/Makefile
+                 vmdir/testing/kerberos/Makefile
+                 vmdir/testing/test_lib/Makefile
+                 vmdir/testing/test_runner/Makefile
+                 vmdir/testing/integration_tests/Makefile
+                 vmdir/testing/integration_tests/acls/Makefile
+                 vmdir/testing/integration_tests/misc/Makefile
+                 vmdir/testing/integration_tests/multitenancy/Makefile
+                 vmdir/testing/integration_tests/passwordapis/Makefile
+                 vmdir/testing/integration_tests/search/Makefile
+                 vmdir/testing/unittests/Makefile
+                 vmdir/testing/unittests/libcommon/Makefile
+                 vmdir/tools/Makefile
+                 vmdir/tools/vdcaclmgr/Makefile
+                 vmdir/tools/vdcadmintool/Makefile
+                 vmdir/tools/vdcpromo/Makefile
+                 vmdir/tools/vdcpass/Makefile
+                 vmdir/tools/vdcrepadmin/Makefile
+                 vmdir/tools/vdcsetupldu/Makefile
+                 vmdir/tools/vdcbackup/Makefile
+                 vmdir/tools/vmkdc_admin/Makefile
+                 vmdir/tools/vdcsrp/Makefile
+                 vmdir/tools/vdcupgrade/Makefile
+                 vmdir/tools/vdcleavefed/Makefile
+                 vmdir/tools/vdcresetMachineActCred/Makefile
+                 vmdir/tools/vdcmetric/Makefile
+                 vmdir/tools/vdcschema/Makefile
+                 vmdir/tools/test/Makefile
+                 vmdir/tools/test/vmdirclienttest/Makefile
+                 vmdir/thirdparty/Makefile
+                 vmdir/thirdparty/openldap/Makefile
+                 vmdir/thirdparty/openldap/libraries/Makefile
+                 vmdir/thirdparty/openldap/libraries/mdb/Makefile
+                 vmdir/thirdparty/heimdal/Makefile
+                 vmdir/thirdparty/heimdal/asn1/Makefile
+                 vmdir/thirdparty/heimdal/krb5-crypto/Makefile
+                 vmdir/thirdparty/heimdal/ntlm/Makefile
+                 vmdir/thirdparty/csrp/Makefile
+                 vmdir/gssapi-plugins/Makefile
+                 vmdir/gssapi-plugins/ntlm/Makefile
+                 vmdir/gssapi-plugins/srp/Makefile
+                 vmdir/gssapi-plugins/unix/Makefile
+                 vmdns/Makefile
+                 vmdns/include/Makefile
+                 vmdns/include/public/Makefile
+                 vmdns/config/Makefile
+                 vmdns/config/vmdns.reg
+                 vmdns/config/vmdns-client.reg
+                 vmdns/common/Makefile
+                 vmdns/vmsock/Makefile
+                 vmdns/vmsock/posix/Makefile
+                 vmdns/vmsock/api/Makefile
+                 vmdns/server/Makefile
+                 vmdns/server/common/Makefile
+                 vmdns/server/rest-head/Makefile
+                 vmdns/server/vmdns/Makefile
+                 vmdns/client/Makefile
+                 vmdns/tools/Makefile
+                 vmdns/tools/cli/Makefile
+                 vmdns/test/Makefile
+                 vmafd/Makefile
+                 vmafd/include/Makefile
+                 vmafd/include/public/Makefile
+                 vmafd/config/Makefile
+                 vmafd/config/vmafd.reg
+                 vmafd/common/Makefile
+                 vmafd/vmnetevent/Makefile
+                 vmafd/vmafcfg/Makefile
+                 vmafd/vmafcfg/api/Makefile
+                 vmafd/vmafcfg/posix/Makefile
+                 vmafd/vmevent/Makefile
+                 vmafd/vmevent/common/Makefile
+                 vmafd/vmevent/db/Makefile
+                 vmafd/vmevent/server/Makefile
+                 vmafd/vmevent/client/Makefile
+                 vmafd/vmevent/test/Makefile
+                 vmafd/server/Makefile
+                 vmafd/server/db/Makefile
+                 vmafd/server/vmafd/Makefile
+                 vmafd/server/vmafd/vmafd-server-defines.h
+                 vmafd/client/Makefile
+                 vmafd/jdepends/Makefile
+                 vmafd/tools/Makefile
+                 vmafd/tools/dir-cli/Makefile
+                 vmafd/tools/cdc-cli/Makefile
+                 vmafd/tools/cli/Makefile
+                 vmafd/tools/domainjoin/Makefile
+                 vmafd/tools/vdcpromo/Makefile
+                 vmafd/tools/vecs-cli/Makefile
+                 vmafd/tools/sl-cli/Makefile
+                 vmafd/interop/Makefile
+                 vmafd/interop/cdcjni/Makefile
+                 vmafd/interop/heartbeatjni/Makefile
+                 vmafd/interop/java/Makefile
+                 vmafd/interop/jni/Makefile
+                 vmafd/interop/python/Makefile
+                 vmafd/test/Makefile
+                 vmca/Makefile
+                 vmca/include/Makefile
+                 vmca/include/public/Makefile
+                 vmca/config/Makefile
+                 vmca/config/vmca.reg
+                 vmca/common/Makefile
+                 vmca/service/Makefile
+                 vmca/client/Makefile
+                 vmca/vmcadb/Makefile
+                 vmca/certool/Makefile
+                 vmca/test/Makefile
+                 vmca/python/Makefile
+                 vmca/jdepends/Makefile
+                 vmca/java/Makefile
+                 vmidentity/Makefile
+                 vmidentity/config/setenv.sh
+                 vmidentity/config/vmware-stsd.sh
+                 vmidentity/config/vmware-stsd.service
+                 vmidentity/config/configure-build.sh
+                 vmidentity/interop/Makefile
+                 vmidentity/interop/idm/Makefile
+                 vmidentity/interop/idm/ad/Makefile
+                 vmidentity/interop/idm/ad/server/Makefile
+                 vmidentity/interop/idm/common/Makefile
+                 vmidentity/interop/idm/localos/Makefile
+                 vmidentity/ssoclients/Makefile
+                 vmidentity/ssoclients/common/Makefile
+                 vmidentity/ssoclients/common/include/Makefile
+                 vmidentity/ssoclients/common/include/public/Makefile
+                 vmidentity/ssoclients/common/src/Makefile
+                 vmidentity/ssoclients/common/test/Makefile
+                 vmidentity/ssoclients/oidc/Makefile
+                 vmidentity/ssoclients/oidc/include/Makefile
+                 vmidentity/ssoclients/oidc/include/public/Makefile
+                 vmidentity/ssoclients/oidc/src/Makefile
+                 vmidentity/ssoclients/oidc/test/Makefile
+                 vmidentity/ssoclients/restclient/Makefile
+                 vmidentity/ssoclients/restclient/coreclient/Makefile
+                 vmidentity/ssoclients/restclient/coreclient/include/Makefile
+                 vmidentity/ssoclients/restclient/coreclient/include/public/Makefile
+                 vmidentity/ssoclients/restclient/coreclient/src/Makefile
+                 vmidentity/ssoclients/restclient/idmclient/Makefile
+                 vmidentity/ssoclients/restclient/idmclient/include/Makefile
+                 vmidentity/ssoclients/restclient/idmclient/include/public/Makefile
+                 vmidentity/ssoclients/restclient/idmclient/src/Makefile
+                 vmidentity/ssoclients/restclient/afdclient/Makefile
+                 vmidentity/ssoclients/restclient/afdclient/include/Makefile
+                 vmidentity/ssoclients/restclient/afdclient/include/public/Makefile
+                 vmidentity/ssoclients/restclient/afdclient/src/Makefile
+                 vmidentity/ssoclients/restclient/vmdirclient/Makefile
+                 vmidentity/ssoclients/restclient/vmdirclient/include/Makefile
+                 vmidentity/ssoclients/restclient/vmdirclient/include/public/Makefile
+                 vmidentity/ssoclients/restclient/vmdirclient/src/Makefile
+                 vmidentity/ssoclients/restclient/test/Makefile
+                 vmidentity/ssoclients/restclient/test/src/Makefile
+                 vmidentity/build-maven/Makefile
+                 vmidentity/make-target/Makefile
+                 config/Makefile
+                 config/jdepends/Makefile
+                 config/cfgutils/Makefile
+                 config/tools/Makefile
+                 config/tools/ic-promote/Makefile
+                 config/tools/ic-join/Makefile
+                 config/scripts/Makefile
+                 config/scripts/configure-lightwave-server
+                 config/scripts/configure-identity-server
+                 config/scripts/configure-sts
+                ])
+
+AC_OUTPUT
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 000000000..7123c3d0a
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = public
diff --git a/lw-clients/Makefile b/lw-clients/Makefile
deleted file mode 100644
index db4c34072..000000000
--- a/lw-clients/Makefile
+++ /dev/null
@@ -1,78 +0,0 @@
-SRCROOT := ../
-MAKEROOT=$(SRCROOT)/support/make
-include $(MAKEROOT)/makedefs.mk
-
-MKDIR=/bin/mkdir
-RM=/bin/rm
-CP=/bin/cp
-LN=/bin/ln
-RPMBUILD=/usr/bin/rpmbuild
-
-RPMBUILD_ROOT=$(CURDIR)/rpmbuild
-RPMBUILD_BUILD=$(RPMBUILD_ROOT)/BUILD
-RPMBUILD_SPECS=$(RPMBUILD_ROOT)/SPECS
-RPMBUILD_RPMS=$(RPMBUILD_ROOT)/RPMS
-RPMBUILD_SOURCES=$(RPMBUILD_ROOT)/SOURCES
-RPMBUILD_SRPMS=$(RPMBUILD_ROOT)/SRPMS
-RPMBUILD_TMP=$(RPMBUILD_ROOT)/tmp
-
-RPMBUILD_DIRS= \
-    $(RPMBUILD_BUILD) \
-    $(RPMBUILD_SPECS) \
-    $(RPMBUILD_RPMS)  \
-    $(RPMBUILD_SOURCES) \
-    $(RPMBUILD_SRPMS) \
-    $(RPMBUILD_TMP)
-
-SRCROOT=..
-
-CLEAN_OBJECTS = \
-    rpmbuild
-
-PKG_SPEC=vmware-lightwave-clients.spec
-
-.PHONY: all package
-
-all: package
-
-package: $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
-	cd $(RPMBUILD_ROOT) && \
-	$(RPMBUILD) \
-              -ba \
-              --define "_topdir $(RPMBUILD_ROOT)" \
-              --define "_prefix /opt/vmware" \
-              --define "_bindir /opt/vmware/bin" \
-              --define "_sbindir /opt/vmware/sbin" \
-              --define "_lib64dir /opt/vmware/lib64" \
-              --define "_version $(LW_CLIENTS_MAJOR_VER).$(LW_CLIENTS_MINOR_VER).$(LW_CLIENTS_RELEASE_VER)" \
-              --define "_patch $(LW_CLIENTS_PATCH_VER)" \
-	      --buildroot $(RPMBUILD_ROOT)/BUILDROOT \
-              SPECS/$(PKG_SPEC)
-
-$(RPMBUILD_SPECS)/$(PKG_SPEC) : $(CURDIR)/package/rpm/$(PKG_SPEC) | $(RPMBUILD_SPECS)
-	@$(CP) -f $< $@
-
-$(RPMBUILD_BUILD): $(realpath $(SRCROOT)) | $(RPMBUILD_ROOT)
-	@$(LN) -s $< $@
-
-$(RPMBUILD_SPECS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_RPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SOURCES):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SRPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_TMP):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_ROOT):
-	@$(MKDIR) -p $@
-
-clean:
-	@$(RM) -rf $(CLEAN_OBJECTS)
-
diff --git a/lw-clients/package/rpm/vmware-lightwave-clients.spec b/lw-clients/package/rpm/vmware-lightwave-clients.spec
deleted file mode 100644
index 14e44ec7e..000000000
--- a/lw-clients/package/rpm/vmware-lightwave-clients.spec
+++ /dev/null
@@ -1,41 +0,0 @@
-Name:    vmware-lightwave-clients
-Summary: VMware Infrastructure Client
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, likewise-open >= 6.2.10, vmware-directory-client = %{version}, vmware-afd = %{version}, vmware-ca-client = %{version}, vmware-ic-config = %{version}, vmware-dns-client = %{version}
-
-%description
-VMware Infrastructure Controller Clients
-
-%build
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-%post
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%postun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%files
-%defattr(-,root,root,0755)
-
-%changelog
-
diff --git a/lw-raft/.gitignore b/lw-raft/.gitignore
deleted file mode 100644
index cd9a31dba..000000000
--- a/lw-raft/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-rpmbuild/*
diff --git a/lw-raft/Makefile b/lw-raft/Makefile
deleted file mode 100644
index 9f612b450..000000000
--- a/lw-raft/Makefile
+++ /dev/null
@@ -1,78 +0,0 @@
-SRCROOT := ../
-MAKEROOT=$(SRCROOT)/support/make
-include $(MAKEROOT)/makedefs.mk
-
-MKDIR=/bin/mkdir
-RM=/bin/rm
-CP=/bin/cp
-LN=/bin/ln
-RPMBUILD=/usr/bin/rpmbuild
-
-RPMBUILD_ROOT=$(CURDIR)/rpmbuild
-RPMBUILD_BUILD=$(RPMBUILD_ROOT)/BUILD
-RPMBUILD_SPECS=$(RPMBUILD_ROOT)/SPECS
-RPMBUILD_RPMS=$(RPMBUILD_ROOT)/RPMS
-RPMBUILD_SOURCES=$(RPMBUILD_ROOT)/SOURCES
-RPMBUILD_SRPMS=$(RPMBUILD_ROOT)/SRPMS
-RPMBUILD_TMP=$(RPMBUILD_ROOT)/tmp
-
-RPMBUILD_DIRS= \
-    $(RPMBUILD_BUILD) \
-    $(RPMBUILD_SPECS) \
-    $(RPMBUILD_RPMS)  \
-    $(RPMBUILD_SOURCES) \
-    $(RPMBUILD_SRPMS) \
-    $(RPMBUILD_TMP)
-
-SRCROOT=..
-
-CLEAN_OBJECTS = \
-    rpmbuild
-
-PKG_SPEC=vmware-lightwave-raft.spec
-
-.PHONY: all package
-
-all: package
-
-package: $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
-	cd $(RPMBUILD_ROOT) && \
-	$(RPMBUILD) \
-              -ba \
-              --define "_topdir $(RPMBUILD_ROOT)" \
-              --define "_prefix /opt/vmware" \
-              --define "_bindir /opt/vmware/bin" \
-              --define "_sbindir /opt/vmware/sbin" \
-              --define "_lib64dir /opt/vmware/lib64" \
-              --define "_version $(LW_RAFT_MAJOR_VER).$(LW_RAFT_MINOR_VER).$(LW_RAFT_RELEASE_VER)" \
-              --define "_patch $(LW_RAFT_PATCH_VER)" \
-              --buildroot $(RPMBUILD_ROOT)/BUILDROOT \
-              SPECS/$(PKG_SPEC)
-
-$(RPMBUILD_SPECS)/$(PKG_SPEC) : $(CURDIR)/package/rpm/$(PKG_SPEC) | $(RPMBUILD_SPECS)
-	@$(CP) -f $< $@
-
-$(RPMBUILD_BUILD): $(realpath $(SRCROOT)) | $(RPMBUILD_ROOT)
-	@$(LN) -s $< $@
-
-$(RPMBUILD_SPECS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_RPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SOURCES):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SRPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_TMP):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_ROOT):
-	@$(MKDIR) -p $@
-
-clean:
-	@$(RM) -rf $(CLEAN_OBJECTS)
-
diff --git a/lw-raft/package/rpm/vmware-lightwave-raft.spec b/lw-raft/package/rpm/vmware-lightwave-raft.spec
deleted file mode 100644
index dbeec1d63..000000000
--- a/lw-raft/package/rpm/vmware-lightwave-raft.spec
+++ /dev/null
@@ -1,41 +0,0 @@
-Name:    vmware-lightwave-raft
-Summary: VMware Lightwave Raft
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires: vmware-lightwave-clients = %{version}, lightwave-raft = %{version}, lightwave-raft-client = %{version}
-
-%description
-VMware Infrastructure LWRaft
-
-%build
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-%post
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%postun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%files
-%defattr(-,root,root,0755)
-
-%changelog
-
diff --git a/lw-server/Makefile b/lw-server/Makefile
deleted file mode 100644
index 28f8f452c..000000000
--- a/lw-server/Makefile
+++ /dev/null
@@ -1,78 +0,0 @@
-SRCROOT := ../
-MAKEROOT=$(SRCROOT)/support/make
-include $(MAKEROOT)/makedefs.mk
-
-MKDIR=/bin/mkdir
-RM=/bin/rm
-CP=/bin/cp
-LN=/bin/ln
-RPMBUILD=/usr/bin/rpmbuild
-
-RPMBUILD_ROOT=$(CURDIR)/rpmbuild
-RPMBUILD_BUILD=$(RPMBUILD_ROOT)/BUILD
-RPMBUILD_SPECS=$(RPMBUILD_ROOT)/SPECS
-RPMBUILD_RPMS=$(RPMBUILD_ROOT)/RPMS
-RPMBUILD_SOURCES=$(RPMBUILD_ROOT)/SOURCES
-RPMBUILD_SRPMS=$(RPMBUILD_ROOT)/SRPMS
-RPMBUILD_TMP=$(RPMBUILD_ROOT)/tmp
-
-RPMBUILD_DIRS= \
-    $(RPMBUILD_BUILD) \
-    $(RPMBUILD_SPECS) \
-    $(RPMBUILD_RPMS)  \
-    $(RPMBUILD_SOURCES) \
-    $(RPMBUILD_SRPMS) \
-    $(RPMBUILD_TMP)
-
-SRCROOT=..
-
-CLEAN_OBJECTS = \
-    rpmbuild
-
-PKG_SPEC=vmware-lightwave-server.spec
-
-.PHONY: all package
-
-all: package
-
-package: $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
-	cd $(RPMBUILD_ROOT) && \
-	$(RPMBUILD) \
-              -ba \
-              --define "_topdir $(RPMBUILD_ROOT)" \
-              --define "_prefix /opt/vmware" \
-              --define "_bindir /opt/vmware/bin" \
-              --define "_sbindir /opt/vmware/sbin" \
-              --define "_lib64dir /opt/vmware/lib64" \
-              --define "_version $(LW_SERVER_MAJOR_VER).$(LW_SERVER_MINOR_VER).$(LW_SERVER_RELEASE_VER)" \
-              --define "_patch $(LW_SERVER_PATCH_VER)" \
-              --buildroot $(RPMBUILD_ROOT)/BUILDROOT \
-              SPECS/$(PKG_SPEC)
-
-$(RPMBUILD_SPECS)/$(PKG_SPEC) : $(CURDIR)/package/rpm/$(PKG_SPEC) | $(RPMBUILD_SPECS)
-	@$(CP) -f $< $@
-
-$(RPMBUILD_BUILD): $(realpath $(SRCROOT)) | $(RPMBUILD_ROOT)
-	@$(LN) -s $< $@
-
-$(RPMBUILD_SPECS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_RPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SOURCES):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SRPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_TMP):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_ROOT):
-	@$(MKDIR) -p $@
-
-clean:
-	@$(RM) -rf $(CLEAN_OBJECTS)
-
diff --git a/lw-server/package/rpm/vmware-lightwave-server.spec b/lw-server/package/rpm/vmware-lightwave-server.spec
deleted file mode 100644
index 9484dda07..000000000
--- a/lw-server/package/rpm/vmware-lightwave-server.spec
+++ /dev/null
@@ -1,58 +0,0 @@
-Name:    vmware-lightwave-server
-Summary: VMware Lightwave Server
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, likewise-open >= 6.2.10, vmware-directory = %{version}, vmware-afd = %{version}, vmware-ca = %{version}, vmware-ic-config = %{version}, vmware-sts = %{version}, vmware-dns = %{version}
-
-%description
-VMware Infrastructure Controller
-
-%build
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-%post
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-case "$1" in
-    1)
-        # Configure syslog-ng
-        LINE='@include "lightwave.conf.d"'
-        FILE=/etc/syslog-ng/syslog-ng.conf
-        if [ -f "$FILE" ]; then
-            grep -qs "$LINE" "$FILE"
-            if [ "$?" -ne 0 ]; then
-                echo "$LINE" >> "$FILE"
-                pid=$( pidof syslog-ng )
-                if [ -n "$pid" ]; then
-                    kill -HUP $pid
-                fi
-            fi
-        fi
-        ;;
-esac
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%postun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%files
-%defattr(-,root,root,0755)
-
-%changelog
-
diff --git a/lwraft/Makefile.am b/lwraft/Makefile.am
index 94e496071..188e64bba 100644
--- a/lwraft/Makefile.am
+++ b/lwraft/Makefile.am
@@ -5,13 +5,11 @@ SUBDIRS = \
     thirdparty \
     kdccommon \
     common \
-    client \
-    gssapi-plugins
+    client
 
 if ENABLE_SERVER
 
 SUBDIRS += \
-   kdccommon \
     server \
     tools \
     config \
diff --git a/lwraft/build/Makefile.bootstrap b/lwraft/build/Makefile.bootstrap
index 2fb3392da..a8f8e46e1 100644
--- a/lwraft/build/Makefile.bootstrap
+++ b/lwraft/build/Makefile.bootstrap
@@ -50,7 +50,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/include/config.h.in* \
     $(SRCROOT)/install-sh \
     $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
+    $(SRCROOT)/missing \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=lwraft.spec
 
@@ -108,3 +111,4 @@ clean:
 	@$(RM) -rf $(CLEAN_OBJECTS)
 	@$(RM) -f `find .. -name Makefile.in`
 
+
diff --git a/lwraft/build/package/rpm/lwraft.spec b/lwraft/build/package/rpm/lwraft.spec
deleted file mode 100644
index 43576eb47..000000000
--- a/lwraft/build/package/rpm/lwraft.spec
+++ /dev/null
@@ -1,380 +0,0 @@
-Name:    lightwave-raft
-Summary: Lightwave Raft Service
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10, lightwave-raft-client = %{version} vmware-directory-client = %{version}
-BuildRequires:  coreutils >= 8.22, openssl-devel >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open-devel >= 6.2.10, vmware-event-devel >= %{_vmevent_ver}
-
-%if 0%{?_sasl_prefix:1} == 0
-%define _sasl_prefix /usr
-%endif
-
-%if 0%{?_krb5_prefix:1} == 0
-%define _krb5_prefix /usr
-%endif
-
-%if 0%{?_likewise_open_prefix:1} == 0
-%define _likewise_open_prefix /opt/likewise
-%endif
-
-%define _likewise_open_bindir %{_likewise_open_prefix}/bin
-%define _likewise_open_sbindir %{_likewise_open_prefix}/sbin
-
-#The %_unpackaged_files_terminate_build macro,
-#if set to 1, tells rpmbuild to exit if it finds files that are in the #
-#$RPM_BUILD_ROOT directory but not listed as part of the package. #
-#Set this macro to 0 to turn off the Fascist build policy
-%define _unpackaged_files_terminate_build 0
-
-%if 0%{?_vmevent_prefix:1} == 0
-%define _vmevent_prefix /opt/vmware
-%endif
-
-%if 0%{?_trident_prefix:1} == 0
-%define _trident_prefix /opt/vmware
-%endif
-
-%if 0%{?_jansson_prefix:1} == 0
-%define _jansson_prefix /usr
-%endif
-
-%if 0%{?_copenapi_prefix:1} == 0
-%define _copenapi_prefix /usr
-%endif
-
-%if 0%{?_oidc_prefix:1} == 0
-%define _oidc_prefix /opt/vmware
-%endif
-
-%if 0%{?_ssocommon_prefix:1} == 0
-%define _ssocommon_prefix /opt/vmware
-%endif
-
-%define _dbdir %{_localstatedir}/lib/vmware/lwraft
-%define _sasl2dir %{_sasl_prefix}/lib64/sasl2
-%define _krb5_lib_dir %{_krb5_prefix}/lib64
-%define _krb5_gss_conf_dir /etc/gss
-%define _logdir /var/log/lightwave
-%define _logconfdir /etc/syslog-ng/lightwave.conf.d
-
-%description
-Lightwave Raft Service
-
-%package client
-Summary: Lightwave Raft Client
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.9
-%description client
-Client libraries to communicate with Ligthwave Raft Service
-
-%package client-devel
-Summary: Lightwave Raft Client Development Library
-Requires: lightwave-raft-client = %{version}
-%description client-devel
-Development Libraries to communicate with Ligthwave Raft Service
-
-%build
-export CFLAGS="-Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare"
-cd build
-autoreconf -mif ..
-../configure \
-    --prefix=%{_prefix} \
-    --libdir=%{_lib64dir} \
-    --localstatedir=%{_localstatedir}/lib/vmware/lwraft \
-    --with-likewise=%{_likewise_open_prefix} \
-    --with-ssl=/usr \
-    --with-sasl=%{_sasl_prefix} \
-    --with-datastore=mdb \
-    --with-vmevent=%{_vmevent_prefix} \
-    --with-trident=%{_trident_prefix} \
-    --with-jansson=%{_jansson_prefix} \
-    --with-copenapi=%{_copenapi_prefix} \
-    --with-oidc=%{_oidc_prefix} \
-    --with-ssocommon=%{_ssocommon_prefix} \
-    --enable-server=yes \
-    --with-version=%{_version} \
-    --enable-lightwave-build=yes
-
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=$RPM_BUILD_ROOT
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl start lwsmd
-        fi
-    fi
-
-%pre client
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl start lwsmd
-        fi
-    fi
-
-%post
-
-    /sbin/ldconfig
-
-    /bin/mkdir -m 700 -p %{_dbdir}
-
-    if [ -a %{_sasl2dir}/lwraftd.conf ]; then
-        /bin/rm %{_sasl2dir}/lwraftd.conf
-    fi
-
-    # add lwraftd.conf to sasl2 directory
-    /bin/ln -s %{_datadir}/config/sasllwraftd.conf %{_sasl2dir}/lwraftd.conf
-
-    /bin/mkdir -m 755 -p %{_logdir}
-    /bin/mkdir -m 755 -p %{_logconfdir}
-    if [ -a %{_logconfdir}/lwraftd-syslog-ng.conf ]; then
-        /bin/rm %{_logconfdir}/lwraftd-syslog-ng.conf
-    fi
-    /bin/ln -s %{_datadir}/config/lwraftd-syslog-ng.conf %{_logconfdir}/lwraftd-syslog-ng.conf
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/lwraft.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-                sleep 2
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/lwraft.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;         
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/lwraft.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-                sleep 2
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/lwraft.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%post client
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/lwraft-client.reg
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/lwraft-client.reg
-                if [ $started_lwregd = true ]; then
-                    kill `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;         
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/lwraft-client.reg
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/lwraft-client.reg
-                if [ $started_lwregd = true ]; then
-                    kill `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            %{_likewise_open_bindir}/lwsm info lwraft > /dev/null 2>&1
-            if [ $? -eq 0 ]; then
-                %{_likewise_open_bindir}/lwsm stop lwraft
-                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\lwraft'
-                /bin/systemctl restart lwsmd
-                %{_likewise_open_bindir}/lwsm autostart
-            fi
-
-            ;;
-    esac
-
-%preun client
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-%postun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    /sbin/ldconfig
-
-    if [ -a %{_sasl2dir}/lwraftd.conf ]; then
-        /bin/rm %{_sasl2dir}/lwraftd.conf
-    fi
-
-    if [ "$1" = "0" ]; then
-        echo "Existing database files kept at [%{_dbdir}]."
-    fi
-
-%postun client
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-#    case "$1" in
-#        0)
-#            %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\lwraft'
-#            ;;
-#    esac
-
-%files
-%defattr(-,root,root)
-%{_sbindir}/*
-%{_bindir}/lwraftpromo
-%{_bindir}/lwraftadmintool
-%{_bindir}/lwraftleavefed
-%{_bindir}/unix_srp
-%{_lib64dir}/sasl2/libsasllwraftdb.so*
-%{_lib64dir}/libkrb5crypto.so*
-%{_lib64dir}/libvmkdcserv.so*
-%{_datadir}/config/sasllwraftd.conf
-%{_datadir}/config/lwraft.reg
-%{_datadir}/config/lwraftschema.ldif
-%{_datadir}/config/lwraftd-syslog-ng.conf
-
-%files client
-%defattr(-,root,root)
-%{_datadir}/config/lwraft-client.reg
-%{_lib64dir}/liblwraftclient.so*
-
-%files client-devel
-%defattr(-,root,root)
-%{_includedir}/vmdir.h
-%{_includedir}/vmdirauth.h
-%{_includedir}/vmdirclient.h
-%{_includedir}/vmdirerrors.h
-%{_includedir}/vmdirtypes.h
-%{_lib64dir}/liblwraftclient.a
-%{_lib64dir}/liblwraftclient.la
-
-%exclude %{_bindir}/dequetest
-%exclude %{_bindir}/lwraftclienttest
-%exclude %{_bindir}/circularbuffertest
-%exclude %{_bindir}/parseargstest
-%exclude %{_bindir}/registrytest
-%exclude %{_bindir}/stringtest
-%exclude %{_lib64dir}/libkrb5crypto.a
-%exclude %{_lib64dir}/libkrb5crypto.la
-%exclude %{_lib64dir}/sasl2/libsasllwraftdb.a
-%exclude %{_lib64dir}/sasl2/libsasllwraftdb.la
-%exclude %{_lib64dir}/libvmkdcserv.a
-%exclude %{_lib64dir}/libvmkdcserv.la
-
-# %doc ChangeLog README COPYING
-
-%changelog
-
diff --git a/lwraft/client/Makefile.am b/lwraft/client/Makefile.am
index a98a8d1d1..9b9384ce5 100644
--- a/lwraft/client/Makefile.am
+++ b/lwraft/client/Makefile.am
@@ -1,42 +1,39 @@
-lib_LTLIBRARIES = liblwraftclient.la
+lib_LTLIBRARIES = libpostclient.la
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/lwraft/idl
 
-liblwraftclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+libpostclient_la_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
-liblwraftclient_la_SOURCES = \
+libpostclient_la_SOURCES = \
     binding.c \
     client.c \
     globals.c \
-    groups.c \
     krb5login.c \
     ldaputil.c \
     libmain.c \
+    raftclient.c \
     registry.c \
     repadmin.c \
     replication.c \
     rpc.c \
-    setupldu.c \
     shell.c \
     superlogutil.c \
     users.c \
     util.c \
     vmdir_cstub.c \
-    vmdirftp_cstub.c \
     vmdirdbcp_cstub.c \
     vmdirlocalclient.c \
     srp_verifier_cstub.c \
-    vmdirsuperlog_cstub.c \
-    vmdirurgentrepl_cstub.c \
-    vmdirraft_cstub.c
+    vmdirraft_cstub.c \
+    vmdirsuperlog_cstub.c
 
-liblwraftclient_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+libpostclient_la_LIBADD = \
+    @top_builddir@/lwraft/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -51,8 +48,8 @@ liblwraftclient_la_LIBADD = \
     @CRYPTO_LIBS@ \
     @PTHREAD_LIBS@
 
-liblwraftclient_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/client/liblwraftclient.exp \
+libpostclient_la_LDFLAGS = \
+    -export-symbols @top_srcdir@/lwraft/client/liblwraftclient.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
@@ -61,11 +58,8 @@ CLEANFILES = \
     vmdir_h.h \
     vmdir_cstub.c \
     vmdir_sstub.c \
-    vmdirftp_h.h \
     vmdirdbcp_h.h \
-    vmdirftp_cstub.c \
     vmdirdbcp_cstub.c \
-    vmdirftp_sstub.c \
     vmdirdbcp_sstub.c \
     srp_verifier_h.h \
     srp_verifier_cstub.c \
@@ -73,20 +67,14 @@ CLEANFILES = \
     vmdirsuperlog_h.h \
     vmdirsuperlog_cstub.c \
     vmdirsuperlog_sstub.c \
-    vmdirurgentrepl_h.h \
-    vmdirurgentrepl_cstub.c \
-    vmdirurgentrepl_sstub.c \
     vmdirsuperlog_sstub.c \
     vmdirraft_sstub.c
 
-BUILT_SOURCES = vmdir_h.h vmdirftp_h.h vmdirdbcp_h.h srp_verifier_h.h vmdirsuperlog_h.h vmdirurgentrepl_h.h vmdirraft_h.h
+BUILT_SOURCES = vmdir_h.h vmdirdbcp_h.h srp_verifier_h.h vmdirsuperlog_h.h vmdirraft_h.h
 
 vmdir_h.h vmdir_cstub.c: $(idl_srcdir)/vmdir.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdir_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
 
-vmdirftp_h.h vmdirftp_cstub.c: $(idl_srcdir)/vmdirftp.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirftp_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
-
 vmdirdbcp_h.h vmdirdbcp_cstub.c: $(idl_srcdir)/vmdirdbcp.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirdbcp_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
 
@@ -94,10 +82,7 @@ srp_verifier_h.h srp_verifier_cstub.c: $(idl_srcdir)/srp_verifier.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header srp_verifier_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
 
 vmdirsuperlog_h.h vmdirsuperlog_cstub.c: $(idl_srcdir)/vmdirsuperlog.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
-
-vmdirurgentrepl_h.h vmdirurgentrepl_cstub.c: $(idl_srcdir)/vmdirurgentrepl.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirurgentrepl_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/lwraft/include/public $<
 
 vmdirraft_h.h vmdirraft_cstub.c: $(idl_srcdir)/vmdirraft.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirraft_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
diff --git a/lwraft/client/binding.c b/lwraft/client/binding.c
index 947f39293..e9e6c75be 100644
--- a/lwraft/client/binding.c
+++ b/lwraft/client/binding.c
@@ -162,11 +162,11 @@ VmDirCreateBindingHandleUtilityA(
     {
         {
             VMDIR_SF_INIT(.pszProtocolSequence, "ncalrpc"),
-            VMDIR_SF_INIT(.pszEndPoint, VMDIR_NCALRPC_END_POINT),
+            VMDIR_SF_INIT(.pszEndPoint, LWRAFT_NCALRPC_END_POINT),
         },
         {
             VMDIR_SF_INIT(.pszProtocolSequence, "ncacn_ip_tcp"),
-            VMDIR_SF_INIT(.pszEndPoint, VMDIR_RPC_TCP_END_POINT),
+            VMDIR_SF_INIT(.pszEndPoint, LWRAFT_RPC_TCP_END_POINT),
         }
     };
     PCSTR pszProtocolSequence = NULL;
diff --git a/lwraft/client/client.c b/lwraft/client/client.c
index 1b66f0934..6b103f404 100644
--- a/lwraft/client/client.c
+++ b/lwraft/client/client.c
@@ -16,7 +16,6 @@
 
 #define VMDIR_RPC_FREE_MEMORY VmDirRpcClientFreeMemory
 
-static
 DWORD
 _VmDirUpdateKeytabFile(
     PCSTR pszServerName,
@@ -42,43 +41,6 @@ _VmDirSetupDefaultAccount(
     PCSTR pszBindPassword
     );
 
-static
-DWORD
-_VmDirFindAllReplPartnerHost(
-    PCSTR    pszHostName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    PSTR**   pppszPartnerHost,
-    DWORD*   pdwSize
-    );
-
-static
-BOOLEAN
-_VmDirIsRemoteServerDown(
-    PCSTR    pszServerName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    PCSTR    pszDomain
-    );
-
-static
-DWORD
-_VmDirCreateServerPLD(
-    PCSTR    pszServerName,
-    PCSTR    pszDomain,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    LDAP**  ppLD
-    );
-
-static
-DWORD
-_VmDirRemoveComputer(
-    LDAP *pLd,
-    PCSTR pszDomainName,
-    PCSTR pszComputerHostName
-    );
-
 static
 DWORD
 _VmDirModDcPassword(
@@ -96,13 +58,6 @@ _VmDirAllocateSuperLogEntryLdapOperationArray(
     PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY *ppDstEntries
     );
 
-static
-DWORD
-_VmDirMapVersionToMaxDFL(
-    PCSTR pszLocalVersion,
-    PDWORD pdwDFL
-    );
-
 static
 DWORD
 _VmDirJoinPreCondition(
@@ -135,7 +90,7 @@ VmDirRaftAppendEntries(
                              int entriesSize,
     /* [in] */               unsigned char *entries,
     /* [out] */              UINT32 * currentTerm,
-    /* [out] */              UINT32 * status
+    /* [out] */              unsigned long long *status
     );
 
 /*
@@ -176,10 +131,10 @@ VmDirRefreshActPassword(
                                  pszActPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN( pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN( pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszPolicyDN,
+    dwError = VmDirAllocateStringPrintf( &pszPolicyDN,
                                              "cn=%s,%s",
                                              PASSWD_LOCKOUT_POLICY_DEFAULT_CN,
                                              pszDomainDN);
@@ -320,7 +275,7 @@ VmDirResetMachineActCred(
         }
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirAllocateStringAVsnprintf(&pszUPN,
+        dwError = VmDirAllocateStringPrintf(&pszUPN,
                                                 "%s@%s",
                                                 pszUserName,
                                                 pszDomain);
@@ -555,83 +510,6 @@ VmDirConnectionGetLdap(
     return pLd;
 }
 
-DWORD
-VmDirGetSiteGuid(
-    PVMDIR_CONNECTION pConnection,
-    PSTR*             ppszGuid
-    )
-{
-    DWORD dwError = 0;
-    PSTR  pszGuid = NULL;
-
-    if (!pConnection || !ppszGuid)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetSiteGuidInternal(
-                pConnection->pLd,
-                pConnection->pszDomain,
-                &pszGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppszGuid = pszGuid;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    if (ppszGuid)
-    {
-        *ppszGuid = NULL;
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pszGuid);
-
-    goto cleanup;
-}
-
-DWORD
-VmDirGetSiteName(
-    PVMDIR_CONNECTION pConnection,
-    PSTR*             ppszSiteName
-    )
-{
-    DWORD dwError = 0;
-    PSTR  pszSiteName = NULL;
-
-    if (!pConnection || !ppszSiteName)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetSiteNameInternal(
-                pConnection->pLd,
-                &pszSiteName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppszSiteName = pszSiteName;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    if (ppszSiteName)
-    {
-        *ppszSiteName = NULL;
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pszSiteName);
-
-    goto cleanup;
-}
-
 VOID
 VmDirConnectionClose(
     PVMDIR_CONNECTION pConnection
@@ -704,18 +582,18 @@ VmDirSetupHostInstanceEx(
 
     if (!IsNullOrEmptyString(pszPartnerHostName))
     {
-        dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+        dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         if ( VmDirIsIPV6AddrFormat( pszPartnerHostName ) )
         {
-            dwError = VmDirAllocateStringAVsnprintf( &pszReplURI, "%s://[%s]",
+            dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://[%s]",
                                                      VMDIR_LDAP_PROTOCOL,
                                                      pszPartnerHostName);
         }
         else
         {
-            dwError = VmDirAllocateStringAVsnprintf( &pszReplURI, "%s://%s",
+            dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://%s",
                                                      VMDIR_LDAP_PROTOCOL,
                                                      pszPartnerHostName);
         }
@@ -790,6 +668,12 @@ VmDirSetupHostInstance(
     PSTR    pszLotusServerNameCanon = NULL;
     int     err = 0;
     int     i = 0;
+    PVM_DIR_CONNECTION pIPCConnection = NULL;
+
+    if (VmDirOpenClientConnection(&pIPCConnection) != 0)
+    {   // POST is not listen on IPC port
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+    }
 
     // Generate an initial DC account password and store it in the registry.
 
@@ -839,15 +723,6 @@ VmDirSetupHostInstance(
                         pszPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirUpdateKeytabFile(
-                        pszLotusServerNameCanon,
-                        pszDomainName,
-                        pszLotusServerNameCanon,
-                        pszUserName,
-                        pszPassword,
-                        TRUE );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
 	VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "VmDirSetupHostInstance (%s)(%s)(%s) passed",
                                         VDIR_SAFE_STRING(pszDomainName),
                                         VDIR_SAFE_STRING(pszSiteName),
@@ -855,6 +730,7 @@ VmDirSetupHostInstance(
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY( pszLotusServerNameCanon );
+    VmDirCloseClientConnection(pIPCConnection);
     return dwError;
 
 error:
@@ -862,54 +738,6 @@ VmDirSetupHostInstance(
     goto cleanup;
 }
 
-/*
- * API to demote local DC.
- * Local DC must be in running state.
- *
- * 1. put local DC into read only mode
- * 2. try to clean up local DC data at one of its available partner
- * 3. stop vmdir
- * 4. remove vmdir database
- * 5. start vmdir into uninitialized state, i.e. waiting for promotion call.
- */
-DWORD
-VmDirDemote(
-    PCSTR    pszUserName,
-    PCSTR    pszPassword
-    )
-{
-    DWORD   dwError = 0;
-
-    dwError = VMDIR_ERROR_INVALID_PARAMETER;
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirDemote is not supported for Raft based directory service." );
-    BAIL_ON_VMDIR_ERROR( dwError );
-
-    // admin privileges is required to call VmDirSetState.
-    dwError = VmDirSetState( NULL, VMDIRD_STATE_READ_ONLY );
-    BAIL_ON_VMDIR_ERROR( dwError );
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Vmdir in read only mode" );
-
-    // let partner caughtup with me, then cleanup my node specific entries.
-    dwError = VmDirLeaveFederation(NULL, NULL, (PSTR)pszUserName, (PSTR)pszPassword );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // destroy default cred cache.
-    (VOID) VmDirDestroyDefaultKRB5CC();
-
-    // This stop vmdir, destroy db then start vmdir in uninitialized state.
-    dwError = VmDirResetVmdir();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "VmDirDemote succeeded." );
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirDemote failed. Error(%u)", dwError);
-    goto cleanup;
-}
-
 DWORD
 VmDirJoin(
     PCSTR    pszLotusServerName,
@@ -925,10 +753,10 @@ VmDirJoin(
     PCSTR   pszTopDomain = NULL;
     PSTR    pszPartnerServerName = NULL;
     PSTR    pszLotusServerNameCanon = NULL;
-    PSTR    pszCurrentServerObjectDN = NULL;
     PSTR    pszErrMsg = NULL;
     LDAP*   pLd = NULL;
     PVMDIR_REPL_STATE pReplState = NULL;
+    PVM_DIR_CONNECTION pIPCConnection = NULL;
 
     if (IsNullOrEmptyString(pszUserName) ||
         IsNullOrEmptyString(pszPassword) ||
@@ -938,6 +766,11 @@ VmDirJoin(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    if (VmDirOpenClientConnection(&pIPCConnection) != 0)
+    {   // POST is not listen on IPC port
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+    }
+
     // Determine the name of lotus server
     dwError = VmDirGetLotusServerName( pszLotusServerName ? pszLotusServerName : "localhost",
                                        &pszLotusServerNameCanon );
@@ -967,23 +800,17 @@ VmDirJoin(
         pszTopDomain = pszDomainName;
     }
 
-    // make sure there is NO server object with same name in the federation
-    dwError = VmDirGetServerObjectDN(
-                                pszPartnerServerName,
-                                pszDomainName,
-                                pszUserName,
-                                pszPassword,
-                                pszLotusServerNameCanon,
-                                &pszCurrentServerObjectDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    if ( pszCurrentServerObjectDN )
+    if (VmDirRaftServerExists(
+                pszPartnerServerName,
+                pszDomainName,
+                pszUserName,
+                pszPassword,
+                pszLotusServerNameCanon) == TRUE)
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s, server object (%s) exists already, DN (%s).",
+        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s, raft server (%s) exists already.",
                                              __FUNCTION__,
-                                             VDIR_SAFE_STRING(pszLotusServerNameCanon),
-                                             pszCurrentServerObjectDN );
-        dwError = VMDIR_ERROR_ENTRY_ALREADY_EXIST;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                                             VDIR_SAFE_STRING(pszLotusServerNameCanon));
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ALREADY_PROMOTED);
     }
 
     // Make sure we can join the partner
@@ -1017,15 +844,6 @@ VmDirJoin(
                                  firstReplCycleMode );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirUpdateKeytabFile(
-                                pszLotusServerNameCanon,
-                                pszDomainName,
-                                pszLotusServerNameCanon,
-                                pszUserName,
-                                pszPassword,
-                                TRUE );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
                     "VmDirJoin (%s)(%s)(%s) passed",
                     VDIR_SAFE_STRING(pszPartnerHostName),
@@ -1035,13 +853,13 @@ VmDirJoin(
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pszDomainName);
     VMDIR_SAFE_FREE_MEMORY(pszLotusServerNameCanon);
-    VMDIR_SAFE_FREE_MEMORY(pszCurrentServerObjectDN);
     VMDIR_SAFE_FREE_MEMORY(pszErrMsg);
     if (pLd)
     {
         ldap_unbind_ext_s(pLd, NULL, NULL);
     }
     VmDirFreeReplicationStateInternal(pReplState);
+    VmDirCloseClientConnection(pIPCConnection);
     return dwError;
 
 error:
@@ -1055,162 +873,6 @@ VmDirJoin(
     goto cleanup;
 }
 
-DWORD
-VmDirClientJoin(
-    PCSTR    pszServerName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    PCSTR    pszMachineName,
-    PCSTR    pszOrgUnit)
-{
-    DWORD   dwError = 0;
-    PSTR    pszDomainName = NULL;
-    PCSTR   pszServiceTable[] = VMDIR_CLIENT_SERVICE_PRINCIPAL_INITIALIZER;
-    int     iCnt = 0;
-
-    if (IsNullOrEmptyString(pszServerName) ||
-        IsNullOrEmptyString(pszUserName) ||
-        IsNullOrEmptyString(pszPassword) ||
-        IsNullOrEmptyString(pszMachineName))
-    {
-        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetDomainName(pszServerName, &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSetupComputerAccount(
-                      pszDomainName,
-                      pszServerName,
-                      pszUserName,
-                      pszPassword,
-                      pszMachineName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (iCnt = 0; iCnt < sizeof(pszServiceTable)/sizeof(pszServiceTable[0]); iCnt++)
-    {
-        dwError = VmDirLdapSetupServiceAccount(
-                                        pszDomainName,
-                                        pszServerName,
-                                        pszUserName,
-                                        pszPassword,
-                                        pszServiceTable[iCnt],
-                                        pszMachineName );
-        if (dwError == LDAP_ALREADY_EXISTS)
-        {
-            dwError = LDAP_SUCCESS; // ignore if entry already exists (maybe due to prior client join)
-            VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "_VmDirSetupServiceAccount (%s) return LDAP_ALREADY_EXISTS",
-                                                   pszServiceTable[iCnt] );
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = _VmDirUpdateKeytabFile(
-                      pszServerName,
-                      pszDomainName,
-                      pszMachineName,
-                      pszUserName,
-                      pszPassword,
-                      FALSE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s (%s)(%s)(%s) passed",
-                                        __FUNCTION__,
-                                        VDIR_SAFE_STRING(pszServerName),
-                                        VDIR_SAFE_STRING(pszUserName),
-                                        VDIR_SAFE_STRING(pszMachineName) );
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirClientJoin failed. Error(%u)", dwError);
-
-    goto cleanup;
-}
-
-DWORD
-VmDirClientLeave(
-    PCSTR    pszServerName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszDomainName = NULL;
-    PSTR    pszDCAccount = NULL;
-    PSTR    pszDCAccountPass = NULL;
-
-    PCSTR   pszUser = NULL;
-    PCSTR   pszPass = NULL;
-    PCSTR   pszMachine = NULL;
-
-
-    if ((!pszUserName &&  pszPassword) ||
-        ( pszUserName && !pszPassword))
-    {
-        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (IsNullOrEmptyString(pszServerName))
-    {
-        pszServerName = "localhost";
-    }
-
-    dwError = VmDirGetDomainName( pszServerName, &pszDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRegReadDCAccount( &pszDCAccount );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pszMachine = pszDCAccount;
-
-    if (IsNullOrEmptyString(pszUserName))
-    {
-        pszUser = pszDCAccount;
-
-        dwError = VmDirReadDCAccountPassword(&pszDCAccountPass);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pszPass = pszDCAccountPass;
-    }
-    else
-    {
-        pszUser = pszUserName;
-        pszPass = pszPassword;
-    }
-
-    dwError = VmDirLdapRemoveComputerAccount(
-                      pszDomainName,
-                      pszServerName,
-                      pszUser,
-                      pszPass,
-                      pszMachine);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s (%s)(%s) passed",
-                                        __FUNCTION__,
-                                        VDIR_SAFE_STRING(pszServerName),
-                                        VDIR_SAFE_STRING(pszUserName) );
-
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccountPass);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirClientLeave failed. Error(%u)", dwError);
-
-    goto cleanup;
-}
-
 DWORD
 VmDirSetupTenantInstance(
     PCSTR pszDomainName,
@@ -1427,268 +1089,233 @@ VmDirGeneratePassword(
     goto cleanup;
 }
 
-static
+/*
+ * IPC call, needs root privileges.
+ */
 DWORD
-_VmDirGetKeyTabRecBlob(
-    PCSTR       pszServerName,
-    PCSTR       pszSRPUPN,
-    PCSTR       pszSRPPassword,
+VmDirSetSRPSecret(
     PCSTR       pszUPN,
-    PBYTE*      ppByte,
-    DWORD*      pSize
+    PCSTR       pszSecret
     )
 {
-    DWORD                   dwError = 0;
-    PCSTR                   pszServerEndpoint = NULL;
-    PWSTR                   pwszUPN = NULL;
-    handle_t                hBinding = NULL;
-    VMDIR_DATA_CONTAINER    dataContainer = {0};
-    PBYTE                   pLocalByte = NULL;
+    DWORD       dwError = 0;
+    PWSTR       pwszUPN = NULL;
+    PWSTR       pwszSecret = NULL;
 
-    if (IsNullOrEmptyString(pszUPN) || !ppByte || !pSize)
+    if (IsNullOrEmptyString(pszUPN) || IsNullOrEmptyString(pszSecret))
     {
-        dwError =  ERROR_INVALID_PARAMETER;
+        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirCreateBindingHandleAuthA(
-                    pszServerName,
-                    pszServerEndpoint,
-                    pszSRPUPN,
-                    NULL,
-                    pszSRPPassword,
-                    &hBinding);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA(
-                        pszUPN,
-                        &pwszUPN
-                        );
+    dwError = VmDirAllocateStringWFromA( pszUPN, &pwszUPN );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirGetKeyTabRecBlob(
-                        hBinding,
-                        pwszUPN,
-                        &dataContainer
-                        );
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
+    dwError = VmDirAllocateStringWFromA( pszSecret, &pwszSecret );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateMemory(
-                    dataContainer.dwCount,
-                    (PVOID*)&pLocalByte
+    dwError = VmDirLocalSetSRPSecret(
+                    pwszUPN,
+                    pwszSecret
                     );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCopyMemory (
-                    pLocalByte,
-                    dataContainer.dwCount,
-                    dataContainer.data,
-                    dataContainer.dwCount
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppByte     = pLocalByte;
-    *pSize      = dataContainer.dwCount;
-    pLocalByte  = NULL;
-
 cleanup:
 
-    if (hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
     VMDIR_SAFE_FREE_MEMORY(pwszUPN);
-    VMDIR_SAFE_FREE_MEMORY(pLocalByte);
-    VMDIR_RPC_FREE_MEMORY( dataContainer.data );
+    VMDIR_SAFE_FREE_MEMORY(pwszSecret);
 
     return dwError;
 
 error:
 
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirGetKeyTabRecBlob (UPN=%s) failed (%u)",
-                     VDIR_SAFE_STRING(pszUPN), dwError );
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetSRPSecret failed (%u)(%s)",
+                     dwError, VDIR_SAFE_STRING(pszUPN) );
+
     goto cleanup;
 }
 
 DWORD
-VmDirGetKrbMasterKey(
-    PSTR        pszDomainName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    )
+VmDirGetReplicationPartners(
+    PCSTR               pszHostName,
+    PCSTR               pszUserName,
+    PCSTR               pszPassword,
+    PVMDIR_REPL_PARTNER_INFO*  ppReplPartnerInfo,   // output
+    DWORD*              pdwNumReplPartner    // output
+)
 {
-    DWORD       dwError = 0;
-    PCSTR       pszServerName = "localhost";
-    PCSTR       pszServerEndpoint = NULL;
-    PWSTR       pwszDomainname = NULL;
-    handle_t    hBinding = NULL;
-    PBYTE       pLocalByte = NULL;
-    VMDIR_DATA_CONTAINER    dataContainer = {0};
+    DWORD       dwError                 = 0;
+    DWORD       i                       = 0;
+    PSTR        pszDomain               = NULL;
+    LDAP*       pLd                     = NULL;
+    DWORD       dwInfoCount             = 0;
+    PREPLICATION_INFO pReplicationInfo  = NULL;
+    PVMDIR_REPL_PARTNER_INFO pReplPartnerInfo = NULL;
+    PSTR        pszServerName = NULL;
 
-    if (IsNullOrEmptyString(pszDomainName)  || !ppKeyBlob || !pSize )
+    // parameter check
+    if (
+            IsNullOrEmptyString (pszHostName) ||
+            IsNullOrEmptyString (pszUserName) ||
+            pszPassword         == NULL       ||
+            pdwNumReplPartner   == NULL       ||
+            ppReplPartnerInfo   == NULL
+       )
     {
-        dwError =  ERROR_INVALID_PARAMETER;
+        dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirCreateBindingHandleMachineAccountA(
+    dwError = VmDirGetServerName( pszHostName, &pszServerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // get domain name
+    dwError = VmDirGetDomainName(
                     pszServerName,
-                    pszServerEndpoint,
-                    &hBinding
+                    &pszDomain
                     );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringWFromA(
-                        pszDomainName,
-                        &pwszDomainname
-                        );
+    // bind to server
+    dwError = VmDirConnectLDAPServer(
+                            &pLd,
+                            pszServerName,
+                            pszDomain,
+                            pszUserName,
+                            pszPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_RPC_TRY
+    //get replication agreement info for replication LDUs
+    dwError = VmDirGetReplicationInfo(
+                            pLd,
+                            pszServerName,
+                            pszDomain,
+                            &pReplicationInfo,
+                            &dwInfoCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if ( dwInfoCount > 0 )
     {
-        dwError = RpcVmDirGetKrbMasterKey(
-                        hBinding,
-                        pwszDomainname,
-                        &dataContainer
-                        );
+        dwError = VmDirAllocateMemory(
+                dwInfoCount*sizeof(VMDIR_REPL_PARTNER_INFO),
+                (PVOID*)&pReplPartnerInfo
+                );
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    VMDIR_RPC_CATCH
+    else
     {
-        VMDIR_RPC_GETERROR_CODE(dwError);
+        pReplPartnerInfo = NULL;
     }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMemory(dataContainer.dwCount, (PVOID*)&pLocalByte );
-    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCopyMemory( pLocalByte,
-                               dataContainer.dwCount,
-                               dataContainer.data,
-                               dataContainer.dwCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    for ( i=0; i<dwInfoCount; i++)
+    {
+        dwError = VmDirAllocateStringA(
+                    pReplicationInfo[i].pszURI,
+                    &(pReplPartnerInfo[i].pszURI)
+                    );
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-    *ppKeyBlob = pLocalByte;
-    *pSize     = dataContainer.dwCount;
-    pLocalByte = NULL;
+    // fill in output parameters
+    *pdwNumReplPartner = dwInfoCount;
+    *ppReplPartnerInfo = pReplPartnerInfo;
 
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+    VMDIR_SAFE_FREE_MEMORY(pszServerName);
+    VMDIR_SAFE_FREE_MEMORY(pReplicationInfo);
 
-    if (hBinding)
+    // unbind
+    if (pLd)
     {
-        VmDirFreeBindingHandle( &hBinding);
+        ldap_unbind_ext_s(pLd, NULL, NULL);
     }
 
-    VMDIR_SAFE_FREE_MEMORY(pwszDomainname);
-    VMDIR_RPC_FREE_MEMORY(dataContainer.data);
-
     return dwError;
 
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "VmDirGetReplicationPartners failed, Error[%d]\n",
+            dwError
+            );
 
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirGetKrbMasterKey failed (%u)", dwError );
+    for ( i=0; i<dwInfoCount; i++ )
+    {
+        VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo[i].pszURI);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo);
 
-    VMDIR_SAFE_FREE_MEMORY(pLocalByte);
+    if ( ppReplPartnerInfo )
+    {
+        *ppReplPartnerInfo = NULL;
+    }
 
     goto cleanup;
 }
 
-/*
- * IPC call, needs root privileges.
- */
 DWORD
-VmDirSetSRPSecret(
-    PCSTR       pszUPN,
-    PCSTR       pszSecret
+VmDirSetLogLevelH(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    PCSTR       pszLogLevel
     )
 {
-    DWORD       dwError = 0;
-    PWSTR       pwszUPN = NULL;
-    PWSTR       pwszSecret = NULL;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
+    VMDIR_LOG_LEVEL myLogLevel = VMDIR_LOG_INFO;
 
-    if (IsNullOrEmptyString(pszUPN) || IsNullOrEmptyString(pszSecret))
+    if ( !pszLogLevel)
     {
-        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateStringWFromA( pszUPN, &pwszUPN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA( pszSecret, &pwszSecret );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLocalSetSRPSecret(
-                    pwszUPN,
-                    pwszSecret
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pwszUPN);
-    VMDIR_SAFE_FREE_MEMORY(pwszSecret);
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetSRPSecret failed (%u)(%s)",
-                     dwError, VDIR_SAFE_STRING(pszUPN) );
-
-    goto cleanup;
-}
-
-DWORD
-VmDirGetKrbUPNKey(
-    PSTR        pszUpnName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       pszServerName = "localhost";
-    PCSTR       pszServerEndpoint = NULL;
-    PWSTR       pwszUpnname = NULL;
-    handle_t    hBinding = NULL;
-    PBYTE       pLocalByte = NULL;
-    VMDIR_DATA_CONTAINER    dataContainer = {0};
-
-    if (IsNullOrEmptyString(pszUpnName) || !ppKeyBlob || !pSize )
+    if ( VmDirStringCompareA(pszLogLevel, "ERROR", FALSE) == 0)
     {
-        dwError =  ERROR_INVALID_PARAMETER;
+        myLogLevel = VMDIR_LOG_ERROR;
+    }
+    else if ( VmDirStringCompareA(pszLogLevel, "WARNING", FALSE) == 0)
+    {
+        myLogLevel = VMDIR_LOG_WARNING;
+    }
+    else if ( VmDirStringCompareA(pszLogLevel, "INFO", FALSE) == 0)
+    {
+        myLogLevel = VMDIR_LOG_INFO;
+    }
+    else if ( VmDirStringCompareA(pszLogLevel, "VERBOSE", FALSE) == 0)
+    {
+        myLogLevel = VMDIR_LOG_VERBOSE;
+    }
+    else if ( VmDirStringCompareA(pszLogLevel, "DEBUG", FALSE) == 0)
+    {
+        myLogLevel = VMDIR_LOG_DEBUG;
+    }
+    else
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirCreateBindingHandleMachineAccountA(
-                    pszServerName,
-                    pszServerEndpoint,
-                    &hBinding
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA(
-                    pszUpnName,
-                    &pwszUpnname
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (hInBinding)
+    {
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     VMDIR_RPC_TRY
     {
-        dwError = RpcVmDirGetKrbUPNKey(
-                        hBinding,
-                        pwszUpnname,
-                        &dataContainer
-                        );
+        dwError = RpcVmDirSetLogLevel(
+                          hBinding,
+                          myLogLevel);
     }
     VMDIR_RPC_CATCH
     {
@@ -1697,3241 +1324,1060 @@ VmDirGetKrbUPNKey(
     VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateMemory(dataContainer.dwCount, (PVOID*)&pLocalByte );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCopyMemory( pLocalByte,
-                               dataContainer.dwCount,
-                               dataContainer.data,
-                               dataContainer.dwCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppKeyBlob = pLocalByte;
-    *pSize     = dataContainer.dwCount;
-    pLocalByte = NULL;
-
 cleanup:
 
-    if (hBinding)
+    if (!hInBinding && hBinding)
     {
         VmDirFreeBindingHandle( &hBinding);
     }
 
-    VMDIR_SAFE_FREE_MEMORY(pwszUpnname);
-    VMDIR_RPC_FREE_MEMORY(dataContainer.data);
-
     return dwError;
 
 error:
 
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirGetKrbUPNKey (UPN=%s) failed (%u)",
-                     VDIR_SAFE_STRING(pszUpnName), dwError );
-
-    VMDIR_SAFE_FREE_MEMORY(pLocalByte);
-
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSetLogLevel failed. Error[%d]\n", dwError);
     goto cleanup;
-
 }
 
 DWORD
-VmDirAddReplicationAgreement(
-    BOOLEAN bTwoWayRepl,
-    PCSTR pszSrcHostName,
-    PCSTR pszSrcPort,
-    PCSTR pszSrcUserName,
-    PCSTR pszSrcPassword,
-    PCSTR pszTgtHostName,
-    PCSTR pszTgtPort
-)
+VmDirGetLogLevelH(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    VMDIR_LOG_LEVEL*         pLogLevel
+    )
 {
-    DWORD       dwError                 = 0;
-    PSTR        pszDomainName           = NULL;
-    PSTR        pszTopDomain            = NULL;
-    PSTR        pszSrcServerName        = NULL;
-    PSTR        pszTgtServerName        = NULL;
-
-    // parameter check
-    if (
-         IsNullOrEmptyString (pszSrcHostName) ||
-         IsNullOrEmptyString (pszSrcPort) ||
-         IsNullOrEmptyString (pszSrcUserName) ||
-         IsNullOrEmptyString (pszSrcPassword) ||
-         IsNullOrEmptyString (pszTgtHostName) ||
-         IsNullOrEmptyString (pszTgtPort)
-       )
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
+    VMDIR_LOG_LEVEL logLevel = 0;
+
+    if (!pLogLevel)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetServerName(
-                            pszSrcHostName,
-                            &pszSrcServerName
-                            );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetServerName(
-                            pszTgtHostName,
-                            &pszTgtServerName
-                            );
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (hInBinding)
+    {
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-    dwError = VmDirGetDomainName(
-                            pszTgtServerName,
-                            &pszDomainName
-                            );
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirGetLogLevel(
+                          hBinding,
+                          &logLevel);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
-    VMDIR_LOG_VERBOSE(
-            VMDIR_LOG_MASK_ALL,
-            "Domain name: %s\n",
-            pszDomainName
-            );
 
-    pszTopDomain = VmDirGetTopDomain( pszDomainName );
+    *pLogLevel = logLevel;
 
-    // setup one way first
-    dwError = VmDirLdapSetupRemoteHostRA(
-                    pszDomainName,
-                    pszTgtServerName,
-                    pszSrcUserName,
-                    pszSrcPassword,
-                    pszSrcServerName,
-                    0
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-    VMDIR_LOG_VERBOSE(
-            VMDIR_LOG_MASK_ALL,
-            "Replication agreement created successfully:\nSource: %s\nTarget: %s\n",
-            pszSrcServerName,
-            pszTgtServerName
-            );
+cleanup:
 
-    // setup the other way if specified
-    if ( bTwoWayRepl )
+    if (!hInBinding && hBinding)
     {
-        dwError = VmDirLdapSetupRemoteHostRA(
-                    pszDomainName,
-                    pszSrcServerName,
-                    pszSrcUserName,
-                    pszSrcPassword,
-                    pszTgtServerName,
-                    0
-                    );
-        BAIL_ON_VMDIR_ERROR(dwError);
-        VMDIR_LOG_VERBOSE(
-                VMDIR_LOG_MASK_ALL,
-                "Replication agreement created successfully:\nSource: %s\nTarget: %s\n",
-                pszTgtServerName,
-                pszSrcServerName
-                );
+        VmDirFreeBindingHandle( &hBinding);
     }
 
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszSrcServerName);
-    VMDIR_SAFE_FREE_MEMORY(pszTgtServerName);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "Failed to create replication agreement. Error[%d]\n",
-            dwError
-            );
+
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirGetLogLevel failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
 DWORD
-VmDirRemoveReplicationAgreement(
-    BOOLEAN bTwoWayRepl,
-    PCSTR pszSrcHostName,
-    PCSTR pszSrcPort,
-    PCSTR pszSrcUserName,
-    PCSTR pszSrcPassword,
-    PCSTR pszTgtHostName,
-    PCSTR pszTgtPort
-)
+VmDirSetLogLevel(
+    PCSTR       pszLogLevel
+    )
 {
-    DWORD       dwError                 = 0;
-    PSTR        pszDomainName           = NULL;
-    PSTR        pszTopDomain            = NULL;
-    PSTR        pszSrcServerName        = NULL;
-    PSTR        pszTgtServerName        = NULL;
-    PVMDIR_REPL_PARTNER_INFO    pReplPartnerInfo = NULL;
-    DWORD       dwNumReplPartner        = 0;
+    DWORD dwError = 0;
+    dwError = VmDirSetLogLevelH(
+                  NULL,
+                  pszLogLevel);
+    return dwError;
+}
 
-    // parameter check
-    if (
-         IsNullOrEmptyString (pszSrcHostName) ||
-         IsNullOrEmptyString (pszSrcPort) ||
-         IsNullOrEmptyString (pszSrcUserName) ||
-         IsNullOrEmptyString (pszSrcPassword) ||
-         IsNullOrEmptyString (pszTgtHostName) ||
-         IsNullOrEmptyString (pszTgtPort)
-       )
+DWORD
+VmDirSetLogMaskH(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    UINT32      iVmDirLogMask
+    )
+{
+    DWORD       dwError = 0;
+    PCSTR       pszServerName = "localhost";
+    PCSTR       pszServerEndpoint = NULL;
+    handle_t    hBinding = NULL;
+
+    if (hInBinding)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetReplicationPartners(
-                        pszTgtHostName,
-                        pszSrcUserName,
-                        pszSrcPassword,
-                        &pReplPartnerInfo,
-                        &dwNumReplPartner
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Warn if less than two partners
-    if (dwNumReplPartner < 2)
+    VMDIR_RPC_TRY
     {
-        VMDIR_LOG_WARNING(
-                VMDIR_LOG_MASK_ALL,
-                "%s: Attempting to remove replication agreements with %s having only %d partner\n",
-                __FUNCTION__, pszTgtHostName, dwNumReplPartner);
+        dwError = RpcVmDirSetLogMask(
+                          hBinding,
+                          iVmDirLogMask);
     }
-
-    if (bTwoWayRepl)
+    VMDIR_RPC_CATCH
     {
-        dwError = VmDirGetReplicationPartners(
-                            pszSrcHostName,
-                            pszSrcUserName,
-                            pszSrcPassword,
-                            &pReplPartnerInfo,
-                            &dwNumReplPartner
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Warn if less than two partners
-        if (dwNumReplPartner < 2)
-        {
-            VMDIR_LOG_WARNING(
-                VMDIR_LOG_MASK_ALL,
-                "%s: Attempting to remove replication agreements with %s having only %d partner\n",
-                __FUNCTION__, pszSrcHostName, dwNumReplPartner);
-        }
+        VMDIR_RPC_GETERROR_CODE(dwError);
     }
-
-    dwError = VmDirGetServerName(
-                            pszSrcHostName,
-                            &pszSrcServerName
-                            );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetServerName(
-                            pszTgtHostName,
-                            &pszTgtServerName
-                            );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetDomainName(
-                            pszTgtServerName,
-                            &pszDomainName
-                            );
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
-    VMDIR_LOG_VERBOSE(
-            VMDIR_LOG_MASK_ALL,
-            "Domain name: %s\n",
-            pszDomainName
-            );
 
-    pszTopDomain = VmDirGetTopDomain( pszDomainName );
-
-    // Remove one way first
-    dwError = VmDirLdapRemoveRemoteHostRA(
-                    pszDomainName,
-                    pszTgtServerName,
-                    pszSrcUserName,
-                    pszSrcPassword,
-                    pszSrcServerName
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-    VMDIR_LOG_VERBOSE(
-            VMDIR_LOG_MASK_ALL,
-            "Replication agreement removed successfully:\nSource: %s\nTarget: %s\n",
-            pszSrcServerName,
-            pszTgtServerName
-            );
+cleanup:
 
-    // Remove the other way if speicified
-    if ( bTwoWayRepl )
+    if (!hInBinding && hBinding)
     {
-        dwError = VmDirLdapRemoveRemoteHostRA(
-                    pszDomainName,
-                    pszSrcServerName,
-                    pszSrcUserName,
-                    pszSrcPassword,
-                    pszTgtServerName
-                    );
-        BAIL_ON_VMDIR_ERROR(dwError);
-        VMDIR_LOG_VERBOSE(
-                VMDIR_LOG_MASK_ALL,
-                "Replication agreement removed successfully:\nSource: %s\nTarget: %s\n",
-                pszTgtServerName,
-                pszSrcServerName
-                );
+        VmDirFreeBindingHandle( &hBinding);
     }
 
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo);
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "Failed to create replication agreement. Error[%d]\n",
-            dwError
-            );
+
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSetLogMask failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
 DWORD
-VmDirGetReplicationPartners(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_REPL_PARTNER_INFO*  ppReplPartnerInfo,   // output
-    DWORD*              pdwNumReplPartner    // output
-)
+VmDirGetLogMaskH(
+    PVMDIR_SERVER_CONTEXT   hInBinding,
+    UINT32*                 piVmDirLogMask
+    )
 {
-    DWORD       dwError                 = 0;
-    DWORD       i                       = 0;
-    PSTR        pszDomain               = NULL;
-    LDAP*       pLd                     = NULL;
-    DWORD       dwInfoCount             = 0;
-    PREPLICATION_INFO pReplicationInfo  = NULL;
-    PVMDIR_REPL_PARTNER_INFO pReplPartnerInfo = NULL;
-    PSTR        pszServerName = NULL;
+    DWORD       dwError = 0;
+    PCSTR       pszServerName = "localhost";
+    PCSTR       pszServerEndpoint = NULL;
+    handle_t    hBinding = NULL;
+    UINT32      iMask = 0;
 
-    // parameter check
-    if (
-            IsNullOrEmptyString (pszHostName) ||
-            IsNullOrEmptyString (pszUserName) ||
-            pszPassword         == NULL       ||
-            pdwNumReplPartner   == NULL       ||
-            ppReplPartnerInfo   == NULL
-       )
+    if (!piVmDirLogMask)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetServerName( pszHostName, &pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // get domain name
-    dwError = VmDirGetDomainName(
-                    pszServerName,
-                    &pszDomain
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // bind to server
-    dwError = VmDirConnectLDAPServer(
-                            &pLd,
-                            pszServerName,
-                            pszDomain,
-                            pszUserName,
-                            pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //get replication agreement info for replication LDUs
-    dwError = VmDirGetReplicationInfo(
-                            pLd,
-                            pszServerName,
-                            pszDomain,
-                            &pReplicationInfo,
-                            &dwInfoCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if ( dwInfoCount > 0 )
+    if (hInBinding)
     {
-        dwError = VmDirAllocateMemory(
-                dwInfoCount*sizeof(VMDIR_REPL_PARTNER_INFO),
-                (PVOID*)&pReplPartnerInfo
-                );
-        BAIL_ON_VMDIR_ERROR(dwError);
+        hBinding = hInBinding->hBinding;
     }
     else
     {
-        pReplPartnerInfo = NULL;
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    for ( i=0; i<dwInfoCount; i++)
+    VMDIR_RPC_TRY
     {
-        dwError = VmDirAllocateStringA(
-                    pReplicationInfo[i].pszURI,
-                    &(pReplPartnerInfo[i].pszURI)
-                    );
-        BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = RpcVmDirGetLogMask(
+                          hBinding,
+                          &iMask);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
     }
+    VMDIR_RPC_ENDTRY;
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    // fill in output parameters
-    *pdwNumReplPartner = dwInfoCount;
-    *ppReplPartnerInfo = pReplPartnerInfo;
+    *piVmDirLogMask = iMask;
 
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszServerName);
-    VMDIR_SAFE_FREE_MEMORY(pReplicationInfo);
 
-    // unbind
-    if (pLd)
+    if (!hInBinding && hBinding)
     {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
+        VmDirFreeBindingHandle( &hBinding);
     }
 
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "VmDirGetReplicationPartners failed, Error[%d]\n",
-            dwError
-            );
-
-    for ( i=0; i<dwInfoCount; i++ )
-    {
-        VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo[i].pszURI);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo);
-
-    if ( ppReplPartnerInfo )
-    {
-        *ppReplPartnerInfo = NULL;
-    }
 
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirGetLogMask failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
 DWORD
-VmDirGetReplicationPartnerStatus(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_REPL_PARTNER_STATUS*  ppReplPartnerStatus,   // output
-    DWORD*              pdwNumReplPartner    // output
-)
+VmDirSetLogMask(
+    UINT32      iVmDirLogMask
+    )
 {
-    DWORD       dwError = 0;
-    DWORD       dwNumHost = 0;
-    DWORD       dwCnt = 0;
-    PVMDIR_REPL_PARTNER_STATUS  pReplPartnerStatus = NULL;
-    PSTR*       ppszPartnerHosts = NULL;
-    PSTR        pszDomain = NULL;
-    LDAP*       pLd = NULL;
-    PSTR        pszServerName = NULL;
+    DWORD dwError = 0;
 
-    // find hosts with hostname as the partner
-    dwError = VmDirGetServerName(pszHostName, &pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = VmDirSetLogMaskH(
+                  NULL,
+                  iVmDirLogMask);
+    return dwError;
+}
 
-    dwError = _VmDirFindAllReplPartnerHost(pszServerName, pszUserName, pszPassword, &ppszPartnerHosts, &dwNumHost);
-    BAIL_ON_VMDIR_ERROR(dwError);
+DWORD
+VmDirSetState(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    UINT32      dwState)
+{
+    DWORD dwError = 0;
+    PCSTR pszServerName = "localhost";
+    PCSTR pszServerEndpoint = NULL;
+    handle_t hBinding = NULL;
 
-    if (dwNumHost > 0)
+    if (hInBinding)
     {
-        dwError = VmDirAllocateMemory(
-                dwNumHost*sizeof(VMDIR_REPL_PARTNER_STATUS),
-                (PVOID*)&pReplPartnerStatus
-                );
-        BAIL_ON_VMDIR_ERROR(dwError);
+        hBinding = hInBinding->hBinding;
     }
     else
     {
-        goto cleanup;
-    }
-
-
-    for (dwCnt = 0; dwCnt < dwNumHost; dwCnt++)
-    {
-        dwError = VmDirAllocateStringA(ppszPartnerHosts[dwCnt], &pReplPartnerStatus[dwCnt].pszHost);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VMDIR_SAFE_FREE_MEMORY(pszDomain);
-        dwError = VmDirGetDomainName(
-                        ppszPartnerHosts[dwCnt],
-                        &pszDomain
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding
                         );
-        if (dwError)
-        {
-            VMDIR_LOG_WARNING(
-                VMDIR_LOG_MASK_ALL,
-                "VmDirGetReplicationPartnerStatus, partner (%s) not available (%u)",
-                ppszPartnerHosts[dwCnt],
-                dwError);
-            dwError  = 0;
-            continue;
-        }
-
-        VmDirLdapUnbind(&pLd);
-        dwError = VmDirConnectLDAPServer(
-                                &pLd,
-                                ppszPartnerHosts[dwCnt],
-                                pszDomain,
-                                pszUserName,
-                                pszPassword);
-        if (dwError)
-        {
-            VMDIR_LOG_WARNING(
-                VMDIR_LOG_MASK_ALL,
-                "VmDirGetReplicationPartnerStatus, partner (%s) not available (%u)",
-                ppszPartnerHosts[dwCnt],
-                dwError);
-            dwError  = 0;
-            continue;
-        }
-
-        pReplPartnerStatus[dwCnt].bHostAvailable = TRUE;
-
-        // get partner replication status
-        dwError = VmDirGetPartnerReplicationStatus(pLd, pszServerName, &pReplPartnerStatus[dwCnt]);
-        if (dwError)
-        {
-            VMDIR_LOG_WARNING(
-                VMDIR_LOG_MASK_ALL,
-                "VmDirGetReplicationPartnerStatus, partner (%s) status not available (%u)",
-                ppszPartnerHosts[dwCnt],
-                dwError);
-            dwError  = 0;
-            continue;
-        }
-
-        pReplPartnerStatus[dwCnt].bStatusAvailable = TRUE;
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    *ppReplPartnerStatus = pReplPartnerStatus;
-    *pdwNumReplPartner = dwNumHost;
-
-cleanup:
-
-    VmDirLdapUnbind(&pLd);
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszServerName);
-
-    for (dwCnt=0; dwCnt < dwNumHost; dwCnt++)
+    VMDIR_RPC_TRY
     {
-        VMDIR_SAFE_FREE_MEMORY(ppszPartnerHosts[dwCnt]);
+        dwError = RpcVmDirSetState(
+                          hBinding,
+                          dwState
+                          );
     }
-    VMDIR_SAFE_FREE_MEMORY(ppszPartnerHosts);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "VmDirGetReplicationPartnerStatus failed. Error[%d]\n",
-            dwError
-            );
-
-    for (dwCnt = 0; dwCnt < dwNumHost; dwCnt++)
+    VMDIR_RPC_CATCH
     {
-        VMDIR_SAFE_FREE_MEMORY(pReplPartnerStatus[dwCnt].pszHost);
+        VMDIR_RPC_GETERROR_CODE(dwError);
     }
+    VMDIR_RPC_ENDTRY;
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_SAFE_FREE_MEMORY(pReplPartnerStatus);
-
-    if (ppReplPartnerStatus)
+cleanup:
+    if (!hInBinding && hBinding)
     {
-        *ppReplPartnerStatus = NULL;
+        VmDirFreeBindingHandle( &hBinding);
     }
+    return dwError;
 
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetState failed. Error[%d]\n", dwError );
     goto cleanup;
 }
 
 DWORD
-VmDirGetReplicationState(
-    PVMDIR_CONNECTION  pConnection,
-    PVMDIR_REPL_STATE* ppReplState
-    )
-{
-    return VmDirGetReplicationStateInternal(pConnection->pLd, ppReplState);
-}
-
-VOID
-VmDirFreeReplicationState(
-    PVMDIR_REPL_STATE   pReplState
-    )
-{
-    VmDirFreeReplicationStateInternal(pReplState);
-    return;
-}
-
-DWORD
-VmDirGetReplicationCycleCount(
-    PVMDIR_CONNECTION   pConnection,
-    DWORD*              pdwReplCycleCount
-    )
-{
-    return VmDirGetReplicateCycleCountInternal( pConnection, pdwReplCycleCount );
-}
-
-DWORD
-VmDirGetServers(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_SERVER_INFO*  ppServerInfo,   // output
-    DWORD*              pdwNumServer    // output
-)
+VmDirGetState(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    UINT32*                  pdwState)
 {
-    DWORD       dwError                 = 0;
-    DWORD       i                       = 0;
-    PSTR        pszDomain               = NULL;
-    LDAP*       pLd                     = NULL;
-    DWORD       dwInfoCount             = 0;
-    PINTERNAL_SERVER_INFO pInternalServerInfo  = NULL;
-    PVMDIR_SERVER_INFO pServerInfo = NULL;
-    PSTR        pszServerName = NULL;
-    char        bufUPN[VMDIR_MAX_UPN_LEN] = {0};
+    DWORD dwError = 0;
+    PCSTR pszServerName = "localhost";
+    PCSTR pszServerEndpoint = NULL;
+    handle_t hBinding = NULL;
+    UINT32  dwState = 0;
 
-    // parameter check
-    if (
-            IsNullOrEmptyString (pszHostName) ||
-            IsNullOrEmptyString (pszUserName) ||
-            pszPassword         == NULL       ||
-            pdwNumServer   == NULL       ||
-            ppServerInfo   == NULL
-       )
+    if (!pdwState)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetServerName( pszHostName, &pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // get domain name
-    dwError = VmDirGetDomainName(
-                    pszServerName,
-                    &pszDomain
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1,  "%s@%s", pszUserName, pszDomain);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSafeLDAPBind( &pLd,
-                                 pszServerName,
-                                 bufUPN,
-                                 pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //get all vmdir servers in the forest.
-    dwError = VmDirGetServersInfo(
-                            pLd,
-                            pszServerName,
-                            pszDomain,
-                            &pInternalServerInfo,
-                            &dwInfoCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMemory(
-                dwInfoCount*sizeof(VMDIR_SERVER_INFO),
-                (PVOID*)&pServerInfo
-                );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for ( i=0; i<dwInfoCount; i++)
+    if (hInBinding)
     {
-        dwError = VmDirAllocateStringA(
-                    pInternalServerInfo[i].pszServerDN,
-                    &(pServerInfo[i].pszServerDN)
-                    );
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding
+                        );
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    // fill in output parameters
-    *pdwNumServer = dwInfoCount;
-    *ppServerInfo = pServerInfo;
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirGetState(
+                          hBinding,
+                          &dwState
+                          );
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pInternalServerInfo);
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszServerName);
+    *pdwState = dwState;
 
-    // unbind
-    if (pLd)
+cleanup:
+    if (!hInBinding && hBinding)
     {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
+        VmDirFreeBindingHandle( &hBinding);
     }
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "VmDirGetServers failed. Error[%d]\n",
-            dwError
-            );
-    *pdwNumServer = 0;
-    *ppServerInfo = NULL;
+    //VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirGetState failed. Error[%d]\n", dwError );
     goto cleanup;
 }
 
 DWORD
-VmDirGetComputers(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PSTR**              pppszComputers,
-    DWORD*              pdwNumComputers
+VmDirSuperLogQueryServerData(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    PVMDIR_SUPERLOG_SERVER_DATA *ppServerData
     )
 {
-    DWORD       dwError                 = 0;
-    PSTR        pszServerName           = NULL;
-    PSTR        pszDomain               = NULL;
-    LDAP*       pLd                     = NULL;
-    PSTR        pszComputerDNPrefix     = NULL;
-    PSTR*       ppszComputers           = NULL;
-    DWORD       dwNumComputers          = 0;
+    DWORD       dwError = 0;
+    PCSTR       pszServerName = "localhost";
+    PCSTR       pszServerEndpoint = NULL;
+    handle_t    hBinding = NULL;
 
-    if (
-            IsNullOrEmptyString (pszHostName) ||
-            IsNullOrEmptyString (pszUserName) ||
-            pszPassword         == NULL       ||
-            pdwNumComputers     == NULL       ||
-            pppszComputers      == NULL
-       )
+    PVMDIR_SUPERLOG_SERVER_DATA pRpcServerData = NULL;
+    PVMDIR_SUPERLOG_SERVER_DATA pServerData = NULL;
+
+    if (hInBinding)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetServerName(pszHostName, &pszServerName);
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirSuperLogQueryServerData(
+                          hBinding,
+                          &pRpcServerData);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGetDomainName(
-                    pszServerName,
-                    &pszDomain
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirConnectLDAPServer(
-                            &pLd,
-                            pszServerName,
-                            pszDomain,
-                            pszUserName,
-                            pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringPrintf(
-                &pszComputerDNPrefix,
-                "%s=%s",
-                ATTR_OU,
-                VMDIR_COMPUTERS_RDN_VAL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetObjectAttribute(
-                pLd,
-                pszDomain,
-                pszComputerDNPrefix,
-                OC_COMPUTER,
-                ATTR_CN,
-                LDAP_SCOPE_ONELEVEL,
-                &ppszComputers,
-                &dwNumComputers
-                );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *pppszComputers = ppszComputers;
-    *pdwNumComputers = dwNumComputers;
-
-cleanup:
-
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-    VMDIR_SAFE_FREE_STRINGA(pszDomain);
-    VMDIR_SAFE_FREE_STRINGA(pszServerName);
-    VMDIR_SAFE_FREE_STRINGA(pszComputerDNPrefix);
-    return dwError;
-
-error:
-    if (pppszComputers)
-    {
-        *pppszComputers = NULL;
-    }
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "%s failed. Error[%d]\n",
-            __FUNCTION__,
-            dwError
+    dwError = VmDirAllocateMemory(
+            sizeof(VMDIR_SUPERLOG_SERVER_DATA),
+            (PVOID*)&pServerData
             );
-    goto cleanup;
-}
-
-DWORD
-VmdirGetSiteDCInfo(
-    LDAP*           pLd,
-    PCSTR           pszSiteName,
-    PCSTR           pszDomain,
-    DWORD*          pIdxDC,
-    PVMDIR_DC_INFO* ppDC,
-    DWORD           dwNumDC
-    )
-{
-    DWORD dwError = 0;
-    DWORD idxServer = 0;
-    PSTR  pszServerDNPrefix = NULL;
-    PSTR  pszSiteServersDNPrefix = NULL;
-    PSTR* ppszServers = NULL;
-    DWORD dwNumServer = 0;
-    PSTR* ppszPartners = NULL;
-    DWORD dwNumPartners = 0;
-
-    dwError = VmDirAllocateStringPrintf(
-                &pszSiteServersDNPrefix,
-                "cn=Servers,cn=%s,cn=Sites,cn=Configuration",
-                pszSiteName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetObjectAttribute(
-                pLd,
-                pszDomain,
-                pszSiteServersDNPrefix,
-                OC_DIR_SERVER,
-                ATTR_CN,
-                LDAP_SCOPE_ONELEVEL,
-                &ppszServers,
-                &dwNumServer
-                );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (idxServer = 0; idxServer < dwNumServer; ++idxServer, ++(*pIdxDC))
-    {
-        dwError = VmDirAllocateMemory(
-                sizeof(VMDIR_DC_INFO),
-                (PVOID*)&ppDC[*pIdxDC]
-                );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAllocateStringA(
-                    ppszServers[idxServer],
-                    &ppDC[*pIdxDC]->pszHostName);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAllocateStringA(
-                    pszSiteName,
-                    &ppDC[*pIdxDC]->pszSiteName);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VmDirAllocateStringPrintf(
-                    &pszServerDNPrefix,
-                    "cn=%s,%s",
-                    ppszServers[idxServer],
-                    pszSiteServersDNPrefix);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirGetObjectAttribute(
-                    pLd,
-                    pszDomain,
-                    pszServerDNPrefix,
-                    OC_REPLICATION_AGREEMENT,
-                    ATTR_LABELED_URI,
-                    LDAP_SCOPE_SUBTREE,
-                    &ppszPartners,
-                    &dwNumPartners
-                    );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VMDIR_SAFE_FREE_STRINGA(pszServerDNPrefix);
-
-        if (dwNumPartners > 0)
-        {
-            DWORD idxPartner = 0;
-            dwError = VmDirAllocateMemory(
-                        sizeof(PSTR)*dwNumPartners,
-                        (PVOID)&ppDC[*pIdxDC]->ppPartners);
-            BAIL_ON_VMDIR_ERROR(dwError);
-            for (idxPartner = 0; idxPartner < dwNumPartners; ++idxPartner)
-            {
-                dwError = VmDirAllocateStringA(
-                    ppszPartners[idxPartner],
-                    &ppDC[*pIdxDC]->ppPartners[idxPartner]);
-            }
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            ppDC[*pIdxDC]->dwPartnerCount = dwNumPartners;
-       }
-
-        VmDirFreeStringArray(ppszPartners, dwNumPartners);
-        ppszPartners = NULL;
-    }
-
-cleanup:
-    VmDirFreeStringArray(ppszPartners, dwNumPartners);
-    VmDirFreeStringArray(ppszServers, dwNumServer);
-    VMDIR_SAFE_FREE_STRINGA(pszServerDNPrefix);
-    VMDIR_SAFE_FREE_MEMORY(pszSiteServersDNPrefix);
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-DWORD
-VmDirGetDCInfo(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_DC_INFO**    pppDC,
-    DWORD*              pdwNumDC
-    )
-{
-    DWORD       dwError = 0;
-    DWORD       idxDC = 0;
-    DWORD       idxSite = 0;
-    PSTR        pszDomain = NULL;
-    LDAP*       pLd = NULL;
-    PSTR        pszServerName = NULL;
-    PSTR*       ppszServers = NULL;
-    DWORD       dwNumDC = 0;
-    PSTR*       ppszSites = NULL;
-    DWORD       dwNumSite = 0;
-    PVMDIR_DC_INFO* ppDC = NULL;
-
-    if (
-            IsNullOrEmptyString (pszHostName) ||
-            IsNullOrEmptyString (pszUserName) ||
-            pszPassword         == NULL       ||
-            pppDC               == NULL       ||
-            pdwNumDC            == NULL
-       )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetServerName( pszHostName, &pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetDomainName(
-                    pszServerName,
-                    &pszDomain
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirConnectLDAPServer(
-                            &pLd,
-                            pszServerName,
-                            pszDomain,
-                            pszUserName,
-                            pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetObjectAttribute(
-                pLd,
-                pszDomain,
-                "cn=Sites,cn=Configuration",
-                OC_DIR_SERVER,
-                ATTR_CN,
-                LDAP_SCOPE_SUBTREE,
-                &ppszServers,
-                &dwNumDC
-                );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (dwNumDC > 0 )
-    {
-        dwError = VmDirAllocateMemory(
-                dwNumDC*sizeof(VMDIR_DC_INFO),
-                (PVOID*)&ppDC
-                );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        *pdwNumDC = 0;
-        goto cleanup;
-    }
-
-    dwError = VmDirGetObjectAttribute(
-                pLd,
-                pszDomain,
-                "cn=Sites,cn=Configuration",
-                OC_CONTAINER,
-                ATTR_CN,
-                LDAP_SCOPE_ONELEVEL,
-                &ppszSites,
-                &dwNumSite
-                );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (idxSite = 0; idxSite < dwNumSite; idxSite++)
-    {
-        dwError = VmdirGetSiteDCInfo(
-                        pLd,
-                        ppszSites[idxSite],
-                        pszDomain,
-                        &idxDC,
-                        ppDC,
-                        dwNumDC);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *pppDC = ppDC;
-    *pdwNumDC = dwNumDC;
-
-cleanup:
-    VmDirFreeStringArray(ppszSites, dwNumSite);
-    VmDirFreeStringArray(ppszServers, dwNumDC);
-    ppszServers = NULL;
-
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszServerName);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "%s failed, Error[%d]\n",
-            __FUNCTION__,
-            dwError
-            );
-
-    VmDirFreeDCInfoArray(ppDC, dwNumDC);
-    if (pppDC)
-    {
-        *pppDC = NULL;
-    }
-
-    goto cleanup;
-}
-
-VOID
-VmDirFreeDCInfo(
-    PVMDIR_DC_INFO      pDC
-    )
-{
-    if (pDC)
-    {
-        VmDirFreeStringArray(pDC->ppPartners, pDC->dwPartnerCount);
-        VMDIR_SAFE_FREE_STRINGA(pDC->pszHostName);
-        VMDIR_SAFE_FREE_STRINGA(pDC->pszSiteName);
-        VMDIR_SAFE_FREE_MEMORY(pDC);
-    }
-}
-
-VOID
-VmDirFreeDCInfoArray(
-    PVMDIR_DC_INFO*     ppDC,
-    DWORD               dwNumDC
-    )
-{
-    DWORD idx = 0;
-    if (ppDC && dwNumDC > 0)
-    {
-        for (; idx < dwNumDC; ++idx)
-        {
-            VmDirFreeDCInfo(ppDC[idx]);
-        }
-        VMDIR_SAFE_FREE_MEMORY(ppDC);
-    }
-}
-
-DWORD
-VmDirReplNow(
-    PCSTR pszServerName)
-{
-    DWORD       dwError = 0;
-    PCSTR       pszServerEndpoint = NULL;
-    handle_t    hBinding = NULL;
-
-    // parameter check
-    if (pszServerName == NULL)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirCreateBindingHandleMachineAccountA(
-                    pszServerName,
-                    pszServerEndpoint,
-                    &hBinding);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    pServerData->iServerStartupTime = pRpcServerData->iServerStartupTime;
+    pServerData->iAddCount = pRpcServerData->iAddCount;
+    pServerData->iBindCount = pRpcServerData->iBindCount;
+    pServerData->iDeleteCount = pRpcServerData->iDeleteCount;
+    pServerData->iModifyCount = pRpcServerData->iModifyCount;
+    pServerData->iSearchCount = pRpcServerData->iSearchCount;
+    pServerData->iUnbindCount = pRpcServerData->iUnbindCount;
 
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirReplNow(hBinding);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppServerData = pServerData;
 
 cleanup:
-    if (hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirReplNow failed. Error[%d]\n", dwError );
-    goto cleanup;
-}
-
-DWORD
-VmDirSetLogLevelH(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    PCSTR       pszLogLevel
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-    VMDIR_LOG_LEVEL myLogLevel = VMDIR_LOG_INFO;
-
-    if ( !pszLogLevel)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if ( VmDirStringCompareA(pszLogLevel, "ERROR", FALSE) == 0)
-    {
-        myLogLevel = VMDIR_LOG_ERROR;
-    }
-    else if ( VmDirStringCompareA(pszLogLevel, "WARNING", FALSE) == 0)
-    {
-        myLogLevel = VMDIR_LOG_WARNING;
-    }
-    else if ( VmDirStringCompareA(pszLogLevel, "INFO", FALSE) == 0)
-    {
-        myLogLevel = VMDIR_LOG_INFO;
-    }
-    else if ( VmDirStringCompareA(pszLogLevel, "VERBOSE", FALSE) == 0)
+    if (pRpcServerData)
     {
-        myLogLevel = VMDIR_LOG_VERBOSE;
+        VmDirRpcClientFreeMemory(pRpcServerData);
     }
-    else if ( VmDirStringCompareA(pszLogLevel, "DEBUG", FALSE) == 0)
-    {
-        myLogLevel = VMDIR_LOG_DEBUG;
-    }
-    else
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSetLogLevel(
-                          hBinding,
-                          myLogLevel);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSetLogLevel failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirGetLogLevelH(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    VMDIR_LOG_LEVEL*         pLogLevel
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-    VMDIR_LOG_LEVEL logLevel = 0;
-
-    if (!pLogLevel)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirGetLogLevel(
-                          hBinding,
-                          &logLevel);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *pLogLevel = logLevel;
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirGetLogLevel failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSetLogLevel(
-    PCSTR       pszLogLevel
-    )
-{
-    DWORD dwError = 0;
-    dwError = VmDirSetLogLevelH(
-                  NULL,
-                  pszLogLevel);
-    return dwError;
-}
-
-DWORD
-VmDirSetLogMaskH(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    UINT32      iVmDirLogMask
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       pszServerName = "localhost";
-    PCSTR       pszServerEndpoint = NULL;
-    handle_t    hBinding = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSetLogMask(
-                          hBinding,
-                          iVmDirLogMask);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSetLogMask failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirGetLogMaskH(
-    PVMDIR_SERVER_CONTEXT   hInBinding,
-    UINT32*                 piVmDirLogMask
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       pszServerName = "localhost";
-    PCSTR       pszServerEndpoint = NULL;
-    handle_t    hBinding = NULL;
-    UINT32      iMask = 0;
-
-    if (!piVmDirLogMask)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirGetLogMask(
-                          hBinding,
-                          &iMask);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *piVmDirLogMask = iMask;
-
-cleanup:
-
     if (!hInBinding && hBinding)
     {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirGetLogMask failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSetLogMask(
-    UINT32      iVmDirLogMask
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirSetLogMaskH(
-                  NULL,
-                  iVmDirLogMask);
-    return dwError;
-}
-
-DWORD
-VmDirSetState(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    UINT32      dwState)
-{
-    DWORD dwError = 0;
-    PCSTR pszServerName = "localhost";
-    PCSTR pszServerEndpoint = NULL;
-    handle_t hBinding = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSetState(
-                          hBinding,
-                          dwState
-                          );
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetState failed. Error[%d]\n", dwError );
-    goto cleanup;
-}
-
-DWORD
-VmDirGetState(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    UINT32*                  pdwState)
-{
-    DWORD dwError = 0;
-    PCSTR pszServerName = "localhost";
-    PCSTR pszServerEndpoint = NULL;
-    handle_t hBinding = NULL;
-    UINT32  dwState = 0;
-
-    if (!pdwState)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirGetState(
-                          hBinding,
-                          &dwState
-                          );
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *pdwState = dwState;
-
-cleanup:
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-    return dwError;
-
-error:
-    //VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirGetState failed. Error[%d]\n", dwError );
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogQueryServerData(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    PVMDIR_SUPERLOG_SERVER_DATA *ppServerData
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       pszServerName = "localhost";
-    PCSTR       pszServerEndpoint = NULL;
-    handle_t    hBinding = NULL;
-
-    PVMDIR_SUPERLOG_SERVER_DATA pRpcServerData = NULL;
-    PVMDIR_SUPERLOG_SERVER_DATA pServerData = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogQueryServerData(
-                          hBinding,
-                          &pRpcServerData);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VMDIR_SUPERLOG_SERVER_DATA),
-            (PVOID*)&pServerData
-            );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pServerData->iServerStartupTime = pRpcServerData->iServerStartupTime;
-    pServerData->iAddCount = pRpcServerData->iAddCount;
-    pServerData->iBindCount = pRpcServerData->iBindCount;
-    pServerData->iDeleteCount = pRpcServerData->iDeleteCount;
-    pServerData->iModifyCount = pRpcServerData->iModifyCount;
-    pServerData->iSearchCount = pRpcServerData->iSearchCount;
-    pServerData->iUnbindCount = pRpcServerData->iUnbindCount;
-
-    *ppServerData = pServerData;
-
-cleanup:
-    if (pRpcServerData)
-    {
-        VmDirRpcClientFreeMemory(pRpcServerData);
-    }
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle(&hBinding);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirSuperLogQueryServerData failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogEnable(
-    PVMDIR_SERVER_CONTEXT    hInBinding
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogEnable(
-                          hBinding);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSuperLogEnable failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogDisable(
-    PVMDIR_SERVER_CONTEXT    hInBinding
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogDisable(
-                          hBinding);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSuperLogDisable failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirIsSuperLogEnabled(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    PBOOLEAN                 pbEnabled
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-    BOOLEAN         bEnabled = 0;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirIsSuperLogEnabled(
-                          hBinding,
-                          &bEnabled);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *pbEnabled = bEnabled;
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirIsSuperLogEnabled failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogFlush(
-    PVMDIR_SERVER_CONTEXT  hInBinding
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogFlush(
-                          hBinding);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSuperLogFlush failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogSetSize(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    DWORD                    dwSize
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogSetSize(
-                          hBinding,
-                          dwSize);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSuperLogSetSize failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogGetSize(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    PDWORD                   pdwSize
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-
-    DWORD           dwSize = 0;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogGetSize(
-                          hBinding,
-                          &dwSize);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *pdwSize = dwSize;
-
-cleanup:
-
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle( &hBinding);
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "VmDirSuperLogGetSize failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirSuperLogGetEntriesLdapOperation(
-    PVMDIR_SERVER_CONTEXT    hInBinding,
-    ULONG64 **ppEnumerationCookie,
-    DWORD                    dwCount, // 0 ==> all
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY *ppEntries
-    )
-{
-    DWORD           dwError = 0;
-    PCSTR           pszServerName = "localhost";
-    PCSTR           pszServerEndpoint = NULL;
-    handle_t        hBinding = NULL;
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pEntries = NULL;
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pRpcEntries = NULL;
-
-    if (hInBinding)
-    {
-        hBinding = hInBinding->hBinding;
-    }
-    else
-    {
-        dwError = VmDirCreateBindingHandleMachineAccountA(
-                        pszServerName,
-                        pszServerEndpoint,
-                        &hBinding);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirSuperLogGetEntriesLdapOperation(
-                          hBinding,
-                          (vmdir_superlog_cookie_t *)ppEnumerationCookie,
-                          dwCount,
-                          &pRpcEntries);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirAllocateSuperLogEntryLdapOperationArray(pRpcEntries, &pEntries);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppEntries = pEntries;
-
-cleanup:
-    VmDirRpcFreeSuperLogEntryLdapOperationArray(pRpcEntries);
-    if (!hInBinding && hBinding)
-    {
-        VmDirFreeBindingHandle(&hBinding);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirSuperLogGetSize failed. Error[%d]\n", dwError);
-    VmDirFreeSuperLogEntryLdapOperationArray(pEntries);
-    goto cleanup;
-}
-
-static
-DWORD
-_CopySearchInformation(
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION pSrcEntry,
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION pDstEntry
-    )
-{
-    DWORD dwError = 0;
-
-    if (!pSrcEntry || !pDstEntry)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringW(
-            pSrcEntry->opInfo.searchInfo.pwszAttributes,
-            &pDstEntry->opInfo.searchInfo.pwszAttributes);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringW(
-            pSrcEntry->opInfo.searchInfo.pwszBaseDN,
-            &pDstEntry->opInfo.searchInfo.pwszBaseDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringW(
-            pSrcEntry->opInfo.searchInfo.pwszScope,
-            &pDstEntry->opInfo.searchInfo.pwszScope);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringW(
-            pSrcEntry->opInfo.searchInfo.pwszIndexResults,
-            &pDstEntry->opInfo.searchInfo.pwszIndexResults);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pDstEntry->opInfo.searchInfo.dwScanned = pSrcEntry->opInfo.searchInfo.dwScanned;
-    pDstEntry->opInfo.searchInfo.dwReturned = pSrcEntry->opInfo.searchInfo.dwReturned;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-_VmDirAllocateSuperLogEntryLdapOperationArray(
-        PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pSrcEntries,
-        PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY *ppDstEntries
-        )
-{
-    DWORD   dwError = 0;
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION srcEntries = NULL;
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION dstEntries = NULL;
-    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pDstEntries = NULL;
-    unsigned int i;
-
-    if (!pSrcEntries || !ppDstEntries)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY),
-            (PVOID*)&pDstEntries
-            );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pDstEntries->dwCount = 0;
-    pDstEntries->entries = NULL;
-
-    if (pSrcEntries->dwCount > 0)
-    {
-        dwError = VmDirAllocateMemory(
-                sizeof(VMDIR_SUPERLOG_ENTRY_LDAPOPERATION)*pSrcEntries->dwCount,
-                (PVOID*)&pDstEntries->entries
-                );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pDstEntries->dwCount = pSrcEntries->dwCount;
-        srcEntries = pSrcEntries->entries;
-        dstEntries = pDstEntries->entries;
-
-        for (i = 0; i < pDstEntries->dwCount; i++)
-        {
-            dwError = VmDirAllocateStringW(srcEntries[i].pwszLoginDN, &(dstEntries[i].pwszLoginDN));
-            BAIL_ON_VMDIR_ERROR(dwError);
-            dwError = VmDirAllocateStringW(srcEntries[i].pwszClientIP, &(dstEntries[i].pwszClientIP));
-            BAIL_ON_VMDIR_ERROR(dwError);
-            dwError = VmDirAllocateStringW(srcEntries[i].pwszServerIP, &(dstEntries[i].pwszServerIP));
-            BAIL_ON_VMDIR_ERROR(dwError);
-            dwError = VmDirAllocateStringW(srcEntries[i].pwszOperation, &(dstEntries[i].pwszOperation));
-            BAIL_ON_VMDIR_ERROR(dwError);
-            dwError = VmDirAllocateStringW(srcEntries[i].pwszString, &(dstEntries[i].pwszString));
-            BAIL_ON_VMDIR_ERROR(dwError);
-            dstEntries[i].dwClientPort = srcEntries[i].dwClientPort;
-            dstEntries[i].dwServerPort = srcEntries[i].dwServerPort;
-            dstEntries[i].dwErrorCode = srcEntries[i].dwErrorCode;
-            dstEntries[i].iStartTime = srcEntries[i].iStartTime;
-            dstEntries[i].iEndTime = srcEntries[i].iEndTime;
-            dstEntries[i].opType = srcEntries[i].opType;
-
-            switch (dstEntries[i].opType)
-            {
-            case LDAP_REQ_SEARCH:
-                dwError = _CopySearchInformation(&srcEntries[i], &dstEntries[i]);
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-            default:
-                break;
-            }
-        }
-    }
-
-    *ppDstEntries = pDstEntries;
-
-cleanup:
-    return dwError;
-
-error:
-    VmDirFreeSuperLogEntryLdapOperationArray(pDstEntries);
-    goto cleanup;
-}
-
-
-// Write UPN keys for the machine and service accounts to the keytab file.
-
-static
-DWORD
-_VmDirUpdateKeytabFile(
-    PCSTR pszServerName,
-    PCSTR pszDomainName,
-    PCSTR pszHostName,
-    PCSTR pszUserName,
-    PCSTR pszPassword,
-    BOOLEAN bIsServer)
-{
-    DWORD                   dwError = 0;
-    PVMDIR_KEYTAB_HANDLE    pKeyTabHandle = NULL;
-    PSTR                    pszUpperCaseDomainName = NULL;
-    CHAR                    pszKeyTabFileName[VMDIR_MAX_FILE_NAME_LEN] = {0};
-    PSTR                    pszSRPUPN = NULL;
-    PSTR                    pszMachineAccountUPN = NULL;
-    PSTR                    pszServiceAccountUPN = NULL;
-    PCSTR                   pszServerServiceTable[] = VMDIR_DEFAULT_SERVICE_PRINCIPAL_INITIALIZER;
-    PCSTR                   pszClientServiceTable[] = VMDIR_CLIENT_SERVICE_PRINCIPAL_INITIALIZER;
-    PCSTR                  *pszServiceTable = NULL;
-    int                     iServiceTableLen = 0;
-    int                     iCnt = 0;
-    PBYTE                   pLocalByte = NULL;
-    DWORD                   dwByteSize = 0;
-    DWORD                   dwWriteLen = 0;
-    PSTR                    pszLowerCaseHostName = NULL;
-
-    dwError = VmDirAllocASCIILowerToUpper( pszDomainName, &pszUpperCaseDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocASCIIUpperToLower( pszHostName, &pszLowerCaseHostName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Locate and open keytab file
-    dwError = VmDirGetRegKeyTabFile(pszKeyTabFileName);
-    if (dwError)
-    {
-        dwError = ERROR_SUCCESS;    // For none kerberos configuration, pass through.
-        goto cleanup;
-    }
-
-    dwError = VmDirKeyTabOpen(pszKeyTabFileName, "w", &pKeyTabHandle);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf( &pszMachineAccountUPN, "%s@%s", pszLowerCaseHostName, pszUpperCaseDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-
-    dwError = VmDirAllocateStringAVsnprintf( &pszSRPUPN, "%s@%s", pszUserName, pszDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirGetKeyTabRecBlob(pszServerName,
-                                     pszSRPUPN,
-                                     pszPassword,
-                                     pszMachineAccountUPN,
-                                     &pLocalByte,
-                                     &dwByteSize );
-    BAIL_ON_VMDIR_ERROR( dwError );
-
-    dwWriteLen = (DWORD) fwrite(pLocalByte, 1, dwByteSize, pKeyTabHandle->ktfp);
-    if ( dwWriteLen != dwByteSize)
-    {
-        /* I/O Error */
-        dwError = ERROR_IO;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (bIsServer)
-    {
-        pszServiceTable = pszServerServiceTable;
-        iServiceTableLen = sizeof(pszServerServiceTable)/sizeof(pszServerServiceTable[0]);
-    }
-    else
-    {
-        pszServiceTable = pszClientServiceTable;
-        iServiceTableLen = sizeof(pszClientServiceTable)/sizeof(pszClientServiceTable[0]);
-    }
-
-    // Get UPN keys for the service accounts and write to keytab file
-    for (iCnt = 0; iCnt < iServiceTableLen; iCnt++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pszServiceAccountUPN);
-        VMDIR_SAFE_FREE_MEMORY(pLocalByte);
-        dwByteSize = 0;
-
-        dwError = VmDirAllocateStringAVsnprintf( &pszServiceAccountUPN, "%s/%s@%s", pszServiceTable[iCnt], pszLowerCaseHostName, pszUpperCaseDomainName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = _VmDirGetKeyTabRecBlob(pszServerName,
-                                         pszSRPUPN,
-                                         pszPassword,
-                                         pszServiceAccountUPN,
-                                         &pLocalByte,
-                                         &dwByteSize );
-        BAIL_ON_VMDIR_ERROR( dwError );
-
-        dwWriteLen = (DWORD) fwrite(pLocalByte, 1, dwByteSize, pKeyTabHandle->ktfp);
-        if ( dwWriteLen != dwByteSize)
-        {
-            /* I/O Error */
-            dwError = ERROR_IO;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Keytab file (%s) created", VDIR_SAFE_STRING(pszKeyTabFileName));
-
-cleanup:
-    if (pKeyTabHandle)
-    {
-        VmDirKeyTabClose(pKeyTabHandle);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pszMachineAccountUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszServiceAccountUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszUpperCaseDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszLowerCaseHostName);
-    VMDIR_SAFE_FREE_MEMORY(pLocalByte);
-    VMDIR_SAFE_FREE_MEMORY(pszSRPUPN);
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirUpdateKeytabFile (%s) for host(%s) domain(%s) failed (%u)",
-                                         VDIR_SAFE_STRING(pszKeyTabFileName),
-                                         VDIR_SAFE_STRING(pszLowerCaseHostName),
-                                         VDIR_SAFE_STRING(pszUpperCaseDomainName),
-                                         dwError);
-
-    // for 2013 release, we should continue even if keytab setup fail
-    // as naming and DNS config may not meet our requirements.
-    // (i.e. at least forward lookup must be there.  For krb to work,
-    //       we need reverse lookup as well.)
-    dwError = 0;
-
-    goto cleanup;
-}
-
-static
-DWORD
-_VmDirLdapCheckVmDirStatus(
-    PCSTR pszPartnerHostName
-    )
-{
-    DWORD       dwError = 0;
-
-    PSTR        pszLocalServerReplURI = NULL;
-    LDAP *      pLd = NULL;
-    DWORD       i = 0;
-    BOOLEAN     bFirst = TRUE;
-    DWORD       dwTimeout = 15; //wait 2.5 minutes for 1st Ldu
-    VDIR_SERVER_STATE vmdirState = VMDIRD_STATE_UNDEFINED;
-
-    if (!IsNullOrEmptyString(pszPartnerHostName))
-    {
-        bFirst = FALSE;
-        dwTimeout = -1; //infinite minutes for 2nd Ldu, because we could be copying really big DB from partner.
-    }
-
-    dwError = VmDirAllocateStringAVsnprintf( &pszLocalServerReplURI, "%s://localhost:%d",
-                                             VMDIR_LDAP_PROTOCOL, DEFAULT_LDAP_PORT_NUM );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (bFirst)
-    {
-        printf("Wait for local instance LDAP service ");
-    }
-    else
-    {
-        printf("Wait for local replica to finish replication ");
-    }
-    fflush(stdout);
-
-    while ((dwTimeout == -1) || (i < dwTimeout))
-    {
-        dwError = VmDirAnonymousLDAPBind( &pLd, pszLocalServerReplURI );
-
-        if (dwError == 0)
-        {
-            VmDirSleep(2000);
-            break;
-        }
-
-        printf(".");
-        fflush(stdout);
-
-        VmDirSleep(SLEEP_INTERVAL_IN_SECS*1000);
-
-        i++;
-        VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "LDAP connect (%s) failed (%u), %d seconds passed",
-                           VDIR_SAFE_STRING(pszLocalServerReplURI), dwError, i * SLEEP_INTERVAL_IN_SECS);
-
-        if( !bFirst )
-        {
-	    dwError = VmDirLocalGetServerState( (UINT32*)&vmdirState );
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            if(vmdirState == VMDIRD_STATE_FAILURE)
-            {
-                dwError = VMDIR_ERROR_SERVER_DOWN;
-                VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                                 "VmDirLdapCheckVmDirStatus: Server in unrecoverable state");
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-        }
-    }
-    printf("\n");
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszLocalServerReplURI);
-    VmDirLdapUnbind(&pLd);
-
-    return dwError;
-
-error:
-    printf("Vmdir LDAP connectivity check failed or timed out");
-    fflush(stdout);
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirLdapCheckVmDirStatus (%s) failed with error (%u)",
-                     VDIR_SAFE_STRING(pszLocalServerReplURI), dwError);
-    goto cleanup;
-}
-
-// Create machine and krb service account
-// 1. machine account: machineFQDN@REALM
-// 2. ldap service account: ldap/machineFQDN@REALM
-// 3. host service account: host/machineFQDN@REALM
-// 4. vmca service account: vmca/machineFQDN@REALM
-static
-DWORD
-_VmDirSetupDefaultAccount(
-    PCSTR pszDomainName,
-    PCSTR pszPartnerServerName,
-    PCSTR pszLdapHostName,
-    PCSTR pszBindUserName,
-    PCSTR pszBindPassword
-    )
-{
-    DWORD   dwError = 0;
-    PCSTR   pszServiceTable[] = VMDIR_DEFAULT_SERVICE_PRINCIPAL_INITIALIZER;
-    int     iCnt = 0;
-
-    dwError = VmDirLdapSetupDCAccountOnPartner(
-                                    pszDomainName,
-                                    pszPartnerServerName,
-                                    pszBindUserName,
-                                    pszBindPassword,
-                                    pszLdapHostName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (iCnt = 0; iCnt < sizeof(pszServiceTable)/sizeof(pszServiceTable[0]); iCnt++)
-    {
-        dwError = VmDirLdapSetupServiceAccount(
-                                        pszDomainName,
-                                        pszPartnerServerName,
-                                        pszBindUserName,
-                                        pszBindPassword,
-                                        pszServiceTable[iCnt],
-                                        pszLdapHostName );
-        if (dwError == LDAP_ALREADY_EXISTS)
-        {
-            dwError = LDAP_SUCCESS; // ignore if entry already exists (maybe due to prior merge/join..etc)
-            VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "_VmDirSetupKrbAccount SetupServiceAccount (%s) return LDAP_ALREADY_EXISTS",
-                                                   pszServiceTable[iCnt] );
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirSetupKrbAccount (%s)(%s) passed",
-                                        VDIR_SAFE_STRING(pszDomainName),
-                                        VDIR_SAFE_STRING(pszPartnerServerName) );
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-/*
- * find hosts that has pszHostName as repliaction partner
- */
-static
-DWORD
-_VmDirFindAllReplPartnerHost(
-    PCSTR    pszHostName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    PSTR**   pppszPartnerHost,
-    DWORD*   pdwSize
-    )
-{
-    DWORD       dwError=0;
-    PSTR*       ppszLocal=NULL;
-    DWORD       dwNumReplPartner=0;
-    DWORD       dwCnt=0;
-
-    PVMDIR_REPL_PARTNER_INFO    pReplPartnerInfo = NULL;
-
-    dwError = VmDirGetReplicationPartners( pszHostName,
-                                           pszUserName,
-                                           pszPassword,
-                                           &pReplPartnerInfo,
-                                           &dwNumReplPartner);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if ( dwNumReplPartner > 0 )
-    {
-        dwError = VmDirAllocateMemory( dwNumReplPartner * sizeof(PSTR), (PVOID)&ppszLocal );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        for ( dwCnt=0; dwCnt < dwNumReplPartner; dwCnt++ )
-        {
-            dwError = VmDirReplURIToHostname( pReplPartnerInfo[dwCnt].pszURI, &(ppszLocal[dwCnt]) );
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    *pppszPartnerHost = ppszLocal;
-    *pdwSize = dwNumReplPartner;
-    ppszLocal = NULL;
-
-cleanup:
-    for (dwCnt=0; dwCnt < dwNumReplPartner; dwCnt++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo[dwCnt].pszURI);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirFindAllReplPartnerHost failed (%u)", dwError);
-    for (dwCnt=0; dwCnt < dwNumReplPartner; dwCnt++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(ppszLocal[dwCnt]);
-    }
-    VMDIR_SAFE_FREE_MEMORY(ppszLocal);
-
-    goto cleanup;
-}
-
-VOID
-VmDirFreeMetadata(
-    PVMDIR_METADATA pMetadata
-    )
-{
-    VmDirFreeMetadataInternal(pMetadata);
-}
-
-VOID
-VmDirFreeMetadataList(
-    PVMDIR_METADATA_LIST pMetadataList
-    )
-{
-    VmDirFreeMetadataListInternal(pMetadataList);
-}
-
-DWORD
-VmDirGetAttributeMetadata(
-    PVMDIR_CONNECTION   pConnection,
-    PCSTR               pszEntryDn,
-    PCSTR               pszAttribute,
-    PVMDIR_METADATA_LIST*    ppMetadataList
-    )
-{
-    return VmDirGetAttributeMetadataInternal(pConnection, pszEntryDn, pszAttribute, ppMetadataList);
-}
-
-DWORD
-VmDirGetServerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PSTR*             ppszGuid
-    )
-{
-    DWORD dwError = 0;
-    PSTR  pszGuid = NULL;
-
-    if (!pConnection || !ppszGuid || IsNullOrEmptyString(pszMachineName))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetServerGuidInternal(
-                pConnection->pLd,
-                pConnection->pszDomain,
-                pszMachineName,
-                &pszGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppszGuid = pszGuid;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    if (ppszGuid)
-    {
-        *ppszGuid = NULL;
+        VmDirFreeBindingHandle(&hBinding);
     }
+    return dwError;
 
-    VMDIR_SAFE_FREE_MEMORY(pszGuid);
-
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirSuperLogQueryServerData failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
 DWORD
-VmDirSetServerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PCSTR             pszGuid
+VmDirSuperLogEnable(
+    PVMDIR_SERVER_CONTEXT    hInBinding
     )
 {
-    DWORD dwError = 0;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
 
-    if (!pConnection ||
-        IsNullOrEmptyString(pszGuid) ||
-        IsNullOrEmptyString(pszMachineName))
+    if (hInBinding)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSetServerGuidInternal(
-                pConnection->pLd,
-                pConnection->pszDomain,
-                pszMachineName,
-                pszGuid);
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirSuperLogEnable(
+                          hBinding);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
 
+    if (!hInBinding && hBinding)
+    {
+        VmDirFreeBindingHandle( &hBinding);
+    }
+
     return dwError;
 
 error:
 
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSuperLogEnable failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
 DWORD
-VmDirGetComputerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR              pszMachineName,
-    PSTR*             ppszGuid
+VmDirSuperLogDisable(
+    PVMDIR_SERVER_CONTEXT    hInBinding
     )
 {
-    DWORD dwError = 0;
-    PSTR  pszGuid = NULL;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
 
-    if (!pConnection || !ppszGuid || IsNullOrEmptyString(pszMachineName))
+    if (hInBinding)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetComputerGuidInternal(
-                pConnection->pLd,
-                pConnection->pszDomain,
-                pszMachineName,
-                &pszGuid);
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirSuperLogDisable(
+                          hBinding);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    *ppszGuid = pszGuid;
-
 cleanup:
 
-    return dwError;
-
-error:
-
-    if (ppszGuid)
+    if (!hInBinding && hBinding)
     {
-        *ppszGuid = NULL;
+        VmDirFreeBindingHandle( &hBinding);
     }
 
-    VMDIR_SAFE_FREE_MEMORY(pszGuid);
+    return dwError;
+
+error:
 
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSuperLogDisable failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
 DWORD
-VmDirSetComputerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PCSTR             pszGuid
+VmDirIsSuperLogEnabled(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    PBOOLEAN                 pbEnabled
     )
 {
-    DWORD dwError = 0;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
+    BOOLEAN         bEnabled = 0;
 
-    if (!pConnection ||
-        IsNullOrEmptyString(pszGuid) ||
-        IsNullOrEmptyString(pszMachineName))
+    if (hInBinding)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSetComputerGuidInternal(
-                pConnection->pLd,
-                pConnection->pszDomain,
-                pszMachineName,
-                pszGuid);
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirIsSuperLogEnabled(
+                          hBinding,
+                          &bEnabled);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    *pbEnabled = bEnabled;
+
 cleanup:
 
+    if (!hInBinding && hBinding)
+    {
+        VmDirFreeBindingHandle( &hBinding);
+    }
+
     return dwError;
 
 error:
 
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirIsSuperLogEnabled failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
-/*
- * Make server (pszServerToLeave) leave Federation
- * The server must be down to proceed.
- * This function is tring to do cleanup in an idempotence way,
- * i.e, if the entry to be removed doesn't exist,
- * then it proceeds to clean up remaining entries associcated
- * with the pszServerToLeave.
- */
 DWORD
-VmDirLeaveFederation(
-    PCSTR pszRaftLeader,
-    PCSTR pszServerToLeave,
-    PCSTR pszUserName,
-    PCSTR pszPassword
+VmDirSuperLogFlush(
+    PVMDIR_SERVER_CONTEXT  hInBinding
     )
 {
-    DWORD dwError=0;
-    PSTR  pszDomain = NULL;
-    LDAP* pLD = NULL;
-    PCSTR pszServiceTable[] = VMDIR_DEFAULT_SERVICE_PRINCIPAL_INITIALIZER;
-    DWORD i = 0;
-    PSTR  pszLocalErrMsg = NULL;
-    PSTR  pszDCAccount = NULL;
-
-    dwError = VmDirGetDomainName( pszRaftLeader, &pszDomain );
-    BAIL_ON_VMDIR_ERROR(dwError);
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
 
-    if (!_VmDirIsRemoteServerDown(pszServerToLeave, pszUserName, pszPassword, pszDomain))
+    if (hInBinding)
     {
-         dwError = LDAP_OPERATIONS_ERROR;
-         BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg,
-             "You must shutdown domain server %s before it can be removed from federation",
-             pszServerToLeave);
+        hBinding = hInBinding->hBinding;
     }
-
-    // Connect to Raft leader
-    dwError = _VmDirCreateServerPLD( pszRaftLeader, pszDomain, pszUserName, pszPassword, &pLD);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (pLD == NULL)
+    else
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirLeaveFederation: fail to bind to Raft leader server");
-        dwError = LDAP_OPERATIONS_ERROR;
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = _VmDirRemoveComputer(pLD, pszDomain, pszServerToLeave);
-    if (dwError == LDAP_SUCCESS)
-    {
-        //The serverToLeave is a management node, done if if the computer is removed successfully.
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirLeaveFederation: passed for domain client %s", pszServerToLeave);
-        goto cleanup;
-    } else if (dwError != LDAP_NO_SUCH_OBJECT)
+    VMDIR_RPC_TRY
     {
-        //Failed to remove the computer
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg,
-             "fail to remove domain clinet %s", pszServerToLeave);
+        dwError = RpcVmDirSuperLogFlush(
+                          hBinding);
     }
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-         "_VmDirLeaveFederation: proceed to cleanup entries associated with domain controller %s", pszServerToLeave);
-
-    //Remove entries associated with the server under Domain Controllers
-    dwError = VmDirLdapDeleteDCAccount( pLD, pszDomain, pszServerToLeave, TRUE);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, "fail to VmDirLdapDeleteDCAccount for domain controller %s", pszServerToLeave);
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirLeaveFederation: complete deleting DC account for domain controller %s", pszServerToLeave);
-
-    //Remove Service Accounts
-    for (i = 0; i < sizeof(pszServiceTable)/sizeof(pszServiceTable[0]); i++)
+    VMDIR_RPC_CATCH
     {
-        dwError = VmDirLdapDeleteServiceAccount( pLD, pszDomain, pszServiceTable[i], pszServerToLeave, TRUE);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg,
-                         "fail to delete Service Account %s associated with domain controller %s",
-                         pszServiceTable[i], pszServerToLeave);
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "VmDirLeaveFederation: complete deleting Service Account %s associated with domain controller %s",
-                         pszServiceTable[i], pszServerToLeave);
+        VMDIR_RPC_GETERROR_CODE(dwError);
     }
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirLeaveFederation: server %s is successfully removed from Raft cluster", pszServerToLeave);
+    VMDIR_RPC_ENDTRY;
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszDCAccount);
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
-    if ( pLD )
+
+    if (!hInBinding && hBinding)
     {
-        ldap_unbind_ext_s(pLD, NULL, NULL);
+        VmDirFreeBindingHandle( &hBinding);
     }
+
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirLeaveFederation failed, %s (%u)", pszLocalErrMsg, dwError );
+
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSuperLogFlush failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
-/*
- * Create LDAP handle (binding to pszServerName)
- * that can be used for later ldap operations
- */
-static
 DWORD
-_VmDirCreateServerPLD(
-    PCSTR    pszServerName,
-    PCSTR    pszDomain,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    LDAP**   ppLD
+VmDirSuperLogSetSize(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    DWORD                    dwSize
     )
 {
-    DWORD       dwError=0;
-    PSTR        pszUPN=NULL;
-    LDAP*       pLD = NULL;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
 
-    if ( !pszServerName || !ppLD || !pszPassword || !pszDomain )
+    if (hInBinding)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszUPN, "%s@%s", pszUserName, pszDomain );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSafeLDAPBind( &pLD,
-                                 pszServerName,
-                                 pszUPN,
-                                 pszPassword);
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirSuperLogSetSize(
+                          hBinding,
+                          dwSize);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    *ppLD = pLD;
-
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY( pszUPN );
-    return dwError;
 
-error:
-    if ( pLD )
+    if (!hInBinding && hBinding)
     {
-        ldap_unbind_ext_s( pLD, NULL, NULL);
+        VmDirFreeBindingHandle( &hBinding);
     }
-    goto cleanup;
-}
 
-/*
- * Test if erver pszServerName is down
- */
-static
-BOOLEAN
-_VmDirIsRemoteServerDown(
-    PCSTR    pszServerName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    PCSTR    pszDomain
-    )
-{
-    DWORD       dwError=0;
-    LDAP*       pLD = NULL;
+    return dwError;
 
-    dwError = _VmDirCreateServerPLD(pszServerName, pszDomain, pszUserName, pszPassword, &pLD);
-    VmDirLdapUnbind(&pLD);
-    return dwError == VMDIR_ERROR_SERVER_DOWN;
+error:
+
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSuperLogSetSize failed. Error[%d]\n", dwError);
+    goto cleanup;
 }
 
-/*
- * remove computer with name pszComputerHostName
- * used for management node cleanup
- */
-static
 DWORD
-_VmDirRemoveComputer(
-    LDAP *pLd,
-    PCSTR pszDomainName,
-    PCSTR pszComputerHostName
+VmDirSuperLogGetSize(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    PDWORD                   pdwSize
     )
 {
-    DWORD       dwError = 0;
-    PSTR        pszComputerDN = NULL;
-    PSTR        pszDomainDN = NULL;
-    PSTR        pszUpperCaseDomainName = NULL;
-    PSTR        pszLowerCaseComputerHostName = NULL;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
 
-    dwError = VmDirAllocASCIILowerToUpper( pszDomainName, &pszUpperCaseDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
+    DWORD           dwSize = 0;
 
-    dwError = VmDirAllocASCIIUpperToLower(
-                    pszComputerHostName,
-                    &pszLowerCaseComputerHostName );
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (hInBinding)
+    {
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirSuperLogGetSize(
+                          hBinding,
+                          &dwSize);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
-                    &pszComputerDN,
-                    "%s=%s,%s=%s,%s",
-                    ATTR_CN,
-                    pszLowerCaseComputerHostName,
-                    ATTR_OU,
-                    VMDIR_COMPUTERS_RDN_VAL,
-                    pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    *pdwSize = dwSize;
 
-    dwError = ldap_delete_ext_s(pLd, pszComputerDN, NULL, NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
+cleanup:
 
+    if (!hInBinding && hBinding)
+    {
+        VmDirFreeBindingHandle( &hBinding);
+    }
 
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszComputerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
-    VMDIR_SAFE_FREE_MEMORY(pszUpperCaseDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszLowerCaseComputerHostName);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirRemoveComputer (%s) failed with error (%u)",
-                    VDIR_SAFE_STRING(pszComputerDN), dwError);
+
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "VmDirSuperLogGetSize failed. Error[%d]\n", dwError);
     goto cleanup;
 }
 
-static
 DWORD
-_VmDirModDcPassword(
-    PCSTR pszHostName,
-    PCSTR pszUPN,
-    PCSTR pszPassword,
-    PCSTR pszMachineActDn,
-    PBYTE pszNewPassword
+VmDirSuperLogGetEntriesLdapOperation(
+    PVMDIR_SERVER_CONTEXT    hInBinding,
+    ULONG64 **ppEnumerationCookie,
+    DWORD                    dwCount, // 0 ==> all
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY *ppEntries
     )
 {
-    DWORD    dwError = 0;
-    LDAP*    pLD     = NULL;
+    DWORD           dwError = 0;
+    PCSTR           pszServerName = "localhost";
+    PCSTR           pszServerEndpoint = NULL;
+    handle_t        hBinding = NULL;
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pEntries = NULL;
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pRpcEntries = NULL;
 
-    dwError = VmDirSafeLDAPBind(&pLD,
-                                pszHostName,
-                                pszUPN,
-                                pszPassword);
+    if (hInBinding)
+    {
+        hBinding = hInBinding->hBinding;
+    }
+    else
+    {
+        dwError = VmDirCreateBindingHandleMachineAccountA(
+                        pszServerName,
+                        pszServerEndpoint,
+                        &hBinding);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    VMDIR_RPC_TRY
+    {
+        dwError = RpcVmDirSuperLogGetEntriesLdapOperation(
+                          hBinding,
+                          (vmdir_superlog_cookie_t *)ppEnumerationCookie,
+                          dwCount,
+                          &pRpcEntries);
+    }
+    VMDIR_RPC_CATCH
+    {
+        VMDIR_RPC_GETERROR_CODE(dwError);
+    }
+    VMDIR_RPC_ENDTRY;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapModReplaceAttribute(pLD,
-                                           pszMachineActDn,
-                                           ATTR_USER_PASSWORD,
-                                           pszNewPassword);
+    dwError = _VmDirAllocateSuperLogEntryLdapOperationArray(pRpcEntries, &pEntries);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Update account (%s) password on node (%s)", pszMachineActDn, pszHostName);
+    *ppEntries = pEntries;
 
 cleanup:
-    if (pLD)
+    VmDirRpcFreeSuperLogEntryLdapOperationArray(pRpcEntries);
+    if (!hInBinding && hBinding)
     {
-        ldap_unbind_ext_s(pLD, NULL, NULL);
+        VmDirFreeBindingHandle(&hBinding);
     }
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirModDcPassword failed (%u)", dwError);
-
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirSuperLogGetSize failed. Error[%d]\n", dwError);
+    VmDirFreeSuperLogEntryLdapOperationArray(pEntries);
     goto cleanup;
 }
 
+static
 DWORD
-VmDirGetDomainFunctionalLevel(
-    PCSTR       pszHostName,
-    PCSTR       pszUserName,
-    PCSTR       pszPassword,
-    PCSTR	pszDomainName,
-    PDWORD	pdwFuncLvl
+_CopySearchInformation(
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION pSrcEntry,
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION pDstEntry
     )
 {
-    DWORD	dwError = 0;
-    DWORD	dwFuncLvl = 0;
-    char	bufUPN[VMDIR_MAX_UPN_LEN] = {0};
-    LDAP*	pLd = NULL;
+    DWORD dwError = 0;
 
-    if (!pszUserName || !pszPassword ||
-	!pdwFuncLvl || !pszDomainName || !pszHostName)
+    if (!pSrcEntry || !pDstEntry)
     {
-	BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_PARAMETER);
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1,  "%s@%s",
-				  pszUserName, pszDomainName);
+    dwError = VmDirAllocateStringW(
+            pSrcEntry->opInfo.searchInfo.pwszAttributes,
+            &pDstEntry->opInfo.searchInfo.pwszAttributes);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSafeLDAPBind( &pLd,
-				 pszHostName,
-				 bufUPN,
-				 pszPassword );
+    dwError = VmDirAllocateStringW(
+            pSrcEntry->opInfo.searchInfo.pwszBaseDN,
+            &pDstEntry->opInfo.searchInfo.pwszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGetDomainFuncLvlInternal(
-		pLd,
-		pszDomainName,
-		&dwFuncLvl);
+    dwError = VmDirAllocateStringW(
+            pSrcEntry->opInfo.searchInfo.pwszScope,
+            &pDstEntry->opInfo.searchInfo.pwszScope);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (!dwFuncLvl)
-    {
-	dwError = ERROR_NO_FUNC_LVL;
-	BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    dwError = VmDirAllocateStringW(
+            pSrcEntry->opInfo.searchInfo.pwszIndexResults,
+            &pDstEntry->opInfo.searchInfo.pwszIndexResults);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    *pdwFuncLvl = dwFuncLvl;
+    pDstEntry->opInfo.searchInfo.dwScanned = pSrcEntry->opInfo.searchInfo.dwScanned;
+    pDstEntry->opInfo.searchInfo.dwReturned = pSrcEntry->opInfo.searchInfo.dwReturned;
 
 cleanup:
-
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-
     return dwError;
 
 error:
-
-    if (pdwFuncLvl)
-    {
-        *pdwFuncLvl = 0;
-    }
-
     goto cleanup;
 }
 
+static
 DWORD
-VmDirSetDomainFunctionalLevel(
-    PCSTR       pszHostName,
-    PCSTR       pszUserName,
-    PCSTR       pszPassword,
-    PCSTR       pszDomainName,
-    PDWORD	pdwFuncLvl,
-    BOOLEAN	bUseDefault
-    )
+_VmDirAllocateSuperLogEntryLdapOperationArray(
+        PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pSrcEntries,
+        PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY *ppDstEntries
+        )
 {
-    DWORD	dwError = 0;
-    char	bufUPN[VMDIR_MAX_UPN_LEN] = {0};
-    LDAP	*pLd = NULL;
-    DWORD	dwCurrentDfl;
-    PVMDIR_DC_VERSION_INFO	pDCVerInfo = NULL;
-
+    DWORD   dwError = 0;
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION srcEntries = NULL;
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION dstEntries = NULL;
+    PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pDstEntries = NULL;
+    unsigned int i;
 
-    if (!pszUserName || !pszPassword ||
-	!pszDomainName || !pszHostName || !pdwFuncLvl )
+    if (!pSrcEntries || !ppDstEntries)
     {
-	BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_PARAMETER);
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1,  "%s@%s",
-				  pszUserName, pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetDCNodesVersion (
-		pszHostName,
-		pszUserName,
-		pszPassword,
-		pszDomainName,
-		&pDCVerInfo );
+    dwError = VmDirAllocateMemory(
+            sizeof(VMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY),
+            (PVOID*)&pDstEntries
+            );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (!pDCVerInfo)
-    {
-	dwError = ERROR_INVALID_STATE;
-	BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    pDstEntries->dwCount = 0;
+    pDstEntries->entries = NULL;
 
-    // default to max DFL.
-    if (bUseDefault)
+    if (pSrcEntries->dwCount > 0)
     {
-	*pdwFuncLvl = pDCVerInfo->dwMaxDomainFuncLvl;
-    }
-
-
-    dwError = VmDirSafeLDAPBind( &pLd,
-				 pszHostName,
-				 bufUPN,
-				 pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = VmDirAllocateMemory(
+                sizeof(VMDIR_SUPERLOG_ENTRY_LDAPOPERATION)*pSrcEntries->dwCount,
+                (PVOID*)&pDstEntries->entries
+                );
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Do not allow DFL downgrade.
-    dwError = VmDirGetDomainFuncLvlInternal(pLd,
-					    pszDomainName,
-					    &dwCurrentDfl);
-    BAIL_ON_VMDIR_ERROR(dwError);
+        pDstEntries->dwCount = pSrcEntries->dwCount;
+        srcEntries = pSrcEntries->entries;
+        dstEntries = pDstEntries->entries;
 
-    // verify that DFL is valid
-    if ( *pdwFuncLvl <  dwCurrentDfl || *pdwFuncLvl > pDCVerInfo->dwMaxDomainFuncLvl)
-    {
-	VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-			"%s Invalid level (%d). Min (%d), Max (%d)",
-			__FUNCTION__,
-			*pdwFuncLvl,
-			dwCurrentDfl,
-			pDCVerInfo->dwMaxDomainFuncLvl);
+        for (i = 0; i < pDstEntries->dwCount; i++)
+        {
+            dwError = VmDirAllocateStringW(srcEntries[i].pwszLoginDN, &(dstEntries[i].pwszLoginDN));
+            BAIL_ON_VMDIR_ERROR(dwError);
+            dwError = VmDirAllocateStringW(srcEntries[i].pwszClientIP, &(dstEntries[i].pwszClientIP));
+            BAIL_ON_VMDIR_ERROR(dwError);
+            dwError = VmDirAllocateStringW(srcEntries[i].pwszServerIP, &(dstEntries[i].pwszServerIP));
+            BAIL_ON_VMDIR_ERROR(dwError);
+            dwError = VmDirAllocateStringW(srcEntries[i].pwszOperation, &(dstEntries[i].pwszOperation));
+            BAIL_ON_VMDIR_ERROR(dwError);
+            dwError = VmDirAllocateStringW(srcEntries[i].pwszString, &(dstEntries[i].pwszString));
+            BAIL_ON_VMDIR_ERROR(dwError);
+            dstEntries[i].dwClientPort = srcEntries[i].dwClientPort;
+            dstEntries[i].dwServerPort = srcEntries[i].dwServerPort;
+            dstEntries[i].dwErrorCode = srcEntries[i].dwErrorCode;
+            dstEntries[i].iStartTime = srcEntries[i].iStartTime;
+            dstEntries[i].iEndTime = srcEntries[i].iEndTime;
+            dstEntries[i].opType = srcEntries[i].opType;
 
-	dwError = VMDIR_ERROR_INVALID_FUNC_LVL;
-	BAIL_ON_VMDIR_ERROR(dwError);
+            switch (dstEntries[i].opType)
+            {
+            case LDAP_REQ_SEARCH:
+                dwError = _CopySearchInformation(&srcEntries[i], &dstEntries[i]);
+                BAIL_ON_VMDIR_ERROR(dwError);
+                break;
+            default:
+                break;
+            }
+        }
     }
 
-    dwError = VmDirSetDomainFuncLvlInternal(
-		pLd,
-		pszDomainName,
-		*pdwFuncLvl);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppDstEntries = pDstEntries;
 
 cleanup:
-
-    if (pDCVerInfo)
-    {
-	VmDirFreeDCVersionInfo(pDCVerInfo);
-    }
-
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-
     return dwError;
 
 error:
-
+    VmDirFreeSuperLogEntryLdapOperationArray(pDstEntries);
     goto cleanup;
 }
 
-/*
- * Get node version from domain controller object.
- * This value does not exist in 5.5 and 6.0.  In such case, it tries to contact individual node to collect
- *   version information from DSEROOT entry.
- *
- * Both 5.5 and 6.0 map to DFL "1".
- */
+static
 DWORD
-VmDirGetDCNodesVersion (
-    PCSTR        pszHostName,
-    PCSTR        pszUserName,
-    PCSTR        pszPassword,
-    PCSTR        pszDomainName,
-    PVMDIR_DC_VERSION_INFO  *ppDCVerInfo
+_VmDirLdapCheckVmDirStatus(
+    PCSTR pszPartnerHostName
     )
 {
-    PVMDIR_DC_VERSION_INFO  pDCVerInfo = NULL;
-    int     iCnt = 0, iIdx = 0;
-    DWORD   dwError = 0;
-    DWORD   dwCurDfl = 1;
-    PSTR    pszDCContainerDN = NULL;
-    PSTR    pszRemotePSCVerion = NULL;
-    PCSTR   pszAttrCN = ATTR_CN;
-    PCSTR   pszAttrPSCVer = ATTR_PSC_VERSION;
-    PCSTR   ppszAttrs[] = { pszAttrPSCVer, pszAttrCN, NULL };
-
-    PVMDIR_CONNECTION   pConnection = NULL;
-    LDAPMessage*        pResult = NULL;
-    LDAPMessage*        pEntry = NULL;
-    struct berval**     ppPSCVerValues = NULL;
-    struct berval**     ppCNValues = NULL;
-
-    dwError = VmDirConnectionOpenByHost(
-                pszHostName,
-                pszDomainName,
-                pszUserName,
-                pszPassword,
-                &pConnection);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetDCContainerDN( pszDomainName, &pszDCContainerDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
+    DWORD       dwError = 0;
 
-    // query DC account objects
-    dwError = ldap_search_ext_s(
-                 pConnection->pLd,
-                 pszDCContainerDN,
-                 LDAP_SCOPE_ONE,
-                 "objectclass=computer", /* filter */
-                 (PSTR*)ppszAttrs,           /* attrs[]*/
-                 FALSE,
-                 NULL,              /* serverctrls */
-                 NULL,              /* clientctrls */
-                 NULL,              /* timeout */
-                 0,
-                 &pResult);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    PSTR        pszLocalServerReplURI = NULL;
+    LDAP *      pLd = NULL;
+    DWORD       i = 0;
+    BOOLEAN     bFirst = TRUE;
+    DWORD       dwTimeout = 15; //wait 2.5 minutes for 1st Ldu
+    VDIR_SERVER_STATE vmdirState = VMDIRD_STATE_UNDEFINED;
+    DWORD       dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+    DWORD       dwTmpLdapPort = 0;
 
-    iCnt = ldap_count_entries( pConnection->pLd, pResult);
-    if ( iCnt == 0 )
+    if (!IsNullOrEmptyString(pszPartnerHostName))
     {
-        dwError = ERROR_INVALID_STATE;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        bFirst = FALSE;
+        dwTimeout = -1; //infinite minutes for 2nd Ldu, because we could be copying really big DB from partner.
     }
 
-    dwError = VmDirAllocateMemory(
-                sizeof(VMDIR_DC_VERSION_INFO),
-                (PVOID*)&pDCVerInfo);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMemory(
-                sizeof(PSTR)*iCnt,
-                (PVOID*)&pDCVerInfo->ppszServer);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+                VMDIR_REG_KEY_LDAP_PORT,
+                &dwTmpLdapPort,
+                DEFAULT_LDAP_PORT_NUM) == ERROR_SUCCESS)
+    {
+        dwLdapPort = dwTmpLdapPort;
+    }
 
-    dwError = VmDirAllocateMemory(
-                sizeof(PSTR)*iCnt,
-                (PVOID*)&pDCVerInfo->ppszVersion);
+    dwError = VmDirAllocateStringPrintf( &pszLocalServerReplURI, "%s://localhost:%d",
+                                             VMDIR_LDAP_PROTOCOL, dwLdapPort );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pDCVerInfo->dwSize = (DWORD)iCnt;
-    pDCVerInfo->dwMaxDomainFuncLvl = 0;
+    if (bFirst)
+    {
+        printf("Wait for local instance LDAP service ");
+    }
+    else
+    {
+        printf("Wait for local replica to finish replication ");
+    }
+    fflush(stdout);
 
-    for ( pEntry = ldap_first_entry(pConnection->pLd, pResult), iIdx = 0;
-          pEntry;
-          pEntry = ldap_next_entry(pConnection->pLd, pEntry), iIdx++
-        )
+    while ((dwTimeout == -1) || (i < dwTimeout))
     {
-        PSTR    pszThisVer = VMDIR_DFL_UNKNOWN;
+        dwError = VmDirAnonymousLDAPBind( &pLd, pszLocalServerReplURI );
 
-        // handle CN (domain controller name in this context).
-        if (ppCNValues)
+        if (dwError == 0)
         {
-            ldap_value_free_len(ppCNValues);
+            VmDirSleep(2000);
+            break;
         }
 
-        ppCNValues = ldap_get_values_len(pConnection->pLd, pEntry, pszAttrCN);
-        if (ppCNValues && ldap_count_values_len(ppCNValues) != 1)
-        {
-            dwError = ERROR_INVALID_STATE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
+        printf(".");
+        fflush(stdout);
 
-        dwError = VmDirAllocateStringA(
-                    ppCNValues[0]->bv_val,
-                    &pDCVerInfo->ppszServer[iIdx] );
-        BAIL_ON_VMDIR_ERROR(dwError);
+        VmDirSleep(SLEEP_INTERVAL_IN_SECS*1000);
 
-        // handle PSC Version
-        if (ppPSCVerValues)
-        {
-            ldap_value_free_len(ppPSCVerValues);
-        }
+        i++;
+        VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "LDAP connect (%s) failed (%u), %d seconds passed",
+                           VDIR_SAFE_STRING(pszLocalServerReplURI), dwError, i * SLEEP_INTERVAL_IN_SECS);
 
-        ppPSCVerValues = ldap_get_values_len(pConnection->pLd, pEntry, pszAttrPSCVer);
-        if (ppPSCVerValues && ldap_count_values_len(ppPSCVerValues) == 1)
-        {   // We have PSCVersion in domain controller,use it.
-            pszThisVer = ppPSCVerValues[0]->bv_val;
-        }
-        else
+        if( !bFirst )
         {
-            VMDIR_SAFE_FREE_MEMORY(pszRemotePSCVerion);
-
-            // best effort to get the version from individual node.
-            // in 5.5. case, it returns "5.5".
-            if ( VmDirPSCVersion( pDCVerInfo->ppszServer[iIdx],
-                                       pszUserName,
-                                       pszPassword,
-                                       pszDomainName,
-                                       &pszRemotePSCVerion) == 0 )
+	    dwError = VmDirLocalGetServerState( (UINT32*)&vmdirState );
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            if(vmdirState == VMDIRD_STATE_FAILURE)
             {
-                pszThisVer = pszRemotePSCVerion;
+                dwError = VMDIR_ERROR_SERVER_DOWN;
+                VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                                 "VmDirLdapCheckVmDirStatus: Server in unrecoverable state");
+                BAIL_ON_VMDIR_ERROR(dwError);
             }
         }
-
-        dwError = VmDirAllocateStringA(
-                    pszThisVer,
-                    &pDCVerInfo->ppszVersion[iIdx] );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Update max DFL to lower value
-        dwError = _VmDirMapVersionToMaxDFL(pszThisVer, &dwCurDfl );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // MaxDFL of zero has not been set.
-        if ( pDCVerInfo->dwMaxDomainFuncLvl > dwCurDfl ||
-             pDCVerInfo->dwMaxDomainFuncLvl == 0)
-        {
-            pDCVerInfo->dwMaxDomainFuncLvl = dwCurDfl;
-        }
     }
-
-    *ppDCVerInfo = pDCVerInfo;
+    printf("\n");
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-
-    if (ppPSCVerValues)
-    {
-        ldap_value_free_len(ppPSCVerValues);
-    }
-    if (ppCNValues)
-    {
-        ldap_value_free_len(ppCNValues);
-    }
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-    }
-
-    VmDirConnectionClose(pConnection);
-    VMDIR_SAFE_FREE_MEMORY(pszDCContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszRemotePSCVerion);
+    VMDIR_SAFE_FREE_MEMORY(pszLocalServerReplURI);
+    VmDirLdapUnbind(&pLd);
 
     return dwError;
 
 error:
+    printf("Vmdir LDAP connectivity check failed or timed out");
+    fflush(stdout);
 
-    if (pDCVerInfo)
-    {
-        VmDirFreeDCVersionInfo(pDCVerInfo);
-    }
-
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirLdapCheckVmDirStatus (%s) failed with error (%u)",
+                     VDIR_SAFE_STRING(pszLocalServerReplURI), dwError);
     goto cleanup;
 }
 
+// Create machine and krb service account
+// 1. machine account: machineFQDN@REALM
+// 2. ldap service account: ldap/machineFQDN@REALM
+// 3. host service account: host/machineFQDN@REALM
+// 4. vmca service account: vmca/machineFQDN@REALM
+static
 DWORD
-VmDirPSCVersion(
-    PCSTR   pszHostName,
-    PCSTR   pszUserName,
-    PCSTR   pszPassword,
-    PCSTR   pszDomainName,
-    PSTR*   ppszVersion
+_VmDirSetupDefaultAccount(
+    PCSTR pszDomainName,
+    PCSTR pszPartnerServerName,
+    PCSTR pszLdapHostName,
+    PCSTR pszBindUserName,
+    PCSTR pszBindPassword
     )
 {
-    DWORD dwError = 0;
-    PSTR  pszVersion = NULL;
-    char  bufUPN[VMDIR_MAX_UPN_LEN] = {0};
-    LDAP* pLd = NULL;
-
-    if (!pszUserName || !pszPassword || !ppszVersion ||
-        !pszDomainName || !pszHostName)
-    {
-        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_PARAMETER);
-    }
-
-    dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1,  "%s@%s",
-                  pszUserName, pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSafeLDAPBind( &pLd,
-                                 pszHostName,
-                                 bufUPN,
-                                 pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    DWORD   dwError = 0;
+//    PCSTR   pszServiceTable[] = VMDIR_DEFAULT_SERVICE_PRINCIPAL_INITIALIZER;
+//    int     iCnt = 0;
 
-    dwError = VmDirGetPSCVersionInternal(
-                pLd,
-                &pszVersion);
+    dwError = VmDirLdapSetupDCAccountOnPartner(
+                                    pszDomainName,
+                                    pszPartnerServerName,
+                                    pszBindUserName,
+                                    pszBindPassword,
+                                    pszLdapHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    *ppszVersion = pszVersion;
-
-cleanup:
-
-    if (pLd)
+/*
+    for (iCnt = 0; iCnt < sizeof(pszServiceTable)/sizeof(pszServiceTable[0]); iCnt++)
     {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
+        dwError = VmDirLdapSetupServiceAccount(
+                                        pszDomainName,
+                                        pszPartnerServerName,
+                                        pszBindUserName,
+                                        pszBindPassword,
+                                        pszServiceTable[iCnt],
+                                        pszLdapHostName );
+        if (dwError == LDAP_ALREADY_EXISTS)
+        {
+            dwError = LDAP_SUCCESS; // ignore if entry already exists (maybe due to prior merge/join..etc)
+            VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "_VmDirSetupKrbAccount SetupServiceAccount (%s) return LDAP_ALREADY_EXISTS",
+                                                   pszServiceTable[iCnt] );
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
+*/
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirSetupKrbAccount (%s)(%s) passed",
+                                        VDIR_SAFE_STRING(pszDomainName),
+                                        VDIR_SAFE_STRING(pszPartnerServerName) );
+cleanup:
 
     return dwError;
 
@@ -4940,52 +2386,61 @@ VmDirPSCVersion(
     goto cleanup;
 }
 
+VOID
+VmDirFreeMetadata(
+    PVMDIR_METADATA pMetadata
+    )
+{
+    VmDirFreeMetadataInternal(pMetadata);
+}
+
+VOID
+VmDirFreeMetadataList(
+    PVMDIR_METADATA_LIST pMetadataList
+    )
+{
+    VmDirFreeMetadataListInternal(pMetadataList);
+}
+
 static
 DWORD
-_VmDirMapVersionToMaxDFL(
-    PCSTR	pszVersion,
-    PDWORD	pdwDFL
+_VmDirModDcPassword(
+    PCSTR pszHostName,
+    PCSTR pszUPN,
+    PCSTR pszPassword,
+    PCSTR pszMachineActDn,
+    PBYTE pszNewPassword
     )
 {
-    DWORD	dwError = 0;
-    DWORD	i = 0;
-    BOOLEAN	matched = FALSE;
+    DWORD    dwError = 0;
+    LDAP*    pLD     = NULL;
 
-    if ( !pdwDFL)
-    {
-	dwError = ERROR_INVALID_PARAMETER;
-	BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    dwError = VmDirSafeLDAPBind(&pLD,
+                                pszHostName,
+                                pszUPN,
+                                pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Search table
-    for(i = 0; i < VMDIR_DFL_VERSION_Table_size; i++)
-    {
-	if (VmDirStringNCompareA(
-	       pszVersion,
-	       VMDIR_DFL_VERSION_Table[i].version,
-	       VmDirStringLenA(VMDIR_DFL_VERSION_Table[i].version),
-	       FALSE) == 0)
-	{
-	    *pdwDFL = VMDIR_DFL_VERSION_Table[i].dfl;
-	    matched = TRUE;
-	    break;
-	}
-    }
+    dwError = VmDirLdapModReplaceAttribute(pLD,
+                                           pszMachineActDn,
+                                           ATTR_USER_PASSWORD,
+                                           pszNewPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Update account (%s) password on node (%s)", pszMachineActDn, pszHostName);
 
-    if (!matched)
+cleanup:
+    if (pLD)
     {
-	VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-		       "DFL not found for version %s, default to %d",
-		       pszVersion, VMDIR_DFL_DEFAULT);
-	*pdwDFL = VMDIR_DFL_DEFAULT;
+        ldap_unbind_ext_s(pLD, NULL, NULL);
     }
 
-cleanup:
     return dwError;
 
 error:
-    goto cleanup;
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirModDcPassword failed (%u)", dwError);
 
+    goto cleanup;
 }
 
 DWORD
@@ -5012,7 +2467,7 @@ VmDirOpenDatabaseFile(
         dwError = RpcVmDirOpenDatabaseFile(
                           hBinding->hBinding,
                           pwszDBFileName,
-                          (vmdir_ftp_handle_t *) ppFileHandle );
+                          (vmdir_dbcp_handle_t *) ppFileHandle );
     }
     VMDIR_RPC_CATCH
     {
@@ -5105,7 +2560,7 @@ VmDirCloseDatabaseFile(
     {
         dwError = RpcVmDirCloseDatabaseFile(
                           hBinding->hBinding,
-                          (vmdir_ftp_handle_t *) ppFileHandle );
+                          (vmdir_dbcp_handle_t *) ppFileHandle );
         *ppFileHandle = NULL;
     }
     VMDIR_RPC_CATCH
@@ -5212,14 +2667,12 @@ _VmDirJoinPreCondition(
     )
 {
     DWORD   dwError = 0;
-    PSTR    pszVersion = NULL;
     PSTR    pszSchemaFile = NULL;
     PVMDIR_CONNECTION   pConnection = NULL;
-    PVDIR_LDAP_SCHEMA   pFileSchema = NULL;
+    PVDIR_LDAP_SCHEMA   pCurSchema = NULL;
+    PVDIR_LDAP_SCHEMA   pNewSchema = NULL;
+    PVDIR_LDAP_SCHEMA_DIFF  pSchemaDiff = NULL;
     PSTR    pszErrMsg = NULL;
-#ifndef LIGHTWAVE_BUILD
-    int     iVerCmp65 = 0;
-#endif
 
     // open connection to remote node
     dwError = VmDirConnectionOpenByHost(
@@ -5230,54 +2683,37 @@ _VmDirJoinPreCondition(
                 &pConnection);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // get file schema
-    dwError = VmDirGetDefaultSchemaFile(&pszSchemaFile);
+    // get remote schema (tree)
+    dwError = VmDirLdapSchemaInit(&pCurSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLdapSchemaLoadRemoteSchema(pCurSchema, pConnection->pLd);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapSchemaInit(&pFileSchema);
+    // try loading file
+    dwError = VmDirLdapSchemaCopy(pCurSchema, &pNewSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapSchemaLoadFile(pFileSchema, pszSchemaFile);
+    dwError = VmDirGetDefaultSchemaFile(&pszSchemaFile);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // get PSC version of remote node
-    dwError = VmDirGetPSCVersionInternal(pConnection->pLd, &pszVersion);
+    dwError = VmDirLdapSchemaLoadFile(pNewSchema, pszSchemaFile);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-#ifndef LIGHTWAVE_BUILD
-    // For PSC build 6.5 and before.
-    // patch remote node so its schema is union of itself and file
-    iVerCmp65 = VmDirCompareVersion(pszVersion, "6.5");
-    if (iVerCmp65 < 0)
-    {
-        dwError = VmDirAllocateStringAVsnprintf(&pszErrMsg,
-                "Partner version %s < 6.5.0. "
-                "Join time schema upgrade is not supported",
-                pszVersion);
-        BAIL_ON_VMDIR_ERROR(dwError);
+    // compute diff
+    dwError = VmDirLdapSchemaGetDiff(pCurSchema, pNewSchema, &pSchemaDiff);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (iVerCmp65 == 0)
-    {
-        dwError = VmDirPatchRemoteSubSchemaSubEntry(
-                pConnection->pLd, pFileSchema);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-#endif
-    {   // Lightwave or PSC(>=6.6) with new schema object model to support down an up version join
-        dwError = VmDirPatchRemoteSchemaObjects(
-                pConnection->pLd, pFileSchema);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    // perform patch
+    dwError = VmDirPatchRemoteSchemaObjects(pConnection->pLd, pSchemaDiff);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     VmDirConnectionClose(pConnection);
     VMDIR_SAFE_FREE_MEMORY(pszSchemaFile);
-    VMDIR_SAFE_FREE_MEMORY(pszVersion);
-    VmDirFreeLdapSchema(pFileSchema);
+    VmDirFreeLdapSchema(pCurSchema);
+    VmDirFreeLdapSchema(pNewSchema);
+    VmDirFreeLdapSchemaDiff(pSchemaDiff);
     return dwError;
 
 error:
@@ -5293,130 +2729,6 @@ _VmDirJoinPreCondition(
     goto    cleanup;
 }
 
-DWORD
-VmDirUrgentReplicationRequest(
-    PCSTR pszRemoteServerName
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       pszRemoteServerEndpoint = NULL;
-    handle_t    hBinding = NULL;
-    PWSTR       pwszSrcHostName = NULL;
-    char        pszSrcHostName[VMDIR_MAX_HOSTNAME_LEN] = {0};
-
-    if (IsNullOrEmptyString(pszRemoteServerName))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetHostName(pszSrcHostName, sizeof(pszSrcHostName)-1);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA(pszSrcHostName, &pwszSrcHostName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateBindingHandleMachineAccountA(
-                    pszRemoteServerName,
-                    pszRemoteServerEndpoint,
-                    &hBinding);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirUrgentReplicationRequest(hBinding, pwszSrcHostName);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pwszSrcHostName);
-
-    if (hBinding)
-    {
-        VmDirFreeBindingHandle(&hBinding);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirUrgentReplicationRequest failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
-/*
- * VmDirUrgentReplicationResponse will be invoked at the end of replication cycle
- * (if initiated by urgent replication request). This function updates the orginator
- *  with the UTD vector.
- */
-DWORD
-VmDirUrgentReplicationResponse(
-    PCSTR    pszRemoteServerName,
-    PCSTR    pszUtdVector,
-    PCSTR    pszInvocationId,
-    PCSTR    pszHostName
-    )
-{
-    PWSTR       pwszUtdVector = NULL;
-    PCSTR       pszRemoteServerEndpoint = NULL;
-    handle_t    hBinding = NULL;
-    DWORD       dwError = 0;
-    PWSTR       pwszInvocationId = NULL;
-    PWSTR       pwszHostName = NULL;
-
-    if (IsNullOrEmptyString(pszRemoteServerName) ||
-        IsNullOrEmptyString(pszUtdVector) ||
-        IsNullOrEmptyString(pszInvocationId))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringWFromA(pszUtdVector, &pwszUtdVector);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA(pszInvocationId, &pwszInvocationId);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA(pszHostName, &pwszHostName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateBindingHandleMachineAccountA(
-                    pszRemoteServerName,
-                    pszRemoteServerEndpoint,
-                    &hBinding);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirUrgentReplicationResponse(hBinding, pwszInvocationId, pwszUtdVector, pwszHostName);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-   VMDIR_SAFE_FREE_MEMORY(pwszUtdVector);
-   VMDIR_SAFE_FREE_MEMORY(pwszInvocationId);
-   VMDIR_SAFE_FREE_MEMORY(pwszHostName);
-
-    if (hBinding)
-    {
-        VmDirFreeBindingHandle(&hBinding);
-    }
-   return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirUrgentReplicationResponse failed status: %d", dwError);
-    goto cleanup;
-}
-
 DWORD
 VmDirGetMode(
     PVMDIR_SERVER_CONTEXT hInBinding,
@@ -5476,7 +2788,6 @@ VmDirGetMode(
     goto cleanup;
 }
 
-
 DWORD
 VmDirSetMode(
     PVMDIR_SERVER_CONTEXT hInBinding,
@@ -5538,18 +2849,18 @@ VmDirRaftAppendEntries(
                              int entriesSize,
     /* [in] */               unsigned char *entries,
     /* [out] */              UINT32 * currentTerm,
-    /* [out] */              UINT32 * status
+    /* [out] */              unsigned long long *status
     )
 {
     DWORD dwError = 0;
     UINT32 iCurrentTerm = 0;
-    UINT32 iStatus = 0;
+    idl_uhyper_int iStatus = 0;
     chglog_container chglogEntries = {0};
     chglogEntries.chglog_size = entriesSize;
     chglogEntries.chglog_bytes = entries;
 
     *currentTerm = 0;
-    *status = 1;
+    *status = 0;
 
     VMDIR_RPC_TRY
     {
diff --git a/lwraft/client/defines.h b/lwraft/client/defines.h
index e7fa7561b..4738c37bd 100644
--- a/lwraft/client/defines.h
+++ b/lwraft/client/defines.h
@@ -318,6 +318,10 @@ the buffer size will always be adequate.
         "Vdcpromo error"}, \
     {VMDIR_ERROR_BACKEND_PARENT_NOTFOUND, \
         "Backend parent notfound"}, \
+    {VMDIR_ERROR_INVALID_ACE, \
+        "Invalid ACE"}, \
+    {VMDIR_ERROR_ACE_NOT_FOUND, \
+        "ACE not found"}, \
 };
 
 #define VMDIR_RPC_ERROR_TABLE_INITIALIZER \
diff --git a/lwraft/client/groups.c b/lwraft/client/groups.c
deleted file mode 100644
index fff739c04..000000000
--- a/lwraft/client/groups.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-DWORD
-VmDirCreateGroup(
-    PCSTR pszGroupname, /* IN              */
-    PSTR* ppszUPN       /*       OPTIONAL  */
-    )
-{
-    DWORD dwError = 0;
-
-    BAIL_ON_VMDIR_INVALID_POINTER(pszGroupname, dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-DWORD
-VmDirGroupAddMember(
-    PCSTR pszGroupUPN,  /* IN              */
-    PCSTR pszMemberUPN  /* IN              */
-    )
-{
-    DWORD dwError = 0;
-
-    BAIL_ON_VMDIR_INVALID_POINTER(pszGroupUPN, dwError);
-    BAIL_ON_VMDIR_INVALID_POINTER(pszMemberUPN, dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-DWORD
-VmDirGroupRemoveMember(
-    PCSTR pszGroupUPN,  /* IN              */
-    PCSTR pszMemberUPN  /* IN              */
-    )
-{
-    DWORD dwError = 0;
-
-    BAIL_ON_VMDIR_INVALID_POINTER(pszGroupUPN, dwError);
-    BAIL_ON_VMDIR_INVALID_POINTER(pszMemberUPN, dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
diff --git a/lwraft/client/includes.h b/lwraft/client/includes.h
index d99104e7d..b54c2e263 100644
--- a/lwraft/client/includes.h
+++ b/lwraft/client/includes.h
@@ -78,10 +78,8 @@ typedef void *VMCISLIB_BIND_T;
 #include "defines.h"
 #include "structs.h"
 #include "vmdir_h.h"
-#include "vmdirftp_h.h"
 #include "vmdirdbcp_h.h"
 #include "vmdirsuperlog_h.h"
-#include "vmdirurgentrepl_h.h"
 #include "vmdirraft_h.h"
 #include "prototypes.h"
 #include "externs.h"
diff --git a/lwraft/client/ldaputil.c b/lwraft/client/ldaputil.c
index 639776deb..8d9948a82 100644
--- a/lwraft/client/ldaputil.c
+++ b/lwraft/client/ldaputil.c
@@ -48,7 +48,7 @@ VmDirLdapCreateReplHostNameDN(
     LDAPMessage* entry = NULL;
     PSTR pszDn = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                   &pszSearchFilter,
                   "(&(cn=%s)(objectclass=vmwDirServer))",
                   pszReplHostName
@@ -127,10 +127,10 @@ VmDirAddCMSiteNode(
     LDAPMod*    attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
     PSTR        pszDomainDN = NULL;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszDN,
+    dwError = VmDirAllocateStringPrintf(&pszDN,
                                             "cn=%s,cn=%s,cn=%s,%s",
                                             pszSiteGUID,
                                             CM_SITE,
@@ -187,15 +187,15 @@ VmDirAddLduNode(
     LDAPMod*    attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], NULL};
     PSTR        pszDomainDN = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszDisName,
+    dwError = VmDirAllocateStringPrintf(&pszDisName,
                                             "Deployment %s",
                                             pszLduGUID);
     valsDisname[0] = pszDisName;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszDN,
+    dwError = VmDirAllocateStringPrintf(&pszDN,
                                             "cn=%s,cn=%s,cn=%s,%s",
                                             pszLduGUID,
                                             CM_LDUS,
@@ -224,57 +224,6 @@ VmDirAddLduNode(
     goto cleanup;
 }
 
-static
-BOOL
-VmDirIsSolutionUser(
-    PCSTR   pszUserDN
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszDomainName = NULL;
-    PSTR    pszDomainDN = NULL;
-    CHAR    pszLduGuid[VMDIR_GUID_STR_LEN] = {0};
-    PSTR    pszLduDN = NULL;
-
-    dwError = VmDirGetDomainName(
-                            "localhost",
-                            &pszDomainName
-                            );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetLocalLduGuid(pszLduGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(&pszLduDN,
-                                            "cn=%s,cn=%s,cn=%s,%s",
-                                            pszLduGuid,
-                                            CM_LDUS,
-                                            CM_COMPONENTMANAGER,
-                                            pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (VmDirCaselessStrStrA(pszUserDN, pszLduDN))
-    {
-        dwError = 0;
-    }
-    else
-    {
-        dwError = 1;
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
-    VMDIR_SAFE_FREE_MEMORY(pszLduDN);
-    return dwError == 0;
-
-error:
-    goto cleanup;
-}
-
 static
 DWORD
 VmDirLdapGetAttributeValues(
@@ -337,41 +286,6 @@ VmDirLdapGetAttributeValues(
     goto cleanup;
 }
 
-static
-DWORD
-VmDirLdapWriteAttributeValues(
-    LDAP* pLd,
-    PCSTR pszDN,
-    PCSTR pszAttribute,
-    PCSTR pszValue
-    )
-{
-    DWORD       dwError = 0;
-    LDAPMod     mod = {0};
-    LDAPMod*    mods[2] = {&mod, NULL};
-    PSTR        vals[2] = {(PSTR)pszValue, NULL};
-
-    mod.mod_op = LDAP_MOD_ADD;
-    mod.mod_type = (PSTR)pszAttribute;
-    mod.mod_vals.modv_strvals = vals;
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Add %s - %s:%s", pszDN, pszAttribute, pszValue);
-
-    dwError = ldap_modify_ext_s(
-                            pLd,
-                            pszDN,
-                            mods,
-                            NULL,
-                            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapWriteAttributeValues failed. Error(%u)", dwError);
-    goto cleanup;
-}
-
 /*
  * Helper function
  * Get first attribute from pEntry to pszAttrTarget which is CHAR array on stack
@@ -470,89 +384,6 @@ VmDirMessagetoReplicationInfo(
     goto cleanup;
 }
 
-static
-DWORD
-VmDirMergeGroup(
-    LDAP*   pSourceLd,
-    LDAP*   pTargetLd,
-    PCSTR   pszSourceDomainDN,
-    PCSTR   pszTargetDomainDN,
-    PCSTR   pszSourceGroupDN
-    )
-{
-    DWORD           dwError = 0;
-    PSTR            pszTargetGroupDN = NULL;
-    BerValue**      ppBerValues = NULL;
-    PSTR            pszGroupCN = NULL;
-    int             i = 0;
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Merging group: %s", VDIR_SAFE_STRING(pszSourceGroupDN));
-
-    dwError = VmDirGetTargetDN(pszSourceDomainDN, pszTargetDomainDN, pszSourceGroupDN, &pszTargetGroupDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!VmDirIfDNExist(pTargetLd, pszTargetGroupDN))
-    {
-        dwError = VmDirDnLastRDNToCn(pszTargetGroupDN, &pszGroupCN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAddVmIdentityGroup(
-                                        pTargetLd,
-                                        pszGroupCN,
-                                        pszTargetGroupDN
-                                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirLdapGetAttributeValues(
-                                    pSourceLd,
-                                    pszSourceGroupDN,
-                                    ATTR_MEMBER,
-                                    NULL,
-                                    &ppBerValues);
-    //if no members, we just return success
-    if (dwError == LDAP_NO_SUCH_ATTRIBUTE)
-    {
-        dwError = ERROR_SUCCESS;
-        goto cleanup;
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i=0; ppBerValues[i]; i++)
-    {
-        PCSTR pszUserDN = ppBerValues[i]->bv_val;
-        //we only migrate solution users
-        if (VmDirIsSolutionUser(pszUserDN))
-        {
-            VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Merging member: %s", pszUserDN);
-            dwError = VmDirLdapWriteAttributeValues(
-                                            pTargetLd,
-                                            pszTargetGroupDN,
-                                            ATTR_MEMBER,
-                                            pszUserDN);
-            //ignore error for conflict
-            if (dwError == LDAP_TYPE_OR_VALUE_EXISTS)
-            {
-                dwError = ERROR_SUCCESS;
-            }
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszGroupCN);
-    VMDIR_SAFE_FREE_MEMORY(pszTargetGroupDN);
-    if(ppBerValues)
-    {
-        ldap_value_free_len(ppBerValues);
-    }
-
-    return dwError;
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirMergeGroup failed. Error(%u)", dwError);
-    goto cleanup;
-}
-
 /*
  * ####################### Shared Functions in libvmdirclient ########################
  */
@@ -708,7 +539,7 @@ VmDirConnectLDAPServer(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszUPN, "%s@%s", pszUserName, pszDomain);
+    dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pszDomain);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSafeLDAPBind( &pLocalLd,
@@ -949,7 +780,7 @@ VmDirGetSiteDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -1043,10 +874,10 @@ VmDirGetReplicationInfo(
     PSTR                pszEntryDN = NULL;
     PSTR                pszHostMatch = NULL;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszSearchBaseDN,
+    dwError = VmDirAllocateStringPrintf(&pszSearchBaseDN,
                                             "cn=Sites,cn=Configuration,%s",
                                             pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1071,7 +902,7 @@ VmDirGetReplicationInfo(
         dwError = VmDirAllocateMemory(dwInfoCount*sizeof(REPLICATION_INFO), (PVOID*)&pReplicationInfo);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                         &pszHostMatch,
                         "cn=Replication Agreements,cn=%s,cn=Servers,",
                         pszHost);
@@ -1152,10 +983,10 @@ VmDirGetAllRAToHost(
     dwError = VmDirGetDomainName( "localhost", &pszDomain );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszSiteDN,
+    dwError = VmDirAllocateStringPrintf(&pszSiteDN,
                                             "cn=Sites,cn=Configuration,%s",
                                             pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1252,7 +1083,7 @@ VmDirStoreLduGuidtoDC(
                                    sizeof(pszHostName)-1);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszDN,
+    dwError = VmDirAllocateStringPrintf(&pszDN,
                                             "cn=%s,ou=%s,%s",
                                             pszHostName,
                                             VMDIR_DOMAIN_CONTROLLERS_RDN_VAL,
@@ -1292,10 +1123,10 @@ VmDirCreateCMSubtree(
     PSTR    pszDomainDN = NULL;
     LDAP* pLd = (LDAP *) pvLd;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
 
     //create "ComponentManager"
-    dwError = VmDirAllocateStringAVsnprintf(&pszDN,
+    dwError = VmDirAllocateStringPrintf(&pszDN,
                                             "cn=%s,%s",
                                             CM_COMPONENTMANAGER,
                                             pszDomainDN);
@@ -1311,7 +1142,7 @@ VmDirCreateCMSubtree(
     VMDIR_SAFE_FREE_MEMORY(pszDN);
 
     //create "Ldus"
-    dwError = VmDirAllocateStringAVsnprintf(&pszDN,
+    dwError = VmDirAllocateStringPrintf(&pszDN,
                                             "cn=%s,cn=%s,%s",
                                             CM_LDUS,
                                             CM_COMPONENTMANAGER,
@@ -1328,7 +1159,7 @@ VmDirCreateCMSubtree(
     VMDIR_SAFE_FREE_MEMORY(pszDN);
 
     //create "CMSites"
-    dwError = VmDirAllocateStringAVsnprintf(&pszDN,
+    dwError = VmDirAllocateStringPrintf(&pszDN,
                                             "cn=%s,cn=%s,%s",
                                             CM_SITE,
                                             CM_COMPONENTMANAGER,
@@ -1392,6 +1223,8 @@ VmDirGetServerName(
     LDAP*       pLd = NULL;
     PSTR        pszServerName = NULL;
     BerValue**  ppBerValues = NULL;
+    DWORD       dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+    DWORD       dwTmpLdapPort = 0;
 
     if (IsNullOrEmptyString(pszHostName) || ppszServerName == NULL)
     {
@@ -1399,19 +1232,28 @@ VmDirGetServerName(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    if (VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+                VMDIR_REG_KEY_LDAP_PORT,
+                &dwTmpLdapPort,
+                DEFAULT_LDAP_PORT_NUM) == ERROR_SUCCESS)
+    {
+        dwLdapPort = dwTmpLdapPort;
+    }
+
     if ( VmDirIsIPV6AddrFormat( pszHostName ) )
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszHostURI, "%s://[%s]:%d",
+        dwError = VmDirAllocateStringPrintf( &pszHostURI, "%s://[%s]:%d",
                                                  VMDIR_LDAP_PROTOCOL,
                                                  pszHostName,
-                                                 DEFAULT_LDAP_PORT_NUM);
+                                                 dwLdapPort);
     }
     else
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszHostURI, "%s://%s:%d",
+        dwError = VmDirAllocateStringPrintf( &pszHostURI, "%s://%s:%d",
                                                  VMDIR_LDAP_PROTOCOL,
                                                  pszHostName,
-                                                 DEFAULT_LDAP_PORT_NUM);
+                                                 dwLdapPort);
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -1476,15 +1318,15 @@ VmDirLdapSetupRemoteHostRA(
 
     if ( VmDirIsIPV6AddrFormat( pszReplHostName ) )
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszReplURI, "%s://[%s]", VMDIR_LDAP_PROTOCOL, pszReplHostName);
+        dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://[%s]", VMDIR_LDAP_PROTOCOL, pszReplHostName);
     }
     else
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszReplURI, "%s://%s", VMDIR_LDAP_PROTOCOL, pszReplHostName);
+        dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://%s", VMDIR_LDAP_PROTOCOL, pszReplHostName);
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirConnectLDAPServer(
@@ -1499,7 +1341,7 @@ VmDirLdapSetupRemoteHostRA(
     BAIL_ON_VMDIR_ERROR(dwError);
 
 /***
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                                     &pszReplAgrDN,
                                     "labeledURI=%s,cn=%s,%s",
                                     pszReplURI,      // uri points back to local server
@@ -1551,7 +1393,7 @@ VmDirLdapSetupRemoteHostRA(
             lastLocalUsn = dwHighWatermark;
         }
 
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                                         &pszLastLocalUsn,
                                         "%u",
                                         lastLocalUsn);
@@ -1607,15 +1449,15 @@ VmDirLdapRemoveRemoteHostRA(
 
     if ( VmDirIsIPV6AddrFormat( pszReplHostName ) )
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszReplURI, "%s://[%s]", VMDIR_LDAP_PROTOCOL, pszReplHostName);
+        dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://[%s]", VMDIR_LDAP_PROTOCOL, pszReplHostName);
     }
     else
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszReplURI, "%s://%s", VMDIR_LDAP_PROTOCOL, pszReplHostName);
+        dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://%s", VMDIR_LDAP_PROTOCOL, pszReplHostName);
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirConnectLDAPServer(
@@ -1629,7 +1471,7 @@ VmDirLdapRemoveRemoteHostRA(
     dwError = VmDirLdapCreateReplHostNameDN(&pszReplHostNameDN, pLd, pszHostName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                                     &pszReplAgrDN,
                                     "labeledURI=%s,cn=%s,%s",
                                     pszReplURI,
@@ -1773,10 +1615,10 @@ VmDirLdapSetupDCAccountOnPartner(
     dwError = VmDirAllocASCIIUpperToLower( pszDCHostName, &pszLowerCaseDCHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszUPN, "%s@%s", pszLowerCaseDCHostName, pszUpperCaseDomainName );
+    dwError = VmDirAllocateStringPrintf( &pszUPN, "%s@%s", pszLowerCaseDCHostName, pszUpperCaseDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszSRPUPN, "%s@%s", pszUsername, pszDomainName );
+    dwError = VmDirAllocateStringPrintf( &pszSRPUPN, "%s@%s", pszUsername, pszDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     modv_upn[0] = pszUPN;
@@ -1785,10 +1627,10 @@ VmDirLdapSetupDCAccountOnPartner(
     modUserPrincipalName.mod_type = ATTR_KRB_UPN;
     modUserPrincipalName.mod_values = modv_upn;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszDCDN, "%s=%s,%s=%s,%s", ATTR_CN, pszLowerCaseDCHostName,
+    dwError = VmDirAllocateStringPrintf( &pszDCDN, "%s=%s,%s=%s,%s", ATTR_CN, pszLowerCaseDCHostName,
                                              ATTR_OU, VMDIR_DOMAIN_CONTROLLERS_RDN_VAL, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -1974,7 +1816,7 @@ VmDirLdapSetupComputerAccount(
     modMachineGUID.mod_type = ATTR_MACHINE_GUID;
     modMachineGUID.mod_values = modv_machine;
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszSRPUPN, "%s@%s", pszUsername, pszDomainName );
+    dwError = VmDirAllocateStringPrintf( &pszSRPUPN, "%s@%s", pszUsername, pszDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocASCIILowerToUpper( pszDomainName, &pszUpperCaseDomainName );
@@ -1985,7 +1827,7 @@ VmDirLdapSetupComputerAccount(
                     &pszLowerCaseComputerHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszUPN,
                     "%s@%s",
                     pszLowerCaseComputerHostName,
@@ -1998,10 +1840,10 @@ VmDirLdapSetupComputerAccount(
     modUserPrincipalName.mod_type = ATTR_KRB_UPN;
     modUserPrincipalName.mod_values = modv_upn;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszComputerDN,
                     "%s=%s,%s=%s,%s",
                     ATTR_CN,
@@ -2149,17 +1991,17 @@ VmDirLdapRemoveComputerAccount(
                     &pszLowerCaseComputerHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszUPN,
                     "%s@%s",
                     pszLowerCaseComputerHostName,
                     pszUpperCaseDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszComputerDN,
                     "%s=%s,%s=%s,%s",
                     ATTR_CN,
@@ -2263,7 +2105,7 @@ VmDirLdapSetupServiceAccount(
     modObjectClass.mod_type = ATTR_OBJECT_CLASS;
     modObjectClass.mod_values = modv_oc;
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszName, "%s/%s", pszServiceName, pszDCHostName );
+    dwError = VmDirAllocateStringPrintf( &pszName, "%s/%s", pszServiceName, pszDCHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     modv_cn[0] = modv_sam[0] = pszName;
@@ -2281,7 +2123,7 @@ VmDirLdapSetupServiceAccount(
     modSamAccountName.mod_type = ATTR_SAM_ACCOUNT_NAME;
     modSamAccountName.mod_values = modv_sam;
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszSRPUPN, "%s@%s", pszUsername, pszDomainName );
+    dwError = VmDirAllocateStringPrintf( &pszSRPUPN, "%s@%s", pszUsername, pszDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocASCIILowerToUpper( pszDomainName, &pszUpperCaseDomainName );
@@ -2290,7 +2132,7 @@ VmDirLdapSetupServiceAccount(
     dwError = VmDirAllocASCIIUpperToLower( pszDCHostName, &pszLowerCaseDCHostName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszUPN, "%s/%s@%s", pszServiceName, pszLowerCaseDCHostName, pszUpperCaseDomainName );
+    dwError = VmDirAllocateStringPrintf( &pszUPN, "%s/%s@%s", pszServiceName, pszLowerCaseDCHostName, pszUpperCaseDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     modv_upn[0] = pszUPN;
@@ -2299,10 +2141,10 @@ VmDirLdapSetupServiceAccount(
     modUserPrincipalName.mod_type = ATTR_KRB_UPN;
     modUserPrincipalName.mod_values = modv_upn;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszMSADN, "%s=%s,%s=%s,%s", ATTR_CN, pszUPN,
+    dwError = VmDirAllocateStringPrintf( &pszMSADN, "%s=%s,%s=%s,%s", ATTR_CN, pszUPN,
                                              ATTR_CN, VMDIR_MSAS_RDN_VAL, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -2487,7 +2329,7 @@ VmDirGetServerObjectDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszFilter, "(&(cn=%s)(objectclass=%s))",
+    dwError = VmDirAllocateStringPrintf( &pszFilter, "(&(cn=%s)(objectclass=%s))",
                                              pszLotusServerObjectName, OC_DIR_SERVER );
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -2546,46 +2388,6 @@ VmDirGetServerObjectDN(
     goto cleanup;
 }
 
-DWORD
-VmDirMergeGroups(
-    LDAP*   pSourceLd,
-    LDAP*   pTargetLd,
-    PCSTR   pszSourceDomainDN,
-    PCSTR   pszTargetDomainDN
-    )
-{
-    DWORD           dwError = 0;
-    PSTR            pszGroupDN = NULL;
-    int i = 0;
-
-    while (gGroupWhiteList[i])
-    {
-        dwError = VmDirAllocateStringAVsnprintf(&pszGroupDN, "%s,%s", gGroupWhiteList[i], pszSourceDomainDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (VmDirIfDNExist(pSourceLd, pszGroupDN))
-        {
-            dwError = VmDirMergeGroup(
-                                pSourceLd,
-                                pTargetLd,
-                                pszSourceDomainDN,
-                                pszTargetDomainDN,
-                                pszGroupDN
-                );
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        VMDIR_SAFE_FREE_MEMORY(pszGroupDN);
-        i++;
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszGroupDN);
-    return dwError;
-error:
-    printf("VmDirMergeGroups failed. Error[%d]\n", dwError);
-    goto cleanup;
-}
-
 DWORD
 VmDirAddVmIdentityGroup(
     LDAP* pLd,
@@ -2623,9 +2425,8 @@ VmDirAddVmIdentityGroup(
     goto cleanup;
 }
 
-static
 DWORD
-_VmDirGetDSERootAttribute(
+VmDirGetDSERootAttribute(
     PCSTR pszHostName,
     PCSTR pszAttrName,
     PSTR* ppszAttrValue)
@@ -2635,6 +2436,8 @@ _VmDirGetDSERootAttribute(
     LDAP*       pLd = NULL;
     PSTR        pszLocalAttrValue = NULL;
     BerValue**  ppBerValues = NULL;
+    DWORD       dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+    DWORD       dwTmpLdapPort = 0;
 
     if (IsNullOrEmptyString(pszHostName) || IsNullOrEmptyString(pszAttrName) || ppszAttrValue == NULL)
     {
@@ -2642,19 +2445,28 @@ _VmDirGetDSERootAttribute(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    if (VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+                VMDIR_REG_KEY_LDAP_PORT,
+                &dwTmpLdapPort,
+                DEFAULT_LDAP_PORT_NUM) == ERROR_SUCCESS)
+    {
+        dwLdapPort = dwTmpLdapPort;
+    }
+
     if ( VmDirIsIPV6AddrFormat( pszHostName ) )
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszLocalHostURI, "%s://[%s]:%d",
+        dwError = VmDirAllocateStringPrintf( &pszLocalHostURI, "%s://[%s]:%d",
                                                  VMDIR_LDAP_PROTOCOL,
                                                  pszHostName,
-                                                 DEFAULT_LDAP_PORT_NUM);
+                                                 dwLdapPort);
     }
     else
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszLocalHostURI, "%s://%s:%d",
+        dwError = VmDirAllocateStringPrintf( &pszLocalHostURI, "%s://%s:%d",
                                                  VMDIR_LDAP_PROTOCOL,
                                                  pszHostName,
-                                                 DEFAULT_LDAP_PORT_NUM);
+                                                 dwLdapPort);
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -2706,7 +2518,7 @@ VmDirGetDomainDN(
     PCSTR pszHostName,
     PSTR* ppszDomainDN)
 {
-    return _VmDirGetDSERootAttribute(
+    return VmDirGetDSERootAttribute(
                             pszHostName,
                             ATTR_ROOT_DOMAIN_NAMING_CONTEXT,
                             ppszDomainDN);
@@ -2718,7 +2530,7 @@ VmDirGetServerDN(
     PSTR* ppszServerDN
     )
 {
-    return _VmDirGetDSERootAttribute(
+    return VmDirGetDSERootAttribute(
                             pszHostName,
                             ATTR_SERVER_NAME,
                             ppszServerDN);
@@ -2753,24 +2565,12 @@ VmDirGetDomainName(
 
 }
 
-DWORD
-VmDirGetPartnerSiteName(
-    PCSTR pszHostName,
-    PSTR* ppszSiteName
-    )
-{
-    return _VmDirGetDSERootAttribute(
-                            pszHostName,
-                            ATTR_SITE_NAME,
-                            ppszSiteName);
-}
-
 DWORD
 VmDirGetAdminDN(
     PCSTR pszHostName,
     PSTR* ppszAdminDN)
 {
-    return _VmDirGetDSERootAttribute(
+    return VmDirGetDSERootAttribute(
                             pszHostName,
                             ATTR_DEFAULT_ADMIN_DN,
                             ppszAdminDN);
@@ -2930,10 +2730,10 @@ VmDirLdapDeleteDCAccount(
     dwError = VmDirAllocASCIIUpperToLower( pszDCHostName, &pszLowerCaseDCHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszDCDN, "%s=%s,%s=%s,%s", ATTR_CN, pszLowerCaseDCHostName,
+    dwError = VmDirAllocateStringPrintf( &pszDCDN, "%s=%s,%s=%s,%s", ATTR_CN, pszLowerCaseDCHostName,
                                              ATTR_OU, VMDIR_DOMAIN_CONTROLLERS_RDN_VAL, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -3001,13 +2801,13 @@ VmDirLdapDeleteServiceAccount(
     dwError = VmDirAllocASCIIUpperToLower( pszDCHostName, &pszLowerCaseDCHostName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszUPN, "%s/%s@%s", pszServiceName, pszLowerCaseDCHostName, pszUpperCaseDomainName );
+    dwError = VmDirAllocateStringPrintf( &pszUPN, "%s/%s@%s", pszServiceName, pszLowerCaseDCHostName, pszUpperCaseDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszMSADN, "%s=%s,%s=%s,%s", ATTR_CN, pszUPN,
+    dwError = VmDirAllocateStringPrintf( &pszMSADN, "%s=%s,%s=%s,%s", ATTR_CN, pszUPN,
                                              ATTR_CN, VMDIR_MSAS_RDN_VAL, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -3072,7 +2872,7 @@ _VmDirLdapSetupAccountMembership(
     PSTR        pszGroupDN = NULL;
 
     // set DomainControllerGroupDN
-    dwError = VmDirAllocateStringAVsnprintf( &pszGroupDN,
+    dwError = VmDirAllocateStringPrintf( &pszGroupDN,
                                              "cn=%s,cn=%s,%s",
                                              pszBuiltinGroupName,
                                              VMDIR_BUILTIN_CONTAINER_NAME,
@@ -3295,7 +3095,7 @@ VmDirGetDCContainerDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -3341,7 +3141,7 @@ VmDirGetServerAccountDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -3517,7 +3317,7 @@ VmDirGetComputerAccountDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -3680,127 +3480,6 @@ VmDirSetComputerGuidInternal(
     goto cleanup;
 }
 
-DWORD
-VmDirGetMemberships(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR pszUPNName,
-    PSTR  **pppszMemberships,
-    PDWORD pdwMemberships
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszFilter = NULL;
-    PSTR pszAttrMemberOf = ATTR_MEMBEROF; // memberOf
-    PSTR  ppszAttrs[] = { pszAttrMemberOf, NULL};
-    DWORD dwCount = 0;
-    LDAPMessage *pResult = NULL;
-    LDAPMessage *pEntry = NULL;
-    struct berval** ppValues = NULL;
-    PSTR *ppszMemberships = NULL;
-    DWORD dwMemberships = 0;
-    DWORD i = 0;
-
-    if (pConnection == NULL ||
-        pConnection->pLd == NULL ||
-        IsNullOrEmptyString(pszUPNName) ||
-        pppszMemberships == NULL ||
-        pdwMemberships == NULL)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringPrintf(&pszFilter, "(%s=%s)", ATTR_KRB_UPN, pszUPNName); // userPrincipalName
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = ldap_search_ext_s(
-                    pConnection->pLd,
-                    "",
-                    LDAP_SCOPE_SUBTREE,
-                    pszFilter,
-                    (PSTR*)ppszAttrs,
-                    0,
-                    NULL,
-                    NULL,
-                    NULL,
-                    -1,
-                    &pResult);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwCount = ldap_count_entries(pConnection->pLd, pResult);
-    if (dwCount == 0)
-    {
-        dwError = LDAP_NO_SUCH_OBJECT;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (dwCount > 1)
-    {
-        dwError = LDAP_OPERATIONS_ERROR;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pEntry = ldap_first_entry(pConnection->pLd, pResult);
-    if (!pEntry)
-    {
-        dwError = LDAP_NO_SUCH_OBJECT;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    ppValues = ldap_get_values_len(pConnection->pLd, pEntry, pszAttrMemberOf);
-    if (!ppValues)
-    {
-        dwMemberships = 0;
-    }
-    else
-    {
-        dwMemberships = ldap_count_values_len(ppValues);
-    }
-
-    if (dwMemberships)
-    {
-        dwError = VmDirAllocateMemory(dwMemberships * sizeof(PSTR), (PVOID)&ppszMemberships);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        for (i = 0; ppValues[i] != NULL; i++)
-        {
-            PCSTR pszMemberOf = ppValues[i]->bv_val;
-
-            dwError = VmDirAllocateStringA(pszMemberOf, &ppszMemberships[i]);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    *pppszMemberships = ppszMemberships;
-    *pdwMemberships = dwMemberships;
-
-cleanup:
-
-    if(ppValues)
-    {
-        ldap_value_free_len(ppValues);
-    }
-
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pszFilter);
-
-    return dwError;
-
-error:
-    if (ppszMemberships != NULL && dwMemberships > 0)
-    {
-        for (i = 0; i < dwMemberships; i++)
-        {
-            VMDIR_SAFE_FREE_STRINGA(ppszMemberships[i]);
-        }
-        VMDIR_SAFE_FREE_MEMORY(ppszMemberships);
-    }
-    goto cleanup;
-}
-
 DWORD
 VmDirGetReplicateCycleCountInternal(
     PVMDIR_CONNECTION   pConnection,
@@ -3917,7 +3596,7 @@ VmDirGetDomainFuncLvlInternal(
     }
 
     // Get the domain DN from the domain name.
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomain,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -4000,7 +3679,7 @@ VmDirSetDomainFuncLvlInternal(
     }
 
     // Get the value into place.
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                   &pszFuncLvl,
                   "%d",
                   dwFuncLvl
@@ -4019,7 +3698,7 @@ VmDirSetDomainFuncLvlInternal(
     mods[1] = NULL;
 
     // Get the DomainDN
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomainName,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -4080,10 +3759,10 @@ VmDirGetAllDCInternal(
     dwError = VmDirStringListInitialize( &pStrList, 16);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                 &pszBaseDN, "%s=%s,%s",
                 ATTR_OU, VMDIR_DOMAIN_CONTROLLERS_RDN_VAL, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -4294,16 +3973,16 @@ VmDirGetObjectAttribute(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszSearchBase,
+    dwError = VmDirAllocateStringPrintf(&pszSearchBase,
                                             "%s,%s",
                                             pszSearchDNPrefix,
                                             pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszFilter,
                     "(objectclass=%s)",
                     pszObjectClass
@@ -4368,3 +4047,83 @@ VmDirGetObjectAttribute(
     VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s failed. Error(%u)", __FUNCTION__, dwError);
     goto cleanup;
 }
+
+/*
+ * Search DSE root for Raft state at the host and append them to the dequeue
+ */
+DWORD
+VmDirAppendRaftState(
+    PDEQUE pRaftState,
+    PCSTR pHostName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszLocalHostURI = NULL;
+    LDAP* pLd = NULL;
+    BerValue** ppBerValues = NULL;
+    PSTR pNode = NULL;
+    int i = 0;
+    DWORD       dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+    DWORD       dwTmpLdapPort = 0;
+
+    if (IsNullOrEmptyString(pHostName) || pRaftState == NULL)
+    {
+        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+                VMDIR_REG_KEY_LDAP_PORT,
+                &dwTmpLdapPort,
+                DEFAULT_LDAP_PORT_NUM) == ERROR_SUCCESS)
+    {
+        dwLdapPort = dwTmpLdapPort;
+    }
+
+    if ( VmDirIsIPV6AddrFormat( pHostName ) )
+    {
+        dwError = VmDirAllocateStringPrintf( &pszLocalHostURI, "%s://[%s]:%d", VMDIR_LDAP_PROTOCOL,
+                                                 pHostName, dwLdapPort);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf( &pszLocalHostURI, "%s://%s:%d",
+                                                 VMDIR_LDAP_PROTOCOL, pHostName, dwLdapPort);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAnonymousLDAPBindWithTimeout( &pLd, pszLocalHostURI, VMDIR_ANONYMOUS_BIND_TIMEOUT);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLdapGetAttributeValues( pLd, "", ATTR_RAFT_STATE, NULL, &ppBerValues);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i=0; ppBerValues[i] && ppBerValues[i]->bv_len > 0; i++)
+    {
+        dwError = VmDirAllocateStringPrintf(&pNode, "%s", ppBerValues[i]->bv_val);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = dequePush(pRaftState, pNode);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pNode = NULL;
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLocalHostURI);
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+
+    if(ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+
+    return dwError;
+error:
+    VMDIR_SAFE_FREE_MEMORY(pNode);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirAppendRaftState failed with error (%u)", dwError);
+    goto cleanup;
+}
diff --git a/lwraft/client/liblwraftclient.exp b/lwraft/client/liblwraftclient.exp
index c77f5a892..80392440c 100644
--- a/lwraft/client/liblwraftclient.exp
+++ b/lwraft/client/liblwraftclient.exp
@@ -1,41 +1,15 @@
 ldap_syslog
 slap_debug
 VmDirSetupHostInstance
-VmDirDemote
 VmDirJoin
-VmDirClientJoin
-VmDirClientLeave
 VmDirSetupTenantInstance
 VmDirForceResetPassword
-VmDirSetPassword
-VmDirChangePassword
 VmDirGetDomainName
-VmDirGetLocalLduGuid
-VmDirGetKrbMasterKey
-VmDirGetKrbUPNKey
-VmDirCreateUser
-VmDirGetMemberships
 VmDirRpcFreeMemory
 VmDirGetErrorMessage
-VmDirGetServers
-VmDirGetComputers
-VmDirGetDCInfo
-VmDirFreeDCInfo
-VmDirFreeDCInfoArray
-VmDirFreeStringArray
-VmDirGetReplicationPartners
-VmDirGetReplicationPartnerStatus
-VmDirAddReplicationAgreement
-VmDirRemoveReplicationAgreement
-VmDirSetupLdu
 VmDirGetVmDirLogPath
 VmDirSetState
 VmDirGetState
-VmDirCreateService
-VmDirCreateGroup
-VmDirGroupAddMember
-VmDirGroupRemoveMember
-VmDirReplNow
 VmDirLogInitialize
 VmDirLogTerminate
 VmDirLog
@@ -47,32 +21,18 @@ VmDirGetLogLevelH
 VmDirSetLogMask
 VmDirSetLogMaskH
 VmDirGetLogMaskH
-VmDirSetSRPSecret
-VmDirGetSiteGuid
 VmDirConnectionOpen
 VmDirConnectionOpenByHost
 VmDirConnectionGetLdap
 VmDirConnectionClose
-VmDirLeaveFederation
 VmDirRefreshActPassword
 VmDirResetMachineActCred
 VmDirSafeLDAPBind
 VmDirRegReadDCAccount
-VmDirGetServerID
-VmDirGetComputerID
-VmDirSetServerID
-VmDirSetComputerID
 VmDirOpenServerA
 VmDirOpenServerW
 VmDirCloseServer
 VmDirGeneratePassword
-VmDirCreateUserA
-VmDirCreateUserW
-VmDirGetUsnFromPartners
-VmDirFreeMemberships
-VmDirGetSiteName
-VmDirGetPartnerSiteName
-VmDirGetReplicationCycleCount
 VmDirSuperLogQueryServerData
 VmDirSuperLogEnable
 VmDirSuperLogDisable
@@ -84,22 +44,17 @@ VmDirSuperLogGetEntriesLdapOperation
 VmDirSuperLogGetTable
 VmDirFreeSuperLogEntryLdapOperationArray
 VmDirFreeSuperLogTable
-VmDirGetDomainFunctionalLevel
-VmDirSetDomainFunctionalLevel
-VmDirGetDCNodesVersion
-VmDirFreeDCVersionInfo
 VmDirOpenDatabaseFile
 VmDirReadDatabaseFile
 VmDirCloseDatabaseFile
 VmDirSetBackendState
-VmDirGetReplicationState
-VmDirFreeReplicationState
-VmDirGetAttributeMetadata
-VmDirFreeMetadata
-VmDirFreeMetadataList
-VmDirUrgentReplicationRequest
-VmDirUrgentReplicationResponse
 VmDirGetMode
 VmDirSetMode
 VmDirRaftRequestVote
 VmDirRaftAppendEntries
+VmDirAppendRaftState
+VmDirRaftLeader
+VmDirRaftListCluster
+VmDirRaftShowClusterState
+VmDirRaftLeaveCluster
+VmDirFreeRaftCluster
diff --git a/lwraft/client/prototypes.h b/lwraft/client/prototypes.h
index da4bfc8be..083b52f05 100644
--- a/lwraft/client/prototypes.h
+++ b/lwraft/client/prototypes.h
@@ -216,11 +216,6 @@ VmDirGetServerName(
     PCSTR pszHostName,
     PSTR* ppszServerName);
 
-DWORD
-VmDirGetLocalLduGuid(
-    PSTR pszLduGuid
-    );
-
 DWORD
 VmDirGetLocalSiteGuid(
     PSTR pszSiteGuid
@@ -328,14 +323,6 @@ VmDirLdapDeleteServiceAccount(
     BOOLEAN bActuallyDelete
     );
 
-DWORD
-VmDirMergeGroups(
-    LDAP*   pSourceLd,
-    LDAP*   pTargetLd,
-    PCSTR   pszSourceDomainDN,
-    PCSTR   pszTargetDomainDN
-    );
-
 DWORD
 VmDirAddVmIdentityGroup(
     LDAP* pLd,
@@ -586,6 +573,13 @@ VmDirLocalGeneratePassword(
     VMDIR_DATA_CONTAINER* pPasswdContainer
 );
 
+DWORD
+VmDirLocalGetSRPSecret(
+    PCSTR       pszUPN,
+    PBYTE*      ppSecretBlob,
+    DWORD*      pSize
+);
+
 DWORD
 VmDirLocalSetSRPSecret(
     PCWSTR      pwszUPN,
@@ -713,3 +707,20 @@ VmDirLdapGetHighWatermark(
     USN*       pLastLocalUsn
     );
 
+/* raftclient.c */
+BOOLEAN
+VmDirRaftServerExists(
+    PCSTR       pszHostName,
+    PCSTR       pszDomainName,
+    PCSTR       pszUserName,
+    PCSTR       pszPassword,
+    PCSTR       pszRaftHostName
+    );
+
+/* ldaputil.c */
+DWORD
+VmDirGetDSERootAttribute(
+    PCSTR pszHostName,
+    PCSTR pszAttrName,
+    PSTR* ppszAttrValue
+    );
diff --git a/lwraft/client/raftclient.c b/lwraft/client/raftclient.c
new file mode 100644
index 000000000..50bfb9b03
--- /dev/null
+++ b/lwraft/client/raftclient.c
@@ -0,0 +1,797 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+_VmDirConnectToRaft(
+    PCSTR   pszServerName,
+    PCSTR   pszDomainName,
+    PCSTR   pszUserName,
+    PCSTR   pszPassword,
+    LDAP**  ppLd
+    );
+
+static
+DWORD
+_VmDirConnectToRaftLeader(
+    PCSTR   pszServerName,
+    PCSTR   pszDomainName,
+    PCSTR   pszUserName,
+    PCSTR   pszPassword,
+    LDAP**  ppLd
+    );
+
+static
+DWORD
+_VmDirRaftStateBerValueToCluster(
+    BerValue**              ppBerValues,
+    PVMDIR_RAFT_CLUSTER*    ppCluster
+    );
+
+static
+DWORD
+_VmDirRaftAllocAndAddNode(
+    PVMDIR_RAFT_CLUSTER pCluster,
+    PCSTR               pszName,
+    VMDIR_RAFT_ROLE     role
+    );
+
+static
+DWORD
+_VmDirRaftClusterAddNode(
+    PVMDIR_RAFT_CLUSTER pCluster,
+    PVMDIR_RAFT_NODE    pNode
+    );
+
+BOOLEAN
+VmDirRaftServerExists(
+    PCSTR       pszHostName,
+    PCSTR       pszDomainName,
+    PCSTR       pszUserName,
+    PCSTR       pszPassword,
+    PCSTR       pszRaftHostName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDomainDN = NULL;
+    PSTR    pszRaftDN = NULL;
+    LDAP*   pLd = NULL;
+    BOOLEAN bRaftServerExists = TRUE;
+
+    dwError = _VmDirConnectToRaft(pszHostName, pszDomainName, pszUserName, pszPassword, &pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszRaftDN,
+            "%s=%s,%s=%s,%s",
+            ATTR_CN,
+            pszRaftHostName,
+            ATTR_OU,
+            VMDIR_DOMAIN_CONTROLLERS_RDN_VAL,
+            pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    bRaftServerExists = VmDirIfDNExist(pLd, pszRaftDN);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
+    VMDIR_SAFE_FREE_MEMORY(pszRaftDN);
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+
+    return bRaftServerExists;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirRaftLeader(
+    PCSTR   pszServerName,
+    PSTR*   ppszLeader
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = VmDirGetDSERootAttribute(
+                    pszServerName,
+                    ATTR_RAFT_LEADER,
+                    ppszLeader);
+
+    if (dwError == LDAP_NO_SUCH_ATTRIBUTE)
+    {
+        dwError = VMDIR_ERROR_NO_LEADER;
+    }
+
+    return dwError;
+}
+
+DWORD
+VmDirRaftListCluster(
+    PCSTR                   pszServerName,
+    PVMDIR_RAFT_CLUSTER*    ppRaftCluster
+    )
+{
+    DWORD   dwError = 0;
+    int     iCnt = 0;
+    int     iNum = 0;
+    PSTR    pszLeader = NULL;
+    LDAP*   pLd = NULL;
+    PVMDIR_RAFT_CLUSTER pCluster = NULL;
+    PCSTR   ppszAttrs[] = {ATTR_RAFT_LEADER, ATTR_RAFT_FOLLOWERS, ATTR_RAFT_MEMBERS, NULL};
+    LDAPMessage*    pResult = NULL;
+    LDAPMessage*    pEntry = NULL;
+    BerValue**      ppBerValues = NULL;
+
+    if (IsNullOrEmptyString(pszServerName) ||
+        !ppRaftCluster)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if ((dwError = _VmDirConnectToRaftLeader(pszServerName, NULL, NULL, NULL, &pLd)) != 0)
+    {
+        dwError = _VmDirConnectToRaft(pszServerName, NULL, NULL, NULL, &pLd);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = ldap_search_ext_s(
+                    pLd,
+                    "",
+                    LDAP_SCOPE_BASE,
+                    NULL,
+                    (PSTR*)ppszAttrs,
+                    FALSE, /* attr only       */
+                    NULL,  /* server controls */
+                    NULL,  /* client controls */
+                    NULL,  /* timeout         */
+                    0,     /* size limit      */
+                    &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    if (!pEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(*pCluster), (PVOID*)&pCluster);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (iCnt = 0; ppszAttrs[iCnt]; iCnt++)
+    {
+        if(ppBerValues)
+        {
+            ldap_value_free_len(ppBerValues);
+        }
+        if ((ppBerValues = ldap_get_values_len(pLd, pEntry, ppszAttrs[iCnt])) == NULL)
+        {
+            continue;
+        }
+
+        if (VmDirStringCompareA(ppszAttrs[iCnt], ATTR_RAFT_LEADER, FALSE) == 0)
+        {
+            dwError = _VmDirRaftAllocAndAddNode(pCluster, ppBerValues[0]->bv_val, VMDIRD_RAFT_ROLE_LEADER);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (VmDirStringCompareA(ppszAttrs[iCnt], ATTR_RAFT_FOLLOWERS, FALSE) == 0)
+        {
+            for (iNum = 0; ppBerValues[iNum]; iNum++)
+            {
+                dwError = _VmDirRaftAllocAndAddNode(pCluster, ppBerValues[iNum]->bv_val, VMDIRD_RAFT_ROLE_FOLLOWER);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+        else if (VmDirStringCompareA(ppszAttrs[iCnt], ATTR_RAFT_MEMBERS, FALSE) == 0)
+        {
+            for (iNum = 0; ppBerValues[iNum]; iNum++)
+            {
+                dwError = _VmDirRaftAllocAndAddNode(pCluster, ppBerValues[iNum]->bv_val, VMDIRD_RAFT_ROLE_CANDIDATE);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+    }
+
+    *ppRaftCluster = pCluster;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLeader);
+    if(ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+
+    return dwError;
+
+error:
+    VmDirFreeRaftCluster(pCluster);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRaftShowClusterState(
+    PCSTR                   pszServerName,
+    PCSTR                   pszDomainName,
+    PCSTR                   pszUserName,
+    PCSTR                   pszPassword,
+    PVMDIR_RAFT_CLUSTER*    ppRaftCluster
+    )
+{
+    DWORD   dwError = 0;
+    LDAP*   pLd = NULL;
+    PVMDIR_RAFT_CLUSTER pCluster = NULL;
+    PCSTR   ppszAttrs[] = {ATTR_RAFT_STATE, NULL};
+    LDAPMessage*    pResult = NULL;
+    LDAPMessage*    pEntry = NULL;
+    BerValue**      ppBerValues = NULL;
+
+    if (IsNullOrEmptyString(pszServerName) ||
+        IsNullOrEmptyString(pszDomainName) ||
+        IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        !ppRaftCluster)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirConnectToRaftLeader(
+                pszServerName,
+                pszDomainName,
+                pszUserName,
+                pszPassword,
+                &pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                    pLd,
+                    RAFT_STATE_DN,
+                    LDAP_SCOPE_BASE,
+                    "objectclass=*",
+                    (PSTR*)ppszAttrs,
+                    FALSE, /* attr only       */
+                    NULL,  /* server controls */
+                    NULL,  /* client controls */
+                    NULL,  /* timeout         */
+                    0,     /* size limit      */
+                    &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    if (!pEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+    }
+
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ppszAttrs[0]);
+    if (!ppBerValues || !ppBerValues[0]->bv_val)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+    }
+
+    dwError = _VmDirRaftStateBerValueToCluster(ppBerValues, &pCluster);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppRaftCluster = pCluster;
+    pCluster = NULL;
+
+cleanup:
+    if(ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+    return dwError;
+
+error:
+	VmDirFreeRaftCluster(pCluster);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRaftLeaveCluster(
+    PCSTR                   pszServerName,
+    PCSTR                   pszDomainName,
+    PCSTR                   pszUserName,
+    PCSTR                   pszPassword,
+    PCSTR                   pszLeaveNode
+    )
+{
+    DWORD   dwError = 0;
+    LDAP*   pLd = NULL;
+    PSTR    pszLeaveNodeUPN = NULL;
+    PSTR    pszLeaveNodeDN = NULL;
+
+    if (IsNullOrEmptyString(pszServerName) ||
+        IsNullOrEmptyString(pszDomainName) ||
+        IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        IsNullOrEmptyString(pszLeaveNode))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirConnectToRaftLeader(
+                pszServerName,
+                pszDomainName,
+                pszUserName,
+                pszPassword,
+                &pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszLeaveNodeUPN,
+            "%s@%s",
+            pszLeaveNode,
+            pszDomainName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirConvertUPNToDN(pLd, pszLeaveNodeUPN, &pszLeaveNodeDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_delete_ext_s(pLd, pszLeaveNodeDN, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLeaveNodeUPN);
+    VMDIR_SAFE_FREE_MEMORY(pszLeaveNodeDN);
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+VOID
+VmDirFreeRaftNode(
+    PVMDIR_RAFT_NODE    pNode
+    )
+{
+    if (pNode)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pNode->pszName);
+        VMDIR_SAFE_FREE_MEMORY(pNode);
+    }
+}
+
+VOID
+VmDirFreeRaftCluster(
+    PVMDIR_RAFT_CLUSTER     pRaftCluster
+    )
+{
+    if (pRaftCluster)
+    {
+        PVMDIR_RAFT_NODE    pCurrent = NULL;
+        PVMDIR_RAFT_NODE    pNextNode = NULL;
+
+        VMDIR_SAFE_FREE_MEMORY(pRaftCluster->pszLeader);
+
+        for (pCurrent = pRaftCluster->pNode; pCurrent; pCurrent = pNextNode)
+        {
+            pNextNode = pCurrent->pNext;
+            VmDirFreeRaftNode(pCurrent);
+        }
+    }
+}
+
+static
+DWORD
+_VmDirConnectToRaft(
+    PCSTR   pszServerName,
+    PCSTR   pszDomainName,
+    PCSTR   pszUserName,
+    PCSTR   pszPassword,
+    LDAP**  ppLd
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszLocalHostURI = NULL;
+    LDAP*   pLd = NULL;
+    DWORD   dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+
+    if (pszUserName && pszPassword)
+    {
+        dwError = VmDirConnectLDAPServer(
+                    &pLd,
+                    pszServerName,
+                    pszDomainName,
+                    pszUserName,
+                    pszPassword);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        // ignore error
+        VmDirGetRegKeyValueDword(
+                    VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+                    VMDIR_REG_KEY_LDAP_PORT,
+                    &dwLdapPort,
+                    DEFAULT_LDAP_PORT_NUM);
+
+        if ( VmDirIsIPV6AddrFormat( pszServerName ) )
+        {
+            dwError = VmDirAllocateStringPrintf(
+                    &pszLocalHostURI,
+                    "%s://[%s]:%d",
+                    VMDIR_LDAP_PROTOCOL,
+                    pszServerName,
+                    dwLdapPort);
+        }
+        else
+        {
+            dwError = VmDirAllocateStringPrintf(
+                    &pszLocalHostURI,
+                    "%s://%s:%d",
+                    VMDIR_LDAP_PROTOCOL,
+                    pszServerName,
+                    dwLdapPort);
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAnonymousLDAPBind( &pLd, pszLocalHostURI );
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppLd = pLd;
+    pLd = NULL;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLocalHostURI);
+
+    return dwError;
+
+error:
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirConnectToRaftLeader(
+    PCSTR   pszServerName,
+    PCSTR   pszDomainName,
+    PCSTR   pszUserName,
+    PCSTR   pszPassword,
+    LDAP**  ppLd
+    )
+{
+    DWORD   dwError = 0;
+    PCSTR   ppszAttrs[] = {ATTR_RAFT_LEADER, NULL};
+    LDAP*   pLd = NULL;
+    LDAP*   pLeaderLd = NULL;
+    LDAPMessage*    pResult = NULL;
+    LDAPMessage*    pEntry = NULL;
+    BerValue**      ppBerValues = NULL;
+
+    dwError = _VmDirConnectToRaft(
+                pszServerName,
+                pszDomainName,
+                pszUserName,
+                pszPassword,
+                &pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                    pLd,
+                    "",
+                    LDAP_SCOPE_BASE,
+                    NULL,
+                    (PSTR*)ppszAttrs,
+                    FALSE, /* attr only       */
+                    NULL,  /* server controls */
+                    NULL,  /* client controls */
+                    NULL,  /* timeout         */
+                    0,     /* size limit      */
+                    &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    if (!pEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+    }
+
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ppszAttrs[0]);
+    if (!ppBerValues || !ppBerValues[0]->bv_val)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NO_LEADER);
+    }
+
+    if (VmDirStringCompareA(pszServerName, ppBerValues[0]->bv_val, FALSE) != 0)
+    {
+        dwError = _VmDirConnectToRaft(
+                    ppBerValues[0]->bv_val,
+                    pszDomainName,
+                    pszUserName,
+                    pszPassword,
+                    &pLeaderLd);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pLeaderLd)
+    {
+        *ppLd = pLeaderLd;
+        pLeaderLd = NULL;
+    }
+    else
+    {
+        *ppLd = pLd;
+        pLd = NULL;
+    }
+
+cleanup:
+    if(ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+    if (pLeaderLd)
+    {
+        ldap_unbind_ext_s(pLeaderLd, NULL, NULL);
+    }
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirRaftAllocAndAddNode(
+    PVMDIR_RAFT_CLUSTER pCluster,
+    PCSTR               pszName,
+    VMDIR_RAFT_ROLE     role
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_RAFT_NODE    pNode = NULL;
+
+    dwError = VmDirAllocateMemory(sizeof(*pNode), (PVOID*)&pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(pszName, &pNode->pszName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pNode->bActive = TRUE;
+    pNode->role = role;
+
+    dwError = _VmDirRaftClusterAddNode(pCluster, pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pNode = NULL;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirFreeRaftNode(pNode);
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirRaftClusterAddNode(
+    PVMDIR_RAFT_CLUSTER pCluster,
+    PVMDIR_RAFT_NODE    pNode
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_RAFT_NODE    pTmp = pCluster->pNode;
+
+    if (pNode->role == VMDIRD_RAFT_ROLE_CANDIDATE)
+    {
+        pCluster->dwNumMmember++;
+    }
+
+    while (pTmp)
+    {
+        if (VmDirStringCompareA(pNode->pszName, pTmp->pszName, FALSE) == 0)
+        {
+            VmDirFreeRaftNode(pNode);
+            goto cleanup;
+        }
+        pTmp = pTmp->pNext;
+    }
+
+    if (pNode->role == VMDIRD_RAFT_ROLE_LEADER)
+    {
+        dwError = VmDirAllocateStringA(pNode->pszName, &pCluster->pszLeader);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else if (pNode->role == VMDIRD_RAFT_ROLE_FOLLOWER)
+    {
+        pCluster->dwNumActiveFollower++;
+    }
+
+    pNode->pNext = pCluster->pNode;
+    pCluster->pNode = pNode;
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+#define VMDIR_RAFT_NODE_PREFIX              "node: "
+#define VMDIR_RAFT_ROLE_PREFIX              "role: "
+#define VMDIR_RAFT_LASTOINDEX_PREFIX        "lastIndex: "
+#define VMDIR_RAFT_LASTAPPLIESINDEX_PREFIX  "lastAppliedIndex: "
+#define VMDIR_RAFT_TERM_PREFIX              "term: "
+#define VMDIR_RAFT_LEADER_PREFIX            "leader: "
+#define VMDIR_RAFT_NODE_SEPERATOR_PREFIX    "-"
+
+/*
+ * We expect following -
+ * 1. node is separated by "-"
+ * 2. each node start with "node: xxx"
+ */
+static
+DWORD
+_VmDirRaftStateBerValueToCluster(
+    BerValue**              ppBerValues,
+    PVMDIR_RAFT_CLUSTER*    ppCluster
+    )
+{
+    DWORD   dwError = 0;
+    int     iCnt = 0;
+    PVMDIR_RAFT_CLUSTER pCluster = NULL;
+    PVMDIR_RAFT_NODE    pLocalNode = NULL;
+    PVMDIR_RAFT_NODE    pNode = NULL;
+
+    dwError = VmDirAllocateMemory(sizeof(*pCluster), (PVOID*)&pCluster);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (iCnt=0; ppBerValues[iCnt] && ppBerValues[iCnt]->bv_len > 0; iCnt++)
+    {
+        if (VmDirStringStartsWith(ppBerValues[iCnt]->bv_val, VMDIR_RAFT_NODE_PREFIX, FALSE))
+        {
+            if (pLocalNode)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+            }
+
+            dwError = VmDirAllocateMemory(sizeof(*pLocalNode), (PVOID*)&pLocalNode);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirAllocateStringA(ppBerValues[iCnt]->bv_val+strlen(VMDIR_RAFT_NODE_PREFIX), &pLocalNode->pszName);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (VmDirStringStartsWith(ppBerValues[iCnt]->bv_val, VMDIR_RAFT_ROLE_PREFIX, FALSE))
+        {
+            if (!pLocalNode)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+            }
+
+            if (VmDirStringCompareA(ppBerValues[iCnt]->bv_val+strlen(VMDIR_RAFT_ROLE_PREFIX), "leader", FALSE) == 0)
+            {
+                pLocalNode->role = VMDIRD_RAFT_ROLE_LEADER;
+            }
+            else if (VmDirStringCompareA(ppBerValues[iCnt]->bv_val+strlen(VMDIR_RAFT_ROLE_PREFIX), "follower", FALSE) == 0)
+            {
+                pLocalNode->role = VMDIRD_RAFT_ROLE_FOLLOWER;
+            }
+            else
+            {
+                pLocalNode->role = VMDIRD_RAFT_ROLE_CANDIDATE;
+            }
+        }
+        else if (VmDirStringStartsWith(ppBerValues[iCnt]->bv_val, VMDIR_RAFT_LASTOINDEX_PREFIX, FALSE))
+        {
+            if (!pLocalNode)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+            }
+
+            pLocalNode->iLastLogIndex = atoll(ppBerValues[iCnt]->bv_val+strlen(VMDIR_RAFT_LASTOINDEX_PREFIX));
+        }
+        else if (VmDirStringStartsWith(ppBerValues[iCnt]->bv_val, VMDIR_RAFT_LASTAPPLIESINDEX_PREFIX, FALSE))
+        {
+            if (!pLocalNode)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+            }
+
+            pLocalNode->iLastAppliedIndex = atoll(ppBerValues[iCnt]->bv_val+strlen(VMDIR_RAFT_LASTAPPLIESINDEX_PREFIX));
+        }
+        else if (VmDirStringStartsWith(ppBerValues[iCnt]->bv_val, VMDIR_RAFT_TERM_PREFIX, FALSE))
+        {
+            if (!pLocalNode)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+            }
+
+            pLocalNode->iRaftTerm = atoll(ppBerValues[iCnt]->bv_val+strlen(VMDIR_RAFT_TERM_PREFIX));
+        }
+        else if (VmDirStringStartsWith(ppBerValues[iCnt]->bv_val, VMDIR_RAFT_NODE_SEPERATOR_PREFIX, FALSE))
+        {
+            if (!pLocalNode)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+            }
+
+            pLocalNode->pNext = pCluster->pNode;
+            pCluster->pNode = pLocalNode;
+            pLocalNode = NULL;
+        }
+    }
+
+    for (pNode = pCluster->pNode; pNode; pNode = pNode->pNext)
+    {
+        if (pNode->role == VMDIRD_RAFT_ROLE_LEADER)
+        {
+            pNode->bActive = TRUE;
+            dwError = VmDirAllocateStringA(pNode->pszName, &pCluster->pszLeader);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (pNode->role == VMDIRD_RAFT_ROLE_FOLLOWER)
+        {
+            pNode->bActive = TRUE;
+            pCluster->dwNumActiveFollower++;
+        }
+        else
+        {
+            pCluster->dwNumMmember++;
+        }
+    }
+
+    *ppCluster = pCluster;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirFreeRaftNode(pLocalNode);
+    VmDirFreeRaftCluster(pCluster);
+    goto cleanup;
+}
diff --git a/lwraft/client/repadmin.c b/lwraft/client/repadmin.c
index 18920a12b..a1a1bdf45 100644
--- a/lwraft/client/repadmin.c
+++ b/lwraft/client/repadmin.c
@@ -22,16 +22,6 @@ _VmDirIsClassReplicable(
     struct berval** ppObjectClassValues
     );
 
-static
-DWORD
-_VmDirIsHostAPartner(
-    LDAP *pLd,
-    PCSTR pszHostDn,
-    PCSTR pszDCAccount,
-    PBOOLEAN pIsParter,
-    PSTR *ppszPartnerRaDn
-    );
-
 static
 DWORD
 VmDirGetServersInfoOnSite(
@@ -106,121 +96,6 @@ DWORD VmDirCreateLdAtHostViaMachineAccount(
     goto cleanup;
 }
 
-/*
- * Query the host (pszHostName) for servers topology, and
- * follow those servers (partners) to get the highest USN
- */
-DWORD
-VmDirGetUsnFromPartners(
-    PCSTR pszHostName,
-    USN   *pUsn
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszServerName = NULL;
-    PSTR pszDomain = NULL;
-    PINTERNAL_SERVER_INFO pInternalServerInfo = NULL;
-    DWORD i = 0;
-    DWORD dwInfoCount = 0;
-    LDAP* pLd = NULL;
-    LDAP* pPartnerLd = NULL;
-    BOOLEAN isPartner = FALSE;
-    PSTR pszDCAccount = NULL;
-    PSTR pPartnerHost = NULL;
-    USN usn = {0};
-    USN highestUsn = {0};
-    PSTR pPartnerRaDn = NULL;
-
-    //Get all vmdir servers in the forest.
-    dwError = VmDirCreateLdAtHostViaMachineAccount(pszHostName, &pLd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetServerName( pszHostName, &pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetDomainName( pszServerName, &pszDomain);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRegReadDCAccount(&pszDCAccount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetServersInfoOnSite( pLd, NULL,  pszServerName, pszDomain, &pInternalServerInfo, &dwInfoCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i=0; i<dwInfoCount; i++)
-    {
-        VMDIR_SAFE_FREE_STRINGA(pPartnerRaDn);
-        dwError = _VmDirIsHostAPartner(pLd, pInternalServerInfo[i].pszServerDN,
-                                      pszDCAccount, &isPartner, &pPartnerRaDn);
-        if (dwError !=0)
-        {
-            //Ignore this host as if it is not a partner, and try the next server
-            continue;
-        }
-
-        if (isPartner)
-        {
-            VMDIR_SAFE_FREE_STRINGA(pPartnerHost);
-            dwError = VmDirDnLastRDNToCn(pInternalServerInfo[i].pszServerDN, &pPartnerHost);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            if (pPartnerLd)
-            {
-                ldap_unbind_ext_s(pPartnerLd, NULL, NULL);
-                pPartnerLd = NULL;
-            }
-            //Bind to the partner
-            dwError = VmDirCreateLdAtHostViaMachineAccount(pPartnerHost, &pPartnerLd);
-            if (dwError != 0)
-            {
-                //Cannot connect/bind to the partner - treat is as non-partner (i.e. best-effort approach)
-                dwError = 0;
-                continue;
-            }
-            //Get LastLocalUsnProcessed
-            dwError = VmDirGetLastLocalUsnProcessedForHostFromRADN(pPartnerLd,
-                              pPartnerRaDn, &usn);
-            if (dwError != 0)
-            {
-                dwError = 0;
-                continue;
-            }
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirGetUsnFromPartners: USN from partner %s: %lu", pPartnerHost, usn);
-            if (usn > highestUsn)
-            {
-                highestUsn = usn;
-            }
-        }
-    }
-    if (highestUsn == 0)
-    {
-        dwError = ERROR_NOT_FOUND;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    *pUsn = highestUsn;
-
-cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszServerName);
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
-    VMDIR_SAFE_FREE_STRINGA(pszDomain);
-    VMDIR_SAFE_FREE_STRINGA(pPartnerHost);
-    VMDIR_SAFE_FREE_STRINGA(pPartnerRaDn);
-    VMDIR_SAFE_FREE_MEMORY(pInternalServerInfo);
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-        pLd = NULL;
-    }
-    if (pPartnerLd)
-    {
-        ldap_unbind_ext_s(pPartnerLd, NULL, NULL);
-        pPartnerLd = NULL;
-    }
-    return dwError;
-error:
-    goto cleanup;
-}
-
 VOID
 VmDirFreeMetadataInternal(
     PVMDIR_METADATA pMetadata
@@ -778,12 +653,12 @@ VmDirGetServersInfoOnSite(
     int                 searchLevel = LDAP_SCOPE_ONELEVEL;
     PSTR                pFilter = NULL;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (pszSiteName == NULL)
     {
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                       &pszSearchBaseDN,
                       "cn=Sites,cn=Configuration,%s",
                       pszDomainDN
@@ -791,7 +666,7 @@ VmDirGetServersInfoOnSite(
         searchLevel = LDAP_SCOPE_SUBTREE;
     } else
     {
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                       &pszSearchBaseDN,
                       "cn=Servers,cn=%s,cn=Sites,cn=Configuration,%s",
                       pszSiteName,
@@ -882,121 +757,3 @@ VmDirGetServersInfoOnSite(
     goto cleanup;
 }
 
-
-/*
- * Test if the remote host is an partner of this host, return the RA DN if it is.
- * The algorithm is to search replication agreement entries for attribute LABELED_URI.
- * If the atribute value (host portion) on any such entries matches the DCAccount of
- * the local host, then that host is a partner.
- * An sample of pszHostDn: cn=sea2-office-dhcp-97-124.eng.vmware.com,cn=Servers,
- *              cn=default-first-site,cn=Sites,cn=Configuration,dc=vsphere,dc=loca
- */
-static
-DWORD
-_VmDirIsHostAPartner(
-    LDAP *pLd,
-    PCSTR pszHostDn,
-    PCSTR pszDCAccount,
-    PBOOLEAN pIsParter,
-    PSTR *ppszPartnerRaDn
-    )
-{
-    DWORD dwError = 0;
-    LDAPMessage* pMessages = NULL;
-    int i = 0;
-    PSTR pszLabeledURI = ATTR_LABELED_URI;
-    PSTR ppszAttrs[] = { pszLabeledURI, NULL };
-    LDAPMessage *pEntry = NULL;
-    struct berval** ppValues = NULL;
-    PSTR pFilter = NULL;
-    DWORD dwInfoCount = 0;
-    PSTR pszPartnerHostName = NULL;
-    PSTR pszPartnerRaDn = NULL;
-
-    *pIsParter = FALSE;
-    dwError = VmDirAllocateStringPrintf(
-                      &pFilter,
-                      "%s=%s",
-                      ATTR_OBJECT_CLASS,
-                      OC_REPLICATION_AGREEMENT);
-
-    dwError = ldap_search_ext_s(
-                             pLd,
-                             pszHostDn,
-                             LDAP_SCOPE_SUB,
-                             pFilter,  /* filter */
-                             ppszAttrs,  /* attrs[]*/
-                             FALSE, /* get values  */
-                             NULL,  /* serverctrls */
-                             NULL,  /* clientctrls */
-                             NULL,  /* timeout */
-                             -1,
-                             &pMessages);
-    if (dwError !=0)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirIsHostAPartner: Cannot get replication agreement entries under %s, error %d",
-                        pszHostDn, dwError);
-        //When this occurs, bail out on the current server, and then try the next server.
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwInfoCount = ldap_count_entries(pLd, pMessages);
-    if (dwInfoCount == 0)
-    {
-        dwError = ERROR_NOT_FOUND;
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirIsHostAPartner: No replication agreement entries found under %s, error %d",
-                        pszHostDn, dwError);
-        //When this occurs, bail out on the current server, and then try the next server.
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    for (i=0, pEntry = ldap_first_entry(pLd, pMessages);
-         pEntry != NULL;
-         i++, pEntry = ldap_next_entry(pLd, pEntry))
-    {
-       if (ppValues)
-       {
-           ldap_value_free_len(ppValues);
-           ppValues = NULL;
-       }
-       ppValues = ldap_get_values_len(pLd, pEntry, pszLabeledURI);
-       if (!ppValues || (ldap_count_values_len(ppValues) != 1))
-       {
-           dwError = ERROR_NO_SUCH_ATTRIBUTE;
-           BAIL_ON_VMDIR_ERROR(dwError);
-       }
-       VMDIR_SAFE_FREE_STRINGA(pszPartnerHostName);
-       dwError = VmDirReplURIToHostname(ppValues[0]->bv_val, &pszPartnerHostName);
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       if (VmDirStringCompareA(pszPartnerHostName, pszDCAccount, FALSE) == 0)
-       {
-           *pIsParter = TRUE;
-           pszPartnerRaDn = ldap_get_dn(pLd, pEntry);
-           dwError = VmDirAllocateStringAVsnprintf(ppszPartnerRaDn, "%s", pszPartnerRaDn);
-           BAIL_ON_VMDIR_ERROR(dwError);
-           goto cleanup;
-       }
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pFilter);
-    VMDIR_SAFE_FREE_STRINGA(pszPartnerHostName);
-    if (ppValues)
-    {
-        ldap_value_free_len(ppValues);
-    }
-    if (pszPartnerRaDn)
-    {
-        ldap_memfree(pszPartnerRaDn);
-    }
-    if (pMessages)
-    {
-        ldap_msgfree(pMessages);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirIsHostAPartner failed. Error(%u)", dwError);
-    goto cleanup;
-}
diff --git a/lwraft/client/replication.c b/lwraft/client/replication.c
index e75b83a18..0ed8f03d6 100644
--- a/lwraft/client/replication.c
+++ b/lwraft/client/replication.c
@@ -1121,7 +1121,7 @@ _VmDirQueryReplStateUSN(
     LDAPMessage *pResult = NULL;
     LDAPMessage *pEntry = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszFilter, "usnchanged>=%u",
+    dwError = VmDirAllocateStringPrintf(&pszFilter, "usnchanged>=%u",
                                             VMDIR_MAX( currentUSN-MAX_REPL_STATE_USN_SEARCH, 0));
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/lwraft/client/setupldu.c b/lwraft/client/setupldu.c
deleted file mode 100644
index 8fd3e32a5..000000000
--- a/lwraft/client/setupldu.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-/*
- * Public API
- */
-//returns LDAP error codes
-DWORD
-VmDirSetupLdu(
-    PCSTR pszHostURI,
-    PCSTR pszDomain,
-    PCSTR pszUser,
-    PCSTR pszPassword)
-{
-    DWORD       dwError = 0;
-
-    LDAP*       pLd = NULL;
-    PSTR        pszDN = NULL;
-    PSTR        pszSiteGuid = NULL;
-    PSTR        pszLduGuid = NULL;
-
-    if (IsNullOrEmptyString(pszHostURI) ||
-        IsNullOrEmptyString(pszDomain) ||
-        IsNullOrEmptyString(pszUser) ||
-        IsNullOrEmptyString(pszPassword))
-    {
-        dwError =  LDAP_INVALID_SYNTAX;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (VmDirGenerateGUID(&pszLduGuid))
-    {
-        dwError = LDAP_OPERATIONS_ERROR;
-        VmDirLog( LDAP_DEBUG_ANY, "VmDirSetupLdu: VmDirGenerateGUID() failed.");
-        BAIL_ON_VMDIR_ERROR( dwError );
-    }
-
-    dwError = VmDirConnectLDAPServerByURI(
-                            &pLd,
-                            pszHostURI,
-                            pszDomain,
-                            pszUser,
-                            pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetSiteGuidInternal(pLd, pszDomain, &pszSiteGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateCMSubtree(
-        pLd,
-        pszDomain,
-        pszSiteGuid,
-        pszLduGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //Write GUIDs into registry
-    dwError = VmDirConfigSetDefaultSiteandLduGuid(
-                                                pszSiteGuid,
-                                                pszLduGuid);
-    if (dwError)
-    {
-        dwError = LDAP_OPERATIONS_ERROR;
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pszDN);
-    VMDIR_SAFE_FREE_MEMORY(pszSiteGuid);
-    VMDIR_SAFE_FREE_MEMORY(pszLduGuid);
-
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-
-    return dwError;
-
-error:
-
-    VmDirLog(LDAP_DEBUG_TRACE, "VmDirSetupLdu failed with error (%u)\n", dwError);
-
-    goto cleanup;
-}
-
diff --git a/lwraft/client/shell.c b/lwraft/client/shell.c
index b775fdbf1..c9fcdae67 100644
--- a/lwraft/client/shell.c
+++ b/lwraft/client/shell.c
@@ -64,7 +64,7 @@ VmDirCleanupData(
                                         MAX_PATH );
     BAIL_ON_VMDIR_ERROR( dwError );
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszCmd, "del /q \"%s\"", pszPath );
+    dwError = VmDirAllocateStringPrintf( &pszCmd, "del /q \"%s\"", pszPath );
     BAIL_ON_VMDIR_ERROR(dwError)
 
     dwError = VmDirRun( pszCmd );
@@ -133,18 +133,6 @@ VmDirGetVmDirLogPath(
 #ifndef _WIN32
     dwError = VmDirStringCpyA(pszPath, MAX_PATH, LWRAFT_LOG_DIR);
     BAIL_ON_VMDIR_ERROR(dwError);
-#else
-    _TCHAR* programDataPath           = NULL;
-
-    if ((dwError = VmDirGetRegKeyValue( VMDIR_CONFIG_SOFTWARE_KEY_PATH, VMDIR_REG_KEY_LOG_PATH, pszPath,
-                                        MAX_PATH )) != 0)
-    {
-       dwError = VmDirGetProgramDataEnvVar((_TCHAR *)"PROGRAMDATA", &programDataPath);
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringPrintFA(pszPath, MAX_PATH, "%s%s", programDataPath, "\\vmware\\cis\\logs\\lwraftd\\");
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
 #endif
 
     dwError = VmDirStringCatA(pszPath, MAX_PATH, pszLogFile);
diff --git a/lwraft/client/users.c b/lwraft/client/users.c
index 581c15cfe..ec2464bd7 100644
--- a/lwraft/client/users.c
+++ b/lwraft/client/users.c
@@ -16,183 +16,6 @@
 
 #include "includes.h"
 
-static
-DWORD
-VmDirValidateUserCreateParamsA(
-    PVMDIR_USER_CREATE_PARAMS_A pCreateParams
-    );
-
-static
-DWORD
-VmDirValidateUserCreateParamsW(
-    PVMDIR_USER_CREATE_PARAMS_W pCreateParams
-    );
-
-DWORD
-VmDirCreateUser(
-    PSTR pszUserName,
-    PSTR pszPassword,
-    PSTR pszUPNName,
-    BOOLEAN bRandKey
-    )
-{
-    DWORD dwError = 0;
-    PCSTR pszServerName = "localhost";
-    PCSTR pszServerEndpoint = NULL;
-    PWSTR pwszUserName = NULL;
-    PWSTR pwszPassword = NULL;
-    PWSTR pwszUPNName = NULL;
-    handle_t hBinding = NULL;
-
-    if (
-         IsNullOrEmptyString(pszUserName)
-      || IsNullOrEmptyString(pszUPNName)
-      || ( IsNullOrEmptyString(pszPassword) && !bRandKey )
-       )
-    {
-        dwError =  ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirCreateBindingHandleMachineAccountA(
-                    pszServerName,
-                    pszServerEndpoint,
-                    &hBinding
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringWFromA(
-                        pszUserName,
-                        &pwszUserName
-                        );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!bRandKey)
-    {
-       dwError = VmDirAllocateStringWFromA(
-                           pszPassword,
-                           &pwszPassword
-                           );
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringWFromA(
-                        pszUPNName,
-                        &pwszUPNName
-                        );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirCreateUser(
-                        hBinding,
-                        pwszUserName,
-                        (bRandKey ? NULL : pwszPassword),
-                        pwszUPNName,
-                        (unsigned char)bRandKey
-                        );
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pwszUserName);
-    VMDIR_SAFE_FREE_MEMORY(pwszPassword);
-    VMDIR_SAFE_FREE_MEMORY(pwszUPNName);
-    return dwError;
-error:
-
-    if (hBinding)
-    {
-        VmDirFreeBindingHandle(&hBinding);
-    }
-
-    goto cleanup;
-}
-
-DWORD
-VmDirCreateUserA(
-    PVMDIR_SERVER_CONTEXT       pServerContext,
-    PVMDIR_USER_CREATE_PARAMS_A pCreateParams
-    )
-{
-    DWORD dwError = 0;
-    PVMDIR_USER_CREATE_PARAMS_W pCreateParamsW = NULL;
-
-    if (!pServerContext)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirValidateUserCreateParamsA(pCreateParams);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateUserCreateParamsWFromA(pCreateParams, &pCreateParamsW);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateUserW(pServerContext, pCreateParamsW);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (pCreateParamsW)
-    {
-        VmDirFreeUserCreateParamsW(pCreateParamsW);
-    }
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-DWORD
-VmDirCreateUserW(
-    PVMDIR_SERVER_CONTEXT       pServerContext,
-    PVMDIR_USER_CREATE_PARAMS_W pCreateParams
-    )
-{
-    DWORD dwError = 0;
-    VMDIR_USER_CREATE_PARAMS_RPC createParams = {0};
-
-    if (!pServerContext)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirValidateUserCreateParamsW(pCreateParams);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    createParams.pwszName      = pCreateParams->pwszName;
-    createParams.pwszAccount   = pCreateParams->pwszAccount;
-    createParams.pwszFirstname = pCreateParams->pwszFirstname;
-    createParams.pwszLastname  = pCreateParams->pwszLastname;
-    createParams.pwszPassword  = pCreateParams->pwszPassword;
-    createParams.pwszUPN       = pCreateParams->pwszUPN;
-
-    VMDIR_RPC_TRY
-    {
-        dwError = RpcVmDirCreateUserEx(pServerContext->hBinding, &createParams);
-    }
-    VMDIR_RPC_CATCH
-    {
-        VMDIR_RPC_GETERROR_CODE(dwError);
-    }
-    VMDIR_RPC_ENDTRY;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-     return dwError;
-}
-
 DWORD _VmDirFindUserDN(
     LDAP *pLd,
     PCSTR pszUserUPN,
@@ -206,7 +29,7 @@ DWORD _VmDirFindUserDN(
     PSTR pszUserDN = NULL;
     PSTR pszDN = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                 &pszSearchFilter,
                 "(%s=%s)",
                 ATTR_KRB_UPN,
@@ -263,197 +86,3 @@ DWORD _VmDirFindUserDN(
     goto cleanup;
 }
 
-DWORD
-VmDirSetPassword(
-    PCSTR pszHostName,
-    PCSTR pszAdminUPN,
-    PCSTR pszAdminPassword,
-    PCSTR pszUserUPN,
-    PCSTR pszNewPassword
-    )
-{
-    DWORD       dwError = 0;
-
-    LDAP*       pLd = NULL;
-    LDAPMod     mod = {0};
-    LDAPMod*    mods[2] = {&mod, NULL};
-    PSTR        vals[2] = {(PSTR)pszNewPassword, NULL};
-    PSTR        pszUserDN = NULL;
-
-    if (IsNullOrEmptyString(pszHostName) ||
-        IsNullOrEmptyString(pszAdminUPN) ||
-        IsNullOrEmptyString(pszAdminPassword) ||
-        IsNullOrEmptyString(pszUserUPN) ||
-        IsNullOrEmptyString(pszNewPassword))
-    {
-        dwError =  ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirSafeLDAPBind(
-                &pLd,
-                pszHostName,
-                pszAdminUPN,
-                pszAdminPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirFindUserDN(
-                pLd,
-                pszUserUPN,
-                &pszUserDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    mod.mod_op = LDAP_MOD_REPLACE;
-    mod.mod_type = ATTR_USER_PASSWORD;
-    mod.mod_vals.modv_strvals = vals;
-
-    dwError = ldap_modify_ext_s(
-                            pLd,
-                            pszUserDN,
-                            mods,
-                            NULL,
-                            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszUserDN);
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-    return dwError;
-
-error:
-    VmDirLog(LDAP_DEBUG_TRACE, "VmDirSetPassword failed with error (%u)\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirChangePassword(
-    PCSTR pszHostName,
-    PCSTR pszUserUPN,
-    PCSTR pszOldPassword,
-    PCSTR pszNewPassword)
-{
-    DWORD       dwError = 0;
-
-    LDAP*       pLd = NULL;
-    LDAPMod     mod[2] = {{0}};
-    LDAPMod*    mods[3] = {&mod[0], &mod[1], NULL};
-    PSTR        vals_new[2] = {(PSTR)pszNewPassword, NULL};
-    PSTR        vals_old[2] = {(PSTR)pszOldPassword, NULL};
-    PSTR        pszUserDN = NULL;
-
-    if (IsNullOrEmptyString(pszHostName) ||
-        IsNullOrEmptyString(pszUserUPN) ||
-        IsNullOrEmptyString(pszOldPassword) ||
-        IsNullOrEmptyString(pszNewPassword))
-    {
-        dwError =  ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirSafeLDAPBind(
-                &pLd,
-                pszHostName,
-                pszUserUPN,
-                pszOldPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirFindUserDN(
-                pLd,
-                pszUserUPN,
-                &pszUserDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    mod[0].mod_op = LDAP_MOD_ADD;
-    mod[0].mod_type = ATTR_USER_PASSWORD;
-    mod[0].mod_vals.modv_strvals = vals_new;
-
-    mod[1].mod_op = LDAP_MOD_DELETE;
-    mod[1].mod_type = ATTR_USER_PASSWORD;
-    mod[1].mod_vals.modv_strvals = vals_old;
-
-    dwError = ldap_modify_ext_s(
-                            pLd,
-                            pszUserDN,
-                            mods,
-                            NULL,
-                            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszUserDN);
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-    return dwError;
-
-error:
-    VmDirLog(LDAP_DEBUG_TRACE, "VmDirChangePassword failed with error (%u)\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirCreateService(
-    PCSTR pszSvcname,          /* IN              */
-    PCSTR pszPassword,          /* IN     OPTIONAL */
-    PSTR* ppszUPN,          /*    OUT OPTIONAL */
-    PSTR* ppszPassword      /*    OUT OPTIONAL */
-    )
-{
-    DWORD dwError = 0;
-
-    BAIL_ON_VMDIR_INVALID_POINTER(pszSvcname, dwError);
-    BAIL_ON_VMDIR_INVALID_POINTER(pszPassword, dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-static
-DWORD
-VmDirValidateUserCreateParamsA(
-    PVMDIR_USER_CREATE_PARAMS_A pCreateParams
-    )
-{
-    DWORD dwError = 0;
-
-    if (!pCreateParams ||
-        IsNullOrEmptyString(pCreateParams->pszAccount) ||
-        IsNullOrEmptyString(pCreateParams->pszFirstname) ||
-        IsNullOrEmptyString(pCreateParams->pszLastname) ||
-        IsNullOrEmptyString(pCreateParams->pszPassword))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-    }
-
-    return dwError;
-}
-
-static
-DWORD
-VmDirValidateUserCreateParamsW(
-    PVMDIR_USER_CREATE_PARAMS_W pCreateParams
-    )
-{
-    DWORD dwError = 0;
-
-    if (!pCreateParams ||
-        IsNullOrEmptyString(pCreateParams->pwszAccount) ||
-        IsNullOrEmptyString(pCreateParams->pwszFirstname) ||
-        IsNullOrEmptyString(pCreateParams->pwszLastname) ||
-        IsNullOrEmptyString(pCreateParams->pwszPassword))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-    }
-
-    return dwError;
-}
-
diff --git a/lwraft/client/vmdirlocalclient.c b/lwraft/client/vmdirlocalclient.c
index 4c5099ef1..1cbb05769 100644
--- a/lwraft/client/vmdirlocalclient.c
+++ b/lwraft/client/vmdirlocalclient.c
@@ -296,6 +296,71 @@ VmDirLocalGeneratePassword(
     goto cleanup;
 }
 
+DWORD
+VmDirLocalGetSRPSecret(
+    PCSTR       pszUPN,
+    PBYTE*      ppSecretBlob,
+    DWORD*      pSize
+    )
+{
+    DWORD dwError = 0;
+    UINT32 apiType = VMDIR_IPC_GET_SRP_SECRET;
+    DWORD noOfArgsIn = 0;
+    DWORD noOfArgsOut = 0;
+    DWORD dwBlobSize = 0;
+    VMDIR_IPC_DATA_CONTAINER *pContainer = NULL;
+    VMW_TYPE_SPEC input_spec[] = GET_SRP_SECRET_INPUT_PARAMS;
+    VMW_TYPE_SPEC output_spec[] = GET_SRP_SECRET_OUTPUT_PARAMS;
+
+    noOfArgsIn = sizeof (input_spec) / sizeof (input_spec[0]);
+    noOfArgsOut = sizeof (output_spec) / sizeof (output_spec[0]);
+
+    if (IsNullOrEmptyString(pszUPN) ||
+        !ppSecretBlob || !pSize)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR (dwError);
+    }
+
+    input_spec[0].data.pString = (PSTR) pszUPN;
+
+    dwError = VmDirLocalIPCRequest(
+                    apiType,
+                    noOfArgsIn,
+                    noOfArgsOut,
+                    input_spec,
+                    output_spec);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = *(output_spec[0].data.pUint32);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwBlobSize = *(output_spec[1].data.pUint32);
+
+    dwError = VmDirUnMarshalContainer(
+                             dwBlobSize,
+                             output_spec[2].data.pByte,
+                             &pContainer);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    *ppSecretBlob = (PBYTE)pContainer->data;
+    *pSize = pContainer->dwCount;
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(pContainer);
+
+    VmDirFreeTypeSpecContent(output_spec, noOfArgsOut);
+    return dwError;
+
+error:
+
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirLocalGetSRPSecret failed (%u)",
+                     dwError );
+
+    goto cleanup;
+}
+
 DWORD
 VmDirLocalSetSRPSecret(
     PCWSTR      pwszUPN,
diff --git a/lwraft/common/Makefile.am b/lwraft/common/Makefile.am
index 67a0cda2c..7d56a835e 100644
--- a/lwraft/common/Makefile.am
+++ b/lwraft/common/Makefile.am
@@ -15,6 +15,8 @@ libcommon_la_SOURCES = \
     krbmisc.c \
     krbutil.c \
     ldapbind.c \
+    ldapcontrol.c \
+    ldaputil.c \
     linkedlist.c \
     logging.c \
     marshalutil.c \
@@ -46,19 +48,16 @@ libcommon_la_SOURCES = \
     schema/patch.c \
     schema/resolve.c \
     schema/schema.c \
-    schema/verify.c \
-    schema/legacy/legacyload.c \
-    schema/legacy/legacypatch.c \
-    schema/legacy/legacyschema.c \
-    schema/legacy/legacyschemamod.c \
-    schema/legacy/legacyutil.c
+    schema/util.c \
+    schema/verify.c
 
 libcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -DLDAP_DEPRECATED \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
diff --git a/lwraft/common/deque.c b/lwraft/common/deque.c
index 1c3b7dd54..1738016c8 100644
--- a/lwraft/common/deque.c
+++ b/lwraft/common/deque.c
@@ -247,3 +247,16 @@ dequeIsEmpty(
     return pDeque == NULL || pDeque->pHead == NULL;
 }
 
+VOID
+dequeFreeStringContents(
+    PDEQUE pDeque
+    )
+{
+    PSTR pItem = NULL;
+
+    while(!dequeIsEmpty(pDeque))
+    {
+        dequePopLeft(pDeque, (PVOID*)&pItem);
+        VMDIR_SAFE_FREE_MEMORY(pItem);
+    }
+}
diff --git a/lwraft/common/krbutil.c b/lwraft/common/krbutil.c
index d2cbeab11..803e3073a 100644
--- a/lwraft/common/krbutil.c
+++ b/lwraft/common/krbutil.c
@@ -184,23 +184,23 @@ VmDirKeyTabRead(
     PVMDIR_KEYTAB_ENTRY *ppRetData)
 {
     DWORD dwError = 0;
-    int16_t size_16;
-    int32_t size_32;
-    uint8_t size_8;
-    int entrySize;
-    int princSize;
-    int princType;
-    int nameCompCnt;
-    int kvno;
-    int keyType;
-    int keyLength;
-    int timeStamp;
+    int16_t size_16 = 0;
+    int32_t size_32 = 0;
+    uint8_t size_8 = 0;
+    int entrySize = 0;
+    int princSize = 0;
+    int princType = 0;
+    int nameCompCnt = 0;
+    int kvno = 0;
+    int keyType = 0;
+    int keyLength = 0;
+    int timeStamp = 0;
     unsigned char *key = NULL;
     char **nameComponents = NULL;
     char *realm = NULL;
     char *nameComponent = NULL;
-    ssize_t sts;
-    int i;
+    ssize_t sts = 0;
+    int i = 0;
     PVMDIR_KEYTAB_ENTRY pKtEntry = NULL;
     PVMDIR_KRBKEY pKey = NULL;
 
diff --git a/lwraft/common/ldapbind.c b/lwraft/common/ldapbind.c
index 9ccb14731..052fc0426 100644
--- a/lwraft/common/ldapbind.c
+++ b/lwraft/common/ldapbind.c
@@ -298,11 +298,25 @@ VmDirSafeLDAPBind(
     PCSTR       pszUPN,
     PCSTR       pszPassword
     )
+{
+    return VmDirSafeLDAPBindToPort(ppLd, pszHost, 0, pszUPN, pszPassword);
+}
+
+DWORD
+VmDirSafeLDAPBindToPort(
+    LDAP**      ppLd,
+    PCSTR       pszHost,
+    DWORD       dwPort,
+    PCSTR       pszUPN,
+    PCSTR       pszPassword
+    )
 {
     DWORD       dwError = 0;
 
     LDAP*       pLd = NULL;
     char        ldapURI[VMDIR_MAX_LDAP_URI_LEN + 1] = {0};
+    DWORD       dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+    DWORD       dwTmpLdapPort = 0;
 
     if (ppLd == NULL || pszHost == NULL || pszUPN == NULL || pszPassword == NULL)
     {
@@ -310,15 +324,28 @@ VmDirSafeLDAPBind(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    if (dwPort)
+    {
+        dwLdapPort = dwPort;
+    }
+    else if (VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+                VMDIR_REG_KEY_LDAP_PORT,
+                &dwTmpLdapPort,
+                DEFAULT_LDAP_PORT_NUM) == ERROR_SUCCESS)
+    {
+        dwLdapPort = dwTmpLdapPort;
+    }
+
     if ( VmDirIsIPV6AddrFormat( pszHost ) )
     {
         dwError = VmDirStringPrintFA( ldapURI, sizeof(ldapURI)-1,  "%s://[%s]:%d",
-                                      VMDIR_LDAP_PROTOCOL, pszHost, DEFAULT_LDAP_PORT_NUM);
+                                      VMDIR_LDAP_PROTOCOL, pszHost, dwLdapPort);
     }
     else
     {
         dwError = VmDirStringPrintFA( ldapURI, sizeof(ldapURI)-1,  "%s://%s:%d",
-                                      VMDIR_LDAP_PROTOCOL, pszHost, DEFAULT_LDAP_PORT_NUM);
+                                      VMDIR_LDAP_PROTOCOL, pszHost, dwLdapPort);
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -350,17 +377,30 @@ VmDirSafeLDAPBind(
  *
  * Thus, NO credentials would ever go over clear text channel.
  */
+
 DWORD
 VmDirAnonymousLDAPBind(
     LDAP**      ppLd,
     PCSTR       pszLdapURI
     )
+{
+    return VmDirAnonymousLDAPBindWithTimeout(ppLd, pszLdapURI, 0);
+}
+
+
+DWORD
+VmDirAnonymousLDAPBindWithTimeout(
+    LDAP**      ppLd,
+    PCSTR       pszLdapURI,
+    int         timeout
+    )
 {
     DWORD       dwError = 0;
     int         retVal = 0;
     const int   ldapVer = LDAP_VERSION3;
     BerValue    ldapBindPwd = {0};
     LDAP*       pLocalLd = NULL;
+    struct timeval nettimeout = {0};
 
 
     if (ppLd == NULL || pszLdapURI == NULL)
@@ -375,6 +415,13 @@ VmDirAnonymousLDAPBind(
     retVal = ldap_set_option( pLocalLd, LDAP_OPT_PROTOCOL_VERSION, &ldapVer);
     BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
+    if (timeout > 0)
+    {
+        nettimeout.tv_sec = timeout;
+        retVal = ldap_set_option( pLocalLd, LDAP_OPT_NETWORK_TIMEOUT, (void *)&nettimeout);
+        BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
+    }
+
     ldapBindPwd.bv_val = NULL;
     ldapBindPwd.bv_len = 0;
 
diff --git a/lwraft/common/ldapcontrol.c b/lwraft/common/ldapcontrol.c
new file mode 100644
index 000000000..42266a8ad
--- /dev/null
+++ b/lwraft/common/ldapcontrol.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+VOID
+VmDirFreeCtrlContent(
+    LDAPControl*    pCtrl
+    )
+{
+    if (pCtrl)
+    {
+        if (pCtrl->ldctl_value.bv_val)
+        {
+            ber_memfree(pCtrl->ldctl_value.bv_val);
+        }
+        memset(pCtrl, 0, sizeof(LDAPControl));
+    }
+}
+
+int
+VmDirCreateCondWriteCtrlContent(
+    PCSTR           pszFilter,
+    LDAPControl*    pCondWriteCtrl
+    )
+{
+    int             retVal = LDAP_SUCCESS;
+    BerElement*     pBer = NULL;
+
+    if (!pszFilter || !pCondWriteCtrl)
+    {
+        BAIL_WITH_VMDIR_ERROR(retVal, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if ((pBer = ber_alloc()) == NULL)
+    {
+        BAIL_WITH_VMDIR_ERROR(retVal, VMDIR_ERROR_NO_MEMORY);
+    }
+
+    if ( ber_printf( pBer, "{s}", pszFilter) == -1)
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s: ber_printf failed.", __FUNCTION__ );
+        BAIL_WITH_VMDIR_ERROR(retVal, VMDIR_ERROR_NO_MEMORY);
+    }
+
+    memset( pCondWriteCtrl, 0, sizeof( LDAPControl ));
+    pCondWriteCtrl->ldctl_oid = LDAP_CONTROL_CONDITIONAL_WRITE;
+    pCondWriteCtrl->ldctl_iscritical = '1';
+    if (ber_flatten2(pBer, &pCondWriteCtrl->ldctl_value, 1))
+    {
+        BAIL_WITH_VMDIR_ERROR(retVal, VMDIR_ERROR_NO_MEMORY);
+    }
+
+cleanup:
+
+    if (pBer)
+    {
+        ber_free(pBer, 1);
+    }
+    return retVal;
+
+error:
+    VmDirFreeCtrlContent(pCondWriteCtrl);
+    goto cleanup;
+}
diff --git a/lwraft/common/ldaputil.c b/lwraft/common/ldaputil.c
new file mode 100644
index 000000000..a8ce482a6
--- /dev/null
+++ b/lwraft/common/ldaputil.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+#include "includes.h"
+
+DWORD
+VmDirConvertUPNToDN(
+     LDAP*      pLd,
+     PCSTR      pszUPN,
+     PSTR*      ppszOutDN
+     )
+{
+    DWORD       dwError = 0;
+
+
+    LDAPMessage*    pEntry = NULL;
+    LDAPMessage*    pResult = NULL;
+    PSTR            pszFilter = NULL;
+    PSTR            pszEntryDN = NULL;
+    PSTR            pszOutDN = NULL;
+    int             iCount = 0;
+
+    if ( !pLd || !pszUPN || !ppszOutDN )
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+                    &pszFilter, "%s=%s",
+                    ATTR_KRB_UPN,
+                    pszUPN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                    pLd,
+                    "",
+                    LDAP_SCOPE_SUBTREE,
+                    pszFilter,
+                    NULL,
+                    FALSE, /* get values      */
+                    NULL,  /* server controls */
+                    NULL,  /* client controls */
+                    NULL,  /* timeout         */
+                    0,     /* size limit      */
+                    &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    iCount = ldap_count_entries(pLd, pResult);
+
+    // should have either 0 or 1 result
+    if (iCount > 1)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+    }
+    else if (iCount == 0)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ENTRY_NOT_FOUND);
+    }
+
+    if ( (pEntry = ldap_first_entry(pLd, pResult)) != NULL )
+    {
+        pszEntryDN = ldap_get_dn(pLd, pEntry);
+
+        dwError = VmDirAllocateStringA( pszEntryDN, &pszOutDN );
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        *ppszOutDN = pszOutDN;
+        pszOutDN = NULL;
+    }
+    else
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_ENTRY);
+    }
+
+cleanup:
+
+    ldap_memfree( pszEntryDN );
+    ldap_msgfree( pResult );
+    VMDIR_SAFE_FREE_MEMORY(pszFilter);
+    VMDIR_SAFE_FREE_MEMORY(pszOutDN);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "%s failed with error (%u)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/lwraft/common/memory.c b/lwraft/common/memory.c
index 7548db760..f867eaccb 100644
--- a/lwraft/common/memory.c
+++ b/lwraft/common/memory.c
@@ -16,13 +16,6 @@
 
 #include "includes.h"
 
-DWORD
-VmDirVsnprintf(
-    PSTR*    ppszOut,
-    PCSTR    pszFormat,
-    va_list  args
-    );
-
 DWORD
 VmDirAllocateMemory(
     size_t   dwSize,
@@ -210,46 +203,6 @@ VmDirFreeMemory(
     return;
 }
 
-DWORD
-VmDirAllocateStringAVsnprintf(
-    PSTR*   ppszOut,
-    PCSTR   pszFormat,
-    ...
-    )
-{
-    DWORD   dwError = 0;
-    BOOLEAN bVAEnd = FALSE;
-    va_list args;
-
-    if (!ppszOut || !pszFormat)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    va_start(args, pszFormat);
-    bVAEnd = TRUE;
-
-    dwError = VmDirVsnprintf(
-                ppszOut,
-                pszFormat,
-                args);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    if (bVAEnd)
-    {
-        va_end(args);
-    }
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
 DWORD
 VmDirAllocateStringOfLenA(
     PCSTR   pszSource,
diff --git a/lwraft/common/parsearguments.c b/lwraft/common/parsearguments.c
index b68ed5ce7..c4d0edffe 100644
--- a/lwraft/common/parsearguments.c
+++ b/lwraft/common/parsearguments.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -11,6 +11,7 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
+
 #include "includes.h"
 
 BOOLEAN
@@ -21,9 +22,11 @@ _VmDirIsCmdLineOption(
     return (!IsNullOrEmptyString(pszArg) && pszArg[0] == '-');
 }
 
-BOOLEAN _VmDirMatchOption(
+BOOLEAN
+_VmDirMatchOption(
     PVMDIR_COMMAND_LINE_OPTION Option,
-    PSTR pszArgument)
+    PSTR pszArgument
+    )
 {
     if (strlen(pszArgument) <= 1)
     {
@@ -52,13 +55,13 @@ BOOLEAN _VmDirMatchOption(
 
 PVMDIR_COMMAND_LINE_OPTION
 _VmDirFindOption(
-    PVMDIR_COMMAND_LINE_OPTIONS Options,
+    VMDIR_COMMAND_LINE_OPTION Options[],
     PSTR pszArgument
     )
 {
-    PVMDIR_COMMAND_LINE_OPTION Option = Options->Options;
+    PVMDIR_COMMAND_LINE_OPTION Option = Options;
 
-    while (Option->Switch != 0)
+    while (Option->Switch != 0 || Option->LongSwitch != NULL)
     {
         if (_VmDirMatchOption(Option, pszArgument))
         {
@@ -71,51 +74,63 @@ _VmDirFindOption(
     return NULL;
 }
 
-DWORD _VmDirCallArgumentCallback(
+DWORD
+_VmDirParseParameter(
     PVMDIR_COMMAND_LINE_OPTION Option,
-    PSTR Parameter,
-    PVOID pvContext)
+    PSTR Parameter
+    )
 {
     DWORD dwError = 0;
 
     switch (Option->Type)
     {
-        case CL_NO_PARAMETER:
+    case CL_NO_PARAMETER:
+    {
+        PBOOLEAN pBool = (PBOOLEAN)Option->Ptr;
+        if (*pBool)
         {
-            COMMAND_PARAMETER_CALLBACK_NO_PARAM Callback = (COMMAND_PARAMETER_CALLBACK_NO_PARAM)Option->Callback;
-            dwError = (*Callback)(pvContext);
-            break;
+            dwError = VMDIR_ERROR_INVALID_PARAMETER;
         }
+        else
+        {
+            *pBool = TRUE;
+        }
+        break;
+    }
 
-        case CL_STRING_PARAMETER:
+    case CL_STRING_PARAMETER:
+    {
+        PSTR*   ppszStr = (PSTR*)Option->Ptr;
+        if (*ppszStr)
+        {
+            dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        }
+        else
         {
-            COMMAND_PARAMETER_CALLBACK_STRING_PARAM Callback = (COMMAND_PARAMETER_CALLBACK_STRING_PARAM)Option->Callback;
-            dwError = (*Callback)(pvContext, Parameter);
-            break;
+            dwError = VmDirAllocateStringA(Parameter, ppszStr);
         }
+        break;
+    }
 
-        case CL_INTEGER_PARAMETER:
+    case CL_INTEGER_PARAMETER:
+    {
+        int* pInt = (int*)Option->Ptr;
+        if (*pInt)
+        {
+            dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        }
+        else
         {
-            COMMAND_PARAMETER_CALLBACK_INTEGER_PARAM Callback = (COMMAND_PARAMETER_CALLBACK_INTEGER_PARAM)Option->Callback;
             char *pszEndPointer;
-            int iValue = 0;
-
-            iValue = strtol(Parameter, &pszEndPointer, 10);
-            if (*pszEndPointer != '\0')
-            {
-                dwError = VMDIR_ERROR_INVALID_PARAMETER;
-            }
-            else
-            {
-                dwError = (*Callback)(pvContext, iValue);
-            }
-
-            break;
-       }
+            *pInt = strtol(Parameter, &pszEndPointer, 10);
+            dwError = *pszEndPointer == '\0' ? 0 : VMDIR_ERROR_INVALID_PARAMETER;
+        }
+        break;
+    }
 
-       default:
-       dwError = VMDIR_ERROR_INVALID_PARAMETER;
-       break;
+    default:
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        break;
     }
 
     return dwError;
@@ -123,8 +138,8 @@ DWORD _VmDirCallArgumentCallback(
 
 DWORD
 VmDirParseArguments(
-    PVMDIR_COMMAND_LINE_OPTIONS Options,
-    PVOID pvContext,
+    VMDIR_COMMAND_LINE_OPTION Options[],
+    PVMDIR_PARSE_ARG_CALLBACKS Callbacks,
     int argc,
     PSTR *argv
     )
@@ -166,7 +181,7 @@ VmDirParseArguments(
                 ++i;
             }
 
-            dwError = _VmDirCallArgumentCallback(Option, Parameter, pvContext);
+            dwError = _VmDirParseParameter(Option, Parameter);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else
@@ -179,9 +194,9 @@ VmDirParseArguments(
         }
     }
 
-    if (Options->ValidationRoutine != NULL)
+    if (Callbacks && Callbacks->ValidationRoutine)
     {
-        dwError = (*Options->ValidationRoutine)(pvContext);
+        dwError = (*Callbacks->ValidationRoutine)(Callbacks->pvContext);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -189,9 +204,9 @@ VmDirParseArguments(
     return dwError;
 
 error:
-    if (Options->ShowUsage != NULL)
+    if (Callbacks && Callbacks->ShowUsage)
     {
-        (*Options->ShowUsage)(pvContext);
+        (*Callbacks->ShowUsage)(Callbacks->pvContext);
     }
 
     goto cleanup;
diff --git a/lwraft/common/schema/compat.c b/lwraft/common/schema/compat.c
index bdf82d0d4..52f085dd1 100644
--- a/lwraft/common/schema/compat.c
+++ b/lwraft/common/schema/compat.c
@@ -14,20 +14,6 @@
 
 #include "includes.h"
 
-// both NULL || both have same string
-#define VMDIR_TWO_STRING_COMPATIBLE( pszNewString, pszOldString )                                               \
-    ( ( !pszNewString && !pszOldString )  ||                                                                    \
-      ( ( pszNewString && pszOldString ) && (VmDirStringCompareA( pszNewString, pszOldString, FALSE) == 0) )    \
-    )
-
-// e.g. single value tag from TRUE to FALSE
-#define VMDIR_TWO_BOOL_COMPATILBE_T2F( bONE, bTWO )     \
-    ( (bTWO == bONE) || ( bTWO == TRUE && bONE == FALSE ) )
-
-// e.g. obsolete tag from FALSE to TRUE
-#define VMDIR_TWO_BOOL_COMPATILBE_F2T( bONE, bTWO )     \
-    ( (bONE == bTWO) || ( bONE == TRUE && bTWO == FALSE ) )
-
 DWORD
 VmDirLdapAtAreCompat(
     PVDIR_LDAP_ATTRIBUTE_TYPE   pPrevAt,
@@ -42,18 +28,58 @@ VmDirLdapAtAreCompat(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (!VMDIR_TWO_STRING_COMPATIBLE(
-            pNewAt->pszName, pPrevAt->pszName) ||
-        !VMDIR_TWO_STRING_COMPATIBLE(
-            pNewAt->pszSyntaxOid, pPrevAt->pszSyntaxOid) ||
-        !VMDIR_TWO_BOOL_COMPATILBE_T2F(
-            pNewAt->bSingleValue, pPrevAt->bSingleValue) ||
-        pNewAt->bNoUserMod != pPrevAt->bNoUserMod ||
-        (pPrevAt->usage && pNewAt->usage != pPrevAt->usage))
+    if (VmDirStringCompareA(pPrevAt->pszName, pNewAt->pszName, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change attribute type name (current: %s, new: %s).",
+                __FUNCTION__,
+                pPrevAt->pszName,
+                pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirStringCompareA(pPrevAt->pszSyntaxOid, pNewAt->pszSyntaxOid, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change attribute type syntax (current: %s, new: %s) (name: %s).",
+                __FUNCTION__,
+                pPrevAt->pszSyntaxOid,
+                pNewAt->pszSyntaxOid,
+                pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!pPrevAt->bSingleValue && pNewAt->bSingleValue)
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot convert multi-value attribute type to single-value (name: %s).",
+                __FUNCTION__, pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pPrevAt->bNoUserMod != pNewAt->bNoUserMod)
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change attribute type user mod permission (current: %s, new: %s) (name: %s).",
+                __FUNCTION__,
+                pPrevAt->bNoUserMod ? "TRUE" : "FALSE",
+                        pNewAt->bNoUserMod ? "TRUE" : "FALSE",
+                                pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pPrevAt->usage && pPrevAt->usage != pNewAt->usage)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                "%s: cannot accept backward incompatible defn (%s).",
-                __FUNCTION__, pPrevAt->pszName);
+                "%s: cannot change attribute type usage (current: %d, new: %d) (%s).",
+                __FUNCTION__,
+                pPrevAt->usage,
+                pNewAt->usage,
+                pNewAt->pszName);
         dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
@@ -69,6 +95,8 @@ VmDirLdapOcAreCompat(
     )
 {
     DWORD   dwError = 0;
+    PSTR*   ppszRemovedMust = NULL;
+    PSTR*   ppszMinimumMay = NULL;
 
     if (!pPrevOc || !pNewOc)
     {
@@ -76,24 +104,83 @@ VmDirLdapOcAreCompat(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (!VMDIR_TWO_STRING_COMPATIBLE(
-            pNewOc->pszName, pPrevOc->pszName) ||
-        !VMDIR_TWO_STRING_COMPATIBLE(
-            pNewOc->pszSup, pPrevOc->pszSup) ||
-        !VmDirIsStrArrayIdentical(
-            pNewOc->ppszMust, pPrevOc->ppszMust) ||
-        !VmDirIsStrArraySuperSet(
-            pNewOc->ppszMay, pPrevOc->ppszMay) ||
-        pNewOc->type != pPrevOc->type)
+    if (VmDirStringCompareA(pPrevOc->pszName, pNewOc->pszName, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change object class name (current: %s, new: %s).",
+                __FUNCTION__,
+                pPrevOc->pszName,
+                pNewOc->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirStringCompareA(pPrevOc->pszSup, pNewOc->pszSup, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change object class sup (current: %s, new: %s) (name: %s).",
+                __FUNCTION__,
+                pPrevOc->pszSup,
+                pNewOc->pszSup,
+                pNewOc->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pPrevOc->type != pNewOc->type)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                "%s: cannot accept backward incompatible defn (%s).",
+                "%s: cannot change object class type (current: %d, new: %d) (name: %s).",
+                __FUNCTION__,
+                pPrevOc->type,
+                pNewOc->type,
+                pNewOc->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirIsStrArrayIdentical(pNewOc->ppszMust, pPrevOc->ppszMust))
+    {
+        if (!VmDirIsStrArraySuperSet(pNewOc->ppszMay, pPrevOc->ppszMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove maycontain attribute types (name: %s).",
+                    __FUNCTION__, pPrevOc->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else if (VmDirIsStrArraySuperSet(pPrevOc->ppszMust, pNewOc->ppszMust))
+    {
+        dwError = VmDirGetStrArrayDiffs(
+                pNewOc->ppszMust, pPrevOc->ppszMust, &ppszRemovedMust, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirMergeStrArray(
+                pPrevOc->ppszMay, ppszRemovedMust, &ppszMinimumMay);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (!VmDirIsStrArraySuperSet(pNewOc->ppszMay, ppszMinimumMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove must contain attribute types (name: %s).",
+                    __FUNCTION__, pPrevOc->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot add must contain attribute types (name: %s).",
                 __FUNCTION__, pPrevOc->pszName);
         dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
 error:
+    VmDirFreeStrArray(ppszRemovedMust);
+    VmDirFreeStrArray(ppszMinimumMay);
     return dwError;
 }
 
@@ -104,6 +191,8 @@ VmDirLdapCrAreCompat(
     )
 {
     DWORD   dwError = 0;
+    PSTR*   ppszRemovedMust = NULL;
+    PSTR*   ppszMinimumMay = NULL;
 
     if (!pPrevCr || !pNewCr)
     {
@@ -111,24 +200,68 @@ VmDirLdapCrAreCompat(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (!VMDIR_TWO_STRING_COMPATIBLE(
-            pNewCr->pszName, pPrevCr->pszName) ||
-        !VmDirIsStrArrayIdentical(
-            pNewCr->ppszMust, pPrevCr->ppszMust) ||
-        !VmDirIsStrArraySuperSet(
-            pNewCr->ppszMay, pPrevCr->ppszMay) ||
-        !VmDirIsStrArraySuperSet(
-            pNewCr->ppszAux, pPrevCr->ppszAux))
+    if (VmDirStringCompareA(pPrevCr->pszName, pNewCr->pszName, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change content rule name (current: %s, new: %s).",
+                __FUNCTION__,
+                pPrevCr->pszName,
+                pNewCr->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!VmDirIsStrArraySuperSet(pNewCr->ppszAux, pPrevCr->ppszAux))
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                "%s: cannot accept backward incompatible defn (%s).",
+                "%s: cannot remove auxiliary class(es) (name: %s).",
                 __FUNCTION__, pPrevCr->pszName);
         dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
         BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirIsStrArrayIdentical(pNewCr->ppszMust, pPrevCr->ppszMust))
+    {
+        if (!VmDirIsStrArraySuperSet(pNewCr->ppszMay, pPrevCr->ppszMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove maycontain attribute (name: %s).",
+                    __FUNCTION__, pPrevCr->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else if (VmDirIsStrArraySuperSet(pPrevCr->ppszMust, pNewCr->ppszMust))
+    {
+        dwError = VmDirGetStrArrayDiffs(
+                pNewCr->ppszMust, pPrevCr->ppszMust, &ppszRemovedMust, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirMergeStrArray(
+                pPrevCr->ppszMay, ppszRemovedMust, &ppszMinimumMay);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (!VmDirIsStrArraySuperSet(pNewCr->ppszMay, ppszMinimumMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove must contain attribute (name: %s).",
+                    __FUNCTION__, pPrevCr->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot add must contain attribute (name: %s).",
+                __FUNCTION__, pPrevCr->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
 error:
+    VmDirFreeStrArray(ppszRemovedMust);
+    VmDirFreeStrArray(ppszMinimumMay);
     return dwError;
 }
 
diff --git a/lwraft/common/schema/defines.h b/lwraft/common/schema/defines.h
index c1968068a..d182e172f 100644
--- a/lwraft/common/schema/defines.h
+++ b/lwraft/common/schema/defines.h
@@ -12,10 +12,10 @@
  * under the License.
  */
 
-#define ATTRIBUTETYPS_TAG           "attributetypes:"
-#define ATTRIBUTETYPS_TAG_LEN       sizeof(ATTRIBUTETYPS_TAG) - 1
+#define ATTRIBUTETYPES_TAG          "attributetypes:"
+#define ATTRIBUTETYPES_TAG_LEN      sizeof(ATTRIBUTETYPES_TAG) - 1
 #define IS_ATTRIBUTETYPES_TAG(tag)  \
-    (VmDirStringNCompareA(tag, ATTRIBUTETYPS_TAG,  ATTRIBUTETYPS_TAG_LEN, FALSE) == 0)
+    (VmDirStringNCompareA(tag, ATTRIBUTETYPES_TAG,  ATTRIBUTETYPES_TAG_LEN, FALSE) == 0)
 
 #define OBJECTCLASSES_TAG           "objectclasses:"
 #define OBJECTCLASSES_TAG_LEN       sizeof(OBJECTCLASSES_TAG) - 1
@@ -36,3 +36,10 @@
 #define NAMEFORM_TAG_LEN            sizeof(NAMEFORM_TAG) - 1
 #define IS_NAMEFORM_TAG(tag)        \
     (VmDirStringNCompareA(tag, NAMEFORM_TAG, NAMEFORM_TAG_LEN, FALSE) == 0)
+
+#define ATTRIBUTEINDICES_TAG        "attributeindices:"
+#define ATTRIBUTEINDICES_TAG_LEN    sizeof(ATTRIBUTEINDICES_TAG) - 1
+#define IS_ATTRIBUTEINDICES_TAG(tag)    \
+    (VmDirStringNCompareA(tag, ATTRIBUTEINDICES_TAG,  ATTRIBUTEINDICES_TAG_LEN, FALSE) == 0)
+
+#define VMDIR_DEFAULT_SCHEMA_FILE   "postschema.ldif"
diff --git a/lwraft/common/schema/diff.c b/lwraft/common/schema/diff.c
index e6a8d314a..8744fdb67 100644
--- a/lwraft/common/schema/diff.c
+++ b/lwraft/common/schema/diff.c
@@ -303,6 +303,7 @@ VmDirLdapOcGetDiff(
 {
     DWORD   dwError = 0;
     PSTR*   ppszNewMay = NULL;
+    PSTR*   ppszRemovedMust = NULL;
     PVDIR_LDAP_SCHEMA_OBJECT_DIFF   pOcDiff = NULL;
 
     static PSTR ppszClassType[3] = { "1", "2", "3" };
@@ -376,13 +377,25 @@ VmDirLdapOcGetDiff(
                 &ppszNewMay, NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirGetStrArrayDiffs(
+                pOldOc->ppszMust, pNewOc->ppszMust,
+                NULL, &ppszRemovedMust);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         if (ppszNewMay)
         {
             dwError = _LdapSchemaObjectDiffAddMod(pOcDiff, MOD_OP_ADD,
                     ATTR_SYSTEMMAYCONTAIN,
                     NULL, ppszNewMay);
             BAIL_ON_VMDIR_ERROR(dwError);
-            VmDirFreeStrArray(ppszNewMay);
+        }
+
+        if (ppszRemovedMust)
+        {
+            dwError = _LdapSchemaObjectDiffAddMod(pOcDiff, MOD_OP_DELETE,
+                    ATTR_SYSTEMMUSTCONTAIN,
+                    NULL, ppszRemovedMust);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
 
         if (pNewOc->pszDesc)
@@ -414,10 +427,11 @@ VmDirLdapOcGetDiff(
     *ppOcDiff = pOcDiff;
 
 cleanup:
+    VmDirFreeStrArray(ppszNewMay);
+    VmDirFreeStrArray(ppszRemovedMust);
     return dwError;
 
 error:
-    VmDirFreeStrArray(ppszNewMay);
     VmDirFreeLdapSchemaObjectDiff(pOcDiff);
     goto cleanup;
 
@@ -434,6 +448,7 @@ VmDirLdapCrGetDiff(
     DWORD   dwError = 0;
     PSTR*   ppszNewMay = NULL;
     PSTR*   ppszNewAux = NULL;
+    PSTR*   ppszRemovedMust = NULL;
     PVDIR_LDAP_SCHEMA_OBJECT_DIFF   pCrDiff = NULL;
 
     if (!pNewCr || !ppCrDiff)
@@ -492,13 +507,17 @@ VmDirLdapCrGetDiff(
                 &ppszNewAux, NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirGetStrArrayDiffs(
+                pOldCr->ppszMust, pNewCr->ppszMust,
+                NULL, &ppszRemovedMust);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         if (ppszNewMay)
         {
             dwError = _LdapSchemaObjectDiffAddMod(pCrDiff, MOD_OP_ADD,
                     ATTR_MAYCONTAIN,
                     NULL, ppszNewMay);
             BAIL_ON_VMDIR_ERROR(dwError);
-            VmDirFreeStrArray(ppszNewMay);
         }
 
         if (ppszNewAux)
@@ -507,7 +526,14 @@ VmDirLdapCrGetDiff(
                     ATTR_AUXILIARY_CLASS,
                     NULL, ppszNewAux);
             BAIL_ON_VMDIR_ERROR(dwError);
-            VmDirFreeStrArray(ppszNewAux);
+        }
+
+        if (ppszRemovedMust)
+        {
+            dwError = _LdapSchemaObjectDiffAddMod(pCrDiff, MOD_OP_DELETE,
+                    ATTR_MUSTCONTAIN,
+                    NULL, ppszRemovedMust);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
@@ -520,11 +546,12 @@ VmDirLdapCrGetDiff(
     *ppCrDiff = pCrDiff;
 
 cleanup:
+    VmDirFreeStrArray(ppszNewMay);
+    VmDirFreeStrArray(ppszNewAux);
+    VmDirFreeStrArray(ppszRemovedMust);
     return dwError;
 
 error:
-    VmDirFreeStrArray(ppszNewMay);
-    VmDirFreeStrArray(ppszNewAux);
     VmDirFreeLdapSchemaObjectDiff(pOcDiff ? NULL : pCrDiff);
     goto cleanup;
 }
@@ -684,18 +711,9 @@ _GetAllContentRuleDiffs(
 
         if (pCrDiff && !pOcDiff)
         {
-            if (pOldCr)
-            {
-                dwError = VmDirLinkedListInsertTail(
-                        pSchemaDiff->classToModify, pCrDiff, NULL);
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-            else
-            {
-                dwError = VmDirLinkedListInsertTail(
-                        pSchemaDiff->classToAdd, pCrDiff, NULL);
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
+            dwError = VmDirLinkedListInsertTail(
+                    pSchemaDiff->classToModify, pCrDiff, NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
diff --git a/lwraft/common/schema/file.c b/lwraft/common/schema/file.c
index 67c98badf..8ba03ba68 100644
--- a/lwraft/common/schema/file.c
+++ b/lwraft/common/schema/file.c
@@ -59,17 +59,21 @@ _VmDirReadOneDefFromFile(
         }
         else
         {
-            VmdDirNormalizeString(pDescBuf);
-            dwError = VmDirAllocateStringA(pDescBuf, &pOut);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirStringListAdd(pStrList, pOut);
-            BAIL_ON_VMDIR_ERROR(dwError);
-            pOut = NULL;
             break;
         }
     }
 
+    if (pDescBuf[0] != '\0')
+    {
+        VmdDirNormalizeString(pDescBuf);
+        dwError = VmDirAllocateStringA(pDescBuf, &pOut);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirStringListAdd(pStrList, pOut);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pOut = NULL;
+    }
+
 cleanup:
     return dwError;
 
@@ -88,20 +92,19 @@ VmDirGetDefaultSchemaFile(
 #ifdef _WIN32
     PSTR    pszCfgPath = NULL;
 #else
-    PCSTR   pszLinuxFile = LWRAFT_CONFIG_DIR "/lwraftschema.ldif";
+    PCSTR   pszLinuxFile = LWRAFT_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR VMDIR_DEFAULT_SCHEMA_FILE ;
 #endif
 
-    if ( ppszSchemaFile==NULL)
+    if (!ppszSchemaFile)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
 #ifdef _WIN32
     dwError = VmDirGetCfgPath(&pszCfgPath);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringPrintf(&pszSchemaFile,"%s\\lwraftschema.ldif", pszCfgPath);
+    dwError = VmDirAllocateStringPrintf(&pszSchemaFile,"%s\\%s", pszCfgPath, VMDIR_DEFAULT_SCHEMA_FILE);
     BAIL_ON_VMDIR_ERROR(dwError);
 #else
     dwError = VmDirAllocateStringA(pszLinuxFile, &pszSchemaFile);
@@ -126,13 +129,15 @@ VmDirGetDefaultSchemaFile(
  *  attributetypes
  *  objectclasses
  *  ditcontentrules
+ *  attributeindices
  */
 DWORD
 VmDirReadSchemaFile(
     PCSTR               pszSchemaFilePath,
     PVMDIR_STRING_LIST* ppAtStrList,
     PVMDIR_STRING_LIST* ppOcStrList,
-    PVMDIR_STRING_LIST* ppCrStrList
+    PVMDIR_STRING_LIST* ppCrStrList,
+    PVMDIR_STRING_LIST* ppIdxStrList
     )
 {
     DWORD dwError = 0;
@@ -142,11 +147,11 @@ VmDirReadSchemaFile(
     PVMDIR_STRING_LIST  pAtStrList = NULL;
     PVMDIR_STRING_LIST  pOcStrList = NULL;
     PVMDIR_STRING_LIST  pCrStrList = NULL;
+    PVMDIR_STRING_LIST  pIdxStrList = NULL;
 
-    if (!pszSchemaFilePath || !ppAtStrList || !ppOcStrList || !ppCrStrList)
+    if (!pszSchemaFilePath || !ppAtStrList || !ppOcStrList || !ppCrStrList || !ppIdxStrList)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirStringListInitialize(&pAtStrList, 2048);
@@ -158,6 +163,9 @@ VmDirReadSchemaFile(
     dwError = VmDirStringListInitialize(&pCrStrList, 512);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirStringListInitialize(&pIdxStrList, 16);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 #ifndef _WIN32
     fp = fopen(pszSchemaFilePath, "r");
 #else
@@ -201,6 +209,11 @@ VmDirReadSchemaFile(
             dwError = _VmDirReadOneDefFromFile(fp, pCrStrList);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
+        else if (IS_ATTRIBUTEINDICES_TAG(pbuf))
+        {
+            dwError = _VmDirReadOneDefFromFile(fp, pIdxStrList);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
         else
         {
             continue;
@@ -210,6 +223,7 @@ VmDirReadSchemaFile(
     *ppAtStrList = pAtStrList;
     *ppOcStrList = pOcStrList;
     *ppCrStrList = pCrStrList;
+    *ppIdxStrList = pIdxStrList;
 
 cleanup:
     if (fp)
@@ -222,5 +236,6 @@ VmDirReadSchemaFile(
     VmDirStringListFree(pAtStrList);
     VmDirStringListFree(pOcStrList);
     VmDirStringListFree(pCrStrList);
+    VmDirStringListFree(pIdxStrList);
     goto cleanup;
 }
diff --git a/lwraft/common/schema/legacy/includes.h b/lwraft/common/schema/legacy/includes.h
deleted file mode 100644
index 6ebad69a7..000000000
--- a/lwraft/common/schema/legacy/includes.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef _WIN32
-
-#include <config.h>
-#include <vmdirsys.h>
-
-#else
-
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-#include <windows.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <assert.h>
-#include <errno.h>
-#include <tchar.h>
-
-#endif
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-
-#include "prototypes.h"
diff --git a/lwraft/common/schema/legacy/legacyload.c b/lwraft/common/schema/legacy/legacyload.c
deleted file mode 100644
index 3f6fec4eb..000000000
--- a/lwraft/common/schema/legacy/legacyload.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirLegacySchemaLoadRemoteSchema(
-    PVDIR_LEGACY_SCHEMA pLegacySchema,
-    LDAP*               pLd
-    )
-{
-    DWORD           dwError = 0;
-    int             i = 0;
-    LDAPMessage*    pResult = NULL;
-    LDAPMessage*    pEntry = NULL;
-    struct berval** ppValues = NULL;
-
-    PSTR    pszDef = NULL;
-    PSTR    pszFixedDef = NULL;
-    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt = NULL;
-    PVDIR_LDAP_OBJECT_CLASS     pOc = NULL;
-    PVDIR_LDAP_CONTENT_RULE     pCr = NULL;
-
-    dwError = VmDirLdapSearchSubSchemaSubEntry(pLd, &pResult, &pEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    ppValues = ldap_get_values_len(pLd, pEntry, ATTR_ATTRIBUTETYPES);
-    dwError = ppValues ? 0 : ERROR_INVALID_DATA;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < ldap_count_values_len(ppValues); i++)
-    {
-        dwError = VmDirAllocateStringA(ppValues[i]->bv_val, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszFixedDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapAtParseStr(pszFixedDef, &pAt);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        VMDIR_SAFE_FREE_MEMORY(pszFixedDef);
-
-        dwError = LwRtlHashMapInsert(pLegacySchema->pAtDefStrMap,
-                pAt->pszName, pszDef, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pszDef = NULL;
-
-        dwError = VmDirLdapSchemaAddAt(pLegacySchema->pSchema, pAt);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pAt = NULL;
-    }
-    ldap_value_free_len(ppValues);
-    ppValues = NULL;
-
-    ppValues = ldap_get_values_len(pLd, pEntry, ATTR_OBJECTCLASSES);
-    dwError = ppValues ? 0 : ERROR_INVALID_DATA;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < ldap_count_values_len(ppValues); i++)
-    {
-        dwError = VmDirAllocateStringA(ppValues[i]->bv_val, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszFixedDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapOcParseStr(pszFixedDef, &pOc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        VMDIR_SAFE_FREE_MEMORY(pszFixedDef);
-
-        dwError = LwRtlHashMapInsert(pLegacySchema->pOcDefStrMap,
-                pOc->pszName, pszDef, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pszDef = NULL;
-
-        dwError = VmDirLdapSchemaAddOc(pLegacySchema->pSchema, pOc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pOc = NULL;
-    }
-    ldap_value_free_len(ppValues);
-    ppValues = NULL;
-
-    ppValues = ldap_get_values_len(pLd, pEntry, ATTR_DITCONTENTRULES);
-    dwError = ppValues ? 0 : ERROR_INVALID_DATA;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < ldap_count_values_len(ppValues); i++)
-    {
-        dwError = VmDirAllocateStringA(ppValues[i]->bv_val, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszFixedDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapCrParseStr(pszFixedDef, &pCr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        VMDIR_SAFE_FREE_MEMORY(pszFixedDef);
-
-        dwError = LwRtlHashMapInsert(pLegacySchema->pCrDefStrMap,
-                pCr->pszName, pszDef, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pszDef = NULL;
-
-        dwError = VmDirLdapSchemaAddCr(pLegacySchema->pSchema, pCr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pCr = NULL;
-    }
-    ldap_value_free_len(ppValues);
-    ppValues = NULL;
-
-    dwError = VmDirLdapSchemaResolveAndVerifyAll(pLegacySchema->pSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    if (ppValues)
-    {
-        ldap_value_free_len(ppValues);
-        ppValues = NULL;
-    }
-    VmDirFreeLdapAt(pAt);
-    VmDirFreeLdapOc(pOc);
-    VmDirFreeLdapCr(pCr);
-    VMDIR_SAFE_FREE_MEMORY(pszDef);
-    VMDIR_SAFE_FREE_MEMORY(pszFixedDef);
-    goto cleanup;
-}
diff --git a/lwraft/common/schema/legacy/legacypatch.c b/lwraft/common/schema/legacy/legacypatch.c
deleted file mode 100644
index e17cda833..000000000
--- a/lwraft/common/schema/legacy/legacypatch.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirPatchRemoteSubSchemaSubEntry(
-    LDAP*               pLd,
-    PVDIR_LDAP_SCHEMA   pNewSchema
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_LEGACY_SCHEMA pLegacySchema = NULL;
-    PVDIR_LDAP_SCHEMA   pMergedSchema = NULL;
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod = NULL;
-
-    if (!pLd || !pNewSchema)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirLegacySchemaInit(&pLegacySchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaLoadRemoteSchema(pLegacySchema, pLd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaMerge(
-            pLegacySchema->pSchema, pNewSchema, &pMergedSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaModInit(&pLegacySchemaMod);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaModPopulate(
-            pLegacySchemaMod, pLegacySchema, pMergedSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapModifySubSchemaSubEntry(pLd, pLegacySchemaMod);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VmDirFreeLegacySchema(pLegacySchema);
-    VmDirFreeLdapSchema(pMergedSchema);
-    VmDirFreeLegacySchemaMod(pLegacySchemaMod);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
diff --git a/lwraft/common/schema/legacy/legacyschema.c b/lwraft/common/schema/legacy/legacyschema.c
deleted file mode 100644
index 0ca5f8f61..000000000
--- a/lwraft/common/schema/legacy/legacyschema.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirLegacySchemaInit(
-    PVDIR_LEGACY_SCHEMA*    ppLegacySchema
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_LEGACY_SCHEMA pLegacySchema = NULL;
-
-    if (!ppLegacySchema)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VDIR_LEGACY_SCHEMA),
-            (PVOID*)&pLegacySchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = LwRtlCreateHashMap(&pLegacySchema->pAtDefStrMap,
-            LwRtlHashDigestPstrCaseless,
-            LwRtlHashEqualPstrCaseless,
-            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = LwRtlCreateHashMap(&pLegacySchema->pOcDefStrMap,
-            LwRtlHashDigestPstrCaseless,
-            LwRtlHashEqualPstrCaseless,
-            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = LwRtlCreateHashMap(&pLegacySchema->pCrDefStrMap,
-            LwRtlHashDigestPstrCaseless,
-            LwRtlHashEqualPstrCaseless,
-            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaInit(&pLegacySchema->pSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppLegacySchema = pLegacySchema;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeLegacySchema(pLegacySchema);
-    goto cleanup;
-}
-
-static
-VOID
-_FreeDefStrMapPair(
-    PLW_HASHMAP_PAIR    pPair,
-    PVOID               pUnused
-    )
-{
-    if (pPair)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pPair->pValue);
-    }
-}
-
-VOID
-VmDirFreeLegacySchema(
-    PVDIR_LEGACY_SCHEMA pLegacySchema
-    )
-{
-    if (pLegacySchema)
-    {
-        if (pLegacySchema->pAtDefStrMap)
-        {
-            LwRtlHashMapClear(pLegacySchema->pAtDefStrMap, _FreeDefStrMapPair, NULL);
-            LwRtlFreeHashMap(&pLegacySchema->pAtDefStrMap);
-        }
-
-        if (pLegacySchema->pOcDefStrMap)
-        {
-            LwRtlHashMapClear(pLegacySchema->pOcDefStrMap, _FreeDefStrMapPair, NULL);
-            LwRtlFreeHashMap(&pLegacySchema->pOcDefStrMap);
-        }
-
-        if (pLegacySchema->pCrDefStrMap)
-        {
-            LwRtlHashMapClear(pLegacySchema->pCrDefStrMap, _FreeDefStrMapPair, NULL);
-            LwRtlFreeHashMap(&pLegacySchema->pCrDefStrMap);
-        }
-
-        if (pLegacySchema->pSchema)
-        {
-            VmDirFreeLdapSchema(pLegacySchema->pSchema);
-        }
-
-        VMDIR_SAFE_FREE_MEMORY(pLegacySchema);
-    }
-}
diff --git a/lwraft/common/schema/legacy/legacyschemamod.c b/lwraft/common/schema/legacy/legacyschemamod.c
deleted file mode 100644
index c65bd1b4e..000000000
--- a/lwraft/common/schema/legacy/legacyschemamod.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirLegacySchemaModInit(
-    PVDIR_LEGACY_SCHEMA_MOD*    ppLegacySchemaMod
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod = NULL;
-
-    if (!ppLegacySchemaMod)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VDIR_LEGACY_SCHEMA_MOD),
-            (PVOID*)&pLegacySchemaMod);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringListInitialize(&pLegacySchemaMod->pDelAt, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringListInitialize(&pLegacySchemaMod->pAddAt, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringListInitialize(&pLegacySchemaMod->pDelOc, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringListInitialize(&pLegacySchemaMod->pAddOc, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringListInitialize(&pLegacySchemaMod->pDelCr, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringListInitialize(&pLegacySchemaMod->pAddCr, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppLegacySchemaMod = pLegacySchemaMod;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeLegacySchemaMod(pLegacySchemaMod);
-    goto cleanup;
-}
-
-DWORD
-VmDirLegacySchemaModPopulate(
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod,
-    PVDIR_LEGACY_SCHEMA     pLegacySchema,
-    PVDIR_LDAP_SCHEMA       pNewSchema
-    )
-{
-    DWORD   dwError = 0;
-    LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
-    LW_HASHMAP_PAIR pair = {NULL, NULL};
-    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt = NULL;
-    PVDIR_LDAP_OBJECT_CLASS     pOc = NULL;
-    PVDIR_LDAP_OBJECT_CLASS     pOrgOc = NULL;
-    PVDIR_LDAP_CONTENT_RULE     pCr = NULL;
-    PSTR    pszOrgStr = NULL;
-    PSTR    pszNewStr = NULL;
-    PSTR*   ppszOcSup = NULL;
-
-    while (LwRtlHashMapIterate(pNewSchema->attributeTypes, &iter, &pair))
-    {
-        pAt = (PVDIR_LDAP_ATTRIBUTE_TYPE)pair.pValue;
-
-        if (VmDirIsMultiNameAttribute(pAt->pszName))
-        {
-            continue;
-        }
-
-        dwError = VmDirLdapAtToStr(pAt, &pszNewStr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (LwRtlHashMapFindKey(pLegacySchema->pAtDefStrMap,
-                (PVOID*)&pszOrgStr, pAt->pszName))
-        {
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pAddAt, pszNewStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else if (VmDirStringCompareA(pszOrgStr, pszNewStr, TRUE))
-        {
-            dwError = VmDirAllocateStringA(pszOrgStr, &pszOrgStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pDelAt, pszOrgStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pAddAt, pszNewStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else
-        {
-            VMDIR_SAFE_FREE_MEMORY(pszNewStr);
-        }
-    }
-
-    LwRtlHashMapResetIter(&iter);
-    while (LwRtlHashMapIterate(pNewSchema->objectClasses, &iter, &pair))
-    {
-        pOc = (PVDIR_LDAP_OBJECT_CLASS)pair.pValue;
-
-        dwError = VmDirLdapOcToStr(pOc, &pszNewStr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (LwRtlHashMapFindKey(pLegacySchema->pOcDefStrMap,
-                (PVOID*)&pszOrgStr, pOc->pszName))
-        {
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pAddOc, pszNewStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else
-        {
-            // 6.x object classes have inconsistent default sup value
-            // (some have 'top' and other leave it blank)
-            // Make sure to leave sup value blank if it's blank in 6.x
-            dwError = VmDirLdapOcParseStr(pszOrgStr, &pOrgOc);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            if (!pOrgOc->pszSup)
-            {
-                VMDIR_SAFE_FREE_MEMORY(pszNewStr);
-
-                ppszOcSup = pOc->pSource->oc_sup_oids;
-                pOc->pSource->oc_sup_oids = NULL;
-
-                dwError = VmDirLdapOcToStr(pOc, &pszNewStr);
-                BAIL_ON_VMDIR_ERROR(dwError);
-
-                pOc->pSource->oc_sup_oids = ppszOcSup;
-                ppszOcSup = NULL;
-            }
-            VmDirFreeLdapOc(pOrgOc);
-            pOrgOc = NULL;
-
-            if (VmDirStringCompareA(pszOrgStr, pszNewStr, TRUE))
-            {
-                dwError = VmDirAllocateStringA(pszOrgStr, &pszOrgStr);
-                BAIL_ON_VMDIR_ERROR(dwError);
-
-                dwError = VmDirStringListAdd(pLegacySchemaMod->pDelOc, pszOrgStr);
-                BAIL_ON_VMDIR_ERROR(dwError);
-
-                dwError = VmDirStringListAdd(pLegacySchemaMod->pAddOc, pszNewStr);
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-            else
-            {
-                VMDIR_SAFE_FREE_MEMORY(pszNewStr);
-            }
-        }
-    }
-
-    LwRtlHashMapResetIter(&iter);
-    while (LwRtlHashMapIterate(pNewSchema->contentRules, &iter, &pair))
-    {
-        pCr = (PVDIR_LDAP_CONTENT_RULE)pair.pValue;
-
-        dwError = VmDirLdapCrToStr(pCr, &pszNewStr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (LwRtlHashMapFindKey(pLegacySchema->pCrDefStrMap,
-                (PVOID*)&pszOrgStr, pCr->pszName))
-        {
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pAddCr, pszNewStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else if (VmDirStringCompareA(pszOrgStr, pszNewStr, TRUE))
-        {
-            dwError = VmDirAllocateStringA(pszOrgStr, &pszOrgStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pDelCr, pszOrgStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirStringListAdd(pLegacySchemaMod->pAddCr, pszNewStr);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else
-        {
-            VMDIR_SAFE_FREE_MEMORY(pszNewStr);
-        }
-    }
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeLdapOc(pOrgOc);
-    goto cleanup;
-}
-
-VOID
-VmDirFreeLegacySchemaMod(
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod
-    )
-{
-    if (pLegacySchemaMod)
-    {
-        VmDirStringListFree(pLegacySchemaMod->pDelAt);
-        VmDirStringListFree(pLegacySchemaMod->pAddAt);
-        VmDirStringListFree(pLegacySchemaMod->pDelOc);
-        VmDirStringListFree(pLegacySchemaMod->pAddOc);
-        VmDirStringListFree(pLegacySchemaMod->pDelCr);
-        VmDirStringListFree(pLegacySchemaMod->pAddCr);
-        VMDIR_SAFE_FREE_MEMORY(pLegacySchemaMod);
-    }
-}
diff --git a/lwraft/common/schema/legacy/legacyutil.c b/lwraft/common/schema/legacy/legacyutil.c
deleted file mode 100644
index 51a00250a..000000000
--- a/lwraft/common/schema/legacy/legacyutil.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- * Copyright © 2016 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirLdapSearchSubSchemaSubEntry(
-    LDAP*           pLd,
-    LDAPMessage**   ppResult,
-    LDAPMessage**   ppEntry
-    )
-{
-    static PSTR ppszSubSchemaSubEntryAttrs[] =
-    {
-        ATTR_ATTRIBUTETYPES,
-        ATTR_OBJECTCLASSES,
-        ATTR_DITCONTENTRULES,
-        ATTR_LDAPSYNTAXES,
-        NULL
-    };
-
-    DWORD           dwError = 0;
-    PCSTR           pcszFilter = "(objectclass=*)";
-    LDAPMessage*    pResult = NULL;
-    LDAPMessage*    pEntry = NULL;
-
-    if (!ppResult)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = ldap_search_ext_s(
-                pLd,
-                SUB_SCHEMA_SUB_ENTRY_DN,
-                LDAP_SCOPE_BASE,
-                pcszFilter,
-                ppszSubSchemaSubEntryAttrs,
-                FALSE, /* get values      */
-                NULL,  /* server controls */
-                NULL,  /* client controls */
-                NULL,  /* timeout         */
-                0,     /* size limit      */
-                &pResult);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (ldap_count_entries(pLd, pResult) != 1)
-    {
-        dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pEntry = ldap_first_entry(pLd, pResult);
-
-    *ppResult = pResult;
-    *ppEntry = pEntry;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-    }
-    goto cleanup;
-}
-
-DWORD
-VmDirFixLegacySchemaDefSyntaxErr(
-    PSTR    pszDef,
-    PSTR*   ppszFixedDef
-    )
-{
-    static PCSTR    ppcszDefFixes[] =
-    {
-        "( VMWare.LKUP.attribute.27 NAME vmwLKUPLegacyIds DESC 'VMware Lookup Service - service identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )",
-        "( VMWare.LKUP.attribute.27 NAME 'vmwLKUPLegacyIds' DESC 'VMware Lookup Service - service identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )",
-        "( VMWare.STS.objectclass.25 NAME 'vmwExternalIdpUser' DESC 'VMWare external idp user' AUXILIARY MUST ( vmwSTSEntityId vmwSTSExternalIdpUserId ) )",
-        "( VMWare.STS.objectclass.25 NAME 'vmwExternalIdpUser' DESC 'VMWare external idp user' AUXILIARY MUST ( vmwSTSEntityId $ vmwSTSExternalIdpUserId ) )",
-        NULL
-    };
-
-    DWORD   dwError = 0;
-    DWORD   i = 0;
-    PSTR    pszFixedDef = NULL;
-
-    for (i = 0; ppcszDefFixes[i]; i += 2)
-    {
-        if (VmDirStringCompareA(pszDef, ppcszDefFixes[i], FALSE) == 0)
-        {
-            dwError = VmDirAllocateStringA(ppcszDefFixes[i+1], &pszFixedDef);
-            BAIL_ON_VMDIR_ERROR(dwError);
-            break;
-        }
-    }
-
-    if (!pszFixedDef)
-    {
-        dwError = VmDirAllocateStringA(pszDef, &pszFixedDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszFixedDef = pszFixedDef;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_MEMORY(pszFixedDef);
-    goto cleanup;
-}
-
-BOOLEAN
-VmDirIsMultiNameAttribute(
-    PSTR    pszName
-    )
-{
-    static PCSTR    ppcszMultiNameAttrs[] =
-    {
-        "emailAddress",
-        "email",
-        "pkcs9email",
-        "aliasedEntryName",
-        "aliasedObjectName",
-        NULL
-    };
-
-    DWORD   i = 0;
-
-    assert(pszName);
-    for (i = 0; ppcszMultiNameAttrs[i]; i++)
-    {
-        if (VmDirStringCompareA(pszName, ppcszMultiNameAttrs[i], FALSE) == 0)
-        {
-            return TRUE;
-        }
-    }
-    return FALSE;
-}
-
-DWORD
-VmDirLdapModifySubSchemaSubEntry(
-    LDAP*                   pLd,
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod
-    )
-{
-    DWORD   dwError = 0;
-    int     i = 0;
-    LDAPMod*    mods[7] = {0};
-    LDAPMod     modAtDel = {0};
-    LDAPMod     modAtAdd = {0};
-    LDAPMod     modOcDel = {0};
-    LDAPMod     modOcAdd = {0};
-    LDAPMod     modCrDel = {0};
-    LDAPMod     modCrAdd = {0};
-
-    if (pLegacySchemaMod->pDelAt->dwCount > 0)
-    {
-        modAtDel.mod_op = LDAP_MOD_DELETE;
-        modAtDel.mod_type = (PSTR)ATTR_ATTRIBUTETYPES;
-        modAtDel.mod_vals.modv_strvals =
-                (PSTR*)pLegacySchemaMod->pDelAt->pStringList;
-        mods[i++] = &modAtDel;
-    }
-
-    if (pLegacySchemaMod->pAddAt->dwCount > 0)
-    {
-        modAtAdd.mod_op = LDAP_MOD_ADD;
-        modAtAdd.mod_type = (PSTR)ATTR_ATTRIBUTETYPES;
-        modAtAdd.mod_vals.modv_strvals =
-                (PSTR*)pLegacySchemaMod->pAddAt->pStringList;
-        mods[i++] = &modAtAdd;
-    }
-
-    if (pLegacySchemaMod->pDelOc->dwCount > 0)
-    {
-        modOcDel.mod_op = LDAP_MOD_DELETE;
-        modOcDel.mod_type = (PSTR)ATTR_OBJECTCLASSES;
-        modOcDel.mod_vals.modv_strvals =
-                (PSTR*)pLegacySchemaMod->pDelOc->pStringList;
-        mods[i++] = &modOcDel;
-    }
-
-    if (pLegacySchemaMod->pAddOc->dwCount > 0)
-    {
-        modOcAdd.mod_op = LDAP_MOD_ADD;
-        modOcAdd.mod_type = (PSTR)ATTR_OBJECTCLASSES;
-        modOcAdd.mod_vals.modv_strvals =
-                (PSTR*)pLegacySchemaMod->pAddOc->pStringList;
-        mods[i++] = &modOcAdd;
-    }
-
-    if (pLegacySchemaMod->pDelCr->dwCount > 0)
-    {
-        modCrDel.mod_op = LDAP_MOD_DELETE;
-        modCrDel.mod_type = (PSTR)ATTR_DITCONTENTRULES;
-        modCrDel.mod_vals.modv_strvals =
-                (PSTR*)pLegacySchemaMod->pDelCr->pStringList;
-        mods[i++] = &modCrDel;
-    }
-
-    if (pLegacySchemaMod->pAddCr->dwCount > 0)
-    {
-        modCrAdd.mod_op = LDAP_MOD_ADD;
-        modCrAdd.mod_type = (PSTR)ATTR_DITCONTENTRULES;
-        modCrAdd.mod_vals.modv_strvals =
-                (PSTR*)pLegacySchemaMod->pAddCr->pStringList;
-        mods[i++] = &modCrAdd;
-    }
-
-    if (i > 0)
-    {
-        dwError = ldap_modify_ext_s(
-                pLd,
-                SUB_SCHEMA_SUB_ENTRY_DN,
-                mods,
-                NULL,
-                NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-                    "%s Updated 6.x partner schema",
-                    __FUNCTION__ );
-    }
-    else
-    {
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-                    "%s 6.x partner schema is up-to-date",
-                    __FUNCTION__ );
-    }
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
diff --git a/lwraft/common/schema/legacy/prototypes.h b/lwraft/common/schema/legacy/prototypes.h
deleted file mode 100644
index d5cee8dc7..000000000
--- a/lwraft/common/schema/legacy/prototypes.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright © 2016 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-// legacyutil.c
-BOOLEAN
-VmDirIsMultiNameAttribute(
-    PSTR    pszName
-    );
-
-DWORD
-VmDirLdapModifySubSchemaSubEntry(
-    LDAP*                   pLd,
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod
-    );
diff --git a/lwraft/common/schema/load.c b/lwraft/common/schema/load.c
index 818665d6c..4633958bd 100644
--- a/lwraft/common/schema/load.c
+++ b/lwraft/common/schema/load.c
@@ -19,71 +19,164 @@ VmDirLdapSchemaLoadStrLists(
     PVDIR_LDAP_SCHEMA   pSchema,
     PVMDIR_STRING_LIST  pAtStrList,
     PVMDIR_STRING_LIST  pOcStrList,
-    PVMDIR_STRING_LIST  pCrStrList
+    PVMDIR_STRING_LIST  pCrStrList,
+    PVMDIR_STRING_LIST  pIdxStrList
     )
 {
     DWORD   dwError = 0;
     DWORD   i = 0, j = 0;
+    PSTR    pszAtName = NULL;
+    BOOLEAN bEmpty = FALSE;
+    BOOLEAN bGlobalUniq = FALSE;
 
-    if (!pSchema || !pAtStrList || !pOcStrList || !pCrStrList)
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pOldAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pNewAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE*  pNewAtList = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pMergedAt = NULL;
+
+    PVDIR_LDAP_OBJECT_CLASS pOldOc = NULL;
+    PVDIR_LDAP_OBJECT_CLASS pNewOc = NULL;
+    PVDIR_LDAP_OBJECT_CLASS pMergedOc = NULL;
+
+    PVDIR_LDAP_CONTENT_RULE pOldCr = NULL;
+    PVDIR_LDAP_CONTENT_RULE pNewCr = NULL;
+    PVDIR_LDAP_CONTENT_RULE pMergedCr = NULL;
+
+    if (!pSchema || !pAtStrList || !pOcStrList || !pCrStrList || !pIdxStrList)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
+    bEmpty = VmDirLdapSchemaIsEmpty(pSchema);
+
     for (i = 0; i < pAtStrList->dwCount; i++)
     {
-        PVDIR_LDAP_ATTRIBUTE_TYPE   pAt = NULL;
-        PVDIR_LDAP_ATTRIBUTE_TYPE*  pAtList = NULL;
-
-        dwError = VmDirLdapAtParseStr(pAtStrList->pStringList[i], &pAt);
+        dwError = VmDirLdapAtParseStr(pAtStrList->pStringList[i], &pNewAt);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapAtResolveAliases(pAt, &pAtList);
+        // inherit sup syntax if available (PR 1868307)
+        if (!bEmpty)
+        {
+            (VOID)VmDirLdapAtResolveSupWithLogOpt(pSchema, pNewAt, FALSE);
+            // cast VOID because this might not succeed
+            // if sup isn't already added in pSchema
+        }
+
+        dwError = VmDirLdapAtResolveAliases(pNewAt, &pNewAtList);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        VmDirFreeLdapAt(pAt);
+        VmDirFreeLdapAt(pNewAt);
+        pNewAt = NULL;
 
-        for (j = 0; pAtList && pAtList[j]; j++)
+        for (j = 0; pNewAtList && pNewAtList[j]; j++)
         {
-            dwError = VmDirLdapSchemaAddAt(pSchema, pAtList[j]);
+            pOldAt = NULL;
+            LwRtlHashMapFindKey(
+                    pSchema->attributeTypes,
+                    (PVOID*)&pOldAt,
+                    pNewAtList[j]->pszName);
+
+            dwError = VmDirLdapAtMerge(pOldAt, pNewAtList[j], &pMergedAt);
             BAIL_ON_VMDIR_ERROR(dwError);
+
+            VmDirFreeLdapAt(pNewAtList[j]);
+            pNewAtList[j] = NULL;
+
+            dwError = VmDirLdapSchemaAddAt(pSchema, pMergedAt);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            pMergedAt = NULL;
         }
-        VMDIR_SAFE_FREE_MEMORY(pAtList);
+        VMDIR_SAFE_FREE_MEMORY(pNewAtList);
     }
 
     for (i = 0; i < pOcStrList->dwCount; i++)
     {
-        PVDIR_LDAP_OBJECT_CLASS pOc = NULL;
+        dwError = VmDirLdapOcParseStr(pOcStrList->pStringList[i], &pNewOc);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapOcParseStr(pOcStrList->pStringList[i], &pOc);
+        // class sup defaults to 'top' (PR 1853569)
+        dwError = VmDirLdapOcResolveSup(pSchema, pNewOc);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapSchemaAddOc(pSchema, pOc);
+        pOldOc = NULL;
+        LwRtlHashMapFindKey(
+                pSchema->objectClasses,
+                (PVOID*)&pOldOc,
+                pNewOc->pszName);
+
+        dwError = VmDirLdapOcMerge(pOldOc, pNewOc, &pMergedOc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        VmDirFreeLdapOc(pNewOc);
+        pNewOc = NULL;
+
+        dwError = VmDirLdapSchemaAddOc(pSchema, pMergedOc);
         BAIL_ON_VMDIR_ERROR(dwError);
+        pMergedOc = NULL;
     }
 
     for (i = 0; i < pCrStrList->dwCount; i++)
     {
-        PVDIR_LDAP_CONTENT_RULE pCr = NULL;
+        dwError = VmDirLdapCrParseStr(pCrStrList->pStringList[i], &pNewCr);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pOldCr = NULL;
+        LwRtlHashMapFindKey(
+                pSchema->contentRules,
+                (PVOID*)&pOldCr,
+                pNewCr->pszName);
+
+        dwError = VmDirLdapCrMerge(pOldCr, pNewCr, &pMergedCr);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        VmDirFreeLdapCr(pNewCr);
+        pNewCr = NULL;
+
+        dwError = VmDirLdapSchemaAddCr(pSchema, pMergedCr);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pMergedCr = NULL;
+    }
+
+    for (i = 0; i < pIdxStrList->dwCount; i++)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pszAtName);
 
-        dwError = VmDirLdapCrParseStr(pCrStrList->pStringList[i], &pCr);
+        dwError = VmDirLdapIdxParseStr(
+                pIdxStrList->pStringList[i], &pszAtName, &bGlobalUniq);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapSchemaAddCr(pSchema, pCr);
+        dwError = VmDirLdapSchemaAddIdx(pSchema, pszAtName, bGlobalUniq);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     dwError = VmDirLdapSchemaResolveAndVerifyAll(pSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirLdapSchemaRemoveNoopData(pSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAtName);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
+    for (; pNewAtList && pNewAtList[j]; j++)
+    {
+        VmDirFreeLdapAt(pNewAtList[j]);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pNewAtList);
+    VmDirFreeLdapAt(pMergedAt);
+    VmDirFreeLdapOc(pMergedOc);
+    VmDirFreeLdapCr(pMergedCr);
+    VmDirFreeLdapAt(pNewAt);
+    VmDirFreeLdapOc(pNewOc);
+    VmDirFreeLdapCr(pNewCr);
     goto cleanup;
 }
 
@@ -97,30 +190,34 @@ VmDirLdapSchemaLoadFile(
     PVMDIR_STRING_LIST  pAtStrList = NULL;
     PVMDIR_STRING_LIST  pOcStrList = NULL;
     PVMDIR_STRING_LIST  pCrStrList = NULL;
+    PVMDIR_STRING_LIST  pIdxStrList = NULL;
 
     if (!pSchema || IsNullOrEmptyString(pszSchemaFilePath))
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirReadSchemaFile(pszSchemaFilePath,
-            &pAtStrList, &pOcStrList, &pCrStrList);
+            &pAtStrList, &pOcStrList, &pCrStrList, &pIdxStrList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirLdapSchemaLoadStrLists(
-            pSchema, pAtStrList, pOcStrList, pCrStrList);
+            pSchema, pAtStrList, pOcStrList, pCrStrList, pIdxStrList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     VmDirStringListFree(pAtStrList);
     VmDirStringListFree(pOcStrList);
     VmDirStringListFree(pCrStrList);
+    VmDirStringListFree(pIdxStrList);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -142,8 +239,7 @@ VmDirLdapSchemaLoadRemoteSchema(
 
     if (!pSchema || !pLd)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = ldap_search_ext_s(pLd,
@@ -194,10 +290,7 @@ VmDirLdapSchemaLoadRemoteSchema(
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-    }
+    VDIR_SAFE_LDAP_MSGFREE(pResult);
     return dwError;
 
 error:
diff --git a/lwraft/common/schema/merge.c b/lwraft/common/schema/merge.c
index 5dac8e837..049f50120 100644
--- a/lwraft/common/schema/merge.c
+++ b/lwraft/common/schema/merge.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -26,8 +26,7 @@ VmDirLdapAtMerge(
 
     if (!ppMergedAt || !(pOldAt || pNewAt))
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (pNewAt)
@@ -43,56 +42,9 @@ VmDirLdapAtMerge(
     }
     else if (pOldAt)
     {
-        if (VmDirStringCompareA(pOldAt->pszName, pNewAt->pszName, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: name mismatch (%s) (%s).",
-                    __FUNCTION__, pOldAt->pszName, pNewAt->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (VmDirStringCompareA(
-                pOldAt->pszSyntaxOid, pNewAt->pszSyntaxOid, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s syntaxOid mismatch (%s) (%s).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->pszSyntaxOid, pNewAt->pszSyntaxOid);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldAt->usage != pNewAt->usage)
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s usage mismatch (%s) (%s).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->usage, pNewAt->usage);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldAt->bNoUserMod != pNewAt->bNoUserMod)
-        {
-            VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-                    "%s: %s noUserMod mismatch (%d) (%d).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->bNoUserMod, pNewAt->bNoUserMod);
-        }
-
-        if (pOldAt->bSingleValue != pNewAt->bSingleValue)
-        {
-            VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-                    "%s: %s singleValue mismatch (%d) (%d).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->bSingleValue, pNewAt->bSingleValue);
-
-            pMergedAt->bSingleValue = FALSE;
-            pMergedAt->pSource->at_single_value = 0;
-        }
-
-        if (pOldAt->pszDesc && !pNewAt->pszDesc)
+        // keep old description if there isn't new description
+        if (IsNullOrEmptyString(pNewAt->pszDesc) &&
+            !IsNullOrEmptyString(pOldAt->pszDesc))
         {
             dwError = VmDirAllocateStringA(
                     pOldAt->pszDesc, &pMergedAt->pszDesc);
@@ -102,12 +54,14 @@ VmDirLdapAtMerge(
             pMergedAt->pSource->at_desc = pMergedAt->pszDesc;
         }
 
+        // combine old and new search flags
         if (pOldAt->dwSearchFlags != pNewAt->dwSearchFlags)
         {
             pMergedAt->dwSearchFlags =
                     pOldAt->dwSearchFlags | pNewAt->dwSearchFlags;
         }
 
+        // combine old and new uniqueness scopes
         VmDirFreeStrArray(pMergedAt->ppszUniqueScopes);
         dwError = VmDirMergeStrArray(
                 pOldAt->ppszUniqueScopes,
@@ -185,8 +139,7 @@ VmDirLdapOcMerge(
 
     if (!ppMergedOc || !(pOldOc || pNewOc))
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (pNewOc)
@@ -202,45 +155,9 @@ VmDirLdapOcMerge(
     }
     else if (pOldOc)
     {
-        if (VmDirStringCompareA(pOldOc->pszName, pNewOc->pszName, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: name mismatch (%s) (%s).",
-                    __FUNCTION__, pOldOc->pszName, pNewOc->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (VmDirStringCompareA(pOldOc->pszSup, pNewOc->pszSup, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s sup mismatch (%s) (%s).",
-                    __FUNCTION__, pOldOc->pszName,
-                    pOldOc->pszSup, pNewOc->pszSup);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldOc->type != pNewOc->type)
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s type mismatch (%d) (%d).",
-                    __FUNCTION__, pOldOc->pszName,
-                    pOldOc->type, pNewOc->type);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (!VmDirIsStrArrayIdentical(pOldOc->ppszMust, pNewOc->ppszMust))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s must attribute list mismatch.",
-                    __FUNCTION__, pOldOc->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldOc->pszDesc && !pNewOc->pszDesc)
+        // keep old description if there isn't new description
+        if (IsNullOrEmptyString(pNewOc->pszDesc) &&
+            !IsNullOrEmptyString(pOldOc->pszDesc))
         {
             dwError = VmDirAllocateStringA(
                     pOldOc->pszDesc, &pMergedOc->pszDesc);
@@ -250,6 +167,7 @@ VmDirLdapOcMerge(
             pMergedOc->pSource->oc_desc = pMergedOc->pszDesc;
         }
 
+        // merged may = old may + new may
         VmDirFreeStrArray(pMergedOc->ppszMay);
         dwError = VmDirMergeStrArray(
                 pOldOc->ppszMay, pNewOc->ppszMay, &pMergedOc->ppszMay);
@@ -281,8 +199,7 @@ VmDirLdapCrMerge(
 
     if (!ppMergedCr || !(pOldCr || pNewCr))
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (pNewCr)
@@ -298,24 +215,7 @@ VmDirLdapCrMerge(
     }
     else if (pOldCr)
     {
-        if (VmDirStringCompareA(pOldCr->pszName, pNewCr->pszName, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: name mismatch (%s) (%s).",
-                    __FUNCTION__, pOldCr->pszName, pNewCr->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (!VmDirIsStrArrayIdentical(pOldCr->ppszMust, pNewCr->ppszMust))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s must attribute list mismatch.",
-                    __FUNCTION__, pOldCr->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
+        // merged may = old may + new may
         VmDirFreeStrArray(pMergedCr->ppszMay);
         dwError = VmDirMergeStrArray(
                 pOldCr->ppszMay, pNewCr->ppszMay, &pMergedCr->ppszMay);
@@ -324,6 +224,7 @@ VmDirLdapCrMerge(
         // for free later
         pMergedCr->pSource->cr_at_oids_may = pMergedCr->ppszMay;
 
+        // merged aux = old aux + new aux
         VmDirFreeStrArray(pMergedCr->ppszAux);
         dwError = VmDirMergeStrArray(
                 pOldCr->ppszAux, pNewCr->ppszAux, &pMergedCr->ppszAux);
@@ -356,9 +257,9 @@ VmDirLdapSchemaMerge(
     LW_HASHMAP_ITER crIter = LW_HASHMAP_ITER_INIT;
     LW_HASHMAP_PAIR pair = {NULL, NULL};
 
-    PVDIR_LDAP_ATTRIBUTE_TYPE pOldAt = NULL;
-    PVDIR_LDAP_ATTRIBUTE_TYPE pNewAt = NULL;
-    PVDIR_LDAP_ATTRIBUTE_TYPE pMergedAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pOldAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pNewAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pMergedAt = NULL;
 
     PVDIR_LDAP_OBJECT_CLASS pOldOc = NULL;
     PVDIR_LDAP_OBJECT_CLASS pNewOc = NULL;
@@ -372,8 +273,7 @@ VmDirLdapSchemaMerge(
 
     if (!pOldSchema || !pNewSchema || !ppMergedSchema)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirLdapSchemaCopy(pOldSchema, &pMergedSchema);
diff --git a/lwraft/common/schema/parse.c b/lwraft/common/schema/parse.c
index 8604144b6..7bff80741 100644
--- a/lwraft/common/schema/parse.c
+++ b/lwraft/common/schema/parse.c
@@ -28,13 +28,12 @@ VmDirLdapAtParseStr(
 
     if (!pcszStr || !ppAt)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (IS_ATTRIBUTETYPES_TAG(pcszStr))
     {
-        pcszStr += ATTRIBUTETYPS_TAG_LEN;
+        pcszStr += ATTRIBUTETYPES_TAG_LEN;
         while (isspace(*pcszStr)) pcszStr++;
     }
 
@@ -42,11 +41,14 @@ VmDirLdapAtParseStr(
 
     if (!pSource)
     {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
                 "%s: ldap_str2attributetype failed (code:%d) (err:%s) %s",
-                __FUNCTION__, iCode, ldap_scherr2str(iCode), pErr);
-        dwError = ERROR_INVALID_SCHEMA;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                __FUNCTION__,
+                iCode,
+                ldap_scherr2str(iCode),
+                pErr);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
     }
 
     dwError = VmDirLdapAtCreate(pSource, ppAt);
@@ -77,8 +79,7 @@ VmDirLdapOcParseStr(
 
     if (!pcszStr || !ppOc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (IS_OBJECTCLASSES_TAG(pcszStr))
@@ -91,11 +92,14 @@ VmDirLdapOcParseStr(
 
     if (!pSource)
     {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
                 "%s: ldap_str2objectclass failed (code:%d) (err:%s) %s",
-                __FUNCTION__, iCode, ldap_scherr2str(iCode), pErr);
-        dwError = ERROR_INVALID_SCHEMA;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                __FUNCTION__,
+                iCode,
+                ldap_scherr2str(iCode),
+                pErr);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
     }
 
     pSource->oc_kind = gVdirOpenLdapToADClassType[pSource->oc_kind];
@@ -128,8 +132,7 @@ VmDirLdapCrParseStr(
 
     if (!pcszStr || !ppCr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (IS_CONTENTRULES_TAG(pcszStr))
@@ -142,11 +145,14 @@ VmDirLdapCrParseStr(
 
     if (!pSource)
     {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
                 "%s: ldap_str2contentrule failed (code:%d) (err:%s) %s",
-                __FUNCTION__, iCode, ldap_scherr2str(iCode), pErr);
-        dwError = ERROR_INVALID_SCHEMA;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                __FUNCTION__,
+                iCode,
+                ldap_scherr2str(iCode),
+                pErr);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
     }
 
     dwError = VmDirLdapCrCreate(pSource, ppCr);
@@ -177,8 +183,7 @@ VmDirLdapSrParseStr(
 
     if (!pcszStr || !ppSr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (IS_STRUCTURERULES_TAG(pcszStr))
@@ -191,11 +196,14 @@ VmDirLdapSrParseStr(
 
     if (!pSource)
     {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
                 "%s: ldap_str2structurerule failed (code:%d) (err:%s) %s",
-                __FUNCTION__, iCode, ldap_scherr2str(iCode), pErr);
-        dwError = ERROR_INVALID_SCHEMA;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                __FUNCTION__,
+                iCode,
+                ldap_scherr2str(iCode),
+                pErr);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
     }
 
     dwError = VmDirLdapSrCreate(pSource, ppSr);
@@ -226,8 +234,7 @@ VmDirLdapNfParseStr(
 
     if (!pcszStr || !ppNf)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (IS_NAMEFORM_TAG(pcszStr))
@@ -240,11 +247,14 @@ VmDirLdapNfParseStr(
 
     if (!pSource)
     {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
                 "%s: ldap_str2nameform failed (code:%d) (err:%s) %s",
-                __FUNCTION__, iCode, ldap_scherr2str(iCode), pErr);
-        dwError = ERROR_INVALID_SCHEMA;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                __FUNCTION__,
+                iCode,
+                ldap_scherr2str(iCode),
+                pErr);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
     }
 
     dwError = VmDirLdapNfCreate(pSource, ppNf);
@@ -261,6 +271,81 @@ VmDirLdapNfParseStr(
     goto cleanup;
 }
 
+DWORD
+VmDirLdapIdxParseStr(
+    PCSTR       pcszStr,
+    PSTR*       ppszAtName,
+    PBOOLEAN    pbGlobalUniq
+    )
+{
+    DWORD   dwError = 0;
+    SIZE_T  lenName = 0;
+    PCSTR   pszName = NULL;
+    PSTR    pszNameCpy = NULL;
+    BOOLEAN bGlobalUniq = FALSE;
+    PVMDIR_STRING_LIST  pTokList = NULL;
+
+    if (IsNullOrEmptyString(pcszStr) || !ppszAtName || !pbGlobalUniq)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirStringToTokenList(pcszStr, " ", &pTokList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pTokList->dwCount < 4 || pTokList->dwCount > 5)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
+    }
+
+    if (VmDirStringCompareA("(", pTokList->pStringList[0], TRUE) ||
+        VmDirStringCompareA("NAME", pTokList->pStringList[1], TRUE) ||
+        VmDirStringCompareA(")", pTokList->pStringList[pTokList->dwCount - 1], TRUE))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
+    }
+
+    pszName = pTokList->pStringList[2];
+    lenName = VmDirStringLenA(pszName);
+
+    if (lenName < 3 || pszName[0] != '\'' || pszName[lenName - 1] != '\'')
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
+    }
+
+    dwError = VmDirAllocateStringA(pszName + 1, &pszNameCpy);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszNameCpy[lenName - 2] = '\0';
+
+    if (pTokList->dwCount == 5)
+    {
+        if (VmDirStringCompareA("GLOBALLY-UNIQUE", pTokList->pStringList[3], TRUE))
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
+        }
+        bGlobalUniq = TRUE;
+    }
+
+    *ppszAtName = pszNameCpy;
+    *pbGlobalUniq = bGlobalUniq;
+
+cleanup:
+    VmDirStringListFree(pTokList);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed to parse \"%s\" (%d)",
+            __FUNCTION__,
+            VDIR_SAFE_STRING(pcszStr),
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszNameCpy);
+    goto cleanup;
+}
+
 DWORD
 VmDirLdapAtParseLDAPEntry(
     LDAP*                       pLd,
@@ -279,8 +364,7 @@ VmDirLdapAtParseLDAPEntry(
 
     if (!pEntry || !ppAt)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -294,8 +378,7 @@ VmDirLdapAtParseLDAPEntry(
                 VmDirStringCompareA(
                         "TRUE", ppBerVals[0]->bv_val, FALSE) == 0;
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_VMW_ATTRIBUTE_USAGE);
@@ -313,8 +396,7 @@ VmDirLdapAtParseLDAPEntry(
             dwVmwAttrUsage >>= 1;
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_CN);
@@ -328,8 +410,7 @@ VmDirLdapAtParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->at_names[0]);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_ATTRIBUTE_SYNTAX);
@@ -339,8 +420,7 @@ VmDirLdapAtParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->at_syntax_oid);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_ATTRIBUTE_ID);
@@ -350,8 +430,7 @@ VmDirLdapAtParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->at_oid);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_DESCRIPTION);
@@ -361,8 +440,7 @@ VmDirLdapAtParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->at_desc);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_SEARCH_FLAGS);
@@ -370,8 +448,7 @@ VmDirLdapAtParseLDAPEntry(
     {
         dwSearchFlags = VmDirStringToIA(ppBerVals[0]->bv_val);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_UNIQUENESS_SCOPE);
@@ -393,8 +470,7 @@ VmDirLdapAtParseLDAPEntry(
             }
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     dwError = VmDirLdapAtCreate(pSource, &pAt);
@@ -413,10 +489,8 @@ VmDirLdapAtParseLDAPEntry(
     {
         ldap_attributetype_free(pSource);
     }
-    if (ppBerVals)
-    {
-        ldap_value_free_len(ppBerVals);
-    }
+    VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
+    VmDirFreeStrArray(ppszUniqueScopes);
     VmDirFreeLdapAt(pAt);
     goto cleanup;
 }
@@ -435,8 +509,7 @@ VmDirLdapOcParseLDAPEntry(
 
     if (!pEntry || !ppOc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -454,8 +527,7 @@ VmDirLdapOcParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->oc_sup_oids[0]);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_CN);
@@ -469,8 +541,7 @@ VmDirLdapOcParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->oc_names[0]);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_GOVERNSID);
@@ -480,8 +551,7 @@ VmDirLdapOcParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->oc_oid);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_DESCRIPTION);
@@ -491,8 +561,7 @@ VmDirLdapOcParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->oc_desc);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_OBJECTCLASS_CATEGORY);
@@ -500,8 +569,7 @@ VmDirLdapOcParseLDAPEntry(
     {
         pSource->oc_kind = VmDirStringToIA(ppBerVals[0]->bv_val);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_SYSTEMMUSTCONTAIN);
@@ -523,8 +591,7 @@ VmDirLdapOcParseLDAPEntry(
             }
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_SYSTEMMAYCONTAIN);
@@ -546,8 +613,7 @@ VmDirLdapOcParseLDAPEntry(
             }
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     dwError = VmDirLdapOcCreate(pSource, ppOc);
@@ -561,10 +627,7 @@ VmDirLdapOcParseLDAPEntry(
     {
         ldap_objectclass_free(pSource);
     }
-    if (ppBerVals)
-    {
-        ldap_value_free_len(ppBerVals);
-    }
+    VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     goto cleanup;
 }
 
@@ -583,8 +646,7 @@ VmDirLdapCrParseLDAPEntry(
 
     if (!pEntry || !ppCr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -602,8 +664,7 @@ VmDirLdapCrParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->cr_names[0]);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_GOVERNSID);
@@ -613,8 +674,7 @@ VmDirLdapCrParseLDAPEntry(
                 ppBerVals[0]->bv_val, &pSource->cr_oid);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_MUSTCONTAIN);
@@ -638,8 +698,7 @@ VmDirLdapCrParseLDAPEntry(
             bHasCr = TRUE;
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_MAYCONTAIN);
@@ -663,8 +722,7 @@ VmDirLdapCrParseLDAPEntry(
             bHasCr = TRUE;
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_AUXILIARY_CLASS);
@@ -689,8 +747,7 @@ VmDirLdapCrParseLDAPEntry(
             bHasCr = TRUE;
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     ppBerVals = ldap_get_values_len(pLd, pEntry, ATTR_SYSTEMAUXILIARY_CLASS);
@@ -716,8 +773,7 @@ VmDirLdapCrParseLDAPEntry(
             bHasCr = TRUE;
         }
 
-        ldap_value_free_len(ppBerVals);
-        ppBerVals = NULL;
+        VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     }
 
     if (!bHasCr)
@@ -736,14 +792,11 @@ VmDirLdapCrParseLDAPEntry(
     {
         ldap_contentrule_free(pSource);
     }
-    if (ppBerVals)
-    {
-        ldap_value_free_len(ppBerVals);
-    }
     if (ppCr)
     {
         *ppCr = NULL;
     }
+    VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppBerVals);
     goto cleanup;
 }
 
@@ -758,8 +811,7 @@ VmDirLdapAtToStr(
 
     if (!pAt || !ppszStr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pszStr = ldap_attributetype2str(pAt->pSource);
@@ -787,8 +839,7 @@ VmDirLdapOcToStr(
 
     if (!pOc || !ppszStr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pOc->pSource->oc_kind = gVdirADToOpenLdapClassType[pOc->type - 1];
@@ -819,8 +870,7 @@ VmDirLdapCrToStr(
 
     if (!pCr || !ppszStr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pszStr = ldap_contentrule2str(pCr->pSource);
@@ -848,8 +898,7 @@ VmDirLdapSrToStr(
 
     if (!pSr || !ppszStr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pszStr = ldap_structurerule2str(pSr->pSource);
@@ -877,8 +926,7 @@ VmDirLdapNfToStr(
 
     if (!pNf || !ppszStr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pszStr = ldap_nameform2str(pNf->pSource);
diff --git a/lwraft/common/schema/patch.c b/lwraft/common/schema/patch.c
index bc93caaa4..4261fff93 100644
--- a/lwraft/common/schema/patch.c
+++ b/lwraft/common/schema/patch.c
@@ -79,36 +79,20 @@ _CreateLDAPModArrayFromObjDiff(
 
 DWORD
 VmDirPatchRemoteSchemaObjects(
-    LDAP*               pLd,
-    PVDIR_LDAP_SCHEMA   pNewSchema
+    LDAP*                   pLd,
+    PVDIR_LDAP_SCHEMA_DIFF  pSchemaDiff
     )
 {
     DWORD   dwError = 0;
-    PVDIR_LDAP_SCHEMA               pCurSchema = NULL;
-    PVDIR_LDAP_SCHEMA               pMergedSchema = NULL;
-    PVDIR_LDAP_SCHEMA_DIFF          pSchemaDiff = NULL;
     PVDIR_LDAP_SCHEMA_OBJECT_DIFF   pObjDiff = NULL;
     PVDIR_LINKED_LIST_NODE  pNode = NULL;
     LDAPMod**   mods = NULL;
 
-    if (!pLd || !pNewSchema)
+    if (!pLd || !pSchemaDiff)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
-    dwError = VmDirLdapSchemaInit(&pCurSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaLoadRemoteSchema(pCurSchema, pLd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaMerge(pCurSchema, pNewSchema, &pMergedSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaGetDiff(pCurSchema, pMergedSchema, &pSchemaDiff);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     pNode = pSchemaDiff->attrToAdd->pHead;
     while (pNode)
     {
@@ -175,8 +159,5 @@ VmDirPatchRemoteSchemaObjects(
 
 error:
     _FreeLDAPModArray(mods);
-    VmDirFreeLdapSchema(pCurSchema);
-    VmDirFreeLdapSchema(pMergedSchema);
-    VmDirFreeLdapSchemaDiff(pSchemaDiff);
     return dwError;
 }
diff --git a/lwraft/common/schema/prototypes.h b/lwraft/common/schema/prototypes.h
index f8d025d1e..ded39a89c 100644
--- a/lwraft/common/schema/prototypes.h
+++ b/lwraft/common/schema/prototypes.h
@@ -140,6 +140,13 @@ VmDirLdapAtResolveAliases(
     PVDIR_LDAP_ATTRIBUTE_TYPE** ppAtList
     );
 
+DWORD
+VmDirLdapAtResolveSupWithLogOpt(
+    PVDIR_LDAP_SCHEMA           pSchema,
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt,
+    BOOLEAN                     bLogOpt
+    );
+
 DWORD
 VmDirLdapAtResolveSup(
     PVDIR_LDAP_SCHEMA           pSchema,
diff --git a/lwraft/common/schema/resolve.c b/lwraft/common/schema/resolve.c
index 5137a327b..d6fdea443 100644
--- a/lwraft/common/schema/resolve.c
+++ b/lwraft/common/schema/resolve.c
@@ -76,10 +76,14 @@ VmDirLdapAtResolveAliases(
     goto cleanup;
 }
 
+/*
+ * This is helpful to reduce log noise when loading schema from file
+ */
 DWORD
-VmDirLdapAtResolveSup(
+VmDirLdapAtResolveSupWithLogOpt(
     PVDIR_LDAP_SCHEMA           pSchema,
-    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt,
+    BOOLEAN                     bLogOpt
     )
 {
     DWORD   dwError = 0;
@@ -99,9 +103,12 @@ VmDirLdapAtResolveSup(
             if (LwRtlHashMapFindKey(
                     pSchema->attributeTypes, (PVOID*)&pParentAt, pszSup))
             {
-                VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                        "%s: (%s) cannot resolve syntax, unknown sup (%s).",
-                        __FUNCTION__, pAt->pszName, pszSup);
+                if (bLogOpt)
+                {
+                    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                            "%s: (%s) cannot resolve syntax, unknown sup (%s).",
+                            __FUNCTION__, pAt->pszName, pszSup);
+                }
                 dwError = ERROR_INVALID_SCHEMA;
                 BAIL_ON_VMDIR_ERROR(dwError);
             }
@@ -120,9 +127,18 @@ VmDirLdapAtResolveSup(
 }
 
 DWORD
-VmDirLdapOcResolveSup(
+VmDirLdapAtResolveSup(
     PVDIR_LDAP_SCHEMA           pSchema,
-    PVDIR_LDAP_OBJECT_CLASS     pOc
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt
+    )
+{
+    return VmDirLdapAtResolveSupWithLogOpt(pSchema, pAt, TRUE);
+}
+
+DWORD
+VmDirLdapOcResolveSup(
+    PVDIR_LDAP_SCHEMA       pSchema,
+    PVDIR_LDAP_OBJECT_CLASS pOc
     )
 {
     DWORD   dwError = 0;
diff --git a/lwraft/common/schema/schema.c b/lwraft/common/schema/schema.c
index 0fad2dea0..e55567fc3 100644
--- a/lwraft/common/schema/schema.c
+++ b/lwraft/common/schema/schema.c
@@ -24,8 +24,7 @@ VmDirLdapSchemaInit(
 
     if (!ppSchema)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -69,8 +68,11 @@ VmDirLdapSchemaInit(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeLdapSchema(pSchema);
     goto cleanup;
@@ -92,8 +94,7 @@ VmDirLdapSchemaAddDef(
 
     if (!pDefMap || !pDef)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = LwRtlHashMapInsert(pDefMap, pDef->pszName, pDef, &pair);
@@ -147,8 +148,7 @@ VmDirLdapSchemaAddAt(
 
     if (!pSchema || !pAt)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirLdapSchemaAddDef(
@@ -171,8 +171,7 @@ VmDirLdapSchemaAddOc(
 
     if (!pSchema || !pOc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     for (; pOc->ppszMust && pOc->ppszMust[dwNumMust]; dwNumMust++);
@@ -204,8 +203,7 @@ VmDirLdapSchemaAddCr(
 
     if (!pSchema || !pCr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     for (; pCr->ppszAux && pCr->ppszAux[dwNumAux]; dwNumAux++);
@@ -238,8 +236,7 @@ VmDirLdapSchemaAddSr(
 
     if (!pSchema || !pSr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirLdapSchemaAddDef(
@@ -260,8 +257,7 @@ VmDirLdapSchemaAddNf(
 
     if (!pSchema || !pNf)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirLdapSchemaAddDef(
@@ -272,6 +268,78 @@ VmDirLdapSchemaAddNf(
     return dwError;
 }
 
+DWORD
+VmDirLdapSchemaAddIdx(
+    PVDIR_LDAP_SCHEMA   pSchema,
+    PCSTR               pszAtName,
+    BOOLEAN             bGlobalUniq
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pOldAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pNewAt = NULL;
+
+    if (!pSchema || IsNullOrEmptyString(pszAtName))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // look up attribute type by name
+    if (LwRtlHashMapFindKey(
+            pSchema->attributeTypes, (PVOID*)&pOldAt, pszAtName))
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "%s: unknown attribute type (%s)",
+                __FUNCTION__,
+                pszAtName);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_SCHEMA);
+    }
+
+    // update index only if it was switched off
+    if (pOldAt->dwSearchFlags & 1)
+    {
+        goto cleanup;
+    }
+
+    // scope array should be null if search flag is switched off
+    if (pOldAt->ppszUniqueScopes)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "%s: index in invalid state for attribute type (%s)",
+                __FUNCTION__,
+                pszAtName);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+    }
+
+    dwError = VmDirLdapAtDeepCopy(pOldAt, &pNewAt);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pNewAt->dwSearchFlags |= 1;
+
+    if (bGlobalUniq)
+    {
+        dwError = VmDirAllocateMemory(
+                sizeof(PSTR)*2, (PVOID*)&pNewAt->ppszUniqueScopes);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAllocateStringA(
+                PERSISTED_DSE_ROOT_DN, &pNewAt->ppszUniqueScopes[0]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirLdapSchemaAddAt(pSchema, pNewAt);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirFreeLdapAt(pNewAt);
+    goto cleanup;
+}
+
 DWORD
 VmDirLdapSchemaResolveAndVerifyAll(
     PVDIR_LDAP_SCHEMA   pSchema
@@ -285,8 +353,7 @@ VmDirLdapSchemaResolveAndVerifyAll(
 
     if (!pSchema)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     while (LwRtlHashMapIterate(pSchema->attributeTypes, &atIter, &pair))
@@ -343,8 +410,7 @@ VmDirLdapSchemaRemoveNoopData(
 
     if (!pSchema)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     while (LwRtlHashMapIterate(pSchema->attributeTypes, &atIter, &pair))
@@ -383,6 +449,28 @@ _FreeDefMapPair(
     }
 }
 
+BOOLEAN
+VmDirLdapSchemaIsEmpty(
+    PVDIR_LDAP_SCHEMA   pSchema
+    )
+{
+    BOOLEAN bEmpty = TRUE;
+
+    if (pSchema)
+    {
+        if (LwRtlHashMapGetCount(pSchema->attributeTypes) ||
+            LwRtlHashMapGetCount(pSchema->objectClasses) ||
+            LwRtlHashMapGetCount(pSchema->contentRules) ||
+            LwRtlHashMapGetCount(pSchema->structureRules) ||
+            LwRtlHashMapGetCount(pSchema->nameForms))
+        {
+            bEmpty = FALSE;
+        }
+    }
+
+    return bEmpty;
+}
+
 VOID
 VmDirFreeLdapSchema(
     PVDIR_LDAP_SCHEMA   pSchema
diff --git a/lwraft/common/schema/util.c b/lwraft/common/schema/util.c
new file mode 100644
index 000000000..063260985
--- /dev/null
+++ b/lwraft/common/schema/util.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirLdapSearchSubSchemaSubEntry(
+    LDAP*           pLd,
+    LDAPMessage**   ppResult,
+    LDAPMessage**   ppEntry
+    )
+{
+    static PSTR ppszSubSchemaSubEntryAttrs[] =
+    {
+        ATTR_ATTRIBUTETYPES,
+        ATTR_OBJECTCLASSES,
+        ATTR_DITCONTENTRULES,
+        ATTR_LDAPSYNTAXES,
+        NULL
+    };
+
+    DWORD           dwError = 0;
+    PCSTR           pcszFilter = "(objectclass=*)";
+    LDAPMessage*    pResult = NULL;
+    LDAPMessage*    pEntry = NULL;
+
+    if (!ppResult)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                SUB_SCHEMA_SUB_ENTRY_DN,
+                LDAP_SCOPE_BASE,
+                pcszFilter,
+                ppszSubSchemaSubEntryAttrs,
+                FALSE, /* get values      */
+                NULL,  /* server controls */
+                NULL,  /* client controls */
+                NULL,  /* timeout         */
+                0,     /* size limit      */
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (ldap_count_entries(pLd, pResult) != 1)
+    {
+        dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pEntry = ldap_first_entry(pLd, pResult);
+
+    *ppResult = pResult;
+    *ppEntry = pEntry;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError );
+
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+    goto cleanup;
+}
diff --git a/lwraft/common/string.c b/lwraft/common/string.c
index 5757f2cc6..839b519f1 100644
--- a/lwraft/common/string.c
+++ b/lwraft/common/string.c
@@ -171,6 +171,37 @@ VmDirStringNCompareA(
     }
 }
 
+BOOLEAN
+VmDirStringStartsWith(
+    PCSTR   pszStr,
+    PCSTR   pszPrefix,
+    BOOLEAN bIsCaseSensitive
+    )
+{
+    BOOLEAN bStartsWith = FALSE;
+
+    if (IsNullOrEmptyString(pszPrefix))
+    {
+        bStartsWith = TRUE;
+    }
+    else if (!IsNullOrEmptyString(pszStr))
+    {
+        size_t strlen = VmDirStringLenA(pszStr);
+        size_t prefixlen = VmDirStringLenA(pszPrefix);
+
+        if (strlen >= prefixlen)
+        {
+            if (VmDirStringNCompareA(
+                    pszStr, pszPrefix, prefixlen, bIsCaseSensitive) == 0)
+            {
+                bStartsWith = TRUE;
+            }
+        }
+    }
+
+    return bStartsWith;
+}
+
 BOOLEAN
 VmDirStringEndsWith(
     PCSTR   pszStr,
@@ -504,6 +535,13 @@ VmDirStringNPrintFA(
     return dwError;
 }
 
+/*
+ *  does NOT return empty string token.
+ *  say pszStr = "(A;;RP;;;MYSID)" and pszDelimiter = ";"
+ *  return pList->pStringList[0] = "(A"
+ *         pList->pStringList[1] = "RP"
+ *         pList->pStringList[2] = "MYSID)"
+ */
 DWORD
 VmDirStringToTokenList(
     PCSTR pszStr,
@@ -552,5 +590,70 @@ VmDirStringToTokenList(
     goto cleanup;
 }
 
+/*
+ *  return empty string token.
+ *  say pszStr = "(A;;RP;;;MYSID)" and pszDelimiter = ";"
+ *  return pList->pStringList[0] = "(A"
+ *         pList->pStringList[1] = ""
+ *         pList->pStringList[2] = "RP"
+ *         pList->pStringList[3] = ""
+ *         pList->pStringList[4] = ""
+ *         pList->pStringList[5] = "MYSID)"
+ */
+DWORD
+VmDirStringToTokenListExt(
+    PCSTR pszStr,
+    PCSTR pszDelimiter,
+    PVMDIR_STRING_LIST *ppStrList
+    )
+{
+    DWORD       dwError = 0;
+    PSTR        pszToken = NULL;
+    PSTR        pszLocal = NULL;
+    PSTR        pszHead = NULL;
+    SIZE_T      dwSize = 0;
+    PVMDIR_STRING_LIST  pList = NULL;
+
+    if ( IsNullOrEmptyString(pszStr) || IsNullOrEmptyString(pszDelimiter) || ppStrList == NULL )
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwSize = VmDirStringLenA(pszDelimiter);
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // make a local copy
+    dwError = VmDirAllocateStringA(
+                pszStr,
+                &pszLocal);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszHead = pszLocal;
+    while ((pszToken = strstr(pszHead, pszDelimiter)) != NULL)
+    {
+        *pszToken = '\0';
+        dwError = VmDirStringListAddStrClone (pszHead, pList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszHead = pszToken + dwSize;
+    }
+
+    dwError = VmDirStringListAddStrClone (pszHead, pList);
+
+    *ppStrList = pList;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLocal);
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pList);
+    goto cleanup;
+}
+
 #endif //#ifndef _WIN32
 
diff --git a/lwraft/common/structs.h b/lwraft/common/structs.h
index 26459ffef..27a190662 100644
--- a/lwraft/common/structs.h
+++ b/lwraft/common/structs.h
@@ -60,6 +60,12 @@ typedef VMDIR_COND_2003  VMDIR_COND;
 
 #endif /* HAVE_DCERPC_WIN32 */
 
+typedef struct _VMDIR_RWLOCK
+{
+    BOOLEAN             bInitialized;
+    pthread_rwlock_t    lock;
+} VMDIR_RWLOCK;
+
 typedef struct _VMDIR_THREAD_START_INFO
 {
     VmDirStartRoutine* pStartRoutine;
diff --git a/lwraft/common/threading.c b/lwraft/common/threading.c
index d145cb249..56006d034 100644
--- a/lwraft/common/threading.c
+++ b/lwraft/common/threading.c
@@ -20,7 +20,7 @@
 DWORD
 VmDirAllocateMutex(
     PVMDIR_MUTEX* ppMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDIR_MUTEX pVmDirMutex = NULL;
@@ -50,7 +50,7 @@ VmDirAllocateMutex(
 DWORD
 VmDirInitializeMutexContent(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -75,7 +75,7 @@ VmDirInitializeMutexContent(
 VOID
 VmDirFreeMutex(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     VmDirFreeMutexContent(pMutex);
     VMDIR_SAFE_FREE_MEMORY( pMutex );
@@ -84,7 +84,7 @@ VmDirFreeMutex(
 VOID
 VmDirFreeMutexContent(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     if ( ( pMutex != NULL ) &&  ( pMutex->bInitialized != FALSE ) )
     {
@@ -97,7 +97,7 @@ VmDirFreeMutexContent(
 DWORD
 VmDirLockMutex(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -122,7 +122,7 @@ VmDirLockMutex(
 DWORD
 VmDirUnLockMutex(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -147,16 +147,197 @@ VmDirUnLockMutex(
 BOOLEAN
 VmDirIsMutexInitialized(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     return ( pMutex != NULL ) &&
            ( pMutex->bInitialized != FALSE );
 }
 
+DWORD
+VmDirAllocateRWLock(
+    PVMDIR_RWLOCK*  ppLock
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_RWLOCK pLock = NULL;
+
+    if (!ppLock)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_RWLOCK), (PVOID*)&pLock);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInitializeRWLockContent(pLock);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppLock = pLock;
+    pLock = NULL;
+
+error:
+    VmDirFreeRWLock(pLock);
+    return dwError;
+}
+
+DWORD
+VmDirInitializeRWLockContent(
+    PVMDIR_RWLOCK   pLock
+    )
+{
+    DWORD dwError = 0;
+
+    if (!pLock || pLock->bInitialized)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    memset(&pLock->lock, 0, sizeof(pthread_mutex_t));
+
+    dwError = pthread_rwlock_init(&pLock->lock, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pLock->bInitialized = TRUE;
+
+error:
+    return dwError;
+}
+
+VOID
+VmDirFreeRWLock(
+    PVMDIR_RWLOCK   pLock
+    )
+{
+    VmDirFreeRWLockContent(pLock);
+    VMDIR_SAFE_FREE_MEMORY(pLock);
+}
+
+VOID
+VmDirFreeRWLockContent(
+    PVMDIR_RWLOCK   pLock
+    )
+{
+    if (pLock && pLock->bInitialized)
+    {
+        pthread_rwlock_destroy(&pLock->lock);
+        pLock->bInitialized = FALSE;
+    }
+}
+
+DWORD
+VmDirRWLockReadLock(
+    PVMDIR_RWLOCK   pLock,
+    DWORD           dwMilliSec
+    )
+{
+#ifdef __APPLE__
+    return VMDIR_ERROR_OPERATION_NOT_PERMITTED;
+#else
+    DWORD dwError = 0;
+
+    if (!pLock || !pLock->bInitialized)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (dwMilliSec)
+    {
+        struct timespec ts = {0};
+        uint64_t iTimeInMSec = 0;
+
+        iTimeInMSec =  dwMilliSec + VmDirGetTimeInMilliSec();
+        ts.tv_sec = iTimeInMSec / MSECS_PER_SEC;
+        ts.tv_nsec = (iTimeInMSec % MSECS_PER_SEC) * NSECS_PER_MSEC;
+
+        dwError = pthread_rwlock_timedrdlock(&pLock->lock, &ts);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = pthread_rwlock_rdlock(&pLock->lock);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+error:
+    return dwError;
+#endif
+}
+
+DWORD
+VmDirRWLockWriteLock(
+    PVMDIR_RWLOCK   pLock,
+    DWORD           dwMilliSec
+    )
+{
+#ifdef __APPLE__
+    return VMDIR_ERROR_OPERATION_NOT_PERMITTED;
+#else
+    DWORD dwError = 0;
+
+    if (!pLock || !pLock->bInitialized)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (dwMilliSec)
+    {
+        struct timespec ts = {0};
+        uint64_t iTimeInMSec = 0;
+
+        iTimeInMSec =  dwMilliSec + VmDirGetTimeInMilliSec();
+        ts.tv_sec = iTimeInMSec / MSECS_PER_SEC;
+        ts.tv_nsec = (iTimeInMSec % MSECS_PER_SEC) * NSECS_PER_MSEC;
+
+        dwError = pthread_rwlock_timedwrlock(&pLock->lock, &ts);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = pthread_rwlock_wrlock(&pLock->lock);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+error:
+    return dwError;
+#endif
+}
+
+DWORD
+VmDirRWLockUnlock(
+    PVMDIR_RWLOCK   pLock
+    )
+{
+    DWORD dwError = 0;
+
+    if (!pLock || !pLock->bInitialized)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = pthread_rwlock_unlock(&pLock->lock);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+error:
+    return dwError;
+}
+
+BOOLEAN
+VmDirIsRWLockInitialized(
+    PVMDIR_RWLOCK   pLock
+    )
+{
+    return pLock && pLock->bInitialized;
+}
+
 DWORD
 VmDirAllocateCondition(
     PVMDIR_COND* ppCondition
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDIR_COND pVmDirCond = NULL;
@@ -186,7 +367,7 @@ VmDirAllocateCondition(
 DWORD
 VmDirInitializeConditionContent(
     PVMDIR_COND pCondition
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -210,7 +391,7 @@ VmDirInitializeConditionContent(
 VOID
 VmDirFreeCondition(
     PVMDIR_COND pCondition
-)
+    )
 {
     VmDirFreeConditionContent( pCondition );
     VMDIR_SAFE_FREE_MEMORY( pCondition );
@@ -219,7 +400,7 @@ VmDirFreeCondition(
 VOID
 VmDirFreeConditionContent(
     PVMDIR_COND pCondition
-)
+    )
 {
     if ( ( pCondition != NULL ) &&  ( pCondition->bInitialized != FALSE ) )
     {
@@ -232,7 +413,7 @@ DWORD
 VmDirConditionWait(
     PVMDIR_COND pCondition,
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -265,7 +446,7 @@ VmDirConditionTimedWait(
     PVMDIR_COND pCondition,
     PVMDIR_MUTEX pMutex,
     DWORD dwMilliseconds
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     struct timespec ts = {0};
@@ -304,7 +485,7 @@ VmDirConditionTimedWait(
 DWORD
 VmDirConditionSignal(
     PVMDIR_COND pCondition
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -350,8 +531,8 @@ VmDirConditionBroadcast(
 static
 PVOID
 ThreadFunction(
-  PVOID pArgs
-)
+    PVOID pArgs
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDIR_START_ROUTINE pThreadStart = NULL;
@@ -394,10 +575,10 @@ ThreadFunction(
 DWORD
 VmDirCreateThread(
     PVMDIR_THREAD pThread,
-    BOOLEAN bDetached,
+    BOOLEAN bJoinThr,
     VmDirStartRoutine* pStartRoutine,
     PVOID pArgs
-)
+    )
 {
     DWORD                       dwError = ERROR_SUCCESS;
     PVMDIR_THREAD_START_INFO    pThreadStartInfo = NULL;
@@ -405,13 +586,13 @@ VmDirCreateThread(
     BOOLEAN                     bThreadAttrInited = FALSE;
     int                         iRetryCnt = 0;
 
-    if ( ( pThread == NULL ) || ( pStartRoutine == NULL ) )
+    if (!pThread || !pStartRoutine)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if( bDetached != FALSE )
+    if (!bJoinThr)
     {
         pthread_attr_init(&thrAttr);
         bThreadAttrInited = TRUE;
@@ -431,11 +612,11 @@ VmDirCreateThread(
     {
         dwError = pthread_create(
                         pThread,
-                        ((bDetached == FALSE) ? NULL : &thrAttr),
+                        (bJoinThr ? NULL : &thrAttr),
                         ThreadFunction,
                         pThreadStartInfo
                         );
-        if ( dwError == EAGAIN )    // no resources, retry after 1 second pause
+        if (dwError == EAGAIN)  // no resources, retry after 1 second pause
         {
             iRetryCnt++ ;
             VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "pthread_create EAGAIN, retry (%d)", iRetryCnt );
@@ -445,7 +626,7 @@ VmDirCreateThread(
         {
             iRetryCnt = VMDIR_MAX_EAGAIN_RETRY;
         }
-    } while ( iRetryCnt < VMDIR_MAX_EAGAIN_RETRY );
+    } while (iRetryCnt < VMDIR_MAX_EAGAIN_RETRY);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // we started successfully -> pThreadStartInfo is now owned by
@@ -453,14 +634,11 @@ VmDirCreateThread(
     pThreadStartInfo = NULL;
 
 error:
-
-    if(bThreadAttrInited != FALSE)
+    if (bThreadAttrInited)
     {
         pthread_attr_destroy(&thrAttr);
     }
-
-    VMDIR_SAFE_FREE_MEMORY( pThreadStartInfo );
-
+    VMDIR_SAFE_FREE_MEMORY(pThreadStartInfo);
     return dwError;
 }
 
@@ -468,7 +646,7 @@ DWORD
 VmDirThreadJoin(
     PVMDIR_THREAD pThread,
     PDWORD pRetVal
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     union
@@ -505,9 +683,9 @@ VmDirThreadJoin(
 VOID
 VmDirFreeVmDirThread(
     PVMDIR_THREAD pThread
-)
+    )
 {
-    if ( pThread != NULL )
+    if (pThread)
     {
         // on linux nothing to free really
         memset(pThread, 0, sizeof(*pThread));
diff --git a/lwraft/common/util.c b/lwraft/common/util.c
index 3e1bddbb7..8f4f98ddb 100644
--- a/lwraft/common/util.c
+++ b/lwraft/common/util.c
@@ -27,7 +27,7 @@ _VmDirIsIPV4AddrFormat(
  */
 PCSTR
 VmDirSearchDomainDN(
-    PCSTR pszNormObjectDN
+    PCSTR   pszNormObjectDN
     )
 {
     PSTR pszDomainDn = VmDirStringCaseStrA(pszNormObjectDN, "dc=");
@@ -42,8 +42,9 @@ VmDirSearchDomainDN(
 
 DWORD
 VmDirDomainDNToName(
-    PCSTR pszDomainDN,
-    PSTR* ppszDomainName)
+    PCSTR   pszDomainDN,
+    PSTR*   ppszDomainName
+    )
 {
     DWORD   dwError = 0;
     PSTR    pszDomainName = NULL;
@@ -94,14 +95,14 @@ VmDirDomainDNToName(
 }
 
 DWORD
-VmDirSrvCreateDomainDN(
-    PCSTR pszFQDomainName,
-    PSTR* ppszDomainDN
+VmDirDomainNameToDN(
+    PCSTR   pszDomainName,
+    PSTR*   ppszDomainDN
     )
 {
     DWORD   dwError = 0;
     PSTR    pszDomainDN = NULL;
-    int     fqDomainNameLen = (int) VmDirStringLenA(pszFQDomainName);
+    int     fqDomainNameLen = (int) VmDirStringLenA(pszDomainName);
     int     domainDNBufLen = 0;
     PSTR    pszTmpFQDomainName = NULL;
     int     numDomainComps = 1;
@@ -116,7 +117,7 @@ VmDirSrvCreateDomainDN(
     dwError = VmDirAllocateMemory( fqDomainNameLen + 1 /* \0 */, (PVOID *) &pszTmpFQDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirStringCpyA( pszTmpFQDomainName, fqDomainNameLen + 1, pszFQDomainName );
+    dwError = VmDirStringCpyA( pszTmpFQDomainName, fqDomainNameLen + 1, pszDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Count number of domain components
@@ -767,14 +768,6 @@ VmDirGetRegKeyTabFile(
                                 VMDIR_MAX_FILE_NAME_LEN );
 }
 
-DWORD
-VmDirGetLocalLduGuid(
-    PSTR pszLduGuid
-    )
-{
-    return VmDirGetRegGuid(VMDIR_REG_KEY_LDU_GUID, pszLduGuid);
-}
-
 DWORD
 VmDirGetLocalSiteGuid(
     PSTR pszSiteGuid
@@ -1267,7 +1260,7 @@ VmDirLoadLibrary(
     pLibHandle = LoadLibrary(pszLibPath);
     if (pLibHandle == NULL)
     {
-        VMDIR_LOG_VERBOSE(
+        VMDIR_LOG_WARNING(
             VMDIR_LOG_MASK_ALL,
             "LoadLibrary %s failed, error code %d",
             pszLibPath,
@@ -1278,7 +1271,7 @@ VmDirLoadLibrary(
     pLibHandle = dlopen(pszLibPath, RTLD_LAZY);
     if (pLibHandle == NULL)
     {
-        VMDIR_LOG_VERBOSE(
+        VMDIR_LOG_WARNING(
              VMDIR_LOG_MASK_ALL,
              "dlopen %s library failed, error msg (%s)",
              pszLibPath,
@@ -2010,9 +2003,9 @@ VmDirCertificateFileNameFromHostName(
     }
     else
     {
-        dwError = VmDirAllocateStringAVsnprintf( &pszLocalRsaServerCertFileName, "%s", RSA_SERVER_CERT);
+        dwError = VmDirAllocateStringPrintf( &pszLocalRsaServerCertFileName, "%s", RSA_SERVER_CERT);
         BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                                      "VmDirAllocateStringAVsnprintf(pszLocalRsaServerCertFileName) failed" );
+                                      "VmDirAllocateStringPrintf(pszLocalRsaServerCertFileName) failed" );
 
         pszSlash = VmDirStringRChrA(pszLocalRsaServerCertFileName, VMDIR_PATH_SEPARATOR_STR[0]);
 
@@ -2026,9 +2019,9 @@ VmDirCertificateFileNameFromHostName(
 
         *(pszSlash + 1) = '\0';
 
-        dwError = VmDirAllocateStringAVsnprintf( &pszLocalFileName, "%s%s.pem", pszLocalRsaServerCertFileName, pszPartnerHostName);
+        dwError = VmDirAllocateStringPrintf( &pszLocalFileName, "%s%s.pem", pszLocalRsaServerCertFileName, pszPartnerHostName);
         BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                                      "VmDirAllocateStringAVsnprintf(pszLocalFileName) failed" );
+                                      "VmDirAllocateStringPrintf(pszLocalFileName) failed" );
     }
 
     *ppszFileName = pszLocalFileName;
@@ -3302,7 +3295,7 @@ VmDirGetDCDNList(
     BAIL_ON_VMDIR_ERROR(dwError);
 
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszDCDN,
+    dwError = VmDirAllocateStringPrintf(&pszDCDN,
                                             "%s=%s,%s",
                                             ATTR_OU,
                                             VMDIR_DOMAIN_CONTROLLERS_RDN_VAL,
@@ -3571,3 +3564,157 @@ VmDirCompareVersion(
     return 0;
 }
 
+/*
+ * convert DN to a list of RDN.
+ *
+ * say dc=lwraft,dc=local
+ * if iNotypes == 0, {"dc=lwraft", "dc=local"} is returned;
+ * otherwise {"lwraft", "local"} is returned.
+ */
+DWORD
+VmDirDNToRDNList(
+    PCSTR               pszDN,
+    int                 iNotypes,
+    PVMDIR_STRING_LIST* ppRDNStrList
+    )
+{
+    DWORD               dwError = 0;
+    PVMDIR_STRING_LIST  pStrList = NULL;
+    PSTR*               ppRDN = NULL;
+    PSTR*               ppTmp = NULL;
+
+    if (!pszDN || !ppRDNStrList)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    ppRDN = ldap_explode_dn(pszDN, iNotypes);
+    if (!ppRDN)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_DN);
+    }
+
+    dwError = VmDirStringListInitialize(&pStrList, 10);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (ppTmp = ppRDN; *ppTmp; ppTmp++)
+    {
+        dwError = VmDirStringListAddStrClone(*ppTmp, pStrList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppRDNStrList = pStrList;
+    pStrList = NULL;
+
+cleanup:
+    if (ppRDN)
+    {
+        ldap_value_free(ppRDN);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pStrList);
+
+    goto cleanup;
+}
+
+/*
+ * Note: based on http://en.wikipedia.org/wiki/FQDN, a valid FQDN
+ * always contains a trailing dot "." at the end of the string.
+ * However, in our code, we will handle cases where the trailing dot is
+ * omitted. I.e., we treat all of the following examples as valid FQDN:
+ * "com.", "vmware.com.", "eng.vmware.com."
+ * "com",  "vmware.com",  "eng.vmware.com"
+ */
+DWORD
+VmDirFQDNToDNSize(
+    PCSTR pszFQDN,
+    UINT32 *sizeOfDN
+)
+{
+    DWORD dwError  = 0;
+    int    numElem = 1;
+    int    numDots = 0;
+    UINT32 sizeRet = 0;
+    int len = (int)VmDirStringLenA(pszFQDN);
+    int i;
+    for ( i=0; i<=len; i++ )
+    {
+        if (pszFQDN[i] == VMDIR_FQDN_SEPARATOR )
+        {
+            numDots++;
+            if ( i>0 && i<len-1 )
+            {
+                 numElem++;
+            }
+        }
+    }
+    sizeRet = len - numDots;
+    // "dc=," for each elements except the last one does NOT has a ","
+    sizeRet += 4 * numElem - 1;
+    *sizeOfDN = sizeRet;
+    return dwError;
+}
+
+/*
+ * in: pszFQDN = "csp.com"
+ * out: *ppszDN = "dc=csp,dc=com"
+ */
+DWORD
+VmDirFQDNToDN(
+    PCSTR pszFQDN,
+    PSTR* ppszDN
+)
+{
+    int len = (int)VmDirStringLenA(pszFQDN);
+    int iStart = 0;
+    int iStop = iStart + 1 ;
+    int iDest = 0;
+    int i;
+    PSTR        pszDN = NULL;
+    UINT32      dnSize = 0;
+
+    // Calculate size needed to store DN
+    DWORD dwError = VmDirFQDNToDNSize(pszFQDN, &dnSize);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Allocate memory needed to store DN
+    dwError = VmDirAllocateMemory(dnSize + 1, (PVOID*)&pszDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for ( ; iStop < len; iStop++ )
+    {
+        if (pszFQDN[iStop] == VMDIR_FQDN_SEPARATOR)
+        {
+            (pszDN)[iDest++] = 'd';
+            (pszDN)[iDest++] = 'c';
+            (pszDN)[iDest++] = '=';
+            for ( i= iStart; i<iStop; i++)
+            {
+                (pszDN)[iDest++] = pszFQDN[i];
+            }
+            (pszDN)[iDest++] = ',';
+            iStart = iStop + 1;
+            iStop = iStart;
+        }
+    }
+    (pszDN)[iDest++] = 'd';
+    (pszDN)[iDest++] = 'c';
+    (pszDN)[iDest++] = '=';
+    for ( i= iStart; i<iStop; i++)
+    {
+        (pszDN)[iDest++] = pszFQDN[i];
+    }
+    (pszDN)[iDest] = '\0';
+    *ppszDN = pszDN;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
+    goto cleanup;
+}
+
diff --git a/lwraft/config/Makefile.am b/lwraft/config/Makefile.am
index 2cdac8cb5..0b1f96932 100644
--- a/lwraft/config/Makefile.am
+++ b/lwraft/config/Makefile.am
@@ -1,9 +1,10 @@
 lwraftconf_DATA = \
-    lwraftschema.ldif \
-    lwraft.reg        \
-    lwraft-client.reg \
-    lwraftd-syslog-ng.conf \
-    sasllwraftd.conf \
-    lwraft-rest.json
+    postschema.ldif \
+    post.reg        \
+    post-client.reg \
+    postd-syslog-ng.conf \
+    saslpostd.conf \
+    post-rest.json \
+    post-telegraf.conf
 
-bin_SCRIPTS = lwraft_upgrade.sh
+bin_SCRIPTS = 
diff --git a/lwraft/config/deployment/aws/appspec.yml b/lwraft/config/deployment/aws/appspec.yml
new file mode 100644
index 000000000..8ed4436af
--- /dev/null
+++ b/lwraft/config/deployment/aws/appspec.yml
@@ -0,0 +1,34 @@
+#
+# Note: Log data produced by these scripts will be available in
+# /opt/codedeploy-agent/deployment-root/DEPLOYMENT_GROUP_ID/DEPLOYMENT_ID/logs/
+#
+version: 0.0
+os: linux
+files:
+  - source: /
+    destination: /var/vmware/lightwave
+hooks:
+  BeforeBlockTraffic:
+    - location: scripts/before_block_traffic.sh
+      timeout: 300
+      runas: root
+  ApplicationStop:
+    - location: scripts/application_stop.sh
+      timeout: 300
+      runas: root
+  BeforeInstall:
+    - location: scripts/before_install.sh
+      timeout: 300
+      runas: root
+  AfterInstall:
+    - location: scripts/after_install.sh
+      timeout: 300
+      runas: root
+  ApplicationStart:
+    - location: scripts/application_start.sh
+      timeout: 300
+      runas: root
+  BeforeAllowTraffic:
+    - location: scripts/before_allow_traffic.sh
+      timeout: 300
+      runas: root
diff --git a/lwraft/config/deployment/aws/scripts/after_install.sh b/lwraft/config/deployment/aws/scripts/after_install.sh
new file mode 100755
index 000000000..d301a3f5b
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/after_install.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -xe
+
+echo "Step 1: Create symlinks in /tmp/vmware/lightwave to rpm files"
+
+rm -rf /tmp/vmware/lightwave
+mkdir -p /tmp/vmware/lightwave/x86_64
+
+# sort by time for re-deployment cases
+ls -rt `find /opt/codedeploy-agent/deployment-root/${DEPLOYMENT_GROUP_ID}/ -name "*.rpm"` | while read org
+do
+    f=`awk -F'/' '{ print $NF; }' <<< ${org}`
+    tgt="/tmp/vmware/lightwave/x86_64/${f}"
+    ln -nfs ${org} ${tgt}
+done
+
+
+echo "Step 2: Create lightwave yum repo in /tmp/vmware/lightwave"
+
+sed -i -e "s|https://vmware.bintray.com/lightwave-dev/photon/master|file:///tmp/vmware/lightwave|" -e "s|gpgcheck=1|gpgcheck=0|" /etc/yum.repos.d/lightwave.repo
+createrepo "/tmp/vmware/lightwave"
+
+
+echo "Step 3: Upgrade/install lightwave-post and lightwave-client"
+
+tdnf makecache
+tdnf install -y lightwave-post lightwave-client
diff --git a/lwraft/config/deployment/aws/scripts/application_start.sh b/lwraft/config/deployment/aws/scripts/application_start.sh
new file mode 100755
index 000000000..9354ad312
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/application_start.sh
@@ -0,0 +1,37 @@
+#!/bin/bash -e
+
+source $(dirname $(realpath $0))/common.sh
+
+echo "Step 1: Get domain, password, and existing partners from AWS"
+
+get_tag_value "LW_DOMAIN" LW_DOMAIN
+echo "LW_DOMAIN=${LW_DOMAIN}"
+
+get_tag_value "POST_PASSWORD" POST_PASSWORD
+echo "POST_PASSWORD=<censored>"
+
+find_post_partners PARTNERS
+echo "PARTNERS=${PARTNERS[*]}"
+
+
+echo "Step 2: Start POST"
+
+/opt/likewise/bin/lwsm start post
+echo "POST started successfully"
+
+
+echo "Step 3: Promote POST if necessary"
+
+if [[ -z $(/opt/vmware/bin/post-cli node list --server-name localhost | grep `hostname`) ]]
+then
+    if [[ ${#PARTNERS[@]} -eq 0 ]]; then
+        echo "Step 3-A: Promote POST as the first instance (domain=${LW_DOMAIN})"
+        /opt/vmware/bin/post-cli node promote --domain-name ${LW_DOMAIN} --password ${POST_PASSWORD}
+    else
+        echo "Step 3-B: Promote POST as a subsequent instance (partner=${PARTNERS[0]})"
+        /opt/vmware/bin/post-cli node promote --partner-name ${PARTNERS[0]} --password ${POST_PASSWORD}
+    fi
+    echo "POST promoted successfully"
+else
+    echo "Step 3-C: POST is already promoted - No action"
+fi
diff --git a/lwraft/config/deployment/aws/scripts/application_stop.sh b/lwraft/config/deployment/aws/scripts/application_stop.sh
new file mode 100755
index 000000000..ff56aeb83
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/application_stop.sh
@@ -0,0 +1,5 @@
+#!/bin/bash -xe
+
+echo "Step 1: Stop POST"
+
+/opt/likewise/bin/lwsm stop post
diff --git a/lwraft/config/deployment/aws/scripts/before_allow_traffic.sh b/lwraft/config/deployment/aws/scripts/before_allow_traffic.sh
new file mode 100755
index 000000000..ad2c77330
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/before_allow_traffic.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+source $(dirname $(realpath $0))/common.sh
+
+ERRCNT=0
+
+echo "Step 1: Wait for leader election (mostly for 2nd node promotion)"
+
+get_tag_value "POST_PASSWORD" POST_PASSWORD
+
+echo '/opt/vmware/bin/post-cli node state --server-name localhost --login administrator --password <censored>'
+
+MAX_RETRY=10
+RETRY=1
+
+while [ ${RETRY} -le ${MAX_RETRY} ]
+do
+    sleep 2
+    /opt/vmware/bin/post-cli node state --server-name localhost --login administrator --password ${POST_PASSWORD} &> ${LOGDIR}/post_cli_node_state.log
+    RET=$?
+    echo "Attempt ${RETRY}: ${RET}"
+    if [ ${RET} -eq 0 ]
+    then
+        break
+    fi
+    let RETRY++
+done
+
+if [ ${RET} -ne 0 ]
+then
+    echo "Error: Returned ${RET} / Expected 0"
+    let ERRCNT++
+elif [[ -z $(grep 'Leader' ${LOGDIR}/post_cli_node_state.log) ]]
+then
+    cat ${LOGDIR}/post_cli_node_state.log
+    echo "Error: No POST leader is present"
+    let ERRCNT++
+else
+    cat ${LOGDIR}/post_cli_node_state.log
+    echo "Leader exists"
+fi
+
+
+echo "Step 2: Test LDAP search - DSE root entry"
+
+echo 'ldapsearch -h localhost -p 38900 -x -s base dn'
+ldapsearch -h localhost -p 38900 -x -s base dn &> ${LOGDIR}/ldapsearch_dseroot.log
+
+RET=$?
+if [ ${RET} -ne 0 ]
+then
+    echo "Error: Returned ${RET} / Expected 0"
+    let ERRCNT++
+elif [[ -z $(grep 'dn: cn=DSE Root' ${LOGDIR}/ldapsearch_dseroot.log) ]]
+then
+    cat ${LOGDIR}/ldapsearch_dseroot.log
+    echo "Error: DSE Root entry not found"
+    let ERRCNT++
+else
+    echo "Search successful"
+fi
+
+
+echo "Step 3: Test HTTP LDAP search - DSE root entry"
+
+echo 'curl -X GET http://localhost:7577/v1/post/ldap?dn=cn%3DDSE%20Root'
+curl -X GET 'http://localhost:7577/v1/post/ldap?dn=cn%3DDSE%20Root' &> ${LOGDIR}/http_ldapsearch_dseroot.log
+
+RET=$?
+if [ ${RET} -ne 0 ]
+then
+    echo "Error: Returned ${RET} / Expected 0"
+    let ERRCNT++
+elif [[ -z $(grep '"dn":"cn=DSE Root"' ${LOGDIR}/http_ldapsearch_dseroot.log) ]]
+then
+    cat ${LOGDIR}/http_ldapsearch_dseroot.log
+    echo "Error: DSE Root entry not found"
+    let ERRCNT++
+else
+    echo "Search successful"
+fi
+
+
+echo "All tests executed (total failed test count = ${ERRCNT})"
+exit ${ERRCNT}
diff --git a/lwraft/config/deployment/aws/scripts/before_block_traffic.sh b/lwraft/config/deployment/aws/scripts/before_block_traffic.sh
new file mode 100755
index 000000000..f557cf91b
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/before_block_traffic.sh
@@ -0,0 +1,8 @@
+#!/bin/bash -xe
+
+echo "Step 1: Patch schema (TODO)"
+# TODO
+
+
+echo "Step 2: Check schema replication status (TODO)"
+# TODO
diff --git a/lwraft/config/deployment/aws/scripts/before_install.sh b/lwraft/config/deployment/aws/scripts/before_install.sh
new file mode 100755
index 000000000..d0e921298
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/before_install.sh
@@ -0,0 +1,6 @@
+#!/bin/bash -xe
+
+echo "Step 1: Upgrade/install createrepo and its dependencies"
+
+tdnf makecache
+tdnf install -y sed zip unzip createrepo c-rest-engine-1.0.4-2.ph1
diff --git a/lwraft/config/deployment/aws/scripts/common.sh b/lwraft/config/deployment/aws/scripts/common.sh
new file mode 100755
index 000000000..6c43d920f
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/common.sh
@@ -0,0 +1,52 @@
+#!/bin/bash -e
+
+LOGDIR="/opt/codedeploy-agent/deployment-root/${DEPLOYMENT_GROUP_ID}/${DEPLOYMENT_ID}/logs"
+export LOGDIR
+export PATH=$PATH:/root/.local/bin
+
+# retrieves instance ID of this instance
+get_current_instance_id() {
+    INSTANCE=$(curl -sS http://169.254.169.254/latest/meta-data/instance-id)
+    eval "$1=${INSTANCE}"
+}
+
+# retrieves region of this instance
+get_current_region() {
+    REGION=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -e "s:\([0-9][0-9]*\)[a-z]*\$:\\1:")
+    eval "$1=${REGION}"
+}
+
+# retrieves autoscaling group of this instance
+get_current_asg() {
+    get_current_instance_id INSTANCE
+    get_current_region REGION
+    ASG=$(aws autoscaling describe-auto-scaling-instances --instance-ids ${INSTANCE} --region ${REGION} --query AutoScalingInstances[].AutoScalingGroupName --output text)
+    eval "$1=${ASG}"
+}
+
+# retrieves the value of a specific tag on an autoscaling group
+get_tag_value() {
+    get_current_region REGION
+    get_current_asg ASG
+    TAG=$1
+    VALUE=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names ${ASG} --region ${REGION} --query AutoScalingGroups[].Tags[?Key==\'${TAG}\'].Value --output text)
+    eval "$2=${VALUE}"
+}
+
+# listing all existing post partners
+find_post_partners() {
+    get_current_instance_id INSTANCE
+    get_current_region REGION
+    get_current_asg ASG
+    IDS=($(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names ${ASG} --region ${REGION} --query AutoScalingGroups[].Instances[].InstanceId --output text))
+    PARTNERS=()
+    for ID in ${IDS[@]}
+    do
+        if [[ ${ID} != ${INSTANCE} ]]
+        then
+            IP=$(aws ec2 describe-instances --instance-ids ${ID} --region ${REGION} --query Reservations[].Instances[].PrivateIpAddress --output text)
+            PARTNERS+=(${IP})
+        fi
+    done
+    eval "$1=(`echo ${PARTNERS[@]}`)"
+}
diff --git a/lwraft/config/deployment/aws/scripts/test.sh b/lwraft/config/deployment/aws/scripts/test.sh
new file mode 100755
index 000000000..b763d12e5
--- /dev/null
+++ b/lwraft/config/deployment/aws/scripts/test.sh
@@ -0,0 +1,3 @@
+#!/bin/bash -xe
+
+curl http://$POST_ELB:$POST_PORT
diff --git a/lwraft/config/lwraft-client.reg b/lwraft/config/lwraft-client.reg
deleted file mode 100644
index f37311513..000000000
--- a/lwraft/config/lwraft-client.reg
+++ /dev/null
@@ -1,8 +0,0 @@
-[HKEY_THIS_MACHINE\Services]
-
-[HKEY_THIS_MACHINE\Services\lwraft]
-@security = O:SYG:BAD:(A;;KA;;;BA)
-"Description" = {
-    default = "Lightwave Raft Service"
-    doc = ""
-}
diff --git a/lwraft/config/lwraft-rest.json b/lwraft/config/lwraft-rest.json
deleted file mode 100644
index 32c75d2a1..000000000
--- a/lwraft/config/lwraft-rest.json
+++ /dev/null
@@ -1,251 +0,0 @@
-{
-    "swagger": "2.0",
-    "info": {
-        "title": "Lightwave Raft API",
-        "version": "1.0.0"
-    },
-    "schemes": [
-        "http"
-    ],
-    "host": "IPADDRESS_MARKER:7577",
-    "basePath": "/v1",
-    "produces": [
-        "application/json"
-    ],
-    "tags": [
-        {
-            "name": "ldap",
-            "description": "LDAP(Lightweight Directory Access Protocol) protocol implemented in RESTful interface"
-        }
-    ],
-    "paths": {
-        "/lwraft/ldap": {
-            "put": {
-                "summary": "Add an LDAP entry",
-                "description": "Add an LDAP entry",
-                "consumes": [
-                    "application/json"
-                ],
-                "parameters": [
-                    {
-                        "name": "entry",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "$ref": "#/definitions/LDAPEntry"
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Generic LDAP response",
-                        "schema": {
-                            "$ref": "#/definitions/GenericResponse"
-                        }
-                    }
-                },
-                "tags": [
-                    "ldap"
-                ]
-            },
-            "get": {
-                "summary": "Search for LDAP entries",
-                "description": "Search for LDAP entries",
-                "produces": [
-                    "application/json"
-                ],
-                "parameters": [
-                    {
-                        "name": "dn",
-                        "in": "query",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "name": "scope",
-                        "in": "query",
-                        "required": false,
-                        "type": "string"
-                    },
-                    {
-                        "name": "filter",
-                        "in": "query",
-                        "required": false,
-                        "type": "string"
-                    },
-                    {
-                        "name": "attrs",
-                        "in": "query",
-                        "required": false,
-                        "type": "array",
-                        "items": {
-                            "type": "string"
-                        }
-                    },
-                    {
-                        "name": "page_size",
-                        "in": "query",
-                        "required": false,
-                        "type": "integer",
-                        "format": "int32"
-                    },
-                    {
-                        "name": "paged_results_cookie",
-                        "in": "query",
-                        "required": false,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Generic LDAP response with an array of LDAP entries",
-                        "schema": {
-                            "$ref": "#/definitions/LDAPSearchResponse"
-                        }
-                    }
-                },
-                "tags": [
-                    "ldap"
-                ]
-            },
-            "patch": {
-                "summary": "Modify an LDAP entry",
-                "description": "Modify an LDAP entry",
-                "consumes": [
-                    "application/json"
-                ],
-                "parameters": [
-                    {
-                        "name": "dn",
-                        "in": "query",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "name": "mods",
-                        "in": "body",
-                        "required": true,
-                        "schema": {
-                            "type": "array",
-                            "items": {
-                                "$ref": "#/definitions/LDAPMod"
-                            }
-                        }
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Generic LDAP response",
-                        "schema": {
-                            "$ref": "#/definitions/GenericResponse"
-                        }
-                    }
-                },
-                "tags": [
-                    "ldap"
-                ]
-            },
-            "delete": {
-                "summary": "Delete an LDAP entry",
-                "description": "Delete an LDAP entry",
-                "parameters": [
-                    {
-                        "name": "dn",
-                        "in": "query",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "Generic LDAP response",
-                        "schema": {
-                            "$ref": "#/definitions/GenericResponse"
-                        }
-                    }
-                },
-                "tags": [
-                    "ldap"
-                ]
-            }
-        }
-    },
-    "definitions": {
-        "LDAPEntry": {
-            "type": "object",
-            "properties": {
-                "dn": {
-                    "type": "string"
-                },
-                "attributes": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/LDAPAttribute"
-                    }
-                }
-            }
-        },
-        "LDAPAttribute": {
-            "type": "object",
-            "properties": {
-                "type": {
-                    "type": "string"
-                },
-                "value": {
-                    "type": "array",
-                    "items": {
-                        "type": "string"
-                    }
-                }
-            }
-        },
-        "LDAPMod": {
-            "type": "object",
-            "properties": {
-                "operation": {
-                    "type": "string"
-                },
-                "attribute": {
-                    "$ref": "#/definitions/LDAPAttribute"
-                }
-            }
-        },
-        "GenericResponse": {
-            "type": "object",
-            "properties": {
-                "error_code": {
-                    "type": "integer",
-                    "format": "int32"
-                },
-                "error_message": {
-                    "type": "string"
-                }
-            }
-        },
-        "LDAPSearchResponse": {
-            "type": "object",
-            "properties": {
-                "error_code": {
-                    "type": "integer",
-                    "format": "int32"
-                },
-                "error_message": {
-                    "type": "string"
-                },
-                "paged_results_cookie": {
-                    "type": "string"
-                },
-                "result_count": {
-                    "type": "integer",
-                    "format": "int32"
-                },
-                "result": {
-                    "type": "array",
-                    "items": {
-                        "$ref": "#/definitions/LDAPEntry"
-                    }
-                }
-            }
-        }
-    }
-}
\ No newline at end of file
diff --git a/lwraft/config/lwraft.reg.in b/lwraft/config/lwraft.reg.in
deleted file mode 100644
index 2060a1eef..000000000
--- a/lwraft/config/lwraft.reg.in
+++ /dev/null
@@ -1,53 +0,0 @@
-[HKEY_THIS_MACHINE\Services]
-
-[HKEY_THIS_MACHINE\Services\lwraft]
-@security = O:SYG:BAD:(A;;KA;;;BA)
-"Description" = {
-    default = "Lightwave Raft Service"
-    doc = ""
-}
-"Path" = {
-    default = "@LWRAFT_SBIN_DIR@/lwraftd"
-    doc = ""
-}
-"Arguments" = {
-    default = "@LWRAFT_SBIN_DIR@/lwraftd -s -l 0 -f @LWRAFT_CONFIG_DIR@/lwraftschema.ldif"
-    doc = ""
-}
-"Environment" = {
-    default = ""
-    doc = ""
-}
-"Dependencies" = {
-    default = "lwreg dcerpc"
-    doc = ""
-}
-"Type" = {
-    default = dword:00000001
-    doc = ""
-}
-"Autostart" = {
-    default = dword:00000001
-    doc = ""
-}
-
-[HKEY_THIS_MACHINE\Services\lwraft\Parameters]
-"DefaultSchema" = {
-    default = "@LWRAFT_CONFIG_DIR@/lwraftschema.ldif"
-    doc = ""
-}
-
-"AllowInsecureAuthentication" = {
-    default = dword:00000001
-    value   = dword:00000001
-    doc = "Set to '1' to allow clear-text password authentication."
-}
-
-"SslDisabledProtocols" = {
-    default = "TLSv1"
-    doc     = "List of protocols to disable"
-}
-
-[HKEY_THIS_MACHINE\Services\lwraft\Parameters\Credentials]
-@security = O:SYG:S-1-22-2-0D:(A;;RCFAFRFWFXKAKRKWKXNW;;;WD)(A;;RCFAFRFWFXKAKRKWKXNW;;;S-1-22-2-0)(A;;RCSDWDWOFAFRFWFXKAKRKWKXNRNWNX;;;SY)
-
diff --git a/lwraft/config/lwraft_upgrade.sh b/lwraft/config/lwraft_upgrade.sh
deleted file mode 100755
index 416ad8f18..000000000
--- a/lwraft/config/lwraft_upgrade.sh
+++ /dev/null
@@ -1,131 +0,0 @@
-#!/bin/sh
-
-# Directories
-LW_DIR="/opt/likewise"
-LW_BIN_DIR="$LW_DIR/bin"
-LW_SBIN_DIR="$LW_DIR/sbin"
-VM_DIR="/opt/vmware"
-VM_BIN_DIR="$VM_DIR/bin"
-VM_SBIN_DIR="$VM_DIR/sbin"
-VM_CONFIG_DIR="$VM_DIR/share/config"
-VM_LOG_DIR="/var/log/lightwave"
-
-# registry keys
-VMAFD_PARAM_KEY="[HKEY_THIS_MACHINE\\Services\\vmafd\\Parameters]"
-LWRAFT_KEY="[HKEY_THIS_MACHINE\\Services\\lwraft]"
-LWRAFT_UPGRADE_KEY="[HKEY_THIS_MACHINE\\Services\\lwraft-upgrade]"
-ADMIN="Administrator"
-LIST_VALUES="list_values"
-USAGE="lwraft_upgrade.sh [--password <password>] [--domainname <domain-name>]"
-
-exit_upgrade(){
-    if [ $RUN_LWSM ]; then
-        echo "Stopping Likewise services"
-        $LW_BIN_DIR/lwsm shutdown
-    fi
-
-    # Successful Upgrade
-    if [ $1 -eq 0 ]; then
-        echo "Ligthwave Raft upgrade success."
-    else
-        echo "Lightwave Raft upgrade failure."
-    fi
-
-    exit $1
-}
-
-if [ $# -gt 0 ]; then
-
-    STATE="options"
-
-    for arg in "$@"
-    do
-        case "$STATE" in
-            "options")
-                case "$arg" in
-                    "--password")
-                        STATE="password"
-                        ;;
-                    "--domainname")
-                        STATE="domainname"
-                        ;;
-                    *)
-                        echo "Invalid parameter: $arg"
-                        echo $USAGE
-                        exit_upgrade 1
-                        ;;
-                esac
-                ;;
-            "password")
-                PASSWORD=$arg
-                STATE="options"
-                ;;
-            "domainname")
-                DOMAIN_NAME=$arg
-                STATE="options"
-                ;;
-        esac
-    done
-fi
-
-# Start Likewise services
-if [ -z "`pidof lwsmd`" ]; then
-    echo "Starting Likewise services"
-    $LW_SBIN_DIR/lwsmd --start-as-daemon --syslog
-    RUN_LWSM=1
-else
-    echo "Likewise services already running"
-fi
-
-$LW_BIN_DIR/lwsm stop lwraft
-echo "Running schema patch"
-$VM_SBIN_DIR/lwraftd -u -c -f $VM_CONFIG_DIR/lwraftschema.ldif >$VM_LOG_DIR/schema-patch.log 2>&1
-echo "Schema patch finished"
-
-# Begin vdcupgrade
-if [ -z "$DOMAIN_NAME" ]; then
-    # get domain name from registry
-
-    DOMAIN_NAME=`$LW_BIN_DIR/lwregshell "$LIST_VALUES" "$VMAFD_PARAM_KEY" | \
-    grep 'DomainName' | sed 's/+//' | cut -d '"' -f4`
-    if [ -z "$DOMAIN_NAME" ]; then
-        echo "Invalid Domain Name"
-        exit_upgrade 1
-    fi
-fi
-
-# get DCAccountDN from registry
-DCACCOUNTDN=`$LW_BIN_DIR/lwregshell $LIST_VALUES "$LWRAFT_KEY" | \
-    grep 'dcAccountDN' | sed 's/+//' | cut -d '"' -f4`
-
-if [ -z "$DCACCOUNTDN" ]; then
-    echo "Invalid DCAccountDN"
-    exit_upgrade 1
-fi
-
-ADMIN_NAME="$ADMIN@$DOMAIN_NAME"
-
-if [ -z "$PASSWORD" ]; then
-    if ! exec </dev/tty; then
-        echo "To finish upgrading Lightwave Raft Service, run the following command to configure the server:"
-        echo $VM_BIN_DIR/vdcupgrade -H localhost -D "$ADMIN_NAME" -d "$DCACCOUNTDN"
-    else
-
-        echo "Enter password for $ADMIN_NAME >>> "
-        read -s PASSWORD
-        echo
-    fi
-fi
-
-# Restart lwraft
-echo "Starting lwraft"
-$LW_BIN_DIR/lwsm start lwraft
-echo "Running vdcupgrade"
-echo "$PASSWORD" | $VM_BIN_DIR/vdcupgrade -H localhost -D "$ADMIN_NAME" -d "$DCACCOUNTDN" \
-                                          >$VM_LOG_DIR/vdcupgrade.log 2>&1
-if [ $? -ne 0 ]; then
-    echo "vdcupgrade failed. Resolve issues in $VM_LOG_DIR/vdcupgrade.log before retrying."
-    exit_upgrade 1
-fi
-
-exit_upgrade 0
diff --git a/lwraft/config/lwraftd b/lwraft/config/lwraftd
deleted file mode 100644
index edc20a2c1..000000000
--- a/lwraft/config/lwraftd
+++ /dev/null
@@ -1,16 +0,0 @@
-#! /bin/sh
-### BEGIN INIT INFO
-# Provides: lwraft
-# Required-Start: $network $remote_fs
-# Required-Stop: $network $remote_fs
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Description: Start and Stop lwraft
-### END INIT INFO
-
-PREFIX="/opt/likewise"
-SERVICE_NAME="lwraft"
-
-export KRB5_CONFIG=/etc/krb5.lotus.conf
-
-. /opt/likewise/bin/init-lwsm.sh
diff --git a/lwraft/config/lwraftd-syslog-ng.conf b/lwraft/config/lwraftd-syslog-ng.conf
deleted file mode 100644
index f74f482a7..000000000
--- a/lwraft/config/lwraftd-syslog-ng.conf
+++ /dev/null
@@ -1,5 +0,0 @@
-template t_lwraftd_template { template("${STAMP} ${HOST} ${PRIORITY} ${PROGRAM}[${PID}]: ${MSG}\n"); };
-destination d_lwraftd { file("/var/log/lightwave/lwraftd.log" template(t_lwraftd_template)); };
-filter f_lwraftd { program("lwraftd"); };
-log { source(s_local); filter(f_lwraftd); destination(d_lwraftd); };
-options { frac_digits(3); };
diff --git a/lwraft/config/lwraftschema.ldif b/lwraft/config/lwraftschema.ldif
deleted file mode 100644
index 2ce884490..000000000
--- a/lwraft/config/lwraftschema.ldif
+++ /dev/null
@@ -1,21912 +0,0 @@
-#
-#
-#
-# VMware ldap Core schema
-#
-# Version 0.1 (Commonly used schema definitions from various RFC for development purpose)
-#
-entryDN: cn=aggregate,cn=schemacontext
-
-cn: aggregate
-
-# subschemaSubentry: cn=aggregate
-
-# structuralObjectClass: subentry
-
-objectclass: top
-
-objectclass: subschema
-
-objectclass: subentry
-
-############################################################
-########## vmdird core definition - BEGIN
-############################################################
-objectClasses: (
-    2.5.20.1
-    NAME 'subschema'
-    DESC 'RFC4512: controlling subschema (sub)entry'
-    AUXILIARY
-    MAY ( ldapSyntaxes
-        $ objectClasses
-        $ attributeTypes
-        $ matchingRules
-        $ matchingRuleUse
-        $ dITContentRules
-        $ dITStructureRules
-        $ vmwAttributeToIdMap
-        )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.1
-    NAME 'vmwDirCfg'
-    DESC 'vmware extension'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY ( vmwAttrIndexDesc
-        $ vmwAttrOrganizationList
-        )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.2
-    NAME 'vmwDseRoot'
-    DESC 'Object class defined by vmware to manage the DSE root entry.'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( rootDomainNamingContext
-        $ defaultNamingContext
-        $ configurationNamingContext
-        $ schemaNamingContext
-        $ namingContexts
-        $ supportedLDAPVersion
-        $ subschemaSubentry
-        $ serverName
-        $ vmwDCAccountDN
-        $ vmwDCAccountUPN
-        $ supportedControl
-        $ invocationId
-        $ msDS-SiteName
-        $ vmwPlatformServicesControllerVersion
-        $ ref
-        )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.3
-    NAME 'vmwDirServer'
-    DESC 'Object class defined by vmware to manage a vmware directory server entry.'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ serverId
-         $ replInterval
-         $ replPageSize
-         $ invocationId
-         )
-    MAY  ( upToDateVector
-         )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.4
-    NAME 'vmwReplicationAgreement'
-    DESC 'Object class defined by vmware to store and manage replication agreements in vmdir.'
-    SUP top
-    STRUCTURAL
-    MUST ( labeledURI
-         )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.5
-    NAME 'vmwDirServerStatus'
-    DESC 'defines object containing server stats'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY ( vmwServerRunTimeStatus
-        )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.6
-    NAME 'vmwPolicy'
-    DESC 'VMware - per tenant policy'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ Enabled
-         )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.7
-    NAME 'vmwPasswordPolicy'
-    DESC 'VMware - per tenant password policy'
-    AUXILIARY
-    MAY  ( description
-         $ vmwPasswordProhibitedPreviousCount
-         $ vmwPasswordLifetimeDays
-         $ vmwPasswordMaxLength
-         $ vmwPasswordMinLength
-         $ vmwPasswordMinAlphabeticCount
-         $ vmwPasswordMinUpperCaseCount
-         $ vmwPasswordMinLowerCaseCount
-         $ vmwPasswordMinNumericCount
-         $ vmwPasswordMinSpecialCharCount
-         $ vmwPasswordMaxIdenticalAdjacentChars
-         $ vmwPasswordSpecialChars
-         )
-   )
-
-objectClasses: (
-    VMWare.DIR.objectclass.8
-    NAME 'vmwLockoutPolicy'
-    DESC 'VMware - per tenant lockout policy'
-    AUXILIARY
-    MAY  ( description
-         $ vmwPasswordChangeMaxFailedAttempts
-         $ vmwPasswordChangeFailedAttemptIntervalSec
-         $ vmwPasswordChangeAutoUnlockIntervalSec
-         )
-   )
-
-objectClasses: (
-    VMWare.DIR.objectclass.10
-    NAME 'vmwServicePrincipal'
-    DESC 'VMWare service principal'
-    SUP top
-    AUXILIARY
-    MUST ( cn
-         $ vmwSTSSubjectDN
-         )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.11
-    NAME 'vmwRaftLogEntry'
-    DESC 'a Raft log entry'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwRaftTerm
-         $ vmwRaftLogindex
-         $ vmwRaftLogEntries
-         )
-    )
-
-objectClasses: (
-    VMWare.DIR.objectclass.12
-    NAME 'vmwRaftPersistState'
-    DESC 'Raft persistent state'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwRaftTerm
-         $ vmwRaftLastApplied
-         $ vmwRaftVotedForTerm
-         $ vmwRaftFirstLogIndex
-         )
-    MAY  ( vmwRaftVotedFor
-         )
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.1
-    NAME 'vmwAttributeToIdMap'
-    DESC 'VMware extension'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-# like to add USAGE vmwExtension
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.2
-    NAME 'vmwAttrIndexDesc'
-    DESC 'VMware extension'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.3
-    NAME 'lastKnownDn'
-    DESC 'last known DN of the DELETED object'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.5
-    NAME 'rootDomainNamingContext'
-    DESC 'Attribute containing the distinguished name of the root (main) domain naming context'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.6
-    NAME 'defaultNamingContext'
-    DESC 'Attribute containing the distinguished name of the default naming context'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.7
-    NAME 'configurationNamingContext'
-    DESC 'Attribute containing the distinguished name of the configuration naming context'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.8
-    NAME 'schemaNamingContext'
-    DESC 'Attribute containing the distinguished name of the schema naming context'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.9
-    NAME 'vmwServerGUID'
-    DESC 'A GUID identifying a vmware directory server and the associated DB'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{36}
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.10
-    NAME 'deletedObjectsContainer'
-    DESC 'Attribute containing the distinguished name of the deleted objects container'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.11
-    NAME 'replBindDN'
-    DESC 'Attribute containing the distinguished name of the bind DN to be used to bind to a replication partner.'
-    SUP distinguishedName
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.12
-    NAME 'replBindPassword'
-    DESC 'Attribute containing the bind password to be used to bind to a replication partner.'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.13
-    NAME 'lastLocalUsnProcessed'
-    DESC 'Last local update sequence number, corresponding to this replication partner, processed by the current server.'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-# attribute replInterval from AD
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.14
-    NAME 'upToDateVector'
-    DESC 'Up-to-date vector data structure used in multi-master replication.'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.15
-    NAME 'replPageSize'
-    DESC 'Number of changes requested in seach replication search request'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.17
-    NAME 'vmwRidSequenceNumber'
-    DESC 'An integer uniquely identifying the current rid sequence number used to generate next RID'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.18
-    NAME 'vmwNodeSequenceNumber'
-    DESC 'An integer uniquely identifying the current node sequence number used to generate next RID'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.19
-    NAME 'vmwAttrOrganizationList'
-    DESC 'VMware extension'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-# use nTSecurityDescriptor instead
-#attributeTypes: (
-#    VMWare.DIR.attribute.0.20
-#    NAME 'vmwSecurityDescriptor'
-#    DESC 'A security descriptor describing access control for an entry'
-#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-#    SINGLE-VALUE
-#    USAGE directoryOperation
-#    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.21
-    NAME 'oldUserPassword'
-    DESC 'Old passwords in digest form to prevent password recycle per policy'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.22
-    NAME 'attributeMetaData'
-    DESC 'An internal computed attribute used to store info for replication'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.23
-    NAME 'vmwEntryIdSequenceNumber'
-    DESC 'Entry ID sequence number generator key prefix, not used in any objectclass'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.24
-    NAME 'vmwUSNSequenceNumber'
-    DESC 'USN sequence number generator key prefix, not used in any objectclass'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.25
-    NAME 'parentid'
-    DESC 'VMW internal usage to represent sudo parent id attribute, not used in any objectclass'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.26
-    NAME 'passwordHashScheme'
-    DESC 'Name of the password hashing scheme'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.27
-    NAME 'serverId'
-    DESC 'An ID used in SID allocation relative to this server'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.29
-    NAME 'externalObjectId'
-    DESC 'VMware defined attribute to store FSP objectId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.30
-    NAME 'vmwDomainFunctionalLevel'
-    DESC 'Domain functional level supported by a Lotus domain'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.31
-    NAME 'vmwForestFunctionalLevel'
-    DESC 'Forest functional level supported by the Lotus forest'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.32
-    NAME 'vmwServerVersion'
-    DESC 'Lotus server version'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.33
-    NAME 'vmwServerRunTimeStatus'
-    DESC 'Server runtime status'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.34
-    NAME 'vmwPasswordProhibitedPreviousCount'
-    DESC 'VMWare - prohibited previous passwords count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.35
-    NAME 'vmwPasswordLifetimeDays'
-    DESC 'VMWare - password expiration in days'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.36
-    NAME 'vmwPasswordMaxLength'
-    DESC 'VMWare- password max length'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.37
-    NAME 'vmwPasswordMinLength'
-    DESC 'VMWare - password min length'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.38
-    NAME 'vmwPasswordMinAlphabeticCount'
-    DESC 'VMWare i- password min alphabetic count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.39
-    NAME 'vmwPasswordMinUpperCaseCount'
-    DESC 'VMWare - password min upper case count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.40
-    NAME 'vmwPasswordMinNumericCount'
-    DESC 'VMWare - password min numeric count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.41
-    NAME 'vmwPasswordMinSpecialCharCount'
-    DESC 'VMWare - password min special char @#$%&^* count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.42
-    NAME 'vmwPasswordMaxIdenticalAdjacentChars'
-    DESC 'VMWare - password max identical adjacent char'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.43
-    NAME 'vmwPasswordChangeMaxFailedAttempts'
-    DESC 'VMWare - password change max failed attempts'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.43
-    NAME 'vmwPasswordChangeFailedAttemptIntervalSec'
-    DESC 'VMWare - password change failed attempt interval in second'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.45
-    NAME 'vmwPasswordChangeAutoUnlockIntervalSec'
-    DESC 'VMWare - password change unlock interval in second'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.46
-    NAME 'vmwPasswordMinLowerCaseCount'
-    DESC 'VMWare - password min lower case count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.DIR.attribute.0.47
-    NAME 'vmwDCAccountDN'
-    DESC 'Attribute containing the distinguished name of the domain controller machine account object'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-# Following attribute will be set on the <system domain DN> object.
-# Ideally, it should be set on a forest level object, and not on an object in a Domain scope.
-# Since it is an operational attribute, object class definition need not be alterred.
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.48
-    NAME 'vmwMaxServerId'
-    DESC 'Maximum server id allocated to servers in this forest so far.'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.49
-    NAME 'vmwDCAccountUPN'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.50
-    NAME 'vmwLDUGuid'
-    DESC 'A GUID identifying an LDU associated with this vmware directory server'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{36}
-    SINGLE-VALUE
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.51
-    NAME 'vmwPasswordNeverExpires'
-    DESC 'Attribute to indicate if the password ever expires for the object'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.52
-    NAME 'vmwAdministratorDN'
-    DESC 'Default administrator DN'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.53
-    NAME 'vmwSRPSecret'
-    DESC 'SRP secret'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.54
-    NAME 'vmwAclString'
-    DESC 'ACL in string format'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.55
-    NAME 'vmwPasswordSpecialChars'
-    DESC 'List of special characters'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32}
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.56
-    NAME 'vmwMachineGUID'
-    DESC 'A GUID identifying a machine'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{36}
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.57
-    NAME 'vmwPlatformServicesControllerVersion'
-    DESC 'Platform Services Controller version'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.58
-    NAME 'vmwAttributeUsage'
-    DESC 'VMware extension - flag to represent NO-USER-MODIFICATION and USAGE values'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.0.59
-    NAME 'attributeValueMetaData'
-    DESC 'An internal computed attribute used to store info for replication'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-##############################################################
-########## Following attribute override AD schema.  ##########
-########## ??????????? should we do this ?????????  ##########
-##############################################################
-attributeTypes: (
-    VMWare.DIR.attribute.1.1
-    NAME 'uSNCreated'
-    DESC 'Update sequence number identifying the transaction that created the object'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.2
-    NAME 'uSNChanged'
-    DESC 'Update sequence number identifying the transaction that last modified the object'
-    EQUALITY integerMatch
-    ORDERING integerOrderingMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.3
-    NAME 'isDeleted'
-    DESC 'Value of the attribute determines if an object is in the DELETED state'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.4
-    NAME 'objectGUID'
-    DESC 'GUID'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{36}
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.5
-    NAME 'serverName'
-    DESC 'Attribute containing the distinguished name of the object containing properties of this server'
-    SUP distinguishedName
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.6
-    NAME 'highestCommittedUSN'
-    DESC 'Highest committed USN on this vmware directory server'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-############################################################
-########## vmdird other RFC definition - BEGIN
-############################################################
-
-attributeTypes: (
-    2.5.18.3
-    NAME 'creatorsName'
-    DESC 'RFC4512: name of creator'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.18.4
-    NAME 'modifiersName'
-    DESC 'RFC4512: name of last modifier'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.18.9
-    NAME 'hasSubordinates'
-    DESC 'X.501: entry has children'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.1.16.4
-    NAME 'entryUUID'
-    DESC 'UUID of the entry'
-    EQUALITY UUIDMatch
-    ORDERING UUIDOrderingMatch
-    SYNTAX 1.3.6.1.1.16.1
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.6
-    NAME 'altServer'
-    DESC 'RFC4512: alternative servers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.5
-    NAME 'namingContexts'
-    DESC 'RFC4512: naming contexts'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.13
-    NAME 'supportedControl'
-    DESC 'RFC4512: supported controls'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.7
-    NAME 'supportedExtension'
-    DESC 'RFC4512: supported extended operations'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.15
-    NAME 'supportedLDAPVersion'
-    DESC 'RFC4512: supported LDAP versions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.14
-    NAME 'supportedSASLMechanisms'
-    DESC 'RFC4512: supported SASL mechanisms'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.4203.1.3.5
-    NAME 'supportedFeatures'
-    DESC 'RFC4512: features supported by the server'
-    EQUALITY objectIdentifierMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.1.4
-    NAME 'vendorName'
-    DESC 'RFC3045: name of implementation vendor'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.1.5
-    NAME 'vendorVersion'
-    DESC 'RFC3045: version of implementation'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    2.5.21.1 NAME 'dITStructureRules'
-    EQUALITY integerFirstComponentMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.17
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.7 NAME 'nameForms'
-    EQUALITY objectIdentifierFirstComponentMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.35
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.4.1
-    NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-    DESC 'RFC4512: name of aliased object'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.34
-    NAME 'ref'
-    DESC 'RFC3296: subordinate referral URL'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    USAGE distributedOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.119.4
-    NAME 'dynamicSubtrees'
-    DESC 'RFC2589: dynamic subtrees'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    USAGE dSAOperation
-    )
-
-attributeTypes: (
-    2.5.4.46
-    NAME 'dnQualifier'
-    DESC 'RFC2256: DN qualifier'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    2.5.4.47
-    NAME 'enhancedSearchGuide'
-    DESC 'RFC2256: enhanced search guide'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.21
-    )
-
-attributeTypes: (
-    2.5.4.48
-    NAME 'protocolInformation'
-    DESC 'RFC2256: protocol information'
-    EQUALITY protocolInformationMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.42
-    )
-
-attributeTypes: (
-    2.5.4.52
-    NAME 'supportedAlgorithms'
-    DESC 'RFC2256: supported algorithms'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.49
-    )
-
-attributeTypes: (
-    2.5.4.65
-    NAME 'pseudonym'
-    DESC 'X.520(4th): pseudonym for the object'
-    SUP name
-    )
-
-attributeTypes: (
-    1.2.840.113549.1.9.1
-    NAME ( 'email' 'emailAddress' 'pkcs9email' )
-    DESC 'RFC3280: legacy attribute for email addresses in DNs'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
-    )
-
-objectClasses: (
-    1.3.6.1.4.1.1466.101.120.111
-    NAME 'extensibleObject'
-    DESC 'RFC4512: extensible object'
-    SUP top
-    AUXILIARY
-    )
-
-objectClasses: (
-    2.5.6.1
-    NAME 'alias'
-    DESC 'RFC4512: an alias'
-    SUP top
-    STRUCTURAL
-    MUST aliasedObjectName
-    )
-
-objectClasses: (
-    2.16.840.1.113730.3.2.6
-    NAME 'referral'
-    DESC 'namedref: named subordinate referral'
-    SUP top
-    STRUCTURAL
-    MUST ref
-    )
-
-objectClasses: (
-    2.5.6.15
-    NAME 'strongAuthenticationUser'
-    DESC 'RFC2256: a strong authentication user'
-    SUP top
-    AUXILIARY
-    MUST userCertificate
-    )
-
-objectClasses: (
-    2.5.6.18
-    NAME 'userSecurityInformation'
-    DESC 'RFC2256: a user security information'
-    SUP top
-    AUXILIARY
-    MAY ( supportedAlgorithms
-        )
-    )
-
-objectClasses: (
-    2.5.6.21
-    NAME 'pkiUser'
-    DESC 'RFC2587: a PKI user'
-    SUP top
-    AUXILIARY
-    MAY userCertificate
-    )
-
-objectClasses: (
-    2.5.6.22
-    NAME 'pkiCA'
-    DESC 'RFC2587: PKI certificate authority'
-    SUP top
-    AUXILIARY
-    MAY ( authorityRevocationList
-        $ certificateRevocationList
-        $ cACertificate
-        $ crossCertificatePair
-        )
-    )
-
-objectClasses: (
-    2.5.6.23
-    NAME 'deltaCRL'
-    DESC 'RFC2587: PKI user'
-    SUP top
-    AUXILIARY
-    MAY deltaRevocationList
-    )
-
-objectClasses: (
-    1.3.6.1.4.1.250.3.15
-    NAME 'labeledURIObject'
-    DESC 'RFC2079: object that contains the URI attribute type'
-    SUP top
-    AUXILIARY
-    MAY labeledURI
-    )
-
-objectClasses: (
-    1.3.6.1.4.1.1466.344
-    NAME 'dcObject'
-    DESC 'RFC2247: domain component object'
-    SUP top
-    AUXILIARY
-    MUST dc
-    MAY ( krbMKey
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.3.1
-    NAME 'uidObject'
-    DESC 'RFC2377: uid object'
-    SUP top
-    AUXILIARY
-    MUST uid
-    )
-
-############################################################
-########## vmdird other RFC definition - END
-############################################################
-
-############################################################
-########## AD core definition - BEGIN
-############################################################
-
-############################################################
-## ADSI needs following attributes
-##    'objectClassCategory'
-##    'mayContain'
-##    'governsID'
-##    'objectClass'
-##    'dITContentRules'
-##    'mustContain'
-##    'attributeTypes'
-##    'defaultObjectCategory'
-##    'possibleInferiors'
-##    'subClassOf'
-##    'objectCategory'
-##    'systemMustContain'
-##    'auxiliaryClass'
-##    'rDNAttID'
-##    'possSuperiors'
-###########################################################
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.1
-    NAME 'uid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.10
-    NAME 'manager'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.11
-    NAME 'documentIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.12
-    NAME 'documentTitle'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.13
-    NAME 'documentVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.14
-    NAME 'documentAuthor'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.15
-    NAME 'documentLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.2
-    NAME 'textEncodedORAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.20
-    NAME 'homePhone'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.21
-    NAME 'secretary'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.25
-    NAME 'dc'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.3
-    NAME 'mail'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.37
-    NAME 'associatedDomain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.38
-    NAME 'associatedName'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.41
-    NAME 'mobile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.42
-    NAME 'pager'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.44
-    NAME 'uniqueIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.45
-    NAME 'organizationalStatus'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.48
-    NAME 'buildingName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.5
-    NAME 'drink'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.55
-    NAME 'audio'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.56
-    NAME 'documentPublisher'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.6
-    NAME 'roomNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.60
-    NAME 'jpegPhoto'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.7
-    NAME 'photo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.8
-    NAME 'userClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    0.9.2342.19200300.100.1.9
-    NAME 'host'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113549.1.9.2
-    NAME 'unstructuredName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113549.1.9.8
-    NAME 'unstructuredAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.1
-    NAME 'instanceType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-### memberOf is a NO-USER_MODIFICATION attribute i.e. it's value is
-### computed on the fly.
-attributeTypes: (
-    1.2.840.113556.1.2.102
-    NAME 'memberOf'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.104
-    NAME 'ownerBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.115
-    NAME 'invocationId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.118
-    NAME 'otherPager'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-#attributeTypes: (
-#    1.2.840.113556.1.2.120
-#    NAME 'uSNChanged'
-#    SYNTAX 1.2.840.113556.1.4.906
-#    SINGLE-VALUE
-#    NO-USER-MODIFICATION
-#    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.121
-    NAME 'uSNLastObjRem'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.13
-    NAME 'displayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.131
-    NAME 'co'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.135
-    NAME 'cost'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.14
-    NAME 'hasMasterNCs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.141
-    NAME 'department'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.146
-    NAME 'company'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.15
-    NAME 'hasPartialReplicaNCs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.16
-    NAME 'nCName'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.169
-    NAME 'showInAdvancedViewOnly'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.18
-    NAME 'otherTelephone'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-#attributeTypes: (
-#    1.2.840.113556.1.2.19
-#    NAME 'uSNCreated'
-#    SYNTAX 1.2.840.113556.1.4.906
-#    SINGLE-VALUE
-#    NO-USER-MODIFICATION
-#    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.194
-    NAME 'adminDisplayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.2
-    NAME 'whenCreated'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.21
-    NAME 'subClassOf'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.210
-    NAME 'proxyAddresses'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.212
-    NAME 'dSHeuristics'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.214
-    NAME 'originalDisplayTableMSDOS'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.218
-    NAME 'oMObjectClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.22
-    NAME 'governsID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.226
-    NAME 'adminDescription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.227
-    NAME 'extensionName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.231
-    NAME 'oMSyntax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.24
-    NAME 'mustContain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.25
-    NAME 'mayContain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.255
-    NAME 'addressSyntax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.256
-    NAME 'streetAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.26
-    NAME 'rDNAttID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.267
-    NAME 'uSNDSALastObjRemoved'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.277
-    NAME 'otherHomePhone'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.281
-    NAME 'nTSecurityDescriptor'
-    SYNTAX 1.2.840.113556.1.4.907
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.3
-    NAME 'whenChanged'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.30
-    NAME 'attributeID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.301
-    NAME 'garbageCollPeriod'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.32
-    NAME 'attributeSyntax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.324
-    NAME 'addressEntryDisplayTable'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.325
-    NAME 'perMsgDialogDisplayTable'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.326
-    NAME 'perRecipDialogDisplayTable'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.327
-    NAME 'helpFileName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.33
-    NAME 'isSingleValued'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.334
-    NAME 'searchFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.7
-    NAME 'vmwAttrUniquenessScope'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.8
-    NAME 'vmwRaftTerm'
-    DESC 'VMware Raft Election Term'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.9
-    NAME 'vmwRaftLastApplied'
-    DESC 'VMware Raft highest log entry applied'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.10
-    NAME 'vmwRaftVotedForTerm'
-    DESC 'VMware Raft voted Term'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.11
-    NAME 'vmwRaftLogindex'
-    DESC 'VMware Raft Log index'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.12
-    NAME 'vmwRaftLogEntries'
-    DESC 'VMware Raft log entry'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.13
-    NAME 'vmwRaftVotedFor'
-    DESC 'VMware Raft server name voted for'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    VMWare.DIR.attribute.1.14
-    NAME 'vmwRaftFirstLogindex'
-    DESC 'VMware Raft First Log index'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.34
-    NAME 'rangeLower'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.35
-    NAME 'rangeUpper'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.350
-    NAME 'addressType'
-    SYNTAX 1.2.840.113556.1.4.905
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.351
-    NAME 'auxiliaryClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.353
-    NAME 'displayNamePrintable'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.36
-    NAME 'dMDLocation'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.370
-    NAME 'objectClassCategory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.380
-    NAME 'extendedCharsAllowed'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.400
-    NAME 'addressEntryDisplayTableMSDOS'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.402
-    NAME 'helpData16'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.436
-    NAME 'directReports'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.444
-    NAME 'msExchAssistantName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.445
-    NAME 'originalDisplayTable'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.459
-    NAME 'networkAddress'
-    SYNTAX 1.2.840.113556.1.4.905
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.460
-    NAME 'lDAPDisplayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.464
-    NAME 'wWWHomePage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.469
-    NAME 'USNIntersite'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.471
-    NAME 'schemaVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-#attributeTypes: (
-#    1.2.840.113556.1.2.48
-#    NAME 'isDeleted'
-#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-#    SINGLE-VALUE
-#    NO-USER-MODIFICATION
-#    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.49
-    NAME 'mAPIID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.50
-    NAME 'linkID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.523
-    NAME 'proxyGenerationEnabled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.54
-    NAME 'tombstoneLifetime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.557
-    NAME 'Enabled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.593
-    NAME 'msExchLabeledURI'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.596
-    NAME 'msExchHouseIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.598
-    NAME 'dmdName'
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.610
-    NAME 'employeeNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.613
-    NAME 'employeeType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.615
-    NAME 'personalTitle'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.617
-    NAME 'homePostalAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.7
-    NAME 'subRefs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.74
-    NAME 'dSASignature'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.76
-    NAME 'objectVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.8
-    NAME 'possSuperiors'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.81
-    NAME 'info'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.83
-    NAME 'repsTo'
-    SYNTAX OctetString
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.9
-    NAME 'helpData32'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.2.91
-    NAME 'repsFrom'
-    SYNTAX OctetString
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1
-    NAME 'name'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.100
-    NAME 'priorValue'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.101
-    NAME 'privateKey'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.103
-    NAME 'proxyLifetime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.105
-    NAME 'remoteServerName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.107
-    NAME 'remoteSource'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.108
-    NAME 'remoteSourceType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.109
-    NAME 'replicaSource'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.11
-    NAME 'authenticationOptions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1119
-    NAME 'msNPAllowDialin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1123
-    NAME 'msNPCalledStationID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1124
-    NAME 'msNPCallingStationID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.113
-    NAME 'rpcNsBindings'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1130
-    NAME 'msNPSavedCallingStationID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.114
-    NAME 'rpcNsGroup'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1145
-    NAME 'msRADIUSCallbackNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.115
-    NAME 'rpcNsInterfaceID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1153
-    NAME 'msRADIUSFramedIPAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1158
-    NAME 'msRADIUSFramedRoute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.117
-    NAME 'rpcNsPriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1171
-    NAME 'msRADIUSServiceType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.118
-    NAME 'rpcNsProfileEntry'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1189
-    NAME 'msRASSavedCallbackNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1190
-    NAME 'msRASSavedFramedIPAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1191
-    NAME 'msRASSavedFramedRoute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.12
-    NAME 'badPwdCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.120
-    NAME 'schemaFlagsEx'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1208
-    NAME 'aNR'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1209
-    NAME 'shortServerName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.121
-    NAME 'securityIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1212
-    NAME 'isEphemeral'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1213
-    NAME 'assocNTAccount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.122
-    NAME 'serviceClassID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1224
-    NAME 'parentGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1225
-    NAME 'mSMQPrevSiteGates'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1226
-    NAME 'mSMQDependentClientServices'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1227
-    NAME 'mSMQRoutingServices'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1228
-    NAME 'mSMQDsServices'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.123
-    NAME 'serviceClassInfo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1237
-    NAME 'mSMQRoutingService'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1238
-    NAME 'mSMQDsService'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1239
-    NAME 'mSMQDependentClientService'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1240
-    NAME 'netbootSIFFile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1241
-    NAME 'netbootMirrorDataFile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1242
-    NAME 'dNReferenceUpdate'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1243
-    NAME 'mSMQQueueNameExt'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1244
-    NAME 'addressBookRoots'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1245
-    NAME 'globalAddressList'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1246
-    NAME 'interSiteTopologyGenerator'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1247
-    NAME 'interSiteTopologyRenew'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1248
-    NAME 'interSiteTopologyFailover'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1249
-    NAME 'proxiedObjectName'
-    SYNTAX 1.2.840.113556.1.4.903
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.125
-    NAME 'supplementalCredentials'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.129
-    NAME 'trustAuthIncoming'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.13
-    NAME 'builtinCreationTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1301
-    NAME 'tokenGroups'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1303
-    NAME 'tokenGroupsNoGCAcceptable'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1304
-    NAME 'sDRightsEffective'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1305
-    NAME 'moveTreeState'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1306
-    NAME 'dNSProperty'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1307
-    NAME 'accountNameHistory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1308
-    NAME 'mSMQInterval1'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1309
-    NAME 'mSMQInterval2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1310
-    NAME 'mSMQSiteGatesMig'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1311
-    NAME 'printDuplexSupported'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1312
-    NAME 'aCSServerList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1313
-    NAME 'aCSMaxTokenBucketPerFlow'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1314
-    NAME 'aCSMaximumSDUSize'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1315
-    NAME 'aCSMinimumPolicedSize'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1316
-    NAME 'aCSMinimumLatency'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1317
-    NAME 'aCSMinimumDelayVariation'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1318
-    NAME 'aCSNonReservedPeakRate'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1319
-    NAME 'aCSNonReservedTokenSize'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.132
-    NAME 'trustDirection'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1320
-    NAME 'aCSNonReservedMaxSDUSize'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1321
-    NAME 'aCSNonReservedMinPolicedSize'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1327
-    NAME 'pKIDefaultKeySpec'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1328
-    NAME 'pKIKeyUsage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1329
-    NAME 'pKIMaxIssuingDepth'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.133
-    NAME 'trustPartner'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1330
-    NAME 'pKICriticalExtensions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1331
-    NAME 'pKIExpirationPeriod'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1332
-    NAME 'pKIOverlapPeriod'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1333
-    NAME 'pKIExtendedKeyUsage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1334
-    NAME 'pKIDefaultCSPs'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1335
-    NAME 'pKIEnrollmentAccess'
-    SYNTAX 1.2.840.113556.1.4.907
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1336
-    NAME 'replInterval'
-    DESC 'Replication interval in seconds.'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1337
-    NAME 'mSMQUserSid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.134
-    NAME 'trustPosixOffset'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1343
-    NAME 'dSUIAdminNotification'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1344
-    NAME 'dSUIAdminMaximum'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1345
-    NAME 'dSUIShellMaximum'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1346
-    NAME 'templateRoots'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1347
-    NAME 'sPNMappings'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1348
-    NAME 'gPCMachineExtensionNames'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1349
-    NAME 'gPCUserExtensionNames'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.135
-    NAME 'trustAuthOutgoing'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1353
-    NAME 'localizationDisplayId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1354
-    NAME 'scopeFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1355
-    NAME 'queryFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1356
-    NAME 'validAccesses'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1357
-    NAME 'dSCorePropagationData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1358
-    NAME 'schemaInfo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1359
-    NAME 'otherWellKnownObjects'
-    SYNTAX 1.2.840.113556.1.4.903
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.136
-    NAME 'trustType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1360
-    NAME 'mS-DS-ConsistencyGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1361
-    NAME 'mS-DS-ConsistencyChildCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1363
-    NAME 'mS-SQL-Name'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1364
-    NAME 'mS-SQL-RegisteredOwner'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1365
-    NAME 'mS-SQL-Contact'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1366
-    NAME 'mS-SQL-Location'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1367
-    NAME 'mS-SQL-Memory'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1368
-    NAME 'mS-SQL-Build'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1369
-    NAME 'mS-SQL-ServiceAccount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.137
-    NAME 'uNCName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1370
-    NAME 'mS-SQL-CharacterSet'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1371
-    NAME 'mS-SQL-SortOrder'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1372
-    NAME 'mS-SQL-UnicodeSortOrder'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1373
-    NAME 'mS-SQL-Clustered'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1374
-    NAME 'mS-SQL-NamedPipe'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1375
-    NAME 'mS-SQL-MultiProtocol'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1376
-    NAME 'mS-SQL-SPX'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1377
-    NAME 'mS-SQL-TCPIP'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1378
-    NAME 'mS-SQL-AppleTalk'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1379
-    NAME 'mS-SQL-Vines'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.138
-    NAME 'userParameters'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1380
-    NAME 'mS-SQL-Status'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1381
-    NAME 'mS-SQL-LastUpdatedDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1382
-    NAME 'mS-SQL-InformationURL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1383
-    NAME 'mS-SQL-ConnectionURL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1384
-    NAME 'mS-SQL-PublicationURL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1385
-    NAME 'mS-SQL-GPSLatitude'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1386
-    NAME 'mS-SQL-GPSLongitude'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1387
-    NAME 'mS-SQL-GPSHeight'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1388
-    NAME 'mS-SQL-Version'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1389
-    NAME 'mS-SQL-Language'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.139
-    NAME 'profilePath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1390
-    NAME 'mS-SQL-Description'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1391
-    NAME 'mS-SQL-Type'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1392
-    NAME 'mS-SQL-InformationDirectory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1393
-    NAME 'mS-SQL-Database'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1394
-    NAME 'mS-SQL-AllowAnonymousSubscription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1395
-    NAME 'mS-SQL-Alias'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1396
-    NAME 'mS-SQL-Size'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1397
-    NAME 'mS-SQL-CreationDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1398
-    NAME 'mS-SQL-LastBackupDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1399
-    NAME 'mS-SQL-LastDiagnosticDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.14
-    NAME 'builtinModifiedCount'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1400
-    NAME 'mS-SQL-Applications'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1401
-    NAME 'mS-SQL-Keywords'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1402
-    NAME 'mS-SQL-Publisher'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1403
-    NAME 'mS-SQL-AllowKnownPullSubscription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1404
-    NAME 'mS-SQL-AllowImmediateUpdatingSubscription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1405
-    NAME 'mS-SQL-AllowQueuedUpdatingSubscription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1406
-    NAME 'mS-SQL-AllowSnapshotFilesFTPDownloading'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1407
-    NAME 'mS-SQL-ThirdParty'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1408
-    NAME 'mS-DS-ReplicatesNCReason'
-    SYNTAX 1.2.840.113556.1.4.903
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1409
-    NAME 'masteredBy'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.141
-    NAME 'versionNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1410
-    NAME 'mS-DS-CreatorSID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1411
-    NAME 'ms-DS-MachineAccountQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1412
-    NAME 'primaryGroupToken'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1414
-    NAME 'dNSTombstoned'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1415
-    NAME 'mSMQLabelEx'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1416
-    NAME 'mSMQSiteNameEx'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1417
-    NAME 'mSMQComputerTypeEx'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1418
-    NAME 'tokenGroupsGlobalAndUniversal'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.142
-    NAME 'winsockAddresses'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1423
-    NAME 'msCOM-PartitionLink'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1424
-    NAME 'msCOM-PartitionSetLink'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1425
-    NAME 'msCOM-UserLink'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1426
-    NAME 'msCOM-UserPartitionSetLink'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1427
-    NAME 'msCOM-DefaultPartitionLink'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1428
-    NAME 'msCOM-ObjectId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1429
-    NAME 'msPKI-RA-Signature'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1430
-    NAME 'msPKI-Enrollment-Flag'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1431
-    NAME 'msPKI-Private-Key-Flag'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1432
-    NAME 'msPKI-Certificate-Name-Flag'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1433
-    NAME 'msPKI-Minimal-Key-Size'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1434
-    NAME 'msPKI-Template-Schema-Version'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1435
-    NAME 'msPKI-Template-Minor-Revision'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1436
-    NAME 'msPKI-Cert-Template-OID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1437
-    NAME 'msPKI-Supersede-Templates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1438
-    NAME 'msPKI-RA-Policies'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1439
-    NAME 'msPKI-Certificate-Policy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.144
-    NAME 'operatorCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1440
-    NAME 'msDs-Schema-Extensions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1441
-    NAME 'msDS-Cached-Membership'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1442
-    NAME 'msDS-Cached-Membership-Time-Stamp'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1443
-    NAME 'msDS-Site-Affinity'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1444
-    NAME 'msDS-Preferred-GC-Site'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.145
-    NAME 'revision'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1458
-    NAME 'msDS-Auxiliary-Classes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1459
-    NAME 'msDS-Behavior-Version'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.146
-    NAME 'objectSid'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1460
-    NAME 'msDS-User-Account-Control-Computed'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.148
-    NAME 'schemaIDGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.149
-    NAME 'attributeSecurityGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.15
-    NAME 'msiScriptPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.150
-    NAME 'adminCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.151
-    NAME 'oEMInformation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.152
-    NAME 'groupAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.153
-    NAME 'rid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.154
-    NAME 'serverState'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.155
-    NAME 'uASCompat'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.156
-    NAME 'comment'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.157
-    NAME 'serverRole'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.158
-    NAME 'domainReplica'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.159
-    NAME 'accountExpires'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.16
-    NAME 'codePage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.160
-    NAME 'lmPwdHistory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1621
-    NAME 'msDS-Other-Settings'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1622
-    NAME 'msDS-Entry-Time-To-Die'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1623
-    NAME 'msWMI-Author'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1624
-    NAME 'msWMI-ChangeDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1625
-    NAME 'msWMI-ClassDefinition'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1626
-    NAME 'msWMI-CreationDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1627
-    NAME 'msWMI-ID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1628
-    NAME 'msWMI-IntDefault'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1629
-    NAME 'msWMI-IntMax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1630
-    NAME 'msWMI-IntMin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1631
-    NAME 'msWMI-IntValidValues'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1632
-    NAME 'msWMI-Int8Default'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1633
-    NAME 'msWMI-Int8Max'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1634
-    NAME 'msWMI-Int8Min'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1635
-    NAME 'msWMI-Int8ValidValues'
-    SYNTAX 1.2.840.113556.1.4.906
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1636
-    NAME 'msWMI-StringDefault'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1637
-    NAME 'msWMI-StringValidValues'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1638
-    NAME 'msWMI-Mof'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1639
-    NAME 'msWMI-Name'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1640
-    NAME 'msWMI-NormalizedClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1641
-    NAME 'msWMI-PropertyName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1642
-    NAME 'msWMI-Query'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1643
-    NAME 'msWMI-QueryLanguage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1644
-    NAME 'msWMI-SourceOrganization'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1645
-    NAME 'msWMI-TargetClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1646
-    NAME 'msWMI-TargetNameSpace'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1647
-    NAME 'msWMI-TargetObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1648
-    NAME 'msWMI-TargetPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1649
-    NAME 'msWMI-TargetType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.166
-    NAME 'groupMembershipSAM'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1661
-    NAME 'msDS-NC-Replica-Locations'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1663
-    NAME 'msDS-Replication-Notify-First-DSA-Delay'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1664
-    NAME 'msDS-Replication-Notify-Subsequent-DSA-Delay'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1669
-    NAME 'msDS-Approx-Immed-Subordinates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1671
-    NAME 'msPKI-OID-Attribute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1672
-    NAME 'msPKI-OID-CPS'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1673
-    NAME 'msPKI-OID-User-Notice'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1674
-    NAME 'msPKI-Certificate-Application-Policy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1675
-    NAME 'msPKI-RA-Application-Policies'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1676
-    NAME 'msWMI-Class'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1677
-    NAME 'msWMI-Genus'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1678
-    NAME 'msWMI-intFlags1'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1679
-    NAME 'msWMI-intFlags2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.168
-    NAME 'modifiedCount'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1680
-    NAME 'msWMI-intFlags3'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1681
-    NAME 'msWMI-intFlags4'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1682
-    NAME 'msWMI-Parm1'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1683
-    NAME 'msWMI-Parm2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1684
-    NAME 'msWMI-Parm3'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1685
-    NAME 'msWMI-Parm4'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1686
-    NAME 'msWMI-ScopeGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1687
-    NAME 'extraColumns'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1688
-    NAME 'msDS-Security-Group-Extra-Classes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1689
-    NAME 'msDS-Non-Security-Group-Extra-Classes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.169
-    NAME 'logonCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1690
-    NAME 'adminMultiselectPropertyPages'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1692
-    NAME 'msFRS-Topology-Pref'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1693
-    NAME 'msFRS-Hub-Member'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1694
-    NAME 'gPCWQLFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1695
-    NAME 'msMQ-Recipient-FormatName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1696
-    NAME 'lastLogonTimestamp'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1697
-    NAME 'msDS-Settings'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1698
-    NAME 'msTAPI-uid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1699
-    NAME 'msTAPI-ProtocolId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.170
-    NAME 'systemOnly'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1700
-    NAME 'msTAPI-ConferenceBlob'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1701
-    NAME 'msTAPI-IpAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1702
-    NAME 'msDS-TrustForestTrustInfo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1703
-    NAME 'msDS-FilterContainers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1704
-    NAME 'msDS-NCReplCursors'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1705
-    NAME 'msDS-NCReplInboundNeighbors'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1706
-    NAME 'msDS-NCReplOutboundNeighbors'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1707
-    NAME 'msDS-ReplAttributeMetaData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1708
-    NAME 'msDS-ReplValueMetaData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1709
-    NAME 'msDS-HasInstantiatedNCs'
-    SYNTAX 1.2.840.113556.1.4.903
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1710
-    NAME 'msDS-AllowedDNSSuffixes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1711
-    NAME 'msDS-SDReferenceDomain'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1712
-    NAME 'msPKI-OIDLocalizedName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1713
-    NAME 'MSMQ-SecuredSource'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1714
-    NAME 'MSMQ-MulticastAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1715
-    NAME 'msDS-SPNSuffixes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1716
-    NAME 'msDS-IntId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1717
-    NAME 'msDS-AdditionalDnsHostName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1718
-    NAME 'msDS-AdditionalSamAccountName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1719
-    NAME 'msDS-DnsRootAlias'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1720
-    NAME 'msDS-ReplicationEpoch'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1721
-    NAME 'msDS-UpdateScript'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1780
-    NAME 'hideFromAB'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1782
-    NAME 'msDS-KeyVersionNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1783
-    NAME 'msDS-ExecuteScriptPassword'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1784
-    NAME 'msDS-LogonTimeSyncInterval'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1785
-    NAME 'msIIS-FTPRoot'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1786
-    NAME 'msIIS-FTPDir'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1787
-    NAME 'msDS-AllowedToDelegateTo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1788
-    NAME 'msDS-PerUserTrustQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1789
-    NAME 'msDS-AllUsersTrustQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1790
-    NAME 'msDS-PerUserTrustTombstonesQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1792
-    NAME 'msDS-AzLDAPQuery'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1793
-    NAME 'msDS-NonMembers'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1794
-    NAME 'msDS-NonMembersBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1795
-    NAME 'msDS-AzDomainTimeout'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1796
-    NAME 'msDS-AzScriptEngineCacheMax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1797
-    NAME 'msDS-AzScriptTimeout'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1798
-    NAME 'msDS-AzApplicationName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1799
-    NAME 'msDS-AzScopeName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1800
-    NAME 'msDS-AzOperationID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1801
-    NAME 'msDS-AzBizRule'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1802
-    NAME 'msDS-AzBizRuleLanguage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1803
-    NAME 'msDS-AzLastImportedBizRulePath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1805
-    NAME 'msDS-AzGenerateAudits'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1806
-    NAME 'msDS-MembersForAzRole'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1807
-    NAME 'msDS-MembersForAzRoleBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1808
-    NAME 'msDS-OperationsForAzTask'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1809
-    NAME 'msDS-OperationsForAzTaskBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1810
-    NAME 'msDS-TasksForAzTask'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1811
-    NAME 'msDS-TasksForAzTaskBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1812
-    NAME 'msDS-OperationsForAzRole'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1813
-    NAME 'msDS-OperationsForAzRoleBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1814
-    NAME 'msDS-TasksForAzRole'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1815
-    NAME 'msDS-TasksForAzRoleBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1816
-    NAME 'msDS-AzClassId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1817
-    NAME 'msDS-AzApplicationVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1818
-    NAME 'msDS-AzTaskIsRoleDefinition'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1819
-    NAME 'msDS-AzApplicationData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1820
-    NAME 'msDS-HasDomainNCs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1821
-    NAME 'msieee80211-Data'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1822
-    NAME 'msieee80211-DataType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1823
-    NAME 'msieee80211-ID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1824
-    NAME 'msDS-AzMajorVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1825
-    NAME 'msDS-AzMinorVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1826
-    NAME 'msDS-RetiredReplNCSignatures'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1831
-    NAME 'msDS-ByteArray'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1832
-    NAME 'msDS-DateTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1833
-    NAME 'msDS-ExternalKey'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1834
-    NAME 'msDS-ExternalStore'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1835
-    NAME 'msDS-Integer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1836
-    NAME 'msDS-hasMasterNCs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1837
-    NAME 'msDs-masteredBy'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1840
-    NAME 'msDS-ObjectReference'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1841
-    NAME 'msDS-ObjectReferenceBL'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1842
-    NAME 'msDs-MaxValues'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1843
-    NAME 'msDRM-IdentityCertificate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1844
-    NAME 'msDS-QuotaTrustee'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1845
-    NAME 'msDS-QuotaAmount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1846
-    NAME 'msDS-DefaultQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1847
-    NAME 'msDS-TombstoneQuotaFactor'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1848
-    NAME 'msDS-QuotaEffective'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1849
-    NAME 'msDS-QuotaUsed'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1850
-    NAME 'msDS-TopQuotaUsage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1865
-    NAME 'msDS-PrincipalName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1879
-    NAME 'msDS-SourceObjectDN'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1892
-    NAME 'msPKIRoamingTimeStamp'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1893
-    NAME 'msPKIDPAPIMasterKeys'
-    SYNTAX 1.2.840.113556.1.4.903
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1894
-    NAME 'msPKIAccountCredentials'
-    SYNTAX 1.2.840.113556.1.4.903
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.19
-    NAME 'cOMClassID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1910
-    NAME 'unixUserPassword'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1913
-    NAME 'msRADIUS-FramedInterfaceId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1914
-    NAME 'msRADIUS-SavedFramedInterfaceId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1915
-    NAME 'msRADIUS-FramedIpv6Prefix'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1916
-    NAME 'msRADIUS-SavedFramedIpv6Prefix'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1917
-    NAME 'msRADIUS-FramedIpv6Route'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1918
-    NAME 'msRADIUS-SavedFramedIpv6Route'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1923
-    NAME 'msDS-KrbTgtLink'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1924
-    NAME 'msDS-RevealedUsers'
-    SYNTAX 1.2.840.113556.1.4.903
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1925
-    NAME 'msDS-hasFullReplicaNCs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1926
-    NAME 'msDS-NeverRevealGroup'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1928
-    NAME 'msDS-RevealOnDemandGroup'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1929
-    NAME 'msDS-SecondaryKrbTgtNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1930
-    NAME 'msDS-RevealedDSAs'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1931
-    NAME 'msDS-KrbTgtLinkBl'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1932
-    NAME 'msDS-IsFullReplicaFor'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1933
-    NAME 'msDS-IsDomainFor'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1934
-    NAME 'msDS-IsPartialReplicaFor'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1940
-    NAME 'msDS-RevealedList'
-    SYNTAX 1.2.840.113556.1.4.904
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1942
-    NAME 'msDS-PhoneticFirstName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1943
-    NAME 'msDS-PhoneticLastName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1944
-    NAME 'msDS-PhoneticDepartment'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1945
-    NAME 'msDS-PhoneticCompanyName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1946
-    NAME 'msDS-PhoneticDisplayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1949
-    NAME 'msDS-AzObjectGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.195
-    NAME 'systemPossSuperiors'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1950
-    NAME 'msDS-AzGenericData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1951
-    NAME 'ms-net-ieee-80211-GP-PolicyGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1952
-    NAME 'ms-net-ieee-80211-GP-PolicyData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1953
-    NAME 'ms-net-ieee-80211-GP-PolicyReserved'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1954
-    NAME 'ms-net-ieee-8023-GP-PolicyGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1955
-    NAME 'ms-net-ieee-8023-GP-PolicyData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1956
-    NAME 'ms-net-ieee-8023-GP-PolicyReserved'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1957
-    NAME 'msDS-AuthenticatedToAccountlist'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1958
-    NAME 'msDS-AuthenticatedAtDC'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1959
-    NAME 'msDS-isGC'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.196
-    NAME 'systemMayContain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1960
-    NAME 'msDS-isRODC'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1961
-    NAME 'msDS-SiteName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1962
-    NAME 'msDS-PromotionSettings'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1963
-    NAME 'msDS-SupportedEncryptionTypes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1964
-    NAME 'msFVE-RecoveryPassword'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1965
-    NAME 'msFVE-RecoveryGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1966
-    NAME 'msTPM-OwnerInformation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1967
-    NAME 'msDS-NC-RO-Replica-Locations'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1968
-    NAME 'msDS-NC-RO-Replica-Locations-BL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1969
-    NAME 'samDomainUpdates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.197
-    NAME 'systemMustContain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1970
-    NAME 'msDS-LastSuccessfulInteractiveLogonTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1971
-    NAME 'msDS-LastFailedInteractiveLogonTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1972
-    NAME 'msDS-FailedInteractiveLogonCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1973
-    NAME 'msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1975
-    NAME 'msDS-RevealedListBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1976
-    NAME 'msTSProfilePath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1977
-    NAME 'msTSHomeDirectory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1978
-    NAME 'msTSHomeDrive'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1979
-    NAME 'msTSAllowLogon'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.198
-    NAME 'systemAuxiliaryClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1980
-    NAME 'msTSRemoteControl'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1981
-    NAME 'msTSMaxDisconnectionTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1982
-    NAME 'msTSMaxConnectionTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1983
-    NAME 'msTSMaxIdleTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1984
-    NAME 'msTSReconnectionAction'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1985
-    NAME 'msTSBrokenConnectionAction'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1986
-    NAME 'msTSConnectClientDrives'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1987
-    NAME 'msTSConnectPrinterDrives'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1988
-    NAME 'msTSDefaultToMainPrinter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1989
-    NAME 'msTSWorkDirectory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.199
-    NAME 'serviceInstanceVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1990
-    NAME 'msTSInitialProgram'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1991
-    NAME 'msTSProperty01'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1992
-    NAME 'msTSProperty02'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1993
-    NAME 'msTSExpireDate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1994
-    NAME 'msTSLicenseVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1995
-    NAME 'msTSManagingLS'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1996
-    NAME 'msDS-UserPasswordExpiryTimeComputed'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1997
-    NAME 'msDS-HABSeniorityIndex'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1998
-    NAME 'msFVE-VolumeGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.1999
-    NAME 'msFVE-KeyPackage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-#attributeTypes: (
-#    1.2.840.113556.1.4.2
-#    NAME 'objectGUID'
-#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-#    SINGLE-VALUE
-#    NO-USER-MODIFICATION
-#    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.20
-    NAME 'cOMInterfaceID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.200
-    NAME 'controlAccessRights'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2000
-    NAME 'msTSExpireDate2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2001
-    NAME 'msTSLicenseVersion2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2002
-    NAME 'msTSManagingLS2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2003
-    NAME 'msTSExpireDate3'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2004
-    NAME 'msTSLicenseVersion3'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2005
-    NAME 'msTSManagingLS3'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2006
-    NAME 'msTSExpireDate4'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2007
-    NAME 'msTSLicenseVersion4'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2008
-    NAME 'msTSManagingLS4'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2009
-    NAME 'msTSLSProperty01'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2010
-    NAME 'msTSLSProperty02'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2011
-    NAME 'msDS-MaximumPasswordAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2012
-    NAME 'msDS-MinimumPasswordAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2013
-    NAME 'msDS-MinimumPasswordLength'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2014
-    NAME 'msDS-PasswordHistoryLength'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2015
-    NAME 'msDS-PasswordComplexityEnabled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2016
-    NAME 'msDS-PasswordReversibleEncryptionEnabled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2017
-    NAME 'msDS-LockoutObservationWindow'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2018
-    NAME 'msDS-LockoutDuration'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2019
-    NAME 'msDS-LockoutThreshold'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.202
-    NAME 'auditingPolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2020
-    NAME 'msDS-PSOAppliesTo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2021
-    NAME 'msDS-PSOApplied'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2022
-    NAME 'msDS-ResultantPSO'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2023
-    NAME 'msDS-PasswordSettingsPrecedence'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2024
-    NAME 'msDS-NcType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2025
-    NAME 'msDS-IsUserCachableAtRodc'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2030
-    NAME 'msDFS-SchemaMajorVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2031
-    NAME 'msDFS-SchemaMinorVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2032
-    NAME 'msDFS-GenerationGUIDv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2033
-    NAME 'msDFS-NamespaceIdentityGUIDv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2034
-    NAME 'msDFS-LastModifiedv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2035
-    NAME 'msDFS-Ttlv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2036
-    NAME 'msDFS-Commentv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2037
-    NAME 'msDFS-Propertiesv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2038
-    NAME 'msDFS-TargetListv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2039
-    NAME 'msDFS-LinkPathv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2040
-    NAME 'msDFS-LinkSecurityDescriptorv2'
-    SYNTAX 1.2.840.113556.1.4.907
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2041
-    NAME 'msDFS-LinkIdentityGUIDv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2042
-    NAME 'msDFS-ShortNameLinkPathv2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2046
-    NAME 'addressBookRoots2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2047
-    NAME 'globalAddressList2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2048
-    NAME 'templateRoots2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2049
-    NAME 'msDS-BridgeHeadServersUsed'
-    SYNTAX 1.2.840.113556.1.4.903
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.205
-    NAME 'pKTGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2050
-    NAME 'msPKI-CredentialRoamingTokens'
-    SYNTAX 1.2.840.113556.1.4.903
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2051
-    NAME 'msDS-OIDToGroupLink'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2052
-    NAME 'msDS-OIDToGroupLinkBl'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2053
-    NAME 'msImaging-PSPIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2054
-    NAME 'msImaging-PSPString'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2055
-    NAME 'msDS-USNLastSyncSuccess'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2056
-    NAME 'msDS-HostServiceAccount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2057
-    NAME 'msDS-HostServiceAccountBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2058
-    NAME 'isRecycled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2059
-    NAME 'msDS-LocalEffectiveDeletionTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.206
-    NAME 'pKT'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2060
-    NAME 'msDS-LocalEffectiveRecycleTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2061
-    NAME 'msDS-EnabledFeature'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2062
-    NAME 'msDS-OptionalFeatureGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2063
-    NAME 'msDS-OptionalFeatureFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2066
-    NAME 'msDS-RequiredDomainBehaviorVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2067
-    NAME 'msDS-LastKnownRDN'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2068
-    NAME 'msDS-DeletedObjectLifetime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2069
-    NAME 'msDS-EnabledFeatureBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2070
-    NAME 'msTSEndpointData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2071
-    NAME 'msTSEndpointType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2072
-    NAME 'msTSEndpointPlugin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2073
-    NAME 'msTSPrimaryDesktop'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2074
-    NAME 'msTSPrimaryDesktopBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2075
-    NAME 'msTSSecondaryDesktops'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2076
-    NAME 'msPKI-Enrollment-Servers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2077
-    NAME 'msPKI-Site-Name'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2078
-    NAME 'msTSSecondaryDesktopBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.2079
-    NAME 'msDS-RequiredForestBehaviorVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.21
-    NAME 'cOMProgID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.211
-    NAME 'schedule'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.213
-    NAME 'defaultClassStore'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.214
-    NAME 'nextLevelStore'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.218
-    NAME 'applicationName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.219
-    NAME 'iconPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.221
-    NAME 'sAMAccountName'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.222
-    NAME 'location'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-#attributeTypes: (
-#    1.2.840.113556.1.4.223
-#    NAME 'serverName'
-#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-#    SINGLE-VALUE
-#    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.224
-    NAME 'defaultSecurityDescriptor'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.228
-    NAME 'portName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.229
-    NAME 'driverName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.230
-    NAME 'printSeparatorFile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.231
-    NAME 'priority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.232
-    NAME 'defaultPriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.233
-    NAME 'printStartTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.234
-    NAME 'printEndTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.235
-    NAME 'printFormName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.237
-    NAME 'printBinNames'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.238
-    NAME 'printMaxResolutionSupported'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.24
-    NAME 'contentIndexingAllowed'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.240
-    NAME 'printOrientationsSupported'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.241
-    NAME 'printMaxCopies'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.242
-    NAME 'printCollate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.243
-    NAME 'printColor'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.246
-    NAME 'printLanguage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.247
-    NAME 'printAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.249
-    NAME 'cOMCLSID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.25
-    NAME 'countryCode'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.250
-    NAME 'cOMUniqueLIBID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.251
-    NAME 'cOMTreatAsClassId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.253
-    NAME 'cOMOtherProgId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.254
-    NAME 'cOMTypelibId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.255
-    NAME 'vendor'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.26
-    NAME 'creationTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.261
-    NAME 'division'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.265
-    NAME 'notes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.268
-    NAME 'eFSPolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.269
-    NAME 'linkTrackSecret'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.27
-    NAME 'currentValue'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.270
-    NAME 'printShareName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.271
-    NAME 'printOwner'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.272
-    NAME 'printNotify'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.273
-    NAME 'printStatus'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.274
-    NAME 'printSpooling'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.275
-    NAME 'printKeepPrintedJobs'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.276
-    NAME 'driverVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.277
-    NAME 'printMaxXExtent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.278
-    NAME 'printMaxYExtent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.279
-    NAME 'printMinXExtent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.28
-    NAME 'dnsRoot'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.280
-    NAME 'printMinYExtent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.281
-    NAME 'printStaplingSupported'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.282
-    NAME 'printMemory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.283
-    NAME 'assetNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.284
-    NAME 'bytesPerMinute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.285
-    NAME 'printRate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.286
-    NAME 'printRateUnit'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.287
-    NAME 'printNetworkAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.288
-    NAME 'printMACAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.289
-    NAME 'printMediaReady'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.290
-    NAME 'printNumberUp'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.299
-    NAME 'printMediaSupported'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.3
-    NAME 'replPropertyMetaData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.300
-    NAME 'printerName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.301
-    NAME 'wbemPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.302
-    NAME 'sAMAccountType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.303
-    NAME 'notificationList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.307
-    NAME 'options'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.31
-    NAME 'fRSReplicaSetType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.312
-    NAME 'rpcNsObjectID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.314
-    NAME 'rpcNsTransferSyntax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.32
-    NAME 'domainPolicyObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.320
-    NAME 'implementedCategories'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.321
-    NAME 'requiredCategories'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.322
-    NAME 'categoryId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.324
-    NAME 'packageType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.325
-    NAME 'setupCommand'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.326
-    NAME 'packageName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.327
-    NAME 'packageFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.328
-    NAME 'versionNumberHi'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.329
-    NAME 'versionNumberLo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.330
-    NAME 'lastUpdateSequence'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.332
-    NAME 'birthLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.333
-    NAME 'oMTIndxGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.334
-    NAME 'volTableIdxGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.335
-    NAME 'currentLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.336
-    NAME 'volTableGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.337
-    NAME 'currMachineId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.340
-    NAME 'rightsGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.341
-    NAME 'appliesTo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.344
-    NAME 'groupsToIgnore'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.345
-    NAME 'groupPriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.346
-    NAME 'desktopProfile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.35
-    NAME 'employeeID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.356
-    NAME 'foreignIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.357
-    NAME 'nTMixedDomain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.358
-    NAME 'netbootInitialization'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.359
-    NAME 'netbootGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.36
-    NAME 'enabledConnection'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.361
-    NAME 'netbootMachineFilePath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.362
-    NAME 'siteGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.363
-    NAME 'operatingSystem'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.364
-    NAME 'operatingSystemVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.365
-    NAME 'operatingSystemServicePack'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.366
-    NAME 'rpcNsAnnotation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.367
-    NAME 'rpcNsCodeset'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.368
-    NAME 'rIDManagerReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.369
-    NAME 'fSMORoleOwner'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.370
-    NAME 'rIDAvailablePool'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.371
-    NAME 'rIDAllocationPool'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.372
-    NAME 'rIDPreviousAllocationPool'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.373
-    NAME 'rIDUsedPool'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.374
-    NAME 'rIDNextRID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.375
-    NAME 'systemFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.378
-    NAME 'dnsAllowDynamic'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.379
-    NAME 'dnsAllowXFR'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.38
-    NAME 'flags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.380
-    NAME 'dnsSecureSecondaries'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.381
-    NAME 'dnsNotifySecondaries'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.382
-    NAME 'dnsRecord'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.39
-    NAME 'forceLogoff'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.4
-    NAME 'replUpToDateVector'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.40
-    NAME 'fromServer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.41
-    NAME 'generatedConnection'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.415
-    NAME 'operatingSystemHotfix'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.420
-    NAME 'publicKeyPolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.421
-    NAME 'domainWidePolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.422
-    NAME 'domainPolicyReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.43
-    NAME 'fRSVersionGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.44
-    NAME 'homeDirectory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.45
-    NAME 'homeDrive'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.457
-    NAME 'localPolicyReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.458
-    NAME 'qualityOfService'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.459
-    NAME 'machineWidePolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.470
-    NAME 'trustAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.471
-    NAME 'trustParent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.472
-    NAME 'domainCrossRef'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.48
-    NAME 'keywords'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.480
-    NAME 'defaultGroup'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.481
-    NAME 'schemaUpdate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.483
-    NAME 'fRSFileFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.484
-    NAME 'fRSDirectoryFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.485
-    NAME 'fRSUpdateTimeout'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.486
-    NAME 'fRSWorkingPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.487
-    NAME 'fRSRootPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.488
-    NAME 'fRSStagingPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.49
-    NAME 'badPasswordTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.490
-    NAME 'fRSDSPoll'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.491
-    NAME 'fRSFaultCondition'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.494
-    NAME 'siteServer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.498
-    NAME 'creationWizard'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.499
-    NAME 'contextMenu'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.50
-    NAME 'lastContentIndexed'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.500
-    NAME 'fRSServiceCommand'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.502
-    NAME 'timeVolChange'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.503
-    NAME 'timeRefresh'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.504
-    NAME 'seqNotification'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.505
-    NAME 'oMTGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.506
-    NAME 'objectCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.507
-    NAME 'volumeCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.509
-    NAME 'serviceClassName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.51
-    NAME 'lastLogoff'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.510
-    NAME 'serviceBindingInformation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.511
-    NAME 'flatName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.512
-    NAME 'siteObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.513
-    NAME 'siteObjectBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.514
-    NAME 'physicalLocationObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.515
-    NAME 'serverReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.516
-    NAME 'serverReferenceBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.517
-    NAME 'ipsecPolicyReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.518
-    NAME 'defaultHidingValue'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.519
-    NAME 'lastBackupRestorationTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.52
-    NAME 'lastLogon'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.520
-    NAME 'machinePasswordChangeInterval'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.53
-    NAME 'lastSetTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.530
-    NAME 'nonSecurityMember'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.531
-    NAME 'nonSecurityMemberBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.532
-    NAME 'superiorDNSRoot'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.533
-    NAME 'fRSReplicaSetGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.534
-    NAME 'fRSLevelLimit'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.535
-    NAME 'fRSRootSecurity'
-    SYNTAX 1.2.840.113556.1.4.907
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.536
-    NAME 'fRSExtensions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.537
-    NAME 'dynamicLDAPServer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.538
-    NAME 'prefixMap'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.539
-    NAME 'initialAuthIncoming'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.540
-    NAME 'initialAuthOutgoing'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.55
-    NAME 'dBCSPwd'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.557
-    NAME 'parentCA'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.56
-    NAME 'localPolicyFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.562
-    NAME 'adminPropertyPages'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.563
-    NAME 'shellPropertyPages'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.565
-    NAME 'meetingID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.566
-    NAME 'meetingName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.567
-    NAME 'meetingDescription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.568
-    NAME 'meetingKeyword'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.569
-    NAME 'meetingLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.57
-    NAME 'defaultLocalPolicyObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.570
-    NAME 'meetingProtocol'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.571
-    NAME 'meetingType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.573
-    NAME 'meetingApplication'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.574
-    NAME 'meetingLanguage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.576
-    NAME 'meetingMaxParticipants'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.577
-    NAME 'meetingOriginator'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.578
-    NAME 'meetingContactInfo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.579
-    NAME 'meetingOwner'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.58
-    NAME 'localeID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.580
-    NAME 'meetingIP'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.581
-    NAME 'meetingScope'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.582
-    NAME 'meetingAdvertiseScope'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.583
-    NAME 'meetingURL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.584
-    NAME 'meetingRating'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.585
-    NAME 'meetingIsEncrypted'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.586
-    NAME 'meetingRecurrence'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.587
-    NAME 'meetingStartTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.588
-    NAME 'meetingEndTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.589
-    NAME 'meetingBandwidth'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.590
-    NAME 'meetingBlob'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.60
-    NAME 'lockoutDuration'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.607
-    NAME 'queryPolicyObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.608
-    NAME 'queryPolicyBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.609
-    NAME 'sIDHistory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.61
-    NAME 'lockOutObservationWindow'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.610
-    NAME 'classDisplayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.614
-    NAME 'adminContextMenu'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.615
-    NAME 'shellContextMenu'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.618
-    NAME 'wellKnownObjects'
-    SYNTAX 1.2.840.113556.1.4.903
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.619
-    NAME 'dNSHostName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.62
-    NAME 'scriptPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.620
-    NAME 'ipsecName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.621
-    NAME 'ipsecID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.622
-    NAME 'ipsecDataType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.623
-    NAME 'ipsecData'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.624
-    NAME 'ipsecOwnersReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.626
-    NAME 'ipsecISAKMPReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.627
-    NAME 'ipsecNFAReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.628
-    NAME 'ipsecNegotiationPolicyReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.629
-    NAME 'ipsecFilterReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.631
-    NAME 'printPagesPerMinute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.633
-    NAME 'policyReplicationFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.634
-    NAME 'privilegeDisplayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.635
-    NAME 'privilegeValue'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.636
-    NAME 'privilegeAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.637
-    NAME 'privilegeHolder'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.638
-    NAME 'isPrivilegeHolder'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.639
-    NAME 'isMemberOfPartialAttributeSet'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.64
-    NAME 'logonHours'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.640
-    NAME 'partialAttributeSet'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.644
-    NAME 'showInAddressBook'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.645
-    NAME 'userCert'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.646
-    NAME 'otherFacsimileTelephoneNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.647
-    NAME 'otherMobile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.648
-    NAME 'primaryTelexNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.649
-    NAME 'primaryInternationalISDNNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.65
-    NAME 'logonWorkstation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.650
-    NAME 'mhsORAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.651
-    NAME 'otherMailbox'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.652
-    NAME 'assistant'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.653
-    NAME 'managedBy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.654
-    NAME 'managedObjects'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.655
-    NAME 'legacyExchangeDN'
-    SYNTAX 1.2.840.113556.1.4.905
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.656
-    NAME 'userPrincipalName'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.657
-    NAME 'serviceDNSName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.659
-    NAME 'serviceDNSNameType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.66
-    NAME 'lSACreationTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.660
-    NAME 'treeName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.661
-    NAME 'isDefunct'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.662
-    NAME 'lockoutTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.663
-    NAME 'partialAttributeDeletionList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.664
-    NAME 'syncWithObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.665
-    NAME 'syncMembership'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.666
-    NAME 'syncAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.667
-    NAME 'syncWithSID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.668
-    NAME 'domainCAs'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.669
-    NAME 'rIDSetReferences'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.67
-    NAME 'lSAModifiedCount'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.671
-    NAME 'msiFileList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.672
-    NAME 'categories'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.673
-    NAME 'retiredReplDSASignatures'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.674
-    NAME 'rootTrust'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.675
-    NAME 'catalogs'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.677
-    NAME 'replTopologyStayOfExecution'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.679
-    NAME 'creator'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.68
-    NAME 'machineArchitecture'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.680
-    NAME 'queryPoint'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.681
-    NAME 'indexedScopes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.682
-    NAME 'friendlyNames'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.683
-    NAME 'cRLPartitionedRevocationList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.684
-    NAME 'certificateAuthorityObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.685
-    NAME 'parentCACertificateChain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.686
-    NAME 'domainID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.687
-    NAME 'cAConnect'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.688
-    NAME 'cAWEBURL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.689
-    NAME 'cRLObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.690
-    NAME 'cAUsages'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.692
-    NAME 'previousCACertificates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.693
-    NAME 'pendingCACertificates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.694
-    NAME 'previousParentCA'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.695
-    NAME 'pendingParentCA'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.696
-    NAME 'currentParentCA'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.697
-    NAME 'cACertificateDN'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.698
-    NAME 'dhcpUniqueKey'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.699
-    NAME 'dhcpType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.700
-    NAME 'dhcpFlags'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.701
-    NAME 'dhcpIdentification'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.702
-    NAME 'dhcpObjName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.703
-    NAME 'dhcpObjDescription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.704
-    NAME 'dhcpServers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.705
-    NAME 'dhcpSubnets'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.706
-    NAME 'dhcpMask'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.707
-    NAME 'dhcpRanges'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.708
-    NAME 'dhcpSites'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.709
-    NAME 'dhcpReservations'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.71
-    NAME 'machineRole'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.710
-    NAME 'superScopes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.711
-    NAME 'superScopeDescription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.712
-    NAME 'optionDescription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.713
-    NAME 'optionsLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.714
-    NAME 'dhcpOptions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.715
-    NAME 'dhcpClasses'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.716
-    NAME 'mscopeId'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.717
-    NAME 'dhcpState'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.718
-    NAME 'dhcpProperties'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.719
-    NAME 'dhcpMaxKey'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.72
-    NAME 'marshalledInterface'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.720
-    NAME 'dhcpUpdateTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.721
-    NAME 'ipPhone'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.722
-    NAME 'otherIpPhone'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.73
-    NAME 'lockoutThreshold'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.74
-    NAME 'maxPwdAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.748
-    NAME 'attributeDisplayNames'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.749
-    NAME 'url'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.75
-    NAME 'maxRenewAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.750
-    NAME 'groupType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.751
-    NAME 'userSharedFolder'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.752
-    NAME 'userSharedFolderOther'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.753
-    NAME 'nameServiceFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.754
-    NAME 'rpcNsEntryFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.755
-    NAME 'domainIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.756
-    NAME 'aCSTimeOfDay'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.757
-    NAME 'aCSDirection'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.758
-    NAME 'aCSMaxTokenRatePerFlow'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.759
-    NAME 'aCSMaxPeakBandwidthPerFlow'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.76
-    NAME 'maxStorage'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.760
-    NAME 'aCSAggregateTokenRatePerUser'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.761
-    NAME 'aCSMaxDurationPerFlow'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.762
-    NAME 'aCSServiceType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.763
-    NAME 'aCSTotalNoOfFlows'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.764
-    NAME 'aCSPriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.765
-    NAME 'aCSPermissionBits'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.766
-    NAME 'aCSAllocableRSVPBandwidth'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.767
-    NAME 'aCSMaxPeakBandwidth'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.768
-    NAME 'aCSEnableRSVPMessageLogging'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.769
-    NAME 'aCSEventLogLevel'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.77
-    NAME 'maxTicketAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.770
-    NAME 'aCSEnableACSService'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.771
-    NAME 'servicePrincipalName'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.772
-    NAME 'aCSPolicyName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.773
-    NAME 'aCSRSVPLogFilesLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.774
-    NAME 'aCSMaxNoOfLogFiles'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.775
-    NAME 'aCSMaxSizeOfRSVPLogFile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.776
-    NAME 'aCSDSBMPriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.777
-    NAME 'aCSDSBMRefresh'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.778
-    NAME 'aCSDSBMDeadTime'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.779
-    NAME 'aCSCacheTimeout'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.78
-    NAME 'minPwdAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.780
-    NAME 'aCSNonReservedTxLimit'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.781
-    NAME 'lastKnownParent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.782
-    NAME 'objectCategory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.783
-    NAME 'defaultObjectCategory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.784
-    NAME 'aCSIdentityName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.786
-    NAME 'mailAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.789
-    NAME 'transportDLLName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.79
-    NAME 'minPwdLength'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.791
-    NAME 'transportType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.8
-    NAME 'userAccountControl'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.80
-    NAME 'minTicketAge'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.806
-    NAME 'treatAsLeaf'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.809
-    NAME 'remoteStorageGUID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.81
-    NAME 'modifiedCountAtLastProm'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.810
-    NAME 'createDialog'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.812
-    NAME 'createWizardExt'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.813
-    NAME 'upgradeProductCode'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.814
-    NAME 'msiScript'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.815
-    NAME 'canUpgradeScript'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.816
-    NAME 'fileExtPriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.817
-    NAME 'localizedDescription'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.818
-    NAME 'productCode'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.819
-    NAME 'bridgeheadTransportList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.82
-    NAME 'moniker'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.820
-    NAME 'bridgeheadServerListBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.821
-    NAME 'siteList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.822
-    NAME 'siteLinkList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.823
-    NAME 'certificateTemplates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.824
-    NAME 'signatureAlgorithms'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.825
-    NAME 'enrollmentProviders'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.83
-    NAME 'monikerDisplayName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.843
-    NAME 'lDAPAdminLimits'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.844
-    NAME 'lDAPIPDenyList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.845
-    NAME 'msiScriptName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.846
-    NAME 'msiScriptSize'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.847
-    NAME 'installUiLevel'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.848
-    NAME 'appSchemaVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.849
-    NAME 'netbootAllowNewClients'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.850
-    NAME 'netbootLimitClients'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.851
-    NAME 'netbootMaxClients'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.852
-    NAME 'netbootCurrentClientCount'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.853
-    NAME 'netbootAnswerRequests'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.854
-    NAME 'netbootAnswerOnlyValidClients'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.855
-    NAME 'netbootNewMachineNamingPolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.856
-    NAME 'netbootNewMachineOU'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.857
-    NAME 'netbootIntelliMirrorOSes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.858
-    NAME 'netbootTools'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.859
-    NAME 'netbootLocallyInstalledOSes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.86
-    NAME 'userWorkstations'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.860
-    NAME 'netbootServer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.864
-    NAME 'netbootSCPBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.865
-    NAME 'pekList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.866
-    NAME 'pekKeyChangeInterval'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.867
-    NAME 'altSecurityIdentities'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.868
-    NAME 'isCriticalSystemObject'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.869
-    NAME 'frsComputerReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.87
-    NAME 'nETBIOSName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.870
-    NAME 'frsComputerReferenceBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.871
-    NAME 'fRSControlDataCreation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.872
-    NAME 'fRSControlInboundBacklog'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.873
-    NAME 'fRSControlOutboundBacklog'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.874
-    NAME 'fRSFlags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.875
-    NAME 'fRSMemberReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.876
-    NAME 'fRSMemberReferenceBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.877
-    NAME 'fRSPartnerAuthLevel'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.878
-    NAME 'fRSPrimaryMember'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.879
-    NAME 'fRSServiceCommandStatus'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.88
-    NAME 'nextRid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.880
-    NAME 'fRSTimeLastCommand'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.881
-    NAME 'fRSTimeLastConfigChange'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.53
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.882
-    NAME 'fRSVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.883
-    NAME 'msRRASVendorAttributeEntry'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.884
-    NAME 'msRRASAttribute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.885
-    NAME 'terminalServer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.886
-    NAME 'purportedSearch'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.887
-    NAME 'iPSECNegotiationPolicyType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.888
-    NAME 'iPSECNegotiationPolicyAction'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.889
-    NAME 'additionalTrustedServiceNames'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.89
-    NAME 'nTGroupMembers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.890
-    NAME 'uPNSuffixes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.891
-    NAME 'gPLink'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.892
-    NAME 'gPOptions'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.893
-    NAME 'gPCFunctionalityVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.894
-    NAME 'gPCFileSysPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.895
-    NAME 'transportAddressAttribute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.896
-    NAME 'uSNSource'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.897
-    NAME 'aCSMaxAggregatePeakRatePerUser'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.898
-    NAME 'aCSNonReservedTxSize'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.899
-    NAME 'aCSEnableRSVPAccounting'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.90
-    NAME 'unicodePwd'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.900
-    NAME 'aCSRSVPAccountFilesLocation'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.901
-    NAME 'aCSMaxNoOfAccountFiles'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.902
-    NAME 'aCSMaxSizeOfRSVPAccountFile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.908
-    NAME 'extendedClassInfo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.909
-    NAME 'extendedAttributeInfo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.91
-    NAME 'otherLoginWorkstations'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.910
-    NAME 'fromEntry'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.911
-    NAME 'allowedChildClasses'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.912
-    NAME 'allowedChildClassesEffective'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.913
-    NAME 'allowedAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.914
-    NAME 'allowedAttributesEffective'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.915
-    NAME 'possibleInferiors'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.916
-    NAME 'canonicalName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.917
-    NAME 'mSMQQueueType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.918
-    NAME 'mSMQJournal'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.919
-    NAME 'mSMQQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.920
-    NAME 'mSMQBasePriority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.921
-    NAME 'mSMQJournalQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.922
-    NAME 'mSMQLabel'
-    SYNTAX 1.2.840.113556.1.4.905
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.923
-    NAME 'mSMQAuthenticate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.924
-    NAME 'mSMQPrivacyLevel'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.925
-    NAME 'mSMQOwnerID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.926
-    NAME 'mSMQTransactional'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.927
-    NAME 'mSMQSites'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.928
-    NAME 'mSMQOutRoutingServers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.929
-    NAME 'mSMQInRoutingServers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.93
-    NAME 'pwdProperties'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.930
-    NAME 'mSMQServiceType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.933
-    NAME 'mSMQComputerType'
-    SYNTAX 1.2.840.113556.1.4.905
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.934
-    NAME 'mSMQForeign'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.935
-    NAME 'mSMQOSType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.936
-    NAME 'mSMQEncryptKey'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.937
-    NAME 'mSMQSignKey'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.939
-    NAME 'mSMQNameStyle'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.94
-    NAME 'ntPwdHistory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.940
-    NAME 'mSMQCSPName'
-    SYNTAX 1.2.840.113556.1.4.905
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.941
-    NAME 'mSMQLongLived'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.942
-    NAME 'mSMQVersion'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.943
-    NAME 'mSMQSite1'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.944
-    NAME 'mSMQSite2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.945
-    NAME 'mSMQSiteGates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.946
-    NAME 'mSMQCost'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.947
-    NAME 'mSMQSignCertificates'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.948
-    NAME 'mSMQDigests'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.95
-    NAME 'pwdHistoryLength'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.950
-    NAME 'mSMQServices'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.951
-    NAME 'mSMQQMID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.952
-    NAME 'mSMQMigrated'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.953
-    NAME 'mSMQSiteID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.96
-    NAME 'pwdLastSet'
-# vmw use INTEGER instead of SYNTAX 1.2.840.113556.1.4.906 (MSFT LargeInteger)
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.960
-    NAME 'mSMQNt4Stub'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.961
-    NAME 'mSMQSiteForeign'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.962
-    NAME 'mSMQQueueQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.963
-    NAME 'mSMQQueueJournalQuota'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.964
-    NAME 'mSMQNt4Flags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.965
-    NAME 'mSMQSiteName'
-    SYNTAX 1.2.840.113556.1.4.905
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.966
-    NAME 'mSMQDigestsMig'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.967
-    NAME 'mSMQSignCertificatesMig'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.97
-    NAME 'preferredOU'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.98
-    NAME 'primaryGroupID'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.4.99
-    NAME 'priorSetTime'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.1
-    NAME 'msDFSR-Version'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.10
-    NAME 'msDFSR-ReplicationGroupType'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.100
-    NAME 'msDFSR-MemberReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.101
-    NAME 'msDFSR-ComputerReference'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.102
-    NAME 'msDFSR-MemberReferenceBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.103
-    NAME 'msDFSR-ComputerReferenceBL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.11
-    NAME 'msDFSR-TombstoneExpiryInMin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.12
-    NAME 'msDFSR-FileFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.13
-    NAME 'msDFSR-DirectoryFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.14
-    NAME 'msDFSR-Schedule'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.15
-    NAME 'msDFSR-Keywords'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.16
-    NAME 'msDFSR-Flags'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.17
-    NAME 'msDFSR-Options'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.18
-    NAME 'msDFSR-ContentSetGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.19
-    NAME 'msDFSR-RdcEnabled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.2
-    NAME 'msDFSR-Extension'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.20
-    NAME 'msDFSR-RdcMinFileSizeInKb'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.21
-    NAME 'msDFSR-DfsPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.22
-    NAME 'msDFSR-RootFence'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.23
-    NAME 'msDFSR-ReplicationGroupGuid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.24
-    NAME 'msDFSR-DfsLinkTarget'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.25
-    NAME 'msDFSR-Priority'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.26
-    NAME 'msDFSR-DeletedPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.27
-    NAME 'msDFSR-DeletedSizeInMb'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.28
-    NAME 'msDFSR-ReadOnly'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.29
-    NAME 'msDFSR-CachePolicy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.3
-    NAME 'msDFSR-RootPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.30
-    NAME 'msDFSR-MinDurationCacheInMin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.31
-    NAME 'msDFSR-MaxAgeInCacheInMin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.32
-    NAME 'msDFSR-DisablePacketPrivacy'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.34
-    NAME 'msDFSR-DefaultCompressionExclusionFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.35
-    NAME 'msDFSR-OnDemandExclusionFileFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.36
-    NAME 'msDFSR-OnDemandExclusionDirectoryFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.37
-    NAME 'msDFSR-Options2'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.38
-    NAME 'msDFSR-CommonStagingPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.39
-    NAME 'msDFSR-CommonStagingSizeInMb'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.4
-    NAME 'msDFSR-RootSizeInMb'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.40
-    NAME 'msDFSR-StagingCleanupTriggerInPercent'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.5
-    NAME 'msDFSR-StagingPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.6
-    NAME 'msDFSR-StagingSizeInMb'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.7
-    NAME 'msDFSR-ConflictPath'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.8
-    NAME 'msDFSR-ConflictSizeInMb'
-    SYNTAX 1.2.840.113556.1.4.906
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.13.3.9
-    NAME 'msDFSR-Enabled'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.300
-    NAME 'msSFU30SearchContainer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.301
-    NAME 'msSFU30KeyAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.302
-    NAME 'msSFU30FieldSeparator'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.303
-    NAME 'msSFU30IntraFieldSeparator'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.304
-    NAME 'msSFU30SearchAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.305
-    NAME 'msSFU30ResultAttributes'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.306
-    NAME 'msSFU30MapFilter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.307
-    NAME 'msSFU30MasterServerName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.308
-    NAME 'msSFU30OrderNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.309
-    NAME 'msSFU30Name'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.323
-    NAME 'msSFU30Aliases'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.324
-    NAME 'msSFU30KeyValues'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.339
-    NAME 'msSFU30NisDomain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.340
-    NAME 'msSFU30Domains'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.341
-    NAME 'msSFU30YpServers'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.342
-    NAME 'msSFU30MaxGidNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.343
-    NAME 'msSFU30MaxUidNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.345
-    NAME 'msSFU30NSMAPFieldPosition'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.346
-    NAME 'msSFU30PosixMember'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.347
-    NAME 'msSFU30PosixMemberOf'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.348
-    NAME 'msSFU30NetgroupHostAtDomain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.349
-    NAME 'msSFU30NetgroupUserAtDomain'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.350
-    NAME 'msSFU30IsValidContainer'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.2.840.113556.1.6.18.1.352
-    NAME 'msSFU30CryptMethod'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.0
-    NAME 'uidNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.1
-    NAME 'gidNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.10
-    NAME 'shadowExpire'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.11
-    NAME 'shadowFlag'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.12
-    NAME 'memberUid'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.13
-    NAME 'memberNisNetgroup'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.14
-    NAME 'nisNetgroupTriple'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.15
-    NAME 'ipServicePort'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.16
-    NAME 'ipServiceProtocol'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.17
-    NAME 'ipProtocolNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.18
-    NAME 'oncRpcNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.19
-    NAME 'ipHostNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.2
-    NAME 'gecos'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.20
-    NAME 'ipNetworkNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.21
-    NAME 'ipNetmaskNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.22
-    NAME 'macAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.23
-    NAME 'bootParameter'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.24
-    NAME 'bootFile'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.26
-    NAME 'nisMapName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.27
-    NAME 'nisMapEntry'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.3
-    NAME 'unixHomeDirectory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.4
-    NAME 'loginShell'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.5
-    NAME 'shadowLastChange'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.6
-    NAME 'shadowMin'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.7
-    NAME 'shadowMax'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.8
-    NAME 'shadowWarning'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.1.1.9
-    NAME 'shadowInactive'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.1.20
-    NAME 'entryDN'
-    DESC 'DN of the entry'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.119.3
-    NAME 'entryTTL'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.1466.101.120.16
-    NAME 'ldapSyntaxes'
-    DESC 'RFC4512: LDAP syntaxes'
-    EQUALITY objectIdentifierFirstComponentMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    1.3.6.1.4.1.250.1.57
-    NAME 'labeledURI'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.1
-    NAME 'carLicense'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.2
-    NAME 'departmentNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.216
-    NAME 'userPKCS12'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.34
-    NAME 'middleName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.35
-    NAME 'thumbnailPhoto'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.36
-    NAME 'thumbnailLogo'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.1.39
-    NAME 'preferredLanguage'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.16.840.1.113730.3.140
-    NAME 'userSMIMECertificate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.18.1
-    NAME 'createTimeStamp'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-# vmw
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.18.10
-    NAME 'subSchemaSubEntry'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    2.5.18.2
-    NAME 'modifyTimeStamp'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-# vmw
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.2
-    NAME 'dITContentRules'
-    EQUALITY objectIdentifierFirstComponentMatch
-#  AD use following, RFC use different (need consolidate?)
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.4
-    NAME 'matchingRules'
-    DESC 'RFC4512: matching rules'
-    EQUALITY objectIdentifierFirstComponentMatch
-#  AD use DirectoryString syntax, RFC use following
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.5
-    NAME 'attributeTypes'
-    EQUALITY objectIdentifierFirstComponentMatch
-#  AD use following , RFC use different
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.6
-    NAME 'objectClasses'
-    EQUALITY objectIdentifierFirstComponentMatch
-#  AD use following, RFC use different
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.8
-    NAME 'matchingRuleUse'
-    DESC 'RFC4512: matching rule uses'
-    EQUALITY objectIdentifierFirstComponentMatch
-#  AD use following, RFC use different
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
-    USAGE directoryOperation
-    )
-
-attributeTypes: (
-    2.5.21.9
-    NAME 'structuralObjectClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    )
-
-attributeTypes: (
-    2.5.4.0
-    NAME 'objectClass'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-    )
-
-attributeTypes: (
-    2.5.4.10
-    NAME 'o'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.11
-    NAME 'ou'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.12
-    NAME 'title'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.13
-    NAME 'description'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.14
-    NAME 'searchGuide'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.15
-    NAME 'businessCategory'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.16
-    NAME 'postalAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.17
-    NAME 'postalCode'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.18
-    NAME 'postOfficeBox'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.19
-    NAME 'physicalDeliveryOfficeName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.2
-    NAME 'knowledgeInformation'
-    SYNTAX 1.2.840.113556.1.4.905
-    )
-
-attributeTypes: (
-    2.5.4.20
-    NAME 'telephoneNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.21
-    NAME 'telexNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.22
-    NAME 'teletexTerminalIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.23
-    NAME 'facsimileTelephoneNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.24
-    NAME 'x121Address'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
-    )
-
-attributeTypes: (
-    2.5.4.25
-    NAME 'internationalISDNNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
-    )
-
-attributeTypes: (
-    2.5.4.26
-    NAME 'registeredAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.27
-    NAME 'destinationIndicator'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    2.5.4.28
-    NAME 'preferredDeliveryMethod'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributeTypes: (
-    2.5.4.29
-    NAME 'presentationAddress'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.3
-    NAME 'cn'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.30
-    NAME 'supportedApplicationContext'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-#TODO, DN syntax should use EQALITY to get normalized correctly
-# not done with all 121.1.12 yet
-attributeTypes: (
-    2.5.4.31
-    NAME 'member'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    2.5.4.32
-    NAME 'owner'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.33
-    NAME 'roleOccupant'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    2.5.4.34
-    NAME 'seeAlso'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    2.5.4.35
-    NAME 'userPassword'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.36
-    NAME 'userCertificate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.37
-    NAME 'cACertificate'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.38
-    NAME 'authorityRevocationList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.39
-    NAME 'certificateRevocationList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.4
-    NAME 'sn'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.40
-    NAME 'crossCertificatePair'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.42
-    NAME 'givenName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.43
-    NAME 'initials'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.44
-    NAME 'generationQualifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.45
-    NAME 'x500uniqueIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.49
-    NAME 'distinguishedName'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-#vmw
-    EQUALITY distinguishedNameMatch
-    SINGLE-VALUE
-    NO-USER-MODIFICATION
-    )
-
-attributeTypes: (
-    2.5.4.5
-    NAME 'serialNumber'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-    )
-
-attributeTypes: (
-    2.5.4.50
-    NAME 'uniqueMember'
-#vmw
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributeTypes: (
-    2.5.4.51
-    NAME 'houseIdentifier'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    2.5.4.53
-    NAME 'deltaRevocationList'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.58
-    NAME 'attributeCertificateAttribute'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributeTypes: (
-    2.5.4.6
-    NAME 'c'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.7
-    NAME 'l'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.8
-    NAME 'st'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    2.5.4.9
-    NAME 'street'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.14
-    NAME 'rFC822LocalPart'
-    SUP domain
-    STRUCTURAL
-    MAY ( cn
-        $ sn
-        $ street
-        $ description
-        $ postalAddress
-        $ postalCode
-        $ postOfficeBox
-        $ physicalDeliveryOfficeName
-        $ telephoneNumber
-        $ telexNumber
-        $ teletexTerminalIdentifier
-        $ facsimileTelephoneNumber
-        $ x121Address
-        $ internationalISDNNumber
-        $ registeredAddress
-        $ destinationIndicator
-        $ preferredDeliveryMethod
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.17
-    NAME 'domainRelatedObject'
-    SUP top
-    AUXILIARY
-    MAY ( associatedDomain
-        )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.18
-    NAME 'friendlyCountry'
-    SUP country
-    STRUCTURAL
-    MUST ( co
-         )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.19
-    NAME 'simpleSecurityObject'
-    SUP top
-    AUXILIARY
-    MAY ( userPassword
-        )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.5
-    NAME 'account'
-    SUP top
-    STRUCTURAL
-    MAY ( l
-        $ o
-        $ ou
-        $ description
-        $ seeAlso
-        $ uid
-        $ host
-        )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.6
-    NAME 'document'
-    SUP top
-    STRUCTURAL
-    MAY ( cn
-        $ l
-        $ o
-        $ ou
-        $ description
-        $ seeAlso
-        $ documentIdentifier
-        $ documentTitle
-        $ documentVersion
-        $ documentAuthor
-        $ documentLocation
-        $ documentPublisher
-        )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.7
-    NAME 'room'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( description
-        $ telephoneNumber
-        $ seeAlso
-        $ location
-        $ roomNumber
-        )
-    )
-
-objectClasses: (
-    0.9.2342.19200300.100.4.9
-    NAME 'documentSeries'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( l
-        $ o
-        $ ou
-        $ description
-        $ telephoneNumber
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.11
-    NAME 'crossRef'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ nCName
-         $ dnsRoot
-         )
-    MAY ( Enabled
-        $ nETBIOSName
-        $ nTMixedDomain
-        $ trustParent
-        $ superiorDNSRoot
-        $ rootTrust
-        $ msDS-Behavior-Version
-        $ msDS-NC-Replica-Locations
-        $ msDS-Replication-Notify-First-DSA-Delay
-        $ msDS-Replication-Notify-Subsequent-DSA-Delay
-        $ msDS-SDReferenceDomain
-        $ msDS-DnsRootAlias
-        $ msDS-NC-RO-Replica-Locations
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.13
-    NAME 'classSchema'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ subClassOf
-         $ governsID
-         $ objectClassCategory
-         $ schemaIDGUID
-         $ defaultObjectCategory
-         )
-    MAY ( possSuperiors
-        $ mustContain
-        $ mayContain
-        $ rDNAttID
-        $ auxiliaryClass
-        $ lDAPDisplayName
-        $ schemaFlagsEx
-        $ systemOnly
-        $ systemPossSuperiors
-        $ systemMayContain
-        $ systemMustContain
-        $ systemAuxiliaryClass
-        $ defaultSecurityDescriptor
-        $ defaultHidingValue
-        $ classDisplayName
-        $ isDefunct
-        $ msDs-Schema-Extensions
-        $ msDS-IntId
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.14
-    NAME 'attributeSchema'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ attributeSyntax
-         $ isSingleValued
-         $ lDAPDisplayName
-         )
-    MAY ( rangeLower
-        $ rangeUpper
-        $ mAPIID
-        $ linkID
-        $ oMObjectClass
-        $ searchFlags
-        $ vmwAttrUniquenessScope
-        $ extendedCharsAllowed
-        $ schemaFlagsEx
-        $ attributeSecurityGUID
-        $ systemOnly
-        $ classDisplayName
-        $ isMemberOfPartialAttributeSet
-        $ isDefunct
-        $ isEphemeral
-        $ msDs-Schema-Extensions
-        $ msDS-IntId
-# vmw move from MUST to MAY
-        $ attributeID
-        $ oMSyntax
-        $ schemaIDGUID
-        $ vmwAttributeUsage
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.23
-    NAME 'container'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( schemaVersion
-        $ defaultClassStore
-        $ msDS-ObjectReference
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.30
-    NAME 'computer'
-    SUP user
-    STRUCTURAL
-    MAY ( cn
-        $ networkAddress
-        $ localPolicyFlags
-        $ defaultLocalPolicyObject
-        $ machineRole
-        $ location
-        $ netbootInitialization
-        $ netbootGUID
-        $ netbootMachineFilePath
-        $ siteGUID
-        $ operatingSystem
-        $ operatingSystemVersion
-        $ operatingSystemServicePack
-        $ operatingSystemHotfix
-        $ volumeCount
-        $ physicalLocationObject
-        $ dNSHostName
-        $ policyReplicationFlags
-        $ managedBy
-        $ rIDSetReferences
-        $ catalogs
-        $ netbootSIFFile
-        $ netbootMirrorDataFile
-        $ msDS-AdditionalDnsHostName
-        $ msDS-AdditionalSamAccountName
-        $ msDS-ExecuteScriptPassword
-        $ msDS-KrbTgtLink
-        $ msDS-RevealedUsers
-        $ msDS-NeverRevealGroup
-        $ msDS-RevealOnDemandGroup
-        $ msDS-RevealedList
-        $ msDS-AuthenticatedAtDC
-        $ msDS-isGC
-        $ msDS-isRODC
-        $ msDS-SiteName
-        $ msDS-PromotionSettings
-        $ msTPM-OwnerInformation
-        $ msTSProperty01
-        $ msTSProperty02
-        $ msDS-IsUserCachableAtRodc
-        $ msDS-HostServiceAccount
-        $ msTSEndpointData
-        $ msTSEndpointType
-        $ msTSEndpointPlugin
-        $ msTSPrimaryDesktopBL
-        $ msTSSecondaryDesktopBL
-        $ msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ nisMapName
-        $ vmwMachineGUID
-        $ vmwPlatformServicesControllerVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.46
-    NAME 'mailRecipient'
-    SUP top
-    AUXILIARY
-    MUST ( cn
-         )
-    MAY ( telephoneNumber
-        $ userCertificate
-        $ info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ msDS-PhoneticDisplayName
-        $ userSMIMECertificate
-        $ textEncodedORAddress
-        $ secretary
-        $ labeledURI
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.58
-    NAME 'addressTemplate'
-    SUP displayTemplate
-    STRUCTURAL
-    MUST ( displayName
-         )
-    MAY ( addressSyntax
-        $ perMsgDialogDisplayTable
-        $ perRecipDialogDisplayTable
-        $ addressType
-        $ proxyGenerationEnabled
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.59
-    NAME 'displayTemplate'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( helpData32
-        $ originalDisplayTableMSDOS
-        $ addressEntryDisplayTable
-        $ helpFileName
-        $ addressEntryDisplayTableMSDOS
-        $ helpData16
-        $ originalDisplayTable
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.3.9
-    NAME 'dMD'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( dmdName
-        $ schemaUpdate
-        $ prefixMap
-        $ schemaInfo
-        $ msDs-Schema-Extensions
-        $ msDS-IntId
-        $ msDS-USNLastSyncSuccess
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.1
-    NAME 'securityObject'
-    SUP top
-    ABSTRACT
-    MUST ( cn
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.10
-    NAME 'classRegistration'
-    SUP leaf
-    STRUCTURAL
-    MAY ( cOMInterfaceID
-        $ cOMProgID
-        $ cOMCLSID
-        $ cOMTreatAsClassId
-        $ cOMOtherProgId
-        $ implementedCategories
-        $ requiredCategories
-        $ managedBy
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.102
-    NAME 'nTFRSReplicaSet'
-    SUP top
-    STRUCTURAL
-    MAY ( fRSReplicaSetType
-        $ fRSVersionGUID
-        $ schedule
-        $ fRSFileFilter
-        $ fRSDirectoryFilter
-        $ fRSDSPoll
-        $ fRSServiceCommand
-        $ fRSReplicaSetGUID
-        $ fRSLevelLimit
-        $ fRSRootSecurity
-        $ fRSExtensions
-        $ managedBy
-        $ fRSFlags
-        $ fRSPartnerAuthLevel
-        $ fRSPrimaryMember
-        $ msFRS-Topology-Pref
-        $ msFRS-Hub-Member
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.104
-    NAME 'meeting'
-    SUP top
-    STRUCTURAL
-    MUST ( meetingName
-         )
-    MAY ( meetingID
-        $ meetingDescription
-        $ meetingKeyword
-        $ meetingLocation
-        $ meetingProtocol
-        $ meetingType
-        $ meetingApplication
-        $ meetingLanguage
-        $ meetingMaxParticipants
-        $ meetingOriginator
-        $ meetingContactInfo
-        $ meetingOwner
-        $ meetingIP
-        $ meetingScope
-        $ meetingAdvertiseScope
-        $ meetingURL
-        $ meetingRating
-        $ meetingIsEncrypted
-        $ meetingRecurrence
-        $ meetingStartTime
-        $ meetingEndTime
-        $ meetingBandwidth
-        $ meetingBlob
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.106
-    NAME 'queryPolicy'
-    SUP top
-    STRUCTURAL
-    MAY ( lDAPAdminLimits
-        $ lDAPIPDenyList
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.107
-    NAME 'sitesContainer'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.11
-    NAME 'comConnectionPoint'
-    SUP connectionPoint
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( marshalledInterface
-        $ moniker
-        $ monikerDisplayName
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.118
-    NAME 'ipsecFilter'
-    SUP ipsecBase
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.119
-    NAME 'ipsecNegotiationPolicy'
-    SUP ipsecBase
-    STRUCTURAL
-    MAY ( iPSECNegotiationPolicyType
-        $ iPSECNegotiationPolicyAction
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.12
-    NAME 'configuration'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( gPLink
-        $ gPOptions
-        $ msDS-USNLastSyncSuccess
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.120
-    NAME 'ipsecISAKMPPolicy'
-    SUP ipsecBase
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.121
-    NAME 'ipsecNFA'
-    SUP ipsecBase
-    STRUCTURAL
-    MAY ( ipsecNegotiationPolicyReference
-        $ ipsecFilterReference
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.125
-    NAME 'addressBookContainer'
-    SUP top
-    STRUCTURAL
-    MUST ( displayName
-         )
-    MAY ( purportedSearch
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.126
-    NAME 'serviceConnectionPoint'
-    SUP connectionPoint
-    STRUCTURAL
-    MAY ( versionNumber
-        $ vendor
-        $ versionNumberHi
-        $ versionNumberLo
-        $ serviceClassName
-        $ serviceBindingInformation
-        $ serviceDNSName
-        $ serviceDNSNameType
-        $ appSchemaVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.129
-    NAME 'rIDSet'
-    SUP top
-    STRUCTURAL
-    MUST ( rIDAllocationPool
-         $ rIDPreviousAllocationPool
-         $ rIDUsedPool
-         $ rIDNextRID
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.130
-    NAME 'indexServerCatalog'
-    SUP connectionPoint
-    STRUCTURAL
-    MUST ( creator
-         )
-    MAY ( uNCName
-        $ queryPoint
-        $ indexedScopes
-        $ friendlyNames
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.132
-    NAME 'dHCPClass'
-    SUP top
-    STRUCTURAL
-    MUST ( dhcpUniqueKey
-         $ dhcpType
-         $ dhcpFlags
-         $ dhcpIdentification
-         )
-    MAY ( networkAddress
-        $ dhcpObjName
-        $ dhcpObjDescription
-        $ dhcpServers
-        $ dhcpSubnets
-        $ dhcpMask
-        $ dhcpRanges
-        $ dhcpSites
-        $ dhcpReservations
-        $ superScopes
-        $ superScopeDescription
-        $ optionDescription
-        $ optionsLocation
-        $ dhcpOptions
-        $ dhcpClasses
-        $ mscopeId
-        $ dhcpState
-        $ dhcpProperties
-        $ dhcpMaxKey
-        $ dhcpUpdateTime
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.136
-    NAME 'rpcContainer'
-    SUP container
-    STRUCTURAL
-    MAY ( nameServiceFlags
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.137
-    NAME 'aCSPolicy'
-    SUP top
-    STRUCTURAL
-    MAY ( aCSTimeOfDay
-        $ aCSDirection
-        $ aCSMaxTokenRatePerFlow
-        $ aCSMaxPeakBandwidthPerFlow
-        $ aCSAggregateTokenRatePerUser
-        $ aCSMaxDurationPerFlow
-        $ aCSServiceType
-        $ aCSTotalNoOfFlows
-        $ aCSPriority
-        $ aCSPermissionBits
-        $ aCSIdentityName
-        $ aCSMaxAggregatePeakRatePerUser
-        $ aCSMaxTokenBucketPerFlow
-        $ aCSMaximumSDUSize
-        $ aCSMinimumPolicedSize
-        $ aCSMinimumLatency
-        $ aCSMinimumDelayVariation
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.138
-    NAME 'aCSSubnet'
-    SUP top
-    STRUCTURAL
-    MAY ( aCSMaxTokenRatePerFlow
-        $ aCSMaxPeakBandwidthPerFlow
-        $ aCSMaxDurationPerFlow
-        $ aCSAllocableRSVPBandwidth
-        $ aCSMaxPeakBandwidth
-        $ aCSEnableRSVPMessageLogging
-        $ aCSEventLogLevel
-        $ aCSEnableACSService
-        $ aCSRSVPLogFilesLocation
-        $ aCSMaxNoOfLogFiles
-        $ aCSMaxSizeOfRSVPLogFile
-        $ aCSDSBMPriority
-        $ aCSDSBMRefresh
-        $ aCSDSBMDeadTime
-        $ aCSCacheTimeout
-        $ aCSNonReservedTxLimit
-        $ aCSNonReservedTxSize
-        $ aCSEnableRSVPAccounting
-        $ aCSRSVPAccountFilesLocation
-        $ aCSMaxNoOfAccountFiles
-        $ aCSMaxSizeOfRSVPAccountFile
-        $ aCSServerList
-        $ aCSNonReservedPeakRate
-        $ aCSNonReservedTokenSize
-        $ aCSNonReservedMaxSDUSize
-        $ aCSNonReservedMinPolicedSize
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.139
-    NAME 'lostAndFound'
-    SUP top
-    STRUCTURAL
-    MAY ( moveTreeState
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.14
-    NAME 'connectionPoint'
-    SUP leaf
-    ABSTRACT
-    MUST ( cn
-         )
-    MAY ( keywords
-        $ managedBy
-        $ msDS-Settings
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.140
-    NAME 'interSiteTransportContainer'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.141
-    NAME 'interSiteTransport'
-    SUP top
-    STRUCTURAL
-    MUST ( transportDLLName
-         $ transportAddressAttribute
-         )
-    MAY ( options
-        $ replInterval
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.146
-    NAME 'remoteStorageServicePoint'
-    SUP serviceAdministrationPoint
-    STRUCTURAL
-    MAY ( remoteStorageGUID
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.147
-    NAME 'siteLink'
-    SUP top
-    STRUCTURAL
-    MUST ( siteList
-         )
-    MAY ( cost
-        $ schedule
-        $ options
-        $ replInterval
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.148
-    NAME 'siteLinkBridge'
-    SUP top
-    STRUCTURAL
-    MUST ( siteLinkList
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.15
-    NAME 'contact'
-    SUP organizationalPerson
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( notes
-        $ msDS-SourceObjectDN
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.150
-    NAME 'rRASAdministrationConnectionPoint'
-    SUP serviceAdministrationPoint
-    STRUCTURAL
-    MAY ( msRRASAttribute
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.151
-    NAME 'intellimirrorSCP'
-    SUP serviceAdministrationPoint
-    STRUCTURAL
-    MAY ( netbootMachineFilePath
-        $ netbootAllowNewClients
-        $ netbootLimitClients
-        $ netbootMaxClients
-        $ netbootCurrentClientCount
-        $ netbootAnswerRequests
-        $ netbootAnswerOnlyValidClients
-        $ netbootNewMachineNamingPolicy
-        $ netbootNewMachineOU
-        $ netbootIntelliMirrorOSes
-        $ netbootTools
-        $ netbootLocallyInstalledOSes
-        $ netbootServer
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.152
-    NAME 'intellimirrorGroup'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.153
-    NAME 'nTFRSMember'
-    SUP top
-    STRUCTURAL
-    MAY ( fRSUpdateTimeout
-        $ fRSServiceCommand
-        $ serverReference
-        $ fRSRootSecurity
-        $ fRSExtensions
-        $ frsComputerReference
-        $ fRSControlDataCreation
-        $ fRSControlInboundBacklog
-        $ fRSControlOutboundBacklog
-        $ fRSFlags
-        $ fRSPartnerAuthLevel
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.154
-    NAME 'nTFRSSubscriptions'
-    SUP top
-    STRUCTURAL
-    MAY ( fRSWorkingPath
-        $ fRSExtensions
-        $ fRSVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.155
-    NAME 'nTFRSSubscriber'
-    SUP top
-    STRUCTURAL
-    MUST ( fRSRootPath
-         $ fRSStagingPath
-         )
-    MAY ( schedule
-        $ fRSUpdateTimeout
-        $ fRSFaultCondition
-        $ fRSServiceCommand
-        $ fRSExtensions
-        $ fRSFlags
-        $ fRSMemberReference
-        $ fRSServiceCommandStatus
-        $ fRSTimeLastCommand
-        $ fRSTimeLastConfigChange
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.156
-    NAME 'rRASAdministrationDictionary'
-    SUP top
-    STRUCTURAL
-    MAY ( msRRASVendorAttributeEntry
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.157
-    NAME 'groupPolicyContainer'
-    SUP container
-    STRUCTURAL
-    MAY ( flags
-        $ versionNumber
-        $ gPCFunctionalityVersion
-        $ gPCFileSysPath
-        $ gPCMachineExtensionNames
-        $ gPCUserExtensionNames
-        $ gPCWQLFilter
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.161
-    NAME 'mSMQQueue'
-    SUP top
-    STRUCTURAL
-    MAY ( mSMQQueueType
-        $ mSMQJournal
-        $ mSMQBasePriority
-        $ mSMQLabel
-        $ mSMQAuthenticate
-        $ mSMQPrivacyLevel
-        $ mSMQOwnerID
-        $ mSMQTransactional
-        $ mSMQQueueQuota
-        $ mSMQQueueJournalQuota
-        $ mSMQQueueNameExt
-        $ mSMQLabelEx
-        $ MSMQ-SecuredSource
-        $ MSMQ-MulticastAddress
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.162
-    NAME 'mSMQConfiguration'
-    SUP top
-    STRUCTURAL
-    MAY ( mSMQQuota
-        $ mSMQJournalQuota
-        $ mSMQOwnerID
-        $ mSMQSites
-        $ mSMQOutRoutingServers
-        $ mSMQInRoutingServers
-        $ mSMQServiceType
-        $ mSMQComputerType
-        $ mSMQForeign
-        $ mSMQOSType
-        $ mSMQEncryptKey
-        $ mSMQSignKey
-        $ mSMQDependentClientServices
-        $ mSMQRoutingServices
-        $ mSMQDsServices
-        $ mSMQComputerTypeEx
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.163
-    NAME 'mSMQEnterpriseSettings'
-    SUP top
-    STRUCTURAL
-    MAY ( mSMQNameStyle
-        $ mSMQCSPName
-        $ mSMQLongLived
-        $ mSMQVersion
-        $ mSMQInterval1
-        $ mSMQInterval2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.164
-    NAME 'mSMQSiteLink'
-    SUP top
-    STRUCTURAL
-    MUST ( mSMQSite1
-         $ mSMQSite2
-         $ mSMQCost
-         )
-    MAY ( mSMQSiteGates
-        $ mSMQSiteGatesMig
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.165
-    NAME 'mSMQSettings'
-    SUP top
-    STRUCTURAL
-    MAY ( mSMQOwnerID
-        $ mSMQServices
-        $ mSMQQMID
-        $ mSMQMigrated
-        $ mSMQNt4Flags
-        $ mSMQSiteName
-        $ mSMQRoutingService
-        $ mSMQDsService
-        $ mSMQDependentClientService
-        $ mSMQSiteNameEx
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.17
-    NAME 'server'
-    SUP top
-    STRUCTURAL
-    MAY ( serialNumber
-        $ serverReference
-        $ dNSHostName
-        $ managedBy
-        $ mailAddress
-        $ bridgeheadTransportList
-        $ msDS-isGC
-        $ msDS-isRODC
-        $ msDS-SiteName
-        $ msDS-IsUserCachableAtRodc
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.175
-    NAME 'infrastructureUpdate'
-    SUP top
-    STRUCTURAL
-    MAY ( dNReferenceUpdate
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.176
-    NAME 'msExchConfigurationContainer'
-    SUP container
-    STRUCTURAL
-    MAY ( addressBookRoots
-        $ globalAddressList
-        $ templateRoots
-        $ addressBookRoots2
-        $ globalAddressList2
-        $ templateRoots2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.177
-    NAME 'pKICertificateTemplate'
-    SUP top
-    STRUCTURAL
-    MAY ( displayName
-        $ flags
-        $ pKIDefaultKeySpec
-        $ pKIKeyUsage
-        $ pKIMaxIssuingDepth
-        $ pKICriticalExtensions
-        $ pKIExpirationPeriod
-        $ pKIOverlapPeriod
-        $ pKIExtendedKeyUsage
-        $ pKIDefaultCSPs
-        $ pKIEnrollmentAccess
-        $ msPKI-RA-Signature
-        $ msPKI-Enrollment-Flag
-        $ msPKI-Private-Key-Flag
-        $ msPKI-Certificate-Name-Flag
-        $ msPKI-Minimal-Key-Size
-        $ msPKI-Template-Schema-Version
-        $ msPKI-Template-Minor-Revision
-        $ msPKI-Cert-Template-OID
-        $ msPKI-Supersede-Templates
-        $ msPKI-RA-Policies
-        $ msPKI-Certificate-Policy
-        $ msPKI-Certificate-Application-Policy
-        $ msPKI-RA-Application-Policies
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.178
-    NAME 'pKIEnrollmentService'
-    SUP top
-    STRUCTURAL
-    MAY ( cACertificate
-        $ dNSHostName
-        $ cACertificateDN
-        $ certificateTemplates
-        $ signatureAlgorithms
-        $ enrollmentProviders
-        $ msPKI-Enrollment-Servers
-        $ msPKI-Site-Name
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.179
-    NAME 'mSMQMigratedUser'
-    SUP top
-    STRUCTURAL
-    MAY ( objectSid
-        $ mSMQSignCertificates
-        $ mSMQDigests
-        $ mSMQDigestsMig
-        $ mSMQSignCertificatesMig
-        $ mSMQUserSid
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.18
-    NAME 'domainPolicy'
-    SUP leaf
-    STRUCTURAL
-    MAY ( authenticationOptions
-        $ forceLogoff
-        $ defaultLocalPolicyObject
-        $ lockoutDuration
-        $ lockOutObservationWindow
-        $ lockoutThreshold
-        $ maxPwdAge
-        $ maxRenewAge
-        $ maxTicketAge
-        $ minPwdAge
-        $ minPwdLength
-        $ minTicketAge
-        $ pwdProperties
-        $ pwdHistoryLength
-        $ proxyLifetime
-        $ eFSPolicy
-        $ publicKeyPolicy
-        $ domainWidePolicy
-        $ domainPolicyReference
-        $ qualityOfService
-        $ ipsecPolicyReference
-        $ managedBy
-        $ domainCAs
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.183
-    NAME 'dSUISettings'
-    SUP top
-    STRUCTURAL
-    MAY ( dSUIAdminNotification
-        $ dSUIAdminMaximum
-        $ dSUIShellMaximum
-        $ msDS-Security-Group-Extra-Classes
-        $ msDS-Non-Security-Group-Extra-Classes
-        $ msDS-FilterContainers
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.184
-    NAME 'mS-SQL-SQLServer'
-    SUP serviceConnectionPoint
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-RegisteredOwner
-        $ mS-SQL-Contact
-        $ mS-SQL-Location
-        $ mS-SQL-Memory
-        $ mS-SQL-Build
-        $ mS-SQL-ServiceAccount
-        $ mS-SQL-CharacterSet
-        $ mS-SQL-SortOrder
-        $ mS-SQL-UnicodeSortOrder
-        $ mS-SQL-Clustered
-        $ mS-SQL-NamedPipe
-        $ mS-SQL-MultiProtocol
-        $ mS-SQL-SPX
-        $ mS-SQL-TCPIP
-        $ mS-SQL-AppleTalk
-        $ mS-SQL-Vines
-        $ mS-SQL-Status
-        $ mS-SQL-LastUpdatedDate
-        $ mS-SQL-InformationURL
-        $ mS-SQL-GPSLatitude
-        $ mS-SQL-GPSLongitude
-        $ mS-SQL-GPSHeight
-        $ mS-SQL-Keywords
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.185
-    NAME 'mS-SQL-OLAPServer'
-    SUP serviceConnectionPoint
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-RegisteredOwner
-        $ mS-SQL-Contact
-        $ mS-SQL-Build
-        $ mS-SQL-ServiceAccount
-        $ mS-SQL-Status
-        $ mS-SQL-InformationURL
-        $ mS-SQL-PublicationURL
-        $ mS-SQL-Version
-        $ mS-SQL-Language
-        $ mS-SQL-Keywords
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.186
-    NAME 'mS-SQL-SQLRepository'
-    SUP top
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-Contact
-        $ mS-SQL-Build
-        $ mS-SQL-Status
-        $ mS-SQL-Version
-        $ mS-SQL-Description
-        $ mS-SQL-InformationDirectory
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.187
-    NAME 'mS-SQL-SQLPublication'
-    SUP top
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-Status
-        $ mS-SQL-Description
-        $ mS-SQL-Type
-        $ mS-SQL-Database
-        $ mS-SQL-AllowAnonymousSubscription
-        $ mS-SQL-Publisher
-        $ mS-SQL-AllowKnownPullSubscription
-        $ mS-SQL-AllowImmediateUpdatingSubscription
-        $ mS-SQL-AllowQueuedUpdatingSubscription
-        $ mS-SQL-AllowSnapshotFilesFTPDownloading
-        $ mS-SQL-ThirdParty
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.188
-    NAME 'mS-SQL-SQLDatabase'
-    SUP top
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-Contact
-        $ mS-SQL-Status
-        $ mS-SQL-InformationURL
-        $ mS-SQL-Description
-        $ mS-SQL-Alias
-        $ mS-SQL-Size
-        $ mS-SQL-CreationDate
-        $ mS-SQL-LastBackupDate
-        $ mS-SQL-LastDiagnosticDate
-        $ mS-SQL-Applications
-        $ mS-SQL-Keywords
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.189
-    NAME 'mS-SQL-OLAPDatabase'
-    SUP top
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-Contact
-        $ mS-SQL-Status
-        $ mS-SQL-LastUpdatedDate
-        $ mS-SQL-InformationURL
-        $ mS-SQL-ConnectionURL
-        $ mS-SQL-PublicationURL
-        $ mS-SQL-Description
-        $ mS-SQL-Type
-        $ mS-SQL-Size
-        $ mS-SQL-LastBackupDate
-        $ mS-SQL-Applications
-        $ mS-SQL-Keywords
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.190
-    NAME 'mS-SQL-OLAPCube'
-    SUP top
-    STRUCTURAL
-    MAY ( mS-SQL-Name
-        $ mS-SQL-Contact
-        $ mS-SQL-Status
-        $ mS-SQL-LastUpdatedDate
-        $ mS-SQL-InformationURL
-        $ mS-SQL-PublicationURL
-        $ mS-SQL-Description
-        $ mS-SQL-Size
-        $ mS-SQL-Keywords
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.191
-    NAME 'aCSResourceLimits'
-    SUP top
-    STRUCTURAL
-    MAY ( aCSMaxTokenRatePerFlow
-        $ aCSMaxPeakBandwidthPerFlow
-        $ aCSServiceType
-        $ aCSAllocableRSVPBandwidth
-        $ aCSMaxPeakBandwidth
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.193
-    NAME 'msCOM-Partition'
-    SUP top
-    STRUCTURAL
-    MAY ( msCOM-ObjectId
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.194
-    NAME 'msCOM-PartitionSet'
-    SUP top
-    STRUCTURAL
-    MAY ( msCOM-PartitionLink
-        $ msCOM-DefaultPartitionLink
-        $ msCOM-ObjectId
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.195
-    NAME 'msPKI-Key-Recovery-Agent'
-    SUP user
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.196
-    NAME 'msPKI-Enterprise-Oid'
-    SUP top
-    STRUCTURAL
-    MAY ( msPKI-Cert-Template-OID
-        $ msPKI-OID-Attribute
-        $ msPKI-OID-CPS
-        $ msPKI-OID-User-Notice
-        $ msPKI-OIDLocalizedName
-        $ msDS-OIDToGroupLink
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.2
-    NAME 'samDomainBase'
-    SUP top
-    AUXILIARY
-    MAY ( nTSecurityDescriptor
-        $ creationTime
-        $ forceLogoff
-        $ lockoutDuration
-        $ lockOutObservationWindow
-        $ lockoutThreshold
-        $ maxPwdAge
-        $ minPwdAge
-        $ minPwdLength
-        $ modifiedCountAtLastProm
-        $ nextRid
-        $ pwdProperties
-        $ pwdHistoryLength
-        $ revision
-        $ objectSid
-        $ oEMInformation
-        $ serverState
-        $ uASCompat
-        $ serverRole
-        $ domainReplica
-        $ modifiedCount
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.20
-    NAME 'leaf'
-    SUP top
-    ABSTRACT
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.200
-    NAME 'msWMI-PolicyTemplate'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-ID
-         $ msWMI-Name
-         $ msWMI-NormalizedClass
-         $ msWMI-TargetClass
-         $ msWMI-TargetNameSpace
-         $ msWMI-TargetPath
-         )
-    MAY ( msWMI-Author
-        $ msWMI-ChangeDate
-        $ msWMI-CreationDate
-        $ msWMI-SourceOrganization
-        $ msWMI-TargetType
-        $ msWMI-intFlags1
-        $ msWMI-intFlags2
-        $ msWMI-intFlags3
-        $ msWMI-intFlags4
-        $ msWMI-Parm1
-        $ msWMI-Parm2
-        $ msWMI-Parm3
-        $ msWMI-Parm4
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.201
-    NAME 'msWMI-SimplePolicyTemplate'
-    SUP msWMI-PolicyTemplate
-    STRUCTURAL
-    MUST ( msWMI-TargetObject
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.202
-    NAME 'msWMI-MergeablePolicyTemplate'
-    SUP msWMI-PolicyTemplate
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.203
-    NAME 'msWMI-RangeParam'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-PropertyName
-         $ msWMI-TargetClass
-         $ msWMI-TargetType
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.204
-    NAME 'msWMI-UnknownRangeParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-NormalizedClass
-         $ msWMI-TargetObject
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.205
-    NAME 'msWMI-IntRangeParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-IntDefault
-         )
-    MAY ( msWMI-IntMax
-        $ msWMI-IntMin
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.206
-    NAME 'msWMI-IntSetParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-IntDefault
-         )
-    MAY ( msWMI-IntValidValues
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.207
-    NAME 'msWMI-UintRangeParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-IntDefault
-         )
-    MAY ( msWMI-IntMax
-        $ msWMI-IntMin
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.208
-    NAME 'msWMI-UintSetParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-IntDefault
-         )
-    MAY ( msWMI-IntValidValues
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.209
-    NAME 'msWMI-RealRangeParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-Int8Default
-         )
-    MAY ( msWMI-Int8Max
-        $ msWMI-Int8Min
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.210
-    NAME 'msWMI-StringSetParam'
-    SUP msWMI-RangeParam
-    STRUCTURAL
-    MUST ( msWMI-StringDefault
-         )
-    MAY ( msWMI-StringValidValues
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.211
-    NAME 'msWMI-PolicyType'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-ID
-         $ msWMI-TargetObject
-         )
-    MAY ( msWMI-Author
-        $ msWMI-ChangeDate
-        $ msWMI-CreationDate
-        $ msWMI-SourceOrganization
-        $ msWMI-intFlags1
-        $ msWMI-intFlags2
-        $ msWMI-intFlags3
-        $ msWMI-intFlags4
-        $ msWMI-Parm1
-        $ msWMI-Parm2
-        $ msWMI-Parm3
-        $ msWMI-Parm4
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.212
-    NAME 'msWMI-ShadowObject'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-TargetObject
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.213
-    NAME 'msWMI-Som'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-ID
-         $ msWMI-Name
-         )
-    MAY ( msWMI-Author
-        $ msWMI-ChangeDate
-        $ msWMI-CreationDate
-        $ msWMI-SourceOrganization
-        $ msWMI-intFlags1
-        $ msWMI-intFlags2
-        $ msWMI-intFlags3
-        $ msWMI-intFlags4
-        $ msWMI-Parm1
-        $ msWMI-Parm2
-        $ msWMI-Parm3
-        $ msWMI-Parm4
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.214
-    NAME 'msWMI-Rule'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-Query
-         $ msWMI-QueryLanguage
-         $ msWMI-TargetNameSpace
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.215
-    NAME 'msWMI-WMIGPO'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-TargetClass
-         )
-    MAY ( msWMI-intFlags1
-        $ msWMI-intFlags2
-        $ msWMI-intFlags3
-        $ msWMI-intFlags4
-        $ msWMI-Parm1
-        $ msWMI-Parm2
-        $ msWMI-Parm3
-        $ msWMI-Parm4
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.216
-    NAME 'applicationVersion'
-    SUP applicationSettings
-    STRUCTURAL
-    MAY ( owner
-        $ keywords
-        $ versionNumber
-        $ vendor
-        $ versionNumberHi
-        $ versionNumberLo
-        $ managedBy
-        $ appSchemaVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.217
-    NAME 'msWMI-ObjectEncoding'
-    SUP top
-    STRUCTURAL
-    MUST ( msWMI-ID
-         $ msWMI-TargetObject
-         $ msWMI-Class
-         $ msWMI-Genus
-         $ msWMI-intFlags1
-         $ msWMI-intFlags2
-         $ msWMI-intFlags3
-         $ msWMI-intFlags4
-         $ msWMI-Parm1
-         $ msWMI-Parm2
-         $ msWMI-Parm3
-         $ msWMI-Parm4
-         $ msWMI-ScopeGuid
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.218
-    NAME 'msMQ-Custom-Recipient'
-    SUP top
-    STRUCTURAL
-    MAY ( msMQ-Recipient-FormatName
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.219
-    NAME 'msMQ-Group'
-    SUP top
-    STRUCTURAL
-    MUST ( member
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.220
-    NAME 'msDS-App-Configuration'
-    SUP applicationSettings
-    STRUCTURAL
-    MAY ( owner
-        $ keywords
-        $ managedBy
-        $ msDS-ByteArray
-        $ msDS-DateTime
-        $ msDS-Integer
-        $ msDS-ObjectReference
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.221
-    NAME 'msTAPI-RtConference'
-    SUP top
-    STRUCTURAL
-    MUST ( msTAPI-uid
-         )
-    MAY ( msTAPI-ProtocolId
-        $ msTAPI-ConferenceBlob
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.222
-    NAME 'msTAPI-RtPerson'
-    SUP top
-    STRUCTURAL
-    MAY ( msTAPI-uid
-        $ msTAPI-IpAddress
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.223
-    NAME 'msPKI-PrivateKeyRecoveryAgent'
-    SUP top
-    STRUCTURAL
-    MUST ( userCertificate
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.23
-    NAME 'printQueue'
-    SUP connectionPoint
-    STRUCTURAL
-    MUST ( uNCName
-         $ versionNumber
-         $ serverName
-         $ printerName
-         $ shortServerName
-         )
-    MAY ( location
-        $ portName
-        $ driverName
-        $ printSeparatorFile
-        $ priority
-        $ defaultPriority
-        $ printStartTime
-        $ printEndTime
-        $ printFormName
-        $ printBinNames
-        $ printMaxResolutionSupported
-        $ printOrientationsSupported
-        $ printMaxCopies
-        $ printCollate
-        $ printColor
-        $ printLanguage
-        $ printAttributes
-        $ printShareName
-        $ printOwner
-        $ printNotify
-        $ printStatus
-        $ printSpooling
-        $ printKeepPrintedJobs
-        $ driverVersion
-        $ printMaxXExtent
-        $ printMaxYExtent
-        $ printMinXExtent
-        $ printMinYExtent
-        $ printStaplingSupported
-        $ printMemory
-        $ assetNumber
-        $ bytesPerMinute
-        $ printRate
-        $ printRateUnit
-        $ printNetworkAddress
-        $ printMACAddress
-        $ printMediaReady
-        $ printNumberUp
-        $ printMediaSupported
-        $ operatingSystem
-        $ operatingSystemVersion
-        $ operatingSystemServicePack
-        $ operatingSystemHotfix
-        $ physicalLocationObject
-        $ printPagesPerMinute
-        $ printDuplexSupported
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.234
-    NAME 'msDS-AzAdminManager'
-    SUP top
-    STRUCTURAL
-    MAY ( description
-        $ msDS-AzDomainTimeout
-        $ msDS-AzScriptEngineCacheMax
-        $ msDS-AzScriptTimeout
-        $ msDS-AzGenerateAudits
-        $ msDS-AzApplicationData
-        $ msDS-AzMajorVersion
-        $ msDS-AzMinorVersion
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.235
-    NAME 'msDS-AzApplication'
-    SUP top
-    STRUCTURAL
-    MAY ( description
-        $ msDS-AzApplicationName
-        $ msDS-AzGenerateAudits
-        $ msDS-AzClassId
-        $ msDS-AzApplicationVersion
-        $ msDS-AzApplicationData
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.236
-    NAME 'msDS-AzOperation'
-    SUP top
-    STRUCTURAL
-    MUST ( msDS-AzOperationID
-         )
-    MAY ( description
-        $ msDS-AzApplicationData
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.237
-    NAME 'msDS-AzScope'
-    SUP top
-    STRUCTURAL
-    MUST ( msDS-AzScopeName
-         )
-    MAY ( description
-        $ msDS-AzApplicationData
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.238
-    NAME 'msDS-AzTask'
-    SUP top
-    STRUCTURAL
-    MAY ( description
-        $ msDS-AzBizRule
-        $ msDS-AzBizRuleLanguage
-        $ msDS-AzLastImportedBizRulePath
-        $ msDS-OperationsForAzTask
-        $ msDS-TasksForAzTask
-        $ msDS-AzTaskIsRoleDefinition
-        $ msDS-AzApplicationData
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.239
-    NAME 'msDS-AzRole'
-    SUP top
-    STRUCTURAL
-    MAY ( description
-        $ msDS-MembersForAzRole
-        $ msDS-OperationsForAzRole
-        $ msDS-TasksForAzRole
-        $ msDS-AzApplicationData
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.24
-    NAME 'remoteMailRecipient'
-    SUP top
-    STRUCTURAL
-    MAY ( remoteSource
-        $ remoteSourceType
-        $ managedBy
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.240
-    NAME 'msieee80211-Policy'
-    SUP top
-    STRUCTURAL
-    MAY ( msieee80211-Data
-        $ msieee80211-DataType
-        $ msieee80211-ID
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.241
-    NAME 'msDS-AppData'
-    SUP applicationSettings
-    STRUCTURAL
-    MAY ( owner
-        $ keywords
-        $ managedBy
-        $ msDS-ByteArray
-        $ msDS-DateTime
-        $ msDS-Integer
-        $ msDS-ObjectReference
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.242
-    NAME 'msDS-QuotaContainer'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( msDS-DefaultQuota
-        $ msDS-TombstoneQuotaFactor
-        $ msDS-QuotaEffective
-        $ msDS-QuotaUsed
-        $ msDS-TopQuotaUsage
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.243
-    NAME 'msDS-QuotaControl'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ msDS-QuotaTrustee
-         $ msDS-QuotaAmount
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.251
-    NAME 'ms-net-ieee-80211-GroupPolicy'
-    SUP top
-    STRUCTURAL
-    MAY ( ms-net-ieee-80211-GP-PolicyGUID
-        $ ms-net-ieee-80211-GP-PolicyData
-        $ ms-net-ieee-80211-GP-PolicyReserved
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.252
-    NAME 'ms-net-ieee-8023-GroupPolicy'
-    SUP top
-    STRUCTURAL
-    MAY ( ms-net-ieee-8023-GP-PolicyGUID
-        $ ms-net-ieee-8023-GP-PolicyData
-        $ ms-net-ieee-8023-GP-PolicyReserved
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.253
-    NAME 'msFVE-RecoveryInformation'
-    SUP top
-    STRUCTURAL
-    MUST ( msFVE-RecoveryPassword
-         $ msFVE-RecoveryGuid
-         )
-    MAY ( msFVE-VolumeGuid
-        $ msFVE-KeyPackage
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.254
-    NAME 'nTDSDSARO'
-    SUP nTDSDSA
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.255
-    NAME 'msDS-PasswordSettings'
-    SUP top
-    STRUCTURAL
-    MUST ( msDS-MaximumPasswordAge
-         $ msDS-MinimumPasswordAge
-         $ msDS-MinimumPasswordLength
-         $ msDS-PasswordHistoryLength
-         $ msDS-PasswordComplexityEnabled
-         $ msDS-PasswordReversibleEncryptionEnabled
-         $ msDS-LockoutObservationWindow
-         $ msDS-LockoutDuration
-         $ msDS-LockoutThreshold
-         $ msDS-PasswordSettingsPrecedence
-         )
-    MAY ( msDS-PSOAppliesTo
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.256
-    NAME 'msDS-PasswordSettingsContainer'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.257
-    NAME 'msDFS-NamespaceAnchor'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFS-SchemaMajorVersion
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.258
-    NAME 'msDFS-Namespacev2'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFS-SchemaMajorVersion
-         $ msDFS-SchemaMinorVersion
-         $ msDFS-GenerationGUIDv2
-         $ msDFS-NamespaceIdentityGUIDv2
-         $ msDFS-LastModifiedv2
-         $ msDFS-Ttlv2
-         $ msDFS-Propertiesv2
-         $ msDFS-TargetListv2
-         )
-    MAY ( msDFS-Commentv2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.259
-    NAME 'msDFS-Linkv2'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFS-GenerationGUIDv2
-         $ msDFS-NamespaceIdentityGUIDv2
-         $ msDFS-LastModifiedv2
-         $ msDFS-Ttlv2
-         $ msDFS-Propertiesv2
-         $ msDFS-TargetListv2
-         $ msDFS-LinkPathv2
-         $ msDFS-LinkIdentityGUIDv2
-         )
-    MAY ( msDFS-Commentv2
-        $ msDFS-LinkSecurityDescriptorv2
-        $ msDFS-ShortNameLinkPathv2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.26
-    NAME 'rpcProfileElement'
-    SUP rpcEntry
-    STRUCTURAL
-    MUST ( rpcNsInterfaceID
-         $ rpcNsPriority
-         )
-    MAY ( rpcNsProfileEntry
-        $ rpcNsAnnotation
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.260
-    NAME 'msDFS-DeletedLinkv2'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFS-NamespaceIdentityGUIDv2
-         $ msDFS-LastModifiedv2
-         $ msDFS-LinkPathv2
-         $ msDFS-LinkIdentityGUIDv2
-         )
-    MAY ( msDFS-Commentv2
-        $ msDFS-ShortNameLinkPathv2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.262
-    NAME 'msImaging-PSPs'
-    SUP container
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.263
-    NAME 'msImaging-PostScanProcess'
-    SUP top
-    STRUCTURAL
-    MUST ( displayName
-         $ msImaging-PSPIdentifier
-         )
-    MAY ( serverName
-        $ msImaging-PSPString
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.264
-    NAME 'msDS-ManagedServiceAccount'
-    SUP computer
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.265
-    NAME 'msDS-OptionalFeature'
-    SUP top
-    STRUCTURAL
-    MUST ( msDS-OptionalFeatureGUID
-         $ msDS-OptionalFeatureFlags
-         )
-    MAY ( msDS-RequiredDomainBehaviorVersion
-        $ msDS-RequiredForestBehaviorVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.27
-    NAME 'rpcEntry'
-    SUP connectionPoint
-    ABSTRACT
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.28
-    NAME 'secret'
-    SUP leaf
-    STRUCTURAL
-    MAY ( currentValue
-        $ lastSetTime
-        $ priorSetTime
-        $ priorValue
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.29
-    NAME 'serviceClass'
-    SUP leaf
-    STRUCTURAL
-    MUST ( displayName
-         $ serviceClassID
-         )
-    MAY ( serviceClassInfo
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.3
-    NAME 'samDomain'
-    SUP top
-    AUXILIARY
-    MAY ( description
-        $ cACertificate
-        $ builtinCreationTime
-        $ builtinModifiedCount
-        $ creationTime
-        $ domainPolicyObject
-        $ defaultLocalPolicyObject
-        $ lockoutDuration
-        $ lockOutObservationWindow
-        $ lSACreationTime
-        $ lSAModifiedCount
-        $ lockoutThreshold
-        $ maxPwdAge
-        $ minPwdAge
-        $ minPwdLength
-        $ modifiedCountAtLastProm
-        $ nETBIOSName
-        $ nextRid
-        $ pwdProperties
-        $ pwdHistoryLength
-        $ privateKey
-        $ replicaSource
-        $ controlAccessRights
-        $ auditingPolicy
-        $ eFSPolicy
-        $ desktopProfile
-        $ nTMixedDomain
-        $ rIDManagerReference
-        $ treeName
-        $ pekList
-        $ pekKeyChangeInterval
-        $ gPLink
-        $ gPOptions
-        $ ms-DS-MachineAccountQuota
-        $ msDS-LogonTimeSyncInterval
-        $ msDS-PerUserTrustQuota
-        $ msDS-AllUsersTrustQuota
-        $ msDS-PerUserTrustTombstonesQuota
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.30
-    NAME 'serviceInstance'
-    SUP connectionPoint
-    STRUCTURAL
-    MUST ( displayName
-         $ serviceClassID
-         )
-    MAY ( winsockAddresses
-        $ serviceInstanceVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.31
-    NAME 'site'
-    SUP top
-    STRUCTURAL
-    MAY ( location
-        $ notificationList
-        $ managedBy
-        $ gPLink
-        $ gPOptions
-        $ mSMQSiteID
-        $ mSMQNt4Stub
-        $ mSMQSiteForeign
-        $ mSMQInterval1
-        $ mSMQInterval2
-        $ msDS-BridgeHeadServersUsed
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.33
-    NAME 'storage'
-    SUP connectionPoint
-    STRUCTURAL
-    MAY ( moniker
-        $ monikerDisplayName
-        $ iconPath
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.34
-    NAME 'trustedDomain'
-    SUP leaf
-    STRUCTURAL
-    MAY ( securityIdentifier
-        $ trustAuthIncoming
-        $ trustDirection
-        $ trustPartner
-        $ trustPosixOffset
-        $ trustAuthOutgoing
-        $ trustType
-        $ trustAttributes
-        $ domainCrossRef
-        $ flatName
-        $ initialAuthIncoming
-        $ initialAuthOutgoing
-        $ domainIdentifier
-        $ additionalTrustedServiceNames
-        $ mS-DS-CreatorSID
-        $ msDS-TrustForestTrustInfo
-        $ msDS-SupportedEncryptionTypes
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.36
-    NAME 'volume'
-    SUP connectionPoint
-    STRUCTURAL
-    MUST ( uNCName
-         )
-    MAY ( contentIndexingAllowed
-        $ lastContentIndexed
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.4
-    NAME 'builtinDomain'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.42
-    NAME 'dfsConfiguration'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.43
-    NAME 'fTDfs'
-    SUP top
-    STRUCTURAL
-    MUST ( remoteServerName
-         $ pKTGuid
-         $ pKT
-         )
-    MAY ( keywords
-        $ uNCName
-        $ managedBy
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.44
-    NAME 'classStore'
-    SUP top
-    STRUCTURAL
-    MAY ( versionNumber
-        $ nextLevelStore
-        $ lastUpdateSequence
-        $ appSchemaVersion
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.49
-    NAME 'packageRegistration'
-    SUP top
-    STRUCTURAL
-    MAY ( msiScriptPath
-        $ cOMClassID
-        $ cOMInterfaceID
-        $ cOMProgID
-        $ localeID
-        $ machineArchitecture
-        $ iconPath
-        $ cOMTypelibId
-        $ vendor
-        $ packageType
-        $ setupCommand
-        $ packageName
-        $ packageFlags
-        $ versionNumberHi
-        $ versionNumberLo
-        $ lastUpdateSequence
-        $ managedBy
-        $ msiFileList
-        $ categories
-        $ upgradeProductCode
-        $ msiScript
-        $ canUpgradeScript
-        $ fileExtPriority
-        $ productCode
-        $ msiScriptName
-        $ msiScriptSize
-        $ installUiLevel
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.5
-    NAME 'samServer'
-    SUP securityObject
-    STRUCTURAL
-    MAY ( samDomainUpdates
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.52
-    NAME 'fileLinkTracking'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.53
-    NAME 'typeLibrary'
-    SUP top
-    STRUCTURAL
-    MAY ( cOMClassID
-        $ cOMInterfaceID
-        $ cOMUniqueLIBID
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.59
-    NAME 'fileLinkTrackingEntry'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.6
-    NAME 'securityPrincipal'
-    SUP top
-    AUXILIARY
-    MUST ( objectSid
-         )
-    MAY ( nTSecurityDescriptor
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-# lotus move from MUST to MAY
-        $ sAMAccountName
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.66
-    NAME 'domain'
-    SUP top
-    ABSTRACT
-    MUST ( dc
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.67
-    NAME 'domainDNS'
-    SUP domain
-    STRUCTURAL
-    MAY ( managedBy
-        $ msDS-Behavior-Version
-        $ msDS-AllowedDNSSuffixes
-        $ msDS-USNLastSyncSuccess
-        $ msDS-EnabledFeature
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.68
-    NAME 'applicationSiteSettings'
-    SUP top
-    ABSTRACT
-    MAY ( applicationName
-        $ notificationList
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.69
-    NAME 'nTDSSiteSettings'
-    SUP applicationSiteSettings
-    STRUCTURAL
-    MAY ( schedule
-        $ options
-        $ queryPolicyObject
-        $ managedBy
-        $ interSiteTopologyGenerator
-        $ interSiteTopologyRenew
-        $ interSiteTopologyFailover
-        $ msDS-Preferred-GC-Site
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.7000.47
-    NAME 'nTDSDSA'
-    SUP applicationSettings
-    STRUCTURAL
-    MAY ( hasMasterNCs
-        $ hasPartialReplicaNCs
-        $ dMDLocation
-        $ invocationId
-        $ networkAddress
-        $ options
-        $ fRSRootPath
-        $ serverReference
-        $ lastBackupRestorationTime
-        $ queryPolicyObject
-        $ managedBy
-        $ retiredReplDSASignatures
-        $ msDS-Behavior-Version
-        $ msDS-HasInstantiatedNCs
-        $ msDS-ReplicationEpoch
-        $ msDS-HasDomainNCs
-        $ msDS-RetiredReplNCSignatures
-        $ msDS-hasMasterNCs
-        $ msDS-RevealedUsers
-        $ msDS-hasFullReplicaNCs
-        $ msDS-NeverRevealGroup
-        $ msDS-RevealOnDemandGroup
-        $ msDS-isGC
-        $ msDS-isRODC
-        $ msDS-SiteName
-        $ msDS-IsUserCachableAtRodc
-        $ msDS-EnabledFeature
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.7000.48
-    NAME 'serversContainer'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.7000.49
-    NAME 'applicationSettings'
-    SUP top
-    ABSTRACT
-    MAY ( applicationName
-        $ notificationList
-        $ msDS-Settings
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.7000.53
-    NAME 'crossRefContainer'
-    SUP top
-    STRUCTURAL
-    MAY ( uPNSuffixes
-        $ msDS-Behavior-Version
-        $ msDS-SPNSuffixes
-        $ msDS-UpdateScript
-        $ msDS-ExecuteScriptPassword
-        $ msDS-EnabledFeature
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.7000.56
-    NAME 'ipsecBase'
-    SUP top
-    ABSTRACT
-    MAY ( ipsecName
-        $ ipsecID
-        $ ipsecDataType
-        $ ipsecData
-        $ ipsecOwnersReference
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.71
-    NAME 'nTDSConnection'
-    SUP leaf
-    STRUCTURAL
-    MUST ( enabledConnection
-         $ fromServer
-         $ options
-         )
-    MAY ( generatedConnection
-        $ schedule
-        $ transportType
-        $ mS-DS-ReplicatesNCReason
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.72
-    NAME 'nTDSService'
-    SUP top
-    STRUCTURAL
-    MAY ( tombstoneLifetime
-        $ dSHeuristics
-        $ garbageCollPeriod
-        $ replTopologyStayOfExecution
-        $ sPNMappings
-        $ msDS-Other-Settings
-        $ msDS-DeletedObjectLifetime
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.73
-    NAME 'rpcServerElement'
-    SUP rpcEntry
-    STRUCTURAL
-    MUST ( rpcNsBindings
-         $ rpcNsInterfaceID
-         $ rpcNsTransferSyntax
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.74
-    NAME 'categoryRegistration'
-    SUP leaf
-    STRUCTURAL
-    MAY ( localeID
-        $ categoryId
-        $ managedBy
-        $ localizedDescription
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.76
-    NAME 'foreignSecurityPrincipal'
-    SUP top
-    STRUCTURAL
-    MUST ( externalObjectId )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.77
-    NAME 'controlAccessRight'
-    SUP top
-    STRUCTURAL
-    MAY ( rightsGuid
-        $ appliesTo
-        $ localizationDisplayId
-        $ validAccesses
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.78
-    NAME 'licensingSiteSettings'
-    SUP applicationSiteSettings
-    STRUCTURAL
-    MAY ( siteServer
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.8
-    NAME 'group'
-    SUP top
-    STRUCTURAL
-    MUST ( groupType
-         )
-    MAY ( member
-        $ nTGroupMembers
-        $ operatorCount
-        $ adminCount
-        $ groupAttributes
-        $ groupMembershipSAM
-        $ controlAccessRights
-        $ desktopProfile
-        $ nonSecurityMember
-        $ managedBy
-        $ primaryGroupToken
-        $ msDS-AzLDAPQuery
-        $ msDS-NonMembers
-        $ msDS-AzBizRule
-        $ msDS-AzBizRuleLanguage
-        $ msDS-AzLastImportedBizRulePath
-        $ msDS-AzApplicationData
-        $ msDS-AzObjectGuid
-        $ msDS-AzGenericData
-        $ mail
-        $ msSFU30Name
-        $ msSFU30NisDomain
-        $ msSFU30PosixMember
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.80
-    NAME 'rpcGroup'
-    SUP rpcEntry
-    STRUCTURAL
-    MAY ( rpcNsGroup
-        $ rpcNsObjectID
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.81
-    NAME 'rpcServer'
-    SUP rpcEntry
-    STRUCTURAL
-    MAY ( rpcNsObjectID
-        $ rpcNsCodeset
-        $ rpcNsEntryFlags
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.82
-    NAME 'rpcProfile'
-    SUP rpcEntry
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.83
-    NAME 'rIDManager'
-    SUP top
-    STRUCTURAL
-    MUST ( rIDAvailablePool
-         )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.84
-    NAME 'displaySpecifier'
-    SUP top
-    STRUCTURAL
-    MAY ( iconPath
-        $ creationWizard
-        $ contextMenu
-        $ adminPropertyPages
-        $ shellPropertyPages
-        $ classDisplayName
-        $ adminContextMenu
-        $ shellContextMenu
-        $ attributeDisplayNames
-        $ treatAsLeaf
-        $ createDialog
-        $ createWizardExt
-        $ scopeFlags
-        $ queryFilter
-        $ extraColumns
-        $ adminMultiselectPropertyPages
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.85
-    NAME 'dnsZone'
-    SUP top
-    STRUCTURAL
-    MUST ( dc
-         )
-    MAY ( dnsAllowDynamic
-        $ dnsAllowXFR
-        $ dnsSecureSecondaries
-        $ dnsNotifySecondaries
-        $ managedBy
-        $ dNSProperty
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.86
-    NAME 'dnsNode'
-    SUP top
-    STRUCTURAL
-    MUST ( dc
-         )
-    MAY ( dnsRecord
-        $ dNSProperty
-        $ dNSTombstoned
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.89
-    NAME 'nTFRSSettings'
-    SUP applicationSettings
-    STRUCTURAL
-    MAY ( fRSExtensions
-        $ managedBy
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.9
-    NAME 'user'
-    SUP organizationalPerson
-    STRUCTURAL
-    MAY ( o
-        $ businessCategory
-        $ userCertificate
-        $ givenName
-        $ initials
-        $ x500uniqueIdentifier
-        $ displayName
-        $ networkAddress
-        $ employeeNumber
-        $ employeeType
-        $ homePostalAddress
-        $ userAccountControl
-        $ badPwdCount
-        $ codePage
-        $ homeDirectory
-        $ homeDrive
-        $ badPasswordTime
-        $ lastLogoff
-        $ lastLogon
-        $ dBCSPwd
-        $ localeID
-        $ scriptPath
-        $ logonHours
-        $ logonWorkstation
-        $ maxStorage
-        $ userWorkstations
-        $ unicodePwd
-        $ otherLoginWorkstations
-        $ ntPwdHistory
-        $ pwdLastSet
-        $ preferredOU
-        $ primaryGroupID
-        $ userParameters
-        $ profilePath
-        $ operatorCount
-        $ adminCount
-        $ accountExpires
-        $ lmPwdHistory
-        $ groupMembershipSAM
-        $ logonCount
-        $ controlAccessRights
-        $ defaultClassStore
-        $ groupsToIgnore
-        $ groupPriority
-        $ desktopProfile
-        $ dynamicLDAPServer
-        $ userPrincipalName
-        $ lockoutTime
-        $ userSharedFolder
-        $ userSharedFolderOther
-        $ servicePrincipalName
-        $ aCSPolicyName
-        $ terminalServer
-        $ mSMQSignCertificates
-        $ mSMQDigests
-        $ mSMQDigestsMig
-        $ mSMQSignCertificatesMig
-        $ msNPAllowDialin
-        $ msNPCallingStationID
-        $ msNPSavedCallingStationID
-        $ msRADIUSCallbackNumber
-        $ msRADIUSFramedIPAddress
-        $ msRADIUSFramedRoute
-        $ msRADIUSServiceType
-        $ msRASSavedCallbackNumber
-        $ msRASSavedFramedIPAddress
-        $ msRASSavedFramedRoute
-        $ mS-DS-CreatorSID
-        $ msCOM-UserPartitionSetLink
-        $ msDS-Cached-Membership
-        $ msDS-Cached-Membership-Time-Stamp
-        $ msDS-Site-Affinity
-        $ msDS-User-Account-Control-Computed
-        $ lastLogonTimestamp
-        $ msIIS-FTPRoot
-        $ msIIS-FTPDir
-        $ msDRM-IdentityCertificate
-        $ msDS-SourceObjectDN
-        $ msPKIRoamingTimeStamp
-        $ msPKIDPAPIMasterKeys
-        $ msPKIAccountCredentials
-        $ msRADIUS-FramedInterfaceId
-        $ msRADIUS-SavedFramedInterfaceId
-        $ msRADIUS-FramedIpv6Prefix
-        $ msRADIUS-SavedFramedIpv6Prefix
-        $ msRADIUS-FramedIpv6Route
-        $ msRADIUS-SavedFramedIpv6Route
-        $ msDS-SecondaryKrbTgtNumber
-        $ msDS-AuthenticatedAtDC
-        $ msDS-SupportedEncryptionTypes
-        $ msDS-LastSuccessfulInteractiveLogonTime
-        $ msDS-LastFailedInteractiveLogonTime
-        $ msDS-FailedInteractiveLogonCount
-        $ msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
-        $ msTSProfilePath
-        $ msTSHomeDirectory
-        $ msTSHomeDrive
-        $ msTSAllowLogon
-        $ msTSRemoteControl
-        $ msTSMaxDisconnectionTime
-        $ msTSMaxConnectionTime
-        $ msTSMaxIdleTime
-        $ msTSReconnectionAction
-        $ msTSBrokenConnectionAction
-        $ msTSConnectClientDrives
-        $ msTSConnectPrinterDrives
-        $ msTSDefaultToMainPrinter
-        $ msTSWorkDirectory
-        $ msTSInitialProgram
-        $ msTSProperty01
-        $ msTSProperty02
-        $ msTSExpireDate
-        $ msTSLicenseVersion
-        $ msTSManagingLS
-        $ msDS-UserPasswordExpiryTimeComputed
-        $ msTSExpireDate2
-        $ msTSLicenseVersion2
-        $ msTSManagingLS2
-        $ msTSExpireDate3
-        $ msTSLicenseVersion3
-        $ msTSManagingLS3
-        $ msTSExpireDate4
-        $ msTSLicenseVersion4
-        $ msTSManagingLS4
-        $ msTSLSProperty01
-        $ msTSLSProperty02
-        $ msDS-ResultantPSO
-        $ msPKI-CredentialRoamingTokens
-        $ msTSPrimaryDesktop
-        $ msTSSecondaryDesktops
-        $ userSMIMECertificate
-        $ uid
-        $ mail
-        $ roomNumber
-        $ photo
-        $ manager
-        $ homePhone
-        $ secretary
-        $ mobile
-        $ pager
-        $ audio
-        $ jpegPhoto
-        $ carLicense
-        $ departmentNumber
-        $ preferredLanguage
-        $ userPKCS12
-        $ labeledURI
-        $ msSFU30Name
-        $ msSFU30NisDomain
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.90
-    NAME 'linkTrackVolumeTable'
-    SUP fileLinkTracking
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.91
-    NAME 'linkTrackObjectMoveTable'
-    SUP fileLinkTracking
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.92
-    NAME 'linkTrackVolEntry'
-    SUP leaf
-    STRUCTURAL
-    MAY ( linkTrackSecret
-        $ volTableIdxGUID
-        $ volTableGUID
-        $ currMachineId
-        $ timeVolChange
-        $ timeRefresh
-        $ seqNotification
-        $ objectCount
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.93
-    NAME 'linkTrackOMTEntry'
-    SUP leaf
-    STRUCTURAL
-    MAY ( birthLocation
-        $ oMTIndxGuid
-        $ currentLocation
-        $ timeRefresh
-        $ oMTGuid
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.94
-    NAME 'serviceAdministrationPoint'
-    SUP serviceConnectionPoint
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.95
-    NAME 'subnetContainer'
-    SUP top
-    STRUCTURAL
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.96
-    NAME 'subnet'
-    SUP top
-    STRUCTURAL
-    MAY ( location
-        $ siteObject
-        $ physicalLocationObject
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.97
-    NAME 'physicalLocation'
-    SUP locality
-    STRUCTURAL
-    MAY ( managedBy
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.5.98
-    NAME 'ipsecPolicy'
-    SUP ipsecBase
-    STRUCTURAL
-    MAY ( ipsecISAKMPReference
-        $ ipsecNFAReference
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.1
-    NAME 'msDFSR-LocalSettings'
-    SUP top
-    STRUCTURAL
-    MAY ( msDFSR-Version
-        $ msDFSR-Extension
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-Options2
-        $ msDFSR-CommonStagingPath
-        $ msDFSR-CommonStagingSizeInMb
-        $ msDFSR-StagingCleanupTriggerInPercent
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.10
-    NAME 'msDFSR-Connection'
-    SUP top
-    STRUCTURAL
-    MUST ( fromServer
-         )
-    MAY ( msDFSR-Extension
-        $ msDFSR-Enabled
-        $ msDFSR-Schedule
-        $ msDFSR-Keywords
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-RdcEnabled
-        $ msDFSR-RdcMinFileSizeInKb
-        $ msDFSR-Priority
-        $ msDFSR-DisablePacketPrivacy
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.2
-    NAME 'msDFSR-Subscriber'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFSR-ReplicationGroupGuid
-         $ msDFSR-MemberReference
-         )
-    MAY ( msDFSR-Extension
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.3
-    NAME 'msDFSR-Subscription'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFSR-ContentSetGuid
-         $ msDFSR-ReplicationGroupGuid
-         )
-    MAY ( msDFSR-Extension
-        $ msDFSR-RootPath
-        $ msDFSR-RootSizeInMb
-        $ msDFSR-StagingPath
-        $ msDFSR-StagingSizeInMb
-        $ msDFSR-ConflictPath
-        $ msDFSR-ConflictSizeInMb
-        $ msDFSR-Enabled
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-RootFence
-        $ msDFSR-DfsLinkTarget
-        $ msDFSR-DeletedPath
-        $ msDFSR-DeletedSizeInMb
-        $ msDFSR-ReadOnly
-        $ msDFSR-CachePolicy
-        $ msDFSR-MinDurationCacheInMin
-        $ msDFSR-MaxAgeInCacheInMin
-        $ msDFSR-OnDemandExclusionFileFilter
-        $ msDFSR-OnDemandExclusionDirectoryFilter
-        $ msDFSR-Options2
-        $ msDFSR-StagingCleanupTriggerInPercent
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.4
-    NAME 'msDFSR-GlobalSettings'
-    SUP top
-    STRUCTURAL
-    MAY ( msDFSR-Extension
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.5
-    NAME 'msDFSR-ReplicationGroup'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFSR-ReplicationGroupType
-         )
-    MAY ( description
-        $ msDFSR-Version
-        $ msDFSR-Extension
-        $ msDFSR-RootSizeInMb
-        $ msDFSR-StagingSizeInMb
-        $ msDFSR-ConflictSizeInMb
-        $ msDFSR-TombstoneExpiryInMin
-        $ msDFSR-FileFilter
-        $ msDFSR-DirectoryFilter
-        $ msDFSR-Schedule
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-DeletedSizeInMb
-        $ msDFSR-DefaultCompressionExclusionFilter
-        $ msDFSR-OnDemandExclusionFileFilter
-        $ msDFSR-OnDemandExclusionDirectoryFilter
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.6
-    NAME 'msDFSR-Content'
-    SUP top
-    STRUCTURAL
-    MAY ( msDFSR-Extension
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.7
-    NAME 'msDFSR-ContentSet'
-    SUP top
-    STRUCTURAL
-    MAY ( description
-        $ msDFSR-Extension
-        $ msDFSR-RootSizeInMb
-        $ msDFSR-StagingSizeInMb
-        $ msDFSR-ConflictSizeInMb
-        $ msDFSR-FileFilter
-        $ msDFSR-DirectoryFilter
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-DfsPath
-        $ msDFSR-Priority
-        $ msDFSR-DeletedSizeInMb
-        $ msDFSR-DefaultCompressionExclusionFilter
-        $ msDFSR-OnDemandExclusionFileFilter
-        $ msDFSR-OnDemandExclusionDirectoryFilter
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.8
-    NAME 'msDFSR-Topology'
-    SUP top
-    STRUCTURAL
-    MAY ( msDFSR-Extension
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.13.4.9
-    NAME 'msDFSR-Member'
-    SUP top
-    STRUCTURAL
-    MUST ( msDFSR-ComputerReference
-         )
-    MAY ( serverReference
-        $ msDFSR-Extension
-        $ msDFSR-Keywords
-        $ msDFSR-Flags
-        $ msDFSR-Options
-        $ msDFSR-Options2
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.18.2.211
-    NAME 'msSFU30MailAliases'
-    SUP top
-    STRUCTURAL
-    MAY ( msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.18.2.212
-    NAME 'msSFU30NetId'
-    SUP top
-    STRUCTURAL
-    MAY ( msSFU30Name
-        $ msSFU30KeyValues
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.18.2.215
-    NAME 'msSFU30DomainInfo'
-    SUP top
-    STRUCTURAL
-    MAY ( msSFU30SearchContainer
-        $ msSFU30MasterServerName
-        $ msSFU30OrderNumber
-        $ msSFU30Domains
-        $ msSFU30YpServers
-        $ msSFU30MaxGidNumber
-        $ msSFU30MaxUidNumber
-        $ msSFU30IsValidContainer
-        $ msSFU30CryptMethod
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.18.2.216
-    NAME 'msSFU30NetworkUser'
-    SUP top
-    STRUCTURAL
-    MAY ( msSFU30Name
-        $ msSFU30KeyValues
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.18.2.217
-    NAME 'msSFU30NISMapConfig'
-    SUP top
-    STRUCTURAL
-    MAY ( msSFU30KeyAttributes
-        $ msSFU30FieldSeparator
-        $ msSFU30IntraFieldSeparator
-        $ msSFU30SearchAttributes
-        $ msSFU30ResultAttributes
-        $ msSFU30MapFilter
-        $ msSFU30NSMAPFieldPosition
-        )
-    )
-
-objectClasses: (
-    1.2.840.113556.1.6.23.2
-    NAME 'msPrint-ConnectionPolicy'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( uNCName
-        $ serverName
-        $ printAttributes
-        $ printerName
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.0
-    NAME 'posixAccount'
-    SUP top
-    AUXILIARY
-    MAY ( cn
-        $ description
-        $ userPassword
-        $ homeDirectory
-        $ unixUserPassword
-        $ uid
-        $ uidNumber
-        $ gidNumber
-        $ gecos
-        $ unixHomeDirectory
-        $ loginShell
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.1
-    NAME 'shadowAccount'
-    SUP top
-    AUXILIARY
-    MAY ( description
-        $ userPassword
-        $ uid
-        $ shadowLastChange
-        $ shadowMin
-        $ shadowMax
-        $ shadowWarning
-        $ shadowInactive
-        $ shadowExpire
-        $ shadowFlag
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.10
-    NAME 'nisObject'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ nisMapName
-         $ nisMapEntry
-         )
-    MAY ( description
-        $ msSFU30Name
-        $ msSFU30NisDomain
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.11
-    NAME 'ieee802Device'
-    SUP top
-    AUXILIARY
-    MAY ( cn
-        $ macAddress
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.12
-    NAME 'bootableDevice'
-    SUP top
-    AUXILIARY
-    MAY ( cn
-        $ bootParameter
-        $ bootFile
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.2
-    NAME 'posixGroup'
-    SUP top
-    AUXILIARY
-    MAY ( cn
-        $ description
-        $ userPassword
-        $ unixUserPassword
-        $ gidNumber
-        $ memberUid
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.3
-    NAME 'ipService'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ ipServicePort
-         $ ipServiceProtocol
-         )
-    MAY ( description
-        $ msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.4
-    NAME 'ipProtocol'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ ipProtocolNumber
-         )
-    MAY ( description
-        $ msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.5
-    NAME 'oncRpc'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ oncRpcNumber
-         )
-    MAY ( description
-        $ msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.6
-    NAME 'ipHost'
-    SUP top
-    AUXILIARY
-    MAY ( cn
-        $ l
-        $ description
-        $ uid
-        $ manager
-        $ ipHostNumber
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.7
-    NAME 'ipNetwork'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ ipNetworkNumber
-         )
-    MAY ( l
-        $ description
-        $ uid
-        $ manager
-        $ msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ ipNetmaskNumber
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.8
-    NAME 'nisNetgroup'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( description
-        $ msSFU30Name
-        $ msSFU30NisDomain
-        $ msSFU30NetgroupHostAtDomain
-        $ msSFU30NetgroupUserAtDomain
-        $ memberNisNetgroup
-        $ nisNetgroupTriple
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.1.1.2.9
-    NAME 'nisMap'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ nisMapName
-         )
-    MAY ( description
-        )
-    )
-
-objectClasses: (
-    1.3.6.1.4.1.1466.101.119.2
-    NAME 'dynamicObject'
-    SUP top
-    AUXILIARY
-    MAY ( msDS-Entry-Time-To-Die
-        $ entryTTL
-        )
-    )
-
-objectClasses: (
-    2.16.840.1.113730.3.2.2
-    NAME 'inetOrgPerson'
-    SUP user
-    STRUCTURAL
-    MAY ( o
-        $ businessCategory
-        $ userCertificate
-        $ givenName
-        $ initials
-        $ x500uniqueIdentifier
-        $ displayName
-        $ employeeNumber
-        $ employeeType
-        $ homePostalAddress
-        $ userSMIMECertificate
-        $ uid
-        $ mail
-        $ roomNumber
-        $ photo
-        $ manager
-        $ homePhone
-        $ secretary
-        $ mobile
-        $ pager
-        $ audio
-        $ jpegPhoto
-        $ carLicense
-        $ departmentNumber
-        $ preferredLanguage
-        $ userPKCS12
-        $ labeledURI
-        )
-    )
-
-################# (does not support subtreeSpecification for now)
-objectClasses: (
-    2.5.17.0
-    NAME 'subentry'
-    DESC 'RFC3672: subentry'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    )
-
-#objectClasses: (
-#    2.5.20.1
-#    NAME 'subschema'
-#    DESC 'RFC4512: controllingsubschema (sub)entry'
-#    AUXILIARY
-#    MAY ( ldapSyntaxes
-#        $ objectClasses
-#        $ attributeTypes
-#        $ matchingRules
-#        $ matchingRuleUse
-#        $ dITContentRules
-#        $ dITStructureRules
-#        $ vmwAttributeToIdMap
-#        )
-#    )
-
-#
-# moved instancetype ntsecuritydescripto objectcategory from must to may
-#
-objectClasses: (
-    2.5.6.0
-    NAME 'top'
-    ABSTRACT
-    MUST ( objectClass
-         $ nTSecurityDescriptor
-         )
-    MAY ( cn
-         $ instanceType
-         $ objectCategory
-        $ description
-        $ distinguishedName
-        $ whenCreated
-        $ whenChanged
-        $ subRefs
-        $ displayName
-        $ uSNCreated
-        $ isDeleted
-        $ dSASignature
-        $ objectVersion
-        $ repsTo
-        $ repsFrom
-        $ memberOf
-        $ ownerBL
-        $ uSNChanged
-        $ uSNLastObjRem
-        $ showInAdvancedViewOnly
-        $ adminDisplayName
-        $ proxyAddresses
-        $ adminDescription
-        $ extensionName
-        $ uSNDSALastObjRemoved
-        $ displayNamePrintable
-        $ directReports
-        $ wWWHomePage
-        $ USNIntersite
-        $ name
-        $ objectGUID
-        $ replPropertyMetaData
-        $ replUpToDateVector
-        $ flags
-        $ revision
-        $ wbemPath
-        $ fSMORoleOwner
-        $ systemFlags
-        $ siteObjectBL
-        $ serverReferenceBL
-        $ nonSecurityMemberBL
-        $ queryPolicyBL
-        $ wellKnownObjects
-        $ isPrivilegeHolder
-        $ partialAttributeSet
-        $ managedObjects
-        $ partialAttributeDeletionList
-        $ url
-        $ lastKnownParent
-        $ bridgeheadServerListBL
-        $ netbootSCPBL
-        $ isCriticalSystemObject
-        $ frsComputerReferenceBL
-        $ fRSMemberReferenceBL
-        $ uSNSource
-        $ fromEntry
-        $ allowedChildClasses
-        $ allowedChildClassesEffective
-        $ allowedAttributes
-        $ allowedAttributesEffective
-        $ possibleInferiors
-        $ canonicalName
-        $ proxiedObjectName
-        $ sDRightsEffective
-        $ dSCorePropagationData
-        $ otherWellKnownObjects
-        $ mS-DS-ConsistencyGuid
-        $ mS-DS-ConsistencyChildCount
-        $ masteredBy
-        $ msCOM-PartitionSetLink
-        $ msCOM-UserLink
-        $ msDS-Approx-Immed-Subordinates
-        $ msDS-NCReplCursors
-        $ msDS-NCReplInboundNeighbors
-        $ msDS-NCReplOutboundNeighbors
-        $ msDS-ReplAttributeMetaData
-        $ msDS-ReplValueMetaData
-        $ msDS-NonMembersBL
-        $ msDS-MembersForAzRoleBL
-        $ msDS-OperationsForAzTaskBL
-        $ msDS-TasksForAzTaskBL
-        $ msDS-OperationsForAzRoleBL
-        $ msDS-TasksForAzRoleBL
-        $ msDs-masteredBy
-        $ msDS-ObjectReferenceBL
-        $ msDS-PrincipalName
-        $ msDS-RevealedDSAs
-        $ msDS-KrbTgtLinkBl
-        $ msDS-IsFullReplicaFor
-        $ msDS-IsDomainFor
-        $ msDS-IsPartialReplicaFor
-        $ msDS-AuthenticatedToAccountlist
-        $ msDS-NC-RO-Replica-Locations-BL
-        $ msDS-RevealedListBL
-        $ msDS-PSOApplied
-        $ msDS-NcType
-        $ msDS-OIDToGroupLinkBl
-        $ msDS-HostServiceAccountBL
-        $ isRecycled
-        $ msDS-LocalEffectiveDeletionTime
-        $ msDS-LocalEffectiveRecycleTime
-        $ msDS-LastKnownRDN
-        $ msDS-EnabledFeatureBL
-        $ structuralObjectClass
-        $ createTimeStamp
-        $ modifyTimeStamp
-        $ subSchemaSubEntry
-        $ msSFU30PosixMemberOf
-        $ msDFSR-MemberReferenceBL
-        $ msDFSR-ComputerReferenceBL
-        )
-    )
-
-objectClasses: (
-    2.5.6.10
-    NAME 'residentialPerson'
-    SUP person
-    STRUCTURAL
-    MAY ( l
-        $ st
-        $ street
-        $ ou
-        $ title
-        $ businessCategory
-        $ postalAddress
-        $ postalCode
-        $ postOfficeBox
-        $ physicalDeliveryOfficeName
-        $ telexNumber
-        $ teletexTerminalIdentifier
-        $ facsimileTelephoneNumber
-        $ x121Address
-        $ internationalISDNNumber
-        $ registeredAddress
-        $ destinationIndicator
-        $ preferredDeliveryMethod
-        )
-    )
-
-objectClasses: (
-    2.5.6.11
-    NAME 'applicationProcess'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( l
-        $ ou
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    2.5.6.12
-    NAME 'applicationEntity'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ presentationAddress
-         )
-    MAY ( l
-        $ o
-        $ ou
-        $ supportedApplicationContext
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    2.5.6.13
-    NAME 'dSA'
-    SUP applicationEntity
-    STRUCTURAL
-    MAY ( knowledgeInformation
-        )
-    )
-
-objectClasses: (
-    2.5.6.14
-    NAME 'device'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( serialNumber
-        $ l
-        $ o
-        $ ou
-        $ owner
-        $ seeAlso
-        $ msSFU30Name
-        $ msSFU30Aliases
-        $ msSFU30NisDomain
-        $ nisMapName
-        )
-    )
-
-objectClasses: (
-    2.5.6.16
-    NAME 'certificationAuthority'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ cACertificate
-         $ authorityRevocationList
-         $ certificateRevocationList
-         )
-    MAY ( searchGuide
-        $ teletexTerminalIdentifier
-        $ supportedApplicationContext
-        $ crossCertificatePair
-        $ deltaRevocationList
-        $ domainPolicyObject
-        $ parentCA
-        $ dNSHostName
-        $ parentCACertificateChain
-        $ domainID
-        $ cAConnect
-        $ cAWEBURL
-        $ cRLObject
-        $ cAUsages
-        $ previousCACertificates
-        $ pendingCACertificates
-        $ previousParentCA
-        $ pendingParentCA
-        $ currentParentCA
-        $ cACertificateDN
-        $ certificateTemplates
-        $ signatureAlgorithms
-        $ enrollmentProviders
-        )
-    )
-
-objectClasses: (
-    2.5.6.17
-    NAME 'groupOfUniqueNames'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ uniqueMember
-         )
-    MAY ( o
-        $ ou
-        $ description
-        $ businessCategory
-        $ owner
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    2.5.6.19
-    NAME 'cRLDistributionPoint'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( authorityRevocationList
-        $ certificateRevocationList
-        $ deltaRevocationList
-        $ cRLPartitionedRevocationList
-        $ certificateAuthorityObject
-        )
-    )
-
-objectClasses: (
-    2.5.6.2
-    NAME 'country'
-    SUP top
-    STRUCTURAL
-    MUST ( c
-         )
-    MAY ( searchGuide
-        $ co
-        )
-    )
-
-objectClasses: (
-    2.5.6.3
-    NAME 'locality'
-    SUP top
-    STRUCTURAL
-    MUST ( l
-         )
-    MAY ( st
-        $ street
-        $ searchGuide
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    2.5.6.4
-    NAME 'organization'
-    SUP top
-    STRUCTURAL
-    MUST ( o
-         )
-    MAY ( l
-        $ st
-        $ street
-        $ searchGuide
-        $ businessCategory
-        $ postalAddress
-        $ postalCode
-        $ postOfficeBox
-        $ physicalDeliveryOfficeName
-        $ telephoneNumber
-        $ telexNumber
-        $ teletexTerminalIdentifier
-        $ facsimileTelephoneNumber
-        $ x121Address
-        $ internationalISDNNumber
-        $ registeredAddress
-        $ destinationIndicator
-        $ preferredDeliveryMethod
-        $ seeAlso
-        $ userPassword
-        )
-    )
-
-objectClasses: (
-    2.5.6.5
-    NAME 'organizationalUnit'
-    SUP top
-    STRUCTURAL
-    MUST ( ou
-         )
-    MAY ( c
-        $ l
-        $ st
-        $ street
-        $ searchGuide
-        $ businessCategory
-        $ postalAddress
-        $ postalCode
-        $ postOfficeBox
-        $ physicalDeliveryOfficeName
-        $ telephoneNumber
-        $ telexNumber
-        $ teletexTerminalIdentifier
-        $ facsimileTelephoneNumber
-        $ x121Address
-        $ internationalISDNNumber
-        $ registeredAddress
-        $ destinationIndicator
-        $ preferredDeliveryMethod
-        $ seeAlso
-        $ userPassword
-        $ co
-        $ countryCode
-        $ desktopProfile
-        $ defaultGroup
-        $ managedBy
-        $ uPNSuffixes
-        $ gPLink
-        $ gPOptions
-        $ msCOM-UserPartitionSetLink
-        $ thumbnailLogo
-        )
-    )
-
-objectClasses: (
-    2.5.6.6
-    NAME 'person'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( sn
-        $ serialNumber
-        $ telephoneNumber
-        $ seeAlso
-        $ userPassword
-        $ attributeCertificateAttribute
-        $ vmwPasswordNeverExpires
-        )
-    )
-
-objectClasses: (
-    2.5.6.7
-    NAME 'organizationalPerson'
-    SUP person
-    STRUCTURAL
-    MAY ( c
-        $ l
-        $ st
-        $ street
-        $ o
-        $ ou
-        $ title
-        $ postalAddress
-        $ postalCode
-        $ postOfficeBox
-        $ physicalDeliveryOfficeName
-        $ telexNumber
-        $ teletexTerminalIdentifier
-        $ facsimileTelephoneNumber
-        $ x121Address
-        $ internationalISDNNumber
-        $ registeredAddress
-        $ destinationIndicator
-        $ preferredDeliveryMethod
-        $ givenName
-        $ initials
-        $ generationQualifier
-        $ houseIdentifier
-        $ otherTelephone
-        $ otherPager
-        $ co
-        $ department
-        $ company
-        $ streetAddress
-        $ otherHomePhone
-        $ msExchHouseIdentifier
-        $ personalTitle
-        $ homePostalAddress
-        $ countryCode
-        $ employeeID
-        $ comment
-        $ division
-        $ otherFacsimileTelephoneNumber
-        $ otherMobile
-        $ primaryTelexNumber
-        $ primaryInternationalISDNNumber
-        $ mhsORAddress
-        $ otherMailbox
-        $ assistant
-        $ ipPhone
-        $ otherIpPhone
-        $ msDS-AllowedToDelegateTo
-        $ msDS-PhoneticFirstName
-        $ msDS-PhoneticLastName
-        $ msDS-PhoneticDepartment
-        $ msDS-PhoneticCompanyName
-        $ msDS-PhoneticDisplayName
-        $ msDS-HABSeniorityIndex
-        $ mail
-        $ manager
-        $ homePhone
-        $ mobile
-        $ pager
-        $ middleName
-        $ thumbnailPhoto
-        $ thumbnailLogo
-# vmw
-        $ oldUserPassword
-        )
-    )
-
-objectClasses: (
-    2.5.6.8
-    NAME 'organizationalRole'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( l
-        $ st
-        $ street
-        $ ou
-        $ postalAddress
-        $ postalCode
-        $ postOfficeBox
-        $ physicalDeliveryOfficeName
-        $ telephoneNumber
-        $ telexNumber
-        $ teletexTerminalIdentifier
-        $ facsimileTelephoneNumber
-        $ x121Address
-        $ internationalISDNNumber
-        $ registeredAddress
-        $ destinationIndicator
-        $ preferredDeliveryMethod
-        $ roleOccupant
-        $ seeAlso
-        )
-    )
-
-objectClasses: (
-    2.5.6.9
-    NAME 'groupOfNames'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY ( o
-        $ ou
-        $ member
-        $ businessCategory
-        $ owner
-        $ seeAlso
-        )
-    )
-
-
-############################################################
-########## kerberos definition - BEGIN
-############################################################
-attributetypes: (
-    VMWare.Kerberos.attribute.1
-    NAME 'krbPrincipalName'
-    EQUALITY caseExactIA5Match
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.2
-    NAME 'krbCanonicalName'
-    EQUALITY caseExactIA5Match
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.3
-    NAME 'krbPrincipalType'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.4
-    NAME 'krbUPEnabled'
-    DESC 'Boolean'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.5
-    NAME 'krbPrincipalExpiration'
-    EQUALITY generalizedTimeMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.6
-    NAME 'krbTicketFlags'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.7
-    NAME 'krbMaxTicketLife'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.8
-    NAME 'krbMaxRenewableAge'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.9
-    NAME 'krbRealmReferences'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.10
-    NAME 'krbLdapServers'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.11
-    NAME 'krbKdcServers'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.12
-    NAME 'krbPwdServers'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.13
-    NAME 'krbHostServer'
-    EQUALITY caseExactIA5Match
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.14
-    NAME 'krbSearchScope'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.15
-    NAME 'krbPrincipalReferences'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.16
-    NAME 'krbPrincNamingAttr'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.17
-    NAME 'krbAdmServers'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.18
-    NAME 'krbMaxPwdLife'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.19
-    NAME 'krbMinPwdLife'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.20
-    NAME 'krbPwdMinDiffChars'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.21
-    NAME 'krbPwdMinLength'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.22
-    NAME 'krbPwdHistoryLength'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.23
-    NAME 'krbPwdMaxFailure'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-
-attributetypes: (
-    VMWare.Kerberos.attribute.24
-    NAME 'krbPwdFailureCountInterval'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.25
-    NAME 'krbPwdLockoutDuration'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.26
-    NAME 'krbPwdPolicyReference'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.27
-    NAME 'krbPasswordExpiration'
-    EQUALITY generalizedTimeMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.28
-    NAME 'krbPrincipalKey'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.29
-    NAME 'krbTicketPolicyReference'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.30
-    NAME 'krbSubTrees'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.31
-    NAME 'krbDefaultEncSaltTypes'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.32
-    NAME 'krbSupportedEncSaltTypes'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.33
-    NAME 'krbPwdHistory'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.34
-    NAME 'krbLastPwdChange'
-    EQUALITY generalizedTimeMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.35
-    NAME 'krbLastAdminUnlock'
-    EQUALITY generalizedTimeMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.36
-    NAME 'krbMKey'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.37
-    NAME 'krbPrincipalAliases'
-    EQUALITY caseExactIA5Match
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.38
-    NAME 'krbLastSuccessfulAuth'
-    EQUALITY generalizedTimeMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.39
-    NAME 'krbLastFailedAuth'
-    EQUALITY generalizedTimeMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.40
-    NAME 'krbLoginFailedCount'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.41
-    NAME 'krbExtraData'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.42
-    NAME 'krbObjectReferences'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.43
-    NAME 'krbPrincContainerRef'
-    EQUALITY distinguishedNameMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-    )
-
-attributetypes: (
-    VMWare.Kerberos.attribute.44
-    NAME 'krbAllowedToDelegateTo'
-    EQUALITY caseExactIA5Match
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.1
-    NAME 'krbContainer'
-    SUP top
-    MUST ( cn )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.2
-    NAME 'krbRealmContainer'
-    SUP top
-    MUST ( cn )
-    MAY ( krbMKey
-        $ krbUPEnabled
-        $ krbSubTrees
-        $ krbSearchScope
-        $ krbLdapServers
-        $ krbSupportedEncSaltTypes
-        $ krbDefaultEncSaltTypes
-        $ krbTicketPolicyReference
-        $ krbKdcServers
-        $ krbPwdServers
-        $ krbAdmServers
-        $ krbPrincNamingAttr
-        $ krbPwdPolicyReference
-        $ krbPrincContainerRef
-        )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.3
-    NAME 'krbService'
-    ABSTRACT
-    SUP top
-    MUST ( cn )
-    MAY ( krbHostServer
-        $ krbRealmReferences
-        )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.4
-    NAME 'krbKdcService'
-    SUP krbService
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.5
-    NAME 'krbPwdService'
-    SUP krbService
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.6
-    NAME 'krbPrincipalAux'
-    AUXILIARY
-    MAY ( krbPrincipalName
-        $ krbCanonicalName
-        $ krbUPEnabled
-        $ krbPrincipalKey
-        $ krbTicketPolicyReference
-        $ krbPrincipalExpiration
-        $ krbPasswordExpiration
-        $ krbPwdPolicyReference
-        $ krbPrincipalType
-        $ krbPwdHistory
-        $ krbLastPwdChange
-        $ krbLastAdminUnlock
-        $ krbPrincipalAliases
-        $ krbLastSuccessfulAuth
-        $ krbLastFailedAuth
-        $ krbLoginFailedCount
-        $ krbExtraData
-        $ krbAllowedToDelegateTo
-        )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.8
-    NAME 'krbPrincipal'
-    SUP top
-    MUST ( krbPrincipalName )
-    MAY ( krbObjectReferences )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.9
-    NAME 'krbPrincRefAux'
-    SUP top
-    AUXILIARY
-    MAY ( krbPrincipalReferences )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.10
-    NAME 'krbAdmService'
-    SUP krbService
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.11
-    NAME 'krbPwdPolicy'
-    SUP top
-    MUST ( cn )
-    MAY ( krbMaxPwdLife
-        $ krbMinPwdLife
-        $ krbPwdMinDiffChars
-        $ krbPwdMinLength
-        $ krbPwdHistoryLength
-        $ krbPwdMaxFailure
-        $ krbPwdFailureCountInterval
-        $ krbPwdLockoutDuration
-        )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.12
-    NAME 'krbTicketPolicyAux'
-    AUXILIARY
-    MAY ( krbTicketFlags
-        $ krbMaxTicketLife
-        $ krbMaxRenewableAge
-        )
-    )
-
-objectClasses: (
-    VMWare.Kerberos.objectclass.13
-    NAME 'krbTicketPolicy'
-    SUP top
-    MUST ( cn )
-    )
-
-############################################################
-########## kerberos definition - END
-############################################################
-
-dITContentRules:  (
-    2.5.6.12
-    NAME  'applicationEntity'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.7
-    NAME  'ipNetwork'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.203
-    NAME  'msWMI-RangeParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.259
-    NAME  'msDFS-Linkv2'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.178
-    NAME  'pKIEnrollmentService'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.163
-    NAME  'mSMQEnterpriseSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.30
-    NAME  'serviceInstance'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.4
-    NAME  'ipProtocol'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.265
-    NAME  'msDS-OptionalFeature'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.5
-    NAME  'samServer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.2
-    NAME  'msDFSR-Subscriber'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.8
-    NAME  'group'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    MUST ( cn
-         $ objectSid
-         )
-    MAY ( telephoneNumber
-        $ userPassword
-        $ userCertificate
-        $ info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-        $ unixUserPassword
-        $ msDS-PhoneticDisplayName
-        $ userSMIMECertificate
-        $ textEncodedORAddress
-        $ secretary
-        $ labeledURI
-        $ gidNumber
-        $ memberUid
-# lotus move from MUST to MAY
-        $ sAMAccountName
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.204
-    NAME  'msWMI-UnknownRangeParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.216
-    NAME  'applicationVersion'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.255
-    NAME  'msDS-PasswordSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.9
-    NAME  'nisMap'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.195
-    NAME  'msPKI-Key-Recovery-Agent'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    MUST ( objectSid
-         $ sAMAccountName
-         )
-    MAY ( info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-        $ unixUserPassword
-        $ textEncodedORAddress
-        $ uidNumber
-        $ gidNumber
-        $ gecos
-        $ unixHomeDirectory
-        $ loginShell
-        $ shadowLastChange
-        $ shadowMin
-        $ shadowMax
-        $ shadowWarning
-        $ shadowInactive
-        $ shadowExpire
-        $ shadowFlag
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.11
-    NAME  'applicationProcess'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.235
-    NAME  'msDS-AzApplication'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.251
-    NAME  'ms-net-ieee-80211-GroupPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.139
-    NAME  'lostAndFound'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.82
-    NAME  'rpcProfile'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.69
-    NAME  'nTDSSiteSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.9
-    NAME  'msDFSR-Member'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.93
-    NAME  'linkTrackOMTEntry'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.104
-    NAME  'meeting'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.34
-    NAME  'trustedDomain'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.91
-    NAME  'linkTrackObjectMoveTable'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.43
-    NAME  'fTDfs'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.186
-    NAME  'mS-SQL-SQLRepository'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.212
-    NAME  'msWMI-ShadowObject'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.7
-    NAME  'msDFSR-ContentSet'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.26
-    NAME  'rpcProfileElement'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.136
-    NAME  'rpcContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.183
-    NAME  'dSUISettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.95
-    NAME  'subnetContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.141
-    NAME  'interSiteTransport'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.240
-    NAME  'msieee80211-Policy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.4
-    NAME  'builtinDomain'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount ) MAY (creationTime
-        $ forceLogoff
-        $ lockoutDuration
-        $ lockOutObservationWindow
-        $ lockoutThreshold
-        $ maxPwdAge
-        $ minPwdAge
-        $ minPwdLength
-        $ modifiedCountAtLastProm
-        $ nextRid
-        $ pwdProperties
-        $ pwdHistoryLength
-        $ objectSid
-        $ oEMInformation
-        $ serverState
-        $ uASCompat
-        $ serverRole
-        $ domainReplica
-        $ modifiedCount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.218
-    NAME  'msMQ-Custom-Recipient'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.18.2.211
-    NAME  'msSFU30MailAliases'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.164
-    NAME  'mSMQSiteLink'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.200
-    NAME  'msWMI-PolicyTemplate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    0.9.2342.19200300.100.4.9
-    NAME  'documentSeries'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.193
-    NAME  'msCOM-Partition'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.14
-    NAME  'device'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount ) MAY (uid
-        $ manager
-        $ ipHostNumber
-        $ macAddress
-        $ bootParameter
-        $ bootFile
-        )
-    )
-
-dITContentRules:  (
-    0.9.2342.19200300.100.4.18
-    NAME  'friendlyCountry'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.107
-    NAME  'sitesContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.254
-    NAME  'nTDSDSARO'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.18.2.212
-    NAME  'msSFU30NetId'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.211
-    NAME  'msWMI-PolicyType'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.258
-    NAME  'msDFS-Namespacev2'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.92
-    NAME  'linkTrackVolEntry'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.194
-    NAME  'msCOM-PartitionSet'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.7000.48
-    NAME  'serversContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.14
-    NAME  'attributeSchema'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.129
-    NAME  'rIDSet'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.29
-    NAME  'serviceClass'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.94
-    NAME  'serviceAdministrationPoint'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.49
-    NAME  'packageRegistration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.210
-    NAME  'msWMI-StringSetParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.13
-    NAME  'classSchema'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.30
-    NAME  'computer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    MUST ( objectSid
-         )
-    MAY ( info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-        $ unixUserPassword
-        $ textEncodedORAddress
-        $ uidNumber
-        $ gidNumber
-        $ gecos
-        $ unixHomeDirectory
-        $ loginShell
-        $ shadowLastChange
-        $ shadowMin
-        $ shadowMax
-        $ shadowWarning
-        $ shadowInactive
-        $ shadowExpire
-        $ shadowFlag
-        $ ipHostNumber
-# lotus move from MUST to MAY
-        $ sAMAccountName
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.52
-    NAME  'fileLinkTracking'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.150
-    NAME  'rRASAdministrationConnectionPoint'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.8
-    NAME  'organizationalRole'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.16
-    NAME  'certificationAuthority'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.10
-    NAME  'residentialPerson'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.217
-    NAME  'msWMI-ObjectEncoding'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.8
-    NAME  'msDFSR-Topology'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.185
-    NAME  'mS-SQL-OLAPServer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.161
-    NAME  'mSMQQueue'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.59
-    NAME  'fileLinkTrackingEntry'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.207
-    NAME  'msWMI-UintRangeParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.76
-    NAME  'foreignSecurityPrincipal'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.9
-    NAME  'user'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        $ vmwServicePrincipal
-        $ vmwExternalIdpUser
-        )
-    MUST ( objectSid
-         )
-    MAY ( info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-        $ unixUserPassword
-        $ textEncodedORAddress
-        $ uidNumber
-        $ gidNumber
-        $ gecos
-        $ unixHomeDirectory
-        $ loginShell
-        $ shadowLastChange
-        $ shadowMin
-        $ shadowMax
-        $ shadowWarning
-        $ shadowInactive
-        $ shadowExpire
-        $ shadowFlag
-        $ krbPrincipalKey
-# lotus move from MUST to MAY
-        $ sAMAccountName
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.71
-    NAME  'nTDSConnection'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.208
-    NAME  'msWMI-UintSetParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.125
-    NAME  'addressBookContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.190
-    NAME  'mS-SQL-OLAPCube'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    0.9.2342.19200300.100.4.6
-    NAME  'document'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.23
-    NAME  'container'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.11
-    NAME  'comConnectionPoint'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    0.9.2342.19200300.100.4.14
-    NAME  'rFC822LocalPart'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.237
-    NAME  'msDS-AzScope'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.262
-    NAME  'msImaging-PSPs'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.153
-    NAME  'nTFRSMember'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.132
-    NAME  'dHCPClass'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.9
-    NAME  'dMD'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.148
-    NAME  'siteLinkBridge'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.86
-    NAME  'dnsNode'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.157
-    NAME  'groupPolicyContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.146
-    NAME  'remoteStorageServicePoint'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.187
-    NAME  'mS-SQL-SQLPublication'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.154
-    NAME  'nTFRSSubscriptions'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.31
-    NAME  'site'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.4
-    NAME  'organization'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-# vmw add dcObj
-        $ dcObject
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.241
-    NAME  'msDS-AppData'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.18.2.216
-    NAME  'msSFU30NetworkUser'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.16.840.1.113730.3.2.2
-    NAME  'inetOrgPerson'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    MUST ( objectSid
-         )
-    MAY ( info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-        $ unixUserPassword
-        $ textEncodedORAddress
-        $ uidNumber
-        $ gidNumber
-        $ gecos
-        $ unixHomeDirectory
-        $ loginShell
-        $ shadowLastChange
-        $ shadowMin
-        $ shadowMax
-        $ shadowWarning
-        $ shadowInactive
-        $ shadowExpire
-        $ shadowFlag
-# lotus move from MUST to MAY
-        $ sAMAccountName
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.67
-    NAME  'domainDNS'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        $ vmwDNSConfig
-        $ dcObject
-        )
-    MAY (cACertificate
-        $ builtinCreationTime
-        $ builtinModifiedCount
-        $ creationTime
-        $ domainPolicyObject
-        $ forceLogoff
-        $ defaultLocalPolicyObject
-        $ lockoutDuration
-        $ lockOutObservationWindow
-        $ lSACreationTime
-        $ lSAModifiedCount
-        $ lockoutThreshold
-        $ maxPwdAge
-        $ minPwdAge
-        $ minPwdLength
-        $ modifiedCountAtLastProm
-        $ nETBIOSName
-        $ nextRid
-        $ pwdProperties
-        $ pwdHistoryLength
-        $ privateKey
-        $ replicaSource
-        $ objectSid
-        $ oEMInformation
-        $ serverState
-        $ uASCompat
-        $ serverRole
-        $ domainReplica
-        $ modifiedCount
-        $ controlAccessRights
-        $ auditingPolicy
-        $ eFSPolicy
-        $ desktopProfile
-        $ nTMixedDomain
-        $ rIDManagerReference
-        $ treeName
-        $ pekList
-        $ pekKeyChangeInterval
-        $ gPLink
-        $ gPOptions
-        $ ms-DS-MachineAccountQuota
-        $ msDS-LogonTimeSyncInterval
-        $ msDS-PerUserTrustQuota
-        $ msDS-AllUsersTrustQuota
-        $ msDS-PerUserTrustTombstonesQuota
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.5
-    NAME  'oncRpc'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.147
-    NAME  'siteLink'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.4
-    NAME  'msDFSR-GlobalSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.78
-    NAME  'licensingSiteSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.81
-    NAME  'rpcServer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.9
-    NAME  'groupOfNames'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.155
-    NAME  'nTFRSSubscriber'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.188
-    NAME  'mS-SQL-SQLDatabase'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.10
-    NAME  'msDFSR-Connection'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.256
-    NAME  'msDS-PasswordSettingsContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.6
-    NAME  'person'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.151
-    NAME  'intellimirrorSCP'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.215
-    NAME  'msWMI-WMIGPO'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.191
-    NAME  'aCSResourceLimits'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.140
-    NAME  'interSiteTransportContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.23
-    NAME  'printQueue'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.6
-    NAME  'msDFSR-Content'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.222
-    NAME  'msTAPI-RtPerson'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.257
-    NAME  'msDFS-NamespaceAnchor'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.36
-    NAME  'volume'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.121
-    NAME  'ipsecNFA'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.106
-    NAME  'queryPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.238
-    NAME  'msDS-AzTask'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.10
-    NAME  'nisObject'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.196
-    NAME  'msPKI-Enterprise-Oid'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.239
-    NAME  'msDS-AzRole'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.189
-    NAME  'mS-SQL-OLAPDatabase'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.42
-    NAME  'dfsConfiguration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.137
-    NAME  'aCSPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.53
-    NAME  'typeLibrary'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.80
-    NAME  'rpcGroup'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.3
-    NAME  'locality'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.12
-    NAME  'configuration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.220
-    NAME  'msDS-App-Configuration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.18.2.215
-    NAME  'msSFU30DomainInfo'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.126
-    NAME  'serviceConnectionPoint'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.73
-    NAME  'rpcServerElement'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.152
-    NAME  'intellimirrorGroup'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.162
-    NAME  'mSMQConfiguration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.223
-    NAME  'msPKI-PrivateKeyRecoveryAgent'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.205
-    NAME  'msWMI-IntRangeParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.260
-    NAME  'msDFS-DeletedLinkv2'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.97
-    NAME  'physicalLocation'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.202
-    NAME  'msWMI-MergeablePolicyTemplate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.23.2
-    NAME  'msPrint-ConnectionPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.119
-    NAME  'ipsecNegotiationPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.96
-    NAME  'subnet'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.234
-    NAME  'msDS-AzAdminManager'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.184
-    NAME  'mS-SQL-SQLServer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.209
-    NAME  'msWMI-RealRangeParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.11
-    NAME  'crossRef'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.165
-    NAME  'mSMQSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.77
-    NAME  'controlAccessRight'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.84
-    NAME  'displaySpecifier'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.175
-    NAME  'infrastructureUpdate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.72
-    NAME  'nTDSService'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.130
-    NAME  'indexServerCatalog'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.59
-    NAME  'displayTemplate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.3
-    NAME  'ipService'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.176
-    NAME  'msExchConfigurationContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.242
-    NAME  'msDS-QuotaContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.7000.47
-    NAME  'nTDSDSA'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.1
-    NAME  'msDFSR-LocalSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.253
-    NAME  'msFVE-RecoveryInformation'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.17
-    NAME  'groupOfUniqueNames'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.2
-    NAME  'country'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.3.58
-    NAME  'addressTemplate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.214
-    NAME  'msWMI-Rule'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.206
-    NAME  'msWMI-IntSetParam'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.89
-    NAME  'nTFRSSettings'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.201
-    NAME  'msWMI-SimplePolicyTemplate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.7000.53
-    NAME  'crossRefContainer'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.177
-    NAME  'pKICertificateTemplate'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.156
-    NAME  'rRASAdministrationDictionary'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.5
-    NAME  'organizationalUnit'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.221
-    NAME  'msTAPI-RtConference'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.90
-    NAME  'linkTrackVolumeTable'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.213
-    NAME  'msWMI-Som'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.28
-    NAME  'secret'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.264
-    NAME  'msDS-ManagedServiceAccount'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    MUST ( objectSid
-         $ sAMAccountName
-         )
-    MAY ( info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ securityIdentifier
-        $ supplementalCredentials
-        $ rid
-        $ sAMAccountType
-        $ sIDHistory
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ altSecurityIdentities
-        $ tokenGroups
-        $ tokenGroupsNoGCAcceptable
-        $ accountNameHistory
-        $ tokenGroupsGlobalAndUniversal
-        $ msDS-KeyVersionNumber
-        $ unixUserPassword
-        $ textEncodedORAddress
-        $ uidNumber
-        $ gidNumber
-        $ gecos
-        $ unixHomeDirectory
-        $ loginShell
-        $ shadowLastChange
-        $ shadowMin
-        $ shadowMax
-        $ shadowWarning
-        $ shadowInactive
-        $ shadowExpire
-        $ shadowFlag
-        $ ipHostNumber
-        )
-    )
-
-dITContentRules:  (
-    0.9.2342.19200300.100.4.7
-    NAME  'room'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.3.6.1.1.1.2.8
-    NAME  'nisNetgroup'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.5
-    NAME  'msDFSR-ReplicationGroup'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.138
-    NAME  'aCSSubnet'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.219
-    NAME  'msMQ-Group'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.18.2.217
-    NAME  'msSFU30NISMapConfig'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.24
-    NAME  'remoteMailRecipient'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    MUST ( cn
-         )
-    MAY (telephoneNumber
-        $ userCertificate
-        $ info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ msDS-PhoneticDisplayName
-        $ userSMIMECertificate
-        $ textEncodedORAddress
-        $ secretary
-        $ labeledURI
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.44
-    NAME  'classStore'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.98
-    NAME  'ipsecPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.13
-    NAME  'dSA'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.74
-    NAME  'categoryRegistration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.236
-    NAME  'msDS-AzOperation'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.118
-    NAME  'ipsecFilter'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.7
-    NAME  'organizationalPerson'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    0.9.2342.19200300.100.4.5
-    NAME  'account'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.33
-    NAME  'storage'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.18
-    NAME  'domainPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.263
-    NAME  'msImaging-PostScanProcess'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.17
-    NAME  'server'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.6.13.4.3
-    NAME  'msDFSR-Subscription'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.10
-    NAME  'classRegistration'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.102
-    NAME  'nTFRSReplicaSet'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.252
-    NAME  'ms-net-ieee-8023-GroupPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    2.5.6.19
-    NAME  'cRLDistributionPoint'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.85
-    NAME  'dnsZone'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.15
-    NAME  'contact'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount )
-    MAY ( userCertificate
-        $ info
-        $ garbageCollPeriod
-        $ msExchAssistantName
-        $ msExchLabeledURI
-        $ showInAddressBook
-        $ userCert
-        $ legacyExchangeDN
-        $ userSMIMECertificate
-        $ textEncodedORAddress
-        $ secretary
-        $ labeledURI
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.83
-    NAME  'rIDManager'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.243
-    NAME  'msDS-QuotaControl'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.179
-    NAME  'mSMQMigratedUser'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-dITContentRules:  (
-    1.2.840.113556.1.5.120
-    NAME  'ipsecISAKMPPolicy'
-    AUX ( mailRecipient
-        $ domainRelatedObject
-        $ bootableDevice
-        $ ieee802Device
-        $ ipHost
-        $ dynamicObject
-        $ simpleSecurityObject
-        $ samDomain
-        $ securityPrincipal
-        $ samDomainBase
-        $ posixGroup
-        $ shadowAccount
-        )
-    )
-
-############################################################
-########## AD core definition - END
-############################################################
-
-
-############################################################
-# VMware Identity Service
-############################################################
-attributetypes: (
-    VMWare.STS.attribute.1
-    NAME 'vmwSTSGuidIdentity'
-    DESC 'VMWare identity Service - GuidIdentity'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.2
-    NAME 'vmwSTSName'
-    DESC 'VMWare identity Service - Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.3
-    NAME 'vmwSTSNameFormat'
-    DESC 'VMWare identity Service - NameFormat'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.5
-    NAME 'vmwSTSPrivateKey'
-    DESC 'VMWare identity Service - PrivateKey'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.6
-    NAME 'vmwSTSDomainName'
-    DESC 'VMWare identity Service - DomainName'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.7
-    NAME 'vmwSTSPassword'
-    DESC 'VMWare identity Service - Password'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.8
-    NAME 'vmwSTSProviderType'
-    DESC 'VMWare identity Service - ProviderType'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.9
-    NAME 'vmwSTSServicePrincipalName'
-    DESC 'VMWare identity Service - ServicePrincipalName'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.10
-    NAME 'vmwSTSUserName'
-    DESC 'VMWare identity Service - UserName'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.11
-    NAME 'vmwSTSDigestMethods'
-    DESC 'VMWare identity Service - DigestMethods'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.12
-    NAME 'vmwSTSEntityId'
-    DESC 'VMWare identity Service - EntityId'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.13
-    NAME 'vmwSTSNameIDFormat'
-    DESC 'VMWare identity Service - NameIDFormat'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.14
-    NAME 'vmwSTSOneTimeUse'
-    DESC 'VMWare identity Service - OneTimeUse'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.15
-    NAME 'vmwSTSFingerprint'
-    DESC 'VMWare identity Service - Certificate Fingerprint'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.16
-    NAME 'vmwSTSBinding'
-    DESC 'VMWare identity Service - Binding'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.17
-    NAME 'vmwSTSIndex'
-    DESC 'VMWare identity Service - Index'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.18
-    NAME 'vmwSTSCertificateType'
-    DESC 'VMWare identity Service - Certificate Type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.19
-    NAME 'vmwSTSMaximumKeySize'
-    DESC 'VMWare identity Service - MaximumKeySize'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.20
-    NAME 'vmwSTSMinimumKeySize'
-    DESC 'VMWare identity Service - MinimumKeySize'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.21
-    NAME 'vmwSTSPriority'
-    DESC 'VMWare identity Service - Priority'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.22
-    NAME 'vmwSTSAlias'
-    DESC 'VMWare identity Service - Alias'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.23
-    NAME 'vmwSTSSubjectDN'
-    DESC 'VMWare identity Service - SubjectDN'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.26
-    NAME 'vmwSTSClockTolerance'
-    DESC 'VMWare identity Service - Clock Tolerance'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.27
-    NAME 'vmwSTSIssuerName'
-    DESC 'VMWare identity Service - Issuer Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.28
-    NAME 'vmwSTSDelegationCount'
-    DESC 'VMWare identity Service - Delegation Count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.29
-    NAME 'vmwSTSRenewCount'
-    DESC 'VMWare identity Service - Renew Count'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.30
-    NAME 'vmwSTSMaxBearerTokenLifetime'
-    DESC 'VMWare identity Service - Max Bearer Token Lifetime'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.31
-    NAME 'vmwSTSMaxHolderOfKeyTokenLifetime'
-    DESC 'VMWare identity Service - Max Holder of Key Token Lifetime'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.32
-    NAME 'vmwSTSEndpoint'
-    DESC 'VMWare identity Service - Endpoint'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.33
-    NAME 'vmwSTSDefaultTenant'
-    DESC 'VMWare identity Service - Default Tenant'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.34
-    NAME 'vmwSTSDefaultAssertionConsumerService'
-    DESC 'VMWare identity Service - Default Assertion Consumer Service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.35
-    NAME 'vmwSTSDefaultAttributeConsumerService'
-    DESC 'VMWare identity Service - Default Attribute Consumer Service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.36
-    NAME 'vmwSTSMapKey'
-    DESC 'VMWare identity Service - Attribute Map Key'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.37
-    NAME 'vmwSTSMapValue'
-    DESC 'VMWare identity Service - Attribute Map Value'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.38
-    NAME 'vmwSTSTimeout'
-    DESC 'VMWare identity Service - Timeout'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.39
-    NAME 'vmwSTSUserBaseDN'
-    DESC 'VMWare identity Service - User Search Base DN'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.40
-    NAME 'vmwSTSGroupBaseDN'
-    DESC 'VMWare identity Service - Group Search Base DN'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.41
-    NAME 'vmwSTSConnectionStrings'
-    DESC 'VMWare identity Service - Connection Strings'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.42
-    NAME 'vmwSTSPasswordExpirationNotificationDays'
-    DESC 'VMWare identity Service - Password Expiration Notification Days'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.43
-    NAME 'vmwSTSEnablePasswordExpirationEmailNotification'
-    DESC 'VMWare identity Service - Enable Password Expiration Email Notification'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.44
-    NAME 'vmwSTSPasswordExpirationEmailSubject'
-    DESC 'VMWare identity Service - Password Expiration Email Subject'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.45
-    NAME 'vmwSTSPasswordExpirationFromEmail'
-    DESC 'VMWare identity Service - Password Expiration From Email'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.46
-    NAME 'vmwSTSDefaultIdentityProvider'
-    DESC 'VMWare identity Service - Default Identity Provider'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.47
-    NAME 'vmwSTSRelyingPartyURL'
-    DESC 'VMWare identity Service - Relying Party URL'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.48
-    NAME 'vmwSTSDomainType'
-    DESC 'VMWare identity Service - Domain Type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.49
-    NAME 'vmwSTSAuthenticationType'
-    DESC 'VMWare identity Service - Authentication Type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.50
-    NAME 'vmwSTSAuthnRequestsSigned'
-    DESC 'VMWare identity Service - Authenticate request signed boolean'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.64
-    NAME 'vmwSTSSignatureAlgorithmIdentifier'
-    DESC 'VMWare identity Service - Signature Algorithm Identifier'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.65
-    NAME 'vmwSTSSystemTenant'
-    DESC 'VMWare identity Service - System Tenant'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.66
-    NAME 'vmwSTSBrandName'
-    DESC 'VMWare identity Service - Brand Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.67
-    NAME 'vmwSTSUpnSuffixes'
-    DESC 'VMWare identity Service - allowed Userprincipalname suffixes'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.68
-    NAME 'vmwSTSTenantKey'
-    DESC 'VMWare identity Service - Tenant key'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.69
-    NAME 'vmwSTSServiceUseMachineAccount'
-    DESC 'VMWare identity Service - Machine Account Usage Indicator'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.70
-    NAME 'vmwSTSLogonBanner'
-    DESC 'VMWare identity Service - Logon Banner'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.STS.attribute.71
-    NAME 'vmwSTSIdentityStoreFlags'
-    DESC 'VMWare identity Service - Identity Store Behavior Flags'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.72
-    NAME 'vmwSTSExternalIdpEnableJit'
-    DESC 'VMWare identity Service - Allow Just In Time Provisioning'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.73
-    NAME 'vmwSTSExternalIdpUpnSuffix'
-    DESC 'VMWare identity Service - UPN Suffix for Just In Time Provisioning'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.74
-    NAME 'vmwSTSExternalIdpUserId'
-    DESC 'VMWare identity Service - SubjectName string in external token'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.75
-    NAME 'vmwSTSAuthnTypes'
-    DESC 'VMWare identity Service - Client Authn types allowed'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.76
-    NAME 'vmwSTSClientCertRevocationCheckEnabled'
-    DESC 'VMWare identity Service - Client Cert Revocation Check Enabled'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.77
-    NAME 'vmwSTSClientCertOCSPEnabled'
-    DESC 'VMWare identity Service - Use OCSP whenever possible, Applicable only when vmwSTSClientCertRevocationCheckEnabled is true'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.78
-    NAME 'vmwSTSClientCertUseCRLAsFailOver'
-    DESC 'VMWare identity Service - Client Cert Use CRL as Fail Over'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.79
-    NAME 'vmwSTSClientCertSendOCSPNounce'
-    DESC 'VMWare identity Service - Client Cert Send OCSP Nounce'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.80
-    NAME 'vmwSTSClientCertOCSPUrl'
-    DESC 'VMWare identity Service - Client Cert OCSP address'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.81
-    NAME 'vmwSTSClientCertUseCertCRL'
-    DESC 'VMWare identity Service - Check user certificate CRL distribution point'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.82
-    NAME 'vmwSTSClientCertCRLUrl'
-    DESC 'VMWare identity Service - Client Cert Revocation check CRL address'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.83
-    NAME 'vmwSTSClientCertCRLCacheSize'
-    DESC 'VMWare identity Service - Client Cert CRL Check Cache Size'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.84
-    NAME 'vmwSTSClientCertCustomCertPolicyOid'
-    DESC 'VMWare identity Service - Custom certificate policy OID filters'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.85
-    NAME 'vmwSTSMaxBearerRefreshTokenLifetime'
-    DESC 'VMWare identity Service - Max Bearer Refresh Token Lifetime'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.86
-    NAME 'vmwSTSMaxHolderOfKeyRefreshTokenLifetime'
-    DESC 'VMWare identity Service - Max Holder of Key Refresh Token Lifetime'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.87
-    NAME 'vmwSTSLogonBannerTitle'
-    DESC 'VMWare identity Service - Logon Banner Title'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.88
-    NAME 'vmwSTSLogonBannerEnableCheckbox'
-    DESC 'VMWare identity Service - Enable checkbox for logon banner'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.89
-    NAME 'vmwSTSEnableIdpSelection'
-    DESC 'VMWare identity Service - Enable IDP Selection per tenant'
-    EQUALITY booleanMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.90
-    NAME 'vmwSTSResponseEndpoint'
-    DESC 'VMWare identity Service - Response Endpoint'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.91
-    NAME 'vmwSTSRsaSiteID'
-    DESC 'VMWare identity Service - Cluster site ID where the agent is associated'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.92
-    NAME 'vmwSTSRsaAgentName'
-    DESC 'VMWare identity Service - RSA agent name'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.93
-    NAME 'vmwSTSRsaSDConfigRec'
-    DESC 'VMWare identity Service - RSA agent sdconfig.rec file'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.94
-    NAME 'vmwSTSRsaSDOptsRec'
-    DESC 'VMWare identity Service - RSA agent sdopts.rec file'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.95
-    NAME 'vmwSTSRsaLogLevel'
-    DESC 'VMWare identity Service - RSA agent log level'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.96
-    NAME 'vmwSTSRsaLogFileSize'
-    DESC 'VMWare identity Service - RSA agent log file size in number of MB'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.97
-    NAME 'vmwSTSRsaMaxLogFileCount'
-    DESC 'VMWare identity Service - RSA agent maximum number of log files to keep'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.98
-    NAME 'vmwSTSRsaConnectionTimeOut'
-    DESC 'VMWare identity Service - RSA agent connection time out in seconds'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.99
-    NAME 'vmwSTSRsaReadTimeOut'
-    DESC 'VMWare identity Service - RSA agent read time out in seconds'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.100
-    NAME 'vmwSTSRsaEncryptionAlg'
-    DESC 'VMWare identity Service - RSA default encryption key wrapping algorithm'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.101
-    NAME 'vmwSTSRsaLoginGuidence'
-    DESC 'VMWare identity Service - RSA securID login guidence string'
-    EQUALITY caseExactMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.STS.attribute.102
-    NAME 'vmwSTSPscSiteID'
-    DESC 'VMWare identity Service - Cluster site ID where the agent is associated'
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-    SINGLE-VALUE
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.1
-    NAME 'vmwSTSTenant'
-    DESC 'VMware Identity Service - Tenant'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwSTSGuidIdentity
-         $ cn
-         )
-    MAY  ( name
-         $ vmwSTSEntityId
-         $ vmwSTSAlias
-         $ vmwSTSClockTolerance
-         $ vmwSTSIssuerName
-         $ vmwSTSDelegationCount
-         $ vmwSTSRenewCount
-         $ vmwSTSMaxBearerTokenLifetime
-         $ vmwSTSMaxHolderOfKeyTokenLifetime
-         $ vmwSTSEnablePasswordExpirationEmailNotification
-         $ vmwSTSPasswordExpirationNotificationDays
-         $ vmwSTSPasswordExpirationFromEmail
-         $ vmwSTSPasswordExpirationEmailSubject
-         $ vmwSTSDefaultIdentityProvider
-         $ vmwSTSSignatureAlgorithmIdentifier
-         $ vmwSTSBrandName
-         $ vmwSTSLogonBannerTitle
-         $ vmwSTSLogonBanner
-         $ vmwSTSLogonBannerEnableCheckbox
-         $ vmwSTSEnableIdpSelection
-         $ vmwSTSTenantKey
-         $ vmwSTSAuthnTypes
-         $ vmwSTSMaxBearerRefreshTokenLifetime
-         $ vmwSTSMaxHolderOfKeyRefreshTokenLifetime
-         )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.2
-    NAME 'vmwSTSIdentityStore'
-    DESC 'VMware Identity Service - IdentityStore'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwSTSDomainName
-         $ vmwSTSDomainType
-         $ vmwSTSAuthenticationType
-         $ vmwSTSProviderType
-         )
-    MAY  ( vmwSTSName
-         $ vmwSTSAlias
-         $ vmwSTSUserName
-         $ vmwSTSServiceUseMachineAccount
-         $ vmwSTSServicePrincipalName
-         $ vmwSTSPassword
-         $ vmwSTSTimeout
-         $ vmwSTSUserBaseDN
-         $ vmwSTSGroupBaseDN
-         $ vmwSTSConnectionStrings
-         $ vmwSTSAuthnTypes
-         $ userCertificate
-         $ vmwSTSUpnSuffixes
-         $ vmwSTSIdentityStoreFlags
-         )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.3
-    NAME 'vmwSTSRelyingParty'
-    DESC 'VMware Identity Service - RelyingParty'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ name
-         $ vmwSTSRelyingPartyURL
-         )
-    MAY  ( vmwSTSDigestMethods
-         $ vmwSTSNameIDFormat
-         $ vmwSTSOneTimeUse
-         $ vmwSTSDefaultAssertionConsumerService
-         $ vmwSTSDefaultAttributeConsumerService
-         $ vmwSTSAuthnRequestsSigned
-         $ userCertificate
-         )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.4
-    NAME 'vmwSTSAssertionConsumerService'
-    DESC 'VMware Identity Service - AssertionConsumerService'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY  ( vmwSTSBinding
-         $ vmwSTSIndex
-         $ vmwSTSEndpoint
-         )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.5
-    NAME 'vmwSTSAttributeConsumerService'
-    DESC 'VMware Identity Service - AttributeConsumerService'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY  ( vmwSTSIndex )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.6
-    NAME 'vmwSTSSignatureAlgorithm'
-    DESC 'VMware Identity Service - SignatureAlgorithm'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY  ( vmwSTSMaximumKeySize
-         $ vmwSTSMinimumKeySize
-         $ vmwSTSPriority
-         )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.11
-    NAME 'vmwSTSTenantsContainer'
-    DESC 'VMware Identity Service - Tenants Container'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY ( vmwSTSDefaultTenant
-        $ vmwSTSSystemTenant
-        )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.12
-    NAME 'vmwSTSAttributeMap'
-    DESC 'VMware Identity Service - Attribute Map'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwSTSMapKey
-         $ vmwSTSMapValue
-        )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.13
-    NAME 'vmwSTSAttribute'
-    DESC 'VMware Identity Service - Attribute'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ name
-         $ vmwSTSName
-         $ vmwSTSNameFormat
-        )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.14
-    NAME 'vmwSTSAttributeContainer'
-    DESC 'VMware Identity Service - Attribute Container'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.15
-    NAME 'vmwSTSIdentityStoreAlias'
-    DESC 'VMware Identity Service - Alias to Identity Store'
-    SUP alias
-    STRUCTURAL
-    MUST ( cn )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.16
-    NAME 'vmwSTSCertificate'
-    DESC 'VMware Identity Service - Certificate'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwSTSFingerprint
-         $ vmwSTSCertificateType
-         $ userCertificate
-         )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.17
-    NAME 'vmwSTSTenantCredential'
-    DESC 'VMware Identity Service - Privatekey and Certificate Chain'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwSTSPrivateKey
-         $ userCertificate
-         )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.21
-    NAME 'vmwSTSSingleLogoutService'
-    DESC 'VMware Identity Service - SingleLogoutService'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY ( vmwSTSBinding
-        $ vmwSTSEndpoint
-        $ vmwSTSResponseEndpoint
-        )
-    )
-
-objectClasses: (
-    VMWare.STS.objectclass.22
-    NAME 'vmwSTSTenantTrustedCertificateChain'
-    DESC 'VMware Identity Service - Trusted Certificate Chain'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ userCertificate
-         )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.23
-    NAME 'vmwSTSSingleSignOnService'
-    DESC 'VMware Identity Service - SingleSignOnService'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY ( vmwSTSBinding
-        $ vmwSTSEndpoint
-        )
-    )
-
-objectClasses: (
-   VMWare.STS.objectclass.24
-   NAME 'vmwSTSExternalIdp'
-   DESC 'VMware Identity Service - External Idp'
-   SUP top
-   STRUCTURAL
-   MUST ( cn
-         $ vmwSTSEntityId
-        )
-   MAY ( vmwSTSNameIDFormat
-         $ vmwSTSExternalIdpEnableJit
-         $ vmwSTSExternalIdpUpnSuffix
-         $ vmwSTSAlias
-       )
-   )
-
-objectClasses: (
-    VMWare.STS.objectclass.25
-    NAME 'vmwExternalIdpUser'
-    DESC 'VMWare external idp user'
-    AUXILIARY
-    MUST ( vmwSTSEntityId
-         $ vmwSTSExternalIdpUserId
-        )
-    )
-
-objectClasses: (
-   VMWare.STS.objectclass.26
-   NAME 'vmwSTSTenantClientCertificatePolicy'
-   DESC 'VMware Identity Service - Client Certificate Policy'
-   SUP top
-   STRUCTURAL
-   MUST ( cn )
-   MAY ( vmwSTSClientCertRevocationCheckEnabled
-         $ vmwSTSClientCertOCSPEnabled
-         $ vmwSTSClientCertUseCRLAsFailOver
-         $ vmwSTSClientCertSendOCSPNounce
-         $ vmwSTSClientCertOCSPUrl
-         $ userCertificate
-         $ vmwSTSClientCertUseCertCRL
-         $ vmwSTSClientCertCRLUrl
-         $ vmwSTSClientCertCRLCacheSize
-         $ vmwSTSClientCertCustomCertPolicyOid
-       )
-   )
-
-objectClasses: (
-   VMWare.STS.objectclass.27
-   NAME 'vmwSTSTenantRsaAgentConfiguration'
-   DESC 'VMware Identity Service - RSA secureID agent configuration'
-   SUP top
-   STRUCTURAL
-   MUST ( cn )
-   MAY ( vmwSTSRsaLoginGuidence
-         $ vmwSTSRsaLogLevel
-         $ vmwSTSRsaLogFileSize
-         $ vmwSTSRsaMaxLogFileCount
-         $ vmwSTSRsaConnectionTimeOut
-         $ vmwSTSRsaReadTimeOut
-         $ vmwSTSRsaEncryptionAlg
-       )
-   )
-
-
-objectClasses: (
-   VMWare.STS.objectclass.28
-   NAME 'vmwSTSTenantRsaAgentInstance'
-   DESC 'VMware Identity Service - RSA secureID site configuration'
-   SUP top
-   STRUCTURAL
-   MUST ( cn
-         $ vmwSTSRsaSiteID
-         $ vmwSTSRsaAgentName
-         $ vmwSTSRsaSDConfigRec
-       )
-   MAY ( vmwSTSRsaSDOptsRec
-       )
-   )
-
-objectClasses: (
-   VMWare.STS.objectclass.29
-   NAME 'vmwSTSTenantAltOCSPRespondersSite'
-   DESC 'VMware Identity Service - Alternative OCSP responders info for the PSC site'
-   SUP top
-   STRUCTURAL
-   MUST ( cn
-         $ vmwSTSPscSiteID
-       )
-   )
-
-objectClasses: (
-   VMWare.STS.objectclass.30
-   NAME 'vmwSTSTenantAltOCSPResponder'
-   DESC 'VMware Identity Service - Alternative OCSP responder info'
-   SUP top
-   STRUCTURAL
-   MUST ( cn
-         $ vmwSTSClientCertOCSPUrl
-       )
-   MAY ( userCertificate
-       )
-   )
-############################################################
-# VMware OIDC
-############################################################
-
-attributeTypes: (
-    VMWare.OIDC.attribute.1
-    NAME 'vmwOidcClientID'
-    DESC 'Client identifier'
-    EQUALITY caseExactMatch
-    ORDERING caseExactOrderingMatch
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.2
-    NAME 'vmwOidcRedirectURIs'
-    DESC 'Redirection URIs'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.3
-    NAME 'vmwOidcTokenEndpointAuthMethod'
-    DESC 'Token endpoint authentication method'
-    EQUALITY caseExactMatch
-    ORDERING caseExactOrderingMatch
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.4
-    NAME 'vmwOidcTokenEndpointJWSAlg'
-    DESC 'Token endpoint JWS algorithm for JWT client authentication'
-    EQUALITY caseExactMatch
-    ORDERING caseExactOrderingMatch
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.5
-    NAME 'vmwOidcIDTokenJWSAlg'
-    DESC 'ID Token JWS algorithm'
-    EQUALITY caseExactMatch
-    ORDERING caseExactOrderingMatch
-    SUBSTR caseExactSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.6
-    NAME 'vmwOidcPostLogoutRedirectURI'
-    DESC 'Post logout redirect URI'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.7
-    NAME 'vmwOidcLogoutURI'
-    DESC 'Logout URI'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.8
-    NAME 'vmwOidcCertSubDN'
-    DESC 'Certificate Subject DN'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.9
-    NAME 'vmwOidcResourceServerName'
-    DESC 'Resource Server Name'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.10
-    NAME 'vmwOidcResourceServerGroupFilter'
-    DESC 'Resource Server Group Filter'
-    EQUALITY caseIgnoreMatch
-    ORDERING caseIgnoreOrderingMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributeTypes: (
-    VMWare.OIDC.attribute.11
-    NAME 'vmwOidcAuthnRequestClientAssertionLifetimeMS'
-    DESC 'Authentication Request Client Assertion Lifetime MS'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-objectClasses: (
-    VMWare.OIDC.objectclass.1
-    NAME 'vmwOidcRelyingParty'
-    DESC 'OpenID Connect 1.0 Relying Party (RP)'
-    STRUCTURAL
-    MUST ( vmwOidcClientID $
-           vmwOidcRedirectURIs )
-    MAY ( vmwOidcTokenEndpointAuthMethod $
-          vmwOidcTokenEndpointJWSAlg $
-          vmwOidcIDTokenJWSAlg $
-          vmwOidcPostLogoutRedirectURI $
-          vmwOidcLogoutURI $
-          vmwOidcCertSubDN $
-          vmwOidcAuthnRequestClientAssertionLifetimeMS )
-    )
-
-objectClasses: (
-    VMWare.OIDC.objectclass.2
-    NAME 'vmwOidcResourceServer'
-    DESC 'Resource Server'
-    STRUCTURAL
-    MUST ( vmwOidcResourceServerName )
-    MAY ( vmwOidcResourceServerGroupFilter )
-    )
-
-############################################################
-# VMware Lookup Service
-############################################################
-
-attributetypes: (
-    VMWare.LKUP.attribute.1
-    NAME 'vmwLKUPOwnerId'
-    DESC 'VMWare Lookup Service - OwnerId'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.2
-    NAME 'vmwLKUPVersion'
-    DESC 'VMWare Lookup Service - Version'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.3
-    NAME 'vmwLKUPDescription'
-    DESC 'VMWare Lookup Service - Description'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.4
-    NAME 'vmwLKUPFriendlyName'
-    DESC 'VMWare Lookup Service - FriendlyName'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.5
-    NAME 'vmwLKUPServiceType'
-    DESC 'VMWare Lookup Service - ServiceType'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.6
-    NAME 'vmwLKUPProductId'
-    DESC 'VMWare Lookup Service - ProductId'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.7
-    NAME 'vmwLKUPURI'
-    DESC 'VMWare Lookup Service - URI'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.8
-    NAME 'vmwLKUPSslTrustAnchor'
-    DESC 'VMWare Lookup Service - SslTrustAnchor'
-    EQUALITY octetStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.9
-    NAME 'vmwLKUPProtocol'
-    DESC 'VMWare Lookup Service - Protocol'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.10
-    NAME 'vmwLKUPConfigKey'
-    DESC 'VMWare Lookup Service - ConfigKey'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.11
-    NAME 'vmwLKUPConfigValue'
-    DESC 'VMWare Lookup Service - ConfigValue'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.12
-    NAME 'vmwLKUPLegacyId'
-    DESC 'VMWare Lookup Service - LegacyId'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.13
-    NAME 'vmwLKUPProduct'
-    DESC 'VMWare Lookup Service - Product identifier of the service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.14
-    NAME 'vmwLKUPType'
-    DESC 'VMWare Lookup Service - Type of the service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.15
-    NAME 'vmwLKUPDeploymentNodeId'
-    DESC 'VMWare Lookup Service - Service deployment node identifier'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.16
-    NAME 'vmwLKUPFriendlyNameResourceKey'
-    DESC 'VMWare Lookup Service - resource key of the service name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.17
-    NAME 'vmwLKUPFriendlyNameDefault'
-    DESC 'VMWare Lookup Service - service name text to use in absence of resource'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.18
-    NAME 'vmwLKUPDescriptionResourceKey'
-    DESC 'VMWare Lookup Service - resource key of the service description'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.19
-    NAME 'vmwLKUPDescriptionDefault'
-    DESC 'VMWare Lookup Service - text of the service description to use in absence of resource'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.20
-    NAME 'vmwLKUPVendorNameResourceKey'
-    DESC 'VMWare Lookup Service - resource key of the vendor name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.21
-    NAME 'vmwLKUPVendorNameDefault'
-    DESC 'VMWare Lookup Service - text of the vendor name to use in absence of resource'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.22
-    NAME 'vmwLKUPProductInfoResourceKey'
-    DESC 'VMWare Lookup Service - resource key of the service product info'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.23
-    NAME 'vmwLKUPProductInfoDefault'
-    DESC 'VMWare Lookup Service - text of the product info to use in absence of resource'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.24
-    NAME 'vmwLKUPEndpointProtocol'
-    DESC 'VMware Lookup Service - endpoint protocol ("vmomi", "rest", "wsTrust", "http", etc.)'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.25
-    NAME 'vmwLKUPEndpointType'
-    DESC 'VMware Lookup Service - endpoint type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.26
-    NAME 'vmwLKUPEndpointSslTrust'
-    DESC 'VMware Lookup Service - endpoint SSL trust anchor'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.27
-    NAME 'vmwLKUPLegacyIds'
-    DESC 'VMware Lookup Service - service identifier'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.28
-    NAME 'vmwLKUPPropertyName'
-    DESC 'VMWare Lookup Service - property name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.LKUP.attribute.29
-    NAME 'vmwLKUPPropertyValue'
-    DESC 'VMWare Lookup Service - property value'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-objectClasses: (
-    VMWare.LKUP.objectclass.1
-    NAME 'vmwLKUPService'
-    DESC 'VMware Lookup Service -Service'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwLKUPVersion
-         $ vmwLKUPServiceType
-         )
-    MAY  ( vmwLKUPOwnerId
-         $ vmwLKUPDescription
-         $ vmwLKUPFriendlyName
-         $ vmwLKUPProductId
-         $ vmwLKUPLegacyId
-         )
-    )
-
-objectClasses: (
-    VMWare.LKUP.objectclass.2
-    NAME 'vmwLKUPServiceEndpoint'
-    DESC 'VMware Lookup Service - ServiceEndpoint'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwLKUPURI
-         $ vmwLKUPProtocol
-         )
-    MAY  ( vmwLKUPSslTrustAnchor )
-    )
-
-objectClasses: (
-    VMWare.LKUP.objectclass.3
-    NAME 'vmwLKUPServiceConfiguration'
-    DESC 'VMware Lookup Service - ServiceConfiguration'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwLKUPConfigKey )
-    MAY  ( vmwLKUPConfigValue )
-    )
-
-objectClasses: (
-    VMWare.LKUP.objectclass.4
-    NAME 'vmwLKUPServiceRegistration'
-    DESC 'VMware Lookup Service - Service registration entry'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwLKUPVersion
-         $ vmwLKUPProduct
-         $ vmwLKUPType
-         $ vmwLKUPOwnerId
-         )
-    MAY  ( vmwLKUPDeploymentNodeId
-         $ vmwLKUPFriendlyNameResourceKey
-         $ vmwLKUPFriendlyNameDefault
-         $ vmwLKUPDescriptionResourceKey
-         $ vmwLKUPDescriptionDefault
-         $ vmwLKUPVendorNameResourceKey
-         $ vmwLKUPVendorNameDefault
-         $ vmwLKUPProductInfoResourceKey
-         $ vmwLKUPProductInfoDefault
-         $ vmwLKUPLegacyIds
-         )
-    )
-
-objectClasses: (
-    VMWare.LKUP.objectclass.5
-    NAME 'vmwLKUPEndpointRegistration'
-    DESC 'VMware Lookup Service - Endpoint registration entry'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwLKUPEndpointType
-         $ vmwLKUPEndpointProtocol
-         $ vmwLKUPURI
-         )
-    MAY  ( vmwLKUPEndpointSslTrust
-         $ vmwLKUPLegacyId
-         $ vmwLKUPFriendlyNameDefault
-         $ vmwLKUPDescriptionDefault
-         )
-    )
-
-objectClasses: (
-    VMWare.LKUP.objectclass.6
-    NAME 'vmwLKUPProperty'
-    DESC 'VMware Lookup Service - Custom property of service or endpoint'
-    SUP top
-    STRUCTURAL
-    MUST ( vmwLKUPPropertyName
-         $ vmwLKUPPropertyValue
-         )
-    )
-
-
-############################################################
-# VMware Component Manager
-############################################################
-
-attributetypes: (
-    VMWare.CIS.attribute.1
-    NAME 'vmwCISVersion'
-    DESC 'VMware CIS - service version'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.2
-    NAME 'vmwCISOwner'
-    DESC 'VMware CIS - SSO principal which is the owner of the service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.3
-    NAME 'vmwCISGroup'
-    DESC 'VMware CIS - identifier of a group a service may belong to'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.4
-    NAME 'vmwCISProduct'
-    DESC 'VMware CIS - product identifier of a service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.5
-    NAME 'vmwCISType'
-    DESC 'VMware CIS - type of a service'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.6
-    NAME 'vmwCISHost'
-    DESC 'VMware CIS - host id of the virtual machine on which the service is hosted'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.7
-    NAME 'vmwCISName'
-    DESC 'VMware CIS - resource key for service name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.8
-    NAME 'vmwCISDescription'
-    DESC 'VMware CIS - resource key for service description'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.9
-    NAME 'vmwCISGroupName'
-    DESC 'VMware CIS - resource key for service group name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.10
-    NAME 'vmwCISEndpoints'
-    DESC 'VMware CIS - List of service endpoints'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.11
-    NAME 'vmwCISEndpointTypes'
-    DESC 'VMware CIS - List of types of service endpoints - to facilitate search by endpoint types'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.12
-    NAME 'vmwCISAuxAttributes'
-    DESC 'VMware CIS - List of auxiliary service attributes'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.13
-    NAME 'vmwCISSiteId'
-    DESC 'VMware CIS - site id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.14
-    NAME 'vmwCISLduId'
-    DESC 'VMware CIS - ldu id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.15
-    NAME 'vmwCISServiceControlScript'
-    DESC 'VMware CIS Component Manager - Service Control Script'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.CIS.attribute.16
-    NAME 'vmwCISServiceConfigDefinitions'
-    DESC 'VMware CIS Component Manager - List of service config definitions'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-objectClasses: (
-    VMWare.CIS.objectclass.1
-    NAME 'vmwCISSite'
-    DESC 'VMware CIS - component manager site'
-    SUP top
-    STRUCTURAL
-    MUST ( cn )
-    MAY  ( displayName )
-    )
-
-objectClasses: (
-    VMWare.CIS.objectclass.2
-    NAME 'vmwCISLdu'
-    DESC 'VMware CIS - component manager LDU'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwCISSiteId
-         )
-    MAY  ( displayName )
-    )
-
-objectClasses: (
-    VMWare.CIS.objectclass.3
-    NAME 'vmwCISService'
-    DESC 'VMware CIS - registered service'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwCISLduId
-         )
-    MAY  ( vmwCISVersion
-         $ vmwCISOwner
-         $ vmwCISGroup
-         $ vmwCISProduct
-         $ vmwCISType
-         $ vmwCISHost
-         $ vmwCISName
-         $ vmwCISDescription
-         $ vmwCISGroupName
-         $ vmwCISEndpoints
-         $ vmwCISEndpointTypes
-         $ vmwCISAuxAttributes
-         $ vmwCISServiceControlScript
-         $ vmwCISServiceConfigDefinitions
-         )
-    )
-
-############################################################
-# VMware Authz Service
-############################################################
-
-attributetypes: (
-    VMWare.authz.attribute.1
-    NAME 'vmwAuthzRoleIdBeforeUpgrade'
-    DESC 'Unique Role Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.2
-    NAME 'vmwAuthzRoleName'
-    DESC 'Unique Role Name'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.3
-    NAME 'vmwAuthzRoleDescription'
-    DESC 'Authz description of a Role'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.4
-    NAME 'vmwAuthzRoleVersion'
-    DESC 'Authz Role Version - higher verson indicates more recent role details'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.5
-    NAME 'vmwAuthzTenantUri'
-    DESC 'Tenant URI'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.6
-    NAME 'vmwAuthzRolePrivilegeId'
-    DESC 'privilege id for a role single or multiple per role'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.7
-    NAME 'vmwAuthzPrivilegeId'
-    DESC 'unique privilege id for a Privilege object'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.8
-    NAME 'vmwAuthzPrivilegeDescription'
-    DESC 'Descrription of Privilege'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.9
-    NAME 'vmwAuthzPrivilegeGroupName'
-    DESC 'Name of the group of the privilege'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.10
-    NAME 'vmwAuthzPrivilegeVersion'
-    DESC 'Privilege version. Higher number represent more recent privilege details'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.11
-    NAME 'vmwAuthzPrivilegeIsOnParent'
-    DESC 'Indicator if the privilege needs to apply to object parent'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.12
-    NAME 'vmwAuthzPrincipalName'
-    DESC 'Unique Principal Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.13
-    NAME 'vmwAuthzPrincipalGroup'
-    DESC 'Is Group'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.14
-    NAME 'vmwAuthzPermissionVersion'
-    DESC 'Version of Permission'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.15
-    NAME 'vmwAuthzPermissionPropagate'
-    DESC 'Authz Permission propagate flag'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.16
-    NAME 'vmwAuthzPermissionRoleId'
-    DESC 'Role id for permission'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.authz.attribute.17
-    NAME 'vmwAuthzDocUri'
-    DESC 'uri'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.1
-    NAME 'vmwAuthzRole'
-    DESC 'VMWARE CIS - Authz Role'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwAuthzRoleName
-         $ vmwAuthzRoleDescription
-         $ vmwAuthzRoleVersion
-         )
-    MAY ( vmwAuthzTenantUri
-        $ vmwAuthzRolePrivilegeId
-        $ vmwAuthzRoleIdBeforeUpgrade
-        )
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.2
-    NAME 'vmwAuthzPrivilege'
-    DESC 'Privilege'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwAuthzPrivilegeId
-         $ vmwAuthzPrivilegeDescription
-         $ vmwAuthzPrivilegeVersion
-         $ vmwAuthzPrivilegeGroupName
-         )
-    MAY ( vmwAuthzPrivilegeIsOnParent
-        )
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.3
-    NAME 'vmwAuthzRoleModel'
-    DESC 'VMware Authz Role Model'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.4
-    NAME 'vmwAuthzPrivModel'
-    DESC 'VMware Authz Priv Model'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.5
-    NAME 'vmwAuthzAcl'
-    DESC 'VMware Authz Permission'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwAuthzPrincipalName
-         $ vmwAuthzPrincipalGroup
-         $ vmwAuthzPermissionPropagate
-         $ vmwAuthzPermissionVersion
-         )
-    MAY ( vmwAuthzPermissionRoleId
-        )
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.6
-    NAME 'vmwAuthzAclMap'
-    DESC 'VmWare Authz ACLMapping of doc uri and assoicated permissions'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwAuthzDocUri
-         $ vmwAuthzPrincipalName
-         $ vmwAuthzPrincipalGroup
-         $ vmwAuthzPermissionPropagate
-         $ vmwAuthzPermissionVersion )
-    MAY  ( vmwAuthzPermissionRoleId
-         )
-    )
-
-objectClasses: (
-    VMWare.authz.objectclass.7
-    NAME 'vmwAuthzAclModel'
-    DESC 'VMware Authz acl Model'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    )
-
-############################################################
-# VMware Tagging Service
-############################################################
-
-attributetypes: (
-    VMWare.tagging.attribute.1
-    NAME 'vmwTaggingIsSystemScope'
-    DESC 'VMware Tagging - indicates whether the tagging scope is a system scope'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.2
-    NAME 'vmwTaggingSystemScopeFlag'
-    DESC 'VMware Tagging - indicates the system scope bucket that the concerned tagging scope falls in'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.3
-    NAME 'vmwTaggingAuthzUri'
-    DESC 'VMware Tagging - indicates the scope URI that is used to create Authz permission on this scope'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.4
-    NAME 'vmwTaggingCategoryName'
-    DESC 'VMware Tagging - tag-category name'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.5
-    NAME 'vmwTaggingCategoryCardinality'
-    DESC 'VMware Tagging - tag-category Cardinality. It can either be SINGLE or MULTIPLE'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.6
-    NAME 'vmwTaggingCategoryDescription'
-    DESC 'VMware Tagging - tag-category description'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.7
-    NAME 'vmwTaggingCategoryAssociableType'
-    DESC 'VMware Tagging - tag-category associable type, tells you the valid object-types that can be attached'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.8
-    NAME 'vmwTaggingCategoryUsedBy'
-    DESC 'VMware Tagging - tag-category used-by field indicates the users of this field'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.9
-    NAME 'vmwTaggingTagName'
-    DESC 'VMware Tagging - tag name'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.10
-    NAME 'vmwTaggingTagDescription'
-    DESC 'VMware Tagging - tag description'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.11
-    NAME 'vmwTaggingTagUsedBy'
-    DESC 'VMware Tagging - tag used-by field that indicates the users of this tag'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.12
-    NAME 'vmwTaggingScopeVersion'
-    DESC 'VMware Tagging - indicates the scope version'
-    EQUALITY numericStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.13
-    NAME 'vmwTaggingCategoryVersion'
-    DESC 'VMware Tagging - indicates the scope version'
-    EQUALITY numericStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.14
-    NAME 'vmwTaggingTagVersion'
-    DESC 'VMware Tagging - indicates the tag version'
-    EQUALITY numericStringMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
-    SINGLE-VALUE
-    )
-
-attributetypes: (
-    VMWare.tagging.attribute.15
-    NAME 'vmwTaggingObjectState'
-    DESC 'VMware Tagging - tag object state'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-objectClasses: (
-    VMWare.tagging.objectclass.1
-    NAME 'vmwTaggingScopeModel'
-    DESC 'VMware CIS - tagging service scope'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwTaggingIsSystemScope
-         $ vmwTaggingScopeVersion
-         )
-    MAY  ( vmwTaggingAuthzUri
-         $ vmwTaggingSystemScopeFlag
-         $ vmwTaggingObjectState
-         )
-    )
-
-objectClasses: (
-    VMWare.tagging.objectclass.2
-    NAME 'vmwTaggingCategoryModel'
-    DESC 'VMware CIS - tagging service category'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwTaggingCategoryName
-         $ vmwTaggingCategoryCardinality
-         $ vmwTaggingCategoryVersion
-         )
-    MAY  ( vmwTaggingCategoryDescription
-         $ vmwTaggingCategoryAssociableType
-         $ vmwTaggingCategoryUsedBy
-         $ vmwTaggingObjectState
-         )
-    )
-
-objectClasses: (
-    VMWare.tagging.objectclass.3
-    NAME 'vmwTaggingTagModel'
-    DESC 'VMware CIS - tagging service tag'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwTaggingTagName
-         $ vmwTaggingTagVersion
-         )
-    MAY  ( vmwTaggingTagDescription
-         $ vmwTaggingTagUsedBy
-         $ vmwTaggingObjectState
-         )
-    )
-
-############################################################
-# VMware DNS
-############################################################
-
-attributetypes: (
-    VMWare.DNS.attribute.1
-    NAME 'vmwDNSForwarders'
-    DESC 'VMware DNS Forwarder'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    )
-
-objectClasses: (
-    VMWare.DNS.objectclass.1
-    NAME 'vmwDNSConfig'
-    DESC 'VMware extension to store DNS configuration'
-    SUP top
-    AUXILIARY
-    MAY  ( vmwDNSForwarders
-         )
-    )
-
-############################################################
-# VMware certification authority
-############################################################
-
-objectClasses: (
-    VMWare.CA.objectclass.1
-    NAME 'vmwCertificationAuthority'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         )
-    MAY  ( cACertificateDN
-         )
-    )
-
-dITContentRules:  (
-   VMWare.DIR.contentrule.vmwCertificationAuthority
-   NAME  'vmwCertificationAuthority'
-   AUX ( pkiCA
-       )
-   )
-
-#
-############################################################
-# VMware License Service
-############################################################
-#
-attributeTypes: (
-    VMWare.LicSvc.attribute.1
-    NAME 'vmwLicSvcObjectClass'
-    DESC 'VMware License Service -ObjectClass'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.101
-    NAME 'vmwLicSvcLicenseId'
-    DESC 'VMware License Service - License Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.102
-    NAME 'vmwLicSvcLicenseName'
-    DESC 'VMware License Service - License Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.103
-    NAME 'vmwLicSvcLicenseType'
-    DESC 'VMware License Service - License Type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.104
-    NAME 'vmwLicSvcLicenseProperties'
-    DESC 'VMware License Service - License Properties'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.105
-    NAME 'vmwLicSvcLicenseSerialKeys'
-    DESC 'VMware License Service - License Serial Keys'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.201
-    NAME 'vmwLicSvcLicenseDescriptionId'
-    DESC 'VMware License Service - License Description Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.202
-    NAME 'vmwLicSvcLicenseDescriptionType'
-    DESC 'VMware License Service - License Description Type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.203
-    NAME 'vmwLicSvcLicenseDescriptionName'
-    DESC 'VMware License Service - License Description Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.204
-    NAME 'vmwLicSvcLicenseDescriptionContent'
-    DESC 'VMware License Service - License Description Content'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.205
-    NAME 'vmwLicSvcLicenseDescriptionProperties'
-    DESC 'VMware License Service - License Description Properties'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.301
-    NAME 'vmwLicSvcLicenseLabelSerialKey'
-    DESC 'VMware License Service - License Label Serial Key'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.302
-    NAME 'vmwLicSvcLicenseLabelKey'
-    DESC 'VMware License Service - License Label Key'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.303
-    NAME 'vmwLicSvcLicenseLabelValue'
-    DESC 'VMware License Service - License Label Value'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.401
-    NAME 'vmwLicSvcAssetId'
-    DESC 'VMware License Service - Asset Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.402
-    NAME 'vmwLicSvcAssetInstanceId'
-    DESC 'VMware License Service - Asset Instance Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.403
-    NAME 'vmwLicSvcAssetScopeId'
-    DESC 'VMware License Service - Asset Scope Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.404
-    NAME 'vmwLicSvcAssetOwnerId'
-    DESC 'VMware License Service - Asset Owner Service Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.405
-    NAME 'vmwLicSvcAssetName'
-    DESC 'VMware License Service - Asset Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.406
-    NAME 'vmwLicSvcAssetVersion'
-    DESC 'VMware License Service - Asset Version'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.407
-    NAME 'vmwLicSvcAssetProductName'
-    DESC 'VMware License Service - Asset Product Name'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.408
-    NAME 'vmwLicSvcAssetProductVersion'
-    DESC 'VMware License Service - Asset Product Version'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.409
-    NAME 'vmwLicSvcAssetEvalExpiry'
-    DESC 'VMware License Service - Asset Eval Expiry'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.410
-    NAME 'vmwLicSvcAssetEvalType'
-    DESC 'VMware License Service - Asset Eval Type'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.411
-    NAME 'vmwLicSvcAssetEvalSerialKey'
-    DESC 'VMware License Service - Asset Eval Serial Key'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.412
-    NAME 'vmwLicSvcAssetLicenseId'
-    DESC 'VMware License Service - Asset License Id'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.413
-    NAME 'vmwLicSvcAssetIsInEvaluation'
-    DESC 'VMware License Service - Asset Is In Eval'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.414
-    NAME 'vmwLicSvcAssetCostUnitUsageList'
-    DESC 'VMware License Service - Asset Cost Unit Usage List'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.415
-    NAME 'vmwLicSvcAssetFeaturesInUseList'
-    DESC 'VMware License Service - Asset Features In Use List'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-attributeTypes: (
-    VMWare.LicSvc.attribute.416
-    NAME 'vmwLicSvcAssetPropertiesList'
-    DESC 'VMware License Service - Asset Properties List'
-    EQUALITY caseIgnoreMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-    SINGLE-VALUE
-    )
-
-objectClasses: (
-    VMWare.LicSvc.objectclass.1
-    NAME 'vmwLicSvcLicenseEntity'
-    DESC 'VMware License Service - License Entity'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwLicSvcObjectClass
-         $ vmwLicSvcLicenseId
-         $ vmwLicSvcLicenseName
-         $ vmwLicSvcLicenseType
-         )
-    MAY ( vmwLicSvcLicenseSerialKeys
-        $ vmwLicSvcLicenseProperties
-        )
-    )
-
-objectClasses: (
-    VMWare.LicSvc.objectclass.2
-    NAME 'vmwLicSvcLicenseDescriptionEntity'
-    DESC 'VMware License Service - License Description Entity'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwLicSvcObjectClass
-         $ vmwLicSvcLicenseDescriptionId
-         $ vmwLicSvcLicenseDescriptionType
-         )
-    MAY  ( vmwLicSvcLicenseDescriptionName
-         $ vmwLicSvcLicenseDescriptionContent
-         $ vmwLicSvcLicenseDescriptionProperties
-         )
-    )
-
-objectClasses: (
-    VMWare.LicSvc.objectclass.3
-    NAME 'vmwLicSvcLicenseLabelEntity'
-    DESC 'VMware License Service - License Label Entity'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwLicSvcObjectClass
-         $ vmwLicSvcLicenseLabelSerialKey
-         $ vmwLicSvcLicenseLabelKey
-         $ vmwLicSvcLicenseLabelValue
-         )
-    )
-
-objectClasses: (
-    VMWare.LicSvc.objectclass.4
-    NAME 'vmwLicSvcAssetEntity'
-    DESC 'VMware License Service - Asset Entity'
-    SUP top
-    STRUCTURAL
-    MUST ( cn
-         $ vmwLicSvcObjectClass
-         $ vmwLicSvcAssetId
-         $ vmwLicSvcAssetInstanceId
-         $ vmwLicSvcAssetName
-         $ vmwLicSvcAssetProductName
-         $ vmwLicSvcAssetProductVersion
-         $ vmwLicSvcAssetIsInEvaluation
-         )
-    MAY  ( vmwLicSvcAssetScopeId
-         $ vmwLicSvcAssetOwnerId
-         $ vmwLicSvcAssetVersion
-         $ vmwLicSvcAssetEvalExpiry
-         $ vmwLicSvcAssetEvalType
-         $ vmwLicSvcAssetEvalSerialKey
-         $ vmwLicSvcAssetLicenseId
-         $ vmwLicSvcAssetCostUnitUsageList
-         $ vmwLicSvcAssetFeaturesInUseList
-         $ vmwLicSvcAssetPropertiesList
-         )
-    )
-
-############################################################
-# DIT Content Rules
-############################################################
-
-ditcontentrules: (
-    VMWare.core.ditcontentrules.1
-    NAME 'subentry'
-    AUX ( subschema
-        )
-    )
-
-# use AD rule
-#ditcontentrules: (
-#    VMWare.core.ditcontentrules.2
-#    NAME 'organization'
-#    AUX ( dcObject
-#        )
-#    )
-
-ditcontentrules: (
-    VMWare.STS.ditcontentrules.1
-    NAME 'vmwPolicy'
-    AUX ( vmwLockoutPolicy
-        $ vmwPasswordPolicy
-        )
-    )
-
-############################################################
-# Nameform and DIT Structure Rules
-############################################################
-# RuleID allocation
-############################################################
-
-nameforms: (
-    VMWare.nameform.organization
-    NAME 'organizationNameform'
-    DESC 'Nameform of organization'
-    OC   organization
-    MUST ( o
-         )
-   )
-
-ditstructurerules: (
-    1
-    NAME 'organization-StructureRule-1'
-    DESC 'can live under root'
-    FORM organizationNameform
-    )
-
-ditstructurerules: (
-    2
-    NAME 'organization-StructureRule-2'
-    DESC 'can live under o, domainDNS'
-    FORM organizationNameform
-    SUP ( 1
-          14
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.organizationalUnit
-    NAME 'organizationalUnitNameform'
-    DESC 'Nameform of organizationalUnit'
-    OC   organizationalUnit
-    MUST ( ou
-         )
-   )
-
-ditstructurerules: (
-    3
-    NAME 'organizationalUnit-StructureRule-1'
-    DESC 'can live under o, ou, domainDNS'
-    FORM organizationalUnitNameform
-    SUP ( 2
-          3
-          14
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.subentry
-    NAME 'subentryNameform'
-    DESC 'Nameform of subentry'
-    OC   subentry
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    4
-    NAME 'subentry-StructureRule-1'
-    DESC 'can live under root'
-    FORM subentryNameform
-    )
-
-nameforms: (
-    VMWare.nameform.vmwdircfg
-    NAME 'vmwDirCfgNameform'
-    DESC 'Nameform of vmdircfg'
-    OC   vmwDirCfg
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    5
-    NAME 'vmwDirCfg-StructureRule-1'
-    DESC 'can live under root'
-    FORM vmwDirCfgNameform
-    )
-
-ditstructurerules: (
-    6
-    NAME 'vmwDirCfg-StructureRule-2'
-    DESC 'can live under vmwDirCfg'
-    FORM vmwDirCfgNameform
-    SUP ( 5
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.person
-    NAME 'personNameform'
-    DESC 'Nameform of person'
-    OC   person
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    7
-    NAME 'Person-StructureRule-1'
-    DESC 'can live under vmwDirCfg'
-    FORM personNameform
-    SUP ( 5
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.container
-    NAME 'ContainerNameform'
-    DESC 'Nameform of container'
-    OC   Container
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    8
-    NAME 'Container-StructureRule-1'
-    DESC 'can live under o, domainDNS'
-    FORM containerNameForm
-    SUP ( 1
-          14
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.organizationalRole
-    NAME 'organizationalRoleNameform'
-    DESC 'Nameform of organizationalRole'
-    OC   organizationalRole
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    9
-    NAME 'OrganizationalRole-StructureRule-1'
-    DESC 'can live under o, domainDNS'
-    FORM organizationalRoleNameform
-    SUP ( 1
-          14
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.organizationalPerson
-    NAME 'organizationalPersonNameform'
-    DESC 'Nameform of organizationalRole'
-    OC   organizationalPerson
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    10
-    NAME 'OrganizationalPerson-StructureRule-1'
-    DESC 'can live under o,ou,container'
-    FORM organizationalPersonNameform
-    SUP ( 1
-          3
-          8
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.builtinDomainNameform
-    NAME 'builtinDomainNameform'
-    DESC 'Nameform of builtinDomain'
-    OC   builtinDomain
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    11
-    NAME 'BuiltinDomain-StructureRule-1'
-    DESC 'can live under domainDNS, self'
-    FORM builtinDomainNameform
-    SUP ( 14
-          11
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.vmwPolicy
-    NAME 'vmwPolicyNameform'
-    DESC 'Nameform of vmwPolicy'
-    OC   vmwPolicy
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    12
-    NAME 'vmwPolicy-StructureRule-1'
-    DESC 'can live under domainDNS'
-    FORM vmwPolicyNameform
-    SUP ( 14
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.domainDNS
-    NAME 'domainDNSNameform'
-    DESC 'Nameform of domainDNS'
-    OC   domainDNS
-    MUST ( dc
-         )
-   )
-
-ditstructurerules: (
-    13
-    NAME 'domanDNS-StructureRule-1'
-    DESC 'can live under root'
-    FORM domainDNSNameform
-    )
-
-ditstructurerules: (
-    14
-    NAME 'domainDNS-StructureRule-2'
-    DESC 'can live under itself'
-    FORM domainDNSNameform
-    SUP ( 14
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.vmwDirServer
-    NAME 'vmwDirServerNameform'
-    DESC 'Nameform of vmDirServer'
-    OC   vmwDirServer
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    15
-    NAME 'vmwDirServer-StructureRule-1'
-    DESC 'can live under container, self'
-    FORM vmwDirServerNameForm
-    SUP ( 8
-          15
-        )
-    )
-
-nameforms: (
-    VMWare.nameform.vmwLKUPService
-    NAME 'vmwLKUPServiceNameform'
-    DESC 'Nameform of vmLKUPService'
-    OC   vmwLKUPService
-    MUST ( cn
-         )
-   )
-
-ditstructurerules: (
-    16
-    NAME 'vmwLKUPService-StructureRule-1'
-    DESC 'can live under container,self'
-    FORM vmwLKUPServiceNameForm
-    SUP ( 8
-          16
-        )
-    )
-
-# next structurerule id = 17
diff --git a/lwraft/config/post-client.reg b/lwraft/config/post-client.reg
new file mode 100644
index 000000000..bcb9d8a06
--- /dev/null
+++ b/lwraft/config/post-client.reg
@@ -0,0 +1,8 @@
+[HKEY_THIS_MACHINE\Services]
+
+[HKEY_THIS_MACHINE\Services\post]
+@security = O:SYG:BAD:(A;;KA;;;BA)
+"Description" = {
+    default = "VMware Photon Objectstore Service"
+    doc = ""
+}
diff --git a/lwraft/config/post-rest.json b/lwraft/config/post-rest.json
new file mode 100644
index 000000000..c6481c98e
--- /dev/null
+++ b/lwraft/config/post-rest.json
@@ -0,0 +1,900 @@
+{
+    "swagger": "2.0",
+    "info": {
+        "title": "Lightwave POST API",
+        "version": "1.3.0"
+    },
+    "schemes": [
+        "http",
+        "https"
+    ],
+    "host": "IPADDRESS_MARKER",
+    "basePath": "/v1",
+    "produces": [
+        "application/json",
+        "text/plain"
+    ],
+    "tags": [
+        {
+            "name": "object",
+            "description": "Lightwave Post data store object API implemented in RESTful interface"
+        },
+        {
+            "name": "ldap",
+            "description": "LDAP(Lightweight Directory Access Protocol) protocol implemented in RESTful interface"
+        },
+        {
+            "name": "etcd",
+            "description": "Key-Value Etcd API implemented in RESTful interface"
+        },
+        {
+            "name": "metrics",
+            "description": "Metrics module for publishing metrics data"
+        }
+    ],
+    "paths": {
+        "/post/ldap": {
+            "put": {
+                "summary": "Add an LDAP entry",
+                "description": "Add an LDAP entry",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "entry",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/LDAPEntry"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic LDAP response",
+                        "schema": {
+                            "$ref": "#/definitions/GenericResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "ldap"
+                ]
+            },
+            "get": {
+                "summary": "Search for LDAP entries",
+                "description": "Search for LDAP entries",
+                "produces": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "dn",
+                        "in": "query",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "name": "scope",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "filter",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "attrs",
+                        "in": "query",
+                        "required": false,
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        }
+                    },
+                    {
+                        "name": "page_size",
+                        "in": "query",
+                        "required": false,
+                        "type": "integer",
+                        "format": "int32"
+                    },
+                    {
+                        "name": "paged_results_cookie",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic LDAP response with an array of LDAP entries",
+                        "schema": {
+                            "$ref": "#/definitions/LDAPSearchResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "ldap"
+                ]
+            },
+            "patch": {
+                "summary": "Modify an LDAP entry",
+                "description": "Modify an LDAP entry",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "dn",
+                        "in": "query",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "name": "mods",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/LDAPMod"
+                            }
+                        }
+                    },
+                    {
+                        "name": "If-Match",
+                        "in": "header",
+                        "required": false,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic LDAP response",
+                        "schema": {
+                            "$ref": "#/definitions/GenericResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "ldap"
+                ]
+            },
+            "delete": {
+                "summary": "Delete an LDAP entry",
+                "description": "Delete an LDAP entry",
+                "parameters": [
+                    {
+                        "name": "dn",
+                        "in": "query",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic LDAP response",
+                        "schema": {
+                            "$ref": "#/definitions/GenericResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "ldap"
+                ]
+            }
+        },
+        "/post/object/{objectpath}": {
+            "put": {
+                "summary": "Add a post object",
+                "description": "Add a post object",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "objectpath",
+                        "in": "path",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "name": "tenant",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "attributes",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/PostObjectAttributes"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic POST object response",
+                        "schema": {
+                            "$ref": "#/definitions/GenericResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "object"
+                ]
+            },
+            "get": {
+                "summary": "Search for post objects",
+                "description": "Search for post objects",
+                "produces": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "objectpath",
+                        "description": "maps to LDAP search base DN",
+                        "in": "path",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "name": "tenant",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "searchscope",
+                        "description": "(base/one/sub) default to sub",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "filter",
+                        "description": "ldap style filter",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "attrs",
+                        "description": "list of return attributes",
+                        "in": "query",
+                        "required": false,
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        }
+                    },
+                    {
+                        "name": "page_size",
+                        "description": "return page size",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "paged_results_cookie",
+                        "description": "opaque server state used for next page search",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Post objects search response",
+                        "schema": {
+                            "$ref": "#/definitions/PostObjectGetResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "object"
+                ]
+            },
+            "patch": {
+                "summary": "Modify a post object",
+                "description": "Modify a post object",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "objectpath",
+                        "in": "path",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "name": "tenant",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "mods",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/LDAPMod"
+                            }
+                        }
+                    },
+                    {
+                        "name": "If-Match",
+                        "in": "header",
+                        "required": false,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic POST response",
+                        "schema": {
+                            "$ref": "#/definitions/GenericResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "object"
+                ]
+            },
+            "delete": {
+                "summary": "Delete a post object",
+                "description": "Delete a post object",
+                "parameters": [
+                    {
+                        "name": "objectpath",
+                        "in": "path",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "name": "tenant",
+                        "in": "query",
+                        "required": false,
+                        "type": "string"
+                    },
+                    {
+                        "name": "recursive",
+                        "in": "query",
+                        "required": false,
+                        "type": "boolean"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Generic POST response",
+                        "schema": {
+                            "$ref": "#/definitions/GenericResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "object"
+                ]
+            }
+        },
+        "/post/etcd/KV/put": {
+            "post": {
+                "summary": "Put the given key into the key-value store. It increments the revision of the key-value store and generates one event in the event history.",
+                "description": "Put a given key into key-value store",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "body",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                          "$ref": "#/definitions/EtcdPutRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Etcd Put Response",
+                        "schema": {
+                            "$ref": "#/definitions/EtcdPutResponse"
+                        }
+                    }
+                },
+                "tags": [
+                  "etcd"
+                ]
+            }
+        },
+        "/post/etcd/KV/range": {
+            "post": {
+                "summary": "Range gets the keys in the range from the key-value store.",
+                "description": "Range gets the keys in the range from the key-value store",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "body",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                          "$ref": "#/definitions/EtcdRangeRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Etcd Get Range Response",
+                        "schema": {
+                            "$ref": "#/definitions/EtcdRangeResponse"
+                        }
+                    }
+                },
+                "tags": [
+                  "etcd"
+                ]
+            }
+        },
+        "/post/etcd/KV/deleterange": {
+            "post": {
+                "summary": "Deletes the given range from the key-value store. A delete request increments the revision of the key-value store and generates a delete event in the event history for every deleted key.",
+                "description": "Delete the range of keys from store",
+                "consumes": [
+                    "application/json"
+                ],
+                "parameters": [
+                    {
+                        "name": "body",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/EtcdDeleteRangeRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Etcd Delete Range Response",
+                        "schema": {
+                            "$ref": "#/definitions/EtcdDeleteRangeResponse"
+                        }
+                    }
+                },
+                "tags": [
+                  "etcd"
+                ]
+            }
+        },
+        "/post/metrics": {
+            "get": {
+                "summary": "Get metrics data",
+                "description": "Get metrics data in Prometheus format",
+                "produces": [
+                    "text/plain"
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Metrics Response",
+                        "schema": {
+                            "$ref": "#/definitions/MetricsResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "metrics"
+                ]
+            }
+        }
+    },
+    "definitions": {
+        "LDAPEntry": {
+            "type": "object",
+            "properties": {
+                "dn": {
+                    "type": "string"
+                },
+                "attributes": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/LDAPAttribute"
+                    }
+                }
+            }
+        },
+        "LDAPAttribute": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "description": "name of the attribute",
+                    "type": "string"
+                },
+                "value": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                }
+            }
+        },
+        "LDAPMod": {
+            "type": "object",
+            "properties": {
+                "operation": {
+                    "description": "add/delete/replace LDAP Modify changetype",
+                    "type": "string"
+                },
+                "attribute": {
+                    "$ref": "#/definitions/LDAPAttribute"
+                }
+            }
+        },
+        "GenericResponse": {
+            "type": "object",
+            "properties": {
+                "error_code": {
+                    "type": "integer",
+                    "format": "int32"
+                },
+                "error_message": {
+                    "type": "string"
+                },
+                "result_count": {
+                    "type": "integer",
+                    "format": "int32"
+                }
+            }
+        },
+        "LDAPSearchResponse": {
+            "type": "object",
+            "properties": {
+                "error_code": {
+                    "type": "integer",
+                    "format": "int32"
+                },
+                "error_message": {
+                    "type": "string"
+                },
+                "paged_results_cookie": {
+                    "type": "string"
+                },
+                "result_count": {
+                    "type": "integer",
+                    "format": "int32"
+                },
+                "result": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/LDAPEntry"
+                    }
+                }
+            }
+        },
+        "PostObjectAttributes": {
+            "type": "object",
+            "properties": {
+                "attributes": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/LDAPAttribute"
+                    }
+                }
+            }
+        },
+        "PostObject": {
+            "type": "object",
+            "properties": {
+                "objectpath": {
+                    "description": "object full path",
+                    "type": "string"
+                },
+                "attributes": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/LDAPAttribute"
+                    }
+                }
+            }
+        },
+        "PostObjectGetResponse": {
+            "type": "object",
+            "properties": {
+                "error_code": {
+                    "type": "integer",
+                    "format": "int32"
+                },
+                "error_message": {
+                    "type": "string"
+                },
+                "paged_results_cookie": {
+                    "type": "string"
+                },
+                "result_count": {
+                    "type": "integer",
+                    "format": "int32"
+                },
+                "result": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/PostObject"
+                    }
+                }
+            }
+        },
+        "KeyValue": {
+            "type": "object",
+            "properties": {
+                "create_revision": {
+                    "description": "revision of last creation on this key.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "key": {
+                    "description": "key in bytes. An empty key is not allowed.",
+                    "type": "string",
+                    "format": "byte"
+                },
+                "lease": {
+                    "description": "lease is the ID of the lease that attached to key. When the attached lease expires, the key will be deleted. If lease is 0, then no lease is attached to the key.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "mod_revision": {
+                    "description": "revision of last modification on this key.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "value": {
+                    "description": "value held by the key, in bytes.",
+                    "type": "string",
+                    "format": "byte"
+                },
+                "version": {
+                    "description": "version of the key. A deletion resets the version to zero and any modification of the key increases its version.",
+                    "type": "string",
+                    "format": "int64"
+                }
+            }
+        },
+        "ResponseHeader": {
+            "type": "object",
+            "properties": {
+                "cluster_id": {
+                    "description": "ID of the cluster which sent the response.",
+                    "type": "string",
+                    "format": "uint64"
+                },
+                "member_id": {
+                    "description": "ID of the member which sent the response.",
+                    "type": "string",
+                    "format": "uint64"
+                },
+                "raft_term": {
+                    "description": "raft term when the request was applied.",
+                    "type": "string",
+                    "format": "uint64"
+                },
+                "revision": {
+                    "description": "key-value store revision when the request was applied.",
+                    "type": "string",
+                    "format": "int64"
+                }
+            }
+        },
+        "EtcdPutRequest": {
+            "type": "object",
+            "properties": {
+                "ignore_lease": {
+                    "description": "If ignore_lease is set, etcd updates the key using its current lease. Returns an error if the key does not exist.",
+                    "type": "boolean",
+                    "format": "boolean"
+                },
+                "ignore_value": {
+                    "description": "If ignore_value is set, etcd updates the key using its current value. Returns an error if the key does not exist.",
+                    "type": "boolean",
+                    "format": "boolean"
+                },
+                "key": {
+                    "description": "key is the key, in bytes, to put into the key-value store.",
+                    "type": "string",
+                    "format": "byte"
+                },
+                "lease": {
+                    "description": "lease is the lease ID to associate with the key in the key-value store. A lease value of 0 indicates no lease.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "prev_kv": {
+                    "description": "If prev_kv is set, etcd gets the previous key-value pair before changing it. The previous key-value pair will be returned in the put response.",
+                    "type": "boolean",
+                    "format": "boolean"
+                },
+                "value": {
+                    "description": "value is the value, in bytes, to associate with the key in the key-value store.",
+                    "type": "string",
+                    "format": "byte"
+                }
+            }
+        },
+        "EtcdPutResponse": {
+            "type": "object",
+            "properties": {
+                "header": {
+                    "$ref": "#/definitions/ResponseHeader"
+                },
+                "prev_kv": {
+                    "description": "if prev_kv is set in the request, the previous key-value pair will be returned.",
+                    "$ref": "#/definitions/KeyValue"
+                }
+            }
+        },
+        "EtcdRangeRequest": {
+            "type": "object",
+            "properties": {
+                "count_only": {
+                    "description": "count_only when set returns only the count of the keys in the range.",
+                    "type": "boolean",
+                    "format": "boolean"
+                },
+                "key": {
+                    "description": "key is the first key for the range. If range_end is not given, the request only looks up key.",
+                    "type": "string",
+                    "format": "byte"
+                },
+                "keys_only": {
+                    "description": "keys_only when set returns only the keys and not the values.",
+                    "type": "boolean",
+                    "format": "boolean"
+                },
+                "limit": {
+                    "description": "limit is a limit on the number of keys returned for the request. When limit is set to 0, it is treated as no limit.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "max_create_revision": {
+                    "description": "max_create_revision is the upper bound for returned key create revisions; all keys with greater create revisions will be filtered away.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "max_mod_revision": {
+                    "description": "max_mod_revision is the upper bound for returned key mod revisions; all keys with greater mod revisions will be filtered away.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "min_create_revision": {
+                    "description": "min_create_revision is the lower bound for returned key create revisions; all keys with lesser create trevisions will be filtered away.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "min_mod_revision": {
+                    "description": "min_mod_revision is the lower bound for returned key mod revisions; all keys with lesser mod revisions will be filtered away.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "range_end": {
+                    "description": "range_end is the upper bound on the requested range [key, range_end).",
+                    "type": "string",
+                    "format": "byte"
+                },
+                "revision": {
+                    "description": "revision is the point-in-time of the key-value store to use for the range. If revision is less or equal to zero, the range is over the newest key-value store. If the revision has been compacted, ErrCompacted is returned as a response.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "serializable": {
+                    "description": "serializable sets the range request to use serializable member-local reads. Range requests are linearizable by default; linearizable requests have higher latency and lower throughput than serializable requests but reflect the current consensus of the cluster. For better performance, in exchange for possible stale reads, a serializable range request is served locally without needing to reach consensus with other nodes in the cluster.",
+                    "type": "boolean",
+                    "format": "boolean"
+                },
+                "sort_order": {
+                    "description": "sort_order is the order for returned sorted results.",
+                    "$ref": "#/definitions/RangeRequestSortOrder"
+                },
+                "sort_target": {
+                    "description": "sort_target is the key-value field to use for sorting.",
+                    "$ref": "#/definitions/RangeRequestSortTarget"
+                }
+            }
+        },
+        "EtcdRangeResponse": {
+            "type": "object",
+            "properties": {
+                "count": {
+                    "description": "count is set to the number of keys within the range when requested.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "header": {
+                    "$ref": "#/definitions/ResponseHeader"
+                },
+                "kvs": {
+                    "description": "kvs is the list of key-value pairs matched by the range request. kvs is empty when count is requested.",
+                    "type": "array",
+                    "items": {
+                      "$ref": "#/definitions/KeyValue"
+                    }
+                },
+                "more": {
+                    "description": "more indicates if there are more keys to return in the requested range.",
+                    "type": "boolean",
+                    "format": "boolean"
+                }
+            }
+        },
+        "EtcdDeleteRangeRequest": {
+            "type": "object",
+            "properties": {
+                "key": {
+                    "description": "key is the first key to delete in the range.",
+                    "type": "string",
+                    "format": "byte"
+                },
+                "prev_kv": {
+                  "description": "If prev_kv is set, etcd gets the previous key-value pairs before deleting it. The previous key-value pairs will be returned in the delete response.",
+                  "type": "boolean",
+                  "format": "boolean"
+                },
+                "range_end": {
+                    "description": "range_end is the key following the last key to delete for the range [key, range_end).",
+                    "type": "string",
+                    "format": "byte"
+                }
+            }
+        },
+        "EtcdDeleteRangeResponse" : {
+            "type": "object",
+            "properties": {
+                "deleted": {
+                    "description": "deleted is the number of keys deleted by the delete range request.",
+                    "type": "string",
+                    "format": "int64"
+                },
+                "header": {
+                    "$ref": "#/definitions/ResponseHeader"
+                },
+                "prev_kvs": {
+                    "description": "if prev_kv is set in the request, the previous key-value pairs will be returned.",
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/KeyValue"
+                    }
+                }
+            }
+        },
+        "RangeRequestSortOrder": {
+            "type": "string",
+            "default": "NONE",
+            "enum": [
+                "NONE",
+                "ASCEND",
+                "DESCEND"
+            ]
+        },
+        "RangeRequestSortTarget": {
+            "type": "string",
+            "default": "KEY",
+            "enum": [
+                "KEY",
+                "VERSION",
+                "CREATE",
+                "MOD",
+                "VALUE"
+            ]
+        },
+        "MetricsResponse": {
+            "type": "object",
+            "properties": {
+            }
+        }
+    }
+}
diff --git a/lwraft/config/post-telegraf.conf b/lwraft/config/post-telegraf.conf
new file mode 100644
index 000000000..80b5a518e
--- /dev/null
+++ b/lwraft/config/post-telegraf.conf
@@ -0,0 +1,6 @@
+[[inputs.procstat]]
+  exe="postd"
+  prefix="post"
+
+[[inputs.prometheus]]
+  urls = ["http://localhost:7577/v1/post/metrics"]
diff --git a/lwraft/config/post.reg.in b/lwraft/config/post.reg.in
new file mode 100644
index 000000000..215eb97dc
--- /dev/null
+++ b/lwraft/config/post.reg.in
@@ -0,0 +1,53 @@
+[HKEY_THIS_MACHINE\Services]
+
+[HKEY_THIS_MACHINE\Services\post]
+@security = O:SYG:BAD:(A;;KA;;;BA)
+"Description" = {
+    default = "VMware Photon Objectstore Service"
+    doc = ""
+}
+"Path" = {
+    default = "@LWRAFT_SBIN_DIR@/postd"
+    doc = ""
+}
+"Arguments" = {
+    default = "@LWRAFT_SBIN_DIR@/postd -s -l 0 -f @LWRAFT_CONFIG_DIR@/postschema.ldif"
+    doc = ""
+}
+"Environment" = {
+    default = ""
+    doc = ""
+}
+"Dependencies" = {
+    default = "lwreg dcerpc"
+    doc = ""
+}
+"Type" = {
+    default = dword:00000001
+    doc = ""
+}
+"Autostart" = {
+    default = dword:00000001
+    doc = ""
+}
+
+[HKEY_THIS_MACHINE\Services\post\Parameters]
+"DefaultSchema" = {
+    default = "@LWRAFT_CONFIG_DIR@/postschema.ldif"
+    doc = ""
+}
+
+"AllowInsecureAuthentication" = {
+    default = dword:00000001
+    value   = dword:00000001
+    doc = "Set to '1' to allow clear-text password authentication."
+}
+
+"SslDisabledProtocols" = {
+    default = "TLSv1"
+    doc     = "List of protocols to disable"
+}
+
+[HKEY_THIS_MACHINE\Services\post\Parameters\Credentials]
+@security = O:SYG:S-1-22-2-0D:(A;;RCFAFRFWFXKAKRKWKXNW;;;WD)(A;;RCFAFRFWFXKAKRKWKXNW;;;S-1-22-2-0)(A;;RCSDWDWOFAFRFWFXKAKRKWKXNRNWNX;;;SY)
+
diff --git a/lwraft/config/postd b/lwraft/config/postd
new file mode 100644
index 000000000..632b54c4e
--- /dev/null
+++ b/lwraft/config/postd
@@ -0,0 +1,16 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: post
+# Required-Start: $network $remote_fs
+# Required-Stop: $network $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Description: Start and Stop lwraft
+### END INIT INFO
+
+PREFIX="/opt/likewise"
+SERVICE_NAME="post"
+
+export KRB5_CONFIG=/etc/krb5.lotus.conf
+
+. /opt/likewise/bin/init-lwsm.sh
diff --git a/lwraft/config/postd-syslog-ng.conf b/lwraft/config/postd-syslog-ng.conf
new file mode 100644
index 000000000..422d96ae1
--- /dev/null
+++ b/lwraft/config/postd-syslog-ng.conf
@@ -0,0 +1,5 @@
+template t_postd_template { template("${STAMP} ${HOST} ${PRIORITY} ${PROGRAM}[${PID}]: ${MSG}\n"); };
+destination d_postd { file("/var/log/lightwave/postd.log" template(t_postd_template)); };
+filter f_postd { program("postd"); };
+log { source(s_local); filter(f_postd); destination(d_postd); };
+options { frac_digits(3); };
diff --git a/lwraft/config/postschema.ldif b/lwraft/config/postschema.ldif
new file mode 100644
index 000000000..a4d82bd3d
--- /dev/null
+++ b/lwraft/config/postschema.ldif
@@ -0,0 +1,2804 @@
+#
+#
+#
+# VMware ldap Core schema
+#
+# Version 0.1 (Commonly used schema definitions from various RFC for development purpose)
+#
+entryDN: cn=aggregate,cn=schemacontext
+
+cn: aggregate
+
+# subschemaSubentry: cn=aggregate
+
+# structuralObjectClass: subentry
+
+objectclass: top
+
+objectclass: subschema
+
+objectclass: subentry
+
+############################################################
+########## vmdird core definition - BEGIN
+############################################################
+objectClasses: (
+    2.5.20.1
+    NAME 'subschema'
+    DESC 'RFC4512: controlling subschema (sub)entry'
+    AUXILIARY
+    MAY ( ldapSyntaxes
+        $ objectClasses
+        $ attributeTypes
+        $ matchingRules
+        $ matchingRuleUse
+        $ dITContentRules
+        $ dITStructureRules
+        $ vmwAttributeToIdMap
+        )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.1
+    NAME 'vmwDirCfg'
+    DESC 'vmware extension'
+    SUP top
+    STRUCTURAL
+    MUST ( cn )
+    MAY ( vmwAttrIndexDesc
+        $ vmwAttrOrganizationList
+        )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.2
+    NAME 'vmwDseRoot'
+    DESC 'Object class defined by vmware to manage the DSE root entry.'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY ( rootDomainNamingContext
+        $ defaultNamingContext
+        $ configurationNamingContext
+        $ schemaNamingContext
+        $ namingContexts
+        $ supportedLDAPVersion
+        $ subschemaSubentry
+        $ serverName
+        $ vmwDCAccountDN
+        $ vmwDCAccountUPN
+        $ supportedControl
+        $ invocationId
+        $ msDS-SiteName
+        $ vmwPlatformServicesControllerVersion
+        $ ref
+        $ vmwRaftLeader
+        $ vmwRaftActiveFollower
+        $ vmwRaftMember
+        $ vmwRaftState
+        )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.3
+    NAME 'vmwDirServer'
+    DESC 'Object class defined by vmware to manage a vmware directory server entry.'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         $ serverId
+         $ replInterval
+         $ replPageSize
+         $ invocationId
+         )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.4
+    NAME 'vmwReplicationAgreement'
+    DESC 'Object class defined by vmware to store and manage replication agreements in vmdir.'
+    SUP top
+    STRUCTURAL
+    MUST ( labeledURI
+         )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.5
+    NAME 'vmwDirServerStatus'
+    DESC 'defines object containing server stats'
+    SUP top
+    STRUCTURAL
+    MUST ( cn )
+    MAY ( vmwServerRunTimeStatus
+        )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.6
+    NAME 'vmwPolicy'
+    DESC 'VMware - per tenant policy'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         $ Enabled
+         )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.7
+    NAME 'vmwPasswordPolicy'
+    DESC 'VMware - per tenant password policy'
+    AUXILIARY
+    MAY  ( description
+         $ vmwPasswordProhibitedPreviousCount
+         $ vmwPasswordLifetimeDays
+         $ vmwPasswordMaxLength
+         $ vmwPasswordMinLength
+         $ vmwPasswordMinAlphabeticCount
+         $ vmwPasswordMinUpperCaseCount
+         $ vmwPasswordMinLowerCaseCount
+         $ vmwPasswordMinNumericCount
+         $ vmwPasswordMinSpecialCharCount
+         $ vmwPasswordMaxIdenticalAdjacentChars
+         $ vmwPasswordSpecialChars
+         )
+   )
+
+objectClasses: (
+    VMWare.DIR.objectclass.8
+    NAME 'vmwLockoutPolicy'
+    DESC 'VMware - per tenant lockout policy'
+    AUXILIARY
+    MAY  ( description
+         $ vmwPasswordChangeMaxFailedAttempts
+         $ vmwPasswordChangeFailedAttemptIntervalSec
+         $ vmwPasswordChangeAutoUnlockIntervalSec
+         )
+   )
+
+#objectClasses: (
+#    VMWare.DIR.objectclass.10
+#    NAME 'vmwServicePrincipal'
+#    DESC 'VMWare service principal'
+#    SUP top
+#    AUXILIARY
+#    MUST ( cn
+#         $ vmwSTSSubjectDN
+#         )
+#    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.11
+    NAME 'vmwRaftLogEntry'
+    DESC 'a Raft log entry'
+    SUP top
+    STRUCTURAL
+    MUST ( vmwRaftTerm
+         $ vmwRaftLogindex
+         $ vmwRaftLogEntries
+         )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.12
+    NAME 'vmwRaftPersistState'
+    DESC 'Raft persistent state'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         $ vmwRaftTerm
+         $ vmwRaftLastApplied
+         $ vmwRaftVotedForTerm
+         $ vmwRaftFirstLogIndex
+         )
+    MAY  ( vmwRaftVotedFor
+         )
+    )
+
+objectClasses: (
+    VMWare.DIR.objectclass.13
+    NAME 'vmwRaftClusterState'
+    DESC 'Raft state of all memmbers'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY  ( vmwRaftState
+         )
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.1
+    NAME 'vmwAttributeToIdMap'
+    DESC 'VMware extension'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+# like to add USAGE vmwExtension
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.2
+    NAME 'vmwAttrIndexDesc'
+    DESC 'VMware extension'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.3
+    NAME 'lastKnownDn'
+    DESC 'last known DN of the DELETED object'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.5
+    NAME 'rootDomainNamingContext'
+    DESC 'Attribute containing the distinguished name of the root (main) domain naming context'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.6
+    NAME 'defaultNamingContext'
+    DESC 'Attribute containing the distinguished name of the default naming context'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.7
+    NAME 'configurationNamingContext'
+    DESC 'Attribute containing the distinguished name of the configuration naming context'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.8
+    NAME 'schemaNamingContext'
+    DESC 'Attribute containing the distinguished name of the schema naming context'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.9
+    NAME 'vmwServerGUID'
+    DESC 'A GUID identifying a vmware directory server and the associated DB'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{36}
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.10
+    NAME 'deletedObjectsContainer'
+    DESC 'Attribute containing the distinguished name of the deleted objects container'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.11
+    NAME 'replBindDN'
+    DESC 'Attribute containing the distinguished name of the bind DN to be used to bind to a replication partner.'
+    SUP distinguishedName
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.12
+    NAME 'replBindPassword'
+    DESC 'Attribute containing the bind password to be used to bind to a replication partner.'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
+    )
+
+# attribute replInterval from AD
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.15
+    NAME 'replPageSize'
+    DESC 'Number of changes requested in seach replication search request'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.17
+    NAME 'vmwRidSequenceNumber'
+    DESC 'An integer uniquely identifying the current rid sequence number used to generate next RID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.18
+    NAME 'vmwNodeSequenceNumber'
+    DESC 'An integer uniquely identifying the current node sequence number used to generate next RID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.19
+    NAME 'vmwAttrOrganizationList'
+    DESC 'VMware extension'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+# use nTSecurityDescriptor instead
+#attributeTypes: (
+#    VMWare.DIR.attribute.0.20
+#    NAME 'vmwSecurityDescriptor'
+#    DESC 'A security descriptor describing access control for an entry'
+#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+#    SINGLE-VALUE
+#    USAGE directoryOperation
+#    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.21
+    NAME 'oldUserPassword'
+    DESC 'Old passwords in digest form to prevent password recycle per policy'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.23
+    NAME 'vmwEntryIdSequenceNumber'
+    DESC 'Entry ID sequence number generator key prefix, not used in any objectclass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.25
+    NAME 'parentid'
+    DESC 'VMW internal usage to represent sudo parent id attribute, not used in any objectclass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.26
+    NAME 'passwordHashScheme'
+    DESC 'Name of the password hashing scheme'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.27
+    NAME 'serverId'
+    DESC 'An ID used in SID allocation relative to this server'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.29
+    NAME 'externalObjectId'
+    DESC 'VMware defined attribute to store FSP objectId'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.30
+    NAME 'vmwDomainFunctionalLevel'
+    DESC 'Domain functional level supported by a Lotus domain'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.31
+    NAME 'vmwForestFunctionalLevel'
+    DESC 'Forest functional level supported by the Lotus forest'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.32
+    NAME 'vmwServerVersion'
+    DESC 'Lotus server version'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.33
+    NAME 'vmwServerRunTimeStatus'
+    DESC 'Server runtime status'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.34
+    NAME 'vmwPasswordProhibitedPreviousCount'
+    DESC 'VMWare - prohibited previous passwords count'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.35
+    NAME 'vmwPasswordLifetimeDays'
+    DESC 'VMWare - password expiration in days'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.36
+    NAME 'vmwPasswordMaxLength'
+    DESC 'VMWare- password max length'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.37
+    NAME 'vmwPasswordMinLength'
+    DESC 'VMWare - password min length'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.38
+    NAME 'vmwPasswordMinAlphabeticCount'
+    DESC 'VMWare i- password min alphabetic count'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.39
+    NAME 'vmwPasswordMinUpperCaseCount'
+    DESC 'VMWare - password min upper case count'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.40
+    NAME 'vmwPasswordMinNumericCount'
+    DESC 'VMWare - password min numeric count'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.41
+    NAME 'vmwPasswordMinSpecialCharCount'
+    DESC 'VMWare - password min special char @#$%&^* count'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.42
+    NAME 'vmwPasswordMaxIdenticalAdjacentChars'
+    DESC 'VMWare - password max identical adjacent char'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.43
+    NAME 'vmwPasswordChangeMaxFailedAttempts'
+    DESC 'VMWare - password change max failed attempts'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.43
+    NAME 'vmwPasswordChangeFailedAttemptIntervalSec'
+    DESC 'VMWare - password change failed attempt interval in second'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.45
+    NAME 'vmwPasswordChangeAutoUnlockIntervalSec'
+    DESC 'VMWare - password change unlock interval in second'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.46
+    NAME 'vmwPasswordMinLowerCaseCount'
+    DESC 'VMWare - password min lower case count'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributetypes: (
+    VMWare.DIR.attribute.0.47
+    NAME 'vmwDCAccountDN'
+    DESC 'Attribute containing the distinguished name of the domain controller machine account object'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+# Following attribute will be set on the <system domain DN> object.
+# Ideally, it should be set on a forest level object, and not on an object in a Domain scope.
+# Since it is an operational attribute, object class definition need not be alterred.
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.48
+    NAME 'vmwMaxServerId'
+    DESC 'Maximum server id allocated to servers in this forest so far.'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.49
+    NAME 'vmwDCAccountUPN'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.50
+    NAME 'vmwLDUGuid'
+    DESC 'A GUID identifying an LDU associated with this vmware directory server'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{36}
+    SINGLE-VALUE
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.51
+    NAME 'vmwPasswordNeverExpires'
+    DESC 'Attribute to indicate if the password ever expires for the object'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.52
+    NAME 'vmwAdministratorDN'
+    DESC 'Default administrator DN'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.53
+    NAME 'vmwSRPSecret'
+    DESC 'SRP secret'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.54
+    NAME 'vmwAclString'
+    DESC 'ACL in string format'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.55
+    NAME 'vmwPasswordSpecialChars'
+    DESC 'List of special characters'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32}
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.56
+    NAME 'vmwMachineGUID'
+    DESC 'A GUID identifying a machine'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{36}
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.57
+    NAME 'vmwPlatformServicesControllerVersion'
+    DESC 'Platform Services Controller version'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.0.58
+    NAME 'vmwAttributeUsage'
+    DESC 'VMware extension - flag to represent NO-USER-MODIFICATION and USAGE values'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+##############################################################
+########## Following attribute override AD schema.  ##########
+########## ??????????? should we do this ?????????  ##########
+##############################################################
+attributeTypes: (
+    VMWare.DIR.attribute.1.3
+    NAME 'isDeleted'
+    DESC 'Value of the attribute determines if an object is in the DELETED state'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.4
+    NAME 'objectGUID'
+    DESC 'GUID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{36}
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.5
+    NAME 'serverName'
+    DESC 'Attribute containing the distinguished name of the object containing properties of this server'
+    SUP distinguishedName
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+############################################################
+########## vmdird other RFC definition - BEGIN
+############################################################
+
+attributeTypes: (
+    2.5.18.3
+    NAME 'creatorsName'
+    DESC 'RFC4512: name of creator'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.18.4
+    NAME 'modifiersName'
+    DESC 'RFC4512: name of last modifier'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.18.9
+    NAME 'hasSubordinates'
+    DESC 'X.501: entry has children'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.1.16.4
+    NAME 'entryUUID'
+    DESC 'UUID of the entry'
+    SYNTAX 1.3.6.1.1.16.1
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.6
+    NAME 'altServer'
+    DESC 'RFC4512: alternative servers'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.5
+    NAME 'namingContexts'
+    DESC 'RFC4512: naming contexts'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.13
+    NAME 'supportedControl'
+    DESC 'RFC4512: supported controls'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.7
+    NAME 'supportedExtension'
+    DESC 'RFC4512: supported extended operations'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.15
+    NAME 'supportedLDAPVersion'
+    DESC 'RFC4512: supported LDAP versions'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.14
+    NAME 'supportedSASLMechanisms'
+    DESC 'RFC4512: supported SASL mechanisms'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.4203.1.3.5
+    NAME 'supportedFeatures'
+    DESC 'RFC4512: features supported by the server'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.1.4
+    NAME 'vendorName'
+    DESC 'RFC3045: name of implementation vendor'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.1.5
+    NAME 'vendorVersion'
+    DESC 'RFC3045: version of implementation'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE dSAOperation
+    )
+
+attributeTypes: (
+    2.5.21.1 NAME 'dITStructureRules'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.17
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.7 NAME 'nameForms'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.35
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.16.840.1.113730.3.1.34
+    NAME 'ref'
+    DESC 'RFC3296: subordinate referral URL'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    USAGE distributedOperation
+    )
+
+attributeTypes: (
+    2.5.4.48
+    NAME 'protocolInformation'
+    DESC 'RFC2256: protocol information'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.42
+    )
+
+attributeTypes: (
+    2.5.4.52
+    NAME 'supportedAlgorithms'
+    DESC 'RFC2256: supported algorithms'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.49
+    )
+
+objectClasses: (
+    1.3.6.1.4.1.1466.101.120.111
+    NAME 'extensibleObject'
+    DESC 'RFC4512: extensible object'
+    SUP top
+    AUXILIARY
+    )
+
+objectClasses: (
+    2.16.840.1.113730.3.2.6
+    NAME 'referral'
+    DESC 'namedref: named subordinate referral'
+    SUP top
+    STRUCTURAL
+    MUST ref
+    )
+
+objectClasses: (
+    1.3.6.1.4.1.1466.344
+    NAME 'dcObject'
+    DESC 'RFC2247: domain component object'
+    SUP top
+    AUXILIARY
+    MUST dc
+    MAY ( krbMKey
+        )
+    )
+
+############################################################
+########## vmdird other RFC definition - END
+############################################################
+
+############################################################
+########## AD core definition - BEGIN
+############################################################
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.1
+    NAME 'uid'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.20
+    NAME 'homePhone'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.21
+    NAME 'secretary'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.25
+    NAME 'dc'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.3
+    NAME 'mail'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.37
+    NAME 'associatedDomain'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.38
+    NAME 'associatedName'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.41
+    NAME 'mobile'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.42
+    NAME 'pager'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.44
+    NAME 'uniqueIdentifier'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.45
+    NAME 'organizationalStatus'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.48
+    NAME 'buildingName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.5
+    NAME 'drink'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.55
+    NAME 'audio'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.56
+    NAME 'documentPublisher'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.6
+    NAME 'roomNumber'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.60
+    NAME 'jpegPhoto'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.7
+    NAME 'photo'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.8
+    NAME 'userClass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    0.9.2342.19200300.100.1.9
+    NAME 'host'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113549.1.9.2
+    NAME 'unstructuredName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    )
+
+attributeTypes: (
+    1.2.840.113549.1.9.8
+    NAME 'unstructuredAddress'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.1
+    NAME 'instanceType'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+### memberOf is a NO-USER_MODIFICATION attribute i.e. it's value is
+### computed on the fly.
+attributeTypes: (
+    1.2.840.113556.1.2.102
+    NAME 'memberOf'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.115
+    NAME 'invocationId'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.118
+    NAME 'otherPager'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.13
+    NAME 'displayName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.131
+    NAME 'co'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.135
+    NAME 'cost'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.14
+    NAME 'hasMasterNCs'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.141
+    NAME 'department'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.146
+    NAME 'company'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.15
+    NAME 'hasPartialReplicaNCs'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.16
+    NAME 'nCName'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.169
+    NAME 'showInAdvancedViewOnly'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.18
+    NAME 'otherTelephone'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.194
+    NAME 'adminDisplayName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.2
+    NAME 'whenCreated'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.21
+    NAME 'subClassOf'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.210
+    NAME 'proxyAddresses'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.212
+    NAME 'dSHeuristics'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.214
+    NAME 'originalDisplayTableMSDOS'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.218
+    NAME 'oMObjectClass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.22
+    NAME 'governsID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.226
+    NAME 'adminDescription'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.227
+    NAME 'extensionName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.231
+    NAME 'oMSyntax'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.24
+    NAME 'mustContain'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.25
+    NAME 'mayContain'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.255
+    NAME 'addressSyntax'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.256
+    NAME 'streetAddress'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.26
+    NAME 'rDNAttID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.281
+    NAME 'nTSecurityDescriptor'
+    SYNTAX 1.2.840.113556.1.4.907
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.3
+    NAME 'whenChanged'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.30
+    NAME 'attributeID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.32
+    NAME 'attributeSyntax'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.33
+    NAME 'isSingleValued'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.334
+    NAME 'searchFlags'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.7
+    NAME 'vmwAttrUniquenessScope'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.8
+    NAME 'vmwRaftTerm'
+    DESC 'VMware Raft Election Term'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.9
+    NAME 'vmwRaftLastApplied'
+    DESC 'VMware Raft highest log entry applied'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.10
+    NAME 'vmwRaftVotedForTerm'
+    DESC 'VMware Raft voted Term'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.11
+    NAME 'vmwRaftLogindex'
+    DESC 'VMware Raft Log index'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.12
+    NAME 'vmwRaftLogEntries'
+    DESC 'VMware Raft log entry'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.13
+    NAME 'vmwRaftVotedFor'
+    DESC 'VMware Raft server name voted for'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.14
+    NAME 'vmwRaftFirstLogindex'
+    DESC 'VMware Raft First Log index'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.15
+    NAME 'vmwRaftLeader'
+    DESC 'Raft Leader'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.16
+    NAME 'vmwRaftActiveFollower'
+    DESC 'A list of active Raft Followers'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.17
+    NAME 'vmwRaftMember'
+    DESC 'A list of Raft cluster members'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.18
+    NAME 'vmwRaftState'
+    DESC 'Raft volatile state'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    VMWare.DIR.attribute.1.19
+    NAME 'vmwRaftLogChanged'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.34
+    NAME 'rangeLower'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.35
+    NAME 'rangeUpper'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.351
+    NAME 'auxiliaryClass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.370
+    NAME 'objectClassCategory'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.380
+    NAME 'extendedCharsAllowed'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.460
+    NAME 'lDAPDisplayName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.471
+    NAME 'schemaVersion'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    )
+
+#attributeTypes: (
+#    1.2.840.113556.1.2.48
+#    NAME 'isDeleted'
+#    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+#    SINGLE-VALUE
+#    NO-USER-MODIFICATION
+#    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.49
+    NAME 'mAPIID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.50
+    NAME 'linkID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.557
+    NAME 'Enabled'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.598
+    NAME 'dmdName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.7
+    NAME 'subRefs'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.2.8
+    NAME 'possSuperiors'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.1
+    NAME 'name'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.120
+    NAME 'schemaFlagsEx'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.1212
+    NAME 'isEphemeral'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.1336
+    NAME 'replInterval'
+    DESC 'Replication interval in seconds.'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.1358
+    NAME 'schemaInfo'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.144
+    NAME 'operatorCount'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.145
+    NAME 'revision'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.146
+    NAME 'objectSid'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.148
+    NAME 'schemaIDGUID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.149
+    NAME 'attributeSecurityGUID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.156
+    NAME 'comment'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.1696
+    NAME 'lastLogonTimestamp'
+    SYNTAX 1.2.840.113556.1.4.906
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.170
+    NAME 'systemOnly'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.195
+    NAME 'systemPossSuperiors'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.196
+    NAME 'systemMayContain'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.1961
+    NAME 'msDS-SiteName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.197
+    NAME 'systemMustContain'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.198
+    NAME 'systemAuxiliaryClass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.2058
+    NAME 'isRecycled'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.221
+    NAME 'sAMAccountName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.224
+    NAME 'defaultSecurityDescriptor'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.25
+    NAME 'countryCode'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.26
+    NAME 'creationTime'
+    SYNTAX 1.2.840.113556.1.4.906
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.362
+    NAME 'siteGUID'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.480
+    NAME 'defaultGroup'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.481
+    NAME 'schemaUpdate'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.518
+    NAME 'defaultHidingValue'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.52
+    NAME 'lastLogon'
+    SYNTAX 1.2.840.113556.1.4.906
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.538
+    NAME 'prefixMap'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.610
+    NAME 'classDisplayName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.618
+    NAME 'wellKnownObjects'
+    SYNTAX 1.2.840.113556.1.4.903
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.639
+    NAME 'isMemberOfPartialAttributeSet'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.640
+    NAME 'partialAttributeSet'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.653
+    NAME 'managedBy'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.656
+    NAME 'userPrincipalName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.661
+    NAME 'isDefunct'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.662
+    NAME 'lockoutTime'
+    SYNTAX 1.2.840.113556.1.4.906
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.748
+    NAME 'attributeDisplayNames'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.750
+    NAME 'groupType'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.771
+    NAME 'servicePrincipalName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.782
+    NAME 'objectCategory'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.783
+    NAME 'defaultObjectCategory'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.8
+    NAME 'userAccountControl'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.911
+    NAME 'allowedChildClasses'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.912
+    NAME 'allowedChildClassesEffective'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.913
+    NAME 'allowedAttributes'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.914
+    NAME 'allowedAttributesEffective'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.915
+    NAME 'possibleInferiors'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.916
+    NAME 'canonicalName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    1.2.840.113556.1.4.96
+    NAME 'pwdLastSet'
+# vmw use INTEGER instead of SYNTAX 1.2.840.113556.1.4.906 (MSFT LargeInteger)
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.1.20
+    NAME 'entryDN'
+    DESC 'DN of the entry'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.1466.101.120.16
+    NAME 'ldapSyntaxes'
+    DESC 'RFC4512: LDAP syntaxes'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    1.3.6.1.4.1.250.1.57
+    NAME 'labeledURI'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.16.840.1.113730.3.1.34
+    NAME 'middleName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.18.1
+    NAME 'createTimeStamp'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+# vmw
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.18.10
+    NAME 'subSchemaSubEntry'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    2.5.18.2
+    NAME 'modifyTimeStamp'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+# vmw
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.2
+    NAME 'dITContentRules'
+#  AD use following, RFC use different (need consolidate?)
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.4
+    NAME 'matchingRules'
+    DESC 'RFC4512: matching rules'
+#  AD use DirectoryString syntax, RFC use following
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.5
+    NAME 'attributeTypes'
+#  AD use following , RFC use different
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.6
+    NAME 'objectClasses'
+#  AD use following, RFC use different
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.8
+    NAME 'matchingRuleUse'
+    DESC 'RFC4512: matching rule uses'
+#  AD use following, RFC use different
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
+    USAGE directoryOperation
+    )
+
+attributeTypes: (
+    2.5.21.9
+    NAME 'structuralObjectClass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    )
+
+attributeTypes: (
+    2.5.4.0
+    NAME 'objectClass'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+    )
+
+attributeTypes: (
+    2.5.4.10
+    NAME 'o'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.5.4.11
+    NAME 'ou'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.5.4.13
+    NAME 'description'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.5.4.14
+    NAME 'searchGuide'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    2.5.4.15
+    NAME 'businessCategory'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.5.4.16
+    NAME 'postalAddress'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.5.4.17
+    NAME 'postalCode'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.18
+    NAME 'postOfficeBox'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    )
+
+attributeTypes: (
+    2.5.4.19
+    NAME 'physicalDeliveryOfficeName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.2
+    NAME 'knowledgeInformation'
+    SYNTAX 1.2.840.113556.1.4.905
+    )
+
+attributeTypes: (
+    2.5.4.20
+    NAME 'telephoneNumber'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.21
+    NAME 'telexNumber'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    2.5.4.22
+    NAME 'teletexTerminalIdentifier'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    2.5.4.23
+    NAME 'facsimileTelephoneNumber'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.24
+    NAME 'x121Address'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
+    )
+
+attributeTypes: (
+    2.5.4.25
+    NAME 'internationalISDNNumber'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
+    )
+
+attributeTypes: (
+    2.5.4.26
+    NAME 'registeredAddress'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    2.5.4.27
+    NAME 'destinationIndicator'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    )
+
+attributeTypes: (
+    2.5.4.28
+    NAME 'preferredDeliveryMethod'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    )
+
+attributeTypes: (
+    2.5.4.29
+    NAME 'presentationAddress'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.3
+    NAME 'cn'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+#TODO, DN syntax should use EQALITY to get normalized correctly
+# not done with all 121.1.12 yet
+attributeTypes: (
+    2.5.4.31
+    NAME 'member'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+attributeTypes: (
+    2.5.4.32
+    NAME 'owner'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.34
+    NAME 'seeAlso'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+attributeTypes: (
+    2.5.4.35
+    NAME 'userPassword'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.36
+    NAME 'userCertificate'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributeTypes: (
+    2.5.4.4
+    NAME 'sn'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.42
+    NAME 'givenName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.49
+    NAME 'distinguishedName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+#vmw
+    SINGLE-VALUE
+    NO-USER-MODIFICATION
+    )
+
+attributeTypes: (
+    2.5.4.5
+    NAME 'serialNumber'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+    )
+
+attributeTypes: (
+    2.5.4.50
+    NAME 'uniqueMember'
+#vmw
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+    )
+
+attributeTypes: (
+    2.5.4.6
+    NAME 'c'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.7
+    NAME 'l'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.8
+    NAME 'st'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    2.5.4.9
+    NAME 'street'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+objectClasses: (
+    1.2.840.113556.1.3.13
+    NAME 'classSchema'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         $ subClassOf
+         $ governsID
+         $ objectClassCategory
+         $ schemaIDGUID
+         $ defaultObjectCategory
+         )
+    MAY ( possSuperiors
+        $ mustContain
+        $ mayContain
+        $ rDNAttID
+        $ auxiliaryClass
+        $ lDAPDisplayName
+        $ schemaFlagsEx
+        $ systemOnly
+        $ systemPossSuperiors
+        $ systemMayContain
+        $ systemMustContain
+        $ systemAuxiliaryClass
+        $ defaultSecurityDescriptor
+        $ defaultHidingValue
+        $ classDisplayName
+        $ isDefunct
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.3.14
+    NAME 'attributeSchema'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         $ attributeSyntax
+         $ isSingleValued
+         $ lDAPDisplayName
+         )
+    MAY ( rangeLower
+        $ rangeUpper
+        $ mAPIID
+        $ linkID
+        $ oMObjectClass
+        $ searchFlags
+        $ vmwAttrUniquenessScope
+        $ extendedCharsAllowed
+        $ schemaFlagsEx
+        $ attributeSecurityGUID
+        $ systemOnly
+        $ classDisplayName
+        $ isMemberOfPartialAttributeSet
+        $ isDefunct
+        $ isEphemeral
+# vmw move from MUST to MAY
+        $ attributeID
+        $ oMSyntax
+        $ schemaIDGUID
+        $ vmwAttributeUsage
+        )
+    )
+
+objectClasses: (
+# should use vmw OID
+    1.2.840.113556.1.3.23
+    NAME 'container'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY ( description
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.3.30
+    NAME 'computer'
+    SUP user
+    STRUCTURAL
+    MUST ( objectSid
+         )
+    MAY ( cn
+        $ siteGUID
+        $ vmwMachineGUID
+        $ vmwPlatformServicesControllerVersion
+        $ sAMAccountName
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.1
+    NAME 'securityObject'
+    SUP top
+    ABSTRACT
+    MUST ( cn
+         )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.6
+    NAME 'securityPrincipal'
+    SUP top
+    AUXILIARY
+    MUST ( objectSid
+         )
+    MAY ( nTSecurityDescriptor
+# lotus move from MUST to MAY
+        $ sAMAccountName
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.66
+    NAME 'domain'
+    SUP top
+    ABSTRACT
+    MUST ( dc
+         )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.67
+    NAME 'domainDNS'
+    SUP domain
+    STRUCTURAL
+    MAY ( managedBy
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.76
+    NAME 'foreignSecurityPrincipal'
+    SUP top
+    STRUCTURAL
+    MUST ( externalObjectId )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.8
+    NAME 'group'
+    SUP top
+    STRUCTURAL
+    MUST ( groupType
+         $ objectSid
+         )
+    MAY ( member
+        $ sAMAccountName
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.9
+    NAME 'user'
+    SUP organizationalPerson
+    STRUCTURAL
+    MUST ( objectSid
+         )
+    MAY ( o
+        $ userCertificate
+        $ givenName
+        $ userAccountControl
+        $ lastLogon
+        $ pwdLastSet
+        $ userPrincipalName
+        $ lockoutTime
+        $ servicePrincipalName
+        $ lastLogonTimestamp
+        $ uid
+        $ labeledURI
+        $ krbPrincipalKey
+        $ sAMAccountName
+        )
+    )
+
+objectClasses: (
+    2.16.840.1.113730.3.2.2
+    NAME 'inetOrgPerson'
+    SUP user
+    STRUCTURAL
+    MUST ( objectSid
+         )
+    MAY ( o
+        $ userCertificate
+        $ givenName
+        $ uid
+        $ labeledURI
+        $ sAMAccountName
+        )
+    )
+
+
+#objectClasses: (
+#    2.5.20.1
+#    NAME 'subschema'
+#    DESC 'RFC4512: controllingsubschema (sub)entry'
+#    AUXILIARY
+#    MAY ( ldapSyntaxes
+#        $ objectClasses
+#        $ attributeTypes
+#        $ matchingRules
+#        $ matchingRuleUse
+#        $ dITContentRules
+#        $ dITStructureRules
+#        $ vmwAttributeToIdMap
+#        )
+#    )
+
+#
+# moved instancetype ntsecuritydescripto objectcategory from must to may
+#
+objectClasses: (
+    2.5.6.0
+    NAME 'top'
+    ABSTRACT
+    MUST ( objectClass
+         )
+    MAY ( cn
+        $ nTSecurityDescriptor
+        $ instanceType
+        $ objectCategory
+        $ description
+        $ distinguishedName
+        $ whenCreated
+        $ whenChanged
+        $ subRefs
+        $ isDeleted
+        $ memberOf
+        $ extensionName
+        $ objectGUID
+        $ wellKnownObjects
+        $ allowedChildClasses
+        $ allowedChildClassesEffective
+        $ allowedAttributes
+        $ allowedAttributesEffective
+        $ possibleInferiors
+        $ canonicalName
+        $ isRecycled
+        $ structuralObjectClass
+        $ createTimeStamp
+        $ modifyTimeStamp
+        $ subSchemaSubEntry
+        $ vmwRaftLogChanged
+        )
+    )
+
+objectClasses: (
+    2.5.6.17
+    NAME 'groupOfUniqueNames'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         $ uniqueMember
+         )
+    MAY ( o
+        $ ou
+        $ description
+        $ businessCategory
+        $ owner
+        $ seeAlso
+        )
+    )
+
+objectClasses: (
+    2.5.6.4
+    NAME 'organization'
+    SUP top
+    STRUCTURAL
+    MUST ( o
+         )
+    MAY ( l
+        $ st
+        $ street
+        $ searchGuide
+        $ businessCategory
+        $ postalAddress
+        $ postalCode
+        $ postOfficeBox
+        $ physicalDeliveryOfficeName
+        $ telephoneNumber
+        $ telexNumber
+        $ teletexTerminalIdentifier
+        $ facsimileTelephoneNumber
+        $ x121Address
+        $ internationalISDNNumber
+        $ registeredAddress
+        $ destinationIndicator
+        $ preferredDeliveryMethod
+        $ seeAlso
+        $ userPassword
+        )
+    )
+
+objectClasses: (
+    2.5.6.5
+    NAME 'organizationalUnit'
+    SUP top
+    STRUCTURAL
+    MUST ( ou
+         )
+    MAY ( c
+        $ l
+        $ st
+        $ street
+        $ searchGuide
+        $ businessCategory
+        $ postalAddress
+        $ postalCode
+        $ postOfficeBox
+        $ physicalDeliveryOfficeName
+        $ telephoneNumber
+        $ telexNumber
+        $ teletexTerminalIdentifier
+        $ facsimileTelephoneNumber
+        $ x121Address
+        $ internationalISDNNumber
+        $ registeredAddress
+        $ destinationIndicator
+        $ preferredDeliveryMethod
+        $ seeAlso
+        $ userPassword
+        $ co
+        $ countryCode
+        $ defaultGroup
+        $ managedBy
+        )
+    )
+
+objectClasses: (
+    2.5.6.6
+    NAME 'person'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY ( sn
+        $ serialNumber
+        $ telephoneNumber
+        $ seeAlso
+        $ userPassword
+        $ vmwPasswordNeverExpires
+        )
+    )
+
+objectClasses: (
+    2.5.6.7
+    NAME 'organizationalPerson'
+    SUP person
+    STRUCTURAL
+    MAY ( c
+        $ l
+        $ o
+        $ ou
+        $ givenName
+        $ middleName
+# vmw
+        $ oldUserPassword
+        )
+    )
+
+objectClasses: (
+    2.5.6.8
+    NAME 'organizationalRole'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY ( l
+        $ st
+        $ street
+        $ ou
+        $ postalAddress
+        $ postalCode
+        $ postOfficeBox
+        $ physicalDeliveryOfficeName
+        $ telephoneNumber
+        $ telexNumber
+        $ teletexTerminalIdentifier
+        $ facsimileTelephoneNumber
+        $ x121Address
+        $ internationalISDNNumber
+        $ registeredAddress
+        $ destinationIndicator
+        $ preferredDeliveryMethod
+        $ seeAlso
+        )
+    )
+
+objectClasses: (
+    2.5.6.9
+    NAME 'groupOfNames'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY ( o
+        $ ou
+        $ member
+        $ businessCategory
+        $ owner
+        $ seeAlso
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.3.9
+    NAME 'dMD'
+    SUP top
+    STRUCTURAL
+    MUST ( cn
+         )
+    MAY ( dmdName
+        $ schemaUpdate
+        $ prefixMap
+        $ schemaInfo
+        )
+    )
+
+objectClasses: (
+    1.2.840.113556.1.5.4
+    NAME 'builtinDomain'
+    SUP top
+    STRUCTURAL
+    MAY ( objectSid
+        )
+    )
+
+############################################################
+########### kerberos definition 
+
+attributetypes: (
+    VMWare.Kerberos.attribute.1
+    NAME 'krbPrincipalName'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+    )
+
+attributetypes: (
+    VMWare.Kerberos.attribute.28
+    NAME 'krbPrincipalKey'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+attributetypes: (
+    VMWare.Kerberos.attribute.36
+    NAME 'krbMKey'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+    )
+
+############################################################
+
+############################################################
+########## content rules
+############################################################
+
+dITContentRules:  (
+    1.2.840.113556.1.5.67
+    NAME  'domainDNS'
+    AUX ( dcObject
+        )
+    MAY ( objectSid
+        )
+    )
+
+########## AD core definition - END
+############################################################
+
+############################################################
+# DIT Content Rules
+############################################################
+
+##ditcontentrules: (
+##    VMWare.core.ditcontentrules.1
+##    NAME 'subentry'
+##    AUX ( subschema
+##        )
+##    )
+
+# use AD rule
+#ditcontentrules: (
+#    VMWare.core.ditcontentrules.2
+#    NAME 'organization'
+#    AUX ( dcObject
+#        )
+#    )
+
+ditcontentrules: (
+    VMWare.STS.ditcontentrules.1
+    NAME 'vmwPolicy'
+    AUX ( vmwLockoutPolicy
+        $ vmwPasswordPolicy
+        )
+    )
+
+############################################################
+########## ETCD
+############################################################
+
+objectClasses: (
+    POST.ETCD.objectclass.1
+    NAME 'vmwEtcdKV'
+    SUP top
+    STRUCTURAL
+    MUST ( vmwEtcdKey
+         $ vmwEtcdCreateRevision
+         $ vmwEtcdModRevision
+         $ vmwEtcdKeyVersion
+         )
+    MAY ( vmwEtcdValue
+        $ vmwEtcdLease
+        )
+    )
+
+attributeTypes: (
+    POST.ETCD.attribute.1
+    NAME 'vmwEtcdKey'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    POST.ETCD.attribute.2
+    NAME 'vmwEtcdCreateRevision'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    POST.ETCD.attribute.3
+    NAME 'vmwEtcdModRevision'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    POST.ETCD.attribute.4
+    NAME 'vmwEtcdKeyVersion'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    POST.ETCD.attribute.5
+    NAME 'vmwEtcdValue'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+    SINGLE-VALUE
+    )
+
+attributeTypes: (
+    POST.ETCD.attribute.6
+    NAME 'vmwEtcdLease'
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE
+    )
+
+############################################################
+# Attribute Indices
+#
+# This file contains user application indices only.
+# Directory operational indices are maintained in
+# lwraft/server/indexcfg/defines.h.
+#
+# Attribute index definition in ABNF:
+#
+#   AttributeIndexDescription = LPAREN WSP
+#       [ SP "NAME" SP qdescrs ]      ; attribute type name
+#       [ SP "GLOBALLY-UNIQUE" ]      ; value uniqueness
+#
+# Example:
+#
+#   attributeIndices: (
+#       NAME 'example'
+#       GLOBALLY-UNIQUE
+#       )
+############################################################
+
+attributeIndices: (
+    NAME 'uid'
+    )
diff --git a/lwraft/config/sasllwraftd.conf b/lwraft/config/sasllwraftd.conf
deleted file mode 100644
index 8c5c14f41..000000000
--- a/lwraft/config/sasllwraftd.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-auxprop_plugin: lwraftdb
-srp_mda: sha1
diff --git a/lwraft/config/saslpostd.conf b/lwraft/config/saslpostd.conf
new file mode 100644
index 000000000..c1e5d2d77
--- /dev/null
+++ b/lwraft/config/saslpostd.conf
@@ -0,0 +1,2 @@
+auxprop_plugin: postdb
+srp_mda: sha1
diff --git a/lwraft/configure.ac b/lwraft/configure.ac
deleted file mode 100644
index ab902c8be..000000000
--- a/lwraft/configure.ac
+++ /dev/null
@@ -1,694 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([lwraft], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-        PLATFORM_LIB_PREFIX=lib64
-        ;;
-    darwin*:x86_64)
-        PLATFORM_LIB_PREFIX=lib
-        ;;
-    linux*:aarch64)
-        PLATFORM_LIB_PREFIX=lib
-        ;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-ADDACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([addacl],
-    [AC_HELP_STRING([--enable-addacl], [enable acl check on add (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            ADDACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$ADDACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(ADDACL_CHECK_DISABLED, "1", [ Disable ACL checks on add ])
-fi
-
-MODACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([modacl],
-    [AC_HELP_STRING([--enable-modacl], [enable acl check on modify (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            MODACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$MODACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(MODACL_CHECK_DISABLED, "1", [ Disable ACL checks on modify ])
-fi
-
-DELACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([delacl],
-    [AC_HELP_STRING([--enable-delacl], [enable acl check on delete (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            DELACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$DELACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(DELACL_CHECK_DISABLED, "1", [ Disable ACL checks on delete ])
-fi
-
-SEAACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([seaacl],
-    [AC_HELP_STRING([--enable-seaacl], [enable acl check on search (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            SEAACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$SEAACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(SEAACL_CHECK_DISABLED, "1", [ Disable ACL checks on search ])
-fi
-
-# datastore flag
-
-AC_ARG_WITH([datastore],
-    [AC_HELP_STRING([--with-datastore=<datastore>], [use backend datatore <datastore> ])],
-    [
-        LWRAFTD_DATASTORE="$withval"
-    ])
-
-ENABLE_LIGHTWAVE_BUILD=no
-AC_ARG_ENABLE([lightwave-build],
-    [AC_HELP_STRING([--enable-lightwave-build], [enable lightwave build(default: no)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AC_DEFINE_UNQUOTED(LIGHTWAVE_BUILD, 1, [ enable lightwave specific build ])
-        fi
-    ])
-
-# client only build
-
-ENABLE_SERVER=false
-AC_ARG_ENABLE([server],
-    [AC_HELP_STRING([--enable-server], [enable full build(default: no)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            ENABLE_SERVER=true
-        fi
-    ])
-
-AM_CONDITIONAL(ENABLE_SERVER, [$ENABLE_SERVER])
-AM_CONDITIONAL([HAVE_MDB_STORE], [test x"$LWRAFTD_DATASTORE" = x"mdb"])
-
-# mdb component
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS -I../thirdparty/openldap/libraries/mdb"
-if test x"$LWRAFTD_DATASTORE" = x"mdb"
-then
-AC_CHECK_HEADERS(lmdb.h)
-fi
-CPPFLAGS="$saved_CPPFLAGS"
-
-# openssl component
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib64
-    ;;
-    darwin*:x86_64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
-    ;;
-    linux*:aarch64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$OPEN_SSL_DEFAULT_PATH"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-# zlib component
-
-AC_ARG_WITH([zlib],
-    [AC_HELP_STRING([--with-zlib=<dir>], [use zlib binaries rooted at prefix <dir> ])],
-    [
-        ZLIB_BASE_PATH="$withval"
-        ZLIB_INCLUDES="-I$withval/include"
-        ZLIB_LDFLAGS="-L$withval/lib -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([zlib-includes],
-    [AC_HELP_STRING([--with-zlib-includes=<dir>], [use ZLIB headers located in prefix <dir> ])],
-    [
-        ZLIB_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([zlib-libs],
-    [AC_HELP_STRING([--with-zlib-libs=<dir>], [use ZLIB libraries located in prefix <dir> ])],
-    [
-        ZLIB_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(ZLIB_BASE_PATH)
-AC_SUBST(ZLIB_INCLUDES)
-AC_SUBST(ZLIB_LDFLAGS)
-
-# bzip component
-
-AC_ARG_WITH([bzip],
-    [AC_HELP_STRING([--with-bzip=<dir>], [use BZIP binaries rooted at prefix <dir> ])],
-    [
-        BZIP_BASE_PATH="$withval"
-        BZIP_INCLUDES="-I$withval/include"
-        BZIP_LDFLAGS="-L$withval/lib -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([bzip-includes],
-    [AC_HELP_STRING([--with-bzip-includes=<dir>], [use BZIP headers located in prefix <dir> ])],
-    [
-        BZIP_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([bzip-libs],
-    [AC_HELP_STRING([--with-bzip-libs=<dir>], [use BZIP libraries located in prefix <dir> ])],
-    [
-        BZIP_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(BZIP_BASE_PATH)
-AC_SUBST(BZIP_INCLUDES)
-AC_SUBST(BZIP_LDFLAGS)
-
-# vmevent component
-
-AC_ARG_WITH([vmevent],
-    [AC_HELP_STRING([--with-vmevent=<dir>], [use event-server binaries rooted at prefix <dir> ])],
-    [
-        VMEVENT_INCLUDES="-I$withval/include"
-    ])
-
-AC_CHECK_HEADERS(vmevent.h)
-AC_SUBST(VMEVENT_INCLUDES)
-
-# Cyrus SASL
-
-AC_ARG_WITH([sasl],
-    [AC_HELP_STRING([--with-sasl=<dir>], [use SASL binaries rooted at prefix <dir> ])],
-    [
-        SASL_BASE_PATH="$withval"
-        SASL_INCLUDES="-I$withval/include"
-        SASL_LIBPATH="$withval/lib64"
-        SASL_LDFLAGS="-L$withval/lib64"
-        SASL_PLUGINSPATH="$withval/lib64/sasl2"
-    ])
-
-AC_ARG_WITH([sasl-includes],
-    [AC_HELP_STRING([--with-sasl-includes=<dir>], [use SASL headers located in prefix <dir> ])],
-    [
-        SASL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([sasl-libs],
-    [AC_HELP_STRING([--with-sasl-libs=<dir>], [use SASL libraries located in prefix <dir> ])],
-    [
-        SASL_LIBPATH="$withval/lib64"
-        SASL_LDFLAGS="-L$withval"
-    ])
-
-AC_ARG_WITH([sasl-plugins],
-    [AC_HELP_STRING([--with-sasl-plugins=<dir>], [assume SASL plugins at runtime are located in <dir> ])],
-    [
-        SASL_PLUGINSPATH="$withval"
-    ])
-
-AC_SUBST(SASL_BASE_PATH)
-AC_SUBST(SASL_INCLUDES)
-AC_SUBST(SASL_LDFLAGS)
-
-AC_DEFINE_UNQUOTED(LWRAFT_CONFIG_SASL2_LIB_PATH, "$SASL_PLUGINSPATH", [SASL2 Library path])
-
-# Trident
-
-AC_ARG_WITH([trident],
-    [AC_HELP_STRING([--with-trident=<dir>], [use trident-server binaries rooted at prefix <dir> ])],
-    [
-        TRIDENT_BASE_PATH="$withval"
-        TRIDENT_INCLUDES="-I$withval/include"
-        TRIDENT_LDFLAGS="-L$withval/lib64"
-    ])
-
-TRIDENT_LIBS="-lrestengine"
-AC_CHECK_HEADERS(vmrest.h)
-AC_SUBST(TRIDENT_BASE_PATH)
-AC_SUBST(TRIDENT_INCLUDES)
-AC_SUBST(TRIDENT_LDFLAGS)
-
-# Jansson
-
-AC_ARG_WITH([jansson],
-    [AC_HELP_STRING([--with-jansson=<dir>], [use jansson binaries rooted at prefix <dir> ])],
-    [
-        JANSSON_BASE_PATH="$withval"
-        JANSSON_INCLUDES="-I$withval/include"
-        JANSSON_LDFLAGS="-L$withval/lib"
-    ])
-
-JANSSON_LIBS="-ljansson"
-AC_CHECK_HEADERS(jansson.h)
-AC_SUBST(JANSSON_BASE_PATH)
-AC_SUBST(JANSSON_INCLUDES)
-AC_SUBST(JANSSON_LDFLAGS)
-
-# Copenapi
-
-AC_ARG_WITH([copenapi],
-    [AC_HELP_STRING([--with-copenapi=<dir>], [use copenapi binaries rooted at prefix <dir> ])],
-    [
-        COPENAPI_BASE_PATH="$withval"
-        COPENAPI_INCLUDES="-I$withval/include"
-        COPENAPI_LDFLAGS="-L$withval/lib"
-    ])
-
-COPENAPI_LIBS="-lcopenapi"
-AC_CHECK_HEADERS(copenapi/copenapi.h)
-AC_SUBST(COPENAPI_BASE_PATH)
-AC_SUBST(COPENAPI_INCLUDES)
-AC_SUBST(COPENAPI_LDFLAGS)
-
-# OIDC
-
-AC_ARG_WITH([ssocommon],
-    [AC_HELP_STRING([--with-ssocommon=<dir>], [use ssocommon binaries rooted at prefix <dir> ])],
-    [
-        SSOCOMMON_BASE_PATH="$withval"
-        SSOCOMMON_INCLUDES="-I$withval/include"
-        SSOCOMMON_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-SSOCOMMON_LIBS="-lssocommon"
-AC_SUBST(SSOCOMMON_BASE_PATH)
-AC_SUBST(SSOCOMMON_INCLUDES)
-AC_SUBST(SSOCOMMON_LDFLAGS)
-
-AC_ARG_WITH([oidc],
-    [AC_HELP_STRING([--with-oidc=<dir>], [use oidc binaries rooted at prefix <dir> ])],
-    [
-        OIDC_BASE_PATH="$withval"
-        OIDC_INCLUDES="-I$withval/include"
-        OIDC_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-OIDC_LIBS="-lssooidc"
-AC_CHECK_HEADERS(oidc.h)
-AC_CHECK_HEADERS(oidc_types.h)
-AC_CHECK_HEADERS(common_types.h)
-AC_SUBST(OIDC_BASE_PATH)
-AC_SUBST(OIDC_INCLUDES)
-AC_SUBST(OIDC_LDFLAGS)
-
-# Likewise components
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib64
-    ;;
-    darwin*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    linux*:aarch64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-LW_RPATH=$LIKEWISE_DEFAULT_PATH
-AC_ARG_WITH([likewise-rpath],
-    [AC_HELP_STRING([--with-likewise-rpath=<dir>], [use likewise libraries located at <dir> at runtime])],
-    [
-        LW_RPATH="$withval"
-    ])
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval/$PLATFORM_LIB_PREFIX"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$LW_BASE_PATH/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_ARG_WITH([dcerpc],
-    [AC_HELP_STRING([--with-dcerpc=<dir>], [use DCERPC binaries rooted at prefix <dir> ])],
-    [
-        DCERPC_PATH="$withval/bin"
-        DCERPC_INCLUDES="-I$withval/include"
-        DCERPC_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([dcerpc-includes],
-    [AC_HELP_STRING([--with-dcerpc-includes=<dir>], [use DCERPC headers located in prefix <dir> ])],
-    [
-        DCERPC_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([dcerpc-libs],
-    [AC_HELP_STRING([--with-dcerpc-libs=<dir>], [use DCERPC libraries located in prefix <dir> ])],
-    [
-        DCERPC_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h limits.h)
-AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h)
-AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
-AC_CHECK_HEADERS(termios.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([mdb],[mdb_strerror],[MDB_LIBS="-lmdb"],[],[])
-AC_CHECK_LIB([z],[inflate],[ZLIB_LIBS="-lz"],[],[$ZLIB_LDFLAGS])
-AC_CHECK_LIB([bz2],[BZ2_bzdopen],[BZIP_LIBS="-lbz2"],[],[$BZIP_LDFLAGS])
-AC_CHECK_LIB([uuid],[uuid_copy], [UUID_LIBS="-luuid"], [], [$LW_LDFLAGS -luuid])
-AC_CHECK_LIB(
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB([lber], [ber_scanf], [LBER_LIBS="-llber"], [], [$LW_LDFLAGS -llber])
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB([sasl2], [sasl_server_init], [SASL_LIBS="-lsasl2"], [], [$SASL_LDFLAGS])
-AC_CHECK_LIB([ldap_r], [ldap_initialize], [LDAP_LIBS="-lldap_r -llber"], [], [$LW_LDFLAGS -llber $SASL_LDFLAGS $SASL_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwadvapi],
-    [LwFreeMemory],
-    [LWADVAPI_LIBS="-llwadvapi -llwadvapi_nothr"],
-    [],
-    [$LW_LDFLAGS -llwadvapi_nothr $LWBASE_LIBS $LDAP_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $OPENSSL_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-
-AC_CHECK_LIB([shadow], [getspnam], [SHADOW_LIBS="-lshadow"])
-
-# Use -lxcrypt on SLES11, which contains advanced hash algorithms
-AC_CHECK_LIB([xcrypt], [crypt_r], [CRYPT_LIBS="-L/usr/lib64 -lxcrypt $DL_LIBS"], [CRYPT_LIBS="no"], [-L/usr/lib64 $DL_LIBS])
-if test x"$CRYPT_LIBS" = x"no"; then
-  AC_CHECK_LIB([crypt], [crypt_r], [CRYPT_LIBS="-lcrypt"],[CRYPT_LIBS=""])
-fi
-
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(MDB_LIBS)
-AC_SUBST(ZLIB_LIBS)
-AC_SUBST(BZIP_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(LWADVAPI_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(LBER_LIBS)
-AC_SUBST(SHADOW_LIBS)
-AC_SUBST(CRYPT_LIBS)
-AC_SUBST(SASL_LIBS)
-AC_SUBST(TRIDENT_LIBS)
-AC_SUBST(JANSSON_LIBS)
-AC_SUBST(COPENAPI_LIBS)
-AC_SUBST(SSOCOMMON_LIBS)
-AC_SUBST(OIDC_LIBS)
-
-AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-if test x"$localstatedir" = x"/var"; then
-    lwraftdbdir="$localstatedir/lib/vmware/lwraft"
-else
-    lwraftdbdir="$localstatedir"
-fi
-AC_SUBST(lwraftdbdir)
-AS_AC_EXPAND(LWRAFT_DB_DIR, $lwraftdbdir)
-AC_DEFINE_UNQUOTED(LWRAFT_DB_DIR, "$LWRAFT_DB_DIR", [Database directory])
-
-if test x"$IDL" = x"no"; then
-    AC_MSG_ERROR([DCERPC IDL compiler not found])
-fi
-
-AS_AC_EXPAND(LWRAFT_SBIN, ["${sbindir}"])
-LWRAFT_SBIN_DIR=$LWRAFT_SBIN
-AC_SUBST(LWRAFT_SBIN_DIR)
-
-lwraftlibdir=$prefix/lib64
-AC_SUBST(lwraftlibdir)
-AS_AC_EXPAND(LWRAFT_LIB_DIR, $lwraftlibdir)
-AC_DEFINE_UNQUOTED(LWRAFT_LIB_DIR, "$LWRAFT_LIB_DIR", [Lib directory])
-
-lwraftsasldir=$lwraftlibdir/sasl2
-AC_SUBST(lwraftsasldir)
-AS_AC_EXPAND(LWRAFT_LOG_DIR, $lwraftlogdir)
-AC_DEFINE_UNQUOTED(LWRAFT_LOG_DIR, "$LWRAFT_LOG_DIR", [Log directory])
-
-lwraftlogdir=/var/log/vmware/lwraft
-AC_SUBST(lwraftlogdir)
-
-lwraft_version=1.0
-AC_ARG_WITH([version],
-    [AC_HELP_STRING([--with-version], [set the version (default: 1.0)])],
-    [
-        lwraft_version="$withval"
-    ])
-AC_SUBST(lwraft_version)
-AS_AC_EXPAND(VDIR_PSC_VERSION, $lwraft_version)
-AC_DEFINE_UNQUOTED(VDIR_PSC_VERSION, "$VDIR_PSC_VERSION", [PSC version])
-
-
-lwraftconfdir="$datadir/config"
-AC_SUBST(lwraftconfdir)
-AS_AC_EXPAND(LWRAFT_CONFIG_DIR, $lwraftconfdir)
-AC_DEFINE_UNQUOTED(LWRAFT_CONFIG_DIR, "$LWRAFT_CONFIG_DIR", [Config directory])
-
-AS_AC_EXPAND(LWRAFT_PREFIX, ["${prefix}"])
-LWRAFT_PREFIX_DIR=$LWRAFT_PREFIX
-AC_SUBST(LWRAFT_PREFIX_DIR)
-
-AC_CONFIG_FILES([Makefile
-                 include/Makefile
-                 include/public/Makefile
-                 config/Makefile
-                 kdccommon/Makefile
-                 common/Makefile
-                 server/Makefile
-                 server/kdcsrvcommon/Makefile
-                 server/kdckrb5/Makefile
-                 server/kdctools/Makefile
-                 server/vmkdc_mit_tools/Makefile
-                 server/vmkdc/Makefile
-                 server/common/Makefile
-                 server/backend/Makefile
-                 server/mdb-store/Makefile
-                 server/indexcfg/Makefile
-                 server/middle-layer/Makefile
-                 server/schema/Makefile
-                 server/acl/Makefile
-                 server/ldap-head/Makefile
-                 server/replication/Makefile
-                 server/saslvmdirdb/Makefile
-                 server/vmdir/Makefile
-                 client/Makefile
-                 config/lwraft.reg
-                 testing/Makefile
-                 testing/query/Makefile
-                 testing/kerberos/Makefile
-                 tools/Makefile
-                 tools/lwraftpromo/Makefile
-                 tools/vdcadmintool/Makefile
-                 tools/vdcleavefed/Makefile
-                 tools/test/Makefile
-                 tools/test/circularbuffer/Makefile
-                 tools/test/dequetest/Makefile
-                 tools/test/parseargs/Makefile
-                 tools/test/registry/Makefile
-                 tools/test/string/Makefile
-                 tools/test/vmdirclienttest/Makefile
-                 thirdparty/Makefile
-                 thirdparty/openldap/Makefile
-                 thirdparty/openldap/libraries/Makefile
-                 thirdparty/openldap/libraries/mdb/Makefile
-                 thirdparty/heimdal/Makefile
-                 thirdparty/heimdal/asn1/Makefile
-                 thirdparty/heimdal/krb5-crypto/Makefile
-                 thirdparty/heimdal/ntlm/Makefile
-                 gssapi-plugins/Makefile
-                 gssapi-plugins/ntlm/Makefile
-                 gssapi-plugins/srp/Makefile
-                 gssapi-plugins/unix/Makefile
-                 thirdparty/csrp/Makefile
-                ])
-AC_OUTPUT
diff --git a/lwraft/docs/components/lwraft_paper.pdf b/lwraft/docs/components/lwraft_paper.pdf
new file mode 100644
index 000000000..bb57a84fe
Binary files /dev/null and b/lwraft/docs/components/lwraft_paper.pdf differ
diff --git a/lwraft/docs/components/mdb_paper.pdf b/lwraft/docs/components/mdb_paper.pdf
new file mode 100644
index 000000000..8717a1402
Binary files /dev/null and b/lwraft/docs/components/mdb_paper.pdf differ
diff --git a/lwraft/gssapi-plugins/Makefile.am b/lwraft/gssapi-plugins/Makefile.am
deleted file mode 100644
index 577f17964..000000000
--- a/lwraft/gssapi-plugins/Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
-SUBDIRS = \
-    ntlm \
-    srp
-
-if ENABLE_SERVER
-
-SUBDIRS += \
-     unix
-
-endif
diff --git a/lwraft/gssapi-plugins/ntlm/Makefile.am b/lwraft/gssapi-plugins/ntlm/Makefile.am
deleted file mode 100644
index 523bd7a60..000000000
--- a/lwraft/gssapi-plugins/ntlm/Makefile.am
+++ /dev/null
@@ -1,37 +0,0 @@
-lib_LTLIBRARIES = libgssapi_ntlm.la
-
-libgssapi_ntlm_la_CPPFLAGS = \
-   -D_MIT_KRB5_1_11 \
-   -D_MIT_KRB5_1_12 \
-   -I$(top_srcdir)/gssapi-plugins/ntlm \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-    @OPENSSL_INCLUDES@ \
-    @LW_INCLUDES@
-
-libgssapi_ntlm_la_SOURCES = \
-    gssapi_alloc.c \
-    ntlm_accept_sec_ctx.c \
-    ntlm_acquire_cred.c \
-    ntlm_release_cred.c \
-    ntlm_disp_name.c \
-    ntlm_encrypt.c \
-    ntlm_init_sec_ctx.c \
-    ntlm_del_sec_ctx.c \
-    ntlm_mech.c \
-    ntlm_wrap_iov.c \
-    ntlm_unwrap_iov.c \
-    ntlm_util.c
-
-libgssapi_ntlm_la_LIBADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    @DCERPC_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@ \
-    @OPENSSL_LDFLAGS@ \
-    @PTHREAD_LIBS@
-
-libgssapi_ntlm_la_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/gssapi-plugins/ntlm/gssapiP_ntlm.h b/lwraft/gssapi-plugins/ntlm/gssapiP_ntlm.h
deleted file mode 100644
index 30954d7c8..000000000
--- a/lwraft/gssapi-plugins/ntlm/gssapiP_ntlm.h
+++ /dev/null
@@ -1,600 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-/*
- *
- * Module: gssapiP_ntlm.h
- * Abstract:
- *     VMware GSSAPI NTLM Authentication Plugin
- *     GSSAPI NTLM private types declaration header file
- *
- * Author: Jonathan Brown (brownj@vmware.com)
- */
-
-
-#ifndef	_GSSAPIP_NTLM_H_
-#define	_GSSAPIP_NTLM_H_
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-#include <openssl/aes.h>
-#include <pthread.h>
-#include "ntlm_mglueP.h"
-#include "gssapi_ntlm.h"
-
-#define xmalloc(m) calloc(1, (m))
-#define	SEC_CONTEXT_TOKEN 1
-#define	NTLM_SIZE_OF_INT 4
-
-#define	ACCEPT_COMPLETE 0
-#define	ACCEPT_INCOMPLETE 1
-#define	REJECT 2
-#define REQUEST_MIC 3
-#define	ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL
-
-/*
- * constants for der encoding/decoding routines.
- */
-
-#define	MECH_OID		0x10
-#define	OCTET_STRING		0x04
-#define	CONTEXT			0xa0
-#define	SEQUENCE		0x30
-#define	SEQUENCE_OF		0x30
-#define	BIT_STRING		0x03
-#define	BIT_STRING_LENGTH	0x02
-#define	BIT_STRING_PADDING	0x01
-#define	ENUMERATED		0x0a
-#define	ENUMERATION_LENGTH	1
-#define	HEADER_ID		0x60
-#define GENERAL_STRING		0x1b
-
-/*
- * NTLM specific error codes (minor status codes)
- */
-#define	ERR_NTLM_NO_MECHS_AVAILABLE	0x20000001
-#define	ERR_NTLM_NO_CREDS_ACQUIRED	0x20000002
-#define	ERR_NTLM_NO_MECH_FROM_ACCEPTOR	0x20000003
-#define	ERR_NTLM_NEGOTIATION_FAILED	0x20000004
-#define	ERR_NTLM_NO_TOKEN_FROM_ACCEPTOR	0x20000005
-
-/*
- * send_token_flag is used to indicate in later steps what type
- * of token, if any should be sent or processed.
- * NO_TOKEN_SEND = no token should be sent
- * INIT_TOKEN_SEND = initial token will be sent
- * CONT_TOKEN_SEND = continuing tokens to be sent
- * CHECK_MIC = no token to be sent, but have a MIC to check.
- * ERROR_TOKEN_SEND = error token from peer needs to be sent.
- */
-
-#define NTLM_AUTH_STATE_VALUE(e) ((int)(e & 0x7f))
-typedef	enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
-		CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
-
-/* NTLM message tags. This range provides 62 usable values */
-typedef enum {
-    NTLM_AUTH_INIT = 0x61, 
-    NTLM_AUTH_SALT_RESP,
-    NTLM_AUTH_CLIENT_VALIDATE,
-    NTLM_AUTH_SERVER_VALIDATE,
-    NTLM_AUTH_COMPLETE,
-    NTLM_AUTH_FAILED,
-} ntlm_auth_state;
-
-/*
- * The Mech OID:
- * The OID of the standard NTLM mechanism is:
- *      ntlm(10) = 1.3.6.1.4.1.311.2.2.10
- */
-
-#define	NTLM_OID_LENGTH 10
-#define	NTLM_OID "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-
-/* 1.3.6.1.4.1.27433.3.1 */
-#define GSS_CRED_OPT_PW     "\x2b\x06\x01\x04\x01\x81\xd6\x29\x03\x01"
-#define GSS_CRED_OPT_PW_LEN 10
-
-typedef void *ntlm_token_t;
-
-/* ntlm name structure for internal representation. */
-typedef struct {
-	gss_OID type;
-	gss_buffer_t buffer;
-	gss_OID	mech_type;
-	gss_name_t	mech_name;
-} ntlm_name_desc, *ntlm_name_t;
-
-typedef struct _ntlm_gss_cred_id_rec {
-    /* protect against simultaneous accesses */
-    pthread_mutex_t lock;
-
-    /* OID of this mechanism: NTLM */
-    gss_OID ntlm_mech_oid;
-
-    /*
-     * This is really a UPN (name@DOMAIN.COM); Leverage k5 
-     * import/export name to get a UPN string. "I" value where the 
-     * NTLM salt/validator parameters are stored in vmdir.
-     */
-    gss_name_t name; 
-
-    /* Set with gssspi_set_cred_option(..., gss_cred_opt_password_oid_desc, ...) */
-    gss_buffer_t password;
-
-#if 1
-/* More stuff as needed here */
-#endif
-} ntlm_gss_cred_id_rec, *ntlm_gss_cred_id_t;
-
-/* Structure for context handle */
-typedef struct {
-	OM_uint32	  magic_num;
-	OM_uint32	  state;         /* state of authentication */
-	ntlm_gss_cred_id_t cred;          /* alias cred from acquire_cred */
-	int               mic_reqd;
-	int               mic_sent;
-	int               mic_rcvd;
-	int               firstpass;
-	OM_uint32         ctx_flags;
-	gss_name_t        internal_name; /* alias cred->name */
-	gss_OID           mech;          /* NTLM mech OID */
-        struct SRPUser    *ntlm_usr;      /* Client NTLM context handle */
-        struct SRPVerifier *ntlm_ver;     /* Server NTLM context handle */
-        krb5_context      krb5_ctx;
-        krb5_keyblock     *keyblock;
-        AES_KEY           aes_encrypt_key;
-        AES_KEY           aes_decrypt_key;
-        unsigned char     aes_encrypt_iv[AES_BLOCK_SIZE];
-        unsigned char     aes_decrypt_iv[AES_BLOCK_SIZE];
-        char              *upn_name;     /* Kerberos UPN Name */
-        gss_name_t        gss_upn_name;  /* GSS UPN Name */
-        unsigned char     *ntlm_session_key;
-        int               ntlm_session_key_len;
-} ntlm_gss_ctx_id_rec, *ntlm_gss_ctx_id_t;
-
-/*
- * The magic number must be less than a standard pagesize
- * to avoid a possible collision with a real address.
- * 0xa76 = 1010 0101 0110 (binary)
- */
-#define	NTLM_MAGIC_ID  0x00000a76
-
-#ifdef DEBUG
-#define	dsyslog(a)
-#else
-#define	dsyslog(a)
-#define	NTLM_STATIC
-#endif	/* DEBUG */
-
-/*
- * declarations of internal name mechanism functions
- */
-
-OM_uint32 ntlm_gss_acquire_cred
-(
-	OM_uint32 *,		/* minor_status */
-	gss_name_t,		/* desired_name */
-	OM_uint32,		/* time_req */
-	gss_OID_set,		/* desired_mechs */
-	gss_cred_usage_t,	/* cred_usage */
-	gss_cred_id_t *,	/* output_cred_handle */
-	gss_OID_set *,		/* actual_mechs */
-	OM_uint32 *		/* time_rec */
-);
-
-OM_uint32 ntlm_gss_release_cred
-(
-	OM_uint32 *,		/* minor_status */
-	/* CSTYLED */
-	gss_cred_id_t	*	/* cred_handle */
-);
-
-OM_uint32 ntlm_gss_init_sec_context
-(
-	OM_uint32 *,		/* minor_status */
-	gss_cred_id_t,		/* claimant_cred_handle */
-	gss_ctx_id_t *,		/* context_handle */
-	gss_name_t,		/* target_name */
-	gss_OID,		/* mech_type */
-	OM_uint32,		/* req_flags */
-	OM_uint32,		/* time_req */
-	gss_channel_bindings_t, /* input_chan_bindings */
-	gss_buffer_t,		/* input_token */
-	gss_OID *,		/* actual_mech_type */
-	gss_buffer_t,		/* output_token */
-	OM_uint32 *,		/* ret_flags */
-	OM_uint32 *		/* time_rec */
-);
-
-#ifndef LEAN_CLIENT
-OM_uint32 ntlm_gss_accept_sec_context
-(
-	OM_uint32 *,		/* minor_status */
-	gss_ctx_id_t *,		/* context_handle */
-	gss_cred_id_t,		/* verifier_cred_handle */
-	gss_buffer_t,		/* input_token_buffer */
-	gss_channel_bindings_t, /* input_chan_bindings */
-	gss_name_t *,		/* src_name */
-	gss_OID *,		/* mech_type */
-	gss_buffer_t,		/* output_token */
-	OM_uint32 *,		/* ret_flags */
-	OM_uint32 *,		/* time_rec */
-	/* CSTYLED */
-	gss_cred_id_t *		/* delegated_cred_handle */
-);
-#endif /* LEAN_CLIENT */
-
-OM_uint32 ntlm_gss_compare_name
-(
-	OM_uint32 *,		/* minor_status */
-	const gss_name_t,	/* name1 */
-	const gss_name_t,	/* name2 */
-	int *			/* name_equal */
-);
-
-OM_uint32 ntlm_gss_display_name
-(
-	OM_uint32 *,		/* minor_status */
-	gss_name_t,		/*  input_name */
-	gss_buffer_t,		/*  output_name_buffer */
-	gss_OID *		/* output_name_type */
-);
-
-OM_uint32 ntlm_gss_display_status
-(
-	OM_uint32 *,		/* minor_status */
-	OM_uint32,		/* status_value */
-	int,			/* status_type */
-	gss_OID,		/* mech_type */
-	OM_uint32 *,		/* message_context */
-	gss_buffer_t		/* status_string */
-);
-
-OM_uint32 ntlm_gss_import_name
-(
-	OM_uint32 *,		/* minor_status */
-	gss_buffer_t,		/* input_name_buffer */
-	gss_OID,		/* input_name_type */
-	/* CSTYLED */
-	gss_name_t *		/* output_name */
-);
-
-OM_uint32 ntlm_gss_release_name
-(
-	OM_uint32 *,		/* minor_status */
-	/* CSTYLED */
-	gss_name_t *		/* input_name */
-);
-
-OM_uint32 ntlm_gss_inquire_cred
-(
-	OM_uint32 *,		/* minor_status */
-	gss_cred_id_t,		/* cred_handle */
-	gss_name_t *,		/* name */
-	OM_uint32 *,		/* lifetime */
-	int *,			/* cred_usage */
-	gss_OID_set *		/* mechanisms */
-);
-
-OM_uint32 ntlm_gss_inquire_names_for_mech
-(
-	OM_uint32 *,		/* minor_status */
-	gss_OID,		/* mechanism */
-	gss_OID_set *		/* name_types */
-);
-
-OM_uint32 ntlm_gss_unwrap
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer,
-	gss_buffer_t output_message_buffer,
-	int *conf_state,
-	gss_qop_t *qop_state
-);
-
-OM_uint32 ntlm_gss_wrap
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	gss_buffer_t input_message_buffer,
-	int *conf_state,
-	gss_buffer_t output_message_buffer
-);
-
-OM_uint32 ntlm_gss_process_context_token
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-);
-
-OM_uint32 ntlm_gss_delete_sec_context
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t *context_handle,
-	gss_buffer_t output_token
-);
-
-OM_uint32 ntlm_gss_context_time
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	OM_uint32	*time_rec
-);
-#ifndef LEAN_CLIENT
-OM_uint32 ntlm_gss_export_sec_context
-(
-	OM_uint32	*minor_status,
-	gss_ctx_id_t	*context_handle,
-	gss_buffer_t	interprocess_token
-);
-
-OM_uint32 ntlm_gss_import_sec_context
-(
-	OM_uint32		*minor_status,
-	const gss_buffer_t	interprocess_token,
-	gss_ctx_id_t		*context_handle
-);
-#endif /* LEAN_CLIENT */
-
-OM_uint32 ntlm_gss_inquire_context
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_name_t	*src_name,
-	gss_name_t	*targ_name,
-	OM_uint32	*lifetime_rec,
-	gss_OID		*mech_type,
-	OM_uint32	*ctx_flags,
-	int		*locally_initiated,
-	int		*opened
-);
-
-OM_uint32 ntlm_gss_wrap_size_limit
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	int		conf_req_flag,
-	gss_qop_t	qop_req,
-	OM_uint32	req_output_size,
-	OM_uint32	*max_input_size
-);
-
-OM_uint32 ntlm_gss_get_mic
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_qop_t qop_req,
-	const gss_buffer_t message_buffer,
-	gss_buffer_t message_token
-);
-
-OM_uint32 ntlm_gss_verify_mic
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t msg_buffer,
-	const gss_buffer_t token_buffer,
-	gss_qop_t *qop_state
-);
-
-OM_uint32
-ntlm_gss_inquire_sec_context_by_oid
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_OID desired_object,
-	gss_buffer_set_t *data_set
-);
-
-OM_uint32
-ntlm_gss_inquire_cred_by_oid
-(
-	OM_uint32 *minor_status,
-	const gss_cred_id_t cred_handle,
-	const gss_OID desired_object,
-	gss_buffer_set_t *data_set
-);
-
-OM_uint32
-ntlm_gss_set_sec_context_option
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t *context_handle,
-	const gss_OID desired_object,
-	const gss_buffer_t value
-);
-
-OM_uint32
-ntlm_gssspi_set_cred_option
-(
-	OM_uint32 *minor_status,
-        gss_cred_id_t cred_handle,
-        const gss_OID desired_object,
-        const gss_buffer_t value
-);
-
-#ifdef _GSS_STATIC_LINK
-int gss_ntlmint_lib_init(void);
-void gss_ntlmint_lib_fini(void);
-#else
-GSS_MECH_PLUGIN_CONFIG gss_mech_initialize(void);
-#endif /* _GSS_STATIC_LINK */
-
-OM_uint32 ntlm_gss_wrap_aead
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	gss_buffer_t input_assoc_buffer,
-	gss_buffer_t input_payload_buffer,
-	int *conf_state,
-	gss_buffer_t output_message_buffer
-);
-
-OM_uint32 ntlm_gss_unwrap_aead
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer,
-	gss_buffer_t input_assoc_buffer,
-	gss_buffer_t output_payload_buffer,
-	int *conf_state,
-	gss_qop_t *qop_state
-);
-
-OM_uint32 ntlm_gss_wrap_iov
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	int *conf_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32 ntlm_gss_unwrap_iov
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int *conf_state,
-	gss_qop_t *qop_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32 ntlm_gss_wrap_iov_length
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	int *conf_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32
-ntlm_gss_complete_auth_token
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer
-);
-
-OM_uint32
-ntlm_gss_acquire_cred_impersonate_name(
-    OM_uint32 *,	    /* minor_status */
-    const gss_cred_id_t,    /* impersonator_cred_handle */
-    const gss_name_t,	    /* desired_name */
-    OM_uint32,		    /* time_req */
-    const gss_OID_set,	    /* desired_mechs */
-    gss_cred_usage_t,	    /* cred_usage */
-    gss_cred_id_t *,	    /* output_cred_handle */
-    gss_OID_set *,	    /* actual_mechs */
-    OM_uint32 *);	    /* time_rec */
-
-OM_uint32
-ntlm_gss_display_name_ext
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_OID display_as_name_type,
-	gss_buffer_t display_name
-);
-
-OM_uint32
-ntlm_gss_inquire_name
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int *name_is_MN,
-	gss_OID *MN_mech,
-	gss_buffer_set_t *attrs
-);
-
-OM_uint32
-ntlm_gss_get_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t attr,
-	int *authenticated,
-	int *complete,
-	gss_buffer_t value,
-	gss_buffer_t display_value,
-	int *more
-);
-
-OM_uint32
-ntlm_gss_set_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int complete,
-	gss_buffer_t attr,
-	gss_buffer_t value
-);
-
-OM_uint32
-ntlm_gss_delete_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t attr
-);
-
-OM_uint32
-ntlm_gss_export_name_composite
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t exp_composite_name
-);
-
-OM_uint32
-ntlm_gss_map_name_to_any
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int authenticated,
-	gss_buffer_t type_id,
-	gss_any_t *output
-);
-
-OM_uint32
-ntlm_gss_release_any_name_mapping
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t type_id,
-	gss_any_t *input
-);
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif /* _GSSAPIP_NTLM_H_ */
diff --git a/lwraft/gssapi-plugins/ntlm/gssapi_alloc.c b/lwraft/gssapi-plugins/ntlm/gssapi_alloc.c
deleted file mode 100644
index 0810e4d99..000000000
--- a/lwraft/gssapi-plugins/ntlm/gssapi_alloc.c
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef _WIN32
-#include <stdlib.h>
-#endif
-
-/* _GSSAPI_ALLOC_C: Includes C sources for this module */
-#define _GSSAPI_ALLOC_C
-#include "gssapi_alloc.h"
diff --git a/lwraft/gssapi-plugins/ntlm/gssapi_alloc.h b/lwraft/gssapi-plugins/ntlm/gssapi_alloc.h
deleted file mode 100644
index dde021fc8..000000000
--- a/lwraft/gssapi-plugins/ntlm/gssapi_alloc.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* To the extent possible under law, Painless Security, LLC has waived
- * all copyright and related or neighboring rights to GSS-API Memory
- * Management Header. This work is published from: United States.
- */
-
-#ifndef GSSAPI_ALLOC_H
-#define GSSAPI_ALLOC_H
-
-#ifdef _WIN32
-#include <Windows.h>
-#endif
-
-#include <string.h>
-#include <stdio.h>
-
-
-#ifdef _USE_STATIC_INLINE
-#define STATIC_INLINE_DEF static inline
-#else
-#define STATIC_INLINE_DEF
-#endif
-
-/* Prototypes */
-
-STATIC_INLINE_DEF void gssalloc_free(void *value);
-STATIC_INLINE_DEF void *gssalloc_malloc(size_t size);
-STATIC_INLINE_DEF void *gssalloc_calloc(size_t count, size_t size);
-STATIC_INLINE_DEF void *gssalloc_realloc(void *value, size_t size);
-STATIC_INLINE_DEF char *gssalloc_strdup(const char *str);
-
-#ifdef _GSSAPI_ALLOC_C
-#if defined(_WIN32)
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    if (value)
-        HeapFree(GetProcessHeap(), 0, value);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    void *value = HeapAlloc(GetProcessHeap(), 0, size);
-    
-    return value;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    void *value = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * size);
-
-    return value;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    void *rvalue = HeapReAlloc(GetProcessHeap(), 0, value, size);
-
-    return rvalue;
-}
-
-#elif defined(DEBUG_GSSALLOC)
-
-/* Be deliberately incompatible with malloc and free, to allow us to detect
- * mismatched malloc/gssalloc usage on Unix. */
-
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    char *p = (char *)value - 8;
-
-    if (value == NULL)
-        return;
-    if (memcmp(p, "gssalloc", 8) != 0)
-        abort();
-    free(p);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    char *p = calloc(size + 8, 1);
-
-    memcpy(p, "gssalloc", 8);
-    return p + 8;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    return gssalloc_malloc(count * size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    char *p = (char *)value - 8;
-
-    if (value == NULL)
-        return gssalloc_malloc(size);
-    if (memcmp(p, "gssalloc", 8) != 0)
-        abort();
-    return (char *)realloc(p, size) + 8;
-}
-
-#else /* not _WIN32 or DEBUG_GSSALLOC */
-
-/* Normal Unix case, just use free/malloc/calloc/realloc. */
-
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    free(value);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    return malloc(size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    return calloc(count, size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    return realloc(value, size);
-}
-
-#endif /* not _WIN32 or DEBUG_GSSALLOC */
-
-STATIC_INLINE_DEF char *
-gssalloc_strdup(const char *str)
-{
-    size_t size = strlen(str)+1;
-    char *copy = gssalloc_malloc(size);
-    if (copy) {
-        memcpy(copy, str, size);
-        copy[size-1] = '\0';
-    }
-    return copy;
-}
-#endif /* _GSSAPI_ALLOC_C */
-#endif
diff --git a/lwraft/gssapi-plugins/ntlm/gssapi_ntlm.h b/lwraft/gssapi-plugins/ntlm/gssapi_ntlm.h
deleted file mode 100644
index 2021e6fae..000000000
--- a/lwraft/gssapi-plugins/ntlm/gssapi_ntlm.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/* This is the gssapi_ntlm.h prologue. */
-
-#include <stdint.h>
-/* End of gssapi_krb5.h prologue. */
-/* -*- mode: c; indent-tabs-mode: nil -*- */
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-/*
- *
- * Module: gssapi_ntlm.h
- * Abstract:
- *     VMware GSSAPI NTLM Authentication Plugin
- *     GSSAPI NTLM public header file
- *
- * Author: Jonathan Brown (brownj@vmware.com)
- */
-
-
-#ifndef _GSSAPI_NTLM_H_
-#define _GSSAPI_NTLM_H_
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-#include <krb5.h>
-
-/* C++ friendlyness */
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
-
-/* 2.1.1. Kerberos Principal Name Form: */
-GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-
-/* 2.1.2. Host-Based Service Name Form */
-#define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The previously recommended symbolic
- * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME".  The
- * currently preferred symbolic name for this type is
- * "GSS_C_NT_HOSTBASED_SERVICE". */
-
-/* 2.2.1. User Name Form */
-#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1)}.  The recommended symbolic name for this
- * type is "GSS_KRB5_NT_USER_NAME". */
-
-/* 2.2.2. Machine UID Form */
-#define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */
-
-/* 2.2.3. String UID Form */
-#define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME". */
-
-/* NTLM Mechs */
-extern const gss_OID_desc * const gss_mech_ntlm_oid;
-extern const gss_OID_desc * const gss_nt_ntlm_name_oid;
-extern const gss_OID_desc * const gss_ntlm_password_oid;
-
-/* NTLM Mech sets */
-extern const gss_OID_set_desc * const gss_mech_set_ntlm;
-
-
-#if 1 /* debug; remove me */
-void ntlm_print_hex(const unsigned char *buf, int buf_len, const char *msg);
-#endif
-
-#define GSS_NTLM_MECH_OID               (gss_mech_ntlm_oid->elements)
-#define GSS_NTLM_MECH_OID_LEN           (gss_mech_ntlm_oid->length)
-
-#define GSS_NTLM_NT_GENERAL_NAME        gss_nt_ntlm_name_oid
-#define GSS_NTLM_NT_GENERAL_NAME_LEN    10
-
-#define GSS_NTLM_PASSWORD_OID           (gss_ntlm_password_oid->elements)
-#define GSS_NTLM_PASSWORD_LEN           (gss_ntlm_password_oid->length)
-
-#if 0
-#define gss_ntlm_nt_principal           gss_nt_ntlm_principal
-#define gss_ntlm_nt_service_name        gss_nt_service_name
-#define gss_ntlm_nt_user_name           gss_nt_user_name
-#define gss_ntlm_nt_machine_uid_name    gss_nt_machine_uid_name
-#define gss_ntlm_nt_string_uid_name     gss_nt_string_uid_name
-#endif
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* _GSSAPI_NTLM_H_ */
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_accept_sec_ctx.c b/lwraft/gssapi-plugins/ntlm/ntlm_accept_sec_ctx.c
deleted file mode 100644
index a459371e9..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_accept_sec_ctx.c
+++ /dev/null
@@ -1,952 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <krb5.h>
-#include "gssapiP_ntlm.h"
-#include "gssapi_ntlm.h"
-#include "gssapi_alloc.h"
-#include "ntlm_util.h"
-#include <lber.h>
-
-#include <config.h>
-
-#ifdef _WIN32
-
-#include <Winsock2.h>
-#ifndef snprintf
-#define snprintf _snprintf
-
-#endif
-#else
-
-#include <arpa/inet.h>
-
-#endif
-
-/*
- * Win32/Likewise data types defined here, vs pulling in
- * Likewise headers, which pulls in undesired library dependencies.
- */
-#include <errno.h>
-#ifndef DWORD
-#define DWORD unsigned int
-#endif
-#ifndef PBYTE
-#define PBYTE unsigned char *
-#endif
-#ifndef PSTR
-#define PSTR char *
-#endif
-#ifndef PCSTR
-#define PCSTR const char *
-#endif
-
-extern
-DWORD
-VmDirGetSRPSecret(
-    PCSTR       pszUPN,
-    PBYTE*      ppSecretBlob,
-    DWORD*      pSize
-    );
-
-
-#include <sasl/sasl.h>
-#include <sasl/saslutil.h>
-#include <csrp/srp.h>
-#include "ntlm_encrypt.h"
-
-static
-OM_uint32
-ntlm_gss_validate_oid_header(
-    OM_uint32 *minor_status,
-    gss_buffer_t in_tok,
-    int *object_len)
-{
-    unsigned char *ptr = NULL;
-    OM_uint32 maj = 0;
-    int len = 0;
-    int oid_len = 0;
-    int enc_token_len = 0;
-    int token_len = 0;
-
-    *minor_status = 0;
-    if (!in_tok || in_tok->length == 0 || !in_tok->value)
-    {
-        maj = GSS_S_NO_CONTEXT;
-        goto error;
-    }
-
-    /*
-     * tag for APPLICATION 0, Sequence[constructed, definite length]
-     * length of remainder of token
-     * tag of OBJECT IDENTIFIER
-     * length of mechanism OID
-     * encoding of mechanism OID
-     * <the rest of the token>
-     *
-     * Numerically, this looks like :
-     *
-     * 0x60
-     * <length> - could be multiple bytes
-     * 0x06
-     * <length> - assume only one byte, hence OID length < 127
-     * <mech OID bytes>
-     *
-     */
-    ptr = in_tok->value;
-    len = (int) in_tok->length;
-    if (*ptr != 0x60)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    len--, ptr++;
-
-    enc_token_len = (int) *ptr;
-    token_len = 0;
-    len--, ptr++;
-
-    if (*ptr != 0x06)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    len--, ptr++;
-    token_len++;
-
-    if (len == 0)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    oid_len = *ptr;
-    len--, ptr++;
-    token_len++;
-
-    if (len < oid_len || len < (int) GSS_NTLM_MECH_OID_LEN)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-
-    if (memcmp(ptr, NTLM_OID, GSS_NTLM_MECH_OID_LEN) != 0)
-    {
-        maj = GSS_S_BAD_MECH;
-        goto error;
-    }
-    token_len += GSS_NTLM_MECH_OID_LEN;
-
-    if (token_len != enc_token_len)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-
-    len -= oid_len, ptr += oid_len;
-
-    *object_len = (int) (ptr - (unsigned char *) in_tok->value);
-error:
-    return maj;
-}
-
-static
-OM_uint32
-_ntlm_gss_auth_init(
-    OM_uint32 *minor_status,
-    ntlm_gss_ctx_id_t ntlm_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    ber_tag_t ber_state = 0;
-    struct berval ber_ctx = {0};
-    struct berval *ber_upn = NULL;
-    struct berval *ber_bytes_A = NULL;
-    struct berval ber_salt = {0};
-    struct berval ber_mda = {0};
-    struct berval ber_B = {0};
-    struct berval *flatten = NULL;
-    BerElement *ber = NULL;
-    BerElement *ber_resp = NULL;
-    int berror = 0;
-    int sts = 0;
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    OM_uint32 min_tmp = 0;
-    gss_buffer_desc tmp_in_tok = {0};
-    gss_buffer_desc disp_name_buf = {0};
-    gss_buffer_t disp_name = NULL;
-    gss_OID disp_name_OID = NULL;
-    char *ntlm_upn_name = NULL;
-    char *ntlm_secret = NULL;
-    unsigned int ntlm_secret_len = 0;
-    unsigned int ntlm_secret_len_max = 0;
-    unsigned char *ntlm_secret_str = NULL;
-    unsigned int ntlm_secret_str_len = 0;
-    uint32_t ntlm_decode_buf_len = 0;
-    uint16_t ntlm_decode_mda_len = 0;
-    uint16_t ntlm_decode_v_len = 0;
-    uint8_t ntlm_decode_salt_len = 0;
-    char *ntlm_decode_ptr = NULL;
-    char *ntlm_mda = NULL;
-    char *ntlm_v = NULL;
-    char *ntlm_salt = NULL;
-    SRP_HashAlgorithm hash_alg = SRP_SHA1;
-    SRP_NGType ng_type = SRP_NG_2048;
-    struct SRPVerifier *ver = NULL;
-    const unsigned char *ntlm_bytes_B = NULL;
-    int ntlm_bytes_B_len = 0;
-    const unsigned char *ntlm_session_key = NULL;
-    int ntlm_session_key_len = 0;
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_debug_printf("_ntlm_gss_auth_init(): state=NTLM_AUTH_INIT\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{OO}", &ber_state, &ber_upn, &ber_bytes_A);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-ntlm_print_hex(ber_bytes_A->bv_val, (int) ber_bytes_A->bv_len, "_ntlm_gss_auth_init(accept_sec_context): bytes_A");
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    tmp_in_tok.value = ber_upn->bv_val;
-    tmp_in_tok.length = ber_upn->bv_len;
-    maj = gss_import_name(&min,
-                          &tmp_in_tok,
-                          NULL,
-                          &ntlm_context_handle->gss_upn_name);
-    if (maj)
-    {
-        goto error;
-    }
-
-    maj = gss_display_name(&min,
-                           ntlm_context_handle->gss_upn_name,
-                           &disp_name_buf,
-                           &disp_name_OID);
-    if (maj)
-    {
-        goto error;
-    }
-    disp_name = &disp_name_buf;
-    ntlm_debug_printf("ntlm_gss_accept_sec_context: UPN name=%.*s\n",
-                     (int) disp_name_buf.length, (char *) disp_name_buf.value);
-
-    ntlm_upn_name = calloc(disp_name_buf.length + 1, sizeof(char));
-    if (!ntlm_upn_name)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    snprintf(ntlm_upn_name,
-             disp_name_buf.length+1,
-             "%.*s",
-             (int) disp_name_buf.length,
-             (char *) disp_name_buf.value);
-
-    /* Used in generating Kerberos keyblock salt value */
-    ntlm_context_handle->upn_name = ntlm_upn_name;
-    ntlm_upn_name = NULL;
-
-    // TODO: place holder to get NTLM secret from Lotus
-    maj = GSS_S_UNAVAILABLE;
-    if (maj)
-    {
-        goto error;
-    }
-
-    ntlm_debug_printf("base64 encoded secret: <%.*s>\n",
-                     ntlm_secret_str_len, ntlm_secret_str);
-    ntlm_secret = calloc(ntlm_secret_str_len, sizeof(char));
-    ntlm_secret_len_max = ntlm_secret_str_len;
-    sts = sasl_decode64(ntlm_secret_str,
-                        ntlm_secret_str_len,
-                        ntlm_secret,
-                        ntlm_secret_len_max,
-                        &ntlm_secret_len);
-    if (sts == SASL_OK)
-    {
-        /*
-         * Encoding of data blob (from common/ntlm.c):
-         * calculate buffer size
-         * mda: Message Digest Algorithm
-         * v: NTLM private "hash" value
-         * salt: random salt generated at "hash" creation time
-         *
-         * 0. 4 byte length
-         * 1. utf8(mda) : 2 bytes + string
-         * 2. mpi(v)    : 2 bytes + verifier
-         * 3. os(salt)  : 1 bytes + salt
-         */
-        ntlm_decode_ptr = ntlm_secret;
-        memcpy(&ntlm_decode_buf_len, ntlm_decode_ptr, sizeof(uint32_t));
-        ntlm_decode_ptr += sizeof(uint32_t);
-        ntlm_decode_buf_len = ntohl(ntlm_decode_buf_len);
-
-        memcpy(&ntlm_decode_mda_len, ntlm_decode_ptr, sizeof(uint16_t));
-        ntlm_decode_ptr += sizeof(uint16_t);
-        ntlm_decode_mda_len = ntohs(ntlm_decode_mda_len);
-        ntlm_mda = ntlm_decode_ptr;
-        ntlm_decode_ptr += ntlm_decode_mda_len;
-
-        memcpy(&ntlm_decode_v_len, ntlm_decode_ptr, sizeof(uint16_t));
-        ntlm_decode_ptr += sizeof(uint16_t);
-        ntlm_decode_v_len = ntohs(ntlm_decode_v_len);
-        ntlm_v = ntlm_decode_ptr;
-        ntlm_decode_ptr += ntlm_decode_v_len;
-
-        memcpy(&ntlm_decode_salt_len, ntlm_decode_ptr, sizeof(uint8_t));
-        ntlm_decode_ptr += sizeof(uint8_t);
-        ntlm_salt = ntlm_decode_ptr;
-
-
-        // What is the length? Is this binary/string data?
-        ntlm_debug_printf("decoded buffer len=%d\n", (int) ntlm_secret_len);
-        ntlm_debug_printf("ntlm_decode_buf_len=%d\n", (int) ntlm_decode_buf_len);
-        ntlm_debug_printf("ntlm_decode_mda_len=%d\n", (int) ntlm_decode_mda_len);
-        ntlm_debug_printf("ntlm_decode_v_len=%d\n", (int) ntlm_decode_v_len);
-        ntlm_debug_printf("ntlm_decode_salt_len=%d\n", (int) ntlm_decode_salt_len);
-    }
-
-    /*
-     * Create response token. This contains (s, B) for I
-     */
-    ver = srp_verifier_new(hash_alg,
-                           ng_type,
-                           ntlm_context_handle->upn_name,
-                           ntlm_salt, (int) ntlm_decode_salt_len,
-                           ntlm_v, (int) ntlm_decode_v_len,
-                           ber_bytes_A->bv_val, (int) ber_bytes_A->bv_len,
-                           &ntlm_bytes_B, &ntlm_bytes_B_len,
-                           NULL, NULL /* n_hex, g_hex */ );
-    if (!ntlm_bytes_B)
-    {
-        ntlm_debug_printf("srp_verifier_new: failed!\n");
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_print_hex(ntlm_salt, ntlm_decode_salt_len,
-                  "_ntlm_gss_auth_init(accept_sec_context): ntlm_salt value");
-    ntlm_print_hex(ntlm_v, ntlm_decode_v_len,
-                  "_ntlm_gss_auth_init(accept_sec_context): ntlm_v value");
-    ntlm_print_hex(ntlm_bytes_B, ntlm_bytes_B_len,
-                  "_ntlm_gss_auth_init(accept_sec_context): ntlm_B value");
-    ber_mda.bv_val = ntlm_mda;
-    ber_mda.bv_len = ntlm_decode_mda_len;
-
-    ber_salt.bv_val = ntlm_salt;
-    ber_salt.bv_len = ntlm_decode_salt_len;
-    /*
-     * TBD: B is computed: (kv + g**b) % N
-     * char *ntlm_v = NULL;
-     */
-    ber_B.bv_val = (void *) ntlm_bytes_B;
-    ber_B.bv_len = ntlm_bytes_B_len;
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-
-    /*
-     * Response format:
-     * tag | MDA | salt | B
-     */
-    berror = ber_printf(ber_resp, "t{OOO}",
-                 NTLM_AUTH_SALT_RESP,
-                 &ber_mda,
-                 &ber_salt,
-                 &ber_B);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-    ntlm_context_handle->ntlm_ver = ver;
-
-    ntlm_session_key = srp_verifier_get_session_key(ver, &ntlm_session_key_len);
-    if (ntlm_session_key && ntlm_session_key_len > 0)
-    {
-        ntlm_context_handle->ntlm_session_key =
-            calloc(ntlm_session_key_len, sizeof(unsigned char));
-        if (!ntlm_context_handle->ntlm_session_key)
-        {
-            maj = GSS_S_FAILURE;
-            min = ENOMEM;
-            goto error;
-        }
-        memcpy(ntlm_context_handle->ntlm_session_key,
-               ntlm_session_key,
-               ntlm_session_key_len);
-        ntlm_context_handle->ntlm_session_key_len = ntlm_session_key_len;
-
-#if  1 /* TBD: adam  Debug */
-        ntlm_print_hex(ntlm_session_key, ntlm_session_key_len,
-                      "_ntlm_gss_auth_init(accept_sec_ctx) got session key");
-#endif
-    }
-
-    maj = GSS_S_CONTINUE_NEEDED;
-
-error:
-    if (ber_upn)
-    {
-        ber_bvfree(ber_upn);
-    }
-    if (ber_bytes_A)
-    {
-        ber_bvfree(ber_bytes_A);
-    }
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-
-    if (disp_name)
-    {
-        gss_release_buffer(&min_tmp, disp_name);
-    }
-    if (ntlm_secret)
-    {
-        free(ntlm_secret);
-    }
-    if (ntlm_secret_str)
-    {
-        free(ntlm_secret_str);
-    }
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    return maj;
-}
-
-static
-OM_uint32
-_ntlm_gss_validate_client(
-    OM_uint32 *minor_status,
-    ntlm_gss_ctx_id_t ntlm_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int berror = 0;
-    ber_tag_t ber_state = 0;
-    BerElement *ber = NULL;
-    BerElement *ber_resp = NULL;
-    struct berval ber_HAMK = {0};
-    struct berval *ber_ntlm_bytes_M = NULL;
-    struct berval ber_ctx = {0};
-    const unsigned char *bytes_HAMK = 0;
-    struct berval *flatten = NULL;
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_debug_printf("_ntlm_gss_validate_client(): "
-                     "state=NTLM_AUTH_CLIENT_VALIDATE\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_ntlm_bytes_M);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        min = EINVAL; /* TBD: Adam, return a real error code here */
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state || ber_ntlm_bytes_M->bv_len == 0)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_print_hex(ber_ntlm_bytes_M->bv_val, (int) ber_ntlm_bytes_M->bv_len,
-                  "_ntlm_gss_validate_client(accept_sec_ctx) received bytes_M");
-
-    srp_verifier_verify_session(ntlm_context_handle->ntlm_ver,
-                                ber_ntlm_bytes_M->bv_val, &bytes_HAMK);
-    if (!bytes_HAMK)
-    {
-    ntlm_debug_printf("_ntlm_gss_validate_client: "
-                     "srp_verifier_verify_session() failed!!!\n");
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /*
-     * ASN.1 encode the bytes_HAMK value, sending it back to the client
-     * for validation. That will complete the authentication process if that
-     * succeeds.
-     */
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    ber_HAMK.bv_len = srp_verifier_get_session_key_length(ntlm_context_handle->ntlm_ver);
-    ber_HAMK.bv_val = (void *) bytes_HAMK;
-    berror = ber_printf(ber_resp, "t{O}",
-                  (int) NTLM_AUTH_SERVER_VALIDATE,
-                  &ber_HAMK);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-    /*
-     * From server's perspective, authentication is done. However,
-     * there is a final output_token to process by gss_init_sec_context().
-     */
-    maj = GSS_S_COMPLETE;
-
-error:
-    if (ber_ntlm_bytes_M)
-    {
-        ber_bvfree(ber_ntlm_bytes_M);
-    }
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    return maj;
-}
-
-
-/*
- * Report error status to client, and the final
- * minor status from the server.
- * This is the end, my friend...
- */
-static
-OM_uint32
-_ntlm_gss_accept_sec_ctx_error_resp(
-    OM_uint32 *minor_status,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int berror = 0;
-    BerElement *ber_resp = NULL;
-    struct berval *flatten = NULL;
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    berror = ber_printf(ber_resp, "t{i}",
-                  (int) NTLM_AUTH_FAILED,
-                  *minor_status);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-error:
-    ber_bvfree(flatten);
-    ber_free(ber_resp, 1);
-    if (maj)
-    {
-        /* Cleanup return memory stuff here */
-    }
-
-    return maj;
-}
-
-/*ARGSUSED*/
-OM_uint32
-ntlm_gss_accept_sec_context(
-                OM_uint32 *minor_status,
-                gss_ctx_id_t *context_handle,
-                gss_cred_id_t verifier_cred_handle,
-                gss_buffer_t input_token,
-                gss_channel_bindings_t input_chan_bindings,
-                gss_name_t *src_name,
-                gss_OID *mech_type,
-                gss_buffer_t output_token,
-                OM_uint32 *ret_flags,
-                OM_uint32 *time_rec,
-                gss_cred_id_t *delegated_cred_handle)
-{
-    int oid_len = 0;
-    int state = 0;
-    ntlm_gss_cred_id_t ntlm_cred = NULL;
-    unsigned char *ptr = NULL;
-    int ptr_len = 0;
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    OM_uint32 tmp_maj = 0;
-    OM_uint32 tmp_min = 0;
-    gss_buffer_desc input_token_ntlm = {0};
-    ntlm_gss_ctx_id_t ntlm_context_handle = NULL;
-    krb5_error_code krb5_err = 0;
-    gss_cred_id_t ntlm_cred_handle = NULL;
-    gss_OID_set_desc desired_mech;
-    gss_OID_desc mech_ntlm_desc = {NTLM_OID_LENGTH, (void *) NTLM_OID};
-    gss_OID mech_ntlm = &mech_ntlm_desc;
-    int iv_len = 0;
-
-    if (minor_status == NULL ||
-        output_token == GSS_C_NO_BUFFER ||
-        context_handle == NULL)
-    {
-        return GSS_S_CALL_INACCESSIBLE_WRITE;
-    }
-
-    if (input_token == GSS_C_NO_BUFFER)
-    {
-        return GSS_S_CALL_INACCESSIBLE_READ;
-    }
-
-    if (minor_status)
-    {
-        *minor_status = 0;
-    }
-
-    if (output_token != GSS_C_NO_BUFFER)
-    {
-        output_token->length = 0;
-        output_token->value = NULL;
-    }
-
-    if (!context_handle)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (*context_handle)
-    {
-        ntlm_context_handle = (ntlm_gss_ctx_id_t) *context_handle;
-    }
-    else
-    {
-        /* First call, allocate context handle */
-        ntlm_context_handle =
-            (ntlm_gss_ctx_id_t) xmalloc(sizeof(ntlm_gss_ctx_id_rec));
-        if (!ntlm_context_handle)
-        {
-            min = ENOMEM;
-            maj = GSS_S_FAILURE;
-            goto error;
-        }
-        memset(ntlm_context_handle, 0, sizeof(ntlm_gss_ctx_id_rec));
-
-#if 1
-        /*
-         * Hard code desired mech OID to NTLM
-         */
-        desired_mech.elements = (gss_OID) mech_ntlm;
-        desired_mech.count = 1;
-
-        maj = ntlm_gss_acquire_cred(
-                  &min,
-                  GSS_C_NO_NAME,
-                  0,
-                  &desired_mech,
-                  GSS_C_ACCEPT,
-                  &ntlm_cred_handle,
-                  NULL,
-                  NULL);
-        if (maj)
-        {
-            goto error;
-        }
-        ntlm_cred = (ntlm_gss_cred_id_t) ntlm_cred_handle;
-
-#else
-        if (!verifier_cred_handle || !context_handle)
-        {
-            maj = GSS_S_FAILURE;
-            goto error;
-        }
-        ntlm_cred = (ntlm_gss_cred_id_t) verifier_cred_handle;
-#endif
-        ntlm_context_handle->magic_num = NTLM_MAGIC_ID;
-
-        maj = ntlm_gss_duplicate_oid(&min,
-                                    ntlm_cred->ntlm_mech_oid,
-                                    &ntlm_context_handle->mech);
-        if (maj)
-        {
-            goto error;
-        }
-
-        ntlm_context_handle->state = NTLM_AUTH_INIT;
-        ntlm_context_handle->cred = (ntlm_gss_cred_id_t) verifier_cred_handle;
-        *context_handle = (gss_ctx_id_t) ntlm_context_handle;
-    }
-
-    ptr = (unsigned char*) input_token->value;
-    ptr_len = (int) input_token->length;
-    maj = ntlm_gss_validate_oid_header(
-              &min,
-              input_token,
-              &oid_len);
-    if (maj)
-    {
-        goto error;
-    }
-
-    ptr += oid_len;
-    ptr_len -= oid_len;
-    input_token_ntlm.value = ptr;
-    input_token_ntlm.length = ptr_len;
-
-    /* This is the "t" field of ber_scanf() */
-    state = NTLM_AUTH_STATE_VALUE(ptr[0]);
-
-    /* Verify state machine is consistent with expected state */
-    state = NTLM_AUTH_STATE_VALUE(ptr[0]);
-
-#if 0 /* TBD: FIXME, need spengo to fix this */
-    if (state != ntlm_context_handle->state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-#endif
-
-    switch(state)
-    {
-      case NTLM_AUTH_INIT:
-        ntlm_debug_printf("ntlm_gss_accept_sec_context: state=NTLM_AUTH_INIT\n");
-        maj = _ntlm_gss_auth_init(minor_status,
-                                 ntlm_context_handle,
-                                 state,
-                                 &input_token_ntlm,
-                                 output_token);
-        if (maj)
-        {
-            goto error;
-        }
-        ntlm_context_handle->state = NTLM_AUTH_CLIENT_VALIDATE;
-        break;
-
-      case NTLM_AUTH_CLIENT_VALIDATE:
-        ntlm_debug_printf("ntlm_gss_accept_sec_context: "
-                         "state=NTLM_AUTH_CLIENT_VALIDATE\n");
-        maj = _ntlm_gss_validate_client(minor_status,
-                                       ntlm_context_handle,
-                                       state,
-                                       &input_token_ntlm,
-                                       output_token);
-        if (maj != GSS_S_CONTINUE_NEEDED && maj != GSS_S_COMPLETE)
-        {
-            /* Hard error occurred */
-            goto error;
-        }
-
-        ntlm_context_handle->state = NTLM_AUTH_COMPLETE;
-        if (mech_type)
-        {
-            tmp_maj = ntlm_gss_duplicate_oid(
-                          &tmp_min,
-                          (gss_OID) gss_mech_ntlm_oid,
-                          mech_type);
-            if (tmp_maj)
-            {
-                maj = tmp_maj;
-                *minor_status = tmp_min;
-                goto error;
-            }
-        }
-
-        if (src_name)
-        {
-            /* Optional: Return UPN name to caller */
-            tmp_maj = gss_duplicate_name(
-                      &tmp_min,
-                      ntlm_context_handle->gss_upn_name,
-                      src_name);
-            if (tmp_maj)
-            {
-                maj = tmp_maj;
-                *minor_status = tmp_min;
-                goto error;
-            }
-        }
-        break;
-
-      /* This should never happen, but include for completeness-sake */
-      case NTLM_AUTH_COMPLETE:
-        ntlm_debug_printf("ntlm_gss_accept_sec_context: "
-                         "state=NTLM_AUTH_COMPLETE\n");
-        maj = GSS_S_COMPLETE;
-        break;
-
-      default:
-        ntlm_debug_printf("ntlm_gss_accept_sec_context: state=UNKNOWN!!!\n");
-        maj = GSS_S_FAILURE;
-        goto error;
-        break;
-    }
-
-    if (ntlm_context_handle->state == NTLM_AUTH_COMPLETE)
-    {
-        krb5_err = ntlm_make_enc_keyblock(ntlm_context_handle);
-        if (krb5_err)
-        {
-            maj = GSS_S_FAILURE;
-            min = krb5_err;
-            goto error;
-        }
-        AES_set_encrypt_key(
-            ntlm_context_handle->keyblock->contents,
-            ntlm_context_handle->keyblock->length * 8,
-            &ntlm_context_handle->aes_encrypt_key);
-        AES_set_decrypt_key(
-            ntlm_context_handle->keyblock->contents,
-            ntlm_context_handle->keyblock->length * 8,
-            &ntlm_context_handle->aes_decrypt_key);
-
-        iv_len = (AES_BLOCK_SIZE < ntlm_context_handle->ntlm_session_key_len) ?
-                     AES_BLOCK_SIZE : ntlm_context_handle->ntlm_session_key_len;
-        memset(ntlm_context_handle->aes_encrypt_iv, 0, iv_len);
-        memcpy(ntlm_context_handle->aes_encrypt_iv,
-               ntlm_context_handle->ntlm_session_key,
-               iv_len);
-
-        memset(ntlm_context_handle->aes_decrypt_iv, 0, iv_len);
-        memcpy(ntlm_context_handle->aes_decrypt_iv,
-               ntlm_context_handle->ntlm_session_key,
-               iv_len);
-    }
-
-error:
-    if (maj != GSS_S_CONTINUE_NEEDED && maj != GSS_S_COMPLETE)
-    {
-        _ntlm_gss_accept_sec_ctx_error_resp(
-            minor_status,
-            output_token);
-    }
-
-    if (ntlm_cred_handle)
-    {
-        ntlm_gss_release_cred(&tmp_min, &ntlm_cred_handle);
-    }
-    return maj;
-}
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_acquire_cred.c b/lwraft/gssapi-plugins/ntlm/ntlm_acquire_cred.c
deleted file mode 100644
index f15367424..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_acquire_cred.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "ntlm_util.h"
-#include <gssapi/gssapi_krb5.h>
-#include <errno.h>
-#include <string.h>
-
-OM_uint32
-ntlm_gss_acquire_cred(
-    OM_uint32 *minor_status,
-    gss_name_t desired_name,
-    OM_uint32 time_req,
-    gss_OID_set desired_mechs,
-    gss_cred_usage_t cred_usage,
-    gss_cred_id_t *output_cred_handle,
-    gss_OID_set *actual_mechs,
-    OM_uint32 *time_rec)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    ntlm_gss_cred_id_t ntlm_cred = NULL;
-    gss_name_t gss_krb5_name_buf = NULL;
-
-    /* Allocate the cred structure */
-    ntlm_cred = (ntlm_gss_cred_id_t) xmalloc(sizeof(*ntlm_cred));
-    if (!ntlm_cred)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(ntlm_cred, 0, sizeof(*ntlm_cred));
-
-    /* Allocate/set the mech OID; must be NTLM for this method to be called */
-    ntlm_cred->ntlm_mech_oid = (gss_OID) xmalloc(sizeof(*ntlm_cred->ntlm_mech_oid));
-    if (!ntlm_cred)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(ntlm_cred->ntlm_mech_oid, 0, sizeof(*ntlm_cred->ntlm_mech_oid));
-    ntlm_cred->ntlm_mech_oid->elements = (void *) xmalloc(GSS_NTLM_MECH_OID_LEN);
-    if (!ntlm_cred)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ntlm_cred->ntlm_mech_oid->length = GSS_NTLM_MECH_OID_LEN;
-    memcpy(ntlm_cred->ntlm_mech_oid->elements, NTLM_OID, GSS_NTLM_MECH_OID_LEN);
-
-    if (desired_name)
-    {
-        /* Really, use krb5 mech OID for name, as the desired output is a UPN */
-        major = gss_canonicalize_name(&minor,
-                                      desired_name,
-                                      (gss_OID) gss_mech_krb5,
-                                      &gss_krb5_name_buf);
-        if (major)
-        {
-            goto error;
-        }
-
-        ntlm_cred->name = gss_krb5_name_buf, gss_krb5_name_buf = NULL;
-    }
-    *output_cred_handle = (gss_cred_id_t) ntlm_cred;
-
-error:
-    if (major || minor)
-    {
-        *minor_status = minor;
-        if (ntlm_cred->ntlm_mech_oid->elements)
-        {
-            free(ntlm_cred->ntlm_mech_oid->elements);
-        }
-        if (ntlm_cred->ntlm_mech_oid)
-        {
-            free(ntlm_cred->ntlm_mech_oid);
-        }
-        if (ntlm_cred)
-        {
-            free(ntlm_cred);
-        }
-    }
-
-    return major;
-}
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_del_sec_ctx.c b/lwraft/gssapi-plugins/ntlm/ntlm_del_sec_ctx.c
deleted file mode 100644
index 71dab4c94..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_del_sec_ctx.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "ntlm_util.h"
-#include "gssapi/gssapi_krb5.h"
-#include <krb5.h>
-#include <csrp/srp.h>
-#include <stdlib.h>
-
-OM_uint32
-ntlm_gss_delete_sec_context(
-                OM_uint32 *minor_status,
-                gss_ctx_id_t *context_handle,
-                gss_buffer_t output_token)
-{
-    ntlm_gss_ctx_id_t ntlm_ctx = NULL;
-    OM_uint32 ret = GSS_S_COMPLETE;
-      
-    if (context_handle == NULL)
-    {
-        return (GSS_S_FAILURE);
-    }
-
-    ntlm_ctx = (ntlm_gss_ctx_id_t) *context_handle;
-    if (ntlm_ctx->upn_name)
-    {
-        free(ntlm_ctx->upn_name);
-    }
-
-    if (ntlm_ctx->ntlm_session_key)
-    {
-        free(ntlm_ctx->ntlm_session_key);
-    }
-
-    if (ntlm_ctx->ntlm_usr)
-    {
-        srp_user_delete(ntlm_ctx->ntlm_usr);
-        ntlm_ctx->ntlm_usr = NULL;
-    }
-    
-    if (ntlm_ctx->ntlm_ver)
-    {
-        srp_verifier_delete(ntlm_ctx->ntlm_ver);
-        ntlm_ctx->ntlm_ver = NULL;
-    }
-
-    if (ntlm_ctx->mech)
-    {
-        OM_uint32 min_tmp = GSS_S_COMPLETE;
-        gss_release_oid(&min_tmp, &ntlm_ctx->mech);
-    }
-
-    krb5_free_keyblock(ntlm_ctx->krb5_ctx, ntlm_ctx->keyblock);
-    ntlm_ctx->keyblock = NULL;
-
-    krb5_free_context(ntlm_ctx->krb5_ctx);
-    ntlm_ctx->krb5_ctx = NULL;
-
-    free(*context_handle);
-    *context_handle = NULL;
-    return (ret);
-}
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_disp_name.c b/lwraft/gssapi-plugins/ntlm/ntlm_disp_name.c
deleted file mode 100644
index 06d5171d8..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_disp_name.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "ntlm_util.h"
-#include <gssapi/gssapi_krb5.h>
-
-OM_uint32
-ntlm_gss_display_name(
-    OM_uint32 *minor_status,
-    gss_name_t input_name,
-    gss_buffer_t output_name_buffer,
-    gss_OID *output_name_type)
-{
-    OM_uint32 status = GSS_S_COMPLETE;
-    OM_uint32 minor = GSS_S_COMPLETE;
-    gss_name_t gss_krb5_name_buf = NULL;
-    dsyslog("Entering display_name\n");
-
-
-    status = gss_canonicalize_name(&minor,
-                                  input_name,
-                                  (gss_OID) gss_mech_krb5,
-                                  &gss_krb5_name_buf);
-    if (status)
-    {
-        goto error;
-    }
-
-    status = gss_display_name(minor_status, gss_krb5_name_buf,
-        output_name_buffer, output_name_type);
-
-error:
-    if (gss_krb5_name_buf)
-    {
-        gss_release_name(minor_status, &gss_krb5_name_buf);
-    }
-
-    dsyslog("Leaving display_name\n");
-    return (status);
-}
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_encrypt.c b/lwraft/gssapi-plugins/ntlm/ntlm_encrypt.c
deleted file mode 100644
index a34cd2ce5..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_encrypt.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <krb5.h>
-#include <sasl/saslutil.h>
-#include <errno.h>
-#include <string.h>
-#include "ntlm_encrypt.h"
-#include "ntlm_util.h"
-
-krb5_error_code
-ntlm_gen_keyblock(
-    krb5_context krb5_ctx,
-    char *enc_keytype,
-    char *pass,
-    char *salt,
-    krb5_keyblock *key)
-{
-    krb5_error_code krb_err = 0;
-    krb5_enctype enctype;
-    krb5_data pass_data = {0};
-    krb5_data salt_data = {0};
-
-    memset(&enctype, 0, sizeof(enctype));
-
-    pass_data.data = pass;
-    pass_data.length = (int) strlen(pass);
-    salt_data.data = salt;
-    salt_data.length = (int) strlen(salt);
-
-#if 0
-    /* Prefer to use this, as it takes ENCTYPE_AES256_CTS_HMAC_SHA1_96 */
-    enctype = find_enctype(enc_keytype);
-    if (!enctype)
-    {
-        krb_err = EINVAL;
-        goto error;
-    }
-#else
-    krb_err = krb5_string_to_enctype(
-                  enc_keytype,
-                  &enctype);
-    if (krb_err)
-    {
-        goto error;
-    }
-#endif
-
-    krb_err = krb5_c_string_to_key(
-                  krb5_ctx,
-                  enctype,
-                  &pass_data,
-                  &salt_data,
-                  key);
-    if (krb_err)
-    {
-        goto error;
-    }
-
-error:
-    
-    return krb_err;
-}
-
-krb5_error_code 
-ntlm_make_enc_keyblock(
-    ntlm_gss_ctx_id_t ntlm_context_handle)
-{
-    char *ntlm_session_key_str = NULL;
-    krb5_error_code krb5_err = KRB5_BAD_ENCTYPE;
-    int b64_alloc_len = ntlm_context_handle->ntlm_session_key_len * 4 / 3 + 3;
-    int b64_session_key_len = 0;
-    int sts = 0;
-
-    if (ntlm_context_handle->ntlm_session_key &&
-        ntlm_context_handle->ntlm_session_key_len > 0)
-    {
-
-        /* Build b64 encoded string of NTLM session key */
-        ntlm_session_key_str = calloc(b64_alloc_len, sizeof(char));
-        if (!ntlm_session_key_str)
-        {
-            krb5_err = ENOMEM;
-            goto error;
-        }
-
-        sts = sasl_encode64(
-                  ntlm_context_handle->ntlm_session_key,
-                  ntlm_context_handle->ntlm_session_key_len,
-                  ntlm_session_key_str,
-                  b64_alloc_len,
-                  &b64_session_key_len);
-        if (sts)
-        {
-            krb5_err = ENOMEM;
-            goto error;
-        }
-        ntlm_session_key_str[b64_session_key_len] = '\0';
-#if 1
-/* TBD: Adam debuging only */
-        ntlm_print_hex(ntlm_context_handle->ntlm_session_key,
-                      ntlm_context_handle->ntlm_session_key_len,
-                      "ntlm_make_enc_keyblock: got session key");
-#endif
-        ntlm_context_handle->keyblock = calloc(1, sizeof(krb5_keyblock));
-        if (!ntlm_context_handle->keyblock)
-        {
-            krb5_err = ENOMEM;
-            goto error;
-        }
-
-        /* Generate encryption key from NTLM shared key */
-        krb5_err = ntlm_gen_keyblock(
-                       ntlm_context_handle->krb5_ctx,
-                       NTLM_ENC_KEYTYPE,
-                       ntlm_session_key_str,
-                       ntlm_context_handle->upn_name,
-                       ntlm_context_handle->keyblock);
-#if 1
-/* TBD: Adam debuging only */
-        ntlm_print_hex(ntlm_context_handle->keyblock->contents,
-                      ntlm_context_handle->keyblock->length,
-                      "ntlm_make_enc_keyblock: keyblock value");
-#endif
-    }
-
-error:
-    if (krb5_err)
-    {
-        if (ntlm_context_handle->keyblock)
-        {
-            free(ntlm_context_handle->keyblock);
-        }
-    }
-
-    if (ntlm_session_key_str)
-    {
-        free(ntlm_session_key_str);
-    }
-    return krb5_err;
-}
-
-
-#ifdef _NTLM_USE_TRIVIAL_ENCRYPTION
-
-/* Straw-man trivial encryption function */
-void xor_encrypt(
-    unsigned char *plaintext,
-    int plaintext_len,
-    const unsigned char *key,
-    int keylen)
-{
-    int i = 0;
-    int k = 0;
-
-    for (i=0; i<plaintext_len; i++)
-    {
-        plaintext[i] ^= key[k++];
-        k %= keylen;
-    }
-    return;
-}
-
-unsigned char *xor_get_encrypt_key(int *len)
-{
-    static char *g_key = "!)@(#*%&^dEadBeEf~!@#$%^&*()_+";
-    *len = strlen(g_key);
-
-    return (unsigned char *) g_key;
-}
-#endif
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_encrypt.h b/lwraft/gssapi-plugins/ntlm/ntlm_encrypt.h
deleted file mode 100644
index ca0e60a95..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_encrypt.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _NTLM_ENCRYPT_H_
-#define _NTLM_ENCRYPT_H_
-
-#include <krb5.h>
-#include "gssapiP_ntlm.h"
-
-/*
- * Straw-man trivial encryption functionality: _NTLM_USE_TRIVIAL_ENCRYPTION
- *
- * To enable this debugging "feature", add -D_NTLM_USE_TRIVIAL_ENCRYPTION
- * to your makefile/vcproj.
- *  !!!!!!!!!!!!! DO NOT USE THIS IN PRODUCTION !!!!!!!!!!!!!!
- */
-
-#define AES256PAD(len) \
-    ((len) + (((len%AES_BLOCK_SIZE) > 0) ? \
-     (AES_BLOCK_SIZE - (len) % AES_BLOCK_SIZE) : 0))
-
-// #define NTLM_ENC_KEYTYPE ENCTYPE_AES256_CTS_HMAC_SHA1_96
-#define NTLM_ENC_KEYTYPE "aes256-cts-hmac-sha1-96"
-
-krb5_error_code
-ntlm_gen_keyblock(
-    krb5_context krb_ctx,
-    char *enc_keytype,
-    char *pass,
-    char *salt,
-    krb5_keyblock *key);
-
-krb5_error_code
-ntlm_make_enc_keyblock(
-    ntlm_gss_ctx_id_t ntlm_context_handle);
-
-#ifdef _NTLM_USE_TRIVIAL_ENCRYPTION
-void xor_encrypt(
-    unsigned char *plaintext,
-    int plaintext_len,
-    const unsigned char *key,
-    int keylen);
-
-unsigned char *xor_get_encrypt_key(int *len);
-
-#endif /* _NTLM_USE_TRIVIAL_ENCRYPTION */
-#endif
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_init_sec_ctx.c b/lwraft/gssapi-plugins/ntlm/ntlm_init_sec_ctx.c
deleted file mode 100644
index e9bb0b432..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_init_sec_ctx.c
+++ /dev/null
@@ -1,742 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "ntlm_mglueP.h"
-#include "ntlm_encrypt.h"
-#include "ntlm_util.h"
-#include <krb5.h>
-#include "gssapiP_ntlm.h"
-#include "gssapi/gssapi_krb5.h"
-#include "gssapi_alloc.h"
-#include <lber.h>
-#include <csrp/srp.h>
-#include <ctype.h>
-
-static OM_uint32
-__ntlm_ber_flatten_output_token(
-    OM_uint32 *minor_status,
-    BerElement *ber,
-    int ber_len,
-    gss_buffer_t asn1_oid,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    OM_uint32 output_token_len = 0;
-    gss_buffer_desc output_token_mem = {0};
-    unsigned char *ptr = NULL;
-    int berror = 0;
-    struct berval *flatten = NULL;
-
-    berror = ber_flatten(ber, &flatten);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token_len = (OM_uint32) (asn1_oid->length + ber_len);
-    output_token_mem.value = gssalloc_malloc(output_token_len);
-    if (!output_token_mem.value)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(output_token_mem.value, 0, output_token_len);
-
-    output_token_mem.length = output_token_len;
-    ptr = output_token_mem.value;
-
-    memcpy(ptr, asn1_oid->value, asn1_oid->length);
-    ptr += asn1_oid->length;
-
-    memcpy(ptr, flatten->bv_val, flatten->bv_len);
-    ptr += ber_len;
-
-    /* output_token now owns the memory in output_token_mem */
-    *output_token = output_token_mem;
-    memset(&output_token_mem, 0, sizeof(output_token_mem));
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-        if (output_token_mem.value)
-        {
-            gssalloc_free(output_token_mem.value);
-        }
-    }
-    if (flatten)
-    {
-        ber_bvfree(flatten);
-    }
-    return major;
-}
-
-/*
- * Carol → Steve: I and A = g**a
- */
-static
-OM_uint32
-_ntlm_gss_make_auth_init_output_token(
-    OM_uint32 *minor_status,
-    gss_OID ntlm_mech_oid,
-    gss_name_t auth_name,
-    gss_buffer_t auth_password,
-    ntlm_gss_ctx_id_t ntlm_context_handle,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    gss_buffer_desc asn1_ntlm_oid = {0};
-    gss_buffer_desc export_name_buf = {0};
-    gss_buffer_t export_name = NULL;
-    gss_OID export_OID = NULL;
-    BerElement *ber = NULL;
-    int ber_len = 0;
-    int berror = 0;
-    char *export_name_str = NULL;
-    char *password = NULL;
-    struct SRPUser *usr = NULL;
-    const char *ntlm_auth_user = NULL;
-    const unsigned char *ntlm_bytes_A = NULL;
-    int ntlm_bytes_A_len = 0;
-    int i = 0;
-    SRP_NGType ng_type = SRP_NG_2048;
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = ntlm_asn1_encode_mech_oid_token(
-                &minor,
-                ntlm_mech_oid,
-                &asn1_ntlm_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-    major = gss_display_name(&minor, auth_name, &export_name_buf, &export_OID);
-    if (major)
-    {
-        goto error;
-    }
-    export_name = &export_name_buf;
-
-    export_name_str = calloc(export_name_buf.length+1, sizeof(char));
-    if (!export_name_str)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* This is a '\0' terminated string */
-    memcpy(export_name_str, export_name_buf.value, export_name_buf.length);
-
-    /*
-     * Lower case UPN name to match NTLM secret generated by vmdir.
-     * This is sematically wrong for vmdir to do this, but the UPN
-     * case must match for the NTLM values to match.
-     */
-    for (i=0; i<export_name_buf.length; i++)
-    {
-        export_name_str[i] = (char) tolower((int) export_name_str[i]);
-    }
-
-    /* The caller constructs this as a '\0' terminated string */
-    password = auth_password->value;
-    usr = srp_user_new(SRP_SHA1, ng_type,
-                         export_name_str,
-                         (const unsigned char *)password,
-                         (int) strlen(password), NULL, NULL);
-    if (!usr)
-    {
-        ntlm_debug_printf("srp_user_new: failed!\n");
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-    ntlm_context_handle->upn_name = export_name_str;
-
-    /* User -> Host: (username, bytes_A) */
-    srp_user_start_authentication(usr,
-                                  &ntlm_auth_user,
-                                  &ntlm_bytes_A,
-                                  &ntlm_bytes_A_len);
-    if (!ntlm_auth_user || !ntlm_bytes_A || ntlm_bytes_A_len == 0)
-    {
-        ntlm_debug_printf("srp_user_start_authentication: failed!\n");
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-
-ntlm_print_hex(ntlm_bytes_A, ntlm_bytes_A_len, "_ntlm_gss_make_auth_init_output_token(init_sec_context): bytes_A");
-    /*
-     * ASN.1 encode the following data:
-     * |- GSS_NTLM_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_NTLM_OID -|-NTLM_INIT(1)-|-UPN(octet string)-|-NTLM-bytes_A-|
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-    berror = ber_printf(ber, "t{oo}",
-                  (int) NTLM_AUTH_INIT,
-                  ntlm_auth_user,
-                  export_name_buf.length,
-                  ntlm_bytes_A,
-                  ntlm_bytes_A_len);
-
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ber_len = berror;
-
-
-    major = __ntlm_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_ntlm_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* Save the srp_user_new() context in the ntlm_gss_ctx... handle */
-    ntlm_context_handle->ntlm_usr = usr;
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-    if (export_name)
-    {
-        gss_release_buffer(&minor, export_name);
-    }
-    if (asn1_ntlm_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_ntlm_oid);
-    }
-    ber_free(ber, 1);
-    return major;
-}
-
-static
-OM_uint32
-_ntlm_auth_salt_resp(
-    OM_uint32 *minor_status,
-    gss_OID ntlm_mech_oid,
-    ntlm_gss_ctx_id_t ntlm_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    ber_tag_t ber_state = 0;
-    struct berval ber_in_tok = {0};
-    BerElement *ber_resp = NULL;
-    ber_tag_t berror = 0;
-    struct berval *ber_mda = NULL;
-    struct berval *ber_salt = NULL;
-    struct berval *ber_B = NULL;
-    const unsigned char *ntlm_bytes_M = NULL;
-    int ntlm_bytes_M_len = 0;
-    int ntlm_session_key_len = 0;
-    gss_buffer_desc asn1_ntlm_oid = {0};
-    BerElement *ber = NULL;
-    int ber_len = 0;
-    const unsigned char *ntlm_session_key = NULL;
-
-    ber_in_tok.bv_len = input_token->length;
-    ber_in_tok.bv_val = input_token->value;
-    ber_resp = ber_init(&ber_in_tok);
-    berror = ber_scanf(ber_resp, "t{OOO}",
-                 &ber_state, &ber_mda, &ber_salt, &ber_B);
-    if (berror == LBER_ERROR)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-#if 1
-ntlm_print_hex(ber_salt->bv_val, (int) ber_salt->bv_len, "_ntlm_auth_salt_resp(init_sec_context): salt");
-ntlm_print_hex(ber_B->bv_val, (int) ber_B->bv_len, "_ntlm_auth_salt_resp(init_sec_context): bytes_B");
-#endif
-
-    /* Consistency check, this must match state */
-    if ((int) ber_state != state)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    srp_user_process_challenge(ntlm_context_handle->ntlm_usr,
-                               ber_salt->bv_val, (int) ber_salt->bv_len,
-                               ber_B->bv_val, (int) ber_B->bv_len,
-                               &ntlm_bytes_M, &ntlm_bytes_M_len);
-
-    ntlm_session_key = srp_user_get_session_key(
-                          ntlm_context_handle->ntlm_usr,
-                          &ntlm_session_key_len);
-    if (ntlm_session_key && ntlm_session_key_len > 0)
-    {
-        ntlm_context_handle->ntlm_session_key =
-            calloc(ntlm_session_key_len, sizeof(unsigned char));
-        if (!ntlm_context_handle->ntlm_session_key)
-        {
-            minor = ENOMEM;
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        memcpy(ntlm_context_handle->ntlm_session_key,
-               ntlm_session_key,
-               ntlm_session_key_len);
-        ntlm_context_handle->ntlm_session_key_len = ntlm_session_key_len;
-#if 1
-/* TBD: Adam debuging only */
-        ntlm_print_hex(ntlm_context_handle->ntlm_session_key,
-                      ntlm_context_handle->ntlm_session_key_len,
-                      "_ntlm_auth_salt_resp(init_sec_ctx) got session key");
-#endif
-    }
-
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = ntlm_asn1_encode_mech_oid_token(
-                &minor,
-                ntlm_mech_oid,
-                &asn1_ntlm_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* ASN.1 encode the following data:
-     * |- GSS_NTLM_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_NTLM_OID -|-NTLM_AUTH_CLIENT_VALIDATE(1)-|-NTLM-bytes_A-|
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-
-#if 1 /* TBD: debug */
-ntlm_print_hex(ntlm_bytes_M, ntlm_bytes_M_len,
-              "_ntlm_auth_salt_resp(init_sec_ctx) sending bytes_M");
-#endif
-
-    berror = ber_printf(ber, "t{o}",
-                  (int) NTLM_AUTH_CLIENT_VALIDATE,
-                  ntlm_bytes_M,
-                  ntlm_bytes_M_len);
-
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-    ber_len = berror;
-
-    major = __ntlm_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_ntlm_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-
-    if (ber_mda)
-    {
-        ber_bvfree(ber_mda);
-    }
-    if (ber_salt)
-    {
-        ber_bvfree(ber_salt);
-    }
-    if (ber_B)
-    {
-        ber_bvfree(ber_B);
-    }
-    if (asn1_ntlm_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_ntlm_oid);
-    }
-    ber_free(ber_resp, 1);
-    ber_free(ber, 1);
-
-    return major;
-}
-
-
-static
-OM_uint32
-_ntlm_auth_server_validate(
-    OM_uint32 *minor_status,
-    gss_OID ntlm_mech_oid,
-    ntlm_gss_ctx_id_t ntlm_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    int berror = 0;
-    ber_tag_t ber_state = 0;
-    BerElement *ber = NULL;
-    struct berval *ber_ntlm_bytes_HAMK = NULL;
-    struct berval ber_ctx = {0};
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_debug_printf("_ntlm_auth_server_validate(): "
-                     "state=NTLM_AUTH_CLIENT_VALIDATE\n");
-
-    /*
-     * ASN.1 decode the "HAMK" server mutual auth token
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_ntlm_bytes_HAMK);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        minor = EINVAL; /* TBD: Adam, return a real error code here */
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state || ber_ntlm_bytes_HAMK->bv_len == 0)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_print_hex(
-        ber_ntlm_bytes_HAMK->bv_val,
-        (int) ber_ntlm_bytes_HAMK->bv_len,
-        "_ntlm_auth_server_validate(accept_sec_ctx) received ber_ntlm_bytes_HAMK");
-
-    srp_user_verify_session(
-        ntlm_context_handle->ntlm_usr,
-        ber_ntlm_bytes_HAMK->bv_val);
-    if (!srp_user_is_authenticated(ntlm_context_handle->ntlm_usr))
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-
-error:
-
-    /* Free a bunch of stuff ... */
-    if (ber_ntlm_bytes_HAMK)
-    {
-        ber_bvfree(ber_ntlm_bytes_HAMK);
-    }
-
-
-    ber_free(ber, 1);
-    if (major)
-    {
-        if (minor)
-        {
-            *minor_status = minor;
-        }
-    }
-
-    return major;
-}
-
-
-/*
- * Message format for generated output token (state dependent)
- * |- ASN.1 NTLM OID -|- state -|- data -|- ... -|
- *
- *
- * NTLM_AUTH_INIT: | ASN.1 NTLM OID | NTLM_AUTH_INIT (byte) | UPN (type GSS_KRB5_NT_PRINCIPAL_NAME) |
- *
- */
-OM_uint32
-ntlm_gss_init_sec_context(
-    OM_uint32 *minor_status,
-    gss_cred_id_t claimant_cred_handle,
-    gss_ctx_id_t *context_handle,
-    gss_name_t target_name,
-    gss_OID mech_type,
-    OM_uint32 req_flags,
-    OM_uint32 time_req,
-    gss_channel_bindings_t input_chan_bindings,
-    gss_buffer_t input_token,
-    gss_OID *actual_mech,
-    gss_buffer_t output_token,
-    OM_uint32 *ret_flags,
-    OM_uint32 *time_rec)
-{
-    /*
-     * send_token is used to indicate in later steps
-     * what type of token, if any should be sent or processed.
-     * NO_TOKEN_SEND = no token should be sent
-     * INIT_TOKEN_SEND = initial token will be sent
-     * CONT_TOKEN_SEND = continuing tokens to be sent
-     * CHECK_MIC = no token to be sent, but have a MIC to check.
-     */
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    unsigned char *ptr = NULL;
-    OM_uint32 state = 0;
-    ntlm_gss_cred_id_t ntlm_cred = NULL;
-    ntlm_gss_ctx_id_t ntlm_context_handle = NULL;
-    gss_buffer_desc output_token_mem = {0};
-    krb5_error_code krb5_err = 0;
-    gss_OID ntlm_mech_oid = {0};
-    int iv_len = 0;
-
-    dsyslog("Entering init_sec_context\n");
-
-    if (!claimant_cred_handle || !context_handle)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ntlm_cred = (ntlm_gss_cred_id_t) claimant_cred_handle;
-    ntlm_mech_oid = ntlm_cred->ntlm_mech_oid;
-
-    /* First call to init_sec_context; allocate new context */
-    if (*context_handle == GSS_C_NO_CONTEXT)
-    {
-        state = NTLM_AUTH_INIT;
-        ntlm_debug_printf("ntlm_gss_init_sec_context: state=NTLM_AUTH_INIT\n");
-        ntlm_context_handle =
-            (ntlm_gss_ctx_id_t) xmalloc(sizeof(ntlm_gss_ctx_id_rec));
-        if (!ntlm_context_handle)
-        {
-            minor = ENOMEM;
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        memset(ntlm_context_handle, 0, sizeof(ntlm_gss_ctx_id_rec));
-
-        major = ntlm_gss_duplicate_oid(&minor,
-                                      ntlm_mech_oid,
-                                      &ntlm_context_handle->mech);
-        if (major)
-        {
-            goto error;
-        }
-        ntlm_context_handle->magic_num = NTLM_MAGIC_ID;
-        ntlm_context_handle->state     = state;
-        ntlm_context_handle->cred      = ntlm_cred;
-
-        /* Needed for Kerberos AES256-SHA1 keyblock generation */
-        krb5_err = krb5_init_context(&ntlm_context_handle->krb5_ctx);
-        if (krb5_err)
-        {
-            major = GSS_S_FAILURE;
-            minor = krb5_err;
-            goto error;
-        }
-
-        major = _ntlm_gss_make_auth_init_output_token(
-                    &minor,
-                    ntlm_mech_oid,
-                    ntlm_cred->name,
-                    ntlm_cred->password,
-                    ntlm_context_handle,
-                    &output_token_mem);
-        if (major)
-        {
-            goto error;
-        }
-        ntlm_context_handle->state = NTLM_AUTH_SALT_RESP;
-        *context_handle = (gss_ctx_id_t) ntlm_context_handle;
-        ntlm_context_handle = NULL;
-        major = GSS_S_CONTINUE_NEEDED;
-    }
-    else
-    {
-        ntlm_context_handle = (ntlm_gss_ctx_id_t) *context_handle;
-        if (!input_token)
-        {
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        ptr = input_token->value;
-
-        /* Verify state machine is consistent with expected state */
-        state = NTLM_AUTH_STATE_VALUE(ptr[0]);
-        if (state != ntlm_context_handle->state)
-        {
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-
-        ntlm_context_handle->state = state;
-        switch (ntlm_context_handle->state)
-        {
-          case NTLM_AUTH_SALT_RESP:
-            ntlm_debug_printf("ntlm_gss_init_sec_context: "
-                             "state=NTLM_AUTH_SALT_RESP\n");
-            major = _ntlm_auth_salt_resp(
-                         &minor,
-                         ntlm_mech_oid,
-                         ntlm_context_handle,
-                         ntlm_context_handle->state,
-                         input_token,
-                         &output_token_mem);
-            if (major)
-            {
-                goto error;
-            }
-
-            ntlm_context_handle->state = NTLM_AUTH_SERVER_VALIDATE;
-            major = GSS_S_CONTINUE_NEEDED;
-            break;
-
-          case NTLM_AUTH_SERVER_VALIDATE:
-            ntlm_debug_printf("ntlm_gss_init_sec_context: "
-                             "state=NTLM_AUTH_SERVER_VALIDATE\n");
-            major = _ntlm_auth_server_validate(
-                         &minor,
-                         ntlm_mech_oid,
-                         ntlm_context_handle,
-                         ntlm_context_handle->state,
-                         input_token,
-                         &output_token_mem);
-            if (major)
-            {
-                ntlm_debug_printf("ntlm_gss_init_sec_context: "
-                                 "state=NTLM_AUTH_FAILED!!!\n");
-                ntlm_context_handle->state = NTLM_AUTH_FAILED;
-                major = GSS_S_FAILURE;
-            }
-            else
-            {
-                ntlm_debug_printf("ntlm_gss_init_sec_context: "
-                                 "state=NTLM_AUTH_COMPLETE!!!\n");
-                ntlm_context_handle->state = NTLM_AUTH_COMPLETE;
-                memset(&output_token_mem, 0, sizeof(output_token_mem));
-                major = GSS_S_COMPLETE;
-            }
-            break;
-
-          case NTLM_AUTH_COMPLETE:
-            major = GSS_S_COMPLETE;
-          break;
-
-          case NTLM_AUTH_FAILED:
-            ntlm_debug_printf("ntlm_gss_init_sec_context: "
-                             "state=NTLM_AUTH_FAILED!!!\n");
-            major = GSS_S_FAILURE;
-          break;
-
-          default:
-            ntlm_debug_printf("ntlm_gss_init_sec_context: "
-                             "state=UNKNOWN!!!\n");
-            major = GSS_S_FAILURE;
-            break;
-        }
-    }
-
-    *output_token = output_token_mem;
-
-    if (major == GSS_S_COMPLETE)
-    {
-        krb5_err = ntlm_make_enc_keyblock(ntlm_context_handle);
-        if (krb5_err)
-        {
-            major = GSS_S_FAILURE;
-            minor = krb5_err;
-            goto error;
-        }
-        if (actual_mech)
-        {
-            *actual_mech = ntlm_mech_oid;
-        }
-        AES_set_encrypt_key(
-            ntlm_context_handle->keyblock->contents,
-            ntlm_context_handle->keyblock->length * 8,
-            &ntlm_context_handle->aes_encrypt_key);
-        AES_set_decrypt_key(
-            ntlm_context_handle->keyblock->contents,
-            ntlm_context_handle->keyblock->length * 8,
-            &ntlm_context_handle->aes_decrypt_key);
-
-        iv_len = (AES_BLOCK_SIZE < ntlm_context_handle->ntlm_session_key_len) ?
-                     AES_BLOCK_SIZE : ntlm_context_handle->ntlm_session_key_len;
-        memset(ntlm_context_handle->aes_encrypt_iv, 0, iv_len);
-        memcpy(ntlm_context_handle->aes_encrypt_iv,
-               ntlm_context_handle->ntlm_session_key,
-               iv_len);
-
-        memset(ntlm_context_handle->aes_decrypt_iv, 0, iv_len);
-        memcpy(ntlm_context_handle->aes_decrypt_iv,
-               ntlm_context_handle->ntlm_session_key,
-               iv_len);
-
-
-    }
-    else if (major == GSS_S_CONTINUE_NEEDED && actual_mech)
-    {
-        *actual_mech = ntlm_mech_oid;
-    }
-
-error:
-
-    /* Free a bunch of stuff ... */
-    if (major)
-    {
-        if (minor)
-        {
-            *minor_status = minor;
-        }
-    }
-
-    return major;
-} /* init_sec_context */
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_mech.c b/lwraft/gssapi-plugins/ntlm/ntlm_mech.c
deleted file mode 100644
index 2dc6ce161..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_mech.c
+++ /dev/null
@@ -1,949 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-/*
- * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- * 
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 2014, VMware Inc. All rights reserved.
- *
- * Module: ntlm_mech.c
- * Abstract:
- *     VMware GSSAPI NTLM Authentication Plugin
- *     GSSAPI NTLM Plugin mechanism function table
- *
- * Author: Jonathan Brown (brownj@vmware.com)
- */
-
-#include	<stdio.h>
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
-
-#include	<krb5.h>
-#include "ntlm_util.h"
-
-/* Copy of GSSAPI plugin struct gss_config structure */
-#include "ntlm_mglueP.h"
-#include "gssapiP_ntlm.h"
-
-
-
-#undef g_token_size
-
-#define HARD_ERROR(v) ((v) != GSS_S_COMPLETE && (v) != GSS_S_CONTINUE_NEEDED)
-typedef const gss_OID_desc *gss_OID_const;
-
-static ntlm_token_t make_ntlm_token(char *);
-static gss_buffer_desc make_err_msg(char *);
-
-
-
-/* NTLM oid structure */
-static const gss_OID_desc ntlm_gss_oid_array[] = {
-    {NTLM_OID_LENGTH, NTLM_OID},
-
-    /* 2.1.1. Kerberos Principal Name Form:  (rfc 1964)
-     * This name form shall be represented by the Object Identifier {iso(1)
-     * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-     * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
-     * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-    {10, "\052\206\110\206\367\022\001\002\002\001"},
-
-    /* 1.3.6.1.4.1.27433.3.1 */
-    {10, "\x2b\x06\x01\x04\x01\x81\xd6\x29\x03\x01"},
-};
-
-const gss_OID_desc * const gss_mech_ntlm_oid           = ntlm_gss_oid_array+0;
-const gss_OID_desc * const gss_nt_ntlm_name_oid        = ntlm_gss_oid_array+1;
-const gss_OID_desc * const gss_ntlm_password_oid       = ntlm_gss_oid_array+2;
-/*const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME = ntlm_gss_oid_array+1; */
-
-int gss_ntlmint_lib_init(void)
-{
-#ifdef _GSS_STATIC_LINK
-	return gss_ntlmmechglue_init();
-#else
-	return 0;
-#endif
-}
-
-void gss_ntlmint_lib_fini(void)
-{
-}
-
-
-
-/*
- * NegHints ::= SEQUENCE {
- *    hintName       [0]  GeneralString      OPTIONAL,
- *    hintAddress    [1]  OCTET STRING       OPTIONAL
- * }
- */
-
-#define HOST_PREFIX	"host@"
-#define HOST_PREFIX_LEN	(sizeof(HOST_PREFIX) - 1)
-
-
-/*ARGSUSED*/
-OM_uint32
-ntlm_gss_display_status(
-		OM_uint32 *minor_status,
-		OM_uint32 status_value,
-		int status_type,
-		gss_OID mech_type,
-		OM_uint32 *message_context,
-		gss_buffer_t status_string)
-{
-	dsyslog("Entering display_status\n");
-
-	*message_context = 0;
-	switch (status_value) {
-	    case ERR_NTLM_NO_MECHS_AVAILABLE:
-		/* CSTYLED */
-		*status_string = make_err_msg("NTLM cannot find mechanisms to negotiate");
-		break;
-	    case ERR_NTLM_NO_CREDS_ACQUIRED:
-		/* CSTYLED */
-		*status_string = make_err_msg("NTLM failed to acquire creds");
-		break;
-	    case ERR_NTLM_NO_MECH_FROM_ACCEPTOR:
-		/* CSTYLED */
-		*status_string = make_err_msg("NTLM acceptor did not select a mechanism");
-		break;
-	    case ERR_NTLM_NEGOTIATION_FAILED:
-		/* CSTYLED */
-		*status_string = make_err_msg("NTLM failed to negotiate a mechanism");
-		break;
-	    case ERR_NTLM_NO_TOKEN_FROM_ACCEPTOR:
-		/* CSTYLED */
-		*status_string = make_err_msg("NTLM acceptor did not return a valid token");
-		break;
-	    default:
-		status_string->length = 0;
-		status_string->value = "";
-		break;
-	}
-
-	dsyslog("Leaving display_status\n");
-	return (GSS_S_COMPLETE);
-}
-
-
-/*ARGSUSED*/
-OM_uint32
-ntlm_gss_import_name(
-		    OM_uint32 *minor_status,
-		    gss_buffer_t input_name_buffer,
-		    gss_OID input_name_type,
-		    gss_name_t *output_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering import_name\n");
-
-	status = gss_import_name(minor_status, input_name_buffer,
-			input_name_type, output_name);
-
-	dsyslog("Leaving import_name\n");
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-ntlm_gss_release_name(
-			OM_uint32 *minor_status,
-			gss_name_t *input_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering release_name\n");
-
-	status = gss_release_name(minor_status, input_name);
-
-	dsyslog("Leaving release_name\n");
-	return (status);
-}
-
-OM_uint32
-ntlm_gss_inquire_cred(
-			OM_uint32 *minor_status,
-			gss_cred_id_t cred_handle,
-			gss_name_t *name,
-			OM_uint32 *lifetime,
-			int *cred_usage,
-			gss_OID_set *mechanisms)
-{
-	OM_uint32 status = 0;
-        ntlm_gss_cred_id_t ntlm_cred_handle = NULL;
-        gss_name_t ret_name = NULL;
-
-	dsyslog("Entering inquire_cred\n");
-
-        ntlm_cred_handle = (ntlm_gss_cred_id_t) cred_handle;
-        if (ntlm_cred_handle && ntlm_cred_handle->name && name)
-        {
-            status = gss_duplicate_name(
-                         minor_status,
-                         ntlm_cred_handle->name,
-                         &ret_name);
-            if (status == 0)
-            {
-                *name = ret_name;
-            }
-        }
-
-	dsyslog("Leaving inquire_cred\n");
-
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-ntlm_gss_compare_name(
-			OM_uint32 *minor_status,
-			const gss_name_t name1,
-			const gss_name_t name2,
-			int *name_equal)
-{
-	OM_uint32 status = GSS_S_COMPLETE;
-	dsyslog("Entering compare_name\n");
-
-	status = gss_compare_name(minor_status, name1, name2, name_equal);
-
-	dsyslog("Leaving compare_name\n");
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-ntlm_gss_inquire_names_for_mech(
-				OM_uint32	*minor_status,
-				gss_OID		mechanism,
-				gss_OID_set	*name_types)
-{
-	OM_uint32   major = 0;
-	OM_uint32   minor = 0;
-
-	dsyslog("Entering inquire_names_for_mech\n");
-        if (major)
-        {
-            goto error;
-        }
-
-	dsyslog("Leaving inquire_names_for_mech\n");
-error:
-        if (major)
-        {
-            *minor_status = minor;
-        }
-	return (major);
-}
-
-OM_uint32
-ntlm_gss_unwrap(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t context_handle,
-		gss_buffer_t input_message_buffer,
-		gss_buffer_t output_message_buffer,
-		int *conf_state,
-		gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_unwrap(minor_status,
-			context_handle,
-			input_message_buffer,
-			output_message_buffer,
-			conf_state,
-			qop_state);
-
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_wrap(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t context_handle,
-		int conf_req_flag,
-		gss_qop_t qop_req,
-		gss_buffer_t input_message_buffer,
-		int *conf_state,
-		gss_buffer_t output_message_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_wrap(minor_status,
-		    context_handle,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_process_context_token(
-				OM_uint32	*minor_status,
-				const gss_ctx_id_t context_handle,
-				const gss_buffer_t token_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_process_context_token(minor_status,
-					context_handle,
-					token_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_context_time(
-			OM_uint32	*minor_status,
-			const gss_ctx_id_t context_handle,
-			OM_uint32	*time_rec)
-{
-	OM_uint32 ret;
-	ret = gss_context_time(minor_status,
-			    context_handle,
-			    time_rec);
-	return (ret);
-}
-#ifndef LEAN_CLIENT
-OM_uint32
-ntlm_gss_export_sec_context(
-			    OM_uint32	  *minor_status,
-			    gss_ctx_id_t *context_handle,
-			    gss_buffer_t interprocess_token)
-{
-	OM_uint32 ret;
-	ret = gss_export_sec_context(minor_status,
-				    context_handle,
-				    interprocess_token);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_import_sec_context(
-	OM_uint32		*minor_status,
-	const gss_buffer_t	interprocess_token,
-	gss_ctx_id_t		*context_handle)
-{
-	OM_uint32 ret;
-	ret = gss_import_sec_context(minor_status,
-				    interprocess_token,
-				    context_handle);
-	return (ret);
-}
-#endif /* LEAN_CLIENT */
-
-OM_uint32
-ntlm_gss_inquire_context(
-			OM_uint32	*minor_status,
-			const gss_ctx_id_t context_handle,
-			gss_name_t	*src_name,
-			gss_name_t	*targ_name,
-			OM_uint32	*lifetime_rec,
-			gss_OID		*mech_type,
-			OM_uint32	*ctx_flags,
-			int		*locally_initiated,
-			int		*opened)
-{
-	OM_uint32 ret = GSS_S_COMPLETE;
-
-	ret = gss_inquire_context(minor_status,
-				context_handle,
-				src_name,
-				targ_name,
-				lifetime_rec,
-				NULL,
-				ctx_flags,
-				locally_initiated,
-				opened);
-
-    if (mech_type)
-        *mech_type = context_handle->mech_type;
-
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_wrap_size_limit(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	int		conf_req_flag,
-	gss_qop_t	qop_req,
-	OM_uint32	req_output_size,
-	OM_uint32	*max_input_size)
-{
-	OM_uint32 ret;
-	ret = gss_wrap_size_limit(minor_status,
-				context_handle,
-				conf_req_flag,
-				qop_req,
-				req_output_size,
-				max_input_size);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_get_mic(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		gss_qop_t  qop_req,
-		const gss_buffer_t message_buffer,
-		gss_buffer_t message_token)
-{
-	OM_uint32 ret;
-	ret = gss_get_mic(minor_status,
-		    context_handle,
-		    qop_req,
-		    message_buffer,
-		    message_token);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_verify_mic(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		const gss_buffer_t msg_buffer,
-		const gss_buffer_t token_buffer,
-		gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_verify_mic(minor_status,
-			    context_handle,
-			    msg_buffer,
-			    token_buffer,
-			    qop_state);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_inquire_sec_context_by_oid(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		const gss_OID desired_object,
-		gss_buffer_set_t *data_set)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_sec_context_by_oid(minor_status,
-			    context_handle,
-			    desired_object,
-			    data_set);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_inquire_cred_by_oid(
-		OM_uint32 *minor_status,
-		const gss_cred_id_t cred_handle,
-		const gss_OID desired_object,
-		gss_buffer_set_t *data_set)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_cred_by_oid(minor_status,
-				cred_handle,
-				desired_object,
-				data_set);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_set_sec_context_option(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t *context_handle,
-		const gss_OID desired_object,
-		const gss_buffer_t value)
-{
-	OM_uint32 ret;
-	ret = gss_set_sec_context_option(minor_status,
-			    context_handle,
-			    desired_object,
-			    value);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gssspi_set_cred_option(OM_uint32 *minor_status,
-                       gss_cred_id_t cred_handle,
-                       const gss_OID desired_object,
-                       const gss_buffer_t value)
-{
-    OM_uint32 ret = 0;
-    ntlm_gss_cred_id_t ntlm_cred = NULL;
-    gss_buffer_t value_buf = NULL;
-
-
-#ifdef _MIT_KRB5_1_11
-    ntlm_cred = (ntlm_gss_cred_id_t) *((gss_cred_id_t *) cred_handle);
-#else
-    ntlm_cred = (ntlm_gss_cred_id_t) cred_handle;
-#endif
-    if (desired_object->length == GSS_NTLM_PASSWORD_LEN &&
-        memcmp(desired_object->elements,
-               GSS_NTLM_PASSWORD_OID,
-               GSS_NTLM_PASSWORD_LEN) == 0)
-    {
-        value_buf = calloc(value->length+1, sizeof(gss_buffer_desc));
-        value_buf->value = calloc(value->length+1, sizeof(unsigned char));
-        if (!value_buf->value)
-        {
-            return (GSS_S_FAILURE);
-        }
-    
-        memcpy(value_buf->value, value->value, value->length);
-        value_buf->length = value->length;
-        ntlm_cred->password = value_buf;
-    }
-
-    return (ret);
-}
-
-OM_uint32
-ntlm_gss_wrap_aead(OM_uint32 *minor_status,
-		     gss_ctx_id_t context_handle,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     gss_buffer_t input_assoc_buffer,
-		     gss_buffer_t input_payload_buffer,
-		     int *conf_state,
-		     gss_buffer_t output_message_buffer)
-{
-    OM_uint32 ret;
-	ret = gss_wrap_aead(minor_status,
-			    context_handle,
-			    conf_req_flag,
-			    qop_req,
-			    input_assoc_buffer,
-			    input_payload_buffer,
-			    conf_state,
-			    output_message_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_unwrap_aead(OM_uint32 *minor_status,
-		       gss_ctx_id_t context_handle,
-		       gss_buffer_t input_message_buffer,
-		       gss_buffer_t input_assoc_buffer,
-		       gss_buffer_t output_payload_buffer,
-		       int *conf_state,
-		       gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_unwrap_aead(minor_status,
-			      context_handle,
-			      input_message_buffer,
-			      input_assoc_buffer,
-			      output_payload_buffer,
-			      conf_state,
-			      qop_state);
-	return (ret);
-}
-
-
-OM_uint32
-ntlm_gss_wrap_iov_length(OM_uint32 *minor_status,
-			   gss_ctx_id_t context_handle,
-			   int conf_req_flag,
-			   gss_qop_t qop_req,
-			   int *conf_state,
-			   gss_iov_buffer_desc *iov,
-			   int iov_count)
-{
-	OM_uint32 ret;
-	ret = gss_wrap_iov_length(minor_status,
-				  context_handle,
-				  conf_req_flag,
-				  qop_req,
-				  conf_state,
-				  iov,
-				  iov_count);
-	return (ret);
-}
-
-
-OM_uint32
-ntlm_gss_complete_auth_token(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		gss_buffer_t input_message_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_complete_auth_token(minor_status,
-				      context_handle,
-				      input_message_buffer);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
-					 const gss_cred_id_t impersonator_cred_handle,
-					 const gss_name_t desired_name,
-					 OM_uint32 time_req,
-					 const gss_OID_set desired_mechs,
-					 gss_cred_usage_t cred_usage,
-					 gss_cred_id_t *output_cred_handle,
-					 gss_OID_set *actual_mechs,
-					 OM_uint32 *time_rec)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering ntlm_gss_acquire_cred_impersonate_name\n");
-
-
-	dsyslog("Leaving ntlm_gss_acquire_cred_impersonate_name\n");
-	return (status);
-}
-
-OM_uint32
-ntlm_gss_display_name_ext(OM_uint32 *minor_status,
-			    gss_name_t name,
-			    gss_OID display_as_name_type,
-			    gss_buffer_t display_name)
-{
-	OM_uint32 ret = 0;
-	ret = gss_display_name_ext(minor_status,
-				   name,
-				   display_as_name_type,
-				   display_name);
-	return (ret);
-}
-
-
-OM_uint32
-ntlm_gss_inquire_name(OM_uint32 *minor_status,
-			gss_name_t name,
-			int *name_is_MN,
-			gss_OID *MN_mech,
-			gss_buffer_set_t *attrs)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_name(minor_status,
-			       name,
-			       name_is_MN,
-			       MN_mech,
-			       attrs);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_get_name_attribute(OM_uint32 *minor_status,
-			      gss_name_t name,
-			      gss_buffer_t attr,
-			      int *authenticated,
-			      int *complete,
-			      gss_buffer_t value,
-			      gss_buffer_t display_value,
-			      int *more)
-{
-	OM_uint32 ret;
-	ret = gss_get_name_attribute(minor_status,
-				     name,
-				     attr,
-				     authenticated,
-				     complete,
-				     value,
-				     display_value,
-				     more);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_set_name_attribute(OM_uint32 *minor_status,
-			      gss_name_t name,
-			      int complete,
-			      gss_buffer_t attr,
-			      gss_buffer_t value)
-{
-	OM_uint32 ret;
-	ret = gss_set_name_attribute(minor_status,
-				     name,
-				     complete,
-				     attr,
-				     value);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_delete_name_attribute(OM_uint32 *minor_status,
-				 gss_name_t name,
-				 gss_buffer_t attr)
-{
-	OM_uint32 ret;
-	ret = gss_delete_name_attribute(minor_status,
-					name,
-					attr);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_export_name_composite(OM_uint32 *minor_status,
-				 gss_name_t name,
-				 gss_buffer_t exp_composite_name)
-{
-	OM_uint32 ret;
-	ret = gss_export_name_composite(minor_status,
-					name,
-					exp_composite_name);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_map_name_to_any(OM_uint32 *minor_status,
-			   gss_name_t name,
-			   int authenticated,
-			   gss_buffer_t type_id,
-			   gss_any_t *output)
-{
-	OM_uint32 ret;
-	ret = gss_map_name_to_any(minor_status,
-				  name,
-				  authenticated,
-				  type_id,
-				  output);
-	return (ret);
-}
-
-OM_uint32
-ntlm_gss_release_any_name_mapping(OM_uint32 *minor_status,
-				    gss_name_t name,
-				    gss_buffer_t type_id,
-				    gss_any_t *input)
-{
-	OM_uint32 ret;
-	ret = gss_release_any_name_mapping(minor_status,
-					   name,
-					   type_id,
-					   input);
-	return (ret);
-}
-
-
-
-/* following are token creation and reading routines */
-
-/*
- * This routine compares the recieved mechset to the mechset that
- * this server can support. It looks sequentially through the mechset
- * and the first one that matches what the server can support is
- * chosen as the negotiated mechanism. If one is found, negResult
- * is set to ACCEPT_INCOMPLETE if it's the first mech, REQUEST_MIC if
- * it's not the first mech, otherwise we return NULL and negResult
- * is set to REJECT.
- *
- * NOTE: There is currently no way to specify a preference order of
- * mechanisms supported by the acceptor.
- */
-
-/*
- * the next two routines make a token buffer suitable for
- * ntlm_gss_display_status. These currently take the string
- * in name and place it in the token. Eventually, if
- * ntlm_gss_display_status returns valid error messages,
- * these routines will be changes to return the error string.
- */
-static ntlm_token_t
-make_ntlm_token(char *name)
-{
-	return (ntlm_token_t)strdup(name);
-}
-
-static gss_buffer_desc
-make_err_msg(char *name)
-{
-	gss_buffer_desc buffer;
-
-	if (name == NULL) {
-		buffer.length = 0;
-		buffer.value = NULL;
-	} else {
-		buffer.length = strlen(name)+1;
-		buffer.value = make_ntlm_token(name);
-	}
-
-	return (buffer);
-}
-
-/*
- * The Mech OID:
- *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) ntlm(10)
- *        = 1.2.840.113554.1.2.10
- */
-static struct _GSS_MECH_PLUGIN_CONFIG ntlm_mechanism =
-{
-	{NTLM_OID_LENGTH, NTLM_OID},
-	NULL,
-	ntlm_gss_acquire_cred,
-	ntlm_gss_release_cred,
-	ntlm_gss_init_sec_context,
-#ifndef LEAN_CLIENT
-	ntlm_gss_accept_sec_context,
-#else
-	NULL,
-#endif  /* LEAN_CLIENT */
-	NULL,				/* gss_process_context_token */
-	ntlm_gss_delete_sec_context,	/* gss_delete_sec_context */
-	ntlm_gss_context_time,	/* gss_context_time */
-	ntlm_gss_get_mic,		/* gss_get_mic */
-	ntlm_gss_verify_mic,		/* gss_verify_mic */
-	ntlm_gss_wrap,		/* gss_wrap */
-	ntlm_gss_unwrap,		/* gss_unwrap */
-	ntlm_gss_display_status,
-	NULL,				/* gss_indicate_mechs */
-	ntlm_gss_compare_name,
-	ntlm_gss_display_name,
-	ntlm_gss_import_name,
-	ntlm_gss_release_name,
-	ntlm_gss_inquire_cred,	/* gss_inquire_cred */
-	NULL,				/* gss_add_cred */
-#ifndef LEAN_CLIENT
-	ntlm_gss_export_sec_context,		/* gss_export_sec_context */
-	ntlm_gss_import_sec_context,		/* gss_import_sec_context */
-#else
-	NULL,				/* gss_export_sec_context */
-	NULL,				/* gss_import_sec_context */
-#endif /* LEAN_CLIENT */
-	NULL,				/* gss_inquire_cred_by_mech */
-	ntlm_gss_inquire_names_for_mech,
-	ntlm_gss_inquire_context,	/* gss_inquire_context */
-	NULL,				/* gss_internal_release_oid */
-	ntlm_gss_wrap_size_limit,	/* gss_wrap_size_limit */
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_localname */
-	NULL,				/* gssspi_authorize_localname */
-#endif
-	NULL,				/* gss_export_name */
-
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_duplicate_name */
-#endif
-
-	NULL,				/* gss_store_cred */
-	ntlm_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
-	ntlm_gss_inquire_cred_by_oid,	/* gss_inquire_cred_by_oid */
-	ntlm_gss_set_sec_context_option, /* gss_set_sec_context_option */
-	ntlm_gssspi_set_cred_option,	/* gssspi_set_cred_option */
-	NULL,				/* gssspi_mech_invoke */
-	ntlm_gss_wrap_aead,
-	ntlm_gss_unwrap_aead,
-	ntlm_gss_wrap_iov,
-	ntlm_gss_unwrap_iov,
-	ntlm_gss_wrap_iov_length,
-	ntlm_gss_complete_auth_token,
-	ntlm_gss_acquire_cred_impersonate_name,
-	NULL,				/* gss_add_cred_impersonate_name */
-	ntlm_gss_display_name_ext,
-	ntlm_gss_inquire_name,
-	ntlm_gss_get_name_attribute,
-	ntlm_gss_set_name_attribute,
-	ntlm_gss_delete_name_attribute,
-	ntlm_gss_export_name_composite,
-	ntlm_gss_map_name_to_any,
-	ntlm_gss_release_any_name_mapping,
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_pseudo_random */
-	NULL,				/* gss_set_neg_mechs */
-	NULL,				/* gss_inquire_saslname_for_mech */
-	NULL,				/* gss_inquire_mech_for_saslname */
-	NULL,				/* gss_inquire_attrs_for_mech */
-	NULL,				/* gss_acquire_cred_from */
-	NULL,				/* gss_store_cred_into */
-	NULL,				/* gssspi_acquire_cred_with_password */
-	NULL,				/* gss_export_cred */
-	NULL,				/* gss_import_cred */
-	NULL,				/* gssspi_import_sec_context_by_mech */
-	NULL,				/* gssspi_import_name_by_mech */
-	NULL,				/* gssspi_import_cred_by_mech */
-#endif
-};
-
-#ifdef _GSS_STATIC_LINK
-#include "mglueP.h"
-
-static int gss_ntlmmechglue_init(void)
-{
-	struct gss_mech_config mech_ntlm;
-
-	memset(&mech_ntlm, 0, sizeof(mech_ntlm));
-	mech_ntlm.mech = &ntlm_mechanism;
-	mech_ntlm.mechNameStr = "ntlm";
-	mech_ntlm.mech_type = (const gss_OID_desc * const) gss_mech_ntlm;
-
-	return gssint_register_mechinfo(&mech_ntlm);
-}
-#else
-GSS_MECH_PLUGIN_CONFIG gss_mech_initialize(void)
-{
-	return (&ntlm_mechanism);
-}
-
-#endif /* _GSS_STATIC_LINK */
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_mglueP.h b/lwraft/gssapi-plugins/ntlm/ntlm_mglueP.h
deleted file mode 100644
index e5f97e7f0..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_mglueP.h
+++ /dev/null
@@ -1,694 +0,0 @@
-/*
- * This header contains the private mechglue definitions.
- *
- * Copyright (c) 1995, by Sun Microsystems, Inc.
- * All rights reserved.
- */
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _NTLM_MGLUEP_H_
-#define _NTLM_MGLUEP_H_
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-/*
- * Exact copy of the mglueP.h "struct gss_config". This is contained
- * in a private header file, so this internal plugin structure cannot
- * be consumed publically.
- */
-
-/*
- * This is the definition of the mechs_array struct, which is used to
- * define the mechs array table. This table is used to indirectly
- * access mechanism specific versions of the gssapi routines through
- * the routines in the glue module (gssd_mech_glue.c)
- *
- * This contants all of the functions defined in gssapi.h except for
- * gss_release_buffer() and gss_release_oid_set(), which I am
- * assuming, for now, to be equal across mechanisms.  
- */
- 
-typedef struct _GSS_MECH_PLUGIN_CONFIG {
-    gss_OID_desc    mech_type;
-    void *	    context;
-    OM_uint32       (*gss_acquire_cred)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* desired_name */
-		    OM_uint32,		/* time_req */
-		    gss_OID_set,	/* desired_mechs */
-		    int,		/* cred_usage */
-		    gss_cred_id_t*,	/* output_cred_handle */
-		    gss_OID_set*,	/* actual_mechs */
-		    OM_uint32*		/* time_rec */
-		    );
-    OM_uint32       (*gss_release_cred)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_cred_id_t*	/* cred_handle */
-		    );
-    OM_uint32       (*gss_init_sec_context)
-	(
-		    OM_uint32*,			/* minor_status */
-		    gss_cred_id_t,		/* claimant_cred_handle */
-		    gss_ctx_id_t*,		/* context_handle */
-		    gss_name_t,			/* target_name */
-		    gss_OID,			/* mech_type */
-		    OM_uint32,			/* req_flags */
-		    OM_uint32,			/* time_req */
-		    gss_channel_bindings_t,	/* input_chan_bindings */
-		    gss_buffer_t,		/* input_token */
-		    gss_OID*,			/* actual_mech_type */
-		    gss_buffer_t,		/* output_token */
-		    OM_uint32*,			/* ret_flags */
-		    OM_uint32*			/* time_rec */
-		    );
-    OM_uint32       (*gss_accept_sec_context)
-	(
-		    OM_uint32*,			/* minor_status */
-		    gss_ctx_id_t*,		/* context_handle */
-		    gss_cred_id_t,		/* verifier_cred_handle */
-		    gss_buffer_t,		/* input_token_buffer */
-		    gss_channel_bindings_t,	/* input_chan_bindings */
-		    gss_name_t*,		/* src_name */
-		    gss_OID*,			/* mech_type */
-		    gss_buffer_t,		/* output_token */
-		    OM_uint32*,			/* ret_flags */
-		    OM_uint32*,			/* time_rec */
-		    gss_cred_id_t*		/* delegated_cred_handle */
-		    );
-    OM_uint32       (*gss_process_context_token)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t	/* token_buffer */
-		    );
-    OM_uint32       (*gss_delete_sec_context)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t*,	/* context_handle */
-		    gss_buffer_t	/* output_token */
-		    );
-    OM_uint32       (*gss_context_time)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    OM_uint32*		/* time_rec */
-		    );
-    OM_uint32       (*gss_get_mic)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_qop_t,		/* qop_req */
-		    gss_buffer_t,	/* message_buffer */
-		    gss_buffer_t	/* message_token */
-		    );
-    OM_uint32       (*gss_verify_mic)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t,	/* message_buffer */
-		    gss_buffer_t,	/* token_buffer */
-		    gss_qop_t*		/* qop_state */
-		    );
-    OM_uint32       (*gss_wrap)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    int,		/* conf_req_flag */
-		    gss_qop_t,		/* qop_req */
-		    gss_buffer_t,	/* input_message_buffer */
-		    int*,		/* conf_state */
-		    gss_buffer_t	/* output_message_buffer */
-		    );
-    OM_uint32       (*gss_unwrap)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t,	/* input_message_buffer */
-		    gss_buffer_t,	/* output_message_buffer */
-		    int*,		/* conf_state */
-		    gss_qop_t*		/* qop_state */
-		    );
-    OM_uint32       (*gss_display_status)
-	(
-		    OM_uint32*,		/* minor_status */
-		    OM_uint32,		/* status_value */
-		    int,		/* status_type */
-		    gss_OID,		/* mech_type */
-		    OM_uint32*,		/* message_context */
-		    gss_buffer_t	/* status_string */
-		    );
-    OM_uint32       (*gss_indicate_mechs)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_OID_set*	/* mech_set */
-		    );
-    OM_uint32       (*gss_compare_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* name1 */
-		    gss_name_t,		/* name2 */
-		    int*		/* name_equal */
-		    );
-    OM_uint32       (*gss_display_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* input_name */
-		    gss_buffer_t,	/* output_name_buffer */
-		    gss_OID*		/* output_name_type */
-		    );
-    OM_uint32       (*gss_import_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_buffer_t,	/* input_name_buffer */
-		    gss_OID,		/* input_name_type */
-		    gss_name_t*		/* output_name */
-		    );
-    OM_uint32       (*gss_release_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t*		/* input_name */
-		    );
-    OM_uint32       (*gss_inquire_cred)
-	(
-		    OM_uint32 *,		/* minor_status */
-		    gss_cred_id_t,		/* cred_handle */
-		    gss_name_t *,		/* name */
-		    OM_uint32 *,		/* lifetime */
-		    int *,			/* cred_usage */
-		    gss_OID_set *		/* mechanisms */
-		    );
-    OM_uint32	    (*gss_add_cred)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,	/* input_cred_handle */
-		    gss_name_t,		/* desired_name */
-		    gss_OID,		/* desired_mech */
-		    gss_cred_usage_t,	/* cred_usage */
-		    OM_uint32,		/* initiator_time_req */
-		    OM_uint32,		/* acceptor_time_req */
-		    gss_cred_id_t *,	/* output_cred_handle */
-		    gss_OID_set *,	/* actual_mechs */
-		    OM_uint32 *,	/* initiator_time_rec */
-		    OM_uint32 *		/* acceptor_time_rec */
-		    );
-    OM_uint32	    (*gss_export_sec_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t *,	/* context_handle */
-		    gss_buffer_t	/* interprocess_token */
-		    );
-    OM_uint32	    (*gss_import_sec_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_buffer_t,	/* interprocess_token */
-		    gss_ctx_id_t *	/* context_handle */
-		    );
-    OM_uint32 	    (*gss_inquire_cred_by_mech)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,	/* cred_handle */
-		    gss_OID,		/* mech_type */
-		    gss_name_t *,	/* name */
-		    OM_uint32 *,	/* initiator_lifetime */
-		    OM_uint32 *,	/* acceptor_lifetime */
-		    gss_cred_usage_t *	/* cred_usage */
-		    );
-    OM_uint32	    (*gss_inquire_names_for_mech)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_OID,		/* mechanism */
-		    gss_OID_set *	/* name_types */
-		    );
-    OM_uint32	(*gss_inquire_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_name_t *,	/* src_name */
-		    gss_name_t *,	/* targ_name */
-		    OM_uint32 *,	/* lifetime_rec */
-		    gss_OID *,		/* mech_type */
-		    OM_uint32 *,	/* ctx_flags */
-		    int *,	   	/* locally_initiated */
-		    int *		/* open */
-		    );
-    OM_uint32	    (*gss_internal_release_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_OID *		/* OID */
-	 );
-    OM_uint32	     (*gss_wrap_size_limit)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    int,		/* conf_req_flag */
-		    gss_qop_t,		/* qop_req */
-		    OM_uint32,		/* req_output_size */
-		    OM_uint32 *		/* max_input_size */
-	 );
-#if 0
-    int		     (*pname_to_uid)
-	(
-		    char *,		/* pname */
-		    gss_OID,		/* name type */
-		    gss_OID,		/* mech type */
-		    uid_t *		/* uid */
-		    );
-	OM_uint32		(*gssint_userok)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_name_t,	/* pname */
-		    const char *,	/* local user */
-		    int *		/* user ok? */
-	/* */);
-#endif
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32        (KRB5_CALLCONV *gss_localname)
-        (
-                    OM_uint32 *,        /* minor */
-                    const gss_name_t,   /* name */
-                    gss_const_OID,      /* mech_type */
-                    gss_buffer_t /* localname */
-            );
-        OM_uint32               (KRB5_CALLCONV *gssspi_authorize_localname)
-        (
-                    OM_uint32 *,        /* minor_status */
-                    const gss_name_t,   /* pname */
-                    gss_const_buffer_t, /* local user */
-                    gss_const_OID       /* local nametype */
-        /* */);
-
-#endif
-
-	OM_uint32		(*gss_export_name)
-	(
-		OM_uint32 *,		/* minor_status */
-		const gss_name_t,	/* input_name */
-		gss_buffer_t		/* exported_name */
-	/* */);
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32       (KRB5_CALLCONV *gss_duplicate_name)
-        (
-                    OM_uint32*,         /* minor_status */
-                    const gss_name_t,   /* input_name */
-                    gss_name_t *        /* output_name */
-        /* */);
-#endif
-
-	OM_uint32	(*gss_store_cred)
-	(
-		OM_uint32 *,		/* minor_status */
-		const gss_cred_id_t,	/* input_cred */
-		gss_cred_usage_t,	/* cred_usage */
-		const gss_OID,		/* desired_mech */
-		OM_uint32,		/* overwrite_cred */
-		OM_uint32,		/* default_cred */
-		gss_OID_set *,		/* elements_stored */
-		gss_cred_usage_t *	/* cred_usage_stored */
-	/* */);
-
-
-	/* GGF extensions */
-
-	OM_uint32       (*gss_inquire_sec_context_by_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_ctx_id_t, /* context_handle */
-		    const gss_OID,      /* OID */
-		    gss_buffer_set_t *  /* data_set */
-		    );
-	OM_uint32       (*gss_inquire_cred_by_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_cred_id_t, /* cred_handle */
-		    const gss_OID,      /* OID */
-		    gss_buffer_set_t *  /* data_set */
-		    );
-	OM_uint32       (*gss_set_sec_context_option)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t *,     /* context_handle */
-		    const gss_OID,      /* OID */
-		    const gss_buffer_t  /* value */
-		    );
-	OM_uint32       (*gssspi_set_cred_option)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,      /* cred_handle */
-		    const gss_OID,      /* OID */
-		    const gss_buffer_t	/* value */
-		    );
-	OM_uint32       (*gssspi_mech_invoke)
-	(
-		    OM_uint32*,		/* minor_status */
-		    const gss_OID, 	/* mech OID */
-		    const gss_OID,      /* OID */
-		    gss_buffer_t 	/* value */
-		    );
-
-	/* AEAD extensions */
-	OM_uint32	(*gss_wrap_aead)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag */
-	    gss_qop_t,			/* qop_req */
-	    gss_buffer_t,		/* input_assoc_buffer */
-	    gss_buffer_t,		/* input_payload_buffer */
-	    int *,			/* conf_state */
-	    gss_buffer_t		/* output_message_buffer */
-	/* */);
-
-	OM_uint32	(*gss_unwrap_aead)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    gss_buffer_t,		/* input_message_buffer */
-	    gss_buffer_t,		/* input_assoc_buffer */
-	    gss_buffer_t,		/* output_payload_buffer */
-	    int *,			/* conf_state */
-	    gss_qop_t *			/* qop_state */
-	/* */);
-
-	/* SSPI extensions */
-	OM_uint32	(*gss_wrap_iov)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag */
-	    gss_qop_t,			/* qop_req */
-	    int *,			/* conf_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32	(*gss_unwrap_iov)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int *,			/* conf_state */
-	    gss_qop_t *,		/* qop_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32	(*gss_wrap_iov_length)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag*/
-	    gss_qop_t, 			/* qop_req */
-	    int *, 			/* conf_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32       (*gss_complete_auth_token)
-	(
-		    OM_uint32*,		/* minor_status */
-		    const gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t	/* input_message_buffer */
-		    );
-
-	/* New for 1.8 */
-
-	OM_uint32	(*gss_acquire_cred_impersonate_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_cred_id_t,	/* impersonator_cred_handle */
-	    const gss_name_t,		/* desired_name */
-	    OM_uint32,			/* time_req */
-	    const gss_OID_set,		/* desired_mechs */
-	    gss_cred_usage_t,		/* cred_usage */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32	(*gss_add_cred_impersonate_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* input_cred_handle */
-	    const gss_cred_id_t,	/* impersonator_cred_handle */
-	    const gss_name_t,		/* desired_name */
-	    const gss_OID,		/* desired_mech */
-	    gss_cred_usage_t,		/* cred_usage */
-	    OM_uint32,			/* initiator_time_req */
-	    OM_uint32,			/* acceptor_time_req */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *,		/* initiator_time_rec */
-	    OM_uint32 *			/* acceptor_time_rec */
-	/* */);
-
-	OM_uint32	(*gss_display_name_ext)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_OID,			/* display_as_name_type */
-	    gss_buffer_t		/* display_name */
-	/* */);
-
-	OM_uint32	(*gss_inquire_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int *,			/* name_is_MN */
-	    gss_OID *,			/* MN_mech */
-	    gss_buffer_set_t *		/* attrs */
-	/* */);
-
-	OM_uint32	(*gss_get_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t,		/* attr */
-	    int *,			/* authenticated */
-	    int *,			/* complete */
-	    gss_buffer_t,		/* value */
-	    gss_buffer_t,		/* display_value */
-	    int *			/* more */
-	/* */);
-
-	OM_uint32	(*gss_set_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int,			/* complete */
-	    gss_buffer_t,		/* attr */
-	    gss_buffer_t		/* value */
-	/* */);
-
-	OM_uint32	(*gss_delete_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t		/* attr */
-	/* */);
-
-	OM_uint32	(*gss_export_name_composite)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t		/* exp_composite_name */
-	/* */);
-
-	OM_uint32	(*gss_map_name_to_any)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int,			/* authenticated */
-	    gss_buffer_t,		/* type_id */
-	    gss_any_t *			/* output */
-	/* */);
-
-	OM_uint32	(*gss_release_any_name_mapping)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t,		/* type_id */
-	    gss_any_t *			/* input */
-	/* */);
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32       (KRB5_CALLCONV *gss_pseudo_random)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context */
-            int,                        /* prf_key */
-            const gss_buffer_t,         /* prf_in */
-            ssize_t,                    /* desired_output_len */
-            gss_buffer_t                /* prf_out */
-        /* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_set_neg_mechs)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* cred_handle */
-	    const gss_OID_set		/* mech_set */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_saslname_for_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_OID,		/* desired_mech */
-	    gss_buffer_t,		/* sasl_mech_name */
-	    gss_buffer_t,		/* mech_name */
-	    gss_buffer_t		/* mech_description */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_mech_for_saslname)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_buffer_t,		/* sasl_mech_name */
-	    gss_OID *			/* mech_type */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_attrs_for_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_const_OID,		/* mech */
-	    gss_OID_set *,		/* mech_attrs */
-	    gss_OID_set *		/* known_mech_attrs */
-	/* */);
-
-	/* Credential store extensions */
-
-	OM_uint32       (KRB5_CALLCONV *gss_acquire_cred_from)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* desired_name */
-	    OM_uint32,			/* time_req */
-	    gss_OID_set,		/* desired_mechs */
-	    gss_cred_usage_t,		/* cred_usage */
-	    gss_const_key_value_set_t,	/* cred_store */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_store_cred_into)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* input_cred_handle */
-	    gss_cred_usage_t,		/* input_usage */
-	    gss_OID,			/* desired_mech */
-	    OM_uint32,			/* overwrite_cred */
-	    OM_uint32,			/* default_cred */
-	    gss_const_key_value_set_t,	/* cred_store */
-	    gss_OID_set *,		/* elements_stored */
-	    gss_cred_usage_t *		/* cred_usage_stored */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_acquire_cred_with_password)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_name_t,		/* desired_name */
-	    const gss_buffer_t,	 /* password */
-	    OM_uint32,			/* time_req */
-	    const gss_OID_set,		/* desired_mechs */
-	    int,			/* cred_usage */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_export_cred)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* cred_handle */
-	    gss_buffer_t		/* token */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_import_cred)
-	(
-		OM_uint32 *,		/* minor_status */
-		gss_buffer_t,		/* token */
-		gss_cred_id_t *		/* cred_handle */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* desired_mech */
-	    gss_buffer_t,		/* interprocess_token */
-	    gss_ctx_id_t *		/* context_handle */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_name_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* mech_type */
-	    gss_buffer_t,		/* input_name_buffer */
-	    gss_OID,			/* input_name_type */
-	    gss_name_t*			/* output_name */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_cred_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* mech_type */
-	    gss_buffer_t,		/* token */
-	    gss_cred_id_t *		/* cred_handle */
-	/* */);
-
-#ifdef _MIT_KRB5_1_12
-        /* get_mic_iov extensions, added in 1.12 */
-
-        OM_uint32       (KRB5_CALLCONV *gss_get_mic_iov)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t,                  /* qop_req */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-
-        OM_uint32       (KRB5_CALLCONV *gss_verify_mic_iov)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t *,                /* qop_state */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-
-        OM_uint32       (KRB5_CALLCONV *gss_get_mic_iov_length)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t,                  /* qop_req */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-#endif
-
-#endif
-
-
-} *GSS_MECH_PLUGIN_CONFIG;
-
-typedef struct gss_ctx_id_struct {
- struct gss_ctx_id_struct *loopback;
- gss_OID mech_type;
- gss_ctx_id_t internal_ctx_id;
-} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
-
-#endif
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_release_cred.c b/lwraft/gssapi-plugins/ntlm/ntlm_release_cred.c
deleted file mode 100644
index bb90097b4..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_release_cred.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "ntlm_util.h"
-
-OM_uint32
-ntlm_gss_release_cred(OM_uint32 *minor_status,
-            gss_cred_id_t *cred_handle)
-{
-    OM_uint32 status = 0;
-    OM_uint32 min = 0;
-    ntlm_gss_cred_id_t ntlm_cred = NULL;
-
-    dsyslog("Entering ntlm_gss_release_cred\n");
-
-    if (minor_status == NULL || cred_handle == NULL)
-    {
-        return (GSS_S_CALL_INACCESSIBLE_WRITE);
-    }
-
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL)
-    {
-        return (GSS_S_COMPLETE);
-    }
-
-    ntlm_cred = (ntlm_gss_cred_id_t) *cred_handle;
-    if (ntlm_cred->ntlm_mech_oid)
-    {
-        if (ntlm_cred->ntlm_mech_oid->elements)
-        {
-            free(ntlm_cred->ntlm_mech_oid->elements);
-        }
-        free(ntlm_cred->ntlm_mech_oid);
-    }
-    if (ntlm_cred->name)
-    {
-        gss_release_name(&min, &ntlm_cred->name);
-    }
-    if (ntlm_cred->password)
-    {
-        gss_release_buffer(&min, ntlm_cred->password);
-        free(ntlm_cred->password);
-    }
-
-    free(ntlm_cred);
-
-    *cred_handle = NULL;
-
-    dsyslog("Leaving ntlm_gss_release_cred\n");
-    return (status);
-}
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_unwrap_iov.c b/lwraft/gssapi-plugins/ntlm/ntlm_unwrap_iov.c
deleted file mode 100644
index 9a5053c70..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_unwrap_iov.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <openssl/aes.h>
-#include <errno.h>
-#include <string.h>
-#include "ntlm_util.h"
-#include "ntlm_encrypt.h"
-#include "ntlm_encrypt.h"
-
-#ifndef _NTLM_USE_TRIVIAL_ENCRYPTION
-
-OM_uint32
-ntlm_gss_unwrap_iov(OM_uint32 *minor_status,
-		      gss_ctx_id_t context_handle,
-		      int *conf_state,
-		      gss_qop_t *qop_state,
-		      gss_iov_buffer_desc *iov,
-		      int iov_count)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    ntlm_gss_ctx_id_t ntlm_context_handle = (ntlm_gss_ctx_id_t) context_handle;
-    unsigned char *in_encbuf = NULL;
-    unsigned char *out_encbuf = NULL;
-    int in_encbuf_len = 0;
-    int out_encbuf_len = 0;
-    int sealed = 1;
-
-    in_encbuf_len = (int) AES256PAD(iov[1].buffer.length);
-    if (in_encbuf_len != iov[1].buffer.length)
-    {
-        /* This may not work if the input buffer size isn't already aligned */
-        in_encbuf = calloc(in_encbuf_len, sizeof(unsigned char));
-        if (!in_encbuf)
-        {
-            min = ENOMEM;
-            goto error;
-        }
-        memcpy(in_encbuf, iov[1].buffer.value, iov[1].buffer.length);
-    }
-    else
-    {
-        in_encbuf = iov[1].buffer.value;
-    }
-
-    out_encbuf_len = in_encbuf_len;
-    out_encbuf = calloc(out_encbuf_len, sizeof(unsigned char));
-    if (!out_encbuf)
-    {
-        min = ENOMEM;
-        goto error;
-    }
-
-    AES_cbc_encrypt(in_encbuf,
-                    out_encbuf,
-                    in_encbuf_len,
-                    &ntlm_context_handle->aes_decrypt_key,
-                    ntlm_context_handle->aes_decrypt_iv,
-                    AES_DECRYPT);
-    memcpy(iov[1].buffer.value, out_encbuf, out_encbuf_len);
-    /*
-     * TBD: Decode iov[0] to determine if encrypted/cksummed;
-     * assume always encrypted.
-     */
-    *conf_state = sealed;
-
-error:
-    if (in_encbuf && in_encbuf != iov[1].buffer.value)
-    {
-        free(in_encbuf);
-    }
-    if (out_encbuf)
-    {
-        free(out_encbuf);
-    }
-    return min ? min : maj;
-}
-
-#else
-
-OM_uint32
-ntlm_gss_unwrap_iov(OM_uint32 *minor_status,
-		      gss_ctx_id_t context_handle,
-		      int *conf_state,
-		      gss_qop_t *qop_state,
-		      gss_iov_buffer_desc *iov,
-		      int iov_count)
-{
-    unsigned char *key = NULL;
-    int keylen = 0;
-    int sealed = 0;
-
-    /* TBD:Adam-How to determine the protection level? */
-    /* rpc_c_authn_level_pkt_privacy */
-    sealed = 1;
-
-    key = xor_get_encrypt_key(&keylen);
-    xor_encrypt(iov[1].buffer.value,
-                iov[1].buffer.length,
-                key,
-                keylen);
-    /*
-     * Decode iov[0] to determine if encrypted/cksummed;
-     * assume always encrypted.
-     */
-    *conf_state = sealed;
-
-    /* Nothing can fail in this implementation :) */
-    return 0;
-}
-
-#endif
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_util.c b/lwraft/gssapi-plugins/ntlm/ntlm_util.c
deleted file mode 100644
index 2f54db31a..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_util.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include "gssapiP_ntlm.h"
-#include "gssapi_ntlm.h"
-#include "gssapi_alloc.h"
-
-static char *g_debug_printf;
-static char g_debug_string[192];
-#ifdef _WIN32
-#define OUTPUT_DEBUG_LOG(str) OutputDebugStringA((char *) str)
-#else
-#include <syslog.h>
-#define OUTPUT_DEBUG_LOG(str) syslog(LOG_DEBUG, "%s", str)
-#endif
-
-static char *ntlm_getenv_debug(void)
-{
-    if (!g_debug_printf)
-    {
-        g_debug_printf = getenv("GSSAPI_NTLM_DEBUG");
-        if (!g_debug_printf)
-        {
-            return NULL;
-        }
-    }
-    return g_debug_printf;
-}
-
-int ntlm_debug_printf(char *fmt, ...)
-{
-    va_list print_args;
-    int ret_len = 0;
-
-    if (!ntlm_getenv_debug())
-    {
-        return 0;
-    }
-    va_start(print_args, fmt);
-    ret_len = vsnprintf(g_debug_string,
-                        sizeof(g_debug_string) - 1,
-                        fmt,
-                        print_args);
-    if (ret_len > 0)
-    {
-        OUTPUT_DEBUG_LOG(g_debug_string);
-    }
-    va_end(print_args);
-    return ret_len;
-}
-
-
-char *ntlm_bin_to_hex_str(const unsigned char *buf, int buf_len)
-{
-    char *hexstr = NULL;
-    unsigned int hex_hi = 0;
-    unsigned int hex_lo = 0;
-    static char hexchars[] = "0123456789abcdef";
-    int i = 0;
-    int j = 0;
-
-    hexstr = calloc(buf_len*2+1, sizeof(char));
-    if (buf)
-    {
-        for (i=0; i<buf_len; i++)
-        {
-            hex_hi = (0xf0 & buf[i]) >> 4;
-            hex_lo = (0x0f & buf[i]);
-            hexstr[j] = hexchars[hex_hi];
-            hexstr[j+1] = hexchars[hex_lo];
-            j += 2;
-        }
-        hexstr[j] = '\0';
-    }
-    return hexstr;
-}
-
-OM_uint32
-ntlm_gss_duplicate_oid(
-     OM_uint32 *minor_status,
-     gss_OID   input_oid,
-     gss_OID   *output_oid)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    gss_buffer_desc oid_str = {0};
-    gss_OID ret_oid = NULL;
-
-    maj = gss_oid_to_str(&min, input_oid, &oid_str);
-    if (maj)
-    {
-        goto error;
-    }
-
-    maj = gss_str_to_oid(&min, &oid_str, &ret_oid);
-    if (maj)
-    {
-        goto error;
-    }
-
-    *output_oid = ret_oid;
-    ret_oid = NULL;
-
-error:
-    if (maj)
-    {
-        *minor_status = min;
-    }
-
-    if (oid_str.value)
-    {
-        gss_release_buffer(&min, &oid_str);
-    }
-    return maj;
-}
-
-
-void ntlm_print_hex(const unsigned char *buf, int buf_len, const char *msg)
-{
-    char *hexstr = NULL;
-
-    if (!ntlm_getenv_debug())
-    {
-        return;
-    }
-
-    ntlm_debug_printf("======== ntlm_print_hex begin ========\n");
-    if (msg)
-    {
-        ntlm_debug_printf("%s\n", msg);
-    }
-    hexstr = ntlm_bin_to_hex_str(buf, buf_len);
-    ntlm_debug_printf("buffer len=%d\n", buf_len);
-    if (hexstr)
-    {
-        ntlm_debug_printf("%s\n", hexstr);
-        free(hexstr);
-    }
-    ntlm_debug_printf("\n");
-    ntlm_debug_printf("======== ntlm_print_hex end ==========\n\n");
-}
-
-
-/*
- * tag for APPLICATION 0, Sequence[constructed, definite length]
- * length of remainder of token
- * tag of OBJECT IDENTIFIER
- * length of mechanism OID
- * encoding of mechanism OID
- * <the rest of the token>
- *
- * Numerically, this looks like :
- *
- * 0x60
- * <length> - could be multiple bytes
- * 0x06
- * <length> - assume only one byte, hence OID length < 127
- * <mech OID bytes>
- *
- */
-OM_uint32
-ntlm_asn1_encode_mech_oid_token(
-    OM_uint32 *ret_minor,
-    gss_OID mech_oid,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    OM_uint32 asn1_mech_prefix_len = 4;
-    gss_buffer_desc asn1_oid = {0};
-    unsigned char *ptr = NULL;
-    int i = 0;
-
-    /* ASN.1 encoded NTLM OID value */
-    asn1_oid.length = mech_oid->length + asn1_mech_prefix_len;
-    asn1_oid.value = gssalloc_malloc(asn1_oid.length);
-    if (!asn1_oid.value)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* ASN.1 encode OID, State and length delimited display name string */
-    memset(asn1_oid.value, 0, sizeof(asn1_oid.length));
-
-    ptr = (unsigned char *) asn1_oid.value;
-    i = 0;
-
-    /* tag for APPLICATION 0, Sequence[constructed, definite length] */
-    ptr[i++] = 0x60;
-
-    /* length of remainder of token: OID tag(1) + OID len(1) */
-    ptr[i++] = mech_oid->length + 2;
-
-    /* ASN.1 Object Identifier tag */
-    ptr[i++] = 0x06;
-
-    /* Only works if value is < 127 bytes; GSS-NTLM mech oid is much <127 */
-    ptr[i++] = mech_oid->length;
-
-    /* Copy the actual pre-encoded ASN.1 GSS-OID into the asn1_oid buffer */
-    memcpy(&ptr[i], mech_oid->elements, mech_oid->length);
-
-    *output_token = asn1_oid;
-error:
-    if (major)
-    {
-        *ret_minor = minor;
-    }
-
-    return major;
-}
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_util.h b/lwraft/gssapi-plugins/ntlm/ntlm_util.h
deleted file mode 100644
index 3333e04c0..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_util.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _NTLM_UTIL_H
-#define _NTLM_UTIL_H
-
-#include "gssapiP_ntlm.h"
-#include "gssapi_ntlm.h"
-
-char *
-ntlm_bin_to_hex_str(
-    const unsigned char *buf,
-    int buf_len);
-
-OM_uint32
-ntlm_gss_duplicate_oid(
-     OM_uint32 *minor_status,
-     gss_OID   input_oid,
-     gss_OID   *output_oid);
-
-
-void 
-ntlm_print_hex(
-    const unsigned char *buf,
-    int buf_len,
-    const char *msg);
-
-OM_uint32
-ntlm_asn1_encode_mech_oid_token(
-    OM_uint32 *ret_minor,
-    gss_OID mech_oid,
-    gss_buffer_t output_token);
-
-int
-ntlm_debug_printf(char *fmt, ...);
-
-#endif
diff --git a/lwraft/gssapi-plugins/ntlm/ntlm_wrap_iov.c b/lwraft/gssapi-plugins/ntlm/ntlm_wrap_iov.c
deleted file mode 100644
index 726925b5f..000000000
--- a/lwraft/gssapi-plugins/ntlm/ntlm_wrap_iov.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-
-#include <string.h>
-#include <errno.h>
-#include "ntlm_util.h"
-#include "ntlm_encrypt.h"
-
-#ifndef _NTLM_USE_TRIVIAL_ENCRYPTION
-
-OM_uint32
-ntlm_gss_wrap_iov(OM_uint32 *minor_status,
-		    gss_ctx_id_t context_handle,
-		    int conf_req_flag,
-		    gss_qop_t qop_req,
-		    int *conf_state,
-		    gss_iov_buffer_desc *iov,
-		    int iov_count)
-{
-    OM_uint32 ret = 0;
-    OM_uint32 min = 0;
-    ntlm_gss_ctx_id_t ntlm_context_handle = (ntlm_gss_ctx_id_t) context_handle;
-    gss_buffer_desc asn1_mech_oid = {0};
-    unsigned char *iov0 = NULL;
-    int iov0_len = 0;
-    unsigned char *in_encbuf = NULL;
-    unsigned char *out_encbuf = NULL;
-    int in_encbuf_len = 0;
-    int out_encbuf_len = 0;
-
-    ret = ntlm_asn1_encode_mech_oid_token(
-              &min,
-              (gss_OID) gss_mech_ntlm_oid,
-              &asn1_mech_oid);
-    if (ret)
-    {
-        goto error;
-    }
-
-    /* Fixup iov[0] to have proper GSS/OID header */
-    iov0 = asn1_mech_oid.value;
-    iov0_len = (int) asn1_mech_oid.length;
-    if (iov[0].buffer.value)
-    {
-        /* Not sure this is safe to do */
-        free(iov[0].buffer.value);
-    }
-    iov[0].buffer.value = iov0;
-    iov[0].buffer.length = iov0_len;
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-
-    in_encbuf_len = (int) AES256PAD(iov[1].buffer.length);
-    if (in_encbuf_len != iov[1].buffer.length)
-    {
-        /* This may not work if the input buffer size isn't already aligned */
-        in_encbuf = calloc(in_encbuf_len, sizeof(unsigned char));
-        if (!in_encbuf)
-        {
-            min = ENOMEM;
-            goto error;
-        }
-        memcpy(in_encbuf, iov[1].buffer.value, iov[1].buffer.length);
-    }
-    else
-    {
-        in_encbuf = iov[1].buffer.value;
-    }
-
-    out_encbuf_len = in_encbuf_len;
-    out_encbuf = calloc(out_encbuf_len, sizeof(unsigned char));
-
-    AES_cbc_encrypt(in_encbuf,
-                    out_encbuf,
-                    in_encbuf_len,
-                    &ntlm_context_handle->aes_encrypt_key,
-                    ntlm_context_handle->aes_encrypt_iv,
-                    AES_ENCRYPT);
-    memcpy(iov[1].buffer.value, out_encbuf, out_encbuf_len);
-
-    /* TBD: Adam- Don't know the proper return value for this argument */
-    *conf_state = conf_req_flag;
-
-error:
-    if (in_encbuf && in_encbuf != iov[1].buffer.value)
-    {
-        free(in_encbuf);
-    }
-    if (out_encbuf)
-    {
-        free(out_encbuf);
-    }
-    return min ? min : ret;
-}
-
-#else
-
-OM_uint32
-ntlm_gss_wrap_iov(OM_uint32 *minor_status,
-		    gss_ctx_id_t context_handle,
-		    int conf_req_flag,
-		    gss_qop_t qop_req,
-		    int *conf_state,
-		    gss_iov_buffer_desc *iov,
-		    int iov_count)
-{
-    OM_uint32 ret = 0;
-    OM_uint32 min = 0;
-    unsigned char *iov0 = NULL;
-    int iov0_len = 0;
-    unsigned char *key = NULL;
-    int keylen = 0;
-    gss_buffer_desc asn1_mech_oid = {0};
-
-    ret = ntlm_asn1_encode_mech_oid_token(
-              &min,
-              (gss_OID) gss_mech_ntlm_oid,
-              &asn1_mech_oid);
-    if (ret)
-    {
-        goto error;
-    }
-
-    /* Fixup iov[0] to have proper GSS/OID header */
-    iov0 = asn1_mech_oid.value;
-    iov0_len = (int) asn1_mech_oid.length;
-    if (iov[0].buffer.value)
-    {
-        free(iov[0].buffer.value);
-    }
-    iov[0].buffer.value = iov0;
-    iov[0].buffer.length = iov0_len;
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-
-    key = xor_get_encrypt_key(&keylen);
-    xor_encrypt(iov[1].buffer.value,
-                iov[1].buffer.length,
-                key,
-                keylen);
-
-    /* TBD: Adam- Don't know the proper return value for this argument */
-    *conf_state = conf_req_flag;
-error:
-    return ret;
-
-}
-
-#endif
diff --git a/lwraft/gssapi-plugins/srp/Makefile.am b/lwraft/gssapi-plugins/srp/Makefile.am
deleted file mode 100644
index f5c39fd51..000000000
--- a/lwraft/gssapi-plugins/srp/Makefile.am
+++ /dev/null
@@ -1,46 +0,0 @@
-lib_LTLIBRARIES = libgssapi_srp.la
-
-libgssapi_srp_la_CPPFLAGS = \
-   -D_MIT_KRB5_1_11 \
-   -D_MIT_KRB5_1_12 \
-   -I. \
-   -I$(top_srcdir)/gssapi-plugins/srp \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir) \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-   -I$(top_builddir)/client \
-    @OPENSSL_INCLUDES@ \
-    @LW_INCLUDES@
-
-libgssapi_srp_la_SOURCES = \
-        gssapi_alloc.c \
-	srp_accept_sec_ctx.c \
-	srp_acquire_cred.c \
-	srp_release_cred.c \
-	srp_disp_name.c \
-	srp_encrypt.c \
-	srp_init_sec_ctx.c \
-	srp_del_sec_ctx.c \
-	srp_mech.c \
-	srp_mech_desc_srp10.c \
-	srp_wrap_iov.c \
-	srp_unwrap_iov.c \
-	srp_util.c \
-        srpregutils.c \
-        srpreg.c \
-        srprpc.c
-
-libgssapi_srp_la_LIBADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    $(top_builddir)/client/liblwraftclient_la-srp_verifier_cstub.lo \
-    @DCERPC_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@ \
-    @OPENSSL_LDFLAGS@ \
-    @PTHREAD_LIBS@
-
-libgssapi_srp_la_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/gssapi-plugins/srp/gssapiP_srp.h b/lwraft/gssapi-plugins/srp/gssapiP_srp.h
deleted file mode 100644
index b1dcdefdc..000000000
--- a/lwraft/gssapi-plugins/srp/gssapiP_srp.h
+++ /dev/null
@@ -1,597 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-/*
- *
- * Module: gssapiP_srp.h
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP private types declaration header file
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-
-#ifndef	_GSSAPIP_SRP_H_
-#define	_GSSAPIP_SRP_H_
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <pthread.h>
-#include "srp_mglueP.h"
-#include "gssapi_srp.h"
-
-#define xmalloc(m) calloc(1, (m))
-#define	SEC_CONTEXT_TOKEN 1
-#define	SRP_SIZE_OF_INT 4
-
-#define	ACCEPT_COMPLETE 0
-#define	ACCEPT_INCOMPLETE 1
-#define	REJECT 2
-#define REQUEST_MIC 3
-#define	ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL
-
-/*
- * constants for der encoding/decoding routines.
- */
-
-#define	MECH_OID		0x10
-#define	OCTET_STRING		0x04
-#define	CONTEXT			0xa0
-#define	SEQUENCE		0x30
-#define	SEQUENCE_OF		0x30
-#define	BIT_STRING		0x03
-#define	BIT_STRING_LENGTH	0x02
-#define	BIT_STRING_PADDING	0x01
-#define	ENUMERATED		0x0a
-#define	ENUMERATION_LENGTH	1
-#define	HEADER_ID		0x60
-#define GENERAL_STRING		0x1b
-
-/*
- * SRP specific error codes (minor status codes)
- */
-#define	ERR_SRP_NO_MECHS_AVAILABLE	0x20000001
-#define	ERR_SRP_NO_CREDS_ACQUIRED	0x20000002
-#define	ERR_SRP_NO_MECH_FROM_ACCEPTOR	0x20000003
-#define	ERR_SRP_NEGOTIATION_FAILED	0x20000004
-#define	ERR_SRP_NO_TOKEN_FROM_ACCEPTOR	0x20000005
-
-/*
- * send_token_flag is used to indicate in later steps what type
- * of token, if any should be sent or processed.
- * NO_TOKEN_SEND = no token should be sent
- * INIT_TOKEN_SEND = initial token will be sent
- * CONT_TOKEN_SEND = continuing tokens to be sent
- * CHECK_MIC = no token to be sent, but have a MIC to check.
- * ERROR_TOKEN_SEND = error token from peer needs to be sent.
- */
-
-#define SRP_AUTH_STATE_VALUE(e) ((int)(e & 0x7f))
-typedef	enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
-		CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
-
-/* SRP message tags. This range provides 62 usable values */
-typedef enum {
-    SRP_AUTH_INIT = 0x61,
-    SRP_AUTH_SALT_RESP,
-    SRP_AUTH_CLIENT_VALIDATE,
-    SRP_AUTH_SERVER_VALIDATE,
-    SRP_AUTH_COMPLETE,
-    SRP_AUTH_FAILED,
-} srp_auth_state;
-
-typedef void *srp_token_t;
-
-/* srp name structure for internal representation. */
-typedef struct {
-	gss_OID type;
-	gss_buffer_t buffer;
-	gss_OID	mech_type;
-	gss_name_t	mech_name;
-} srp_name_desc, *srp_name_t;
-
-
-typedef struct _srp_gss_cred_id_rec {
-    /* protect against simultaneous accesses */
-    pthread_mutex_t lock;
-
-    /* OID of this mechanism: SRP */
-    gss_OID srp_mech_oid;
-
-    /*
-     * This is really a UPN (name@DOMAIN.COM); Leverage k5
-     * import/export name to get a UPN string. "I" value where the
-     * SRP salt/validator parameters are stored in vmdir.
-     */
-    gss_name_t name;
-
-    /* Set with gssspi_set_cred_option(..., gss_cred_opt_password_oid_desc, ...) */
-    gss_buffer_t password;
-} srp_gss_cred_id_rec, *srp_gss_cred_id_t;
-
-/* Structure for context handle */
-typedef struct {
-	OM_uint32	  magic_num;
-	OM_uint32	  state;         /* state of authentication */
-	srp_gss_cred_id_t cred;          /* alias cred from acquire_cred */
-	int               mic_reqd;
-	int               mic_sent;
-	int               mic_rcvd;
-	int               firstpass;
-	OM_uint32         ctx_flags;
-	gss_name_t        internal_name; /* alias cred->name */
-	gss_OID           mech;          /* SRP mech OID */
-        struct SRPUser    *srp_usr;      /* Client SRP context handle */
-        struct SRPVerifier *srp_ver;     /* Server SRP context handle */
-        krb5_context      krb5_ctx;
-        krb5_keyblock     *keyblock;
-        AES_KEY           aes_encrypt_key;
-        AES_KEY           aes_decrypt_key;
-        unsigned char     aes_encrypt_iv[AES_BLOCK_SIZE];
-        unsigned char     aes_decrypt_iv[AES_BLOCK_SIZE];
-        HMAC_CTX          hmac_ctx;
-        char              *upn_name;     /* Kerberos UPN Name */
-        gss_name_t        gss_upn_name;  /* GSS UPN Name */
-        unsigned char     *srp_session_key;
-        int               srp_session_key_len;
-        void              *hServer;
-} srp_gss_ctx_id_rec, *srp_gss_ctx_id_t;
-
-
-/*
- * The magic number must be less than a standard pagesize
- * to avoid a possible collision with a real address.
- * 0xa76 = 1010 0101 0110 (binary)
- */
-#define	SRP_MAGIC_ID  0x00000a76
-
-#ifdef DEBUG
-#define	dsyslog(a)
-#else
-#define	dsyslog(a)
-#define	SRP_STATIC
-#endif	/* DEBUG */
-
-/*
- * declarations of internal name mechanism functions
- */
-
-/*
- * Would like to use official SRP mech OID. However, this will break backward
- * compatibility with existing SRP plugin. Continue to use the "made up" MIT
- * SRP mech OID for now.
- */
-OM_uint32 srp_gss_acquire_cred
-(
-	OM_uint32 *,		/* minor_status */
-	gss_name_t,		/* desired_name */
-	OM_uint32,		/* time_req */
-	gss_OID_set,		/* desired_mechs */
-	gss_cred_usage_t,	/* cred_usage */
-	gss_cred_id_t *,	/* output_cred_handle */
-	gss_OID_set *,		/* actual_mechs */
-	OM_uint32 *		/* time_rec */
-);
-
-
-
-OM_uint32 srp_gss_release_cred
-(
-	OM_uint32 *,		/* minor_status */
-	/* CSTYLED */
-	gss_cred_id_t	*	/* cred_handle */
-);
-
-OM_uint32 srp_gss_init_sec_context
-(
-	OM_uint32 *,		/* minor_status */
-	gss_cred_id_t,		/* claimant_cred_handle */
-	gss_ctx_id_t *,		/* context_handle */
-	gss_name_t,		/* target_name */
-	gss_OID,		/* mech_type */
-	OM_uint32,		/* req_flags */
-	OM_uint32,		/* time_req */
-	gss_channel_bindings_t, /* input_chan_bindings */
-	gss_buffer_t,		/* input_token */
-	gss_OID *,		/* actual_mech_type */
-	gss_buffer_t,		/* output_token */
-	OM_uint32 *,		/* ret_flags */
-	OM_uint32 *		/* time_rec */
-);
-
-#ifndef LEAN_CLIENT
-OM_uint32 srp_gss_accept_sec_context
-(
-	OM_uint32 *,		/* minor_status */
-	gss_ctx_id_t *,		/* context_handle */
-	gss_cred_id_t,		/* verifier_cred_handle */
-	gss_buffer_t,		/* input_token_buffer */
-	gss_channel_bindings_t, /* input_chan_bindings */
-	gss_name_t *,		/* src_name */
-	gss_OID *,		/* mech_type */
-	gss_buffer_t,		/* output_token */
-	OM_uint32 *,		/* ret_flags */
-	OM_uint32 *,		/* time_rec */
-	/* CSTYLED */
-	gss_cred_id_t *		/* delegated_cred_handle */
-);
-
-#endif /* LEAN_CLIENT */
-
-OM_uint32 srp_gss_compare_name
-(
-	OM_uint32 *,		/* minor_status */
-	const gss_name_t,	/* name1 */
-	const gss_name_t,	/* name2 */
-	int *			/* name_equal */
-);
-
-OM_uint32 srp_gss_display_name
-(
-	OM_uint32 *,		/* minor_status */
-	gss_name_t,		/*  input_name */
-	gss_buffer_t,		/*  output_name_buffer */
-	gss_OID *		/* output_name_type */
-);
-
-OM_uint32 srp_gss_display_status
-(
-	OM_uint32 *,		/* minor_status */
-	OM_uint32,		/* status_value */
-	int,			/* status_type */
-	gss_OID,		/* mech_type */
-	OM_uint32 *,		/* message_context */
-	gss_buffer_t		/* status_string */
-);
-
-OM_uint32 srp_gss_import_name
-(
-	OM_uint32 *,		/* minor_status */
-	gss_buffer_t,		/* input_name_buffer */
-	gss_OID,		/* input_name_type */
-	/* CSTYLED */
-	gss_name_t *		/* output_name */
-);
-
-OM_uint32 srp_gss_release_name
-(
-	OM_uint32 *,		/* minor_status */
-	/* CSTYLED */
-	gss_name_t *		/* input_name */
-);
-
-OM_uint32 srp_gss_inquire_cred
-(
-	OM_uint32 *,		/* minor_status */
-	gss_cred_id_t,		/* cred_handle */
-	gss_name_t *,		/* name */
-	OM_uint32 *,		/* lifetime */
-	int *,			/* cred_usage */
-	gss_OID_set *		/* mechanisms */
-);
-
-OM_uint32 srp_gss_inquire_names_for_mech
-(
-	OM_uint32 *,		/* minor_status */
-	gss_OID,		/* mechanism */
-	gss_OID_set *		/* name_types */
-);
-
-OM_uint32 srp_gss_unwrap
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer,
-	gss_buffer_t output_message_buffer,
-	int *conf_state,
-	gss_qop_t *qop_state
-);
-
-OM_uint32 srp_gss_wrap
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	gss_buffer_t input_message_buffer,
-	int *conf_state,
-	gss_buffer_t output_message_buffer
-);
-
-OM_uint32 srp_gss_process_context_token
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-);
-
-OM_uint32 srp_gss_delete_sec_context
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t *context_handle,
-	gss_buffer_t output_token
-);
-
-OM_uint32 srp_gss_context_time
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	OM_uint32	*time_rec
-);
-#ifndef LEAN_CLIENT
-OM_uint32 srp_gss_export_sec_context
-(
-	OM_uint32	*minor_status,
-	gss_ctx_id_t	*context_handle,
-	gss_buffer_t	interprocess_token
-);
-
-OM_uint32 srp_gss_import_sec_context
-(
-	OM_uint32		*minor_status,
-	const gss_buffer_t	interprocess_token,
-	gss_ctx_id_t		*context_handle
-);
-#endif /* LEAN_CLIENT */
-
-OM_uint32 srp_gss_inquire_context
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_name_t	*src_name,
-	gss_name_t	*targ_name,
-	OM_uint32	*lifetime_rec,
-	gss_OID		*mech_type,
-	OM_uint32	*ctx_flags,
-	int		*locally_initiated,
-	int		*opened
-);
-
-OM_uint32 srp_gss_wrap_size_limit
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	int		conf_req_flag,
-	gss_qop_t	qop_req,
-	OM_uint32	req_output_size,
-	OM_uint32	*max_input_size
-);
-
-OM_uint32 srp_gss_get_mic
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_qop_t qop_req,
-	const gss_buffer_t message_buffer,
-	gss_buffer_t message_token
-);
-
-OM_uint32 srp_gss_verify_mic
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t msg_buffer,
-	const gss_buffer_t token_buffer,
-	gss_qop_t *qop_state
-);
-
-OM_uint32
-srp_gss_inquire_sec_context_by_oid
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_OID desired_object,
-	gss_buffer_set_t *data_set
-);
-
-OM_uint32
-srp_gss_inquire_cred_by_oid
-(
-	OM_uint32 *minor_status,
-	const gss_cred_id_t cred_handle,
-	const gss_OID desired_object,
-	gss_buffer_set_t *data_set
-);
-
-OM_uint32
-srp_gss_set_sec_context_option
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t *context_handle,
-	const gss_OID desired_object,
-	const gss_buffer_t value
-);
-
-OM_uint32
-srp_gssspi_set_cred_option
-(
-	OM_uint32 *minor_status,
-        gss_cred_id_t cred_handle,
-        const gss_OID desired_object,
-        const gss_buffer_t value
-);
-
-#ifdef _GSS_STATIC_LINK
-int gss_srpint_lib_init(void);
-void gss_srpint_lib_fini(void);
-#else
-GSS_MECH_PLUGIN_CONFIG gss_mech_initialize(void);
-#endif /* _GSS_STATIC_LINK */
-
-OM_uint32 srp_gss_wrap_aead
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	gss_buffer_t input_assoc_buffer,
-	gss_buffer_t input_payload_buffer,
-	int *conf_state,
-	gss_buffer_t output_message_buffer
-);
-
-OM_uint32 srp_gss_unwrap_aead
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer,
-	gss_buffer_t input_assoc_buffer,
-	gss_buffer_t output_payload_buffer,
-	int *conf_state,
-	gss_qop_t *qop_state
-);
-
-OM_uint32 srp_gss_wrap_iov
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	int *conf_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32 srp_gss_unwrap_iov
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int *conf_state,
-	gss_qop_t *qop_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32 srp_gss_wrap_iov_length
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	int *conf_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32
-srp_gss_complete_auth_token
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer
-);
-
-OM_uint32
-srp_gss_acquire_cred_impersonate_name(
-    OM_uint32 *,	    /* minor_status */
-    const gss_cred_id_t,    /* impersonator_cred_handle */
-    const gss_name_t,	    /* desired_name */
-    OM_uint32,		    /* time_req */
-    const gss_OID_set,	    /* desired_mechs */
-    gss_cred_usage_t,	    /* cred_usage */
-    gss_cred_id_t *,	    /* output_cred_handle */
-    gss_OID_set *,	    /* actual_mechs */
-    OM_uint32 *);	    /* time_rec */
-
-OM_uint32
-srp_gss_display_name_ext
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_OID display_as_name_type,
-	gss_buffer_t display_name
-);
-
-OM_uint32
-srp_gss_inquire_name
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int *name_is_MN,
-	gss_OID *MN_mech,
-	gss_buffer_set_t *attrs
-);
-
-OM_uint32
-srp_gss_get_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t attr,
-	int *authenticated,
-	int *complete,
-	gss_buffer_t value,
-	gss_buffer_t display_value,
-	int *more
-);
-
-OM_uint32
-srp_gss_set_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int complete,
-	gss_buffer_t attr,
-	gss_buffer_t value
-);
-
-OM_uint32
-srp_gss_delete_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t attr
-);
-
-OM_uint32
-srp_gss_export_name_composite
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t exp_composite_name
-);
-
-OM_uint32
-srp_gss_map_name_to_any
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int authenticated,
-	gss_buffer_t type_id,
-	gss_any_t *output
-);
-
-OM_uint32
-srp_gss_release_any_name_mapping
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t type_id,
-	gss_any_t *input
-);
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif /* _GSSAPIP_SRP_H_ */
diff --git a/lwraft/gssapi-plugins/srp/gssapi_alloc.c b/lwraft/gssapi-plugins/srp/gssapi_alloc.c
deleted file mode 100644
index 0810e4d99..000000000
--- a/lwraft/gssapi-plugins/srp/gssapi_alloc.c
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef _WIN32
-#include <stdlib.h>
-#endif
-
-/* _GSSAPI_ALLOC_C: Includes C sources for this module */
-#define _GSSAPI_ALLOC_C
-#include "gssapi_alloc.h"
diff --git a/lwraft/gssapi-plugins/srp/gssapi_alloc.h b/lwraft/gssapi-plugins/srp/gssapi_alloc.h
deleted file mode 100644
index dde021fc8..000000000
--- a/lwraft/gssapi-plugins/srp/gssapi_alloc.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* To the extent possible under law, Painless Security, LLC has waived
- * all copyright and related or neighboring rights to GSS-API Memory
- * Management Header. This work is published from: United States.
- */
-
-#ifndef GSSAPI_ALLOC_H
-#define GSSAPI_ALLOC_H
-
-#ifdef _WIN32
-#include <Windows.h>
-#endif
-
-#include <string.h>
-#include <stdio.h>
-
-
-#ifdef _USE_STATIC_INLINE
-#define STATIC_INLINE_DEF static inline
-#else
-#define STATIC_INLINE_DEF
-#endif
-
-/* Prototypes */
-
-STATIC_INLINE_DEF void gssalloc_free(void *value);
-STATIC_INLINE_DEF void *gssalloc_malloc(size_t size);
-STATIC_INLINE_DEF void *gssalloc_calloc(size_t count, size_t size);
-STATIC_INLINE_DEF void *gssalloc_realloc(void *value, size_t size);
-STATIC_INLINE_DEF char *gssalloc_strdup(const char *str);
-
-#ifdef _GSSAPI_ALLOC_C
-#if defined(_WIN32)
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    if (value)
-        HeapFree(GetProcessHeap(), 0, value);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    void *value = HeapAlloc(GetProcessHeap(), 0, size);
-    
-    return value;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    void *value = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * size);
-
-    return value;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    void *rvalue = HeapReAlloc(GetProcessHeap(), 0, value, size);
-
-    return rvalue;
-}
-
-#elif defined(DEBUG_GSSALLOC)
-
-/* Be deliberately incompatible with malloc and free, to allow us to detect
- * mismatched malloc/gssalloc usage on Unix. */
-
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    char *p = (char *)value - 8;
-
-    if (value == NULL)
-        return;
-    if (memcmp(p, "gssalloc", 8) != 0)
-        abort();
-    free(p);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    char *p = calloc(size + 8, 1);
-
-    memcpy(p, "gssalloc", 8);
-    return p + 8;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    return gssalloc_malloc(count * size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    char *p = (char *)value - 8;
-
-    if (value == NULL)
-        return gssalloc_malloc(size);
-    if (memcmp(p, "gssalloc", 8) != 0)
-        abort();
-    return (char *)realloc(p, size) + 8;
-}
-
-#else /* not _WIN32 or DEBUG_GSSALLOC */
-
-/* Normal Unix case, just use free/malloc/calloc/realloc. */
-
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    free(value);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    return malloc(size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    return calloc(count, size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    return realloc(value, size);
-}
-
-#endif /* not _WIN32 or DEBUG_GSSALLOC */
-
-STATIC_INLINE_DEF char *
-gssalloc_strdup(const char *str)
-{
-    size_t size = strlen(str)+1;
-    char *copy = gssalloc_malloc(size);
-    if (copy) {
-        memcpy(copy, str, size);
-        copy[size-1] = '\0';
-    }
-    return copy;
-}
-#endif /* _GSSAPI_ALLOC_C */
-#endif
diff --git a/lwraft/gssapi-plugins/srp/gssapi_srp.h b/lwraft/gssapi-plugins/srp/gssapi_srp.h
deleted file mode 100644
index 83099c744..000000000
--- a/lwraft/gssapi-plugins/srp/gssapi_srp.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/* This is the gssapi_srp.h prologue. */
-
-#include <stdint.h>
-/* End of gssapi_krb5.h prologue. */
-/* -*- mode: c; indent-tabs-mode: nil -*- */
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-/*
- *
- * Module: gssapi_srp.h
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP public header file
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-
-#ifndef _GSSAPI_SRP_H_
-#define _GSSAPI_SRP_H_
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-#include <krb5.h>
-
-/* C++ friendlyness */
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
-
-/* 2.1.1. Kerberos Principal Name Form: */
-GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-
-/* 2.1.2. Host-Based Service Name Form */
-#define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The previously recommended symbolic
- * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME".  The
- * currently preferred symbolic name for this type is
- * "GSS_C_NT_HOSTBASED_SERVICE". */
-
-/* 2.2.1. User Name Form */
-#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1)}.  The recommended symbolic name for this
- * type is "GSS_KRB5_NT_USER_NAME". */
-
-/* 2.2.2. Machine UID Form */
-#define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */
-
-/* 2.2.3. String UID Form */
-#define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME". */
-
-/* SRP Mechs */
-extern const gss_OID_desc * const gss_mech_srp_oid;
-extern const gss_OID_desc * const gss_mech_gssapi_srp_oid;
-extern const gss_OID_desc * const gss_nt_srp_name_oid;
-extern const gss_OID_desc * const gss_srp_password_oid;
-
-/* SRP Mech sets */
-extern const gss_OID_set_desc * const gss_mech_set_srp;
-
-
-/* "Made up" SRP mech OID */
-#define GSS_SRP_MECH_OID_ST               (gss_mech_srp_oid->elements)
-#define GSS_SRP_MECH_OID_LEN_ST           (gss_mech_srp_oid->length)
-
-/* Officially allocated GSSAPI_SRP mech OID */
-#define GSSAPI_SRP_MECH_OID_ST            (gss_mech_gssapi_srp_oid->elements)
-#define GSSAPI_SRP_MECH_OID_LEN_ST        (gss_mech_gssapi_srp_oid->length)
-
-#define GSS_SRP_NT_GENERAL_NAME_ST        gss_nt_srp_name_oid
-#define GSS_SRP_NT_GENERAL_NAME_LEN_ST    10
-
-/* "Made up" password OID; stolen from Likewise NTLM */
-#define GSS_CRED_OPT_PW_ST              (gss_srp_password_oid->elements)
-#define GSS_CRED_OPT_PW_LEN_ST          (gss_srp_password_oid->length)
-
-/* Officially allocated GSSAPI_SRP set cred option OID */
-#define GSSAPI_SRP_CRED_OPT_PW_ST         (gss_srp_cred_opt_pw_oid->elements)
-#define GSSAPI_SRP_CRED_OPT_PW_LEN_ST     (gss_srp_cred_opt_pw_oid->length)
-
-#if 0
-#define gss_srp_nt_principal           gss_nt_srp_principal
-#define gss_srp_nt_service_name        gss_nt_service_name
-#define gss_srp_nt_user_name           gss_nt_user_name
-#define gss_srp_nt_machine_uid_name    gss_nt_machine_uid_name
-#define gss_srp_nt_string_uid_name     gss_nt_string_uid_name
-#endif
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* _GSSAPI_SRP_H_ */
diff --git a/lwraft/gssapi-plugins/srp/includes.h b/lwraft/gssapi-plugins/srp/includes.h
deleted file mode 100644
index edc8bf3ca..000000000
--- a/lwraft/gssapi-plugins/srp/includes.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifndef _WIN32
-#include <lw/types.h>
-#include <reg/lwreg.h>
-#include <reg/regutil.h>
-#else
-#include <Windows.h>
-#define snprintf _snprintf
-#endif
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdirclient.h>
-
-#include "srpregutils.h"
-#include "srpreg.h"
diff --git a/lwraft/gssapi-plugins/srp/srp_accept_sec_ctx.c b/lwraft/gssapi-plugins/srp/srp_accept_sec_ctx.c
deleted file mode 100644
index b18e007b0..000000000
--- a/lwraft/gssapi-plugins/srp/srp_accept_sec_ctx.c
+++ /dev/null
@@ -1,1076 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <krb5.h>
-#include "gssapiP_srp.h"
-#include "gssapi_srp.h"
-#include "gssapi_alloc.h"
-#include "srp_util.h"
-#include <lber.h>
-
-#include <vmdirdefines.h>
-#include "includes.h"
-#include "srprpc.h"
-#include <client/structs.h>
-
-#include <config.h>
-
-#ifdef _WIN32
-
-#include <Winsock2.h>
-#ifndef snprintf
-#define snprintf _snprintf
-
-#endif
-#else /* Linux */
-
-#include <arpa/inet.h>
-
-#endif
-
-/*
- * Win32/Likewise data types defined here, vs pulling in
- * Likewise headers, which pulls in undesired library dependencies.
- */
-#include <errno.h>
-#ifndef DWORD
-#define DWORD unsigned int
-#endif
-#ifndef PBYTE
-#define PBYTE unsigned char *
-#endif
-#ifndef PSTR
-#define PSTR char *
-#endif
-#ifndef PCSTR
-#define PCSTR const char *
-#endif
-
-#include <sasl/sasl.h>
-#include <sasl/saslutil.h>
-#include <csrp/srp.h>
-#include <dce/rpc.h>
-#include "srp_encrypt.h"
-
-ULONG
-VmDirCreateBindingHandleAuthA(
-    PCSTR     pszNetworkAddress,
-    PCSTR     pszNetworkEndpoint,
-    PCSTR     pszUserName,
-    PCSTR     pszDomain,
-    PCSTR     pszPassword,
-    handle_t  *ppBinding);
-
-static
-OM_uint32
-srp_gss_validate_oid_header(
-    OM_uint32 *minor_status,
-    gss_buffer_t in_tok,
-    int *object_len)
-{
-    unsigned char *ptr = NULL;
-    OM_uint32 maj = 0;
-    int len = 0;
-    int oid_len = 0;
-    int enc_token_len = 0;
-    int token_len = 0;
-
-    *minor_status = 0;
-    if (!in_tok || in_tok->length == 0 || !in_tok->value)
-    {
-        maj = GSS_S_NO_CONTEXT;
-        goto error;
-    }
-
-    /*
-     * tag for APPLICATION 0, Sequence[constructed, definite length]
-     * length of remainder of token
-     * tag of OBJECT IDENTIFIER
-     * length of mechanism OID
-     * encoding of mechanism OID
-     * <the rest of the token>
-     *
-     * Numerically, this looks like :
-     *
-     * 0x60
-     * <length> - could be multiple bytes
-     * 0x06
-     * <length> - assume only one byte, hence OID length < 127
-     * <mech OID bytes>
-     *
-     */
-    ptr = in_tok->value;
-    len = (int) in_tok->length;
-    if (*ptr != 0x60)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    len--, ptr++;
-
-    enc_token_len = (int) *ptr;
-    token_len = 0;
-    len--, ptr++;
-
-    if (*ptr != 0x06)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    len--, ptr++;
-    token_len++;
-
-    if (len == 0)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    oid_len = *ptr;
-    len--, ptr++;
-    token_len++;
-
-    if (len < oid_len ||
-        (len < (int) GSS_SRP_MECH_OID_LEN_ST) ||
-        (len < (int) GSSAPI_SRP_MECH_OID_LEN_ST))
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-
-    if ((oid_len != GSS_SRP_MECH_OID_LEN_ST && oid_len != GSSAPI_SRP_MECH_OID_LEN_ST) ||
-        (memcmp(ptr, GSS_SRP_MECH_OID_ST, oid_len) != 0 &&
-         memcmp(ptr, GSSAPI_SRP_MECH_OID_ST, oid_len) != 0))
-    {
-        maj = GSS_S_BAD_MECH;
-        goto error;
-    }
-    token_len += oid_len;
-
-    if (token_len != enc_token_len)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-
-    len -= oid_len, ptr += oid_len;
-
-    *object_len = (int) (ptr - (unsigned char *) in_tok->value);
-error:
-    return maj;
-}
-
-static
-OM_uint32
-_srp_gss_auth_create_machine_acct_binding(
-    OM_uint32 *minor_status,
-    PVMDIR_SERVER_CONTEXT *hRetServer)
-{
-    DWORD dwError = 0;
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int domainState = 0;
-    char *machine_acct_upn = NULL;
-    char *machine_acct_pwd = NULL;
-    char *hostname = NULL;
-    void *hRegistry = NULL;
-    PVMDIR_SERVER_CONTEXT hServer = NULL;
-
-    dwError = srp_reg_get_handle((void **) &hRegistry);
-    if (dwError)
-    {
-        maj = GSS_S_FAILURE;
-        min = dwError;
-        goto error;
-    }
-
-    /* Determine if this system is a management node */
-    dwError = srp_reg_get_domain_state(hRegistry, &domainState);
-    if (dwError)
-    {
-        domainState = 1;
-    }
-
-    /* Value "2" is a management node: Perform SRP pass-through */
-    if (domainState == 2)
-    {
-        dwError = srp_reg_get_machine_acct_upn(
-                      hRegistry,
-                      &machine_acct_upn);
-        if (dwError)
-        {
-            maj = GSS_S_FAILURE;
-            min = dwError;
-            goto error;
-        }
-
-        dwError = srp_reg_get_machine_acct_password(
-                      hRegistry,
-                      &machine_acct_pwd);
-        if (dwError)
-        {
-            maj = GSS_S_FAILURE;
-            min = dwError;
-            goto error;
-        }
-
-        dwError = srp_reg_get_dc_name(
-                      hRegistry,
-                      &hostname);
-        if (dwError)
-        {
-            maj = GSS_S_FAILURE;
-            min = dwError;
-            goto error;
-        }
-    }
-
-
-    /*
-     * This will create a remote binding handle when credentials are
-     * provided, or if local, will use ncalrpc.
-     */
-    dwError = VmDirOpenServerA(
-                  hostname,
-                  machine_acct_upn, /* UPN doesn't need domain name */
-                  NULL,
-                  machine_acct_pwd,
-                  0,
-                  NULL,
-                  &hServer);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *hRetServer = hServer;
-
-error:
-    if (machine_acct_upn)
-    {
-        free(machine_acct_upn);
-    }
-    if (machine_acct_pwd)
-    {
-        free(machine_acct_pwd);
-    }
-    if (hostname)
-    {
-        free(hostname);
-    }
-    if (hRegistry)
-    {
-        srp_reg_close_handle(hRegistry);
-    }
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    return maj;
-}
-
-static
-OM_uint32
-_srp_gss_auth_init(
-    OM_uint32 *minor_status,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    ber_tag_t ber_state = 0;
-    struct berval ber_ctx = {0};
-    struct berval *ber_upn = NULL;
-    struct berval *ber_bytes_A = NULL;
-    struct berval ber_salt = {0};
-    struct berval ber_mda = {0};
-    struct berval ber_B = {0};
-    struct berval *flatten = NULL;
-    BerElement *ber = NULL;
-    BerElement *ber_resp = NULL;
-    int berror = 0;
-    int sts = 0;
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    OM_uint32 min_tmp = 0;
-    gss_buffer_desc tmp_in_tok = {0};
-    gss_buffer_desc disp_name_buf = {0};
-    gss_buffer_t disp_name = NULL;
-    gss_OID disp_name_OID = NULL;
-    char *srp_upn_name = NULL;
-    int srp_decode_mda_len = 0;
-    int srp_decode_salt_len = 0;
-    const unsigned char *srp_mda = NULL;
-    const unsigned char *srp_salt = NULL;
-    SRP_HashAlgorithm hash_alg = SRP_SHA1;
-    SRP_NGType ng_type = SRP_NG_2048;
-    struct SRPVerifier *ver = NULL;
-    const unsigned char *srp_bytes_B = NULL;
-    int srp_bytes_B_len = 0;
-    const unsigned char *srp_session_key = NULL;
-    unsigned char *ret_srp_session_key = NULL;
-    int srp_session_key_len = 0;
-    ber_int_t gss_srp_version_maj = 0;
-    ber_int_t gss_srp_version_min = 0;
-    PVMDIR_SERVER_CONTEXT hServer = NULL;
-    srp_verifier_handle_t hSrp = NULL; /* aliased / cast to "ver" variable */
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_srp_gss_auth_init(): state=SRP_AUTH_INIT\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{ii",
-                       &ber_state, &gss_srp_version_maj, &gss_srp_version_min);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    berror = ber_scanf(ber, "OO}", &ber_upn, &ber_bytes_A);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_srp_gss_auth_init(accept_sec_context): protocol version %d.%d\n",
-                     gss_srp_version_maj, gss_srp_version_min);
-    srp_print_hex(ber_bytes_A->bv_val,
-                  (int) ber_bytes_A->bv_len,
-                  "_srp_gss_auth_init(accept_sec_context): bytes_A");
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    tmp_in_tok.value = ber_upn->bv_val;
-    tmp_in_tok.length = ber_upn->bv_len;
-    maj = gss_import_name(&min,
-                          &tmp_in_tok,
-                          NULL,
-                          &srp_context_handle->gss_upn_name);
-    if (maj)
-    {
-        goto error;
-    }
-
-    maj = gss_display_name(&min,
-                           srp_context_handle->gss_upn_name,
-                           &disp_name_buf,
-                           &disp_name_OID);
-    if (maj)
-    {
-        goto error;
-    }
-
-    disp_name = &disp_name_buf;
-    srp_debug_printf("srp_gss_accept_sec_context: UPN name=%.*s\n",
-                     (int) disp_name_buf.length, (char *) disp_name_buf.value);
-
-    srp_upn_name = calloc(disp_name_buf.length + 1, sizeof(char));
-    if (!srp_upn_name)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    snprintf(srp_upn_name,
-             disp_name_buf.length+1,
-             "%.*s",
-             (int) disp_name_buf.length,
-             (char *) disp_name_buf.value);
-
-
-    maj = _srp_gss_auth_create_machine_acct_binding(
-              &min,
-              &hServer);
-    if (maj)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    sts = cli_rpc_srp_verifier_new(
-            hServer ? hServer->hBinding : NULL,
-            hash_alg,
-            ng_type,
-            srp_upn_name,
-            ber_bytes_A->bv_val, (int) ber_bytes_A->bv_len,
-            &srp_bytes_B, &srp_bytes_B_len,
-            &srp_salt, &srp_decode_salt_len,
-            &srp_mda, &srp_decode_mda_len,
-            NULL, NULL, /* n_hex, g_hex */
-            &hSrp);
-    if (sts)
-    {
-        maj = GSS_S_FAILURE;
-        min = sts;
-        goto error;
-    }
-    ver = (struct SRPVerifier *) hSrp, hSrp = NULL;
-
-    if (!srp_bytes_B)
-    {
-        srp_debug_printf("srp_verifier_new: failed!\n");
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(srp_salt, srp_decode_salt_len,
-                  "_srp_gss_auth_init(accept_sec_context): srp_salt value");
-    srp_print_hex(srp_bytes_B, srp_bytes_B_len,
-                  "_srp_gss_auth_init(accept_sec_context): srp_B value");
-    ber_mda.bv_val = (unsigned char *) srp_mda;
-    ber_mda.bv_len = srp_decode_mda_len;
-
-    ber_salt.bv_val = (unsigned char *) srp_salt;
-    ber_salt.bv_len = srp_decode_salt_len;
-    /*
-     * B is computed: (kv + g**b) % N
-     */
-    ber_B.bv_val = (void *) srp_bytes_B;
-    ber_B.bv_len = srp_bytes_B_len;
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-
-    /*
-     * Response format:
-     * tag | MDA | salt | B
-     */
-    berror = ber_printf(ber_resp, "t{OOO}",
-                 SRP_AUTH_SALT_RESP,
-                 &ber_mda,
-                 &ber_salt,
-                 &ber_B);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-    sts = cli_rpc_srp_verifier_get_session_key(
-        hServer ? hServer->hBinding : NULL,
-        ver,
-        &srp_session_key,
-        &srp_session_key_len);
-    if (sts)
-    {
-        min = sts;
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (srp_session_key && srp_session_key_len > 0)
-    {
-        ret_srp_session_key =
-            calloc(srp_session_key_len, sizeof(unsigned char));
-        if (!ret_srp_session_key)
-        {
-            maj = GSS_S_FAILURE;
-            min = ENOMEM;
-            goto error;
-        }
-    }
-    memcpy(ret_srp_session_key,
-           srp_session_key,
-           srp_session_key_len);
-
-    /* Set context handle/return values here; all previous calls succeeded */
-    maj = GSS_S_CONTINUE_NEEDED;
-    srp_context_handle->hServer = hServer, hServer = NULL;
-
-    /* Used in generating Kerberos keyblock salt value */
-    srp_context_handle->upn_name = srp_upn_name, srp_upn_name = NULL;
-    srp_context_handle->srp_ver = ver, ver = NULL;
-
-    /* Return the SRP session key in the context handle */
-    srp_context_handle->srp_session_key_len = srp_session_key_len;
-    srp_context_handle->srp_session_key = ret_srp_session_key, ret_srp_session_key = NULL;
-
-    srp_print_hex(srp_session_key, srp_session_key_len,
-                  "_srp_gss_auth_init(accept_sec_ctx) got session key");
-
-error:
-    if (ver)
-    {
-        cli_rpc_srp_verifier_delete(
-            hServer ? hServer->hBinding : NULL,
-            (void **) &ver);
-    }
-    VmDirCloseServer(hServer);
-    if (srp_upn_name)
-    {
-        free(srp_upn_name);
-    }
-    if (ber_upn)
-    {
-        ber_bvfree(ber_upn);
-    }
-    if (ber_bytes_A)
-    {
-        ber_bvfree(ber_bytes_A);
-    }
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-
-    if (disp_name)
-    {
-        gss_release_buffer(&min_tmp, disp_name);
-    }
-    if (srp_bytes_B)
-    {
-        free((void *) srp_bytes_B);
-    }
-    if (srp_salt)
-    {
-        free((void *) srp_salt);
-    }
-    if (srp_mda)
-    {
-        free((void *) srp_mda);
-    }
-    if (srp_session_key)
-    {
-        free((void *) srp_session_key);
-    }
-    if (ret_srp_session_key)
-    {
-        free((void *) ret_srp_session_key);
-    }
-
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    return maj;
-}
-
-static
-OM_uint32
-_srp_gss_validate_client(
-    OM_uint32 *minor_status,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int berror = 0;
-    ber_tag_t ber_state = 0;
-    BerElement *ber = NULL;
-    BerElement *ber_resp = NULL;
-    struct berval ber_HAMK = {0};
-    struct berval *ber_srp_bytes_M = NULL;
-    struct berval ber_ctx = {0};
-    const unsigned char *bytes_HAMK = NULL;
-    int bytes_HAMK_len = 0;
-    struct berval *flatten = NULL;
-    PVMDIR_SERVER_CONTEXT hServer = NULL;
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_srp_gss_validate_client(): "
-                     "state=SRP_AUTH_CLIENT_VALIDATE\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_srp_bytes_M);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        min = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state || ber_srp_bytes_M->bv_len == 0)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(ber_srp_bytes_M->bv_val, (int) ber_srp_bytes_M->bv_len,
-                  "_srp_gss_validate_client(accept_sec_ctx) received bytes_M");
-
-    hServer = srp_context_handle->hServer;
-    min = cli_rpc_srp_verifier_verify_session(
-              hServer->hBinding,
-              srp_context_handle->srp_ver,
-              ber_srp_bytes_M->bv_val, (int) ber_srp_bytes_M->bv_len,
-              &bytes_HAMK, &bytes_HAMK_len);
-    if (min || !bytes_HAMK)
-    {
-        /*
-         * Bad password will cause this to fail. Do not bail on error here.
-         * Merely generate a NULL HAMK response below, to complete the
-         * SRP protocol exchange with the client. The client tests for an
-         * empty HAMK token, and formulates the proper error.
-         */
-        srp_debug_printf("_srp_gss_validate_client: "
-                         "srp_verifier_verify_session() failed!!!\n");
-    }
-
-    /*
-     * ASN.1 encode the bytes_HAMK value, sending it back to the client
-     * for validation. That will complete the authentication process if that
-     * succeeds.
-     */
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    if (min == 0)
-    {
-        /*
-         * Generate HAMK response. When min is an error code,
-         * an empty HAMK response (zero length) is created.
-         */
-        min = cli_rpc_srp_verifier_get_session_key_length(
-                  hServer->hBinding,
-                  srp_context_handle->srp_ver,
-                  (long *) &ber_HAMK.bv_len);
-        if (min)
-        {
-            maj = GSS_S_FAILURE;
-            goto error;
-        }
-    }
-
-    ber_HAMK.bv_val = (void *) bytes_HAMK;
-    berror = ber_printf(ber_resp, "t{O}",
-                  (int) SRP_AUTH_SERVER_VALIDATE,
-                  &ber_HAMK);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-    /*
-     * From server's perspective, authentication is done. However,
-     * there is a final output_token to process by gss_init_sec_context().
-     */
-    maj = GSS_S_COMPLETE;
-
-error:
-    if (ber_srp_bytes_M)
-    {
-        ber_bvfree(ber_srp_bytes_M);
-    }
-    if (bytes_HAMK)
-    {
-        free((void *) bytes_HAMK);
-    }
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    return maj;
-}
-
-
-/*
- * Report error status to client, and the final
- * minor status from the server.
- * This is the end, my friend...
- */
-static
-OM_uint32
-_srp_gss_accept_sec_ctx_error_resp(
-    OM_uint32 *minor_status,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int berror = 0;
-    BerElement *ber_resp = NULL;
-    struct berval *flatten = NULL;
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    berror = ber_printf(ber_resp, "t{i}",
-                  (int) SRP_AUTH_FAILED,
-                  *minor_status);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-error:
-    ber_bvfree(flatten);
-    ber_free(ber_resp, 1);
-    if (maj)
-    {
-        /* Cleanup return memory stuff here */
-    }
-
-    return maj;
-}
-
-OM_uint32
-srp_gss_accept_sec_context(
-                OM_uint32 *minor_status,
-                gss_ctx_id_t *context_handle,
-                gss_cred_id_t verifier_cred_handle,
-                gss_buffer_t input_token,
-                gss_channel_bindings_t input_chan_bindings,
-                gss_name_t *src_name,
-                gss_OID *mech_type,
-                gss_buffer_t output_token,
-                OM_uint32 *ret_flags,
-                OM_uint32 *time_rec,
-                gss_cred_id_t *delegated_cred_handle)
-{
-    int oid_len = 0;
-    int state = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    unsigned char *ptr = NULL;
-    int ptr_len = 0;
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    OM_uint32 tmp_maj = 0;
-    OM_uint32 tmp_min = 0;
-    gss_buffer_desc input_token_srp = {0};
-    srp_gss_ctx_id_t srp_context_handle = NULL;
-    krb5_error_code krb5_err = 0;
-    gss_cred_id_t srp_cred_handle = NULL;
-
-    if (minor_status == NULL ||
-        output_token == GSS_C_NO_BUFFER ||
-        context_handle == NULL)
-    {
-        return GSS_S_CALL_INACCESSIBLE_WRITE;
-    }
-
-    if (input_token == GSS_C_NO_BUFFER)
-    {
-        return GSS_S_CALL_INACCESSIBLE_READ;
-    }
-
-    if (minor_status)
-    {
-        *minor_status = 0;
-    }
-
-    if (output_token != GSS_C_NO_BUFFER)
-    {
-        output_token->length = 0;
-        output_token->value = NULL;
-    }
-
-    if (!context_handle)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (*context_handle)
-    {
-        srp_context_handle = (srp_gss_ctx_id_t) *context_handle;
-    }
-    else
-    {
-        /* First call, allocate context handle */
-        srp_context_handle =
-            (srp_gss_ctx_id_t) calloc(1, sizeof(srp_gss_ctx_id_rec));
-        if (!srp_context_handle)
-        {
-            min = ENOMEM;
-            maj = GSS_S_FAILURE;
-            goto error;
-        }
-        memset(srp_context_handle, 0, sizeof(srp_gss_ctx_id_rec));
-
-        /* Needed for Kerberos AES256-SHA1 keyblock generation */
-        krb5_err = krb5_init_context(&srp_context_handle->krb5_ctx);
-        if (krb5_err)
-        {
-            maj = GSS_S_FAILURE;
-            min = krb5_err;
-            goto error;
-        }
-        maj = srp_gss_acquire_cred(
-                  &min,
-                  GSS_C_NO_NAME,
-                  0,
-                  NULL,
-                  GSS_C_ACCEPT,
-                  &srp_cred_handle,
-                  NULL,
-                  NULL);
-        if (maj)
-        {
-            goto error;
-        }
-        srp_cred = (srp_gss_cred_id_t) srp_cred_handle;
-        srp_context_handle->magic_num = SRP_MAGIC_ID;
-
-        maj = srp_gss_duplicate_oid(&min,
-                                    srp_cred->srp_mech_oid,
-                                    &srp_context_handle->mech);
-        if (maj)
-        {
-            goto error;
-        }
-
-        srp_context_handle->state = SRP_AUTH_INIT;
-        srp_context_handle->cred = (srp_gss_cred_id_t) verifier_cred_handle;
-        *context_handle = (gss_ctx_id_t) srp_context_handle;
-    }
-
-    ptr = (unsigned char*) input_token->value;
-    ptr_len = (int) input_token->length;
-    maj = srp_gss_validate_oid_header(
-              &min,
-              input_token,
-              &oid_len);
-    if (maj)
-    {
-        goto error;
-    }
-
-    ptr += oid_len;
-    ptr_len -= oid_len;
-    input_token_srp.value = ptr;
-    input_token_srp.length = ptr_len;
-
-    /* This is the "t" field of ber_scanf() */
-    state = SRP_AUTH_STATE_VALUE(ptr[0]);
-
-    /* Verify state machine is consistent with expected state */
-    state = SRP_AUTH_STATE_VALUE(ptr[0]);
-
-    if (state != srp_context_handle->state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    switch(state)
-    {
-      case SRP_AUTH_INIT:
-        srp_debug_printf("srp_gss_accept_sec_context: state=SRP_AUTH_INIT\n");
-        maj = _srp_gss_auth_init(minor_status,
-                                 srp_context_handle,
-                                 state,
-                                 &input_token_srp,
-                                 output_token);
-        if (maj)
-        {
-            if (maj == GSS_S_CONTINUE_NEEDED)
-            {
-                srp_context_handle->state = SRP_AUTH_CLIENT_VALIDATE;
-            }
-            goto error;
-        }
-        break;
-
-      case SRP_AUTH_CLIENT_VALIDATE:
-        srp_debug_printf("srp_gss_accept_sec_context: "
-                         "state=SRP_AUTH_CLIENT_VALIDATE\n");
-        maj = _srp_gss_validate_client(minor_status,
-                                       srp_context_handle,
-                                       state,
-                                       &input_token_srp,
-                                       output_token);
-        if (maj != GSS_S_CONTINUE_NEEDED && maj != GSS_S_COMPLETE)
-        {
-            /* Hard error occurred */
-            goto error;
-        }
-
-        srp_context_handle->state = SRP_AUTH_COMPLETE;
-        if (mech_type)
-        {
-            /* The security mechanism with which the context was established.
-             * If the security mechanism type is not required, specify NULL
-             * for this parameter. The gss_OID value returned for this
-             * parameter points to a read-only structure and must not be
-             * released by the application.
-             */
-            *mech_type = srp_context_handle->mech;
-        }
-
-        if (src_name)
-        {
-            /* Optional: Return UPN name to caller */
-            tmp_maj = gss_duplicate_name(
-                      &tmp_min,
-                      srp_context_handle->gss_upn_name,
-                      src_name);
-            if (tmp_maj)
-            {
-                maj = tmp_maj;
-                *minor_status = tmp_min;
-                goto error;
-            }
-        }
-        break;
-
-      /* This should never happen, but include for completeness-sake */
-      case SRP_AUTH_COMPLETE:
-        srp_debug_printf("srp_gss_accept_sec_context: "
-                         "state=SRP_AUTH_COMPLETE\n");
-        maj = GSS_S_COMPLETE;
-        break;
-
-      default:
-        srp_debug_printf("srp_gss_accept_sec_context: state=UNKNOWN!!!\n");
-        maj = GSS_S_FAILURE;
-        goto error;
-        break;
-    }
-
-    if (srp_context_handle->state == SRP_AUTH_COMPLETE)
-    {
-        PVMDIR_SERVER_CONTEXT hServer = srp_context_handle->hServer;
-
-        krb5_err = srp_make_enc_keyblock(srp_context_handle);
-        if (krb5_err)
-        {
-            maj = GSS_S_FAILURE;
-            min = krb5_err;
-            goto error;
-        }
-
-        /* Clean up SRP server-side memory, then close the server context */
-        cli_rpc_srp_verifier_delete(
-            hServer->hBinding,
-            (void **) &srp_context_handle->srp_ver);
-
-        VmDirCloseServer(hServer);
-        srp_context_handle->hServer = NULL;
-    }
-
-error:
-    if (maj != GSS_S_CONTINUE_NEEDED && maj != GSS_S_COMPLETE)
-    {
-        _srp_gss_accept_sec_ctx_error_resp(
-            minor_status,
-            output_token);
-    }
-
-    if (srp_cred_handle)
-    {
-        srp_gss_release_cred(&tmp_min, &srp_cred_handle);
-    }
-    return maj;
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_acquire_cred.c b/lwraft/gssapi-plugins/srp/srp_acquire_cred.c
deleted file mode 100644
index 975d432fa..000000000
--- a/lwraft/gssapi-plugins/srp/srp_acquire_cred.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "srp_util.h"
-#include "gssapi_alloc.h"
-
-#include <gssapi/gssapi_krb5.h>
-#include <errno.h>
-#include <string.h>
-
-
-OM_uint32
-srp_gss_acquire_cred(
-    OM_uint32 *minor_status,
-    gss_name_t desired_name,
-    OM_uint32 time_req,
-    gss_OID_set desired_mechs,
-    gss_cred_usage_t cred_usage,
-    gss_cred_id_t *output_cred_handle,
-    gss_OID_set *actual_mechs,
-    OM_uint32 *time_rec)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    gss_name_t gss_krb5_name_buf = NULL;
-#if 1
-    /*
-     * To preserve backward compatibility with the shipped SRP plugin,
-     * which uses GSS_SRP_MECH_OID_ST (1.2.840.113554.1.2.10), this function
-     * must return this OID. Support for both GSS_SRP_MECH_OID_ST and
-     * the oid-info registered SRP OID (1.3.6.1.4.1.6876.11711.2.1.1).
-     * However, there is no way to use the registed SRP OID and retain
-     * backward compatibility.
-     */
-    int gssapi_srp_mech_oid_len = GSS_SRP_MECH_OID_LEN_ST;
-    unsigned char *srp_mech_oid = GSS_SRP_MECH_OID_ST;
-#else
-    /* Official "SRP OID"; can't use as breaks backward compatibility */
-    int gssapi_srp_mech_oid_len = GSSAPI_SRP_MECH_OID_LEN_ST;
-    unsigned char *srp_mech_oid = GSSAPI_SRP_MECH_OID_ST;
-#endif
-
-    /* Allocate the cred structure */
-    srp_cred = (srp_gss_cred_id_t) gssalloc_malloc(sizeof(*srp_cred));
-    if (!srp_cred)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(srp_cred, 0, sizeof(*srp_cred));
-
-    /* Allocate/set the mech OID; must be SRP for this method to be called */
-    srp_cred->srp_mech_oid = (gss_OID) gssalloc_malloc(sizeof(*srp_cred->srp_mech_oid));
-    if (!srp_cred->srp_mech_oid)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(srp_cred->srp_mech_oid, 0, sizeof(*srp_cred->srp_mech_oid));
-    srp_cred->srp_mech_oid->elements = (void *) gssalloc_malloc(gssapi_srp_mech_oid_len);
-    if (!srp_cred->srp_mech_oid->elements)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_cred->srp_mech_oid->length = gssapi_srp_mech_oid_len;
-    memcpy(srp_cred->srp_mech_oid->elements, srp_mech_oid, gssapi_srp_mech_oid_len);
-
-    if (desired_name)
-    {
-        /* Really, use krb5 mech OID for name, as the desired output is a UPN */
-        major = gss_canonicalize_name(&minor,
-                                      desired_name,
-                                      (gss_OID) gss_mech_krb5,
-                                      &gss_krb5_name_buf);
-        if (major)
-        {
-            goto error;
-        }
-
-        srp_cred->name = gss_krb5_name_buf, gss_krb5_name_buf = NULL;
-    }
-    *output_cred_handle = (gss_cred_id_t) srp_cred;
-
-error:
-    if (major || minor)
-    {
-        *minor_status = minor;
-        if (srp_cred)
-        {
-            if (srp_cred->srp_mech_oid)
-            {
-                if (srp_cred->srp_mech_oid->elements)
-                {
-                    gssalloc_free(srp_cred->srp_mech_oid->elements);
-                }
-                gssalloc_free(srp_cred->srp_mech_oid);
-            }
-            gssalloc_free(srp_cred);
-        }
-    }
-
-    return major;
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_del_sec_ctx.c b/lwraft/gssapi-plugins/srp/srp_del_sec_ctx.c
deleted file mode 100644
index 36a6cb3a7..000000000
--- a/lwraft/gssapi-plugins/srp/srp_del_sec_ctx.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "gssapiP_srp.h"
-#include "includes.h"
-#include "srprpc.h"
-#include <client/structs.h>
-#include <csrp/srp.h>
-
-/*
- * Cleanup SRP client-side memory. SRP server-side binding handle
- * and SRP verifier handle are cleaned up by srp_gss_accept_sec_context()
- * when the authentication exchange is complete, pass or fail.
- * Note: calling these cleanup routines here causes a hang;
- *       the reason is unknown.
- */
-OM_uint32
-srp_gss_delete_sec_context(
-                OM_uint32 *minor_status,
-                gss_ctx_id_t *context_handle,
-                gss_buffer_t output_token)
-{
-    srp_gss_ctx_id_t srp_ctx = NULL;
-    OM_uint32 tmp_minor = GSS_S_COMPLETE;
-    OM_uint32 ret = GSS_S_COMPLETE;
-
-    if (context_handle == NULL)
-    {
-        return (GSS_S_FAILURE);
-    }
-
-    srp_ctx = (srp_gss_ctx_id_t) *context_handle;
-
-    if (srp_ctx->upn_name)
-    {
-        free(srp_ctx->upn_name);
-    }
-
-    if (srp_ctx->gss_upn_name)
-    {
-        gss_release_name(&tmp_minor, &srp_ctx->gss_upn_name);
-    }
-
-    if (srp_ctx->srp_session_key)
-    {
-        free(srp_ctx->srp_session_key);
-    }
-
-    if (srp_ctx->srp_usr)
-    {
-        srp_user_delete(srp_ctx->srp_usr);
-        srp_ctx->srp_usr = NULL;
-    }
-
-    if (srp_ctx->mech)
-    {
-        gss_release_oid(&tmp_minor, &srp_ctx->mech);
-    }
-
-    if (srp_ctx->krb5_ctx)
-    {
-        if (srp_ctx->keyblock)
-        {
-            krb5_free_keyblock_contents(srp_ctx->krb5_ctx, srp_ctx->keyblock);
-            free(srp_ctx->keyblock);
-            srp_ctx->keyblock = NULL;
-        }
-
-        krb5_free_context(srp_ctx->krb5_ctx);
-        srp_ctx->krb5_ctx = NULL;
-    }
-
-    HMAC_CTX_cleanup(&srp_ctx->hmac_ctx);
-
-    free(*context_handle);
-    *context_handle = NULL;
-    return (ret);
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_disp_name.c b/lwraft/gssapi-plugins/srp/srp_disp_name.c
deleted file mode 100644
index 9121fba94..000000000
--- a/lwraft/gssapi-plugins/srp/srp_disp_name.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "srp_util.h"
-#include <gssapi/gssapi_krb5.h>
-
-OM_uint32
-srp_gss_display_name(
-    OM_uint32 *minor_status,
-    gss_name_t input_name,
-    gss_buffer_t output_name_buffer,
-    gss_OID *output_name_type)
-{
-    OM_uint32 status = GSS_S_COMPLETE;
-    OM_uint32 minor = GSS_S_COMPLETE;
-    gss_name_t gss_krb5_name_buf = NULL;
-    dsyslog("Entering display_name\n");
-
-
-    status = gss_canonicalize_name(&minor,
-                                  input_name,
-                                  (gss_OID) gss_mech_krb5,
-                                  &gss_krb5_name_buf);
-    if (status)
-    {
-        goto error;
-    }
-
-    status = gss_display_name(minor_status, gss_krb5_name_buf,
-        output_name_buffer, output_name_type);
-
-error:
-    if (gss_krb5_name_buf)
-    {
-        gss_release_name(minor_status, &gss_krb5_name_buf);
-    }
-
-    dsyslog("Leaving display_name\n");
-    return (status);
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_encrypt.c b/lwraft/gssapi-plugins/srp/srp_encrypt.c
deleted file mode 100644
index 945df2f69..000000000
--- a/lwraft/gssapi-plugins/srp/srp_encrypt.c
+++ /dev/null
@@ -1,566 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <krb5.h>
-#include <sasl/saslutil.h>
-#include <errno.h>
-#include <string.h>
-#include "srp_encrypt.h"
-#include "srp_util.h"
-#include "gssapi_alloc.h"
-
-krb5_error_code
-srp_gen_keyblock(
-    krb5_context krb5_ctx,
-    char *enc_keytype,
-    char *pass,
-    char *salt,
-    krb5_keyblock *key)
-{
-    krb5_error_code krb_err = 0;
-    krb5_enctype enctype;
-    krb5_data pass_data = {0};
-    krb5_data salt_data = {0};
-
-    memset(&enctype, 0, sizeof(enctype));
-
-    pass_data.data = pass;
-    pass_data.length = (int) strlen(pass);
-    salt_data.data = salt;
-    salt_data.length = (int) strlen(salt);
-
-#if 0
-    /* Prefer to use this, as it takes ENCTYPE_AES256_CTS_HMAC_SHA1_96 */
-    enctype = find_enctype(enc_keytype);
-    if (!enctype)
-    {
-        krb_err = EINVAL;
-        goto error;
-    }
-#else
-    krb_err = krb5_string_to_enctype(
-                  enc_keytype,
-                  &enctype);
-    if (krb_err)
-    {
-        goto error;
-    }
-#endif
-
-    krb_err = krb5_c_string_to_key(
-                  krb5_ctx,
-                  enctype,
-                  &pass_data,
-                  &salt_data,
-                  key);
-    if (krb_err)
-    {
-        goto error;
-    }
-
-error:
-
-    return krb_err;
-}
-
-static krb5_error_code
-srp_expand_session_key(
-    const char *pass,
-    int passlen,
-    const unsigned char *salt,
-    int saltlen,
-    int iter,
-    int keylen,
-    unsigned char *out)
-{
-    krb5_error_code sts = 0;
-    sts = PKCS5_PBKDF2_HMAC(
-              pass,
-              passlen,
-              salt,
-              saltlen,
-              iter,
-              SRP_EXPAND_KEY_HASH,
-              keylen,
-              out);
-    return sts == 0 ? EINVAL : 0;
-}
-
-static int
-srp_init_hmac(
-    HMAC_CTX *phctx,
-    unsigned char *key,
-    int key_len)
-{
-    int sts = 0;
-    HMAC_CTX hctx;
-    unsigned char md[40] = {0};
-    unsigned int mdlen = 0;
-
-    memset(&hctx, 0, sizeof(hctx));
-    HMAC_CTX_init(&hctx);
-    sts = HMAC_Init_ex(&hctx, key, key_len, EVP_sha1(), NULL);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    HMAC_Update(&hctx, "", 0);
-    HMAC_Final(&hctx, md, &mdlen);
-
-    *phctx = hctx;
-    return 0;
-}
-
-static int
-srp_compute_hmac(
-    HMAC_CTX hctx,
-    unsigned char *data,
-    int data_len,
-    unsigned char *md,
-    int *md_len)
-{
-    int sts = 0;
-
-    /* These functions return 0 on error, 1 for success */
-    sts = HMAC_Init_ex(&hctx, NULL, 0, EVP_sha1(), NULL);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    sts = HMAC_Update(&hctx, data, data_len);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    sts = HMAC_Final(&hctx, md, md_len);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    return sts;
-}
-
-krb5_error_code
-srp_make_enc_keyblock(
-    srp_gss_ctx_id_t srp_context_handle)
-{
-    char *srp_session_key_str = NULL;
-    unsigned char *hmac_key = NULL;
-    int b64_alloc_len = 0;
-
-    unsigned char *ptr_expanded_key = NULL;
-    unsigned char expanded_session_key[SRP_EXPAND_KEY_LEN] = {0};
-
-    unsigned char srp_session_key[SRP_EXPAND_SESSION_KEY_LEN] = {0};
-    int srp_session_key_len = sizeof(srp_session_key);
-
-    unsigned char iv_data[AES_BLOCK_SIZE] = {0};
-    int iv_data_len = sizeof(iv_data);
-
-    int b64_session_key_len = 0;
-    krb5_error_code krb5_err = KRB5_BAD_ENCTYPE;
-
-    if (!srp_context_handle->srp_session_key ||
-        srp_context_handle->srp_session_key_len == 0)
-    {
-        krb5_err = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    srp_print_hex(srp_context_handle->srp_session_key,
-                  srp_context_handle->srp_session_key_len,
-                  "srp_make_enc_keyblock: SRP-negotiated session key ");
-
-    /* Expand SRP session key to obtain more bytes for IV/session key */
-    krb5_err = srp_expand_session_key(
-                   srp_context_handle->srp_session_key,
-                   srp_context_handle->srp_session_key_len,
-                   srp_context_handle->upn_name,         /* salt */
-                   (int) strlen(srp_context_handle->upn_name), /* salt length */
-                   SRP_EXPAND_KEY_ITER,
-                   sizeof(expanded_session_key),
-                   expanded_session_key);
-    if (krb5_err)
-    {
-        goto error;
-    }
-
-    /* Carve up parts of the expanded key for various purposes */
-    ptr_expanded_key = expanded_session_key;
-
-    /* Initialization vector */
-    memcpy(iv_data, ptr_expanded_key, iv_data_len);
-    ptr_expanded_key += iv_data_len;
-
-    srp_print_hex(iv_data,
-                  iv_data_len,
-                  "srp_make_enc_keyblock: got initialization vector ");
-
-    /* SRP "derived session" key */
-    memcpy(srp_session_key, ptr_expanded_key, srp_session_key_len);
-    ptr_expanded_key += sizeof(srp_session_key);
-
-    /* HMAC key, remaining 16 bytes */
-    hmac_key = ptr_expanded_key;
-
-    srp_print_hex(srp_session_key,
-                  srp_session_key_len,
-                  "srp_make_enc_keyblock: got derived session key");
-
-    /* Build b64 encoded string of SRP session key */
-    b64_alloc_len = (srp_session_key_len + 2) / 3  * 4 + 1;
-    srp_session_key_str = calloc(b64_alloc_len, sizeof(char));
-    if (!srp_session_key_str)
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-
-    krb5_err = sasl_encode64(
-                   srp_session_key,
-                   srp_session_key_len,
-                   srp_session_key_str,
-                   b64_alloc_len,
-                   &b64_session_key_len);
-    if (krb5_err)
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-    srp_session_key_str[b64_session_key_len] = '\0';
-
-    srp_context_handle->keyblock = calloc(1, sizeof(krb5_keyblock));
-    if (!srp_context_handle->keyblock)
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-
-    /* Generate encryption key from SRP shared key */
-    krb5_err = srp_gen_keyblock(
-                   srp_context_handle->krb5_ctx,
-                   SRP_ENC_KEYTYPE,
-                   srp_session_key_str,
-                   srp_context_handle->upn_name,
-                   srp_context_handle->keyblock);
-    if (krb5_err)
-    {
-        goto error;
-    }
-
-    srp_print_hex(srp_context_handle->keyblock->contents,
-                  srp_context_handle->keyblock->length,
-                  "srp_make_enc_keyblock: keyblock value");
-
-     memset(srp_context_handle->aes_encrypt_iv, 0, iv_data_len);
-     memcpy(srp_context_handle->aes_encrypt_iv, iv_data, iv_data_len);
-
-     memset(srp_context_handle->aes_decrypt_iv, 0, iv_data_len);
-     memcpy(srp_context_handle->aes_decrypt_iv, iv_data, iv_data_len);
-
-    AES_set_encrypt_key(
-        srp_context_handle->keyblock->contents,
-        srp_context_handle->keyblock->length * 8,
-        &srp_context_handle->aes_encrypt_key);
-    AES_set_decrypt_key(
-        srp_context_handle->keyblock->contents,
-        srp_context_handle->keyblock->length * 8,
-        &srp_context_handle->aes_decrypt_key);
-
-    if (srp_init_hmac(&srp_context_handle->hmac_ctx,
-                      hmac_key,
-                      SRP_EXPAND_HMAC_KEY))
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-
-error:
-    if (krb5_err)
-    {
-        if (srp_context_handle->keyblock)
-        {
-            free(srp_context_handle->keyblock);
-        }
-    }
-
-    if (srp_session_key_str)
-    {
-        free(srp_session_key_str);
-    }
-    return krb5_err;
-}
-
-int
-srp_encrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *plaintext,
-    int plaintext_len,
-    unsigned char *out_ciphertext,
-    unsigned char **out_hmacbuf,
-    int *out_hmacbuf_len)
-{
-    int sts = 0;
-    int hmacbuf_len = 0;
-    int hmac_bufpad_len = 0;
-    int ciphertext_len = 0;
-    int ciphertext_pad_len = 0;
-    int verifier_len = 0;
-    unsigned char *hmacbuf = NULL;
-    unsigned char *hmacbuf_end = NULL;
-    unsigned char *ciphertext = NULL;
-    unsigned char *ret_hmacbuf = NULL;
-
-    /*
-     * Message format:
-     *   ciphertext = AES256(key, plaintext)
-     *   |-- HMAC-SHA1(ciphertext) (20) --|-- ciphertext --|)
-     *
-     * Result:
-     *   Contiguous ciphertext buffer is split into two pieces across
-     *   iov, as iov[1] cannot be resized, but iov[0] can.
-     *
-     *     iov[0] data: |-- AES256 (verifier-len) --|
-     *     iov[1] data: |-- AES256 (plaintext-len) --|
-     */
-
-    ciphertext_pad_len = AES256PAD(plaintext_len);
-    /*
-     * Note: The below padding may cause buffer expansion which cannot fit into
-     * the original iov[1] payload buffer. The "residual data" from this
-     * expansion is returned in iov[0], semantically the hmac verifier.
-     */
-    hmac_bufpad_len = ciphertext_pad_len + SRP_SHA1_HMAC_BUFSIZ;
-    hmacbuf = (unsigned char *) calloc(hmac_bufpad_len, sizeof(unsigned char));
-    if (!hmacbuf)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-    hmacbuf_end = hmacbuf;
-
-    /* Same size as the input buffer; holds the output cipher text */
-    ciphertext_len = ciphertext_pad_len;
-    ciphertext = (unsigned char *) calloc(ciphertext_len,
-                                          sizeof(unsigned char));
-    if (!ciphertext)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    /* AES256 encrypt the plaintext payload data */
-    AES_cbc_encrypt(
-        plaintext,
-        ciphertext,
-        ciphertext_len,
-        &srp_context_handle->aes_encrypt_key,
-        srp_context_handle->aes_encrypt_iv,
-        AES_ENCRYPT);
-
-    /* Perform hmac-sha validation over ciphertext payload */
-    if (!srp_compute_hmac(
-         srp_context_handle->hmac_ctx,
-         ciphertext,
-         ciphertext_len,
-         hmacbuf,
-         &hmacbuf_len))
-    {
-        sts = EINVAL;
-        goto error;
-    }
-
-    if (hmacbuf_len > SRP_SHA1_HMAC_BUFSIZ)
-    {
-        hmacbuf_len = SRP_SHA1_HMAC_BUFSIZ;
-    }
-    hmacbuf_end += hmacbuf_len;
-
-    srp_print_hex(hmacbuf,
-                  hmacbuf_len,
-                  "srp_encrypt_aes256_hmac_sha1: hmac =");
-
-    /* Copy the ciphertext message after the HMAC data */
-    memcpy(hmacbuf_end, ciphertext, ciphertext_len);
-
-    /* Verifier data: what cannot fit into iov[1] */
-    verifier_len = hmac_bufpad_len - ciphertext_len;
-
-    ret_hmacbuf = (unsigned char *) calloc(verifier_len,
-                                           sizeof(unsigned char));
-    if (!ret_hmacbuf)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    /* Split cipher text into two iov values: iov[0] = HMAC code */
-    memcpy(ret_hmacbuf, hmacbuf, verifier_len);
-
-    /* iov[1] = cipher text */
-    memcpy(out_ciphertext,
-           hmacbuf + verifier_len,
-           plaintext_len);
-
-    /* Additional iov[0] length due to padding expansion */
-    *out_hmacbuf = ret_hmacbuf;
-    *out_hmacbuf_len = verifier_len;
-
-error:
-    if (sts)
-    {
-        if (ret_hmacbuf)
-        {
-            free(ret_hmacbuf);
-        }
-    }
-    if (hmacbuf)
-    {
-        free(hmacbuf);
-    }
-    if (ciphertext)
-    {
-        free(ciphertext);
-    }
-    return sts;
-}
-
-
-int
-srp_decrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *in_hmacbuf,
-    int in_hmacbuf_len,
-    unsigned char *in_ciphertext,
-    int in_ciphertext_len,
-    unsigned char *ret_plaintext)
-{
-    int sts = 0;
-    unsigned char *cipherhmac_buf = NULL;
-    unsigned char *plaintext = NULL;
-    unsigned char *ciphertext_start = NULL;
-    int cipherhmac_buf_len = 0;
-    int ciphertext_len = 0;
-    int hmac_computed_len = 0;
-    unsigned char hmac[SRP_SHA1_HMAC_BUFSIZ] = {0};
-    unsigned char hmac_computed[SRP_SHA1_HMAC_BUFSIZ] = {0};
-
-    /* Splice in_hmacbuf + in_ciphertext together, this is the ciphertext */
-    cipherhmac_buf_len = in_hmacbuf_len + in_ciphertext_len;
-
-    /* Buffer must adhere to AES-256 padding requirements */
-    ciphertext_len = AES256PAD((cipherhmac_buf_len - SRP_SHA1_HMAC_BUFSIZ));
-    cipherhmac_buf = (unsigned char *) calloc(cipherhmac_buf_len,
-                                              sizeof(unsigned char));
-    if (!cipherhmac_buf)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    plaintext = (unsigned char *) calloc(ciphertext_len,
-                                         sizeof(unsigned char));
-    if (!plaintext )
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    memcpy(cipherhmac_buf, in_hmacbuf, in_hmacbuf_len);
-    memcpy(cipherhmac_buf + in_hmacbuf_len, in_ciphertext, in_ciphertext_len);
-
-    /* Save the HMAC-SHA1 verifier from client */
-    memcpy(hmac, cipherhmac_buf, SRP_SHA1_HMAC_BUFSIZ);
-
-    srp_print_hex(hmac,
-                   SRP_SHA1_HMAC_BUFSIZ,
-                   "srp_decrypt_aes256_hmac_sha1: client hmac");
-
-    /* Perform hmac-sha validation over the ciphertext */
-    ciphertext_start = cipherhmac_buf + SRP_SHA1_HMAC_BUFSIZ;
-    if (!srp_compute_hmac(
-         srp_context_handle->hmac_ctx,
-         ciphertext_start,
-         ciphertext_len,
-         hmac_computed,
-         &hmac_computed_len))
-    {
-        sts = EINVAL;
-        goto error;
-    }
-
-    /* Verify computed verifier matches client verifier */
-    if (hmac_computed_len != SRP_SHA1_HMAC_BUFSIZ ||
-        memcmp(hmac, hmac_computed, hmac_computed_len) != 0)
-    {
-        srp_print_hex(hmac_computed,
-                       SRP_SHA1_HMAC_BUFSIZ,
-                       "srp_decrypt_aes256_hmac_sha1: ERROR computed hmac");
-        /* verifier failed, return error */
-        sts = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /* This is the full ciphertext, which can then be decrypted. */
-    AES_cbc_encrypt(ciphertext_start,
-                    plaintext,
-                    ciphertext_len,
-                    &srp_context_handle->aes_decrypt_key,
-                    srp_context_handle->aes_decrypt_iv,
-                    AES_DECRYPT);
-
-    memcpy(ret_plaintext, plaintext, ciphertext_len);
-
-error:
-    if (plaintext)
-    {
-        free(plaintext);
-    }
-    if (cipherhmac_buf)
-    {
-        free(cipherhmac_buf);
-    }
-    return sts;
-}
-
-#ifdef _SRP_USE_TRIVIAL_ENCRYPTION
-
-/* Straw-man trivial encryption function */
-void xor_encrypt(
-    unsigned char *plaintext,
-    int plaintext_len,
-    const unsigned char *key,
-    int keylen)
-{
-    int i = 0;
-    int k = 0;
-
-    for (i=0; i<plaintext_len; i++)
-    {
-        plaintext[i] ^= key[k++];
-        k %= keylen;
-    }
-    return;
-}
-
-unsigned char *xor_get_encrypt_key(int *len)
-{
-    static char *g_key = "!)@(#*%&^dEadBeEf~!@#$%^&*()_+";
-    *len = strlen(g_key);
-
-    return (unsigned char *) g_key;
-}
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srp_encrypt.h b/lwraft/gssapi-plugins/srp/srp_encrypt.h
deleted file mode 100644
index 5bd843701..000000000
--- a/lwraft/gssapi-plugins/srp/srp_encrypt.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _SRP_ENCRYPT_H_
-#define _SRP_ENCRYPT_H_
-
-#include <krb5.h>
-#include "gssapiP_srp.h"
-
-/*
- * Straw-man trivial encryption functionality: _SRP_USE_TRIVIAL_ENCRYPTION
- *
- * To enable this debugging "feature", add -D_SRP_USE_TRIVIAL_ENCRYPTION
- * to your makefile/vcproj.
- *  !!!!!!!!!!!!! DO NOT USE THIS IN PRODUCTION !!!!!!!!!!!!!!
- */
-
-#define AES256PAD(len) \
-    ((len) + (((len%AES_BLOCK_SIZE) > 0) ? \
-     (AES_BLOCK_SIZE - (len) % AES_BLOCK_SIZE) : 0))
-
-// #define SRP_ENC_KEYTYPE ENCTYPE_AES256_CTS_HMAC_SHA1_96
-#define SRP_ENC_KEYTYPE "aes256-cts-hmac-sha1-96"
-
-#define SRP_EXPAND_KEY_LEN  64
-#define SRP_EXPAND_SESSION_KEY_LEN  32
-#define SRP_EXPAND_HMAC_KEY 16
-#define SRP_EXPAND_KEY_ITER 128
-#define SRP_EXPAND_KEY_HASH EVP_sha1()
-#define SRP_SHA1_HMAC_BUFSIZ 20
-#define SRP_MECH_OID_OFFSET 16
-
-krb5_error_code
-srp_gen_keyblock(
-    krb5_context krb_ctx,
-    char *enc_keytype,
-    char *pass,
-    char *salt,
-    krb5_keyblock *key);
-
-krb5_error_code
-srp_make_enc_keyblock(
-    srp_gss_ctx_id_t srp_context_handle);
-
-int
-srp_encrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *plaintext,
-    int plaintext_len,
-    unsigned char *out_ciphertext,
-    unsigned char **out_hmacbuf,
-    int *out_hmacbuf_len);
-
-int
-srp_decrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *in_hmacbuf,
-    int in_hmacbuf_len,
-    unsigned char *in_ciphertext,
-    int in_ciphertext_len,
-    unsigned char *ret_plaintext);
-
-#ifdef _SRP_USE_TRIVIAL_ENCRYPTION
-void xor_encrypt(
-    unsigned char *plaintext,
-    int plaintext_len,
-    const unsigned char *key,
-    int keylen);
-
-unsigned char *xor_get_encrypt_key(int *len);
-
-#endif /* _SRP_USE_TRIVIAL_ENCRYPTION */
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srp_init_sec_ctx.c b/lwraft/gssapi-plugins/srp/srp_init_sec_ctx.c
deleted file mode 100644
index 861f6c886..000000000
--- a/lwraft/gssapi-plugins/srp/srp_init_sec_ctx.c
+++ /dev/null
@@ -1,731 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "srp_mglueP.h"
-#include "srp_encrypt.h"
-#include "srp_util.h"
-#include <krb5.h>
-#include "gssapiP_srp.h"
-#include "gssapi/gssapi_krb5.h"
-#include "gssapi_alloc.h"
-#include <lber.h>
-#include <csrp/srp.h>
-#include <ctype.h>
-
-static OM_uint32
-__srp_ber_flatten_output_token(
-    OM_uint32 *minor_status,
-    BerElement *ber,
-    int ber_len,
-    gss_buffer_t asn1_oid,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    OM_uint32 output_token_len = 0;
-    gss_buffer_desc output_token_mem = {0};
-    unsigned char *ptr = NULL;
-    int berror = 0;
-    struct berval *flatten = NULL;
-
-    berror = ber_flatten(ber, &flatten);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token_len = (OM_uint32) (asn1_oid->length + ber_len);
-    output_token_mem.value = gssalloc_malloc(output_token_len);
-    if (!output_token_mem.value)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(output_token_mem.value, 0, output_token_len);
-
-    output_token_mem.length = output_token_len;
-    ptr = output_token_mem.value;
-
-    memcpy(ptr, asn1_oid->value, asn1_oid->length);
-    ptr += asn1_oid->length;
-
-    memcpy(ptr, flatten->bv_val, flatten->bv_len);
-    ptr += ber_len;
-
-    /* output_token now owns the memory in output_token_mem */
-    *output_token = output_token_mem;
-    memset(&output_token_mem, 0, sizeof(output_token_mem));
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-        if (output_token_mem.value)
-        {
-            gssalloc_free(output_token_mem.value);
-        }
-    }
-    if (flatten)
-    {
-        ber_bvfree(flatten);
-    }
-    return major;
-}
-
-/*
- * Carol → Steve: I and A = g**a
- */
-static
-OM_uint32
-_srp_gss_make_auth_init_output_token(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    gss_name_t auth_name,
-    gss_buffer_t auth_password,
-    srp_gss_ctx_id_t srp_context_handle,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    gss_buffer_desc asn1_srp_oid = {0};
-    gss_buffer_desc export_name_buf = {0};
-    gss_buffer_t export_name = NULL;
-    gss_OID export_OID = NULL;
-    BerElement *ber = NULL;
-    int ber_len = 0;
-    int berror = 0;
-    char *export_name_str = NULL;
-    char *password = NULL;
-    struct SRPUser *usr = NULL;
-    const char *srp_auth_user = NULL;
-    const unsigned char *srp_bytes_A = NULL;
-    int srp_bytes_A_len = 0;
-    int i = 0;
-    SRP_NGType ng_type = SRP_NG_2048;
-    ber_int_t gss_srp_version_maj = 1;
-    ber_int_t gss_srp_version_min = 0;
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = srp_asn1_encode_mech_oid_token(
-                &minor,
-                srp_mech_oid,
-                &asn1_srp_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-    major = gss_display_name(&minor, auth_name, &export_name_buf, &export_OID);
-    if (major)
-    {
-        goto error;
-    }
-    export_name = &export_name_buf;
-
-    export_name_str = calloc(export_name_buf.length+1, sizeof(char));
-    if (!export_name_str)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* This is a '\0' terminated string */
-    memcpy(export_name_str, export_name_buf.value, export_name_buf.length);
-
-    /*
-     * Lower case UPN name to match SRP secret generated by vmdir.
-     * This is sematically wrong for vmdir to do this, but the UPN
-     * case must match for the SRP values to match.
-     */
-    for (i=0; i<export_name_buf.length; i++)
-    {
-        export_name_str[i] = (char) tolower((int) export_name_str[i]);
-    }
-
-    /* The caller constructs this as a '\0' terminated string */
-    password = auth_password->value;
-    usr = srp_user_new(SRP_SHA1, ng_type,
-                         export_name_str,
-                         (const unsigned char *)password,
-                         (int) strlen(password), NULL, NULL);
-    if (!usr)
-    {
-        srp_debug_printf("srp_user_new: failed!\n");
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-    srp_context_handle->upn_name = export_name_str;
-
-    /* User -> Host: (username, bytes_A) */
-    srp_user_start_authentication(usr,
-                                  &srp_auth_user,
-                                  &srp_bytes_A,
-                                  &srp_bytes_A_len);
-    if (!srp_auth_user || !srp_bytes_A || srp_bytes_A_len == 0)
-    {
-        srp_debug_printf("srp_user_start_authentication: failed!\n");
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-
-srp_print_hex(srp_bytes_A, srp_bytes_A_len, "_srp_gss_make_auth_init_output_token(init_sec_context): bytes_A");
-    /*
-     * ASN.1 encode the following data:
-     * |- GSS_SRP_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_SRP_OID -|-SRP_INIT(1)-|-VerMaj-|-VerMin-|-UPN(octet string)-|-SRP-bytes_A-|
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-    berror = ber_printf(ber, "t{ii",
-                  (ber_tag_t) SRP_AUTH_INIT,
-                  gss_srp_version_maj,
-                  gss_srp_version_min);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ber_len += berror;
-
-    berror = ber_printf(ber, "oo}",
-                  srp_auth_user,
-                  (ber_len_t) export_name_buf.length,
-                  srp_bytes_A,
-                  (ber_len_t) srp_bytes_A_len);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ber_len += berror;
-
-    major = __srp_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_srp_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* Save the srp_user_new() context in the srp_gss_ctx... handle */
-    srp_context_handle->srp_usr = usr;
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-    if (export_name)
-    {
-        gss_release_buffer(&minor, export_name);
-    }
-    if (asn1_srp_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_srp_oid);
-    }
-    ber_free(ber, 1);
-    return major;
-}
-
-static
-OM_uint32
-_srp_auth_salt_resp(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    ber_tag_t ber_state = 0;
-    struct berval ber_in_tok = {0};
-    BerElement *ber_resp = NULL;
-    ber_tag_t berror = 0;
-    struct berval *ber_mda = NULL;
-    struct berval *ber_salt = NULL;
-    struct berval *ber_B = NULL;
-    const unsigned char *srp_bytes_M = NULL;
-    int srp_bytes_M_len = 0;
-    int srp_session_key_len = 0;
-    gss_buffer_desc asn1_srp_oid = {0};
-    BerElement *ber = NULL;
-    int ber_len = 0;
-    const unsigned char *srp_session_key = NULL;
-
-    ber_in_tok.bv_len = input_token->length;
-    ber_in_tok.bv_val = input_token->value;
-    ber_resp = ber_init(&ber_in_tok);
-    berror = ber_scanf(ber_resp, "t{OOO}",
-                 &ber_state, &ber_mda, &ber_salt, &ber_B);
-    if (berror == LBER_ERROR)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(ber_salt->bv_val, (int) ber_salt->bv_len,
-                  "_srp_auth_salt_resp(init_sec_context): salt");
-    srp_print_hex(ber_B->bv_val, (int) ber_B->bv_len,
-                  "_srp_auth_salt_resp(init_sec_context): bytes_B");
-
-    /* Consistency check, this must match state */
-    if ((int) ber_state != state)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    srp_user_process_challenge(srp_context_handle->srp_usr,
-                               ber_salt->bv_val, (int) ber_salt->bv_len,
-                               ber_B->bv_val, (int) ber_B->bv_len,
-                               &srp_bytes_M, &srp_bytes_M_len);
-
-    srp_session_key = srp_user_get_session_key(
-                          srp_context_handle->srp_usr,
-                          &srp_session_key_len);
-    if (srp_session_key && srp_session_key_len > 0)
-    {
-        srp_context_handle->srp_session_key =
-            calloc(srp_session_key_len, sizeof(unsigned char));
-        if (!srp_context_handle->srp_session_key)
-        {
-            minor = ENOMEM;
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        memcpy(srp_context_handle->srp_session_key,
-               srp_session_key,
-               srp_session_key_len);
-        srp_context_handle->srp_session_key_len = srp_session_key_len;
-
-        srp_print_hex(srp_context_handle->srp_session_key,
-                      srp_context_handle->srp_session_key_len,
-                      "_srp_auth_salt_resp(init_sec_ctx) got session key");
-    }
-
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = srp_asn1_encode_mech_oid_token(
-                &minor,
-                srp_mech_oid,
-                &asn1_srp_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* ASN.1 encode the following data:
-     * |- GSS_SRP_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_SRP_OID -|-SRP_AUTH_CLIENT_VALIDATE(1)-|-SRP-bytes_A-|
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-    srp_print_hex(srp_bytes_M, srp_bytes_M_len,
-                  "_srp_auth_salt_resp(init_sec_ctx) sending bytes_M");
-
-    berror = ber_printf(ber, "t{o}",
-                  (ber_tag_t) SRP_AUTH_CLIENT_VALIDATE,
-                  srp_bytes_M,
-                  (ber_len_t) srp_bytes_M_len);
-
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-    ber_len = berror;
-
-    major = __srp_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_srp_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-
-    if (ber_mda)
-    {
-        ber_bvfree(ber_mda);
-    }
-    if (ber_salt)
-    {
-        ber_bvfree(ber_salt);
-    }
-    if (ber_B)
-    {
-        ber_bvfree(ber_B);
-    }
-    if (asn1_srp_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_srp_oid);
-    }
-    ber_free(ber_resp, 1);
-    ber_free(ber, 1);
-
-    return major;
-}
-
-
-static
-OM_uint32
-_srp_auth_server_validate(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    int berror = 0;
-    ber_tag_t ber_state = 0;
-    BerElement *ber = NULL;
-    struct berval *ber_srp_bytes_HAMK = NULL;
-    struct berval ber_ctx = {0};
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_srp_auth_server_validate(): "
-                     "state=SRP_AUTH_CLIENT_VALIDATE\n");
-
-    /*
-     * ASN.1 decode the "HAMK" server mutual auth token
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_srp_bytes_HAMK);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        minor = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state || ber_srp_bytes_HAMK->bv_len == 0)
-    {
-        if (ber_srp_bytes_HAMK->bv_len == 0)
-        {
-            /*
-             * Server sent an empty HAMK token, which indicates
-             * SRP password authentication failed.
-             */
-            minor = KRB5KRB_AP_ERR_MUT_FAIL;
-        }
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(
-        ber_srp_bytes_HAMK->bv_val,
-        (int) ber_srp_bytes_HAMK->bv_len,
-        "_srp_auth_server_validate(accept_sec_ctx) received ber_srp_bytes_HAMK");
-
-    srp_user_verify_session(
-        srp_context_handle->srp_usr,
-        ber_srp_bytes_HAMK->bv_val);
-    if (!srp_user_is_authenticated(srp_context_handle->srp_usr))
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-
-error:
-
-    /* Free a bunch of stuff ... */
-    if (ber_srp_bytes_HAMK)
-    {
-        ber_bvfree(ber_srp_bytes_HAMK);
-    }
-
-
-    ber_free(ber, 1);
-    if (major)
-    {
-        if (minor)
-        {
-            *minor_status = minor;
-        }
-    }
-
-    return major;
-}
-
-
-/*
- * Message format for generated output token (state dependent)
- * |- ASN.1 SRP OID -|- state -|- data -|- ... -|
- *
- *
- * SRP_AUTH_INIT: | ASN.1 SRP OID | SRP_AUTH_INIT (byte) | UPN (type GSS_KRB5_NT_PRINCIPAL_NAME) |
- *
- */
-OM_uint32
-srp_gss_init_sec_context(
-    OM_uint32 *minor_status,
-    gss_cred_id_t claimant_cred_handle,
-    gss_ctx_id_t *context_handle,
-    gss_name_t target_name,
-    gss_OID mech_type,
-    OM_uint32 req_flags,
-    OM_uint32 time_req,
-    gss_channel_bindings_t input_chan_bindings,
-    gss_buffer_t input_token,
-    gss_OID *actual_mech,
-    gss_buffer_t output_token,
-    OM_uint32 *ret_flags,
-    OM_uint32 *time_rec)
-{
-    /*
-     * send_token is used to indicate in later steps
-     * what type of token, if any should be sent or processed.
-     * NO_TOKEN_SEND = no token should be sent
-     * INIT_TOKEN_SEND = initial token will be sent
-     * CONT_TOKEN_SEND = continuing tokens to be sent
-     * CHECK_MIC = no token to be sent, but have a MIC to check.
-     */
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    unsigned char *ptr = NULL;
-    OM_uint32 state = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    srp_gss_ctx_id_t srp_context_handle = NULL;
-    gss_buffer_desc output_token_mem = {0};
-    krb5_error_code krb5_err = 0;
-    gss_OID srp_mech_oid = {0};
-
-    dsyslog("Entering init_sec_context\n");
-
-    if (!claimant_cred_handle || !context_handle)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-
-    srp_cred = (srp_gss_cred_id_t) claimant_cred_handle;
-    if (!srp_cred || !srp_cred->password || !srp_cred->srp_mech_oid)
-    {
-        major = GSS_S_UNAVAILABLE;
-        goto error;
-    }
-    srp_mech_oid = srp_cred->srp_mech_oid;
-
-    /* First call to init_sec_context; allocate new context */
-    if (*context_handle == GSS_C_NO_CONTEXT)
-    {
-        state = SRP_AUTH_INIT;
-        srp_debug_printf("srp_gss_init_sec_context: state=SRP_AUTH_INIT\n");
-        srp_context_handle =
-            (srp_gss_ctx_id_t) calloc(1, sizeof(srp_gss_ctx_id_rec));
-        if (!srp_context_handle)
-        {
-            minor = ENOMEM;
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        memset(srp_context_handle, 0, sizeof(srp_gss_ctx_id_rec));
-
-        srp_context_handle->magic_num = SRP_MAGIC_ID;
-        srp_context_handle->state     = state;
-        srp_context_handle->cred      = srp_cred;
-
-        /* Needed for Kerberos AES256-SHA1 keyblock generation */
-        krb5_err = krb5_init_context(&srp_context_handle->krb5_ctx);
-        if (krb5_err)
-        {
-            major = GSS_S_FAILURE;
-            minor = krb5_err;
-            goto error;
-        }
-
-        major = _srp_gss_make_auth_init_output_token(
-                    &minor,
-                    srp_mech_oid,
-                    srp_cred->name,
-                    srp_cred->password,
-                    srp_context_handle,
-                    &output_token_mem);
-        if (major)
-        {
-            goto error;
-        }
-        srp_context_handle->state = SRP_AUTH_SALT_RESP;
-        *context_handle = (gss_ctx_id_t) srp_context_handle;
-        srp_context_handle = NULL;
-        major = GSS_S_CONTINUE_NEEDED;
-    }
-    else
-    {
-        srp_context_handle = (srp_gss_ctx_id_t) *context_handle;
-        if (!input_token)
-        {
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        ptr = input_token->value;
-
-        /* Verify state machine is consistent with expected state */
-        state = SRP_AUTH_STATE_VALUE(ptr[0]);
-        if (state != srp_context_handle->state)
-        {
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-
-        srp_context_handle->state = state;
-        switch (srp_context_handle->state)
-        {
-          case SRP_AUTH_SALT_RESP:
-            srp_debug_printf("srp_gss_init_sec_context: "
-                             "state=SRP_AUTH_SALT_RESP\n");
-            major = _srp_auth_salt_resp(
-                         &minor,
-                         srp_mech_oid,
-                         srp_context_handle,
-                         srp_context_handle->state,
-                         input_token,
-                         &output_token_mem);
-            if (major)
-            {
-                goto error;
-            }
-
-            srp_context_handle->state = SRP_AUTH_SERVER_VALIDATE;
-            major = GSS_S_CONTINUE_NEEDED;
-            break;
-
-          case SRP_AUTH_SERVER_VALIDATE:
-            srp_debug_printf("srp_gss_init_sec_context: "
-                             "state=SRP_AUTH_SERVER_VALIDATE\n");
-            major = _srp_auth_server_validate(
-                         &minor,
-                         srp_mech_oid,
-                         srp_context_handle,
-                         srp_context_handle->state,
-                         input_token,
-                         &output_token_mem);
-            if (major)
-            {
-                srp_debug_printf("srp_gss_init_sec_context: "
-                                 "state=SRP_AUTH_FAILED!!!\n");
-                srp_context_handle->state = SRP_AUTH_FAILED;
-                major = GSS_S_FAILURE;
-            }
-            else
-            {
-                srp_debug_printf("srp_gss_init_sec_context: "
-                                 "state=SRP_AUTH_COMPLETE!!!\n");
-                srp_context_handle->state = SRP_AUTH_COMPLETE;
-                memset(&output_token_mem, 0, sizeof(output_token_mem));
-                major = GSS_S_COMPLETE;
-            }
-            break;
-
-          case SRP_AUTH_COMPLETE:
-            major = GSS_S_COMPLETE;
-          break;
-
-          case SRP_AUTH_FAILED:
-            srp_debug_printf("srp_gss_init_sec_context: "
-                             "state=SRP_AUTH_FAILED!!!\n");
-            major = GSS_S_FAILURE;
-          break;
-
-          default:
-            srp_debug_printf("srp_gss_init_sec_context: "
-                             "state=UNKNOWN!!!\n");
-            major = GSS_S_FAILURE;
-            break;
-        }
-    }
-
-    *output_token = output_token_mem;
-
-    if (major == GSS_S_COMPLETE)
-    {
-        krb5_err = srp_make_enc_keyblock(srp_context_handle);
-        if (krb5_err)
-        {
-            major = GSS_S_FAILURE;
-            minor = krb5_err;
-            goto error;
-        }
-        if (actual_mech)
-        {
-            *actual_mech = srp_mech_oid;
-        }
-    }
-    else if (major == GSS_S_CONTINUE_NEEDED && actual_mech)
-    {
-        *actual_mech = srp_mech_oid;
-    }
-
-error:
-
-    /* Free a bunch of stuff ... */
-    if (major)
-    {
-        if (minor)
-        {
-            *minor_status = minor;
-        }
-    }
-
-    return major;
-} /* init_sec_context */
diff --git a/lwraft/gssapi-plugins/srp/srp_main.c b/lwraft/gssapi-plugins/srp/srp_main.c
deleted file mode 100644
index 350210f9b..000000000
--- a/lwraft/gssapi-plugins/srp/srp_main.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <includes.h>
-#include <pthread.h>
-#include <openssl/ssl.h>
-
-/*
- * OpenSSL locking code needed for only Win32 because the
- * static OpenSSL library is linked into vmdir. The existing
- * locks created by vmdir are not shared into plugins, making
- * this additional logic necessary.
- */
-static pthread_mutex_t *g_mutexes;
-static int g_max_locks;
-
-static void srp_gss_locking_cb(
-    int mode,
-    int type,
-    const char *file,
-    int line)
-{
-    if (!g_mutexes ||
-        (type < 0 || type > g_max_locks))
-    {
-        return;
-    }
-    if (mode & CRYPTO_LOCK)
-    {
-        pthread_mutex_lock(&g_mutexes[type]);
-    }
-    else
-    {
-        pthread_mutex_unlock(&g_mutexes[type]);
-    }
-}
-
-static unsigned long srp_gss_thread_self(void)
-{
-    return (unsigned long) ((size_t) pthread_self().p);
-}
-
-static BOOL srp_gss_init(void)
-{
-    pthread_mutex_t *mutexes = NULL;
-    int n_locks = 0;
-    int i = 0;
-
-    n_locks = CRYPTO_num_locks();
-    if (n_locks <= 0)
-    {
-        return 0;
-    }
-    mutexes = (pthread_mutex_t *) calloc(n_locks, sizeof(pthread_mutex_t));
-    if (!mutexes)
-    {
-        return 0;
-    }
-    for (i=0; i<n_locks; i++)
-    {
-        pthread_mutex_init(&mutexes[i], NULL);
-    }
-    g_mutexes = mutexes;
-    g_max_locks = n_locks;
-    CRYPTO_set_locking_callback(srp_gss_locking_cb);
-    CRYPTO_set_id_callback(srp_gss_thread_self);
-    return 1;
-}
-
-static BOOL srp_gss_destroy(void)
-{
-    int i = 0;
-
-    if (g_mutexes)
-    {
-        for (i=0; i<g_max_locks; i++)
-        {
-            pthread_mutex_destroy(&g_mutexes[i]);
-        }
-        free(g_mutexes);
-        g_mutexes = NULL;
-    }
-    return 1;
-}
-
-BOOL __stdcall DllMain( HANDLE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-                     )
-{
-    BOOL result = TRUE;
-
-    switch (ul_reason_for_call)
-    {
-        case DLL_PROCESS_ATTACH:
-            result = srp_gss_init();
-            break;
-        case DLL_THREAD_ATTACH:
-            break;
-        case DLL_THREAD_DETACH:
-            break;
-        case DLL_PROCESS_DETACH:
-            srp_gss_destroy();
-            break;
-    }
-    return result;
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_mech.c b/lwraft/gssapi-plugins/srp/srp_mech.c
deleted file mode 100644
index 6c0577397..000000000
--- a/lwraft/gssapi-plugins/srp/srp_mech.c
+++ /dev/null
@@ -1,869 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 2014, VMware Inc. All rights reserved.
- *
- * Module: srp_mech.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP Plugin mechanism function table
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include	<stdio.h>
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
-
-
-#include	<krb5.h>
-#include "srp_util.h"
-#include "includes.h"
-#include "gssapi_alloc.h"
-
-
-/* Copy of GSSAPI plugin struct gss_config structure */
-#include "srp_mglueP.h"
-#include "gssapiP_srp.h"
-
-
-
-#undef g_token_size
-
-#define HARD_ERROR(v) ((v) != GSS_S_COMPLETE && (v) != GSS_S_CONTINUE_NEEDED)
-typedef const gss_OID_desc *gss_OID_const;
-
-static srp_token_t make_srp_token(char *);
-static gss_buffer_desc make_err_msg(char *);
-
-
-
-/* SRP oid structure */
-static const gss_OID_desc srp_gss_oid_array[] = {
-    {GSS_SRP_MECH_OID_LENGTH, GSS_SRP_MECH_OID},
-    {GSSAPI_SRP_MECH_OID_LENGTH, GSSAPI_SRP_MECH_OID},
-
-    /* 2.1.1. Kerberos Principal Name Form:  (rfc 1964)
-     * This name form shall be represented by the Object Identifier {iso(1)
-     * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-     * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
-     * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-    {10, "\052\206\110\206\367\022\001\002\002\001"},
-
-    /* 1.3.6.1.4.1.27433.3.1: NTLM OID, stolen from NTLM*/
-    {GSS_CRED_OPT_PW_LEN, GSS_CRED_OPT_PW},
-
-    /* 1.3.6.1.4.1.6876.11711.2.1.1.1: SRP cred option pwd OID */
-    {GSSAPI_SRP_CRED_OPT_PW_LEN, GSSAPI_SRP_CRED_OPT_PW},
-};
-
-const gss_OID_desc * const gss_mech_srp_oid           = srp_gss_oid_array+0;
-const gss_OID_desc * const gss_mech_gssapi_srp_oid    = srp_gss_oid_array+1;
-const gss_OID_desc * const gss_nt_srp_name_oid        = srp_gss_oid_array+2;
-const gss_OID_desc * const gss_srp_password_oid       = srp_gss_oid_array+3;
-const gss_OID_desc * const gss_srp_cred_opt_pw_oid    = srp_gss_oid_array+4;
-/*const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME = srp_gss_oid_array+1; */
-
-int gss_srpint_lib_init(void)
-{
-#ifdef _GSS_STATIC_LINK
-	return gss_srpmechglue_init();
-#else
-	return 0;
-#endif
-}
-
-void gss_srpint_lib_fini(void)
-{
-}
-
-
-
-/*
- * NegHints ::= SEQUENCE {
- *    hintName       [0]  GeneralString      OPTIONAL,
- *    hintAddress    [1]  OCTET STRING       OPTIONAL
- * }
- */
-
-#define HOST_PREFIX	"host@"
-#define HOST_PREFIX_LEN	(sizeof(HOST_PREFIX) - 1)
-
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_display_status(
-		OM_uint32 *minor_status,
-		OM_uint32 status_value,
-		int status_type,
-		gss_OID mech_type,
-		OM_uint32 *message_context,
-		gss_buffer_t status_string)
-{
-	dsyslog("Entering display_status\n");
-
-	*message_context = 0;
-	switch (status_value) {
-	    case ERR_SRP_NO_MECHS_AVAILABLE:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP cannot find mechanisms to negotiate");
-		break;
-	    case ERR_SRP_NO_CREDS_ACQUIRED:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP failed to acquire creds");
-		break;
-	    case ERR_SRP_NO_MECH_FROM_ACCEPTOR:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP acceptor did not select a mechanism");
-		break;
-	    case ERR_SRP_NEGOTIATION_FAILED:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP failed to negotiate a mechanism");
-		break;
-	    case ERR_SRP_NO_TOKEN_FROM_ACCEPTOR:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP acceptor did not return a valid token");
-		break;
-	    default:
-		status_string->length = 0;
-		status_string->value = "";
-		break;
-	}
-
-	dsyslog("Leaving display_status\n");
-	return (GSS_S_COMPLETE);
-}
-
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_import_name(
-		    OM_uint32 *minor_status,
-		    gss_buffer_t input_name_buffer,
-		    gss_OID input_name_type,
-		    gss_name_t *output_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering import_name\n");
-
-	status = gss_import_name(minor_status, input_name_buffer,
-			input_name_type, output_name);
-
-	dsyslog("Leaving import_name\n");
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_release_name(
-			OM_uint32 *minor_status,
-			gss_name_t *input_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering release_name\n");
-
-	status = gss_release_name(minor_status, input_name);
-
-	dsyslog("Leaving release_name\n");
-	return (status);
-}
-
-OM_uint32
-srp_gss_inquire_cred(
-			OM_uint32 *minor_status,
-			gss_cred_id_t cred_handle,
-			gss_name_t *name,
-			OM_uint32 *lifetime,
-			int *cred_usage,
-			gss_OID_set *mechanisms)
-{
-	OM_uint32 status = 0;
-        srp_gss_cred_id_t srp_cred_handle = NULL;
-        gss_name_t ret_name = NULL;
-
-	dsyslog("Entering inquire_cred\n");
-
-        srp_cred_handle = (srp_gss_cred_id_t) cred_handle;
-        if (srp_cred_handle && srp_cred_handle->name && name)
-        {
-            status = gss_duplicate_name(
-                         minor_status,
-                         srp_cred_handle->name,
-                         &ret_name);
-            if (status == 0)
-            {
-                *name = ret_name;
-            }
-        }
-
-	dsyslog("Leaving inquire_cred\n");
-
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_compare_name(
-			OM_uint32 *minor_status,
-			const gss_name_t name1,
-			const gss_name_t name2,
-			int *name_equal)
-{
-	OM_uint32 status = GSS_S_COMPLETE;
-	dsyslog("Entering compare_name\n");
-
-	status = gss_compare_name(minor_status, name1, name2, name_equal);
-
-	dsyslog("Leaving compare_name\n");
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_inquire_names_for_mech(
-				OM_uint32	*minor_status,
-				gss_OID		mechanism,
-				gss_OID_set	*name_types)
-{
-	OM_uint32   major = 0;
-	OM_uint32   minor = 0;
-
-	dsyslog("Entering inquire_names_for_mech\n");
-        if (major)
-        {
-            goto error;
-        }
-
-	dsyslog("Leaving inquire_names_for_mech\n");
-error:
-        if (major)
-        {
-            *minor_status = minor;
-        }
-	return (major);
-}
-
-OM_uint32
-srp_gss_unwrap(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t context_handle,
-		gss_buffer_t input_message_buffer,
-		gss_buffer_t output_message_buffer,
-		int *conf_state,
-		gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_unwrap(minor_status,
-			context_handle,
-			input_message_buffer,
-			output_message_buffer,
-			conf_state,
-			qop_state);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_wrap(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t context_handle,
-		int conf_req_flag,
-		gss_qop_t qop_req,
-		gss_buffer_t input_message_buffer,
-		int *conf_state,
-		gss_buffer_t output_message_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_wrap(minor_status,
-		    context_handle,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_process_context_token(
-				OM_uint32	*minor_status,
-				const gss_ctx_id_t context_handle,
-				const gss_buffer_t token_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_process_context_token(minor_status,
-					context_handle,
-					token_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_context_time(
-			OM_uint32	*minor_status,
-			const gss_ctx_id_t context_handle,
-			OM_uint32	*time_rec)
-{
-	OM_uint32 ret;
-	ret = gss_context_time(minor_status,
-			    context_handle,
-			    time_rec);
-	return (ret);
-}
-#ifndef LEAN_CLIENT
-OM_uint32
-srp_gss_export_sec_context(
-			    OM_uint32	  *minor_status,
-			    gss_ctx_id_t *context_handle,
-			    gss_buffer_t interprocess_token)
-{
-	OM_uint32 ret;
-	ret = gss_export_sec_context(minor_status,
-				    context_handle,
-				    interprocess_token);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_import_sec_context(
-	OM_uint32		*minor_status,
-	const gss_buffer_t	interprocess_token,
-	gss_ctx_id_t		*context_handle)
-{
-	OM_uint32 ret;
-	ret = gss_import_sec_context(minor_status,
-				    interprocess_token,
-				    context_handle);
-	return (ret);
-}
-#endif /* LEAN_CLIENT */
-
-OM_uint32
-srp_gss_inquire_context(
-			OM_uint32	*minor_status,
-			const gss_ctx_id_t context_handle,
-			gss_name_t	*src_name,
-			gss_name_t	*targ_name,
-			OM_uint32	*lifetime_rec,
-			gss_OID		*mech_type,
-			OM_uint32	*ctx_flags,
-			int		*locally_initiated,
-			int		*opened)
-{
-	OM_uint32 ret = GSS_S_COMPLETE;
-
-	ret = gss_inquire_context(minor_status,
-				context_handle,
-				src_name,
-				targ_name,
-				lifetime_rec,
-				NULL,
-				ctx_flags,
-				locally_initiated,
-				opened);
-
-    if (mech_type)
-        *mech_type = context_handle->mech_type;
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_wrap_size_limit(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	int		conf_req_flag,
-	gss_qop_t	qop_req,
-	OM_uint32	req_output_size,
-	OM_uint32	*max_input_size)
-{
-	OM_uint32 ret;
-	ret = gss_wrap_size_limit(minor_status,
-				context_handle,
-				conf_req_flag,
-				qop_req,
-				req_output_size,
-				max_input_size);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_get_mic(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		gss_qop_t  qop_req,
-		const gss_buffer_t message_buffer,
-		gss_buffer_t message_token)
-{
-	OM_uint32 ret;
-	ret = gss_get_mic(minor_status,
-		    context_handle,
-		    qop_req,
-		    message_buffer,
-		    message_token);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_verify_mic(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		const gss_buffer_t msg_buffer,
-		const gss_buffer_t token_buffer,
-		gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_verify_mic(minor_status,
-			    context_handle,
-			    msg_buffer,
-			    token_buffer,
-			    qop_state);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_inquire_sec_context_by_oid(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		const gss_OID desired_object,
-		gss_buffer_set_t *data_set)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_sec_context_by_oid(minor_status,
-			    context_handle,
-			    desired_object,
-			    data_set);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_inquire_cred_by_oid(
-		OM_uint32 *minor_status,
-		const gss_cred_id_t cred_handle,
-		const gss_OID desired_object,
-		gss_buffer_set_t *data_set)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_cred_by_oid(minor_status,
-				cred_handle,
-				desired_object,
-				data_set);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_set_sec_context_option(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t *context_handle,
-		const gss_OID desired_object,
-		const gss_buffer_t value)
-{
-	OM_uint32 ret;
-	ret = gss_set_sec_context_option(minor_status,
-			    context_handle,
-			    desired_object,
-			    value);
-	return (ret);
-}
-
-OM_uint32
-srp_gssspi_set_cred_option(OM_uint32 *minor_status,
-                       gss_cred_id_t cred_handle,
-                       const gss_OID desired_object,
-                       const gss_buffer_t value)
-{
-    OM_uint32 ret = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    gss_buffer_t value_buf = NULL;
-
-
-#ifdef _MIT_KRB5_1_11
-    srp_cred = (srp_gss_cred_id_t) *((gss_cred_id_t *) cred_handle);
-#else
-    srp_cred = (srp_gss_cred_id_t) cred_handle;
-#endif
-    if ((desired_object->length == GSS_CRED_OPT_PW_LEN_ST ||
-         desired_object->length == GSSAPI_SRP_CRED_OPT_PW_LEN_ST) &&
-        (memcmp(desired_object->elements,
-                GSS_CRED_OPT_PW_ST,
-                GSS_CRED_OPT_PW_LEN_ST) == 0 ||
-         memcmp(desired_object->elements,
-                GSSAPI_SRP_CRED_OPT_PW_ST,
-                GSSAPI_SRP_CRED_OPT_PW_LEN_ST) == 0))
-    {
-        value_buf = gssalloc_calloc(1, sizeof(gss_buffer_desc));
-        if (!value_buf)
-        {
-            return (GSS_S_FAILURE);
-        }
-        value_buf->value = gssalloc_calloc(value->length+1, sizeof(unsigned char));
-        if (!value_buf->value)
-        {
-            return (GSS_S_FAILURE);
-        }
-
-        memcpy(value_buf->value, value->value, value->length);
-        value_buf->length = value->length;
-        srp_cred->password = value_buf;
-    }
-    else
-    {
-        ret = GSS_S_UNAVAILABLE;
-    }
-
-    return (ret);
-}
-
-OM_uint32
-srp_gss_wrap_aead(OM_uint32 *minor_status,
-		     gss_ctx_id_t context_handle,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     gss_buffer_t input_assoc_buffer,
-		     gss_buffer_t input_payload_buffer,
-		     int *conf_state,
-		     gss_buffer_t output_message_buffer)
-{
-    OM_uint32 ret;
-	ret = gss_wrap_aead(minor_status,
-			    context_handle,
-			    conf_req_flag,
-			    qop_req,
-			    input_assoc_buffer,
-			    input_payload_buffer,
-			    conf_state,
-			    output_message_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_unwrap_aead(OM_uint32 *minor_status,
-		       gss_ctx_id_t context_handle,
-		       gss_buffer_t input_message_buffer,
-		       gss_buffer_t input_assoc_buffer,
-		       gss_buffer_t output_payload_buffer,
-		       int *conf_state,
-		       gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_unwrap_aead(minor_status,
-			      context_handle,
-			      input_message_buffer,
-			      input_assoc_buffer,
-			      output_payload_buffer,
-			      conf_state,
-			      qop_state);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_wrap_iov_length(OM_uint32 *minor_status,
-			   gss_ctx_id_t context_handle,
-			   int conf_req_flag,
-			   gss_qop_t qop_req,
-			   int *conf_state,
-			   gss_iov_buffer_desc *iov,
-			   int iov_count)
-{
-	OM_uint32 ret;
-	ret = gss_wrap_iov_length(minor_status,
-				  context_handle,
-				  conf_req_flag,
-				  qop_req,
-				  conf_state,
-				  iov,
-				  iov_count);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_complete_auth_token(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		gss_buffer_t input_message_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_complete_auth_token(minor_status,
-				      context_handle,
-				      input_message_buffer);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
-					 const gss_cred_id_t impersonator_cred_handle,
-					 const gss_name_t desired_name,
-					 OM_uint32 time_req,
-					 const gss_OID_set desired_mechs,
-					 gss_cred_usage_t cred_usage,
-					 gss_cred_id_t *output_cred_handle,
-					 gss_OID_set *actual_mechs,
-					 OM_uint32 *time_rec)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering srp_gss_acquire_cred_impersonate_name\n");
-
-
-	dsyslog("Leaving srp_gss_acquire_cred_impersonate_name\n");
-	return (status);
-}
-
-OM_uint32
-srp_gss_display_name_ext(OM_uint32 *minor_status,
-			    gss_name_t name,
-			    gss_OID display_as_name_type,
-			    gss_buffer_t display_name)
-{
-	OM_uint32 ret = 0;
-	ret = gss_display_name_ext(minor_status,
-				   name,
-				   display_as_name_type,
-				   display_name);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_inquire_name(OM_uint32 *minor_status,
-			gss_name_t name,
-			int *name_is_MN,
-			gss_OID *MN_mech,
-			gss_buffer_set_t *attrs)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_name(minor_status,
-			       name,
-			       name_is_MN,
-			       MN_mech,
-			       attrs);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_get_name_attribute(OM_uint32 *minor_status,
-			      gss_name_t name,
-			      gss_buffer_t attr,
-			      int *authenticated,
-			      int *complete,
-			      gss_buffer_t value,
-			      gss_buffer_t display_value,
-			      int *more)
-{
-	OM_uint32 ret;
-	ret = gss_get_name_attribute(minor_status,
-				     name,
-				     attr,
-				     authenticated,
-				     complete,
-				     value,
-				     display_value,
-				     more);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_set_name_attribute(OM_uint32 *minor_status,
-			      gss_name_t name,
-			      int complete,
-			      gss_buffer_t attr,
-			      gss_buffer_t value)
-{
-	OM_uint32 ret;
-	ret = gss_set_name_attribute(minor_status,
-				     name,
-				     complete,
-				     attr,
-				     value);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_delete_name_attribute(OM_uint32 *minor_status,
-				 gss_name_t name,
-				 gss_buffer_t attr)
-{
-	OM_uint32 ret;
-	ret = gss_delete_name_attribute(minor_status,
-					name,
-					attr);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_export_name_composite(OM_uint32 *minor_status,
-				 gss_name_t name,
-				 gss_buffer_t exp_composite_name)
-{
-	OM_uint32 ret;
-	ret = gss_export_name_composite(minor_status,
-					name,
-					exp_composite_name);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_map_name_to_any(OM_uint32 *minor_status,
-			   gss_name_t name,
-			   int authenticated,
-			   gss_buffer_t type_id,
-			   gss_any_t *output)
-{
-	OM_uint32 ret;
-	ret = gss_map_name_to_any(minor_status,
-				  name,
-				  authenticated,
-				  type_id,
-				  output);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_release_any_name_mapping(OM_uint32 *minor_status,
-				    gss_name_t name,
-				    gss_buffer_t type_id,
-				    gss_any_t *input)
-{
-	OM_uint32 ret;
-	ret = gss_release_any_name_mapping(minor_status,
-					   name,
-					   type_id,
-					   input);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_internal_release_oid(
-    OM_uint32   *minor_status,
-    gss_OID     *oid)
-{
-    OM_uint32   major_status = GSS_S_COMPLETE;
-    gss_OID tmpOid = NULL;
-
-    *minor_status = 0;
-
-    if (oid && *oid)
-    {
-    /*
-     * This function only knows how to release internal OIDs. It will
-     * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize.
-     */
-        if (*oid == GSS_C_NT_USER_NAME)
-        {
-            /*
-             * Don't free statically allocated OIDs.
-             * This is similar to the check performed in
-             * krb5/src/lib/gssapi/krb5/rel_oid.c:
-             *   krb5_gss_internal_release_oid()
-             */
-            return major_status;
-        }
-        tmpOid = (gss_OID) *oid;
-        if (tmpOid->elements)
-        {
-            free(tmpOid->elements);
-        }
-        free(tmpOid);
-        *oid = NULL;
-    }
-    return major_status;
-}
-
-
-/* following are token creation and reading routines */
-
-/*
- * This routine compares the recieved mechset to the mechset that
- * this server can support. It looks sequentially through the mechset
- * and the first one that matches what the server can support is
- * chosen as the negotiated mechanism. If one is found, negResult
- * is set to ACCEPT_INCOMPLETE if it's the first mech, REQUEST_MIC if
- * it's not the first mech, otherwise we return NULL and negResult
- * is set to REJECT.
- *
- * NOTE: There is currently no way to specify a preference order of
- * mechanisms supported by the acceptor.
- */
-
-/*
- * the next two routines make a token buffer suitable for
- * srp_gss_display_status. These currently take the string
- * in name and place it in the token. Eventually, if
- * srp_gss_display_status returns valid error messages,
- * these routines will be changes to return the error string.
- */
-static srp_token_t
-make_srp_token(char *name)
-{
-	return (srp_token_t)strdup(name);
-}
-
-static gss_buffer_desc
-make_err_msg(char *name)
-{
-	gss_buffer_desc buffer;
-
-	if (name == NULL) {
-		buffer.length = 0;
-		buffer.value = NULL;
-	} else {
-		buffer.length = strlen(name)+1;
-		buffer.value = make_srp_token(name);
-	}
-
-	return (buffer);
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_mech.h b/lwraft/gssapi-plugins/srp/srp_mech.h
deleted file mode 100644
index 679611739..000000000
--- a/lwraft/gssapi-plugins/srp/srp_mech.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 2014, VMware Inc. All rights reserved.
- *
- * Module: srp_mech.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP Plugin mechanism function table
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#ifndef _SRP_MECH_H_
-#define _SRP_MECH_H_
-OM_uint32
-
-srp_gss_internal_release_oid(
-    OM_uint32   *minor_status,
-    gss_OID     *oid);
-
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srp_mech_desc_srp10.c b/lwraft/gssapi-plugins/srp/srp_mech_desc_srp10.c
deleted file mode 100644
index 8a1a03c0a..000000000
--- a/lwraft/gssapi-plugins/srp/srp_mech_desc_srp10.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 2014, 2015 VMware Inc. All rights reserved.
- *
- * Module: srp_mech_desc_srp10.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP Plugin mechanism function table  (OID=1.2.840.113554.1.2.10)
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include	<stdio.h>
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
-
-
-#include	<krb5.h>
-#include        <vmdirdefines.h>
-#include "srp_util.h"
-#include "gssapi_alloc.h"
-
-
-/* Copy of GSSAPI plugin struct gss_config structure */
-#include "srp_mglueP.h"
-#include "gssapiP_srp.h"
-#include "srp_mech.h"
-
-OM_uint32
-srp_gss_indicate_mechs(
-    OM_uint32 *minor_status,
-    gss_OID_set *mech_set)
-{
-    gss_OID_set_desc *ret_mech_set = NULL;
-    gss_OID new_oid = NULL;
-    OM_uint32 major = 0;
-
-    if (minor_status)
-    {
-        *minor_status = 0;
-    }
-
-    ret_mech_set = (gss_OID_set_desc *)
-        gssalloc_calloc(1, sizeof(*ret_mech_set));
-    if (!ret_mech_set)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* Returning only the 2 SRP mech oids */
-    ret_mech_set->elements = (gss_OID_desc *)
-        gssalloc_calloc(2, sizeof(*ret_mech_set->elements));
-    if (!ret_mech_set->elements)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = srp_gss_duplicate_oid(minor_status,
-         (gss_OID) gss_mech_srp_oid,
-         &new_oid);
-    if (major)
-    {
-        goto error;
-    }
-    ret_mech_set->elements[0] = *new_oid, new_oid = NULL;
-
-    major = srp_gss_duplicate_oid(minor_status,
-         (gss_OID) gss_mech_gssapi_srp_oid,
-         &new_oid);
-    if (major)
-    {
-        goto error;
-    }
-    ret_mech_set->elements[1] = *new_oid, new_oid = NULL;
-    ret_mech_set->count = 2;
-    *mech_set = ret_mech_set;
-    ret_mech_set = NULL;
-
-error:
-    if (major)
-    {
-        /* Free stuff */
-        if (ret_mech_set)
-        {
-            if (ret_mech_set->elements)
-            {
-                gssalloc_free(ret_mech_set->elements);
-            }
-            gssalloc_free(ret_mech_set);
-        }
-        ret_mech_set = NULL;
-    }
-    return major;
-}
-
-static
-OM_uint32 KRB5_CALLCONV
-srp_gss_inquire_attrs_for_mech(OM_uint32 *minor_status,
-                               gss_const_OID mech,
-                               gss_OID_set *mech_attrs,
-                               gss_OID_set *known_mech_attrs)
-{
-    OM_uint32 major, tmpMinor;
-
-    /* known_mech_attrs is handled by mechglue */
-    *minor_status = 0;
-
-    if (mech_attrs == NULL)
-        return (GSS_S_COMPLETE);
-
-    major = gss_create_empty_oid_set(minor_status, mech_attrs);
-    if (GSS_ERROR(major))
-        goto cleanup;
-
-#define MA_SUPPORTED(ma)    do {                                        \
-        major = gss_add_oid_set_member(minor_status, (gss_OID)ma,       \
-                                       mech_attrs);                     \
-        if (GSS_ERROR(major))                                           \
-            goto cleanup;                                               \
-    } while (0)
-
-    MA_SUPPORTED(gss_mech_srp_oid);
-
-cleanup:
-    if (GSS_ERROR(major))
-        gss_release_oid_set(&tmpMinor, mech_attrs);
-
-    return (major);
-}
-
-/*
- * The Mech OID:
- *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) srp(10)
- *        = 1.2.840.113554.1.2.10
- */
-static struct _GSS_MECH_PLUGIN_CONFIG srp_mechanism =
-{
-        {GSS_SRP_MECH_OID_LENGTH, GSS_SRP_MECH_OID},
-	NULL,
-	srp_gss_acquire_cred,
-	srp_gss_release_cred,
-	srp_gss_init_sec_context,
-#ifndef LEAN_CLIENT
-	srp_gss_accept_sec_context,
-#else
-	NULL,
-#endif  /* LEAN_CLIENT */
-	NULL,				/* gss_process_context_token */
-	srp_gss_delete_sec_context,	/* gss_delete_sec_context */
-	srp_gss_context_time,	/* gss_context_time */
-	srp_gss_get_mic,		/* gss_get_mic */
-	srp_gss_verify_mic,		/* gss_verify_mic */
-	srp_gss_wrap,		/* gss_wrap */
-	srp_gss_unwrap,		/* gss_unwrap */
-	srp_gss_display_status,
-        srp_gss_indicate_mechs, /* gss_indicate_mechs */
-	srp_gss_compare_name,
-	srp_gss_display_name,
-	srp_gss_import_name,
-	srp_gss_release_name,
-	srp_gss_inquire_cred,	/* gss_inquire_cred */
-	NULL,				/* gss_add_cred */
-#ifndef LEAN_CLIENT
-	srp_gss_export_sec_context,		/* gss_export_sec_context */
-	srp_gss_import_sec_context,		/* gss_import_sec_context */
-#else
-	NULL,				/* gss_export_sec_context */
-	NULL,				/* gss_import_sec_context */
-#endif /* LEAN_CLIENT */
-	NULL,				/* gss_inquire_cred_by_mech */
-	srp_gss_inquire_names_for_mech,
-	srp_gss_inquire_context,	/* gss_inquire_context */
-        srp_gss_internal_release_oid,
-	srp_gss_wrap_size_limit,	/* gss_wrap_size_limit */
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_localname */
-	NULL,				/* gssspi_authorize_localname */
-#endif
-	NULL,				/* gss_export_name */
-
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_duplicate_name */
-#endif
-
-	NULL,				/* gss_store_cred */
-	srp_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
-	srp_gss_inquire_cred_by_oid,	/* gss_inquire_cred_by_oid */
-	srp_gss_set_sec_context_option, /* gss_set_sec_context_option */
-	srp_gssspi_set_cred_option,	/* gssspi_set_cred_option */
-	NULL,				/* gssspi_mech_invoke */
-	srp_gss_wrap_aead,
-	srp_gss_unwrap_aead,
-	srp_gss_wrap_iov,
-	srp_gss_unwrap_iov,
-	srp_gss_wrap_iov_length,
-	srp_gss_complete_auth_token,
-	srp_gss_acquire_cred_impersonate_name,
-	NULL,				/* gss_add_cred_impersonate_name */
-	srp_gss_display_name_ext,
-	srp_gss_inquire_name,
-	srp_gss_get_name_attribute,
-	srp_gss_set_name_attribute,
-	srp_gss_delete_name_attribute,
-	srp_gss_export_name_composite,
-	srp_gss_map_name_to_any,
-	srp_gss_release_any_name_mapping,
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_pseudo_random */
-	NULL,				/* gss_set_neg_mechs */
-	NULL,				/* gss_inquire_saslname_for_mech */
-	NULL,				/* gss_inquire_mech_for_saslname */
-        srp_gss_inquire_attrs_for_mech,
-	NULL,				/* gss_acquire_cred_from */
-	NULL,				/* gss_store_cred_into */
-	NULL,				/* gssspi_acquire_cred_with_password */
-	NULL,				/* gss_export_cred */
-	NULL,				/* gss_import_cred */
-	NULL,				/* gssspi_import_sec_context_by_mech */
-	NULL,				/* gssspi_import_name_by_mech */
-	NULL,				/* gssspi_import_cred_by_mech */
-#endif
-};
-
-
-#ifdef _GSS_STATIC_LINK
-#include "mglueP.h"
-
-static int gss_srpmechglue_init(void)
-{
-	struct gss_mech_config mech_srp;
-
-	memset(&mech_srp, 0, sizeof(mech_srp));
-	mech_srp.mech = &srp_mechanism;
-	mech_srp.mechNameStr = "srp";
-	mech_srp.mech_type = (const gss_OID_desc * const) gss_mech_srp;
-
-	return gssint_register_mechinfo(&mech_srp);
-}
-#else
-GSS_MECH_PLUGIN_CONFIG gss_mech_initialize(void)
-{
-	return (&srp_mechanism);
-}
-
-#endif /* _GSS_STATIC_LINK */
diff --git a/lwraft/gssapi-plugins/srp/srp_mglueP.h b/lwraft/gssapi-plugins/srp/srp_mglueP.h
deleted file mode 100644
index 45dfabdf3..000000000
--- a/lwraft/gssapi-plugins/srp/srp_mglueP.h
+++ /dev/null
@@ -1,695 +0,0 @@
-/*
- * This header contains the private mechglue definitions.
- *
- * Copyright (c) 1995, by Sun Microsystems, Inc.
- * All rights reserved.
- */
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-
-#ifndef _SRP_MGLUEP_H_
-#define _SRP_MGLUEP_H_
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-/*
- * Exact copy of the mglueP.h "struct gss_config". This is contained
- * in a private header file, so this internal plugin structure cannot
- * be consumed publically.
- */
-
-/*
- * This is the definition of the mechs_array struct, which is used to
- * define the mechs array table. This table is used to indirectly
- * access mechanism specific versions of the gssapi routines through
- * the routines in the glue module (gssd_mech_glue.c)
- *
- * This contants all of the functions defined in gssapi.h except for
- * gss_release_buffer() and gss_release_oid_set(), which I am
- * assuming, for now, to be equal across mechanisms.  
- */
- 
-typedef struct _GSS_MECH_PLUGIN_CONFIG {
-    gss_OID_desc    mech_type;
-    void *	    context;
-    OM_uint32       (*gss_acquire_cred)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* desired_name */
-		    OM_uint32,		/* time_req */
-		    gss_OID_set,	/* desired_mechs */
-		    int,		/* cred_usage */
-		    gss_cred_id_t*,	/* output_cred_handle */
-		    gss_OID_set*,	/* actual_mechs */
-		    OM_uint32*		/* time_rec */
-		    );
-    OM_uint32       (*gss_release_cred)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_cred_id_t*	/* cred_handle */
-		    );
-    OM_uint32       (*gss_init_sec_context)
-	(
-		    OM_uint32*,			/* minor_status */
-		    gss_cred_id_t,		/* claimant_cred_handle */
-		    gss_ctx_id_t*,		/* context_handle */
-		    gss_name_t,			/* target_name */
-		    gss_OID,			/* mech_type */
-		    OM_uint32,			/* req_flags */
-		    OM_uint32,			/* time_req */
-		    gss_channel_bindings_t,	/* input_chan_bindings */
-		    gss_buffer_t,		/* input_token */
-		    gss_OID*,			/* actual_mech_type */
-		    gss_buffer_t,		/* output_token */
-		    OM_uint32*,			/* ret_flags */
-		    OM_uint32*			/* time_rec */
-		    );
-    OM_uint32       (*gss_accept_sec_context)
-	(
-		    OM_uint32*,			/* minor_status */
-		    gss_ctx_id_t*,		/* context_handle */
-		    gss_cred_id_t,		/* verifier_cred_handle */
-		    gss_buffer_t,		/* input_token_buffer */
-		    gss_channel_bindings_t,	/* input_chan_bindings */
-		    gss_name_t*,		/* src_name */
-		    gss_OID*,			/* mech_type */
-		    gss_buffer_t,		/* output_token */
-		    OM_uint32*,			/* ret_flags */
-		    OM_uint32*,			/* time_rec */
-		    gss_cred_id_t*		/* delegated_cred_handle */
-		    );
-    OM_uint32       (*gss_process_context_token)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t	/* token_buffer */
-		    );
-    OM_uint32       (*gss_delete_sec_context)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t*,	/* context_handle */
-		    gss_buffer_t	/* output_token */
-		    );
-    OM_uint32       (*gss_context_time)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    OM_uint32*		/* time_rec */
-		    );
-    OM_uint32       (*gss_get_mic)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_qop_t,		/* qop_req */
-		    gss_buffer_t,	/* message_buffer */
-		    gss_buffer_t	/* message_token */
-		    );
-    OM_uint32       (*gss_verify_mic)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t,	/* message_buffer */
-		    gss_buffer_t,	/* token_buffer */
-		    gss_qop_t*		/* qop_state */
-		    );
-    OM_uint32       (*gss_wrap)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    int,		/* conf_req_flag */
-		    gss_qop_t,		/* qop_req */
-		    gss_buffer_t,	/* input_message_buffer */
-		    int*,		/* conf_state */
-		    gss_buffer_t	/* output_message_buffer */
-		    );
-    OM_uint32       (*gss_unwrap)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t,	/* input_message_buffer */
-		    gss_buffer_t,	/* output_message_buffer */
-		    int*,		/* conf_state */
-		    gss_qop_t*		/* qop_state */
-		    );
-    OM_uint32       (*gss_display_status)
-	(
-		    OM_uint32*,		/* minor_status */
-		    OM_uint32,		/* status_value */
-		    int,		/* status_type */
-		    gss_OID,		/* mech_type */
-		    OM_uint32*,		/* message_context */
-		    gss_buffer_t	/* status_string */
-		    );
-    OM_uint32       (*gss_indicate_mechs)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_OID_set*	/* mech_set */
-		    );
-    OM_uint32       (*gss_compare_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* name1 */
-		    gss_name_t,		/* name2 */
-		    int*		/* name_equal */
-		    );
-    OM_uint32       (*gss_display_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* input_name */
-		    gss_buffer_t,	/* output_name_buffer */
-		    gss_OID*		/* output_name_type */
-		    );
-    OM_uint32       (*gss_import_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_buffer_t,	/* input_name_buffer */
-		    gss_OID,		/* input_name_type */
-		    gss_name_t*		/* output_name */
-		    );
-    OM_uint32       (*gss_release_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t*		/* input_name */
-		    );
-    OM_uint32       (*gss_inquire_cred)
-	(
-		    OM_uint32 *,		/* minor_status */
-		    gss_cred_id_t,		/* cred_handle */
-		    gss_name_t *,		/* name */
-		    OM_uint32 *,		/* lifetime */
-		    int *,			/* cred_usage */
-		    gss_OID_set *		/* mechanisms */
-		    );
-    OM_uint32	    (*gss_add_cred)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,	/* input_cred_handle */
-		    gss_name_t,		/* desired_name */
-		    gss_OID,		/* desired_mech */
-		    gss_cred_usage_t,	/* cred_usage */
-		    OM_uint32,		/* initiator_time_req */
-		    OM_uint32,		/* acceptor_time_req */
-		    gss_cred_id_t *,	/* output_cred_handle */
-		    gss_OID_set *,	/* actual_mechs */
-		    OM_uint32 *,	/* initiator_time_rec */
-		    OM_uint32 *		/* acceptor_time_rec */
-		    );
-    OM_uint32	    (*gss_export_sec_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t *,	/* context_handle */
-		    gss_buffer_t	/* interprocess_token */
-		    );
-    OM_uint32	    (*gss_import_sec_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_buffer_t,	/* interprocess_token */
-		    gss_ctx_id_t *	/* context_handle */
-		    );
-    OM_uint32 	    (*gss_inquire_cred_by_mech)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,	/* cred_handle */
-		    gss_OID,		/* mech_type */
-		    gss_name_t *,	/* name */
-		    OM_uint32 *,	/* initiator_lifetime */
-		    OM_uint32 *,	/* acceptor_lifetime */
-		    gss_cred_usage_t *	/* cred_usage */
-		    );
-    OM_uint32	    (*gss_inquire_names_for_mech)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_OID,		/* mechanism */
-		    gss_OID_set *	/* name_types */
-		    );
-    OM_uint32	(*gss_inquire_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_name_t *,	/* src_name */
-		    gss_name_t *,	/* targ_name */
-		    OM_uint32 *,	/* lifetime_rec */
-		    gss_OID *,		/* mech_type */
-		    OM_uint32 *,	/* ctx_flags */
-		    int *,	   	/* locally_initiated */
-		    int *		/* open */
-		    );
-    OM_uint32	    (*gss_internal_release_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_OID *		/* OID */
-	 );
-    OM_uint32	     (*gss_wrap_size_limit)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    int,		/* conf_req_flag */
-		    gss_qop_t,		/* qop_req */
-		    OM_uint32,		/* req_output_size */
-		    OM_uint32 *		/* max_input_size */
-	 );
-#if 0
-    int		     (*pname_to_uid)
-	(
-		    char *,		/* pname */
-		    gss_OID,		/* name type */
-		    gss_OID,		/* mech type */
-		    uid_t *		/* uid */
-		    );
-	OM_uint32		(*gssint_userok)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_name_t,	/* pname */
-		    const char *,	/* local user */
-		    int *		/* user ok? */
-	/* */);
-#endif
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32        (KRB5_CALLCONV *gss_localname)
-        (
-                    OM_uint32 *,        /* minor */
-                    const gss_name_t,   /* name */
-                    gss_const_OID,      /* mech_type */
-                    gss_buffer_t /* localname */
-            );
-        OM_uint32               (KRB5_CALLCONV *gssspi_authorize_localname)
-        (
-                    OM_uint32 *,        /* minor_status */
-                    const gss_name_t,   /* pname */
-                    gss_const_buffer_t, /* local user */
-                    gss_const_OID       /* local nametype */
-        /* */);
-
-#endif
-
-	OM_uint32		(*gss_export_name)
-	(
-		OM_uint32 *,		/* minor_status */
-		const gss_name_t,	/* input_name */
-		gss_buffer_t		/* exported_name */
-	/* */);
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32       (KRB5_CALLCONV *gss_duplicate_name)
-        (
-                    OM_uint32*,         /* minor_status */
-                    const gss_name_t,   /* input_name */
-                    gss_name_t *        /* output_name */
-        /* */);
-#endif
-
-	OM_uint32	(*gss_store_cred)
-	(
-		OM_uint32 *,		/* minor_status */
-		const gss_cred_id_t,	/* input_cred */
-		gss_cred_usage_t,	/* cred_usage */
-		const gss_OID,		/* desired_mech */
-		OM_uint32,		/* overwrite_cred */
-		OM_uint32,		/* default_cred */
-		gss_OID_set *,		/* elements_stored */
-		gss_cred_usage_t *	/* cred_usage_stored */
-	/* */);
-
-
-	/* GGF extensions */
-
-	OM_uint32       (*gss_inquire_sec_context_by_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_ctx_id_t, /* context_handle */
-		    const gss_OID,      /* OID */
-		    gss_buffer_set_t *  /* data_set */
-		    );
-	OM_uint32       (*gss_inquire_cred_by_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_cred_id_t, /* cred_handle */
-		    const gss_OID,      /* OID */
-		    gss_buffer_set_t *  /* data_set */
-		    );
-	OM_uint32       (*gss_set_sec_context_option)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t *,     /* context_handle */
-		    const gss_OID,      /* OID */
-		    const gss_buffer_t  /* value */
-		    );
-	OM_uint32       (*gssspi_set_cred_option)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,      /* cred_handle */
-		    const gss_OID,      /* OID */
-		    const gss_buffer_t	/* value */
-		    );
-	OM_uint32       (*gssspi_mech_invoke)
-	(
-		    OM_uint32*,		/* minor_status */
-		    const gss_OID, 	/* mech OID */
-		    const gss_OID,      /* OID */
-		    gss_buffer_t 	/* value */
-		    );
-
-	/* AEAD extensions */
-	OM_uint32	(*gss_wrap_aead)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag */
-	    gss_qop_t,			/* qop_req */
-	    gss_buffer_t,		/* input_assoc_buffer */
-	    gss_buffer_t,		/* input_payload_buffer */
-	    int *,			/* conf_state */
-	    gss_buffer_t		/* output_message_buffer */
-	/* */);
-
-	OM_uint32	(*gss_unwrap_aead)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    gss_buffer_t,		/* input_message_buffer */
-	    gss_buffer_t,		/* input_assoc_buffer */
-	    gss_buffer_t,		/* output_payload_buffer */
-	    int *,			/* conf_state */
-	    gss_qop_t *			/* qop_state */
-	/* */);
-
-	/* SSPI extensions */
-	OM_uint32	(*gss_wrap_iov)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag */
-	    gss_qop_t,			/* qop_req */
-	    int *,			/* conf_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32	(*gss_unwrap_iov)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int *,			/* conf_state */
-	    gss_qop_t *,		/* qop_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32	(*gss_wrap_iov_length)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag*/
-	    gss_qop_t, 			/* qop_req */
-	    int *, 			/* conf_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32       (*gss_complete_auth_token)
-	(
-		    OM_uint32*,		/* minor_status */
-		    const gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t	/* input_message_buffer */
-		    );
-
-	/* New for 1.8 */
-
-	OM_uint32	(*gss_acquire_cred_impersonate_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_cred_id_t,	/* impersonator_cred_handle */
-	    const gss_name_t,		/* desired_name */
-	    OM_uint32,			/* time_req */
-	    const gss_OID_set,		/* desired_mechs */
-	    gss_cred_usage_t,		/* cred_usage */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32	(*gss_add_cred_impersonate_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* input_cred_handle */
-	    const gss_cred_id_t,	/* impersonator_cred_handle */
-	    const gss_name_t,		/* desired_name */
-	    const gss_OID,		/* desired_mech */
-	    gss_cred_usage_t,		/* cred_usage */
-	    OM_uint32,			/* initiator_time_req */
-	    OM_uint32,			/* acceptor_time_req */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *,		/* initiator_time_rec */
-	    OM_uint32 *			/* acceptor_time_rec */
-	/* */);
-
-	OM_uint32	(*gss_display_name_ext)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_OID,			/* display_as_name_type */
-	    gss_buffer_t		/* display_name */
-	/* */);
-
-	OM_uint32	(*gss_inquire_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int *,			/* name_is_MN */
-	    gss_OID *,			/* MN_mech */
-	    gss_buffer_set_t *		/* attrs */
-	/* */);
-
-	OM_uint32	(*gss_get_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t,		/* attr */
-	    int *,			/* authenticated */
-	    int *,			/* complete */
-	    gss_buffer_t,		/* value */
-	    gss_buffer_t,		/* display_value */
-	    int *			/* more */
-	/* */);
-
-	OM_uint32	(*gss_set_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int,			/* complete */
-	    gss_buffer_t,		/* attr */
-	    gss_buffer_t		/* value */
-	/* */);
-
-	OM_uint32	(*gss_delete_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t		/* attr */
-	/* */);
-
-	OM_uint32	(*gss_export_name_composite)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t		/* exp_composite_name */
-	/* */);
-
-	OM_uint32	(*gss_map_name_to_any)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int,			/* authenticated */
-	    gss_buffer_t,		/* type_id */
-	    gss_any_t *			/* output */
-	/* */);
-
-	OM_uint32	(*gss_release_any_name_mapping)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t,		/* type_id */
-	    gss_any_t *			/* input */
-	/* */);
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32       (KRB5_CALLCONV *gss_pseudo_random)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context */
-            int,                        /* prf_key */
-            const gss_buffer_t,         /* prf_in */
-            ssize_t,                    /* desired_output_len */
-            gss_buffer_t                /* prf_out */
-        /* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_set_neg_mechs)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* cred_handle */
-	    const gss_OID_set		/* mech_set */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_saslname_for_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_OID,		/* desired_mech */
-	    gss_buffer_t,		/* sasl_mech_name */
-	    gss_buffer_t,		/* mech_name */
-	    gss_buffer_t		/* mech_description */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_mech_for_saslname)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_buffer_t,		/* sasl_mech_name */
-	    gss_OID *			/* mech_type */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_attrs_for_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_const_OID,		/* mech */
-	    gss_OID_set *,		/* mech_attrs */
-	    gss_OID_set *		/* known_mech_attrs */
-	/* */);
-
-	/* Credential store extensions */
-
-	OM_uint32       (KRB5_CALLCONV *gss_acquire_cred_from)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* desired_name */
-	    OM_uint32,			/* time_req */
-	    gss_OID_set,		/* desired_mechs */
-	    gss_cred_usage_t,		/* cred_usage */
-	    gss_const_key_value_set_t,	/* cred_store */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_store_cred_into)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* input_cred_handle */
-	    gss_cred_usage_t,		/* input_usage */
-	    gss_OID,			/* desired_mech */
-	    OM_uint32,			/* overwrite_cred */
-	    OM_uint32,			/* default_cred */
-	    gss_const_key_value_set_t,	/* cred_store */
-	    gss_OID_set *,		/* elements_stored */
-	    gss_cred_usage_t *		/* cred_usage_stored */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_acquire_cred_with_password)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_name_t,		/* desired_name */
-	    const gss_buffer_t,	 /* password */
-	    OM_uint32,			/* time_req */
-	    const gss_OID_set,		/* desired_mechs */
-	    int,			/* cred_usage */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_export_cred)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* cred_handle */
-	    gss_buffer_t		/* token */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_import_cred)
-	(
-		OM_uint32 *,		/* minor_status */
-		gss_buffer_t,		/* token */
-		gss_cred_id_t *		/* cred_handle */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* desired_mech */
-	    gss_buffer_t,		/* interprocess_token */
-	    gss_ctx_id_t *		/* context_handle */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_name_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* mech_type */
-	    gss_buffer_t,		/* input_name_buffer */
-	    gss_OID,			/* input_name_type */
-	    gss_name_t*			/* output_name */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_cred_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* mech_type */
-	    gss_buffer_t,		/* token */
-	    gss_cred_id_t *		/* cred_handle */
-	/* */);
-
-#ifdef _MIT_KRB5_1_12
-        /* get_mic_iov extensions, added in 1.12 */
-
-        OM_uint32       (KRB5_CALLCONV *gss_get_mic_iov)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t,                  /* qop_req */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-
-        OM_uint32       (KRB5_CALLCONV *gss_verify_mic_iov)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t *,                /* qop_state */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-
-        OM_uint32       (KRB5_CALLCONV *gss_get_mic_iov_length)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t,                  /* qop_req */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-#endif
-
-#endif
-
-
-} *GSS_MECH_PLUGIN_CONFIG;
-
-typedef struct gss_ctx_id_struct {
- struct gss_ctx_id_struct *loopback;
- gss_OID mech_type;
- gss_ctx_id_t internal_ctx_id;
-} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
-
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srp_release_cred.c b/lwraft/gssapi-plugins/srp/srp_release_cred.c
deleted file mode 100644
index 6a55b8be6..000000000
--- a/lwraft/gssapi-plugins/srp/srp_release_cred.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "srp_util.h"
-#include "gssapi_alloc.h"
-
-OM_uint32
-srp_gss_release_cred(OM_uint32 *minor_status,
-            gss_cred_id_t *cred_handle)
-{
-    OM_uint32 status = 0;
-    OM_uint32 min = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-
-    dsyslog("Entering srp_gss_release_cred\n");
-
-    if (minor_status == NULL || cred_handle == NULL)
-    {
-        return (GSS_S_CALL_INACCESSIBLE_WRITE);
-    }
-
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL)
-    {
-        return (GSS_S_COMPLETE);
-    }
-
-    srp_cred = (srp_gss_cred_id_t) *cred_handle;
-    if (srp_cred->srp_mech_oid)
-    {
-        if (srp_cred->srp_mech_oid->elements)
-        {
-            gssalloc_free(srp_cred->srp_mech_oid->elements);
-        }
-        gssalloc_free(srp_cred->srp_mech_oid);
-    }
-    if (srp_cred->name)
-    {
-        gss_release_name(&min, &srp_cred->name);
-    }
-    if (srp_cred->password)
-    {
-        gss_release_buffer(&min, srp_cred->password);
-        gssalloc_free(srp_cred->password);
-    }
-
-    gssalloc_free(srp_cred);
-
-    *cred_handle = NULL;
-
-    dsyslog("Leaving srp_gss_release_cred\n");
-    return (status);
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_unwrap_iov.c b/lwraft/gssapi-plugins/srp/srp_unwrap_iov.c
deleted file mode 100644
index ab01a1f47..000000000
--- a/lwraft/gssapi-plugins/srp/srp_unwrap_iov.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <openssl/aes.h>
-#include <errno.h>
-#include <string.h>
-#include "srp_util.h"
-#include "srp_encrypt.h"
-#include "srp_encrypt.h"
-#include "gssapi_alloc.h"
-
-
-
-
-#ifndef _SRP_USE_TRIVIAL_ENCRYPTION
-
-OM_uint32
-srp_gss_unwrap_iov(OM_uint32 *minor_status,
-		      gss_ctx_id_t context_handle,
-		      int *conf_state,
-		      gss_qop_t *qop_state,
-		      gss_iov_buffer_desc *iov,
-		      int iov_count)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    srp_gss_ctx_id_t srp_context_handle = (srp_gss_ctx_id_t) context_handle;
-    int ciphertext_len = 0;
-    unsigned char *plaintext = NULL;
-    int plaintext_len = 0;
-    int sealed = 1;
-
-    ciphertext_len = (int) AES256PAD(iov[1].buffer.length);
-
-    plaintext_len = ciphertext_len;
-    plaintext = calloc(plaintext_len, sizeof(unsigned char));
-    if (!plaintext)
-    {
-        min = ENOMEM;
-        goto error;
-    }
-
-    maj = srp_decrypt_aes256_hmac_sha1(
-              srp_context_handle,
-              ((unsigned char *) iov[0].buffer.value)  + SRP_MECH_OID_OFFSET,
-              (int) (iov[0].buffer.length - SRP_MECH_OID_OFFSET),
-              iov[1].buffer.value,
-              (int) iov[1].buffer.length,
-              plaintext);
-    if (maj)
-    {
-        min = maj;
-        goto error;
-    }
-    memcpy(iov[1].buffer.value, plaintext, plaintext_len);
-
-    /*
-     * TBD: Decode iov[0] to determine if encrypted/cksummed;
-     * assume always encrypted.
-     */
-    *conf_state = sealed;
-
-error:
-    if (plaintext)
-    {
-        free(plaintext);
-    }
-    return min ? min : maj;
-}
-
-#else
-
-OM_uint32
-srp_gss_unwrap_iov(OM_uint32 *minor_status,
-		      gss_ctx_id_t context_handle,
-		      int *conf_state,
-		      gss_qop_t *qop_state,
-		      gss_iov_buffer_desc *iov,
-		      int iov_count)
-{
-    unsigned char *key = NULL;
-    int keylen = 0;
-    int sealed = 0;
-
-    /* TBD:Adam-How to determine the protection level? */
-    /* rpc_c_authn_level_pkt_privacy */
-    sealed = 1;
-
-    key = xor_get_encrypt_key(&keylen);
-    xor_encrypt(iov[1].buffer.value,
-                iov[1].buffer.length,
-                key,
-                keylen);
-    /*
-     * Decode iov[0] to determine if encrypted/cksummed;
-     * assume always encrypted.
-     */
-    *conf_state = sealed;
-
-    /* Nothing can fail in this implementation :) */
-    return 0;
-}
-
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srp_util.c b/lwraft/gssapi-plugins/srp/srp_util.c
deleted file mode 100644
index 5e100df07..000000000
--- a/lwraft/gssapi-plugins/srp/srp_util.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include "gssapiP_srp.h"
-#include "gssapi_srp.h"
-#include "gssapi_alloc.h"
-
-static char *g_debug_printf;
-
-#if 1 /* Debug logging */
-
-#ifndef VMDIR_LOG_MASK_ALL
-#define VMDIR_LOG_MASK_ALL (-1)
-#endif
-
-unsigned long
-VmDirLogInitialize(
-   const char *pszLogFileName,
-   int          bUseSysLog,
-   const char *pszSyslogName,
-   unsigned int  iLogLevel,
-   unsigned long iInitLogMask
-   );
-
-
-void
-VmDirLog(
-   unsigned long level,
-   const char*  fmt,
-   ...);
-#endif
-
-#ifdef _WIN32
-#if 1 /* debugging SRP logging */
-#define OUTPUT_DEBUG_LOG(str) VmDirLog(VMDIR_LOG_MASK_ALL, "%s", (str))
-#else
-#define OUTPUT_DEBUG_LOG(str) OutputDebugStringA((char *) str)
-#endif
-
-#else
-#if 1 /* debugging SRP logging */
-#define OUTPUT_DEBUG_LOG(str) VmDirLog(VMDIR_LOG_MASK_ALL, "%s", (str))
-#else
-#include <syslog.h>
-#define OUTPUT_DEBUG_LOG(str) syslog(LOG_DEBUG, "%s", str)
-#endif
-#endif
-
-
-static char *srp_getenv_debug(void)
-{
-    if (!g_debug_printf)
-    {
-        g_debug_printf = getenv("GSSAPI_SRP_DEBUG");
-        if (!g_debug_printf)
-        {
-            return NULL;
-        }
-#ifdef _WIN32
-        VmDirLogInitialize(
-           g_debug_printf,
-           0,    // bUseSysLog
-           NULL, // pszSyslogName
-           0,
-           VMDIR_LOG_MASK_ALL);
-#else
-        VmDirLogInitialize(
-           NULL, // pszLogFileName
-           1,    // bUseSysLog
-           NULL, // pszSyslogName
-           0,
-           VMDIR_LOG_MASK_ALL);
-#endif
-    }
-    return g_debug_printf;
-}
-
-int srp_debug_printf(char *fmt, ...)
-{
-    va_list print_args;
-    int ret_len = 0;
-    char *ptr = NULL;
-    char debug_string[4*1024] = {0};
-
-    if (!srp_getenv_debug())
-    {
-        return 0;
-    }
-    strcpy(debug_string, "  MMM ");
-    va_start(print_args,fmt);
-    ret_len = vsnprintf(debug_string+6,
-                        sizeof(debug_string)-7, // 6 for MMM prefix, 1 for nul terminator
-                        fmt,
-                        print_args);
-
-    ptr = strrchr(debug_string, '\n');
-    if (ptr)
-    {
-        strcpy(ptr, " MMM\n");
-    }
-    else
-    {
-        ptr = debug_string + strlen(debug_string);
-        strcpy(ptr, " MMM\n");
-    }
-    if (ret_len > 0)
-    {
-        OUTPUT_DEBUG_LOG(debug_string);
-    }
-    va_end(print_args);
-    return ret_len;
-}
-
-
-char *srp_bin_to_hex_str(const unsigned char *buf, int buf_len)
-{
-    char *hexstr = NULL;
-    unsigned int hex_hi = 0;
-    unsigned int hex_lo = 0;
-    static char hexchars[] = "0123456789abcdef";
-    int i = 0;
-    int j = 0;
-
-    hexstr = calloc(buf_len*2+1, sizeof(char));
-    if (buf)
-    {
-        for (i=0; i<buf_len; i++)
-        {
-            hex_hi = (0xf0 & buf[i]) >> 4;
-            hex_lo = (0x0f & buf[i]);
-            hexstr[j] = hexchars[hex_hi];
-            hexstr[j+1] = hexchars[hex_lo];
-            j += 2;
-        }
-        hexstr[j] = '\0';
-    }
-    return hexstr;
-}
-
-OM_uint32
-srp_gss_duplicate_oid(
-     OM_uint32 *minor_status,
-     gss_OID   input_oid,
-     gss_OID   *output_oid)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    gss_buffer_desc oid_str = {0};
-    gss_OID ret_oid = NULL;
-
-    maj = gss_oid_to_str(&min, input_oid, &oid_str);
-    if (maj)
-    {
-        goto error;
-    }
-
-    maj = gss_str_to_oid(&min, &oid_str, &ret_oid);
-    if (maj)
-    {
-        goto error;
-    }
-
-    *output_oid = ret_oid;
-    ret_oid = NULL;
-
-error:
-    if (maj)
-    {
-        *minor_status = min;
-    }
-
-    if (oid_str.value)
-    {
-        gss_release_buffer(&min, &oid_str);
-    }
-    return maj;
-}
-
-
-void srp_print_hex(const unsigned char *buf, int buf_len, const char *msg)
-{
-    char *hexstr = NULL;
-
-    if (!srp_getenv_debug())
-    {
-        return;
-    }
-
-    srp_debug_printf("len = %d %s ", buf_len, msg?msg:"");
-    hexstr = srp_bin_to_hex_str(buf, buf_len);
-    if (hexstr)
-    {
-        srp_debug_printf("hex = %s\n", hexstr);
-        free(hexstr);
-        OUTPUT_DEBUG_LOG("\n");
-    }
-}
-
-
-/*
- * tag for APPLICATION 0, Sequence[constructed, definite length]
- * length of remainder of token
- * tag of OBJECT IDENTIFIER
- * length of mechanism OID
- * encoding of mechanism OID
- * <the rest of the token>
- *
- * Numerically, this looks like :
- *
- * 0x60
- * <length> - could be multiple bytes
- * 0x06
- * <length> - assume only one byte, hence OID length < 127
- * <mech OID bytes>
- *
- */
-OM_uint32
-srp_asn1_encode_mech_oid_token(
-    OM_uint32 *ret_minor,
-    gss_OID mech_oid,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    OM_uint32 asn1_mech_prefix_len = 4;
-    gss_buffer_desc asn1_oid = {0};
-    unsigned char *ptr = NULL;
-    int i = 0;
-
-    /* ASN.1 encoded SRP OID value */
-    asn1_oid.length = mech_oid->length + asn1_mech_prefix_len;
-    asn1_oid.value = gssalloc_malloc(asn1_oid.length);
-    if (!asn1_oid.value)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* ASN.1 encode OID, State and length delimited display name string */
-    memset(asn1_oid.value, 0, sizeof(asn1_oid.length));
-
-    ptr = (unsigned char *) asn1_oid.value;
-    i = 0;
-
-    /* tag for APPLICATION 0, Sequence[constructed, definite length] */
-    ptr[i++] = 0x60;
-
-    /* length of remainder of token: OID tag(1) + OID len(1) */
-    ptr[i++] = mech_oid->length + 2;
-
-    /* ASN.1 Object Identifier tag */
-    ptr[i++] = 0x06;
-
-    /* Only works if value is < 127 bytes; GSS-SRP mech oid is much <127 */
-    ptr[i++] = mech_oid->length;
-
-    /* Copy the actual pre-encoded ASN.1 GSS-OID into the asn1_oid buffer */
-    memcpy(&ptr[i], mech_oid->elements, mech_oid->length);
-
-    *output_token = asn1_oid;
-error:
-    if (major)
-    {
-        *ret_minor = minor;
-    }
-
-    return major;
-}
diff --git a/lwraft/gssapi-plugins/srp/srp_util.h b/lwraft/gssapi-plugins/srp/srp_util.h
deleted file mode 100644
index 1b43901a6..000000000
--- a/lwraft/gssapi-plugins/srp/srp_util.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _SRP_UTIL_H
-#define _SRP_UTIL_H
-
-#include "gssapiP_srp.h"
-#include "gssapi_srp.h"
-
-
-char *
-srp_bin_to_hex_str(
-    const unsigned char *buf,
-    int buf_len);
-
-OM_uint32
-srp_gss_duplicate_oid(
-     OM_uint32 *minor_status,
-     gss_OID   input_oid,
-     gss_OID   *output_oid);
-
-
-void 
-srp_print_hex(
-    const unsigned char *buf,
-    int buf_len,
-    const char *msg);
-
-
-OM_uint32
-srp_asn1_encode_mech_oid_token(
-    OM_uint32 *ret_minor,
-    gss_OID mech_oid,
-    gss_buffer_t output_token);
-
-int srp_debug_printf(char *fmt, ...);
-
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srp_wrap_iov.c b/lwraft/gssapi-plugins/srp/srp_wrap_iov.c
deleted file mode 100644
index 453bb9369..000000000
--- a/lwraft/gssapi-plugins/srp/srp_wrap_iov.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-
-#include <string.h>
-#include <errno.h>
-#include "srp_util.h"
-#include "srp_encrypt.h"
-#include "gssapi_alloc.h"
-
-#ifndef _SRP_USE_TRIVIAL_ENCRYPTION
-
-OM_uint32
-srp_gss_wrap_iov(OM_uint32 *minor_status,
-		    gss_ctx_id_t context_handle,
-		    int conf_req_flag,
-		    gss_qop_t qop_req,
-		    int *conf_state,
-		    gss_iov_buffer_desc *iov,
-		    int iov_count)
-{
-    OM_uint32 ret = 0;
-    OM_uint32 min = 0;
-    srp_gss_ctx_id_t srp_context_handle = (srp_gss_ctx_id_t) context_handle;
-    gss_buffer_desc asn1_mech_oid = {0};
-    unsigned char *plaintext = NULL;
-    unsigned char *ciphertext = NULL;
-    int plaintext_len = 0;
-    int ciphertext_len = 0;
-    int iov0buf_len = 128;
-    unsigned char *iov0buf = NULL;
-    int hmacbuf_len = 0;
-    unsigned char *hmacbuf = NULL;
-
-    iov0buf = (unsigned char *) gssalloc_calloc(iov0buf_len, sizeof(unsigned char));
-    if (!iov0buf)
-    {
-        min = ENOMEM;
-        goto error;
-    }
-
-    ret = srp_asn1_encode_mech_oid_token(
-              &min,
-              (gss_OID) gss_mech_srp_oid,
-              &asn1_mech_oid);
-    if (ret)
-    {
-        goto error;
-    }
-
-    if (iov[0].buffer.value)
-    {
-        gssalloc_free(iov[0].buffer.value);
-        iov[0].buffer.value = NULL;
-    }
-
-    memcpy(iov0buf, asn1_mech_oid.value, asn1_mech_oid.length);
-    iov[0].buffer.value = iov0buf;
-    iov[0].buffer.length = iov0buf_len;
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-    gssalloc_free(asn1_mech_oid.value);
-    asn1_mech_oid.value = NULL;
-
-    plaintext_len = (int) iov[1].buffer.length;
-    if (plaintext_len != iov[1].buffer.length)
-    {
-        /* This may not work if the input buffer size isn't already aligned */
-        plaintext = calloc(plaintext_len, sizeof(unsigned char));
-        if (!plaintext)
-        {
-            min = ENOMEM;
-            goto error;
-        }
-        memcpy(plaintext, iov[1].buffer.value, iov[1].buffer.length);
-    }
-    else
-    {
-        plaintext = iov[1].buffer.value;
-    }
-
-    ciphertext_len = plaintext_len;
-    ciphertext = calloc(ciphertext_len, sizeof(unsigned char));
-
-    min = srp_encrypt_aes256_hmac_sha1(
-            srp_context_handle,
-            plaintext,
-            plaintext_len,
-            ciphertext,
-            &hmacbuf,
-            &hmacbuf_len);
-    if (min)
-    {
-        goto error;
-    }
-    memcpy(iov[1].buffer.value, ciphertext, ciphertext_len);
-
-    if (hmacbuf_len > 0)
-    {
-        memcpy(((unsigned char *) iov[0].buffer.value) + SRP_MECH_OID_OFFSET,
-               hmacbuf,
-               hmacbuf_len);
-        iov[0].buffer.length = SRP_MECH_OID_OFFSET + hmacbuf_len;
-    }
-    else
-    {
-        min = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /* TBD: Adam- Don't know the proper return value for this argument */
-    *conf_state = conf_req_flag;
-
-error:
-    if (plaintext && plaintext != iov[1].buffer.value)
-    {
-        free(plaintext);
-    }
-    if (ciphertext)
-    {
-        free(ciphertext);
-    }
-    if (hmacbuf)
-    {
-        free(hmacbuf);
-    }
-    if (ret)
-    {
-        if (iov0buf)
-        {
-            gssalloc_free(iov0buf);
-        }
-    }
-    return min ? min : ret;
-}
-
-#else
-
-OM_uint32
-srp_gss_wrap_iov(OM_uint32 *minor_status,
-		    gss_ctx_id_t context_handle,
-		    int conf_req_flag,
-		    gss_qop_t qop_req,
-		    int *conf_state,
-		    gss_iov_buffer_desc *iov,
-		    int iov_count)
-{
-    OM_uint32 ret = 0;
-    OM_uint32 min = 0;
-    unsigned char *iov0 = NULL;
-    int iov0_len = 0;
-    unsigned char *key = NULL;
-    int keylen = 0;
-    gss_buffer_desc asn1_mech_oid = {0};
-
-    ret = srp_asn1_encode_mech_oid_token(
-              &min,
-              (gss_OID) gss_mech_srp_oid,
-              &asn1_mech_oid);
-    if (ret)
-    {
-        goto error;
-    }
-
-    /* Fixup iov[0] to have proper GSS/OID header */
-    iov0 = asn1_mech_oid.value;
-    iov0_len = (int) asn1_mech_oid.length;
-    if (iov[0].buffer.value)
-    {
-        gssalloc_free(iov[0].buffer.value);
-    }
-    iov[0].buffer.value = iov0;
-    iov[0].buffer.length = iov0_len;
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-
-    key = xor_get_encrypt_key(&keylen);
-    xor_encrypt(iov[1].buffer.value,
-                iov[1].buffer.length,
-                key,
-                keylen);
-
-    /* TBD: Adam- Don't know the proper return value for this argument */
-    *conf_state = conf_req_flag;
-error:
-    return ret;
-}
-
-#endif
diff --git a/lwraft/gssapi-plugins/srp/srpreg.c b/lwraft/gssapi-plugins/srp/srpreg.c
deleted file mode 100644
index e9764d440..000000000
--- a/lwraft/gssapi-plugins/srp/srpreg.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-DWORD
-srp_reg_get_handle(
-    void **pphRegistry
-    )
-{
-    PVMDIR_CONFIG_CONNECTION_HANDLE hRegistry = NULL;
-    DWORD dwError = 0;
-
-    dwError = VmDirRegConfigHandleOpen(&hRegistry);
-    if (dwError == 0)
-    {
-        *pphRegistry = hRegistry;
-    }
-    return dwError;
-}
-
-VOID
-srp_reg_close_handle(
-    void *phRegistry
-    )
-{
-    PVMDIR_CONFIG_CONNECTION_HANDLE hRegistry = NULL;
-
-    if (phRegistry)
-    {
-        hRegistry = (PVMDIR_CONFIG_CONNECTION_HANDLE) phRegistry;
-        VmDirRegConfigHandleClose(hRegistry);
-    }
-}
-
-DWORD
-static
-_srp_reg_get_value(
-    void *hRegistry,
-    PCSTR  pszSubKey,
-    PCSTR  pszKeyName,
-    DWORD  valueType,
-    PBYTE  *pRetValue,
-    PDWORD pRetValueLen)
-{
-    DWORD dwError = 0;
-    PBYTE pRetAccountDN = NULL;
-    DWORD accountRetDNLen = 0;
-
-    if (!*pRetValue)
-    {
-        dwError = VmDirRegConfigGetValue(hRegistry,
-                                         pszSubKey,
-                                         pszKeyName,
-                                         valueType,
-                                         NULL,
-                                         &accountRetDNLen);
-        if (accountRetDNLen > 0)
-        {
-            accountRetDNLen += 1; /* Guarantee '\0' terminated for strings*/
-            pRetAccountDN = calloc(accountRetDNLen, sizeof(CHAR));
-            if (!pRetAccountDN)
-            {
-                dwError = ERROR_NO_MEMORY;
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-        }
-    }
-    else
-    {
-        pRetAccountDN = *pRetValue;
-        accountRetDNLen = *pRetValueLen;
-    }
-
-    dwError = VmDirRegConfigGetValue(hRegistry,
-                                     pszSubKey,
-                                     pszKeyName,
-                                     valueType,
-                                     pRetAccountDN,
-                                     &accountRetDNLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    *pRetValue = pRetAccountDN;
-    *pRetValueLen = accountRetDNLen;
-
-error:
-    if (dwError)
-    {
-        if (pRetAccountDN && pRetAccountDN != *pRetValue)
-        {
-            free(pRetAccountDN);
-        }
-    }
-    return dwError;
-}
-
-DWORD
-srp_reg_get_domain_state(
-    void *hRegistry,
-    PDWORD pdomainState)
-{
-    DWORD dwError = 0;
-    DWORD domainState = 0;
-    DWORD domainStateLen = sizeof(domainState);
-
-    dwError = VmDirRegConfigGetValue(hRegistry,
-                                     VMAFD_CONFIG_PARAMETER_KEY_PATH,
-                                     VMAFD_REG_KEY_DOMAIN_STATE,
-                                     RRF_RT_REG_DWORD,
-                                     (PBYTE) &domainState,
-                                     &domainStateLen);
-
-    if (dwError == 0)
-    {
-        *pdomainState = domainState;
-    }
-
-    return dwError;
-}
-
-DWORD
-srp_reg_get_machine_acct_dn(
-    void *hRegistry,
-    PSTR *ppAccountDN)
-{
-    DWORD dwError = 0;
-    DWORD accountDNLen = 0;
-    PBYTE pAccountDN = NULL;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_MACHINE_ACCT,
-                  RRF_RT_REG_SZ,
-                  &pAccountDN,
-                  &accountDNLen);
-    if (dwError)
-    {
-        goto error;
-    }
-    *ppAccountDN = (PSTR) pAccountDN;
-    pAccountDN = NULL;
-
-error:
-    if (pAccountDN)
-    {
-        free(pAccountDN);
-    }
-    return dwError;
-}
-
-DWORD
-srp_reg_get_machine_acct_upn(
-    void *hRegistry,
-    PSTR *ppAccountUpn)
-{
-    DWORD dwError = 0;
-    PBYTE pAccountUpn = NULL;
-    PBYTE pAccountDN = NULL;
-    DWORD accountDNLen = 0;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_MACHINE_ACCT,
-                  RRF_RT_REG_SZ,
-                  &pAccountDN,
-                  &accountDNLen);
-    if (dwError)
-    {
-        goto error;
-    }
-
-    dwError = VMCISLIBAccountDnToUpn(pAccountDN, (PSTR *) &pAccountUpn);
-    if (dwError)
-    {
-        goto error;
-    }
-    *ppAccountUpn = pAccountUpn;
-    pAccountUpn = NULL;
-
-error:
-    if (pAccountDN)
-    {
-        free(pAccountDN);
-    }
-    if (pAccountUpn)
-    {
-        free(pAccountUpn);
-    }
-    return dwError;
-}
-
-DWORD
-srp_reg_get_machine_acct_password(
-    void *hRegistry,
-    PSTR *ppMachPwd)
-{
-    DWORD dwError = 0;
-    DWORD machPwdLen = 0;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_MACHINE_PWD,
-                  RRF_RT_REG_SZ,
-                  (PBYTE *) ppMachPwd,
-                  &machPwdLen);
-    return dwError;
-}
-
-DWORD
-srp_reg_get_dc_name(
-    void *hRegistry,
-    PSTR *ppDcName)
-{
-    DWORD dwError = 0;
-    DWORD dcNameLen = 0;
-    PSTR pSzDCName = NULL;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMAFD_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_DC_NAME_HA,
-                  RRF_RT_REG_SZ,
-                  (PBYTE *) &pSzDCName,
-                  &dcNameLen);
-
-    if (dwError)
-    {
-        free(pSzDCName);
-        pSzDCName = NULL;
-
-        dwError = _srp_reg_get_value(
-                    hRegistry,
-                    VMAFD_CONFIG_PARAMETER_KEY_PATH,
-                    VMDIR_REG_KEY_DC_NAME,
-                    RRF_RT_REG_SZ,
-                    (PBYTE *) &pSzDCName,
-                    &dcNameLen);
-        if (dwError)
-        {
-            goto error;
-        }
-    }
-
-    *ppDcName = pSzDCName;
-    pSzDCName = NULL;
-
-error:
-    free(pSzDCName);
-    return dwError;
-}
diff --git a/lwraft/gssapi-plugins/srp/srpreg.h b/lwraft/gssapi-plugins/srp/srpreg.h
deleted file mode 100644
index b76418214..000000000
--- a/lwraft/gssapi-plugins/srp/srpreg.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-DWORD
-srp_reg_get_handle(
-    void **pphRegistry
-    );
-
-VOID
-srp_reg_close_handle(
-    void *phRegistry
-    );
-
-DWORD
-srp_reg_get_domain_state(
-    void *hRegistry,
-    PDWORD pdomainState);
-
-DWORD
-srp_reg_get_machine_acct_dn(
-    void *hRegistry,
-    PSTR *ppAccountDN);
-
-DWORD
-srp_reg_get_machine_acct_password(
-    void *hRegistry,
-    PSTR *ppMachPwd);
-
-DWORD
-srp_reg_get_machine_acct_upn(
-    void *hRegistry,
-    PSTR *ppAccountUpn);
-
-DWORD
-srp_reg_get_dc_name(
-    void *hRegistry,
-    PSTR *ppDcName);
diff --git a/lwraft/gssapi-plugins/srp/srpregutils.c b/lwraft/gssapi-plugins/srp/srpregutils.c
deleted file mode 100644
index 36f5ae953..000000000
--- a/lwraft/gssapi-plugins/srp/srpregutils.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-DWORD
-VMCISLIBAccountDnToUpn(
-    PSTR dn,
-    PSTR *retUpn)
-{
-/*
- * Convert:  cn=adam-sles11.ssolabs2.com,ou=Domain Controllers,dc=VSPHERE,dc=LOCAL
- *      to:  adam-sles11.ssolabs2.com@VSPHERELOCAL
- */
-    DWORD dwError = 0;
-
-    PSTR ptr = NULL;
-    PSTR end = NULL;
-    PSTR upn = NULL;
-    PSTR fmtupn = NULL;
-    PSTR sep = ".";
-    DWORD len = (DWORD) strlen(dn);
-
-    upn = calloc(len+2, sizeof(CHAR));
-    if (!upn)
-    {
-        dwError = ERROR_NO_MEMORY;
-        goto error;
-    }
-    fmtupn = upn;
-
-    /*
-     * TBD: Note: this code assumes DN is all lower case.
-     * Handle "cn=" portion of UPN
-     */
-    ptr = strstr(dn, "cn=");
-    if (ptr)
-    {
-        ptr += 3; /* Skip over cn= */
-        end = strstr(ptr, ",ou=");
-        if (!end)
-        {
-            end = strstr(ptr, ",dc=");
-        }
-        if (end)
-        {
-            fmtupn += snprintf(fmtupn, len, "%.*s@", (int) (end-ptr), ptr);
-        }
-    }
-
-    ptr = strstr(ptr, "dc=");
-    while (ptr)
-    {
-        ptr += 3;
-        if (*ptr)
-        {
-            end = strstr(ptr, ",dc=");
-            if (!end)
-            {
-                end = ptr + strlen(ptr);
-                sep = "";
-            }
-            fmtupn += snprintf(fmtupn, len, "%.*s%s", (int) (end-ptr), ptr, sep);
-        }
-        ptr = strstr(ptr, "dc=");
-    }
-    *retUpn = upn;
-    upn = NULL;
-
-error:
-    if (dwError)
-    {
-        if (upn)
-        {
-            free(upn);
-        }
-    }
-    return dwError;
-}
-
-DWORD
-VmDirRegConfigHandleOpen(
-    PVMDIR_CONFIG_CONNECTION_HANDLE *ppCfgHandle)
-{
-    DWORD dwError = 0;
-    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle = NULL;
-
-    /* substitute for VmDirAllocateMemory() */
-    pCfgHandle = calloc(1, sizeof(VMDIR_CONFIG_CONNECTION_HANDLE));
-    if (!pCfgHandle)
-    {
-        dwError = ERROR_NO_MEMORY;
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-#ifndef _WIN32
-    dwError = RegOpenServer(&pCfgHandle->hConnection);
-    BAIL_ON_VMDIR_ERROR(dwError);
-#endif
-
-#ifndef _WIN32
-    dwError = RegOpenKeyExA(
-                pCfgHandle->hConnection,
-                NULL,
-                HKEY_THIS_MACHINE,
-                0,
-                KEY_READ,
-                &pCfgHandle->hKey);
-    BAIL_ON_VMDIR_ERROR(dwError);
-#else
-        dwError = RegOpenKeyExA(
-                HKEY_LOCAL_MACHINE,
-                NULL,
-                0,
-                KEY_READ,
-                &pCfgHandle->hKey);
-    BAIL_ON_VMDIR_ERROR(dwError);
-#endif
-
-    *ppCfgHandle = pCfgHandle;
-
-cleanup:
-
-    return dwError;
-
-error:
-    *ppCfgHandle = NULL;
-
-    if (pCfgHandle)
-    {
-        VmDirRegConfigHandleClose(pCfgHandle);
-    }
-
-    goto cleanup;
-}
-
-VOID
-VmDirRegConfigHandleClose(
-    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle
-    )
-{
-#ifndef _WIN32
-    if (pCfgHandle->hConnection)
-    {
-        if (pCfgHandle->hKey)
-        {
-            RegCloseKey(
-                pCfgHandle->hConnection,
-                pCfgHandle->hKey);
-        }
-
-        RegCloseServer(pCfgHandle->hConnection);
-    }
-#else
-    if (pCfgHandle->hKey)
-    {
-        RegCloseKey(pCfgHandle->hKey);
-    }
-#endif
-
-    VMDIR_SAFE_FREE_MEMORY(pCfgHandle);
-}
-
-DWORD
-VmDirRegConfigGetValue(
-    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle,
-    PCSTR  pszSubKey,
-    PCSTR  pszKeyName,
-    DWORD  valueType,
-    PBYTE  pRetValue,
-    PDWORD pRetValueLen
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = RegGetValueA(
-#ifndef _WIN32
-                pCfgHandle->hConnection,
-#endif
-                pCfgHandle->hKey,
-                pszSubKey,
-                pszKeyName,
-                valueType,
-                NULL,
-                (PVOID) pRetValue,
-                pRetValueLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-    if (dwError)
-    {
-        *pRetValueLen = 0;
-    }
-
-    return dwError;
-}
diff --git a/lwraft/gssapi-plugins/srp/srpregutils.h b/lwraft/gssapi-plugins/srp/srpregutils.h
index 3aa10c4ae..cf9dd1334 100644
--- a/lwraft/gssapi-plugins/srp/srpregutils.h
+++ b/lwraft/gssapi-plugins/srp/srpregutils.h
@@ -15,12 +15,13 @@
 
 #ifdef _WIN32
 #define VMAFD_CONFIG_PARAMETER_KEY_PATH "SYSTEM\\CurrentControlSet\\services\\VMWareAfdService\\Parameters"
-#define VMDIR_CONFIG_PARAMETER_KEY_PATH "SYSTEM\\CurrentControlSet\\services\\LightwaveRaftService"
 #else
 #define VMAFD_CONFIG_PARAMETER_KEY_PATH "Services\\vmafd\\Parameters"
-#define VMDIR_CONFIG_PARAMETER_KEY_PATH "Services\\lwraft"
+#define VMDIR_CONFIG_PARAMETER_KEY_PATH "Services\\post"
 #endif
 
+#define VMDIR_ENV_OVERRIDE_AFD_DOMAIN_STATE "VMDIR_ENV_OVERRIDE_AFD_DOMAIN_STATE"
+
 #define VMAFD_REG_KEY_DOMAIN_STATE "DomainState"
 #define VMDIR_REG_KEY_MACHINE_ACCT "dcAccountDN"
 #define VMDIR_REG_KEY_MACHINE_PWD  "dcAccountPassword"
diff --git a/lwraft/gssapi-plugins/srp/srprpc.c b/lwraft/gssapi-plugins/srp/srprpc.c
deleted file mode 100644
index bf60315e0..000000000
--- a/lwraft/gssapi-plugins/srp/srprpc.c
+++ /dev/null
@@ -1,310 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-#include <srp_verifier_h.h>
-#include "srprpc.h"
-
-#ifdef _WIN32
-#define sleep(x) Sleep((x) * 1000)
-#endif
-
-
-/* Duplicate container memory, as caller can't free this */
-static long _cli_rpc_container_data_duplicate(
-    rpc_p_srp_bytes_container cont,
-    unsigned char **data,
-    int *data_len)
-{
-    long sts = 0;
-    unsigned char *ret_data = NULL;
-    int ret_data_len = 0;
-
-    ret_data_len = cont->len_B;
-    ret_data = calloc(ret_data_len, sizeof(unsigned char));
-    if (!ret_data)
-    {
-        sts = rpc_s_no_memory;
-        goto error;
-    }
-    memcpy(ret_data, cont->bytes_B, ret_data_len);
-    *data = ret_data;
-    *data_len = ret_data_len;
-
-error:
-    if (sts)
-    {
-        if (ret_data)
-        {
-            free(ret_data);
-        }
-    }
-    return sts;
-}
-
-static void _cli_rpc_free_container(
-    rpc_p_srp_bytes_container cont)
-{
-    idl_ulong_int sts = 0;
-
-    if (cont)
-    {
-        if (cont->bytes_B)
-        {
-            rpc_sm_client_free(cont->bytes_B, &sts);
-        }
-        rpc_sm_client_free(cont, &sts);
-    }
-}
-
-long cli_rpc_srp_verifier_new(
-    handle_t hServer,
-    long alg,
-    long ng_type,
-    char *username,
-    const unsigned char *bytes_A, int len_A,
-    const unsigned char **bytes_B, int *len_B,
-    const unsigned char **bytes_s, int *len_s,
-    const unsigned char **MDA_value, int *MDA_value_len,
-    char *n_hex,
-    char *g_hex,
-    srp_verifier_handle_t *hSrp)
-{
-    long sts = 0;
-    rpc_srp_bytes_container bytes_cont_A = {0};
-    rpc_p_srp_bytes_container bytes_cont_B = NULL;
-    rpc_p_srp_bytes_container bytes_cont_s = NULL;
-    rpc_p_srp_bytes_container MDA_cont = NULL;
-    srp_verifier_handle_t hRetSrp = NULL;
-    unsigned char *ret_bytes_B = NULL;
-    unsigned char *ret_bytes_s = NULL;
-    unsigned char *ret_MDA_value = NULL;
-    int ret_len_B = 0;
-    int ret_len_s = 0;
-    int ret_MDA_value_len = 0;
-    int rpc_retry = 0;
-
-    bytes_cont_A.len_B = len_A;
-    bytes_cont_A.bytes_B = (unsigned char *) bytes_A;
-
-    /*
-     * Reference: BUG 1315106
-     * Work-around for failure seen in some W2k12 systems. The failure mode is
-     * vmdir Srv_rpc_srp_verifier_new() RPC is called, succeeds, but
-     * the returned RPC fails with an error status rpc_s_connection_closed.
-     * This happens only once, and only in some W2K12 deployed environments.
-     */
-    do {
-        DO_RPC(rpc_srp_verifier_new(
-                  hServer,
-                  alg,
-                  ng_type,
-                  username,
-                  &bytes_cont_A, /* in */
-                  &bytes_cont_B, /* out */
-                  &bytes_cont_s, /* out */
-                  &MDA_cont,
-                  n_hex,
-                  g_hex,
-                  &hRetSrp), sts);
-        if (sts == rpc_s_connection_closed)
-        {
-            sleep(1);
-            rpc_retry++;
-        }
-    } while (sts == rpc_s_connection_closed && rpc_retry < 5);
-    if (sts)
-    {
-        goto error;
-    }
-
-    sts = _cli_rpc_container_data_duplicate(bytes_cont_B,
-                                            &ret_bytes_B,
-                                            &ret_len_B);
-    if (sts)
-    {
-        goto error;
-    }
-    sts = _cli_rpc_container_data_duplicate(bytes_cont_s,
-                                            &ret_bytes_s,
-                                            &ret_len_s);
-    if (sts)
-    {
-        goto error;
-    }
-
-    sts = _cli_rpc_container_data_duplicate(MDA_cont,
-                                            &ret_MDA_value,
-                                            &ret_MDA_value_len);
-    if (sts)
-    {
-        goto error;
-    }
-
-    *bytes_B = ret_bytes_B;
-    *len_B = ret_len_B;
-    *bytes_s = ret_bytes_s;
-    *len_s = ret_len_s;
-    *MDA_value = ret_MDA_value;
-    *MDA_value_len = ret_MDA_value_len;
-    *hSrp = hRetSrp;
-
-error:
-    if (sts)
-    {
-        if (ret_bytes_B)
-        {
-            free(ret_bytes_B);
-        }
-        if (ret_bytes_s)
-        {
-            free(ret_bytes_s);
-        }
-    }
-    _cli_rpc_free_container(bytes_cont_B);
-    _cli_rpc_free_container(bytes_cont_s);
-    _cli_rpc_free_container(MDA_cont);
-    return sts;
-}
-
-long cli_rpc_srp_verifier_get_session_key(
-    handle_t hServer,
-    srp_verifier_handle_t hSrp,
-    const unsigned char **key,
-    int *key_len)
-{
-    long sts = 0;
-    rpc_p_srp_bytes_container key_cont = NULL;
-    unsigned char *ret_key = NULL;
-    int ret_key_len = 0;
-
-    DO_RPC(rpc_srp_verifier_get_session_key(
-              hServer,
-              hSrp,
-              &key_cont), sts);
-    if (sts)
-    {
-        goto error;
-    }
-
-    sts = _cli_rpc_container_data_duplicate(key_cont, &ret_key, &ret_key_len);
-    if (sts)
-    {
-        goto error;
-    }
-
-    *key = (const unsigned char *) ret_key;
-    *key_len = ret_key_len;
-
-error:
-    if (sts)
-    {
-        if (ret_key)
-        {
-            free(ret_key);
-        }
-    }
-    _cli_rpc_free_container(key_cont);
-    return sts;
-}
-
-long cli_rpc_srp_verifier_get_session_key_length(
-    handle_t hServer,
-    srp_verifier_handle_t hSrp,
-    long *ret_key_length)
-{
-    long sts = 0;
-    idl_long_int key_length = 0;
-
-    DO_RPC(rpc_srp_verifier_get_session_key_length(
-              hServer,
-              hSrp,
-              &key_length), sts);
-    if (sts)
-    {
-        goto error;
-    }
-    *ret_key_length = key_length;
-
-error:
-    return sts;
-}
-
-long cli_rpc_srp_verifier_verify_session(
-        handle_t hServer,
-        srp_verifier_handle_t hSrp,
-        const unsigned char *user_M, int user_M_len,
-        const unsigned char **bytes_HAMK, int *bytes_HAMK_len)
-{
-    long sts = 0;
-    rpc_srp_bytes_container user_M_cont = {0};
-    rpc_p_srp_bytes_container bytes_HAMK_cont = NULL;
-    unsigned char *ret_bytes_HAMK = NULL;
-    int ret_bytes_HAMK_len = 0;
-
-    user_M_cont.len_B = user_M_len;
-    user_M_cont.bytes_B = (unsigned char *) user_M;
-
-    DO_RPC(rpc_srp_verifier_verify_session(
-              hServer,
-              hSrp,
-              &user_M_cont,
-              &bytes_HAMK_cont), sts);
-    if (sts)
-    {
-        goto error;
-    }
-    if (!bytes_HAMK_cont || !bytes_HAMK_cont->bytes_B)
-    {
-        sts = rpc_s_no_memory;
-        goto error;
-    }
-
-    sts = _cli_rpc_container_data_duplicate(bytes_HAMK_cont,
-                                            &ret_bytes_HAMK,
-                                            &ret_bytes_HAMK_len);
-    if (sts)
-    {
-        goto error;
-    }
-    *bytes_HAMK = ret_bytes_HAMK;
-    *bytes_HAMK_len = ret_bytes_HAMK_len;
-
-error:
-    if (sts)
-    {
-        if (ret_bytes_HAMK)
-        {
-            free(ret_bytes_HAMK);
-        }
-    }
-    _cli_rpc_free_container(bytes_HAMK_cont);
-    return sts;
-}
-
-long cli_rpc_srp_verifier_delete(
-        handle_t hServer,
-        srp_verifier_handle_t *phSrp)
-{
-    long sts = 0;
-
-    if (hServer && phSrp)
-    {
-        DO_RPC(rpc_srp_verifier_delete(
-                  hServer,
-                  phSrp), sts);
-    }
-    return sts;
-}
diff --git a/lwraft/gssapi-plugins/srp/srprpc.h b/lwraft/gssapi-plugins/srp/srprpc.h
deleted file mode 100644
index 633dc7e8d..000000000
--- a/lwraft/gssapi-plugins/srp/srprpc.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include <dce/rpc.h>
-#include <dce/dcethread.h>
-#include <srp_verifier_h.h>
-
-#define DO_RPC(rpc_pfn, sts) \
-  do {                       \
-    dcethread_exc *exc;      \
-    DCETHREAD_TRY            \
-    {                        \
-      exc = NULL;            \
-      (sts) = rpc_pfn;       \
-    }                        \
-    DCETHREAD_CATCH_ALL(exc) \
-    {                        \
-      sts = dcethread_exc_getstatus(exc); \
-    }                        \
-    DCETHREAD_ENDTRY         \
-  } while (0)
-
-long cli_rpc_srp_verifier_new(
-    handle_t hServer,
-    long alg,
-    long ng_type,
-    char *username,
-    const unsigned char *bytes_A, int len_A,
-    const unsigned char **bytes_B, int *len_B,
-    const unsigned char **bytes_s, int *len_s,
-    const unsigned char **MDA_value, int *MDA_value_len,
-    char *n_hex,
-    char *g_hex,
-    srp_verifier_handle_t *hSrp);
-
-long cli_rpc_srp_verifier_get_session_key(
-    handle_t hServer,
-    srp_verifier_handle_t hSrp,
-    const unsigned char **ret_key,
-    int *ret_key_len);
-
-long cli_rpc_srp_verifier_get_session_key_length(
-    handle_t hServer,
-    srp_verifier_handle_t hSrp,
-    long *key_length);
-
-long cli_rpc_srp_verifier_verify_session(
-        handle_t hServer,
-        srp_verifier_handle_t hSrp,
-        const unsigned char *user_M, int user_M_len,
-        const unsigned char **bytes_HAMK, int *bytes_HAMK_len);
-
-long cli_rpc_srp_verifier_delete(
-        handle_t hServer,
-        srp_verifier_handle_t *phSrp);
diff --git a/lwraft/gssapi-plugins/unix/Makefile.am b/lwraft/gssapi-plugins/unix/Makefile.am
deleted file mode 100644
index d50b8f362..000000000
--- a/lwraft/gssapi-plugins/unix/Makefile.am
+++ /dev/null
@@ -1,67 +0,0 @@
-bin_PROGRAMS = unix_srp
-
-unix_srp_SOURCES = \
-    unix_srp.c
-
-unix_srp_CPPFLAGS = \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir) \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-   -I$(top_builddir)/client \
-    @OPENSSL_INCLUDES@
-
-unix_srp_LDADD = \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    @CRYPT_LIBS@ \
-    @OPENSSL_LDFLAGS@ \
-    @CRYPTO_LIBS@
-
-lib_LTLIBRARIES = libgssapi_unix.la
-
-libgssapi_unix_la_CPPFLAGS = \
-   -D_MIT_KRB5_1_11 \
-   -D_MIT_KRB5_1_12 \
-   -I. \
-   -I$(top_srcdir)/gssapi-plugins/srp \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir) \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-   -I$(top_builddir)/client \
-    @OPENSSL_INCLUDES@ \
-    @LW_INCLUDES@
-
-libgssapi_unix_la_SOURCES = \
-        gssapi_alloc.c \
-	unix_accept_sec_ctx.c \
-	unix_acquire_cred.c \
-	unix_release_cred.c \
-	unix_disp_name.c \
-	unix_encrypt.c \
-	unix_init_sec_ctx.c \
-	unix_del_sec_ctx.c \
-	unix_mech.c \
-	unix_mech_desc.c \
-	unix_wrap_iov.c \
-	unix_unwrap_iov.c \
-	unix_util.c \
-        unixregutils.c \
-        unixreg.c \
-        unix_crypt.c
-
-libgssapi_unix_la_LIBADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    $(top_builddir)/client/liblwraftclient_la-srp_verifier_cstub.lo \
-    @DCERPC_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@ \
-    @OPENSSL_LDFLAGS@ \
-    @CRYPT_LIBS@ \
-    @PTHREAD_LIBS@
-
-libgssapi_unix_la_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/gssapi-plugins/unix/gssapiP_unix.h b/lwraft/gssapi-plugins/unix/gssapiP_unix.h
deleted file mode 100644
index b0bb1da75..000000000
--- a/lwraft/gssapi-plugins/unix/gssapiP_unix.h
+++ /dev/null
@@ -1,610 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-/*
- * Module: gssapiP_unix.h
- * Abstract:
- *     VMware GSSAPI UNIX Authentication Plugin
- *     GSSAPI UNIX private types declaration header file
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-
-#ifndef	_GSSAPIP_SRP_H_
-#define	_GSSAPIP_SRP_H_
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <pthread.h>
-#include "unix_mglueP.h"
-#include "gssapi_unix.h"
-
-#define xmalloc(m) calloc(1, (m))
-#define	SEC_CONTEXT_TOKEN 1
-
-#define	ACCEPT_COMPLETE 0
-#define	ACCEPT_INCOMPLETE 1
-#define	REJECT 2
-#define REQUEST_MIC 3
-#define	ACCEPT_DEFECTIVE_TOKEN 0xffffffffUL
-
-#define UNIX_MECH_PROTOCOL_MAJ_VERSION 1
-#define UNIX_MECH_PROTOCOL_MIN_VERSION 0
-
-/*
- * constants for der encoding/decoding routines.
- */
-
-#define	MECH_OID		0x10
-#define	OCTET_STRING		0x04
-#define	CONTEXT			0xa0
-#define	SEQUENCE		0x30
-#define	SEQUENCE_OF		0x30
-#define	BIT_STRING		0x03
-#define	BIT_STRING_LENGTH	0x02
-#define	BIT_STRING_PADDING	0x01
-#define	ENUMERATED		0x0a
-#define	ENUMERATION_LENGTH	1
-#define	HEADER_ID		0x60
-#define GENERAL_STRING		0x1b
-
-/*
- * SRP specific error codes (minor status codes)
- */
-#define	ERR_SRP_NO_MECHS_AVAILABLE	0x20000001
-#define	ERR_SRP_NO_CREDS_ACQUIRED	0x20000002
-#define	ERR_SRP_NO_MECH_FROM_ACCEPTOR	0x20000003
-#define	ERR_SRP_NEGOTIATION_FAILED	0x20000004
-#define	ERR_SRP_NO_TOKEN_FROM_ACCEPTOR	0x20000005
-
-/*
- * send_token_flag is used to indicate in later steps what type
- * of token, if any should be sent or processed.
- * NO_TOKEN_SEND = no token should be sent
- * INIT_TOKEN_SEND = initial token will be sent
- * CONT_TOKEN_SEND = continuing tokens to be sent
- * CHECK_MIC = no token to be sent, but have a MIC to check.
- * ERROR_TOKEN_SEND = error token from peer needs to be sent.
- */
-
-#define SRP_AUTH_STATE_VALUE(e) ((int)(e & 0x7f))
-typedef	enum {NO_TOKEN_SEND, INIT_TOKEN_SEND, CONT_TOKEN_SEND,
-		CHECK_MIC, ERROR_TOKEN_SEND} send_token_flag;
-
-/* SRP message tags. This range provides 62 usable values */
-typedef enum {
-    SRP_AUTH_INIT = 0x61,
-    SRP_UNIX_SALT_RESPONSE,
-    SRP_AUTH_SALT_RESP,
-    SRP_AUTH_CLIENT_VALIDATE,
-    SRP_AUTH_SERVER_VALIDATE,
-    SRP_AUTH_COMPLETE,
-    SRP_AUTH_FAILED,
-} srp_auth_state;
-
-typedef void *srp_token_t;
-
-/* srp name structure for internal representation. */
-typedef struct {
-	gss_OID type;
-	gss_buffer_t buffer;
-	gss_OID	mech_type;
-	gss_name_t	mech_name;
-} srp_name_desc, *srp_name_t;
-
-
-typedef struct _srp_gss_cred_id_rec {
-    /* protect against simultaneous accesses */
-    pthread_mutex_t lock;
-
-    /* OID of this mechanism: SRP */
-    gss_OID srp_mech_oid;
-
-    /*
-     * This is really a UPN (name@DOMAIN.COM); Leverage k5
-     * import/export name to get a UPN string. "I" value where the
-     * SRP salt/validator parameters are stored in vmdir.
-     */
-    gss_name_t name;
-
-    /* Set with gssspi_set_cred_option(..., gss_cred_opt_password_oid_desc, ...) */
-    gss_buffer_t password;
-} srp_gss_cred_id_rec, *srp_gss_cred_id_t;
-
-/* Structure for context handle */
-typedef struct {
-	OM_uint32	  magic_num;
-	OM_uint32	  state;         /* state of authentication */
-	srp_gss_cred_id_t cred;          /* alias cred from acquire_cred */
-	int               mic_reqd;
-	int               mic_sent;
-	int               mic_rcvd;
-	int               firstpass;
-	OM_uint32         ctx_flags;
-	gss_name_t        internal_name; /* alias cred->name */
-	gss_OID           mech;          /* SRP mech OID */
-        struct SRPUser    *srp_usr;      /* Client SRP context handle */
-        struct SRPVerifier *srp_ver;     /* Server SRP context handle */
-        krb5_context      krb5_ctx;
-        krb5_keyblock     *keyblock;
-        AES_KEY           aes_encrypt_key;
-        AES_KEY           aes_decrypt_key;
-        unsigned char     aes_encrypt_iv[AES_BLOCK_SIZE];
-        unsigned char     aes_decrypt_iv[AES_BLOCK_SIZE];
-        HMAC_CTX          hmac_ctx;
-        char              *unix_username; /* UNIX username */
-        char              *username_hash; /* user shadow pwd file hash */
-        char              *upn_name;     /* Kerberos UPN Name */
-        unsigned char     *srp_session_key;
-        int               srp_session_key_len;
-} srp_gss_ctx_id_rec, *srp_gss_ctx_id_t;
-
-
-/*
- * The magic number must be less than a standard pagesize
- * to avoid a possible collision with a real address.
- * 0xa76 = 1010 0101 0110 (binary)
- */
-#define	SRP_MAGIC_ID  0x00000a76
-
-#ifdef DEBUG
-#define	dsyslog(a)
-#else
-#define	dsyslog(a)
-#define	SRP_STATIC
-#endif	/* DEBUG */
-
-/*
- * declarations of internal name mechanism functions
- */
-
-/*
- * Would like to use official SRP mech OID. However, this will break backward
- * compatibility with existing SRP plugin. Continue to use the "made up" MIT
- * SRP mech OID for now.
- */
-OM_uint32 srp_gss_acquire_cred
-(
-	OM_uint32 *,		/* minor_status */
-	gss_name_t,		/* desired_name */
-	OM_uint32,		/* time_req */
-	gss_OID_set,		/* desired_mechs */
-	gss_cred_usage_t,	/* cred_usage */
-	gss_cred_id_t *,	/* output_cred_handle */
-	gss_OID_set *,		/* actual_mechs */
-	OM_uint32 *		/* time_rec */
-);
-
-
-
-OM_uint32 srp_gss_release_cred
-(
-	OM_uint32 *,		/* minor_status */
-	/* CSTYLED */
-	gss_cred_id_t	*	/* cred_handle */
-);
-
-OM_uint32 unix_gss_init_sec_context
-(
-	OM_uint32 *,		/* minor_status */
-	gss_cred_id_t,		/* claimant_cred_handle */
-	gss_ctx_id_t *,		/* context_handle */
-	gss_name_t,		/* target_name */
-	gss_OID,		/* mech_type */
-	OM_uint32,		/* req_flags */
-	OM_uint32,		/* time_req */
-	gss_channel_bindings_t, /* input_chan_bindings */
-	gss_buffer_t,		/* input_token */
-	gss_OID *,		/* actual_mech_type */
-	gss_buffer_t,		/* output_token */
-	OM_uint32 *,		/* ret_flags */
-	OM_uint32 *		/* time_rec */
-);
-
-#ifndef LEAN_CLIENT
-OM_uint32 srp_gss_accept_sec_context
-(
-	OM_uint32 *,		/* minor_status */
-	gss_ctx_id_t *,		/* context_handle */
-	gss_cred_id_t,		/* verifier_cred_handle */
-	gss_buffer_t,		/* input_token_buffer */
-	gss_channel_bindings_t, /* input_chan_bindings */
-	gss_name_t *,		/* src_name */
-	gss_OID *,		/* mech_type */
-	gss_buffer_t,		/* output_token */
-	OM_uint32 *,		/* ret_flags */
-	OM_uint32 *,		/* time_rec */
-	/* CSTYLED */
-	gss_cred_id_t *		/* delegated_cred_handle */
-);
-
-#endif /* LEAN_CLIENT */
-
-OM_uint32 srp_gss_compare_name
-(
-	OM_uint32 *,		/* minor_status */
-	const gss_name_t,	/* name1 */
-	const gss_name_t,	/* name2 */
-	int *			/* name_equal */
-);
-
-OM_uint32 srp_gss_display_name
-(
-	OM_uint32 *,		/* minor_status */
-	gss_name_t,		/*  input_name */
-	gss_buffer_t,		/*  output_name_buffer */
-	gss_OID *		/* output_name_type */
-);
-
-OM_uint32 srp_gss_display_status
-(
-	OM_uint32 *,		/* minor_status */
-	OM_uint32,		/* status_value */
-	int,			/* status_type */
-	gss_OID,		/* mech_type */
-	OM_uint32 *,		/* message_context */
-	gss_buffer_t		/* status_string */
-);
-
-OM_uint32 srp_gss_import_name
-(
-	OM_uint32 *,		/* minor_status */
-	gss_buffer_t,		/* input_name_buffer */
-	gss_OID,		/* input_name_type */
-	/* CSTYLED */
-	gss_name_t *		/* output_name */
-);
-
-OM_uint32
-srp_gss_export_name(
-	OM_uint32 *minor_status,
-	const gss_name_t input_name,
-	gss_buffer_t exported_name
-);
-
-OM_uint32 srp_gss_release_name
-(
-	OM_uint32 *,		/* minor_status */
-	/* CSTYLED */
-	gss_name_t *		/* input_name */
-);
-
-OM_uint32 srp_gss_inquire_cred
-(
-	OM_uint32 *,		/* minor_status */
-	gss_cred_id_t,		/* cred_handle */
-	gss_name_t *,		/* name */
-	OM_uint32 *,		/* lifetime */
-	int *,			/* cred_usage */
-	gss_OID_set *		/* mechanisms */
-);
-
-OM_uint32 srp_gss_inquire_names_for_mech
-(
-	OM_uint32 *,		/* minor_status */
-	gss_OID,		/* mechanism */
-	gss_OID_set *		/* name_types */
-);
-
-OM_uint32 srp_gss_unwrap
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer,
-	gss_buffer_t output_message_buffer,
-	int *conf_state,
-	gss_qop_t *qop_state
-);
-
-OM_uint32 srp_gss_wrap
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	gss_buffer_t input_message_buffer,
-	int *conf_state,
-	gss_buffer_t output_message_buffer
-);
-
-OM_uint32 srp_gss_process_context_token
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t token_buffer
-);
-
-OM_uint32 srp_gss_delete_sec_context
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t *context_handle,
-	gss_buffer_t output_token
-);
-
-OM_uint32 srp_gss_context_time
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	OM_uint32	*time_rec
-);
-#ifndef LEAN_CLIENT
-OM_uint32 srp_gss_export_sec_context
-(
-	OM_uint32	*minor_status,
-	gss_ctx_id_t	*context_handle,
-	gss_buffer_t	interprocess_token
-);
-
-OM_uint32 srp_gss_import_sec_context
-(
-	OM_uint32		*minor_status,
-	const gss_buffer_t	interprocess_token,
-	gss_ctx_id_t		*context_handle
-);
-#endif /* LEAN_CLIENT */
-
-OM_uint32 srp_gss_inquire_context
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_name_t	*src_name,
-	gss_name_t	*targ_name,
-	OM_uint32	*lifetime_rec,
-	gss_OID		*mech_type,
-	OM_uint32	*ctx_flags,
-	int		*locally_initiated,
-	int		*opened
-);
-
-OM_uint32 srp_gss_wrap_size_limit
-(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	int		conf_req_flag,
-	gss_qop_t	qop_req,
-	OM_uint32	req_output_size,
-	OM_uint32	*max_input_size
-);
-
-OM_uint32 srp_gss_get_mic
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_qop_t qop_req,
-	const gss_buffer_t message_buffer,
-	gss_buffer_t message_token
-);
-
-OM_uint32 srp_gss_verify_mic
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_buffer_t msg_buffer,
-	const gss_buffer_t token_buffer,
-	gss_qop_t *qop_state
-);
-
-OM_uint32
-srp_gss_inquire_sec_context_by_oid
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	const gss_OID desired_object,
-	gss_buffer_set_t *data_set
-);
-
-OM_uint32
-srp_gss_inquire_cred_by_oid
-(
-	OM_uint32 *minor_status,
-	const gss_cred_id_t cred_handle,
-	const gss_OID desired_object,
-	gss_buffer_set_t *data_set
-);
-
-OM_uint32
-srp_gss_set_sec_context_option
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t *context_handle,
-	const gss_OID desired_object,
-	const gss_buffer_t value
-);
-
-OM_uint32
-unix_gssspi_set_cred_option
-(
-	OM_uint32 *minor_status,
-        gss_cred_id_t cred_handle,
-        const gss_OID desired_object,
-        const gss_buffer_t value
-);
-
-#ifdef _GSS_STATIC_LINK
-int gss_srpint_lib_init(void);
-void gss_srpint_lib_fini(void);
-#else
-GSS_MECH_PLUGIN_CONFIG gss_mech_initialize(void);
-#endif /* _GSS_STATIC_LINK */
-
-OM_uint32 srp_gss_wrap_aead
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	gss_buffer_t input_assoc_buffer,
-	gss_buffer_t input_payload_buffer,
-	int *conf_state,
-	gss_buffer_t output_message_buffer
-);
-
-OM_uint32 srp_gss_unwrap_aead
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer,
-	gss_buffer_t input_assoc_buffer,
-	gss_buffer_t output_payload_buffer,
-	int *conf_state,
-	gss_qop_t *qop_state
-);
-
-OM_uint32 srp_gss_wrap_iov
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	int *conf_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32 srp_gss_unwrap_iov
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int *conf_state,
-	gss_qop_t *qop_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32 srp_gss_wrap_iov_length
-(
-	OM_uint32 *minor_status,
-	gss_ctx_id_t context_handle,
-	int conf_req_flag,
-	gss_qop_t qop_req,
-	int *conf_state,
-	gss_iov_buffer_desc *iov,
-	int iov_count
-);
-
-OM_uint32
-srp_gss_complete_auth_token
-(
-	OM_uint32 *minor_status,
-	const gss_ctx_id_t context_handle,
-	gss_buffer_t input_message_buffer
-);
-
-OM_uint32
-srp_gss_acquire_cred_impersonate_name(
-    OM_uint32 *,	    /* minor_status */
-    const gss_cred_id_t,    /* impersonator_cred_handle */
-    const gss_name_t,	    /* desired_name */
-    OM_uint32,		    /* time_req */
-    const gss_OID_set,	    /* desired_mechs */
-    gss_cred_usage_t,	    /* cred_usage */
-    gss_cred_id_t *,	    /* output_cred_handle */
-    gss_OID_set *,	    /* actual_mechs */
-    OM_uint32 *);	    /* time_rec */
-
-OM_uint32
-srp_gss_display_name_ext
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_OID display_as_name_type,
-	gss_buffer_t display_name
-);
-
-OM_uint32
-srp_gss_inquire_name
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int *name_is_MN,
-	gss_OID *MN_mech,
-	gss_buffer_set_t *attrs
-);
-
-OM_uint32
-srp_gss_get_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t attr,
-	int *authenticated,
-	int *complete,
-	gss_buffer_t value,
-	gss_buffer_t display_value,
-	int *more
-);
-
-OM_uint32
-srp_gss_set_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int complete,
-	gss_buffer_t attr,
-	gss_buffer_t value
-);
-
-OM_uint32
-srp_gss_delete_name_attribute
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t attr
-);
-
-OM_uint32
-srp_gss_export_name_composite
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t exp_composite_name
-);
-
-OM_uint32
-srp_gss_map_name_to_any
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	int authenticated,
-	gss_buffer_t type_id,
-	gss_any_t *output
-);
-
-OM_uint32
-srp_gss_release_any_name_mapping
-(
-	OM_uint32 *minor_status,
-	gss_name_t name,
-	gss_buffer_t type_id,
-	gss_any_t *input
-);
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif /* _GSSAPIP_SRP_H_ */
diff --git a/lwraft/gssapi-plugins/unix/gssapi_alloc.c b/lwraft/gssapi-plugins/unix/gssapi_alloc.c
deleted file mode 100644
index 0810e4d99..000000000
--- a/lwraft/gssapi-plugins/unix/gssapi_alloc.c
+++ /dev/null
@@ -1,21 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef _WIN32
-#include <stdlib.h>
-#endif
-
-/* _GSSAPI_ALLOC_C: Includes C sources for this module */
-#define _GSSAPI_ALLOC_C
-#include "gssapi_alloc.h"
diff --git a/lwraft/gssapi-plugins/unix/gssapi_alloc.h b/lwraft/gssapi-plugins/unix/gssapi_alloc.h
deleted file mode 100644
index dde021fc8..000000000
--- a/lwraft/gssapi-plugins/unix/gssapi_alloc.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
-/* To the extent possible under law, Painless Security, LLC has waived
- * all copyright and related or neighboring rights to GSS-API Memory
- * Management Header. This work is published from: United States.
- */
-
-#ifndef GSSAPI_ALLOC_H
-#define GSSAPI_ALLOC_H
-
-#ifdef _WIN32
-#include <Windows.h>
-#endif
-
-#include <string.h>
-#include <stdio.h>
-
-
-#ifdef _USE_STATIC_INLINE
-#define STATIC_INLINE_DEF static inline
-#else
-#define STATIC_INLINE_DEF
-#endif
-
-/* Prototypes */
-
-STATIC_INLINE_DEF void gssalloc_free(void *value);
-STATIC_INLINE_DEF void *gssalloc_malloc(size_t size);
-STATIC_INLINE_DEF void *gssalloc_calloc(size_t count, size_t size);
-STATIC_INLINE_DEF void *gssalloc_realloc(void *value, size_t size);
-STATIC_INLINE_DEF char *gssalloc_strdup(const char *str);
-
-#ifdef _GSSAPI_ALLOC_C
-#if defined(_WIN32)
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    if (value)
-        HeapFree(GetProcessHeap(), 0, value);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    void *value = HeapAlloc(GetProcessHeap(), 0, size);
-    
-    return value;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    void *value = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, count * size);
-
-    return value;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    void *rvalue = HeapReAlloc(GetProcessHeap(), 0, value, size);
-
-    return rvalue;
-}
-
-#elif defined(DEBUG_GSSALLOC)
-
-/* Be deliberately incompatible with malloc and free, to allow us to detect
- * mismatched malloc/gssalloc usage on Unix. */
-
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    char *p = (char *)value - 8;
-
-    if (value == NULL)
-        return;
-    if (memcmp(p, "gssalloc", 8) != 0)
-        abort();
-    free(p);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    char *p = calloc(size + 8, 1);
-
-    memcpy(p, "gssalloc", 8);
-    return p + 8;
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    return gssalloc_malloc(count * size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    char *p = (char *)value - 8;
-
-    if (value == NULL)
-        return gssalloc_malloc(size);
-    if (memcmp(p, "gssalloc", 8) != 0)
-        abort();
-    return (char *)realloc(p, size) + 8;
-}
-
-#else /* not _WIN32 or DEBUG_GSSALLOC */
-
-/* Normal Unix case, just use free/malloc/calloc/realloc. */
-
-STATIC_INLINE_DEF void
-gssalloc_free(void *value)
-{
-    free(value);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_malloc(size_t size)
-{
-    return malloc(size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_calloc(size_t count, size_t size)
-{
-    return calloc(count, size);
-}
-
-STATIC_INLINE_DEF void *
-gssalloc_realloc(void *value, size_t size)
-{
-    return realloc(value, size);
-}
-
-#endif /* not _WIN32 or DEBUG_GSSALLOC */
-
-STATIC_INLINE_DEF char *
-gssalloc_strdup(const char *str)
-{
-    size_t size = strlen(str)+1;
-    char *copy = gssalloc_malloc(size);
-    if (copy) {
-        memcpy(copy, str, size);
-        copy[size-1] = '\0';
-    }
-    return copy;
-}
-#endif /* _GSSAPI_ALLOC_C */
-#endif
diff --git a/lwraft/gssapi-plugins/unix/gssapi_unix.h b/lwraft/gssapi-plugins/unix/gssapi_unix.h
deleted file mode 100644
index 8bfc49249..000000000
--- a/lwraft/gssapi-plugins/unix/gssapi_unix.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/* This is the gssapi_unix.h prologue. */
-
-#include <stdint.h>
-/* End of gssapi_krb5.h prologue. */
-/* -*- mode: c; indent-tabs-mode: nil -*- */
-/*
- * Copyright 1993 by OpenVision Technologies, Inc.
- *
- * Permission to use, copy, modify, distribute, and sell this software
- * and its documentation for any purpose is hereby granted without fee,
- * provided that the above copyright notice appears in all copies and
- * that both that copyright notice and this permission notice appear in
- * supporting documentation, and that the name of OpenVision not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission. OpenVision makes no
- * representations about the suitability of this software for any
- * purpose.  It is provided "as is" without express or implied warranty.
- *
- * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
- * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Module: gssapi_unix.h
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP public header file
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-
-#ifndef _GSSAPI_SRP_H_
-#define _GSSAPI_SRP_H_
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-#include <krb5.h>
-
-/* C++ friendlyness */
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-/* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
-
-/* 2.1.1. Kerberos Principal Name Form: */
-GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-
-/* 2.1.2. Host-Based Service Name Form */
-#define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) service_name(4)}.  The previously recommended symbolic
- * name for this type is "GSS_KRB5_NT_HOSTBASED_SERVICE_NAME".  The
- * currently preferred symbolic name for this type is
- * "GSS_C_NT_HOSTBASED_SERVICE". */
-
-/* 2.2.1. User Name Form */
-#define GSS_KRB5_NT_USER_NAME GSS_C_NT_USER_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) user_name(1)}.  The recommended symbolic name for this
- * type is "GSS_KRB5_NT_USER_NAME". */
-
-/* 2.2.2. Machine UID Form */
-#define GSS_KRB5_NT_MACHINE_UID_NAME GSS_C_NT_MACHINE_UID_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) machine_uid_name(2)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_MACHINE_UID_NAME". */
-
-/* 2.2.3. String UID Form */
-#define GSS_KRB5_NT_STRING_UID_NAME GSS_C_NT_STRING_UID_NAME
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * generic(1) string_uid_name(3)}.  The recommended symbolic name for
- * this type is "GSS_KRB5_NT_STRING_UID_NAME". */
-
-
-/* SRP Mechs */
-extern const gss_OID_desc * const gss_mech_srp_oid;
-extern const gss_OID_desc * const gss_mech_gssapi_srp_oid;
-extern const gss_OID_desc * const gss_nt_srp_name_oid;
-extern const gss_OID_desc * const gss_srp_password_oid;
-
-/* SRP Mech sets */
-extern const gss_OID_set_desc * const gss_mech_set_srp;
-
-/* "Made up" SRP mech OID */
-#define GSS_SRP_MECH_OID_ST               (gss_mech_srp_oid->elements)
-#define GSS_SRP_MECH_OID_LEN_ST           (gss_mech_srp_oid->length)
-
-/* Officially allocated GSSAPI_SRP mech OID */
-#define GSSAPI_SRP_MECH_OID_ST            (gss_mech_gssapi_srp_oid->elements)
-#define GSSAPI_SRP_MECH_OID_LEN_ST        (gss_mech_gssapi_srp_oid->length)
-
-#define GSS_SRP_NT_GENERAL_NAME_ST        gss_nt_srp_name_oid
-#define GSS_SRP_NT_GENERAL_NAME_LEN_ST    10
-
-/* "Made up" password OID; stolen from Likewise NTLM */
-#define GSS_CRED_OPT_PW_ST              (gss_srp_password_oid->elements)
-#define GSS_CRED_OPT_PW_LEN_ST          (gss_srp_password_oid->length)
-
-/* Officially allocated GSSAPI_SRP set cred option OID */
-#define GSSAPI_SRP_CRED_OPT_PW_ST         (gss_srp_cred_opt_pw_oid->elements)
-#define GSSAPI_SRP_CRED_OPT_PW_LEN_ST     (gss_srp_cred_opt_pw_oid->length)
-
-/* UNIX Mechs */
-extern const gss_OID_desc * const gss_mech_unix_oid;
-extern const gss_OID_desc * const gss_mech_gssapi_unix_oid;
-extern const gss_OID_desc * const gss_nt_unix_name_oid;
-
-/* UNIX Mech sets */
-extern const gss_OID_set_desc * const gss_mech_set_unix;
-
-/* Officially allocated GSSAPI_UNIX mech OID */
-#define GSSAPI_UNIX_MECH_OID_ST            (gss_mech_gssapi_unix_oid->elements)
-#define GSSAPI_UNIX_MECH_OID_LEN_ST        (gss_mech_gssapi_unix_oid->length)
-
-/* Officially allocated GSSAPI_UNIX set cred option OID */
-#define GSSAPI_UNIX_CRED_OPT_PW_ST         (gss_unix_cred_opt_pw_oid->elements)
-#define GSSAPI_UNIX_CRED_OPT_PW_LEN_ST     (gss_unix_cred_opt_pw_oid->length)
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* _GSSAPI_SRP_H_ */
diff --git a/lwraft/gssapi-plugins/unix/includes.h b/lwraft/gssapi-plugins/unix/includes.h
deleted file mode 100644
index ffc717b5f..000000000
--- a/lwraft/gssapi-plugins/unix/includes.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifndef _WIN32
-#include <lw/types.h>
-#include <reg/lwreg.h>
-#include <reg/regutil.h>
-#else
-#include <Windows.h>
-#define snprintf _snprintf
-#endif
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdirclient.h>
-
-#include "unixregutils.h"
-#include "unixreg.h"
diff --git a/lwraft/gssapi-plugins/unix/unix_accept_sec_ctx.c b/lwraft/gssapi-plugins/unix/unix_accept_sec_ctx.c
deleted file mode 100644
index 8c05ea3cf..000000000
--- a/lwraft/gssapi-plugins/unix/unix_accept_sec_ctx.c
+++ /dev/null
@@ -1,1163 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_accept_sec_ctx.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP accept security context
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <krb5.h>
-#include "gssapiP_unix.h"
-#include "gssapi_unix.h"
-#include "gssapi_alloc.h"
-#include "unix_util.h"
-#include <lber.h>
-
-#include <vmdirdefines.h>
-#include "includes.h"
-#include "unix_crypt.h"
-
-#include <config.h>
-
-#ifdef _WIN32
-
-#include <Winsock2.h>
-#ifndef snprintf
-#define snprintf _snprintf
-
-#endif
-#else /* Linux */
-
-#include <arpa/inet.h>
-
-#endif
-
-/*
- * Win32/Likewise data types defined here, vs pulling in
- * Likewise headers, which pulls in undesired library dependencies.
- */
-#include <errno.h>
-#ifndef DWORD
-#define DWORD unsigned int
-#endif
-#ifndef PBYTE
-#define PBYTE unsigned char *
-#endif
-#ifndef PSTR
-#define PSTR char *
-#endif
-#ifndef PCSTR
-#define PCSTR const char *
-#endif
-
-#include <sasl/sasl.h>
-#include <sasl/saslutil.h>
-#include <csrp/srp.h>
-#include <dce/rpc.h>
-#include "unix_encrypt.h"
-
-static SRP_HashAlgorithm G_alg     = SRP_SHA1;
-static SRP_NGType        G_ng_type = SRP_NG_2048;
-static const char        *G_n_hex  = 0;
-static const char        *G_g_hex  = 0;
-
-static
-OM_uint32
-srp_gss_validate_oid_header(
-    OM_uint32 *minor_status,
-    gss_buffer_t in_tok,
-    int *object_len)
-{
-    unsigned char *ptr = NULL;
-    OM_uint32 maj = 0;
-    int len = 0;
-    int oid_len = 0;
-    int enc_token_len = 0;
-    int token_len = 0;
-
-    *minor_status = 0;
-    if (!in_tok || in_tok->length == 0 || !in_tok->value)
-    {
-        maj = GSS_S_NO_CONTEXT;
-        goto error;
-    }
-
-    /*
-     * tag for APPLICATION 0, Sequence[constructed, definite length]
-     * length of remainder of token
-     * tag of OBJECT IDENTIFIER
-     * length of mechanism OID
-     * encoding of mechanism OID
-     * <the rest of the token>
-     *
-     * Numerically, this looks like :
-     *
-     * 0x60
-     * <length> - could be multiple bytes
-     * 0x06
-     * <length> - assume only one byte, hence OID length < 127
-     * <mech OID bytes>
-     *
-     */
-    ptr = in_tok->value;
-    len = (int) in_tok->length;
-    if (*ptr != 0x60)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    len--, ptr++;
-
-    enc_token_len = (int) *ptr;
-    token_len = 0;
-    len--, ptr++;
-
-    if (*ptr != 0x06)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    len--, ptr++;
-    token_len++;
-
-    if (len == 0)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-    oid_len = *ptr;
-    len--, ptr++;
-    token_len++;
-
-    if (len < oid_len ||
-        len < (int) GSSAPI_UNIX_MECH_OID_LEN_ST)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-
-    if (oid_len != GSSAPI_UNIX_MECH_OID_LEN_ST &&
-        memcmp(ptr, GSSAPI_UNIX_MECH_OID_ST, oid_len) != 0)
-    {
-        maj = GSS_S_BAD_MECH;
-        goto error;
-    }
-    token_len += oid_len;
-
-    if (token_len != enc_token_len)
-    {
-        maj = GSS_S_CALL_BAD_STRUCTURE;
-        goto error;
-    }
-
-    len -= oid_len, ptr += oid_len;
-
-    *object_len = (int) (ptr - (unsigned char *) in_tok->value);
-error:
-    return maj;
-}
-
-
-/* Create the temporary SRP secret using username shadow pwd entry */
-static int
-_srpVerifierInit(
-    char *username,
-    char *password,
-    unsigned char **ret_bytes_s,
-    int *ret_len_s,
-    unsigned char **ret_bytes_v,
-    int *ret_len_v)
-{
-    int sts = 0;
-    const unsigned char *bytes_s = NULL;
-    int len_s = 0;
-    const unsigned char *bytes_v = NULL;
-    int len_v = 0;
-
-    if (!username || !password || !ret_bytes_s || !ret_bytes_v)
-    {
-        sts = -1;
-        goto error;
-    }
-
-    srp_create_salted_verification_key(
-        G_alg,
-        G_ng_type,
-        username,
-        (const unsigned char *) password,
-        (int) strlen(password),
-        &bytes_s,
-        &len_s,
-        &bytes_v,
-        &len_v,
-        G_n_hex,
-        G_g_hex);
-    
-    srp_print_hex(bytes_s, len_s, 
-                  "_srpVerifierInit(accept_sec_context): bytes_s");
-    srp_print_hex(bytes_v, len_v, 
-                  "_srpVerifierInit(accept_sec_context): bytes_v");
-
-    *ret_bytes_s = (unsigned char *) bytes_s;
-    *ret_len_s   = len_s;
-
-    *ret_bytes_v = (unsigned char *) bytes_v;
-    *ret_len_v = len_v;
-
-error:
-    return 0;
-}
-
-static
-struct SRPVerifier *
-_srpServerNew(
-    char *username,
-    unsigned char *bytes_s,
-    int len_s,
-    unsigned char *bytes_v,
-    int len_v,
-    unsigned char *bytes_A,
-    int len_A,
-    unsigned char **ret_bytes_B,
-    int *ret_len_B)
-{
-    int sts = 0;
-    const unsigned char *bytes_B = NULL;
-    int len_B = 0;
-    struct SRPVerifier *ver = NULL;
-
-    ver = srp_verifier_new(
-              G_alg,
-              G_ng_type,
-              username,
-              bytes_s,
-              len_s,
-              bytes_v,
-              len_v,
-              bytes_A,
-              len_A,
-              &bytes_B,
-              &len_B,
-              G_n_hex,
-              G_g_hex);
-    if (!bytes_B)
-    {
-        /* Verifier SRP-6a safety check violated! */
-        sts = -1;
-        goto error;
-    }
-
-    *ret_bytes_B = (unsigned char *) bytes_B;
-    *ret_len_B = len_B;
-
-error:
-    if (sts == -1)
-    {
-        ver = NULL;
-    }
-    return ver;
-}
-
-static
-int
-_srpServerVerify(
-    struct SRPVerifier *ver,
-    unsigned char *bytes_M,
-    unsigned char **ret_bytes_HAMK)
-{
-    const unsigned char *bytes_HAMK = NULL;
-    int sts = 0;
-    srp_verifier_verify_session(ver, bytes_M, &bytes_HAMK);
-
-    if ( !bytes_HAMK )
-    {
-        sts = -1;
-        goto error;
-    }
-
-    *ret_bytes_HAMK = (unsigned char *) bytes_HAMK;
-
-error:
-
-    return sts;
-}
-
-/*
- * Read SRP_AUTH_INIT token, verify version is compatible. Retrieve
- * user salt value from the /etc/shadow password file, then format
- * a reply token containing the salt value.
- */
-static
-OM_uint32
-_unix_gss_auth_init(
-    OM_uint32 *minor_status,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int sts = 0;
-    ber_tag_t ber_state = 0;
-    struct berval ber_ctx = {0};
-    BerElement *ber = NULL;
-    struct berval *ber_username = NULL;
-    ber_int_t gss_srp_version_maj = 0;
-    ber_int_t gss_srp_version_min = 0;
-    BerElement *ber_resp = NULL;
-    struct berval *flatten = NULL;
-    int berror = 0;
-    char *unix_username = NULL;
-    char *username_salt = NULL;
-    char *username_hash = NULL;
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_unix_gss_auth_init(): state=SRP_AUTH_INIT\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{ii",
-                       &ber_state, &gss_srp_version_maj, &gss_srp_version_min);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (gss_srp_version_maj != UNIX_MECH_PROTOCOL_MAJ_VERSION ||
-        gss_srp_version_min != UNIX_MECH_PROTOCOL_MIN_VERSION)
-    {
-        /*
-         * Deal with protocol/version specific issues here. Currently
-         * there is only one version, so error out if this does not match.
-         */
-        maj = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-    
-    berror = ber_scanf(ber, "O}", &ber_username);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    
-    unix_username = calloc(ber_username->bv_len + 1, sizeof(char));
-    if (!unix_username)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    memcpy(unix_username, ber_username->bv_val, ber_username->bv_len);
-    srp_debug_printf("_unix_gss_auth_init(): username=%s\n", unix_username);
-
-    /* Retrieve the salt value from the shadow password file */
-    sts = get_sp_salt(unix_username, &username_salt, &username_hash);
-    if (sts)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    srp_debug_printf("_unix_gss_auth_init(): salt=%s hash=%s\n",
-                     username_salt, username_hash);
-    srp_context_handle->username_hash = username_hash;
-    srp_context_handle->unix_username = unix_username;
-    username_hash = NULL;
-    unix_username = NULL;
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-
-    /*
-     * Response format:
-     * tag | UNIX_salt
-     */
-    berror = ber_printf(ber_resp, "t{o}",
-                 SRP_UNIX_SALT_RESPONSE,
-                 username_salt,
-                 (ber_len_t) strlen(username_salt));
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-    maj = GSS_S_CONTINUE_NEEDED;
-
-error:
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    if (ber_username)
-    {
-        ber_bvfree(ber_username);
-    }
-    if (username_salt)
-    {
-        free(username_salt);
-    }
-
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-
-    return maj;
-}
-
-/*
- * Given the shadow hash value for username, generate a temporary srp
- * "V" verifier value, which is used for authentication with the client
- * for this session. 
- */
-static
-OM_uint32
-_unix_gss_salt_resp(
-    OM_uint32 *minor_status,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    unsigned char *bytes_s = NULL;
-    int len_s = 0;
-    unsigned char *bytes_v = NULL;
-    int len_v = 0;
-    struct berval *flatten = NULL;
-    BerElement *ber = NULL;
-    BerElement *ber_resp = NULL;
-    int berror = 0;
-    struct berval ber_ctx = {0};
-    struct berval *ber_bytes_A = NULL;
-    ber_tag_t ber_state = 0;
-    struct SRPVerifier *ver = NULL;
-    unsigned char *bytes_B = NULL;
-    const unsigned char *srp_session_key = NULL;
-    int srp_session_key_len = 0;
-    int len_B = 0;
-    int sts = 0;
-
-    /*
-     * This call creates the temporary server-side SRP secret
-     *
-     * bytes_s: SRP salt, publically known to client/server
-     * bytes_v: SRP secret, privately known only by server
-     */
-    sts = _srpVerifierInit(
-              srp_context_handle->unix_username,
-              srp_context_handle->username_hash,
-              &bytes_s,
-              &len_s,
-              &bytes_v,
-              &len_v);
-    if (sts)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    srp_debug_printf("_unix_gss_salt_resp(): salt len=%d", len_s);
-    srp_print_hex(bytes_s, len_s, 
-                  "_srp_gss_auth_init(accept_sec_context): bytes_s");
-    srp_print_hex(bytes_v, len_v, 
-                  "_srp_gss_auth_init(accept_sec_context): bytes_v");
-
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_unix_gss_salt_resp(): state=SRP_UNIX_SALT_RESPONSE\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_bytes_A);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_unix_gss_salt_resp(accept_sec_context): bytes_A");
-    srp_print_hex(ber_bytes_A->bv_val,
-                  (int) ber_bytes_A->bv_len,
-                  "_srp_gss_auth_init(accept_sec_context): bytes_A");
-
-    ver = _srpServerNew(
-              srp_context_handle->unix_username,
-              bytes_s,
-              len_s,
-              bytes_v,
-              len_v,
-              ber_bytes_A->bv_val,
-              (int) ber_bytes_A->bv_len,
-              &bytes_B,
-              &len_B);
-    
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-
-    /*
-     * Response format:
-     * tag | MDA | salt | B
-     */
-    berror = ber_printf(ber_resp, "t{ooo}",
-                 SRP_AUTH_SALT_RESP,
-/* TBD: Make this a macro */
-                 "SHA-1",
-                 (ber_len_t) strlen("SHA-1"),
-                 bytes_s,
-                 (ber_len_t) len_s,
-                 bytes_B,
-                 (ber_len_t) len_B);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_unix_gss_salt_resp(accept_sec_context): bytes_B");
-    srp_print_hex(bytes_B,
-                  (int) len_B,
-                  "_srp_gss_auth_init(accept_sec_context): bytes_B");
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-    srp_context_handle->srp_ver = ver;
-
-    srp_session_key = srp_verifier_get_session_key(
-        srp_context_handle->srp_ver,
-        &srp_session_key_len);
-    if (!srp_session_key || srp_session_key_len == 0)
-    {
-        min = sts;
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (srp_session_key && srp_session_key_len > 0)
-    {
-        srp_context_handle->srp_session_key =
-            calloc(srp_session_key_len, sizeof(unsigned char));
-        if (!srp_context_handle->srp_session_key)
-        {
-            maj = GSS_S_FAILURE;
-            min = ENOMEM;
-            goto error;
-        }
-        memcpy(srp_context_handle->srp_session_key,
-               srp_session_key,
-               srp_session_key_len);
-        srp_context_handle->srp_session_key_len = srp_session_key_len;
-
-        srp_print_hex(srp_session_key, srp_session_key_len,
-                      "_srp_gss_auth_init(accept_sec_ctx) got session key");
-    }
-
-    maj = GSS_S_CONTINUE_NEEDED;
-
-error:
-    if (ber_bytes_A)
-    {
-        ber_bvfree(ber_bytes_A);
-    }
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-    if (bytes_v)
-    {
-        free(bytes_v);
-    }
-    if (bytes_s)
-    {
-        free(bytes_s);
-    }
-
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-
-    return maj;
-}
-
-static
-OM_uint32
-_srp_gss_validate_client(
-    OM_uint32 *minor_status,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int berror = 0;
-    ber_tag_t ber_state = 0;
-    BerElement *ber = NULL;
-    BerElement *ber_resp = NULL;
-    struct berval ber_HAMK = {0};
-    struct berval *ber_srp_bytes_M = NULL;
-    struct berval ber_ctx = {0};
-    unsigned char *bytes_HAMK = NULL;
-    struct berval *flatten = NULL;
-    int sts = 0;
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_srp_gss_validate_client(): "
-                     "state=SRP_AUTH_CLIENT_VALIDATE\n");
-
-    /*
-     * ptr points to ASN.1 encoded data which is dependent on the authentication
-     * state. The appropriate decoder format string is applied for each state
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_srp_bytes_M);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        min = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state || ber_srp_bytes_M->bv_len == 0)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(ber_srp_bytes_M->bv_val, (int) ber_srp_bytes_M->bv_len,
-                  "_srp_gss_validate_client(accept_sec_ctx) received bytes_M");
-
-    min = _srpServerVerify(
-              srp_context_handle->srp_ver,
-              ber_srp_bytes_M->bv_val,
-              &bytes_HAMK);
-    if (min == -1 || !bytes_HAMK)
-    {
-        /*
-         * Bad password will cause this to fail. Do not bail on error here.
-         * Merely generate a NULL HAMK response below, to complete the
-         * SRP protocol exchange with the client. The client tests for an
-         * empty HAMK token, and formulates the proper error.
-         */
-        srp_debug_printf("_srp_gss_validate_client: "
-                         "srp_verifier_verify_session() failed!!!\n");
-    }
-
-    /*
-     * ASN.1 encode the bytes_HAMK value, sending it back to the client
-     * for validation. That will complete the authentication process if that
-     * succeeds.
-     */
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    /*
-     * Generate HAMK response. When min is an error code,
-     * an empty HAMK response (zero length) is created.
-     */
-    if (min == 0)
-    {
-        sts = srp_verifier_get_session_key_length(
-                  srp_context_handle->srp_ver);
-        if (sts == 0)
-        {
-            maj = GSS_S_FAILURE;
-            goto error;
-        }
-        ber_HAMK.bv_len = sts;
-    }
-
-    ber_HAMK.bv_val = (void *) bytes_HAMK;
-    berror = ber_printf(ber_resp, "t{O}",
-                  (int) SRP_AUTH_SERVER_VALIDATE,
-                  &ber_HAMK);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-    /*
-     * From server's perspective, authentication is done. However,
-     * there is a final output_token to process by gss_init_sec_context().
-     */
-    maj = GSS_S_COMPLETE;
-
-error:
-    if (ber_srp_bytes_M)
-    {
-        ber_bvfree(ber_srp_bytes_M);
-    }
-    ber_bvfree(flatten);
-    ber_free(ber, 1);
-    ber_free(ber_resp, 1);
-    if (maj)
-    {
-        if (min)
-        {
-            *minor_status = min;
-        }
-    }
-    return maj;
-}
-
-
-/*
- * Report error status to client, and the final
- * minor status from the server.
- * This is the end, my friend...
- */
-static
-OM_uint32
-_srp_gss_accept_sec_ctx_error_resp(
-    OM_uint32 *minor_status,
-    gss_buffer_t output_token)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    int berror = 0;
-    BerElement *ber_resp = NULL;
-    struct berval *flatten = NULL;
-
-    ber_resp = ber_alloc_t(LBER_USE_DER);
-    if (!ber_resp)
-    {
-        maj = GSS_S_FAILURE;
-        min = ENOMEM;
-        goto error;
-    }
-    berror = ber_printf(ber_resp, "t{i}",
-                  (int) SRP_AUTH_FAILED,
-                  *minor_status);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_flatten(ber_resp, &flatten);
-    if (berror == -1)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token->value = gssalloc_calloc(1, flatten->bv_len);
-    if (!output_token->value)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-    output_token->length = flatten->bv_len;
-    memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
-
-error:
-    ber_bvfree(flatten);
-    ber_free(ber_resp, 1);
-    if (maj)
-    {
-        /* Cleanup return memory stuff here */
-    }
-
-    return maj;
-}
-
-OM_uint32
-srp_gss_accept_sec_context(
-                OM_uint32 *minor_status,
-                gss_ctx_id_t *context_handle,
-                gss_cred_id_t verifier_cred_handle,
-                gss_buffer_t input_token,
-                gss_channel_bindings_t input_chan_bindings,
-                gss_name_t *src_name,
-                gss_OID *mech_type,
-                gss_buffer_t output_token,
-                OM_uint32 *ret_flags,
-                OM_uint32 *time_rec,
-                gss_cred_id_t *delegated_cred_handle)
-{
-    int oid_len = 0;
-    int state = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    unsigned char *ptr = NULL;
-    int ptr_len = 0;
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    OM_uint32 tmp_maj = 0;
-    OM_uint32 tmp_min = 0;
-    gss_buffer_desc input_token_srp = {0};
-    srp_gss_ctx_id_t srp_context_handle = NULL;
-    krb5_error_code krb5_err = 0;
-    gss_cred_id_t srp_cred_handle = NULL;
-    gss_buffer_desc name_buf = {0};
-
-    if (minor_status == NULL ||
-        output_token == GSS_C_NO_BUFFER ||
-        context_handle == NULL)
-    {
-        return GSS_S_CALL_INACCESSIBLE_WRITE;
-    }
-
-    if (input_token == GSS_C_NO_BUFFER)
-    {
-        return GSS_S_CALL_INACCESSIBLE_READ;
-    }
-
-    if (minor_status)
-    {
-        *minor_status = 0;
-    }
-
-    if (output_token != GSS_C_NO_BUFFER)
-    {
-        output_token->length = 0;
-        output_token->value = NULL;
-    }
-
-    if (!context_handle)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (*context_handle)
-    {
-        srp_context_handle = (srp_gss_ctx_id_t) *context_handle;
-    }
-    else
-    {
-        /* First call, allocate context handle */
-        srp_context_handle =
-            (srp_gss_ctx_id_t) calloc(1, sizeof(srp_gss_ctx_id_rec));
-        if (!srp_context_handle)
-        {
-            min = ENOMEM;
-            maj = GSS_S_FAILURE;
-            goto error;
-        }
-        memset(srp_context_handle, 0, sizeof(srp_gss_ctx_id_rec));
-
-        /* Needed for Kerberos AES256-SHA1 keyblock generation */
-        krb5_err = krb5_init_context(&srp_context_handle->krb5_ctx);
-        if (krb5_err)
-        {
-            maj = GSS_S_FAILURE;
-            min = krb5_err;
-            goto error;
-        }
-        maj = srp_gss_acquire_cred(
-                  &min,
-                  GSS_C_NO_NAME,
-                  0,
-                  NULL,
-                  GSS_C_ACCEPT,
-                  &srp_cred_handle,
-                  NULL,
-                  NULL);
-        if (maj)
-        {
-            goto error;
-        }
-        srp_cred = (srp_gss_cred_id_t) srp_cred_handle;
-        srp_context_handle->magic_num = SRP_MAGIC_ID;
-
-        maj = srp_gss_duplicate_oid(&min,
-                                    srp_cred->srp_mech_oid,
-                                    &srp_context_handle->mech);
-        if (maj)
-        {
-            goto error;
-        }
-
-        srp_context_handle->state = SRP_AUTH_INIT;
-        srp_context_handle->cred = (srp_gss_cred_id_t) verifier_cred_handle;
-        *context_handle = (gss_ctx_id_t) srp_context_handle;
-    }
-
-    ptr = (unsigned char*) input_token->value;
-    ptr_len = (int) input_token->length;
-    maj = srp_gss_validate_oid_header(
-              &min,
-              input_token,
-              &oid_len);
-    if (maj)
-    {
-        goto error;
-    }
-
-    ptr += oid_len;
-    ptr_len -= oid_len;
-    input_token_srp.value = ptr;
-    input_token_srp.length = ptr_len;
-
-    /* This is the "t" field of ber_scanf() */
-    state = SRP_AUTH_STATE_VALUE(ptr[0]);
-
-    /* Verify state machine is consistent with expected state */
-    state = SRP_AUTH_STATE_VALUE(ptr[0]);
-
-    if (state != srp_context_handle->state)
-    {
-        maj = GSS_S_FAILURE;
-        goto error;
-    }
-
-    switch(state)
-    {
-      case SRP_AUTH_INIT:
-        srp_debug_printf("srp_gss_accept_sec_context: state=SRP_AUTH_INIT\n");
-        maj = _unix_gss_auth_init(minor_status,
-                                  srp_context_handle,
-                                  state,
-                                  &input_token_srp,
-                                  output_token);
-        if (maj)
-        {
-            if (maj == GSS_S_CONTINUE_NEEDED)
-            {
-                srp_context_handle->state = SRP_UNIX_SALT_RESPONSE;
-            }
-            goto error;
-        }
-        break;
-
-      case SRP_UNIX_SALT_RESPONSE:
-        maj = _unix_gss_salt_resp(minor_status,
-                                 srp_context_handle,
-                                 state,
-                                 &input_token_srp,
-                                 output_token);
-        if (maj)
-        {
-            if (maj == GSS_S_CONTINUE_NEEDED)
-            {
-                srp_context_handle->state = SRP_AUTH_CLIENT_VALIDATE;
-            }
-            goto error;
-        }
-        break;
-
-      case SRP_AUTH_CLIENT_VALIDATE:
-        srp_debug_printf("srp_gss_accept_sec_context: "
-                         "state=SRP_AUTH_CLIENT_VALIDATE\n");
-        maj = _srp_gss_validate_client(minor_status,
-                                       srp_context_handle,
-                                       state,
-                                       &input_token_srp,
-                                       output_token);
-        if (maj != GSS_S_CONTINUE_NEEDED && maj != GSS_S_COMPLETE)
-        {
-            /* Hard error occurred */
-            goto error;
-        }
-
-        srp_context_handle->state = SRP_AUTH_COMPLETE;
-        if (mech_type)
-        {
-            /* The security mechanism with which the context was established.
-             * If the security mechanism type is not required, specify NULL
-             * for this parameter. The gss_OID value returned for this
-             * parameter points to a read-only structure and must not be
-             * released by the application.
-             */
-            *mech_type = srp_context_handle->mech;
-        }
-
-        if (src_name)
-        {
-            /* Optional: Return UPN name to caller */
-            name_buf.value = srp_context_handle->unix_username;
-            name_buf.length = strlen(name_buf.value);
-
-            tmp_maj = gss_import_name(
-                          &min,
-                          &name_buf,
-                          GSS_C_NT_ANONYMOUS,
-                          src_name);
-            if (tmp_maj)
-            {
-                maj = tmp_maj;
-                *minor_status = tmp_min;
-                goto error;
-            }
-            srp_context_handle->upn_name =
-                strdup(srp_context_handle->unix_username);
-        }
-        break;
-
-      /* This should never happen, but include for completeness-sake */
-      case SRP_AUTH_COMPLETE:
-        srp_debug_printf("srp_gss_accept_sec_context: "
-                         "state=SRP_AUTH_COMPLETE\n");
-        maj = GSS_S_COMPLETE;
-        break;
-
-      default:
-        srp_debug_printf("srp_gss_accept_sec_context: state=UNKNOWN!!!\n");
-        maj = GSS_S_FAILURE;
-        goto error;
-        break;
-    }
-
-    if (srp_context_handle->state == SRP_AUTH_COMPLETE)
-    {
-        krb5_err = srp_make_enc_keyblock(srp_context_handle);
-        if (krb5_err)
-        {
-            maj = GSS_S_FAILURE;
-            min = krb5_err;
-            goto error;
-        }
-    }
-
-error:
-    if (maj != GSS_S_CONTINUE_NEEDED && maj != GSS_S_COMPLETE)
-    {
-        _srp_gss_accept_sec_ctx_error_resp(
-            minor_status,
-            output_token);
-    }
-
-    if (srp_cred_handle)
-    {
-        srp_gss_release_cred(&tmp_min, &srp_cred_handle);
-    }
-    return maj;
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_acquire_cred.c b/lwraft/gssapi-plugins/unix/unix_acquire_cred.c
deleted file mode 100644
index 0b63ed4cd..000000000
--- a/lwraft/gssapi-plugins/unix/unix_acquire_cred.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_acquire_cred.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP acquire cred
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include "unix_util.h"
-#include "gssapi_alloc.h"
-
-#include <gssapi/gssapi_krb5.h>
-#include <errno.h>
-#include <string.h>
-
-
-OM_uint32
-srp_gss_acquire_cred(
-    OM_uint32 *minor_status,
-    gss_name_t desired_name,
-    OM_uint32 time_req,
-    gss_OID_set desired_mechs,
-    gss_cred_usage_t cred_usage,
-    gss_cred_id_t *output_cred_handle,
-    gss_OID_set *actual_mechs,
-    OM_uint32 *time_rec)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    gss_name_t username_buf = NULL;
-
-    /* Official "UNIX OID" */
-    int gssapi_srp_mech_oid_len = GSSAPI_UNIX_MECH_OID_LEN_ST;
-    unsigned char *srp_mech_oid = GSSAPI_UNIX_MECH_OID_ST;
-
-    /* Allocate the cred structure */
-    srp_cred = (srp_gss_cred_id_t) gssalloc_malloc(sizeof(*srp_cred));
-    if (!srp_cred)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(srp_cred, 0, sizeof(*srp_cred));
-
-    /* Allocate/set the mech OID; must be SRP for this method to be called */
-    srp_cred->srp_mech_oid =
-        (gss_OID) gssalloc_malloc(sizeof(*srp_cred->srp_mech_oid));
-    if (!srp_cred->srp_mech_oid)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(srp_cred->srp_mech_oid, 0, sizeof(*srp_cred->srp_mech_oid));
-    srp_cred->srp_mech_oid->elements =
-        (void *) gssalloc_malloc(gssapi_srp_mech_oid_len);
-    if (!srp_cred->srp_mech_oid->elements)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_cred->srp_mech_oid->length = gssapi_srp_mech_oid_len;
-    memcpy(srp_cred->srp_mech_oid->elements,
-           srp_mech_oid,
-           gssapi_srp_mech_oid_len);
-
-    if (desired_name)
-    {
-        major = gss_duplicate_name(&minor, desired_name, &username_buf);
-        if (major)
-        {
-            goto error;
-        }
-
-        srp_cred->name = username_buf, username_buf = NULL;
-    }
-    *output_cred_handle = (gss_cred_id_t) srp_cred;
-
-error:
-    if (major || minor)
-    {
-        *minor_status = minor;
-        if (srp_cred)
-        {
-            if (srp_cred->srp_mech_oid)
-            {
-                if (srp_cred->srp_mech_oid->elements)
-                {
-                    gssalloc_free(srp_cred->srp_mech_oid->elements);
-                }
-                gssalloc_free(srp_cred->srp_mech_oid);
-            }
-            gssalloc_free(srp_cred);
-        }
-    }
-
-    return major;
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_crypt.c b/lwraft/gssapi-plugins/unix/unix_crypt.c
deleted file mode 100644
index 176e03195..000000000
--- a/lwraft/gssapi-plugins/unix/unix_crypt.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <shadow.h>
-#include <errno.h>
-
-/* Needed for SLES11, not sure about other UNIX platforms */
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-#ifndef __USE_GNU
-#define __USE_GNU
-#endif
-
-#include <crypt.h>
-#include <stdio.h>
-
-#define CRYPT_MD5         "$1$"
-#define CRYPT_BLOWFISH_2A "$2a$"
-#define CRYPT_BLOWFISH_2B "$2b$"
-#define CRYPT_BLOWFISH_2X "$2x$"
-#define CRYPT_BLOWFISH_2Y "$2y$"
-#define CRYPT_SHA_256     "$5$"
-#define CRYPT_SHA_512     "$6$"
-
-#ifdef _WIN32
-int get_sp_salt(const char *username,
-                char **ret_salt,
-                char **ret_encpwd)
-{
-    /*
-     * This cannot be supported on Windows, as there is no
-     * /etc shadow password file. The equivalent "local provider"
-     * hash is not accessable, making this functionality impossible to 
-     * support on Win32 platforms.
-     */
-    return ERROR_NOT_SUPPORTED;
-}
-#else
-/*
- * This function looks up "username" in the shadow password file, determines
- * the hash algorithm type, and returns the salt and the password
- * hash for that user.
- * 
- * Given the salt and the user password, then the hash can be created.
- * The generated hash is used as an SRP password (client side), and
- * the generator for the SRP secret (server side).
- *
- * Crypt password file format references:
- * http://php.net/manual/en/function.crypt.php
- * http://en.wikipedia.org/wiki/Crypt_%28C%29#Blowfish-based_scheme
- *
- * Look up from the shadow password file the specified user, and if found,
- * return the salt field parsed out from the hash entry
- *
- * Algorithm ID
- * $1$  MD5
- * 12 characters salt follows
- *
- * $2a$ Blowfish
- * $2b$ Blowfish
- * $2x$ Blowfish
- * $2y$ Blowfish
- * Blowfish salt format:
- * $id$NN$-----22 chars-salt----++++++hash+++++:
- *
- * SHA salt format
- * $5$  SHA-256
- * $6$  SHA-512
- * $ID$salt$hash
- */
-int get_sp_salt(const char *username,
-                char **ret_salt,
-                char **ret_encpwd)
-{
-    int st = 0;
-    int is_locked = 0;
-    struct spwd *spval = NULL;
-    struct spwd spval_buf = {0};
-    char *spbuf_str = NULL;
-    int spbuf_str_len = 256;
-    int salt_len = 0;
-    char *salt = NULL;
-    char *encpwd = NULL;
-    char *sp = NULL;
-    int cur_uid = 0;
-    
-    if (!username || !ret_salt || !ret_encpwd)
-    {
-        st = -1;
-        errno = EINVAL;
-        goto error;
-    }
-
-    /* Must be root to read shadow password file */
-    cur_uid = getuid();
-    seteuid(0);
-
-    /* Obtain password file lock, and hold minimum amount of time */
-    st = lckpwdf();
-    if (st == -1)
-    {
-        goto error;
-    }
-    is_locked = 1;
-
-    spbuf_str = calloc(spbuf_str_len, sizeof(char));
-    if (!spbuf_str)
-    {
-        st = -1;
-        goto error;
-    }
-    st = getspnam_r(username,
-                    &spval_buf,
-                    spbuf_str,
-                    spbuf_str_len,
-                    &spval);
-
-    if (!spval || st == -1)
-    {
-        /* Failed due to permissions or entry not found */
-        st = -1;
-        goto error;
-    }
-    salt = strdup(spval->sp_pwdp);
-    if (!salt)
-    {
-        /* errno is set */
-        st = -1;
-        goto error;
-    }
-    encpwd = strdup(spval->sp_pwdp);
-    if (!encpwd)
-    {
-        /* errno is set */
-        st = -1;
-        goto error;
-    }
-    ulckpwdf();
-    seteuid(cur_uid);
-    is_locked = 0;
-   
-    /* CRYPT_DES hash is not supported; how to test? */
-
-    /* Determine the hash algorithn, and therefore the salt length */
-    if (!strncmp(salt, CRYPT_MD5, strlen(CRYPT_MD5)))
-    {
-        /* $1$123456789012 */
-        salt_len = 12 + 3;
-    }
-    else if (!strncmp(salt, CRYPT_BLOWFISH_2A, strlen(CRYPT_BLOWFISH_2A)) ||
-             !strncmp(salt, CRYPT_BLOWFISH_2B, strlen(CRYPT_BLOWFISH_2B)) ||
-             !strncmp(salt, CRYPT_BLOWFISH_2X, strlen(CRYPT_BLOWFISH_2X)) ||
-             !strncmp(salt, CRYPT_BLOWFISH_2Y, strlen(CRYPT_BLOWFISH_2Y)))
-    {
-        /* $2a$05$1234567890123456789012 */
-        salt_len = 22 + 7;
-    }
-    else if (!strncmp(salt, CRYPT_SHA_256, strlen(CRYPT_SHA_256)) ||
-             !strncmp(salt, CRYPT_SHA_512, strlen(CRYPT_SHA_512)))
-    {
-        sp = strrchr(salt, '$');
-        salt_len = sp - salt + 1;
-    }
-    salt[salt_len] = '\0';
-    *ret_salt = salt;
-    *ret_encpwd = encpwd;
-    salt = NULL;
-
-error:
-    if (is_locked)
-    {
-        ulckpwdf();
-        seteuid(cur_uid);
-    }
-    if (spbuf_str)
-    {
-        free(spbuf_str);
-    }
-    if (st == -1)
-    {
-        if (salt)
-        {
-            free(salt);
-            salt = NULL;
-        }
-        if (encpwd)
-        {
-            free(encpwd);
-            encpwd = NULL;
-        }
-    }
-    return st;
-}
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_crypt.h b/lwraft/gssapi-plugins/unix/unix_crypt.h
deleted file mode 100644
index 243d453bb..000000000
--- a/lwraft/gssapi-plugins/unix/unix_crypt.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef _UNIX_CRYPT_H
-#define _UNIX_CRYPT_H
-
-int get_sp_salt(const char *username,
-                char **ret_salt,
-                char **ret_encpwd);
-
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_del_sec_ctx.c b/lwraft/gssapi-plugins/unix/unix_del_sec_ctx.c
deleted file mode 100644
index 196f3f607..000000000
--- a/lwraft/gssapi-plugins/unix/unix_del_sec_ctx.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_del_sec_ctx.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP delete security context
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include "gssapiP_unix.h"
-#include "includes.h"
-#include <csrp/srp.h>
-
-/*
- * Cleanup SRP client-side memory. SRP server-side binding handle
- * and SRP verifier handle are cleaned up by srp_gss_accept_sec_context()
- * when the authentication exchange is complete, pass or fail.
- * Note: calling these cleanup routines here causes a hang;
- *       the reason is unknown.
- */
-OM_uint32
-srp_gss_delete_sec_context(
-                OM_uint32 *minor_status,
-                gss_ctx_id_t *context_handle,
-                gss_buffer_t output_token)
-{
-    srp_gss_ctx_id_t srp_ctx = NULL;
-    OM_uint32 tmp_minor = GSS_S_COMPLETE;
-    OM_uint32 ret = GSS_S_COMPLETE;
-
-    if (context_handle == NULL)
-    {
-        return (GSS_S_FAILURE);
-    }
-
-    srp_ctx = (srp_gss_ctx_id_t) *context_handle;
-
-    if (srp_ctx->upn_name)
-    {
-        free(srp_ctx->upn_name);
-    }
-
-    if (srp_ctx->unix_username)
-    {
-        free(srp_ctx->unix_username);
-    }
-    if (srp_ctx->username_hash)
-    {
-        free(srp_ctx->username_hash);
-    }
-
-    if (srp_ctx->srp_session_key)
-    {
-        free(srp_ctx->srp_session_key);
-    }
-
-    if (srp_ctx->srp_usr)
-    {
-        srp_user_delete(srp_ctx->srp_usr);
-        srp_ctx->srp_usr = NULL;
-    }
-
-    if (srp_ctx->srp_ver)
-    {
-        srp_verifier_delete(srp_ctx->srp_ver);
-        srp_ctx->srp_ver = NULL;
-    }
-
-    if (srp_ctx->mech)
-    {
-        gss_release_oid(&tmp_minor, &srp_ctx->mech);
-    }
-
-    if (srp_ctx->krb5_ctx)
-    {
-        if (srp_ctx->keyblock)
-        {
-            krb5_free_keyblock_contents(srp_ctx->krb5_ctx, srp_ctx->keyblock);
-            free(srp_ctx->keyblock);
-            srp_ctx->keyblock = NULL;
-        }
-
-        krb5_free_context(srp_ctx->krb5_ctx);
-        srp_ctx->krb5_ctx = NULL;
-    }
-
-    HMAC_CTX_cleanup(&srp_ctx->hmac_ctx);
-
-    free(*context_handle);
-    *context_handle = NULL;
-    return (ret);
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_disp_name.c b/lwraft/gssapi-plugins/unix/unix_disp_name.c
deleted file mode 100644
index ae3b0dfef..000000000
--- a/lwraft/gssapi-plugins/unix/unix_disp_name.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_disp_name.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP display name; KRB5 canonicalized name format
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include "unix_util.h"
-#include <gssapi/gssapi_krb5.h>
-
-OM_uint32
-srp_gss_display_name(
-    OM_uint32 *minor_status,
-    gss_name_t input_name,
-    gss_buffer_t output_name_buffer,
-    gss_OID *output_name_type)
-{
-    OM_uint32 status = GSS_S_COMPLETE;
-    dsyslog("Entering display_name\n");
-
-    status = gss_display_name(minor_status, input_name,
-        output_name_buffer, NULL);
-
-    dsyslog("Leaving display_name\n");
-    return (status);
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_encrypt.c b/lwraft/gssapi-plugins/unix/unix_encrypt.c
deleted file mode 100644
index ce4e36d18..000000000
--- a/lwraft/gssapi-plugins/unix/unix_encrypt.c
+++ /dev/null
@@ -1,573 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_encrypt.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Functions related to SRP data encryption
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include <krb5.h>
-#include <sasl/saslutil.h>
-#include <errno.h>
-#include <string.h>
-#include "unix_encrypt.h"
-#include "unix_util.h"
-#include "gssapi_alloc.h"
-
-krb5_error_code
-srp_gen_keyblock(
-    krb5_context krb5_ctx,
-    char *enc_keytype,
-    char *pass,
-    char *salt,
-    krb5_keyblock *key)
-{
-    krb5_error_code krb_err = 0;
-    krb5_enctype enctype;
-    krb5_data pass_data = {0};
-    krb5_data salt_data = {0};
-
-    memset(&enctype, 0, sizeof(enctype));
-
-    pass_data.data = pass;
-    pass_data.length = (int) strlen(pass);
-    salt_data.data = salt;
-    salt_data.length = (int) strlen(salt);
-
-#if 0
-    /* Prefer to use this, as it takes ENCTYPE_AES256_CTS_HMAC_SHA1_96 */
-    enctype = find_enctype(enc_keytype);
-    if (!enctype)
-    {
-        krb_err = EINVAL;
-        goto error;
-    }
-#else
-    krb_err = krb5_string_to_enctype(
-                  enc_keytype,
-                  &enctype);
-    if (krb_err)
-    {
-        goto error;
-    }
-#endif
-
-    krb_err = krb5_c_string_to_key(
-                  krb5_ctx,
-                  enctype,
-                  &pass_data,
-                  &salt_data,
-                  key);
-    if (krb_err)
-    {
-        goto error;
-    }
-
-error:
-
-    return krb_err;
-}
-
-static krb5_error_code
-srp_expand_session_key(
-    const char *pass,
-    int passlen,
-    const unsigned char *salt,
-    int saltlen,
-    int iter,
-    int keylen,
-    unsigned char *out)
-{
-    krb5_error_code sts = 0;
-    sts = PKCS5_PBKDF2_HMAC(
-              pass,
-              passlen,
-              salt,
-              saltlen,
-              iter,
-              SRP_EXPAND_KEY_HASH,
-              keylen,
-              out);
-    return sts == 0 ? EINVAL : 0;
-}
-
-static int
-srp_init_hmac(
-    HMAC_CTX *phctx,
-    unsigned char *key,
-    int key_len)
-{
-    int sts = 0;
-    HMAC_CTX hctx;
-    unsigned char md[40] = {0};
-    unsigned int mdlen = 0;
-
-    memset(&hctx, 0, sizeof(hctx));
-    HMAC_CTX_init(&hctx);
-    sts = HMAC_Init_ex(&hctx, key, key_len, EVP_sha1(), NULL);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    HMAC_Update(&hctx, "", 0);
-    HMAC_Final(&hctx, md, &mdlen);
-
-    *phctx = hctx;
-    return 0;
-}
-
-static int
-srp_compute_hmac(
-    HMAC_CTX hctx,
-    unsigned char *data,
-    int data_len,
-    unsigned char *md,
-    int *md_len)
-{
-    int sts = 0;
-
-    /* These functions return 0 on error, 1 for success */
-    sts = HMAC_Init_ex(&hctx, NULL, 0, EVP_sha1(), NULL);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    sts = HMAC_Update(&hctx, data, data_len);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    sts = HMAC_Final(&hctx, md, md_len);
-    if (sts == 0)
-    {
-        return sts;
-    }
-    return sts;
-}
-
-krb5_error_code
-srp_make_enc_keyblock(
-    srp_gss_ctx_id_t srp_context_handle)
-{
-    char *srp_session_key_str = NULL;
-    unsigned char *hmac_key = NULL;
-    int b64_alloc_len = 0;
-
-    unsigned char *ptr_expanded_key = NULL;
-    unsigned char expanded_session_key[SRP_EXPAND_KEY_LEN] = {0};
-
-    unsigned char srp_session_key[SRP_EXPAND_SESSION_KEY_LEN] = {0};
-    int srp_session_key_len = sizeof(srp_session_key);
-
-    unsigned char iv_data[AES_BLOCK_SIZE] = {0};
-    int iv_data_len = sizeof(iv_data);
-
-    int b64_session_key_len = 0;
-    krb5_error_code krb5_err = KRB5_BAD_ENCTYPE;
-
-    if (!srp_context_handle->srp_session_key ||
-        srp_context_handle->srp_session_key_len == 0)
-    {
-        krb5_err = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    srp_print_hex(srp_context_handle->srp_session_key,
-                  srp_context_handle->srp_session_key_len,
-                  "srp_make_enc_keyblock: SRP-negotiated session key ");
-
-    /* Expand SRP session key to obtain more bytes for IV/session key */
-    krb5_err = srp_expand_session_key(
-                   srp_context_handle->srp_session_key,
-                   srp_context_handle->srp_session_key_len,
-                   srp_context_handle->upn_name,         /* salt */
-                   (int) strlen(srp_context_handle->upn_name), /* salt length */
-                   SRP_EXPAND_KEY_ITER,
-                   sizeof(expanded_session_key),
-                   expanded_session_key);
-    if (krb5_err)
-    {
-        goto error;
-    }
-
-    /* Carve up parts of the expanded key for various purposes */
-    ptr_expanded_key = expanded_session_key;
-
-    /* Initialization vector */
-    memcpy(iv_data, ptr_expanded_key, iv_data_len);
-    ptr_expanded_key += iv_data_len;
-
-    srp_print_hex(iv_data,
-                  iv_data_len,
-                  "srp_make_enc_keyblock: got initialization vector ");
-
-    /* SRP "derived session" key */
-    memcpy(srp_session_key, ptr_expanded_key, srp_session_key_len);
-    ptr_expanded_key += sizeof(srp_session_key);
-
-    /* HMAC key, remaining 16 bytes */
-    hmac_key = ptr_expanded_key;
-
-    srp_print_hex(srp_session_key,
-                  srp_session_key_len,
-                  "srp_make_enc_keyblock: got derived session key");
-
-    /* Build b64 encoded string of SRP session key */
-    b64_alloc_len = (srp_session_key_len + 2) / 3  * 4 + 1;
-    srp_session_key_str = calloc(b64_alloc_len, sizeof(char));
-    if (!srp_session_key_str)
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-
-    krb5_err = sasl_encode64(
-                   srp_session_key,
-                   srp_session_key_len,
-                   srp_session_key_str,
-                   b64_alloc_len,
-                   &b64_session_key_len);
-    if (krb5_err)
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-    srp_session_key_str[b64_session_key_len] = '\0';
-
-    srp_context_handle->keyblock = calloc(1, sizeof(krb5_keyblock));
-    if (!srp_context_handle->keyblock)
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-
-    /* Generate encryption key from SRP shared key */
-    krb5_err = srp_gen_keyblock(
-                   srp_context_handle->krb5_ctx,
-                   SRP_ENC_KEYTYPE,
-                   srp_session_key_str,
-                   srp_context_handle->upn_name,
-                   srp_context_handle->keyblock);
-    if (krb5_err)
-    {
-        goto error;
-    }
-
-    srp_print_hex(srp_context_handle->keyblock->contents,
-                  srp_context_handle->keyblock->length,
-                  "srp_make_enc_keyblock: keyblock value");
-
-     memset(srp_context_handle->aes_encrypt_iv, 0, iv_data_len);
-     memcpy(srp_context_handle->aes_encrypt_iv, iv_data, iv_data_len);
-
-     memset(srp_context_handle->aes_decrypt_iv, 0, iv_data_len);
-     memcpy(srp_context_handle->aes_decrypt_iv, iv_data, iv_data_len);
-
-    AES_set_encrypt_key(
-        srp_context_handle->keyblock->contents,
-        srp_context_handle->keyblock->length * 8,
-        &srp_context_handle->aes_encrypt_key);
-    AES_set_decrypt_key(
-        srp_context_handle->keyblock->contents,
-        srp_context_handle->keyblock->length * 8,
-        &srp_context_handle->aes_decrypt_key);
-
-    if (srp_init_hmac(&srp_context_handle->hmac_ctx,
-                      hmac_key,
-                      SRP_EXPAND_HMAC_KEY))
-    {
-        krb5_err = ENOMEM;
-        goto error;
-    }
-
-error:
-    if (krb5_err)
-    {
-        if (srp_context_handle->keyblock)
-        {
-            free(srp_context_handle->keyblock);
-        }
-    }
-
-    if (srp_session_key_str)
-    {
-        free(srp_session_key_str);
-    }
-    return krb5_err;
-}
-
-int
-srp_encrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *plaintext,
-    int plaintext_len,
-    unsigned char *out_ciphertext,
-    unsigned char **out_hmacbuf,
-    int *out_hmacbuf_len)
-{
-    int sts = 0;
-    int hmacbuf_len = 0;
-    int hmac_bufpad_len = 0;
-    int ciphertext_len = 0;
-    int ciphertext_pad_len = 0;
-    int verifier_len = 0;
-    unsigned char *hmacbuf = NULL;
-    unsigned char *hmacbuf_end = NULL;
-    unsigned char *ciphertext = NULL;
-    unsigned char *ret_hmacbuf = NULL;
-
-    /*
-     * Message format:
-     *   ciphertext = AES256(key, plaintext)
-     *   |-- HMAC-SHA1(ciphertext) (20) --|-- ciphertext --|)
-     *
-     * Result:
-     *   Contiguous ciphertext buffer is split into two pieces across
-     *   iov, as iov[1] cannot be resized, but iov[0] can.
-     *
-     *     iov[0] data: |-- AES256 (verifier-len) --|
-     *     iov[1] data: |-- AES256 (plaintext-len) --|
-     */
-
-    ciphertext_pad_len = AES256PAD(plaintext_len);
-    /*
-     * Note: The below padding may cause buffer expansion which cannot fit into
-     * the original iov[1] payload buffer. The "residual data" from this
-     * expansion is returned in iov[0], semantically the hmac verifier.
-     */
-    hmac_bufpad_len = ciphertext_pad_len + SRP_SHA1_HMAC_BUFSIZ;
-    hmacbuf = (unsigned char *) calloc(hmac_bufpad_len, sizeof(unsigned char));
-    if (!hmacbuf)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-    hmacbuf_end = hmacbuf;
-
-    /* Same size as the input buffer; holds the output cipher text */
-    ciphertext_len = ciphertext_pad_len;
-    ciphertext = (unsigned char *) calloc(ciphertext_len,
-                                          sizeof(unsigned char));
-    if (!ciphertext)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    /* AES256 encrypt the plaintext payload data */
-    AES_cbc_encrypt(
-        plaintext,
-        ciphertext,
-        ciphertext_len,
-        &srp_context_handle->aes_encrypt_key,
-        srp_context_handle->aes_encrypt_iv,
-        AES_ENCRYPT);
-
-    /* Perform hmac-sha validation over ciphertext payload */
-    if (!srp_compute_hmac(
-         srp_context_handle->hmac_ctx,
-         ciphertext,
-         ciphertext_len,
-         hmacbuf,
-         &hmacbuf_len))
-    {
-        sts = EINVAL;
-        goto error;
-    }
-
-    if (hmacbuf_len > SRP_SHA1_HMAC_BUFSIZ)
-    {
-        hmacbuf_len = SRP_SHA1_HMAC_BUFSIZ;
-    }
-    hmacbuf_end += hmacbuf_len;
-
-    srp_print_hex(hmacbuf,
-                  hmacbuf_len,
-                  "srp_encrypt_aes256_hmac_sha1: hmac =");
-
-    /* Copy the ciphertext message after the HMAC data */
-    memcpy(hmacbuf_end, ciphertext, ciphertext_len);
-
-    /* Verifier data: what cannot fit into iov[1] */
-    verifier_len = hmac_bufpad_len - ciphertext_len;
-
-    ret_hmacbuf = (unsigned char *) calloc(verifier_len,
-                                           sizeof(unsigned char));
-    if (!ret_hmacbuf)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    /* Split cipher text into two iov values: iov[0] = HMAC code */
-    memcpy(ret_hmacbuf, hmacbuf, verifier_len);
-
-    /* iov[1] = cipher text */
-    memcpy(out_ciphertext,
-           hmacbuf + verifier_len,
-           plaintext_len);
-
-    /* Additional iov[0] length due to padding expansion */
-    *out_hmacbuf = ret_hmacbuf;
-    *out_hmacbuf_len = verifier_len;
-
-error:
-    if (sts)
-    {
-        if (ret_hmacbuf)
-        {
-            free(ret_hmacbuf);
-        }
-    }
-    if (hmacbuf)
-    {
-        free(hmacbuf);
-    }
-    if (ciphertext)
-    {
-        free(ciphertext);
-    }
-    return sts;
-}
-
-
-int
-srp_decrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *in_hmacbuf,
-    int in_hmacbuf_len,
-    unsigned char *in_ciphertext,
-    int in_ciphertext_len,
-    unsigned char *ret_plaintext)
-{
-    int sts = 0;
-    unsigned char *cipherhmac_buf = NULL;
-    unsigned char *plaintext = NULL;
-    unsigned char *ciphertext_start = NULL;
-    int cipherhmac_buf_len = 0;
-    int ciphertext_len = 0;
-    int hmac_computed_len = 0;
-    unsigned char hmac[SRP_SHA1_HMAC_BUFSIZ] = {0};
-    unsigned char hmac_computed[SRP_SHA1_HMAC_BUFSIZ] = {0};
-
-    /* Splice in_hmacbuf + in_ciphertext together, this is the ciphertext */
-    cipherhmac_buf_len = in_hmacbuf_len + in_ciphertext_len;
-
-    /* Buffer must adhere to AES-256 padding requirements */
-    ciphertext_len = AES256PAD((cipherhmac_buf_len - SRP_SHA1_HMAC_BUFSIZ));
-    cipherhmac_buf = (unsigned char *) calloc(cipherhmac_buf_len,
-                                              sizeof(unsigned char));
-    if (!cipherhmac_buf)
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    plaintext = (unsigned char *) calloc(ciphertext_len,
-                                         sizeof(unsigned char));
-    if (!plaintext )
-    {
-        sts = ENOMEM;
-        goto error;
-    }
-
-    memcpy(cipherhmac_buf, in_hmacbuf, in_hmacbuf_len);
-    memcpy(cipherhmac_buf + in_hmacbuf_len, in_ciphertext, in_ciphertext_len);
-
-    /* Save the HMAC-SHA1 verifier from client */
-    memcpy(hmac, cipherhmac_buf, SRP_SHA1_HMAC_BUFSIZ);
-
-    srp_print_hex(hmac,
-                   SRP_SHA1_HMAC_BUFSIZ,
-                   "srp_decrypt_aes256_hmac_sha1: client hmac");
-
-    /* Perform hmac-sha validation over the ciphertext */
-    ciphertext_start = cipherhmac_buf + SRP_SHA1_HMAC_BUFSIZ;
-    if (!srp_compute_hmac(
-         srp_context_handle->hmac_ctx,
-         ciphertext_start,
-         ciphertext_len,
-         hmac_computed,
-         &hmac_computed_len))
-    {
-        sts = EINVAL;
-        goto error;
-    }
-
-    /* Verify computed verifier matches client verifier */
-    if (hmac_computed_len != SRP_SHA1_HMAC_BUFSIZ ||
-        memcmp(hmac, hmac_computed, hmac_computed_len) != 0)
-    {
-        srp_print_hex(hmac_computed,
-                       SRP_SHA1_HMAC_BUFSIZ,
-                       "srp_decrypt_aes256_hmac_sha1: ERROR computed hmac");
-        /* verifier failed, return error */
-        sts = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /* This is the full ciphertext, which can then be decrypted. */
-    AES_cbc_encrypt(ciphertext_start,
-                    plaintext,
-                    ciphertext_len,
-                    &srp_context_handle->aes_decrypt_key,
-                    srp_context_handle->aes_decrypt_iv,
-                    AES_DECRYPT);
-
-    memcpy(ret_plaintext, plaintext, ciphertext_len);
-
-error:
-    if (plaintext)
-    {
-        free(plaintext);
-    }
-    if (cipherhmac_buf)
-    {
-        free(cipherhmac_buf);
-    }
-    return sts;
-}
-
-#ifdef _SRP_USE_TRIVIAL_ENCRYPTION
-
-/* Straw-man trivial encryption function */
-void xor_encrypt(
-    unsigned char *plaintext,
-    int plaintext_len,
-    const unsigned char *key,
-    int keylen)
-{
-    int i = 0;
-    int k = 0;
-
-    for (i=0; i<plaintext_len; i++)
-    {
-        plaintext[i] ^= key[k++];
-        k %= keylen;
-    }
-    return;
-}
-
-unsigned char *xor_get_encrypt_key(int *len)
-{
-    static char *g_key = "!)@(#*%&^dEadBeEf~!@#$%^&*()_+";
-    *len = strlen(g_key);
-
-    return (unsigned char *) g_key;
-}
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_encrypt.h b/lwraft/gssapi-plugins/unix/unix_encrypt.h
deleted file mode 100644
index 9f30bacae..000000000
--- a/lwraft/gssapi-plugins/unix/unix_encrypt.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_encrypt.h
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     srp_encrypt.c include file
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#ifndef _SRP_ENCRYPT_H_
-#define _SRP_ENCRYPT_H_
-
-#include <krb5.h>
-#include "gssapiP_unix.h"
-
-/*
- * Straw-man trivial encryption functionality: _SRP_USE_TRIVIAL_ENCRYPTION
- *
- * To enable this debugging "feature", add -D_SRP_USE_TRIVIAL_ENCRYPTION
- * to your makefile/vcproj.
- *  !!!!!!!!!!!!! DO NOT USE THIS IN PRODUCTION !!!!!!!!!!!!!!
- */
-
-#define AES256PAD(len) \
-    ((len) + (((len%AES_BLOCK_SIZE) > 0) ? \
-     (AES_BLOCK_SIZE - (len) % AES_BLOCK_SIZE) : 0))
-
-// #define SRP_ENC_KEYTYPE ENCTYPE_AES256_CTS_HMAC_SHA1_96
-#define SRP_ENC_KEYTYPE "aes256-cts-hmac-sha1-96"
-
-#define SRP_EXPAND_KEY_LEN  64
-#define SRP_EXPAND_SESSION_KEY_LEN  32
-#define SRP_EXPAND_HMAC_KEY 16
-#define SRP_EXPAND_KEY_ITER 128
-#define SRP_EXPAND_KEY_HASH EVP_sha1()
-#define SRP_SHA1_HMAC_BUFSIZ 20
-#define SRP_MECH_OID_OFFSET 16
-
-krb5_error_code
-srp_gen_keyblock(
-    krb5_context krb_ctx,
-    char *enc_keytype,
-    char *pass,
-    char *salt,
-    krb5_keyblock *key);
-
-krb5_error_code
-srp_make_enc_keyblock(
-    srp_gss_ctx_id_t srp_context_handle);
-
-int
-srp_encrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *plaintext,
-    int plaintext_len,
-    unsigned char *out_ciphertext,
-    unsigned char **out_hmacbuf,
-    int *out_hmacbuf_len);
-
-int
-srp_decrypt_aes256_hmac_sha1(
-    srp_gss_ctx_id_t srp_context_handle,
-    unsigned char *in_hmacbuf,
-    int in_hmacbuf_len,
-    unsigned char *in_ciphertext,
-    int in_ciphertext_len,
-    unsigned char *ret_plaintext);
-
-#ifdef _SRP_USE_TRIVIAL_ENCRYPTION
-void xor_encrypt(
-    unsigned char *plaintext,
-    int plaintext_len,
-    const unsigned char *key,
-    int keylen);
-
-unsigned char *xor_get_encrypt_key(int *len);
-
-#endif /* _SRP_USE_TRIVIAL_ENCRYPTION */
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_init_sec_ctx.c b/lwraft/gssapi-plugins/unix/unix_init_sec_ctx.c
deleted file mode 100644
index 57843773d..000000000
--- a/lwraft/gssapi-plugins/unix/unix_init_sec_ctx.c
+++ /dev/null
@@ -1,934 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_init_sec_ctx.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP initialize security context
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "unix_mglueP.h"
-#include "unix_encrypt.h"
-#include "unix_util.h"
-#include <krb5.h>
-#include "gssapiP_unix.h"
-#include "gssapi/gssapi_krb5.h"
-#include "gssapi_alloc.h"
-#include <lber.h>
-#include <csrp/srp.h>
-#include <ctype.h>
-
-#ifndef _WIN32
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-#ifndef __USE_GNU
-#define __USE_GNU
-#endif
-#ifndef __MACH__
-#include <crypt.h>
-#endif
-#endif
-
-static OM_uint32
-__srp_ber_flatten_output_token(
-    OM_uint32 *minor_status,
-    BerElement *ber,
-    int ber_len,
-    gss_buffer_t asn1_oid,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    OM_uint32 output_token_len = 0;
-    gss_buffer_desc output_token_mem = {0};
-    unsigned char *ptr = NULL;
-    int berror = 0;
-    struct berval *flatten = NULL;
-
-    berror = ber_flatten(ber, &flatten);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    output_token_len = (OM_uint32) (asn1_oid->length + ber_len);
-    output_token_mem.value = gssalloc_malloc(output_token_len);
-    if (!output_token_mem.value)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memset(output_token_mem.value, 0, output_token_len);
-
-    output_token_mem.length = output_token_len;
-    ptr = output_token_mem.value;
-
-    memcpy(ptr, asn1_oid->value, asn1_oid->length);
-    ptr += asn1_oid->length;
-
-    memcpy(ptr, flatten->bv_val, flatten->bv_len);
-    ptr += ber_len;
-
-    /* output_token now owns the memory in output_token_mem */
-    *output_token = output_token_mem;
-    memset(&output_token_mem, 0, sizeof(output_token_mem));
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-        if (output_token_mem.value)
-        {
-            gssalloc_free(output_token_mem.value);
-        }
-    }
-    if (flatten)
-    {
-        ber_bvfree(flatten);
-    }
-    return major;
-}
-
-/*
- * Format request with this data:
- *   major : minor protocol verion
- *   username
- *
- * Expected reply:
- *   UNIX salt value from remote system's /etc/shadow file
- *
- *
- * Errors:
- *   User does not exist
- */
-static
-OM_uint32
-_unix_gss_make_auth_init_output_token(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    gss_name_t auth_name,
-    srp_gss_ctx_id_t srp_context_handle,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    BerElement *ber = NULL;
-    int ber_len = 0;
-    int berror = 0;
-    gss_buffer_desc asn1_srp_oid = {0};
-    gss_buffer_desc auth_name_buf = {0};
-    char *username_str = NULL;
-    ber_int_t gss_srp_version_maj = 1;
-    ber_int_t gss_srp_version_min = 0;
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = srp_asn1_encode_mech_oid_token(
-                &minor,
-                srp_mech_oid,
-                &asn1_srp_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-
-    major = gss_display_name(&minor, auth_name, &auth_name_buf, NULL);
-    if (major)
-    {
-        goto error;
-    }
-
-    username_str = calloc(auth_name_buf.length+1, sizeof(char));
-    if (!username_str)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* This is a '\0' terminated string */
-    memcpy(username_str, auth_name_buf.value, auth_name_buf.length);
-    srp_context_handle->unix_username = username_str;
-    username_str = NULL;
-
-    /*
-     * ASN.1 encode the following data:
-     * |- GSS_SRP_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_SRP_OID -|-SRP_INIT(1)-|-VerMaj-|-VerMin-|-username-
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-    berror = ber_printf(ber, "t{ii",
-                  (ber_tag_t) SRP_AUTH_INIT,
-                  gss_srp_version_maj,
-                  gss_srp_version_min);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ber_len += berror;
-
-    berror = ber_printf(ber, "o}",
-                  (char *) srp_context_handle->unix_username,
-                  (ber_len_t) auth_name_buf.length);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ber_len += berror;
-
-    major = __srp_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_srp_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-    if (username_str)
-    {
-        free(username_str);
-    }
-    if (asn1_srp_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_srp_oid);
-    }
-    if (auth_name_buf.value)
-    {
-        gss_release_buffer(&minor, &auth_name_buf);
-    }
-    ber_free(ber, 1);
-    return major;   
-}
-
-/*
- * Carol → Steve: I and A = g**a
- */
-static
-OM_uint32
-_srp_gss_make_auth_init_output_token(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    gss_buffer_t auth_password,
-    srp_gss_ctx_id_t srp_context_handle,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    struct crypt_data *cryptbuf_ptr = NULL;
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    gss_buffer_desc asn1_srp_oid = {0};
-    gss_buffer_t username = NULL;
-    BerElement *ber = NULL;
-    BerElement *ber_input = NULL;
-    int ber_len = 0;
-    int berror = 0;
-    char *password = NULL;
-    char *user_salt = NULL;
-    char *client_sp_hash = NULL;
-    struct SRPUser *usr = NULL;
-    const char *srp_auth_user = NULL;
-    const unsigned char *srp_bytes_A = NULL;
-    int srp_bytes_A_len = 0;
-    SRP_NGType ng_type = SRP_NG_2048;
-    ber_tag_t ber_state = 0;
-    struct berval ber_in_tok = {0};
-    struct berval *ber_user_salt = NULL;
-
-    ber_in_tok.bv_len = input_token->length;
-    ber_in_tok.bv_val = input_token->value;
-    ber_input = ber_init(&ber_in_tok);
-    if (!ber_input)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    berror = ber_scanf(ber_input, "t{O}", &ber_state, &ber_user_salt);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    if (ber_state != SRP_UNIX_SALT_RESPONSE)
-    {
-        /* This is a serious protocol sequencing error */
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    user_salt = calloc(ber_user_salt->bv_len + 1, sizeof(char));
-    if (!user_salt)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    memcpy(user_salt, ber_user_salt->bv_val, ber_user_salt->bv_len);
-
-    major = srp_asn1_encode_mech_oid_token(
-                &minor,
-                srp_mech_oid,
-                &asn1_srp_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* The caller constructs this as a '\0' terminated string */
-    password = auth_password->value;
-
-    cryptbuf_ptr = calloc(1, sizeof(struct crypt_data));
-    if (!cryptbuf_ptr)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("calling crypt_r: pass='%s' salt='%s'\n",
-                     "CENSORED", user_salt);
-    client_sp_hash = crypt_r(password, user_salt, cryptbuf_ptr);
-    if (!client_sp_hash || !*client_sp_hash || strlen(client_sp_hash) < 3)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    srp_debug_printf("crypt_r: computed hash = %s\n", client_sp_hash);
-
-    usr = srp_user_new(SRP_SHA1, ng_type,
-                         srp_context_handle->unix_username,
-                         (const unsigned char *) client_sp_hash,
-                         (int) strlen(client_sp_hash), NULL, NULL);
-    if (!usr)
-    {
-        srp_debug_printf("srp_user_new: failed!\n");
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-
-    /* Used in generating Kerberos keyblock salt value */
-    srp_context_handle->upn_name = strdup(srp_context_handle->unix_username);
-    if (!srp_context_handle->upn_name)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* User -> Host: (username, bytes_A) */
-    srp_user_start_authentication(usr,
-                                  &srp_auth_user,
-                                  &srp_bytes_A,
-                                  &srp_bytes_A_len);
-    if (!srp_auth_user || !srp_bytes_A || srp_bytes_A_len == 0)
-    {
-        srp_debug_printf("srp_user_start_authentication: failed!\n");
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-
-    srp_print_hex(srp_bytes_A, srp_bytes_A_len,
-                  "_srp_gss_make_auth_init_output_token(init_sec_context): bytes_A");
-    /*
-     * ASN.1 encode the following data:
-     * |- GSS_SRP_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_SRP_OID -|-SRP_INIT(1)-|-VerMaj-|-VerMin-|-UPN(octet string)-|-SRP-bytes_A-|
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-
-    berror = ber_printf(ber, "t{o}",
-                  (ber_tag_t) SRP_UNIX_SALT_RESPONSE,
-                  srp_bytes_A,
-                  (ber_len_t) srp_bytes_A_len);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    ber_len += berror;
-
-    major = __srp_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_srp_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* Save the srp_user_new() context in the srp_gss_ctx... handle */
-    srp_context_handle->srp_usr = usr;
-    usr = NULL;
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-    else
-    {
-        major = GSS_S_CONTINUE_NEEDED;
-    }
-    if (username)
-    {
-        gss_release_buffer(&minor, username);
-    }
-    if (asn1_srp_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_srp_oid);
-    }
-    if (cryptbuf_ptr)
-    {
-        free(cryptbuf_ptr);
-    }
-    if (user_salt)
-    {
-        free(user_salt);
-    }
-    if (usr)
-    {
-        srp_user_delete(usr);
-    }
-
-    ber_bvfree(ber_user_salt);
-    ber_free(ber, 1);
-    ber_free(ber_input, 1);
-    return major;
-}
-
-static
-OM_uint32
-_srp_auth_salt_resp(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    ber_tag_t ber_state = 0;
-    struct berval ber_in_tok = {0};
-    BerElement *ber_resp = NULL;
-    ber_tag_t berror = 0;
-    struct berval *ber_mda = NULL;
-    struct berval *ber_salt = NULL;
-    struct berval *ber_B = NULL;
-    const unsigned char *srp_bytes_M = NULL;
-    int srp_bytes_M_len = 0;
-    int srp_session_key_len = 0;
-    gss_buffer_desc asn1_srp_oid = {0};
-    BerElement *ber = NULL;
-    int ber_len = 0;
-    const unsigned char *srp_session_key = NULL;
-
-    ber_in_tok.bv_len = input_token->length;
-    ber_in_tok.bv_val = input_token->value;
-    ber_resp = ber_init(&ber_in_tok);
-    berror = ber_scanf(ber_resp, "t{OOO}",
-                 &ber_state, &ber_mda, &ber_salt, &ber_B);
-    if (berror == LBER_ERROR)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(ber_salt->bv_val, (int) ber_salt->bv_len,
-                  "_srp_auth_salt_resp(init_sec_context): salt");
-    srp_print_hex(ber_B->bv_val, (int) ber_B->bv_len,
-                  "_srp_auth_salt_resp(init_sec_context): bytes_B");
-
-    /* Consistency check, this must match state */
-    if ((int) ber_state != state)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-    srp_user_process_challenge(srp_context_handle->srp_usr,
-                               ber_salt->bv_val, (int) ber_salt->bv_len,
-                               ber_B->bv_val, (int) ber_B->bv_len,
-                               &srp_bytes_M, &srp_bytes_M_len);
-
-    srp_session_key = srp_user_get_session_key(
-                          srp_context_handle->srp_usr,
-                          &srp_session_key_len);
-    if (srp_session_key && srp_session_key_len > 0)
-    {
-        srp_context_handle->srp_session_key =
-            calloc(srp_session_key_len, sizeof(unsigned char));
-        if (!srp_context_handle->srp_session_key)
-        {
-            minor = ENOMEM;
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        memcpy(srp_context_handle->srp_session_key,
-               srp_session_key,
-               srp_session_key_len);
-        srp_context_handle->srp_session_key_len = srp_session_key_len;
-
-        srp_print_hex(srp_context_handle->srp_session_key,
-                      srp_context_handle->srp_session_key_len,
-                      "_srp_auth_salt_resp(init_sec_ctx) got session key");
-    }
-
-
-    ber = ber_alloc_t(LBER_USE_DER);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = srp_asn1_encode_mech_oid_token(
-                &minor,
-                srp_mech_oid,
-                &asn1_srp_oid);
-    if (major)
-    {
-        goto error;
-    }
-
-    /* ASN.1 encode the following data:
-     * |- GSS_SRP_OID -|-State TAG-|-State Data 1-|-...-|-State Data N-|
-     * |- GSS_SRP_OID -|-SRP_AUTH_CLIENT_VALIDATE(1)-|-SRP-bytes_A-|
-     * Note: Use octet string for upn_string; o is octet string, i is length
-     *       describing string length to ASN.1 encoder.
-     */
-    srp_print_hex(srp_bytes_M, srp_bytes_M_len,
-                  "_srp_auth_salt_resp(init_sec_ctx) sending bytes_M");
-
-    berror = ber_printf(ber, "t{o}",
-                  (ber_tag_t) SRP_AUTH_CLIENT_VALIDATE,
-                  srp_bytes_M,
-                  (ber_len_t) srp_bytes_M_len);
-
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        return(EXIT_FAILURE);
-    }
-    ber_len = berror;
-
-    major = __srp_ber_flatten_output_token(
-                &minor,
-                ber,
-                ber_len,
-                &asn1_srp_oid,
-                output_token);
-    if (major)
-    {
-        goto error;
-    }
-
-error:
-    if (major)
-    {
-        *minor_status = minor;
-    }
-
-    if (ber_mda)
-    {
-        ber_bvfree(ber_mda);
-    }
-    if (ber_salt)
-    {
-        ber_bvfree(ber_salt);
-    }
-    if (ber_B)
-    {
-        ber_bvfree(ber_B);
-    }
-    if (asn1_srp_oid.value)
-    {
-        gss_release_buffer(&minor, &asn1_srp_oid);
-    }
-    ber_free(ber_resp, 1);
-    ber_free(ber, 1);
-
-    return major;
-}
-
-
-static
-OM_uint32
-_srp_auth_server_validate(
-    OM_uint32 *minor_status,
-    gss_OID srp_mech_oid,
-    srp_gss_ctx_id_t srp_context_handle,
-    int state,
-    gss_buffer_t input_token,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    int berror = 0;
-    ber_tag_t ber_state = 0;
-    BerElement *ber = NULL;
-    struct berval *ber_srp_bytes_HAMK = NULL;
-    struct berval ber_ctx = {0};
-
-    ber_ctx.bv_val = (void *) input_token->value;
-    ber_ctx.bv_len = input_token->length;
-    ber = ber_init(&ber_ctx);
-    if (!ber)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_debug_printf("_srp_auth_server_validate(): "
-                     "state=SRP_AUTH_CLIENT_VALIDATE\n");
-
-    /*
-     * ASN.1 decode the "HAMK" server mutual auth token
-     */
-    berror = ber_scanf(ber, "t{O}", &ber_state, &ber_srp_bytes_HAMK);
-    if (berror == -1)
-    {
-        major = GSS_S_FAILURE;
-        minor = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /*
-     * This is mostly impossible, as state IS the "t" field.
-     * More a double check for proper decoding.
-     */
-    if ((int) ber_state != state || ber_srp_bytes_HAMK->bv_len == 0)
-    {
-        if (ber_srp_bytes_HAMK->bv_len == 0)
-        {
-            /*
-             * Server sent an empty HAMK token, which indicates
-             * SRP password authentication failed.
-             */
-            minor = KRB5KRB_AP_ERR_MUT_FAIL;
-        }
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_print_hex(
-        ber_srp_bytes_HAMK->bv_val,
-        (int) ber_srp_bytes_HAMK->bv_len,
-        "_srp_auth_server_validate(accept_sec_ctx) received ber_srp_bytes_HAMK");
-
-    srp_user_verify_session(
-        srp_context_handle->srp_usr,
-        ber_srp_bytes_HAMK->bv_val);
-    if (!srp_user_is_authenticated(srp_context_handle->srp_usr))
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-
-error:
-
-    /* Free a bunch of stuff ... */
-    if (ber_srp_bytes_HAMK)
-    {
-        ber_bvfree(ber_srp_bytes_HAMK);
-    }
-
-
-    ber_free(ber, 1);
-    if (major)
-    {
-        if (minor)
-        {
-            *minor_status = minor;
-        }
-    }
-
-    return major;
-}
-
-
-/*
- * Message format for generated output token (state dependent)
- * |- ASN.1 SRP OID -|- state -|- data -|- ... -|
- *
- *
- * SRP_AUTH_INIT: | ASN.1 SRP OID | SRP_AUTH_INIT (byte) | UPN (type GSS_KRB5_NT_PRINCIPAL_NAME) |
- *
- */
-OM_uint32
-unix_gss_init_sec_context(
-    OM_uint32 *minor_status,
-    gss_cred_id_t claimant_cred_handle,
-    gss_ctx_id_t *context_handle,
-    gss_name_t target_name,
-    gss_OID mech_type,
-    OM_uint32 req_flags,
-    OM_uint32 time_req,
-    gss_channel_bindings_t input_chan_bindings,
-    gss_buffer_t input_token,
-    gss_OID *actual_mech,
-    gss_buffer_t output_token,
-    OM_uint32 *ret_flags,
-    OM_uint32 *time_rec)
-{
-    /*
-     * send_token is used to indicate in later steps
-     * what type of token, if any should be sent or processed.
-     * NO_TOKEN_SEND = no token should be sent
-     * INIT_TOKEN_SEND = initial token will be sent
-     * CONT_TOKEN_SEND = continuing tokens to be sent
-     * CHECK_MIC = no token to be sent, but have a MIC to check.
-     */
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    unsigned char *ptr = NULL;
-    OM_uint32 state = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    srp_gss_ctx_id_t srp_context_handle = NULL;
-    gss_buffer_desc output_token_mem = {0};
-    krb5_error_code krb5_err = 0;
-    gss_OID srp_mech_oid = {0};
-
-    dsyslog("Entering init_sec_context\n");
-
-    if (!claimant_cred_handle || !context_handle)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    srp_cred = (srp_gss_cred_id_t) claimant_cred_handle;
-    if (!srp_cred || !srp_cred->password || !srp_cred->srp_mech_oid)
-    {
-        major = GSS_S_UNAVAILABLE;
-        goto error;
-    }
-    srp_mech_oid = srp_cred->srp_mech_oid;
-
-    /* First call to init_sec_context; allocate new context */
-    if (*context_handle == GSS_C_NO_CONTEXT)
-    {
-        state = SRP_AUTH_INIT;
-        srp_debug_printf("unix_gss_init_sec_context: state=SRP_AUTH_INIT\n");
-        srp_context_handle =
-            (srp_gss_ctx_id_t) calloc(1, sizeof(srp_gss_ctx_id_rec));
-        if (!srp_context_handle)
-        {
-            minor = ENOMEM;
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        memset(srp_context_handle, 0, sizeof(srp_gss_ctx_id_rec));
-
-        srp_context_handle->magic_num = SRP_MAGIC_ID;
-        srp_context_handle->state     = state;
-        srp_context_handle->cred      = srp_cred;
-
-        /* Needed for Kerberos AES256-SHA1 keyblock generation */
-        krb5_err = krb5_init_context(&srp_context_handle->krb5_ctx);
-        if (krb5_err)
-        {
-            major = GSS_S_FAILURE;
-            minor = krb5_err;
-            goto error;
-        }
-
-        major = _unix_gss_make_auth_init_output_token(
-                    &minor,
-                    srp_mech_oid,
-                    srp_cred->name,
-                    srp_context_handle,
-                    &output_token_mem);
-
-        if (major)
-        {
-            goto error;
-        }
-        srp_context_handle->state = SRP_UNIX_SALT_RESPONSE;
-        *context_handle = (gss_ctx_id_t) srp_context_handle;
-        srp_context_handle = NULL;
-        major = GSS_S_CONTINUE_NEEDED;
-    }
-    else
-    {
-        srp_context_handle = (srp_gss_ctx_id_t) *context_handle;
-        if (!input_token)
-        {
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-        ptr = input_token->value;
-
-        /* Verify state machine is consistent with expected state */
-        state = SRP_AUTH_STATE_VALUE(ptr[0]);
-        if (state != srp_context_handle->state)
-        {
-            major = GSS_S_FAILURE;
-            goto error;
-        }
-
-        srp_context_handle->state = state;
-        switch (srp_context_handle->state)
-        {
-          case SRP_UNIX_SALT_RESPONSE:
-            major = _srp_gss_make_auth_init_output_token(
-                        &minor,
-                        srp_mech_oid,
-                        srp_cred->password,
-                        srp_context_handle,
-                        input_token,
-                        &output_token_mem);
-            if (major != GSS_S_CONTINUE_NEEDED)
-            {
-                goto error;
-            }
-
-            srp_context_handle->state = SRP_AUTH_SALT_RESP;
-            break;
-
-          case SRP_AUTH_SALT_RESP:
-            srp_debug_printf("unix_gss_init_sec_context: "
-                             "state=SRP_AUTH_SALT_RESP\n");
-            major = _srp_auth_salt_resp(
-                         &minor,
-                         srp_mech_oid,
-                         srp_context_handle,
-                         srp_context_handle->state,
-                         input_token,
-                         &output_token_mem);
-            if (major)
-            {
-                goto error;
-            }
-
-            srp_context_handle->state = SRP_AUTH_SERVER_VALIDATE;
-            major = GSS_S_CONTINUE_NEEDED;
-            break;
-
-          case SRP_AUTH_SERVER_VALIDATE:
-            srp_debug_printf("unix_gss_init_sec_context: "
-                             "state=SRP_AUTH_SERVER_VALIDATE\n");
-            major = _srp_auth_server_validate(
-                         &minor,
-                         srp_mech_oid,
-                         srp_context_handle,
-                         srp_context_handle->state,
-                         input_token,
-                         &output_token_mem);
-            if (major)
-            {
-                srp_debug_printf("unix_gss_init_sec_context: "
-                                 "state=SRP_AUTH_FAILED!!!\n");
-                srp_context_handle->state = SRP_AUTH_FAILED;
-                major = GSS_S_FAILURE;
-            }
-            else
-            {
-                srp_debug_printf("unix_gss_init_sec_context: "
-                                 "state=SRP_AUTH_COMPLETE!!!\n");
-                srp_context_handle->state = SRP_AUTH_COMPLETE;
-                memset(&output_token_mem, 0, sizeof(output_token_mem));
-                major = GSS_S_COMPLETE;
-            }
-            break;
-
-          case SRP_AUTH_COMPLETE:
-            major = GSS_S_COMPLETE;
-          break;
-
-          case SRP_AUTH_FAILED:
-            srp_debug_printf("unix_gss_init_sec_context: "
-                             "state=SRP_AUTH_FAILED!!!\n");
-            major = GSS_S_FAILURE;
-          break;
-
-          default:
-            srp_debug_printf("unix_gss_init_sec_context: "
-                             "state=UNKNOWN!!!\n");
-            major = GSS_S_FAILURE;
-            break;
-        }
-    }
-
-    *output_token = output_token_mem;
-
-    if (major == GSS_S_COMPLETE)
-    {
-        krb5_err = srp_make_enc_keyblock(srp_context_handle);
-        if (krb5_err)
-        {
-            major = GSS_S_FAILURE;
-            minor = krb5_err;
-            goto error;
-        }
-        if (actual_mech)
-        {
-            *actual_mech = srp_mech_oid;
-        }
-    }
-    else if (major == GSS_S_CONTINUE_NEEDED && actual_mech)
-    {
-        *actual_mech = srp_mech_oid;
-    }
-
-error:
-
-    /* Free a bunch of stuff ... */
-    if (major)
-    {
-        if (minor)
-        {
-            *minor_status = minor;
-        }
-    }
-
-    return major;
-} /* init_sec_context */
diff --git a/lwraft/gssapi-plugins/unix/unix_main.c b/lwraft/gssapi-plugins/unix/unix_main.c
deleted file mode 100644
index 350210f9b..000000000
--- a/lwraft/gssapi-plugins/unix/unix_main.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <includes.h>
-#include <pthread.h>
-#include <openssl/ssl.h>
-
-/*
- * OpenSSL locking code needed for only Win32 because the
- * static OpenSSL library is linked into vmdir. The existing
- * locks created by vmdir are not shared into plugins, making
- * this additional logic necessary.
- */
-static pthread_mutex_t *g_mutexes;
-static int g_max_locks;
-
-static void srp_gss_locking_cb(
-    int mode,
-    int type,
-    const char *file,
-    int line)
-{
-    if (!g_mutexes ||
-        (type < 0 || type > g_max_locks))
-    {
-        return;
-    }
-    if (mode & CRYPTO_LOCK)
-    {
-        pthread_mutex_lock(&g_mutexes[type]);
-    }
-    else
-    {
-        pthread_mutex_unlock(&g_mutexes[type]);
-    }
-}
-
-static unsigned long srp_gss_thread_self(void)
-{
-    return (unsigned long) ((size_t) pthread_self().p);
-}
-
-static BOOL srp_gss_init(void)
-{
-    pthread_mutex_t *mutexes = NULL;
-    int n_locks = 0;
-    int i = 0;
-
-    n_locks = CRYPTO_num_locks();
-    if (n_locks <= 0)
-    {
-        return 0;
-    }
-    mutexes = (pthread_mutex_t *) calloc(n_locks, sizeof(pthread_mutex_t));
-    if (!mutexes)
-    {
-        return 0;
-    }
-    for (i=0; i<n_locks; i++)
-    {
-        pthread_mutex_init(&mutexes[i], NULL);
-    }
-    g_mutexes = mutexes;
-    g_max_locks = n_locks;
-    CRYPTO_set_locking_callback(srp_gss_locking_cb);
-    CRYPTO_set_id_callback(srp_gss_thread_self);
-    return 1;
-}
-
-static BOOL srp_gss_destroy(void)
-{
-    int i = 0;
-
-    if (g_mutexes)
-    {
-        for (i=0; i<g_max_locks; i++)
-        {
-            pthread_mutex_destroy(&g_mutexes[i]);
-        }
-        free(g_mutexes);
-        g_mutexes = NULL;
-    }
-    return 1;
-}
-
-BOOL __stdcall DllMain( HANDLE hModule,
-                       DWORD  ul_reason_for_call,
-                       LPVOID lpReserved
-                     )
-{
-    BOOL result = TRUE;
-
-    switch (ul_reason_for_call)
-    {
-        case DLL_PROCESS_ATTACH:
-            result = srp_gss_init();
-            break;
-        case DLL_THREAD_ATTACH:
-            break;
-        case DLL_THREAD_DETACH:
-            break;
-        case DLL_PROCESS_DETACH:
-            srp_gss_destroy();
-            break;
-    }
-    return result;
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_mech.c b/lwraft/gssapi-plugins/unix/unix_mech.c
deleted file mode 100644
index 385ba8ba1..000000000
--- a/lwraft/gssapi-plugins/unix/unix_mech.c
+++ /dev/null
@@ -1,905 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Module: srp_mech.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP Plugin mechanism function table
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include	<stdio.h>
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
-
-
-#include	<krb5.h>
-#include "unix_util.h"
-#include "includes.h"
-#include "gssapi_alloc.h"
-
-
-/* Copy of GSSAPI plugin struct gss_config structure */
-#include "unix_mglueP.h"
-#include "gssapiP_unix.h"
-
-
-
-#undef g_token_size
-
-#define HARD_ERROR(v) ((v) != GSS_S_COMPLETE && (v) != GSS_S_CONTINUE_NEEDED)
-typedef const gss_OID_desc *gss_OID_const;
-
-static srp_token_t make_srp_token(char *);
-static gss_buffer_desc make_err_msg(char *);
-
-
-
-/* SRP oid structure */
-static const gss_OID_desc srp_gss_oid_array[] = {
-    {GSS_SRP_MECH_OID_LENGTH, GSS_SRP_MECH_OID},
-    {GSSAPI_SRP_MECH_OID_LENGTH, GSSAPI_SRP_MECH_OID},
-
-    /* 2.1.1. Kerberos Principal Name Form:  (rfc 1964)
-     * This name form shall be represented by the Object Identifier {iso(1)
-     * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
-     * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
-     * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-    {10, "\052\206\110\206\367\022\001\002\002\001"},
-
-    /* 1.3.6.1.4.1.27433.3.1: NTLM OID, stolen from NTLM*/
-    {GSS_CRED_OPT_PW_LEN, GSS_CRED_OPT_PW},
-
-    /* 1.3.6.1.4.1.6876.11711.2.1.1.1: SRP cred option pwd OID */
-    {GSSAPI_SRP_CRED_OPT_PW_LEN, GSSAPI_SRP_CRED_OPT_PW},
-
-    {GSSAPI_UNIX_MECH_OID_LENGTH, GSSAPI_UNIX_MECH_OID},
-
-    /* 1.3.6.1.4.1.6876.11711.2.1.2.1: UNIX cred option pwd OID */
-    {GSSAPI_UNIX_CRED_OPT_PW_LEN, GSSAPI_UNIX_CRED_OPT_PW},
-};
-
-const gss_OID_desc * const gss_mech_srp_oid           = srp_gss_oid_array+0;
-const gss_OID_desc * const gss_mech_gssapi_srp_oid    = srp_gss_oid_array+1;
-const gss_OID_desc * const gss_nt_srp_name_oid        = srp_gss_oid_array+2;
-const gss_OID_desc * const gss_srp_password_oid       = srp_gss_oid_array+3;
-const gss_OID_desc * const gss_srp_cred_opt_pw_oid    = srp_gss_oid_array+4;
-const gss_OID_desc * const gss_mech_gssapi_unix_oid   = srp_gss_oid_array+5;
-const gss_OID_desc * const gss_unix_cred_opt_pw_oid   = srp_gss_oid_array+6;
-
-int gss_srpint_lib_init(void)
-{
-#ifdef _GSS_STATIC_LINK
-	return gss_srpmechglue_init();
-#else
-	return 0;
-#endif
-}
-
-void gss_srpint_lib_fini(void)
-{
-}
-
-
-
-/*
- * NegHints ::= SEQUENCE {
- *    hintName       [0]  GeneralString      OPTIONAL,
- *    hintAddress    [1]  OCTET STRING       OPTIONAL
- * }
- */
-
-#define HOST_PREFIX	"host@"
-#define HOST_PREFIX_LEN	(sizeof(HOST_PREFIX) - 1)
-
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_display_status(
-		OM_uint32 *minor_status,
-		OM_uint32 status_value,
-		int status_type,
-		gss_OID mech_type,
-		OM_uint32 *message_context,
-		gss_buffer_t status_string)
-{
-	dsyslog("Entering display_status\n");
-
-	*message_context = 0;
-	switch (status_value) {
-	    case ERR_SRP_NO_MECHS_AVAILABLE:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP cannot find mechanisms to negotiate");
-		break;
-	    case ERR_SRP_NO_CREDS_ACQUIRED:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP failed to acquire creds");
-		break;
-	    case ERR_SRP_NO_MECH_FROM_ACCEPTOR:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP acceptor did not select a mechanism");
-		break;
-	    case ERR_SRP_NEGOTIATION_FAILED:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP failed to negotiate a mechanism");
-		break;
-	    case ERR_SRP_NO_TOKEN_FROM_ACCEPTOR:
-		/* CSTYLED */
-		*status_string = make_err_msg("SRP acceptor did not return a valid token");
-		break;
-	    default:
-		status_string->length = 0;
-		status_string->value = "";
-		break;
-	}
-
-	dsyslog("Leaving display_status\n");
-	return (GSS_S_COMPLETE);
-}
-
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_import_name(
-		    OM_uint32 *minor_status,
-		    gss_buffer_t input_name_buffer,
-		    gss_OID input_name_type,
-		    gss_name_t *output_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering import_name\n");
-
-	status = gss_import_name(minor_status, input_name_buffer,
-			input_name_type, output_name);
-
-	dsyslog("Leaving import_name\n");
-	return (status);
-}
-
-OM_uint32
-srp_gss_export_name(
-    OM_uint32 *minor_status,
-    const gss_name_t input_name,
-    gss_buffer_t exported_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering import_name\n");
-
-	status = gss_export_name(minor_status, input_name,
-			exported_name);
-
-	dsyslog("Leaving import_name\n");
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_release_name(
-			OM_uint32 *minor_status,
-			gss_name_t *input_name)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering release_name\n");
-
-	status = gss_release_name(minor_status, input_name);
-
-	dsyslog("Leaving release_name\n");
-	return (status);
-}
-
-OM_uint32
-srp_gss_inquire_cred(
-			OM_uint32 *minor_status,
-			gss_cred_id_t cred_handle,
-			gss_name_t *name,
-			OM_uint32 *lifetime,
-			int *cred_usage,
-			gss_OID_set *mechanisms)
-{
-	OM_uint32 status = 0;
-        srp_gss_cred_id_t srp_cred_handle = NULL;
-        gss_name_t ret_name = NULL;
-
-	dsyslog("Entering inquire_cred\n");
-
-        srp_cred_handle = (srp_gss_cred_id_t) cred_handle;
-        if (srp_cred_handle && srp_cred_handle->name && name)
-        {
-            status = gss_duplicate_name(
-                         minor_status,
-                         srp_cred_handle->name,
-                         &ret_name);
-            if (status == 0)
-            {
-                *name = ret_name;
-            }
-        }
-
-	dsyslog("Leaving inquire_cred\n");
-
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_compare_name(
-			OM_uint32 *minor_status,
-			const gss_name_t name1,
-			const gss_name_t name2,
-			int *name_equal)
-{
-	OM_uint32 status = GSS_S_COMPLETE;
-	dsyslog("Entering compare_name\n");
-
-	status = gss_compare_name(minor_status, name1, name2, name_equal);
-
-	dsyslog("Leaving compare_name\n");
-	return (status);
-}
-
-/*ARGSUSED*/
-OM_uint32
-srp_gss_inquire_names_for_mech(
-				OM_uint32	*minor_status,
-				gss_OID		mechanism,
-				gss_OID_set	*name_types)
-{
-	OM_uint32   major = 0;
-	OM_uint32   minor = 0;
-
-	dsyslog("Entering inquire_names_for_mech\n");
-        if (major)
-        {
-            goto error;
-        }
-
-	dsyslog("Leaving inquire_names_for_mech\n");
-error:
-        if (major)
-        {
-            *minor_status = minor;
-        }
-	return (major);
-}
-
-OM_uint32
-srp_gss_unwrap(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t context_handle,
-		gss_buffer_t input_message_buffer,
-		gss_buffer_t output_message_buffer,
-		int *conf_state,
-		gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_unwrap(minor_status,
-			context_handle,
-			input_message_buffer,
-			output_message_buffer,
-			conf_state,
-			qop_state);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_wrap(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t context_handle,
-		int conf_req_flag,
-		gss_qop_t qop_req,
-		gss_buffer_t input_message_buffer,
-		int *conf_state,
-		gss_buffer_t output_message_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_wrap(minor_status,
-		    context_handle,
-		    conf_req_flag,
-		    qop_req,
-		    input_message_buffer,
-		    conf_state,
-		    output_message_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_process_context_token(
-				OM_uint32	*minor_status,
-				const gss_ctx_id_t context_handle,
-				const gss_buffer_t token_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_process_context_token(minor_status,
-					context_handle,
-					token_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_context_time(
-			OM_uint32	*minor_status,
-			const gss_ctx_id_t context_handle,
-			OM_uint32	*time_rec)
-{
-	OM_uint32 ret;
-	ret = gss_context_time(minor_status,
-			    context_handle,
-			    time_rec);
-	return (ret);
-}
-#ifndef LEAN_CLIENT
-OM_uint32
-srp_gss_export_sec_context(
-			    OM_uint32	  *minor_status,
-			    gss_ctx_id_t *context_handle,
-			    gss_buffer_t interprocess_token)
-{
-	OM_uint32 ret;
-	ret = gss_export_sec_context(minor_status,
-				    context_handle,
-				    interprocess_token);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_import_sec_context(
-	OM_uint32		*minor_status,
-	const gss_buffer_t	interprocess_token,
-	gss_ctx_id_t		*context_handle)
-{
-	OM_uint32 ret;
-	ret = gss_import_sec_context(minor_status,
-				    interprocess_token,
-				    context_handle);
-	return (ret);
-}
-#endif /* LEAN_CLIENT */
-
-OM_uint32
-srp_gss_inquire_context(
-			OM_uint32	*minor_status,
-			const gss_ctx_id_t context_handle,
-			gss_name_t	*src_name,
-			gss_name_t	*targ_name,
-			OM_uint32	*lifetime_rec,
-			gss_OID		*mech_type,
-			OM_uint32	*ctx_flags,
-			int		*locally_initiated,
-			int		*opened)
-{
-	OM_uint32 ret = GSS_S_COMPLETE;
-
-	ret = gss_inquire_context(minor_status,
-				context_handle,
-				src_name,
-				targ_name,
-				lifetime_rec,
-				NULL,
-				ctx_flags,
-				locally_initiated,
-				opened);
-
-    if (mech_type)
-        *mech_type = context_handle->mech_type;
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_wrap_size_limit(
-	OM_uint32	*minor_status,
-	const gss_ctx_id_t context_handle,
-	int		conf_req_flag,
-	gss_qop_t	qop_req,
-	OM_uint32	req_output_size,
-	OM_uint32	*max_input_size)
-{
-	OM_uint32 ret;
-	ret = gss_wrap_size_limit(minor_status,
-				context_handle,
-				conf_req_flag,
-				qop_req,
-				req_output_size,
-				max_input_size);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_get_mic(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		gss_qop_t  qop_req,
-		const gss_buffer_t message_buffer,
-		gss_buffer_t message_token)
-{
-	OM_uint32 ret;
-	ret = gss_get_mic(minor_status,
-		    context_handle,
-		    qop_req,
-		    message_buffer,
-		    message_token);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_verify_mic(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		const gss_buffer_t msg_buffer,
-		const gss_buffer_t token_buffer,
-		gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_verify_mic(minor_status,
-			    context_handle,
-			    msg_buffer,
-			    token_buffer,
-			    qop_state);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_inquire_sec_context_by_oid(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		const gss_OID desired_object,
-		gss_buffer_set_t *data_set)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_sec_context_by_oid(minor_status,
-			    context_handle,
-			    desired_object,
-			    data_set);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_inquire_cred_by_oid(
-		OM_uint32 *minor_status,
-		const gss_cred_id_t cred_handle,
-		const gss_OID desired_object,
-		gss_buffer_set_t *data_set)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_cred_by_oid(minor_status,
-				cred_handle,
-				desired_object,
-				data_set);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_set_sec_context_option(
-		OM_uint32 *minor_status,
-		gss_ctx_id_t *context_handle,
-		const gss_OID desired_object,
-		const gss_buffer_t value)
-{
-	OM_uint32 ret;
-	ret = gss_set_sec_context_option(minor_status,
-			    context_handle,
-			    desired_object,
-			    value);
-	return (ret);
-}
-
-OM_uint32
-unix_gssspi_set_cred_option(OM_uint32 *minor_status,
-                       gss_cred_id_t cred_handle,
-                       const gss_OID desired_object,
-                       const gss_buffer_t value)
-{
-    OM_uint32 ret = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-    gss_buffer_t value_buf = NULL;
-
-    srp_cred = (srp_gss_cred_id_t) *((gss_cred_id_t *) cred_handle);
-    if (desired_object->length == GSSAPI_UNIX_CRED_OPT_PW_LEN_ST &&
-         memcmp(desired_object->elements,
-                GSSAPI_UNIX_CRED_OPT_PW_ST,
-                GSSAPI_UNIX_CRED_OPT_PW_LEN_ST) == 0)
-    {
-        value_buf = gssalloc_calloc(1, sizeof(gss_buffer_desc));
-        if (!value_buf)
-        {
-            return (GSS_S_FAILURE);
-        }
-        value_buf->value = gssalloc_calloc(value->length+1, sizeof(unsigned char));
-        if (!value_buf->value)
-        {
-            return (GSS_S_FAILURE);
-        }
-
-        memcpy(value_buf->value, value->value, value->length);
-        value_buf->length = value->length;
-        srp_cred->password = value_buf;
-    }
-    else
-    {
-        ret = GSS_S_UNAVAILABLE;
-    }
-
-    return (ret);
-}
-
-OM_uint32
-srp_gss_wrap_aead(OM_uint32 *minor_status,
-		     gss_ctx_id_t context_handle,
-		     int conf_req_flag,
-		     gss_qop_t qop_req,
-		     gss_buffer_t input_assoc_buffer,
-		     gss_buffer_t input_payload_buffer,
-		     int *conf_state,
-		     gss_buffer_t output_message_buffer)
-{
-    OM_uint32 ret;
-	ret = gss_wrap_aead(minor_status,
-			    context_handle,
-			    conf_req_flag,
-			    qop_req,
-			    input_assoc_buffer,
-			    input_payload_buffer,
-			    conf_state,
-			    output_message_buffer);
-
-	return (ret);
-}
-
-OM_uint32
-srp_gss_unwrap_aead(OM_uint32 *minor_status,
-		       gss_ctx_id_t context_handle,
-		       gss_buffer_t input_message_buffer,
-		       gss_buffer_t input_assoc_buffer,
-		       gss_buffer_t output_payload_buffer,
-		       int *conf_state,
-		       gss_qop_t *qop_state)
-{
-	OM_uint32 ret;
-	ret = gss_unwrap_aead(minor_status,
-			      context_handle,
-			      input_message_buffer,
-			      input_assoc_buffer,
-			      output_payload_buffer,
-			      conf_state,
-			      qop_state);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_wrap_iov_length(OM_uint32 *minor_status,
-			   gss_ctx_id_t context_handle,
-			   int conf_req_flag,
-			   gss_qop_t qop_req,
-			   int *conf_state,
-			   gss_iov_buffer_desc *iov,
-			   int iov_count)
-{
-	OM_uint32 ret;
-	ret = gss_wrap_iov_length(minor_status,
-				  context_handle,
-				  conf_req_flag,
-				  qop_req,
-				  conf_state,
-				  iov,
-				  iov_count);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_complete_auth_token(
-		OM_uint32 *minor_status,
-		const gss_ctx_id_t context_handle,
-		gss_buffer_t input_message_buffer)
-{
-	OM_uint32 ret;
-	ret = gss_complete_auth_token(minor_status,
-				      context_handle,
-				      input_message_buffer);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
-					 const gss_cred_id_t impersonator_cred_handle,
-					 const gss_name_t desired_name,
-					 OM_uint32 time_req,
-					 const gss_OID_set desired_mechs,
-					 gss_cred_usage_t cred_usage,
-					 gss_cred_id_t *output_cred_handle,
-					 gss_OID_set *actual_mechs,
-					 OM_uint32 *time_rec)
-{
-	OM_uint32 status = 0;
-
-	dsyslog("Entering srp_gss_acquire_cred_impersonate_name\n");
-
-
-	dsyslog("Leaving srp_gss_acquire_cred_impersonate_name\n");
-	return (status);
-}
-
-OM_uint32
-srp_gss_display_name_ext(OM_uint32 *minor_status,
-			    gss_name_t name,
-			    gss_OID display_as_name_type,
-			    gss_buffer_t display_name)
-{
-	OM_uint32 ret = 0;
-	ret = gss_display_name_ext(minor_status,
-				   name,
-				   display_as_name_type,
-				   display_name);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_inquire_name(OM_uint32 *minor_status,
-			gss_name_t name,
-			int *name_is_MN,
-			gss_OID *MN_mech,
-			gss_buffer_set_t *attrs)
-{
-	OM_uint32 ret;
-	ret = gss_inquire_name(minor_status,
-			       name,
-			       name_is_MN,
-			       MN_mech,
-			       attrs);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_get_name_attribute(OM_uint32 *minor_status,
-			      gss_name_t name,
-			      gss_buffer_t attr,
-			      int *authenticated,
-			      int *complete,
-			      gss_buffer_t value,
-			      gss_buffer_t display_value,
-			      int *more)
-{
-	OM_uint32 ret;
-	ret = gss_get_name_attribute(minor_status,
-				     name,
-				     attr,
-				     authenticated,
-				     complete,
-				     value,
-				     display_value,
-				     more);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_set_name_attribute(OM_uint32 *minor_status,
-			      gss_name_t name,
-			      int complete,
-			      gss_buffer_t attr,
-			      gss_buffer_t value)
-{
-	OM_uint32 ret;
-	ret = gss_set_name_attribute(minor_status,
-				     name,
-				     complete,
-				     attr,
-				     value);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_delete_name_attribute(OM_uint32 *minor_status,
-				 gss_name_t name,
-				 gss_buffer_t attr)
-{
-	OM_uint32 ret;
-	ret = gss_delete_name_attribute(minor_status,
-					name,
-					attr);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_export_name_composite(OM_uint32 *minor_status,
-				 gss_name_t name,
-				 gss_buffer_t exp_composite_name)
-{
-	OM_uint32 ret;
-	ret = gss_export_name_composite(minor_status,
-					name,
-					exp_composite_name);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_map_name_to_any(OM_uint32 *minor_status,
-			   gss_name_t name,
-			   int authenticated,
-			   gss_buffer_t type_id,
-			   gss_any_t *output)
-{
-	OM_uint32 ret;
-	ret = gss_map_name_to_any(minor_status,
-				  name,
-				  authenticated,
-				  type_id,
-				  output);
-	return (ret);
-}
-
-OM_uint32
-srp_gss_release_any_name_mapping(OM_uint32 *minor_status,
-				    gss_name_t name,
-				    gss_buffer_t type_id,
-				    gss_any_t *input)
-{
-	OM_uint32 ret;
-	ret = gss_release_any_name_mapping(minor_status,
-					   name,
-					   type_id,
-					   input);
-	return (ret);
-}
-
-
-OM_uint32
-srp_gss_internal_release_oid(
-    OM_uint32   *minor_status,
-    gss_OID     *oid)
-{
-    OM_uint32   major_status = GSS_S_COMPLETE;
-    gss_OID tmpOid = NULL;
-
-    *minor_status = 0;
-
-    if (oid && *oid)
-    {
-    /*
-     * This function only knows how to release internal OIDs. It will
-     * return GSS_S_CONTINUE_NEEDED for any OIDs it does not recognize.
-     */
-        if (*oid == GSS_C_NT_USER_NAME)
-        {
-            /*
-             * Don't free statically allocated OIDs.
-             * This is similar to the check performed in
-             * krb5/src/lib/gssapi/krb5/rel_oid.c:
-             *   krb5_gss_internal_release_oid()
-             */
-            return major_status;
-        }
-        tmpOid = (gss_OID) *oid;
-        if (tmpOid->elements)
-        {
-            free(tmpOid->elements);
-        }
-        free(tmpOid);
-        *oid = NULL;
-    }
-    return major_status;
-}
-
-
-/* following are token creation and reading routines */
-
-/*
- * This routine compares the recieved mechset to the mechset that
- * this server can support. It looks sequentially through the mechset
- * and the first one that matches what the server can support is
- * chosen as the negotiated mechanism. If one is found, negResult
- * is set to ACCEPT_INCOMPLETE if it's the first mech, REQUEST_MIC if
- * it's not the first mech, otherwise we return NULL and negResult
- * is set to REJECT.
- *
- * NOTE: There is currently no way to specify a preference order of
- * mechanisms supported by the acceptor.
- */
-
-/*
- * the next two routines make a token buffer suitable for
- * srp_gss_display_status. These currently take the string
- * in name and place it in the token. Eventually, if
- * srp_gss_display_status returns valid error messages,
- * these routines will be changes to return the error string.
- */
-static srp_token_t
-make_srp_token(char *name)
-{
-	return (srp_token_t)strdup(name);
-}
-
-static gss_buffer_desc
-make_err_msg(char *name)
-{
-	gss_buffer_desc buffer;
-
-	if (name == NULL) {
-		buffer.length = 0;
-		buffer.value = NULL;
-	} else {
-		buffer.length = strlen(name)+1;
-		buffer.value = make_srp_token(name);
-	}
-
-	return (buffer);
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_mech.h b/lwraft/gssapi-plugins/unix/unix_mech.h
deleted file mode 100644
index f14f58e89..000000000
--- a/lwraft/gssapi-plugins/unix/unix_mech.h
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Module: srp_mech.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP Plugin mechanism function table
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#ifndef _SRP_MECH_H_
-#define _SRP_MECH_H_
-OM_uint32
-
-srp_gss_internal_release_oid(
-    OM_uint32   *minor_status,
-    gss_OID     *oid);
-
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_mech_desc.c b/lwraft/gssapi-plugins/unix/unix_mech_desc.c
deleted file mode 100644
index 5a216ede5..000000000
--- a/lwraft/gssapi-plugins/unix/unix_mech_desc.c
+++ /dev/null
@@ -1,310 +0,0 @@
-/*
- * Copyright © 2014-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Copyright (C) 2006,2008 by the Massachusetts Institute of Technology.
- * All rights reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
-
-/*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-/*
- * Copyright (c) 2006-2008, Novell, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- *   * Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *   * The copyright holder's name is not used to endorse or promote products
- *       derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * Module: srp_mech_desc_srp10.c
- * Abstract:
- *     VMware GSSAPI UNIX Authentication Plugin
- *     GSSAPI UNIX Plugin mechanism function table  
- *         (OID=1.3.6.1.4.1.6876.11711.2.1.2)
- *
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include	<stdio.h>
-#include	<stdlib.h>
-#include	<string.h>
-#include	<errno.h>
-
-
-#include	<krb5.h>
-#include        <vmdirdefines.h>
-#include "unix_util.h"
-#include "gssapi_alloc.h"
-
-
-/* Copy of GSSAPI plugin struct gss_config structure */
-#include "unix_mglueP.h"
-#include "gssapiP_unix.h"
-#include "unix_mech.h"
-
-OM_uint32
-srp_gss_indicate_mechs(
-    OM_uint32 *minor_status,
-    gss_OID_set *mech_set)
-{
-    gss_OID_set_desc *ret_mech_set = NULL;
-    gss_OID new_oid = NULL;
-    OM_uint32 major = 0;
-
-    if (minor_status)
-    {
-        *minor_status = 0;
-    }
-
-    ret_mech_set = (gss_OID_set_desc *)
-        gssalloc_calloc(1, sizeof(*ret_mech_set));
-    if (!ret_mech_set)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* Returning only the mech oids */
-    ret_mech_set->elements = (gss_OID_desc *)
-        gssalloc_calloc(1, sizeof(*ret_mech_set->elements));
-    if (!ret_mech_set->elements)
-    {
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    major = srp_gss_duplicate_oid(minor_status,
-         (gss_OID) gss_mech_gssapi_unix_oid,
-         &new_oid);
-    if (major)
-    {
-        goto error;
-    }
-    ret_mech_set->elements[0] = *new_oid, new_oid = NULL;
-    ret_mech_set->count = 1;
-    *mech_set = ret_mech_set;
-    ret_mech_set = NULL;
-
-error:
-    if (major)
-    {
-        /* Free stuff */
-        if (ret_mech_set)
-        {
-            if (ret_mech_set->elements)
-            {
-                gssalloc_free(ret_mech_set->elements);
-            }
-            gssalloc_free(ret_mech_set);
-        }
-        ret_mech_set = NULL;
-    }
-    return major;
-}
-
-static
-OM_uint32 KRB5_CALLCONV
-unix_gss_inquire_attrs_for_mech(OM_uint32 *minor_status,
-                                gss_const_OID mech,
-                                gss_OID_set *mech_attrs,
-                                gss_OID_set *known_mech_attrs)
-{
-    OM_uint32 major, tmpMinor;
-
-    /* known_mech_attrs is handled by mechglue */
-    *minor_status = 0;
-
-    if (mech_attrs == NULL)
-        return (GSS_S_COMPLETE);
-
-    major = gss_create_empty_oid_set(minor_status, mech_attrs);
-    if (GSS_ERROR(major))
-        goto cleanup;
-
-#define MA_SUPPORTED(ma)    do {                                        \
-        major = gss_add_oid_set_member(minor_status, (gss_OID)ma,       \
-                                       mech_attrs);                     \
-        if (GSS_ERROR(major))                                           \
-            goto cleanup;                                               \
-    } while (0)
-
-    MA_SUPPORTED(gss_mech_gssapi_unix_oid);
-
-cleanup:
-    if (GSS_ERROR(major))
-        gss_release_oid_set(&tmpMinor, mech_attrs);
-
-    return (major);
-}
-
-/*
- * The Mech OID:
- *      iso(1) member-body(2) US(840) mit(113554) infosys(1) gssapi(2) srp(10)
- *        = 1.2.840.113554.1.2.10
- */
-static struct _GSS_MECH_PLUGIN_CONFIG srp_mechanism =
-{
-        {GSSAPI_UNIX_MECH_OID_LENGTH, GSSAPI_UNIX_MECH_OID},
-	NULL,
-	srp_gss_acquire_cred,
-	srp_gss_release_cred,
-	unix_gss_init_sec_context,
-#ifndef LEAN_CLIENT
-	srp_gss_accept_sec_context,
-#else
-	NULL,
-#endif  /* LEAN_CLIENT */
-	NULL,				/* gss_process_context_token */
-	srp_gss_delete_sec_context,	/* gss_delete_sec_context */
-	srp_gss_context_time,	/* gss_context_time */
-	srp_gss_get_mic,		/* gss_get_mic */
-	srp_gss_verify_mic,		/* gss_verify_mic */
-	srp_gss_wrap,		/* gss_wrap */
-	srp_gss_unwrap,		/* gss_unwrap */
-	srp_gss_display_status,
-        srp_gss_indicate_mechs, /* gss_indicate_mechs */
-	srp_gss_compare_name,
-	srp_gss_display_name,
-	srp_gss_import_name,
-	srp_gss_release_name,
-	srp_gss_inquire_cred,	/* gss_inquire_cred */
-	NULL,				/* gss_add_cred */
-#ifndef LEAN_CLIENT
-	srp_gss_export_sec_context,		/* gss_export_sec_context */
-	srp_gss_import_sec_context,		/* gss_import_sec_context */
-#else
-	NULL,				/* gss_export_sec_context */
-	NULL,				/* gss_import_sec_context */
-#endif /* LEAN_CLIENT */
-	NULL,				/* gss_inquire_cred_by_mech */
-	srp_gss_inquire_names_for_mech,
-	srp_gss_inquire_context,	/* gss_inquire_context */
-        srp_gss_internal_release_oid,
-	srp_gss_wrap_size_limit,	/* gss_wrap_size_limit */
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_localname */
-	NULL,				/* gssspi_authorize_localname */
-#endif
-	srp_gss_export_name,		/* gss_export_name */
-
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_duplicate_name */
-#endif
-
-	NULL,				/* gss_store_cred */
-	srp_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
-	srp_gss_inquire_cred_by_oid,	/* gss_inquire_cred_by_oid */
-	srp_gss_set_sec_context_option, /* gss_set_sec_context_option */
-	unix_gssspi_set_cred_option,	/* gssspi_set_cred_option */
-	NULL,				/* gssspi_mech_invoke */
-	srp_gss_wrap_aead,
-	srp_gss_unwrap_aead,
-	srp_gss_wrap_iov,
-	srp_gss_unwrap_iov,
-	srp_gss_wrap_iov_length,
-	srp_gss_complete_auth_token,
-	srp_gss_acquire_cred_impersonate_name,
-	NULL,				/* gss_add_cred_impersonate_name */
-	srp_gss_display_name_ext,
-	srp_gss_inquire_name,
-	srp_gss_get_name_attribute,
-	srp_gss_set_name_attribute,
-	srp_gss_delete_name_attribute,
-	srp_gss_export_name_composite,
-	srp_gss_map_name_to_any,
-	srp_gss_release_any_name_mapping,
-#ifdef _MIT_KRB5_1_11
-	NULL,				/* gss_pseudo_random */
-	NULL,				/* gss_set_neg_mechs */
-	NULL,				/* gss_inquire_saslname_for_mech */
-	NULL,				/* gss_inquire_mech_for_saslname */
-	unix_gss_inquire_attrs_for_mech,
-	NULL,				/* gss_acquire_cred_from */
-	NULL,				/* gss_store_cred_into */
-	NULL,				/* gssspi_acquire_cred_with_password */
-	NULL,				/* gss_export_cred */
-	NULL,				/* gss_import_cred */
-	NULL,				/* gssspi_import_sec_context_by_mech */
-	NULL,				/* gssspi_import_name_by_mech */
-	NULL,				/* gssspi_import_cred_by_mech */
-#endif
-};
-
-
-#ifdef _GSS_STATIC_LINK
-#include "mglueP.h"
-
-static int gss_srpmechglue_init(void)
-{
-	struct gss_mech_config mech_srp;
-
-	memset(&mech_srp, 0, sizeof(mech_srp));
-	mech_srp.mech = &srp_mechanism;
-	mech_srp.mechNameStr = "srp";
-	mech_srp.mech_type = (const gss_OID_desc * const) gss_mech_srp;
-
-	return gssint_register_mechinfo(&mech_srp);
-}
-#else
-GSS_MECH_PLUGIN_CONFIG gss_mech_initialize(void)
-{
-	return (&srp_mechanism);
-}
-
-#endif /* _GSS_STATIC_LINK */
diff --git a/lwraft/gssapi-plugins/unix/unix_mglueP.h b/lwraft/gssapi-plugins/unix/unix_mglueP.h
deleted file mode 100644
index ca7e72b5d..000000000
--- a/lwraft/gssapi-plugins/unix/unix_mglueP.h
+++ /dev/null
@@ -1,703 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * This header contains the private mechglue definitions.
- *
- * Copyright (c) 1995, by Sun Microsystems, Inc.
- * All rights reserved.
- */
-
-/*
- * Module: srp_mglueP.h
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     GSSAPI SRP function table private type definitions
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-
-#ifndef _SRP_MGLUEP_H_
-#define _SRP_MGLUEP_H_
-
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_ext.h>
-/*
- * Exact copy of the mglueP.h "struct gss_config". This is contained
- * in a private header file, so this internal plugin structure cannot
- * be consumed publically.
- */
-
-/*
- * This is the definition of the mechs_array struct, which is used to
- * define the mechs array table. This table is used to indirectly
- * access mechanism specific versions of the gssapi routines through
- * the routines in the glue module (gssd_mech_glue.c)
- *
- * This contants all of the functions defined in gssapi.h except for
- * gss_release_buffer() and gss_release_oid_set(), which I am
- * assuming, for now, to be equal across mechanisms.  
- */
- 
-typedef struct _GSS_MECH_PLUGIN_CONFIG {
-    gss_OID_desc    mech_type;
-    void *	    context;
-    OM_uint32       (*gss_acquire_cred)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* desired_name */
-		    OM_uint32,		/* time_req */
-		    gss_OID_set,	/* desired_mechs */
-		    int,		/* cred_usage */
-		    gss_cred_id_t*,	/* output_cred_handle */
-		    gss_OID_set*,	/* actual_mechs */
-		    OM_uint32*		/* time_rec */
-		    );
-    OM_uint32       (*gss_release_cred)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_cred_id_t*	/* cred_handle */
-		    );
-    OM_uint32       (*gss_init_sec_context)
-	(
-		    OM_uint32*,			/* minor_status */
-		    gss_cred_id_t,		/* claimant_cred_handle */
-		    gss_ctx_id_t*,		/* context_handle */
-		    gss_name_t,			/* target_name */
-		    gss_OID,			/* mech_type */
-		    OM_uint32,			/* req_flags */
-		    OM_uint32,			/* time_req */
-		    gss_channel_bindings_t,	/* input_chan_bindings */
-		    gss_buffer_t,		/* input_token */
-		    gss_OID*,			/* actual_mech_type */
-		    gss_buffer_t,		/* output_token */
-		    OM_uint32*,			/* ret_flags */
-		    OM_uint32*			/* time_rec */
-		    );
-    OM_uint32       (*gss_accept_sec_context)
-	(
-		    OM_uint32*,			/* minor_status */
-		    gss_ctx_id_t*,		/* context_handle */
-		    gss_cred_id_t,		/* verifier_cred_handle */
-		    gss_buffer_t,		/* input_token_buffer */
-		    gss_channel_bindings_t,	/* input_chan_bindings */
-		    gss_name_t*,		/* src_name */
-		    gss_OID*,			/* mech_type */
-		    gss_buffer_t,		/* output_token */
-		    OM_uint32*,			/* ret_flags */
-		    OM_uint32*,			/* time_rec */
-		    gss_cred_id_t*		/* delegated_cred_handle */
-		    );
-    OM_uint32       (*gss_process_context_token)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t	/* token_buffer */
-		    );
-    OM_uint32       (*gss_delete_sec_context)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t*,	/* context_handle */
-		    gss_buffer_t	/* output_token */
-		    );
-    OM_uint32       (*gss_context_time)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    OM_uint32*		/* time_rec */
-		    );
-    OM_uint32       (*gss_get_mic)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_qop_t,		/* qop_req */
-		    gss_buffer_t,	/* message_buffer */
-		    gss_buffer_t	/* message_token */
-		    );
-    OM_uint32       (*gss_verify_mic)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t,	/* message_buffer */
-		    gss_buffer_t,	/* token_buffer */
-		    gss_qop_t*		/* qop_state */
-		    );
-    OM_uint32       (*gss_wrap)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    int,		/* conf_req_flag */
-		    gss_qop_t,		/* qop_req */
-		    gss_buffer_t,	/* input_message_buffer */
-		    int*,		/* conf_state */
-		    gss_buffer_t	/* output_message_buffer */
-		    );
-    OM_uint32       (*gss_unwrap)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t,	/* input_message_buffer */
-		    gss_buffer_t,	/* output_message_buffer */
-		    int*,		/* conf_state */
-		    gss_qop_t*		/* qop_state */
-		    );
-    OM_uint32       (*gss_display_status)
-	(
-		    OM_uint32*,		/* minor_status */
-		    OM_uint32,		/* status_value */
-		    int,		/* status_type */
-		    gss_OID,		/* mech_type */
-		    OM_uint32*,		/* message_context */
-		    gss_buffer_t	/* status_string */
-		    );
-    OM_uint32       (*gss_indicate_mechs)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_OID_set*	/* mech_set */
-		    );
-    OM_uint32       (*gss_compare_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* name1 */
-		    gss_name_t,		/* name2 */
-		    int*		/* name_equal */
-		    );
-    OM_uint32       (*gss_display_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t,		/* input_name */
-		    gss_buffer_t,	/* output_name_buffer */
-		    gss_OID*		/* output_name_type */
-		    );
-    OM_uint32       (*gss_import_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_buffer_t,	/* input_name_buffer */
-		    gss_OID,		/* input_name_type */
-		    gss_name_t*		/* output_name */
-		    );
-    OM_uint32       (*gss_release_name)
-	(
-		    OM_uint32*,		/* minor_status */
-		    gss_name_t*		/* input_name */
-		    );
-    OM_uint32       (*gss_inquire_cred)
-	(
-		    OM_uint32 *,		/* minor_status */
-		    gss_cred_id_t,		/* cred_handle */
-		    gss_name_t *,		/* name */
-		    OM_uint32 *,		/* lifetime */
-		    int *,			/* cred_usage */
-		    gss_OID_set *		/* mechanisms */
-		    );
-    OM_uint32	    (*gss_add_cred)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,	/* input_cred_handle */
-		    gss_name_t,		/* desired_name */
-		    gss_OID,		/* desired_mech */
-		    gss_cred_usage_t,	/* cred_usage */
-		    OM_uint32,		/* initiator_time_req */
-		    OM_uint32,		/* acceptor_time_req */
-		    gss_cred_id_t *,	/* output_cred_handle */
-		    gss_OID_set *,	/* actual_mechs */
-		    OM_uint32 *,	/* initiator_time_rec */
-		    OM_uint32 *		/* acceptor_time_rec */
-		    );
-    OM_uint32	    (*gss_export_sec_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t *,	/* context_handle */
-		    gss_buffer_t	/* interprocess_token */
-		    );
-    OM_uint32	    (*gss_import_sec_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_buffer_t,	/* interprocess_token */
-		    gss_ctx_id_t *	/* context_handle */
-		    );
-    OM_uint32 	    (*gss_inquire_cred_by_mech)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,	/* cred_handle */
-		    gss_OID,		/* mech_type */
-		    gss_name_t *,	/* name */
-		    OM_uint32 *,	/* initiator_lifetime */
-		    OM_uint32 *,	/* acceptor_lifetime */
-		    gss_cred_usage_t *	/* cred_usage */
-		    );
-    OM_uint32	    (*gss_inquire_names_for_mech)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_OID,		/* mechanism */
-		    gss_OID_set *	/* name_types */
-		    );
-    OM_uint32	(*gss_inquire_context)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    gss_name_t *,	/* src_name */
-		    gss_name_t *,	/* targ_name */
-		    OM_uint32 *,	/* lifetime_rec */
-		    gss_OID *,		/* mech_type */
-		    OM_uint32 *,	/* ctx_flags */
-		    int *,	   	/* locally_initiated */
-		    int *		/* open */
-		    );
-    OM_uint32	    (*gss_internal_release_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_OID *		/* OID */
-	 );
-    OM_uint32	     (*gss_wrap_size_limit)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t,	/* context_handle */
-		    int,		/* conf_req_flag */
-		    gss_qop_t,		/* qop_req */
-		    OM_uint32,		/* req_output_size */
-		    OM_uint32 *		/* max_input_size */
-	 );
-#if 0
-    int		     (*pname_to_uid)
-	(
-		    char *,		/* pname */
-		    gss_OID,		/* name type */
-		    gss_OID,		/* mech type */
-		    uid_t *		/* uid */
-		    );
-	OM_uint32		(*gssint_userok)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_name_t,	/* pname */
-		    const char *,	/* local user */
-		    int *		/* user ok? */
-	/* */);
-#endif
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32        (KRB5_CALLCONV *gss_localname)
-        (
-                    OM_uint32 *,        /* minor */
-                    const gss_name_t,   /* name */
-                    gss_const_OID,      /* mech_type */
-                    gss_buffer_t /* localname */
-            );
-        OM_uint32               (KRB5_CALLCONV *gssspi_authorize_localname)
-        (
-                    OM_uint32 *,        /* minor_status */
-                    const gss_name_t,   /* pname */
-                    gss_const_buffer_t, /* local user */
-                    gss_const_OID       /* local nametype */
-        /* */);
-
-#endif
-
-	OM_uint32		(*gss_export_name)
-	(
-		OM_uint32 *,		/* minor_status */
-		const gss_name_t,	/* input_name */
-		gss_buffer_t		/* exported_name */
-	/* */);
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32       (KRB5_CALLCONV *gss_duplicate_name)
-        (
-                    OM_uint32*,         /* minor_status */
-                    const gss_name_t,   /* input_name */
-                    gss_name_t *        /* output_name */
-        /* */);
-#endif
-
-	OM_uint32	(*gss_store_cred)
-	(
-		OM_uint32 *,		/* minor_status */
-		const gss_cred_id_t,	/* input_cred */
-		gss_cred_usage_t,	/* cred_usage */
-		const gss_OID,		/* desired_mech */
-		OM_uint32,		/* overwrite_cred */
-		OM_uint32,		/* default_cred */
-		gss_OID_set *,		/* elements_stored */
-		gss_cred_usage_t *	/* cred_usage_stored */
-	/* */);
-
-
-	/* GGF extensions */
-
-	OM_uint32       (*gss_inquire_sec_context_by_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_ctx_id_t, /* context_handle */
-		    const gss_OID,      /* OID */
-		    gss_buffer_set_t *  /* data_set */
-		    );
-	OM_uint32       (*gss_inquire_cred_by_oid)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    const gss_cred_id_t, /* cred_handle */
-		    const gss_OID,      /* OID */
-		    gss_buffer_set_t *  /* data_set */
-		    );
-	OM_uint32       (*gss_set_sec_context_option)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_ctx_id_t *,     /* context_handle */
-		    const gss_OID,      /* OID */
-		    const gss_buffer_t  /* value */
-		    );
-	OM_uint32       (*gssspi_set_cred_option)
-	(
-		    OM_uint32 *,	/* minor_status */
-		    gss_cred_id_t,      /* cred_handle */
-		    const gss_OID,      /* OID */
-		    const gss_buffer_t	/* value */
-		    );
-	OM_uint32       (*gssspi_mech_invoke)
-	(
-		    OM_uint32*,		/* minor_status */
-		    const gss_OID, 	/* mech OID */
-		    const gss_OID,      /* OID */
-		    gss_buffer_t 	/* value */
-		    );
-
-	/* AEAD extensions */
-	OM_uint32	(*gss_wrap_aead)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag */
-	    gss_qop_t,			/* qop_req */
-	    gss_buffer_t,		/* input_assoc_buffer */
-	    gss_buffer_t,		/* input_payload_buffer */
-	    int *,			/* conf_state */
-	    gss_buffer_t		/* output_message_buffer */
-	/* */);
-
-	OM_uint32	(*gss_unwrap_aead)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    gss_buffer_t,		/* input_message_buffer */
-	    gss_buffer_t,		/* input_assoc_buffer */
-	    gss_buffer_t,		/* output_payload_buffer */
-	    int *,			/* conf_state */
-	    gss_qop_t *			/* qop_state */
-	/* */);
-
-	/* SSPI extensions */
-	OM_uint32	(*gss_wrap_iov)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag */
-	    gss_qop_t,			/* qop_req */
-	    int *,			/* conf_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32	(*gss_unwrap_iov)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int *,			/* conf_state */
-	    gss_qop_t *,		/* qop_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32	(*gss_wrap_iov_length)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_ctx_id_t,		/* context_handle */
-	    int,			/* conf_req_flag*/
-	    gss_qop_t, 			/* qop_req */
-	    int *, 			/* conf_state */
-	    gss_iov_buffer_desc *,	/* iov */
-	    int				/* iov_count */
-	/* */);
-
-	OM_uint32       (*gss_complete_auth_token)
-	(
-		    OM_uint32*,		/* minor_status */
-		    const gss_ctx_id_t,	/* context_handle */
-		    gss_buffer_t	/* input_message_buffer */
-		    );
-
-	/* New for 1.8 */
-
-	OM_uint32	(*gss_acquire_cred_impersonate_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_cred_id_t,	/* impersonator_cred_handle */
-	    const gss_name_t,		/* desired_name */
-	    OM_uint32,			/* time_req */
-	    const gss_OID_set,		/* desired_mechs */
-	    gss_cred_usage_t,		/* cred_usage */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32	(*gss_add_cred_impersonate_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* input_cred_handle */
-	    const gss_cred_id_t,	/* impersonator_cred_handle */
-	    const gss_name_t,		/* desired_name */
-	    const gss_OID,		/* desired_mech */
-	    gss_cred_usage_t,		/* cred_usage */
-	    OM_uint32,			/* initiator_time_req */
-	    OM_uint32,			/* acceptor_time_req */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *,		/* initiator_time_rec */
-	    OM_uint32 *			/* acceptor_time_rec */
-	/* */);
-
-	OM_uint32	(*gss_display_name_ext)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_OID,			/* display_as_name_type */
-	    gss_buffer_t		/* display_name */
-	/* */);
-
-	OM_uint32	(*gss_inquire_name)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int *,			/* name_is_MN */
-	    gss_OID *,			/* MN_mech */
-	    gss_buffer_set_t *		/* attrs */
-	/* */);
-
-	OM_uint32	(*gss_get_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t,		/* attr */
-	    int *,			/* authenticated */
-	    int *,			/* complete */
-	    gss_buffer_t,		/* value */
-	    gss_buffer_t,		/* display_value */
-	    int *			/* more */
-	/* */);
-
-	OM_uint32	(*gss_set_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int,			/* complete */
-	    gss_buffer_t,		/* attr */
-	    gss_buffer_t		/* value */
-	/* */);
-
-	OM_uint32	(*gss_delete_name_attribute)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t		/* attr */
-	/* */);
-
-	OM_uint32	(*gss_export_name_composite)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t		/* exp_composite_name */
-	/* */);
-
-	OM_uint32	(*gss_map_name_to_any)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    int,			/* authenticated */
-	    gss_buffer_t,		/* type_id */
-	    gss_any_t *			/* output */
-	/* */);
-
-	OM_uint32	(*gss_release_any_name_mapping)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* name */
-	    gss_buffer_t,		/* type_id */
-	    gss_any_t *			/* input */
-	/* */);
-
-#ifdef _MIT_KRB5_1_11
-        OM_uint32       (KRB5_CALLCONV *gss_pseudo_random)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context */
-            int,                        /* prf_key */
-            const gss_buffer_t,         /* prf_in */
-            ssize_t,                    /* desired_output_len */
-            gss_buffer_t                /* prf_out */
-        /* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_set_neg_mechs)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* cred_handle */
-	    const gss_OID_set		/* mech_set */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_saslname_for_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_OID,		/* desired_mech */
-	    gss_buffer_t,		/* sasl_mech_name */
-	    gss_buffer_t,		/* mech_name */
-	    gss_buffer_t		/* mech_description */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_mech_for_saslname)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_buffer_t,		/* sasl_mech_name */
-	    gss_OID *			/* mech_type */
-	/* */);
-
-	OM_uint32	(KRB5_CALLCONV *gss_inquire_attrs_for_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_const_OID,		/* mech */
-	    gss_OID_set *,		/* mech_attrs */
-	    gss_OID_set *		/* known_mech_attrs */
-	/* */);
-
-	/* Credential store extensions */
-
-	OM_uint32       (KRB5_CALLCONV *gss_acquire_cred_from)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_name_t,			/* desired_name */
-	    OM_uint32,			/* time_req */
-	    gss_OID_set,		/* desired_mechs */
-	    gss_cred_usage_t,		/* cred_usage */
-	    gss_const_key_value_set_t,	/* cred_store */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_store_cred_into)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* input_cred_handle */
-	    gss_cred_usage_t,		/* input_usage */
-	    gss_OID,			/* desired_mech */
-	    OM_uint32,			/* overwrite_cred */
-	    OM_uint32,			/* default_cred */
-	    gss_const_key_value_set_t,	/* cred_store */
-	    gss_OID_set *,		/* elements_stored */
-	    gss_cred_usage_t *		/* cred_usage_stored */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_acquire_cred_with_password)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    const gss_name_t,		/* desired_name */
-	    const gss_buffer_t,	 /* password */
-	    OM_uint32,			/* time_req */
-	    const gss_OID_set,		/* desired_mechs */
-	    int,			/* cred_usage */
-	    gss_cred_id_t *,		/* output_cred_handle */
-	    gss_OID_set *,		/* actual_mechs */
-	    OM_uint32 *			/* time_rec */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_export_cred)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_cred_id_t,		/* cred_handle */
-	    gss_buffer_t		/* token */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gss_import_cred)
-	(
-		OM_uint32 *,		/* minor_status */
-		gss_buffer_t,		/* token */
-		gss_cred_id_t *		/* cred_handle */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_sec_context_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* desired_mech */
-	    gss_buffer_t,		/* interprocess_token */
-	    gss_ctx_id_t *		/* context_handle */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_name_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* mech_type */
-	    gss_buffer_t,		/* input_name_buffer */
-	    gss_OID,			/* input_name_type */
-	    gss_name_t*			/* output_name */
-	/* */);
-
-	OM_uint32       (KRB5_CALLCONV *gssspi_import_cred_by_mech)
-	(
-	    OM_uint32 *,		/* minor_status */
-	    gss_OID,			/* mech_type */
-	    gss_buffer_t,		/* token */
-	    gss_cred_id_t *		/* cred_handle */
-	/* */);
-
-#ifdef _MIT_KRB5_1_12
-        /* get_mic_iov extensions, added in 1.12 */
-
-        OM_uint32       (KRB5_CALLCONV *gss_get_mic_iov)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t,                  /* qop_req */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-
-        OM_uint32       (KRB5_CALLCONV *gss_verify_mic_iov)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t *,                /* qop_state */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-
-        OM_uint32       (KRB5_CALLCONV *gss_get_mic_iov_length)
-        (
-            OM_uint32 *,                /* minor_status */
-            gss_ctx_id_t,               /* context_handle */
-            gss_qop_t,                  /* qop_req */
-            gss_iov_buffer_desc *,      /* iov */
-            int                         /* iov_count */
-        );
-#endif
-
-#endif
-
-
-} *GSS_MECH_PLUGIN_CONFIG;
-
-typedef struct gss_ctx_id_struct {
- struct gss_ctx_id_struct *loopback;
- gss_OID mech_type;
- gss_ctx_id_t internal_ctx_id;
-} gss_union_ctx_id_desc, *gss_union_ctx_id_t;
-
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_release_cred.c b/lwraft/gssapi-plugins/unix/unix_release_cred.c
deleted file mode 100644
index 5c9183751..000000000
--- a/lwraft/gssapi-plugins/unix/unix_release_cred.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_release_cred.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP release cred
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include "unix_util.h"
-#include "gssapi_alloc.h"
-
-OM_uint32
-srp_gss_release_cred(OM_uint32 *minor_status,
-            gss_cred_id_t *cred_handle)
-{
-    OM_uint32 status = 0;
-    OM_uint32 min = 0;
-    srp_gss_cred_id_t srp_cred = NULL;
-
-    dsyslog("Entering srp_gss_release_cred\n");
-
-    if (minor_status == NULL || cred_handle == NULL)
-    {
-        return (GSS_S_CALL_INACCESSIBLE_WRITE);
-    }
-
-    *minor_status = 0;
-
-    if (*cred_handle == GSS_C_NO_CREDENTIAL)
-    {
-        return (GSS_S_COMPLETE);
-    }
-
-    srp_cred = (srp_gss_cred_id_t) *cred_handle;
-    if (srp_cred->srp_mech_oid)
-    {
-        if (srp_cred->srp_mech_oid->elements)
-        {
-            gssalloc_free(srp_cred->srp_mech_oid->elements);
-        }
-        gssalloc_free(srp_cred->srp_mech_oid);
-    }
-    if (srp_cred->name)
-    {
-        gss_release_name(&min, &srp_cred->name);
-    }
-    if (srp_cred->password)
-    {
-        gss_release_buffer(&min, srp_cred->password);
-        gssalloc_free(srp_cred->password);
-    }
-
-    gssalloc_free(srp_cred);
-
-    *cred_handle = NULL;
-
-    dsyslog("Leaving srp_gss_release_cred\n");
-    return (status);
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_srp.c b/lwraft/gssapi-plugins/unix/unix_srp.c
deleted file mode 100644
index 09db876a0..000000000
--- a/lwraft/gssapi-plugins/unix/unix_srp.c
+++ /dev/null
@@ -1,643 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <string.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <shadow.h>
-#include <errno.h>
-
-#ifndef _GNU_SOURCE
-#define _GNU_SOURCE
-#endif
-#ifndef __USE_GNU
-#define __USE_GNU
-#endif
-
-#include <crypt.h>
-#include <stdio.h>
-
-#include <csrp/srp.h>
-
-static SRP_HashAlgorithm G_alg     = SRP_SHA1;
-static SRP_NGType        G_ng_type = SRP_NG_2048;
-static const char        *G_n_hex  = 0;
-static const char        *G_g_hex  = 0;
-
-
-#define CRYPT_MD5         "$1$"
-#define CRYPT_BLOWFISH_2A "$2a$"
-#define CRYPT_BLOWFISH_2B "$2b$"
-#define CRYPT_BLOWFISH_2X "$2x$"
-#define CRYPT_BLOWFISH_2Y "$2y$"
-#define CRYPT_SHA_256     "$5$"
-#define CRYPT_SHA_512     "$6$"
-
-/*
- * This function looks up "username" in the shadow password file, determines
- * the hash algorithm type, and returns the salt and the password
- * hash for that user.
- * 
- * Given the salt and the user password, then the hash can be created.
- * The generated hash is used as an SRP password (client side), and
- * the generator for the SRP secret (server side).
- *
- * Crypt password file format references:
- * http://php.net/manual/en/function.crypt.php
- * http://en.wikipedia.org/wiki/Crypt_%28C%29#Blowfish-based_scheme
- *
- * Look up from the shadow password file the specified user, and if found,
- * return the salt field parsed out from the hash entry
- *
- * Algorithm ID
- * $1$  MD5
- * 12 characters salt follows
- *
- * $2a$ Blowfish
- * $2b$ Blowfish
- * $2x$ Blowfish
- * $2y$ Blowfish
- * Blowfish salt format:
- * $id$NN$-----22 chars-salt----++++++hash+++++:
- *
- * SHA salt format
- * $5$  SHA-256
- * $6$  SHA-512
- * $ID$salt$hash
- */
-int get_sp_salt(const char *username,
-                char **ret_salt,
-                char **ret_encpwd)
-{
-    int st = 0;
-    int is_locked = 0;
-    struct spwd *spval = NULL;
-    int salt_len = 0;
-    char *salt = NULL;
-    char *encpwd = NULL;
-    char *sp = NULL;
-    int cur_uid = 0;
-    
-    if (!username || !ret_salt || !ret_encpwd)
-    {
-        st = -1;
-        errno = EINVAL;
-        goto error;
-    }
-
-    /* Must be root to read shadow password file */
-    cur_uid = getuid();
-    seteuid(0);
-
-    /* Obtain password file lock, and hold minimum amount of time */
-    st = lckpwdf();
-    if (st == -1)
-    {
-        goto error;
-    }
-    is_locked = 1;
-
-    spval = getspnam(username);
-    if (!spval)
-    {
-        /* Failed due to permissions or entry not found */
-        st = -1;
-        goto error;
-    }
-    salt = strdup(spval->sp_pwdp);
-    if (!salt)
-    {
-        /* errno is set */
-        st = -1;
-        goto error;
-    }
-    encpwd = strdup(spval->sp_pwdp);
-    if (!encpwd)
-    {
-        /* errno is set */
-        st = -1;
-        goto error;
-    }
-    ulckpwdf();
-    seteuid(cur_uid);
-    is_locked = 0;
-   
-    /* CRYPT_DES hash is not supported; how to test? */
-
-    /* Determine the hash algorithn, and therefore the salt length */
-    if (!strncmp(salt, CRYPT_MD5, strlen(CRYPT_MD5)))
-    {
-        /* $1$123456789012 */
-        salt_len = 12 + 3;
-    }
-    else if (!strncmp(salt, CRYPT_BLOWFISH_2A, strlen(CRYPT_BLOWFISH_2A)) ||
-             !strncmp(salt, CRYPT_BLOWFISH_2B, strlen(CRYPT_BLOWFISH_2B)) ||
-             !strncmp(salt, CRYPT_BLOWFISH_2X, strlen(CRYPT_BLOWFISH_2X)) ||
-             !strncmp(salt, CRYPT_BLOWFISH_2Y, strlen(CRYPT_BLOWFISH_2Y)))
-    {
-        /* $2a$05$1234567890123456789012 */
-        salt_len = 22 + 7;
-    }
-    else if (!strncmp(salt, CRYPT_SHA_256, strlen(CRYPT_SHA_256)) ||
-             !strncmp(salt, CRYPT_SHA_512, strlen(CRYPT_SHA_512)))
-    {
-        sp = strrchr(salt, '$');
-        salt_len = sp - salt + 1;
-    }
-    salt[salt_len] = '\0';
-    *ret_salt = salt;
-    *ret_encpwd = encpwd;
-    salt = NULL;
-
-error:
-    if (is_locked)
-    {
-        ulckpwdf();
-        seteuid(cur_uid);
-    }
-    if (st == -1)
-    {
-        if (salt)
-        {
-            free(salt);
-            salt = NULL;
-        }
-        if (encpwd)
-        {
-            free(encpwd);
-            salt = NULL;
-        }
-    }
-    return st;
-}
-
-
-
-/* Create the temporary SRP secret using username shadow pwd entry */
-int
-srpVerifierInit(
-    char *username,
-    char *password,
-    unsigned char **ret_bytes_s,
-    int *ret_len_s,
-    unsigned char **ret_bytes_v,
-    int *ret_len_v)
-{
-    int sts = 0;
-    const unsigned char *bytes_s = NULL;
-    int len_s = 0;
-    const unsigned char *bytes_v = NULL;
-    int len_v = 0;
-
-    if (!username || !password || !ret_bytes_s || !ret_bytes_v)
-    {
-        sts = -1;
-        goto error;
-    }
-
-    srp_create_salted_verification_key(
-        G_alg,
-        G_ng_type,
-        username,
-        (const unsigned char *) password,
-        (int) strlen(password),
-        &bytes_s,
-        &len_s,
-        &bytes_v,
-        &len_v,
-        G_n_hex,
-        G_g_hex);
-    
-    *ret_bytes_s = (unsigned char *) bytes_s;
-    *ret_len_s   = len_s;
-
-    *ret_bytes_v = (unsigned char *) bytes_v;
-    *ret_len_v = len_v;
-
-error:
-    return 0;
-}
-
-
-/*
- * SRP "exchange". These helper functions form the different client / server
- * SRP authentication routines, which use the password hash as the SRP password.
- */
-/* ===================== Client routines =================================== */
-struct SRPUser *
-srpClientNew(
-    char *username,
-    char *password)
-{
-    struct SRPUser *usr = NULL;
-
-    usr =  srp_user_new(
-               G_alg,
-               G_ng_type,
-               username,
-               (const unsigned char *) password,
-               (int) strlen(password),
-               G_n_hex,
-               G_g_hex);
-    return usr;
-}
-
-int
-srpClientStartAuthentication(
-    struct SRPUser *usr,
-    char **ret_auth_username,
-    unsigned char **ret_bytes_A,
-    int *ret_len_A)
-{
-    int sts = 0;
-    const char *auth_username = NULL;
-    const unsigned char *bytes_A = NULL;
-    int len_A = 0;
-
-    srp_user_start_authentication(usr, &auth_username, &bytes_A, &len_A);
-    if (!auth_username || !bytes_A)
-    {
-        sts = -1;
-        goto error;
-    }
-    *ret_auth_username = (char *) auth_username, auth_username = NULL;
-    *ret_bytes_A = (char *) bytes_A, bytes_A = NULL;
-    *ret_len_A = len_A;
-
-error:
-    if (sts == -1)
-    {
-        if (auth_username)
-        {
-            free((char *) auth_username);
-        }
-        if (bytes_A)
-        {
-            free((char *) bytes_A);
-        }
-    }
-    return sts;
-}
-    
-int
-srpClientChallenge(
-    struct SRPUser *usr,
-    unsigned char *bytes_s,
-    int len_s,
-    unsigned char *bytes_B,
-    int len_B,
-    unsigned char **ret_bytes_M,
-    int *ret_len_M)
-{
-    int sts = 0;
-    const unsigned char *bytes_M = NULL;
-    int len_M = 0;
-
-    srp_user_process_challenge(
-        usr,
-        bytes_s,
-        len_s,
-        bytes_B,
-        len_B,
-        &bytes_M,
-        &len_M);
-    if (!bytes_M)
-    {
-        sts = -1;
-        goto error;
-    }
-
-    *ret_bytes_M = (unsigned char *) bytes_M;
-    *ret_len_M = len_M;
-
-error:
-    return sts;
-}
-
-int srpClientVerifySession(
-    struct SRPUser *usr,
-    unsigned char *bytes_HAMK)
-{
-    srp_user_verify_session(usr, bytes_HAMK);
-    return srp_user_is_authenticated(usr);
-}
-
-void srpClientDestroy(
-    struct SRPUser *usr)
-{
-    if (usr)
-    {
-        srp_user_delete(usr);
-    }
-}
-
-
-/* ===================== Server routines =================================== */
-
-struct SRPVerifier *
-srpServerNew(
-    char *username,
-    unsigned char *bytes_s,
-    int len_s,
-    unsigned char *bytes_v,
-    int len_v,
-    unsigned char *bytes_A,
-    int len_A,
-    unsigned char **ret_bytes_B,
-    int *ret_len_B)
-{
-    int sts = 0;
-    const unsigned char *bytes_B = NULL;
-    int len_B = 0;
-    struct SRPVerifier *ver = NULL;
-
-    ver = srp_verifier_new(
-              G_alg,
-              G_ng_type,
-              username,
-              bytes_s,
-              len_s,
-              bytes_v,
-              len_v,
-              bytes_A,
-              len_A,
-              &bytes_B,
-              &len_B,
-              G_n_hex,
-              G_g_hex);
-    if (!bytes_B)
-    {
-        /* Verifier SRP-6a safety check violated! */
-        sts = -1;
-        goto error;
-    }
-
-    *ret_bytes_B = (unsigned char *) bytes_B;
-    *ret_len_B = len_B;
-
-error:
-    if (sts == -1)
-    {
-        ver = NULL;
-    }
-    return ver;
-}
-
-
-int
-srpServerVerify(
-    struct SRPVerifier *ver,
-    unsigned char *bytes_M,
-    unsigned char **ret_bytes_HAMK)
-{
-    const unsigned char *bytes_HAMK = NULL;
-    int sts = 0;
-    srp_verifier_verify_session(ver, bytes_M, &bytes_HAMK);
-
-    if ( !bytes_HAMK )
-    {
-        sts = -1;
-        goto error;
-    }
-
-    *ret_bytes_HAMK = (unsigned char *) bytes_HAMK;
-
-error:
-
-    return sts;
-}
-
-void
-srpServerDestroy(
-    struct SRPVerifier *ver)
-{
-    if (ver)
-    {
-        srp_verifier_delete(ver);
-    }
-}
-
-/*
- * Perform SRP gssapi_unix password authentication.
- * 
- * Known only by client: username / client_srp_pwd
- * Known only by server: server_srp_pwd
- */
-int srpAuthenticate(
-    char *username,
-    char *client_srp_pwd,
-    char *server_srp_pwd)
-{
-    struct SRPUser *cli_srp = NULL;
-    struct SRPVerifier *svr_srp = NULL;
-    int sts = 0;
-    unsigned char *bytes_s = NULL;
-    int len_s = 0;
-    unsigned char *bytes_v = NULL;
-    int len_v = 0;
-    char *auth_username = NULL;
-    unsigned char *bytes_A = NULL;
-    int len_A = 0;
-    unsigned char *bytes_B = NULL;
-    int len_B = 0;
-    unsigned char *bytes_M = NULL;
-    int len_M = 0;
-    unsigned char *bytes_HAMK = NULL;
-
-    /* 
-     * This call creates the temporary server-side SRP secret
-     *
-     * bytes_s: SRP salt, publically known to client/server
-     * bytes_v: SRP secret, privately known only by server
-     */
-    sts = srpVerifierInit(
-              username,
-              server_srp_pwd,
-              &bytes_s,
-              &len_s,
-              &bytes_v,
-              &len_v);
-    if (sts == -1)
-    {
-        fprintf(stderr, "  srpVerifierInit: Failed\n");
-        goto error;
-    }
-
-    /* 1: Client initiates authentication sequence */
-    cli_srp = srpClientNew(
-                  username,
-                  client_srp_pwd);
-    if (!cli_srp)
-    {
-        fprintf(stderr, "  1) srpClientNew: Failed\n");
-        sts = -1;
-        goto error;
-    }
-
-    /* 2: Client generates public "A" value which is passed to server */
-    sts = srpClientStartAuthentication(
-              cli_srp,
-              &auth_username,
-              &bytes_A,
-              &len_A);
-    if (sts == -1)
-    {
-        fprintf(stderr, "  2) srpClientStartAuthentication: Failed\n");
-        goto error;
-    }
-
-    /* 3: Server initializes its context, and returns public "B" value */
-    svr_srp = srpServerNew(
-                  auth_username,
-                  bytes_s,
-                  len_s,
-                  bytes_v,
-                  len_v,
-                  bytes_A,
-                  len_A,
-                  &bytes_B,
-                  &len_B);
-    if (!svr_srp)
-    {
-        fprintf(stderr, "  3) srpServerNew: Failed\n");
-        sts = -1;
-        goto error;
-    }
-
-    /* 4: Client processes server challenge, generates mutual auth data */
-    sts = srpClientChallenge(
-              cli_srp,
-              bytes_s,
-              len_s,
-              bytes_B,
-              len_B,
-              &bytes_M,
-              &len_M);
-    if (sts == -1)
-    {
-        fprintf(stderr, "  4) srpClientChallenge: Failed\n");
-        goto error;
-    }
-
-    /* 5: Server verifies mutual auth data, generates mutual handshake data */
-    sts = srpServerVerify(
-              svr_srp,
-              bytes_M,
-              &bytes_HAMK);
-    if (sts == -1)
-    {
-        fprintf(stderr, "  5) srpServerVerify: Failed\n");
-        goto error;
-    }
-
-    /* 6: client verifies mutual auth handshake, and completes or fails auth */
-    sts = srpClientVerifySession(
-              cli_srp,
-              bytes_HAMK);
-    if (sts == -1)
-    {
-        fprintf(stderr, "  6) srpClientVerifySession: Failed\n");
-        goto error;
-    }
-
-error:
-    srpClientDestroy(cli_srp);
-    srpServerDestroy(svr_srp);
-    if (bytes_s)
-    {
-        free(bytes_s);
-    }
-    if (bytes_v)
-    {
-        free(bytes_v);
-    }
-    return sts;
-}
-
-
-int main(int argc, char *argv[])
-{
-    int sts = 0;
-    char *username = NULL;
-    char *user_salt = NULL;
-    char *server_sp_hash = NULL;
-    char *pwd = NULL;
-    struct crypt_data cryptbuf;
-    char *client_sp_hash = NULL;
-
-    if (argc == 1)
-    {
-        fprintf(stderr, "usage: %s username\n", argv[0]);
-        return 1;
-    }
-    username = argv[1];
-
-    memset(&cryptbuf, 0, sizeof(cryptbuf));
-    /*
-     * UNIX shadow pwd file is queried to find user_salt
-     *
-     * user_salt: returned to client
-     * server_sp_hash: used to generate temporary server SRP secret
-     */
-    sts = get_sp_salt(username, &user_salt, &server_sp_hash);
-    if (sts == -1)
-    {
-        if (errno == EACCES)
-        {
-            fprintf(stderr,
-                    "%s: must be run with root privilege (setuid root?)\n",
-                    argv[0]);
-        }
-        else
-        {
-            fprintf(stderr, "%s: user %s does not exist\n", argv[1], username);
-        }
-        return 1;
-    }
-    printf("salt=%s\n", user_salt);
-    printf("hash=%s\n", server_sp_hash);
-
-    /* Get user password to compute client-side pwd hash */
-    pwd = getpass("Password: ");
-
-    /* client_sp_hash is generated by known password + user_salt */
-    client_sp_hash = crypt_r(pwd, user_salt, &cryptbuf);
-    printf("client_hash=%s\n", client_sp_hash);
-
-    /*
-     * srpAuthenticate: Simulate GSSAPI client/server exchange. 
-     *
-     * This does perform actual SRP authentication. Mock up to prove this
-     * approach works without implementing complete GSS unix_pwd plugin.
-     */
-    sts = srpAuthenticate(username, client_sp_hash, server_sp_hash);
-    if (sts == -1)
-    {
-        printf("srpAuthenticate failed!\n");
-    }
-    else
-    {
-        printf("srpAuthenticate passed!!!\n");
-    }
-    memset(&cryptbuf, 0, sizeof(cryptbuf));
-    if (user_salt)
-    {
-        free(user_salt);
-    }
-    if (server_sp_hash)
-    {
-        free(server_sp_hash);
-    }
-    return 0;
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_unwrap_iov.c b/lwraft/gssapi-plugins/unix/unix_unwrap_iov.c
deleted file mode 100644
index 221f97043..000000000
--- a/lwraft/gssapi-plugins/unix/unix_unwrap_iov.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_unwrap_iov.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP unwrap IOV; sign/seal support
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include <openssl/aes.h>
-#include <errno.h>
-#include <string.h>
-#include "unix_util.h"
-#include "unix_encrypt.h"
-#include "unix_encrypt.h"
-#include "gssapi_alloc.h"
-
-
-
-
-#ifndef _SRP_USE_TRIVIAL_ENCRYPTION
-
-OM_uint32
-srp_gss_unwrap_iov(OM_uint32 *minor_status,
-		      gss_ctx_id_t context_handle,
-		      int *conf_state,
-		      gss_qop_t *qop_state,
-		      gss_iov_buffer_desc *iov,
-		      int iov_count)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    srp_gss_ctx_id_t srp_context_handle = (srp_gss_ctx_id_t) context_handle;
-    int ciphertext_len = 0;
-    unsigned char *plaintext = NULL;
-    int plaintext_len = 0;
-    int sealed = 1;
-
-    ciphertext_len = (int) AES256PAD(iov[1].buffer.length);
-
-    plaintext_len = ciphertext_len;
-    plaintext = calloc(plaintext_len, sizeof(unsigned char));
-    if (!plaintext)
-    {
-        min = ENOMEM;
-        goto error;
-    }
-
-    maj = srp_decrypt_aes256_hmac_sha1(
-              srp_context_handle,
-              ((unsigned char *) iov[0].buffer.value)  + SRP_MECH_OID_OFFSET,
-              (int) (iov[0].buffer.length - SRP_MECH_OID_OFFSET),
-              iov[1].buffer.value,
-              (int) iov[1].buffer.length,
-              plaintext);
-    if (maj)
-    {
-        min = maj;
-        goto error;
-    }
-    memcpy(iov[1].buffer.value, plaintext, plaintext_len);
-
-    /*
-     * TBD: Decode iov[0] to determine if encrypted/cksummed;
-     * assume always encrypted.
-     */
-    *conf_state = sealed;
-
-error:
-    if (plaintext)
-    {
-        free(plaintext);
-    }
-    return min ? min : maj;
-}
-
-#else
-
-OM_uint32
-srp_gss_unwrap_iov(OM_uint32 *minor_status,
-		      gss_ctx_id_t context_handle,
-		      int *conf_state,
-		      gss_qop_t *qop_state,
-		      gss_iov_buffer_desc *iov,
-		      int iov_count)
-{
-    unsigned char *key = NULL;
-    int keylen = 0;
-    int sealed = 0;
-
-    /* TBD:Adam-How to determine the protection level? */
-    /* rpc_c_authn_level_pkt_privacy */
-    sealed = 1;
-
-    key = xor_get_encrypt_key(&keylen);
-    xor_encrypt(iov[1].buffer.value,
-                iov[1].buffer.length,
-                key,
-                keylen);
-    /*
-     * Decode iov[0] to determine if encrypted/cksummed;
-     * assume always encrypted.
-     */
-    *conf_state = sealed;
-
-    /* Nothing can fail in this implementation :) */
-    return 0;
-}
-
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_util.c b/lwraft/gssapi-plugins/unix/unix_util.c
deleted file mode 100644
index f7b9b6165..000000000
--- a/lwraft/gssapi-plugins/unix/unix_util.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_util.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Shared Utility Functions
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <errno.h>
-#include "gssapiP_unix.h"
-#include "gssapi_unix.h"
-#include "gssapi_alloc.h"
-
-static char *g_debug_printf;
-
-#if 1 /* Debug logging */
-
-#ifndef VMDIR_LOG_MASK_ALL
-#define VMDIR_LOG_MASK_ALL (-1)
-#endif
-
-unsigned long
-VmDirLogInitialize(
-   const char *pszLogFileName,
-   int          bUseSysLog,
-   const char *pszSyslogName,
-   unsigned int  iLogLevel,
-   unsigned long iInitLogMask
-   );
-
-
-void
-VmDirLog(
-   unsigned long level,
-   const char*  fmt,
-   ...);
-#endif
-
-#ifdef _WIN32
-#if 1 /* debugging SRP logging */
-#define OUTPUT_DEBUG_LOG(str) VmDirLog(VMDIR_LOG_MASK_ALL, "%s", (str))
-#else
-#define OUTPUT_DEBUG_LOG(str) OutputDebugStringA((char *) str)
-#endif
-
-#else
-#if 1 /* debugging SRP logging */
-#define OUTPUT_DEBUG_LOG(str) VmDirLog(VMDIR_LOG_MASK_ALL, "%s", (str))
-#else
-#include <syslog.h>
-#define OUTPUT_DEBUG_LOG(str) syslog(LOG_DEBUG, "%s", str)
-#endif
-#endif
-
-
-static char *srp_getenv_debug(void)
-{
-    if (!g_debug_printf)
-    {
-        g_debug_printf = getenv("GSSAPI_SRP_DEBUG");
-        if (!g_debug_printf)
-        {
-            return NULL;
-        }
-#ifdef _WIN32
-        VmDirLogInitialize(
-           g_debug_printf,
-           0,    // bUseSysLog
-           NULL, // pszSyslogName
-           0,
-           VMDIR_LOG_MASK_ALL);
-#else
-        VmDirLogInitialize(
-           NULL, // pszLogFileName
-           1,    // bUseSysLog
-           NULL, // pszSyslogName
-           0,
-           VMDIR_LOG_MASK_ALL);
-#endif
-    }
-    return g_debug_printf;
-}
-
-int srp_debug_printf(char *fmt, ...)
-{
-    va_list print_args;
-    int ret_len = 0;
-    char *ptr = NULL;
-    char debug_string[4*1024] = {0};
-
-    if (!srp_getenv_debug())
-    {
-        return 0;
-    }
-    strcpy(debug_string, "  MMM ");
-    va_start(print_args,fmt);
-    ret_len = vsnprintf(debug_string+6,
-                        sizeof(debug_string)-7, // 6 for MMM prefix, 1 for nul terminator
-                        fmt,
-                        print_args);
-
-    ptr = strrchr(debug_string, '\n');
-    if (ptr)
-    {
-        strcpy(ptr, " MMM\n");
-    }
-    else
-    {
-        ptr = debug_string + strlen(debug_string);
-        strcpy(ptr, " MMM\n");
-    }
-    if (ret_len > 0)
-    {
-        OUTPUT_DEBUG_LOG(debug_string);
-    }
-    va_end(print_args);
-    return ret_len;
-}
-
-
-char *srp_bin_to_hex_str(const unsigned char *buf, int buf_len)
-{
-    char *hexstr = NULL;
-    unsigned int hex_hi = 0;
-    unsigned int hex_lo = 0;
-    static char hexchars[] = "0123456789abcdef";
-    int i = 0;
-    int j = 0;
-
-    hexstr = calloc(buf_len*2+1, sizeof(char));
-    if (buf)
-    {
-        for (i=0; i<buf_len; i++)
-        {
-            hex_hi = (0xf0 & buf[i]) >> 4;
-            hex_lo = (0x0f & buf[i]);
-            hexstr[j] = hexchars[hex_hi];
-            hexstr[j+1] = hexchars[hex_lo];
-            j += 2;
-        }
-        hexstr[j] = '\0';
-    }
-    return hexstr;
-}
-
-OM_uint32
-srp_gss_duplicate_oid(
-     OM_uint32 *minor_status,
-     gss_OID   input_oid,
-     gss_OID   *output_oid)
-{
-    OM_uint32 maj = 0;
-    OM_uint32 min = 0;
-    gss_buffer_desc oid_str = {0};
-    gss_OID ret_oid = NULL;
-
-    maj = gss_oid_to_str(&min, input_oid, &oid_str);
-    if (maj)
-    {
-        goto error;
-    }
-
-    maj = gss_str_to_oid(&min, &oid_str, &ret_oid);
-    if (maj)
-    {
-        goto error;
-    }
-
-    *output_oid = ret_oid;
-    ret_oid = NULL;
-
-error:
-    if (maj)
-    {
-        *minor_status = min;
-    }
-
-    if (oid_str.value)
-    {
-        gss_release_buffer(&min, &oid_str);
-    }
-    return maj;
-}
-
-
-void srp_print_hex(const unsigned char *buf, int buf_len, const char *msg)
-{
-    char *hexstr = NULL;
-
-    if (!srp_getenv_debug())
-    {
-        return;
-    }
-
-    srp_debug_printf("len = %d %s ", buf_len, msg?msg:"");
-    hexstr = srp_bin_to_hex_str(buf, buf_len);
-    if (hexstr)
-    {
-        srp_debug_printf("hex = %s\n", hexstr);
-        free(hexstr);
-        OUTPUT_DEBUG_LOG("\n");
-    }
-}
-
-
-/*
- * tag for APPLICATION 0, Sequence[constructed, definite length]
- * length of remainder of token
- * tag of OBJECT IDENTIFIER
- * length of mechanism OID
- * encoding of mechanism OID
- * <the rest of the token>
- *
- * Numerically, this looks like :
- *
- * 0x60
- * <length> - could be multiple bytes
- * 0x06
- * <length> - assume only one byte, hence OID length < 127
- * <mech OID bytes>
- *
- */
-OM_uint32
-srp_asn1_encode_mech_oid_token(
-    OM_uint32 *ret_minor,
-    gss_OID mech_oid,
-    gss_buffer_t output_token)
-{
-    OM_uint32 major = 0;
-    OM_uint32 minor = 0;
-    OM_uint32 asn1_mech_prefix_len = 4;
-    gss_buffer_desc asn1_oid = {0};
-    unsigned char *ptr = NULL;
-    int i = 0;
-
-    /* ASN.1 encoded SRP OID value */
-    asn1_oid.length = mech_oid->length + asn1_mech_prefix_len;
-    asn1_oid.value = gssalloc_malloc(asn1_oid.length);
-    if (!asn1_oid.value)
-    {
-        minor = ENOMEM;
-        major = GSS_S_FAILURE;
-        goto error;
-    }
-
-    /* ASN.1 encode OID, State and length delimited display name string */
-    memset(asn1_oid.value, 0, sizeof(asn1_oid.length));
-
-    ptr = (unsigned char *) asn1_oid.value;
-    i = 0;
-
-    /* tag for APPLICATION 0, Sequence[constructed, definite length] */
-    ptr[i++] = 0x60;
-
-    /* length of remainder of token: OID tag(1) + OID len(1) */
-    ptr[i++] = mech_oid->length + 2;
-
-    /* ASN.1 Object Identifier tag */
-    ptr[i++] = 0x06;
-
-    /* Only works if value is < 127 bytes; GSS-SRP mech oid is much <127 */
-    ptr[i++] = mech_oid->length;
-
-    /* Copy the actual pre-encoded ASN.1 GSS-OID into the asn1_oid buffer */
-    memcpy(&ptr[i], mech_oid->elements, mech_oid->length);
-
-    *output_token = asn1_oid;
-error:
-    if (major)
-    {
-        *ret_minor = minor;
-    }
-
-    return major;
-}
diff --git a/lwraft/gssapi-plugins/unix/unix_util.h b/lwraft/gssapi-plugins/unix/unix_util.h
deleted file mode 100644
index bf80c4902..000000000
--- a/lwraft/gssapi-plugins/unix/unix_util.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_util.h
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Shared Utility Functions header file
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#ifndef _SRP_UTIL_H
-#define _SRP_UTIL_H
-
-#include "gssapiP_unix.h"
-#include "gssapi_unix.h"
-
-
-char *
-srp_bin_to_hex_str(
-    const unsigned char *buf,
-    int buf_len);
-
-OM_uint32
-srp_gss_duplicate_oid(
-     OM_uint32 *minor_status,
-     gss_OID   input_oid,
-     gss_OID   *output_oid);
-
-
-void 
-srp_print_hex(
-    const unsigned char *buf,
-    int buf_len,
-    const char *msg);
-
-
-OM_uint32
-srp_asn1_encode_mech_oid_token(
-    OM_uint32 *ret_minor,
-    gss_OID mech_oid,
-    gss_buffer_t output_token);
-
-int srp_debug_printf(char *fmt, ...);
-
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unix_wrap_iov.c b/lwraft/gssapi-plugins/unix/unix_wrap_iov.c
deleted file mode 100644
index 2e86c2ba9..000000000
--- a/lwraft/gssapi-plugins/unix/unix_wrap_iov.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Copyright © 2014 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module: srp_wrap_iov.c
- * Abstract:
- *     VMware GSSAPI SRP Authentication Plugin
- *     Implements SRP wrap IOV; sign/seal support
- *
- * Author: Adam Bernstein (abernstein@vmware.com)
- */
-
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-
-#include <string.h>
-#include <errno.h>
-#include "unix_util.h"
-#include "unix_encrypt.h"
-#include "gssapi_alloc.h"
-
-#ifndef _SRP_USE_TRIVIAL_ENCRYPTION
-
-OM_uint32
-srp_gss_wrap_iov(OM_uint32 *minor_status,
-		    gss_ctx_id_t context_handle,
-		    int conf_req_flag,
-		    gss_qop_t qop_req,
-		    int *conf_state,
-		    gss_iov_buffer_desc *iov,
-		    int iov_count)
-{
-    OM_uint32 ret = 0;
-    OM_uint32 min = 0;
-    srp_gss_ctx_id_t srp_context_handle = (srp_gss_ctx_id_t) context_handle;
-    gss_buffer_desc asn1_mech_oid = {0};
-    unsigned char *plaintext = NULL;
-    unsigned char *ciphertext = NULL;
-    int plaintext_len = 0;
-    int ciphertext_len = 0;
-    int iov0buf_len = 128;
-    unsigned char *iov0buf = NULL;
-    int hmacbuf_len = 0;
-    unsigned char *hmacbuf = NULL;
-
-    iov0buf = (unsigned char *) gssalloc_calloc(iov0buf_len, sizeof(unsigned char));
-    if (!iov0buf)
-    {
-        min = ENOMEM;
-        goto error;
-    }
-
-    ret = srp_asn1_encode_mech_oid_token(
-              &min,
-              (gss_OID) gss_mech_srp_oid,
-              &asn1_mech_oid);
-    if (ret)
-    {
-        goto error;
-    }
-
-    if (iov[0].buffer.value)
-    {
-        gssalloc_free(iov[0].buffer.value);
-        iov[0].buffer.value = NULL;
-    }
-
-    memcpy(iov0buf, asn1_mech_oid.value, asn1_mech_oid.length);
-    iov[0].buffer.value = iov0buf;
-    iov[0].buffer.length = iov0buf_len;
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-    gssalloc_free(asn1_mech_oid.value);
-    asn1_mech_oid.value = NULL;
-
-    plaintext_len = (int) iov[1].buffer.length;
-    if (plaintext_len != iov[1].buffer.length)
-    {
-        /* This may not work if the input buffer size isn't already aligned */
-        plaintext = calloc(plaintext_len, sizeof(unsigned char));
-        if (!plaintext)
-        {
-            min = ENOMEM;
-            goto error;
-        }
-        memcpy(plaintext, iov[1].buffer.value, iov[1].buffer.length);
-    }
-    else
-    {
-        plaintext = iov[1].buffer.value;
-    }
-
-    ciphertext_len = plaintext_len;
-    ciphertext = calloc(ciphertext_len, sizeof(unsigned char));
-
-    min = srp_encrypt_aes256_hmac_sha1(
-            srp_context_handle,
-            plaintext,
-            plaintext_len,
-            ciphertext,
-            &hmacbuf,
-            &hmacbuf_len);
-    if (min)
-    {
-        goto error;
-    }
-    memcpy(iov[1].buffer.value, ciphertext, ciphertext_len);
-
-    if (hmacbuf_len > 0)
-    {
-        memcpy(((unsigned char *) iov[0].buffer.value) + SRP_MECH_OID_OFFSET,
-               hmacbuf,
-               hmacbuf_len);
-        iov[0].buffer.length = SRP_MECH_OID_OFFSET + hmacbuf_len;
-    }
-    else
-    {
-        min = GSS_S_DEFECTIVE_TOKEN;
-        goto error;
-    }
-
-    /* TBD: Adam- Don't know the proper return value for this argument */
-    *conf_state = conf_req_flag;
-
-error:
-    if (plaintext && plaintext != iov[1].buffer.value)
-    {
-        free(plaintext);
-    }
-    if (ciphertext)
-    {
-        free(ciphertext);
-    }
-    if (hmacbuf)
-    {
-        free(hmacbuf);
-    }
-    if (ret)
-    {
-        if (iov0buf)
-        {
-            gssalloc_free(iov0buf);
-        }
-    }
-    return min ? min : ret;
-}
-
-#else
-
-OM_uint32
-srp_gss_wrap_iov(OM_uint32 *minor_status,
-		    gss_ctx_id_t context_handle,
-		    int conf_req_flag,
-		    gss_qop_t qop_req,
-		    int *conf_state,
-		    gss_iov_buffer_desc *iov,
-		    int iov_count)
-{
-    OM_uint32 ret = 0;
-    OM_uint32 min = 0;
-    unsigned char *iov0 = NULL;
-    int iov0_len = 0;
-    unsigned char *key = NULL;
-    int keylen = 0;
-    gss_buffer_desc asn1_mech_oid = {0};
-
-    ret = srp_asn1_encode_mech_oid_token(
-              &min,
-              (gss_OID) gss_mech_srp_oid,
-              &asn1_mech_oid);
-    if (ret)
-    {
-        goto error;
-    }
-
-    /* Fixup iov[0] to have proper GSS/OID header */
-    iov0 = asn1_mech_oid.value;
-    iov0_len = (int) asn1_mech_oid.length;
-    if (iov[0].buffer.value)
-    {
-        gssalloc_free(iov[0].buffer.value);
-    }
-    iov[0].buffer.value = iov0;
-    iov[0].buffer.length = iov0_len;
-    iov[0].type |= GSS_IOV_BUFFER_FLAG_ALLOCATED;
-
-    key = xor_get_encrypt_key(&keylen);
-    xor_encrypt(iov[1].buffer.value,
-                iov[1].buffer.length,
-                key,
-                keylen);
-
-    /* TBD: Adam- Don't know the proper return value for this argument */
-    *conf_state = conf_req_flag;
-error:
-    return ret;
-}
-
-#endif
diff --git a/lwraft/gssapi-plugins/unix/unixreg.c b/lwraft/gssapi-plugins/unix/unixreg.c
deleted file mode 100644
index c512dd79f..000000000
--- a/lwraft/gssapi-plugins/unix/unixreg.c
+++ /dev/null
@@ -1,263 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-srp_reg_get_handle(
-    void **pphRegistry
-    )
-{
-    PVMDIR_CONFIG_CONNECTION_HANDLE hRegistry = NULL;
-    DWORD dwError = 0;
-
-    dwError = VmDirRegConfigHandleOpen(&hRegistry);
-    if (dwError == 0)
-    {
-        *pphRegistry = hRegistry;
-    }
-    return dwError;
-}
-
-VOID
-srp_reg_close_handle(
-    void *phRegistry
-    )
-{
-    PVMDIR_CONFIG_CONNECTION_HANDLE hRegistry = NULL;
-
-    if (phRegistry)
-    {
-        hRegistry = (PVMDIR_CONFIG_CONNECTION_HANDLE) phRegistry;
-        VmDirRegConfigHandleClose(hRegistry);
-    }
-}
-
-DWORD
-static
-_srp_reg_get_value(
-    void *hRegistry,
-    PCSTR  pszSubKey,
-    PCSTR  pszKeyName,
-    DWORD  valueType,
-    PBYTE  *pRetValue,
-    PDWORD pRetValueLen)
-{
-    DWORD dwError = 0;
-    PBYTE pRetAccountDN = NULL;
-    DWORD accountRetDNLen = 0;
-
-    if (!*pRetValue)
-    {
-        dwError = VmDirRegConfigGetValue(hRegistry,
-                                         pszSubKey,
-                                         pszKeyName,
-                                         valueType,
-                                         NULL,
-                                         &accountRetDNLen);
-        if (accountRetDNLen > 0)
-        {
-            accountRetDNLen += 1; /* Guarantee '\0' terminated for strings*/
-            pRetAccountDN = calloc(accountRetDNLen, sizeof(CHAR));
-            if (!pRetAccountDN)
-            {
-                dwError = ERROR_NO_MEMORY;
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-        }
-    }
-    else
-    {
-        pRetAccountDN = *pRetValue;
-        accountRetDNLen = *pRetValueLen;
-    }
-
-    dwError = VmDirRegConfigGetValue(hRegistry,
-                                     pszSubKey,
-                                     pszKeyName,
-                                     valueType,
-                                     pRetAccountDN,
-                                     &accountRetDNLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    *pRetValue = pRetAccountDN;
-    *pRetValueLen = accountRetDNLen;
-
-error:
-    if (dwError)
-    {
-        if (pRetAccountDN && pRetAccountDN != *pRetValue)
-        {
-            free(pRetAccountDN);
-        }
-    }
-    return dwError;
-}
-
-DWORD
-srp_reg_get_domain_state(
-    void *hRegistry,
-    PDWORD pdomainState)
-{
-    DWORD dwError = 0;
-    DWORD domainState = 0;
-    DWORD domainStateLen = sizeof(domainState);
-
-    dwError = VmDirRegConfigGetValue(hRegistry,
-                                     VMAFD_CONFIG_PARAMETER_KEY_PATH,
-                                     VMAFD_REG_KEY_DOMAIN_STATE,
-                                     RRF_RT_REG_DWORD,
-                                     (PBYTE) &domainState,
-                                     &domainStateLen);
-
-    if (dwError == 0)
-    {
-        *pdomainState = domainState;
-    }
-
-    return dwError;
-}
-
-DWORD
-srp_reg_get_machine_acct_dn(
-    void *hRegistry,
-    PSTR *ppAccountDN)
-{
-    DWORD dwError = 0;
-    DWORD accountDNLen = 0;
-    PBYTE pAccountDN = NULL;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_MACHINE_ACCT,
-                  RRF_RT_REG_SZ,
-                  &pAccountDN,
-                  &accountDNLen);
-    if (dwError)
-    {
-        goto error;
-    }
-    *ppAccountDN = (PSTR) pAccountDN;
-    pAccountDN = NULL;
-
-error:
-    if (pAccountDN)
-    {
-        free(pAccountDN);
-    }
-    return dwError;
-}
-
-DWORD
-srp_reg_get_machine_acct_upn(
-    void *hRegistry,
-    PSTR *ppAccountUpn)
-{
-    DWORD dwError = 0;
-    PBYTE pAccountUpn = NULL;
-    PBYTE pAccountDN = NULL;
-    DWORD accountDNLen = 0;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_MACHINE_ACCT,
-                  RRF_RT_REG_SZ,
-                  &pAccountDN,
-                  &accountDNLen);
-    if (dwError)
-    {
-        goto error;
-    }
-
-    dwError = VMCISLIBAccountDnToUpn(pAccountDN, (PSTR *) &pAccountUpn);
-    if (dwError)
-    {
-        goto error;
-    }
-    *ppAccountUpn = pAccountUpn;
-    pAccountUpn = NULL;
-
-error:
-    if (pAccountDN)
-    {
-        free(pAccountDN);
-    }
-    if (pAccountUpn)
-    {
-        free(pAccountUpn);
-    }
-    return dwError;
-}
-
-DWORD
-srp_reg_get_machine_acct_password(
-    void *hRegistry,
-    PSTR *ppMachPwd)
-{
-    DWORD dwError = 0;
-    DWORD machPwdLen = 0;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_MACHINE_PWD,
-                  RRF_RT_REG_SZ,
-                  (PBYTE *) ppMachPwd,
-                  &machPwdLen);
-    return dwError;
-}
-
-DWORD
-srp_reg_get_dc_name(
-    void *hRegistry,
-    PSTR *ppDcName)
-{
-    DWORD dwError = 0;
-    DWORD dcNameLen = 0;
-    PSTR pSzDCName = NULL;
-
-    dwError = _srp_reg_get_value(
-                  hRegistry,
-                  VMAFD_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_DC_NAME_HA,
-                  RRF_RT_REG_SZ,
-                  (PBYTE *) &pSzDCName,
-                  &dcNameLen);
-
-    if (dwError)
-    {
-        free(pSzDCName);
-        pSzDCName = NULL;
-
-        dwError = _srp_reg_get_value(
-                    hRegistry,
-                    VMAFD_CONFIG_PARAMETER_KEY_PATH,
-                    VMDIR_REG_KEY_DC_NAME,
-                    RRF_RT_REG_SZ,
-                    (PBYTE *) &pSzDCName,
-                    &dcNameLen);
-        if (dwError)
-        {
-            goto error;
-        }
-    }
-
-    *ppDcName = pSzDCName;
-    pSzDCName = NULL;
-
-error:
-    free(pSzDCName);
-    return dwError;
-}
diff --git a/lwraft/gssapi-plugins/unix/unixreg.h b/lwraft/gssapi-plugins/unix/unixreg.h
deleted file mode 100644
index 6eedd76a6..000000000
--- a/lwraft/gssapi-plugins/unix/unixreg.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-DWORD
-srp_reg_get_handle(
-    void **pphRegistry
-    );
-
-VOID
-srp_reg_close_handle(
-    void *phRegistry
-    );
-
-DWORD
-srp_reg_get_domain_state(
-    void *hRegistry,
-    PDWORD pdomainState);
-
-DWORD
-srp_reg_get_machine_acct_dn(
-    void *hRegistry,
-    PSTR *ppAccountDN);
-
-DWORD
-srp_reg_get_machine_acct_password(
-    void *hRegistry,
-    PSTR *ppMachPwd);
-
-DWORD
-srp_reg_get_machine_acct_upn(
-    void *hRegistry,
-    PSTR *ppAccountUpn);
-
-DWORD
-srp_reg_get_dc_name(
-    void *hRegistry,
-    PSTR *ppDcName);
diff --git a/lwraft/gssapi-plugins/unix/unixregutils.c b/lwraft/gssapi-plugins/unix/unixregutils.c
deleted file mode 100644
index e796a7968..000000000
--- a/lwraft/gssapi-plugins/unix/unixregutils.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VMCISLIBAccountDnToUpn(
-    PSTR dn,
-    PSTR *retUpn)
-{
-/*
- * Convert:  cn=adam-sles11.ssolabs2.com,ou=Domain Controllers,dc=VSPHERE,dc=LOCAL
- *      to:  adam-sles11.ssolabs2.com@VSPHERELOCAL
- */
-    DWORD dwError = 0;
-
-    PSTR ptr = NULL;
-    PSTR end = NULL;
-    PSTR upn = NULL;
-    PSTR fmtupn = NULL;
-    PSTR sep = ".";
-    DWORD len = (DWORD) strlen(dn);
-
-    upn = calloc(len+2, sizeof(CHAR));
-    if (!upn)
-    {
-        dwError = ERROR_NO_MEMORY;
-        goto error;
-    }
-    fmtupn = upn;
-
-    /*
-     * TBD: Note: this code assumes DN is all lower case.
-     * Handle "cn=" portion of UPN
-     */
-    ptr = strstr(dn, "cn=");
-    if (ptr)
-    {
-        ptr += 3; /* Skip over cn= */
-        end = strstr(ptr, ",ou=");
-        if (!end)
-        {
-            end = strstr(ptr, ",dc=");
-        }
-        if (end)
-        {
-            fmtupn += snprintf(fmtupn, len, "%.*s@", (int) (end-ptr), ptr);
-        }
-    }
-
-    ptr = strstr(ptr, "dc=");
-    while (ptr)
-    {
-        ptr += 3;
-        if (*ptr)
-        {
-            end = strstr(ptr, ",dc=");
-            if (!end)
-            {
-                end = ptr + strlen(ptr);
-                sep = "";
-            }
-            fmtupn += snprintf(fmtupn, len, "%.*s%s", (int) (end-ptr), ptr, sep);
-        }
-        ptr = strstr(ptr, "dc=");
-    }
-    *retUpn = upn;
-    upn = NULL;
-
-error:
-    if (dwError)
-    {
-        if (upn)
-        {
-            free(upn);
-        }
-    }
-    return dwError;
-}
-
-DWORD
-VmDirRegConfigHandleOpen(
-    PVMDIR_CONFIG_CONNECTION_HANDLE *ppCfgHandle)
-{
-    DWORD dwError = 0;
-    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle = NULL;
-
-    /* substitute for VmDirAllocateMemory() */
-    pCfgHandle = calloc(1, sizeof(VMDIR_CONFIG_CONNECTION_HANDLE));
-    if (!pCfgHandle)
-    {
-        dwError = ERROR_NO_MEMORY;
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-#ifndef _WIN32
-    dwError = RegOpenServer(&pCfgHandle->hConnection);
-    BAIL_ON_VMDIR_ERROR(dwError);
-#endif
-
-#ifndef _WIN32
-    dwError = RegOpenKeyExA(
-                pCfgHandle->hConnection,
-                NULL,
-                HKEY_THIS_MACHINE,
-                0,
-                KEY_READ,
-                &pCfgHandle->hKey);
-    BAIL_ON_VMDIR_ERROR(dwError);
-#else
-        dwError = RegOpenKeyExA(
-                HKEY_LOCAL_MACHINE,
-                NULL,
-                0,
-                KEY_READ,
-                &pCfgHandle->hKey);
-    BAIL_ON_VMDIR_ERROR(dwError);
-#endif
-
-    *ppCfgHandle = pCfgHandle;
-
-cleanup:
-
-    return dwError;
-
-error:
-    *ppCfgHandle = NULL;
-
-    if (pCfgHandle)
-    {
-        VmDirRegConfigHandleClose(pCfgHandle);
-    }
-
-    goto cleanup;
-}
-
-VOID
-VmDirRegConfigHandleClose(
-    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle
-    )
-{
-#ifndef _WIN32
-    if (pCfgHandle->hConnection)
-    {
-        if (pCfgHandle->hKey)
-        {
-            RegCloseKey(
-                pCfgHandle->hConnection,
-                pCfgHandle->hKey);
-        }
-
-        RegCloseServer(pCfgHandle->hConnection);
-    }
-#else
-    if (pCfgHandle->hKey)
-    {
-        RegCloseKey(pCfgHandle->hKey);
-    }
-#endif
-
-    VMDIR_SAFE_FREE_MEMORY(pCfgHandle);
-}
-
-DWORD
-VmDirRegConfigGetValue(
-    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle,
-    PCSTR  pszSubKey,
-    PCSTR  pszKeyName,
-    DWORD  valueType,
-    PBYTE  pRetValue,
-    PDWORD pRetValueLen
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = RegGetValueA(
-#ifndef _WIN32
-                pCfgHandle->hConnection,
-#endif
-                pCfgHandle->hKey,
-                pszSubKey,
-                pszKeyName,
-                valueType,
-                NULL,
-                (PVOID) pRetValue,
-                pRetValueLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-    if (dwError)
-    {
-        *pRetValueLen = 0;
-    }
-
-    return dwError;
-}
diff --git a/lwraft/gssapi-plugins/unix/unixregutils.h b/lwraft/gssapi-plugins/unix/unixregutils.h
index e6340cf68..fe329e91b 100644
--- a/lwraft/gssapi-plugins/unix/unixregutils.h
+++ b/lwraft/gssapi-plugins/unix/unixregutils.h
@@ -14,10 +14,9 @@
 
 #ifdef _WIN32
 #define VMAFD_CONFIG_PARAMETER_KEY_PATH "SYSTEM\\CurrentControlSet\\services\\VMWareAfdService\\Parameters"
-#define VMDIR_CONFIG_PARAMETER_KEY_PATH "SYSTEM\\CurrentControlSet\\services\\LightwaveRaftService"
 #else
 #define VMAFD_CONFIG_PARAMETER_KEY_PATH "Services\\vmafd\\Parameters"
-#define VMDIR_CONFIG_PARAMETER_KEY_PATH "Services\\lwraft"
+#define VMDIR_CONFIG_PARAMETER_KEY_PATH "Services\\post"
 #endif
 
 #define VMAFD_REG_KEY_DOMAIN_STATE "DomainState"
diff --git a/lwraft/idl/makefile.x64 b/lwraft/idl/makefile.x64
index 6b76614ce..ff128a63f 100755
--- a/lwraft/idl/makefile.x64
+++ b/lwraft/idl/makefile.x64
@@ -10,11 +10,9 @@ OUTDIR_DEBUG = ..\vmdird\x64\Debug
 OUTDIR_RELEASE = ..\vmdird\x64\Release
 
 all: $(OUTDIR_DEBUG)\vmdir_h.h $(OUTDIR_RELEASE)\vmdir_h.h \
-      $(OUTDIR_DEBUG)\vmdirftp_h.h $(OUTDIR_RELEASE)\vmdirftp_h.h \
       $(OUTDIR_DEBUG)\vmdirdbcp_h.h $(OUTDIR_RELEASE)\vmdirdbcp_h.h \
       $(OUTDIR_DEBUG)\srp_verifier_h.h $(OUTDIR_RELEASE)\srp_verifier_h.h \
-      $(OUTDIR_DEBUG)\vmdirsuperlog_h.h $(OUTDIR_RELEASE)\vmdirsuperlog_h.h \
-      $(OUTDIR_DEBUG)\vmdirurgentrepl_h.h $(OUTDIR_RELEASE)\vmdirurgentrepl_h.h
+      $(OUTDIR_DEBUG)\vmdirsuperlog_h.h $(OUTDIR_RELEASE)\vmdirsuperlog_h.h
 
 #
 # vmdir.idl debug/release stub generation
@@ -27,17 +25,6 @@ $(OUTDIR_RELEASE)\vmdir_h.h $(OUTDIR_RELEASE)\vmdir_s.c $(OUTDIR_RELEASE)\vmdir_
 	-mkdir $(OUTDIR_RELEASE)
 	$(DCEIDL) -DHAVE_DCERPC_WIN32 $(DCE_INCLUDE) -sstub_pref Srv_ -keep c_source $(NCK_IDLFLAGS) -cstub $(OUTDIR_RELEASE)\vmdir_c.c -sstub $(OUTDIR_RELEASE)\vmdir_s.c -header $(OUTDIR_RELEASE)\vmdir_h.h vmdir.idl 2>&1
 
-#
-# vmdirftp.idl debug/release stub generation
-#
-$(OUTDIR_DEBUG)\vmdirftp_h.h $(OUTDIR_DEBUG)\vmdirftp_s.c $(OUTDIR_DEBUG)\vmdirftp_c.c: vmdirftp.idl
-	-mkdir $(OUTDIR_DEBUG)
-	$(DCEIDL) -DHAVE_DCERPC_WIN32 $(DCE_INCLUDE) -sstub_pref Srv_ -keep c_source $(NCK_IDLFLAGS) -cstub $(OUTDIR_DEBUG)\vmdirftp_c.c -sstub $(OUTDIR_DEBUG)\vmdirftp_s.c -header $(OUTDIR_DEBUG)\vmdirftp_h.h vmdirftp.idl 2>&1
-
-$(OUTDIR_RELEASE)\vmdirftp_h.h $(OUTDIR_RELEASE)\vmdirftp_s.c $(OUTDIR_RELEASE)\vmdirftp_c.c: vmdirftp.idl
-	-mkdir $(OUTDIR_RELEASE)
-	$(DCEIDL) -DHAVE_DCERPC_WIN32 $(DCE_INCLUDE) -sstub_pref Srv_ -keep c_source $(NCK_IDLFLAGS) -cstub $(OUTDIR_RELEASE)\vmdirftp_c.c -sstub $(OUTDIR_RELEASE)\vmdirftp_s.c -header $(OUTDIR_RELEASE)\vmdirftp_h.h vmdirftp.idl 2>&1
-
 #
 # vmdirdbcp.idl debug/release stub generation
 #
@@ -71,27 +58,12 @@ $(OUTDIR_RELEASE)\vmdirsuperlog_h.h $(OUTDIR_RELEASE)\vmdirsuperlog_s.c $(OUTDIR
 	-mkdir $(OUTDIR_RELEASE)
 	$(DCEIDL) -DHAVE_DCERPC_WIN32 $(DCE_INCLUDE) -sstub_pref Srv_ -keep c_source $(NCK_IDLFLAGS) -cstub $(OUTDIR_RELEASE)\vmdirsuperlog_c.c -sstub $(OUTDIR_RELEASE)\vmdirsuperlog_s.c -header $(OUTDIR_RELEASE)\vmdirsuperlog_h.h vmdirsuperlog.idl 2>&1
 
-#
-# vmdirurgentrepl.idl debug/release stub generation
-#
-$(OUTDIR_DEBUG)\vmdirurgentrepl_h.h $(OUTDIR_DEBUG)\vmdirurgentrepl_s.c $(OUTDIR_DEBUG)\vmdirurgentrepl_c.c: vmdirurgentrepl.idl
-	-mkdir $(OUTDIR_DEBUG)
-	$(DCEIDL) -DHAVE_DCERPC_WIN32 $(DCE_INCLUDE) -sstub_pref Srv_ -keep c_source $(NCK_IDLFLAGS) -cstub $(OUTDIR_DEBUG)\vmdirurgentrepl_c.c -sstub $(OUTDIR_DEBUG)\vmdirurgentrepl_s.c -header $(OUTDIR_DEBUG)\vmdirurgentrepl_h.h vmdirurgentrepl.idl 2>&1
-
-$(OUTDIR_RELEASE)\vmdirurgentrepl_h.h $(OUTDIR_RELEASE)\vmdirurgentrepl_s.c $(OUTDIR_RELEASE)\vmdirurgentrepl_c.c: vmdirurgentrepl.idl
-	-mkdir $(OUTDIR_RELEASE)
-	$(DCEIDL) -DHAVE_DCERPC_WIN32 $(DCE_INCLUDE) -sstub_pref Srv_ -keep c_source $(NCK_IDLFLAGS) -cstub $(OUTDIR_RELEASE)\vmdirurgentrepl_c.c -sstub $(OUTDIR_RELEASE)\vmdirurgentrepl_s.c -header $(OUTDIR_RELEASE)\vmdirurgentrepl_h.h vmdirurgentrepl.idl 2>&1
-
 clean:
 	-del /f $(OUTDIR_DEBUG)\vmdir_c.c $(OUTDIR_DEBUG)\vmdir_s.c $(OUTDIR_DEBUG)\vmdir_h.h
 	-del /f $(OUTDIR_RELEASE)\vmdir_c.c $(OUTDIR_RELEASE)\vmdir_s.c $(OUTDIR_RELEASE)\vmdir_h.h
-	-del /f $(OUTDIR_DEBUG)\vmdirftp_c.c $(OUTDIR_DEBUG)\vmdirftp_s.c $(OUTDIR_DEBUG)\vmdirftp_h.h
 	-del /f $(OUTDIR_DEBUG)\vmdirdbcp_c.c $(OUTDIR_DEBUG)\vmdirdbcp_s.c $(OUTDIR_DEBUG)\vmdirdbcp_h.h
-	-del /f $(OUTDIR_RELEASE)\vmdirftp_c.c $(OUTDIR_RELEASE)\vmdirftp_s.c $(OUTDIR_RELEASE)\vmdirftp_h.h
 	-del /f $(OUTDIR_RELEASE)\vmdirdbcp_c.c $(OUTDIR_RELEASE)\vmdirdbcp_s.c $(OUTDIR_RELEASE)\vmdirdbcp_h.h
 	-del /f $(OUTDIR_DEBUG)\srp_verifier_c.c $(OUTDIR_DEBUG)\srp_verifier_s.c $(OUTDIR_DEBUG)\srp_verifier_h.h
 	-del /f $(OUTDIR_RELEASE)\srp_verifier_c.c $(OUTDIR_RELEASE)\srp_verifier_s.c $(OUTDIR_RELEASE)\srp_verifier_h.h
 	-del /f $(OUTDIR_DEBUG)\vmdirsuperlog_c.c $(OUTDIR_DEBUG)\vmdirsuperlog_s.c $(OUTDIR_DEBUG)\vmdirsuperlog_h.h
 	-del /f $(OUTDIR_RELEASE)\vmdirsuperlog_c.c $(OUTDIR_RELEASE)\vmdirsuperlog_s.c $(OUTDIR_RELEASE)\vmdirsuperlog_h.h
-	-del /f $(OUTDIR_DEBUG)\vmdirurgentrepl_c.c $(OUTDIR_DEBUG)\vmdirurgentrepl_s.c $(OUTDIR_DEBUG)\vmdirurgentrepl_h.h
-	-del /f $(OUTDIR_RELEASE)\vmdirurgentrepl_c.c $(OUTDIR_RELEASE)\vmdirurgentrepl_s.c $(OUTDIR_RELEASE)\vmdirurgentrepl_h.h
diff --git a/lwraft/idl/vmdir.idl b/lwraft/idl/vmdir.idl
index b2e8d3c2b..9fc714c5f 100644
--- a/lwraft/idl/vmdir.idl
+++ b/lwraft/idl/vmdir.idl
@@ -19,7 +19,7 @@
     version(1.4),
     pointer_default(unique)
 #if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32)
-    , endpoint("ncalrpc:[LightwaveRaftService]") 
+    , endpoint("ncalrpc:[PostService]") 
 #endif // #ifdef _WIN32
 ]
 
@@ -93,27 +93,6 @@ cpp_quote("#endif")
         [in, out]            VMDIR_DATA_CONTAINER* pPasswdContainer
     );
 
-    UINT32
-    RpcVmDirGetKeyTabRecBlob(
-        [in]                 handle_t     hBinding,
-        [in, string, unique] PWSTR        pszUPN,
-        [in, out]            VMDIR_DATA_CONTAINER* pKeyTabRecContainer
-    );
-
-    UINT32
-    RpcVmDirGetKrbMasterKey(
-        [in]                 handle_t     hBinding,
-        [in, string, unique] PWSTR        pszDomainName,
-        [in, out]            VMDIR_DATA_CONTAINER* pKrbMasterKeyContainer
-    );
-
-    UINT32
-    RpcVmDirGetKrbUPNKey(
-        [in]                 handle_t     hBinding,
-        [in, string, unique] PWSTR        pszUpnName,
-        [in, out]            VMDIR_DATA_CONTAINER* pKrbUpnKeyContainer
-    );
-
     UINT32
     RpcVmDirCreateUser(
         [in]                 handle_t    hBinding,
@@ -129,11 +108,6 @@ cpp_quote("#endif")
         [in] PVMDIR_USER_CREATE_PARAMS_RPC pCreateParams
         );
 
-    UINT32
-    RpcVmDirReplNow(
-	[in]				handle_t	hBinding
-        );
-
     UINT32
     RpcVmDirSetLogLevel(
 	[in]				handle_t	hBinding,
diff --git a/lwraft/idl/vmdirdbcp.idl b/lwraft/idl/vmdirdbcp.idl
index 3a5a3f85b..7fb5e299e 100644
--- a/lwraft/idl/vmdirdbcp.idl
+++ b/lwraft/idl/vmdirdbcp.idl
@@ -113,6 +113,12 @@ cpp_quote("#endif")
            [out]                    UINT32  *  pdwState
       );
 
+      UINT32
+      RpcVmDirSetState(
+           [in]                     handle_t   hBinding,
+           [in]                     UINT32     dwState
+      );
+
       UINT32
       RpcVmDirGetLogLevel(
            [in]                     handle_t   hBinding,
@@ -125,10 +131,15 @@ cpp_quote("#endif")
            [out]                    UINT32  *  pdwLogMask
       );
 
-          UINT32
+      UINT32
       RpcVmDirGetMode(
            [in]                     handle_t   hBinding,
            [out]                    UINT32  *  pdwMode
       );
 
+      UINT32
+      RpcVmDirSetMode(
+           [in]                     handle_t   hBinding,
+           [in]                     UINT32     dwMode
+      );
 }
diff --git a/lwraft/idl/vmdirftp.idl b/lwraft/idl/vmdirftp.idl
deleted file mode 100644
index e263b9d9e..000000000
--- a/lwraft/idl/vmdirftp.idl
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2011 VMware, Inc. All rights reserved.
- *
- * Module   : vmdir.idl
- *
- * Abstract :
- *
- *            VMware Directory Service File Transfer RPCs
- *
- *            Interface Definition
- *
- *            Core API
- *
- * Authors  : Sanjay Jain (sanjain@vmware.com)
- *
- */
-[
-    uuid (3ACD53D0-FA52-4eb3-9299-7DD7514B25F4),
-    version(1.0),
-    pointer_default(unique)
-#if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32)
-    , endpoint("ncalrpc:[LightwaveRaftService]")
-#endif // #ifdef _WIN32
-]
-
-interface vmdirftp
-{
-#ifndef _WIN32
-#    include <lw/types.h>
-#   define PWSTR unsigned short int *
-#else
-/*
- * Unfortunately, cannot create a typedef containing a pointer type using
- * DCE/RPC IDL compiler. This compromise works for both MSRPC and
- * DCE/RPC compilers.
- */
-#if HAVE_DCERPC_WIN32
-#   define PWSTR unsigned short int *
-    typedef unsigned long int UINT32;
-#else
-    // defined in windows.h, but cant't include that here.
-    typedef unsigned int UINT32;
-    typedef wchar_t *PWSTR;
-#endif
-#endif
-
-typedef [context_handle] void *vmdir_ftp_handle_t;
-
-typedef struct _VMDIR_FTP_DATA_CONTAINER
-{
-    UINT32 dwCount;
-    [size_is(dwCount)] unsigned char * data;
-} VMDIR_FTP_DATA_CONTAINER, *PVMDIR_FTP_DATA_CONTAINER;
-
-       UINT32
-       RpcVmDirSetState(
-           [in]                     handle_t   hBinding,
-           [in]                     UINT32     dwState
-       );
-
-       UINT32
-       RpcVmDirOpenDBFile(
-           [in]                     handle_t    hBinding,
-           [in, string]             PWSTR       pwszDBFileName,
-           [in, out]                vmdir_ftp_handle_t *pFileHandle  /* Equivalent to FILE ** ppFileHandle */
-       );
-
-       UINT32
-       RpcVmDirReadDBFile(
-           [in]                     handle_t    hBinding,
-           [in]                     vmdir_ftp_handle_t fileHandle,
-           [in]                     UINT32      dwCount,
-           [in, out]                VMDIR_FTP_DATA_CONTAINER  * pReadBufferContainer
-       );
-
-       UINT32
-       RpcVmDirCloseDBFile(
-           [in]                     handle_t  hBinding,
-           [in]                     vmdir_ftp_handle_t fileHandle
-       );
-       UINT32
-       RpcVmDirSetMode(
-           [in]                     handle_t   hBinding,
-           [in]                     UINT32     dwMode
-       );
-}
diff --git a/lwraft/idl/vmdirraft.idl b/lwraft/idl/vmdirraft.idl
index 6dbe237cd..cc46b4bd0 100644
--- a/lwraft/idl/vmdirraft.idl
+++ b/lwraft/idl/vmdirraft.idl
@@ -59,7 +59,7 @@ typedef [context_handle] void *vmdir_raft_handle_t;
            [in]                     unsigned hyper leaderCommit,
            [in]                     chglog_container *entries,
            [out]                    UINT32 * currentTerm,
-           [out]                    UINT32 * status
+           [out]                    unsigned hyper *status
       );
 
       UINT32
diff --git a/lwraft/idl/vmdirurgentrepl.idl b/lwraft/idl/vmdirurgentrepl.idl
deleted file mode 100644
index 1f5be2ae7..000000000
--- a/lwraft/idl/vmdirurgentrepl.idl
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2011 VMware, Inc. All rights reserved.
- *
- * Module   : vmdirurgentrepl.idl
- *
- * Abstract :
- *
- *            VMware Directory Service
- *
- *            Interface Definition
- *
- *            Core API
- *
- * Authors  :
- *
- */
-[
-    uuid (0068250C-D22F-4e28-A9F1-84D437E9A02E),
-    version(1.0),
-    pointer_default(unique)
-#if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32)
-    , endpoint("ncalrpc:[LightwaveRaftService]")
-#endif // #ifdef _WIN32
-]
-
-interface vmdirurgentrepl
-{
-#ifndef _WIN32
-#    include <lw/types.h>
-#   define PWSTR unsigned short int *
-#else
-
-/*
- * Unfortunately, cannot create a typedef containing a pointer type using
- * DCE/RPC IDL compiler. This compromise works for both MSRPC and
- * DCE/RPC compilers.
- */
-#if HAVE_DCERPC_WIN32
-#   define PWSTR unsigned short int *
-    typedef unsigned long int UINT32;
-#else
-    // defined in windows.h, but cant't include that here.
-    typedef unsigned int UINT32;
-    typedef wchar_t *PWSTR;
-#endif
-#endif
-    UINT32
-    RpcVmDirUrgentReplicationRequest(
-        [in]                            handle_t  hBinding,
-        [in, string, unique]            PWSTR     pwszServer
-        );
-
-    UINT32
-    RpcVmDirUrgentReplicationResponse(
-        [in]                             handle_t  hBinding,
-        [in, string, unique]             PWSTR     pwszServerName,
-        [in, string, unique]             PWSTR     pwszUtdVector,
-        [in, string, unique]             PWSTR     pwszHostName
-    );
-}
diff --git a/lwraft/include/public/vmdir.h b/lwraft/include/public/vmdir.h
index 83ed6a9d6..b923c1933 100644
--- a/lwraft/include/public/vmdir.h
+++ b/lwraft/include/public/vmdir.h
@@ -40,13 +40,15 @@ extern "C" {
 
 #define SUPPORTED_LDAP_VERSION          "3"
 
-#define DEFAULT_LDAP_PORT_NUM           389
-#define DEFAULT_LDAP_PORT_STR           "389"
-#define DEFAULT_LDAPS_PORT_NUM          636
-#define DEFAULT_LDAPS_PORT_STR          "636"
+#define DEFAULT_LDAP_PORT_NUM           38900
+#define DEFAULT_LDAP_PORT_STR           "38900"
+#define DEFAULT_LDAPS_PORT_NUM          63600
+#define DEFAULT_LDAPS_PORT_STR          "63600"
 
-#define DEFAULT_REST_PORT_NUM           7577
-#define DEFAULT_REST_PORT_STR           "7577"
+#define DEFAULT_HTTP_PORT_NUM           7577
+#define DEFAULT_HTTP_PORT_STR          "7577p"
+#define DEFAULT_HTTPS_PORT_NUM          7578
+#define DEFAULT_HTTPS_PORT_STR         "7578"
 
 #define LEGACY_DEFAULT_LDAP_PORT_NUM       11711
 #define LEGACY_DEFAULT_LDAP_PORT_STR       "11711"
@@ -69,8 +71,9 @@ extern "C" {
 #define RAFT_CONTEXT_DN                         "cn=raftcontext"
 #define RAFT_LOGS_CONTAINER_DN                  "cn=logs,cn=raftcontext"
 #define RAFT_PERSIST_STATE_DN                   "cn=persiststate,cn=raftcontext"
+#define RAFT_STATE_DN                           "cn=raftstate"
 
-#define VMDIR_DOMAIN_CONTROLLERS_RDN_VAL        "Domain Controllers"
+#define VMDIR_DOMAIN_CONTROLLERS_RDN_VAL        "Raft Clusters"
 #define VMDIR_COMPUTERS_RDN_VAL                 "Computers"
 #define VMDIR_MSAS_RDN_VAL                      "Managed Service Accounts"
 #define VMDIR_CONFIGURATION_CONTAINER_NAME      "Configuration"
@@ -241,6 +244,10 @@ extern "C" {
 
 #define ATTR_OBJECT_SECURITY_DESCRIPTOR       "nTSecurityDescriptor"
 #define ATTR_OBJECT_SECURITY_DESCRIPTOR_LEN   sizeof(ATTR_OBJECT_SECURITY_DESCRIPTOR)-1
+
+#define ATTR_DEFAULT_SECURITY_DESCRIPTOR      "defaultSecurityDescriptor"
+#define ATTR_DEFAULT_SECURITY_DESCRIPTOR_LEN  sizeof(ATTR_DEFAULT_SECURITY_DESCRIPTOR)-1
+
 #define ATTR_ORG_LIST_DESC                    "vmwAttrOrganizationList"
 #define VDIR_ATTRIBUTE_SEQUENCE_RID           "vmwRidSequenceNumber"
 
@@ -354,6 +361,11 @@ extern "C" {
 #define ATTR_RAFT_VOTEDFOR                  "vmwRaftVotedFor"
 #define ATTR_RAFT_LOG_ENTRIES               "vmwRaftLogEntries"
 #define ATTR_REF                            "ref"
+#define ATTR_RAFT_LEADER                    "vmwRaftLeader"
+#define ATTR_RAFT_FOLLOWERS                 "vmwRaftActiveFollower"
+#define ATTR_RAFT_MEMBERS                   "vmwRaftMember"
+#define ATTR_RAFT_STATE                     "vmwRaftState"
+#define ATTR_RAFT_LOG_CHANGED               "vmwRaftLogChanged"
 
 // Object classes
 #define OC_TOP                              "top"
@@ -406,6 +418,7 @@ extern "C" {
 #define OC_CLASS_SCHEMA_LEN             sizeof(OC_CLASS_SCHEMA)-1
 #define OC_CLASS_RAFT_PERSIST_STATE     "vmwraftpersiststate"
 #define OC_CLASS_RAFT_LOG_ENTRY         "vmwraftlogentry"
+#define OC_CLASS_RAFT_STATE             "vmwRaftClusterState"
 #define RAFT_CONTEXT_DN_MAX_LEN         64
 
 #define CM_COMPONENTMANAGER             "ComponentManager"
@@ -470,17 +483,21 @@ extern "C" {
 // Logging stuff
 #define MAX_LOG_MESSAGE_LEN    4096
 
-// vmw OID for Strong Consistency Write Control
+// vmw OID for Strong Consistency Write Control (obsoleted)
 #define LDAP_CONTROL_CONSISTENT_WRITE                  "1.3.6.1.4.1.6876.40.10.1"
+// vmw OID for Integrity Check Control Search
+#define LDAP_CONTROL_DIGEST_SEARCH              "1.3.6.1.4.1.6876.40.10.2"
+// vmw OID for Conditional Write
+#define LDAP_CONTROL_CONDITIONAL_WRITE          "1.3.6.1.4.1.6876.40.10.3"
 
 #ifndef _WIN32
-#define VMDIR_NCALRPC_END_POINT "lwraftsvc"
+#define LWRAFT_NCALRPC_END_POINT "postsvc"
 #else
 // note: keep in sync with /vmdir/main/idl/vmdir.idl
-#define VMDIR_NCALRPC_END_POINT "LightwaveRaftService"
+#define LWRAFT_NCALRPC_END_POINT "PostService"
 #endif
 
-#define VMDIR_RPC_TCP_END_POINT "2012"
+#define LWRAFT_RPC_TCP_END_POINT "2011"
 #define VMDIR_MAX_SERVER_ID     255
 
 #define NSECS_PER_SEC       1000000000
diff --git a/lwraft/include/public/vmdirclient.h b/lwraft/include/public/vmdirclient.h
index 4d36b34b2..8dbb9aadb 100644
--- a/lwraft/include/public/vmdirclient.h
+++ b/lwraft/include/public/vmdirclient.h
@@ -53,18 +53,6 @@ VmDirConnectionOpenByHost(
     PVMDIR_CONNECTION* ppConnection
     );
 
-DWORD
-VmDirGetSiteGuid(
-    PVMDIR_CONNECTION pConnection,
-    PSTR*             ppszGuid
-    );
-
-DWORD
-VmDirGetSiteName(
-    PVMDIR_CONNECTION pConnection,
-    PSTR*             ppszGuid
-    );
-
 LDAP*
 VmDirConnectionGetLdap(
     PVMDIR_CONNECTION pConnection
@@ -84,81 +72,12 @@ VmDirGetReplicationPartners(
     DWORD*              pdwNumReplPartner
     );
 
-DWORD
-VmDirGetReplicationPartnerStatus(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_REPL_PARTNER_STATUS* ppReplPartnerStatus,
-    DWORD*              pdwNumReplPartner
-    );
-
-DWORD
-VmDirGetServers(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_SERVER_INFO* ppServerInfo,
-    DWORD*              pdwNumServer
-    );
-
-DWORD
-VmDirGetComputers(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PSTR**              pppszComputers,
-    DWORD*              pdwNumComputers
-    );
-
-DWORD
-VmDirGetDCInfo(
-    PCSTR               pszHostName,
-    PCSTR               pszUserName,
-    PCSTR               pszPassword,
-    PVMDIR_DC_INFO**    pppDC,
-    DWORD*              pdwNumDC
-    );
-
-VOID
-VmDirFreeDCInfo(
-    PVMDIR_DC_INFO      pDC
-    );
-
-VOID
-VmDirFreeDCInfoArray(
-    PVMDIR_DC_INFO*     ppDC,
-    DWORD               dwNumDC
-    );
-
 VOID
 VmDirFreeStringArray(
     PSTR* ppszStr,
     DWORD size
     );
 
-DWORD
-VmDirAddReplicationAgreement(
-    BOOLEAN bTwoWayRepl,
-    PCSTR pszSrcHostName,
-    PCSTR pszSrcPort,
-    PCSTR pszSrcUserName,
-    PCSTR pszSrcPassword,
-    PCSTR pszTgtHostName,
-    PCSTR pszTgtPort
-);
-
-DWORD
-VmDirRemoveReplicationAgreement(
-    BOOLEAN bTwoWayRepl,
-    PCSTR pszSrcHostName,
-    PCSTR pszSrcPort,
-    PCSTR pszSrcUserName,
-    PCSTR pszSrcPassword,
-    PCSTR pszTgtHostName,
-    PCSTR pszTgtPort
-);
-
 /*
  * Domain Controller/Client Life cycle management functions
  */
@@ -171,12 +90,6 @@ VmDirSetupHostInstance(
     PCSTR   pszSiteName
     );
 
-DWORD
-VmDirDemote(
-    PCSTR   pszUserName,
-    PCSTR   pszPassword
-    );
-
 DWORD
 VmDirJoin(
     PCSTR   pszLotusServerName, // optional Lotus Server Name (FQDN/IP/hostname)
@@ -187,22 +100,6 @@ VmDirJoin(
     UINT32  firstReplCycleMode
     );
 
-DWORD
-VmDirClientJoin(
-    PCSTR    pszServerName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword,
-    PCSTR    pszMachineName,
-    PCSTR    pszOrgUnit
-    );
-
-DWORD
-VmDirClientLeave(
-    PCSTR    pszServerName,
-    PCSTR    pszUserName,
-    PCSTR    pszPassword
-    );
-
 DWORD
 VmDirSetupTenantInstance(
     PCSTR pszDomainName,
@@ -210,6 +107,12 @@ VmDirSetupTenantInstance(
     PCSTR pszPassword
     );
 
+DWORD
+VmDirRaftLeader(
+    PCSTR   pszServerName,
+    PSTR*   ppszLeader
+    );
+
 DWORD
 VmDirGetDomainDN(
     PCSTR pszHostName,
@@ -222,12 +125,6 @@ VmDirGetDomainName(
     PSTR* ppszDomainName
     );
 
-DWORD
-VmDirGetPartnerSiteName(
-    PCSTR pszHostName,
-    PSTR* ppszSiteName
-    );
-
 DWORD
 VmDirGetWin32ErrorDesc(
     DWORD dwErrorCode,
@@ -248,26 +145,11 @@ VmDirForceResetPassword(
     );
 
 DWORD
-VmDirGetKeyTabeRecBlob(
-    PCSTR       pszServerName,
+VmDirLocalGetSRPSecret(
     PCSTR       pszUPN,
-    PBYTE*      ppByte,
-    DWORD*      pSize
-    );
-
-DWORD
-VmDirGetKrbMasterKey(
-    PSTR        pszDomainName,
-    PBYTE*      ppKeyBlob,
+    PBYTE*      ppSecretBlob,
     DWORD*      pSize
-    );
-
-DWORD
-VmDirGetKrbUPNKey(
-    PSTR        pszUpnName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    );
+);
 
 DWORD
 VmDirSetSRPSecret(
@@ -275,83 +157,12 @@ VmDirSetSRPSecret(
     PCSTR       pszSecret
     );
 
-DWORD
-VmDirCreateUser(
-    PSTR    pszUserName,	/* IN              */
-    PSTR    pszPassword,	/* IN              */
-    PSTR    pszUPNName,		/* IN              */
-    BOOLEAN bRandKey		/* IN              */
-    );
-
-DWORD
-VmDirCreateUserA(
-    PVMDIR_SERVER_CONTEXT       pServerContext,
-    PVMDIR_USER_CREATE_PARAMS_A pCreateParams
-    );
-
-DWORD
-VmDirCreateUserW(
-    PVMDIR_SERVER_CONTEXT       pServerContext,
-    PVMDIR_USER_CREATE_PARAMS_W pCreateParams
-    );
-
-DWORD
-VmDirSetPassword(
-    PCSTR pszHostName,		/* IN              */
-    PCSTR pszAdminUPN,		/* IN              */
-    PCSTR pszAdminPassword,	/* IN              */
-    PCSTR pszUserUPN,		/* IN              */
-    PCSTR pszNewPassword	/* IN              */
-    );
-
-DWORD
-VmDirChangePassword(
-    PCSTR pszHostName,		/* IN              */
-    PCSTR pszUserUPN,		/* IN              */
-    PCSTR pszOldPassword,	/* IN              */
-    PCSTR pszNewPassword	/* IN              */
-    );
-
-DWORD
-VmDirCreateService(
-    PCSTR pszSvcname,  		/* IN              */
-    PCSTR pszPassword, 	 	/* IN     OPTIONAL */
-    PSTR* ppszUPN,      	/*    OUT OPTIONAL */
-    PSTR* ppszPassword  	/*    OUT OPTIONAL */
-    );
-
-DWORD
-VmDirGetMemberships(
-    PVMDIR_CONNECTION pConnection,  /* IN  */
-    PCSTR pszUPNName,               /* IN  */
-    PSTR **pppszMemberships,        /* OUT */
-    PDWORD pdwMemberships           /* OUT */
-    );
-
 VOID
 VmDirFreeMemberships(
     PSTR* ppszMemberships,
     DWORD dwMemberships
     );
 
-DWORD
-VmDirCreateGroup(
-    PCSTR pszGroupname,   	/* IN              */
-    PSTR* ppszUPN         	/*    OUT OPTIONAL */
-    );
-
-DWORD
-VmDirGroupAddMember(
-    PCSTR pszGroupUPN,  	/* IN              */
-    PCSTR pszMemberUPN  	/* IN              */
-    );
-
-DWORD
-VmDirGroupRemoveMember(
-    PCSTR pszGroupUPN,  	/* IN              */
-    PCSTR pszMemberUPN  	/* IN              */
-    );
-
 DWORD
 VmDirGetVmDirLogPath(
     PSTR  pszPath,
@@ -406,10 +217,6 @@ DWORD
 VmDirGetLocalState(
     UINT32* pdwState);
 
-DWORD
-VmDirReplNow(
-    PCSTR   pszServerName);
-
 VOID
 VmDirFreeMemory(
     PVOID   pMemory
@@ -452,34 +259,6 @@ VmDirGeneratePassword(
     DWORD*      pSize
     );
 
-DWORD
-VmDirGetServerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PSTR*             ppszGuid
-    );
-
-DWORD
-VmDirSetServerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PCSTR             pszGuid
-    );
-
-DWORD
-VmDirGetComputerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PSTR*             ppszGuid
-    );
-
-DWORD
-VmDirSetComputerID(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR             pszMachineName,
-    PCSTR             pszGuid
-    );
-
 #ifndef _VMDIR_COMMON_H__
 LOGGING_API
 void
@@ -540,39 +319,6 @@ VmDirCloseServer(
     PVMDIR_SERVER_CONTEXT pServerContext
     );
 
-DWORD
-VmDirLeaveFederation(
-    PCSTR pszRaftLeader,
-    PCSTR pszServerToLeave,
-    PCSTR pszUserName,
-    PCSTR pszPassword
-    );
-
-DWORD
-VmDirGetReplicationCycleCount(
-    PVMDIR_CONNECTION   pConnection,
-    DWORD*              pdwReplCycleCount
-    );
-
-DWORD
-VmDirGetReplicationState(
-    PVMDIR_CONNECTION  pConnection,
-    PVMDIR_REPL_STATE* ppReplState
-    );
-
-VOID
-VmDirFreeReplicationState(
-    PVMDIR_REPL_STATE   pReplState
-    );
-
-DWORD
-VmDirGetAttributeMetadata(
-    PVMDIR_CONNECTION pConnection,
-    PCSTR pszEntryDn,
-    PCSTR pszAttribute,
-    PVMDIR_METADATA_LIST* ppMetadataList
-    );
-
 VOID
 VmDirFreeMetadata(
     PVMDIR_METADATA pMetadata
@@ -646,39 +392,6 @@ VmDirFreeSuperLogTable(
     PVMDIR_SUPERLOG_TABLE pTable
     );
 
-DWORD
-VmDirGetDomainFunctionalLevel(
-    PCSTR       pszHostName,
-    PCSTR       pszUPN,
-    PCSTR       pszPassword,
-    PCSTR	pszDomainName,
-    PDWORD	pdwFuncLvl
-    );
-
-DWORD
-VmDirSetDomainFunctionalLevel(
-    PCSTR       pszHostName,
-    PCSTR       pszUPN,
-    PCSTR       pszPassword,
-    PCSTR	pszDomainName,
-    PDWORD	pdwFuncLvl,
-    BOOLEAN	bUseDefault
-    );
-
-DWORD
-VmDirGetDCNodesVersion (
-    PCSTR       pszHostName,
-    PCSTR       pszUserName,
-    PCSTR       pszPassword,
-    PCSTR       pszDomainName,
-    PVMDIR_DC_VERSION_INFO *pDCVerInfo
-    );
-
-VOID
-VmDirFreeDCVersionInfo(
-    PVMDIR_DC_VERSION_INFO pDCVerInfo
-    );
-
 DWORD
 VmDirSetBackendState(
     PVMDIR_SERVER_CONTEXT    hBinding,
@@ -712,19 +425,6 @@ VmDirCloseDatabaseFile(
     FILE **                 ppFileHandle
 );
 
-DWORD
-VmDirUrgentReplicationRequest(
-    PCSTR pszRemoteServerName
-    );
-
-DWORD
-VmDirUrgentReplicationResponse(
-    PCSTR    pszRemoteServerName,
-    PCSTR    pszUtdVector,
-    PCSTR    pszInvocationId,
-    PCSTR    pszHostName
-    );
-
 DWORD
 VmDirGetMode(
     PVMDIR_SERVER_CONTEXT hInBinding,
@@ -735,6 +435,40 @@ VmDirSetMode(
     PVMDIR_SERVER_CONTEXT hInBinding,
     UINT32                dwMode);
 
+DWORD
+VmDirRaftListCluster(
+    PCSTR                   pszServerName,
+    PVMDIR_RAFT_CLUSTER*    ppRaftCluster
+    );
+
+DWORD
+VmDirRaftShowClusterState(
+    PCSTR                   pszServerName,
+    PCSTR                   pszDomainName,
+    PCSTR                   pszUserName,
+    PCSTR                   pszPassword,
+    PVMDIR_RAFT_CLUSTER*    ppRaftCluster
+    );
+
+DWORD
+VmDirRaftLeaveCluster(
+    PCSTR                   pszServerName,
+    PCSTR                   pszDomainName,
+    PCSTR                   pszUserName,
+    PCSTR                   pszPassword,
+    PCSTR                   pszLeaveNode
+    );
+
+VOID
+VmDirFreeRaftNode(
+    PVMDIR_RAFT_NODE        pRaftNode
+    );
+
+VOID
+VmDirFreeRaftCluster(
+    PVMDIR_RAFT_CLUSTER     pRaftCluster
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/include/public/vmdirerrors.h b/lwraft/include/public/vmdirerrors.h
index b22d92410..394bdb5a7 100644
--- a/lwraft/include/public/vmdirerrors.h
+++ b/lwraft/include/public/vmdirerrors.h
@@ -30,10 +30,13 @@
 
 #define VMDIR_ERROR_BASE            9000
 
-#define VMDIR_SYSTEM_ERROR_BASE     0
-#define VMDIR_GENERIC_ERROR_BASE    100
-#define VMDIR_SCHEMA_ERROR_BASE     600
-#define VMDIR_BACKEND_ERROR_BASE    700
+#define VMDIR_SYSTEM_ERROR_BASE           0
+#define VMDIR_GENERIC_ERROR_BASE          100
+#define VMDIR_CUSTOMIZED_LDAP_ERROR_BASE  300
+#define VMDIR_RAFT_ERROR_BASE             500
+#define VMDIR_SCHEMA_ERROR_BASE           600
+#define VMDIR_BACKEND_ERROR_BASE          700
+#define VMDIR_REST_PROXY_ERROR_BASE       800
 
 #define VMDIR_SUCCESS   0
 
@@ -53,6 +56,10 @@
 #define VMDIR_ERROR_INVALID_PARAMETER                 (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 5 )      // 9005
 #define VMDIR_ERROR_NOT_FOUND                         (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 6 )      // 9006
 #define VMDIR_ERROR_CANNOT_LOAD_LIBRARY               (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 7 )      // 9007
+#define VMDIR_ERROR_INVALID_STATE                     (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 8 )      // 9008
+#define VMDIR_ERROR_DEPRECATED_FUNCTION               (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 9 )      // 9009
+#define VMDIR_ERROR_FILE_OPEN                         (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 10 )     // 9010
+#define VMDIR_ERROR_FILE_READ                         (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 11 )     // 9011
 
 // generic error 9100~9599
 #define IS_VMDIR_GENERIC_ERROR_SPACE(n) \
@@ -89,6 +96,11 @@
 #define VMDIR_ERROR_NO_FUNC_LVL                       (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 28)      // 9128
 #define VMDIR_ERROR_INVALID_FUNC_LVL                  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 29)      // 9129
 #define VMDIR_ERROR_INCOMPLETE_MAX_DFL                (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 30)      // 9130
+#define VMDIR_ERROR_RESTORE_ERROR                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 31)      // 9131
+#define VMDIR_ERROR_AUTH_BAD_DATA                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 32)      // 9132
+#define VMDIR_ERROR_AFD_UNAVAILABLE                   (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 33)      // 9133
+#define VMDIR_ERROR_OIDC_UNAVAILABLE                  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 34)      // 9134
+#define VMDIR_ERROR_ALREADY_PROMOTED                  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 33)      // 9135
 
 // SID/ACL 9200 ~9229
 #define VMDIR_ERROR_RID_LIMIT_EXCEEDED                (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 100 )    // 9200
@@ -99,6 +111,9 @@
 #define VMDIR_ERROR_TOKEN_IN_USE                      (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 105 )    // 9205
 #define VMDIR_ERROR_NO_MYSELF                         (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 106 )    // 9206
 #define VMDIR_ERROR_INSUFFICIENT_ACCESS               (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 107)     // 9207
+#define VMDIR_ERROR_ACL_VIOLATION                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 108)     // 9208
+#define VMDIR_ERROR_INVALID_ACE                       (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 109)     // 9209
+#define VMDIR_ERROR_ACE_NOT_FOUND                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 110)     // 9210
 
 // user account management 9230 ~ 9269
 #define VMDIR_ERROR_PASSWORD_TOO_LONG                 (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 130 )    // 9230
@@ -122,6 +137,25 @@
 #define VMDIR_ERROR_VDCSPLIT                          (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 172 )    // 9272
 #define VMDIR_ERROR_VDCREPADMIN_GENERAL               (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 173 )    // 9273
 #define VMDIR_ERROR_VDCREPADMIN_TOO_FEW_REPLICATION_PARTNERS  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 174 )    // 9274
+#define VMDIR_ERROR_RESTORE_PARTNERS_UNAVAILABLE      (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 175 )    // 9275
+#define VMDIR_ERROR_OPTION_UNKNOWN                    (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 176 )    // 9276
+#define VMDIR_ERROR_OPTION_INVALID                    (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 177 )    // 9277
+
+//////////////////////////////////////////////////////////////////////////////////////////////////
+// customized LDAP return code (range 9300 - 9399)
+//////////////////////////////////////////////////////////////////////////////////////////////////
+#define IS_CUSTOMIZED_VMDIR_LDAP_ERROR_SPACE(n) \
+    VMDIR_RANGE((n),(VMDIR_ERROR_BASE + VMDIR_CUSTOMIZED_LDAP_ERROR_BASE) , (VMDIR_ERROR_BASE + VMDIR_CUSTOMIZED_LDAP_ERROR_BASE + 99) )
+
+#define VMDIR_LDAP_ERROR_PRE_CONDITION                (VMDIR_ERROR_BASE + VMDIR_CUSTOMIZED_LDAP_ERROR_BASE + 0) // 9300
+
+//////////////////////////////////////////////////////////////////////////////////////////////////
+// raft error (range 9500 - 9599)
+//////////////////////////////////////////////////////////////////////////////////////////////////
+#define IS_VMDIR_RAFT_ERROR_SPACE(n) \
+    VMDIR_RANGE((n),(VMDIR_ERROR_BASE + VMDIR_RAFT_ERROR_BASE) , (VMDIR_ERROR_BASE + VMDIR_RAFT_ERROR_BASE + 99) )
+
+#define VMDIR_ERROR_NO_LEADER                         (VMDIR_ERROR_BASE + VMDIR_RAFT_ERROR_BASE + 0 )   // 9500
 
 //////////////////////////////////////////////////////////////////////////////////////////////////
 // schema error (range 9600 - 9699)
@@ -171,5 +205,32 @@
 #define VMDIR_ERROR_BACKEND_OPERATIONS                (VMDIR_ERROR_BASE + VMDIR_BACKEND_ERROR_BASE + 7 )  // 9707
 #define VMDIR_ERROR_BACKEND_ATTR_META_DATA_NOTFOUND   (VMDIR_ERROR_BASE + VMDIR_BACKEND_ERROR_BASE + 8 )  // 9708
 
+//////////////////////////////////////////////////////////////////////////////////////////////////
+// post rest proxy error (range 9800 - 9899)
+//////////////////////////////////////////////////////////////////////////////////////////////////
+#define IS_VMDIR_REST_PROXY_ERROR_SPACE(n) \
+    VMDIR_RANGE((n),(VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE) , (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 99) )
+
+#define VMDIR_ERROR_CURL_UNSUPPORTED_PROTOCOL         (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 0 )   // 9800
+#define VMDIR_ERROR_CURL_FAILED_INIT                  (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 1 )   // 9801
+#define VMDIR_ERROR_CURL_URLMALFORMAT                 (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 2 )   // 9802
+#define VMDIR_ERROR_CURL_NOT_BUILT_IN                 (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 3 )   // 9803
+#define VMDIR_ERROR_CURL_COULDNT_RESOLVE_PROXY        (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 4 )   // 9804
+#define VMDIR_ERROR_CURL_COULDNT_RESOLVE_HOST         (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 5 )   // 9805
+#define VMDIR_ERROR_CURL_COULDNT_CONNECT              (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 6 )   // 9806
+#define VMDIR_ERROR_CURL_HTTP2                        (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 7 )   // 9807
+#define VMDIR_ERROR_CURL_HTTP_RETURNED_ERROR          (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 8 )   // 9808
+#define VMDIR_ERROR_CURL_WRITE_ERROR                  (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 9 )   // 9809
+#define VMDIR_ERROR_CURL_OUT_OF_MEMORY                (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 10 )  // 9810
+#define VMDIR_ERROR_CURL_OPERATION_TIMEDOUT           (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 11 )  // 9811
+#define VMDIR_ERROR_CURL_HTTP_POST_ERROR              (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 12 )  // 9812
+#define VMDIR_ERROR_CURL_BAD_FUNCTION_ARGUMENT        (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 13 )  // 9813
+#define VMDIR_ERROR_CURL_INTERFACE_FAILED             (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 14 )  // 9814
+#define VMDIR_ERROR_CURL_SEND_ERROR                   (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 15 )  // 9815
+#define VMDIR_ERROR_CURL_RECV_ERROR                   (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 16 )  // 9816
+#define VMDIR_ERROR_CURL_NO_CONN_AVAILABLE            (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 17 )  // 9817
+#define VMDIR_ERROR_CURL_GENERIC_ERROR                (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 18 )  // 9818
+#define VMDIR_ERROR_CURL_NULLSLIST                    (VMDIR_ERROR_BASE + VMDIR_REST_PROXY_ERROR_BASE + 19 )  // 9819
+
 #endif /* __VDIR_ERRORCODE_H__ */
 
diff --git a/lwraft/include/public/vmdirtypes.h b/lwraft/include/public/vmdirtypes.h
index 8a1bc3719..fa2ae34ed 100644
--- a/lwraft/include/public/vmdirtypes.h
+++ b/lwraft/include/public/vmdirtypes.h
@@ -60,6 +60,32 @@ typedef EntryId               ENTRYID;
 #define VMDIR_MAX_UPN_LEN       512
 #endif
 
+typedef enum
+{
+    VMDIRD_RAFT_ROLE_CANDIDATE = 0,
+    VMDIRD_RAFT_ROLE_LEADER,
+    VMDIRD_RAFT_ROLE_FOLLOWER
+} VMDIR_RAFT_ROLE;
+
+typedef struct _VMDIR_RAFT_NODE
+{
+    PSTR            pszName;
+    VMDIR_RAFT_ROLE role;
+    USN             iRaftTerm;
+    USN             iLastLogIndex;
+    USN             iLastAppliedIndex;
+    BOOLEAN         bActive;
+    struct _VMDIR_RAFT_NODE*    pNext;
+} VMDIR_RAFT_NODE, *PVMDIR_RAFT_NODE;
+
+typedef struct _VMDIR_RAFT_CLUSTER
+{
+    PSTR            pszLeader;
+    DWORD           dwNumMmember;
+    DWORD           dwNumActiveFollower;
+    PVMDIR_RAFT_NODE    pNode;
+} VMDIR_RAFT_CLUSTER, *PVMDIR_RAFT_CLUSTER;
+
 typedef struct _VMDIR_REPL_PARTNER_INFO
 {
     CHAR*       pszURI;
diff --git a/lwraft/include/type_spec.h b/lwraft/include/type_spec.h
index 2444399ea..f7d00f55d 100644
--- a/lwraft/include/type_spec.h
+++ b/lwraft/include/type_spec.h
@@ -162,7 +162,7 @@ typedef struct _VMW_TYPE_SPEC_
 {\
     {\
         "UPN",\
-        VMW_IPC_TYPE_WSTRING,\
+        VMW_IPC_TYPE_STRING,\
         {NULL}\
     },\
 }
diff --git a/lwraft/include/vmdircommon.h b/lwraft/include/vmdircommon.h
index e00614064..9d7b5f22d 100644
--- a/lwraft/include/vmdircommon.h
+++ b/lwraft/include/vmdircommon.h
@@ -76,8 +76,11 @@ typedef unsigned char uuid_t[16];  // typedef dce_uuid_t uuid_t;
 // Special SELF sid for internal use (not assigned to object as attribute)
 #define VMDIR_SELF_SID "S-1-7-32-666"
 
+#define VMDIR_ANONYMOUS_BIND_TIMEOUT 2 /* Anonymous bind timeout - used for getting Raft status */
+
 /* mutexes/threads/conditions */
 typedef struct _VMDIR_MUTEX* PVMDIR_MUTEX;
+typedef struct _VMDIR_RWLOCK* PVMDIR_RWLOCK;
 typedef struct _VM_DIR_CONNECTION_ *PVM_DIR_CONNECTION;
 typedef struct _VM_DIR_SECURITY_CONTEXT_ *PVM_DIR_SECURITY_CONTEXT;
 
@@ -286,13 +289,6 @@ VmDirVsnprintf(
     va_list  args
     );
 
-DWORD
-VmDirAllocateStringAVsnprintf(
-    PSTR*    ppszOut,
-    PCSTR    pszFormat,
-    ...
-    );
-
 ULONG
 VmDirLengthRequiredSid(
     IN UCHAR SubAuthorityCount
@@ -402,6 +398,13 @@ VmDirStringNCompareA(
     BOOLEAN bIsCaseSensitive
     );
 
+BOOLEAN
+VmDirStringStartsWith(
+    PCSTR   pszStr,
+    PCSTR   pszPrefix,
+    BOOLEAN bIsCaseSensitive
+    );
+
 BOOLEAN
 VmDirStringEndsWith(
     PCSTR   pszStr,
@@ -601,18 +604,19 @@ VmDirLogGetMask(
 
 PCSTR
 VmDirSearchDomainDN(
-    PCSTR pszNormObjectDN
+    PCSTR   pszNormObjectDN
     );
 
 DWORD
 VmDirDomainDNToName(
-    PCSTR pszDomainDN,
-    PSTR* ppszDomainName);
+    PCSTR   pszDomainDN,
+    PSTR*   ppszDomainName
+    );
 
 DWORD
-VmDirSrvCreateDomainDN(
-    PCSTR pszFQDomainName,
-    PSTR* ppszDomainDN
+VmDirDomainNameToDN(
+    PCSTR   pszDomainName,
+    PSTR*   ppszDomainDN
     );
 
 #if defined(HAVE_DCERPC_WIN32)
@@ -673,13 +677,6 @@ VmKdcGenerateRandomPassword(
     PSTR *ppRandPwd);
 
 // cmd line args parsing helpers
-
-typedef VOID (*USAGE_FUNCTION)(PVOID pContext);
-typedef DWORD (*POST_VALIDATION_CALLBACK)(PVOID pContext);
-typedef DWORD (*COMMAND_PARAMETER_CALLBACK_NO_PARAM)(PVOID pContext);
-typedef DWORD (*COMMAND_PARAMETER_CALLBACK_STRING_PARAM)(PVOID pContext, PCSTR Parameter);
-typedef DWORD (*COMMAND_PARAMETER_CALLBACK_INTEGER_PARAM)(PVOID pContext, DWORD Parameter);
-
 typedef enum
 {
     CL_NO_PARAMETER,
@@ -689,36 +686,39 @@ typedef enum
 
 typedef struct
 {
-    char Switch; // e.g., 's', for "-s".
-    const char *LongSwitch; // e.g., "silent", for "--silent".
-    VMDIR_COMMAND_LINE_PARAMETER_TYPE Type; // If this flag takes a parameter (and, if so, what kind).
-    PVOID Callback; // The function we call when this flag is seen.
+    char                                Switch; // e.g., 's', for "-s".
+    const char*                         LongSwitch; // e.g., "silent", for "--silent".
+    VMDIR_COMMAND_LINE_PARAMETER_TYPE   Type; // If this flag takes a parameter (and, if so, what kind).
+    PVOID                               Ptr; // Ptr to store parameter value
 } VMDIR_COMMAND_LINE_OPTION, *PVMDIR_COMMAND_LINE_OPTION;
 
+typedef VOID (*USAGE_FUNCTION)(PVOID pContext);
+typedef DWORD (*POST_VALIDATION_CALLBACK)(PVOID pContext);
+
 typedef struct
 {
     //
-    // We call this if the app should print its usage to the command line (i.e., the
-    // user gave incorrect parameters to the command).
+    // This is called after all parameters have been parsed and allows for the client
+    // to do cross-parameter validation.
     //
-    USAGE_FUNCTION ShowUsage;
+    POST_VALIDATION_CALLBACK    ValidationRoutine;
 
     //
-    // This is called after all parameters have been parsed and allows for the client
-    // to do cross-parameter validation.
+    // We call this if the app should print its usage to the command line (i.e., the
+    // user gave incorrect parameters to the command).
     //
-    POST_VALIDATION_CALLBACK ValidationRoutine;
+    USAGE_FUNCTION              ShowUsage;
 
     //
-    // The command line options that this client supports.
+    // Argument context for callback functions
     //
-    VMDIR_COMMAND_LINE_OPTION Options[];
-} VMDIR_COMMAND_LINE_OPTIONS, *PVMDIR_COMMAND_LINE_OPTIONS;
+    PVOID                       pvContext;
+} VMDIR_PARSE_ARG_CALLBACKS, *PVMDIR_PARSE_ARG_CALLBACKS;
 
 DWORD
 VmDirParseArguments(
-    PVMDIR_COMMAND_LINE_OPTIONS Options,
-    PVOID pvContext,
+    VMDIR_COMMAND_LINE_OPTION Options[],
+    PVMDIR_PARSE_ARG_CALLBACKS Callbacks,
     int argc,
     PSTR *argv
     );
@@ -819,7 +819,7 @@ typedef enum
 
 } VMDIR_SYNC_MECHANISM;
 
-#define VMDIR_NAME                          "lwraft"
+#define VMDIR_NAME                          "post"
 #define VMAFD_NAME                          "vmafd"
 
 #ifndef _WIN32
@@ -831,8 +831,8 @@ typedef enum
 #endif
 
 #ifndef _WIN32
-#define VMDIR_CONFIG_PARAMETER_KEY_PATH     "Services\\Lwraft"
-#define VMDIR_CONFIG_PARAMETER_V1_KEY_PATH  "Services\\Lwraft\\Parameters"
+#define VMDIR_CONFIG_PARAMETER_KEY_PATH     "Services\\Post"
+#define VMDIR_CONFIG_PARAMETER_V1_KEY_PATH  "Services\\Post\\Parameters"
 #define VMDIR_LINUX_DB_PATH                 LWRAFT_DB_DIR "/"
 #else
 #define VMDIR_CONFIG_PARAMETER_KEY_PATH     "SYSTEM\\CurrentControlSet\\services\\LightwaveRaftService"
@@ -879,11 +879,10 @@ typedef enum
 #define VMDIR_REG_KEY_LDAP_PORT               "LdapPort"
 #define VMDIR_REG_KEY_ALLOW_INSECURE_AUTH     "AllowInsecureAuthentication"
 #define VMDIR_REG_KEY_ADMIN_PASSWD            "AdministratorPassword"
-#define VMDIR_REG_KEY_LDAP_LISTEN_PORTS       "LdapListenPorts"
-#define VMDIR_REG_KEY_LDAPS_LISTEN_PORTS      "LdapsListenPorts"
-#define VMDIR_REG_KEY_LDAP_CONNECT_PORTS      "LdapConnectPorts"
-#define VMDIR_REG_KEY_LDAPS_CONNECT_PORTS     "LdapsConnectPorts"
-#define VMDIR_REG_KEY_REST_LISTEN_PORT        "RestListenPort"
+#define VMDIR_REG_KEY_LDAP_PORT               "LdapPort"
+#define VMDIR_REG_KEY_LDAPS_PORT              "LdapsPort"
+#define VMDIR_REG_KEY_HTTP_LISTEN_PORT        "RestListenHTTPPort"
+#define VMDIR_REG_KEY_HTTPS_LISTEN_PORT       "RestListenHTTPSPort"
 #define VMDIR_REG_KEY_LDAP_RECV_TIMEOUT_SEC   "LdapRecvTimeoutSec"
 #define VMDIR_REG_KEY_ALLOW_ADMIN_LOCKOUT     "AllowAdminLockout"
 #define VMDIR_REG_KEY_MAX_OP_THREADS          "MaxLdapOpThrs"
@@ -895,13 +894,19 @@ typedef enum
 #define VMDIR_REG_KEY_LDAP_SEARCH_TIMEOUT_SEC "LdapSearchTimeoutSec"
 #define VMDIR_REG_KEY_TRACK_LAST_LOGIN_TIME   "TrackLastLoginTime"
 #define VMDIR_REG_KEY_SUPPRES_TRACK_LLT       "SuppressTrackLLTContainer"
-#define VMDIR_REG_KEY_URGENT_REPL_TIMEOUT_MSEC "UrgentReplTimeoutMilliSec"
 #define VMDIR_REG_KEY_PAGED_SEARCH_READ_AHEAD "PagedSearchReadAhead"
 #define VMDIR_REG_KEY_OVERRIDE_PASS_SCHEME    "OverridePassScheme"
 #define VMDIR_REG_KEY_ENABLE_RAFT_REFERRAL    "EnableRaftReferral"
 #define VMDIR_REG_KEY_RAFT_ELECTION_TIMEOUT   "RaftElectionTimeoutMS"
 #define VMDIR_REG_KEY_RAFT_PING_INTERVAL      "RaftPingIntervalMS"
 #define VMDIR_REG_KEY_RAFT_KEEP_LOGS          "RaftKeepLogsInK"
+#define VMDIR_REG_KEY_RAFT_QUORUM_OVERRIDE    "RaftQuorumOverride"
+#define VMDIR_REG_KEY_MDB_ENABLE_WAL          "MdbEnableWal"
+#define VMDIR_REG_KEY_MDB_CHKPT_INTERVAL      "MdbChkptInterval"
+#define VMDIR_REG_KEY_CURL_TIMEOUT_SEC        "CurlTimeoutSec"
+#define VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_MIN  1
+#define VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_MAX  180
+#define VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_DEFAULT 30
 
 #ifdef _WIN32
 #define VMDIR_DEFAULT_KRB5_CONF             "C:\\ProgramData\\MIT\\Kerberos5\\krb5.ini"
@@ -934,7 +939,47 @@ VmDirIsMutexInitialized(
     PVMDIR_MUTEX pMutex
 );
 
+DWORD
+VmDirAllocateRWLock(
+    PVMDIR_RWLOCK*  ppLock
+    );
+
+DWORD
+VmDirInitializeRWLockContent(
+    PVMDIR_RWLOCK   pLock
+    );
+
+VOID
+VmDirFreeRWLock(
+    PVMDIR_RWLOCK   pLock
+    );
 
+VOID
+VmDirFreeRWLockContent(
+    PVMDIR_RWLOCK   pLock
+    );
+
+DWORD
+VmDirRWLockReadLock(
+    PVMDIR_RWLOCK   pLock,
+    DWORD           dwMilliSec
+    );
+
+DWORD
+VmDirRWLockWriteLock(
+    PVMDIR_RWLOCK   pLock,
+    DWORD           dwMilliSec
+    );
+
+DWORD
+VmDirRWLockUnlock(
+    PVMDIR_RWLOCK   pLock
+    );
+
+BOOLEAN
+VmDirIsRWLockInitialized(
+    PVMDIR_RWLOCK   pLock
+    );
 
 DWORD
 VmDirAllocateCondition(
@@ -1066,21 +1111,21 @@ VmDirConditionBroadcast2003(
 DWORD
 VmDirCreateThread(
     PVMDIR_THREAD pThread,
-    BOOLEAN bDetached,
+    BOOLEAN bJoinThr,
     PVMDIR_START_ROUTINE pStartRoutine,
     PVOID pArgs
-);
+    );
 
 DWORD
 VmDirThreadJoin(
     PVMDIR_THREAD pThread,
     PDWORD pRetVal
-);
+    );
 
 VOID
 VmDirFreeVmDirThread(
     PVMDIR_THREAD pThread
-);
+    );
 
 DWORD
 VmDirAllocateSyncCounter(
@@ -1237,6 +1282,10 @@ BOOLEAN
 dequeIsEmpty(
     PDEQUE pDeque
     );
+VOID
+dequeFreeStringContents(
+    PDEQUE pDeque
+    );
 
 DWORD
 VmDirLinkedListCreate(
@@ -1382,6 +1431,16 @@ VmDirGetRegKeyValueQword(
     PINT64  pi64Value
     );
 
+DWORD
+VmDirGetMdbWalEnable(
+    BOOLEAN *pbMdbEnableWal
+    );
+
+DWORD
+VmDirGetMdbChkptInterval(
+    DWORD *pdwMdbChkptInterval
+    );
+
 DWORD
 VmDirLoadLibrary(
     PCSTR           pszLibPath,
@@ -1560,12 +1619,28 @@ VmDirSafeLDAPBind(
     PCSTR       pszPassword     // opt, if exists, will try SRP mech
     );
 
+DWORD
+VmDirSafeLDAPBindToPort(
+    LDAP**      ppLd,
+    PCSTR       pszHost,
+    DWORD       dwPort,
+    PCSTR       pszUPN,
+    PCSTR       pszPassword
+    );
+
 DWORD
 VmDirAnonymousLDAPBind(
     LDAP**      ppLd,
     PCSTR       pszLdapURI
     );
 
+DWORD
+VmDirAnonymousLDAPBindWithTimeout(
+    LDAP**      ppLd,
+    PCSTR       pszLdapURI,
+    int         timeout
+    );
+
 int
 VmDirCreateSyncRequestControl(
     PCSTR pszInvocationId,
@@ -1584,6 +1659,26 @@ VmDirMapLdapError(
     int ldapErrorCode
     );
 
+// common/ldapcontrol.c
+int
+VmDirCreateCondWriteCtrlContent(
+    PCSTR           pszFilter,
+    LDAPControl*    pCondWriteCtrl
+    );
+
+VOID
+VmDirFreeCtrlContent(
+    LDAPControl*    pCtrl
+    );
+
+// common/ldaputil.c
+DWORD
+VmDirConvertUPNToDN(
+     LDAP*      pLd,
+     PCSTR      pszUPN,
+     PSTR*      ppszOutDN
+     );
+
 // common/tsstack.c
 VOID
 VmDirFreeTSStack(
@@ -1670,6 +1765,25 @@ VmDirUPNToNameAndDomain(
     PSTR*   ppszDomain
     );
 
+DWORD
+VmDirDNToRDNList(
+    PCSTR               pszDN,
+    int                 iNotypes,
+    PVMDIR_STRING_LIST* ppRDNStrList
+    );
+
+DWORD
+VmDirFQDNToDNSize(
+    PCSTR pszFQDN,
+    UINT32 *sizeOfDN
+    );
+
+DWORD
+VmDirFQDNToDN(
+    PCSTR pszFQDN,
+    PSTR* ppszDN
+    );
+
 //IPC
 //networkutil.c
 DWORD
@@ -1912,13 +2026,6 @@ VmDirGetLocalSiteGuid(
     PSTR pszSiteGuid
     );
 
-// following functions are in libvmdirclient but should not be published in vmdirclient.h
-DWORD
-VmDirGetUsnFromPartners(
-    PCSTR pszHostName,
-    USN   *pUsn
-    );
-
 VOID
 VmDirRpcFreeSuperLogEntryLdapOperationArray(
     PVMDIR_SUPERLOG_ENTRY_LDAPOPERATION_ARRAY pRpcEntries
@@ -2112,6 +2219,13 @@ VmDirStringToTokenList(
     PVMDIR_STRING_LIST *ppStrList
     );
 
+DWORD
+VmDirStringToTokenListExt(
+    PCSTR pszStr,
+    PCSTR pszDelimiter,
+    PVMDIR_STRING_LIST *ppStrList
+    );
+
 DWORD
 VmDirUTDVectorToStruct(
     PCSTR   pszStr,
@@ -2131,6 +2245,12 @@ VmDirFreeReplVector(
     PVMDIR_REPL_UTDVECTOR  pVector
     );
 
+DWORD
+VmDirAppendRaftState(
+    PDEQUE pRaftState,
+    PCSTR hostName
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/include/vmdircommon_schema.h b/lwraft/include/vmdircommon_schema.h
index 4be99f5db..d969ad38f 100644
--- a/lwraft/include/vmdircommon_schema.h
+++ b/lwraft/include/vmdircommon_schema.h
@@ -270,7 +270,8 @@ VmDirReadSchemaFile(
     PCSTR               pszSchemaFilePath,
     PVMDIR_STRING_LIST* ppAtStrList,
     PVMDIR_STRING_LIST* ppOcStrList,
-    PVMDIR_STRING_LIST* ppCrStrList
+    PVMDIR_STRING_LIST* ppCrStrList,
+    PVMDIR_STRING_LIST* ppIdxStrList
     );
 
 // load.c
@@ -279,7 +280,8 @@ VmDirLdapSchemaLoadStrLists(
     PVDIR_LDAP_SCHEMA   pSchema,
     PVMDIR_STRING_LIST  pAtStrList,
     PVMDIR_STRING_LIST  pOcStrList,
-    PVMDIR_STRING_LIST  pCrStrList
+    PVMDIR_STRING_LIST  pCrStrList,
+    PVMDIR_STRING_LIST  pIdxStrList
     );
 
 DWORD
@@ -333,6 +335,13 @@ VmDirLdapNfParseStr(
     PVDIR_LDAP_NAME_FORM*   ppNf
     );
 
+DWORD
+VmDirLdapIdxParseStr(
+    PCSTR       pcszStr,
+    PSTR*       ppszAtName,
+    PBOOLEAN    pbGlobalUniq
+    );
+
 DWORD
 VmDirLdapAtParseLDAPEntry(
     LDAP*                       pLd,
@@ -387,15 +396,15 @@ VmDirLdapNfToStr(
 // patch.c
 DWORD
 VmDirPatchRemoteSchemaObjects(
-    LDAP*               pLd,
-    PVDIR_LDAP_SCHEMA   pNewSchema
+    LDAP*                   pLd,
+    PVDIR_LDAP_SCHEMA_DIFF  pSchemaDiff
     );
 
 // resolve.c
 DWORD
 VmDirLdapOcResolveSup(
-    PVDIR_LDAP_SCHEMA           pSchema,
-    PVDIR_LDAP_OBJECT_CLASS     pOc
+    PVDIR_LDAP_SCHEMA       pSchema,
+    PVDIR_LDAP_OBJECT_CLASS pOc
     );
 
 // schema.c
@@ -434,6 +443,13 @@ VmDirLdapSchemaAddNf(
     PVDIR_LDAP_NAME_FORM    pNf
     );
 
+DWORD
+VmDirLdapSchemaAddIdx(
+    PVDIR_LDAP_SCHEMA   pSchema,
+    PCSTR               pszAtName,
+    BOOLEAN             bGlobalUniq
+    );
+
 DWORD
 VmDirLdapSchemaResolveAndVerifyAll(
     PVDIR_LDAP_SCHEMA   pSchema
@@ -444,11 +460,24 @@ VmDirLdapSchemaRemoveNoopData(
     PVDIR_LDAP_SCHEMA   pSchema
     );
 
+BOOLEAN
+VmDirLdapSchemaIsEmpty(
+    PVDIR_LDAP_SCHEMA   pSchema
+    );
+
 VOID
 VmDirFreeLdapSchema(
     PVDIR_LDAP_SCHEMA   pSchema
     );
 
+// util.c
+DWORD
+VmDirLdapSearchSubSchemaSubEntry(
+    LDAP*           pLd,
+    LDAPMessage**   ppResult,
+    LDAPMessage**   ppEntry
+    );
+
 // verify.c
 DWORD
 VmDirLdapAtVerify(
@@ -467,87 +496,6 @@ VmDirLdapCrVerify(
     PVDIR_LDAP_CONTENT_RULE pCRDesc
     );
 
-//////////////////////////////////////
-// Legacy support structs/functions //
-//////////////////////////////////////
-
-typedef struct _VDIR_LEGACY_SCHEMA
-{
-    PLW_HASHMAP pAtDefStrMap;
-    PLW_HASHMAP pOcDefStrMap;
-    PLW_HASHMAP pCrDefStrMap;
-    PVDIR_LDAP_SCHEMA   pSchema;
-
-} VDIR_LEGACY_SCHEMA, *PVDIR_LEGACY_SCHEMA;
-
-typedef struct _VDIR_LEGACY_SCHEMA_MOD
-{
-    PVMDIR_STRING_LIST  pDelAt;
-    PVMDIR_STRING_LIST  pAddAt;
-    PVMDIR_STRING_LIST  pDelOc;
-    PVMDIR_STRING_LIST  pAddOc;
-    PVMDIR_STRING_LIST  pDelCr;
-    PVMDIR_STRING_LIST  pAddCr;
-
-} VDIR_LEGACY_SCHEMA_MOD, *PVDIR_LEGACY_SCHEMA_MOD;
-
-// legacy/legacyload.c
-DWORD
-VmDirLegacySchemaLoadRemoteSchema(
-    PVDIR_LEGACY_SCHEMA pLegacySchema,
-    LDAP*               pLd
-    );
-
-// legacy/legacypatch.c
-DWORD
-VmDirPatchRemoteSubSchemaSubEntry(
-    LDAP*               pLd,
-    PVDIR_LDAP_SCHEMA   pNewSchema
-    );
-
-// legacy/legacyschema.c
-DWORD
-VmDirLegacySchemaInit(
-    PVDIR_LEGACY_SCHEMA*    ppLegacySchema
-    );
-
-VOID
-VmDirFreeLegacySchema(
-    PVDIR_LEGACY_SCHEMA pLegacySchema
-    );
-
-// legacy/legacyschemamod.c
-DWORD
-VmDirLegacySchemaModInit(
-    PVDIR_LEGACY_SCHEMA_MOD*    ppLegacySchemaMod
-    );
-
-DWORD
-VmDirLegacySchemaModPopulate(
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod,
-    PVDIR_LEGACY_SCHEMA     pLegacySchema,
-    PVDIR_LDAP_SCHEMA       pNewSchema
-    );
-
-VOID
-VmDirFreeLegacySchemaMod(
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod
-    );
-
-// legacy/legacyutil.c
-DWORD
-VmDirLdapSearchSubSchemaSubEntry(
-    LDAP*           pLd,
-    LDAPMessage**   ppResult,
-    LDAPMessage**   ppEntry
-    );
-
-DWORD
-VmDirFixLegacySchemaDefSyntaxErr(
-    PSTR    pszDef,
-    PSTR*   ppszFixedDef
-    );
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/include/vmdirdefines.h b/lwraft/include/vmdirdefines.h
index 389242f1e..4bf5aa017 100644
--- a/lwraft/include/vmdirdefines.h
+++ b/lwraft/include/vmdirdefines.h
@@ -34,7 +34,6 @@ extern "C" {
 #endif
 
 #ifdef _WIN32
-    #define HAVE_LMDB_H
     #define PCVOID const PVOID
     #define ssize_t SSIZE_T
 
@@ -253,6 +252,14 @@ extern "C" {
         }                                 \
     } while(0)
 
+#define VMDIR_SAFE_FREE_RWLOCK(lock)      \
+    do {                                  \
+        if ((lock)) {                     \
+            VmDirFreeRWLock(lock);        \
+            (lock) = NULL;                \
+        }                                 \
+    } while(0)
+
 #define VMDIR_SAFE_FREE_CONDITION(cond)   \
     do {                                  \
         if ((cond)) {                     \
@@ -291,6 +298,39 @@ extern "C" {
         }                                       \
     } while (0)
 
+#define VMDIR_RWLOCK_READLOCK(bInLock, lock, dwMilliSec)        \
+    do {                                                        \
+        if (!(bInLock))                                         \
+        {                                                       \
+            if (VmDirRWLockReadLock(lock, dwMilliSec) == 0)     \
+            {                                                   \
+                (bInLock) = TRUE;                               \
+            }                                                   \
+        }                                                       \
+    } while (0)
+
+#define VMDIR_RWLOCK_WRITELOCK(bInLock, lock, dwMilliSec)       \
+    do {                                                        \
+        if (!(bInLock))                                         \
+        {                                                       \
+            if (VmDirRWLockWriteLock(lock, dwMilliSec) == 0)    \
+            {                                                   \
+                (bInLock) = TRUE;                               \
+            }                                                   \
+        }                                                       \
+    } while (0)
+
+#define VMDIR_RWLOCK_UNLOCK(bInLock, lock)          \
+    do {                                            \
+        if ((bInLock))                              \
+        {                                           \
+            if (VmDirRWLockUnlock(lock) == 0)       \
+            {                                       \
+                (bInLock) = FALSE;                  \
+            }                                       \
+        }                                           \
+    } while (0)
+
 #define BAIL_WITH_VMDIR_ERROR(dwError, ERROR_CODE)                          \
     do {                                                                    \
         dwError = ERROR_CODE;                                               \
@@ -311,7 +351,7 @@ extern "C" {
     {                                                                       \
         if (pszErrMsg == NULL)                                              \
         {                                                                   \
-            VmDirAllocateStringAVsnprintf(                                  \
+            VmDirAllocateStringPrintf(                                      \
                             &(pszErrMsg),                                   \
                             Format,                                         \
                             ##__VA_ARGS__);                                 \
@@ -339,6 +379,14 @@ extern "C" {
            BAIL_ON_VMDIR_ERROR(errCode);          \
         }
 
+// For all curl errors
+#define BAIL_ON_CURL_ERROR(dwCurlError)                                     \
+    if (dwCurlError)                                                        \
+    {                                                                       \
+        VMDIR_LOG_DEBUG(VMDIR_LOG_MASK_ALL, "[%s,%d]", __FILE__, __LINE__); \
+        goto curlerror;                                                     \
+    }
+
 // see ldap.h for other LDAP error code and range definitions.
 #define LDAP_SERVER_ERROR(n)        LDAP_RANGE((n),0x01,0x0e) /* 1 ~ 15 */
 
@@ -363,7 +411,7 @@ extern "C" {
         {                                                           \
             if (ldapErrMsg == NULL)                                 \
             {                                                       \
-                VmDirAllocateStringAVsnprintf(                      \
+                VmDirAllocateStringPrintf(                          \
                                 &(ldapErrMsg),                      \
                                 Format,                             \
                                 ##__VA_ARGS__);                     \
@@ -393,6 +441,36 @@ extern "C" {
                             errMsg);                \
     } while (0)
 
+#define VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppVals)       \
+    do                                              \
+    {                                               \
+        if (ppVals)                                 \
+        {                                           \
+            ldap_value_free_len(ppVals);            \
+            (ppVals) = NULL;                        \
+        }                                           \
+    } while(0)
+
+#define VDIR_SAFE_LDAP_MSGFREE(pResult)             \
+    do                                              \
+    {                                               \
+        if (pResult)                                \
+        {                                           \
+            ldap_msgfree(pResult);                  \
+            (pResult) = NULL;                       \
+        }                                           \
+    } while(0)
+
+#define VDIR_SAFE_LDAP_UNBIND_EXT_S(pLd)            \
+    do                                              \
+    {                                               \
+        if (pLd)                                    \
+        {                                           \
+            ldap_unbind_ext_s(pLd, NULL, NULL);     \
+            (pLd) = NULL;                           \
+        }                                           \
+    } while(0)
+
 // LBER call return -1 if error
 #define BAIL_ON_LBER_ERROR(dwError) \
     do                                                                          \
@@ -420,7 +498,7 @@ extern "C" {
             else                                                \
             {                                                   \
                 PSTR    pszTmp = pszOrgErrMsg;                  \
-                VmDirAllocateStringAVsnprintf(                  \
+                VmDirAllocateStringPrintf(                      \
                                 &(pszOrgErrMsg),                \
                                 "%s %s",                        \
                                 pszTmp, pszNewErrMsg);          \
@@ -626,8 +704,12 @@ if ( VMDIR_ASCII_UPPER(c) )             \
 #define VMDIR_MAX_LDAP_URI_LEN         256 /* e.g. ldap://192.168.122.65 */
 #define VMDIR_DEFAULT_REPL_LAST_USN_PROCESSED       "0"
 
+#define VMDIR_URL_PATH_DELIMITER_STR    "/"
+
 #define VMDIR_UPN_REALM_SEPARATOR       '@'
 
+#define VMDIR_FQDN_SEPARATOR            '.'
+
 #define VMDIR_KDC_RANDOM_PWD_LEN        20
 #define VMDIR_MAX_REALM_LEN             256
 
@@ -677,7 +759,7 @@ if ( VMDIR_ASCII_UPPER(c) )             \
 #define VMDIR_IPC_INITIALIZE_HOST      0
 #define VMDIR_IPC_INITIALIZE_TENANT    1
 #define VMDIR_IPC_FORCE_RESET_PASSWORD 2
-//#define VMDIR_IPC_GET_SRP_SECRET       3
+#define VMDIR_IPC_GET_SRP_SECRET       3
 #define VMDIR_IPC_SET_SRP_SECRET       4
 #define VMDIR_IPC_GENERATE_PASSWORD    5
 #define VMDIR_IPC_GET_SERVER_STATE     6
diff --git a/lwraft/include/vmdirtesting.h b/lwraft/include/vmdirtesting.h
new file mode 100644
index 000000000..ed2ad3e70
--- /dev/null
+++ b/lwraft/include/vmdirtesting.h
@@ -0,0 +1,377 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+struct _VMDIR_TEST_STATE;
+typedef DWORD (*PTEST_SETUP_CALLBACK)(struct _VMDIR_TEST_STATE *pState);
+typedef DWORD (*PTEST_RUNNER_CALLBACK)(struct _VMDIR_TEST_STATE *pState);
+typedef DWORD (*PTEST_CLEANUP_CALLBACK)(struct _VMDIR_TEST_STATE *pState);
+
+typedef struct _VMDIR_TEST_STATE
+{
+    //
+    // Admin connection to server.
+    //
+    LDAP *pLd;
+
+    //
+    // Connection to server using a non-admin account.
+    //
+    LDAP *pLdLimited;
+
+    //
+    // Anonymous connection to the server.
+    //
+    LDAP *pLdAnonymous;
+
+    //
+    // Customizable connection to the server.
+    //
+    LDAP *pLdCustom;
+
+    //
+    // The test runner's cleanup callback. We'll call this when an assertion
+    // fails and we're going to exit() the process.
+    //
+    PTEST_CLEANUP_CALLBACK  pfnCleanupCallback;
+
+    PCSTR pszServerName;        // The server name
+    PCSTR pszUserName;          // Username to connect with.
+    PCSTR pszPassword;          // Password to connect with.
+    PCSTR pszDomain;            // The domain to use (e.g., vsphere.local)
+    PCSTR pszBaseDN;            // The domain's DN.
+    PCSTR pszTest;              // The name of a particular test to run or a directory to load tests from.
+    PCSTR pszTestContainerName; // The name of the test container; all objects should be created beneath this.
+    PCSTR pszInternalUserName;  // The name of the internal user we create for operations that shouldn't be run as admin.
+    BOOLEAN bKeepGoing;         // Keep going if an individual test fails.
+    BOOLEAN bBreakIntoDebugger; // Break into the debugger when a test fails.
+} VMDIR_TEST_STATE, *PVMDIR_TEST_STATE;
+
+VOID
+VmDirTestLdapUnbind(
+    LDAP *pLd
+    );
+
+DWORD
+VmDirTestCreateAnonymousConnection(
+    PCSTR pszServerName,
+    LDAP **ppLd
+    );
+
+PCSTR
+VmDirTestGetTestContainerCn(
+    PVMDIR_TEST_STATE pState
+    );
+
+PCSTR
+VmDirTestGetInternalUserCn(
+    PVMDIR_TEST_STATE pState
+    );
+
+DWORD
+VmDirTestDeleteUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName
+    );
+
+DWORD
+VmDirTestReplaceBinaryAttributeValues(
+    LDAP *pLd,
+    PCSTR pszDN,
+    PCSTR pszAttribute,
+    BYTE *pbAttributeValue,
+    DWORD dwDataLength
+    );
+
+DWORD
+VmDirTestReplaceAttributeValues(
+    LDAP *pLd,
+    PCSTR pszDN,
+    PCSTR pszAttribute,
+    PCSTR *ppszAttributeValues
+    );
+
+DWORD
+VmDirTestGetAttributeValueString(
+    LDAP *pLd,
+    PCSTR pBase,
+    int ldapScope,
+    PCSTR pszFilter,
+    PCSTR pszAttribute,
+    PSTR *ppszAttributeValue
+    );
+
+DWORD
+VmDirTestGetAttributeValue(
+    LDAP *pLd,
+    PCSTR pBase,
+    int ldapScope,
+    PCSTR pszFilter,
+    PCSTR pszAttribute,
+    BYTE **ppbAttributeValue,
+    PDWORD pdwAttributeLength
+    );
+
+DWORD
+VmDirTestGetObjectList(
+    LDAP *pLd,
+    PCSTR pszDn,
+    PVMDIR_STRING_LIST *ppObjectList /* OPTIONAL */
+    );
+
+VOID
+VmDirTestReportAssertionFailure(
+    PCSTR pszExpression,
+    PCSTR pszCustomMsg,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+VmDirTestReportAssertionFailureDwordOperands(
+    PCSTR pszSideA,
+    PCSTR pszSideB,
+    DWORD dwValueA,
+    DWORD dwValueB,
+    BOOLEAN bEquality,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+VmDirTestReportAssertionFailurePtrOperands(
+    PCSTR pszSideA,
+    PCSTR pszSideB,
+    PVOID pValueA,
+    PVOID pValueB,
+    BOOLEAN bEquality,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+VmDirTestReportAssertionFailureStringOperands(
+    PCSTR pszSideA,
+    PCSTR pszSideB,
+    PCSTR pszValueA,
+    PCSTR pszValueB,
+    BOOLEAN bEquality,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    );
+
+DWORD
+VmDirTestGetInternalUserDn(
+    PVMDIR_TEST_STATE pState,
+    PSTR *ppszDn
+    );
+
+DWORD
+VmDirTestCreateContainer(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszName,
+    PCSTR pszAcl /* OPTIONAL */
+    );
+
+DWORD
+VmDirTestDeleteContainer(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    );
+
+DWORD
+VmDirTestCreateUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    PCSTR pszAcl /* OPTIONAL */
+    );
+
+DWORD
+VmDirTestAddUserToGroupByDn(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PCSTR pszGroupDn
+    );
+
+DWORD
+VmDirTestAddUserToGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    );
+
+DWORD
+VmDirTestRemoveUserFromGroupByDn(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PCSTR pszGroupDn
+    );
+
+DWORD
+VmDirTestRemoveUserFromGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    );
+
+DWORD
+VmDirTestDeleteUserEx(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    BOOLEAN bUseLimitedAccount
+    );
+
+DWORD
+VmDirTestGetUserSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserName,
+    PCSTR pszUserContainer, // optional
+    PSTR *ppszUserSid
+    );
+
+DWORD
+VmDirTestGetTestContainerDn(
+    PVMDIR_TEST_STATE pState,
+    PSTR *ppszDN
+    );
+
+DWORD
+VmDirTestGetDomainSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszDomainDn,
+    PSTR *ppszDomainSid
+    );
+
+DWORD
+VmDirTestCreateUserWithSecurityDescriptor(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    PBYTE pbSecurityDescriptor,
+    DWORD dwLength
+    );
+
+DWORD
+VmDirTestCreateUserWithLimitedAccount(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    PCSTR pszAcl /* OPTIONAL */
+    );
+
+DWORD
+VmDirTestConnectionFromUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserName,
+    LDAP **ppLd
+    );
+
+DWORD
+VmDirTestCreateGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroupName,
+    PCSTR pszAcl /* OPTIONAL */
+    );
+
+DWORD
+VmDirTestDeleteGroupEx(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroup,
+    BOOLEAN bUseLimitedAccount
+    );
+
+DWORD
+VmDirTestDeleteGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName
+    );
+
+DWORD
+VmDirTestGetGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupName,
+    PCSTR pszContainer, // optional
+    PSTR *ppszGroupSid
+    );
+
+DWORD
+VmDirTestListUsersGroups(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PVMDIR_STRING_LIST *ppvsGroups /* OUT */
+    );
+
+DWORD
+VmDirTestListGroupMembers(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PVMDIR_STRING_LIST *ppvsMembers/* OUT */
+    );
+
+DWORD
+VmDirTestCreateClass(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszClassName
+    );
+
+DWORD
+VmDirTestCreateObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszClassName,
+    PCSTR pszObjectName
+    );
+
+DWORD
+VmDirTestDeleteContainerByDn(
+    LDAP *pLd,
+    PCSTR pszContainerDn
+    );
+
+DWORD
+VmDirTestGetGuid(
+    PSTR *ppszGuid
+    );
+
+#define TestAssertEquals(a, b) if (a != b) { VmDirTestReportAssertionFailureDwordOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
+#define TestAssertNotEquals(a, b) if (a == b) { VmDirTestReportAssertionFailureDwordOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
+
+#define TestAssertPtrEquals(a, b) if (a != b) { VmDirTestReportAssertionFailurePtrOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
+#define TestAssertPtrNotEquals(a, b) if (a == b) { VmDirTestReportAssertionFailurePtrOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
+
+#define TestAssertStrEquals(a, b) if (strcmp(a, b) != 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
+#define TestAssertStrNotEquals(a, b) if (strcmp(a, b) == 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
+
+#define TestAssertStrIEquals(a, b) if (VmDirStringCompare(a, b, TRUE) != 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
+#define TestAssertStrINotEquals(a, b) if (VmDirStringCompare(a, b, TRUE) == 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
+
+#define TestAssert(expr) if (!(expr)) { VmDirTestReportAssertionFailure(#expr, "", __FILE__, __FUNCTION__, __LINE__, pState); }
+#define TestAssertMsg(expr, msg) if (!(expr)) { VmDirTestReportAssertionFailure(#expr, msg, __FILE__, __FUNCTION__, __LINE__, pState); }
diff --git a/lwraft/include/vmkdcdefines.h b/lwraft/include/vmkdcdefines.h
index 19226e289..4694c6ad1 100644
--- a/lwraft/include/vmkdcdefines.h
+++ b/lwraft/include/vmkdcdefines.h
@@ -35,7 +35,6 @@ extern "C" {
 
 #ifdef _WIN32
 
-#define HAVE_MDB_H
 #define PSECURITY_DESCRIPTOR_ABSOLUTE PSECURITY_DESCRIPTOR
 #define PSECURITY_DESCRIPTOR_RELATIVE PSECURITY_DESCRIPTOR
 #define BOOLEAN BOOL
diff --git a/lwraft/kdccommon/Makefile.am b/lwraft/kdccommon/Makefile.am
index 48db2c76c..64fe3a650 100644
--- a/lwraft/kdccommon/Makefile.am
+++ b/lwraft/kdccommon/Makefile.am
@@ -15,8 +15,8 @@ libkdccommon_la_SOURCES = \
     security-sd.c
 
 libkdccommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/lwraft/m4/as-ac-expand.m4 b/lwraft/m4/as-ac-expand.m4
deleted file mode 100644
index 8bd95a85c..000000000
--- a/lwraft/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/lwraft/m4/libtool.m4 b/lwraft/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/lwraft/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/lwraft/m4/ltoptions.m4 b/lwraft/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/lwraft/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/lwraft/m4/ltsugar.m4 b/lwraft/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/lwraft/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/lwraft/m4/ltversion.m4 b/lwraft/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/lwraft/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/lwraft/m4/lt~obsolete.m4 b/lwraft/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/lwraft/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/lwraft/server/Makefile.am b/lwraft/server/Makefile.am
index 3af08ba05..fbb0ee53f 100644
--- a/lwraft/server/Makefile.am
+++ b/lwraft/server/Makefile.am
@@ -7,11 +7,7 @@
 #         Sriram Nambakam (snambakam@vmware.com)
 #
 
-STOREDIRS =
-
-if HAVE_MDB_STORE
-    STOREDIRS += mdb-store
-endif
+STOREDIRS = mdb-store
 
 SUBDIRS = \
     kdcsrvcommon \
@@ -22,11 +18,10 @@ SUBDIRS = \
     $(STOREDIRS) \
     indexcfg \
     ldap-head \
+    rest-head \
     middle-layer \
     replication \
     saslvmdirdb \
     schema \
     acl \
-    vmkdc \
-    vmdir \
-    vmkdc_mit_tools
+    vmdir
diff --git a/lwraft/server/acl/Makefile.am b/lwraft/server/acl/Makefile.am
index afea83994..00b26b8d1 100644
--- a/lwraft/server/acl/Makefile.am
+++ b/lwraft/server/acl/Makefile.am
@@ -2,24 +2,26 @@
 noinst_LTLIBRARIES = libvmacl.la
 
 libvmacl_la_SOURCES = \
+    acl.c \
     globals.c \
     libmain.c \
     objectsid.c \
-    sidstate.c \
-    acl.c \
     ridsyncthr.c \
-    security.c
+    sdcalc.c \
+    security.c \
+    sidstate.c \
+    token.c
 
 libvmacl_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libvmacl_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/acl/acl.c b/lwraft/server/acl/acl.c
index deb806335..77d5a4399 100644
--- a/lwraft/server/acl/acl.c
+++ b/lwraft/server/acl/acl.c
@@ -12,141 +12,129 @@
  * under the License.
  */
 
-
-
 #include "includes.h"
 
 static
 DWORD
 VmDirBuildDefaultDaclForEntry(
-    PSID    pOwnerSid,
-    PSTR    pszAdminsGroupSid,
-    PACL *  ppDacl
-    );
-
-static
-DWORD
-VmDirSrvCreateAccessTokenForWellKnowObject(
-    PACCESS_TOKEN*  ppToken,
-    PSTR            pszWellknownObjectSid
+    ACCESS_MASK amAccess,
+    PSID        pOwnerSid,
+    PCSTR       pszAdminsGroupSid,
+    PCSTR       pszDomainAdminsGroupSid,
+    PCSTR       pszDomainClientsGroupSid,
+    BOOLEAN     bAnonymousRead,
+    BOOLEAN     bAuthenticatedRead,
+    BOOLEAN     bServicesDacl,
+    BOOLEAN     bTenantDomain,
+    PACL*       ppDacl
     );
 
 static
 DWORD
 VmDirSrvAccessCheckSelf(
-    PSTR        pszNormBindedDn,
-    PVDIR_ENTRY pEntry,
-    PSTR        pszWellKnownObjectSid,
-    ACCESS_MASK accessDesired,
-    ACCESS_MASK *psamGranted
+    PCSTR                           pszNormBindedDn,
+    PVDIR_ENTRY                     pEntry,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK*                    psamGranted
     );
 
 static
 DWORD
 VmDirSrvAccessCheckEntry(
-    PACCESS_TOKEN   pToken,
-    PVDIR_ENTRY     pEntry,
-    ACCESS_MASK     accessDesired,
-    ACCESS_MASK *   psamGranted
-    );
-
-static
-DWORD
-VmDirIsBindDnMemberOfSystemDomainAdmins(
-    PVDIR_BACKEND_CTX   pBECtx,
-    PVDIR_ACCESS_INFO   pAccessInfo,
-    PBOOLEAN            pbIsMemberOfAdmins
+    PACCESS_TOKEN                   pToken,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK *                   psamGranted
     );
 
 static
 DWORD
-VmDirCreateAccessToken(
-    PACCESS_TOKEN*          AccessToken,
-    PTOKEN_USER             User,
-    PTOKEN_GROUPS           Groups,
-    PTOKEN_PRIVILEGES       Privileges,
-    PTOKEN_OWNER            Owner,
-    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
-    PTOKEN_DEFAULT_DACL     DefaultDacl
-    );
-
-static
-DWORD
-_VmDirBuildTokenGroups(
-    PVDIR_ENTRY     pEntry,
-    PTOKEN_GROUPS * ppTokenGroups);
-
-static
-BOOLEAN
-VmDirIsSpecialAllowedSearchEntry(
-    PVDIR_ENTRY pSrEntry
-    )
-{
-    // DSE_ROOT_DN and PERSISTED_DSE_ROOT_DN, SCHEMA_NAMING_CONTEXT_DN
-    // SUB_SCHEMA_SUB_ENTRY_DN should allow anonymous bind READ
-    return (!VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, DSE_ROOT_DN, FALSE)
-            || !VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, PERSISTED_DSE_ROOT_DN, FALSE)
-            || !VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, SCHEMA_NAMING_CONTEXT_DN, FALSE)
-            || !VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, SUB_SCHEMA_SUB_ENTRY_DN, FALSE));
-}
-
-
-/*
- * management node computer account
- * 1. allow read to domain tree
- * 2. allow write under service containers cn=services,SYSTEM_DOMAIN
- */
-static
-BOOLEAN
-_VmDirDCClientGroupAccessCheck(
-    PVDIR_OPERATION     pOperation,
-    ACCESS_MASK         accessDesired
+_VmDirLoadSecurityDescriptorForEntry(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecDescAbs
     )
 {
-    DWORD           dwError = 0;
-    BOOLEAN         bIsAllowAccess = FALSE;
-    PVDIR_BERVALUE  pBervDN = NULL;
-
-    if ( (accessDesired & -1) == VMDIR_RIGHT_DS_READ_PROP )
-    {  // grant read only request
-        bIsAllowAccess = TRUE;
-        goto cleanup;
-    }
-
-    if ( pOperation->reqCode == LDAP_REQ_ADD )
+    DWORD dwError = 0;
+    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs = NULL;
+    SECURITY_INFORMATION SecInfoAll = (OWNER_SECURITY_INFORMATION |
+                                       GROUP_SECURITY_INFORMATION |
+                                       DACL_SECURITY_INFORMATION |
+                                       SACL_SECURITY_INFORMATION);
+    if (pEntry->pAclCtx == NULL)
     {
-        pBervDN = &(pOperation->request.addReq.pEntry->dn);
-    }
-    else if ( pOperation->reqCode == LDAP_REQ_DELETE )
-    {
-        pBervDN = &(pOperation->request.deleteReq.dn);
+        dwError = VmDirAllocateMemory(sizeof(*pEntry->pAclCtx), (PVOID*)&pEntry->pAclCtx);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    else if ( pOperation->reqCode == LDAP_REQ_MODIFY )
+
+    if (pEntry->pAclCtx->pSecurityDescriptor == NULL || pEntry->pAclCtx->ulSecDescLength == 0)
     {
-        pBervDN = &(pOperation->request.modifyReq.dn);
+        dwError = VmDirGetSecurityDescriptorForEntry(pEntry,
+                                                     SecInfoAll,
+                                                     &pEntry->pAclCtx->pSecurityDescriptor,
+                                                     &pEntry->pAclCtx->ulSecDescLength);
+        //
+        // Legacy entries might not have a security descriptor. Access will
+        // be "manually" checked later on.
+        //
+        if (dwError == ERROR_NO_SECURITY_DESCRIPTOR)
+        {
+            dwError = 0;
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    else
+
+    if (pEntry->pAclCtx->pSecurityDescriptor != NULL)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        dwError = VmDirSecurityAclSelfRelativeToAbsoluteSD(
+                    &pSecDescAbs,
+                    pEntry->pAclCtx->pSecurityDescriptor);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    // for all other access request, target DN must be under service container
-    dwError = VmDirIsAncestorDN( &(gVmdirServerGlobals.bvServicesRootDN), pBervDN, &bIsAllowAccess);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppSecDescAbs = pSecDescAbs;
 
 cleanup:
-
-    return bIsAllowAccess;
-
+    return dwError;
 error:
-
-    VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "%s failed Access (%u), error (%d)",
-                       __FUNCTION__, accessDesired, dwError);
-
     goto cleanup;
 }
 
+static
+VOID
+_VmDirLogFailedAccessCheck(
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    ACCESS_MASK         accessDesired,
+    DWORD               dwAccessError
+    )
+{
+    PSTR pszAclString = NULL;
+    DWORD dwError = 0;
+
+    dwError = LwNtStatusToWin32Error(
+            RtlAllocateSddlCStringFromSecurityDescriptor(
+                    &pszAclString,
+                    pEntry->pAclCtx->pSecurityDescriptor,
+                    SDDL_REVISION_1,
+                    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION));
+
+    // Make sure we still log even if the SD translation fails for some reason.
+    pszAclString = dwError ? NULL : pszAclString;
+
+    VMDIR_LOG_WARNING(
+            VMDIR_LOG_MASK_ALL,
+            "Caller (%s/%s) failed to get 0x%x permission to %s (dwError = %d). Object's SD: %s",
+            pAccessInfo->pszNormBindedDn,
+            pAccessInfo->pszBindedObjectSid,
+            accessDesired,
+            BERVAL_NORM_VAL(pEntry->dn),
+            dwAccessError,
+            VDIR_SAFE_STRING(pszAclString));
+
+    VMDIR_SAFE_FREE_STRINGA(pszAclString);
+}
+
 DWORD
 VmDirSrvAccessCheck(
     PVDIR_OPERATION     pOperation,
@@ -155,75 +143,46 @@ VmDirSrvAccessCheck(
     ACCESS_MASK         accessDesired
     )
 {
-    DWORD       dwError = 0;
+    DWORD   dwError = 0;
+    BOOLEAN bIsMember = FALSE;
     ACCESS_MASK samGranted = 0;
-    BOOLEAN     bIsAdminRole = FALSE;
-    PSTR        pszAdminsGroupSid = NULL;
-    BOOLEAN     bIsDCClient = FALSE;
+    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs = NULL;
 
-    assert( pOperation );
+    assert(pOperation);
+    assert(accessDesired != 0);
 
     if (pOperation->conn == NULL || pOperation->opType != VDIR_OPERATION_TYPE_EXTERNAL)
     {
         goto cleanup; // Access Allowed
     }
-    if (accessDesired == VMDIR_RIGHT_DS_READ_PROP && VmDirIsSpecialAllowedSearchEntry( pEntry ))
-    {
-        goto cleanup; // Access Allowed
-    }
 
-    // invalid accessDesired or
-    // Anonymous user has only VMDIR_RIGHT_DS_READ_PROP access to "Special Allowed Search Entries" and NOTHING else.
-    if ( !accessDesired
-         ||
-         pOperation->conn->bIsAnonymousBind)
+    //
+    // In the replication case the normal machine account won't have access
+    // to the various sub-tenants' trees. As such, we have to special case them
+    // here.
+    //
+    if (pOperation->syncReqCtrl != NULL && accessDesired == VMDIR_RIGHT_DS_READ_PROP)
     {
-        dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
-        BAIL_ON_VMDIR_ERROR( dwError );
-    }
-
-    BAIL_ON_INVALID_ACCESSINFO(pAccessInfo, dwError);
-
-    // Checks for System Admins group membership
-    dwError = VmDirIsBindDnMemberOfSystemDomainAdmins(pOperation->pBECtx, pAccessInfo, &bIsAdminRole);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (bIsAdminRole)
-    {
-        goto cleanup; // Access Allowed
-    }
-
-    // per PROD2013 requirements, member of domaincontrollergroup gets system admin rights.
-    if ( gVmdirServerGlobals.bvDCGroupDN.lberbv_val )
-    {
-        dwError = VmDirIsDirectMemberOf( pAccessInfo->pszBindedDn,
-                                         VDIR_ACCESS_DCGROUP_MEMBER_INFO,
-                                         &pAccessInfo->accessRoleBitmap,
-                                         &bIsAdminRole);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (bIsAdminRole)
+        if (gVmdirServerGlobals.bvDCGroupDN.lberbv_val)
         {
-            goto cleanup; // Access Allowed
-        }
-    }
-
-    if ( gVmdirServerGlobals.bvDCClientGroupDN.lberbv_val )
-    {
-        dwError = VmDirIsDirectMemberOf( pAccessInfo->pszBindedDn,
-                                         VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_INFO,
-                                         &pAccessInfo->accessRoleBitmap,
-                                         &bIsDCClient);
-        BAIL_ON_VMDIR_ERROR(dwError);
+            dwError = VmDirIsDirectMemberOf(pAccessInfo->pszBindedDn,
+                                            VDIR_ACCESS_DCGROUP_MEMBER_INFO,
+                                            &pAccessInfo->accessRoleBitmap,
+                                            &bIsMember);
+            BAIL_ON_VMDIR_ERROR(dwError);
 
-        if(bIsDCClient && _VmDirDCClientGroupAccessCheck( pOperation, accessDesired ))
-        {
-            goto cleanup; // Access Allowed
+            if (bIsMember)
+            {
+                goto cleanup; // Access Allowed
+            }
         }
     }
 
+    dwError = _VmDirLoadSecurityDescriptorForEntry(pEntry, &pSecDescAbs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     // Check Access Token in connection
-    dwError = VmDirSrvAccessCheckEntry(pAccessInfo->pAccessToken, pEntry, accessDesired, &samGranted);
+    dwError = VmDirSrvAccessCheckEntry(pAccessInfo->pAccessToken, pSecDescAbs, accessDesired, &samGranted);
     if (!dwError)
     {
         if (samGranted != accessDesired)
@@ -239,10 +198,14 @@ VmDirSrvAccessCheck(
         dwError = 0;
         samGranted = 0;
     }
-    BAIL_ON_VMDIR_ERROR(dwError);
 
     // Otherwise, continue (1) Check whether granted with SELF access right
-    dwError = VmDirSrvAccessCheckSelf(pAccessInfo->pszNormBindedDn, pEntry, VMDIR_SELF_SID, accessDesired, &samGranted);
+    dwError = VmDirSrvAccessCheckSelf(
+                pAccessInfo->pszNormBindedDn,
+                pEntry,
+                pSecDescAbs,
+                accessDesired,
+                &samGranted);
     if (!dwError)
     {
         if (samGranted != accessDesired)
@@ -255,27 +218,53 @@ VmDirSrvAccessCheck(
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszAdminsGroupSid);
-
+    VmDirFreeAbsoluteSecurityDescriptor(&pSecDescAbs);
     return dwError;
 
 error:
+    //
+    // VMDIR_RIGHT_DS_DELETE_OBJECT is a new permission that works in
+    // conjunction with VMDIR_RIGHT_DS_DELETE_CHILD to control the deleting
+    // of objects. Thus, it's not necessarily interesting that the client
+    // doesn't have this right: We'll try again to delete the object using
+    // the latter permission (and if *that* fails then we'll log appropriately
+    // here).
+    //
+    if (accessDesired != VMDIR_RIGHT_DS_DELETE_OBJECT)
+    {
+        _VmDirLogFailedAccessCheck(pAccessInfo, pEntry, accessDesired, dwError);
+    }
+
+    //
+    // We only want to return this error value (this routine is logically
+    // basically boolean; no caller cares if the access check fails due to
+    // some internal machination). This allows callers to react accordingly
+    // (this is mostly useful in the case of old data with invalid security
+    // descriptors that can cause a search to fail [whereas, with this code,
+    // we'll keep searching and just ignore the data with a bad SD]).
+    //
+    dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
     goto cleanup;
 }
 
 static
 DWORD
 VmDirSrvAccessCheckSelf(
-    PSTR            pszNormBindedDn,
-    PVDIR_ENTRY     pEntry,
-    PSTR            pszWellKnowObjectSid,
-    ACCESS_MASK     accessDesired,
-    ACCESS_MASK *   psamGranted
+    PCSTR                           pszNormBindedDn,
+    PVDIR_ENTRY                     pEntry,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK*                    psamGranted
     )
 {
     DWORD           dwError = ERROR_SUCCESS;
     PACCESS_TOKEN   pWellKnownToken = NULL;
 
+    if (IsNullOrEmptyString(pszNormBindedDn))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INSUFFICIENT_ACCESS);
+    }
+
     if (IsNullOrEmptyString(pEntry->dn.bvnorm_val))
     {
         dwError = VmDirNormalizeDN( &(pEntry->dn), pEntry->pSchemaCtx);
@@ -283,18 +272,17 @@ VmDirSrvAccessCheckSelf(
     }
 
     // If not self, do not need recreate self token
-    if (VmDirStringCompareA(pszWellKnowObjectSid, VMDIR_SELF_SID, TRUE) == 0 &&
-        VmDirStringCompareA(pszNormBindedDn, BERVAL_NORM_VAL(pEntry->dn), TRUE) != 0)
+    if (VmDirStringCompareA(pszNormBindedDn, BERVAL_NORM_VAL(pEntry->dn), TRUE) != 0)
     {
         dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateAccessTokenForWellKnowObject(&pWellKnownToken, pszWellKnowObjectSid);
+    dwError = VmDirSrvCreateAccessTokenForWellKnowObject(&pWellKnownToken, VMDIR_SELF_SID);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSrvAccessCheckEntry(pWellKnownToken,
-                                       pEntry,
+                                       pSecDescAbs,
                                        accessDesired,
                                        psamGranted);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -314,60 +302,14 @@ VmDirSrvAccessCheckSelf(
 static
 DWORD
 VmDirSrvAccessCheckEntry(
-    PACCESS_TOKEN   pToken,
-    PVDIR_ENTRY     pEntry,
-    ACCESS_MASK     accessDesired,
-    ACCESS_MASK *   psamGranted
+    PACCESS_TOKEN                   pToken,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK *                   psamGranted
     )
 {
-    DWORD                           dwError = ERROR_SUCCESS;
-    ACCESS_MASK                     AccessMask = 0;
-    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs = NULL;
-    SECURITY_INFORMATION            SecInfoAll = (OWNER_SECURITY_INFORMATION |
-                                                  GROUP_SECURITY_INFORMATION |
-                                                  DACL_SECURITY_INFORMATION |
-                                                  SACL_SECURITY_INFORMATION);
-
-    BAIL_ON_VMDIR_INVALID_POINTER(pEntry, dwError);
-    BAIL_ON_VMDIR_INVALID_POINTER(psamGranted, dwError);
-
-    if (!pToken)
-    {
-        dwError = ERROR_NO_TOKEN;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (!pEntry->pAclCtx)
-    {
-        dwError = VmDirAllocateMemory(sizeof(*pEntry->pAclCtx), (PVOID*)&pEntry->pAclCtx);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pEntry->pAclCtx->pSecurityDescriptor == NULL || pEntry->pAclCtx->ulSecDescLength == 0)
-    {
-        dwError = VmDirGetSecurityDescriptorForEntry(pEntry,
-                                                     SecInfoAll,
-                                                     &pEntry->pAclCtx->pSecurityDescriptor,
-                                                     &pEntry->pAclCtx->ulSecDescLength);
-        // In case of an internally constructed (non-persist) entry, bypass ACL check
-        if (dwError == ERROR_NO_SECURITY_DESCRIPTOR)
-        {
-            VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "VmDirSrvAccessCheckEntr() No SD found for (%s)", pEntry->dn.lberbv.bv_val );
-
-            // if (VmDirIsInternalEntry(pEntry))
-            // {
-                AccessMask = accessDesired;
-                dwError = 0;
-
-                goto cleanup;
-            // }
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirSecurityAclSelfRelativeToAbsoluteSD(&pSecDescAbs,
-                                                       pEntry->pAclCtx->pSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    DWORD dwError = ERROR_SUCCESS;
+    ACCESS_MASK AccessMask = 0;
 
     // Access check
     if (!VmDirAccessCheck(pSecDescAbs,
@@ -379,7 +321,7 @@ VmDirSrvAccessCheckEntry(
                           &dwError))
     {
         // VmDirAccessCheck return MS error space.  TODO, need a generic way to handle this.
-        if ( dwError == ERROR_ACCESS_DENIED )
+        if (dwError == ERROR_ACCESS_DENIED)
         {
             dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
         }
@@ -388,20 +330,16 @@ VmDirSrvAccessCheckEntry(
 
 cleanup:
     *psamGranted = AccessMask;
-
-    VmDirFreeAbsoluteSecurityDescriptor(&pSecDescAbs);
-
     return dwError;
 
 error:
     AccessMask = 0;
-
     goto cleanup;
 }
 
 VOID
 VmDirFreeAbsoluteSecurityDescriptor(
-    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecDesc
+    PSECURITY_DESCRIPTOR_ABSOLUTE*  ppSecDesc
     )
 {
     PSID                            pOwner = NULL;
@@ -432,148 +370,19 @@ VmDirFreeAbsoluteSecurityDescriptor(
     *ppSecDesc = NULL;
 }
 
-
-// Create access token for the bind
-DWORD
-VmDirSrvCreateAccessTokenWithDn(
-    PCSTR           pszObjectDn,
-    PACCESS_TOKEN*  ppToken
-    )
-{
-    DWORD           dwError = ERROR_SUCCESS;
-    PVDIR_ENTRY     pEntry = NULL;
-    PACCESS_TOKEN   pToken = NULL;
-
-    dwError = VmDirSimpleDNToEntry(pszObjectDn, &pEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateAccessTokenWithEntry(pEntry, &pToken, NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppToken = pToken;
-
-cleanup:
-
-    if (pEntry)
-    {
-        VmDirFreeEntry(pEntry);
-    }
-
-    return dwError;
-
-error:
-    if (pToken)
-    {
-        VmDirReleaseAccessToken(&pToken);
-    }
-
-    goto cleanup;
-}
-
-DWORD
-VmDirSrvCreateAccessTokenWithEntry(
-    PVDIR_ENTRY     pEntry,
-    PACCESS_TOKEN*  ppToken,
-    PSTR *          ppszObjectSid /* Optional */
-    )
-{
-    DWORD               dwError = ERROR_SUCCESS;
-    PACCESS_TOKEN       pToken = *ppToken;
-    TOKEN_USER          user = {{0}};
-    TOKEN_OWNER         owner = {0};
-    PTOKEN_GROUPS       pGroups = {0};
-    TOKEN_PRIVILEGES    privileges = {0};
-    TOKEN_PRIMARY_GROUP primaryGroup = {0};
-    TOKEN_DEFAULT_DACL  dacl = {0};
-    PSTR                pszObjectSid = NULL;
-    PSTR                pszBuildinUsersGroupSid = NULL;
-    PCSTR               pszDomainDn = NULL;
-    unsigned int        i = 0;
-
-    if (pToken)
-    {
-        dwError = ERROR_TOKEN_IN_USE;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetObjectSidFromEntry(pEntry, &pszObjectSid, &user.User.Sid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pszDomainDn = VmDirSearchDomainDN(BERVAL_NORM_VAL(pEntry->dn));
-    if (!pszDomainDn)
-    {
-        dwError = VMDIR_ERROR_DOMAIN_NOT_FOUND;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGenerateWellknownSid(pszDomainDn, VMDIR_DOMAIN_ALIAS_RID_USERS, &pszBuildinUsersGroupSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Primary groups should be built-in\Users not admins
-    dwError = VmDirAllocateSidFromCString(pszBuildinUsersGroupSid, &primaryGroup.PrimaryGroup);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirBuildTokenGroups(pEntry, &pGroups);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateAccessToken(&pToken,
-                                     &user,
-                                     pGroups,
-                                     &privileges,
-                                     &owner,
-                                     &primaryGroup,
-                                     &dacl);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (ppszObjectSid)
-    {
-        *ppszObjectSid = pszObjectSid;
-    }
-    *ppToken = pToken;
-
-cleanup:
-    if (!ppszObjectSid)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pszObjectSid);
-    }
-    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
-    VMDIR_SAFE_FREE_MEMORY(primaryGroup.PrimaryGroup);
-    VMDIR_SAFE_FREE_MEMORY(pszBuildinUsersGroupSid);
-    if (pGroups)
-    {
-        for (i = 0; i < pGroups->GroupCount; i++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(pGroups->Groups[i].Sid);
-        }
-        VmDirFreeMemory(pGroups);
-    }
-
-    return dwError;
-
-error:
-    if (ppszObjectSid)
-    {
-        *ppszObjectSid = NULL;
-    }
-
-    *ppToken = NULL;
-
-    if (pToken)
-    {
-        VmDirReleaseAccessToken(&pToken);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pszObjectSid);
-
-    goto cleanup;
-}
-
 DWORD
-VmDirSrvCreateDefaultSecDescRel(
-    PSTR                            pszSystemAdministratorDn,
-    PSTR                            pszAdminsGroupSid,
-    PSECURITY_DESCRIPTOR_RELATIVE*  ppSecDescRel,
-    PULONG                          pulSecDescLength,
-    PSECURITY_INFORMATION           pSecInfo
+VmDirSrvCreateSecurityDescriptor(
+    ACCESS_MASK                 amAccess,
+    PCSTR                       pszDomainAdminDn,
+    PCSTR                       pszAdminsGroupSid,
+    PCSTR                       pszDomainAdminsGroupSid,
+    PCSTR                       pszDomainClientsGroupSid,
+    BOOLEAN                     bProtectedDacl,
+    BOOLEAN                     bAnonymousRead,
+    BOOLEAN                     bAuthenticatedRead,
+    BOOLEAN                     bServicesDacl,
+    BOOLEAN                     bTenantDomain,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     )
 {
     DWORD                           dwError = ERROR_SUCCESS;
@@ -582,21 +391,25 @@ VmDirSrvCreateDefaultSecDescRel(
     PSID                            pOwnerSid = NULL;
     PSID                            pGroupSid = NULL;
     PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRel = NULL;
-    ULONG                           ulSecDescLen = 1024;
-    SECURITY_INFORMATION            SecInfo = 0;
+    ULONG                           ulSecDescLen = 0;
 
     // Owner: Administrators
     // Get administrator's PSID
-    dwError = VmDirGetObjectSidFromDn(pszSystemAdministratorDn, &pOwnerSid);
+    dwError = VmDirGetObjectSidFromDn(pszDomainAdminDn, &pOwnerSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateMemory(SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE,
-                                                (PVOID*)&pSecDescAbs);
+    dwError = VmDirCreateSecurityDescriptorAbsolute(&pSecDescAbs);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateSecurityDescriptorAbsolute(pSecDescAbs,
-                                                SECURITY_DESCRIPTOR_REVISION);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (bProtectedDacl)
+    {
+        dwError = LwNtStatusToWin32Error(
+                    RtlSetSecurityDescriptorControl(
+                        pSecDescAbs,
+                        SE_DACL_PROTECTED,
+                        SE_DACL_PROTECTED));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     dwError = VmDirSetOwnerSecurityDescriptor(
                  pSecDescAbs,
@@ -604,8 +417,6 @@ VmDirSrvCreateDefaultSecDescRel(
                  FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    SecInfo |= OWNER_SECURITY_INFORMATION;
-
     // BUILD-IN Group Administrators
     dwError = VmDirAllocateSidFromCString(pszAdminsGroupSid, &pGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -617,13 +428,16 @@ VmDirSrvCreateDefaultSecDescRel(
     BAIL_ON_VMDIR_ERROR(dwError);
     pGroupSid = NULL;
 
-    SecInfo |= GROUP_SECURITY_INFORMATION;
-
-    // Do not set Sacl currently
-
     // DACL
-    dwError = VmDirBuildDefaultDaclForEntry(pOwnerSid,
+    dwError = VmDirBuildDefaultDaclForEntry(amAccess,
+                                            pOwnerSid,
                                             pszAdminsGroupSid,
+                                            pszDomainAdminsGroupSid,
+                                            pszDomainClientsGroupSid,
+                                            bAnonymousRead,
+                                            bAuthenticatedRead,
+                                            bServicesDacl,
+                                            bTenantDomain,
                                             &pDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
     pOwnerSid = NULL;
@@ -635,64 +449,35 @@ VmDirSrvCreateDefaultSecDescRel(
     BAIL_ON_VMDIR_ERROR(dwError);
     pDacl = NULL;
 
-    SecInfo |= DACL_SECURITY_INFORMATION;
-
-    if (!VmDirValidSecurityDescriptor(pSecDescAbs))
-    {
-        dwError = ERROR_INVALID_SECURITY_DESCR;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    do
+    dwError = VmDirAbsoluteToSelfRelativeSD(pSecDescAbs,
+                                            NULL,
+                                            &ulSecDescLen);
+    if (dwError == ERROR_INSUFFICIENT_BUFFER)
     {
-        VMDIR_SAFE_FREE_MEMORY(pSecDescRel);
-        dwError = VmDirAllocateMemory(ulSecDescLen,
-                                    (PVOID*)&pSecDescRel);
+        dwError = VmDirAllocateMemory(ulSecDescLen, (PVOID*)&pSecDescRel);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        memset(pSecDescRel, 0, ulSecDescLen);
-
         dwError = VmDirAbsoluteToSelfRelativeSD(pSecDescAbs,
-                                               pSecDescRel,
-                                               &ulSecDescLen);
-
-        if (ERROR_INSUFFICIENT_BUFFER  == dwError)
-        {
-            ulSecDescLen *= 2;
-        }
-        else
-        {
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-    }
-    while((dwError != ERROR_SUCCESS) &&
-          (ulSecDescLen <= SECURITY_DESCRIPTOR_RELATIVE_MAX_SIZE));
-
-    if (ulSecDescLen > SECURITY_DESCRIPTOR_RELATIVE_MAX_SIZE)
-    {
-        dwError = ERROR_INVALID_SECURITY_DESCR;
-        BAIL_ON_VMDIR_ERROR(dwError);
+                                                pSecDescRel,
+                                                &ulSecDescLen);
     }
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    *ppSecDescRel = pSecDescRel;
-    *pulSecDescLength = ulSecDescLen;
-    *pSecInfo = SecInfo;
+    pSecDesc->pSecDesc = pSecDescRel;
+    pSecDesc->ulSecDesc = ulSecDescLen;
+    pSecDesc->SecInfo = OWNER_SECURITY_INFORMATION |
+                        GROUP_SECURITY_INFORMATION |
+                        DACL_SECURITY_INFORMATION;
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pDacl);
     VMDIR_SAFE_FREE_MEMORY(pOwnerSid);
     VMDIR_SAFE_FREE_MEMORY(pGroupSid);
-
     VmDirFreeAbsoluteSecurityDescriptor(&pSecDescAbs);
-
     return dwError;
 
 error:
     VMDIR_SAFE_FREE_MEMORY(pSecDescRel);
-    ulSecDescLen = 0;
-    SecInfo = 0;
-
     goto cleanup;
 }
 
@@ -755,7 +540,7 @@ VmDirGetObjectSidFromEntry(
 
 VOID
 VmDirAclCtxContentFree(
-    PVDIR_ACL_CTX pAclCtx
+    PVDIR_ACL_CTX   pAclCtx
     )
 {
     if (pAclCtx)
@@ -766,223 +551,410 @@ VmDirAclCtxContentFree(
 
 static
 DWORD
-_VmDirBuildTokenGroups(
-    PVDIR_ENTRY     pEntry,
-    PTOKEN_GROUPS * ppTokenGroups)
+VmDirBuildDefaultDaclForEntry(
+    ACCESS_MASK amAccess,
+    PSID        pOwnerSid, // system Administrator SID, at least in our context
+    PCSTR       pszAdminsGroupSid,
+    PCSTR       pszDomainAdminsGroupSid,
+    PCSTR       pszDomainClientsGroupSid,
+    BOOLEAN     bAnonymousRead,
+    BOOLEAN     bAuthenticatedRead,
+    BOOLEAN     bServicesDacl,
+    BOOLEAN     bTenantDomain,
+    PACL *      ppDacl
+    )
 {
-    DWORD               dwError = ERROR_SUCCESS;
-    PVDIR_ATTRIBUTE     pMemberOfAttr = NULL;
-    unsigned int        i = 0;
-    PVDIR_ENTRY         pGroupEntry = NULL;
-    VDIR_OPERATION      searchOp = {0};
-    BOOLEAN             bHasTxn = FALSE;
-    PTOKEN_GROUPS       pLocalTokenGroups = NULL;
-
-    if ( pEntry == NULL || ppTokenGroups == NULL )
+    DWORD   dwError = ERROR_SUCCESS;
+    DWORD   dwSizeDacl = 0;
+    PSID    pBuiltInAdmins = NULL;
+    PSID    pDomainAdmins = NULL;
+    PSID    pDomainClients = NULL;
+    PSID    pSelfSid = NULL;
+    PSID    pAnonymousSid = NULL;
+    PSID    pAuthenticatedUsersSid = NULL;
+    PSID    pPrimaryDomainAdminSid = NULL;
+    DWORD   dwSidCount = 0;
+    PACL    pDacl = NULL;
+
+    // if permission is granted to anonymous users, then
+    // grant the permission to authenticated users, too
+    bAuthenticatedRead |= bAnonymousRead;
+
+    assert(pOwnerSid);
+    dwSidCount++;
+
+    dwError = VmDirAllocateSidFromCString(VMDIR_SELF_SID, &pSelfSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    dwSidCount++;
+
+    if (bAnonymousRead)
+    {
+        dwError = VmDirAllocateSidFromCString(
+                VMDIR_ANONYMOUS_LOGON_SID, &pAnonymousSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        dwSidCount++;
+    }
+
+    if (bAuthenticatedRead)
     {
-        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
+        dwError = VmDirAllocateSidFromCString(
+                VMDIR_AUTHENTICATED_USER_SID, &pAuthenticatedUsersSid);
         BAIL_ON_VMDIR_ERROR(dwError);
+        dwSidCount++;
     }
 
-    dwError = VmDirInitStackOperation( &searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, NULL );
+    if (bTenantDomain)
+    {
+        dwError = VmDirGetObjectSidFromDn(
+                gVmdirServerGlobals.bvDefaultAdminDN.lberbv.bv_val,
+                &pPrimaryDomainAdminSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        dwSidCount++;
+    }
+
+    dwError = VmDirAllocateSidFromCString(
+            pszAdminsGroupSid, &pBuiltInAdmins);
     BAIL_ON_VMDIR_ERROR(dwError);
+    dwSidCount++;
 
-    searchOp.pBEIF = VmDirBackendSelect(NULL);
+    dwError = VmDirAllocateSidFromCString(
+            pszDomainAdminsGroupSid, &pDomainAdmins);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    dwSidCount++;
 
-    // start txn
-    dwError = searchOp.pBEIF->pfnBETxnBegin( searchOp.pBECtx, VDIR_BACKEND_TXN_READ );
+    dwError = VmDirAllocateSidFromCString(
+            pszDomainClientsGroupSid, &pDomainClients);
     BAIL_ON_VMDIR_ERROR(dwError);
+    dwSidCount++;
 
-    bHasTxn = TRUE;
+    dwSizeDacl = ACL_HEADER_SIZE +
+            dwSidCount * sizeof(ACCESS_ALLOWED_ACE) +
+            VmDirLengthSid(pOwnerSid) +
+            VmDirLengthSid(pSelfSid) +
+            (bAnonymousRead ? VmDirLengthSid(pAnonymousSid) : 0) +
+            (bAuthenticatedRead ? VmDirLengthSid(pAuthenticatedUsersSid) : 0) +
+            (bTenantDomain ? VmDirLengthSid(pPrimaryDomainAdminSid) : 0) +
+            VmDirLengthSid(pBuiltInAdmins) +
+            VmDirLengthSid(pDomainAdmins) +
+            VmDirLengthSid(pDomainClients) -
+            dwSidCount * sizeof(ULONG);
 
-    dwError = VmDirBuildMemberOfAttribute( &searchOp, pEntry, &pMemberOfAttr );
+    dwError = VmDirAllocateMemory(dwSizeDacl, (PVOID*)&pDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // SJ-TBD: Do we need to align the address??
-    dwError = VmDirAllocateMemory( sizeof(TOKEN_GROUPS) +
-                                   (sizeof(SID_AND_ATTRIBUTES) * (pMemberOfAttr ? pMemberOfAttr->numVals : 0)),
-                                   (PVOID*)&pLocalTokenGroups );
+    dwError = VmDirCreateAcl(pDacl, dwSizeDacl, ACL_REVISION);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (pMemberOfAttr)
-    {
-        pLocalTokenGroups->GroupCount = pMemberOfAttr->numVals;
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            amAccess,
+            pOwnerSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-        for (i = 0; i < pMemberOfAttr->numVals; i++)
-        {
-            if ((dwError = VmDirSimpleDNToEntry(pMemberOfAttr->vals[i].lberbv.bv_val, &pGroupEntry)) != 0)
-            {
-                // may be deleted in the meanwhile
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            amAccess,
+            pBuiltInAdmins);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-                VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL,
-                                   "_VmDirBuildTokenGroups() memmberOf entry (%s) not found, error code (%d)",
-                                   pMemberOfAttr->vals[i].lberbv.bv_val, dwError );
-                continue;
-            }
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            amAccess,
+            pDomainAdmins);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = VmDirGetObjectSidFromEntry(pGroupEntry, NULL, &pLocalTokenGroups->Groups[i].Sid);
-            BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            VMDIR_RIGHT_DS_READ_PROP |
+            (bServicesDacl ? VMDIR_DCCLIENTS_FULL_ACCESS : 0),
+            pDomainClients);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-            // SJ-TBD: should be set on the basis of status of the group??
-            pLocalTokenGroups->Groups[i].Attributes = SE_GROUP_ENABLED;
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            VMDIR_RIGHT_DS_READ_PROP |
+            VMDIR_RIGHT_DS_WRITE_PROP,
+            pSelfSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-            VmDirFreeEntry(pGroupEntry);
-            pGroupEntry = NULL;
-        }
+    if (bAnonymousRead)
+    {
+        dwError = VmDirAddAccessAllowedAceEx(
+                pDacl,
+                ACL_REVISION,
+                OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+                VMDIR_RIGHT_DS_READ_PROP,
+                pAnonymousSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    *ppTokenGroups = pLocalTokenGroups;
-
-cleanup:
-    VmDirFreeAttribute(pMemberOfAttr);
-    if (pGroupEntry)
+    if (bAuthenticatedRead)
     {
-        VmDirFreeEntry(pGroupEntry);
+        dwError = VmDirAddAccessAllowedAceEx(
+                pDacl,
+                ACL_REVISION,
+                OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+                VMDIR_RIGHT_DS_READ_PROP,
+                pAuthenticatedUsersSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    if (bHasTxn)
+
+    if (bTenantDomain)
     {
-        searchOp.pBEIF->pfnBETxnCommit( searchOp.pBECtx);
+        dwError = VmDirAddAccessAllowedAceEx(
+                pDacl,
+                ACL_REVISION,
+                0,
+                VMDIR_RIGHT_DS_READ_PROP | VMDIR_ENTRY_READ_ACL,
+                pPrimaryDomainAdminSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    VmDirFreeOperationContent(&searchOp);
 
+    *ppDacl = pDacl;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pSelfSid);
+    VMDIR_SAFE_FREE_MEMORY(pAnonymousSid);
+    VMDIR_SAFE_FREE_MEMORY(pAuthenticatedUsersSid);
+    VMDIR_SAFE_FREE_MEMORY(pDomainAdmins);
+    VMDIR_SAFE_FREE_MEMORY(pDomainClients);
+    VMDIR_SAFE_FREE_MEMORY(pBuiltInAdmins);
+    VMDIR_SAFE_FREE_MEMORY(pPrimaryDomainAdminSid);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildTokenGroups() failed, entry DN (%s), error code (%d)",
-                     pEntry ? pEntry->dn.lberbv.bv_val : "NULL", dwError );
+    VMDIR_SAFE_FREE_MEMORY(pDacl);
+    goto cleanup;
+}
+
+//
+// Copy existing ACEs from a src DACL to a destination DACL.
+//
+DWORD
+_VmDirCopyAces(
+    PACL pSrcDacl,
+    PACL pDestDacl
+    )
+{
+    DWORD dwError = 0;
+    PSID aceSid = NULL;
+    PACE_HEADER pAceHeader = NULL;
+    ACCESS_MASK mask = 0;
+    PACCESS_ALLOWED_ACE aceAllow = NULL;
+    PACCESS_DENIED_ACE aceDeny = NULL;
+    DWORD dwAceIndex = 0;
+    DWORD dwAceCount = 0;
+
+    dwAceCount = RtlGetAclAceCount(pSrcDacl);
+    for (dwAceIndex = 0; dwAceIndex < dwAceCount; dwAceIndex++)
+    {
+        dwError = VmDirGetAce(pSrcDacl, dwAceIndex, &pAceHeader);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_SAFE_FREE_MEMORY(pLocalTokenGroups);
+        switch (pAceHeader->AceType)
+        {
+            case ACCESS_ALLOWED_ACE_TYPE:
+                aceAllow = (PACCESS_ALLOWED_ACE)pAceHeader;
+                mask = aceAllow->Mask;
+                aceSid = (PSID)&aceAllow->SidStart;
+                dwError = VmDirAddAccessAllowedAceEx(
+                             pDestDacl,
+                             ACL_REVISION,
+                             aceAllow->Header.AceFlags,
+                             mask,
+                             aceSid);
+                BAIL_ON_VMDIR_ERROR(dwError);
+                break;
+
+            case ACCESS_DENIED_ACE_TYPE:
+                aceDeny = (PACCESS_DENIED_ACE)pAceHeader;
+                mask = aceDeny->Mask;
+                aceSid = (PSID)&aceDeny->SidStart;
+
+                dwError = VmDirAddAccessDeniedAceEx(
+                             pDestDacl,
+                             ACL_REVISION,
+                             aceDeny->Header.AceFlags,
+                             mask,
+                             aceSid);
+                BAIL_ON_VMDIR_ERROR(dwError);
+                break;
+        }
+    }
+
+cleanup:
+    return dwError;
 
+error:
     goto cleanup;
 }
 
-static
 DWORD
-VmDirBuildDefaultDaclForEntry(
-    PSID    pOwnerSid, // system Administrator SID, at least in our context
-    PSTR    pszAdminsGroupSid,
-    PACL *  ppDacl
+VmDirAddAceToSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc,
+    PCSTR pszDomainAdminDn,
+    ACCESS_MASK amAccess
     )
 {
-    DWORD   dwError = ERROR_SUCCESS;
-    DWORD   dwSizeDacl = 0;
-    PSID    pBuiltInAdmins = NULL;
-    PSID    pSelfSid = NULL;
-    DWORD   dwSidCount = 0;
-    PACL    pDacl = NULL;
-
-    assert(pOwnerSid);
-    dwSidCount++;
+    PSID pPrimaryDomainAdminSid = NULL;
+    PSID pOwnerSid = NULL;
+    PSID pGroupSid = NULL;
+    DWORD dwError = 0;
+    PACL pDacl = NULL;
+    PACL pSacl = NULL;
+    PACL pNewDacl = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE pNewSecDescAbs = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel = NULL;
+    ULONG ulDaclLength = 0;
+    ULONG ulSaclLength = 0;
+    ULONG ulOwnerLength = 0;
+    ULONG ulGroupLength = 0;
+    ULONG ulLength = 0;
+
+    dwError = VmDirSelfRelativeToAbsoluteSD(
+                pSecDesc,
+                NULL,
+                &ulLength,
+                NULL,
+                &ulDaclLength,
+                NULL,
+                &ulSaclLength,
+                NULL,
+                &ulOwnerLength,
+                NULL,
+                &ulGroupLength);
+    if (dwError != ERROR_INSUFFICIENT_BUFFER)
+    {
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-    dwError = VmDirAllocateSidFromCString(VMDIR_SELF_SID, &pSelfSid);
+    dwError = VmDirAllocateMemory(ulLength, (PVOID*)&pSecDescAbs);
     BAIL_ON_VMDIR_ERROR(dwError);
-    dwSidCount++;
 
-    dwError = VmDirAllocateSidFromCString(pszAdminsGroupSid, &pBuiltInAdmins);
+    dwError = VmDirAllocateMemory(ulDaclLength, (PVOID*)&pDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
-    dwSidCount++;
 
-    dwSizeDacl = ACL_HEADER_SIZE +
-        dwSidCount * sizeof(ACCESS_ALLOWED_ACE) +
-        VmDirLengthSid(pOwnerSid) +
-        VmDirLengthSid(pSelfSid) +
-        VmDirLengthSid(pBuiltInAdmins) -
-        dwSidCount * sizeof(ULONG);
+    //
+    // We don't use the SACL by default so this will usually be zero.
+    //
+    if (ulSaclLength != 0)
+    {
+        dwError = VmDirAllocateMemory(ulSaclLength, (PVOID*)&pSacl);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-    dwError = VmDirAllocateMemory(dwSizeDacl, (PVOID*)&pDacl);
+    dwError = VmDirAllocateMemory(ulOwnerLength, (PVOID*)&pOwnerSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateAcl(pDacl, dwSizeDacl, ACL_REVISION);
+    dwError = VmDirAllocateMemory(ulGroupLength, (PVOID*)&pGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Note: This is a useful ACL which is REALLY used in RtlAccessCheck()
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         0,
-                                         VMDIR_ENTRY_ALL_ACCESS,
-                                         pOwnerSid);
+    dwError = VmDirSelfRelativeToAbsoluteSD(
+                pSecDesc,
+                pSecDescAbs,
+                &ulLength,
+                pDacl,
+                &ulDaclLength,
+                pSacl,
+                &ulSaclLength,
+                pOwnerSid,
+                &ulOwnerLength,
+                pGroupSid,
+                &ulGroupLength);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Note: This is really NOT a useful ACL because today group memberships are NOT set in the access token
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         0,
-                                         VMDIR_ENTRY_ALL_ACCESS,
-                                         pBuiltInAdmins);
+    dwError = VmDirCreateSecurityDescriptorAbsolute(&pNewSecDescAbs);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         0,
-                                         VMDIR_RIGHT_DS_READ_PROP |
-                                         VMDIR_RIGHT_DS_WRITE_PROP,
-                                         pSelfSid);
+    dwError = VmDirGetObjectSidFromDn(pszDomainAdminDn, &pPrimaryDomainAdminSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    *ppDacl = pDacl;
+    ulDaclLength += sizeof(ACCESS_ALLOWED_ACE) + VmDirLengthSid(pPrimaryDomainAdminSid);
+    dwError = VmDirAllocateMemory(ulDaclLength, (PVOID*)&pNewDacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pSelfSid);
-    VMDIR_SAFE_FREE_MEMORY(pBuiltInAdmins);
+    dwError = VmDirCreateAcl(pNewDacl, ulDaclLength, ACL_REVISION);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    return dwError;
+    dwError = _VmDirCopyAces(pDacl, pNewDacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-error:
-    VMDIR_SAFE_FREE_MEMORY(pDacl);
+    dwError = VmDirAddAccessAllowedAceEx(pNewDacl,
+                                         ACL_REVISION,
+                                         0,
+                                         amAccess,
+                                         pPrimaryDomainAdminSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    goto cleanup;
-}
+    dwError = VmDirSetOwnerSecurityDescriptor(pNewSecDescAbs, pOwnerSid, FALSE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pOwnerSid = NULL;
 
-static
-DWORD
-VmDirSrvCreateAccessTokenForWellKnowObject(
-    PACCESS_TOKEN * ppToken,
-    PSTR            pszWellknownObjectSid
-    )
-{
-    DWORD               dwError = ERROR_SUCCESS;
-    PACCESS_TOKEN       pToken = NULL;
-    TOKEN_USER          user = {{0}};
-    TOKEN_OWNER         owner = {0};
-    TOKEN_GROUPS        groups = {0};
-    TOKEN_PRIVILEGES    privileges = {0};
-    TOKEN_PRIMARY_GROUP primaryGroup = {0};
-    TOKEN_DEFAULT_DACL  dacl = {0};
-
-    dwError = VmDirAllocateSidFromCString(pszWellknownObjectSid, &user.User.Sid);
+    dwError = VmDirSetGroupSecurityDescriptor(pNewSecDescAbs, pGroupSid, FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
+    pGroupSid = NULL;
 
-    dwError = VmDirCreateAccessToken(&pToken,
-                                     &user,
-                                     &groups,
-                                     &privileges,
-                                     &owner,
-                                     &primaryGroup,
-                                     &dacl);
+    dwError = VmDirSetDaclSecurityDescriptor(pNewSecDescAbs,
+                                             TRUE,
+                                             pNewDacl,
+                                             FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
+    pNewDacl = NULL;
 
-    *ppToken = pToken;
+    ulLength = 0;
+    dwError = VmDirAbsoluteToSelfRelativeSD(pNewSecDescAbs,
+                                            NULL,
+                                            &ulLength);
+    if (dwError == ERROR_INSUFFICIENT_BUFFER)
+    {
+        dwError = VmDirAllocateMemory(ulLength, (PVOID*)&pSecDescRel);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
+        dwError = VmDirAbsoluteToSelfRelativeSD(pNewSecDescAbs,
+                                                pSecDescRel,
+                                                &ulLength);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirSetSecurityDescriptorForEntry(pEntry,
+                                                 OWNER_SECURITY_INFORMATION |
+                                                    GROUP_SECURITY_INFORMATION |
+                                                    DACL_SECURITY_INFORMATION,
+                                                 pSecDescRel,
+                                                 ulLength);
+    BAIL_ON_VMDIR_ERROR(dwError);
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pOwnerSid);
+    VMDIR_SAFE_FREE_MEMORY(pGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pPrimaryDomainAdminSid);
+    VMDIR_SAFE_FREE_MEMORY(pDacl);
+    VMDIR_SAFE_FREE_MEMORY(pSacl);
+    VMDIR_SAFE_FREE_MEMORY(pNewDacl);
+    VMDIR_SAFE_FREE_MEMORY(pSecDescRel);
+    VMDIR_SAFE_FREE_MEMORY(pSecDescAbs);
+    VmDirFreeAbsoluteSecurityDescriptor(&pNewSecDescAbs);
     return dwError;
 
 error:
-    *ppToken = NULL;
-
-    if (pToken)
-    {
-        VmDirReleaseAccessToken(&pToken);
-    }
-
     goto cleanup;
 }
 
-/* Given a targetDN and the current bindedDN (the credentail represents the current user access)
- * return whether such bindedDN has adminRole to perform on the targetDN
- * pOperation is optional (to provide operation context if needed)
- *
+/*
+ * Given a targetDN and the current bindedDN (the credential represents the
+ * current user access) return whether such bindedDN has adminRole to perform
+ * on the targetDN.
  */
 DWORD
 VmDirSrvAccessCheckIsAdminRole(
@@ -994,17 +966,23 @@ VmDirSrvAccessCheckIsAdminRole(
 {
     DWORD   dwError = ERROR_SUCCESS;
     BOOLEAN bIsAdminRole = FALSE;
+    PVDIR_BACKEND_CTX pBECtx = NULL;
 
-    if (pOperation->opType != VDIR_OPERATION_TYPE_EXTERNAL)
+    if (pOperation != NULL)
     {
-        *pbIsAdminRole = TRUE;
-        goto cleanup;
-    }
+        if (pOperation->opType != VDIR_OPERATION_TYPE_EXTERNAL)
+        {
+            *pbIsAdminRole = TRUE;
+            goto cleanup;
+        }
 
-    if ( pOperation->conn->bIsAnonymousBind ) // anonymous bind
-    {
-       *pbIsAdminRole = FALSE;
-       goto cleanup;
+        if ( pOperation->conn->bIsAnonymousBind ) // anonymous bind
+        {
+            *pbIsAdminRole = FALSE;
+            goto cleanup;
+        }
+
+        pBECtx = pOperation->pBECtx;
     }
 
     if (IsNullOrEmptyString(pszNormTargetDN))
@@ -1016,9 +994,9 @@ VmDirSrvAccessCheckIsAdminRole(
     BAIL_ON_INVALID_ACCESSINFO(pAccessInfo, dwError);
 
     //Check whether bindedDN is member of build-in administrators group
-    dwError = VmDirIsBindDnMemberOfSystemDomainAdmins(pOperation->pBECtx,
-                                                pAccessInfo,
-                                                &bIsAdminRole);
+    dwError = VmDirIsBindDnMemberOfSystemDomainAdmins(pBECtx,
+                                                      pAccessInfo,
+                                                      &bIsAdminRole);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (bIsAdminRole)
@@ -1056,7 +1034,7 @@ VmDirSrvAccessCheckIsAdminRole(
  * (i.e.: resulted by doing a successful bind in an operation) */
 BOOLEAN
 VmDirIsFailedAccessInfo(
-    PVDIR_ACCESS_INFO pAccessInfo
+    PVDIR_ACCESS_INFO   pAccessInfo
     )
 {
 
@@ -1092,7 +1070,6 @@ VmDirIsFailedAccessInfo(
  * '&(pszAttrFilterName1=pszAttrFilterVal1)(pszAttrFilterName2=pszAttrFilterVal2)'
  * return the found pEntry
  */
-static
 DWORD
 VmDirIsBindDnMemberOfSystemDomainAdmins(
     PVDIR_BACKEND_CTX   pBECtx,
@@ -1190,27 +1167,3 @@ VmDirIsBindDnMemberOfSystemDomainAdmins(
 
     goto cleanup;
 }
-
-static
-DWORD
-VmDirCreateAccessToken(
-    PACCESS_TOKEN *         AccessToken,
-    PTOKEN_USER             User,
-    PTOKEN_GROUPS           Groups,
-    PTOKEN_PRIVILEGES       Privileges,
-    PTOKEN_OWNER            Owner,
-    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
-    PTOKEN_DEFAULT_DACL     DefaultDacl
-    )
-{
-    return LwNtStatusToWin32Error(RtlCreateAccessToken(
-                                   AccessToken,
-                                   User,
-                                   Groups,
-                                   Privileges,
-                                   Owner,
-                                   PrimaryGroup,
-                                   DefaultDacl,
-                                   NULL));
-}
-
diff --git a/lwraft/server/acl/includes.h b/lwraft/server/acl/includes.h
index f7a77d6f2..fbcc029c6 100644
--- a/lwraft/server/acl/includes.h
+++ b/lwraft/server/acl/includes.h
@@ -83,6 +83,8 @@
 #include <lber-int.h>
 
 #define LW_STRICT_NAMESPACE
+#include <lw/ntstatus.h>
+#include <lw/rtlmemory.h>
 #include <lw/types.h>
 #include <lw/hash.h>
 #include <lw/security-types.h>
diff --git a/lwraft/server/acl/objectsid.c b/lwraft/server/acl/objectsid.c
index 59e3d2bd4..56e30c173 100644
--- a/lwraft/server/acl/objectsid.c
+++ b/lwraft/server/acl/objectsid.c
@@ -36,12 +36,6 @@ VmDirGenerateDomainGuidSid_inlock(
     PSTR*   ppszDomainSid
     );
 
-DWORD
-VmDirGenerateObjectRid(
-    PDWORD  pdwRidSequence,
-    PDWORD  pdwObjectRid
-    );
-
 DWORD
 _VmDirAllocateSidGenStackNode(
     PVMDIR_SID_GEN_STACK_NODE *ppSidGenStackNode,
@@ -418,13 +412,12 @@ VmDirGenerateWellknownSid(
     BAIL_ON_VMDIR_ERROR(dwError);
     assert(pSidGenState!=NULL);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszWellKnownSid,
                     "%s-%u",
                     pSidGenState->pszDomainSid,
                     dwWellKnowRid
                     );
-
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszWellKnownSid = pszWellKnownSid;
@@ -693,36 +686,3 @@ VmDirGenerateDomainGuidSid_inlock(
     *ppszDomainSid = NULL;
     goto cleanup;
 }
-
-/*
- * Get the next value from our per-domain counter. This value constitutes
- * part of the object's SID.
- */
-DWORD
-VmDirGenerateObjectRid(
-    PDWORD pdwRidSequence,
-    PDWORD pdwObjectRid
-    )
-{
-    DWORD dwError = 0;
-    DWORD dwRid = *pdwRidSequence;
-
-    // Check to see whether current Rid hits the MAX
-    if (dwRid+1 > MAX_RID_SEQUENCE)
-    {
-        dwError = ERROR_RID_LIMIT_EXCEEDED;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwRid++;
-    *pdwRidSequence = dwRid;
-    *pdwObjectRid = dwRid;
-
-error:
-    if (dwError)
-    {
-        *pdwObjectRid = 0;
-    }
-
-    return dwError;
-}
diff --git a/lwraft/server/acl/prototypes.h b/lwraft/server/acl/prototypes.h
index 60e97b066..fb028782d 100644
--- a/lwraft/server/acl/prototypes.h
+++ b/lwraft/server/acl/prototypes.h
@@ -44,28 +44,13 @@ VmDirSyncRIDSeqToDB(
     );
 
 // acl.c
-
 DWORD
 VmDirGetObjectSidFromDn(
     PCSTR pszObjectDn,
     PSID* ppSid
     );
 
-DWORD
-VmDirGetObjectSidFromEntry(
-    PVDIR_ENTRY pEntry,
-    PSTR* ppszObjectSid, /* Optional */
-    PSID* ppSid /* Optional */
-    );
-
-DWORD
-VmDirSrvCreateAccessTokenWithDn(
-    PCSTR pszObjectDn,
-    PACCESS_TOKEN* ppToken
-    );
-
 // security.c
-
 DWORD
 VmDirSetSecurityDescriptorForEntry(
     PVDIR_ENTRY pEntry,
@@ -81,7 +66,6 @@ VmDirSecurityAclSelfRelativeToAbsoluteSD(
     );
 
 // objectSid.c
-
 void
 VmDirFindDomainRidSequenceWithDN(
     PCSTR pszDomainDN,
@@ -101,6 +85,18 @@ VmDirInitRidSynchThr(
     PVDIR_THREAD_INFO* ppThrInfo
     );
 
+// token.c
+DWORD
+VmDirCreateAccessToken(
+    PACCESS_TOKEN*          AccessToken,
+    PTOKEN_USER             User,
+    PTOKEN_GROUPS           Groups,
+    PTOKEN_PRIVILEGES       Privileges,
+    PTOKEN_OWNER            Owner,
+    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
+    PTOKEN_DEFAULT_DACL     DefaultDacl
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/acl/ridsyncthr.c b/lwraft/server/acl/ridsyncthr.c
index bd9905514..962f4a3ef 100644
--- a/lwraft/server/acl/ridsyncthr.c
+++ b/lwraft/server/acl/ridsyncthr.c
@@ -35,7 +35,7 @@ VmDirInitRidSynchThr(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirRidSyncThr,
                 pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/lwraft/server/acl/sdcalc.c b/lwraft/server/acl/sdcalc.c
new file mode 100644
index 000000000..8aec99eb0
--- /dev/null
+++ b/lwraft/server/acl/sdcalc.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+#include "includes.h"
+
+int
+VmDirGenerateAttrMetaData(
+    PVDIR_ENTRY    pEntry,
+    PSTR           pszAttributeName
+    );
+
+//
+// Takes an entry with a ATTR_ACL_STRING (which is an SDDL/text-based
+// security descriptor) and convert that string into a binary security
+// descriptor and then removes the ATTR_ACL_STRING attribute.
+//
+static
+DWORD
+_VmDirConvertAndRemoveSDDLAttribute(
+    PVDIR_ENTRY pEntry,
+    PVDIR_ATTRIBUTE pAclStringAttr,
+    PSECURITY_DESCRIPTOR_RELATIVE *ppSecDesc,
+    PULONG pulLength
+    )
+{
+    DWORD dwError = 0;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
+    ULONG ulLength = 0;
+
+    dwError = LwNtStatusToWin32Error(
+                RtlAllocateSecurityDescriptorFromSddlCString(
+                    &pSecDesc,
+                    &ulLength,
+                    pAclStringAttr->vals[0].lberbv.bv_val,
+                    SDDL_REVISION_1));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirEntryRemoveAttribute(pEntry, ATTR_ACL_STRING);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppSecDesc = pSecDesc;
+    *pulLength = ulLength;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirGetSecurityDescriptorAttribute(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE *ppSecDesc,
+    PULONG pulLength
+    )
+{
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
+    ULONG ulLength = 0;
+    PVDIR_ATTRIBUTE pSecDescAttr = NULL;
+    PVDIR_ATTRIBUTE pAclStringAttr = NULL;
+    DWORD dwError = 0;
+
+    pAclStringAttr = VmDirEntryFindAttribute(ATTR_ACL_STRING, pEntry);
+
+    //
+    // If there's an ATTR_OBJECT_SECURITY_DESCRIPTOR in the request use it.
+    // However, if there's also a ATTR_ACL_STRING return an error as both
+    // shouldn't be specified.
+    //
+    pSecDescAttr = VmDirEntryFindAttribute(ATTR_OBJECT_SECURITY_DESCRIPTOR, pEntry);
+    if (pSecDescAttr)
+    {
+        if (pAclStringAttr != NULL)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION);
+        }
+
+        pSecDesc = (PSECURITY_DESCRIPTOR_RELATIVE)pSecDescAttr->vals[0].lberbv.bv_val;
+        ulLength = (ULONG)pSecDescAttr->vals[0].lberbv.bv_len;
+
+        dwError = VmDirAllocateAndCopyMemory(pSecDesc, ulLength, (PVOID*)&pSecDesc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else if (pAclStringAttr)
+    {
+        //
+        // If there's an ATTR_ACL_STRING in the request convert it to a
+        // security descriptor and use it.
+        //
+        dwError = _VmDirConvertAndRemoveSDDLAttribute(
+                    pEntry,
+                    pAclStringAttr,
+                    &pSecDesc,
+                    &ulLength);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppSecDesc = pSecDesc;
+    *pulLength = ulLength;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirGetSchemaDefaultSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE *ppSecDesc,
+    PULONG pulLength
+    )
+{
+    DWORD dwError = 0;
+    PVDIR_ATTRIBUTE pAttr = NULL;
+    PVDIR_SCHEMA_OC_DESC pOCDesc = NULL;
+    PVDIR_ENTRY pOCEntry = NULL;
+    PSTR pszClassDn = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
+    ULONG ulLength = 0;
+
+    dwError = VmDirSchemaGetEntryStructureOCDesc(pEntry, &pOCDesc);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszClassDn,
+                "cn=%s,cn=schemacontext",
+                pOCDesc->pszName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSimpleDNToEntry(pszClassDn, &pOCEntry);
+    if (dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND)
+    {
+        //
+        // This is being called for the class object itself, so there's
+        // no backend object yet.
+        //
+        dwError = 0;
+        goto cleanup;
+    }
+
+    pAttr = VmDirFindAttrByName(pOCEntry, ATTR_DEFAULT_SECURITY_DESCRIPTOR);
+    if (pAttr)
+    {
+        dwError = LwNtStatusToWin32Error(
+                    RtlAllocateSecurityDescriptorFromSddlCString(
+                        &pSecDesc,
+                        &ulLength,
+                        pAttr->vals[0].lberbv.bv_val,
+                        SDDL_REVISION_1));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppSecDesc = pSecDesc;
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszClassDn);
+    VmDirFreeEntry(pOCEntry);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+BOOLEAN _VmDirIsContainer(
+    PVDIR_ENTRY pEntry
+    )
+{
+    DWORD i = 0;
+    BOOLEAN bContainer = FALSE;
+
+    PVDIR_ATTRIBUTE pAttr = NULL;
+
+    pAttr = VmDirFindAttrByName(pEntry, ATTR_OBJECT_CLASS);
+    if (pAttr != NULL)
+    {
+        for (i = 0; i < pAttr->numVals; i++)
+        {
+            if (VmDirStringCompareA(pAttr->vals[i].lberbv_val, OC_CONTAINER, FALSE) == 0)
+            {
+                bContainer = TRUE;
+                break;
+            }
+        }
+    }
+
+    return bContainer;
+}
+
+VOID
+_VmDirLogSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc
+    )
+{
+    PSTR pszAclString = NULL;
+    DWORD dwError = 0;
+
+    dwError = LwNtStatusToWin32Error(RtlAllocateSddlCStringFromSecurityDescriptor(
+                                        &pszAclString,
+                                        pSecDesc,
+                                        SDDL_REVISION_1,
+                                        OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION));
+    if (dwError == 0)
+    {
+        VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Calculated SD %s for entry %s\n", pszAclString, pEntry->dn.lberbv.bv_val);
+        VMDIR_SAFE_FREE_STRINGA(pszAclString);
+    }
+}
+
+/*
+ * If an explicit security descriptor is specified (either via the ATTR_ACL_STRING
+ * or ATTR_OBJECT_SECURITY_DESCRIPTOR attribute) then we'll use that. If one
+ * isn't specified, then we'll use the defaultSecurityDescriptor from the
+ * object's class's schema. If that doesn't exist then we'd normally use the SD
+ * from the creator's access token (this is what AD does) but that will always
+ * be NULL in our system (for now).
+ *
+ * Whatever DACL we get from the step above we then combine with any
+ * inheritable ACEs from the parent.
+ */
+DWORD
+VmDirComputeObjectSecurityDescriptor(
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ENTRY         pParentEntry
+    )
+{
+    DWORD           dwError = 0;
+    PVDIR_ATTRIBUTE pObjectSdAttr = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE pParentSecDesc = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE pComputedSecDesc = NULL;
+    ULONG ulLength = 0;
+    PACCESS_TOKEN pAccessToken = NULL;
+    PACCESS_TOKEN pAdminAccessToken = NULL;
+    SECURITY_INFORMATION SecInfoAll = (OWNER_SECURITY_INFORMATION |
+                                       GROUP_SECURITY_INFORMATION |
+                                       DACL_SECURITY_INFORMATION |
+                                       SACL_SECURITY_INFORMATION);
+
+    dwError = _VmDirGetSecurityDescriptorAttribute(pEntry, &pSecDesc, &ulLength);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pSecDesc == NULL)
+    {
+        dwError = _VmDirGetSchemaDefaultSecurityDescriptor(
+                    pEntry,
+                    &pSecDesc,
+                    &ulLength);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pParentEntry)
+    {
+        dwError = VmDirGetSecurityDescriptorForEntry(
+                    pParentEntry,
+                    SecInfoAll,
+                    &pParentSecDesc,
+                    &ulLength);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pParentSecDesc == NULL && pSecDesc == NULL)
+    {
+        //
+        // This particular error code is handled specially. We might want to
+        // change this to return success.
+        //
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NO_SECURITY_DESCRIPTOR);
+    }
+
+    if (!pAccessInfo || !pAccessInfo->pAccessToken)
+    {
+        dwError = VmDirSrvCreateAccessTokenForAdmin(&pAdminAccessToken);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pAccessToken = pAdminAccessToken;
+    }
+    else
+    {
+        pAccessToken = pAccessInfo->pAccessToken;
+    }
+
+    dwError = LwNtStatusToWin32Error(
+            RtlCreatePrivateObjectSecurityEx(
+                    pParentSecDesc,
+                    pSecDesc,
+                    &pComputedSecDesc,
+                    &ulLength,
+                    NULL,
+                    _VmDirIsContainer(pEntry),
+                    SEF_DACL_AUTO_INHERIT | SEF_DEFAULT_OWNER_FROM_PARENT | SEF_DEFAULT_GROUP_FROM_PARENT,
+                    pAccessToken,
+                    &gVmDirEntryGenericMapping));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    _VmDirLogSecurityDescriptor(pEntry, pComputedSecDesc);
+
+    dwError = VmDirAttributeAllocate(
+                    ATTR_OBJECT_SECURITY_DESCRIPTOR,
+                    1,
+                    pEntry->pSchemaCtx,
+                    &pObjectSdAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pObjectSdAttr->vals[0].lberbv.bv_val = (PSTR)pComputedSecDesc;
+    pObjectSdAttr->vals[0].lberbv.bv_len = ulLength;
+    pComputedSecDesc = NULL;
+
+    //
+    // Add a terminating NULL as some code assumes that these values are
+    // NULL-terminated, even though this value isn't a string.
+    //
+    dwError = VmDirReallocateMemoryWithInit(
+                    (PVOID)pObjectSdAttr->vals[0].lberbv.bv_val,
+                    (PVOID *)(&pObjectSdAttr->vals[0].lberbv.bv_val),
+                    pObjectSdAttr->vals[0].lberbv.bv_len+1,
+                    pObjectSdAttr->vals[0].lberbv.bv_len);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pObjectSdAttr->vals[0].bOwnBvVal = TRUE;
+
+    dwError = VmDirEntryAddAttribute(pEntry, pObjectSdAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pObjectSdAttr = NULL;
+
+cleanup:
+    if (pComputedSecDesc != NULL)
+    {
+        LwRtlMemoryFree(pComputedSecDesc);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pParentSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(pSecDesc);
+    VmDirReleaseAccessToken(&pAdminAccessToken);
+    return dwError;
+
+error:
+    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
+    {
+        // Some initial objects created during startup/vdcpromo do not have SD. Their SD is setup after cn=Administrator,...
+        // object is created
+        VMDIR_LOG_WARNING( LDAP_DEBUG_ACL, "%s failed for (%s), error code (%d)",
+                __FUNCTION__, VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val), dwError );
+    }
+    else
+    {
+        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s failed for (%s), error code (%d)",
+                __FUNCTION__, VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val), dwError );
+    }
+
+    if (pObjectSdAttr)
+    {
+        VmDirFreeAttribute(pObjectSdAttr);
+    }
+
+    // ignore if cannot find a SD from parentEntry (during instance set up
+    // parent does not have SD, until an admin can be created to generate SD
+    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
+    {
+        dwError = 0;
+    }
+
+    goto cleanup;
+}
diff --git a/lwraft/server/acl/security.c b/lwraft/server/acl/security.c
index 464f1b1ab..d6e671981 100644
--- a/lwraft/server/acl/security.c
+++ b/lwraft/server/acl/security.c
@@ -34,14 +34,6 @@ VmDirInternalUpdateObjectSD(
     ULONG ulSecDescRel
     );
 
-static
-DWORD
-VmDirSetEntrySecurityDescriptor(
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
-    ULONG ulSecDescToSetLen
-    );
-
 DWORD
 VmDirGetSecurityDescriptorForEntry(
     PVDIR_ENTRY pEntry,
@@ -143,10 +135,8 @@ VmDirGetSecurityDescriptorForEntry(
 
 DWORD
 VmDirSetSecurityDescriptorForDn(
-    PCSTR pszObjectDn,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel,
-    ULONG ulSecDescRel
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     )
 {
     DWORD dwError = ERROR_SUCCESS;
@@ -155,23 +145,65 @@ VmDirSetSecurityDescriptorForDn(
     dwError = VmDirSimpleDNToEntry(pszObjectDn, &pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSetSecurityDescriptorForEntry(pEntry,
-                                                 SecurityInformation,
-                                                 pSecDescRel,
-                                                 ulSecDescRel);
+    dwError = VmDirSetSecurityDescriptorForEntry(
+            pEntry,
+            pSecDesc->SecInfo,
+            pSecDesc->pSecDesc,
+            pSecDesc->ulSecDesc);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    if (pEntry)
+    VmDirFreeEntry(pEntry);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+//
+// Sets the security descriptor for object <pszObjectDn> and all objects
+// below it (if any).
+//
+DWORD
+VmDirSetRecursiveSecurityDescriptorForDn(
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
+    )
+{
+    DWORD dwError = 0;
+    VDIR_ENTRY_ARRAY entryArray = {0};
+    int iCnt = 0;
+    PVDIR_BACKEND_INTERFACE pBE = NULL;
+
+    dwError = VmDirFilterInternalSearch(pszObjectDn,
+                                        LDAP_SCOPE_SUBTREE,
+                                        "objectClass=*",
+                                        0,
+                                        NULL,
+                                        &entryArray);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pBE = VmDirBackendSelect(NULL);
+    dwError = pBE->pfnBEConfigureFsync(FALSE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (iCnt = 0; iCnt < entryArray.iSize; iCnt++)
     {
-        VmDirFreeEntry(pEntry);
+        dwError = VmDirSetSecurityDescriptorForEntry(
+                    &entryArray.pEntry[iCnt],
+                    pSecDesc->SecInfo,
+                    pSecDesc->pSecDesc,
+                    pSecDesc->ulSecDesc);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+cleanup:
+    dwError = pBE->pfnBEConfigureFsync(TRUE);
+    VmDirFreeEntryArrayContent(&entryArray);
     return dwError;
 
 error:
     goto cleanup;
-
 }
 
 // This function is only used internally to add SD for a given entry during
@@ -256,7 +288,7 @@ VmDirSetSecurityDescriptorForEntry(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Update pEntry SD cache
-    dwError = VmDirSetEntrySecurityDescriptor(pEntry, pSecDescRelToSet, ulSecDescToSetLen);
+    dwError = VmDirEntryCacheSecurityDescriptor(pEntry, pSecDescRelToSet, ulSecDescToSetLen);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 error:
@@ -266,6 +298,74 @@ VmDirSetSecurityDescriptorForEntry(
     return dwError;
 }
 
+DWORD
+VmDirSetDefaultSecurityDescriptorForClass(
+    PSTR                        pszClassName,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszClassDN = NULL;
+    PSTR    pszSecDesc = NULL;
+    VDIR_BERVALUE   berval = VDIR_BERVALUE_INIT;
+    VDIR_OPERATION  ldapOp = {0};
+
+    if (IsNullOrEmptyString(pszClassName) || !pSecDesc || !pSecDesc->SecInfo)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!VmDirValidRelativeSecurityDescriptor(
+            pSecDesc->pSecDesc, pSecDesc->ulSecDesc, pSecDesc->SecInfo))
+    {
+        dwError = ERROR_INVALID_SECURITY_DESCR;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszClassDN, "cn=%s,cn=schemacontext", pszClassName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInitStackOperation(
+            &ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ldapOp.pBEIF = VmDirBackendSelect(NULL);
+    ldapOp.bSuppressLogInfo = TRUE;
+    ldapOp.reqDn.lberbv_val = pszClassDN;
+    ldapOp.reqDn.lberbv_len = VmDirStringLenA(pszClassDN);
+    ldapOp.request.modifyReq.dn.lberbv_val = ldapOp.reqDn.lberbv_val;
+    ldapOp.request.modifyReq.dn.lberbv_len = ldapOp.reqDn.lberbv_len;
+
+    dwError = VmDirAllocateSddlCStringFromSecurityDescriptor(
+            pSecDesc->pSecDesc, SDDL_REVISION_1, 255, &pszSecDesc);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszSecDesc, &berval);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirOperationAddModReq(
+            &ldapOp, MOD_OP_ADD, ATTR_DEFAULT_SECURITY_DESCRIPTOR, &berval, 1);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInternalModifyEntry(&ldapOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszClassDN);
+    VMDIR_SAFE_FREE_MEMORY(pszSecDesc);
+    VmDirFreeOperationContent(&ldapOp);
+    VmDirFreeBervalContent(&berval);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s failed for (%s), error code (%d)",
+            __FUNCTION__, VDIR_SAFE_STRING(pszClassName), dwError );
+
+    goto cleanup;
+}
+
 DWORD
 VmDirSecurityAclSelfRelativeToAbsoluteSD(
     PSECURITY_DESCRIPTOR_ABSOLUTE *ppAbsolute,
@@ -303,12 +403,7 @@ VmDirSecurityAclSelfRelativeToAbsoluteSD(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateMemory(SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE, (PVOID*)&pAbsolute);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateSecurityDescriptorAbsolute(
-                  pAbsolute,
-                  SECURITY_DESCRIPTOR_REVISION);
+    dwError = VmDirCreateSecurityDescriptorAbsolute(&pAbsolute);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (ulDaclSize)
@@ -364,6 +459,46 @@ VmDirSecurityAclSelfRelativeToAbsoluteSD(
     goto cleanup;
 }
 
+DWORD
+VmDirEntryCacheSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
+    ULONG ulSecDescToSetLen
+    )
+{
+    DWORD dwError = ERROR_SUCCESS;
+
+    if (!pEntry->pAclCtx)
+    {
+        dwError = VmDirAllocateMemory(sizeof(*pEntry->pAclCtx), (PVOID*)&pEntry->pAclCtx);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        VmDirAclCtxContentFree(pEntry->pAclCtx);
+    }
+
+    dwError = VmDirAllocateMemory(ulSecDescToSetLen, (PVOID*)&pEntry->pAclCtx->pSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCopyMemory(
+            pEntry->pAclCtx->pSecurityDescriptor,
+            ulSecDescToSetLen,
+            pSecDescRelToSet,
+            ulSecDescToSetLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry->pAclCtx->ulSecDescLength = ulSecDescToSetLen;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirAclCtxContentFree(pEntry->pAclCtx);
+    VMDIR_SAFE_FREE_MEMORY(pEntry->pAclCtx);
+    goto cleanup;
+}
+
 // Grab SD information from back-end
 static
 DWORD
@@ -485,42 +620,3 @@ VmDirInternalUpdateObjectSD(
 error:
     goto cleanup;
 }
-
-static
-DWORD
-VmDirSetEntrySecurityDescriptor(
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
-    ULONG ulSecDescToSetLen
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-
-	if (!pEntry->pAclCtx)
-    {
-		dwError = VmDirAllocateMemory(sizeof(*pEntry->pAclCtx), (PVOID*)&pEntry->pAclCtx);
-	    BAIL_ON_VMDIR_ERROR(dwError);
-    }
-	else
-	{
-        VmDirAclCtxContentFree(pEntry->pAclCtx);
-	}
-
-    dwError = VmDirAllocateMemory(ulSecDescToSetLen, (PVOID*)&pEntry->pAclCtx->pSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    dwError = VmDirCopyMemory(
-        pEntry->pAclCtx->pSecurityDescriptor, ulSecDescToSetLen,
-        pSecDescRelToSet, ulSecDescToSetLen );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pEntry->pAclCtx->ulSecDescLength = ulSecDescToSetLen;
-
-error:
-    if (dwError != ERROR_SUCCESS)
-    {
-        VmDirAclCtxContentFree(pEntry->pAclCtx);
-        VMDIR_SAFE_FREE_MEMORY(pEntry->pAclCtx);
-    }
-
-    return dwError;
-}
diff --git a/lwraft/server/acl/token.c b/lwraft/server/acl/token.c
new file mode 100644
index 000000000..ef9b033f5
--- /dev/null
+++ b/lwraft/server/acl/token.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+#include "includes.h"
+
+static
+DWORD
+_VmDirBuildTokenGroups(
+    PVDIR_ENTRY     pEntry,
+    PCSTR           pszBuiltinUsersGroupSid,
+    PTOKEN_GROUPS*  ppTokenGroups
+    );
+
+static
+VOID
+_VmDirFreeTokenGroups(
+    PTOKEN_GROUPS   pGroups
+    );
+
+DWORD
+VmDirSrvCreateAccessTokenWithEntry(
+    PVDIR_ENTRY     pEntry,
+    PACCESS_TOKEN*  ppToken,
+    PSTR*           ppszObjectSid
+    )
+{
+    DWORD               dwError = ERROR_SUCCESS;
+    PACCESS_TOKEN       pToken = NULL;
+    TOKEN_USER          user = {{0}};
+    TOKEN_OWNER         owner = {0};
+    PTOKEN_GROUPS       pGroups = {0};
+    TOKEN_PRIVILEGES    privileges = {0};
+    TOKEN_PRIMARY_GROUP primaryGroup = {0};
+    TOKEN_DEFAULT_DACL  dacl = {0};
+    PSTR                pszObjectSid = NULL;
+    PSTR                pszBuiltinUsersGroupSid = NULL;
+    PCSTR               pszDomainDn = NULL;
+
+    if (!pEntry || !ppToken || !ppszObjectSid)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pToken = *ppToken;
+
+    if (pToken)
+    {
+        dwError = ERROR_TOKEN_IN_USE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirGetObjectSidFromEntry(
+            pEntry, &pszObjectSid, &user.User.Sid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    owner.Owner = user.User.Sid;
+
+    pszDomainDn = VmDirSearchDomainDN(BERVAL_NORM_VAL(pEntry->dn));
+    if (!pszDomainDn)
+    {
+        dwError = VMDIR_ERROR_DOMAIN_NOT_FOUND;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDn,
+            VMDIR_DOMAIN_ALIAS_RID_USERS,
+            &pszBuiltinUsersGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // The primary group should be built-in\Users for all users.
+    dwError = VmDirAllocateSidFromCString(
+            pszBuiltinUsersGroupSid, &primaryGroup.PrimaryGroup);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirBuildTokenGroups(
+            pEntry, pszBuiltinUsersGroupSid, &pGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCreateAccessToken(
+            &pToken,
+            &user,
+            pGroups,
+            &privileges,
+            &owner,
+            &primaryGroup,
+            &dacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszObjectSid = pszObjectSid;
+    *ppToken = pToken;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
+    VMDIR_SAFE_FREE_MEMORY(primaryGroup.PrimaryGroup);
+    VMDIR_SAFE_FREE_MEMORY(pszBuiltinUsersGroupSid);
+    _VmDirFreeTokenGroups(pGroups);
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszObjectSid);
+    VmDirReleaseAccessToken(&pToken);
+    goto cleanup;
+}
+
+DWORD
+VmDirSrvCreateAccessTokenForWellKnowObject(
+    PACCESS_TOKEN*  ppToken,
+    PCSTR           pszWellknownObjectSid
+    )
+{
+    DWORD               dwError = ERROR_SUCCESS;
+    PACCESS_TOKEN       pToken = NULL;
+    TOKEN_USER          user = {{0}};
+    TOKEN_OWNER         owner = {0};
+    TOKEN_GROUPS        groups = {0};
+    TOKEN_PRIVILEGES    privileges = {0};
+    TOKEN_PRIMARY_GROUP primaryGroup = {0};
+    TOKEN_DEFAULT_DACL  dacl = {0};
+
+    dwError = VmDirAllocateSidFromCString(pszWellknownObjectSid, &user.User.Sid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCreateAccessToken(&pToken,
+                                     &user,
+                                     &groups,
+                                     &privileges,
+                                     &owner,
+                                     &primaryGroup,
+                                     &dacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppToken = pToken;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
+
+    return dwError;
+
+error:
+    *ppToken = NULL;
+
+    if (pToken)
+    {
+        VmDirReleaseAccessToken(&pToken);
+    }
+
+    goto cleanup;
+}
+
+DWORD
+VmDirSrvCreateAccessTokenForAdmin(
+    PACCESS_TOKEN*  ppToken
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszAdministratorSid = NULL;
+    PSTR    pszBuiltInAdminsGroupSid = NULL;
+    PSTR    pszBuiltInUsersGroupSid = NULL;
+    TOKEN_USER      user = {{0}};
+    TOKEN_OWNER     owner = {0};
+    PTOKEN_GROUPS   pGroups = NULL;
+    TOKEN_PRIVILEGES    privileges = {0};
+    TOKEN_PRIMARY_GROUP primaryGroup = {0};
+    TOKEN_DEFAULT_DACL  dacl = {0};
+    PACCESS_TOKEN   pToken = NULL;
+
+    // build user token
+    dwError = VmDirGenerateWellknownSid(
+            gVmdirServerGlobals.systemDomainDN.lberbv.bv_val,
+            VMDIR_DOMAIN_USER_RID_ADMIN,
+            &pszAdministratorSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateSidFromCString(
+            pszAdministratorSid, &user.User.Sid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    owner.Owner = user.User.Sid;
+
+    // build group token
+    dwError = VmDirAllocateMemory(
+            sizeof(TOKEN_GROUPS) + sizeof(SID_AND_ATTRIBUTES),
+            (PVOID*)&pGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pGroups->GroupCount = 1;
+
+    dwError = VmDirGenerateWellknownSid(
+            gVmdirServerGlobals.systemDomainDN.lberbv.bv_val,
+            VMDIR_DOMAIN_ALIAS_RID_ADMINS,
+            &pszBuiltInAdminsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateSidFromCString(
+            pszBuiltInAdminsGroupSid, &pGroups->Groups[0].Sid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pGroups->Groups[0].Attributes = SE_GROUP_ENABLED; // TODO should be set on the basis of status of the group?
+
+    // build primary group token (built-in users)
+    dwError = VmDirGenerateWellknownSid(
+            gVmdirServerGlobals.systemDomainDN.lberbv.bv_val,
+            VMDIR_DOMAIN_ALIAS_RID_USERS,
+            &pszBuiltInUsersGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateSidFromCString(
+            pszBuiltInUsersGroupSid, &primaryGroup.PrimaryGroup);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCreateAccessToken(
+            &pToken, &user, pGroups, &privileges, &owner, &primaryGroup, &dacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppToken = pToken;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAdministratorSid);
+    VMDIR_SAFE_FREE_MEMORY(pszBuiltInAdminsGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszBuiltInUsersGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
+    VMDIR_SAFE_FREE_MEMORY(pGroups->Groups[0].Sid);
+    VMDIR_SAFE_FREE_MEMORY(pGroups);
+    VMDIR_SAFE_FREE_MEMORY(primaryGroup.PrimaryGroup);
+    return dwError;
+
+error:
+    if (pToken)
+    {
+        VmDirReleaseAccessToken(&pToken);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDirCreateAccessToken(
+    PACCESS_TOKEN*          AccessToken,
+    PTOKEN_USER             User,
+    PTOKEN_GROUPS           Groups,
+    PTOKEN_PRIVILEGES       Privileges,
+    PTOKEN_OWNER            Owner,
+    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
+    PTOKEN_DEFAULT_DACL     DefaultDacl
+    )
+{
+    return LwNtStatusToWin32Error(
+            RtlCreateAccessToken(
+                    AccessToken,
+                    User,
+                    Groups,
+                    Privileges,
+                    Owner,
+                    PrimaryGroup,
+                    DefaultDacl,
+                    NULL));
+}
+
+//
+// Builds up a list of all the groups this user is a member of. All users
+// (anyone who doesn't login anonymously) automatically are members of their
+// domain's "Users" group and the global "Authenticated Users" group. All other
+// memberships are explicit (dictated by the "memberOf" attribute).
+//
+static
+DWORD
+_VmDirBuildTokenGroups(
+    PVDIR_ENTRY     pEntry,
+    PCSTR           pszBuiltinUsersGroupSid,
+    PTOKEN_GROUPS*  ppTokenGroups
+    )
+{
+    DWORD   dwError = ERROR_SUCCESS;
+    DWORD   dwDefaultGroupCount = 0;
+    DWORD   dwEntryGroupCount = 0;
+    DWORD   dwTotalGroupCount = 0;
+    DWORD   i = 0, j = 0;
+    BOOLEAN bHasTxn = FALSE;
+    VDIR_OPERATION  searchOp = {0};
+    PVDIR_ATTRIBUTE pMemberOfAttr = NULL;
+    PVDIR_ENTRY     pGroupEntry = NULL;
+    PTOKEN_GROUPS   pTokenGroups = NULL;
+    PCSTR   ppszDefaultGroups[] = {pszBuiltinUsersGroupSid, VMDIR_AUTHENTICATED_USER_SID};
+
+    if (!pEntry || !ppTokenGroups || IsNullOrEmptyString(pszBuiltinUsersGroupSid))
+    {
+        dwError =  VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirInitStackOperation(
+            &searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    searchOp.pBEIF = VmDirBackendSelect(NULL);
+
+    // begin txn
+    dwError = searchOp.pBEIF->pfnBETxnBegin(searchOp.pBECtx, VDIR_BACKEND_TXN_READ);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    bHasTxn = TRUE;
+
+    dwError = VmDirBuildMemberOfAttribute(&searchOp, pEntry, &pMemberOfAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // commit txn
+    dwError = searchOp.pBEIF->pfnBETxnCommit(searchOp.pBECtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    bHasTxn = FALSE;
+
+    dwDefaultGroupCount = VMDIR_ARRAY_SIZE(ppszDefaultGroups);
+    dwEntryGroupCount = pMemberOfAttr ? pMemberOfAttr->numVals : 0;
+    dwTotalGroupCount = dwDefaultGroupCount + dwEntryGroupCount;
+
+    dwError = VmDirAllocateMemory(
+            sizeof(TOKEN_GROUPS) +
+            (sizeof(SID_AND_ATTRIBUTES) * dwTotalGroupCount),
+            (PVOID*)&pTokenGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pTokenGroups->GroupCount = dwTotalGroupCount;
+
+    for (i = 0; i < dwDefaultGroupCount; i++)
+    {
+        dwError = VmDirAllocateSidFromCString(
+                ppszDefaultGroups[i],
+                &pTokenGroups->Groups[i].Sid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pTokenGroups->Groups[i].Attributes = SE_GROUP_ENABLED;
+    }
+
+    for (i = 0, j = dwDefaultGroupCount; i < dwEntryGroupCount; i++, j++)
+    {
+        dwError = VmDirSimpleDNToEntry(
+                pMemberOfAttr->vals[i].lberbv.bv_val, &pGroupEntry);
+        if (dwError)
+        {
+            // may be deleted in the meanwhile
+            VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL,
+                    "_VmDirBuildTokenGroups() memmberOf entry (%s) not found, error code (%d)",
+                    pMemberOfAttr->vals[i].lberbv.bv_val, dwError );
+            continue;
+        }
+
+        dwError = VmDirGetObjectSidFromEntry(
+                pGroupEntry, NULL, &pTokenGroups->Groups[j].Sid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pTokenGroups->Groups[j].Attributes = SE_GROUP_ENABLED;
+
+        VmDirFreeEntry(pGroupEntry);
+        pGroupEntry = NULL;
+    }
+
+    *ppTokenGroups = pTokenGroups;
+
+cleanup:
+    VmDirFreeAttribute(pMemberOfAttr);
+    VmDirFreeEntry(pGroupEntry);
+    VmDirFreeOperationContent(&searchOp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "_VmDirBuildTokenGroups() failed, entry DN (%s), error code (%d)",
+            pEntry ? pEntry->dn.lberbv.bv_val : "NULL", dwError);
+
+    if (bHasTxn)
+    {
+        searchOp.pBEIF->pfnBETxnAbort(searchOp.pBECtx);
+    }
+    _VmDirFreeTokenGroups(pTokenGroups);
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirFreeTokenGroups(
+    PTOKEN_GROUPS   pGroups
+    )
+{
+    DWORD i = 0;
+
+    if (pGroups)
+    {
+        for (i = 0; i < pGroups->GroupCount; i++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(pGroups->Groups[i].Sid);
+        }
+        VMDIR_SAFE_FREE_MEMORY(pGroups);
+    }
+}
diff --git a/lwraft/server/backend/Makefile.am b/lwraft/server/backend/Makefile.am
index 8b186cd00..1afac76ef 100644
--- a/lwraft/server/backend/Makefile.am
+++ b/lwraft/server/backend/Makefile.am
@@ -15,15 +15,15 @@ libbackend_la_SOURCES = \
     util.c
 
 libbackend_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libbackend_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/backend/backend.c b/lwraft/server/backend/backend.c
index bdb25a6ce..fc6bba7dd 100644
--- a/lwraft/server/backend/backend.c
+++ b/lwraft/server/backend/backend.c
@@ -69,17 +69,7 @@ VmDirBackendConfig(
     gVdirBEGlobals.usnFirstNext = USN_SEQ_INITIAL_VALUE;
     gVdirBEGlobals.pBE = NULL;
 
-#ifdef HAVE_DB_H
-    gVdirBEGlobals.pBE = BdbBEInterface();
-#endif
-
-#ifdef HAVE_TCBDB_H
-    gVdirBEGlobals.pBE = VmDirTCBEInterface();
-#endif
-
-#ifdef HAVE_LMDB_H
     gVdirBEGlobals.pBE = VmDirMDBBEInterface();
-#endif
 
     gVdirBEGlobals.pBE->pfnBEGetLeastOutstandingUSN = VmDirBackendLeastOutstandingUSN;
 
@@ -385,6 +375,114 @@ VmDirBackendRemoveOutstandingUSN(
     return;
 }
 
+DWORD
+VmDirBackendUniqKeyGetValue(
+    PCSTR       pKey,
+    PSTR*       ppValue
+    )
+{
+    DWORD               dwError = 0;
+    VDIR_BACKEND_CTX    beCtx = {0};
+    BOOLEAN             bHasTxn = FALSE;
+    PSTR                pValue = NULL;
+
+    if (!pKey || !ppValue)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    beCtx.pBE = VmDirBackendSelect(NULL);
+    dwError = beCtx.pBE->pfnBETxnBegin(&beCtx, VDIR_BACKEND_TXN_READ);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    bHasTxn = TRUE;
+
+    dwError = beCtx.pBE->pfnBEUniqKeyGetValue(
+                            &beCtx, pKey, &pValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppValue = pValue;
+    pValue = NULL;
+
+cleanup:
+    if (bHasTxn)
+    {
+        beCtx.pBE->pfnBETxnCommit(&beCtx);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pValue);
+    VmDirBackendCtxContentFree(&beCtx);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_INFO( LDAP_DEBUG_BACKEND,
+                    "%s error (%d)", __FUNCTION__, dwError );
+    goto cleanup;
+}
+
+DWORD
+VmDirBackendUniqKeySetValue(
+    PCSTR       pKey,
+    PCSTR       pValue,
+    BOOLEAN     bForce
+    )
+{
+    DWORD               dwError = 0;
+    VDIR_BACKEND_CTX    beCtx = {0};
+    BOOLEAN             bHasTxn = FALSE;
+    PSTR                pLocalValue = NULL;
+
+    if (!pKey || !pValue)
+    {
+        dwError = VMDIR_ERROR_GENERIC;
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    beCtx.pBE = VmDirBackendSelect(NULL);
+    dwError = beCtx.pBE->pfnBETxnBegin(&beCtx, VDIR_BACKEND_TXN_WRITE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    bHasTxn = TRUE;
+
+    if (!bForce)
+    {
+        // Maybe MDB has option to force set already?
+        // for now, query to see if key exists.
+        dwError = beCtx.pBE->pfnBEUniqKeyGetValue(
+                                &beCtx, pKey, &pLocalValue);
+        if (dwError == 0)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_TYPE_OR_VALUE_EXISTS);
+        }
+
+        if (dwError == VMDIR_ERROR_NOT_FOUND)
+        {
+            dwError = 0;
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = beCtx.pBE->pfnBEUniqKeySetValue(
+                            &beCtx, pKey, pValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    beCtx.pBE->pfnBETxnCommit(&beCtx);
+    bHasTxn = FALSE;
+
+cleanup:
+    if (bHasTxn)
+    {
+        beCtx.pBE->pfnBETxnAbort(&beCtx);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pLocalValue);
+    VmDirBackendCtxContentFree(&beCtx);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_INFO( LDAP_DEBUG_BACKEND,
+                    "%s error (%d)", __FUNCTION__, dwError );
+    goto cleanup;
+}
+
 /*
  * Least outstanding USN change number.
  * Replication is safe to search USN below this number
diff --git a/lwraft/server/backend/includes.h b/lwraft/server/backend/includes.h
index e844932cd..bc45bd4c3 100644
--- a/lwraft/server/backend/includes.h
+++ b/lwraft/server/backend/includes.h
@@ -39,6 +39,7 @@
 #include <vmdir.h>
 #include <vmdirtypes.h>
 #include <vmdirdefines.h>
+#include <vmdirerrors.h>
 #include <vmdirerrorcode.h>
 
 #include <vmdircommon.h>
@@ -48,18 +49,7 @@
 #include <ldaphead.h>
 
 #include <backend.h>
-
-#ifdef HAVE_DB_H
-#include <bdbstore.h>
-#endif
-
-#ifdef HAVE_LMDB_H
 #include <mdbstore.h>
-#endif
-
-#ifdef HAVE_TCBDB_H
-#include <tcstore.h>
-#endif
 
 //#include "defines.h"
 #include "structs.h"
@@ -104,14 +94,7 @@
 #include <ldaphead.h>
 
 #include <backend.h>
-
-#ifdef HAVE_DB_H
-#include <bdbstore.h>
-#endif
-
-#ifdef HAVE_LMDB_H
 #include <mdbstore.h>
-#endif
 
 #include "structs.h"
 #include "externs.h"
diff --git a/lwraft/server/backend/util.c b/lwraft/server/backend/util.c
index 8fa81d00c..53b2199b4 100644
--- a/lwraft/server/backend/util.c
+++ b/lwraft/server/backend/util.c
@@ -27,7 +27,10 @@ VmDirSimpleNormDNToEntry(
     PVDIR_BACKEND_INTERFACE pBE = NULL;
     PVDIR_SCHEMA_CTX        pSchemaCtx = NULL;
 
-    assert(pszNormDN && ppEntry);
+    if (IsNullOrEmptyString(pszNormDN) || !ppEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
     pBE = VmDirBackendSelect(NULL);
     assert(pBE);
@@ -76,7 +79,10 @@ VmDirSimpleDNToEntry(
     VDIR_BERVALUE           bvDn = VDIR_BERVALUE_INIT;
     PVDIR_SCHEMA_CTX        pSchemaCtx = NULL;
 
-    assert(pszDN && ppEntry);
+    if (IsNullOrEmptyString(pszDN) || !ppEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
     pBE = VmDirBackendSelect(NULL);
     assert(pBE);
diff --git a/lwraft/server/common/Makefile.am b/lwraft/server/common/Makefile.am
index 094696d2d..45ddb6ca1 100644
--- a/lwraft/server/common/Makefile.am
+++ b/lwraft/server/common/Makefile.am
@@ -10,28 +10,30 @@
 noinst_LTLIBRARIES = libsrvcommon.la
 
 libsrvcommon_la_SOURCES = \
-    candidates.c          \
-    entryencodedecode.c   \
-    krbsrvutil.c          \
-    oprequestutil.c       \
-    security-sd.c         \
-    srp.c                 \
-    util.c                \
-    vmdirentry.c          \
-    urgentrepl.c          \
+    candidates.c \
+    curltovmdirerror.c \
+    entryencodedecode.c \
+    krbsrvutil.c \
+    oprequestutil.c \
+    security-sd.c \
+    srp.c \
+    util.c \
+    vmdirentry.c \
+    vmafdlib.c \
     vmdirtoldaperror.c
 
 libsrvcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/thirdparty \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/thirdparty \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
diff --git a/lwraft/server/common/candidates.c b/lwraft/server/common/candidates.c
index 8a86638ae..2d8e8b2dd 100644
--- a/lwraft/server/common/candidates.c
+++ b/lwraft/server/common/candidates.c
@@ -363,6 +363,20 @@ OrFilterResults(
     VmDirLog( LDAP_DEBUG_TRACE, "OrFilterResults: End" );
 }
 
+VOID
+VmDirSortCandidateList(
+    VDIR_CANDIDATES *  pCl
+    )
+{
+    if (pCl && pCl->eIdsSorted == FALSE)
+    {
+        qsort ( pCl->eIds, pCl->size, sizeof( ENTRYID ), _VmDirCompareEntryIds );
+        pCl->eIdsSorted = TRUE;
+    }
+
+    return;
+}
+
 /* IntersectCandidates: Intersect 2 +ve candidates lists.
  *
  */
diff --git a/lwraft/server/common/curltovmdirerror.c b/lwraft/server/common/curltovmdirerror.c
new file mode 100644
index 000000000..9c4a40e8a
--- /dev/null
+++ b/lwraft/server/common/curltovmdirerror.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * Map curl error to vmdir
+ */
+
+DWORD
+VmDirCurlToDirError(
+    DWORD dwCurlError
+    )
+{
+    DWORD dwError = 0;
+    switch (dwCurlError)
+    {
+        case CURLE_UNSUPPORTED_PROTOCOL:
+            dwError = VMDIR_ERROR_CURL_UNSUPPORTED_PROTOCOL;
+            break;
+
+        case CURLE_FAILED_INIT:
+            dwError = VMDIR_ERROR_CURL_FAILED_INIT;
+            break;
+
+        case CURLE_URL_MALFORMAT:
+            dwError = VMDIR_ERROR_CURL_URLMALFORMAT;
+            break;
+
+        case CURLE_NOT_BUILT_IN:
+            dwError = VMDIR_ERROR_CURL_NOT_BUILT_IN;
+            break;
+
+        case CURLE_COULDNT_RESOLVE_PROXY:
+            dwError = VMDIR_ERROR_CURL_COULDNT_RESOLVE_PROXY;
+            break;
+
+        case CURLE_COULDNT_RESOLVE_HOST:
+            dwError = VMDIR_ERROR_CURL_COULDNT_RESOLVE_HOST;
+            break;
+
+        case CURLE_COULDNT_CONNECT:
+            dwError = VMDIR_ERROR_CURL_COULDNT_CONNECT;
+            break;
+
+        case CURLE_HTTP2://16
+            dwError = VMDIR_ERROR_CURL_HTTP2;
+            break;
+
+        case CURLE_HTTP_RETURNED_ERROR://22
+            dwError = VMDIR_ERROR_CURL_HTTP_RETURNED_ERROR;
+            break;
+
+        case CURLE_WRITE_ERROR://23
+            dwError = VMDIR_ERROR_CURL_WRITE_ERROR;
+            break;
+
+        case CURLE_OUT_OF_MEMORY://27
+            dwError = VMDIR_ERROR_CURL_OUT_OF_MEMORY;
+            break;
+
+        case CURLE_OPERATION_TIMEDOUT:
+            dwError = VMDIR_ERROR_CURL_OPERATION_TIMEDOUT;
+            break;
+
+        case CURLE_HTTP_POST_ERROR:
+            dwError = VMDIR_ERROR_CURL_HTTP_POST_ERROR;
+            break;
+
+        case CURLE_BAD_FUNCTION_ARGUMENT:
+            dwError = VMDIR_ERROR_CURL_BAD_FUNCTION_ARGUMENT;
+            break;
+
+        case CURLE_INTERFACE_FAILED:
+            dwError = VMDIR_ERROR_CURL_INTERFACE_FAILED;
+            break;
+
+        case CURLE_SEND_ERROR:
+            dwError = VMDIR_ERROR_CURL_SEND_ERROR;
+            break;
+
+        case CURLE_RECV_ERROR:
+            dwError = VMDIR_ERROR_CURL_RECV_ERROR;
+        break;
+
+        case CURLE_NO_CONNECTION_AVAILABLE:
+            dwError = VMDIR_ERROR_CURL_NO_CONN_AVAILABLE;
+        break;
+
+        default:
+            dwError = VMDIR_ERROR_CURL_GENERIC_ERROR;
+    }
+    return dwError;
+}
diff --git a/lwraft/server/common/entryencodedecode.c b/lwraft/server/common/entryencodedecode.c
index 038ed44af..be3fe4208 100644
--- a/lwraft/server/common/entryencodedecode.c
+++ b/lwraft/server/common/entryencodedecode.c
@@ -635,7 +635,7 @@ VmDirDecodeMods(
         // Set vals array
         while (j)
         {
-            VDIR_BERVALUE bv = {0};
+            VDIR_BERVALUE bv = VDIR_BERVALUE_INIT;
 
             len = VmDirDecodeShort(&strPtr);
             bv.lberbv.bv_len = len;
diff --git a/lwraft/server/common/includes.h b/lwraft/server/common/includes.h
index e8dac51ed..0f92b8da7 100644
--- a/lwraft/server/common/includes.h
+++ b/lwraft/server/common/includes.h
@@ -51,6 +51,9 @@
 #include <backend.h>
 #include <middlelayer.h>
 
+// curl error codes
+#include <curl/curl.h>
+
 #else
 
 #pragma once
diff --git a/lwraft/server/common/security-sd.c b/lwraft/server/common/security-sd.c
index 40e9ab5a5..cbd5857f6 100644
--- a/lwraft/server/common/security-sd.c
+++ b/lwraft/server/common/security-sd.c
@@ -175,12 +175,33 @@ VmDirSetSecurityDescriptorInfo(
 
 DWORD
 VmDirCreateSecurityDescriptorAbsolute(
-    PSECURITY_DESCRIPTOR_ABSOLUTE SecurityDescriptor,
-    ULONG Revision
+    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecurityDescriptor
     )
 {
-    return LwNtStatusToWin32Error(
-            RtlCreateSecurityDescriptorAbsolute(SecurityDescriptor, Revision));
+    DWORD dwError = 0;
+    PSECURITY_DESCRIPTOR_ABSOLUTE SecurityDescriptor = NULL;
+    NTSTATUS Status = 0;
+
+    dwError = VmDirAllocateMemory(
+                SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE,
+                (PVOID*)&SecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    Status = RtlCreateSecurityDescriptorAbsolute(
+                SecurityDescriptor,
+                SECURITY_DESCRIPTOR_REVISION);
+    dwError = LwNtStatusToWin32Error(Status);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppSecurityDescriptor = SecurityDescriptor;
+    SecurityDescriptor = NULL;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(SecurityDescriptor);
+    return dwError;
+
+error:
+    goto cleanup;
 }
 
 VOID
@@ -234,6 +255,16 @@ VmDirCreateAcl(
     return LwNtStatusToWin32Error(RtlCreateAcl(Acl, AclLength, AclRevision));
 }
 
+DWORD
+VmDirGetAce(
+    PACL pAcl,
+    ULONG dwIndex,
+    PACE_HEADER *ppAce
+    )
+{
+    return LwNtStatusToWin32Error(RtlGetAce(pAcl, dwIndex, (PVOID*)ppAce));
+}
+
 DWORD
 VmDirAddAccessAllowedAceEx(
     PACL Acl,
@@ -250,6 +281,22 @@ VmDirAddAccessAllowedAceEx(
                                                            Sid));
 }
 
+DWORD
+VmDirAddAccessDeniedAceEx(
+    PACL Acl,
+    ULONG AceRevision,
+    ULONG AceFlags,
+    ACCESS_MASK AccessMask,
+    PSID Sid
+    )
+{
+    return LwNtStatusToWin32Error(RtlAddAccessDeniedAceEx(Acl,
+                                                           AceRevision,
+                                                           AceFlags,
+                                                           AccessMask,
+                                                           Sid));
+}
+
 DWORD
 VmDirSetDaclSecurityDescriptor(
     PSECURITY_DESCRIPTOR_ABSOLUTE SecurityDescriptor,
@@ -364,3 +411,17 @@ VmDirAllocateSddlCStringFromSecurityDescriptor(
 
     return dwError;
 }
+
+DWORD
+VmDirSetSecurityDescriptorControl(
+    PSECURITY_DESCRIPTOR_ABSOLUTE pSecurityDescriptor,
+    SECURITY_DESCRIPTOR_CONTROL BitsToChange,
+    SECURITY_DESCRIPTOR_CONTROL BitsToSet
+    )
+{
+    return LwNtStatusToWin32Error(
+            RtlSetSecurityDescriptorControl(
+                    pSecurityDescriptor,
+                    BitsToChange,
+                    BitsToSet));
+}
diff --git a/lwraft/server/common/urgentrepl.c b/lwraft/server/common/urgentrepl.c
deleted file mode 100644
index e69de29bb..000000000
diff --git a/lwraft/server/common/util.c b/lwraft/server/common/util.c
index 52fe74d90..fa92777e8 100644
--- a/lwraft/server/common/util.c
+++ b/lwraft/server/common/util.c
@@ -16,8 +16,6 @@
 
 #include "includes.h"
 
-#define VMDIR_FQDN_SEPARATOR '.'
-
 static
 int
 _VmDirSASLInteraction(
@@ -27,103 +25,6 @@ _VmDirSASLInteraction(
     void *      pIn
     );
 
-/*
- * Note: based on http://en.wikipedia.org/wiki/FQDN, a valid FQDN
- * always contains a trailing dot "." at the end of the string.
- * However, in our code, we will handle cases where the trailing dot is
- * omitted. I.e., we treat all of the following examples as valid FQDN:
- * "com.", "vmware.com.", "eng.vmware.com."
- * "com",  "vmware.com",  "eng.vmware.com"
- */
-DWORD
-VmDirFQDNToDNSize(
-    PCSTR pszFQDN,
-    UINT32 *sizeOfDN
-)
-{
-    DWORD dwError  = 0;
-    int    numElem = 1;
-    int    numDots = 0;
-    UINT32 sizeRet = 0;
-    int len = (int)VmDirStringLenA(pszFQDN);
-    int i;
-    for ( i=0; i<=len; i++ )
-    {
-        if (pszFQDN[i] == VMDIR_FQDN_SEPARATOR )
-        {
-            numDots++;
-            if ( i>0 && i<len-1 )
-            {
-                 numElem++;
-            }
-        }
-    }
-    sizeRet = len - numDots;
-    // "dc=," for each elements except the last one does NOT has a ","
-    sizeRet += 4 * numElem - 1;
-    *sizeOfDN = sizeRet;
-    return dwError;
-}
-
-/*
- * in: pszFQDN = "csp.com"
- * out: *ppszDN = "dc=csp,dc=com"
- */
-DWORD
-VmDirFQDNToDN(
-    PCSTR pszFQDN,
-    PSTR* ppszDN
-)
-{
-    int len = (int)VmDirStringLenA(pszFQDN);
-    int iStart = 0;
-    int iStop = iStart + 1 ;
-    int iDest = 0;
-    int i;
-    PSTR        pszDN = NULL;
-    UINT32      dnSize = 0;
-
-    // Calculate size needed to store DN
-    DWORD dwError = VmDirFQDNToDNSize(pszFQDN, &dnSize);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Allocate memory needed to store DN
-    dwError = VmDirAllocateMemory(dnSize + 1, (PVOID*)&pszDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for ( ; iStop < len; iStop++ )
-    {
-        if (pszFQDN[iStop] == VMDIR_FQDN_SEPARATOR)
-        {
-            (pszDN)[iDest++] = 'd';
-            (pszDN)[iDest++] = 'c';
-            (pszDN)[iDest++] = '=';
-            for ( i= iStart; i<iStop; i++)
-            {
-                (pszDN)[iDest++] = pszFQDN[i];
-            }
-            (pszDN)[iDest++] = ',';
-            iStart = iStop + 1;
-            iStop = iStart;
-        }
-    }
-    (pszDN)[iDest++] = 'd';
-    (pszDN)[iDest++] = 'c';
-    (pszDN)[iDest++] = '=';
-    for ( i= iStart; i<iStop; i++)
-    {
-        (pszDN)[iDest++] = pszFQDN[i];
-    }
-    (pszDN)[iDest] = '\0';
-    *ppszDN = pszDN;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_MEMORY(pszDN);
-    goto cleanup;
-}
 
 /*
  * Qsort comparison function for char** data type
@@ -403,7 +304,7 @@ VmDirSrvCreateDN(
     DWORD dwError = 0;
     PSTR  pszContainerDN = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszContainerDN, "cn=%s,%s", pszContainerName, pszDomainDN);
+    dwError = VmDirAllocateStringPrintf(&pszContainerDN, "cn=%s,%s", pszContainerName, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszContainerDN = pszContainerDN;
@@ -421,6 +322,7 @@ VmDirSrvCreateContainerWithEID(
     PVDIR_SCHEMA_CTX pSchemaCtx,
     PCSTR            pszContainerDN,
     PCSTR            pszContainerName,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDesc, // OPTIONAL
     ENTRYID          eID
     )
 {
@@ -436,6 +338,12 @@ VmDirSrvCreateContainerWithEID(
     dwError = VmDirSimpleEntryCreate(pSchemaCtx, ppszAttributes, (PSTR)pszContainerDN, eID);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    if (pSecDesc != NULL)
+    {
+        dwError = VmDirSetSecurityDescriptorForDn(pszContainerDN, pSecDesc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
 cleanup:
     return dwError;
 
@@ -453,7 +361,7 @@ VmDirSrvCreateContainer(
 {
     DWORD dwError = 0;
 
-    dwError = VmDirSrvCreateContainerWithEID(pSchemaCtx, pszContainerDN, pszContainerName, 0);
+    dwError = VmDirSrvCreateContainerWithEID(pSchemaCtx, pszContainerDN, pszContainerName, NULL, 0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 error:
@@ -998,8 +906,9 @@ VmDirSrvGetDomainFunctionalLevel(
 
     if ( entryArray.iSize == 1)
     {
-        pAttrDomainLevel = VmDirEntryFindAttribute(ATTR_DOMAIN_FUNCTIONAL_LEVEL,
-&entryArray.pEntry[0]);
+        pAttrDomainLevel = VmDirEntryFindAttribute(
+                                ATTR_DOMAIN_FUNCTIONAL_LEVEL,
+                                &entryArray.pEntry[0]);
         if (!pAttrDomainLevel)
         {
             dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
diff --git a/lwraft/server/common/vmafdlib.c b/lwraft/server/common/vmafdlib.c
new file mode 100644
index 000000000..4df656c3f
--- /dev/null
+++ b/lwraft/server/common/vmafdlib.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+#ifdef _WIN32
+
+#define VMAFD_VECS_CLIENT_LIBRARY   "\\libvmafdclient.dll"
+#define VMAFD_KEY_ROOT              VMAFD_CONFIG_SOFTWARE_KEY_PATH
+#define VMAFD_LIB_KEY               VMDIR_REG_KEY_INSTALL_PATH
+
+#elif LIGHTWAVE_BUILD
+
+#define VMAFD_VECS_CLIENT_LIBRARY   "/libvmafdclient.so"
+#define VMAFD_KEY_ROOT              VMAFD_CONFIG_KEY_ROOT
+#define VMAFD_LIB_KEY               VMAFD_REG_KEY_PATH
+
+#else
+
+#define VMAFD_VECS_CLIENT_LIBRARY   "/lib64/libvmafdclient.so"
+#define VMAFD_KEY_ROOT              VMAFD_CONFIG_KEY_ROOT
+#define VMAFD_LIB_KEY               VMAFD_REG_KEY_PATH
+
+#endif
+
+DWORD
+VmDirOpenVmAfdClientLib(
+    VMDIR_LIB_HANDLE*   pplibHandle
+    )
+{
+    DWORD   dwError = 0;
+    CHAR    pszRegLibPath[VMDIR_MAX_PATH_LEN] = {0};
+    PSTR    pszVmafdLibPath = NULL;
+    VMDIR_LIB_HANDLE    plibHandle = NULL;
+
+#ifdef _WIN32
+
+    dwError = VmDirStringCpyA(
+            pszRegLibPath,
+            VMDIR_MAX_PATH_LEN,
+            WIN_SYSTEM32_PATH);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+#elif LIGHTWAVE_BUILD
+
+    dwError = VmDirStringCpyA(
+            pszRegLibPath,
+            VMDIR_MAX_PATH_LEN,
+            LWRAFT_LIB_DIR);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+#else
+
+    PSTR pszVmafdName = NULL;
+
+    dwError = VmDirGetRegKeyValue(
+            VMAFD_KEY_ROOT,
+            VMAFD_LIB_KEY,
+            pszRegLibPath,
+            sizeof(pszRegLibPath) - 1);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // find the first vmafd in path key "/usr/lib/vmware-vmafd/...."
+    pszVmafdName = strstr(pszRegLibPath, VMAFD_NAME);
+
+    dwError = pszVmafdName ? 0 : VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszVmafdName[strlen(VMAFD_NAME)] = '\0';
+
+#endif
+
+    // construct full path to libvmafdclient
+    dwError = VmDirAllocateStringPrintf(
+            &pszVmafdLibPath,
+            "%s%s",
+            pszRegLibPath,
+            VMAFD_VECS_CLIENT_LIBRARY);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLoadLibrary(pszVmafdLibPath, &plibHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pplibHandle = plibHandle;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszVmafdLibPath);
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/lwraft/server/common/vmdirentry.c b/lwraft/server/common/vmdirentry.c
index 787d609d0..d303db9b6 100644
--- a/lwraft/server/common/vmdirentry.c
+++ b/lwraft/server/common/vmdirentry.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -933,44 +933,105 @@ VmDirFreeBervalContent(
     return;
 }
 
+static
+DWORD
+_VmDirCreateTransientSecurityDescriptor(
+    BOOL bAllowAnonymousRead,
+    PVMDIR_SECURITY_DESCRIPTOR pvsd
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDomainDN = NULL;
+    PSTR pszAdminsGroupSid = NULL;
+    PSTR pszDomainAdminsGroupSid = NULL;
+    PSTR pszDomainClientsGroupSid = NULL;
+    VMDIR_SECURITY_DESCRIPTOR SecDesc = {0};
+
+    pszDomainDN = BERVAL_NORM_VAL(gVmdirServerGlobals.systemDomainDN);
+
+    dwError = VmDirGenerateWellknownSid(pszDomainDN,
+                                        VMDIR_DOMAIN_ALIAS_RID_ADMINS,
+                                        &pszAdminsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGenerateWellknownSid(pszDomainDN,
+                                        VMDIR_DOMAIN_ADMINS_RID,
+                                        &pszDomainAdminsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGenerateWellknownSid(pszDomainDN,
+                                        VMDIR_DOMAIN_CLIENTS_RID,
+                                        &pszDomainClientsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //
+    // Create default security descriptor for internally-created entries.
+    //
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT,
+                BERVAL_NORM_VAL(gVmdirServerGlobals.bvDefaultAdminDN),
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                FALSE,
+                bAllowAnonymousRead,
+                bAllowAnonymousRead,
+                FALSE,
+                FALSE,
+                &SecDesc);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pvsd->pSecDesc = SecDesc.pSecDesc;
+    pvsd->ulSecDesc = SecDesc.ulSecDesc;
+    pvsd->SecInfo = SecDesc.SecInfo;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszAdminsGroupSid);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainAdminsGroupSid);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainClientsGroupSid);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
 DWORD
 VmDirAttrListToNewEntry(
     PVDIR_SCHEMA_CTX    pSchemaCtx,
     PSTR                pszDN,
     PSTR*               ppszAttrList,
+    BOOLEAN             bAllowAnonymousRead,
     PVDIR_ENTRY*        ppEntry
     )
 {
     DWORD   dwError = 0;
     PVDIR_ENTRY  pEntry = NULL;
+    VMDIR_SECURITY_DESCRIPTOR vsd = {0};
 
     assert(pSchemaCtx && pszDN && ppszAttrList && ppEntry);
 
-    dwError = VmDirAllocateMemory(
-        sizeof(VDIR_ENTRY),
-        (PVOID*)&pEntry);
+    dwError = VmDirAllocateMemory(sizeof(VDIR_ENTRY), (PVOID*)&pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = AttrListToEntry(
-        pSchemaCtx,
-        pszDN,
-        ppszAttrList,
-        pEntry);
+    dwError = AttrListToEntry(pSchemaCtx, pszDN, ppszAttrList, pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirCreateTransientSecurityDescriptor(
+            bAllowAnonymousRead, &vsd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirEntryCacheSecurityDescriptor(
+            pEntry, vsd.pSecDesc, vsd.ulSecDesc);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppEntry = pEntry;
 
 cleanup:
-
+    VMDIR_SAFE_FREE_MEMORY(vsd.pSecDesc);
     return dwError;
 
 error:
-
-    if (pEntry)
-    {
-        VmDirFreeEntry(pEntry);
-    }
-
+    VmDirFreeEntry(pEntry);
     goto cleanup;
 }
 
@@ -1099,7 +1160,7 @@ VmDirIsInternalEntry(
 }
 
 BOOLEAN
-VmDirIsEntryWithObjectclass(
+VmDirEntryIsObjectclass(
     PVDIR_ENTRY     pEntry,
     PCSTR           pszOCName
     )
@@ -1124,6 +1185,88 @@ VmDirIsEntryWithObjectclass(
     return bResult;
 }
 
+DWORD
+VmDirEntryIsAttrAllowed(
+    PVDIR_ENTRY pEntry,
+    PSTR        pszAttrName,
+    PBOOLEAN    pbMust,
+    PBOOLEAN    pbMay
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    PVDIR_ATTRIBUTE         pAttrOC = NULL;
+    PVDIR_SCHEMA_OC_DESC    pOCDesc = NULL;
+    PLW_HASHMAP pAllMustAttrMap = NULL;
+    PLW_HASHMAP pAllMayAttrMap = NULL;
+
+    if (!pEntry || IsNullOrEmptyString(pszAttrName))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = LwRtlCreateHashMap(&pAllMustAttrMap,
+            LwRtlHashDigestPstrCaseless,
+            LwRtlHashEqualPstrCaseless,
+            NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = LwRtlCreateHashMap(&pAllMayAttrMap,
+            LwRtlHashDigestPstrCaseless,
+            LwRtlHashEqualPstrCaseless,
+            NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pAttrOC = VmDirFindAttrByName(pEntry, ATTR_OBJECT_CLASS);
+
+    for (i = 0; pAttrOC && i < pAttrOC->numVals; i++)
+    {
+        dwError = VmDirSchemaOCNameToDescriptor(
+                pEntry->pSchemaCtx, pAttrOC->vals[i].lberbv.bv_val, &pOCDesc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirSchemaClassGetAllMustAttrs(
+                pEntry->pSchemaCtx, pOCDesc, pAllMustAttrMap);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirSchemaClassGetAllMayAttrs(
+                pEntry->pSchemaCtx, pOCDesc, pAllMayAttrMap);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pbMust)
+    {
+        *pbMust = FALSE;
+        if (LwRtlHashMapFindKey(pAllMustAttrMap, NULL, pszAttrName) == 0)
+        {
+            *pbMust = TRUE;
+        }
+    }
+
+    if (pbMay)
+    {
+        *pbMay = FALSE;
+        if (LwRtlHashMapFindKey(pAllMayAttrMap, NULL, pszAttrName) == 0)
+        {
+            *pbMay = TRUE;
+        }
+    }
+
+cleanup:
+    LwRtlHashMapClear(pAllMustAttrMap, VmDirNoopHashMapPairFree, NULL);
+    LwRtlFreeHashMap(&pAllMustAttrMap);
+    LwRtlHashMapClear(pAllMayAttrMap, VmDirNoopHashMapPairFree, NULL);
+    LwRtlFreeHashMap(&pAllMayAttrMap);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError );
+
+    goto cleanup;
+}
+
 /* *************************************************************
  * if success, pAttr takes ownership of pBervs and its contents
  * *************************************************************
@@ -1262,3 +1405,33 @@ AttrListToEntry(
 
     goto cleanup;
 }
+
+DWORD
+VmDirDeleteEntry(
+    PVDIR_ENTRY pEntry
+    )
+{
+    DWORD dwError = 0;
+    VDIR_OPERATION op = {0};
+    DeleteReq *dr = NULL;
+
+    dwError = VmDirInitStackOperation(&op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_DELETE, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    op.pBEIF = VmDirBackendSelect(NULL);
+    op.reqDn.lberbv_val = pEntry->dn.lberbv.bv_val;
+    op.reqDn.lberbv_len = pEntry->dn.lberbv.bv_len;
+
+    dr = &op.request.deleteReq;
+    dr->dn.lberbv.bv_val = op.reqDn.lberbv.bv_val;
+    dr->dn.lberbv.bv_len = op.reqDn.lberbv.bv_len;
+
+    dwError = VmDirInternalDeleteEntry(&op);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeOperationContent(&op);
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/server/common/vmdirtoldaperror.c b/lwraft/server/common/vmdirtoldaperror.c
index 3d526b723..a0b89d1c4 100644
--- a/lwraft/server/common/vmdirtoldaperror.c
+++ b/lwraft/server/common/vmdirtoldaperror.c
@@ -35,7 +35,11 @@ VmDirToLDAPError(
 {
     DWORD   dwError = dwVmDirError;
 
-    if ( IS_VMDIR_ERROR_SPACE( dwError ) )
+    if (IS_CUSTOMIZED_VMDIR_LDAP_ERROR_SPACE( dwError ))
+    {
+        ; // return customized vmdir ldap error code
+    }
+    else if ( IS_VMDIR_ERROR_SPACE( dwError ) )
     {
         switch (dwVmDirError)
         {
@@ -102,6 +106,7 @@ VmDirToLDAPError(
                 break;
 
             case VMDIR_ERROR_USER_INVALID_CREDENTIAL:
+            case VMDIR_ERROR_AUTH_BAD_DATA:
                 dwError = LDAP_INVALID_CREDENTIALS;
                 break;
 
@@ -143,7 +148,7 @@ VmDirToLDAPError(
                 break;
         }
     }
-    else if ( NOT_LDAP_ERROR_SPACE( dwVmDirError ) )
+    else if ( NOT_LDAP_ERROR_SPACE( dwError ) )
     {   // for all non-VmDir/LDAP error case
         dwError = LDAP_OPERATIONS_ERROR;
     }
diff --git a/lwraft/server/include/backend.h b/lwraft/server/include/backend.h
index ccf263e90..b5ef31798 100644
--- a/lwraft/server/include/backend.h
+++ b/lwraft/server/include/backend.h
@@ -695,16 +695,18 @@ VmDirBackendRemoveOutstandingUSN(
     );
 
 DWORD
-VmDirBackendAddOriginatingUSN(
-    PVDIR_BACKEND_CTX      pBECtx
+VmDirBackendUniqKeyGetValue(
+    PCSTR       pKey,
+    PSTR*       ppValue
     );
 
-VOID
-VmDirBackendRemoveOriginatingUSN(
-    PVDIR_BACKEND_CTX      pBECtx
+DWORD
+VmDirBackendUniqKeySetValue(
+    PCSTR       pKey,
+    PCSTR       pValue,
+    BOOLEAN     bForce
     );
 
-
 // util.c
 DWORD
 VmDirSimpleNormDNToEntry(
diff --git a/lwraft/server/include/indexcfg.h b/lwraft/server/include/indexcfg.h
index fe514f33b..d5c428eb6 100644
--- a/lwraft/server/include/indexcfg.h
+++ b/lwraft/server/include/indexcfg.h
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -79,7 +79,6 @@ typedef struct _VDIR_INDEX_UPD
 
     BOOLEAN             bOwnBECtx;
     BOOLEAN             bHasBETxn;
-    BOOLEAN             bInLock;
 
 } VDIR_INDEX_UPD;
 
@@ -93,7 +92,7 @@ typedef struct _VDIR_INDEX_UPD
  */
 DWORD
 VmDirIndexLibInit(
-    VOID
+    PVMDIR_MUTEX    pModMutex
     );
 
 /*
diff --git a/lwraft/server/include/ldaphead.h b/lwraft/server/include/ldaphead.h
index 9014a462a..34bd5c2e5 100644
--- a/lwraft/server/include/ldaphead.h
+++ b/lwraft/server/include/ldaphead.h
@@ -80,6 +80,12 @@ VmDirDeleteConnection(
     VDIR_CONNECTION **  conn
     );
 
+DWORD
+VmDirWhichAddressPresent(
+    BOOLEAN *pIPV4AddressPresent,
+    BOOLEAN *pIPV6AddressPresent
+    );
+
 // controls.c
 void
 DeleteControls(
@@ -146,13 +152,22 @@ VmDirConcatTwoFilters(
 
 int
 AppendDNFilter(
-	VDIR_OPERATION *    op);
+	VDIR_OPERATION *    op
+	);
 
 VDIR_FILTER_COMPUTE_RESULT
 CheckIfEntryPassesFilter(
     VDIR_OPERATION * op,
     VDIR_ENTRY *     e,
-    VDIR_FILTER *   f);
+    VDIR_FILTER *   f
+    );
+
+DWORD
+VmDirMatchEntryWithFilter(
+    PVDIR_OPERATION     pOp,
+    PVDIR_ENTRY         pEntry,
+    PCSTR               pszFilter
+    );
 
 void
 DeleteFilter(
@@ -283,4 +298,11 @@ PCSTR
 VmDirGetOperationStringFromTag(
     ber_tag_t opTag);
 
+// vecs.c
+DWORD
+VmDirGetVecsMachineCert(
+    PSTR*   ppszCert,
+    PSTR*   ppszKey
+    );
+
 #endif /* LH_H_ */
diff --git a/lwraft/server/include/mdbstore.h b/lwraft/server/include/mdbstore.h
index 37df49184..04c3d0fd3 100644
--- a/lwraft/server/include/mdbstore.h
+++ b/lwraft/server/include/mdbstore.h
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
  * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an “AS IS” BASIS, without
  * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
@@ -165,6 +165,21 @@ VmDirSetMdbBackendState(
     DWORD               dwDbPathSize
     );
 
+int
+VmDirRaftPrepareCommit(
+    void **ppCtx
+    );
+
+VOID
+VmDirRaftPostCommit(
+    void *pCtx
+    );
+
+VOID
+VmDirRaftCommitFail(
+    void *pCtx
+    );
+
 // generic.c
 DWORD
 VmDirMDBDupKeyGetValues(
diff --git a/lwraft/server/include/metricscommon.h b/lwraft/server/include/metricscommon.h
new file mode 100644
index 000000000..774dfb0d4
--- /dev/null
+++ b/lwraft/server/include/metricscommon.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef POST_METRICS_COMMON_H_
+#define POST_METRICS_COMMON_H_
+
+#include <vmmetrics.h>
+
+extern PVM_METRICS_CONTEXT pmContext;
+
+#endif /* POST_METRICS_COMMON_H_ */
diff --git a/lwraft/server/include/middlelayer.h b/lwraft/server/include/middlelayer.h
index c6b3b30c3..76061461e 100644
--- a/lwraft/server/include/middlelayer.h
+++ b/lwraft/server/include/middlelayer.h
@@ -48,6 +48,12 @@ VmDirMLAdd(
    PVDIR_OPERATION pOperation
    );
 
+int
+VmDirEntryAttrValueNormalize(
+    PVDIR_ENTRY    pEntry,
+    BOOLEAN   bIndexAttributeOnly
+    );
+
 // delete.c
 
 int
@@ -80,13 +86,6 @@ VmDirModifyEntryCoreLogic(
     VDIR_ENTRY *        pEntry  /* OUT */
     );
 
-int
-VmDirGenerateModsNewMetaData(
-    PVDIR_OPERATION          pOperation,
-    PVDIR_MODIFICATION       pmods,
-    USN                      entryId
-    );
-
 int
 VmDirInternalModifyEntry(
     PVDIR_OPERATION pOperation
@@ -123,6 +122,11 @@ VmDirInternalBindEntry(
     PVDIR_OPERATION  pOperation
     );
 
+DWORD
+VmDirMLSetupAnonymousAccessInfo(
+    PVDIR_ACCESS_INFO   pAccessInfo
+    );
+
 // dn.c
 
 DWORD
diff --git a/lwraft/server/include/replication.h b/lwraft/server/include/replication.h
index bbfeb80e6..0cc2800b2 100644
--- a/lwraft/server/include/replication.h
+++ b/lwraft/server/include/replication.h
@@ -71,6 +71,17 @@ VmDirGetReplCycleCounter(
     VOID
     );
 
+DWORD
+VmDirAddRaftProxy(
+    PVDIR_ENTRY pEntry
+    );
+
+DWORD
+VmDirUpdateRaftLogChangedAttr(
+    PVDIR_OPERATION pOperation,
+    PVDIR_ENTRY     pEntry
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/include/schema.h b/lwraft/server/include/schema.h
index baedcbea5..555cc2034 100644
--- a/lwraft/server/include/schema.h
+++ b/lwraft/server/include/schema.h
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -76,6 +76,22 @@ typedef struct _VDIR_SCHEMA_AT_DESC
 
 } VDIR_SCHEMA_AT_DESC;
 
+typedef struct _VDIR_SCHEMA_OC_DESC
+{
+    PVDIR_LDAP_OBJECT_CLASS pLdapOc;
+
+    PSTR        pszName;
+    PSTR        pszOid;
+    PSTR        pszSup;
+    PSTR*       ppszMustATs;    // ends with NULL PSTR
+    PSTR*       ppszMayATs;     // ends with NULL PSTR
+
+    BOOLEAN     bObsolete;
+
+    VDIR_LDAP_OBJECT_CLASS_TYPE type;
+
+} VDIR_SCHEMA_OC_DESC, *PVDIR_SCHEMA_OC_DESC;
+
 typedef DWORD (*PFN_VDIR_NORMALIZE_FUNCTION)(PVDIR_BERVALUE pBerv);
 
 typedef BOOLEAN (*PFN_VDIR_COMPARE_FUNCTION)(VDIR_SCHEMA_MATCH_TYPE type, PVDIR_BERVALUE pBerv1, PVDIR_BERVALUE pBerv2);
@@ -98,7 +114,7 @@ typedef struct _VDIR_MATCHING_RULE_DESC
  */
 DWORD
 VmDirSchemaLibInit(
-    VOID
+    PVMDIR_MUTEX*   ppModMutex
     );
 
 /*
@@ -107,27 +123,31 @@ VmDirSchemaLibInit(
  * not compatible with the current definitions in the library.
  *
  * Should be called once during server startup / schema patch.
- *
- * New schema changes from this function is not effective until
- * VmDirSchemaLibUpdate() is called.
  */
 DWORD
-VmDirSchemaLibPrepareUpdateViaFile(
+VmDirSchemaLibLoadFile(
     PCSTR   pszSchemaFilePath
     );
 
 /*
- * Reads schema objects entries from data store and loads them
+ * Loads attribute schema objects entries from data store
  * into schema library.
  *
  * Should be called once during server startup.
+ */
+DWORD
+VmDirSchemaLibLoadAttributeSchemaEntries(
+    PVDIR_ENTRY_ARRAY   pAtEntries
+    );
+
+/*
+ * Loads class schema objects entries from data store
+ * into schema library.
  *
- * New schema changes from this function is not effective until
- * VmDirSchemaLibUpdate() is called.
+ * Should be called once during server startup.
  */
 DWORD
-VmDirSchemaLibPrepareUpdateViaEntries(
-    PVDIR_ENTRY_ARRAY   pAtEntries,
+VmDirSchemaLibLoadClassSchemaEntries(
     PVDIR_ENTRY_ARRAY   pOcEntries
     );
 
@@ -185,8 +205,12 @@ VmDirSchemaLibShutdown(
 // Schema storage read and write
 ///////////////////////////////////////////////////////////////////////////////
 DWORD
-VmDirReadSchemaObjects(
-    PVDIR_ENTRY_ARRAY*  ppAtEntries,
+VmDirReadAttributeSchemaObjects(
+    PVDIR_ENTRY_ARRAY*  ppAtEntries
+    );
+
+DWORD
+VmDirReadClassSchemaObjects(
     PVDIR_ENTRY_ARRAY*  ppOcEntries
     );
 
@@ -196,11 +220,6 @@ VmDirPatchLocalSchemaObjects(
     PVDIR_SCHEMA_CTX    pNewCtx
     );
 
-DWORD
-VmDirWriteSchemaObjects(
-    VOID
-    );
-
 ///////////////////////////////////////////////////////////////////////////////
 // Schema head query
 ///////////////////////////////////////////////////////////////////////////////
@@ -212,43 +231,6 @@ VmDirSubSchemaSubEntry(
     PVDIR_ENTRY*    ppEntry
     );
 
-///////////////////////////////////////////////////////////////////////////////
-// Schema legacy support for 6.0u3 and 6.5
-///////////////////////////////////////////////////////////////////////////////
-/*
- * Auxiliary function to tune schema library compatible with legacy data
- */
-DWORD
-VmDirSchemaLibInitLegacy(
-    VOID
-    );
-
-/*
- * Reads subschema subentry from legacy data store and loads it
- * into schema library.
- *
- * Should be called once and only once in the node's lifetime when
- * 1) join to legacy partner.
- * 2) upgrade a legacy node.
- *
- * New schema changes from this function is not effective until
- * VmDirSchemaLibUpdate() is called.
- */
-DWORD
-VmDirSchemaLibPrepareUpdateViaSubSchemaSubEntry(
-    PVDIR_ENTRY pSchemaEntry
-    );
-
-DWORD
-VmDirReadSubSchemaSubEntry(
-    PVDIR_ENTRY*    ppSubSchemaSubEntry
-    );
-
-DWORD
-VmDirPatchLocalSubSchemaSubEntry(
-    VOID
-    );
-
 ///////////////////////////////////////////////////////////////////////////////
 // Schema context
 ///////////////////////////////////////////////////////////////////////////////
@@ -342,6 +324,20 @@ VmDirSchemaAttrList(
     PVDIR_SCHEMA_AT_DESC**  pppATDescList
     );
 
+DWORD
+VmDirSchemaClassGetAllMayAttrs(
+    PVDIR_SCHEMA_CTX        pCtx,           // IN
+    PVDIR_SCHEMA_OC_DESC    pOCDesc,        // IN
+    PLW_HASHMAP             pAllMayAttrMap  // IN
+    );
+
+DWORD
+VmDirSchemaClassGetAllMustAttrs(
+    PVDIR_SCHEMA_CTX        pCtx,           // IN
+    PVDIR_SCHEMA_OC_DESC    pOCDesc,        // IN
+    PLW_HASHMAP             pAllMustAttrMap // IN
+    );
+
 BOOLEAN
 VmDirSchemaSyntaxIsNumeric(
     PCSTR   pszSyntaxOid
@@ -357,6 +353,11 @@ VmDirSchemaAttrIsOctetString(
     PVDIR_SCHEMA_AT_DESC    pATDesc
     );
 
+BOOLEAN
+VmDirSchemaAttrIsDN(
+    PVDIR_SCHEMA_AT_DESC    pATDesc
+    );
+
 PVDIR_ENTRY
 VmDirSchemaAcquireAndOwnStartupEntry(
     VOID
@@ -460,10 +461,14 @@ VmDirIsLiveSchemaCtx(
     PVDIR_SCHEMA_CTX    pCtx
     );
 
+DWORD
+VmDirSchemaGetEntryStructureOCDesc(
+    PVDIR_ENTRY             pEntry,
+    PVDIR_SCHEMA_OC_DESC*   ppStructureOCDesc       // caller does not own *ppStructureOCDesc
+    );
+
 #ifdef __cplusplus
 }
 #endif
 
 #endif /* __VIDRSCHEMA_H__ */
-
-
diff --git a/lwraft/server/include/srvcommon.h b/lwraft/server/include/srvcommon.h
index 639885e60..419c036d7 100644
--- a/lwraft/server/include/srvcommon.h
+++ b/lwraft/server/include/srvcommon.h
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -17,6 +17,11 @@
 #ifndef COMMON_INTERFACE_H_
 #define COMMON_INTERFACE_H_
 
+#include <vmmetrics.h>
+extern PVM_METRICS_CONTEXT pmContext;
+
+#define VMDIR_RESPONSE_TIME(val) ((val) ? (val) : 1)
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -48,6 +53,7 @@ extern "C" {
 #define VMDIR_DEFAULT_REPL_INTERVAL     "30"
 #define VMDIR_DEFAULT_REPL_PAGE_SIZE    "1000"
 
+#define VMDIR_RUN_MODE_NORMAL           "normal"
 #define VMDIR_RUN_MODE_RESTORE          "restore"
 #define VMDIR_RUN_MODE_STANDALONE       "standalone"
 
@@ -62,10 +68,6 @@ extern "C" {
 
 #define SOCK_BUF_MAX_INCOMING ((1<<24) - 1) // 16M - 1, e.g. to handle large Add object requests.
 
-// Fix bootstrap attribute id used in schema/defines.h VDIR_SCHEMA_BOOTSTRP_ATTR_INITIALIZER definition
-#define SCHEMA_BOOTSTRAP_EID_SEQ_ATTRID_22     22
-#define SCHEMA_BOOTSTRAP_USN_SEQ_ATTRID_23     23
-
 #define VDIR_FOREST_FUNCTIONAL_LEVEL    "1"
 // This value is the DFL for the current version
 #define VDIR_DOMAIN_FUNCTIONAL_LEVEL	"3"
@@ -81,6 +83,10 @@ extern "C" {
 // Keys for backend funtion pfnBEStrkeyGet/SetValues to access attribute IDs
 #define ATTR_ID_MAP_KEY   "1VmdirAttrIDToNameTb"
 
+// Entry ID prefixes
+#define NEW_ENTRY_EID_PREFIX 0x2000000000000000
+#define LOG_ENTRY_EID_PREFIX 0x4000000000000000
+
 typedef struct _VDIR_INDEX_CFG*             PVDIR_INDEX_CFG;
 typedef struct _VDIR_INDEX_UPD*             PVDIR_INDEX_UPD;
 typedef struct _VDIR_BACKEND_INTERFACE*     PVDIR_BACKEND_INTERFACE;
@@ -203,7 +209,13 @@ typedef struct _VDIR_CONNECTION_CTX
 } VDIR_CONNECTION_CTX, *PVDIR_CONNECTION_CTX;
 
 typedef struct _VDIR_SCHEMA_AT_DESC*    PVDIR_SCHEMA_AT_DESC;
-typedef struct _VDIR_SCHEMA_OC_DESC*    PVDIR_SCHEMA_OC_DESC;
+
+typedef enum _VDIR_RAFT_ROLE
+{
+    VDIR_RAFT_ROLE_CANDIDATE = 0,
+    VDIR_RAFT_ROLE_FOLLOWER,
+    VDIR_RAFT_ROLE_LEADER
+} VDIR_RAFT_ROLE;
 
 typedef struct _VDIR_ATTRIBUTE
 {
@@ -504,6 +516,11 @@ typedef struct _VDIR_PAGED_RESULT_CONTROL_VALUE
     CHAR                    cookie[VMDIR_PS_COOKIE_LEN];
 } VDIR_PAGED_RESULT_CONTROL_VALUE;
 
+typedef struct _VDIR_CONDWRITE_CONTROL_VALUE
+{
+    PSTR                    pszFilter;
+} VDIR_CONDWRITE_CONTROL_VALUE, *PVDIR_CONDWRITE_CONTROL_VALUE;
+
 //SCW - Strong Consistency Write
 typedef struct _VMDIR_SCW_DONE_CONTROL_VALUE
 {
@@ -512,10 +529,11 @@ typedef struct _VMDIR_SCW_DONE_CONTROL_VALUE
 
 typedef union LdapControlValue
 {
-    SyncRequestControlValue            syncReqCtrlVal;
-    SyncDoneControlValue               syncDoneCtrlVal;
-    VDIR_PAGED_RESULT_CONTROL_VALUE    pagedResultCtrlVal;
-    VMDIR_SCW_DONE_CONTROL_VALUE       scwDoneCtrlVal;
+    SyncRequestControlValue                 syncReqCtrlVal;
+    SyncDoneControlValue                    syncDoneCtrlVal;
+    VDIR_PAGED_RESULT_CONTROL_VALUE         pagedResultCtrlVal;
+    VMDIR_SCW_DONE_CONTROL_VALUE            scwDoneCtrlVal;
+    VDIR_CONDWRITE_CONTROL_VALUE            condWriteCtrlVal;
 } LdapControlValue;
 
 typedef struct _VDIR_LDAP_CONTROL
@@ -552,9 +570,10 @@ typedef struct _VDIR_OPERATION
     VDIR_LDAP_CONTROL *       showPagedResultsCtrl;
     VDIR_LDAP_CONTROL *       strongConsistencyWriteCtrl;
     VDIR_LDAP_CONTROL *       manageDsaITCtrl;
+    VDIR_LDAP_CONTROL *       pCondWriteCtrl;
                                      // SJ-TBD: If we add quite a few controls, we should consider defining a
                                      // structure to hold all those pointers.
-    BOOLEAN             bSchemaWriteOp;  // this operation is schema modification
+    DWORD               dwSchemaWriteOp; // this operation is schema modification
 
     ///////////////////////////////////////////////////////////////////////////
     // fields valid for both INTERNAL and EXTERNAL operations
@@ -583,6 +602,7 @@ typedef struct _VDIR_OPERATION
 
     DWORD               dwSentEntries; // number of entries sent back to client
     BOOLEAN             bSuppressLogInfo;
+    BOOLEAN             bNoRaftLog; //The operation is derived or in local server scope - don't generate Raft log
 } VDIR_OPERATION, *PVDIR_OPERATION;
 
 typedef struct _VDIR_THREAD_INFO
@@ -626,12 +646,6 @@ typedef struct _VMDIR_OPERATION_STATISTIC
 
 extern VMDIR_FIRST_REPL_CYCLE_MODE   gFirstReplCycleMode;
 
-typedef struct _VMDIR_URGENT_REPL_SERVER_LIST
-{
-    PSTR    pInitiatorServerName;
-    struct _VMDIR_URGENT_REPL_SERVER_LIST *next;
-} VMDIR_URGENT_REPL_SERVER_LIST, *PVMDIR_URGENT_REPL_SERVER_LIST;
-
 typedef struct _VMDIR_STRONG_WRITE_PARTNER_CONTENT
 {
     PSTR     pInvocationId;
@@ -643,6 +657,16 @@ typedef struct _VMDIR_STRONG_WRITE_PARTNER_CONTENT
     struct _VMDIR_STRONG_WRITE_PARTNER_CONTENT   *next;
 } VMDIR_STRONG_WRITE_PARTNER_CONTENT, *PVMDIR_STRONG_WRITE_PARTNER_CONTENT;
 
+//
+// Wrapper for a relative security descriptor and some of its related info.
+//
+typedef struct _VMDIR_SECURITY_DESCRIPTOR
+{
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc;
+    ULONG ulSecDesc;
+    SECURITY_INFORMATION SecInfo;
+} VMDIR_SECURITY_DESCRIPTOR, *PVMDIR_SECURITY_DESCRIPTOR;
+
 DWORD
 VmDirInitBackend();
 
@@ -770,7 +794,7 @@ VmDirAttributeAllocate(
     PCSTR               pszName,
     USHORT              usBerSize,
     PVDIR_SCHEMA_CTX    pCtx,
-    PVDIR_ATTRIBUTE*         ppOutAttr
+    PVDIR_ATTRIBUTE*    ppOutAttr
     );
 
 
@@ -798,11 +822,19 @@ VmDirIsInternalEntry(
     );
 
 BOOLEAN
-VmDirIsEntryWithObjectclass(
+VmDirEntryIsObjectclass(
     PVDIR_ENTRY     pEntry,
     PCSTR           pszOCName
     );
 
+DWORD
+VmDirEntryIsAttrAllowed(
+    PVDIR_ENTRY pEntry,
+    PSTR        pszAttrName,
+    PBOOLEAN    pbMust,
+    PBOOLEAN    pbMay
+    );
+
 /*
  * free a heap allocated bervalue, bervalue.bv_val and bervalue.bvnorm_val
  */
@@ -829,6 +861,7 @@ VmDirAttrListToNewEntry(
     PVDIR_SCHEMA_CTX    pSchemaCtx,
     PSTR                pszDN,
     PSTR*               ppszAttrList,
+    BOOLEAN             bAllowAnonymousRead,
     PVDIR_ENTRY*        ppEntry
     );
 
@@ -844,6 +877,11 @@ VmDirEntryReplaceAttribute(
     PVDIR_ATTRIBUTE pNewAttr
     );
 
+DWORD
+VmDirDeleteEntry(
+    PVDIR_ENTRY pEntry
+    );
+
 // util.c
 DWORD
 VmDirToLDAPError(
@@ -885,18 +923,6 @@ VmDirUuidFromString(
     uuid_t* pGuid
 );
 
-DWORD
-VmDirFQDNToDNSize(
-    PCSTR pszFQDN,
-    UINT32 *sizeOfDN
-);
-
-DWORD
-VmDirFQDNToDN(
-    PCSTR pszFQDN,
-    PSTR* ppszDN
-);
-
 VOID
 VmDirLogStackFrame(
     int     logLevel
@@ -919,6 +945,7 @@ VmDirSrvCreateContainerWithEID(
     PVDIR_SCHEMA_CTX pSchemaCtx,
     PCSTR            pszContainerDN,
     PCSTR            pszContainerName,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDesc, // OPTIONAL
     ENTRYID          eID);
 
 DWORD
@@ -1018,6 +1045,11 @@ OrFilterResults(
     VDIR_FILTER * src,
     VDIR_FILTER * dst);
 
+VOID
+VmDirSortCandidateList(
+    VDIR_CANDIDATES *  pCl
+    );
+
 // entryencodedecode.c
 DWORD
 VmDirComputeEncodedEntrySize(
@@ -1177,6 +1209,13 @@ VmDirCreateAcl(
     ULONG AclRevision
     );
 
+DWORD
+VmDirGetAce(
+    PACL pAcl,
+    ULONG dwIndex,
+    PACE_HEADER *ppAce
+    );
+
 DWORD
 VmDirAddAccessAllowedAceEx(
     PACL Acl,
@@ -1186,6 +1225,15 @@ VmDirAddAccessAllowedAceEx(
     PSID Sid
     );
 
+DWORD
+VmDirAddAccessDeniedAceEx(
+    PACL Acl,
+    ULONG AceRevision,
+    ULONG AceFlags,
+    ACCESS_MASK AccessMask,
+    PSID Sid
+    );
+
 DWORD
 VmDirSetDaclSecurityDescriptor(
     PSECURITY_DESCRIPTOR_ABSOLUTE SecurityDescriptor,
@@ -1289,8 +1337,7 @@ VmDirSetSecurityDescriptorInfo(
 
 DWORD
 VmDirCreateSecurityDescriptorAbsolute(
-    PSECURITY_DESCRIPTOR_ABSOLUTE SecurityDescriptor,
-    ULONG Revision
+    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecurityDescriptor
     );
 
 VOID
@@ -1336,6 +1383,13 @@ VmDirAllocateSddlCStringFromSecurityDescriptor(
     PSTR* ppStringSecurityDescriptor
 );
 
+DWORD
+VmDirSetSecurityDescriptorControl(
+    PSECURITY_DESCRIPTOR_ABSOLUTE pSecurityDescriptor,
+    SECURITY_DESCRIPTOR_CONTROL BitsToChange,
+    SECURITY_DESCRIPTOR_CONTROL BitsToSet
+    );
+
 // srp.c
 DWORD
 VmDirSRPCreateSecret(
@@ -1344,22 +1398,10 @@ VmDirSRPCreateSecret(
     PVDIR_BERVALUE   pSecretResult
     );
 
-//server/common/urgentrepl.c
-BOOLEAN
-VmDirPerformUrgentReplication(
-    PVDIR_OPERATION pOperation,
-    USN currentTxnUSN
-    );
-
-VOID
-VmDirRetryUrgentReplication(
-    VOID
-    );
-
-VOID
-VmDirPerformUrgentReplIfRequired(
-    PVDIR_OPERATION pOperation,
-    USN currentTxnUSN
+// vmafdlib.c
+DWORD
+VmDirOpenVmAfdClientLib(
+    VMDIR_LIB_HANDLE*   pplibHandle
     );
 
 #ifdef __cplusplus
diff --git a/lwraft/server/include/vmacl.h b/lwraft/server/include/vmacl.h
index a83b71ae0..04ecdd3f8 100644
--- a/lwraft/server/include/vmacl.h
+++ b/lwraft/server/include/vmacl.h
@@ -72,19 +72,81 @@ extern "C" {
 // write access in order to delete child entry in a container entry
 #define VMDIR_RIGHT_DS_DELETE_CHILD ADS_RIGHT_DS_DELETE_CHILD
 
+//
+// Allows the client to delete this object, specifically (as opposed to
+// VMDIR_RIGHT_DS_DELETE_CHILD which allows the client to delete any object
+// underneath the object in question, but not the object itself).
+//
+#define VMDIR_RIGHT_DS_DELETE_OBJECT ADS_RIGHT_DELETE
+
 #define VMDIR_ENTRY_GENERIC_EXECUTE ADS_RIGHT_GENERIC_EXECUTE
 
-#define VMDIR_ENTRY_ALL_ACCESS      (VMDIR_RIGHT_DS_READ_PROP | VMDIR_RIGHT_DS_WRITE_PROP | \
-                                     VMDIR_RIGHT_DS_CREATE_CHILD | VMDIR_RIGHT_DS_DELETE_CHILD | \
-                                     VMDIR_ENTRY_GENERIC_EXECUTE)
+//
+// These two permissions control a client being able to read or write the
+// entry's security descriptor itself (the whole thing, not just the DACL,
+// despite the name).
+//
+#define VMDIR_ENTRY_READ_ACL    ADS_RIGHT_READ_CONTROL
+#define VMDIR_ENTRY_WRITE_ACL   ADS_RIGHT_WRITE_DAC
+
+#define VMDIR_ENTRY_ALL_ACCESS  \
+    (VMDIR_RIGHT_DS_READ_PROP |     \
+     VMDIR_RIGHT_DS_WRITE_PROP |    \
+     VMDIR_ENTRY_READ_ACL |         \
+     VMDIR_ENTRY_WRITE_ACL |        \
+     VMDIR_RIGHT_DS_CREATE_CHILD |  \
+     VMDIR_RIGHT_DS_DELETE_CHILD |  \
+     VMDIR_ENTRY_GENERIC_EXECUTE)
+
+#define VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD \
+    (VMDIR_RIGHT_DS_READ_PROP |      \
+     VMDIR_RIGHT_DS_WRITE_PROP |     \
+     VMDIR_ENTRY_READ_ACL |          \
+     VMDIR_ENTRY_WRITE_ACL |         \
+     VMDIR_RIGHT_DS_CREATE_CHILD |   \
+     VMDIR_ENTRY_GENERIC_EXECUTE)
+
+#define VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT \
+    (VMDIR_RIGHT_DS_READ_PROP |     \
+     VMDIR_RIGHT_DS_WRITE_PROP |    \
+     VMDIR_ENTRY_READ_ACL |         \
+     VMDIR_ENTRY_WRITE_ACL |        \
+     VMDIR_RIGHT_DS_CREATE_CHILD |  \
+     VMDIR_ENTRY_GENERIC_EXECUTE |  \
+     VMDIR_RIGHT_DS_DELETE_OBJECT)
+
+//
+// Members of the DCClients group get full access to entries under
+// "cn=services,<domain>".
+//
+#define VMDIR_DCCLIENTS_FULL_ACCESS \
+    (VMDIR_RIGHT_DS_READ_PROP |     \
+     VMDIR_RIGHT_DS_WRITE_PROP |    \
+     VMDIR_ENTRY_READ_ACL |         \
+     VMDIR_ENTRY_WRITE_ACL |        \
+     VMDIR_RIGHT_DS_CREATE_CHILD |  \
+     VMDIR_RIGHT_DS_DELETE_CHILD)
 
 // Well-known RIDs
 #define VMDIR_DOMAIN_USER_RID_ADMIN      500 // Administrator user
+#define VMDIR_DOMAIN_ADMINS_RID          512 // Domain Admins group
+#define VMDIR_DOMAIN_CLIENTS_RID         515 // Domain Users group
 #define VMDIR_DOMAIN_ALIAS_RID_ADMINS    544 // BUILTIN\Administrators group
 #define VMDIR_DOMAIN_ALIAS_RID_USERS     545 // BUILTIN\Users group
 
-// objectSid.c
+//
+// Well-known SID for a user who has connected anonymously.
+//
+#define VMDIR_ANONYMOUS_LOGON_SID "S-1-5-7"
+
+//
+// Well-known SID for a user that has authenticated, irrespective of their domain.
+// If you want to ACL something for an arbitrary logged-in user for a given
+// domain you should use <domain SID>-VMDIR_DOMAIN_ALIAS_RID_USERS.
+//
+#define VMDIR_AUTHENTICATED_USER_SID "S-1-5-11"
 
+// objectSid.c
 DWORD
 VmDirAdvanceDomainRID(
     DWORD   dwCnt
@@ -121,7 +183,6 @@ VmDirGenerateWellknownSid(
     );
 
 // libmain.c
-
 DWORD
 VmDirVmAclInit(
     VOID
@@ -133,39 +194,44 @@ VmDirVmAclShutdown(
     );
 
 // acl.c
-
 DWORD
 VmDirSrvCreateAccessTokenWithEntry(
-    PVDIR_ENTRY pEntry,
-    PACCESS_TOKEN* ppToken,
-    PSTR* ppszObjectSid /* Optional */
+    PVDIR_ENTRY     pEntry,
+    PACCESS_TOKEN*  ppToken,
+    PSTR*           ppszObjectSid
     );
 
 DWORD
 VmDirSrvAccessCheck(
-    PVDIR_OPERATION pOperation, /* optional */
-    PVDIR_ACCESS_INFO pAccessInfo,
-    PVDIR_ENTRY pEntry,
-    ACCESS_MASK AccessDesired
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    ACCESS_MASK         accessDesired
     );
 
 VOID
 VmDirAclCtxContentFree(
-    PVDIR_ACL_CTX pAclCtx
+    PVDIR_ACL_CTX   pAclCtx
     );
 
 DWORD
-VmDirSrvCreateDefaultSecDescRel(
-    PSTR                           pszSystemAdministratorDn,
-    PSTR                           pszAdminsGroupSid,
-    PSECURITY_DESCRIPTOR_RELATIVE* ppSecDescRel,
-    PULONG                         pulSecDescLength,
-    PSECURITY_INFORMATION          pSecInfo
+VmDirSrvCreateSecurityDescriptor(
+    ACCESS_MASK                 amAccess,
+    PCSTR                       pszDomainAdminDn,
+    PCSTR                       pszAdminsGroupSid,
+    PCSTR                       pszDomainAdminsGroupSid,
+    PCSTR                       pszDomainClientsGroupSid,
+    BOOLEAN                     bProtectedDacl,
+    BOOLEAN                     bAnonymousRead,
+    BOOLEAN                     bAuthenticatedRead,
+    BOOLEAN                     bServicesDacl,
+    BOOLEAN                     bTenantDomain,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     );
 
 VOID
 VmDirFreeAbsoluteSecurityDescriptor(
-    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecDesc
+    PSECURITY_DESCRIPTOR_ABSOLUTE*  ppSecDesc
     );
 
 DWORD
@@ -178,11 +244,32 @@ VmDirSrvAccessCheckIsAdminRole(
 
 BOOLEAN
 VmDirIsFailedAccessInfo(
-    PVDIR_ACCESS_INFO pAccessInfo
+    PVDIR_ACCESS_INFO   pAccessInfo
     );
 
-// security.c
+DWORD
+VmDirAddAceToSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc,
+    PCSTR pszAdminUserDn,
+    ACCESS_MASK amAccess
+    );
+
+DWORD
+VmDirGetObjectSidFromEntry(
+    PVDIR_ENTRY pEntry,
+    PSTR* ppszObjectSid, /* Optional */
+    PSID* ppSid /* Optional */
+    );
 
+DWORD
+VmDirIsBindDnMemberOfSystemDomainAdmins(
+    PVDIR_BACKEND_CTX   pBECtx,
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PBOOLEAN            pbIsMemberOfAdmins
+    );
+
+// security.c
 DWORD
 VmDirGetSecurityDescriptorForEntry(
     PVDIR_ENTRY pEntry,
@@ -193,10 +280,21 @@ VmDirGetSecurityDescriptorForEntry(
 
 DWORD
 VmDirSetSecurityDescriptorForDn(
-    PCSTR pszObjectDn,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel,
-    ULONG ulSecDescRel
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
+    );
+
+DWORD
+VmDirEntryCacheSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
+    ULONG ulSecDescToSetLen
+    );
+
+DWORD
+VmDirSetRecursiveSecurityDescriptorForDn(
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     );
 
 DWORD
@@ -207,6 +305,32 @@ VmDirSetSecurityDescriptorForEntry(
     ULONG ulSecDescRel
     );
 
+DWORD
+VmDirSetDefaultSecurityDescriptorForClass(
+    PSTR                        pszClassName,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
+    );
+
+// sdcalc.c
+DWORD
+VmDirComputeObjectSecurityDescriptor(
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ENTRY         pParentEntry
+    );
+
+// token.c
+DWORD
+VmDirSrvCreateAccessTokenForWellKnowObject(
+    PACCESS_TOKEN*  ppToken,
+    PCSTR           pszWellknownObjectSid
+    );
+
+DWORD
+VmDirSrvCreateAccessTokenForAdmin(
+    PACCESS_TOKEN*  ppToken
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/include/vmdirserver.h b/lwraft/server/include/vmdirserver.h
index ba6572ccb..dd5e99689 100644
--- a/lwraft/server/include/vmdirserver.h
+++ b/lwraft/server/include/vmdirserver.h
@@ -88,9 +88,9 @@ typedef struct _VMDIR_SERVER_GLOBALS
     VDIR_BERVALUE        invocationId;
     VDIR_BERVALUE        bvDefaultAdminDN;
     VDIR_BERVALUE        systemDomainDN;
-    VDIR_BERVALUE        delObjsContainerDN;
+    VDIR_BERVALUE        delObjsContainerDN;    //TODO, delete this
     VDIR_BERVALUE        bvDCGroupDN;
-    VDIR_BERVALUE        bvDCClientGroupDN;
+    VDIR_BERVALUE        bvDCClientGroupDN;     //TODO, delete this
     VDIR_BERVALUE        bvServicesRootDN;
     VDIR_BERVALUE        serverObjDN;
     VDIR_BERVALUE        dcAccountDN;   // Domain controller account DN
@@ -98,7 +98,7 @@ typedef struct _VMDIR_SERVER_GLOBALS
     int                  replInterval;
     int                  replPageSize;
     VDIR_BERVALUE        utdVector; // In string format, it is stored as: <serverId1>:<origUsn1>;<serverId2>:<origUsn2>;...
-    PSTR                 pszSiteName;
+    PSTR                 pszSiteName;           //TODO, delete this
     BOOLEAN              isIPV4AddressPresent;
     BOOLEAN              isIPV6AddressPresent;
     USN                  initialNextUSN; // used for server restore only
@@ -125,28 +125,24 @@ typedef struct _VMDIR_GLOBALS
     // static fields initialized during server startup.
     // their values never change, so no access protection necessary.
     PSTR                            pszBootStrapSchemaFile;
-    BOOLEAN                         bPatchSchema;
     PSTR                            pszBDBHome;
 
     BOOLEAN                         bAllowInsecureAuth;
     BOOLEAN                         bAllowAdminLockout;
     BOOLEAN                         bDisableVECSIntegration;
 
-    PDWORD                          pdwLdapListenPorts;
-    DWORD                           dwLdapListenPorts;
-    PDWORD                          pdwLdapsListenPorts;
-    DWORD                           dwLdapsListenPorts;
-    PDWORD                          pdwLdapConnectPorts;
-    DWORD                           dwLdapConnectPorts;
-    PDWORD                          pdwLdapsConnectPorts;
-    DWORD                           dwLdapsConnectPorts;
-    PSTR                            pszRestListenPort;
+    DWORD                           dwLdapPort;
+    DWORD                           dwLdapsPort;
+    // Timeout for curl requests
+    DWORD                           dwProxyCurlTimeout;
+    PSTR                            pszHTTPListenPort;
+    PSTR                            pszHTTPSListenPort;
     DWORD                           dwLdapRecvTimeoutSec;
+    BOOLEAN                         bIsLDAPPortOpen;
     // following fields are protected by mutex
     PVMDIR_MUTEX                    mutex;
     VDIR_SERVER_STATE               vmdirdState;
     PVDIR_THREAD_INFO               pSrvThrInfo;
-    BOOLEAN                         bReplNow;
 
 #if !defined(_WIN32) || defined(HAVE_DCERPC_WIN32)
     dcethread*                      pRPCServerThread;
@@ -158,8 +154,6 @@ typedef struct _VMDIR_GLOBALS
 
     BOOLEAN                         bRegisterTcpEndpoint;
 
-    PSECURITY_DESCRIPTOR_ABSOLUTE   gpVmDirSrvSD;
-
     // To synchronize creation and use of replication agreements.
     PVMDIR_MUTEX                    replAgrsMutex;
     PVMDIR_COND                     replAgrsCondition;
@@ -219,49 +213,6 @@ typedef struct _VMDIR_KRB_GLOBALS
 
 extern VMDIR_KRB_GLOBALS gVmdirKrbGlobals;
 
-typedef struct _VMDIR_URGENT_REPL
-{
-    // To Synchronize Urgent Replication Request
-    PVMDIR_MUTEX                         pUrgentReplMutex;
-    BOOLEAN                              bUrgentReplicationPending;
-    DWORD                                dwUrgentReplResponseCount;
-    DWORD                                dwUrgentReplTimeout;
-    USN                                  consensusUSN;
-    PSTR                                 pUTDVector;
-    /*
-     * Used by RPC thread to notify urgentReplicationCoordinator thread
-     * if rpc response was received.
-     */
-    PVMDIR_MUTEX                         pUrgentReplResponseRecvMutex;
-    PVMDIR_COND                          pUrgentReplResponseRecvCondition;
-    BOOLEAN                              bUrgentReplResponseRecv;
-    /*
-     * Used by writer thread to notify urgentReplicationCoordinator thread
-     * to start urgent replication cycle immediately.
-     */
-    PVMDIR_MUTEX                         pUrgentReplThreadMutex;
-    PVMDIR_COND                          pUrgentReplThreadCondition;
-    BOOLEAN                              bUrgentReplThreadPredicate;
-    /*
-     * Used by urgentReplicationCoordinator thread to notify writer threads
-     * that urgent replication cycle is completed. It is a broadcast.
-     */
-    PVMDIR_MUTEX                         pUrgentReplDoneMutex;
-    PVMDIR_COND                          pUrgentReplDoneCondition;
-    BOOLEAN                              bUrgentReplDone;
-    /*
-     * Used by RPC thread to notify Replicaton thread to start urgent repl
-     * uses bReplNow predicate for proper synchronization.
-     */
-    PVMDIR_MUTEX                         pUrgentReplStartMutex;
-    PVMDIR_COND                          pUrgentReplStartCondition;
-
-    PVMDIR_STRONG_WRITE_PARTNER_CONTENT  pUrgentReplPartnerTable;
-    PVMDIR_URGENT_REPL_SERVER_LIST       pUrgentReplServerList;
-} VMDIR_URGENT_REPL, *PVMDIR_URGENT_REPL;
-
-extern VMDIR_URGENT_REPL gVmdirUrgentRepl;
-
 typedef struct _VMDIR_TRACK_LAST_LOGIN_TIME
 {
     PVMDIR_MUTEX    pMutex;
@@ -319,43 +270,19 @@ VmDirdGetAllowInsecureAuth(
     VOID
     );
 
-VOID
-VmDirGetLdapListenPorts(
-    PDWORD* ppdwLdapListenPorts,
-    PDWORD  pdwLdapListenPorts
-    );
-
-VOID
-VmDirGetLdapsListenPorts(
-    PDWORD* ppdwLdapsListenPorts,
-    PDWORD  pdwLdapsListenPorts
-    );
-
-VOID
-VmDirGetLdapConnectPorts(
-    PDWORD* ppdwLdapConnectPorts,
-    PDWORD  pdwLdapConnectPorts
-    );
-
-VOID
-VmDirGetLdapsConnectPorts(
-    PDWORD* ppdwLdapsConnectPorts,
-    PDWORD  pdwLdapsConnectPorts
+DWORD
+VmDirGetLdapPort(
+    VOID
     );
 
 DWORD
-VmDirGetAllLdapPortsCount(
+VmDirGetLdapsPort(
     VOID
-);
-
-VOID
-VmDirdSetReplNow(
-    BOOLEAN bReplNow
     );
 
-BOOLEAN
-VmDirdGetReplNow(
-    VOID
+DWORD
+VmDirCheckPortAvailability(
+    DWORD   dwPort
     );
 
 VOID
@@ -374,307 +301,13 @@ VmDirServerStatusEntry(
     );
 
 DWORD
-VmDirReplicationStatusEntry(
+VmDirRaftStateEntry(
     PVDIR_ENTRY*    ppEntry
     );
 
-//urgentreplthread.c
-VOID
-VmDirUrgentReplSignalUrgentReplCoordinatorThreadResponseRecv(
-    VOID
-    );
-
-VOID
-VmDirUrgentReplSignalUrgentReplCoordinatorThreadStart(
-    VOID
-    );
-
-DWORD
-VmDirTimedWaitForUrgentReplDone(
-    UINT64 timeout,
-    UINT64 startTime
-    );
-
-BOOLEAN
-VmDirUrgentReplCondTimedWait(
-    VOID
-    );
-
-VOID
-VmDirUrgentReplSignal(
-    VOID
-    );
-
-//urgentrepl.c
-BOOLEAN
-VmDirdGetUrgentReplicationRequest(
-    VOID
-    );
-
-BOOLEAN
-VmDirdGetUrgentReplicationRequest_InLock(
-    VOID
-    );
-
-VOID
-VmDirdSetUrgentReplicationRequest(
-    BOOLEAN bUrgentRepl
-    );
-
-VOID
-VmDirdSetUrgentReplicationRequest_InLock(
-    BOOLEAN bUrgentRepl
-    );
-
-PVMDIR_URGENT_REPL_SERVER_LIST
-VmDirdGetUrgentReplicationServerList(
-    VOID
-    );
-
-PVMDIR_URGENT_REPL_SERVER_LIST
-VmDirdGetUrgentReplicationServerList_InLock(
-    VOID
-    );
-
-DWORD
-VmDirdAddToUrgentReplicationServerList(
-    PSTR    pszUrgentReplicationServer
-    );
-
-DWORD
-VmDirdAddToUrgentReplicationServerList_InLock(
-    PSTR    pszUrgentReplicationServer
-    );
-
-VOID
-VmDirdFreeUrgentReplicationServerList(
-    VOID
-    );
-
-VOID
-VmDirdFreeUrgentReplicationServerList_InLock(
-    VOID
-    );
-
-DWORD
-VmDirdInitiateUrgentRepl(
-    PSTR   pszServerName
-    );
-
-VOID
-VmDirSendAllUrgentReplicationResponse(
-    VOID
-    );
-
-DWORD
-VmDirdUrgentReplSetUtdVector(
-    PCSTR pUTDVector
-    );
-
-PCSTR
-VmDirdUrgentReplGetUtdVector(
-    VOID
-    );
-
-PCSTR
-VmDirdUrgentReplGetUtdVector_InLock(
-    VOID
-    );
-
-VOID
-VmDirReplUpdateUrgentReplCoordinatorTableForRequest(
-    VOID
-    );
-
-VOID
-VmDirReplUpdateUrgentReplCoordinatorTableForResponse(
-    PVMDIR_REPL_UTDVECTOR pUtdVector,
-    PCSTR pszInvocationId,
-    PSTR pszHostName
-    );
-
-VOID
-VmDirReplUpdateUrgentReplCoordinatorTableForResponse_InLock(
-    PSTR  pInvocationId,
-    USN   confirmedUSN,
-    PVMDIR_STRONG_WRITE_PARTNER_CONTENT pReplicationPartnerEntry
-    );
-
-DWORD
-VmDirReplGetUrgentReplCoordinatorTableEntry_InLock(
-    PCSTR pszRemoteServerInvocationId,
-    PSTR  pszRemoteServerName,
-    PVMDIR_STRONG_WRITE_PARTNER_CONTENT *ppReplicationPartnerEntry
-    );
-
-VOID
-VmDirReplUpdateUrgentReplCoordinatorTableForDelete(
-    PVMDIR_REPLICATION_AGREEMENT  pReplAgr
-    );
-
-VOID
-VmDirReplFreeUrgentReplCoordinatorTable(
-    VOID
-    );
-
-VOID
-VmDirReplFreeUrgentReplCoordinatorTable_InLock(
-    VOID
-    );
-
-DWORD
-VmDirReplGetUrgentReplResponseCount(
-    VOID
-    );
-
-DWORD
-VmDirReplGetUrgentReplResponseCount_InLock(
-    VOID
-    );
-
-VOID
-VmDirReplUpdateUrgentReplResponseCount(
-    VOID
-    );
-
-VOID
-VmDirReplResetUrgentReplResponseCount(
-    VOID
-    );
-
-VOID
-VmDirReplResetUrgentReplResponseCount_InLock(
-    VOID
-    );
-
-VOID
-VmDirReplSetUrgentReplResponseRecvCondition(
-    BOOLEAN bUrgentReplResponseRecv
-    );
-
-VOID
-VmDirReplSetUrgentReplResponseRecvCondition_InLock(
-    BOOLEAN bUrgentReplResponseRecv
-    );
-
-BOOLEAN
-VmDirReplGetUrgentReplResponseRecvCondition(
-    VOID
-    );
-
-BOOLEAN
-VmDirReplGetUrgentReplResponseRecvCondition_InLock(
-    VOID
-    );
-
-VOID
-VmDirReplSetUrgentReplThreadCondition(
-    BOOLEAN bUrgentReplThreadPredicate
-    );
-
-BOOLEAN
-VmDirReplGetUrgentReplThreadCondition(
-    VOID
-    );
-
-PVMDIR_STRONG_WRITE_PARTNER_CONTENT
-VmDirReplGetUrgentReplCoordinatorTable(
-    VOID
-    );
-
-PVMDIR_STRONG_WRITE_PARTNER_CONTENT
-VmDirReplGetUrgentReplCoordinatorTable_InLock(
-    VOID
-    );
-
-VOID
-VmDirReplSetUrgentReplDoneCondition(
-    BOOLEAN bUrgentReplDone
-    );
-
-VOID
-VmDirReplSetUrgentReplDoneCondition_InLock(
-    BOOLEAN bUrgentReplDone
-    );
-
-BOOLEAN
-VmDirReplGetUrgentReplDoneCondition(
-    VOID
-    );
-
-BOOLEAN
-VmDirReplGetUrgentReplDoneCondition_InLock(
-    VOID
-    );
-
-USN
-VmDirGetUrgentReplConsensus(
-    VOID
-    );
-
-USN
-VmDirGetUrgentReplConsensus_InLock(
-    VOID
-    );
-
-VOID
-VmDirSetUrgentReplConsensus_InLock(
-    USN
-    );
-
-BOOLEAN
-VmDirUrgentReplUpdateConsensus(
-    VOID
-    );
-
-DWORD
-VmDirGetUrgentReplTimeout(
-    VOID
-    );
-
-DWORD
-VmDirGetUrgentReplTimeout_InLock(
-    VOID
-    );
-
-VOID
-VmDirSetUrgentReplTimeout(
-    DWORD dwTimeout
-    );
-
-VOID
-VmDirSetUrgentReplTimeout_InLock(
-    DWORD dwTimeout
-    );
-
-BOOLEAN
-VmDirGetUrgentReplicationPending(
-    VOID
-    );
-
-BOOLEAN
-VmDirGetUrgentReplicationPending_InLock(
-    VOID
-    );
-
-VOID
-VmDirSetUrgentReplicationPending(
-    BOOLEAN bUrgentReplicationPending
-    );
-
-VOID
-VmDirSetUrgentReplicationPending_InLock(
-    BOOLEAN bUrgentReplicationPending
-    );
-
-VOID
-VmDirReplFreeUrgentReplPartnerEntry_InLock(
-    PVMDIR_STRONG_WRITE_PARTNER_CONTENT pUrgentReplPartnerTable
-    );
-
 DWORD
-VmDirGetReplicationPartnerCount(
-    VOID
+VmDirReplicationStatusEntry(
+    PVDIR_ENTRY*    ppEntry
     );
 
 // srvthr.c
diff --git a/lwraft/server/indexcfg/Makefile.am b/lwraft/server/indexcfg/Makefile.am
index cd45ac130..9e57988ef 100644
--- a/lwraft/server/indexcfg/Makefile.am
+++ b/lwraft/server/indexcfg/Makefile.am
@@ -9,19 +9,18 @@ libindexcfg_la_SOURCES = \
     indexingthr.c \
     indexupd.c \
     libmain.c \
-    progress.c \
-    vmit.c
+    progress.c
 
 libindexcfg_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libindexcfg_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/indexcfg/api.c b/lwraft/server/indexcfg/api.c
index 037d37950..d17d847db 100644
--- a/lwraft/server/indexcfg/api.c
+++ b/lwraft/server/indexcfg/api.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -69,10 +69,9 @@ VmDirIndexCfgAcquire(
     pMutex = pIndexCfg->mutex;
     VMDIR_LOCK_MUTEX(bInLock, pMutex);
 
-    if (pIndexCfg->status == VDIR_INDEXING_SCHEDULED &&
-            usage == VDIR_INDEX_READ)
+    if (pIndexCfg->status == VDIR_INDEXING_SCHEDULED)
     {
-        dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
+        goto cleanup;
     }
     else if (pIndexCfg->status == VDIR_INDEXING_IN_PROGRESS &&
             usage == VDIR_INDEX_READ)
@@ -126,19 +125,34 @@ VmDirIndexExist(
     PCSTR   pszAttrName
     )
 {
-    BOOLEAN bExist = FALSE;
+    BOOLEAN bExist = TRUE;
+    PLW_HASHMAP pCurMap = NULL;
+    PLW_HASHMAP pUpdMap = NULL;
     PVDIR_INDEX_CFG pIndexCfg = NULL;
 
-    if (!IsNullOrEmptyString(pszAttrName) &&
-            LwRtlHashMapFindKey(
-                    gVdirIndexGlobals.pIndexCfgMap,
-                    (PVOID*)&pIndexCfg,
-                    pszAttrName) == 0)
+    pCurMap = gVdirIndexGlobals.pIndexCfgMap;
+    pUpdMap = gVdirIndexGlobals.pIndexUpd ?
+            gVdirIndexGlobals.pIndexUpd->pUpdIndexCfgMap : NULL;
+
+    if (IsNullOrEmptyString(pszAttrName))
+    {
+        bExist = FALSE;
+    }
+    else
     {
-        if (pIndexCfg->status != VDIR_INDEXING_DISABLED &&
-            pIndexCfg->status != VDIR_INDEXING_DELETED)
+        if (pUpdMap)
+        {
+            LwRtlHashMapFindKey(pUpdMap, (PVOID*)&pIndexCfg, pszAttrName);
+        }
+        if (!pIndexCfg)
+        {
+            LwRtlHashMapFindKey(pCurMap, (PVOID*)&pIndexCfg, pszAttrName);
+        }
+        if (!pIndexCfg ||
+            pIndexCfg->status == VDIR_INDEXING_DISABLED ||
+            pIndexCfg->status == VDIR_INDEXING_DELETED)
         {
-            bExist = TRUE;
+            bExist = FALSE;
         }
     }
 
@@ -176,7 +190,6 @@ VmDirIndexUpdateBegin(
     )
 {
     DWORD   dwError = 0;
-    BOOLEAN bInLock = FALSE;
     PVDIR_INDEX_UPD pIndexUpd = NULL;
 
     if (!ppIndexUpd)
@@ -188,9 +201,6 @@ VmDirIndexUpdateBegin(
     dwError = VmDirIndexUpdInit(pBECtx, &pIndexUpd);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_LOCK_MUTEX(pIndexUpd->bInLock, gVdirIndexGlobals.mutex);
-    bInLock = pIndexUpd->bInLock;
-
     dwError = VmDirIndexUpdCopy(gVdirIndexGlobals.pIndexUpd, pIndexUpd);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -215,7 +225,6 @@ VmDirIndexUpdateBegin(
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d)", __FUNCTION__, dwError );
 
-    VMDIR_UNLOCK_MUTEX(bInLock, gVdirIndexGlobals.mutex);
     VmDirIndexUpdFree(pIndexUpd);
     goto cleanup;
 }
@@ -226,7 +235,6 @@ VmDirIndexUpdateCommit(
     )
 {
     DWORD   dwError = 0;
-    BOOLEAN bInLock = FALSE;
     LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
     LW_HASHMAP_PAIR pair = {NULL, NULL};
     PSTR            pszStatus = NULL;
@@ -260,12 +268,10 @@ VmDirIndexUpdateCommit(
         pIndexUpd->bHasBETxn = FALSE;
     }
 
-    bInLock = pIndexUpd->bInLock;
     VmDirIndexUpdFree(gVdirIndexGlobals.pIndexUpd);
     gVdirIndexGlobals.pIndexUpd = pIndexUpd;
 
     VmDirConditionSignal(gVdirIndexGlobals.cond);
-    VMDIR_UNLOCK_MUTEX(bInLock, gVdirIndexGlobals.mutex);
 
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s succeeded", __FUNCTION__ );
 
@@ -286,7 +292,6 @@ VmDirIndexUpdateAbort(
     )
 {
     DWORD   dwError = 0;
-    BOOLEAN bInLock = FALSE;
 
     if (!pIndexUpd)
     {
@@ -294,8 +299,6 @@ VmDirIndexUpdateAbort(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    bInLock = pIndexUpd->bInLock;
-
     if (pIndexUpd->bHasBETxn)
     {
         PVDIR_BACKEND_INTERFACE pBE = pIndexUpd->pBECtx->pBE;
@@ -308,7 +311,6 @@ VmDirIndexUpdateAbort(
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s succeeded", __FUNCTION__ );
 
 cleanup:
-    VMDIR_UNLOCK_MUTEX(bInLock, gVdirIndexGlobals.mutex);
     VmDirIndexUpdFree(pIndexUpd);
     return dwError;
 
@@ -361,6 +363,11 @@ VmDirIndexSchedule(
 
             pUpdCfg->status = VDIR_INDEXING_SCHEDULED;
         }
+        else if (pCurCfg->status == VDIR_INDEXING_DISABLED)
+        {
+            dwError = VMDIR_ERROR_BUSY;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
         else
         {
             dwError = ERROR_ALREADY_EXISTS;
@@ -461,7 +468,6 @@ VmDirIndexAddUniquenessScope(
 {
     DWORD   dwError = 0;
     DWORD   i = 0;
-    PSTR    pszUniqScope = NULL;
     PLW_HASHMAP pCurCfgMap = NULL;
     PLW_HASHMAP pUpdCfgMap = NULL;
     PVDIR_INDEX_CFG pCurCfg = NULL;
@@ -504,23 +510,8 @@ VmDirIndexAddUniquenessScope(
 
     for (i = 0; ppszUniqScopes[i]; i++)
     {
-        if (LwRtlHashMapFindKey(
-                pUpdCfg->pUniqScopes, NULL, ppszUniqScopes[i]) == 0)
-        {
-            dwError = ERROR_ALREADY_EXISTS;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    for (i = 0; ppszUniqScopes[i]; i++)
-    {
-        dwError = VmDirAllocateStringA(ppszUniqScopes[i], &pszUniqScope);
+        dwError = VmDirIndexCfgAddUniqueScopeMod(pUpdCfg, ppszUniqScopes[i]);
         BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLinkedListInsertHead(
-                pUpdCfg->pNewUniqScopes, pszUniqScope, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pszUniqScope = NULL;
     }
 
     dwError = LwRtlHashMapInsert(pUpdCfgMap, pUpdCfg->pszAttrName, pUpdCfg, NULL);
@@ -533,7 +524,6 @@ VmDirIndexAddUniquenessScope(
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d)", __FUNCTION__, dwError );
 
-    VMDIR_SAFE_FREE_MEMORY(pszUniqScope);
     VmDirFreeIndexCfg(pNewCfg);
     goto cleanup;
 }
@@ -547,7 +537,6 @@ VmDirIndexDeleteUniquenessScope(
 {
     DWORD   dwError = 0;
     DWORD   i = 0;
-    PSTR    pszUniqScope = NULL;
     PLW_HASHMAP pCurCfgMap = NULL;
     PLW_HASHMAP pUpdCfgMap = NULL;
     PVDIR_INDEX_CFG pCurCfg = NULL;
@@ -590,23 +579,8 @@ VmDirIndexDeleteUniquenessScope(
 
     for (i = 0; ppszUniqScopes[i]; i++)
     {
-        if (LwRtlHashMapFindKey(
-                pUpdCfg->pUniqScopes, NULL, ppszUniqScopes[i]) != 0)
-        {
-            dwError = VMDIR_ERROR_NOT_FOUND;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    for (i = 0; ppszUniqScopes[i]; i++)
-    {
-        dwError = VmDirAllocateStringA(ppszUniqScopes[i], &pszUniqScope);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLinkedListInsertHead(
-                pUpdCfg->pDelUniqScopes, pszUniqScope, NULL);
+        dwError = VmDirIndexCfgDeleteUniqueScopeMod(pUpdCfg, ppszUniqScopes[i]);
         BAIL_ON_VMDIR_ERROR(dwError);
-        pszUniqScope = NULL;
     }
 
     dwError = LwRtlHashMapInsert(pUpdCfgMap, pUpdCfg->pszAttrName, pUpdCfg, NULL);
@@ -619,7 +593,6 @@ VmDirIndexDeleteUniquenessScope(
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d)", __FUNCTION__, dwError );
 
-    VMDIR_SAFE_FREE_MEMORY(pszUniqScope);
     VmDirFreeIndexCfg(pNewCfg);
     goto cleanup;
 }
diff --git a/lwraft/server/indexcfg/defines.h b/lwraft/server/indexcfg/defines.h
index 7778f5bd4..c83498d22 100644
--- a/lwraft/server/indexcfg/defines.h
+++ b/lwraft/server/indexcfg/defines.h
@@ -28,13 +28,6 @@
 // NOTE: order of fields MUST stay in sync with struct definition...
 #define VDIR_INDEX_INITIALIZER                                           \
 {                                                                        \
-    {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName, ATTR_ATTR_META_DATA),                \
-        VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
-        VMDIR_SF_INIT(.bScopeEditable, FALSE),                           \
-        VMDIR_SF_INIT(.bGlobalUniq, TRUE),                               \
-        VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
-    },                                                                   \
     {                                                                    \
         VMDIR_SF_INIT(.pszAttrName, ATTR_CN),                            \
         VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY | INDEX_TYPE_SUBSTR), \
@@ -106,21 +99,14 @@
         VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
     },                                                                   \
     {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName, ATTR_USN_CHANGED),                   \
-        VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
-        VMDIR_SF_INIT(.bScopeEditable, FALSE),                           \
-        VMDIR_SF_INIT(.bGlobalUniq, TRUE),                               \
-        VMDIR_SF_INIT(.bIsNumeric, TRUE)                                 \
-    },                                                                   \
-    {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName, ATTR_ATTR_VALUE_META_DATA),          \
+        VMDIR_SF_INIT(.pszAttrName, ATTR_RAFT_LOGINDEX),                 \
         VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
         VMDIR_SF_INIT(.bScopeEditable, FALSE),                           \
-        VMDIR_SF_INIT(.bGlobalUniq, FALSE),                              \
-        VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
+        VMDIR_SF_INIT(.bGlobalUniq, TRUE ),                              \
+        VMDIR_SF_INIT(.bIsNumeric, TRUE )                                \
     },                                                                   \
     {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName, ATTR_RAFT_LOGINDEX),                 \
+        VMDIR_SF_INIT(.pszAttrName, ATTR_RAFT_LOG_CHANGED),              \
         VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
         VMDIR_SF_INIT(.bScopeEditable, FALSE),                           \
         VMDIR_SF_INIT(.bGlobalUniq, TRUE ),                              \
diff --git a/lwraft/server/indexcfg/globals.c b/lwraft/server/indexcfg/globals.c
index 46c819bb2..23d58fd76 100644
--- a/lwraft/server/indexcfg/globals.c
+++ b/lwraft/server/indexcfg/globals.c
@@ -35,7 +35,6 @@ VDIR_INDEX_GLOBALS gVdirIndexGlobals =
         VMDIR_SF_INIT(.pIndexCfgMap, NULL),
         VMDIR_SF_INIT(.pIndexUpd, NULL),
         VMDIR_SF_INIT(.bFirstboot, FALSE),
-        VMDIR_SF_INIT(.bLegacyDB, FALSE),
         VMDIR_SF_INIT(.offset, 0),
         VMDIR_SF_INIT(.pThrInfo, NULL)
     };
diff --git a/lwraft/server/indexcfg/indexcfg.c b/lwraft/server/indexcfg/indexcfg.c
index 396247a4f..5c6d48557 100644
--- a/lwraft/server/indexcfg/indexcfg.c
+++ b/lwraft/server/indexcfg/indexcfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -150,6 +150,7 @@ VmDirDefaultIndexCfgInit(
     {
         beCtx.pBE->pfnBETxnAbort(&beCtx);
     }
+    VmDirBackendCtxContentFree(&beCtx);
     VMDIR_SAFE_FREE_MEMORY(pszIdxStatus);
     return dwError;
 
@@ -236,6 +237,7 @@ VmDirCustomIndexCfgInit(
     {
         beCtx.pBE->pfnBETxnAbort(&beCtx);
     }
+    VmDirBackendCtxContentFree(&beCtx);
     VMDIR_SAFE_FREE_MEMORY(pszIdxStatus);
     return dwError;
 
@@ -284,7 +286,6 @@ VmDirIndexCfgCopy(
     pNode = pIndexCfg->pNewUniqScopes->pTail;
     while (pNode)
     {
-        PVDIR_LINKED_LIST_NODE pNextNode = pNode->pNext;
         pszOrg = (PSTR)pNode->pElement;
 
         dwError = VmDirAllocateStringA(pszOrg, &pszCpy);
@@ -295,13 +296,12 @@ VmDirIndexCfgCopy(
         BAIL_ON_VMDIR_ERROR(dwError);
         pszCpy = NULL;
 
-        pNode = pNextNode;
+        pNode = pNode->pNext;
     }
 
     pNode = pIndexCfg->pDelUniqScopes->pTail;
     while (pNode)
     {
-        PVDIR_LINKED_LIST_NODE pNextNode = pNode->pNext;
         pszOrg = (PSTR)pNode->pElement;
 
         dwError = VmDirAllocateStringA(pszOrg, &pszCpy);
@@ -312,13 +312,12 @@ VmDirIndexCfgCopy(
         BAIL_ON_VMDIR_ERROR(dwError);
         pszCpy = NULL;
 
-        pNode = pNextNode;
+        pNode = pNode->pNext;
     }
 
     pNode = pIndexCfg->pBadUniqScopes->pTail;
     while (pNode)
     {
-        PVDIR_LINKED_LIST_NODE pNextNode = pNode->pNext;
         pszOrg = (PSTR)pNode->pElement;
 
         dwError = VmDirAllocateStringA(pszOrg, &pszCpy);
@@ -329,7 +328,7 @@ VmDirIndexCfgCopy(
         BAIL_ON_VMDIR_ERROR(dwError);
         pszCpy = NULL;
 
-        pNode = pNextNode;
+        pNode = pNode->pNext;
     }
 
     pIndexCfgCpy->bDefaultIndex = pIndexCfg->bDefaultIndex;
@@ -354,6 +353,151 @@ VmDirIndexCfgCopy(
     goto cleanup;
 }
 
+DWORD
+VmDirIndexCfgAddUniqueScopeMod(
+    PVDIR_INDEX_CFG pIndexCfg,
+    PCSTR           pszUniqScope
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_LINKED_LIST   pNewScopes = NULL;
+    PVDIR_LINKED_LIST   pDelScopes = NULL;
+    PVDIR_LINKED_LIST_NODE  pNode = NULL;
+    PVDIR_LINKED_LIST_NODE  pNext = NULL;
+    PSTR    pszScopeCpy = NULL;
+
+    if (!pIndexCfg || IsNullOrEmptyString(pszUniqScope))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pNewScopes = pIndexCfg->pNewUniqScopes;
+    pDelScopes = pIndexCfg->pDelUniqScopes;
+
+    if (LwRtlHashMapFindKey(pIndexCfg->pUniqScopes, NULL, pszUniqScope))
+    {
+        pNode = pNewScopes->pTail;
+        while (pNode)
+        {
+            PSTR pszPendingScope = (PSTR)pNode->pElement;
+            pNext = pNode->pNext;
+            if (VmDirStringCompareA(pszPendingScope, pszUniqScope, FALSE) == 0)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, ERROR_ALREADY_EXISTS);
+            }
+            pNode = pNext;
+        }
+
+        dwError = VmDirAllocateStringA(pszUniqScope, &pszScopeCpy);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirLinkedListInsertHead(pNewScopes, pszScopeCpy, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pNode = pDelScopes->pTail;
+        while (pNode)
+        {
+            PSTR pszPendingScope = (PSTR)pNode->pElement;
+            pNext = pNode->pNext;
+            if (VmDirStringCompareA(pszPendingScope, pszUniqScope, FALSE) == 0)
+            {
+                dwError = VmDirLinkedListRemove(pDelScopes, pNode);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                goto cleanup;
+            }
+            pNode = pNext;
+        }
+
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_ALREADY_EXISTS);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError );
+
+    VMDIR_SAFE_FREE_MEMORY(pszScopeCpy);
+    goto cleanup;
+}
+
+DWORD
+VmDirIndexCfgDeleteUniqueScopeMod(
+    PVDIR_INDEX_CFG pIndexCfg,
+    PCSTR           pszUniqScope
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_LINKED_LIST   pNewScopes = NULL;
+    PVDIR_LINKED_LIST   pDelScopes = NULL;
+    PVDIR_LINKED_LIST_NODE  pNode = NULL;
+    PVDIR_LINKED_LIST_NODE  pNext = NULL;
+    PSTR    pszScopeCpy = NULL;
+
+    if (!pIndexCfg || IsNullOrEmptyString(pszUniqScope))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pNewScopes = pIndexCfg->pNewUniqScopes;
+    pDelScopes = pIndexCfg->pDelUniqScopes;
+
+    if (LwRtlHashMapFindKey(pIndexCfg->pUniqScopes, NULL, pszUniqScope))
+    {
+        pNode = pNewScopes->pTail;
+        while (pNode)
+        {
+            PSTR pszPendingScope = (PSTR)pNode->pElement;
+            pNext = pNode->pNext;
+            if (VmDirStringCompareA(pszPendingScope, pszUniqScope, FALSE) == 0)
+            {
+                dwError = VmDirLinkedListRemove(pNewScopes, pNode);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                goto cleanup;
+            }
+            pNode = pNext;
+        }
+
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NOT_FOUND);
+    }
+    else
+    {
+        pNode = pDelScopes->pTail;
+        while (pNode)
+        {
+            PSTR pszPendingScope = (PSTR)pNode->pElement;
+            pNext = pNode->pNext;
+            if (VmDirStringCompareA(pszPendingScope, pszUniqScope, FALSE) == 0)
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NOT_FOUND);
+            }
+            pNode = pNext;
+        }
+
+        dwError = VmDirAllocateStringA(pszUniqScope, &pszScopeCpy);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirLinkedListInsertHead(pDelScopes, pszScopeCpy, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError );
+
+    goto cleanup;
+}
+
 DWORD
 VmDirIndexCfgValidateUniqueScopeMods(
     PVDIR_INDEX_CFG pIndexCfg
@@ -454,7 +598,7 @@ VmDirIndexCfgValidateUniqueScopeMods(
                     BAIL_ON_VMDIR_ERROR(dwError);
 
                     dwError = VmDirLinkedListRemove(pNewScopes, pNode);
-                    BAIL_ON_VMDIR_ERROR(dwError);        
+                    BAIL_ON_VMDIR_ERROR(dwError);
 
                     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
                             "%s will revert the scope '%s' for attr '%s' "
@@ -608,6 +752,8 @@ VmDirIndexCfgRevertBadUniqueScopeMods(
             NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    ldapOp.bNoRaftLog = TRUE;
+
     ldapOp.pBEIF = VmDirBackendSelect(NULL);
     ldapOp.reqDn.lberbv_val = pszDn;
     ldapOp.reqDn.lberbv_len = VmDirStringLenA(pszDn);
diff --git a/lwraft/server/indexcfg/indexingtask.c b/lwraft/server/indexcfg/indexingtask.c
index c3b23fcec..0eff7c00d 100644
--- a/lwraft/server/indexcfg/indexingtask.c
+++ b/lwraft/server/indexcfg/indexingtask.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -77,9 +77,9 @@ VmDirIndexingTaskCompute(
 
     // compute offset for new task
     pBE = VmDirBackendSelect(NULL);
-    if (gVdirIndexGlobals.offset < 0)
+    if (gVdirIndexGlobals.offset < NEW_ENTRY_EID_PREFIX)
     {
-        gVdirIndexGlobals.offset = 0;
+        gVdirIndexGlobals.offset = NEW_ENTRY_EID_PREFIX;
     }
     else
     {
@@ -89,7 +89,7 @@ VmDirIndexingTaskCompute(
         gVdirIndexGlobals.offset += INDEXING_BATCH_SIZE;
         if (gVdirIndexGlobals.offset > maxEId)
         {
-            gVdirIndexGlobals.offset = 0;
+            gVdirIndexGlobals.offset = NEW_ENTRY_EID_PREFIX;
         }
     }
 
@@ -214,7 +214,6 @@ VmDirIndexingTaskPopulateIndices(
     pNode = pTask->pIndicesToPopulate->pTail;
     while (pNode)
     {
-        PVDIR_LINKED_LIST_NODE pNextNode = pNode->pNext;
         PVDIR_INDEX_CFG pIndexCfg = (PVDIR_INDEX_CFG)pNode->pElement;
 
         // open index db first if it's new
@@ -229,7 +228,7 @@ VmDirIndexingTaskPopulateIndices(
                 pIndexCfgs, pIndexCfg->pszAttrName, pIndexCfg, NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        pNode = pNextNode;
+        pNode = pNode->pNext;
     }
 
     dwError = pBE->pfnBEIndexPopulate(
@@ -272,7 +271,6 @@ VmDirIndexingTaskValidateScopes(
     pNode = pTask->pIndicesToValidate->pTail;
     while (pNode)
     {
-        PVDIR_LINKED_LIST_NODE pNextNode = pNode->pNext;
         PVDIR_INDEX_CFG pIndexCfg = (PVDIR_INDEX_CFG)pNode->pElement;
 
         dwError = VmDirIndexCfgValidateUniqueScopeMods(pIndexCfg);
@@ -284,7 +282,7 @@ VmDirIndexingTaskValidateScopes(
         dwError = VmDirIndexCfgRevertBadUniqueScopeMods(pIndexCfg);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        pNode = pNextNode;
+        pNode = pNode->pNext;
     }
 
 cleanup:
@@ -323,7 +321,6 @@ VmDirIndexingTaskDeleteIndices(
     pNode = pTask->pIndicesToDelete->pTail;
     while (pNode)
     {
-        PVDIR_LINKED_LIST_NODE pNextNode = pNode->pNext;
         PVDIR_INDEX_CFG pIndexCfg = (PVDIR_INDEX_CFG)pNode->pElement;
 
         // in case of resume, it may be already deleted
@@ -336,7 +333,7 @@ VmDirIndexingTaskDeleteIndices(
             VmDirIndexCfgClear(pIndexCfg);
         }
 
-        pNode = pNextNode;
+        pNode = pNode->pNext;
     }
 
 cleanup:
@@ -495,6 +492,7 @@ VmDirIndexingTaskRecordProgress(
     {
         beCtx.pBE->pfnBETxnAbort(&beCtx);
     }
+    VmDirBackendCtxContentFree(&beCtx);
     VMDIR_SAFE_FREE_MEMORY(pszOffset);
     VMDIR_SAFE_FREE_MEMORY(pszStatus);
     return dwError;
diff --git a/lwraft/server/indexcfg/indexingthr.c b/lwraft/server/indexcfg/indexingthr.c
index 2260c0b7e..0f8a92307 100644
--- a/lwraft/server/indexcfg/indexingthr.c
+++ b/lwraft/server/indexcfg/indexingthr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -22,15 +22,15 @@ InitializeIndexingThread(
     DWORD   dwError = 0;
 
     dwError = VmDirSrvThrInit(
-                &gVdirIndexGlobals.pThrInfo,
-                gVdirIndexGlobals.mutex,
-                gVdirIndexGlobals.cond,
-                TRUE);
+            &gVdirIndexGlobals.pThrInfo,
+            gVdirIndexGlobals.mutex,
+            gVdirIndexGlobals.cond,
+            TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateThread(
             &gVdirIndexGlobals.pThrInfo->tid,
-            FALSE,
+            gVdirIndexGlobals.pThrInfo->bJoinThr,
             VmDirIndexingThreadFun,
             gVdirIndexGlobals.pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/lwraft/server/indexcfg/indexupd.c b/lwraft/server/indexcfg/indexupd.c
index 46e7049b5..4195f6a77 100644
--- a/lwraft/server/indexcfg/indexupd.c
+++ b/lwraft/server/indexcfg/indexupd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -44,7 +44,6 @@ VmDirIndexUpdInit(
     pIndexUpd->pBECtx = pBECtx;
     pIndexUpd->bOwnBECtx = FALSE;
     pIndexUpd->bHasBETxn = FALSE;
-    pIndexUpd->bInLock = FALSE;
 
     if (!pIndexUpd->pBECtx)
     {
diff --git a/lwraft/server/indexcfg/libmain.c b/lwraft/server/indexcfg/libmain.c
index daa0b03b6..270014a1f 100644
--- a/lwraft/server/indexcfg/libmain.c
+++ b/lwraft/server/indexcfg/libmain.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -16,7 +16,7 @@
 
 DWORD
 VmDirIndexLibInit(
-    VOID
+    PVMDIR_MUTEX    pModMutex
     )
 {
     static VDIR_DEFAULT_INDEX_CFG defIdx[] = VDIR_INDEX_INITIALIZER;
@@ -24,13 +24,21 @@ VmDirIndexLibInit(
     DWORD   dwError = 0;
     DWORD   i = 0;
     PSTR    pszLastOffset = NULL;
-    ENTRYID maxEId = 0;
     VDIR_BACKEND_CTX    beCtx = {0};
     BOOLEAN             bHasTxn = FALSE;
     PVDIR_INDEX_CFG     pIndexCfg = NULL;
+    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
+    PVDIR_SCHEMA_AT_DESC    pATDesc = NULL;
 
-    dwError = VmDirAllocateMutex(&gVdirIndexGlobals.mutex);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!pModMutex)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    // pModMutex refers to gVdirSchemaGlobals.cacheModMutex,
+    // so do not free it during shutdown
+    gVdirIndexGlobals.mutex = pModMutex;
 
     dwError = VmDirAllocateCondition(&gVdirIndexGlobals.cond);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -53,17 +61,7 @@ VmDirIndexLibInit(
             &beCtx, INDEX_LAST_OFFSET_KEY, &pszLastOffset);
     if (dwError)
     {
-        dwError = beCtx.pBE->pfnBEMaxEntryId(&maxEId);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (maxEId == ENTRY_ID_SEQ_INITIAL_VALUE)
-        {
-            gVdirIndexGlobals.bFirstboot = TRUE;
-        }
-        else
-        {
-            gVdirIndexGlobals.bLegacyDB = TRUE;
-        }
+        gVdirIndexGlobals.bFirstboot = TRUE;
 
         // set index_last_offset = -1 to indicate indexing has started
         gVdirIndexGlobals.offset = -1;
@@ -80,21 +78,35 @@ VmDirIndexLibInit(
     BAIL_ON_VMDIR_ERROR(dwError);
     bHasTxn = FALSE;
 
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     // open default indices
     for (i = 0; defIdx[i].pszAttrName; i++)
     {
         dwError = VmDirDefaultIndexCfgInit(&defIdx[i], &pIndexCfg);
         BAIL_ON_VMDIR_ERROR(dwError);
 
+        // update attribute types in schema cache with their index info
+        dwError = VmDirSchemaAttrNameToDescriptor(
+                pSchemaCtx, pIndexCfg->pszAttrName, &pATDesc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirIndexCfgGetAllScopesInStrArray(
+                pIndexCfg, &pATDesc->ppszUniqueScopes);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pATDesc->dwSearchFlags |= 1;
+
+        // for free later
+        pATDesc->pLdapAt->ppszUniqueScopes = pATDesc->ppszUniqueScopes;
+        pATDesc->pLdapAt->dwSearchFlags = pATDesc->dwSearchFlags;
+
         dwError = VmDirIndexOpen(pIndexCfg);
         BAIL_ON_VMDIR_ERROR(dwError);
         pIndexCfg = NULL;
     }
 
-    // VMIT support
-    dwError = VmDirIndexLibInitVMIT();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = InitializeIndexingThread();
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -103,12 +115,17 @@ VmDirIndexLibInit(
     {
         beCtx.pBE->pfnBETxnAbort(&beCtx);
     }
+    VmDirBackendCtxContentFree(&beCtx);
+    VmDirSchemaCtxRelease(pSchemaCtx);
     VMDIR_SAFE_FREE_MEMORY(pszLastOffset);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeIndexCfg(pIndexCfg);
     goto cleanup;
@@ -186,9 +203,6 @@ VmDirIndexLibShutdown(
     VMDIR_SAFE_FREE_CONDITION(gVdirIndexGlobals.cond);
     gVdirIndexGlobals.cond = NULL;
 
-    VMDIR_SAFE_FREE_MUTEX(gVdirIndexGlobals.mutex);
     gVdirIndexGlobals.mutex = NULL;
-
     gVdirIndexGlobals.bFirstboot = FALSE;
-    gVdirIndexGlobals.bLegacyDB = FALSE;
 }
diff --git a/lwraft/server/indexcfg/progress.c b/lwraft/server/indexcfg/progress.c
index 56413609d..a63e934f0 100644
--- a/lwraft/server/indexcfg/progress.c
+++ b/lwraft/server/indexcfg/progress.c
@@ -157,17 +157,6 @@ VmDirIndexCfgRestoreProgress(
     {
         pIndexCfg->status = VDIR_INDEXING_COMPLETE;
     }
-    else if (gVdirIndexGlobals.bLegacyDB)
-    {
-        if (pBECtx->pBE->pfnBEIndexExist(pIndexCfg))
-        {
-            pIndexCfg->status = VDIR_INDEXING_COMPLETE;
-        }
-        else
-        {
-            pIndexCfg->status = VDIR_INDEXING_SCHEDULED;
-        }
-    }
     else
     {
         PSTR pszToken = NULL;
diff --git a/lwraft/server/indexcfg/prototypes.h b/lwraft/server/indexcfg/prototypes.h
index 9485a003f..e5de20e94 100644
--- a/lwraft/server/indexcfg/prototypes.h
+++ b/lwraft/server/indexcfg/prototypes.h
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -51,6 +51,18 @@ VmDirIndexCfgCopy(
     PVDIR_INDEX_CFG*    ppIndexCfgCpy
     );
 
+DWORD
+VmDirIndexCfgAddUniqueScopeMod(
+    PVDIR_INDEX_CFG pIndexCfg,
+    PCSTR           pszUniqScope
+    );
+
+DWORD
+VmDirIndexCfgDeleteUniqueScopeMod(
+    PVDIR_INDEX_CFG pIndexCfg,
+    PCSTR           pszUniqScope
+    );
+
 DWORD
 VmDirIndexCfgValidateUniqueScopeMods(
     PVDIR_INDEX_CFG pIndexCfg
@@ -173,18 +185,6 @@ VmDirIndexCfgRestoreProgress(
     PBOOLEAN            pbRestore
     );
 
-// vmit.c
-DWORD
-VmDirIndexLibInitVMIT(
-    VOID
-    );
-
-DWORD
-VmDirVMITIndexCfgInit(
-    PVDIR_DEFAULT_INDEX_CFG pDefIdxCfg,
-    PVDIR_INDEX_CFG*        ppIndexCfg
-    );
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/indexcfg/structs.h b/lwraft/server/indexcfg/structs.h
index 0fb6b7f38..7f8fb861a 100644
--- a/lwraft/server/indexcfg/structs.h
+++ b/lwraft/server/indexcfg/structs.h
@@ -44,7 +44,6 @@ typedef struct _VDIR_INDEX_GLOBALS
 
     // fields used to determine index status during bootstrap
     BOOLEAN             bFirstboot;
-    BOOLEAN             bLegacyDB;
 
     // current indexing offset
     ENTRYID             offset;
diff --git a/lwraft/server/indexcfg/vmit.c b/lwraft/server/indexcfg/vmit.c
deleted file mode 100644
index 0b66c9df7..000000000
--- a/lwraft/server/indexcfg/vmit.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-#define VMIT_INDEX                                                       \
-{                                                                        \
-    {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName,  ATTR_VMWITCUSTOMERNUMBER),          \
-        VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
-        VMDIR_SF_INIT(.bScopeEditable, TRUE),                            \
-        VMDIR_SF_INIT(.bGlobalUniq, TRUE),                               \
-        VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
-    },                                                                   \
-    {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName,  ATTR_VMWITUSERGUID),                \
-        VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
-        VMDIR_SF_INIT(.bScopeEditable, TRUE),                            \
-        VMDIR_SF_INIT(.bGlobalUniq, TRUE),                               \
-        VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
-    },                                                                   \
-    {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName, ATTR_UID),                           \
-        VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
-        VMDIR_SF_INIT(.bScopeEditable, TRUE),                            \
-        VMDIR_SF_INIT(.bGlobalUniq, TRUE),                               \
-        VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
-    },                                                                   \
-    {                                                                    \
-        VMDIR_SF_INIT(.pszAttrName, NULL),                               \
-        VMDIR_SF_INIT(.iTypes, INDEX_TYPE_EQUALITY),                     \
-        VMDIR_SF_INIT(.bScopeEditable, FALSE),                           \
-        VMDIR_SF_INIT(.bGlobalUniq, FALSE),                              \
-        VMDIR_SF_INIT(.bIsNumeric, FALSE)                                \
-    }                                                                    \
-}
-
-// VMIT support
-DWORD
-VmDirIndexLibInitVMIT(
-    VOID
-    )
-{
-    static VDIR_DEFAULT_INDEX_CFG vmitIdx[] = VMIT_INDEX;
-
-    DWORD   dwError = 0;
-    DWORD   i = 0;
-    PVDIR_INDEX_CFG pIndexCfg = NULL;
-
-    for (i = 0; vmitIdx[i].pszAttrName; i++)
-    {
-        dwError = VmDirVMITIndexCfgInit(&vmitIdx[i], &pIndexCfg);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (pIndexCfg)
-        {
-            dwError = VmDirIndexOpen(pIndexCfg);
-            BAIL_ON_VMDIR_ERROR(dwError);
-            pIndexCfg = NULL;
-        }
-    }
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeIndexCfg(pIndexCfg);
-    goto cleanup;
-}
-
-DWORD
-VmDirVMITIndexCfgInit(
-    PVDIR_DEFAULT_INDEX_CFG pDefIdxCfg,
-    PVDIR_INDEX_CFG*        ppIndexCfg
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszScope = NULL;
-    BOOLEAN bRestore = FALSE;
-    PVDIR_INDEX_CFG pIndexCfg = NULL;
-    PSTR            pszIdxStatus = NULL;
-    VDIR_BACKEND_CTX    beCtx = {0};
-    BOOLEAN             bHasTxn = FALSE;
-
-    if (!pDefIdxCfg || !ppIndexCfg)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirIndexCfgCreate(pDefIdxCfg->pszAttrName, &pIndexCfg);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    beCtx.pBE = VmDirBackendSelect(NULL);
-    if (!beCtx.pBE->pfnBEIndexExist(pIndexCfg))
-    {
-        VmDirFreeIndexCfg(pIndexCfg);
-        goto cleanup;
-    }
-
-    pIndexCfg->bDefaultIndex = TRUE;
-    pIndexCfg->bScopeEditable = pDefIdxCfg->bScopeEditable;
-    pIndexCfg->bIsNumeric = pDefIdxCfg->bIsNumeric;
-    pIndexCfg->iTypes = pDefIdxCfg->iTypes;
-
-    dwError = beCtx.pBE->pfnBETxnBegin(&beCtx, VDIR_BACKEND_TXN_WRITE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    bHasTxn = TRUE;
-
-    dwError = VmDirIndexCfgRestoreProgress(&beCtx, pIndexCfg, &bRestore);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!bRestore && pDefIdxCfg->bGlobalUniq)
-    {
-        dwError = VmDirAllocateStringA(PERSISTED_DSE_ROOT_DN, &pszScope);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = LwRtlHashMapInsert(
-                pIndexCfg->pUniqScopes, pszScope, NULL, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pszScope = NULL;
-    }
-
-    dwError = VmDirIndexCfgRecordProgress(&beCtx, pIndexCfg);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirIndexCfgStatusStringfy(pIndexCfg, &pszIdxStatus);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, pszIdxStatus );
-
-    dwError = beCtx.pBE->pfnBETxnCommit(&beCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    bHasTxn = FALSE;
-
-    *ppIndexCfg = pIndexCfg;
-
-cleanup:
-    if (bHasTxn)
-    {
-        beCtx.pBE->pfnBETxnAbort(&beCtx);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pszIdxStatus);
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_MEMORY(pszScope);
-    VmDirFreeIndexCfg(pIndexCfg);
-    goto cleanup;
-}
diff --git a/lwraft/server/kdckrb5/Makefile.am b/lwraft/server/kdckrb5/Makefile.am
index 52d39151b..96a2ac7db 100644
--- a/lwraft/server/kdckrb5/Makefile.am
+++ b/lwraft/server/kdckrb5/Makefile.am
@@ -22,13 +22,14 @@ libvmkrb5_la_SOURCES = \
     ticket.c
 
 libvmkrb5_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/lwraft/server \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/lwraft/server/kdcsrvcommon/Makefile.am b/lwraft/server/kdcsrvcommon/Makefile.am
index 2d8e8ee56..5eca1e963 100644
--- a/lwraft/server/kdcsrvcommon/Makefile.am
+++ b/lwraft/server/kdcsrvcommon/Makefile.am
@@ -13,9 +13,10 @@ libkdcsrvcommon_la_SOURCES = \
     util.c
 
 libkdcsrvcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
diff --git a/lwraft/server/kdctools/Makefile.am b/lwraft/server/kdctools/Makefile.am
index 7240d34de..2c10486bf 100644
--- a/lwraft/server/kdctools/Makefile.am
+++ b/lwraft/server/kdctools/Makefile.am
@@ -6,15 +6,16 @@ libvmkdctools_la_SOURCES = \
     parsekt.c
 
 libvmkdctools_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/kdckrb5 \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/server/vmkdc \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/server \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/lwraft/server/kdckrb5 \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/server/vmkdc \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/lwraft/server/ldap-head/Makefile.am b/lwraft/server/ldap-head/Makefile.am
index e9a324368..86d0b2287 100644
--- a/lwraft/server/ldap-head/Makefile.am
+++ b/lwraft/server/ldap-head/Makefile.am
@@ -17,6 +17,7 @@ libldap_head_la_SOURCES = \
     delete.c        \
     filter.c        \
     globals.c       \
+    metricsinit.c   \
     modify.c        \
     openssl.c       \
     operation.c     \
@@ -28,15 +29,15 @@ libldap_head_la_SOURCES = \
     unbind.c
 
 libldap_head_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
 libldap_head_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/ldap-head/add.c b/lwraft/server/ldap-head/add.c
index fcc4a91d4..50e7aaaaf 100644
--- a/lwraft/server/ldap-head/add.c
+++ b/lwraft/server/ldap-head/add.c
@@ -324,7 +324,7 @@ VmDirPerformAdd(
         (gVmdirGlobals.dwEnableRaftReferral & VMDIR_RAFT_ENABLE_UPDATE_REFERRAL) &&
         VmDirRaftNeedReferral(pOperation->reqDn.lberbv.bv_val))
     {
-       retVal = VmDirAllocateStringAVsnprintf(&pszRefStr, "%s",
+       retVal = VmDirAllocateStringPrintf(&pszRefStr, "%s",
                    pOperation->reqDn.lberbv.bv_len > 0 ? pOperation->reqDn.lberbv.bv_val:"");
        BAIL_ON_VMDIR_ERROR(retVal);
 
diff --git a/lwraft/server/ldap-head/connection.c b/lwraft/server/ldap-head/connection.c
index ba02fe34a..92962e030 100644
--- a/lwraft/server/ldap-head/connection.c
+++ b/lwraft/server/ldap-head/connection.c
@@ -72,12 +72,6 @@ NewConnection(
     Sockbuf_IO      *pSockbuf_IO
     );
 
-static DWORD
-VmDirWhichAddressPresent(
-    BOOLEAN *pIPV4AddressPresent,
-    BOOLEAN *pIPV6AddressPresent
-);
-
 static
 BOOLEAN
 _VmDirFlowCtrlThrEnter(
@@ -122,6 +116,12 @@ _VmDirPingAcceptThr(
     DWORD   dwPort
     );
 
+static
+VOID
+_VmDirUpdateErrorCount(
+    DWORD dwErrCode
+    );
+
 void
 VmDirDeleteConnection(
     VDIR_CONNECTION **conn
@@ -153,13 +153,8 @@ VmDirInitConnAcceptThread(
     )
 {
     DWORD               dwError = 0;
-    PDWORD              pdwLdapPorts = NULL;
-    DWORD               dwLdapPorts = 0;
-    PDWORD              pdwLdapsPorts = NULL;
-    DWORD               dwLdapsPorts = 0;
-    PVDIR_THREAD_INFO   pThrInfo = NULL;
-    PDWORD              pdwPort = NULL;
-    DWORD               i = 0;
+    PVDIR_THREAD_INFO   pLdapThrInfo = NULL;
+    PVDIR_THREAD_INFO   pLdapsThrInfo = NULL;
     BOOLEAN             isIPV6AddressPresent = FALSE;
     BOOLEAN             isIPV4AddressPresent = FALSE;
 
@@ -174,68 +169,39 @@ VmDirInitConnAcceptThread(
        gVmdirServerGlobals.isIPV6AddressPresent = TRUE;
     }
 
-    VmDirGetLdapListenPorts(&pdwLdapPorts, &dwLdapPorts);
-    VmDirGetLdapsListenPorts(&pdwLdapsPorts, &dwLdapsPorts);
-
-    for (i = 0; i < dwLdapPorts; i++)
-    {
-        dwError = VmDirAllocateMemory(
-                sizeof(*pThrInfo),
-                (PVOID*)&pThrInfo);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAllocateMemory(
-                sizeof(DWORD),
-                (PVOID)&pdwPort);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        *pdwPort = pdwLdapPorts[i];
-
-        dwError = VmDirSrvThrInit(
-                    &pThrInfo,
-                    gVmdirGlobals.replCycleDoneMutex,
-                    gVmdirGlobals.replCycleDoneCondition,
-                    TRUE);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirCreateThread(
-                &pThrInfo->tid,
-                FALSE,
-                vmdirConnAcceptThrFunc,
-                (PVOID)pdwPort);  // New thread owns pdwPort
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VmDirSrvThrAdd(pThrInfo);
-        pThrInfo = NULL;
-        pdwPort = NULL;
-    }
+    dwError = VmDirSrvThrInit(
+                &pLdapThrInfo,
+                gVmdirGlobals.replCycleDoneMutex,
+                gVmdirGlobals.replCycleDoneCondition,
+                TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (i = 0; gVmdirOpensslGlobals.bSSLInitialized && i < dwLdapsPorts; i++)
-    {
-        dwError = VmDirAllocateMemory(
-                sizeof(DWORD),
-                (PVOID)&pdwPort);
-        BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = VmDirCreateThread(
+            &pLdapThrInfo->tid,
+            pLdapThrInfo->bJoinThr,
+            vmdirConnAcceptThrFunc,
+            NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-        *pdwPort = pdwLdapsPorts[i];
+    VmDirSrvThrAdd(pLdapThrInfo);
+    pLdapThrInfo = NULL;
 
-        VmDirSrvThrInit(
-                &pThrInfo,
-                gVmdirGlobals.replCycleDoneMutex,     // alternative mutex
-                gVmdirGlobals.replCycleDoneCondition, // alternative cond
-                TRUE);  // join by main thr
+    dwError = VmDirSrvThrInit(
+                &pLdapsThrInfo,
+                gVmdirGlobals.replCycleDoneMutex,
+                gVmdirGlobals.replCycleDoneCondition,
+                TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirCreateThread(
-                &pThrInfo->tid,
-                FALSE,
-                vmdirSSLConnAcceptThrFunc,
-                (PVOID)pdwPort);
-        BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = VmDirCreateThread(
+            &pLdapsThrInfo->tid,
+            pLdapsThrInfo->bJoinThr,
+            vmdirSSLConnAcceptThrFunc,
+            NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-        VmDirSrvThrAdd(pThrInfo);
-        pThrInfo = NULL;
-        pdwPort = NULL;
-    }
+    VmDirSrvThrAdd(pLdapsThrInfo);
+    pLdapsThrInfo = NULL;
 
 cleanup:
 
@@ -243,9 +209,8 @@ VmDirInitConnAcceptThread(
 
 error:
 
-    VmDirSrvThrFree(pThrInfo);
-
-    VMDIR_SAFE_FREE_MEMORY(pdwPort);
+    VmDirSrvThrFree(pLdapThrInfo);
+    VmDirSrvThrFree(pLdapsThrInfo);
 
     goto cleanup;
 }
@@ -255,24 +220,11 @@ VmDirShutdownConnAcceptThread(
     VOID
     )
 {
-    PDWORD  pdwLdapPorts = NULL;
-    DWORD   dwLdapPorts = 0;
-    PDWORD  pdwLdapsPorts = NULL;
-    DWORD   dwLdapsPorts = 0;
-    DWORD   i = 0;
+    DWORD   dwLdapPort = VmDirGetLdapPort();
+    DWORD   dwLdapsPort = VmDirGetLdapsPort();
 
-    VmDirGetLdapListenPorts(&pdwLdapPorts, &dwLdapPorts);
-    VmDirGetLdapsListenPorts(&pdwLdapsPorts, &dwLdapsPorts);
-
-    for (i = 0; i < dwLdapPorts; i++)
-    {
-        _VmDirPingAcceptThr(pdwLdapPorts[i]);
-    }
-
-    for (i = 0; gVmdirOpensslGlobals.bSSLInitialized && i < dwLdapsPorts; i++)
-    {
-        _VmDirPingAcceptThr(pdwLdapsPorts[i]);
-    }
+    _VmDirPingAcceptThr(dwLdapPort);
+    _VmDirPingAcceptThr(dwLdapsPort);
 
     return;
 }
@@ -606,6 +558,9 @@ ProcessAConnection(
    int            reTries = 0;
    BOOLEAN                      bDownOpThrCount = FALSE;
    PVDIR_CONNECTION_CTX pConnCtx = NULL;
+   int            metricsTag = -1;
+   uint64_t       iStartTime = 0;
+   uint64_t       iEndTime = 0;
 
    // increment operation thread counter
    retVal = VmDirSyncCounterIncrement(gVmdirGlobals.pOperationThrSyncCounter);
@@ -695,7 +650,8 @@ ProcessAConnection(
          {
              VMDIR_LOG_INFO( LDAP_DEBUG_CONNS, "%s: ber_get_next() peer (%s) disconnected",
                  __func__, pConn->szClientIP);
-         } else
+         }
+         else
          {
              VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s: ber_get_next() call failed with errno = %d peer (%s)",
                   __func__, errno, pConn->szClientIP);
@@ -734,6 +690,8 @@ ProcessAConnection(
       //
       pConn->SuperLogRec.iStartTime = pConn->SuperLogRec.iStartTime ? pConn->SuperLogRec.iStartTime : VmDirGetTimeInMilliSec();
 
+      iStartTime = VmDirGetTimeInMilliSec();
+
       switch (tag)
       {
          case LDAP_REQ_BIND:
@@ -742,37 +700,42 @@ ProcessAConnection(
             {
                 _VmDirCollectBindSuperLog(pConn, pOperation); // ignore error
             }
-
+            metricsTag = METRICS_LDAP_OP_BIND;
             break;
 
          case LDAP_REQ_ADD:
             retVal = VmDirPerformAdd(pOperation);
+            metricsTag = METRICS_LDAP_OP_ADD;
             break;
 
          case LDAP_REQ_SEARCH:
             retVal = VmDirPerformSearch(pOperation);
+            metricsTag = METRICS_LDAP_OP_SEARCH;
             break;
 
          case LDAP_REQ_UNBIND:
             retVal = VmDirPerformUnbind(pOperation);
+            metricsTag = METRICS_LDAP_OP_UNBIND;
             break;
 
          case LDAP_REQ_MODIFY:
              retVal = VmDirPerformModify(pOperation);
+             metricsTag = METRICS_LDAP_OP_MODIFY;
              break;
 
          case LDAP_REQ_DELETE:
              retVal = VmDirPerformDelete(pOperation);
+             metricsTag = METRICS_LDAP_OP_DELETE;
              break;
 
          case LDAP_REQ_MODDN:
-              retVal = VmDirPerformRename(pOperation);
-            break;
+             retVal = VmDirPerformRename(pOperation);
+             break;
 
          case LDAP_REQ_COMPARE:
          case LDAP_REQ_ABANDON:
          case LDAP_REQ_EXTENDED:
-            VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "ProcessAConnection: Operation is not yet implemented.." );
+            VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "ProcessAConnection: %d Operation is not yet implemented..", tag);
             pOperation->ldapResult.errCode = retVal = LDAP_UNWILLING_TO_PERFORM;
             // ignore following VmDirAllocateStringA error.
             VmDirAllocateStringA( "Operation is not yet implemented.", &pOperation->ldapResult.pszErrMsg);
@@ -785,7 +748,14 @@ ProcessAConnection(
             break;
       }
 
+      iEndTime = VmDirGetTimeInMilliSec();
+      if (metricsTag >= 0)
+      {
+            VmMetricsHistogramUpdate(pLdapRequestDuration[metricsTag], VMDIR_RESPONSE_TIME(iEndTime-iStartTime));
+      }
+
       pConn->SuperLogRec.iEndTime = VmDirGetTimeInMilliSec();
+
       VmDirOPStatisticUpdate(tag, pConn->SuperLogRec.iEndTime - pConn->SuperLogRec.iStartTime);
 
       if (tag != LDAP_REQ_BIND)
@@ -795,6 +765,8 @@ ProcessAConnection(
          _VmDirScrubSuperLogContent(tag, &pConn->SuperLogRec);
       }
 
+      _VmDirUpdateErrorCount(pOperation->ldapResult.errCode);
+
       VmDirFreeOperation(pOperation);
       pOperation = NULL;
 
@@ -850,8 +822,8 @@ vmdirConnAcceptThrFunc(
     PVOID pArg
     )
 {
-    DWORD port = *((PDWORD)pArg);
-    VMDIR_SAFE_FREE_MEMORY(pArg);
+    DWORD   port = VmDirGetLdapPort();
+
     return vmdirConnAccept(&ber_sockbuf_io_tcp, port, FALSE);
 }
 
@@ -864,8 +836,8 @@ vmdirSSLConnAcceptThrFunc(
     PVOID pArg
     )
 {
-    DWORD port = *((PDWORD)pArg);
-    VMDIR_SAFE_FREE_MEMORY(pArg);
+    DWORD   port = VmDirGetLdapsPort();
+
     return vmdirConnAccept(gpVdirBerSockbufIOOpenssl, port, TRUE);
 }
 
@@ -913,6 +885,7 @@ vmdirConnAccept(
         goto cleanup;
     }
 
+    gVmdirGlobals.bIsLDAPPortOpen = TRUE;
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Connection accept thread: listening on LDAP port (%u).", dwPort);
 
     iLocalLogMask = VmDirLogGetMask();
@@ -1024,7 +997,7 @@ vmdirConnAccept(
         newsockfd = -1;
         pConnCtx->pSockbuf_IO = pSockbuf_IO;
 
-        retVal = VmDirCreateThread(&threadId, TRUE, ProcessAConnection, (PVOID)pConnCtx);
+        retVal = VmDirCreateThread(&threadId, FALSE, ProcessAConnection, (PVOID)pConnCtx);
         if (retVal != 0)
         {
             VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s: VmDirCreateThread() (port) failed with errno: %d",
@@ -1074,11 +1047,11 @@ vmdirConnAccept(
  VmDirWhichAddressPresent: Check if ipv4 or ipv6 addresses exist
  */
 
-static DWORD
+DWORD
 VmDirWhichAddressPresent(
     BOOLEAN *pIPV4AddressPresent,
     BOOLEAN *pIPV6AddressPresent
-)
+    )
 {
     int                 retVal = 0;
 #ifndef _WIN32
@@ -1378,3 +1351,106 @@ _VmDirPingAcceptThr(
 
     return;
 }
+
+static
+VOID
+_VmDirUpdateErrorCount(
+    DWORD dwErrCode
+    )
+{
+    switch (dwErrCode)
+    {
+        case LDAP_SUCCESS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SUCCESS]);
+            break;
+
+        case LDAP_UNAVAILABLE:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_UNAVAILABLE]);
+            break;
+
+        case LDAP_SERVER_DOWN:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SERVER_DOWN]);
+            break;
+
+        case LDAP_UNWILLING_TO_PERFORM:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_UNWILLING_TO_PERFORM]);
+            break;
+
+        case LDAP_INVALID_DN_SYNTAX:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INVALID_DN_SYNTAX]);
+            break;
+
+        case LDAP_NO_SUCH_ATTRIBUTE:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_NO_SUCH_ATTRIBUTE]);
+            break;
+
+        case LDAP_INVALID_SYNTAX:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INVALID_SYNTAX]);
+            break;
+
+        case LDAP_UNDEFINED_TYPE:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_UNDEFINED_TYPE]);
+            break;
+
+        case LDAP_TYPE_OR_VALUE_EXISTS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_TYPE_OR_VALUE_EXISTS]);
+            break;
+
+        case LDAP_OBJECT_CLASS_VIOLATION:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_OBJECT_CLASS_VIOLATION]);
+            break;
+
+        case LDAP_ALREADY_EXISTS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_ALREADY_EXISTS]);
+            break;
+
+        case LDAP_CONSTRAINT_VIOLATION:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_CONSTRAINT_VIOLATION]);
+            break;
+
+        case LDAP_NOT_ALLOWED_ON_NONLEAF:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_NOT_ALLOWED_ON_NONLEAF]);
+            break;
+
+        case LDAP_PROTOCOL_ERROR:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_PROTOCOL_ERROR]);
+            break;
+
+        case LDAP_INVALID_CREDENTIALS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INVALID_CREDENTIALS]);
+            break;
+
+        case LDAP_INSUFFICIENT_ACCESS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INSUFFICIENT_ACCESS]);
+            break;
+
+        case LDAP_AUTH_METHOD_NOT_SUPPORTED:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_AUTH_METHOD_NOT_SUPPORTED]);
+            break;
+
+        case LDAP_SASL_BIND_IN_PROGRESS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SASL_BIND_IN_PROGRESS]);
+            break;
+
+        case LDAP_TIMELIMIT_EXCEEDED:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_TIMELIMIT_EXCEEDED]);
+            break;
+
+        case LDAP_SIZELIMIT_EXCEEDED:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SIZELIMIT_EXCEEDED]);
+            break;
+
+        case LDAP_NO_SUCH_OBJECT:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_NO_SUCH_OBJECT]);
+            break;
+
+        case LDAP_BUSY:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_BUSY]);
+            break;
+
+        default:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_OTHER]);
+            break;
+    }
+    return;
+}
diff --git a/lwraft/server/ldap-head/controls.c b/lwraft/server/ldap-head/controls.c
index fc9eb909e..46770f2cf 100644
--- a/lwraft/server/ldap-head/controls.c
+++ b/lwraft/server/ldap-head/controls.c
@@ -32,6 +32,15 @@ _ParsePagedResultControlVal(
     VDIR_LDAP_RESULT *                  lr                  // Output
     );
 
+static
+int
+_ParseCondWriteControlVal(
+    VDIR_OPERATION *                        pOp,
+    BerValue *                              pControlBer,    // Input: control value encoded as ber
+    VDIR_CONDWRITE_CONTROL_VALUE *          pCtrlVal,        // Output
+    VDIR_LDAP_RESULT *                      pLdapResult     // Output
+    );
+
 /*
  * RFC 4511:
  * Section 4.1.1 Message Envelope:
@@ -203,6 +212,21 @@ ParseRequestControls(
                 op->showPagedResultsCtrl = *control;
             }
 
+            if (VmDirStringCompareA( (*control)->type, LDAP_CONTROL_CONDITIONAL_WRITE, TRUE ) == 0)
+            {
+                retVal = _ParseCondWriteControlVal(
+                            op,
+                            &lberBervCtlValue,
+                            &((*control)->value.condWriteCtrlVal),
+                            lr);
+                if (retVal != LDAP_SUCCESS)
+                {
+                    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
+                                                  "ParseRequestControls: _ParseConditionalWriteControlVal failed.");
+                }
+                op->pCondWriteCtrl = *control;
+            }
+
             if ( ber_scanf( op->ber, "}") == LBER_ERROR ) // end of control
             {
                 lr->errCode = LDAP_PROTOCOL_ERROR;
@@ -865,6 +889,65 @@ _ParsePagedResultControlVal(
     goto cleanup;
 }
 
+static
+int
+_ParseCondWriteControlVal(
+    VDIR_OPERATION *                        pOp,
+    BerValue *                              pControlBer,    // Input: control value encoded as ber
+    VDIR_CONDWRITE_CONTROL_VALUE *          pCtrlVal,       // Output
+    VDIR_LDAP_RESULT *                      pLdapResult     // Output
+    )
+{
+    int                 retVal = LDAP_SUCCESS;
+    BerElementBuffer    berbuf;
+    BerElement *        ber = (BerElement *)&berbuf;
+    PSTR                pszLocalErrorMsg = NULL;
+    PSTR                pszCondFilter = NULL;
+
+    if (!pOp)
+    {
+        retVal = LDAP_PROTOCOL_ERROR;
+        BAIL_ON_VMDIR_ERROR( retVal );
+    }
+
+    ber_init2( ber, pControlBer, LBER_USE_DER );
+
+    /*
+     * https://confluence.eng.vmware.com/display/LIG/Conditional+LDAP+Write+Operation
+     *
+     * The ConditionalWriteControl is a null terminated STRING wrapping the BER-encoded version of the following SEQUENCE:
+     *
+     * ControlValue ::= SEQUENCE {
+     *        ConditionalWriteFilter            OCTET STRING
+     *  }
+     */
+
+    if (ber_scanf(ber, "{a}", &pszCondFilter) == LBER_ERROR)
+    {
+        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s: ber_scanf failed while parsing filter value", __FUNCTION__);
+        pLdapResult->errCode = LDAP_PROTOCOL_ERROR;
+        retVal = LDAP_NOTICE_OF_DISCONNECT;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
+                                        "Error in reading conditional write control filter");
+    }
+
+    retVal = VmDirAllocateStringA(pszCondFilter, &(pCtrlVal->pszFilter));
+    BAIL_ON_VMDIR_ERROR(retVal);
+
+cleanup:
+    if (pszCondFilter)
+    {
+        ber_memfree(pszCondFilter);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
+
+    return retVal;
+
+error:
+    VMDIR_APPEND_ERROR_MSG(pLdapResult->pszErrMsg, pszLocalErrorMsg);
+    goto cleanup;
+}
+
 /* Generates the LdapControl to be communicated to the client
    in the case of Strong Consistency Write task */
 int
diff --git a/lwraft/server/ldap-head/defines.h b/lwraft/server/ldap-head/defines.h
index 1887034f4..e21fd991b 100644
--- a/lwraft/server/ldap-head/defines.h
+++ b/lwraft/server/ldap-head/defines.h
@@ -57,3 +57,44 @@ typedef int (*NEW_CONNECTION_FUNC)(
                 ber_socket_t      sfd,
                 VDIR_CONNECTION   **conn,
                 Sockbuf_IO        *pSockbuf_IO);
+
+typedef enum
+{
+    METRICS_LDAP_OP_BIND,
+    METRICS_LDAP_OP_SEARCH,
+    METRICS_LDAP_OP_ADD,
+    METRICS_LDAP_OP_MODIFY,
+    METRICS_LDAP_OP_DELETE,
+    METRICS_LDAP_OP_UNBIND,
+    METRICS_LDAP_OP_COUNT
+
+} METRICS_LDAP_OPS;
+
+typedef enum
+{
+    METRICS_LDAP_SUCCESS,
+    METRICS_LDAP_UNAVAILABLE,
+    METRICS_LDAP_SERVER_DOWN,
+    METRICS_LDAP_UNWILLING_TO_PERFORM,
+    METRICS_LDAP_INVALID_DN_SYNTAX,
+    METRICS_LDAP_NO_SUCH_ATTRIBUTE,
+    METRICS_LDAP_INVALID_SYNTAX,
+    METRICS_LDAP_UNDEFINED_TYPE,
+    METRICS_LDAP_TYPE_OR_VALUE_EXISTS,
+    METRICS_LDAP_OBJECT_CLASS_VIOLATION,
+    METRICS_LDAP_ALREADY_EXISTS,
+    METRICS_LDAP_CONSTRAINT_VIOLATION,
+    METRICS_LDAP_NOT_ALLOWED_ON_NONLEAF,
+    METRICS_LDAP_PROTOCOL_ERROR,
+    METRICS_LDAP_INVALID_CREDENTIALS,
+    METRICS_LDAP_INSUFFICIENT_ACCESS,
+    METRICS_LDAP_AUTH_METHOD_NOT_SUPPORTED,
+    METRICS_LDAP_SASL_BIND_IN_PROGRESS,
+    METRICS_LDAP_TIMELIMIT_EXCEEDED,
+    METRICS_LDAP_SIZELIMIT_EXCEEDED,
+    METRICS_LDAP_NO_SUCH_OBJECT,
+    METRICS_LDAP_BUSY,
+    METRICS_LDAP_OTHER,
+    METRICS_LDAP_ERROR_COUNT
+
+} METRICS_LDAP_ERRORS;
diff --git a/lwraft/server/ldap-head/delete.c b/lwraft/server/ldap-head/delete.c
index 44b9572e6..c6dd7be2b 100644
--- a/lwraft/server/ldap-head/delete.c
+++ b/lwraft/server/ldap-head/delete.c
@@ -57,7 +57,7 @@ VmDirPerformDelete(
         (gVmdirGlobals.dwEnableRaftReferral & VMDIR_RAFT_ENABLE_UPDATE_REFERRAL) &&
         VmDirRaftNeedReferral(pOperation->reqDn.lberbv.bv_val))
     {
-       retVal = VmDirAllocateStringAVsnprintf(&pszRefStr, "%s",
+       retVal = VmDirAllocateStringPrintf(&pszRefStr, "%s",
                    pOperation->reqDn.lberbv.bv_len > 0 ? pOperation->reqDn.lberbv.bv_val:"");
        BAIL_ON_VMDIR_ERROR(retVal);
 
diff --git a/lwraft/server/ldap-head/externs.h b/lwraft/server/ldap-head/externs.h
index de10398e4..3d60af607 100644
--- a/lwraft/server/ldap-head/externs.h
+++ b/lwraft/server/ldap-head/externs.h
@@ -37,3 +37,7 @@ extern BOOLEAN VmDirRaftNeedReferral(PCSTR pszReqDn);
 extern VOID VmDirSendLdapReferralResult( VDIR_OPERATION * op, PCSTR pszRefSuffix, PBOOLEAN pbRefSent);
 
 extern DWORD VmDirRaftGetLeader(PSTR *);
+
+extern PVM_METRICS_HISTOGRAM pLdapRequestDuration[];
+
+extern PVM_METRICS_COUNTER pLdapErrorCount[];
diff --git a/lwraft/server/ldap-head/filter.c b/lwraft/server/ldap-head/filter.c
index 0a91da163..7326ad115 100644
--- a/lwraft/server/ldap-head/filter.c
+++ b/lwraft/server/ldap-head/filter.c
@@ -382,6 +382,37 @@ CheckIfEntryPassesFilter(
     return retVal;
 }
 
+DWORD
+VmDirMatchEntryWithFilter(
+    PVDIR_OPERATION     pOp,
+    PVDIR_ENTRY         pEntry,
+    PCSTR               pszFilter
+    )
+{
+    DWORD           dwError = 0;
+    PVDIR_FILTER    pFilter = NULL;
+
+    if (!pOp || !pEntry || !pszFilter)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = StrFilterToFilter(pszFilter, &pFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (CheckIfEntryPassesFilter(pOp, pEntry, pFilter) != FILTER_RES_TRUE)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_LDAP_ERROR_PRE_CONDITION);
+    }
+
+cleanup:
+    DeleteFilter(pFilter);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
 void
 DeleteFilter(
     VDIR_FILTER *     f)
diff --git a/lwraft/server/ldap-head/metricsinit.c b/lwraft/server/ldap-head/metricsinit.c
new file mode 100644
index 000000000..820219270
--- /dev/null
+++ b/lwraft/server/ldap-head/metricsinit.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+PVM_METRICS_HISTOGRAM pLdapRequestDuration[METRICS_LDAP_OP_COUNT];
+
+PVM_METRICS_COUNTER pLdapErrorCount[METRICS_LDAP_ERROR_COUNT];
+
+DWORD
+VmDirLdapMetricsInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+
+    uint64_t buckets[5] = {1, 10, 100, 500, 1000};
+
+    VM_METRICS_LABEL labelOps[METRICS_LDAP_OP_COUNT][1] = {{{"operation","bind"}},
+                                        {{"operation","search"}},
+                                        {{"operation","add"}},
+                                        {{"operation","modify"}},
+                                        {{"operation","delete"}},
+                                        {{"operation","unbind"}}};
+
+    VM_METRICS_LABEL labelErrors[METRICS_LDAP_ERROR_COUNT][1] = {{{"code","LDAP_SUCCESS"}},
+                                            {{"code","LDAP_UNAVAILABLE"}},
+                                            {{"code","LDAP_SERVER_DOWN"}},
+                                            {{"code","LDAP_UNWILLING_TO_PERFORM"}},
+                                            {{"code","LDAP_INVALID_DN_SYNTAX"}},
+                                            {{"code","LDAP_NO_SUCH_ATTRIBUTE"}},
+                                            {{"code","LDAP_INVALID_SYNTAX"}},
+                                            {{"code","LDAP_UNDEFINED_TYPE"}},
+                                            {{"code","LDAP_TYPE_OR_VALUE_EXISTS"}},
+                                            {{"code","LDAP_OBJECT_CLASS_VIOLATION"}},
+                                            {{"code","LDAP_ALREADY_EXISTS"}},
+                                            {{"code","LDAP_CONSTRAINT_VIOLATION"}},
+                                            {{"code","LDAP_NOT_ALLOWED_ON_NONLEAF"}},
+                                            {{"code","LDAP_PROTOCOL_ERROR"}},
+                                            {{"code","LDAP_INVALID_CREDENTIALS"}},
+                                            {{"code","LDAP_INSUFFICIENT_ACCESS"}},
+                                            {{"code","LDAP_AUTH_METHOD_NOT_SUPPORTED"}},
+                                            {{"code","LDAP_SASL_BIND_IN_PROGRESS"}},
+                                            {{"code","LDAP_TIMELIMIT_EXCEEDED"}},
+                                            {{"code","LDAP_SIZELIMIT_EXCEEDED"}},
+                                            {{"code","LDAP_NO_SUCH_OBJECT"}},
+                                            {{"code","LDAP_BUSY"}},
+                                            {{"code","LDAP_OTHER"}}};
+
+    for (i=0; i < METRICS_LDAP_ERROR_COUNT; i++)
+    {
+        dwError = VmMetricsCounterNew(pmContext,
+                                "post_ldap_error_count",
+                                labelErrors[i], 1,
+                                "Counter for various LDAP errors",
+                                &pLdapErrorCount[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    for (i=0; i < METRICS_LDAP_OP_COUNT; i++)
+    {
+        dwError = VmMetricsHistogramNew(pmContext,
+                                "post_ldap_request_duration",
+                                labelOps[i], 1,
+                                "Histogram for LDAP Request Durations for different operations",
+                                buckets, 5,
+                                &pLdapRequestDuration[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapMetricsInit failed (%d)", dwError);
+
+    goto cleanup;
+}
diff --git a/lwraft/server/ldap-head/modify.c b/lwraft/server/ldap-head/modify.c
index 02805da8c..7a447ff9d 100644
--- a/lwraft/server/ldap-head/modify.c
+++ b/lwraft/server/ldap-head/modify.c
@@ -169,7 +169,7 @@ VmDirPerformModify(
        (gVmdirGlobals.dwEnableRaftReferral & VMDIR_RAFT_ENABLE_UPDATE_REFERRAL) &&
        VmDirRaftNeedReferral(pOperation->reqDn.lberbv.bv_val))
    {
-       retVal = VmDirAllocateStringAVsnprintf(&pszRefStr, "%s",
+       retVal = VmDirAllocateStringPrintf(&pszRefStr, "%s",
                    pOperation->reqDn.lberbv.bv_len > 0 ? pOperation->reqDn.lberbv.bv_val:"");
        BAIL_ON_VMDIR_ERROR(retVal);
 
diff --git a/lwraft/server/ldap-head/operation.c b/lwraft/server/ldap-head/operation.c
index 617d1629a..f3d78db0a 100644
--- a/lwraft/server/ldap-head/operation.c
+++ b/lwraft/server/ldap-head/operation.c
@@ -169,11 +169,6 @@ VmDirFreeOperationContent(
             VmDirSchemaCtxRelease(op->pSchemaCtx);
         }
 
-        if (op->reqControls)
-        {
-            DeleteControls(&(op->reqControls));
-        }
-
         if (op->syncDoneCtrl)
         {
             PLW_HASHTABLE_NODE      pNode = NULL;
@@ -195,6 +190,16 @@ VmDirFreeOperationContent(
             VMDIR_SAFE_FREE_MEMORY( op->syncDoneCtrl );
         }
 
+        if (op->pCondWriteCtrl)
+        {
+            VMDIR_SAFE_FREE_MEMORY(op->pCondWriteCtrl->value.condWriteCtrlVal.pszFilter);
+        }
+
+        if (op->reqControls)
+        {
+            DeleteControls(&(op->reqControls));
+        }
+
         switch (op->reqCode)
         {
             case LDAP_REQ_BIND:
diff --git a/lwraft/server/ldap-head/opstatistic.c b/lwraft/server/ldap-head/opstatistic.c
index 41e273040..637101999 100644
--- a/lwraft/server/ldap-head/opstatistic.c
+++ b/lwraft/server/ldap-head/opstatistic.c
@@ -220,7 +220,7 @@ VmDirOPStatistic(
     {
         PCSTR pszOPName = VmDirGetOperationStringFromTag(opTag);
 
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                         &pszStatistic,
                         "LDAP %10s - count:(%ld), Avg response time in MS:(%ld)",
                         pszOPName,
diff --git a/lwraft/server/ldap-head/prototypes.h b/lwraft/server/ldap-head/prototypes.h
index 89190f7a2..eadf06fcc 100644
--- a/lwraft/server/ldap-head/prototypes.h
+++ b/lwraft/server/ldap-head/prototypes.h
@@ -39,11 +39,10 @@ VmDirOPStatisticUpdate(
     uint64_t iThisTimeInMilliSecs
     );
 
-// vecs.c
+// ldapmetrics.c
 DWORD
-VmDirGetVecsMachineCert(
-    PSTR*   ppszCert,
-    PSTR*   ppszKey
+VmDirLdapMetricsInit(
+    VOID
     );
 
 #ifdef __cplusplus
diff --git a/lwraft/server/ldap-head/result.c b/lwraft/server/ldap-head/result.c
index 234d485a4..aa48260bc 100644
--- a/lwraft/server/ldap-head/result.c
+++ b/lwraft/server/ldap-head/result.c
@@ -808,8 +808,27 @@ WriteAttributes(
                     {
                         if (VmDirStringCompareA( sr->attrs[i].lberbv.bv_val, pAttr->type.lberbv.bv_val, FALSE) == 0)
                         {
-                           bSendAttribute = TRUE;
-                           break;
+                            //
+                            // Access checks for a search request requires the
+                            // caller to have VMDIR_RIGHT_DS_READ_PROP access
+                            // to the entry. This will allow them to "see" the
+                            // entry and any attributes EXCEPT for the entry's
+                            // security descriptor. The SD is goverened by a
+                            // separate permission, VMDIR_ENTRY_READ_ACL. So,
+                            // if the caller requested that attribute we have
+                            // to make sure they have the permission required.
+                            //
+                            if (VmDirStringCompareA(pAttr->type.lberbv.bv_val, ATTR_ACL_STRING, FALSE) == 0 ||
+                                VmDirStringCompareA(pAttr->type.lberbv.bv_val, ATTR_OBJECT_SECURITY_DESCRIPTOR, FALSE) == 0)
+                            {
+                                bSendAttribute = (VmDirSrvAccessCheck(op, &op->conn->AccessInfo, pEntry, VMDIR_ENTRY_READ_ACL) == 0);
+                            }
+                            else
+                            {
+                                bSendAttribute = TRUE;
+                            }
+
+                            break;
                         }
                     }
                 }
@@ -1175,10 +1194,7 @@ VmDirSendLdapReferralResult(
    PSTR             pszLeader = NULL;
    PSTR             pszRef = NULL;
    PVDIR_BERVALUE   pBerv = NULL;
-   DWORD            dwLdapsPorts = 0;
-   PDWORD           pdwLdapsPorts = NULL;
    BOOLEAN          bIsLdaps = FALSE;
-   int              i = 0;
 
    *pbRefSent = FALSE;
    (void) memset( (char *)&berbuf, '\0', sizeof( BerElementBuffer ));
@@ -1201,17 +1217,15 @@ VmDirSendLdapReferralResult(
        goto done;
    }
 
-   VmDirGetLdapsListenPorts(&pdwLdapsPorts, &dwLdapsPorts);
-   for (i = 0; i < dwLdapsPorts; i++)
+   if (op->conn->dwServerPort == VmDirGetLdapsPort())
    {
-       if (pdwLdapsPorts[i] == op->conn->dwServerPort)
-       {
-           bIsLdaps = TRUE;
-           break;
-       }
+       bIsLdaps = TRUE;
    }
 
-   dwError = VmDirAllocateStringAVsnprintf(&pszRef, "%s://%s/%s", bIsLdaps?"ldaps":"ldap", pszLeader, pszRefSuffix);
+   dwError = VmDirAllocateStringPrintf(&pszRef, "%s://%s/%s",
+               bIsLdaps ? "ldaps":"ldap",
+               pszLeader,
+               pszRefSuffix );
    BAIL_ON_VMDIR_ERROR(dwError);
 
    op->ldapResult.errCode = 0;
diff --git a/lwraft/server/ldap-head/search.c b/lwraft/server/ldap-head/search.c
index 20e506e90..9baf80f4f 100644
--- a/lwraft/server/ldap-head/search.c
+++ b/lwraft/server/ldap-head/search.c
@@ -184,6 +184,15 @@ VmDirPerformSearch(
    PVDIR_LDAP_RESULT   pResult = &(pOperation->ldapResult);
    BOOLEAN             bRefSent = FALSE;
    PSTR                pszRefStr = NULL;
+   BOOLEAN             bSetAccessInfo = FALSE;
+
+   if (pOperation->conn->AccessInfo.pszBindedObjectSid == NULL)
+   {
+       retVal = VmDirMLSetupAnonymousAccessInfo(&pOperation->conn->AccessInfo);
+       BAIL_ON_VMDIR_ERROR(retVal);
+
+       bSetAccessInfo = TRUE;
+   }
 
    // Parse base object, scope, deref alias, sizeLimit, timeLimit and typesOnly search parameters.
    if ( ber_scanf( pOperation->ber, "{miiiib", &(pOperation->reqDn.lberbv), &sr->scope, &sr->derefAlias, &sr->sizeLimit,
@@ -271,7 +280,7 @@ VmDirPerformSearch(
        VmDirRaftNeedReferral(pOperation->reqDn.lberbv.bv_val))
    {
        //Utilize ManageDsaIT Control (RFC 3297) to send local entry instead of a referral
-       retVal = VmDirAllocateStringAVsnprintf(&pszRefStr, "%s??%s",
+       retVal = VmDirAllocateStringPrintf(&pszRefStr, "%s??%s",
                    pOperation->reqDn.lberbv.bv_len > 0 ? pOperation->reqDn.lberbv.bv_val:"",
                    sr->scope==0?"base":sr->scope==1?"one":"sub");
        BAIL_ON_VMDIR_ERROR(retVal);
@@ -295,6 +304,10 @@ VmDirPerformSearch(
     {
         VmDirSendLdapResult( pOperation );
     }
+    if (bSetAccessInfo)
+    {
+        VmDirFreeAccessInfo(&pOperation->conn->AccessInfo);
+    }
     VMDIR_SAFE_FREE_MEMORY(pLberBerv);
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
     VMDIR_SAFE_FREE_MEMORY(pszRefStr);
diff --git a/lwraft/server/ldap-head/vecs.c b/lwraft/server/ldap-head/vecs.c
index bef7a1b8c..87f1ca113 100644
--- a/lwraft/server/ldap-head/vecs.c
+++ b/lwraft/server/ldap-head/vecs.c
@@ -25,13 +25,6 @@
 
 #include "includes.h"
 
-#ifdef _WIN32
-typedef HINSTANCE   VMW_LIB_HANDLE;
-#else
-#include <dlfcn.h>
-typedef VOID*       VMW_LIB_HANDLE;
-#endif
-
 // WARNING, WARNING, WARNING. It is awkward to get VECS headers via source tree structure.
 #include "../../../vmafd/include/public/vmafdtypes.h"
 #include "../../../vmafd/include/public/vmafd.h"
@@ -60,132 +53,12 @@ typedef DWORD   (*fpVecsGetKeyByAliasA)     ( PVECS_STORE, PCSTR, PCSTR, PSTR* )
 typedef DWORD   (*fpVecsCloseCertStore)     ( PVECS_STORE );
 typedef VOID    (*fpVecsFreeCertEntryA)     ( PVECS_CERT_ENTRY_A );
 
-#ifdef _WIN32
-
-#define VMAFD_VECS_CLIENT_LIBRARY   "\\libvmafdclient.dll"
-#define VMAFD_KEY_ROOT              VMAFD_CONFIG_SOFTWARE_KEY_PATH
-#define VMAFD_LIB_KEY               VMDIR_REG_KEY_INSTALL_PATH
-
-#else
-
-#define VMAFD_VECS_CLIENT_LIBRARY   "/lib64/libvmafdclient.so"
-#define VMAFD_KEY_ROOT              VMAFD_CONFIG_KEY_ROOT
-#define VMAFD_LIB_KEY               VMAFD_REG_KEY_PATH
-
-#endif
-
-static
-DWORD
-_VmDirOpenVecsLib(
-    VMW_LIB_HANDLE*   pplibHandle
-    )
-{
-    DWORD   dwError = 0;
-    VMW_LIB_HANDLE plibHandle = NULL;
-#ifdef _WIN32
-    CHAR    pszRegLibPath[VMDIR_MAX_PATH_LEN] = WIN_SYSTEM32_PATH;
-#else
-    CHAR    pszRegLibPath[VMDIR_MAX_PATH_LEN] = {0};
-#endif
-    PSTR    pszVmafdName = NULL;
-    PSTR    pszVmafdLibPath = NULL;
-
-#ifndef _WIN32
-    dwError = VmDirGetRegKeyValue( VMAFD_KEY_ROOT,
-                                   VMAFD_LIB_KEY,
-                                   pszRegLibPath,
-                                   sizeof(pszRegLibPath)-1);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // find the first vmafd in path key "/usr/lib/vmware-vmafd/...."
-    pszVmafdName = strstr(pszRegLibPath, VMAFD_NAME);
-    if (pszVmafdName == NULL)
-    {
-        dwError = VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        pszVmafdName[strlen(VMAFD_NAME)] = '\0';
-    }
-#endif
-
-    // construct full path to libvmafdclient
-    dwError = VmDirAllocateStringPrintf( &pszVmafdLibPath, "%s%s",pszRegLibPath, VMAFD_VECS_CLIENT_LIBRARY);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-#ifdef _WIN32
-    plibHandle = LoadLibrary(pszVmafdLibPath);
-    if (plibHandle == NULL)
-    {
-        VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "LoadLibrary %s failed, error code %d", pszVmafdLibPath, WSAGetLastError());
-        dwError = VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
-    }
-#else
-    plibHandle = dlopen(pszVmafdLibPath, RTLD_LAZY);
-    if (plibHandle == NULL)
-    {
-         VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "dlopen %s library failed, error msg (%s)", pszVmafdLibPath, VDIR_SAFE_STRING(dlerror()));
-         dlerror();    /* Clear any existing error */
-         dwError = VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
-    }
-#endif
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *pplibHandle = plibHandle;
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszVmafdLibPath);
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-
-static
-VOID
-_VmDirCloseVecsLib(
-    VMW_LIB_HANDLE  plibHandle
-    )
-{
-    if (plibHandle)
-    {
-#ifdef _WIN32
-        FreeLibrary(plibHandle);
-#else
-        dlclose(plibHandle);
-#endif
-    }
-
-    return;
-}
-
-static
-#ifdef _WIN32
-FARPROC WINAPI
-#else
-VOID*
-#endif
-_VmDirGetLibSym(
-    VMW_LIB_HANDLE  plibHandle,
-    PCSTR           pszFunctionName
-    )
-{
-#ifdef _WIN32
-    return GetProcAddress(plibHandle, pszFunctionName);
-#else
-    return dlsym(plibHandle, pszFunctionName);
-#endif
-}
-
 static
 DWORD
 _VmDirGetSSLCert(
-    VMW_LIB_HANDLE  plibHandle,
-    PSTR*           ppszCert,
-    PSTR*           ppszKey
+    VMDIR_LIB_HANDLE    plibHandle,
+    PSTR*               ppszCert,
+    PSTR*               ppszKey
     )
 {
     DWORD   dwError = 0;
@@ -200,15 +73,15 @@ _VmDirGetSSLCert(
     fpVecsCloseCertStore    fpCloseStore = NULL;
     fpVecsFreeCertEntryA    fpFreeEntry = NULL;
 
-    if ( (fpOpenStore = (fpVecsOpenCertStoreA) _VmDirGetLibSym(plibHandle, FN_VECS_OPEN_CERT_STORE_A) ) == NULL
+    if ( (fpOpenStore = (fpVecsOpenCertStoreA)VmDirGetLibSym(plibHandle, FN_VECS_OPEN_CERT_STORE_A)) == NULL
           ||
-         (fpGetEntry = (fpVecsGetEntryByAliasA) _VmDirGetLibSym(plibHandle, FN_VECS_GET_ENTRY_BY_ALIAS_A) ) == NULL
+         (fpGetEntry = (fpVecsGetEntryByAliasA)VmDirGetLibSym(plibHandle, FN_VECS_GET_ENTRY_BY_ALIAS_A)) == NULL
           ||
-         (fpGetKey = (fpVecsGetKeyByAliasA) _VmDirGetLibSym(plibHandle, FN_VECS_GET_KEY_BY_ALIAS_A) ) == NULL
+         (fpGetKey = (fpVecsGetKeyByAliasA)VmDirGetLibSym(plibHandle, FN_VECS_GET_KEY_BY_ALIAS_A)) == NULL
           ||
-         (fpCloseStore = (fpVecsCloseCertStore) _VmDirGetLibSym(plibHandle, FN_VECS_CLOSE_CERT_STORE) ) == NULL
+         (fpCloseStore = (fpVecsCloseCertStore)VmDirGetLibSym(plibHandle, FN_VECS_CLOSE_CERT_STORE)) == NULL
           ||
-         (fpFreeEntry = (fpVecsFreeCertEntryA) _VmDirGetLibSym(plibHandle, FN_VECS_FREE_ENTRY_A) ) == NULL
+         (fpFreeEntry = (fpVecsFreeCertEntryA)VmDirGetLibSym(plibHandle, FN_VECS_FREE_ENTRY_A)) == NULL
        )
     {
 #ifdef _WIN32
@@ -267,15 +140,15 @@ VmDirGetVecsMachineCert(
     PSTR*   ppszKey
     )
 {
-    DWORD           dwError = 0;
-    VMW_LIB_HANDLE  plibHandle = NULL;
-    PSTR            pszCert = NULL;
-    PSTR            pszKey = NULL;
+    DWORD   dwError = 0;
+    PSTR    pszCert = NULL;
+    PSTR    pszKey = NULL;
+    VMDIR_LIB_HANDLE    plibHandle = NULL;
 
-    dwError = _VmDirOpenVecsLib( &plibHandle );
+    dwError = VmDirOpenVmAfdClientLib(&plibHandle);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirGetSSLCert( plibHandle, &pszCert, &pszKey );
+    dwError = _VmDirGetSSLCert(plibHandle, &pszCert, &pszKey);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszCert = pszCert; pszCert = NULL;
@@ -284,11 +157,9 @@ VmDirGetVecsMachineCert(
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Acquired SSL Cert from VECS");
 
 cleanup:
-    _VmDirCloseVecsLib( plibHandle );
-
+    VmDirCloseLibrary(plibHandle);
     VMDIR_SAFE_FREE_MEMORY(pszCert);
     VMDIR_SAFE_FREE_MEMORY(pszKey);
-
     return dwError;
 
 error:
diff --git a/lwraft/server/mdb-store/Makefile.am b/lwraft/server/mdb-store/Makefile.am
index b40b7bf74..f54b8e2b1 100644
--- a/lwraft/server/mdb-store/Makefile.am
+++ b/lwraft/server/mdb-store/Makefile.am
@@ -6,7 +6,7 @@
 # Author: Sanjay Jain (sanjain@vmware.com)
 #         Sriram Nambakam (snambakam@vmware.com)
 #
-#    -L$(top_srcdir)/thirdparty/openldap/libraries/libmdb
+#    -L$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libmdb
 #    -lmdb
 
 noinst_LTLIBRARIES = libmdb-store.la
@@ -25,17 +25,19 @@ libmdb_store_la_SOURCES = \
     txn.c
 
 libmdb_store_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/mdb \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/mdb \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
+    @OPENSSL_INCLUDES@ \
+    -D MDB_USE_PWRITEV
 
 libmdb_store_la_LDFLAGS = \
     -static \
-    $(top_builddir)/thirdparty/openldap/libraries/mdb/liblwraftmdb.la \
+    $(top_builddir)/lwraft/thirdparty/openldap/libraries/mdb/liblwraftmdb.la \
     @LW_LDFLAGS@
diff --git a/lwraft/server/mdb-store/entry.c b/lwraft/server/mdb-store/entry.c
index 7202aa27a..de31e9fa2 100644
--- a/lwraft/server/mdb-store/entry.c
+++ b/lwraft/server/mdb-store/entry.c
@@ -133,43 +133,57 @@ VmDirMDBMaxEntryId(
 {
     DWORD           dwError = 0;
     PVDIR_DB_TXN    pTxn = NULL;
+    VDIR_DB         mdbDBi = 0;
+    PVDIR_DB_DBC    pCursor = NULL;
     MDB_val         key = {0};
     MDB_val         value  = {0};
-    unsigned char   EIDBytes[sizeof( ENTRYID )] = {0};
+    ENTRYID         eId = LOG_ENTRY_EID_PREFIX;
+    unsigned char   EIDBytes[sizeof(ENTRYID)] = {0};
 
     assert(pEId);
 
-    dwError = mdb_txn_begin( gVdirMdbGlobals.mdbEnv, NULL, MDB_RDONLY, &pTxn );
+    dwError = mdb_txn_begin(gVdirMdbGlobals.mdbEnv, NULL, MDB_RDONLY, &pTxn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    mdbDBi = gVdirMdbGlobals.mdbEntryDB.pMdbDataFiles[0].mdbDBi;
+
+    dwError = mdb_cursor_open(pTxn, mdbDBi, &pCursor);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     key.mv_data = &EIDBytes[0];
-    MDBEntryIdToDBT(BE_MDB_ENTRYID_SEQ_KEY, &key);
+    MDBEntryIdToDBT(eId, &key);
 
-    dwError =  mdb_get(pTxn, gVdirMdbGlobals.mdbSeqDBi, &key, &value);
+    dwError = mdb_cursor_get(pCursor, &key, &value, MDB_SET_RANGE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    do
+    {
+        dwError = mdb_cursor_get(pCursor, &key, &value, MDB_PREV);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        MDBDBTToEntryId(&key, &eId);
+    }
+    while (eId >= LOG_ENTRY_EID_PREFIX);
+
+    mdb_cursor_close(pCursor);
+    pCursor = NULL;
+
     dwError = mdb_txn_commit(pTxn);
     pTxn = NULL;
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    assert(value.mv_size == sizeof(ENTRYID));
-    *pEId = *((ENTRYID*)value.mv_data);
+    *pEId = eId;
 
 cleanup:
-
     return dwError;
 
 error:
-
-    if (pTxn)
-    {
-        mdb_txn_abort(pTxn);
-    }
-
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
             "VmDirMDBMaxEntryId: failed with error (%d),(%s)",
              dwError, mdb_strerror(dwError) );
 
+    mdb_cursor_close(pCursor);
+    mdb_txn_abort(pTxn);
     VMDIR_SET_BACKEND_ERROR(dwError);
     goto cleanup;
 }
diff --git a/lwraft/server/mdb-store/generic.c b/lwraft/server/mdb-store/generic.c
index eabda0a9e..b28b97087 100644
--- a/lwraft/server/mdb-store/generic.c
+++ b/lwraft/server/mdb-store/generic.c
@@ -73,7 +73,7 @@ VmDirMDBDupKeyGetValues(
     return dwError;
 
 error:
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_INFO( LDAP_DEBUG_BACKEND,
             "%s error (%d)", __FUNCTION__, dwError );
 
     VMDIR_SAFE_FREE_MEMORY(pValue);
@@ -120,7 +120,7 @@ VmDirMDBDupKeySetValues(
     return dwError;
 
 error:
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_INFO( LDAP_DEBUG_BACKEND,
             "%s error (%d)", __FUNCTION__, dwError );
 
     goto cleanup;
@@ -159,9 +159,10 @@ VmDirMDBUniqKeyGetValue(
     return dwError;
 
 error:
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_INFO( LDAP_DEBUG_BACKEND,
             "%s error (%d)", __FUNCTION__, dwError );
 
+    dwError = MDBToBackendError(dwError, MDB_NOTFOUND, VMDIR_ERROR_NOT_FOUND, pBECtx, NULL);
     VMDIR_SAFE_FREE_MEMORY(pszValue);
     goto cleanup;
 }
@@ -192,7 +193,7 @@ VmDirMDBUniqKeySetValue(
     return dwError;
 
 error:
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_INFO( LDAP_DEBUG_BACKEND,
             "%s error (%d)", __FUNCTION__, dwError );
 
     goto cleanup;
diff --git a/lwraft/server/mdb-store/init.c b/lwraft/server/mdb-store/init.c
index a800043ae..e6e846b55 100644
--- a/lwraft/server/mdb-store/init.c
+++ b/lwraft/server/mdb-store/init.c
@@ -142,7 +142,8 @@ VmDirMDBInitializeDB(
     mdb_mode_t      oflags;
     uint64_t        db_max_mapsize = BE_MDB_ENV_MAX_MEM_MAPSIZE;
     DWORD           db_max_size_mb = 0;
-    extern int      VmDirRaftCommitHook(VOID);
+    DWORD           db_chkpt_interval = 0;
+    BOOLEAN         bMdbWalEnable = TRUE;
 
     // TODO: fix the hard coded Database dir path
 #ifndef _WIN32
@@ -202,7 +203,24 @@ VmDirMDBInitializeDB(
      dwError = mdb_env_set_maxdbs ( gVdirMdbGlobals.mdbEnv, BE_MDB_ENV_MAX_DBS );
      BAIL_ON_VMDIR_ERROR( dwError );
 
-     mdb_set_commit_hook_func(gVdirMdbGlobals.mdbEnv, VmDirRaftCommitHook);
+     dwError = VmDirGetMdbChkptInterval(&db_chkpt_interval);
+     if (dwError)
+     {
+         db_chkpt_interval = VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_DEFAULT;
+         dwError = 0;
+     }
+
+     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "%s: %s is set to %d",
+        __func__, VMDIR_REG_KEY_MDB_CHKPT_INTERVAL, db_chkpt_interval);
+
+     dwError = mdb_env_set_chkpt_interval(gVdirMdbGlobals.mdbEnv, db_chkpt_interval);
+     BAIL_ON_VMDIR_ERROR( dwError );
+
+     mdb_set_raft_prepare_commit_func(gVdirMdbGlobals.mdbEnv, VmDirRaftPrepareCommit);
+
+     mdb_set_raft_post_commit_func(gVdirMdbGlobals.mdbEnv, VmDirRaftPostCommit);
+
+     mdb_set_raft_commit_fail_func(gVdirMdbGlobals.mdbEnv, VmDirRaftCommitFail);
 
 #ifdef MDB_NOTLS
      envFlags = MDB_NOTLS; // Required for versions of mdb which have this flag
@@ -221,6 +239,23 @@ VmDirMDBInitializeDB(
 #else
     oflags = GENERIC_READ|GENERIC_WRITE;
 #endif
+
+    //MDB WAL is the default mode and can be turned off with reg key MdbEnableWal set to 0
+    dwError = VmDirGetMdbWalEnable(&bMdbWalEnable);
+    if (dwError)
+    {
+        bMdbWalEnable = TRUE;
+        dwError = 0;
+    }
+
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "%s: %s is set to %s",
+      __func__, VMDIR_REG_KEY_MDB_ENABLE_WAL, bMdbWalEnable?"True":"False");
+
+    if (bMdbWalEnable)
+    {
+        envFlags |= MDB_WAL;
+    }
+
     dwError = mdb_env_open ( gVdirMdbGlobals.mdbEnv, dbHomeDir, envFlags, oflags );
 //TODO, what if open failed?  how to recover??
     BAIL_ON_VMDIR_ERROR( dwError );
@@ -418,7 +453,7 @@ MDBToBackendError(
         pBECtx->dwBEErrorCode = dwMdbError;
         VMDIR_SAFE_FREE_MEMORY(pBECtx->pszBEErrorMsg);
         // ignore error
-        VmDirAllocateStringAVsnprintf(    &pBECtx->pszBEErrorMsg,
+        VmDirAllocateStringPrintf(    &pBECtx->pszBEErrorMsg,
                                           "(%s)(%s)",
                                           mdb_strerror(dwMdbError),
                                           VDIR_SAFE_STRING(pszErrorContext));
diff --git a/lwraft/server/middle-layer/Makefile.am b/lwraft/server/middle-layer/Makefile.am
index 9fe60566c..509e48fe0 100644
--- a/lwraft/server/middle-layer/Makefile.am
+++ b/lwraft/server/middle-layer/Makefile.am
@@ -26,21 +26,22 @@ libmiddle_layer_la_SOURCES = \
     pscache.c \
     sasl.c \
     saslsockbuf.c \
+    schema.c \
     search.c \
     specialsearch.c \
     srputil.c \
     libmain.c
 
 libmiddle_layer_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
 libmiddle_layer_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/middle-layer/add.c b/lwraft/server/middle-layer/add.c
index 0ea830257..9c4ecc8e8 100644
--- a/lwraft/server/middle-layer/add.c
+++ b/lwraft/server/middle-layer/add.c
@@ -23,33 +23,10 @@ _VmDirEntryDupAttrValueCheck(
     PSTR*   ppszDupAttributeName
     );
 
-static
-int
-_VmDirGenerateAttrMetaData(
-    PVDIR_ENTRY    pEntry,
-    /* OPTIONAL, if specified, only generate metaData for that particular attribute
-     * Otherwise, generate for all attributes*/
-    PSTR           pszAttributeName
-    );
-
-int
-VmDirEntryAttrValueNormalize(
-    PVDIR_ENTRY    pEntry,
-    BOOLEAN   bIndexAttributeOnly
-    );
-
-static
-DWORD
-_VmDirAddPrepareObjectSD(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    PVDIR_ENTRY      pParentEntry
-    );
-
 int
 VmDirMLAdd(
-   PVDIR_OPERATION pOperation
-   )
+    PVDIR_OPERATION pOperation
+    )
 {
     DWORD   dwError = 0;
     PSTR    pszLocalErrMsg = NULL;
@@ -122,6 +99,13 @@ VmDirInternalAddEntry(
         BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Server in read-only mode");
     }
 
+    // make sure we have minimum DN length
+    if (pEntry->dn.lberbv_len < 3)
+    {
+        retVal = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Invalid DN length - (%u)", pEntry->dn.lberbv_len);
+    }
+
     // Make sure Attribute has its ATDesc set
     retVal = VmDirSchemaCheckSetAttrDesc(pEntry->pSchemaCtx, pEntry);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "%s",
@@ -149,10 +133,6 @@ VmDirInternalAddEntry(
         retVal = VmDirSchemaCheck(pEntry);
         BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "schema error - (%u)(%s)",
                                       retVal, VDIR_SAFE_STRING(VmDirSchemaCtxGetErrorMsg(pEntry->pSchemaCtx)) );
-
-        // Generate attributes' meta-data
-        retVal = _VmDirGenerateAttrMetaData(pEntry, NULL);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "GenerateAttributesMetaData failed - (%u)", retVal );
     }
 
     // Normalize all attribute value
@@ -253,7 +233,7 @@ VmDirInternalAddEntry(
         {
             // Skip SD in case of a replication operation (SD should exist by then anyways)
             // so that we do not manipulate data in replication operation (replicate 'purely')
-            retVal = _VmDirAddPrepareObjectSD(pOperation, pEntry, pEntry->pParentEntry);
+            retVal = VmDirComputeObjectSecurityDescriptor(&pOperation->conn->AccessInfo, pEntry, pEntry->pParentEntry);
             BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Prepare object SD failed, (%u)", retVal );
 
             // check and read lock dn referenced entries
@@ -272,6 +252,10 @@ VmDirInternalAddEntry(
             }
         }
 
+        // add vmwRaftLogChanged attribute
+        retVal = VmDirUpdateRaftLogChangedAttr(pOperation, pEntry);
+        BAIL_ON_VMDIR_ERROR(retVal);
+
         retVal = pOperation->pBEIF->pfnBEEntryAdd( pOperation->pBECtx, pEntry );
         if (retVal != 0)
         {
@@ -307,7 +291,6 @@ VmDirInternalAddEntry(
     }
 
 cleanup:
-
     {
         int iPostCommitPluginRtn = 0;
 
@@ -369,7 +352,7 @@ VmDirEntryCheckStructureRule(
                     pEntry);
     if (retVal)
     {
-        VmDirAllocateStringAVsnprintf(&pszLocalErrMsg,
+        VmDirAllocateStringPrintf(&pszLocalErrMsg,
                 "DIT Structure rule check failed. (%s)",
                 VDIR_SAFE_STRING(VmDirSchemaCtxGetErrorMsg(pEntry->pSchemaCtx)));
         retVal = VMDIR_ERROR_STRUCTURE_VIOLATION;
@@ -461,90 +444,6 @@ _VmDirEntryDupAttrValueCheck(
     return iError;
 }
 
-/* GenerateAttributesMetaData:
- *
- * Returns:
- *      LDAP_SUCCESS: On Success
- *      LDAP_OPERATIONS_ERROR: In case of an error
- *
- */
-
-static
-int
-_VmDirGenerateAttrMetaData(
-    PVDIR_ENTRY    pEntry,
-    /* OPTIONAL, if specified, only generate metaData for that particular attribute
-     * Otherwise, generate for all attributes*/
-    PSTR           pszAttributeName
-    )
-{
-    int              retVal = LDAP_SUCCESS;
-    PVDIR_ATTRIBUTE  usnCreated = NULL;
-    PVDIR_ATTRIBUTE  attrFound = NULL;
-    PVDIR_ATTRIBUTE  attr = NULL;
-    char             origTimeStamp[VMDIR_ORIG_TIME_STR_LEN];
-    PSTR             pszLocalErrMsg = NULL;
-
-    if (1)
-       return 0;
-
-    assert( pEntry );
-
-    usnCreated = VmDirEntryFindAttribute( ATTR_USN_CREATED, pEntry );
-    assert(usnCreated);
-
-    if (VmDirGenOriginatingTimeStr( origTimeStamp ) != 0)
-    {
-        retVal = VMDIR_ERROR_GENERIC;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
-                         "GenerateAttributesMetaData: VmDirGenOriginatingTimeStr() failed." );
-    }
-
-    if (gVmdirServerGlobals.invocationId.lberbv.bv_val == NULL)
-    {
-        retVal = VMDIR_ERROR_BAD_ATTRIBUTE_DATA;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
-                        "GenerateAttributesMetaData: gVmdirServerGlobals.invocationId.lberbv.bv_val not set." );
-    }
-
-    if (pszAttributeName)
-    {
-        attrFound = VmDirEntryFindAttribute( pszAttributeName, pEntry );
-        // if found such attribute, generate metadata for it, otherwise, do nothing
-        if (attrFound)
-        {
-            // Format is: <local USN>:<version no>:<originating server ID>:<originating time>:<originating USN>
-            VmDirStringNPrintFA( attrFound->metaData, sizeof( attrFound->metaData ), sizeof( attrFound->metaData ) - 1,
-                      "%s:%s:%s:%s:%s", usnCreated->vals[0].lberbv.bv_val, "1",
-                      gVmdirServerGlobals.invocationId.lberbv.bv_val, origTimeStamp, usnCreated->vals[0].lberbv.bv_val );
-
-            VmDirLog( LDAP_DEBUG_TRACE, "GenerateAttributesMetaData: DN: %s, attribute name = %s, meta data = %s",
-                      pEntry->dn.lberbv.bv_val, pszAttributeName, attrFound->metaData );
-        }
-    }
-    else
-    {
-        for (attr = pEntry->attrs; attr; attr = attr->next)
-        {
-            // Format is: <local USN>:<version no>:<originating server ID>:<originating time>:<originating USN>
-            VmDirStringNPrintFA( attr->metaData, sizeof( attr->metaData ), sizeof( attr->metaData ) - 1, "%s:%s:%s:%s:%s",
-                      usnCreated->vals[0].lberbv.bv_val, "1",
-                      gVmdirServerGlobals.invocationId.lberbv.bv_val, origTimeStamp, usnCreated->vals[0].lberbv.bv_val );
-
-            VmDirLog( LDAP_DEBUG_TRACE, "GenerateAttributesMetaData: DN: %s, attribute name = %s, meta data = %s",
-                      pEntry->dn.lberbv.bv_val, attr->type.lberbv.bv_val, attr->metaData );
-        }
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
-    return retVal;
-
-error:
-    VmDirLog(LDAP_DEBUG_ANY, VDIR_SAFE_STRING(pszLocalErrMsg) );
-    goto cleanup;
-}
-
 int
 VmDirEntryAttrValueNormalize(
     PVDIR_ENTRY     pEntry,
@@ -595,123 +494,3 @@ VmDirEntryAttrValueNormalize(
     VmDirIndexCfgRelease(pIndexCfg);
     return dwError;
 }
-
-static
-DWORD
-_VmDirAddPrepareObjectSD(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    PVDIR_ENTRY      pParentEntry
-    )
-{
-    DWORD           dwError = 0;
-    PVDIR_ATTRIBUTE pObjectSdExist = NULL;
-    PVDIR_ATTRIBUTE pAclStringAttr = NULL;
-    PVDIR_ATTRIBUTE pObjectSdAttr = NULL;
-    SECURITY_INFORMATION SecInfoAll = (OWNER_SECURITY_INFORMATION |
-                                       GROUP_SECURITY_INFORMATION |
-                                       DACL_SECURITY_INFORMATION |
-                                       SACL_SECURITY_INFORMATION);
-
-    assert(pEntry);
-
-    // If ATTR_OBJECT_SECURITY_DESCRIPTOR in the request, just use it
-    pObjectSdExist = VmDirEntryFindAttribute(  ATTR_OBJECT_SECURITY_DESCRIPTOR,  pEntry );
-    if (pObjectSdExist)
-    {
-        goto cleanup;
-    }
-
-    // If ATTR_ACL_STRING in the request, convert it to SD and use it
-    pAclStringAttr = VmDirEntryFindAttribute(  ATTR_ACL_STRING,  pEntry );
-    if (pAclStringAttr)
-    {
-        dwError = VmDirAttributeAllocate(
-                        ATTR_OBJECT_SECURITY_DESCRIPTOR,
-                        1,
-                        pEntry->pSchemaCtx,
-                        &pObjectSdAttr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = LwNtStatusToWin32Error( RtlAllocateSecurityDescriptorFromSddlCString(
-                                            (PSECURITY_DESCRIPTOR_RELATIVE*)&pObjectSdAttr->vals[0].lberbv.bv_val,
-                                            (PULONG)&pObjectSdAttr->vals[0].lberbv.bv_len,
-                                            pAclStringAttr->vals[0].lberbv.bv_val, SDDL_REVISION_1 ));
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirEntryRemoveAttribute(pEntry, ATTR_ACL_STRING);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        // If SD or ACL_STRING is not explicitly specified, use object's parent SD
-
-        if (!pParentEntry)
-        {
-            goto cleanup;
-        }
-
-        dwError = VmDirAttributeAllocate(
-                        ATTR_OBJECT_SECURITY_DESCRIPTOR,
-                        1,
-                        pEntry->pSchemaCtx,
-                        &pObjectSdAttr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirGetSecurityDescriptorForEntry(
-                        pParentEntry, SecInfoAll,
-                        (PSECURITY_DESCRIPTOR_RELATIVE*)&pObjectSdAttr->vals[0].lberbv.bv_val,
-                        (PULONG)&pObjectSdAttr->vals[0].lberbv.bv_len);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirReallocateMemoryWithInit(
-                        (PVOID)pObjectSdAttr->vals[0].lberbv.bv_val,
-                        (PVOID *)(&pObjectSdAttr->vals[0].lberbv.bv_val),
-                        pObjectSdAttr->vals[0].lberbv.bv_len+1,
-                        pObjectSdAttr->vals[0].lberbv.bv_len);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pObjectSdAttr->vals[0].bOwnBvVal = TRUE;
-
-    dwError = VmDirEntryAddAttribute(
-                    pEntry,
-                    pObjectSdAttr);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    pObjectSdAttr = NULL;
-
-    dwError = _VmDirGenerateAttrMetaData(pEntry,
-                                         ATTR_OBJECT_SECURITY_DESCRIPTOR);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-
-error:
-    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
-    {
-        // Some initial objects created during startup/vdcpromo do not have SD. Their SD is setup after cn=Administrator,...
-        // object is created
-        VMDIR_LOG_WARNING( LDAP_DEBUG_ACL, "_VmDirAddPrepareObjectSD() failed for (%s), error code (%d)",
-                           VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val), dwError );
-    }
-    else
-    {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirAddPrepareObjectSD() failed for (%s), error code (%d)",
-                         VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val), dwError );
-    }
-
-    if (pObjectSdAttr)
-    {
-        VmDirFreeAttribute(pObjectSdAttr);
-    }
-
-    // ignore if cannot find a SD from parentEntry (during instance set up
-    // parent does not have SD, until an admin can be created to generate SD
-    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
-    {
-        dwError = 0;
-    }
-
-    goto cleanup;
-}
diff --git a/lwraft/server/middle-layer/bind.c b/lwraft/server/middle-layer/bind.c
index e8e9a178b..801bdd81e 100644
--- a/lwraft/server/middle-layer/bind.c
+++ b/lwraft/server/middle-layer/bind.c
@@ -23,9 +23,9 @@ _VmDirSASLBind(
     );
 
 static
-int
-_VmDirBindSetupACL(
-    PVDIR_OPERATION  pOperation,
+DWORD
+_VmDirBindSetupAccessInfo(
+    PVDIR_ACCESS_INFO pAccessInfo,
     PVDIR_ENTRY      pEntry
     );
 
@@ -99,6 +99,11 @@ VmDirMLBind(
                break;
     }
 
+    if (pOperation->conn->bIsAnonymousBind)
+    {
+        dwError = VmDirMLSetupAnonymousAccessInfo(&pOperation->conn->AccessInfo);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
 cleanup:
 
@@ -112,9 +117,8 @@ VmDirMLBind(
             {
                 // install sasl encode/decode sockbuf i/o
                 pOperation->ldapResult.errCode = VmDirSASLSockbufInstall(
-							pOperation->conn->sb,
-                                                        pOperation->conn->pSaslInfo
-							);
+                        pOperation->conn->sb,
+                        pOperation->conn->pSaslInfo);
                 // do not bail in cleanup section.  we return ldapResult.errCode directly.
             }
 
@@ -183,7 +187,7 @@ VmDirInternalBindEntry(
     if (deadLockRetries > MAX_DEADLOCK_RETRIES)
     {
         retVal = VMDIR_ERROR_LOCK_DEADLOCK;
-        BAIL_ON_VMDIR_ERROR( retVal );
+        BAIL_ON_VMDIR_ERROR(retVal);
     }
     else
     {
@@ -230,10 +234,10 @@ VmDirInternalBindEntry(
     // transaction retry loop end.
     // ************************************************************************************
 
-    retVal = _VmDirBindSetupACL( pOperation, pEntry );
-    BAIL_ON_VMDIR_ERROR(retVal );
+    retVal = _VmDirBindSetupAccessInfo(&pOperation->conn->AccessInfo, pEntry);
+    BAIL_ON_VMDIR_ERROR(retVal);
 
-    retVal = _VmDirBindHandleFailedPassword( pOperation, pEntry );
+    retVal = _VmDirBindHandleFailedPassword(pOperation, pEntry);
     BAIL_ON_VMDIR_ERROR(retVal);
 
     // deny access if login is blocked.
@@ -271,42 +275,72 @@ VmDirInternalBindEntry(
     goto cleanup;
 }
 
-static
-int
-_VmDirBindSetupACL(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry)
+DWORD
+VmDirMLSetupAnonymousAccessInfo(
+    PVDIR_ACCESS_INFO pAccessInfo
+    )
 {
-    int     retVal = 0;
+    DWORD dwError = 0;
 
-    assert( pOperation && pEntry );
+    VmDirFreeAccessInfo(pAccessInfo);
 
-    // For instance a bind trying to overwrite a previous bind on the same connection
-    // and the previous bind's token is still in-use, the new bind request should fail
-    // return LDAP_UNWILLING_TO_PERFORM
+    dwError = VmDirSrvCreateAccessTokenForWellKnowObject(&pAccessInfo->pAccessToken,
+                                                         VMDIR_ANONYMOUS_LOGON_SID);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    VmDirFreeAccessInfo(&pOperation->conn->AccessInfo);
+    dwError = VmDirAllocateStringA(VMDIR_ANONYMOUS_LOGON_SID, &pAccessInfo->pszBindedObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    retVal = VmDirSrvCreateAccessTokenWithEntry(pEntry,
-                                                &pOperation->conn->AccessInfo.pAccessToken,
-                                                &pOperation->conn->AccessInfo.pszBindedObjectSid);
-    BAIL_ON_VMDIR_ERROR(retVal);
+    pAccessInfo->bindEID = 0;
 
-    pOperation->conn->AccessInfo.bindEID = pEntry->eId;
+    //
+    // Set these flags so that the worker routines don't try to look up our
+    // info (since we don't have a real user to search against). Since we're
+    // anonymous we know we're not in any of these groups.
+    //
+    pAccessInfo->accessRoleBitmap = VDIR_ACCESS_DCGROUP_MEMBER_VALID_INFO |
+                                    VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO |
+                                    VDIR_ACCESS_ADMIN_MEMBER_VALID_INFO;
 
-    retVal = VmDirAllocateStringA(BERVAL_NORM_VAL(pEntry->dn),
-                                  &pOperation->conn->AccessInfo.pszNormBindedDn);
-    BAIL_ON_VMDIR_ERROR(retVal);
+cleanup:
+    return dwError;
 
-    retVal = VmDirAllocateStringA(pEntry->dn.lberbv.bv_val,
-                                  &pOperation->conn->AccessInfo.pszBindedDn);
-    BAIL_ON_VMDIR_ERROR(retVal);
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "(%s) failed: (%u)", __FUNCTION__, dwError);
+    VmDirFreeAccessInfo(pAccessInfo);
+    goto cleanup;
+}
+
+DWORD
+_VmDirBindSetupAccessInfo(
+    PVDIR_ACCESS_INFO pAccessInfo,
+    PVDIR_ENTRY pEntry
+    )
+{
+    DWORD dwError = 0;
+
+    VmDirFreeAccessInfo(pAccessInfo);
+
+    dwError = VmDirSrvCreateAccessTokenWithEntry(pEntry,
+                                                 &pAccessInfo->pAccessToken,
+                                                 &pAccessInfo->pszBindedObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pAccessInfo->bindEID = pEntry->eId;
+
+    dwError = VmDirAllocateStringA(BERVAL_NORM_VAL(pEntry->dn),
+                                   &pAccessInfo->pszNormBindedDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(pEntry->dn.lberbv.bv_val,
+                                   &pAccessInfo->pszBindedDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    return retVal;
+    return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "(%s) failed: (%u)", __FUNCTION__, retVal);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "(%s) failed: (%u)", __FUNCTION__, dwError);
     goto cleanup;
 }
 
@@ -451,7 +485,7 @@ _VmDirSASLBind(
              &&
              VmDirSimpleDNToEntry( pOperation->reqDn.lberbv_val, &pLocalEntry ) == 0
              &&
-             _VmDirBindSetupACL( pOperation, pLocalEntry ) == 0
+             _VmDirBindSetupAccessInfo( &pOperation->conn->AccessInfo, pLocalEntry ) == 0
            )
         {
             pOperation->conn->pSaslInfo->vmdirCode = VMDIR_ERROR_USER_INVALID_CREDENTIAL;
diff --git a/lwraft/server/middle-layer/computedattribute.c b/lwraft/server/middle-layer/computedattribute.c
index aa29d218f..cbb96d1f9 100644
--- a/lwraft/server/middle-layer/computedattribute.c
+++ b/lwraft/server/middle-layer/computedattribute.c
@@ -47,7 +47,23 @@
     },                                                                                          \
     {                                                                                           \
     VMDIR_SF_INIT(.pszComputedAttributeName, ATTR_REF),                                         \
-    VMDIR_SF_INIT(.pfnComputedAttr, _VmDirBuildRefAttribute)                          \
+    VMDIR_SF_INIT(.pfnComputedAttr, _VmDirBuildRefAttribute)                                    \
+    },                                                                                          \
+    {                                                                                           \
+    VMDIR_SF_INIT(.pszComputedAttributeName, ATTR_RAFT_LEADER),                                 \
+    VMDIR_SF_INIT(.pfnComputedAttr, _VmDirBuildRaftLeaderAttribute)                             \
+    },                                                                                          \
+    {                                                                                           \
+    VMDIR_SF_INIT(.pszComputedAttributeName, ATTR_RAFT_FOLLOWERS),                              \
+    VMDIR_SF_INIT(.pfnComputedAttr, _VmDirBuildRaftFollowersAttribute)                          \
+    },                                                                                          \
+    {                                                                                           \
+    VMDIR_SF_INIT(.pszComputedAttributeName, ATTR_RAFT_MEMBERS),                                \
+    VMDIR_SF_INIT(.pfnComputedAttr, _VmDirBuildRaftMembersAttribute)                            \
+    },                                                                                          \
+    {                                                                                           \
+    VMDIR_SF_INIT(.pszComputedAttributeName, ATTR_RAFT_STATE),                                  \
+    VMDIR_SF_INIT(.pfnComputedAttr, _VmDirBuildRaftStateAttribute)                              \
     },                                                                                          \
 }
 
@@ -91,6 +107,38 @@ _VmDirBuildRefAttribute(
     PVDIR_ATTRIBUTE*    ppComputedAttr
     );
 
+static
+DWORD
+_VmDirBuildRaftLeaderAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    );
+
+static
+DWORD
+_VmDirBuildRaftFollowersAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    );
+
+static
+DWORD
+_VmDirBuildRaftMembersAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    );
+
+static
+DWORD
+_VmDirBuildRaftStateAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    );
+
 DWORD
 VmDirBuildComputedAttribute(
     PVDIR_OPERATION     pOperation,
@@ -344,7 +392,7 @@ _VmDirBuildRefAttribute(
         goto cleanup;
     }
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszRef, "%s://%s/", "ldap", pszLeader);
+    dwError = VmDirAllocateStringPrintf(&pszRef, "%s://%s/", "ldap", pszLeader);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAttributeAllocate( ATTR_REF, 1, pOperation->pSchemaCtx, &pRefAttr);
@@ -366,3 +414,186 @@ _VmDirBuildRefAttribute(
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildRefAttribute (%u)", dwError);
     goto cleanup;
 }
+
+static
+DWORD
+_VmDirBuildRaftLeaderAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    )
+{
+    DWORD dwError = 0;
+    PSTR pLeader = NULL;
+    PVDIR_ATTRIBUTE pLeaderAttr = NULL;
+
+    dwError = VmDirRaftGetLeaderString(&pLeader);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pLeader==NULL)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirAttributeAllocate(ATTR_RAFT_LEADER, 1, pOperation->pSchemaCtx, &pLeaderAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pLeaderAttr->vals[0].lberbv_val = pLeader;
+    pLeaderAttr->vals[0].lberbv_len = VmDirStringLenA(pLeader);
+    pLeaderAttr->vals[0].bOwnBvVal = TRUE;
+    pLeader = NULL;
+    *ppComputedAttr = pLeaderAttr;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pLeader);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildRaftLeaderAttribute (%u)", dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirBuildRaftFollowersAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    )
+{
+    DWORD dwError = 0;
+    DEQUE followers = {0};
+    PSTR pFollower = NULL;
+    int attrCnt = 0;
+    PVDIR_ATTRIBUTE pFollowersAttr = NULL;
+    int i = 0;
+
+    dwError = VmDirRaftGetFollowers(&followers);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    attrCnt = followers.iSize;
+
+    if (attrCnt==0)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirAttributeAllocate(ATTR_RAFT_FOLLOWERS, attrCnt, pOperation->pSchemaCtx, &pFollowersAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    while(!dequeIsEmpty(&followers))
+    {
+        dequePopLeft(&followers, (PVOID*)&pFollower);
+        pFollowersAttr->vals[i].lberbv_len = VmDirStringLenA(pFollower);
+        pFollowersAttr->vals[i].lberbv_val = pFollower;
+        pFollowersAttr->vals[i].bOwnBvVal = TRUE;
+        pFollower = NULL;
+        i++;
+    }
+    *ppComputedAttr = pFollowersAttr;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirFreeAttribute(pFollowersAttr);
+    dequeFreeStringContents(&followers);
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildRaftFollowersAttribute(%u)", dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirBuildRaftMembersAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    )
+{
+    DWORD dwError = 0;
+    DEQUE members = {0};
+    PVDIR_ATTRIBUTE pMembersAttr = NULL;
+    PSTR pMember = NULL;
+    int attrCnt = 0;
+    int i = 0;
+
+    dwError = VmDirRaftGetMembers(&members);
+    attrCnt = members.iSize;
+    if (attrCnt==0)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirAttributeAllocate(ATTR_RAFT_MEMBERS, attrCnt, pOperation->pSchemaCtx, &pMembersAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    while(!dequeIsEmpty(&members))
+    {
+        dequePopLeft(&members, (PVOID*)&pMember);
+        pMembersAttr->vals[i].lberbv_len = VmDirStringLenA(pMember);
+        pMembersAttr->vals[i].lberbv_val = pMember;
+        pMembersAttr->vals[i].bOwnBvVal = TRUE;
+        pMember = NULL;
+        i++;
+    }
+
+    *ppComputedAttr = pMembersAttr;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirFreeAttribute(pMembersAttr);
+    dequeFreeStringContents(&members);
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildRaftMembersAttribute(%u)", dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirBuildRaftStateAttribute(
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ATTRIBUTE*    ppComputedAttr
+    )
+{
+    DWORD dwError = 0;
+    DEQUE stateQueue = {0};
+    PSTR pState = NULL;
+    int attrCnt = 0;
+    PVDIR_ATTRIBUTE pStatesAttr = NULL;
+    int i = 0;
+
+    dwError = VmDirRaftGetState(&stateQueue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    attrCnt = stateQueue.iSize;
+
+    if (attrCnt==0)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirAttributeAllocate(ATTR_RAFT_STATE, attrCnt, pOperation->pSchemaCtx, &pStatesAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    while(!dequeIsEmpty(&stateQueue))
+    {
+        dequePopLeft(&stateQueue, (PVOID*)&pState);
+        pStatesAttr->vals[i].lberbv_len = VmDirStringLenA(pState);
+        pStatesAttr->vals[i].lberbv_val = pState;
+        pStatesAttr->vals[i].bOwnBvVal = TRUE;
+        pState = NULL;
+        i++;
+    }
+    *ppComputedAttr = pStatesAttr;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirFreeAttribute(pStatesAttr);
+    dequeFreeStringContents(&stateQueue);
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildRaftStatesAttribute(%u)", dwError);
+    goto cleanup;
+}
diff --git a/lwraft/server/middle-layer/defines.h b/lwraft/server/middle-layer/defines.h
index 04e118102..ec34ac7d5 100644
--- a/lwraft/server/middle-layer/defines.h
+++ b/lwraft/server/middle-layer/defines.h
@@ -56,7 +56,7 @@
     {                                                               \
         if (pszErrMsg == NULL)                                      \
         {                                                           \
-            VmDirAllocateStringAVsnprintf(                          \
+            VmDirAllocateStringPrintf(                              \
                             &(pszErrMsg),                           \
                             Format,                                 \
                             ##__VA_ARGS__);                         \
diff --git a/lwraft/server/middle-layer/delete.c b/lwraft/server/middle-layer/delete.c
index 5944a3cb2..0d697a7aa 100644
--- a/lwraft/server/middle-layer/delete.c
+++ b/lwraft/server/middle-layer/delete.c
@@ -31,12 +31,6 @@ GenerateDeleteAttrsMods(
     VDIR_ENTRY *    pEntry
     );
 
-static
-BOOLEAN
-VmDirIsProtectedEntry(
-    PVDIR_ENTRY pEntry
-    );
-
 int
 VmDirMLDelete(
     PVDIR_OPERATION    pOperation
@@ -109,6 +103,13 @@ VmDirInternalDeleteEntry(
         BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Server in read-only mode" );
     }
 
+    // make sure we have minimum DN length
+    if (delReq->dn.lberbv_len < 3)
+    {
+        retVal = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Invalid DN length - (%u)", delReq->dn.lberbv_len);
+    }
+
     // Normalize DN
     retVal = VmDirNormalizeDN( &(delReq->dn), pOperation->pSchemaCtx );
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "DN normalization failed - (%u)(%s)",
@@ -219,22 +220,30 @@ VmDirInternalDeleteEntry(
             pParentEntry = NULL;
         }
 
-        // SJ-TBD: Once ACLs are enabled, following check should go in ACLs logic.
-        if (VmDirIsInternalEntry( pEntry ) || VmDirIsProtectedEntry(pEntry))
+        //
+        // The delete will succeed if the caller either has the explicit right
+        // to delete this object or if they have the right to delete children
+        // of this object's parent.
+        //
+        retVal = VmDirSrvAccessCheck(
+                    pOperation,
+                    &pOperation->conn->AccessInfo,
+                    pEntry,
+                    VMDIR_RIGHT_DS_DELETE_OBJECT);
+        if (retVal != ERROR_SUCCESS && pEntry->pParentEntry)
         {
-            retVal = VMDIR_ERROR_UNWILLING_TO_PERFORM;
-            BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "An internal entry (%s) can NOT be deleted.",
-                                          pEntry->dn.lberbv_val );
-        }
-
-        // only when there is parent Entry, ACL check is done
-        if (pEntry->pParentEntry)
-        {
-            retVal = VmDirSrvAccessCheck( pOperation, &pOperation->conn->AccessInfo, pEntry->pParentEntry,
-                                          VMDIR_RIGHT_DS_DELETE_CHILD);
-            BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "VmDirSrvAccessCheck failed - (%u)(%s)",
-                                          retVal, VMDIR_ACCESS_DENIED_ERROR_MSG);
+            retVal = VmDirSrvAccessCheck(
+                        pOperation,
+                        &pOperation->conn->AccessInfo,
+                        pEntry->pParentEntry,
+                        VMDIR_RIGHT_DS_DELETE_CHILD);
         }
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                retVal,
+                pszLocalErrMsg,
+                "VmDirSrvAccessCheck failed - (%u)(%s)",
+                retVal,
+                VMDIR_ACCESS_DENIED_ERROR_MSG);
 
         // Make sure it is a leaf node
         retVal = pOperation->pBEIF->pfnBEChkIsLeafEntry(
@@ -295,7 +304,6 @@ VmDirInternalDeleteEntry(
                     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "BEEntryDelete (%u)(%s)",
                                                   retVal, VDIR_SAFE_STRING(pOperation->pBEErrorMsg));
             }
-
         }
 
         // Use normalized DN value
@@ -507,18 +515,18 @@ GenerateDeleteAttrsMods(
     int                 retVal = 0;
     VDIR_MODIFICATION * delMod = NULL;
     VDIR_ATTRIBUTE *    attr = NULL;
-    VDIR_BERVALUE       deletedObjDN = VDIR_BERVALUE_INIT;
     ModifyReq *         modReq = &(pOperation->request.modifyReq);
 
-    for ( attr = pEntry->attrs; attr != NULL; attr = attr->next )
+    for (attr = pEntry->attrs; attr != NULL; attr = attr->next)
     {
         if (VmDirStringCompareA(attr->type.lberbv.bv_val, ATTR_DN, FALSE) == 0)
         {
             continue;
         }
 
-        retVal = VmDirAllocateMemory( sizeof( VDIR_MODIFICATION ), (PVOID *)&(delMod) );
-        BAIL_ON_VMDIR_ERROR( retVal );
+        retVal = VmDirAllocateMemory(
+                sizeof(VDIR_MODIFICATION), (PVOID*)&delMod);
+        BAIL_ON_VMDIR_ERROR(retVal);
 
         delMod->operation = MOD_OP_DELETE;
 
@@ -532,85 +540,19 @@ GenerateDeleteAttrsMods(
         modReq->mods = delMod;
         modReq->numMods++;
     }
-    retVal = VmDirAppendAMod( pOperation, MOD_OP_DELETE, ATTR_DN, ATTR_DN_LEN,
-                              pOperation->request.deleteReq.dn.lberbv.bv_val,
-                              pOperation->request.deleteReq.dn.lberbv.bv_len);
+
+    retVal = VmDirAppendAMod(
+            pOperation,
+            MOD_OP_DELETE,
+            ATTR_DN,
+            ATTR_DN_LEN,
+            pOperation->request.deleteReq.dn.lberbv.bv_val,
+            pOperation->request.deleteReq.dn.lberbv.bv_len);
     BAIL_ON_VMDIR_ERROR( retVal );
 
 cleanup:
-    VmDirFreeMemory( deletedObjDN.lberbv.bv_val );
-
     return retVal;
 
 error:
     goto cleanup;
 }
-
-BOOLEAN
-VmDirIsProtectedEntry(
-    PVDIR_ENTRY pEntry
-    )
-{
-    BOOLEAN bResult = FALSE;
-    PCSTR pszDomainDn = NULL;
-    PCSTR pszEntryDn = NULL;
-    size_t domainDnLen = 0;
-    size_t entryDnLen = 0;
-
-    const CHAR szAdministrators[] = "cn=Administrators,cn=Builtin";
-    const CHAR szCertGroup[] =      "cn=CAAdmins,cn=Builtin";
-    const CHAR szDCAdminsGroup[] =  "cn=DCAdmins,cn=Builtin";
-    const CHAR szUsersGroup[] =     "cn=Users,cn=Builtin";
-    const CHAR szAdministrator[] =  "cn=Administrator,cn=Users";
-    const CHAR szDCClientsGroup[] = "cn=DCClients,cn=Builtin";
-
-    if (pEntry == NULL)
-    {
-        goto error;
-    }
-
-    pszDomainDn = gVmdirServerGlobals.systemDomainDN.lberbv.bv_val;
-    if (pszDomainDn == NULL)
-    {
-        goto error;
-    }
-
-    pszEntryDn = pEntry->dn.lberbv.bv_val;
-    if (pszEntryDn == NULL)
-    {
-        goto error;
-    }
-
-    entryDnLen = strlen(pszEntryDn);
-    domainDnLen = strlen(pszDomainDn);
-
-    if (entryDnLen <= domainDnLen)
-    {
-        goto error;
-    }
-
-    if (pszEntryDn[(entryDnLen - domainDnLen) - 1] != ',')
-    {
-        goto error;
-    }
-
-    // Make sure system DN matches
-    if (VmDirStringCompareA(&pszEntryDn[entryDnLen - domainDnLen], pszDomainDn, FALSE))
-    {
-        goto error;
-    }
-
-    if (!VmDirStringNCompareA(pszEntryDn, szAdministrators, sizeof(szAdministrators) - 1, FALSE) ||
-        !VmDirStringNCompareA(pszEntryDn, szCertGroup, sizeof(szCertGroup) - 1, FALSE) ||
-        !VmDirStringNCompareA(pszEntryDn, szDCAdminsGroup, sizeof(szDCAdminsGroup) - 1, FALSE) ||
-        !VmDirStringNCompareA(pszEntryDn, szUsersGroup, sizeof(szUsersGroup) - 1, FALSE) ||
-        !VmDirStringNCompareA(pszEntryDn, szDCClientsGroup, sizeof(szDCClientsGroup) - 1, FALSE) ||
-        !VmDirStringNCompareA(pszEntryDn, szAdministrator, sizeof(szAdministrator) - 1, FALSE))
-    {
-        bResult = TRUE;
-    }
-
-error:
-    return bResult;
-}
-
diff --git a/lwraft/server/middle-layer/group.c b/lwraft/server/middle-layer/group.c
index fd5ced32c..3463225fe 100644
--- a/lwraft/server/middle-layer/group.c
+++ b/lwraft/server/middle-layer/group.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -56,7 +56,7 @@ VmDirPluginGroupTypePreAdd(
 
     if ( pOperation->opType != VDIR_OPERATION_TYPE_REPL
          &&
-         TRUE == VmDirIsEntryWithObjectclass(pEntry, OC_GROUP)
+         TRUE == VmDirEntryIsObjectclass(pEntry, OC_GROUP)
        )
     {
         PVDIR_ATTRIBUTE pAttrGroupType = VmDirFindAttrByName(pEntry, ATTR_GROUPTYPE);
@@ -74,7 +74,7 @@ VmDirPluginGroupTypePreAdd(
                                        GROUPTYPE_GLOBAL_SCOPE, FALSE) != 0
                )
             {
-                dwError = ERROR_INVALID_ENTRY;
+                dwError = ERROR_DATA_CONSTRAINT_VIOLATION;
                 BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrorMsg, "invalid or unsupported grouptype (%s)",
                                               VDIR_SAFE_STRING( pAttrGroupType->vals[0].lberbv.bv_val));
             }
@@ -113,7 +113,7 @@ VmDirPluginGroupTypePreModify(
 
     if ( pOperation->opType != VDIR_OPERATION_TYPE_REPL
          &&
-         TRUE == VmDirIsEntryWithObjectclass(pEntry, OC_GROUP)
+         TRUE == VmDirEntryIsObjectclass(pEntry, OC_GROUP)
        )
     {
         PVDIR_ATTRIBUTE pAttrGroupType = VmDirFindAttrByName(pEntry, ATTR_GROUPTYPE);
@@ -125,7 +125,7 @@ VmDirPluginGroupTypePreModify(
              VmDirStringCompareA( pAttrGroupType->vals[0].lberbv.bv_val , GROUPTYPE_GLOBAL_SCOPE, FALSE) != 0
            )
         {
-            dwError = ERROR_INVALID_ENTRY;
+            dwError = ERROR_DATA_CONSTRAINT_VIOLATION;
             BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrorMsg, "invalid or unsupported grouptype (%s)",
                                           VDIR_SAFE_STRING( pAttrGroupType->vals[0].lberbv.bv_val));
         }
diff --git a/lwraft/server/middle-layer/index.c b/lwraft/server/middle-layer/index.c
index 1570c3652..e35038a8f 100644
--- a/lwraft/server/middle-layer/index.c
+++ b/lwraft/server/middle-layer/index.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -31,7 +31,7 @@ VmDirPluginIndexEntryPreAdd(
     PSTR    pszSearchFlags = NULL;
     int     iSearchFlags = 0;
 
-    if (!pOperation->bSchemaWriteOp)
+    if (!pOperation->dwSchemaWriteOp)
     {
         goto cleanup;
     }
@@ -103,7 +103,7 @@ VmDirPluginIndexEntryPostAdd(
     PVMDIR_STRING_LIST  pScopes = NULL;
     PVDIR_INDEX_UPD     pIndexUpd = NULL;
 
-    if (!pOperation->bSchemaWriteOp)
+    if (!pOperation->dwSchemaWriteOp)
     {
         goto cleanup;
     }
@@ -199,7 +199,7 @@ VmDirPluginIndexEntryPreModApplyModify(
     PSTR    pszSearchFlags = NULL;
     int     iSearchFlags = 0;
 
-    if (!pOperation->bSchemaWriteOp)
+    if (!pOperation->dwSchemaWriteOp)
     {
         goto cleanup;
     }
@@ -335,7 +335,7 @@ VmDirPluginIndexEntryPreModify(
     PVMDIR_STRING_LIST  pScopes = NULL;
     PVDIR_INDEX_UPD     pIndexUpd = NULL;
 
-    if (!pOperation->bSchemaWriteOp)
+    if (!pOperation->dwSchemaWriteOp)
     {
         goto cleanup;
     }
diff --git a/lwraft/server/middle-layer/lockoutpolicy.c b/lwraft/server/middle-layer/lockoutpolicy.c
index 4637eec4d..57844d6a9 100644
--- a/lwraft/server/middle-layer/lockoutpolicy.c
+++ b/lwraft/server/middle-layer/lockoutpolicy.c
@@ -466,7 +466,7 @@ VdirGetPasswdAndLockoutPolicy(
     if (pszDomainDN)
     {
         // default policy entry lives under domain entry with fix cn
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                         &pszPolicyDN,
                         "cn=%s,%s",
                         PASSWD_LOCKOUT_POLICY_DEFAULT_CN,
@@ -477,6 +477,13 @@ VdirGetPasswdAndLockoutPolicy(
         // BUGBUG PERFORMANCE BUGBUG should  consider caching policies.
         ///////////////////////////////////////////////////////////////////////
         dwError = VmDirSimpleDNToEntry(pszPolicyDN, &pPolicyEntry);
+        if (gVmdirGlobals.bIsLDAPPortOpen &&
+            (dwError == VMDIR_ERROR_ENTRY_NOT_FOUND || dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND))
+        {
+            dwError = 0;
+            VmDirGetDefaultPasswdLockoutPolicy(pPolicy);
+            goto cleanup;
+        }
         BAIL_ON_VMDIR_ERROR(dwError);
 
         LockoutPolicyLoadFromEntry(pPolicyEntry, pPolicy);
diff --git a/lwraft/server/middle-layer/modify.c b/lwraft/server/middle-layer/modify.c
index e6dc9d02d..d165a60ca 100644
--- a/lwraft/server/middle-layer/modify.c
+++ b/lwraft/server/middle-layer/modify.c
@@ -103,6 +103,18 @@ VmDirModifyEntryCoreLogic(
                                                 VDIR_BACKEND_ENTRY_LOCK_WRITE );
     BAIL_ON_VMDIR_ERROR( retVal );
 
+    if (pOperation->pCondWriteCtrl)
+    {
+        retVal = VmDirMatchEntryWithFilter(
+                    pOperation,
+                    pEntry,
+                    pOperation->pCondWriteCtrl->value.condWriteCtrlVal.pszFilter);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
+                    "Conditional Write pre-conditions (%s) failed - (%d)",
+                    VDIR_SAFE_STRING(pOperation->pCondWriteCtrl->value.condWriteCtrlVal.pszFilter),
+                    retVal);
+    }
+
     if (modReq->dn.lberbv.bv_val == NULL) // If not already set by the caller
     {   // e.g. delete membership case via index lookup to get EID.
         retVal = VmDirBervalContentDup(&pEntry->dn, &modReq->dn);
@@ -114,6 +126,10 @@ VmDirModifyEntryCoreLogic(
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
                                   "VmDirSrvAccessCheck failed - (%u)", retVal);
 
+    // update vmwRaftLogChanged attribute
+    retVal = VmDirUpdateRaftLogChangedAttr(pOperation, pEntry);
+    BAIL_ON_VMDIR_ERROR(retVal);
+
     // Apply modify operations to the current entry (in pack format)
     retVal = VmDirApplyModsToEntryStruct( pOperation->pSchemaCtx, modReq, pEntry, &bDnModified, &pszLocalErrMsg );
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
@@ -277,6 +293,13 @@ VmDirInternalModifyEntry(
 
     modReq = &(pOperation->request.modifyReq);
 
+    // make sure we have minimum DN length
+    if (modReq->dn.lberbv_len < 3)
+    {
+        retVal = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Invalid DN length - (%u)", modReq->dn.lberbv_len);
+    }
+
     // Normalize DN
     retVal = VmDirNormalizeDN( &(modReq->dn), pOperation->pSchemaCtx);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "DN normalization failed - (%u)(%s)",
@@ -347,26 +370,10 @@ VmDirInternalModifyEntry(
             }
         }
 
-        if (pOperation->opType != VDIR_OPERATION_TYPE_REPL)
-        {
-            // Generate attributes' new meta-data
-            if ((retVal = VmDirGenerateModsNewMetaData( pOperation, modReq->mods, entryId )) != 0)
-            {
-                switch (retVal)
-                {
-                    case VMDIR_ERROR_LOCK_DEADLOCK:
-                        goto txnretry; // Possible retry.
-
-                    default:
-                        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
-                                                      "GenerateModsNewMetaData (%u)", retVal );
-                }
-            }
-        }
-
         pEntry = &entry;
 
-        if ((retVal = VmDirModifyEntryCoreLogic( pOperation, &pOperation->request.modifyReq, entryId, FALSE, pEntry )) != 0)
+        if ((retVal = VmDirModifyEntryCoreLogic( pOperation, &pOperation->request.modifyReq, entryId,
+                                                 pOperation->bNoRaftLog, pEntry )) != 0)
         {
             switch (retVal)
             {
@@ -883,118 +890,11 @@ AddAttrToEntryStruct(
     goto cleanup;
 }
 
-/* GenerateModsNewMetaData:
- *
- * Returns:
- *      LDAP_SUCCESS: On Success
- *      LDAP_OPERATIONS_ERROR: In case of an error
- *
- */
-
-int
-VmDirGenerateModsNewMetaData(
-    PVDIR_OPERATION          pOperation,
-    PVDIR_MODIFICATION       pmods,
-    USN                      entryId
-    )
-{
-    int                  retVal = LDAP_SUCCESS;
-    int                  dbRetVal = 0;
-    PVDIR_MODIFICATION   pMod = NULL;
-    PVDIR_MODIFICATION   pUsnChangedMod = NULL;
-    char                 origTimeStamp[VMDIR_ORIG_TIME_STR_LEN];
-    int                  currentVersion = 0;
-    PSTR                 pszLocalErrMsg = NULL;
-
-    if (1)
-       return 0;
-
-    // Look for Replace USN_MODIFIED mod
-    for (pMod = pmods; pMod; pMod = pMod->next)
-    {
-        if (VmDirStringCompareA(ATTR_USN_CHANGED, pMod->attr.type.lberbv.bv_val, FALSE) == 0)
-        {
-            pUsnChangedMod = pMod;
-            break;
-        }
-    }
-    assert(pUsnChangedMod);
-
-    retVal = VmDirGenOriginatingTimeStr( origTimeStamp );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
-                                  "GenerateModsNewMetaData: VmDirGenOriginatingTimeStr failed.");
-
-    if (gVmdirServerGlobals.invocationId.lberbv.bv_val == NULL)
-    {
-        retVal = VMDIR_ERROR_GENERIC;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
-                "GenerateModsNewMetaData: gVmdirServerGlobals.invocationId.lberbv.bv_val not set.");
-    }
-
-    for (pMod = pmods; pMod; pMod = pMod->next)
-    {
-        if ((dbRetVal = pOperation->pBEIF->pfnBEGetAttrMetaData( pOperation->pBECtx, &(pMod->attr), entryId )) != 0)
-        {
-            switch (dbRetVal)
-            {
-                case VMDIR_ERROR_BACKEND_DEADLOCK:
-                     retVal = dbRetVal;
-                     BAIL_ON_VMDIR_ERROR( retVal );
-
-                case VMDIR_ERROR_BACKEND_ATTR_META_DATA_NOTFOUND:
-                    currentVersion = 0;
-                    break;
-
-                default:
-                    retVal = dbRetVal;
-                    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg,
-                                        "pfnBEGetAttrMetaData failed - (%d)(%s)", retVal,
-                                        VDIR_SAFE_STRING(pOperation->pBEErrorMsg));
-            }
-        }
-        else
-        {
-            currentVersion = VmDirStringToIA(strchr(pMod->attr.metaData, ':') + 1);
-        }
-
-        // Force version gap if specified by pMod composer.
-        // User case: force sync schema metadata version in 6.5 schema patch.
-        currentVersion += pMod->usForceVersionGap;
-
-        // SJ-TBD: Since, currently, Replace mod is replaced by Delete and Add mods, the logic to set new attribute
-        // meta data in each of these 2 mods is bit strange, but works, because both Delete and Add mods read
-        // current attribute meta data from the DB, and not Add mod seeing attribute meta data from the previous
-        // Delete and therefore increasing the version # one extra time.
-
-        // Format is: <local USN>:<version no>:<originating server ID>:<originating time>:<originating USN>
-        VmDirStringNPrintFA( pMod->attr.metaData, sizeof( pMod->attr.metaData ), sizeof( pMod->attr.metaData ) - 1,
-                             "%s:%d:%s:%s:%s", pUsnChangedMod->attr.vals[0].lberbv.bv_val, currentVersion + 1,
-                             gVmdirServerGlobals.invocationId.lberbv.bv_val,
-                             origTimeStamp, pUsnChangedMod->attr.vals[0].lberbv.bv_val );
-
-    }
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
-
-    return retVal;
-
-error:
-
-    VmDirLog(LDAP_DEBUG_ANY, "VmDirGenerateModsNewMetaData failed: (%u)(%s)",
-                             retVal, VDIR_SAFE_STRING(pszLocalErrMsg));
-
-    goto cleanup;
-}
-
-
 /*
  * NormalizeMods:
  * 1. Normalize attribute values present in the modifications list.
  * 2. Make sure no duplicate value
  */
-
 int
 VmDirNormalizeMods(
     PVDIR_SCHEMA_CTX    pSchemaCtx,
@@ -1218,7 +1118,7 @@ CheckIfAnAttrValAlreadyExists(
     int retVal = LDAP_SUCCESS;
     unsigned int i = 0;
     unsigned int j = 0;
-    PSTR         pszLocalErrorMsg = NULL;
+    PSTR    pszLocalErrorMsg = NULL;
 
     for (i=0; i < eAttr->numVals; i++)
     {
@@ -1274,7 +1174,6 @@ CheckIfAnAttrValAlreadyExists(
  * Assumption: This function assumes/asserts that the modAttr does exist in the entry.
  *
  */
-
 static
 int
 DelAttrValsFromEntryStruct(
@@ -1318,6 +1217,20 @@ DelAttrValsFromEntryStruct(
                             VDIR_SAFE_STRING(eAttr->vals[i].lberbv.bv_val));
     }
 
+    if (modAttr->numVals == 1 && eAttr->pATDesc->bSingleValue &&
+        (VmDirStringCompareA(eAttr->pATDesc->pszName, ATTR_MODIFYTIMESTAMP, FALSE) == 0 ||
+         VmDirStringCompareA(eAttr->pATDesc->pszName, ATTR_CREATETIMESTAMP, FALSE) == 0 ||
+         VmDirStringCompareA(eAttr->pATDesc->pszName, ATTR_CREATORS_NAME, FALSE) == 0 ||
+         VmDirStringCompareA(eAttr->pATDesc->pszName, ATTR_MODIFIERS_NAME, FALSE) == 0))
+    {
+        /* Force deleting the attribute value whether or not the value matches.
+         * A raft follower may alter the timestamps/creator locally, e.g. rollback vmwAttrUniquenessScope,
+         * which may fail to remove the value if it doesn't match that value seen  at the raft leader.
+         */
+        VmDirFreeBervalContent(&modAttr->vals[0]);
+        modAttr->numVals = 0;
+    }
+
     // Complete attribute is to be deleted.
     if (modAttr->numVals == 0)
     {
@@ -1601,8 +1514,7 @@ GenerateNewParent(
     retVal = VmDirGetParentDN(&pDnAttr->vals[0], &NewParent);
     BAIL_ON_VMDIR_ERROR(retVal);
 
-    if (VmDirStringCompareA(pEntry->pdn.bvnorm_val, NewParent.bvnorm_val,
-FALSE) != 0)
+    if (VmDirStringCompareA(pEntry->pdn.bvnorm_val, NewParent.bvnorm_val, FALSE) != 0)
     {
         retVal = VmDirBervalContentDup(&NewParent, &pEntry->newpdn);
         BAIL_ON_VMDIR_ERROR(retVal);
@@ -1611,6 +1523,7 @@ FALSE) != 0)
 cleanup:
     VmDirFreeBervalContent(&NewParent);
     return retVal;
+
 error:
     goto cleanup;
 }
diff --git a/lwraft/server/middle-layer/password.c b/lwraft/server/middle-layer/password.c
index 39f183738..487d01dc6 100644
--- a/lwraft/server/middle-layer/password.c
+++ b/lwraft/server/middle-layer/password.c
@@ -256,6 +256,34 @@ VmDirPasswordSchemeFree(
     _gpDefaultScheme = NULL;
 }
 
+VOID
+VmDirGetDefaultPasswdLockoutPolicy(
+    PVDIR_PASSWD_LOCKOUT_POLICY     pPolicy
+    )
+{
+    VDIR_PASSWD_LOCKOUT_POLICY policy =
+    {
+        .bEnabled                   = TRUE,
+        .iAutoUnlockIntervalSec     = 300,
+        .iFailedAttemptIntervalSec  = 100,
+        .iMaxFailedAttempt          = 5,
+        .iExpireInDay               = 90,
+        .iMaxSameAdjacentCharCnt    = 2,
+        .iMinSpecialCharCnt         = 1,
+        .iMinNumericCnt             = 1,
+        .iMinUpperCaseCnt           = 1,
+        .iMinLowerCaseCnt           = 1,
+        .iMinAlphaCnt               = 1,
+        .iMinLen                    = 8,
+        .iMaxLen                    = 20,
+    };
+
+    memset(policy.specialChars, 0, MAX_PASSWORD_SPECIAL_CHARS+1);
+    VmDirStringCpyA(policy.specialChars, MAX_PASSWORD_SPECIAL_CHARS, "~!@#$%^&*()_+{}[]|:<>?,./");
+
+    *pPolicy = policy;
+}
+
 DWORD
 VmDirGenerateRandomPasswordByDefaultPolicy
 (
@@ -714,12 +742,6 @@ VdirPasswordModifyPreCheck(
         BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg, " read entry (%s) failed",
                                      VDIR_SAFE_STRING(BERVAL_NORM_VAL(pOperation->request.modifyReq.dn)));
 
-        // handle krb logic first while we have clear text password
-        dwError = VmDirKrbUPNKeySet(  pOperation,
-                                      pEntry,
-                                      &pModAddPasswd->attr.vals[0]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
         // handle srp password logic.
         dwError = VmDirSRPSetSecret( pOperation,
                                      pEntry,
diff --git a/lwraft/server/middle-layer/plugin.c b/lwraft/server/middle-layer/plugin.c
index 8177f13e4..f9c3b93f3 100644
--- a/lwraft/server/middle-layer/plugin.c
+++ b/lwraft/server/middle-layer/plugin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -84,6 +84,12 @@
     VMDIR_SF_INIT(.pPluginFunc, VmDirPluginIndexEntryPreModApplyModify), \
     VMDIR_SF_INIT(.pNext, NULL )                                    \
     },                                                              \
+    {                                                               \
+    VMDIR_SF_INIT(.usOpMask, VDIR_OPERATION_TYPE_EXTERNAL),         \
+    VMDIR_SF_INIT(.bSkipOnError, TRUE),                             \
+    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginVerifyAclAccess),       \
+    VMDIR_SF_INIT(.pNext, NULL )                                    \
+    },                                                              \
 }
 
 // NOTE: order of fields MUST stay in sync with struct definition...
@@ -94,7 +100,7 @@
     {                                                               \
     VMDIR_SF_INIT(.usOpMask, VDIR_NOT_INTERNAL_OPERATIONS),         \
     VMDIR_SF_INIT(.bSkipOnError, TRUE),                             \
-    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginSchemaLibUpdatePreModify), \
+    VMDIR_SF_INIT(.pPluginFunc, VmDirPluginSchemaLibUpdatePreModify), \
     VMDIR_SF_INIT(.pNext, NULL )                                    \
     },                                                              \
     {                                                               \
@@ -129,7 +135,7 @@
     {                                                               \
     VMDIR_SF_INIT(.usOpMask, VDIR_NOT_INTERNAL_OPERATIONS),         \
     VMDIR_SF_INIT(.bSkipOnError, FALSE),                            \
-    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginSchemaLibUpdatePostModifyCommit), \
+    VMDIR_SF_INIT(.pPluginFunc, VmDirPluginSchemaLibUpdatePostModifyCommit), \
     VMDIR_SF_INIT(.pNext, NULL )                                    \
     },                                                              \
     {                                                               \
@@ -189,13 +195,13 @@
     {                                                               \
     VMDIR_SF_INIT(.usOpMask, VDIR_NOT_REPL_OPERATIONS),             \
     VMDIR_SF_INIT(.bSkipOnError, TRUE),                             \
-    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginSchemaEntryPreAdd),     \
+    VMDIR_SF_INIT(.pPluginFunc, VmDirPluginSchemaEntryPreAdd),     \
     VMDIR_SF_INIT(.pNext, NULL )                                    \
     },                                                              \
     {                                                               \
     VMDIR_SF_INIT(.usOpMask, VDIR_NOT_INTERNAL_OPERATIONS),         \
     VMDIR_SF_INIT(.bSkipOnError, TRUE),                             \
-    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginSchemaLibUpdatePreAdd), \
+    VMDIR_SF_INIT(.pPluginFunc, VmDirPluginSchemaLibUpdatePreAdd), \
     VMDIR_SF_INIT(.pNext, NULL )                                    \
     },                                                              \
     {                                                               \
@@ -219,7 +225,7 @@
     {                                                               \
     VMDIR_SF_INIT(.usOpMask, VDIR_NOT_INTERNAL_OPERATIONS),         \
     VMDIR_SF_INIT(.bSkipOnError, FALSE),                            \
-    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginSchemaLibUpdatePostAddCommit), \
+    VMDIR_SF_INIT(.pPluginFunc, VmDirPluginSchemaLibUpdatePostAddCommit), \
     VMDIR_SF_INIT(.pNext, NULL )                                    \
     },                                                              \
     {                                                               \
@@ -234,12 +240,7 @@
 // NOTE: order of fields MUST stay in sync with struct definition...
 #define VDIR_PRE_MODAPPLY_DELETE_PLUGIN_INITIALIZER                 \
 {                                                                   \
-    {                                                               \
-    VMDIR_SF_INIT(.usOpMask, VDIR_NOT_REPL_OPERATIONS),             \
-    VMDIR_SF_INIT(.bSkipOnError, TRUE),                             \
-    VMDIR_SF_INIT(.pPluginFunc, _VmDirPluginSchemaLibUpdatePreModApplyDelete), \
-    VMDIR_SF_INIT(.pNext, NULL )                                    \
-    },                                                              \
+                                                                    \
 }
 
 // NOTE: order of fields MUST stay in sync with struct definition...
@@ -276,20 +277,6 @@ _VmDirPluginLockoutPolicyEntryIntegrityCheck(
     PVDIR_ENTRY      pEntry,
     DWORD            dwPriorResult);
 
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePreModify(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult);
-
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePostModifyCommit(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult);
-
 static
 DWORD
 _VmDirPluginLockoutCachePostModifyCommit(
@@ -342,45 +329,32 @@ _VmDirPluginCreateFSPsPreAdd(
 
 static
 DWORD
-_VmDirPluginSchemaEntryPreAdd(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult);
-
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePreAdd(
+_VmDirPluginRaftProxyPostAddCommit(
     PVDIR_OPERATION  pOperation,
     PVDIR_ENTRY      pEntry,
     DWORD            dwPriorResult);
 
 static
 DWORD
-_VmDirPluginSchemaLibUpdatePostAddCommit(
+_VmDirPluginReplAgrPostDeleteCommit(
     PVDIR_OPERATION  pOperation,
     PVDIR_ENTRY      pEntry,
     DWORD            dwPriorResult);
 
 static
 DWORD
-_VmDirPluginRaftProxyPostAddCommit(
+_VmDIrPluginPasswordPreModApplyModify(
     PVDIR_OPERATION  pOperation,
     PVDIR_ENTRY      pEntry,
     DWORD            dwPriorResult);
 
 static
 DWORD
-_VmDirPluginReplAgrPostDeleteCommit(
+_VmDirPluginVerifyAclAccess(
     PVDIR_OPERATION  pOperation,
     PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult);
-
-static
-DWORD
-_VmDIrPluginPasswordPreModApplyModify(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult);
+    DWORD            dwPriorResult
+    );
 
 static
 DWORD
@@ -413,13 +387,6 @@ _VmDirPluginMapAclStringAttributePreModApplyModify(
     DWORD            dwPriorResult
     );
 
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePreModApplyDelete(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult);
-
 static
 DWORD
 _VmDirPluginInit(
@@ -716,41 +683,6 @@ _VmDirPluginLockoutPolicyEntryIntegrityCheck(
     return dwRtn;
 }
 
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePreModify(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult)
-{
-    DWORD dwRtn = 0;
-    PVDIR_MODIFICATION pMod = NULL;
-
-    if (pOperation->bSchemaWriteOp)
-    {
-        pMod = pOperation->request.modifyReq.mods;
-        for (; pMod; pMod = pMod->next)
-        {
-            // reject the following changes:
-            // - objectclass
-            // - cn
-            PSTR pszType = pMod->attr.type.lberbv.bv_val;
-            if (VmDirStringCompareA(pszType, ATTR_OBJECT_CLASS, FALSE) == 0
-                    || VmDirStringCompareA(pszType, ATTR_CN, FALSE) == 0)
-            {
-                dwRtn = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-                BAIL_ON_VMDIR_ERROR(dwRtn);
-            }
-        }
-
-        dwRtn = VmDirSchemaLibPrepareUpdateViaModify(pOperation, pEntry);
-        BAIL_ON_VMDIR_ERROR(dwRtn);
-    }
-
-error:
-    return dwPriorResult ? dwPriorResult : dwRtn;
-}
-
 /*
  * Generic place to validate attribute values for LDAP_ADD operation.
  * pEntry now contains ONLY values coming from the wire.
@@ -790,8 +722,8 @@ _VmDirPluginGenericPreAdd(
         BOOLEAN bReturn = FALSE;
 
         bReturn = VmDirValidRelativeSecurityDescriptor(
-                    (PSECURITY_DESCRIPTOR_RELATIVE)pAttrSD->vals[0].bvnorm_val,
-                    (ULONG)pAttrSD->vals[0].bvnorm_len,
+                    (PSECURITY_DESCRIPTOR_RELATIVE)pAttrSD->vals[0].lberbv_val,
+                    (ULONG)pAttrSD->vals[0].lberbv_len,
                     OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION);
         if (!bReturn)
         {
@@ -858,11 +790,6 @@ _VmDirPluginPasswordHashPreAdd(
         {
             PVDIR_PASSWORD_HASH_SCHEME pPasswdScheme = VdirDefaultPasswordScheme();
 
-            // handle krb password logic first.
-            pszErrorContext = "Krb password add";
-            dwError = VmDirKrbUPNKeySet( pOperation, pEntry, &(pAttrPasswd->vals[0]) );
-            BAIL_ON_VMDIR_ERROR(dwError);
-
             // handle srp password logic.
             pszErrorContext = "srp password add";
             dwError = VmDirSRPSetSecret( pOperation, pEntry, &(pAttrPasswd->vals[0]) );
@@ -920,6 +847,37 @@ _VmDirPluginPasswordHashPreAdd(
     goto cleanup;
 }
 
+/*
+ * Only users and groups ("security principals") require a real SID. Domain
+ * objects need the domain-specific SID we store there (to construct SIDs for
+ * real security principals). Rather than hard-code the classes that get a
+ * SID here we just let the schema definition drive the logic.
+ */
+DWORD
+_VmDirNeedsSid(
+    PVDIR_ENTRY pEntry,
+    BOOLEAN *pbNeedsSid
+    )
+{
+    BOOLEAN bMustHaveAttr = FALSE;
+    BOOLEAN bMayHaveAttr = FALSE;
+    DWORD dwError = 0;
+
+    dwError = VmDirEntryIsAttrAllowed(
+                pEntry,
+                ATTR_OBJECT_SID,
+                &bMustHaveAttr,
+                &bMayHaveAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pbNeedsSid = bMustHaveAttr || bMayHaveAttr;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
 static
 DWORD
 _VmDirPluginGenerateSidPreAdd(
@@ -930,6 +888,7 @@ _VmDirPluginGenerateSidPreAdd(
 {
     DWORD           dwError = 0;
     PSTR            pszObjectSid = NULL;
+    BOOLEAN         bNeedsSid = FALSE;
     PVDIR_ATTRIBUTE pObjectSidAttrExist = NULL;
 
     PVDIR_ATTRIBUTE pObjectSidAttr = NULL;
@@ -948,6 +907,13 @@ _VmDirPluginGenerateSidPreAdd(
         goto cleanup;
     }
 
+    dwError = _VmDirNeedsSid(pEntry, &bNeedsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!bNeedsSid)
+    {
+        goto cleanup;
+    }
+
     pszErrorContext = "Generate object sid";
     dwError = VmDirGenerateObjectSid(pEntry,
                                      &pszObjectSid);
@@ -1142,121 +1108,6 @@ _VmDirPluginCreateFSPsPreAdd(
     goto cleanup;
 }
 
-static
-DWORD
-_VmDirPluginSchemaEntryPreAdd(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult)
-{
-    DWORD   dwRtn = 0;
-    PVDIR_ATTRIBUTE pCnAttr = NULL;
-    PSTR    pszSchemaIdGuid = NULL;
-
-    if (pOperation->bSchemaWriteOp)
-    {
-        // lDAPDisplayName attribute takes cn as default
-        if (!VmDirFindAttrByName(pEntry, ATTR_LDAP_DISPLAYNAME))
-        {
-            pCnAttr = VmDirFindAttrByName(pEntry, ATTR_CN);
-            if (!pCnAttr)
-            {
-                dwRtn = VMDIR_ERROR_INVALID_ENTRY;
-                BAIL_ON_VMDIR_ERROR(dwRtn);
-            }
-
-            dwRtn = VmDirEntryAddSingleValueStrAttribute(
-                    pEntry,
-                    ATTR_LDAP_DISPLAYNAME,
-                    pCnAttr->vals[0].lberbv.bv_val);
-            BAIL_ON_VMDIR_ERROR(dwRtn);
-        }
-
-        // schemaIDGUID attribute takes a generated guid as default
-        if (!VmDirFindAttrByName(pEntry, ATTR_SCHEMAID_GUID))
-        {
-            dwRtn = VmDirGenerateGUID(&pszSchemaIdGuid);
-            BAIL_ON_VMDIR_ERROR(dwRtn);
-
-            dwRtn = VmDirEntryAddSingleValueStrAttribute(
-                    pEntry,
-                    ATTR_SCHEMAID_GUID,
-                    pszSchemaIdGuid);
-            BAIL_ON_VMDIR_ERROR(dwRtn);
-        }
-
-        if (VmDirIsEntryWithObjectclass(pEntry, OC_CLASS_SCHEMA))
-        {
-            // defaultObjectCategory attribute takes dn as default
-            if (!VmDirFindAttrByName(pEntry, ATTR_DEFAULT_OBJECT_CATEGORY))
-            {
-                dwRtn = VmDirEntryAddSingleValueStrAttribute(
-                        pEntry,
-                        ATTR_DEFAULT_OBJECT_CATEGORY,
-                        pEntry->dn.lberbv.bv_val);
-                BAIL_ON_VMDIR_ERROR(dwRtn);
-            }
-        }
-    }
-
-error:
-    VMDIR_SAFE_FREE_MEMORY(pszSchemaIdGuid);
-    return dwPriorResult ? dwPriorResult : dwRtn;
-}
-
-DWORD
-VmDirSchemaEntryPreAdd(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry)
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirSchemaModMutexAcquire(pOperation);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError =  _VmDirPluginSchemaLibUpdatePreAdd(pOperation, pEntry, 0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePreAdd(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult)
-{
-    DWORD   dwRtn = 0;
-
-    if (pOperation->bSchemaWriteOp)
-    {
-        dwRtn = VmDirSchemaCheck(pEntry);
-        BAIL_ON_VMDIR_ERROR(dwRtn);
-
-        dwRtn = VmDirSchemaLibPrepareUpdateViaModify(pOperation, pEntry);
-        BAIL_ON_VMDIR_ERROR(dwRtn);
-    }
-
-error:
-    return dwPriorResult ? dwPriorResult : dwRtn;
-}
-
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePostAddCommit(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwResult)
-{
-    return _VmDirPluginSchemaLibUpdatePostModifyCommit(
-            pOperation, pEntry, dwResult);
-}
-
 // Handle (ADD to replication agreements in-memory cache) MY replication agreements.
 
 static
@@ -1416,44 +1267,6 @@ _VmDIrPluginHandleFSPsPreModApplyModify(
     goto cleanup;
 }
 
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePreModApplyDelete(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult)
-{
-    // reject delete if it's a schema entry
-    DWORD   dwError = 0;
-    PSTR    pszDN = BERVAL_NORM_VAL(pOperation->request.deleteReq.dn);
-
-    if (VmDirStringEndsWith(pszDN, SCHEMA_NAMING_CONTEXT_DN, FALSE))
-    {
-        dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-error:
-    return dwError;
-}
-
-static
-DWORD
-_VmDirPluginSchemaLibUpdatePostModifyCommit(
-    PVDIR_OPERATION  pOperation,
-    PVDIR_ENTRY      pEntry,
-    DWORD            dwPriorResult)
-{
-    DWORD   dwRtn = 0;
-
-    if (pOperation->bSchemaWriteOp)
-    {
-        dwRtn = VmDirSchemaLibUpdate(dwPriorResult);
-    }
-
-    return dwPriorResult ? dwPriorResult : dwRtn;
-}
-
 /*
  * Initialize gVmdirPluginGlobals.pXXX with static init table contents.
  */
@@ -1558,7 +1371,7 @@ _VmDirConstructFSPDN(
         assert( pszDomainDN );
 
         // FSP DN looks like: objectIdd=<a SID or entryUUID or etc...>,cn=ForeignSecurityPrincipals,<domain DN>
-        dwError = VmDirAllocateStringAVsnprintf( &pszFSPDN, "%s,%s=%s,%s", pSpecialDn->lberbv.bv_val,
+        dwError = VmDirAllocateStringPrintf( &pszFSPDN, "%s,%s=%s,%s", pSpecialDn->lberbv.bv_val,
                                                  FSP_CONTAINER_RDN_ATTR, FSP_CONTAINER_RDN_ATTR_VALUE,
                                                  pszDomainDN );
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -1929,4 +1742,153 @@ _VmDirPluginMapAclStringAttributePreModApplyModify(
     goto cleanup;
 }
 
+/* The following functions (prefixed with VmDirRepl) perform pre/post operations (plugins)
+ * at a Raft follower. Those plugins are much simpler than those executed at Raft leader because:
+ *  1. All prechecks and validations are not neeed at the follower (have done at raft leader).
+ *  2. All derived attributes (through plugin at Raft leader) are included in the Raft log,
+ *     and have applied to the entry structure before posted to the backend.
+ * However some functions in pre-plugin are still needed, such as Attribute Reindexing Schedule,
+ * Rollback schema unique scope if the existing entries have violated the uniqueness.
+ *
+ * Fixme: Any other post plugin functions need to be included?
+ */
+DWORD
+VmDirReplSchemaEntryPreAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry)
+{
+    DWORD dwError = 0;
+
+    if (!pOperation->dwSchemaWriteOp)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirSchemaLibPrepareUpdateViaModify(pOperation, pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirReplSchemaEntryPostAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry)
+{
+    DWORD dwError = 0;
+
+    if (!pOperation->dwSchemaWriteOp)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirSchemaLibUpdate(0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirPluginIndexEntryPostAdd(pOperation, pEntry, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirReplSchemaEntryPreMoidify(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry)
+{
+    DWORD dwError = 0;
+
+    if (!pOperation->dwSchemaWriteOp)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirSchemaLibPrepareUpdateViaModify(pOperation, pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirPluginIndexEntryPreModify(pOperation, pEntry, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirReplSchemaEntryPostMoidify(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry)
+{
+    DWORD dwError = 0;
+
+    if (!pOperation->dwSchemaWriteOp)
+    {
+        goto cleanup;
+    }
 
+    dwError = VmDirSchemaLibUpdate(0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirPluginVerifyAclAccess(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    )
+{
+    DWORD               dwError = 0;
+    PVDIR_MODIFICATION  pModReq  = pOperation->request.modifyReq.mods;
+    PVDIR_MODIFICATION  pMod = NULL;
+    PVDIR_ENTRY         pCurrentEntry = NULL;
+
+    for (pMod = pModReq; pMod != NULL; pMod = pMod->next)
+    {
+        if (pMod->attr.type.lberbv.bv_val == NULL)
+        {
+            dwError = VMDIR_ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        //
+        // In general a caller can modify an entry if they have
+        // VMDIR_RIGHT_DS_WRITEPROP access. However, the entry's security
+        // descriptor is special-cased and requires a separate permission
+        // (VMDIR_ENTRY_WRITE_ACL). This is the same behavior as AD.
+        //
+        if (VmDirStringCompareA(pMod->attr.type.lberbv.bv_val, ATTR_ACL_STRING, FALSE) == 0 ||
+            VmDirStringCompareA(pMod->attr.type.lberbv.bv_val, ATTR_OBJECT_SECURITY_DESCRIPTOR, FALSE) == 0)
+        {
+            dwError = VmDirSimpleDNToEntry(pOperation->request.modifyReq.dn.lberbv_val, &pCurrentEntry);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirSrvAccessCheck(pOperation, &pOperation->conn->AccessInfo, pCurrentEntry, VMDIR_ENTRY_WRITE_ACL);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    VmDirFreeEntry(pCurrentEntry);
+    return dwPriorResult ? dwPriorResult : dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirPluginVerifyAclAccess failed with error %d", dwError);
+    goto cleanup;
+}
diff --git a/lwraft/server/middle-layer/prototypes.h b/lwraft/server/middle-layer/prototypes.h
index dfd486c90..ff79bd32f 100644
--- a/lwraft/server/middle-layer/prototypes.h
+++ b/lwraft/server/middle-layer/prototypes.h
@@ -36,6 +36,12 @@ VmDirBuildComputedAttribute(
     );
 
 // password.c
+
+VOID
+VmDirGetDefaultPasswdLockoutPolicy(
+    PVDIR_PASSWD_LOCKOUT_POLICY     pPolicy
+    );
+
 DWORD
 VdirPasswordHash(
     PVDIR_PASSWORD_HASH_SCHEME  pHashScheme,
@@ -325,6 +331,42 @@ VmDirSASLSockbufRemove(
     Sockbuf*        pSockbuf
     );
 
+// schema.c
+DWORD
+VmDirPluginSchemaLibUpdatePreModify(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    );
+
+DWORD
+VmDirPluginSchemaLibUpdatePostModifyCommit(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    );
+
+DWORD
+VmDirPluginSchemaEntryPreAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    );
+
+DWORD
+VmDirPluginSchemaLibUpdatePreAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    );
+
+DWORD
+VmDirPluginSchemaLibUpdatePostAddCommit(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwResult
+    );
+
 // srputil.c
 DWORD
 VmDirSRPSetSecret(
diff --git a/lwraft/server/middle-layer/pscache.c b/lwraft/server/middle-layer/pscache.c
index 234c72b76..76b57d099 100644
--- a/lwraft/server/middle-layer/pscache.c
+++ b/lwraft/server/middle-layer/pscache.c
@@ -158,7 +158,7 @@ VmDirPagedSearchCreateThread(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirPagedSearchWorkerThread,
                 pSearchRecord);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/lwraft/server/middle-layer/sasl.c b/lwraft/server/middle-layer/sasl.c
index ddefe5c4b..118494ec3 100644
--- a/lwraft/server/middle-layer/sasl.c
+++ b/lwraft/server/middle-layer/sasl.c
@@ -145,7 +145,7 @@ VmDirSASLInit(
                     _VmDirSASLMutexUnlock,
                     _VmDirSASLMutexDispose);
 
-    dwError = sasl_server_init( saslServerCB, "lwraftd");
+    dwError = sasl_server_init( saslServerCB, "postd");
     BAIL_ON_SASL_ERROR(dwError);
 
 cleanup:
@@ -464,7 +464,7 @@ _VmDirSASLGetCtxProps(
     }
 
     VMDIR_SAFE_FREE_MEMORY( pSaslBindInfo->pszBindUserName );
-    dwError = VmDirAllocateStringAVsnprintf(    &pSaslBindInfo->pszBindUserName,
+    dwError = VmDirAllocateStringPrintf(    &pSaslBindInfo->pszBindUserName,
                                                 "%s%s%s",
                                                 VDIR_SAFE_STRING(pszBindUPN),
                                                 pszBindRealm ? "@" : "",
@@ -708,11 +708,11 @@ VmDirSASL2PATH(
                                     MAX_PATH );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszLocalPath, "%s;%s\\sasl2",
+    dwError = VmDirAllocateStringPrintf( &pszLocalPath, "%s;%s\\sasl2",
                                              sasl2SearchPathBuf,
                                              vmdirInstallPathBuf);
 #else
-    dwError = VmDirAllocateStringAVsnprintf( &pszLocalPath, "%s:%s/sasl2",
+    dwError = VmDirAllocateStringPrintf( &pszLocalPath, "%s:%s/sasl2",
                                              VMDIR_CONFIG_SASL2_LIB_PATH,
                                              LWRAFT_LIB_DIR);
 #endif
diff --git a/lwraft/server/middle-layer/schema.c b/lwraft/server/middle-layer/schema.c
new file mode 100644
index 000000000..524fabaa9
--- /dev/null
+++ b/lwraft/server/middle-layer/schema.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirPluginSchemaLibUpdatePreModify(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    )
+{
+    DWORD dwRtn = 0;
+    PVDIR_MODIFICATION pMod = NULL;
+
+    if (pOperation->dwSchemaWriteOp)
+    {
+        for (pMod = pOperation->request.modifyReq.mods; pMod; pMod = pMod->next)
+        {
+            // reject the following changes:
+            // - objectclass
+            // - cn
+            PSTR pszType = pMod->attr.type.lberbv.bv_val;
+            if (VmDirStringCompareA(pszType, ATTR_OBJECT_CLASS, FALSE) == 0 ||
+                VmDirStringCompareA(pszType, ATTR_CN, FALSE) == 0)
+            {
+                dwRtn = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+                BAIL_ON_VMDIR_ERROR(dwRtn);
+            }
+        }
+
+        dwRtn = VmDirSchemaLibPrepareUpdateViaModify(pOperation, pEntry);
+        BAIL_ON_VMDIR_ERROR(dwRtn);
+    }
+
+error:
+    return dwPriorResult ? dwPriorResult : dwRtn;
+}
+
+DWORD
+VmDirPluginSchemaLibUpdatePostModifyCommit(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    )
+{
+    DWORD   dwRtn = 0;
+
+    if (pOperation->dwSchemaWriteOp)
+    {
+        dwRtn = VmDirSchemaLibUpdate(dwPriorResult);
+    }
+
+    return dwPriorResult ? dwPriorResult : dwRtn;
+}
+
+DWORD
+VmDirPluginSchemaEntryPreAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    )
+{
+    DWORD   dwRtn = 0;
+    PVDIR_ATTRIBUTE pCnAttr = NULL;
+    PSTR    pszSchemaIdGuid = NULL;
+
+    if (pOperation->dwSchemaWriteOp)
+    {
+        // lDAPDisplayName attribute takes cn as default
+        if (!VmDirFindAttrByName(pEntry, ATTR_LDAP_DISPLAYNAME))
+        {
+            pCnAttr = VmDirFindAttrByName(pEntry, ATTR_CN);
+            if (!pCnAttr)
+            {
+                dwRtn = VMDIR_ERROR_INVALID_ENTRY;
+                BAIL_ON_VMDIR_ERROR(dwRtn);
+            }
+
+            dwRtn = VmDirEntryAddSingleValueStrAttribute(
+                    pEntry,
+                    ATTR_LDAP_DISPLAYNAME,
+                    pCnAttr->vals[0].lberbv.bv_val);
+            BAIL_ON_VMDIR_ERROR(dwRtn);
+        }
+
+        // schemaIDGUID attribute takes a generated guid as default
+        if (!VmDirFindAttrByName(pEntry, ATTR_SCHEMAID_GUID))
+        {
+            dwRtn = VmDirGenerateGUID(&pszSchemaIdGuid);
+            BAIL_ON_VMDIR_ERROR(dwRtn);
+
+            dwRtn = VmDirEntryAddSingleValueStrAttribute(
+                    pEntry,
+                    ATTR_SCHEMAID_GUID,
+                    pszSchemaIdGuid);
+            BAIL_ON_VMDIR_ERROR(dwRtn);
+        }
+
+        if (VmDirEntryIsObjectclass(pEntry, OC_CLASS_SCHEMA))
+        {
+            // defaultObjectCategory attribute takes dn as default
+            if (!VmDirFindAttrByName(pEntry, ATTR_DEFAULT_OBJECT_CATEGORY))
+            {
+                dwRtn = VmDirEntryAddSingleValueStrAttribute(
+                        pEntry,
+                        ATTR_DEFAULT_OBJECT_CATEGORY,
+                        pEntry->dn.lberbv.bv_val);
+                BAIL_ON_VMDIR_ERROR(dwRtn);
+            }
+        }
+    }
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszSchemaIdGuid);
+    return dwPriorResult ? dwPriorResult : dwRtn;
+}
+
+DWORD
+VmDirPluginSchemaLibUpdatePreAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwPriorResult
+    )
+{
+    DWORD   dwRtn = 0;
+
+    if (pOperation->dwSchemaWriteOp)
+    {
+        dwRtn = VmDirSchemaCheck(pEntry);
+        BAIL_ON_VMDIR_ERROR(dwRtn);
+
+        dwRtn = VmDirSchemaLibPrepareUpdateViaModify(pOperation, pEntry);
+        BAIL_ON_VMDIR_ERROR(dwRtn);
+    }
+
+error:
+    return dwPriorResult ? dwPriorResult : dwRtn;
+}
+
+DWORD
+VmDirPluginSchemaLibUpdatePostAddCommit(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry,
+    DWORD            dwResult
+    )
+{
+    return VmDirPluginSchemaLibUpdatePostModifyCommit(
+            pOperation, pEntry, dwResult);
+}
diff --git a/lwraft/server/middle-layer/search.c b/lwraft/server/middle-layer/search.c
index 0a366594f..b97e32c35 100644
--- a/lwraft/server/middle-layer/search.c
+++ b/lwraft/server/middle-layer/search.c
@@ -49,18 +49,7 @@ VmDirMLSearch(
     pOperation->pBEIF = VmDirBackendSelect(pOperation->reqDn.lberbv.bv_val);
     assert(pOperation->pBEIF);
 
-    if (pOperation->conn->bIsAnonymousBind &&
-            !(VmDirIsSearchForDseRootEntry(pOperation) ||
-              VmDirIsSearchForSchemaEntry(pOperation)))
-    {
-        retVal = LDAP_INSUFFICIENT_ACCESS;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Not bind/authenticate yet" );
-    }
-
-    // AnonymousBind is handled when retrieving search candidate result
-    // DSE_ROOT_DN and PERSISTED_DSE_ROOT_DN, SCHEMA_NAMING_CONTEXT_DN
-    // SUB_SCHEMA_SUB_ENTRY_DN should allow anonymous bind READ
-    retVal = VmDirInternalSearch( pOperation);
+    retVal = VmDirInternalSearch(pOperation);
     BAIL_ON_VMDIR_ERROR(retVal);
 
 cleanup:
@@ -80,12 +69,12 @@ ProcessPreValidatedEntries(
     ENTRYID *pValidatedEntries
     )
 {
-    DWORD i = 0;
-    DWORD dwError = 0;
-    DWORD dwSentEntries = 0;
+    DWORD   i = 0;
+    DWORD   dwError = 0;
+    DWORD   dwSentEntries = 0;
     BOOLEAN bInternalSearch = FALSE;
     BOOLEAN bStoreRsltInMem = FALSE;
-    VDIR_ENTRY srEntry = {0};
+    VDIR_ENTRY  srEntry = {0};
     PVDIR_ENTRY pSrEntry = NULL;
 
     if (dwEntryCount == 0)
@@ -200,7 +189,7 @@ VmDirInternalSearch(
 
     if (VmDirHandleSpecialSearch( pOperation, pResult )) // TODO, add &pszLocalErrMsg
     {
-        retVal = pResult->errCode;
+        retVal = pResult->errCode ? pResult->errCode : pResult->vmdirErrCode;
         BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "Special search failed - (%u)", retVal);
 
         goto cleanup;  // done special search
@@ -274,7 +263,6 @@ VmDirInternalSearch(
     retVal = AppendDNFilter( pOperation );
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Appending DN filter failed.");
 
-
     if (gVmdirGlobals.bPagedSearchReadAhead)
     {
         if (pOperation->showPagedResultsCtrl != NULL &&
@@ -585,7 +573,7 @@ VmDirIsDirectMemberOf(
     VDIR_ENTRY_ARRAY    entryResultArray = {0};
     PSTR                pszGroupDN = NULL;
 
-    if ( !pszBindDN || !pbIsMemberOf || !pAccessRoleBitmap )
+    if (!pbIsMemberOf || !pAccessRoleBitmap)
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -599,7 +587,8 @@ VmDirIsDirectMemberOf(
              goto cleanup;
          }
          pszGroupDN = gVmdirServerGlobals.bvDCGroupDN.lberbv_val;
-    } else if (getAccessInfo == VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_INFO)
+    }
+    else if (getAccessInfo == VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_INFO)
     {
         if (*pAccessRoleBitmap & VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO)
         {
@@ -607,13 +596,14 @@ VmDirIsDirectMemberOf(
             goto cleanup;
         }
         pszGroupDN = gVmdirServerGlobals.bvDCClientGroupDN.lberbv_val;
-    } else
+    }
+    else
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (pszGroupDN == NULL)
+    if (pszGroupDN == NULL || pszBindDN == NULL)
     {
         *pbIsMemberOf = FALSE;
         goto cleanup;
@@ -641,7 +631,8 @@ VmDirIsDirectMemberOf(
         {
              *pAccessRoleBitmap |= VDIR_ACCESS_IS_DCGROUP_MEMBER;
         }
-    } else
+    }
+    else
     {
         *pAccessRoleBitmap |= VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO;
         if (bIsMemberOf)
@@ -1027,7 +1018,7 @@ SetPagedSearchCookie(
         dwError = VmDirStringPrintFA(
                     pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie,
                     VMDIR_ARRAY_SIZE(pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie),
-                    "%u",
+                    "%llu",
                     eId);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
@@ -1075,10 +1066,13 @@ ProcessCandidateList(
             pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.pageSize < (DWORD)pOperation->request.searchReq.sizeLimit))
     {
         VmDirLog( LDAP_DEBUG_TRACE, "showPagedResultsCtrl applies to this query." );
+
         bPageResultsCtrl = TRUE;
         dwPageSize = pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.pageSize;
-        lastEID = atoi(pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie);
+        lastEID = atoll(pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie);
         pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie[0] = '\0';
+
+        VmDirSortCandidateList(cl);  // sort candidate list if not yet sorted
     }
 
     if (cl && cl->size > 0)
@@ -1102,13 +1096,9 @@ ProcessCandidateList(
         {
             if (!gVmdirGlobals.bPagedSearchReadAhead)
             {
-                //skip entries we sent before
-                if (bPageResultsCtrl && lastEID > 0)
+                //skip entries we sent before in sorted cl->eIds.
+                if (bPageResultsCtrl && cl->eIds[i] <= lastEID)
                 {
-                    if (cl->eIds[i] == lastEID)
-                    {
-                        lastEID = 0;
-                    }
                     continue;
                 }
             }
@@ -1133,7 +1123,7 @@ ProcessCandidateList(
                 continue;
             }
 
-            if (CheckIfEntryPassesFilter( pOperation, pSrEntry, pOperation->request.searchReq.filter) == FILTER_RES_TRUE)
+            if (CheckIfEntryPassesFilter(pOperation, pSrEntry, pOperation->request.searchReq.filter) == FILTER_RES_TRUE)
             {
                 retVal = VmDirBuildComputedAttribute( pOperation, pSrEntry );
                 BAIL_ON_VMDIR_ERROR( retVal );
@@ -1156,7 +1146,6 @@ ProcessCandidateList(
                     {
                         pOperation->internalSearchEntryArray.iSize++;
                         pSrEntry = NULL;    // EntryArray takes over *pSrEntry content
-                        numSentEntries++;
                     }
                 }
             }
diff --git a/lwraft/server/middle-layer/specialsearch.c b/lwraft/server/middle-layer/specialsearch.c
index 678c2ddc8..ac0be42f9 100644
--- a/lwraft/server/middle-layer/specialsearch.c
+++ b/lwraft/server/middle-layer/specialsearch.c
@@ -22,6 +22,12 @@ _VmDirIsSearchForServerStatus(
     PVDIR_OPERATION     pOp
     );
 
+static
+BOOLEAN
+_VmDirIsSearchForRaftState(
+    PVDIR_OPERATION     pOp
+    );
+
 /*
  * Return TRUE if search request require special handling.
  * If TRUE, the request will be served within this function.
@@ -82,6 +88,13 @@ VmDirHandleSpecialSearch(
         dwError = VmDirServerStatusEntry(&pEntry);
         BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pLdapResult->pszErrMsg),
                 "%s Entry search failed.", pszEntryType[entryType]);
+    } else if (_VmDirIsSearchForRaftState(pOp))
+    {
+        entryType = SPECIAL_SEARCH_ENTRY_TYPE_RAFT_STATUS;
+
+        dwError = VmDirRaftStateEntry(&pEntry);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pLdapResult->pszErrMsg),
+                "%s Entry search failed.", pszEntryType[entryType]);
     }
 
     if (entryType != REGULAR_SEARCH_ENTRY_TYPE)
@@ -242,3 +255,38 @@ _VmDirIsSearchForServerStatus(
     return bRetVal;
 
 }
+
+/*
+ * For raft state in cluster scope
+ * The search pattern is :
+ * BASE:    cn=raftstate
+ * SCOPE:   BASE
+ * FILTER:  (objectclass=*)
+ */
+static
+BOOLEAN
+_VmDirIsSearchForRaftState(
+    PVDIR_OPERATION     pOp
+    )
+{
+    BOOLEAN         bRetVal = FALSE;
+    SearchReq*      pSearchReq = NULL;
+    PVDIR_FILTER    pFilter = NULL;
+
+    pSearchReq = &(pOp->request.searchReq);
+    pFilter = pSearchReq->filter;
+
+    assert( pFilter != NULL );
+
+    if (pSearchReq->scope == LDAP_SCOPE_BASE &&
+        (pOp->reqDn.lberbv.bv_val != NULL && VmDirStringCompareA(pOp->reqDn.lberbv.bv_val, RAFT_STATE_DN, FALSE) == 0) &&
+        (pFilter->choice == LDAP_FILTER_PRESENT &&
+         pFilter->filtComp.present.lberbv.bv_len == ATTR_OBJECT_CLASS_LEN &&
+         pFilter->filtComp.present.lberbv.bv_val != NULL &&
+         VmDirStringNCompareA( ATTR_OBJECT_CLASS, pFilter->filtComp.present.lberbv.bv_val, ATTR_OBJECT_CLASS_LEN, FALSE) == 0))
+    {
+        bRetVal = TRUE;
+    }
+
+    return bRetVal;
+}
diff --git a/lwraft/server/middle-layer/structs.h b/lwraft/server/middle-layer/structs.h
index b09e86ac3..6482b0fe2 100644
--- a/lwraft/server/middle-layer/structs.h
+++ b/lwraft/server/middle-layer/structs.h
@@ -224,6 +224,7 @@ typedef enum _VDIR_SPECIAL_SEARCH_ENTRY_TYPE
     SPECIAL_SEARCH_ENTRY_TYPE_DSE_ROOT,
     SPECIAL_SEARCH_ENTRY_TYPE_SCHEMA_ENTRY,
     SPECIAL_SEARCH_ENTRY_TYPE_SERVER_STATUS,
+    SPECIAL_SEARCH_ENTRY_TYPE_RAFT_STATUS,
     REGULAR_SEARCH_ENTRY_TYPE
 } VDIR_SPECIAL_SEARCH_ENTRY_TYPE;
 
diff --git a/lwraft/server/replication/Makefile.am b/lwraft/server/replication/Makefile.am
index 80bd5e578..424f06efe 100644
--- a/lwraft/server/replication/Makefile.am
+++ b/lwraft/server/replication/Makefile.am
@@ -8,15 +8,15 @@ libreplication_la_SOURCES = \
     thread.c
 
 libreplication_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libreplication_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/replication/firstreplcycle.c b/lwraft/server/replication/firstreplcycle.c
index 647a78787..c765a41c6 100644
--- a/lwraft/server/replication/firstreplcycle.c
+++ b/lwraft/server/replication/firstreplcycle.c
@@ -44,7 +44,8 @@ static
 int
 _VmDirGetRemoteDBUsingRPC(
     PCSTR   pszHostname,
-    PCSTR   dbHomeDir);
+    PCSTR   dbHomeDir,
+    BOOLEAN *pbHasXlog);
 
 static
 int
@@ -62,7 +63,8 @@ _VmDirShutdownDB();
 static
 int
 _VmDirSwapDB(
-    PCSTR   dbHomeDir);
+    PCSTR   dbHomeDir,
+    BOOLEAN bHasXlog);
 
 VOID
 VmDirFreeBindingHandle(
@@ -83,6 +85,7 @@ VmDirFirstReplicationCycle(
     int retVal = LDAP_SUCCESS;
     PSTR  pszLocalErrorMsg = NULL;
     PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+    BOOLEAN bHasXlog = FALSE;
 #ifndef _WIN32
     const char  *dbHomeDir = LWRAFT_DB_DIR;
 #else
@@ -102,11 +105,11 @@ VmDirFirstReplicationCycle(
     //Shutdown local database
     _VmDirShutdownDB();
 
-    retVal = _VmDirGetRemoteDBUsingRPC(pszHostname, dbHomeDir);
+    retVal = _VmDirGetRemoteDBUsingRPC(pszHostname, dbHomeDir, &bHasXlog);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
                 "VmDirFirstReplicationCycle: _VmDirGetRemoteDBUsingRPC() call failed with error: %d", retVal );
 
-    retVal = _VmDirSwapDB(dbHomeDir);
+    retVal = _VmDirSwapDB(dbHomeDir, bHasXlog);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
                 "VmDirFirstReplicationCycle: _VmDirSwapDB() call failed, error: %d.", retVal );
 
@@ -130,7 +133,8 @@ static
 int
 _VmDirGetRemoteDBUsingRPC(
     PCSTR   pszHostname,
-    PCSTR   dbHomeDir)
+    PCSTR   dbHomeDir,
+    BOOLEAN *pbHasXlog)
 {
     DWORD       retVal = 0;
     PSTR        pszLocalErrorMsg = NULL;
@@ -146,6 +150,7 @@ _VmDirGetRemoteDBUsingRPC(
     DWORD       remoteDbSizeMb = 0;
     DWORD       remoteDbMapSizeMb = 0;
     PBYTE       pDbPath = NULL;
+
 #ifndef _WIN32
     const char   fileSeperator = '/';
 #else
@@ -176,13 +181,16 @@ _VmDirGetRemoteDBUsingRPC(
     retVal = _VmDirMkdir(localDir, 0700);
     BAIL_ON_VMDIR_ERROR( retVal );
 
-    retVal = VmDirStringPrintFA( localXlogDir, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", localDir, fileSeperator, VMDIR_MDB_XLOGS_DIR_NAME);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-            "_VmDirGetRemoteDBUsingRPC: VmDirStringPrintFA() call failed with error: %d", retVal );
+    if (low_xlognum > 0)
+    {
+        retVal = VmDirStringPrintFA( localXlogDir, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", localDir, fileSeperator, VMDIR_MDB_XLOGS_DIR_NAME);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
+                "_VmDirGetRemoteDBUsingRPC: VmDirStringPrintFA() call failed with error: %d", retVal );
 
-    retVal = _VmDirMkdir(localXlogDir, 0700);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-            "_VmDirGetRemoteDBUsingRPC: _VmDirMkdir() call failed with error: %d %s", retVal );
+        retVal = _VmDirMkdir(localXlogDir, 0700);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
+                "_VmDirGetRemoteDBUsingRPC: _VmDirMkdir() call failed with error: %d %s", retVal );
+    }
 
     retVal = VmDirStringPrintFA( dbRemoteFilename, VMDIR_MAX_FILE_NAME_LEN, "%s/%s", (char *)pDbPath,
                                  VMDIR_MDB_DATA_FILE_NAME );
@@ -202,6 +210,13 @@ _VmDirGetRemoteDBUsingRPC(
     retVal = _VmDirGetRemoteDBFileUsingRPC( hServer, dbRemoteFilename, localFilename, remoteDbSizeMb, remoteDbMapSizeMb );
     BAIL_ON_VMDIR_ERROR( retVal );
 
+    if (low_xlognum == 0)
+    {
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "_VmDirGetRemoteDBUsingRPC: complete MDB cold copy - WAL not supported by remote");
+        goto cleanup;
+    }
+
     //Query current xlog number
     retVal = VmDirSetBackendState (hServer, MDB_STATE_GETXLOGNUM, &high_xlognum, &remoteDbSizeMb, &remoteDbMapSizeMb, pDbPath, VMDIR_MAX_FILE_NAME_LEN);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
@@ -239,6 +254,7 @@ _VmDirGetRemoteDBUsingRPC(
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
     VMDIR_SAFE_FREE_MEMORY(pDbPath);
     VMDIR_SECURE_FREE_STRINGA(pszDcAccountPwd);
+    *pbHasXlog = (low_xlognum > 0);
     return retVal;
 
 error:
@@ -269,8 +285,8 @@ _VmDirGetRemoteDBFileUsingRPC(
     UINT32      remoteFileSizeMb,
     UINT32      remoteDbMapSizeMb)
 {
-//read block size of one MB.
-#define VMDIR_DB_READ_BLOCK_SIZE     (1<<20)
+//read block size of eight MB.
+#define VMDIR_DB_READ_BLOCK_SIZE     (1<<23)
 
     DWORD       retVal = 0;
 #ifdef _WIN32
@@ -436,14 +452,14 @@ _VmDirShutdownDB()
 static
 int
 _VmDirSwapDB(
-    PCSTR dbHomeDir)
+    PCSTR dbHomeDir,
+    BOOLEAN bHasXlog)
 {
     int                     retVal = LDAP_SUCCESS;
     char                    dbExistingName[VMDIR_MAX_FILE_NAME_LEN] = {0};
     char                    dbNewName[VMDIR_MAX_FILE_NAME_LEN] = {0};
     PSTR                    pszLocalErrorMsg = NULL;
     int                     errorCode = 0;
-    BOOLEAN                 bLegacyDataLoaded = FALSE;
 
 #ifndef _WIN32
     const char   fileSeperator = '/';
@@ -481,32 +497,36 @@ _VmDirSwapDB(
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
             "_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
 
-    retVal = VmDirStringPrintFA(dbExistingName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s%c%s", dbHomeDir, fileSeperator,
-                                LOCAL_PARTNER_DIR, fileSeperator, VMDIR_MDB_XLOGS_DIR_NAME);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-            "_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
-
-#ifdef WIN32
-    if (MoveFileEx(dbExistingName, dbNewName, MOVEFILE_COPY_ALLOWED|MOVEFILE_REPLACE_EXISTING) == 0)
+    if (bHasXlog)
     {
-        retVal = LDAP_OPERATIONS_ERROR;
-        errorCode = GetLastError();
+        //move xlog directory
+        retVal = VmDirStringPrintFA(dbExistingName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s%c%s", dbHomeDir, fileSeperator,
+                                    LOCAL_PARTNER_DIR, fileSeperator, VMDIR_MDB_XLOGS_DIR_NAME);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
+                "_VmDirSwapDB: VmDirStringPrintFA() call failed with error: %d", retVal );
+
+#ifdef     WIN32
+        if (MoveFileEx(dbExistingName, dbNewName, MOVEFILE_COPY_ALLOWED|MOVEFILE_REPLACE_EXISTING) == 0)
+        {
+            retVal = LDAP_OPERATIONS_ERROR;
+            errorCode = GetLastError();
 #else
-    if (rmdir(dbNewName) != 0)
-    {
-        retVal = LDAP_OPERATIONS_ERROR;
-        errorCode = errno;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "_VmDirSwapDB cannot remove directory %s, errno %d",
-                                     dbNewName, errorCode);
-    }
+        if (rmdir(dbNewName) != 0)
+        {
+            retVal = LDAP_OPERATIONS_ERROR;
+            errorCode = errno;
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "_VmDirSwapDB cannot remove directory %s, errno %d",
+                                         dbNewName, errorCode);
+        }
 
-    if (rename(dbExistingName, dbNewName) != 0)
-    {
-        retVal = LDAP_OPERATIONS_ERROR;
-        errorCode = errno;
+        if (rename(dbExistingName, dbNewName) != 0)
+        {
+            retVal = LDAP_OPERATIONS_ERROR;
+            errorCode = errno;
 #endif
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "_VmDirSwapDB cannot move directory from %s to %s, errno %d",
-                                     dbNewName, dbExistingName, errorCode);
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, (pszLocalErrorMsg), "_VmDirSwapDB cannot move directory from %s to %s, errno %d",
+                                         dbNewName, dbExistingName, errorCode);
+        }
     }
 
     retVal = VmDirStringPrintFA(dbExistingName, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", dbHomeDir, fileSeperator, LOCAL_PARTNER_DIR);
@@ -530,7 +550,7 @@ _VmDirSwapDB(
 
     VmDirdStateSet(VMDIRD_STATE_STARTUP);
 
-    retVal = VmDirInitBackend(&bLegacyDataLoaded);
+    retVal = VmDirInitBackend();
     BAIL_ON_VMDIR_ERROR(retVal);
 
     VmDirdStateSet(VMDIRD_STATE_NORMAL);
diff --git a/lwraft/server/replication/includes.h b/lwraft/server/replication/includes.h
index 98d6ed16e..79fc0534d 100644
--- a/lwraft/server/replication/includes.h
+++ b/lwraft/server/replication/includes.h
@@ -26,6 +26,7 @@
  */
 #ifndef _WIN32
 
+#include <inttypes.h>
 #include <config.h>
 
 #include <vmdirsys.h>
@@ -61,14 +62,6 @@
 #include <structs.h>
 #include <prototypes.h>
 
-#define VDIR_SAFE_UNBIND_EXT_S(pLd)             \
-    do {                                        \
-        if (pLd) {                              \
-            ldap_unbind_ext_s(pLd,NULL,NULL);   \
-            (pLd) = NULL;                       \
-        }                                       \
-    } while(0)
-
 #else
 
 #pragma once
@@ -84,6 +77,7 @@
 #include <assert.h>
 #include <stddef.h>
 #include <tchar.h>
+#include <inttypes.h>
 #define LDAP_UNICODE 0
 
 // OpenLDAP ber library include files
@@ -124,11 +118,5 @@
 #include <structs.h>
 #include "prototypes.h"
 #include "banned.h"
-#define VDIR_SAFE_UNBIND_EXT_S(pLd)             \
-    do {                                        \
-        if (pLd) {                              \
-            ldap_unbind_ext_s(pLd,NULL,NULL);   \
-            (pLd) = NULL;                       \
-        }                                       \
-    } while(0)
+
 #endif
diff --git a/lwraft/server/replication/prototypes.h b/lwraft/server/replication/prototypes.h
index 295b4e072..a46367515 100644
--- a/lwraft/server/replication/prototypes.h
+++ b/lwraft/server/replication/prototypes.h
@@ -4,7 +4,7 @@
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
  * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an “AS IS” BASIS, without
  * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
@@ -34,13 +34,30 @@ extern "C" {
 
 // thread.c
 
+#define LARGE_TIMEOUT_VALUE_MS 36000000
+#define RAFT_PREVLOG_FETCH_MARGIN 64
+
 extern VDIR_RAFT_STATE gRaftState;
 
 extern DWORD
-VmDirSchemaEntryPreAdd(
-    PVDIR_OPERATION,
-    PVDIR_ENTRY
-    );
+VmDirReplSchemaEntryPreAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry);
+
+extern DWORD
+VmDirReplSchemaEntryPostAdd(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry);
+
+extern DWORD
+VmDirReplSchemaEntryPreMoidify(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry);
+
+extern DWORD
+VmDirReplSchemaEntryPostMoidify(
+    PVDIR_OPERATION  pOperation,
+    PVDIR_ENTRY      pEntry);
 
 DWORD
 InitializeReplicationThread(
@@ -66,16 +83,6 @@ _VmDirLoadRaftState(
     VOID
     );
 
-DWORD
-_VmDirUpdateRaftPsState(
-    int term,
-    BOOLEAN updateVotedForTerm,
-    UINT32 votedForTerm,
-    PVDIR_BERVALUE pVotedFor,
-    UINT64 lastApplied,
-    UINT64 firstLog
-    );
-
 DWORD
 VmDirAddRaftEntry(
     PVDIR_SCHEMA_CTX pSchemaCtx,
@@ -93,7 +100,8 @@ _VmDirLogLookup(
 
 DWORD
 _VmDirDeleteAllLogs(
-    unsigned long long startLogIndex
+    unsigned long long startLogIndex,
+    BOOLEAN *pbFatalError
     );
 
 DWORD
@@ -110,7 +118,8 @@ _VmDirFetchLogEntry(
 
 DWORD
 _VmdirDeleteLog(
-    PSTR pDn
+    unsigned long long logIndex,
+    BOOLEAN bCompactLog
     );
 
 DWORD
@@ -197,6 +206,11 @@ _VmDirRaftLoadGlobals(
     PSTR *
     );
 
+ENTRYID
+VmDirRaftLogEntryId(
+    unsigned long long LogIndex
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/replication/replentry.c b/lwraft/server/replication/replentry.c
index a6f30a429..d2b9bc0b8 100644
--- a/lwraft/server/replication/replentry.c
+++ b/lwraft/server/replication/replentry.c
@@ -20,13 +20,17 @@
 
 static DWORD _VmDirGetLastIndex(UINT64 *index, UINT32 *term);
 
+static int
+_VmDirCompareLogIdx(
+    const void * logIdx1,
+    const void * logIdx2);
+
 /*
  * This is to create entry Id for Raft log entry, which is within the same
  * MDB transaction for its associated (external) LDAP Add
  * One MDB transaction only has one Raft log, which might include multiple
  * LDAP transaction (if user defined transaction feature to be implemented)
  */
-static
 ENTRYID
 VmDirRaftLogEntryId(unsigned long long LogIndex)
 {
@@ -164,27 +168,6 @@ _VmDirLoadRaftState(
     }
     gRaftState.firstLogIndex = VmDirStringToLA(pAttr->vals[0].lberbv.bv_val, NULL, 10);
 
-    pAttr =  VmDirEntryFindAttribute(ATTR_RAFT_VOTEDFOR_TERM, entryArray.pEntry);
-    if (pAttr == NULL)
-    {
-        dwError = LDAP_OPERATIONS_ERROR;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg), "cannot find attr %s", ATTR_RAFT_VOTEDFOR_TERM);
-    }
-    gRaftState.votedForTerm = VmDirStringToIA((PCSTR)pAttr->vals[0].lberbv.bv_val);
-
-    if (gRaftState.votedForTerm > 0)
-    {
-        pAttr =  VmDirEntryFindAttribute(ATTR_RAFT_VOTEDFOR, entryArray.pEntry);
-        if (pAttr == NULL)
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "cannot find attr %s", ATTR_RAFT_VOTEDFOR);
-        } else
-        {
-            dwError = VmDirAllocateBerValueAVsnprintf(&gRaftState.votedFor, "%s", pAttr->vals[0].lberbv.bv_val);
-            BAIL_ON_VMDIR_ERROR(dwError)
-        }
-    }
-
     dwError = _VmDirFetchLogEntry(gRaftState.lastApplied, &logEntry, __LINE__);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -211,8 +194,10 @@ _VmDirLoadRaftState(
 
     if (dwError==0)
     {
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirLoadRaftState: completed; currentTerm %d commitIndex %llu lastApplied %llu",
-                   gRaftState.currentTerm, gRaftState.commitIndex, gRaftState.lastApplied);
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "_VmDirLoadRaftState: term %d commitIdx %llu lastLogIdx %llu lastLogTerm %d lastApplied %llu",
+          gRaftState.currentTerm, gRaftState.commitIndex, gRaftState.lastLogIndex,
+          gRaftState.lastLogTerm, gRaftState.lastApplied);
     }
     return dwError;
 
@@ -221,113 +206,6 @@ _VmDirLoadRaftState(
     goto cleanup;
 }
 
-DWORD
-_VmDirUpdateRaftPsState(
-    int term,
-    BOOLEAN updateVotedForTerm,
-    UINT32 votedForTerm,
-    PVDIR_BERVALUE pVotedFor,
-    UINT64 lastApplied,
-    UINT64 firstLog
-    )
-{
-    DWORD dwError = 0;
-    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
-    CHAR pszTerm[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
-    CHAR pszLastApplied[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
-    CHAR pszFirstLog[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
-    VDIR_BERVALUE berTerm = VDIR_BERVALUE_INIT;
-    VDIR_BERVALUE berLastApplied = VDIR_BERVALUE_INIT;
-    VDIR_BERVALUE berFirstLog = VDIR_BERVALUE_INIT;
-    VDIR_OPERATION ldapOp = {0};
-    PSTR pszLocalErrorMsg = NULL;
-
-    dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirInitStackOperation( &ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, pSchemaCtx );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirInitStackOperation");
-
-    ldapOp.pBEIF = VmDirBackendSelect(NULL);
-    assert(ldapOp.pBEIF);
-
-    if (term > 0)
-    {
-        dwError = VmDirStringPrintFA(pszTerm , sizeof(pszTerm), "%d", term );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        berTerm.lberbv.bv_val = pszTerm;
-        berTerm.lberbv.bv_len = VmDirStringLenA(pszTerm);
-
-        dwError = VmDirAddModSingleAttributeReplace(&ldapOp, RAFT_PERSIST_STATE_DN, ATTR_RAFT_TERM, &berTerm);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirAddModSingleAttributeReplace term");
-    }
-
-    if (updateVotedForTerm)
-    {
-        dwError = VmDirStringPrintFA(pszTerm , sizeof(pszTerm), "%d", votedForTerm );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        berTerm.lberbv.bv_val = pszTerm;
-        berTerm.lberbv.bv_len = VmDirStringLenA(pszTerm);
-
-        dwError = VmDirAddModSingleAttributeReplace(&ldapOp, RAFT_PERSIST_STATE_DN, ATTR_RAFT_VOTEDFOR_TERM, &berTerm);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirAddModSingleAttributeReplace updateVotedForTerm");
-    }
-
-    if (pVotedFor && pVotedFor->lberbv.bv_len > 0)
-    {
-        dwError = VmDirAddModSingleAttributeReplace(&ldapOp, RAFT_PERSIST_STATE_DN, ATTR_RAFT_VOTEDFOR, pVotedFor);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirAddModSingleAttributeReplace pVotedFor");
-    }
-
-    if (lastApplied > 0)
-    {
-        dwError = VmDirStringPrintFA(pszLastApplied , sizeof(pszLastApplied), "%llu", lastApplied);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        berLastApplied.lberbv.bv_val = pszLastApplied;
-        berLastApplied.lberbv.bv_len = VmDirStringLenA(pszLastApplied);
-
-        dwError = VmDirAddModSingleAttributeReplace(&ldapOp, RAFT_PERSIST_STATE_DN, ATTR_RAFT_LAST_APPLIED, &berLastApplied);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirAddModSingleAttributeReplace lastApplied");
-    }
-
-    if (firstLog > 0)
-    {
-        dwError = VmDirStringPrintFA(pszFirstLog , sizeof(pszFirstLog), "%llu", firstLog);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        berFirstLog.lberbv.bv_val = pszFirstLog;
-        berFirstLog.lberbv.bv_len = VmDirStringLenA(pszFirstLog);
-
-        dwError = VmDirAddModSingleAttributeReplace(&ldapOp, RAFT_PERSIST_STATE_DN, ATTR_RAFT_FIRST_LOGINDEX, &berFirstLog);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirAddModSingleAttributeReplace firstLogIndex");
-    }
-
-    ldapOp.bSuppressLogInfo = TRUE;
-    dwError = VmDirInternalModifyEntry(&ldapOp);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirInternalModifyEntry");
-
-cleanup:
-    VmDirFreeOperationContent(&ldapOp);
-
-    if (pSchemaCtx)
-    {
-        VmDirSchemaCtxRelease(pSchemaCtx);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
-
-    assert(dwError==0); //Raft cannot garantee safety if persist state cannot be updated.
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirUpdateRaftPsState: %s error %d term %d PsState.currentTerm %d; server role %d",
-                    VDIR_SAFE_STRING(pszLocalErrorMsg), dwError, term, gRaftState.currentTerm, gRaftState.role);
-    goto cleanup;
-}
-
 DWORD
 VmDirAddRaftEntry(PVDIR_SCHEMA_CTX pSchemaCtx, PVDIR_RAFT_LOG pLogEntry, PVDIR_OPERATION pOp)
 {
@@ -364,7 +242,7 @@ VmDirAddRaftEntry(PVDIR_SCHEMA_CTX pSchemaCtx, PVDIR_RAFT_LOG pLogEntry, PVDIR_O
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetParentDN(&raftEntry.dn, &raftEntry.pdn );
+    dwError = VmDirGetParentDN(&raftEntry.dn, &raftEntry.pdn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirUuidGenerate (&guid);
@@ -379,8 +257,11 @@ VmDirAddRaftEntry(PVDIR_SCHEMA_CTX pSchemaCtx, PVDIR_RAFT_LOG pLogEntry, PVDIR_O
     dwError = VmDirEntryAddBervArrayAttribute(&raftEntry, ATTR_RAFT_LOG_ENTRIES, &pLogEntry->packRaftLog, 1);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirComputeObjectSecurityDescriptor(NULL, &raftEntry, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     raftEntry.eId = VmDirRaftLogEntryId(pLogEntry->index);
-    dwError = pOp->pBEIF->pfnBEEntryAdd( pOp->pBECtx, &raftEntry);
+    dwError = pOp->pBEIF->pfnBEEntryAdd(pOp->pBECtx, &raftEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCloneStackOperation(pOp, &modOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
@@ -408,6 +289,10 @@ VmDirAddRaftEntry(PVDIR_SCHEMA_CTX pSchemaCtx, PVDIR_RAFT_LOG pLogEntry, PVDIR_O
     return dwError;
 
 error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+      "VmDirAddRaftEntry: log(%llu, %d, %d) term %d lastLogIndex %llu commitIndex %llu error %d",
+      pLogEntry->index, pLogEntry->term, pLogEntry->requestCode, gRaftState.currentTerm,
+      gRaftState.lastLogIndex, gRaftState.commitIndex, dwError);
     goto cleanup;
 }
 
@@ -452,7 +337,7 @@ _VmDirLogLookup(
 
 //Remove all logs with index >= startLogIndex
 DWORD
-_VmDirDeleteAllLogs(unsigned long long startLogIndex)
+_VmDirDeleteAllLogs(unsigned long long startLogIndex, BOOLEAN *pbFatalError)
 {
     DWORD dwError = 0;
     VDIR_ENTRY_ARRAY entryArray = {0};
@@ -460,6 +345,10 @@ _VmDirDeleteAllLogs(unsigned long long startLogIndex)
     int i = 0;
     PVDIR_ATTRIBUTE pAttr = NULL;
     UINT64 logIndex = 0;
+    int logCnt = 0;
+    unsigned long long *pLogIdxArray = NULL;
+
+    *pbFatalError = FALSE;
 
     dwError = VmDirStringPrintFA(filterStr, sizeof(filterStr), "(%s>=%llu)",
                                  ATTR_RAFT_LOGINDEX, startLogIndex);
@@ -468,32 +357,63 @@ _VmDirDeleteAllLogs(unsigned long long startLogIndex)
     dwError = VmDirFilterInternalSearch(RAFT_LOGS_CONTAINER_DN, LDAP_SCOPE_ONE, filterStr, 0, NULL, &entryArray);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (i = 0; i < entryArray.iSize; i++)
+    logCnt = entryArray.iSize;
+    if (logCnt < 1)
+    {
+        goto cleanup;
+    }
+
+    dwError = VmDirAllocateMemory( sizeof(unsigned long long)*logCnt, (PVOID*)&pLogIdxArray );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i = 0; i < logCnt; i++)
     {
         pAttr = VmDirFindAttrByName(&(entryArray.pEntry[i]), ATTR_RAFT_LOGINDEX);
         if (!pAttr)
         {
             //This indicate the corruption of the log entry data.
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirDeleteAllLogs invalid log entry, logIdx %llu", logIndex);
-            assert(0);
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirDeleteAllLogs invalid log entry, logIdx %llu lastLogIndex %llu",
+                            logIndex, gRaftState.lastLogIndex);
+            *pbFatalError = TRUE;
+            dwError = LDAP_OPERATIONS_ERROR;
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
 
         logIndex = VmDirStringToLA(pAttr->vals[0].lberbv.bv_val, NULL, 10);
-        if (logIndex <= gRaftState.lastApplied)
+        pLogIdxArray[i] = logIndex;
+    }
+
+    //To delete logs in high to low order
+    qsort(pLogIdxArray, logCnt, sizeof(unsigned long long), _VmDirCompareLogIdx);
+
+    if (logCnt > 1)
+    {
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirDeleteAllLogs deleting %d logs from %llu to %llu ...",
+                       logCnt, pLogIdxArray[0], pLogIdxArray[logCnt-1]);
+    }
+
+    for (i=0; i<logCnt; i++)
+    {
+        if (pLogIdxArray[i] <= gRaftState.lastApplied)
         {
-             /* This shouldn't occur. If it does, then there would be a bug, and the consistency might be 
+             /* This shouldn't occur. If it does, then there would be a bug, and the consistency might be
               * compromised. We should investigate the sequence of events on how to get here.
               */
-             VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirDeleteAllLogs attempt to delete log already applied, logIdx %llu", logIndex);
-             assert(0);
-        }
+             VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+               "_VmDirDeleteAllLogs attempt to delete log already applied, logIdx %llu lastApplied %llu lastLogIndex %llu",
+               pLogIdxArray[i], gRaftState.lastApplied, gRaftState.lastLogIndex);
 
-        dwError = _VmdirDeleteLog(entryArray.pEntry[i].dn.lberbv_val);
+             *pbFatalError = TRUE;
+             dwError = LDAP_OPERATIONS_ERROR;
+             BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        dwError = _VmdirDeleteLog(pLogIdxArray[i], FALSE);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
 cleanup:
     VmDirFreeEntryArrayContent(&entryArray);
+    VMDIR_SAFE_FREE_MEMORY(pLogIdxArray);
     return dwError;
 
 error:
@@ -620,54 +540,6 @@ _VmDirFetchLogEntry(unsigned long long logIndex, PVDIR_RAFT_LOG pLogEntry, int f
     goto cleanup;
 }
 
-DWORD
-_VmdirDeleteLog(PSTR pDn)
-{
-    DWORD dwError = 0;
-    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
-    VDIR_OPERATION ldapOp = {0};
-    DeleteReq *dr = NULL;
-
-    dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirInitStackOperation( &ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_DELETE, pSchemaCtx );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    ldapOp.pBEIF = VmDirBackendSelect(NULL);
-    assert(ldapOp.pBEIF);
-
-    ldapOp.reqDn.lberbv.bv_val = pDn;
-    ldapOp.reqDn.lberbv.bv_len = VmDirStringLenA(pDn);
-
-    dr = &(ldapOp.request.deleteReq);
-
-    dwError = VmDirAllocateBerValueAVsnprintf(&(dr->dn), "%s", ldapOp.reqDn.lberbv.bv_val);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    ldapOp.bSuppressLogInfo = TRUE;
-    dwError = VmDirInternalDeleteEntry(&ldapOp);
-    if (dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND)
-    {
-        dwError = 0;
-    }
-    BAIL_ON_VMDIR_ERROR( dwError );
-
-    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "_VmdirDeleteLog deleted log %s ...", pDn);
-
-cleanup:
-    VmDirFreeOperationContent(&ldapOp);
-    if (pSchemaCtx)
-    {
-        VmDirSchemaCtxRelease(pSchemaCtx);
-    }
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmdirDeleteLog: entry %s error %d", pDn,  dwError);
-    goto cleanup;
-}
-
 DWORD
 _VmDirGetPrevLogArgs(unsigned long long *pPrevIndex, UINT32 *pPrevTerm, UINT64 startIndex, int line)
 {
@@ -972,6 +844,12 @@ _VmDirGetLastIndex(UINT64 *index, UINT32 *term)
     dwError = _VmDirFetchLogEntry(lastLogIndex, &logEntry, __LINE__);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    if (logEntry.index == 0)
+    {
+        dwError = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
     *index = lastLogIndex;
     *term = logEntry.term;
 
@@ -981,7 +859,8 @@ _VmDirGetLastIndex(UINT64 *index, UINT32 *term)
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirGetLastIndex: error %d", dwError);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+      "_VmDirGetLastIndex: lastLogIndex %llu, error %d", lastLogIndex, dwError);
     goto cleanup;
 }
 
@@ -1068,3 +947,25 @@ _VmDirRaftLoadGlobals(PSTR *ppszLocalErrorMsg)
     *ppszLocalErrorMsg = pszLocalErrorMsg;
     goto cleanup;
 }
+
+/*
+ * Sort log index array in high to lower order
+ */
+static int
+_VmDirCompareLogIdx(
+    const void * logIdx1,
+    const void * logIdx2)
+{
+    if ( *(unsigned long long *)logIdx1 < *(unsigned long long*)logIdx2 )
+    {
+        return 1;
+    }
+    else if (*(unsigned long long *)logIdx1 == *(unsigned long long*)logIdx2 )
+    {
+        return 0;
+    }
+    else
+    {
+        return -1;
+    }
+}
diff --git a/lwraft/server/replication/structs.h b/lwraft/server/replication/structs.h
index 0ce589516..ec130ea20 100644
--- a/lwraft/server/replication/structs.h
+++ b/lwraft/server/replication/structs.h
@@ -77,18 +77,13 @@ typedef struct _VMDIR_REPLICATION_CONTEXT
     PSTR pszKrb5ErrorMsg;
 } VMDIR_REPLICATION_CONTEXT, *PVMDIR_REPLICATION_CONTEXT;
 
-#define LOG_ENTRY_EID_PREFIX 0x4000000000000000
-#define NEW_ENTRY_EID_PREFIX 0x2000000000000000
 typedef struct _VDIR_RAFT_LOG
 {
     UINT64 index;
     UINT32 term;
     UINT64 entryId;           //For entryId to be add/modified/deleted.
-    UINT32 requestCode;       //LDAP_REQ_ADD, LDAP_REQ_DELETE or LDAP_REQ_MODIFY
+    UINT32 requestCode;       //LDAP_REQ_ADD, LDAP_REQ_DELETE, LDAP_REQ_MODIFY or 0 for nonop (used for raft leader change)
     VDIR_BERVALUE chglog;     //packed entry (LDAP_REQ_ADD), mods(LDAP_REQ_MODIFY) or empty value (LDAP_REQ_DELETE)
-#define CHGLOG_ADD_PACKED 'a' //Internally packed for LDAP ADD
-#define CHGLOG_MOD_PACKED  'm' //Internally packed LDAP MODIFY
-#define CHGLOG_DEL_EID     'd' //entryId is the  entry id to delete.
     VDIR_BERVALUE packRaftLog; //packed for MDB persist or RPC transport in format below
                                //encoded log index(8 bytes), term(4 bytes), entryid(8 bytes),
                                // and requestCode(4 bytes), followed by chglog.
@@ -96,13 +91,7 @@ typedef struct _VDIR_RAFT_LOG
 //Total storage for packRaftLog is RAFT_LOG_HEADER_LEN + chglog data length
 } VDIR_RAFT_LOG, *PVDIR_RAFT_LOG;
 
-typedef enum _VDIR_RAFT_ROLE
-{
-    VDIR_RAFT_ROLE_CANDIDATE = 0,
-    VDIR_RAFT_ROLE_FOLLOWER,
-    VDIR_RAFT_ROLE_LEADER,
-    VDIR_RAFT_ROLE_ALONE //standalone server that is pending cluster initialization
-} VDIR_RAFT_ROLE;
+
 
 typedef enum _VDIR_RAFT_EXEC_CMD
 {
@@ -146,7 +135,7 @@ typedef struct _APPEND_ENTRIES_ARGS
     /* [in] */ int  entriesSize;
     /* [in] */ char *entries;
     /* [out] */ UINT32 currentTerm;
-    /* [out] */ UINT32 status;
+    /* [out] */ unsigned long long status;
 } APPEND_ENTRIES_ARGS;
 
 typedef struct _VMDIR_PEER_PROXY
@@ -168,8 +157,7 @@ typedef struct _VDIR_RAFT_STAT
     int clusterSize; //number of servers in raft clust, updated initially and when adding/removing nodes
     UINT32 voteConsensusCnt; //number of positive ballots collected from peers, plus 1 for self.
     UINT32 voteDeniedCnt; //number of negative ballots collected from peers
-    UINT32 voteConsenusuTerm; //term associated with above voteConsensusCnt
-    BOOLEAN rpcSent;    //at least one RPC sent to peers
+    UINT32 voteConsensusTerm; //term associated with above voteConsensusCnt
     BOOLEAN initialized;//Whether the stat is loaded from the persistent store after server start.
     UINT64 lastPingRecvTime; //time stamp of the last ping or appendEntries received from leader
     UINT64 commitIndex; //the highest log entry index known to be commited
@@ -180,7 +168,7 @@ typedef struct _VDIR_RAFT_STAT
     int opCounts; //number of logs created, as a Raft leader, since last logs compaction.
     UINT32 lastLogTerm;  //the term associated with lastLogIndex
     VDIR_BERVALUE leader; //leader's hostname for referal
-    BOOLEAN disallowUpdates; //disallow external LDAP add/modify/delete; momently for newly elected leader.
+    BOOLEAN disallowUpdates; //disallow external LDAP add/modify/delete; momently for newly elected leader
     PVMDIR_PEER_PROXY proxies;   //A list of elements, each for a peer proxy
     //Below are persistent variables, i.e. must be writen to entry cn=persiststate,cn=raftcontext once changed
     UINT64 lastApplied; //Index of highest log entry that have been applied to directory entry.
@@ -189,11 +177,9 @@ typedef struct _VDIR_RAFT_STAT
     VDIR_BERVALUE votedFor;
 } VDIR_RAFT_STATE, *PVDIR_RAFT_STATE;
 
-//Timeout while waiting for (majority) of peers to be ready (in idle state).
-#define WAIT_PEERS_READY_MS 3000
-
-//Wait time in sec for majority of requestVote, appendEntries or ping to be received from peers.
-#define WAIT_CONSENSUS_TIMEOUT_MS 8000
-
-//Wait relection minimum value in MS  when split votes occurred
-#define WAIT_REELECTION_MIN_MS 150
+typedef struct _VDIR_RAFT_COMMIT_CTX
+{
+    unsigned long long logIndex;
+    int logTerm;
+    int logRequestCode;
+} VDIR_RAFT_COMMIT_CTX, *PVDIR_RAFT_COMMIT_CTX;
diff --git a/lwraft/server/replication/thread.c b/lwraft/server/replication/thread.c
index d4134e7ff..be5d75f65 100644
--- a/lwraft/server/replication/thread.c
+++ b/lwraft/server/replication/thread.c
@@ -36,8 +36,6 @@ extern int VmDirEntryAttrValueNormalize(PVDIR_ENTRY, BOOLEAN);
 extern DWORD VmDirSyncCounterReset(PVMDIR_SYNCHRONIZE_COUNTER pSyncCounter, int syncValue);
 extern DWORD VmDirConditionBroadcast(PVMDIR_COND pCondition);
 
-int VmDirRaftCommitHook(VOID);
-
 static DWORD _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxySelf, int);
 static DWORD _VmDirRequestVoteRpc(PVMDIR_SERVER_CONTEXT *pServer, PVMDIR_PEER_PROXY pProxySelf);
 static DWORD _VmDirReplicationThrFun(PVOID);
@@ -52,9 +50,12 @@ static DWORD _VmDirApplyLog(unsigned long long);
 static VOID _VmDirWaitPeerThreadsShutdown();
 static DWORD _VmDirDeleteRaftProxy(char *dn_norm);
 static VOID _VmDirRemovePeerInLock(PCSTR pHostname);
-static VOID _VmDirWaitLogCommitDone();
+static DWORD _VmDirGetRaftQuorumOverride(BOOLEAN bForceKeyRead);
+static VOID _VmDirEvaluateVoteResult(UINT64 *waitTime);
+static VOID _VmDirPersistTerm(int term);
 
 PVMDIR_MUTEX gRaftStateMutex = NULL;
+PVMDIR_MUTEX gRaftRpcReplyMutex = NULL;
 
 PVMDIR_COND gRaftRequestPendingCond = NULL;
 PVMDIR_COND gRaftRequestVoteCond = NULL;
@@ -68,6 +69,7 @@ PVDIR_RAFT_LOG gEntries = NULL;
 VDIR_RAFT_LOG gLogEntry = {0};
 
 static char gNewPartner[VMDIR_MAX_LDAP_URI_LEN] = {0};
+static DWORD gQuorumOverride = 0;
 
 VOID VmDirNewPartner(PCSTR *hostname)
 {
@@ -84,6 +86,9 @@ InitializeReplicationThread(
     dwError = VmDirAllocateMutex(&gRaftStateMutex);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirAllocateMutex(&gRaftRpcReplyMutex);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     dwError = VmDirAllocateCondition(&gRaftRequestPendingCond);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -102,9 +107,6 @@ InitializeReplicationThread(
     dwError = VmDirAllocateCondition(&gRaftNewLogCond);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateMemory( sizeof(*pThrInfo), (PVOID*)&pThrInfo);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     if (gVmdirGlobals.dwRaftElectionTimeoutMS < 10 ||
         gVmdirGlobals.dwRaftPingIntervalMS < 20 ||
         gVmdirGlobals.dwRaftElectionTimeoutMS <= (gVmdirGlobals.dwRaftPingIntervalMS << 1))
@@ -120,14 +122,18 @@ InitializeReplicationThread(
       "RaftElectionTimeoutMS", gVmdirGlobals.dwRaftElectionTimeoutMS,
       "RaftPingIntervalMS", gVmdirGlobals.dwRaftPingIntervalMS);
 
-    VmDirSrvThrInit(
-                &pThrInfo,
-                gVmdirGlobals.replAgrsMutex,       // alternative mutex
-                gVmdirGlobals.replAgrsCondition,   // alternative cond
-                TRUE);
-
+    dwError = VmDirSrvThrInit(
+            &pThrInfo,
+            gVmdirGlobals.replAgrsMutex,       // alternative mutex
+            gVmdirGlobals.replAgrsCondition,   // alternative cond
+            TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateThread( &pThrInfo->tid, FALSE, _VmDirReplicationThrFun, pThrInfo);
+    dwError = VmDirCreateThread(
+            &pThrInfo->tid,
+            pThrInfo->bJoinThr,
+            _VmDirReplicationThrFun,
+            pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pThrInfo);
@@ -155,10 +161,11 @@ DWORD
 _VmDirRaftVoteSchdThread()
 {
     int dwError = 0;
+    int term = 0;
 
     gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
     //Set initial election timeout higher to avoid triggering new election due to slow startup.
-    UINT64 waitTime = gVmdirGlobals.dwRaftElectionTimeoutMS + WAIT_CONSENSUS_TIMEOUT_MS;
+    UINT64 waitTime = (gVmdirGlobals.dwRaftElectionTimeoutMS << 1) + 5000;
     BOOLEAN bLock = FALSE;
 
     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRaftVoteSchdThread: started.");
@@ -166,9 +173,6 @@ _VmDirRaftVoteSchdThread()
     while(1)
     {
         UINT64 now = {0};
-        int term = 0;
-        int waitConsensus = WAIT_CONSENSUS_TIMEOUT_MS;
-        BOOLEAN bWaitTimeout = FALSE;
 
         if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
         {
@@ -205,7 +209,6 @@ _VmDirRaftVoteSchdThread()
             {
                 //Hasn't recieved ping for an duration of gVmdirGlobals.dwRaftElectionTimeoutMS - switch to candidate
                 gRaftState.role = VDIR_RAFT_ROLE_CANDIDATE;
-                gRaftState.rpcSent = TRUE;
                 goto startVote;
             } else
             {
@@ -228,7 +231,7 @@ _VmDirRaftVoteSchdThread()
             if (_VmDirPeersIdleInLock() < (gRaftState.clusterSize/2))
             {
                  //Wait gPeersReadyCond only if not enough peers are Ready
-                 dwError = VmDirConditionTimedWait(gPeersReadyCond, gRaftStateMutex, WAIT_PEERS_READY_MS);
+                 dwError = VmDirConditionTimedWait(gPeersReadyCond, gRaftStateMutex, gVmdirGlobals.dwRaftPingIntervalMS);
             }
         } while (dwError == ETIMEDOUT);
 
@@ -243,30 +246,39 @@ _VmDirRaftVoteSchdThread()
             continue;
         }
 
-        if (gRaftState.rpcSent)
+        term = ++gRaftState.currentTerm;
+        VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+
+        _VmDirPersistTerm(term);
+
+        VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+        if (gRaftState.currentTerm != term)
         {
-            //Increment term only when at least one request vote rpc was sent out with
-            //   the previous requtest vote to avoid waisting term numbers.
-            gRaftState.currentTerm++;
+            //gRaftState.currentTerm changed during persisting term,
+            //  or duing mutex unlock/lock, start over again.
+            waitTime = gVmdirGlobals.dwRaftElectionTimeoutMS;
             VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-            _VmDirUpdateRaftPsState(gRaftState.currentTerm, TRUE, 0, NULL, 0, 0);
-            VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+            continue;
         }
 
-        if (gRaftState.votedFor.lberbv_len > 0)
+        if (gRaftState.votedForTerm == gRaftState.currentTerm &&
+            gRaftState.votedFor.lberbv_len > 0)
         {
-            VmDirFreeBervalContent(&gRaftState.votedFor);
+            //I have voted for someone else in this term via RequestVoteGetReply,
+            gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+            gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec();
+            waitTime = gVmdirGlobals.dwRaftElectionTimeoutMS;
+            VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+            continue;
         }
 
-        gRaftState.disallowUpdates = TRUE;
-        gRaftState.votedForTerm = 0;
-        gRaftState.rpcSent = FALSE;
-        term = gRaftState.currentTerm;
+        VmDirFreeBervalContent(&gRaftState.votedFor);
+        dwError = VmDirAllocateBerValueAVsnprintf(&gRaftState.votedFor, "%s", gRaftState.hostname.lberbv_val);
+        gRaftState.votedForTerm = gRaftState.currentTerm;
         gRaftState.voteConsensusCnt = 1; //vote for self
         gRaftState.voteDeniedCnt = 0;
-        gRaftState.voteConsenusuTerm = term;
+        gRaftState.voteConsensusTerm = gRaftState.currentTerm;
         gRaftState.cmd = ExecReqestVote;
-        bWaitTimeout = FALSE;
 
         //Now invoke paralle RPC calls to all (available) peers
         VmDirConditionBroadcast(gRaftRequestPendingCond);
@@ -274,51 +286,13 @@ _VmDirRaftVoteSchdThread()
         VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRaftVoteSchdThread: wait vote result; role %d term %d",
                        gRaftState.role, gRaftState.currentTerm);
 
-        //Wait for (majority of) peer threads to complete their RRC calls.
-        VmDirConditionTimedWait(gGotVoteResultCond, gRaftStateMutex, waitConsensus);
+        //Wait for (majority of) peer threads to complete their RRC calls or timeout.
+        VmDirConditionTimedWait(gGotVoteResultCond, gRaftStateMutex, gVmdirGlobals.dwRaftElectionTimeoutMS);
         gRaftState.cmd = ExecNone;
-
-        //Now evalute vote outcome
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-            "_VmDirRaftVoteSchdThread: evalute vote outcome: term %d role %d timeout %s voteConsensusTerm %d voteConsusCnt %d",
-            gRaftState.currentTerm, gRaftState.role, bWaitTimeout?"true":"false", gRaftState.voteConsenusuTerm, gRaftState.voteConsensusCnt);
-
-        if (gRaftState.role == VDIR_RAFT_ROLE_CANDIDATE)
-        {
-           if (gRaftState.currentTerm == gRaftState.voteConsenusuTerm &&
-               gRaftState.voteConsensusCnt >= (gRaftState.clusterSize/2 + 1))
-           {
-               // Verify that the server got majority votes.
-               gRaftState.role = VDIR_RAFT_ROLE_LEADER;
-               gRaftState.lastPingRecvTime = 0; //This would invoke immediate Pings by proxy threads.
-               VmDirConditionBroadcast(gRaftRequestPendingCond);
-               VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-
-               _VmDirWaitLogCommitDone();
-
-               VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-               if (gRaftState.commitIndex < gRaftState.lastApplied)
-               {
-                   gRaftState.commitIndex = gRaftState.lastApplied;
-               }
-               gRaftState.disallowUpdates = FALSE;
-               VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-
-               waitTime = gVmdirGlobals.dwRaftElectionTimeoutMS;
-               continue;
-           } else
-           {
-                //Stay in candidate - split vote; wait at least WAIT_REELECTION_MIN_MS
-                waitTime = (UINT64)(rand()%(gVmdirGlobals.dwRaftPingIntervalMS>>1) + WAIT_REELECTION_MIN_MS);
-           }
-        } else
-        {
-            // Become follower
-            UINT64 waitTimeRemain = VmDirGetTimeInMilliSec() - gRaftState.lastPingRecvTime;
-
-            waitTime = waitTimeRemain < gVmdirGlobals.dwRaftElectionTimeoutMS? waitTimeRemain:gVmdirGlobals.dwRaftElectionTimeoutMS;
-        }
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+
+        //Evaluating vote outcome
+        _VmDirEvaluateVoteResult(&waitTime);
     }
 
 done:
@@ -328,82 +302,174 @@ _VmDirRaftVoteSchdThread()
 }
 
 /*
- * Logs from lastApplied to HighesIndex may or maynot committed though the highest committed
- * log must be (persisted) in this server per the committing and voting algorithm.
- * Those logs should be indirectly (or comfirmed to be) committed (replicated to half or more peers)
- * as the paper secion 5.4.2 explained.
- * The implementation will have the new leader to wait and check those logs being committed via Raft Ping
- * and then apply them locally before acceping new (external) LDAP update requests.
+ * Logs from lastApplied to highest index may or maynot committed though the highest committed
+ * log must have been persisted in this server per the committing and voting algorithm.
+ * Those logs should be indirectly committed via a no-op entry as suggested in secion 5.4.2 and 8.
  */
 static
 VOID
-_VmDirWaitLogCommitDone()
+_VmDirEvaluateVoteResult(UINT64 *waitTime)
 {
     BOOLEAN bLock = FALSE;
-    PVMDIR_PEER_PROXY pProxy = NULL;
-    int matchIdxCnt = 0;
-    UINT64 idxToApply = 0;
+    BOOLEAN bLockRpcReply = FALSE;
+    DWORD dwError = 0;
+    UINT64 uWaitTime = 0;
+    unsigned long long logIdx = 0;
+    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+    VDIR_OPERATION ldapOp = {0};
+    char logEntryDn[RAFT_CONTEXT_DN_MAX_LEN] = {0};
+    VDIR_ENTRY raftEntry = {0};
+    char termStr[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
+    char logIndexStr[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
+    char objectGuidStr[VMDIR_GUID_STR_LEN];
+    uuid_t guid = {0};
+    BOOLEAN bHasTxn = FALSE;
+    unsigned long long logIdxToCommit = 0;
+    unsigned long long applyIdxStart = 0;
+    unsigned int logTermToCommit = 0;
 
-    while(1)
+    //This mutex serializes with other Raft RPC handlers
+    VMDIR_LOCK_MUTEX(bLockRpcReply, gRaftRpcReplyMutex);
+
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInitStackOperation(&ldapOp, VDIR_OPERATION_TYPE_REPL, LDAP_REQ_MODIFY, pSchemaCtx );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ldapOp.pBEIF = VmDirBackendSelect(NULL);
+    assert(ldapOp.pBEIF);
+
+    //Once returned successfully, it would block any other write transactions
+    dwError = ldapOp.pBEIF->pfnBETxnBegin(ldapOp.pBECtx, VDIR_BACKEND_TXN_WRITE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    bHasTxn = TRUE;
+
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+
+    //block external updates until leader transition complete or end of this function.
+    gRaftState.disallowUpdates = TRUE;
+
+    //Now evalute vote outcome
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+      "_VmDirEvaluateVoteResult: evaluting vote outcome: term %d role %d consensusTerm %d consensusCnt %d",
+      gRaftState.currentTerm, gRaftState.role, gRaftState.voteConsensusTerm, gRaftState.voteConsensusCnt);
+
+    uWaitTime = gVmdirGlobals.dwRaftElectionTimeoutMS;
+
+    if (gRaftState.role != VDIR_RAFT_ROLE_CANDIDATE)
     {
-       if (VmDirdState() == VMDIRD_STATE_SHUTDOWN ||
-           gRaftState.lastApplied == gRaftState.lastLogIndex)
-       {
-           goto done;
-       }
+        //Become follower via other means
+        goto cleanup;
+    }
 
-       VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    if (gRaftState.currentTerm != gRaftState.voteConsensusTerm ||
+        gRaftState.voteConsensusCnt < (gRaftState.clusterSize/2 + 1))
+    {
+        //Split vote; wait randomly with a mean value dwRaftPingIntervalMS
+        uWaitTime = (UINT64)(rand()%(gVmdirGlobals.dwRaftPingIntervalMS>>1));
+        goto cleanup;
+    }
 
-       if (gRaftState.role != VDIR_RAFT_ROLE_LEADER)
-       {
-           /* Need to check the role again since the race condition may put
-            * the server to the follower role even after being elected to leader
-            */
-           VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-           goto done;
-       }
+    //Got majority of votes.
+    gRaftState.role = VDIR_RAFT_ROLE_LEADER;
+    applyIdxStart = gRaftState.lastApplied + 1;
+    logIdxToCommit = gRaftState.lastLogIndex + 1;
+    logTermToCommit = gRaftState.currentTerm;
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
 
-       matchIdxCnt = 0;
-       for(pProxy=gRaftState.proxies; pProxy; pProxy=pProxy->pNext)
-       {
-           if (pProxy->matchIndex > gRaftState.lastApplied)
-           {
-               matchIdxCnt++;
-           }
-       }
+    //Create a no-op Log, gLogEntry can be set or cleared only
+    //  when a thread holds MDB write transaction mutex.
+    gLogEntry.index = logIdxToCommit;
+    gLogEntry.term = logTermToCommit;
+    gLogEntry.entryId = 0;
+    gLogEntry.requestCode = 0;
+    gLogEntry.chglog.lberbv_len = 0;
+    gLogEntry.chglog.lberbv_val = NULL;
 
-       idxToApply = 0;
-       if (matchIdxCnt >= (gRaftState.clusterSize >> 1))
-       {
-           //Found at least one committed log index
-           for(pProxy=gRaftState.proxies; pProxy; pProxy=pProxy->pNext)
-           {
-               if (pProxy->matchIndex > gRaftState.lastApplied &&
-                   (idxToApply == 0 || pProxy->matchIndex < idxToApply))
-               {
-                   //locate the lowest index that is committed.
-                   idxToApply = pProxy->matchIndex;
-                   break;
-               }
-           }
-       }
-       VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    dwError = _VmDirPackLogEntry(&gLogEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-       if (idxToApply == 0)
-       {
-           //No progress to replicate uncommtted logs.
-           //Wait Ping to replicate them.
-           VmDirSleep(500);
-       } else
-       {
-           //_VmDirApplyLogsUpto will advance gRaftState.lastApplied if idxToApply has not yet applied.
-           _VmDirApplyLogsUpto(idxToApply);
-       }
+    dwError = VmDirStringPrintFA(logEntryDn, sizeof(logEntryDn), "%s=%llu,%s",
+                ATTR_CN, gLogEntry.index, RAFT_LOGS_CONTAINER_DN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringPrintFA(termStr, sizeof(termStr), "%d", gLogEntry.term);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringPrintFA(logIndexStr, sizeof(logIndexStr), "%llu", gLogEntry.index);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    {
+        PSTR ppLogEntry[] = {ATTR_DN, logEntryDn,
+                             ATTR_CN, logIndexStr,
+                             ATTR_OBJECT_CLASS,  OC_CLASS_RAFT_LOG_ENTRY,
+                             ATTR_RAFT_LOGINDEX, logIndexStr,
+                             ATTR_RAFT_TERM, termStr,
+                             NULL };
+        dwError = AttrListToEntry(pSchemaCtx, logEntryDn, ppLogEntry, &raftEntry);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-done:
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirWaitLogCommitDone: lastLogIndex %llu", gRaftState.lastLogIndex);
+    dwError = VmDirGetParentDN(&raftEntry.dn, &raftEntry.pdn );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VmDirUuidGenerate (&guid);
+    VmDirUuidToStringLower(&guid, objectGuidStr, sizeof(objectGuidStr));
+
+    dwError = VmDirAllocateStringA(objectGuidStr, &raftEntry.pszGuid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirEntryAddSingleValueStrAttribute(&raftEntry, ATTR_OBJECT_GUID, raftEntry.pszGuid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirEntryAddBervArrayAttribute(&raftEntry, ATTR_RAFT_LOG_ENTRIES, &gLogEntry.packRaftLog, 1);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirComputeObjectSecurityDescriptor(NULL, &raftEntry, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    raftEntry.eId = VmDirRaftLogEntryId(gLogEntry.index);
+    dwError = ldapOp.pBEIF->pfnBEEntryAdd(ldapOp.pBECtx, &raftEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldapOp.pBEIF->pfnBETxnCommit(ldapOp.pBECtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //VmDirRaftPrepareCommit now owns gLogEntry
+    bHasTxn = FALSE;
+
+    for (logIdx = applyIdxStart; logIdx < logIdxToCommit; logIdx++)
+    {
+        _VmDirApplyLog(logIdx);
+    }
+
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+      "_VmDirEvaluateVoteResult: completed log (%llu %u)", logIdxToCommit, logTermToCommit);
+
+cleanup:
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    gRaftState.disallowUpdates = FALSE;
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+
+    if (bHasTxn)
+    {
+        _VmDirChgLogFree(&gLogEntry);
+        ldapOp.pBEIF->pfnBETxnAbort(ldapOp.pBECtx);
+    }
+    VMDIR_UNLOCK_MUTEX(bLockRpcReply, gRaftRpcReplyMutex);
+    VmDirFreeOperationContent(&ldapOp);
+    VmDirFreeEntryContent(&raftEntry);
+    *waitTime = uWaitTime;
     return;
+
+error:
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+      "_VmDirEvaluateVoteResult: log(%llu, %d) error %d", logIdxToCommit, logTermToCommit, dwError);
+    goto cleanup;
 }
 
 static
@@ -416,18 +482,23 @@ VmDirRaftPeerThread(void *ctx)
     UINT64 now = {0};
     int cmd = ExecNone;
     PVMDIR_SERVER_CONTEXT pServer = NULL;
-    DWORD dwError = 0;
     PVMDIR_PEER_PROXY pProxySelf = (PVMDIR_PEER_PROXY)ctx;
     PSTR pPeerHostName = pProxySelf->raftPeerHostname;
 
-    dwError=_VmDirRpcConnect(&pServer, pProxySelf);
-    BAIL_ON_VMDIR_ERROR( dwError );
+    do
+    {
+       if(_VmDirRpcConnect(&pServer, pProxySelf)==0)
+       {
+           break;
+       }
+       VmDirSleep(3000);
+    } while (VmDirdState() != VMDIRD_STATE_SHUTDOWN);
 
     while(1)
     {
         if (VmDirdState() == VMDIRD_STATE_SHUTDOWN || pProxySelf->isDeleted)
         {
-            goto cleanup;
+            goto done;
         }
 
         VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "VmDirRaftPeerThread: wait RequestPendingCond (peer %s); role %d term %d",
@@ -446,7 +517,7 @@ VmDirRaftPeerThread(void *ctx)
 appendEntriesRepeat:
         if (VmDirdState() == VMDIRD_STATE_SHUTDOWN || pProxySelf->isDeleted)
         {
-            goto cleanup;
+            goto done;
         }
 
         VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "VmDirRaftPeerThread: exit RequestPendingCond (peer %s); role %d term %d",
@@ -526,20 +597,16 @@ VmDirRaftPeerThread(void *ctx)
 
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
     }
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirRaftPeerThread: thread for peer %s shutdown completed", pPeerHostName);
 
-cleanup:
+done:
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirRaftPeerThread: thread for peer %s exits", pPeerHostName);
     if (pServer)
     {
         VmDirCloseServer( pServer);
     }
     pProxySelf->isDeleted = TRUE;
     pProxySelf->tid = 0;
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirRaftPeerThread: thread for peer %s error %d", pPeerHostName, dwError);
-    goto cleanup;
+    return 0;
 }
 
 static
@@ -652,11 +719,17 @@ _VmDirReplicationThrFun(
 
     if (!bGlobalsLoaded)
     {
+        BOOLEAN firstServer = FALSE;
+
         VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
         dwError = 0;
 
         VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirReplicationThrFun: waiting for promoting ...");
         //server has not complete vdcpromo, wait signal triggered by vdcpromo
+
+        //In case lwraftd restart while waiting for promo, this call will advance raft logs.
+        _VmDirLoadRaftState();
+
         VMDIR_LOCK_MUTEX(bInReplAgrsLock, gVmdirGlobals.replAgrsMutex);
         dwError = VmDirConditionWait( gVmdirGlobals.replAgrsCondition, gVmdirGlobals.replAgrsMutex );
         BAIL_ON_VMDIR_ERROR( dwError);
@@ -676,17 +749,18 @@ _VmDirReplicationThrFun(
             VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirReplicationThrFun: complete vdcpromo from partner %s.", gNewPartner);
         } else
         {
+            firstServer = TRUE;
             VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirReplicationThrFun: complete vdcpromo as first server.");
         }
-    }
 
-    //Wake up LDAP connection threads
-    VMDIR_LOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
-    VmDirConditionSignal(gVmdirGlobals.replCycleDoneCondition);
-    VMDIR_UNLOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
+        if (firstServer)
+        {
+            //Wake up LDAP connection threads so that account can be provisioned via LDAP
+            VMDIR_LOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
+            VmDirConditionSignal(gVmdirGlobals.replCycleDoneCondition);
+            VMDIR_UNLOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
+        }
 
-    if (!bGlobalsLoaded)
-    {
         //Wait until vdcpromo has completed adding the DC to cluster.
         int retryCnt = 0;
         while(TRUE)
@@ -704,41 +778,65 @@ _VmDirReplicationThrFun(
     BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "_VmDirReplicationThrFun: _VmDirRaftLoadGlobals");
 
     dwError = _VmDirLoadRaftState();
-    BAIL_ON_VMDIR_ERROR( dwError);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirStartProxies();
-    BAIL_ON_VMDIR_ERROR( dwError);
+    _VmDirGetRaftQuorumOverride(TRUE);
 
-    dwError = VmDirAllocateMemory( sizeof(*pRaftVoteSchdThreadInfo), (PVOID*)&pRaftVoteSchdThreadInfo);
+    dwError = _VmDirStartProxies();
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VmDirSrvThrInit( &pRaftVoteSchdThreadInfo, gVmdirGlobals.replAgrsMutex, gVmdirGlobals.replAgrsCondition, TRUE);
+    dwError = VmDirSrvThrInit(
+            &pRaftVoteSchdThreadInfo,
+            gVmdirGlobals.replAgrsMutex,
+            gVmdirGlobals.replAgrsCondition,
+            TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateThread( &pRaftVoteSchdThreadInfo->tid, TRUE, _VmDirRaftVoteSchdThread, pRaftVoteSchdThreadInfo);
+    dwError = VmDirCreateThread(
+            &pRaftVoteSchdThreadInfo->tid,
+            pRaftVoteSchdThreadInfo->bJoinThr,
+            _VmDirRaftVoteSchdThread,
+            pRaftVoteSchdThreadInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pRaftVoteSchdThreadInfo);
 
-    dwError = VmDirAllocateMemory( sizeof(*pRaftLogApplyThreadInfo), (PVOID*)&pRaftLogApplyThreadInfo);
+    dwError = VmDirSrvThrInit(
+            &pRaftLogApplyThreadInfo,
+            gVmdirGlobals.replAgrsMutex,
+            gVmdirGlobals.replAgrsCondition,
+            TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VmDirSrvThrInit( &pRaftLogApplyThreadInfo, gVmdirGlobals.replAgrsMutex, gVmdirGlobals.replAgrsCondition, TRUE);
-
-    dwError = VmDirCreateThread( &pRaftLogApplyThreadInfo->tid, TRUE, _VmDirRaftLogApplyThread, pRaftLogApplyThreadInfo);
+    dwError = VmDirCreateThread(
+            &pRaftLogApplyThreadInfo->tid,
+            pRaftLogApplyThreadInfo->bJoinThr,
+            _VmDirRaftLogApplyThread,
+            pRaftLogApplyThreadInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pRaftLogApplyThreadInfo);
 
-    dwError = VmDirAllocateMemory( sizeof(*pRaftLogCompactThreadInfo), (PVOID*)&pRaftLogCompactThreadInfo);
+    dwError = VmDirSrvThrInit(
+            &pRaftLogCompactThreadInfo,
+            gVmdirGlobals.replAgrsMutex,
+            gVmdirGlobals.replAgrsCondition,
+            TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VmDirSrvThrInit( &pRaftLogCompactThreadInfo, gVmdirGlobals.replAgrsMutex, gVmdirGlobals.replAgrsCondition, TRUE);
-
-    dwError = VmDirCreateThread( &pRaftLogCompactThreadInfo->tid, TRUE, _VmDirRaftLogCompactThread, pRaftLogCompactThreadInfo);
+    dwError = VmDirCreateThread(
+            &pRaftLogCompactThreadInfo->tid,
+            pRaftLogCompactThreadInfo->bJoinThr,
+            _VmDirRaftLogCompactThread,
+            pRaftLogCompactThreadInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pRaftLogCompactThreadInfo);
 
+    VMDIR_LOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
+    VmDirConditionSignal(gVmdirGlobals.replCycleDoneCondition);
+    VMDIR_UNLOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
+
     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirReplicationThrFun: started.");
 
     while (1)
@@ -781,14 +879,14 @@ _VmDirReplicationThrFun(
     if (VmDirdState() != VMDIRD_STATE_SHUTDOWN)
     {
         VmDirdStateSet( VMDIRD_STATE_FAILURE );
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "_VmDirReplicationThrFun: Replication has failed with unrecoverable error %d", dwError);
     }
 
     if (pRaftVoteSchdThreadInfo)
     {
          VmDirSrvThrFree(pRaftVoteSchdThreadInfo);
     }
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "_VmDirReplicationThrFun: Replication has failed with unrecoverable error %d", dwError);
     goto cleanup;
 }
 
@@ -858,57 +956,62 @@ _VmDirRequestVoteRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxySe
     if (dwError)
     {
         if (dwError == rpc_s_connect_rejected || dwError == rpc_s_connect_timed_out ||
-            dwError == rpc_s_cannot_connect || dwError == rpc_s_connection_closed)
+            dwError == rpc_s_cannot_connect || dwError == rpc_s_connection_closed || dwError == rpc_s_host_unreachable)
         {
             VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-                 "_VmDirRequestVoteRpc: not connected or disconnected peer %s error %d", pPeerHostName, dwError);
+              "_VmDirRequestVoteRpc: not connected or disconnected peer %s dcerpc error %d", pPeerHostName, dwError);
             pProxySelf->proxy_state = RPC_DISCONN;
             _VmDirRpcConnect(ppServer, pProxySelf);
             goto done;
         } else if (dwError == rpc_s_auth_method)
         {
-             VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRequestVoteRpc: rpc_s_auth_method peer %s", pPeerHostName);
+             VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+               "_VmDirRequestVoteRpc: error rpc_s_auth_method, peer %s", pPeerHostName);
              pProxySelf->proxy_state = RPC_DISCONN;
              _VmDirRpcConnect(ppServer, pProxySelf);
              goto done;
         }
 
-        if(gRaftState.role != VDIR_RAFT_ROLE_CANDIDATE)
-        {
-             goto done;
-        }
-
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirRequestVoteRpc: RPC call VmDirRaftRequestVote failed to peer %s error %d",
-                        pPeerHostName, dwError);
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+          "_VmDirRequestVoteRpc: RPC call VmDirRaftRequestVote failed to peer %s error %d role %d term %d",
+          pPeerHostName, dwError, gRaftState.role, gRaftState.currentTerm);
         goto done;
     }
 
-    gRaftState.rpcSent = TRUE;
     bLock = FALSE;
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
     if (reqVoteArgs.currentTerm > gRaftState.currentTerm)
     {
+        int oldTerm = 0;
         /* The vote must have been denied in this case.
          * The peer may also has its log index larger than mine in which case this server should
          * start a new vote the sooner the better.  However, we can't tell it is the case,
          * thus simply treat it as a split vote. We may improve the vote efficiency if we have an
          * additional a OUT parameter to tell this condition.
          */
+        gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+        gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec();
+        oldTerm = gRaftState.currentTerm;
         gRaftState.currentTerm = reqVoteArgs.currentTerm;
         gRaftState.voteDeniedCnt++;
-
+        //Wakeup _VmDirRaftVoteSchdThread
+        waitSignaled = TRUE;
+        VmDirConditionSignal(gGotVoteResultCond);
+        //Avoid deadlock on MDB write mutex during persisting term.
+        VmDirConditionSignal(gRaftAppendEntryReachConsensusCond);
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-        _VmDirUpdateRaftPsState(reqVoteArgs.currentTerm, FALSE, 0, NULL, 0, 0);
 
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRequestVoteRpc: peer (%s) term %d > current term, change role to follower",
-                       pPeerHostName, reqVoteArgs.currentTerm);
+        _VmDirPersistTerm(reqVoteArgs.currentTerm);
+
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRequestVoteRpc: peer (%s) term %d > current term %d, change role to follower",
+                       pPeerHostName, reqVoteArgs.currentTerm, oldTerm);
         goto done;
     }
 
     if (gRaftState.role != VDIR_RAFT_ROLE_CANDIDATE)
     {
         VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "_VmDirRequestVoteRpc: server role changed to %d; term %d; peer: (%s)(term %d)",
+          "_VmDirRequestVoteRpc: server role was changed to %d - forfeit this RPC result; term %d; peer: (%s)(term %d)",
           gRaftState.role, gRaftState.currentTerm, pPeerHostName, reqVoteArgs.currentTerm);
         goto done;
     }
@@ -924,13 +1027,14 @@ _VmDirRequestVoteRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxySe
             //Peer has a larger highest logIndex, switch to follower,
             // so don't send request vote anymore for this term.
             gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+            gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec();
         }
         //Denied due to split vote or any other reasons - stay as a candidate.
         goto done;
     }
 
     //Now vote is granted by the peer
-    if (gRaftState.currentTerm == gRaftState.voteConsenusuTerm)
+    if (gRaftState.currentTerm == gRaftState.voteConsensusTerm)
     {
         gRaftState.voteConsensusCnt++;
         if (gRaftState.voteConsensusCnt >= (gRaftState.clusterSize/2 + 1))
@@ -941,13 +1045,13 @@ _VmDirRequestVoteRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxySe
 
             VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
               "_VmDirRequestVoteRpc: vote granted from %s and reached majority consensusCount %d for term %d; become leader in term %d",
-              pPeerHostName, gRaftState.voteConsensusCnt, gRaftState.voteConsenusuTerm, gRaftState.currentTerm);
+              pPeerHostName, gRaftState.voteConsensusCnt, gRaftState.voteConsensusTerm, gRaftState.currentTerm);
             goto done;
         }
     }
 
     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRequestVoteRpc: vote granted from peer %s voteConsensusCnt %d (term %d)",
-                   pPeerHostName, gRaftState.voteConsensusCnt, gRaftState.voteConsenusuTerm);
+                   pPeerHostName, gRaftState.voteConsensusCnt, gRaftState.voteConsensusTerm);
 
 done:
     if (!waitSignaled && (gRaftState.voteConsensusCnt - 1 + gRaftState.voteDeniedCnt) >= _VmDirPeersConnectedInLock())
@@ -984,7 +1088,9 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
         if (gEntries == NULL || gEntries->packRaftLog.lberbv_len == 0)
         {
             //caller has given up and removed gEntries.
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirAppendEntriesRpc ExecAppendEntries has no entries to send");
+            VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+              "_VmDirAppendEntriesRpc: ExecAppendEntries gEntry==%s, peer %s, term %d, lastLogIndex %llu",
+              gEntries?"notNull":"null", pPeerHostName, gRaftState.currentTerm, gRaftState.lastLogIndex);
             goto cleanup;
         }
         args.entriesSize = gEntries->packRaftLog.lberbv_len;
@@ -1002,10 +1108,13 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
         args.entries = NULL;
         startLogIndex = gRaftState.lastLogIndex;
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-        dwError = _VmDirGetPrevLogArgs(&args.preLogIndex, &args.preLogTerm, startLogIndex, __LINE__);
+        dwError = _VmDirGetPrevLogArgs(&args.preLogIndex, &args.preLogTerm, startLogIndex+1, __LINE__);
         BAIL_ON_VMDIR_ERROR(dwError);
     } else
     {
+         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+           "_VmDirAppendEntriesRpc invalid cmd %d peer (%s), preLogIndex %llu, firstLogIndex %llu",
+           cmd, pPeerHostName, args.preLogIndex, gRaftState.firstLogIndex);
          assert(0);
     }
 
@@ -1014,6 +1123,15 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
     args.term = gRaftState.currentTerm;
     args.leaderCommit = gRaftState.commitIndex;
 
+    if (gRaftState.role != VDIR_RAFT_ROLE_LEADER)
+    {
+        //Check the role again to present sending outdated RPC calls.
+       VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+         "_VmDirAppendEntriesRpc no longer a leader (no RPC sent), peer %s preLog (%llu %d) role %d",
+         pPeerHostName, args.preLogIndex,args.term, gRaftState.role);
+       goto cleanup;
+    }
+
     if (args.preLogIndex < gRaftState.firstLogIndex)
     {
        dwError = LDAP_OPERATIONS_ERROR;
@@ -1025,8 +1143,9 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
 
     VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
 
-    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "_VmDirAppendEntriesRpc: call with startLogIndex %llu preLogIndex %llu for peer %s",
-                    startLogIndex, args.preLogIndex, pPeerHostName);
+    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+      "_VmDirAppendEntriesRpc: startLogIdx %llu term %u preLogIdx %llu preLogTerm %u entSize %u peer %s",
+      startLogIndex, args.term, args.preLogIndex, args.preLogTerm, args.entriesSize, pPeerHostName);
 
     dwError = VmDirRaftAppendEntries(pServer, args.term, args.leader,
                                   (UINT32)args.preLogIndex, args.preLogTerm,
@@ -1036,10 +1155,11 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
     if (dwError)
     {
         if (dwError == rpc_s_connect_rejected || dwError == rpc_s_connect_timed_out ||
-            dwError == rpc_s_cannot_connect || dwError == rpc_s_connection_closed)
+            dwError == rpc_s_cannot_connect || dwError == rpc_s_connection_closed || dwError == rpc_s_host_unreachable)
         {
             pProxySelf->proxy_state = RPC_DISCONN;
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirAppendEntriesRpc: not connected or disconnected peer %s", pPeerHostName);
+            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+              "_VmDirAppendEntriesRpc: not connected or disconnected peer %s dcerpc error %d", pPeerHostName, dwError);
             _VmDirRpcConnect(ppServer, pProxySelf);
         } else if (dwError == rpc_s_auth_method)
         {
@@ -1048,47 +1168,57 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
             _VmDirRpcConnect(ppServer, pProxySelf);
         } else if (dwError == VMDIR_ERROR_UNWILLING_TO_PERFORM)
         {
-             //Peer may be in process of starting up
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirAppendEntriesRpc: peer %s not ready to serve", pPeerHostName);
-            VmDirSleep(2000);
+            //Peer may be in process of starting up
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+              "_VmDirAppendEntriesRpc: peer %s rejected, peer term %d term %d priTerm %d error %d",
+              pPeerHostName, args.currentTerm, gRaftState.currentTerm, args.term, dwError);
+            VmDirSleep(1000);
         } else
         {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirAppendEntriesRpc: RPC call failed to peer %s error %d",
-                        pPeerHostName, dwError);
-            VmDirSleep(1000);
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+              "_VmDirAppendEntriesRpc: cmd %d peer %s commitIdx %llu leaderComit %llu startLogIdx %llu preLogIdx %llu term %d error %d",
+              cmd, pPeerHostName, gRaftState.commitIndex, args.leaderCommit, startLogIndex, args.preLogIndex, gRaftState.currentTerm, dwError);
         }
         goto cleanup;
     }
 
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-    if (gRaftState.role != VDIR_RAFT_ROLE_LEADER || gRaftState.currentTerm != args.term)
-    {
-        //Other RPC calls or events changed the server term, role or state, forfeit the current RPC call result.
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "_VmDirAppendEntriesRpc: server state changed after RPC call; server role %d term %d cmd %d; peer: (%s) term %d",
-          gRaftState.role, gRaftState.currentTerm, gRaftState.cmd, pPeerHostName, args.currentTerm);
-        goto cleanup;
-    }
 
     if (args.currentTerm > gRaftState.currentTerm)
     {
         //Remote has higher term, swtich to follower.
-        int term = 0;
+        int oldTerm = 0;
         gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
         gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec(); //Set for request vote timeout.
+        oldTerm = gRaftState.currentTerm;
         gRaftState.currentTerm = args.currentTerm;
-        term = gRaftState.currentTerm;
+
+        //wakeup the waiting thread who is holding MDB write lock, so that persisting term can go through.
+        //The waken up thread will evaluate the server's role and abort that transaction.
+        VmDirConditionSignal(gRaftAppendEntryReachConsensusCond);
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
 
-        _VmDirUpdateRaftPsState(term, FALSE, 0, NULL, 0, 0);
+        _VmDirPersistTerm(args.currentTerm);
+
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "_VmDirAppendEntriesRpc: peer (%s) term %d > current term %d, change role to follower",
+          pPeerHostName, args.currentTerm, oldTerm);
+
+        goto cleanup;
+    }
 
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirAppendEntriesRpc: peer (%s) term %d > current term, change role to follower",
-                       pPeerHostName, args.currentTerm);
+    if (gRaftState.role != VDIR_RAFT_ROLE_LEADER)
+    {
+        //Other RPC calls or events changed the server's role, forfeit the current RPC call result.
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "_VmDirAppendEntriesRpc: server role changed after RPC call; role %d term %d cmd %d; peer: (%s) term %d",
+          gRaftState.role, gRaftState.currentTerm, gRaftState.cmd, pPeerHostName, args.currentTerm);
         goto cleanup;
     }
 
     if (args.status != 0)
     {
+        unsigned long long peerLogIndexToFetch = 0;
         //Remote doesn't contain log with preLogIndex, try a lower preLogIndex
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
 
@@ -1099,7 +1229,21 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
 
         _VmDirChgLogFree(&preChgLog);
 
-        dwError = _VmDirFetchLogEntry(args.preLogIndex, &preChgLog, __LINE__);
+        //When status is not 0, it passes the peer's last log index, we can fetch logs
+        //  backward from there (plus a margin) to save time for a much lagged follower.
+        if (args.preLogIndex > (args.status + RAFT_PREVLOG_FETCH_MARGIN))
+        {
+            peerLogIndexToFetch = args.status + RAFT_PREVLOG_FETCH_MARGIN;
+            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+              "_VmDirAppendEntriesRpc big logindex gap at follwer %s: (%llu %llu), fetch backward from %llu",
+              pPeerHostName, args.preLogIndex, args.status, peerLogIndexToFetch);
+        }
+        else
+        {
+           peerLogIndexToFetch = args.preLogIndex;
+        }
+
+        dwError = _VmDirFetchLogEntry(peerLogIndexToFetch, &preChgLog, __LINE__);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         if (preChgLog.index == 0)
@@ -1166,12 +1310,9 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
         if (args.preLogIndex == startLogIndex)
         {
             /* Now the peer is now in sycn. */
-
-            /*
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+            VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
                        "_VmDirAppendEntriesRpc: peer %s in sync or closed gap with starting logIndex %llu term %d",
                        pPeerHostName, startLogIndex, gRaftState.currentTerm);
-            */
             goto cleanup;
         }
     }
@@ -1181,11 +1322,9 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
         goto cleanup;
     }
 
-    /*
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-            "_VmDirAppendEntriesRpc: need to catchup logs for peer %s StartLogIndex %llu preLogIndex %llu entries %s",
-            pPeerHostName, startLogIndex, args.preLogIndex, args.entries?"not null":"null");
-    */
+    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+      "_VmDirAppendEntriesRpc: need to catchup logs for peer %s StartLogIndex %llu preLogIndex %llu entries %s",
+      pPeerHostName, startLogIndex, args.preLogIndex, args.entries?"not null":"null");
 
     /*
      * For Ping or AppendEntries with gap exists.
@@ -1207,8 +1346,8 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
 
        dwError =  LDAP_OPERATIONS_ERROR;
        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                       "_VmDirAppendEntriesRpc: fail to close gap for peer %s StartLogIndex %llu preLogIndex %llu cmd %d",
-                      pPeerHostName, startLogIndex, args.preLogIndex, cmd);
+         "_VmDirAppendEntriesRpc: fail to close gap for peer %s StartLogIdx %llu preLogIdx %llu cmd %d",
+         pPeerHostName, startLogIndex, args.preLogIndex, cmd);
        goto error;
     }
 
@@ -1243,17 +1382,19 @@ _VmDirAppendEntriesRpc(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxy
     args.entriesSize = 0;
     _VmDirChgLogFree(&preChgLog);
     _VmDirChgLogFree(&curChgLog);
-/*
+
     if (dwError == 0)
     {
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-            "_VmDirAppendEntriesRpc: rpc call complete for peer %s; startLogIdx %llu", pPeerHostName, startLogIndex);
+        VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+          "_VmDirAppendEntriesRpc: rpc call (cmd %d) completed for peer %s; startLogIdx %llu term %d",
+          cmd, pPeerHostName, startLogIndex, gRaftState.currentTerm);
     }
-*/
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirAppendEntriesRpc: error rpc call peer %s, error %d", pPeerHostName, dwError);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+      "_VmDirAppendEntriesRpc: error rpc call (cmd %d) peer %s, startLogIdx %llu term %d error %d",
+      cmd, pPeerHostName, startLogIndex, gRaftState.currentTerm, dwError);
     goto cleanup;
 }
 
@@ -1306,7 +1447,7 @@ _VmDirStartProxies(
         dwError = VmDirRdnToNameValue(&dcContainerDNrdn, &pszName, &pHostname);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = _VmDirNewPeerProxyInLock(pHostname, RPC_IDLE);
+        dwError = _VmDirNewPeerProxyInLock(pHostname, RPC_DISCONN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         gRaftState.clusterSize++;
@@ -1333,10 +1474,11 @@ _VmDirRequestVoteGetReply(UINT32 term, char *candidateId, unsigned long long las
 {
     DWORD dwError = 0;
     UINT32 iVoteGranted = 0;
-    UINT32 iVotedForTerm = 0;
     BOOLEAN bLock = FALSE;
-    int oldterm = 0;
-    VDIR_BERVALUE bvVotedFor = {0};
+    BOOLEAN bLockRpcReply = FALSE;
+    int oldTerm = 0;
+    int newTerm = 0;
+    VDIR_BERVALUE bvVotedFor = VDIR_BERVALUE_INIT;
 
     *voteGranted = iVoteGranted = 1; //Default to denied with reason split vote or other than larger highest logIndex of mine.
 
@@ -1348,23 +1490,22 @@ _VmDirRequestVoteGetReply(UINT32 term, char *candidateId, unsigned long long las
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    VMDIR_LOCK_MUTEX(bLockRpcReply, gRaftRpcReplyMutex);
+    //Serialize appendEntriesRpc and requestVoteRpc handlers
+
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-    oldterm = gRaftState.currentTerm;
+    oldTerm = gRaftState.currentTerm;
 
     if (term < gRaftState.currentTerm || gRaftState.lastLogTerm > lastLogTerm ||
         (gRaftState.lastLogTerm == lastLogTerm && gRaftState.lastLogIndex > lastLogIndex) ||
         (gRaftState.role == VDIR_RAFT_ROLE_LEADER && term == gRaftState.currentTerm))
     {
 	//My term is larger than the requester, or my highest log/term are larger, then deny the vote.
-        *currentTerm = gRaftState.currentTerm;
         if (gRaftState.lastLogTerm > lastLogTerm ||
             (gRaftState.lastLogTerm == lastLogTerm && gRaftState.lastLogIndex > lastLogIndex))
         {
-            *voteGranted = 2;
+            *voteGranted = iVoteGranted = 2;
         }
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "_VmDirRequestVoteGetReply: candidateId %s term %d lastLogTerm %d; server term %d (old term %d) role %d, deny vote request, code %d",
-          candidateId, term, lastLogTerm, gRaftState.currentTerm, oldterm, gRaftState.role, iVoteGranted);
         goto cleanup;
     }
 
@@ -1372,10 +1513,6 @@ _VmDirRequestVoteGetReply(UINT32 term, char *candidateId, unsigned long long las
         VmDirStringCompareA(gRaftState.votedFor.lberbv_val, candidateId, FALSE) != 0)
     {
         //I have voted for (granted to) a different requester in the same term, deny the vote request.
-        *currentTerm = gRaftState.currentTerm;
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "_VmDirRequestVoteGetReply: candidateId %s term %d lastLogTerm %d; server term %d (old term %d) role %d denied due to voted different peer",
-          candidateId, term, lastLogTerm, gRaftState.currentTerm, oldterm, gRaftState.role);
         goto cleanup;
     }
 
@@ -1394,45 +1531,54 @@ _VmDirRequestVoteGetReply(UINT32 term, char *candidateId, unsigned long long las
     dwError = VmDirBervalContentDup(&gRaftState.votedFor, &bvVotedFor);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    *currentTerm = iVotedForTerm = gRaftState.votedForTerm = gRaftState.currentTerm = term;
-    *voteGranted = iVoteGranted;
-
-    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-
-    _VmDirUpdateRaftPsState(term, iVotedForTerm > 0, iVotedForTerm, &bvVotedFor, 0, 0);
-
-    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-
-    if  (gRaftState.role == VDIR_RAFT_ROLE_LEADER)
+cleanup:
+    if (term > gRaftState.currentTerm)
     {
-        //Switch to follower from leader
+        //Peer has higher term, switch to follower if not yet.
+        gRaftState.currentTerm = term;
         gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
-        gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec(); //Set for request vote timeout.
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "_VmDirRequestVoteGetReply: role changed to follower; candidate %s term %d; server role %d term %d granted",
-          candidateId, term, gRaftState.role, *currentTerm);
-    } else
+        if (iVoteGranted == 2)
+        {
+            //Force an election timeout.
+            gRaftState.lastPingRecvTime = 0;
+        } else
+        {
+            gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec(); //Set for request vote timeout.
+        }
+    }
+    if (iVoteGranted == 0)
     {
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "_VmDirRequestVoteGetReply: granted; candidateId %s term %d lastLogTerm %d; server term %d (old term %d) role %d votedForTerm %d votedFor %s",
-          candidateId, term, lastLogTerm, gRaftState.currentTerm, oldterm, gRaftState.role,
-          iVotedForTerm, VDIR_SAFE_STRING(bvVotedFor.lberbv_val));
+        gRaftState.votedForTerm = gRaftState.currentTerm;
+        *voteGranted = 0;
     }
-
-cleanup:
+    *currentTerm = newTerm = gRaftState.currentTerm;
     VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    VMDIR_UNLOCK_MUTEX(bLockRpcReply, gRaftRpcReplyMutex);
+
+    if (!dwError && newTerm > oldTerm)
+    {
+        _VmDirPersistTerm(newTerm);
+    }
+
+    if (!dwError)
+    {
+      VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+        "_VmDirRequestVoteGetReply: granted=%d candidateId %s term %d lastLogTerm %d; server term %d (old term %d) role %d votedForTerm %d votedFor %s",
+        iVoteGranted, candidateId, term, lastLogTerm, gRaftState.currentTerm, oldTerm, gRaftState.role,
+        gRaftState.votedForTerm, VDIR_SAFE_STRING(bvVotedFor.lberbv_val));
+    }
     VmDirFreeBervalContent(&bvVotedFor);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-          "_VmDirRequestVoteGetReply: error %d candidateId %s term %d lastLogTerm %d; server term %d (old term %d) role %d granted code %d error %d",
-          dwError, candidateId, term, lastLogTerm, gRaftState.currentTerm, oldterm, gRaftState.role, iVoteGranted);
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+      "_VmDirRequestVoteGetReply: candidateId %s term %d lastLogTerm %d; server term %d (old term %d) role %d error=%d",
+      candidateId, term, lastLogTerm, gRaftState.currentTerm, oldTerm, gRaftState.role, dwError);
     goto cleanup;
 }
 
 DWORD
-_VmDirAppendEntriesGetReply(
+VmDirAppendEntriesGetReply(
     UINT32 term,
     char *leader,
     unsigned long long preLogIndex,
@@ -1441,12 +1587,14 @@ _VmDirAppendEntriesGetReply(
     int entrySize,
     char *entries,
     UINT32 *currentTerm,
-    UINT32 *status
+    unsigned long long *status
     )
 {
     DWORD dwError = 0;
     BOOLEAN bLock = FALSE;
-    int oldterm = 0;
+    BOOLEAN bLockRpcReply = FALSE;
+    int oldTerm = 0;
+    int newTerm = 0;
     BOOLEAN bLogFound = FALSE;
     BOOLEAN bTermMatch = FALSE;
     VDIR_RAFT_LOG chgLog = {0};
@@ -1454,8 +1602,12 @@ _VmDirAppendEntriesGetReply(
     static time_t prevLogTime = {0};
     time_t now = {0};
     BOOLEAN bLeaderChanged = FALSE;
+    BOOLEAN bFatalError = FALSE;
+    unsigned long long priCommitIndex = 0;
+    unsigned long long lastLogIndex = 0;
 
-    *status = 1;
+    *status = 0;
+    *currentTerm = 0;
 
     if (!gRaftState.initialized || !_VmDirRaftPeerIsReady(leader))
     {
@@ -1464,13 +1616,18 @@ _VmDirAppendEntriesGetReply(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (gRaftState.leader.lberbv.bv_len == 0 ||
-        VmDirStringCompareA(gRaftState.leader.lberbv.bv_val, leader, FALSE) !=0 )
+    VMDIR_LOCK_MUTEX(bLockRpcReply, gRaftRpcReplyMutex);
+    //Serialize appendEntriesRpc, requestVoteRpc handlers and _VmDirEvaluateVoteResult
+
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+
+    if (gRaftState.leader.lberbv.bv_len == 0 ||
+        VmDirStringCompareA(gRaftState.leader.lberbv.bv_val, leader, FALSE) !=0 )
     {
         bLeaderChanged = TRUE;
     }
 
-    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    priCommitIndex = gRaftState.commitIndex;
 
     if (bLeaderChanged)
     {
@@ -1479,26 +1636,35 @@ _VmDirAppendEntriesGetReply(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    oldterm = gRaftState.currentTerm;
+    oldTerm = gRaftState.currentTerm;
 
     if (gRaftState.currentTerm > term)
     {
         //Tell remote to switch to follower
         *currentTerm = gRaftState.currentTerm;
+        *status = lastLogIndex;
         goto cleanup;
     }
 
-    //Switch to follower if not, or keep as the follower role
+    if (gRaftState.role != VDIR_RAFT_ROLE_FOLLOWER &&
+        gRaftState.currentTerm < term)
+    {
+        //I am not a follower yet and my term is smaller than peer's term,
+        //switch to follower, and let peer send a fresh appendEntries.
+        *currentTerm = newTerm = gRaftState.currentTerm = term;
+        gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+        gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec();
+        dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    //peer's term == my term, keep as a follower or switch to follower if not
     gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
-    *currentTerm = gRaftState.currentTerm = term;
     gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec();
+    *currentTerm = newTerm = gRaftState.currentTerm = term;
+    lastLogIndex = gRaftState.lastLogIndex;
     VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
 
-    if (term != oldterm)
-    {
-        _VmDirUpdateRaftPsState(term, FALSE, 0, NULL, 0, 0);
-    }
-
     if (preLogIndex == 0)
     {
         //No any log yet, considered a match
@@ -1511,13 +1677,14 @@ _VmDirAppendEntriesGetReply(
 
     if (!bLogFound || !bTermMatch)
     {
-        //Tell remote to decrement preLogIndex, and provides an older logEntry.
+        //Tell remote to decrement preLogIndexand for an older logEntry, starting from lastLogIndex.
+        *status = lastLogIndex;
         goto cleanup;
     }
 
-    //Now preLogIndex found locally and has a macthing term - delete all logs above preLogIndex+1,
+    //Now preLogIndex found locally and has a macthing term - delete all logs > preLogIndex,
     //  those logs are uncommitted, and were replicated from old leaders.
-    dwError = _VmDirDeleteAllLogs(preLogIndex+1);
+    dwError = _VmDirDeleteAllLogs(preLogIndex+1, &bFatalError);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (entrySize > 0)
@@ -1536,7 +1703,7 @@ _VmDirAppendEntriesGetReply(
         VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
         gRaftState.lastLogIndex = chgLog.index;
         gRaftState.lastLogTerm = chgLog.term;
-        gRaftState.indexToApply = gRaftState.commitIndex = VMDIR_MIN(leaderCommit, gRaftState.lastLogIndex);
+        gRaftState.indexToApply = gRaftState.commitIndex = VMDIR_MIN(leaderCommit, preLogIndex);
         gRaftState.opCounts++;
         VmDirConditionSignal(gRaftNewLogCond);
         VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
@@ -1551,37 +1718,74 @@ _VmDirAppendEntriesGetReply(
     *status = 0;
 
 cleanup:
-    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
-
     if (dwError == 0 && logCnt++ % 10 == 0)
     {
         now = time(&now);
         if ((now - prevLogTime) > 30)
         {
             prevLogTime = now;
-            //Log ping or appendEntries not more than every 10 calls or 30 seconds
+            //Log once every 30 seconds, over 10 calls
             VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-              "_VmDirAppendEntriesGetReply: entrySize %d; leader %s term %d leaderCommit %llu preLogIndex %llu preLogTerm %d; server term %d (old term %d) role %d status %d",
-              entrySize, leader, term, leaderCommit, preLogIndex, preLogTerm, *currentTerm, oldterm, gRaftState.role, *status);
+              "VmDirAppendEntriesGetReply: entSize %d leader %s term %d leaderCommit %llu preLogIdx %llu preLogTerm %d commitIdx %llu priCommitIdx %llu currentTerm %d oldTerm %d role %d status %llu",
+              entrySize, leader, term, leaderCommit, preLogIndex, preLogTerm,
+              gRaftState.commitIndex, priCommitIndex, *currentTerm, oldTerm,
+              gRaftState.role, *status);
         }
     }
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    VMDIR_UNLOCK_MUTEX(bLockRpcReply, gRaftRpcReplyMutex);
+
+    if (newTerm > oldTerm)
+    {
+        _VmDirPersistTerm(newTerm);
+    }
+
     _VmDirChgLogFree(&chgLog);
+
+    //Raft inconsistency may occur if fatal error detected.
+    assert(!bFatalError);
+
     return dwError;
 
 error:
      VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-            "_VmDirAppendEntriesGetReply: entrySize %d; error %d leader %s term %d leaderCommit %llu preLogIndex %llu preLogTerm %d; server term %d (old term %d) role %d status %d gRaftStateInitialized %s",
-            entrySize, dwError, leader, term, leaderCommit, preLogIndex, preLogTerm, *currentTerm, oldterm, gRaftState.role, *status, gRaftState.initialized?"Yes":"No");
+              "VmDirAppendEntriesGetReply: entSize %d leader %s term %d leaderCommit %llu preLogIdx %llu preLogTerm %d commitIdx %llu priCommitIdx %llu currentTerm %d oldTerm %d role %d error %d",
+              entrySize, leader, term, leaderCommit, preLogIndex, preLogTerm,
+              gRaftState.commitIndex, priCommitIndex, *currentTerm, oldTerm,
+              gRaftState.role, dwError);
     goto cleanup;
 }
 
-//Only one thread can enter VmDirRaftCommitHook - it is serialzied by the MDB write transaction mutex.
-int VmDirRaftCommitHook()
+/*  The following three callbacks are (conditionally, sequentially) invoked by MDB txn_commit to
+ *  ensure protocol safety due to a modification from the original Raft algorithm, i.e. it tries
+ *  to commit LDAP operation, log entry and the persistent state changes in the same MDB transaction at
+ *  Raft leader instead of persisting the Raft log at the leader first before obtaining consensus from peers.
+ *
+ *  This callback is invoted first by MDB txn_commit when the LDAP transaction is ready to commit after
+ *  the log entry is created. When this function returns 0 (after consensus has reached or a standalone server),
+ *  txn_commit will proceed with its commit process. Or this function may return non-zero to explicitly abort
+ *  the local transaction which is only allowed when the server is no longer a Raft leader.
+ *
+ *  MDB callback VmDirRaftPostCommit would be invoked for the same transaction when this function return 0, and
+ *  after the transaction has successfully committed (peristed) locally, which would update commitIndex/lastApplied.
+ *
+ *  In a rare case (when disk is full), the current transaction is implicitly aborted within txn_commit, and
+ *  MDB callback VmDirRaftCommitFail will be invoked (though this function returned 0) which would put
+ *  the server to Follower role to avoid the same log index/term being reused.
+ *
+ *  See the functional spec section 3.3.5.2 for detail.
+ */
+int VmDirRaftPrepareCommit(void **ppCtx)
 {
     int dwError = 0;
     BOOLEAN bLock = FALSE;
-    int retryCnt = 0;
+    unsigned int currentTerm = 0;
+    int getConsensusRetry = 0;
+    int changeToFollower = 0;
+    DWORD waitTimeout = 0;
+    PVDIR_RAFT_COMMIT_CTX pCtx = NULL;
 
+    *ppCtx = NULL;
     if (gLogEntry.index == 0)
     {
        /*
@@ -1591,38 +1795,69 @@ int VmDirRaftCommitHook()
         * 2. If the server is a candidate or follower, always allow it to commit transaction
         *    for Raft state and local log entry.
         */
-        goto cleanup;
+        goto raft_commit_done;
     }
 
+    /* Use very large timeout value for new leader replicating no-op log entry so that a far
+     * behind peer can catch up with the leader if that peer is needed for reaching consensus.
+     */
+    waitTimeout = gLogEntry.requestCode == 0?LARGE_TIMEOUT_VALUE_MS:gVmdirGlobals.dwRaftElectionTimeoutMS;
+
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-    if (gRaftState.clusterSize < 2)
+    if (_VmDirGetRaftQuorumOverride(FALSE) || gRaftState.clusterSize < 2)
     {
-        //This is a standalone server
-        goto update_volatile_state;
+        //This is a standalone server or QuorumOverride is set
+        goto raft_commit_done;
     }
 
-    if (gRaftState.role != VDIR_RAFT_ROLE_LEADER)
-    {
-        dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    retryCnt = 0;
+get_consensus_begin:
     do
     {
-        if (_VmDirPeersIdleInLock() < (gRaftState.clusterSize/2))
-        {
-             //Wait only if not enough in Ready.
-             dwError = VmDirConditionTimedWait(gPeersReadyCond, gRaftStateMutex, WAIT_PEERS_READY_MS);
-        }
-        if (dwError == ETIMEDOUT && retryCnt++ > 5)
+        dwError = 0;
+        if (gRaftState.role != VDIR_RAFT_ROLE_LEADER || VmDirdState() == VMDIRD_STATE_SHUTDOWN)
         {
+            /* VmDirRaftPrepareCommit can abort a user transaciton only when it is no longer a leader
+             * or the server is to be shutdown to ensure that the longIndex used by the aborted transaction
+             * can never be reused.
+             */
             dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
+
+        if (_VmDirPeersIdleInLock() < (gRaftState.clusterSize/2))
+        {
+            //Fewer than half of peer threads are idle
+            if (getConsensusRetry >= 2)
+            {
+                /* Cannot get half of peer threads to service in twice of election timeout.
+                 * Switch to follower to prevent reusing raft the same logindex/term
+                 */
+                gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+                dwError = LDAP_OPERATIONS_ERROR;
+                changeToFollower = 1;
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+            getConsensusRetry++;
+
+            //Wait if not enough peer threads are Ready to accept RPC request.
+            dwError = VmDirConditionTimedWait(gPeersReadyCond, gRaftStateMutex, waitTimeout);
+        }
     } while (dwError == ETIMEDOUT);
 
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (dwError)
+    {
+        gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+        dwError = LDAP_OPERATIONS_ERROR;
+        changeToFollower = 2;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (gRaftState.role != VDIR_RAFT_ROLE_LEADER || VmDirdState() == VMDIRD_STATE_SHUTDOWN)
+    {
+        //Check again since waiting gPeersReadyCond may take time.
+        dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     //Now invoke paralle RPC calls to all (available) peers
     VmDirConditionBroadcast(gRaftRequestPendingCond);
@@ -1630,42 +1865,141 @@ int VmDirRaftCommitHook()
     gRaftState.cmd = ExecAppendEntries;
     //gEntries is accessed by proxy threads.
     gEntries = &gLogEntry;
+    currentTerm = gRaftState.currentTerm;
     _VmDirClearProxyLogReplicatedInLock();
 
     //Wait for majority peers to replicate the log.
-    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "VmDirRaftCommitHook: wait gRaftAppendEntryReachConsensusCond; role %d term %d",
-                    gRaftState.role, gRaftState.currentTerm);
+    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+      "VmDirRaftPrepareCommit: wait gRaftAppendEntryReachConsensusCond; role %d term %d",
+      gRaftState.role, gRaftState.currentTerm);
 
-    VmDirConditionTimedWait(gRaftAppendEntryReachConsensusCond, gRaftStateMutex, WAIT_CONSENSUS_TIMEOUT_MS);
+    VmDirConditionTimedWait(gRaftAppendEntryReachConsensusCond, gRaftStateMutex, waitTimeout);
 
-    if (_VmDirGetAppendEntriesConsensusCountInLock() < (gRaftState.clusterSize/2 + 1))
+    if (gRaftState.role != VDIR_RAFT_ROLE_LEADER ||
+        gRaftState.currentTerm != gLogEntry.term ||
+        VmDirdState() == VMDIRD_STATE_SHUTDOWN)
     {
-        //Check ConsensusCount again since it may be waken up by shutdown;
+        //Check again since the AppendEntryRpc may change role.
+        //The leader only tries to count consensus on log with the current term
         dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-update_volatile_state:
-    //The log entry is committed,
-    gRaftState.cmd = ExecNone;
-    gRaftState.commitIndex = gRaftState.lastApplied = gRaftState.lastLogIndex = gLogEntry.index;
-    gRaftState.lastLogTerm = gRaftState.commitIndexTerm = gLogEntry.term;
+    if (_VmDirGetAppendEntriesConsensusCountInLock() < (gRaftState.clusterSize/2 + 1))
+    {
+        //Check ConsensusCount again
+        VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+          "VmDirRaftPrepareCommit: no consensus reached on log entry: logIndex %lu role %d term %d, will retry",
+          gLogEntry.index, gRaftState.role, gRaftState.currentTerm);
+
+        if (getConsensusRetry >= 2)
+        {
+            /* Cannot get consensus in twice of election timeout.
+             * Switch to follower to prevent reusing raft the same logindex/term
+             */
+            gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+            dwError = LDAP_OPERATIONS_ERROR;
+            changeToFollower = 3;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        getConsensusRetry++;
+        goto get_consensus_begin;
+    }
+
+raft_commit_done:
+    //The log entry can be committed locally,
     gRaftState.opCounts++;
+    if (gLogEntry.index > 0)
+    {
+        dwError = VmDirAllocateMemory(sizeof(VDIR_RAFT_COMMIT_CTX), (PVOID*)&pCtx);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "VmDirRaftCommitHook: succeeded; server role %d term %d lastApplied %llu",
-                    gRaftState.role, gRaftState.currentTerm, gRaftState.lastApplied);
+        pCtx->logIndex = gLogEntry.index;
+        pCtx->logTerm = gLogEntry.term;
+        pCtx->logRequestCode = gLogEntry.requestCode;
+        *ppCtx = (void *)pCtx;
+
+        //either VmDirRaftPostCommit or VmDirRaftCommitFail (but not both)
+        //  owns pCtx who will free the memory and unlock gRaftStateMutex
+        VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+          "VmDirRaftPrepareCommit: succeeded; server role %d term %d lastApplied %llu",
+          gRaftState.role, gRaftState.currentTerm, gRaftState.lastApplied);
+    } else
+    {
+        VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    }
 
 cleanup:
     _VmDirChgLogFree(&gLogEntry);
     gEntries = NULL;
-    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    if (dwError==0)
+    {
+      VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL,
+        "VmDirRaftPrepareCommit: succeeded; server role %d term %d lastApplied %llu",
+        gRaftState.role, gRaftState.currentTerm, gRaftState.lastApplied);
+    }
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirRaftCommitHook: error %d", dwError);
+    gRaftState.cmd = ExecNone;
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+      "VmDirRaftPrepareCommit: logEntry index %llu role %d term %d(%d) lastLogIndex %llu changeToFollower %d error %d",
+      gLogEntry.index, gRaftState.role, gRaftState.currentTerm, currentTerm,
+      gRaftState.lastLogIndex, changeToFollower, dwError);
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
     goto cleanup;
 }
 
+/* This is the callback invoted by MDB txn_commit when it has successfully
+ * committed (persisted) the transaction, and the callback can safely set
+ * its volatile state variablies
+ */
+VOID
+VmDirRaftPostCommit(void *ctx)
+{
+    PVDIR_RAFT_COMMIT_CTX pCtx = NULL;
+
+    if (ctx)
+    {
+        BOOLEAN bLock = TRUE;
+
+        pCtx = (PVDIR_RAFT_COMMIT_CTX)ctx;
+
+        gRaftState.commitIndex = gRaftState.lastLogIndex = pCtx->logIndex;
+        gRaftState.commitIndexTerm = gRaftState.lastLogTerm = pCtx->logTerm;
+        if (pCtx->logRequestCode != 0)
+        {
+            //not non-op
+            gRaftState.lastApplied = pCtx->logIndex;
+        }
+        gRaftState.cmd = ExecNone;
+        VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "VmDirRaftPostCommit: log (%llu %d) lastApplied %llu logOp %d",
+                        pCtx->logIndex, pCtx->logTerm, gRaftState.lastApplied, pCtx->logRequestCode);
+        VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+        VMDIR_SAFE_FREE_MEMORY(ctx);
+    }
+}
+
+/* This is the callback invoted by MDB txn_commit when it has failed to
+ * persist the transaction when trying to write WAL or MDB meta page
+ * (due to disk full/failure). It prevents the server from resuing logIndex/logTerm
+ * for new client request.
+ */
+VOID
+VmDirRaftCommitFail(void *ctx)
+{
+    if (ctx)
+    {
+        BOOLEAN bLock = TRUE;
+
+        gRaftState.role = VDIR_RAFT_ROLE_FOLLOWER;
+        gRaftState.lastPingRecvTime = VmDirGetTimeInMilliSec();
+        gRaftState.cmd = ExecNone;
+        VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+        VMDIR_SAFE_FREE_MEMORY(ctx);
+    }
+}
+
 //This create chglog for the LDAP Add right becore calling pfnBETxnCommit, At this poiont,
 //  all validations of the LDAP add have completed, and the all changes associated with
 //  the LDAP Add (including indices creation) have been applied to the MDB backends
@@ -1695,7 +2029,11 @@ DWORD VmDirAddRaftPreCommit(PVDIR_ENTRY pEntry, PVDIR_OPERATION pAddOp)
     }
 
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-    if (gRaftState.clusterSize >= 2 && gRaftState.role != VDIR_RAFT_ROLE_LEADER)
+    if (_VmDirGetRaftQuorumOverride(FALSE))
+    {
+        ;
+    }
+    else if (gRaftState.clusterSize >= 2 && gRaftState.role != VDIR_RAFT_ROLE_LEADER)
     {
         dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -1740,7 +2078,7 @@ DWORD VmDirModifyRaftPreCommit(
     DWORD dwError = 0;
     char *p = NULL;
     BOOLEAN bLock = FALSE;
-    VDIR_BERVALUE encodedMods = {0};
+    VDIR_BERVALUE encodedMods = VDIR_BERVALUE_INIT;
 
     if ((p=VmDirStringCaseStrA(dn, RAFT_CONTEXT_DN)) &&
         VmDirStringCompareA(p, RAFT_CONTEXT_DN, FALSE)==0)
@@ -1749,7 +2087,11 @@ DWORD VmDirModifyRaftPreCommit(
     }
 
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-    if (gRaftState.clusterSize >= 2 && gRaftState.role != VDIR_RAFT_ROLE_LEADER)
+    if (_VmDirGetRaftQuorumOverride(FALSE))
+    {
+        ;
+    }
+    else if (gRaftState.clusterSize >= 2 && gRaftState.role != VDIR_RAFT_ROLE_LEADER)
     {
         dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -1805,7 +2147,11 @@ DWORD VmDirDeleteRaftPreCommit(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
-    if (gRaftState.clusterSize >= 2 && gRaftState.role != VDIR_RAFT_ROLE_LEADER)
+    if (_VmDirGetRaftQuorumOverride(FALSE))
+    {
+        ;
+    }
+    else if (gRaftState.clusterSize >= 2 && gRaftState.role != VDIR_RAFT_ROLE_LEADER)
     {
         dwError = VMDIR_ERROR_UNWILLING_TO_PERFORM;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -1891,6 +2237,77 @@ VmDirAddRaftProxy(PVDIR_ENTRY pEntry)
     goto cleanup;
 }
 
+DWORD
+VmDirUpdateRaftLogChangedAttr(
+    PVDIR_OPERATION pOperation,
+    PVDIR_ENTRY     pEntry
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bInLock = FALSE;
+    UINT64  iLogIdxChgd = 0;
+    PSTR    pszLogIdxChgd = NULL;
+    VDIR_BERVALUE   bvLogIdxChgd = {0};
+
+    if (!pOperation || !pEntry)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pOperation->opType == VDIR_OPERATION_TYPE_REPL ||
+        (pEntry->eId &&
+         (pEntry->eId < NEW_ENTRY_EID_PREFIX ||
+          pEntry->eId >= LOG_ENTRY_EID_PREFIX)))
+    {
+        goto cleanup;
+    }
+
+    VMDIR_LOCK_MUTEX(bInLock, gRaftStateMutex);
+    iLogIdxChgd = gRaftState.commitIndex + 1;
+    VMDIR_UNLOCK_MUTEX(bInLock, gRaftStateMutex);
+
+    dwError = VmDirAllocateStringPrintf(&pszLogIdxChgd, "%"PRIu64, iLogIdxChgd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    switch (pOperation->reqCode)
+    {
+    case LDAP_REQ_ADD:
+
+        dwError = VmDirEntryAddSingleValueStrAttribute(
+                pEntry, ATTR_RAFT_LOG_CHANGED, pszLogIdxChgd);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        break;
+
+    case LDAP_REQ_MODIFY:
+
+        bvLogIdxChgd.lberbv.bv_val = pszLogIdxChgd;
+        bvLogIdxChgd.lberbv.bv_len = VmDirStringLenA(pszLogIdxChgd);
+
+        dwError = VmDirOperationAddModReq(
+                pOperation,
+                LDAP_MOD_REPLACE,
+                ATTR_RAFT_LOG_CHANGED,
+                &bvLogIdxChgd,
+                1);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        break;
+
+    default:
+
+        break;
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLogIdxChgd);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
 static
 DWORD
 _VmDirDeleteRaftProxy(char *dn_norm)
@@ -2001,7 +2418,7 @@ _VmDirRpcConnect(PVMDIR_SERVER_CONTEXT *ppServer, PVMDIR_PEER_PROXY pProxySelf)
                               NULL, pszDcAccountPwd, 0, NULL, &pServer);
        if (dwError == rpc_s_connect_rejected || dwError == rpc_s_connect_timed_out ||
            dwError == rpc_s_cannot_connect || dwError == rpc_s_connection_closed ||
-           dwError == rpc_s_auth_method)
+           dwError == rpc_s_auth_method || dwError == rpc_s_host_unreachable)
        {
           if (logCnt++ % 10 == 0)
           {
@@ -2094,7 +2511,7 @@ _VmDirApplyLog(unsigned long long indexToApply)
     char opStr[RAFT_CONTEXT_DN_MAX_LEN] = {0};
     BOOLEAN bLock = FALSE;
     BOOLEAN bHasTxn = FALSE;
-    int iPostCommitPluginRtn = 0;
+    unsigned long long priCommitIndex = 0;
 
     VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
     if (indexToApply <= gRaftState.lastApplied)
@@ -2105,11 +2522,30 @@ _VmDirApplyLog(unsigned long long indexToApply)
                      indexToApply, gRaftState.lastApplied);
         goto cleanup;
     }
+    priCommitIndex = gRaftState.commitIndex;
     VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
 
     dwError = _VmDirFetchLogEntry(indexToApply, &logEntry, __LINE__);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    if (logEntry.requestCode == 0)
+    {
+        //no-op
+        VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+        gRaftState.lastApplied = indexToApply;
+        if ( gRaftState.commitIndex < logEntry.index)
+        {
+             gRaftState.commitIndex = logEntry.index;
+             gRaftState.commitIndexTerm = logEntry.term;
+        }
+        VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "_VmDirApplyLog: log-no-op (%llu %u) indexToApply: %llu priCommitIdx %llu commitIndex %llu term %d",
+          logEntry.index, logEntry.term, indexToApply, priCommitIndex,
+          gRaftState.commitIndex, gRaftState.currentTerm);
+        goto cleanup;
+    }
+
     dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -2143,6 +2579,12 @@ _VmDirApplyLog(unsigned long long indexToApply)
         dwError = VmDirEntryAttrValueNormalize(&entry, FALSE /*all attributes*/);
         BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirSchemaModMutexAcquire(&ldapOp);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrorMsg, "SchemaModMutexAcquire - PreAdd");
+
+        dwError = VmDirReplSchemaEntryPreAdd(&ldapOp, &entry);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrorMsg, "VmDirReplSchemaEntryPreAdd");
+
         dwError = ldapOp.pBEIF->pfnBETxnBegin(ldapOp.pBECtx, VDIR_BACKEND_TXN_WRITE);
         BAIL_ON_VMDIR_ERROR(dwError);
         bHasTxn = TRUE;
@@ -2184,6 +2626,12 @@ _VmDirApplyLog(unsigned long long indexToApply)
         dwError = VmDirApplyModsToEntryStruct(pSchemaCtx, modReq, &entry, &bDnModified, &pszLocalErrorMsg );
         BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrorMsg, "ApplyModsToEntryStruct (%s)", pszLocalErrorMsg);
 
+        dwError = VmDirSchemaModMutexAcquire(&ldapOp);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg), "VmDirSchemaModMutexAcquire for Modify");
+
+        dwError = VmDirReplSchemaEntryPreMoidify(&ldapOp, &entry);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrorMsg, "VmDirReplSchemaEntryPreMoidify");
+
         dwError = ldapOp.pBEIF->pfnBEEntryModify(ldapOp.pBECtx, modReq->mods, &entry);
         BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrorMsg, "BEEntryModify, (%s)",
                                       VDIR_SAFE_STRING(ldapOp.pBEErrorMsg));
@@ -2243,7 +2691,6 @@ _VmDirApplyLog(unsigned long long indexToApply)
         dwError = DeleteRefAttributesValue(&ldapOp, &(entry.dn));
         BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg),
                                      "DeleteRefAttributesValue from logIndx %llu", indexToApply);
-
     } else
     {
         dwError = LDAP_OPERATIONS_ERROR;
@@ -2284,28 +2731,21 @@ _VmDirApplyLog(unsigned long long indexToApply)
         dwError = VmDirEntryUnpack(&entry);
         BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrorMsg, "VmDirEntryUnpack)");
 
-        dwError = VmDirSchemaEntryPreAdd(&ldapOp, &entry);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrorMsg, "SchemaEntryPreAdd");
-
-        iPostCommitPluginRtn = VmDirExecutePostAddCommitPlugins(&ldapOp, &entry, dwError);
-
-
-        if (iPostCommitPluginRtn != LDAP_SUCCESS && iPostCommitPluginRtn != ldapOp.ldapResult.errCode)
+        dwError = VmDirReplSchemaEntryPostAdd(&ldapOp, &entry);
+        if (dwError)
         {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: ADD, VdirExecutePostAddCommitPlugins %s - code(%d)",
-                    entry.dn.lberbv_val, iPostCommitPluginRtn);
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: VmDirReplSchemaEntryPostAdd %s - error(%d)",
+                    entry.dn.lberbv_val, dwError);
+            dwError = 0; //don't hold off applying the next raft log since the base transaction has committed.
         }
     } else if (logEntry.requestCode == LDAP_REQ_MODIFY)
     {
-        dwError = VmDirSchemaModMutexAcquire(&ldapOp);
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrorMsg, "Lock schema mod mutex");
-
-        iPostCommitPluginRtn = VmDirExecutePostModifyCommitPlugins(&ldapOp, &entry, dwError);
-
-        if ( iPostCommitPluginRtn != LDAP_SUCCESS && iPostCommitPluginRtn != ldapOp.ldapResult.errCode)
+        dwError = VmDirReplSchemaEntryPostMoidify(&ldapOp, &entry);
+        if (dwError)
         {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: MODIFY: VdirExecutePostModifyCommitPlugins %s - code(%d)",
-                      entry.dn.lberbv_val, iPostCommitPluginRtn);
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: VmDirReplSchemaEntryPostMoidify %s - error(%d)",
+                      entry.dn.lberbv_val, dwError);
+            dwError = 0; //don't hold off applying the next raft log since the base transaction has committed.
         }
     }
 
@@ -2330,7 +2770,10 @@ _VmDirApplyLog(unsigned long long indexToApply)
                                  VDIR_SAFE_STRING(entry.dn.lberbv.bv_val));
     }
 
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: succeeded %s %s %s", logEntryDn, opStr, entry.dn.lberbv.bv_val);
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+      "_VmDirApplyLog: succeeded %llu %s %s priCommitIdx %llu commitIndex %llu term %d",
+      indexToApply, opStr, VDIR_SAFE_STRING(entry.dn.lberbv.bv_val), priCommitIndex,
+      gRaftState.commitIndex, gRaftState.currentTerm);
 
 cleanup:
     if (modOp.pBECtx)
@@ -2355,7 +2798,7 @@ _VmDirApplyLog(unsigned long long indexToApply)
     {
         ldapOp.pBEIF->pfnBETxnAbort(ldapOp.pBECtx);
     }
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: %s error %d", VDIR_SAFE_STRING(pszLocalErrorMsg), dwError);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirApplyLog: dn %s error: %s errcode: %d", logEntryDn, VDIR_SAFE_STRING(pszLocalErrorMsg), dwError);
     goto cleanup;
 }
 
@@ -2401,12 +2844,22 @@ UINT64 VmDirRaftLogIndexToCommit()
 BOOLEAN
 VmDirRaftDisallowUpdates(PCSTR caller)
 {
+    BOOLEAN bDisallowUpdates = FALSE;
+    BOOLEAN bLock = FALSE;
+
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
     if (gRaftState.role == VDIR_RAFT_ROLE_LEADER && gRaftState.disallowUpdates)
     {
-        //For information only, so not in the mutex.
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirRaftDisallowUpdates: disallowed %s during leader transition.", caller);
+        bDisallowUpdates = TRUE;
     }
-    return gRaftState.disallowUpdates;
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+
+    if (bDisallowUpdates)
+    {
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "VmDirRaftDisallowUpdates: %s not a leader or during leader transition", caller);
+    }
+    return bDisallowUpdates;
 }
 
 /*
@@ -2426,7 +2879,7 @@ VmDirRaftGetLeader(PSTR *ppszLeader)
         gRaftState.role == VDIR_RAFT_ROLE_FOLLOWER &&
         gRaftState.leader.lberbv_len > 0)
     {
-       dwError = VmDirAllocateStringAVsnprintf(&pszLeader, "%s", gRaftState.leader.lberbv_val);
+       dwError = VmDirAllocateStringPrintf(&pszLeader, "%s", gRaftState.leader.lberbv_val);
        BAIL_ON_VMDIR_ERROR(dwError);
     }
     VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
@@ -2440,6 +2893,22 @@ VmDirRaftGetLeader(PSTR *ppszLeader)
     goto cleanup;
 }
 
+VOID
+VmDirRaftGetRole(VDIR_RAFT_ROLE *pRole)
+{
+    BOOLEAN bLock = FALSE;
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    if (gRaftState.clusterSize < 2)
+    {
+        *pRole = VDIR_RAFT_ROLE_LEADER;
+    }
+    else
+    {
+        *pRole = gRaftState.role;
+    }
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+}
+
 BOOLEAN
 VmDirRaftNeedReferral(PCSTR pszReqDn)
 {
@@ -2573,7 +3042,7 @@ _VmDirRaftCompactLogs(int compactLogsUpto)
     static time_t prevLogTime = {0};
     time_t now = {0};
     int i = 0;
-    char logEntryDn[RAFT_CONTEXT_DN_MAX_LEN] = {0};
+    VDIR_BERVALUE berFirstLog = VDIR_BERVALUE_INIT;
 
     DWORD dwError = 0;
     int logsRemain = (int)(gRaftState.commitIndex - gRaftState.firstLogIndex);
@@ -2587,11 +3056,7 @@ _VmDirRaftCompactLogs(int compactLogsUpto)
     for (logIdxToCompact=gRaftState.firstLogIndex, i=0;
          i<compactLogsUpto; i++,logIdxToCompact++)
     {
-        dwError = VmDirStringPrintFA(logEntryDn, sizeof(logEntryDn), "%s=%llu,%s",
-                ATTR_CN, logIdxToCompact, RAFT_LOGS_CONTAINER_DN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = _VmdirDeleteLog(logEntryDn);
+        dwError = _VmdirDeleteLog(logIdxToCompact, TRUE);
         if (dwError == 0)
         {
             gRaftState.firstLogIndex = logIdxToCompact+1;
@@ -2609,7 +3074,10 @@ _VmDirRaftCompactLogs(int compactLogsUpto)
     if (logsCompacted > 200)
     {
         //Update firstLogIndex attribute in Raft state for every 200 logs compacted
-        _VmDirUpdateRaftPsState(0, FALSE, 0, NULL, 0, gRaftState.firstLogIndex);
+        dwError = VmDirAllocateBerValueAVsnprintf(&berFirstLog, "%llu", gRaftState.firstLogIndex);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        (VOID)VmDirInternalEntryAttributeReplace(NULL, RAFT_PERSIST_STATE_DN, ATTR_RAFT_FIRST_LOGINDEX, &berFirstLog);
         logsCompactedRound += logsCompacted;
         logsCompacted = 0;
 
@@ -2625,8 +3093,417 @@ _VmDirRaftCompactLogs(int compactLogsUpto)
     }
 
 cleanup:
+    VmDirFreeBervalContent(&berFirstLog);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+/*
+ * Set ppszLeader to raft leader's server name if it exists
+ */
+DWORD
+VmDirRaftGetLeaderString(PSTR *ppszLeader)
+{
+    BOOLEAN bLock = FALSE;
+    PSTR pszLeader = NULL;
+    DWORD dwError = 0;
+
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    if (gRaftState.clusterSize < 2 && gRaftState.hostname.lberbv_len > 0)
+    {
+        //Standalone server, show self as the leader.
+        dwError = VmDirAllocateStringPrintf(&pszLeader, "%s", gRaftState.hostname.lberbv_val);
+    } else if (gRaftState.role == VDIR_RAFT_ROLE_FOLLOWER && gRaftState.leader.lberbv_len > 0 )
+    {
+        dwError = VmDirAllocateStringPrintf(&pszLeader, "%s", gRaftState.leader.lberbv_val);
+    } else if (gRaftState.role == VDIR_RAFT_ROLE_LEADER && gRaftState.hostname.lberbv_len > 0)
+    {
+        dwError = VmDirAllocateStringPrintf(&pszLeader, "%s", gRaftState.hostname.lberbv_val);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszLeader = pszLeader;
+
+cleanup:
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+/*
+ * Get raft active followers
+ */
+DWORD
+VmDirRaftGetFollowers(PDEQUE pFollowers)
+{
+    BOOLEAN bLock = FALSE;
+    DWORD dwError = 0;
+    PSTR pFollower = NULL;
+    PVMDIR_PEER_PROXY pPeerProxy = NULL;
+
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    if (gRaftState.clusterSize < 2)
+    {
+        //Standalong server, don't show self as a follower.
+        goto cleanup;
+    }
+
+    if (gRaftState.role == VDIR_RAFT_ROLE_FOLLOWER && gRaftState.hostname.lberbv_len > 0)
+    {
+        dwError = VmDirAllocateStringPrintf(&pFollower, "%s", gRaftState.hostname.lberbv_val);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = dequePush(pFollowers, pFollower);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pFollower = NULL;
+    } else if (gRaftState.role == VDIR_RAFT_ROLE_LEADER)
+    {
+        for (pPeerProxy=gRaftState.proxies; pPeerProxy != NULL; pPeerProxy = pPeerProxy->pNext)
+        {
+            if (pPeerProxy->isDeleted || pPeerProxy->proxy_state==RPC_DISCONN)
+            {
+                continue;
+            }
+            // list active followers only
+            dwError = VmDirAllocateStringPrintf(&pFollower, "%s", pPeerProxy->raftPeerHostname);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = dequePush(pFollowers, pFollower);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            pFollower = NULL;
+        }
+    }
+
+cleanup:
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
     return dwError;
 
 error:
+    VMDIR_SAFE_FREE_MEMORY(pFollower);
+    dequeFreeStringContents(pFollowers);
     goto cleanup;
 }
+
+/*
+ * Get raft volatile state on at this server
+ */
+DWORD
+VmDirRaftGetState(PDEQUE pStateQueue)
+{
+    BOOLEAN bLock = FALSE;
+    DWORD dwError = 0;
+    PSTR pNode = NULL;
+    PVMDIR_PEER_PROXY pPeerProxy = NULL;
+
+    VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+    if (gRaftState.hostname.lberbv_len == 0)
+    {
+        //Not set yet during server start or promo
+        goto cleanup;
+    }
+
+    dwError = VmDirAllocateStringPrintf(&pNode, "node: %s", gRaftState.hostname.lberbv_val);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = dequePush(pStateQueue, pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pNode = NULL;
+
+    dwError = VmDirAllocateStringPrintf(&pNode, "role: %s",
+                (gRaftState.clusterSize < 2 || gRaftState.role==VDIR_RAFT_ROLE_LEADER)?"leader":
+                (gRaftState.role==VDIR_RAFT_ROLE_FOLLOWER?"follower":"candidate"));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = dequePush(pStateQueue, pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pNode = NULL;
+
+    dwError = VmDirAllocateStringPrintf(&pNode, "lastIndex: %llu", gRaftState.lastLogIndex);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = dequePush(pStateQueue, pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pNode = NULL;
+
+    dwError = VmDirAllocateStringPrintf(&pNode, "lastAppliedIndex: %llu", gRaftState.lastApplied);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = dequePush(pStateQueue, pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pNode = NULL;
+
+    dwError = VmDirAllocateStringPrintf(&pNode, "term: %u", gRaftState.currentTerm);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = dequePush(pStateQueue, pNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pNode = NULL;
+
+    if (gRaftState.role == VDIR_RAFT_ROLE_FOLLOWER && gRaftState.leader.lberbv_len > 0)
+    {
+       dwError = VmDirAllocateStringPrintf(&pNode, "leader: %s", gRaftState.leader.lberbv_val);
+       BAIL_ON_VMDIR_ERROR(dwError);
+
+       dwError = dequePush(pStateQueue, pNode);
+       BAIL_ON_VMDIR_ERROR(dwError);
+       pNode = NULL;
+    } else if (gRaftState.role == VDIR_RAFT_ROLE_LEADER)
+    {
+        for (pPeerProxy=gRaftState.proxies; pPeerProxy != NULL; pPeerProxy = pPeerProxy->pNext)
+        {
+            if (pPeerProxy->isDeleted)
+            {
+                continue;
+            }
+            dwError = VmDirAllocateStringPrintf(&pNode, "follower: %s %s", pPeerProxy->raftPeerHostname,
+                        pPeerProxy->proxy_state==RPC_DISCONN?"disconnected":"active");
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = dequePush(pStateQueue, pNode);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            pNode = NULL;
+        }
+    }
+
+cleanup:
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pNode);
+    dequeFreeStringContents(pStateQueue);
+    goto cleanup;
+}
+
+/*
+ * Get raft cluster members
+ */
+DWORD
+VmDirRaftGetMembers(PDEQUE pMembers)
+{
+    DWORD dwError = 0;
+    VDIR_BERVALUE dcContainerDN = VDIR_BERVALUE_INIT;
+    PSTR pHostname = NULL;
+    PSTR pszName = NULL;
+    VDIR_BERVALUE dcRdn = VDIR_BERVALUE_INIT;
+    VDIR_ENTRY_ARRAY entryArray = {0};
+    int i = 0;
+
+    VmDirGetParentDN(&(gVmdirServerGlobals.dcAccountDN), &dcContainerDN);
+    if (dcContainerDN.lberbv.bv_len == 0)
+    {
+        dwError = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_VMDIR_ERROR( dwError );
+    }
+
+    dwError = VmDirSimpleEqualFilterInternalSearch(dcContainerDN.lberbv.bv_val,
+                    LDAP_SCOPE_ONE, ATTR_OBJECT_CLASS, OC_COMPUTER, &entryArray);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i = 0; i < entryArray.iSize; i++)
+    {
+        dwError = VmDirNormalizeDNWrapper(&(entryArray.pEntry[i].dn));
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirGetRdn(&entryArray.pEntry[i].dn, &dcRdn);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirRdnToNameValue(&dcRdn, &pszName, &pHostname);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        VmDirFreeBervalContent(&dcRdn);
+        VMDIR_SAFE_FREE_STRINGA(pszName);
+
+        dwError = dequePush(pMembers, pHostname);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pHostname = NULL;
+    }
+
+cleanup:
+    VmDirFreeBervalContent(&dcContainerDN);
+    VmDirFreeBervalContent(&dcRdn);
+    VMDIR_SAFE_FREE_MEMORY(pHostname);
+    VmDirFreeEntryArrayContent(&entryArray);
+    return dwError;
+
+error:
+    dequeFreeStringContents(pMembers);
+    goto cleanup;
+}
+
+DWORD
+_VmdirDeleteLog(unsigned long long logIndex, BOOLEAN bCompactLog)
+{
+    DWORD dwError = 0;
+    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+    VDIR_OPERATION ldapOp = {0};
+    DeleteReq *dr = NULL;
+    PSTR pDn = NULL;
+    BOOLEAN bLock = FALSE;
+    unsigned long long preLogIndex = 0;
+    int preLogTerm = 0;
+
+    dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInitStackOperation( &ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_DELETE, pSchemaCtx );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ldapOp.pBEIF = VmDirBackendSelect(NULL);
+    assert(ldapOp.pBEIF);
+
+    dwError = VmDirAllocateStringPrintf(&pDn, "%s=%llu,%s", ATTR_CN, logIndex, RAFT_LOGS_CONTAINER_DN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ldapOp.reqDn.lberbv.bv_val = pDn;
+    ldapOp.reqDn.lberbv.bv_len = VmDirStringLenA(pDn);
+    ldapOp.reqDn.bOwnBvVal = TRUE;
+
+    dr = &(ldapOp.request.deleteReq);
+
+    dwError = VmDirAllocateBerValueAVsnprintf(&(dr->dn), "%s", ldapOp.reqDn.lberbv.bv_val);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ldapOp.bSuppressLogInfo = TRUE;
+    dwError = VmDirInternalDeleteEntry(&ldapOp);
+    if (dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND)
+    {
+        dwError = 0;
+    }
+    BAIL_ON_VMDIR_ERROR( dwError );
+
+    if (!bCompactLog)
+    {
+        //Called from VmDirAppendEntriesGetReply, need to decrement lastLogIndex after the log is deleted
+        VMDIR_LOCK_MUTEX(bLock, gRaftStateMutex);
+        if (logIndex <= gRaftState.lastLogIndex)
+        {
+            dwError = _VmDirGetPrevLogArgs(&preLogIndex, &preLogTerm, logIndex-1, __LINE__);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            if (preLogIndex==0)
+            {
+                VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,  "_VmdirDeleteLog: no prev logIndex found for %llu", logIndex-1);
+                dwError = LDAP_OPERATIONS_ERROR;
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+            gRaftState.lastLogIndex = preLogIndex;
+            gRaftState.lastLogTerm = preLogTerm;
+        }
+        VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+          "_VmdirDeleteLog deleted log %llu prevLogIndex %llu lastLogIndex %llu lastLogterm %llu currentTerm %d lastApplied %llu commitLogIndex %llu role %d",
+          logIndex, preLogIndex, gRaftState.lastLogIndex, gRaftState.lastLogTerm, gRaftState.currentTerm, gRaftState.lastApplied,
+          gRaftState.commitIndex, gRaftState.role);
+    }
+
+cleanup:
+    VMDIR_UNLOCK_MUTEX(bLock, gRaftStateMutex);
+    VmDirFreeOperationContent(&ldapOp);
+    if (pSchemaCtx)
+    {
+        VmDirSchemaCtxRelease(pSchemaCtx);
+    }
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmdirDeleteLog: entry %s error %d", pDn,  dwError);
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirPersistTerm(
+    int term
+    )
+{
+    DWORD dwError = 0;
+    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+    CHAR pszTerm[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
+    VDIR_BERVALUE berTerm = VDIR_BERVALUE_INIT;
+    VDIR_OPERATION ldapOp = {0};
+    PSTR pszLocalErrorMsg = NULL;
+
+    dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInitStackOperation( &ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, pSchemaCtx );
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirInitStackOperation");
+
+    ldapOp.pBEIF = VmDirBackendSelect(NULL);
+    assert(ldapOp.pBEIF);
+
+    if (term > 0)
+    {
+        dwError = VmDirStringPrintFA(pszTerm , sizeof(pszTerm), "%d", term );
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        berTerm.lberbv.bv_val = pszTerm;
+        berTerm.lberbv.bv_len = VmDirStringLenA(pszTerm);
+
+        dwError = VmDirAddModSingleAttributeReplace(&ldapOp, RAFT_PERSIST_STATE_DN, ATTR_RAFT_TERM, &berTerm);
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirAddModSingleAttributeReplace term");
+    }
+
+    ldapOp.bSuppressLogInfo = TRUE;
+    dwError = VmDirInternalModifyEntry(&ldapOp);
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, (pszLocalErrorMsg), "VmDirInternalModifyEntry");
+
+cleanup:
+    VmDirFreeOperationContent(&ldapOp);
+
+    if (pSchemaCtx)
+    {
+        VmDirSchemaCtxRelease(pSchemaCtx);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
+
+    if (VmDirdState() != VMDIRD_STATE_SHUTDOWN)
+    {
+        //Raft cannot garantee protocol safety if new term cannot be persisted.
+        assert(dwError==0);
+    }
+
+    return;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirPersistTerm: %s error %d term %d currentTerm %d; server role %d",
+                    VDIR_SAFE_STRING(pszLocalErrorMsg), dwError, term, gRaftState.currentTerm, gRaftState.role);
+    goto cleanup;
+}
+/*
+ * Server restart is needed to enable VMDIR_REG_KEY_RAFT_QUORUM_OVERRIDE.
+ * Once the key is set, every transaction commit will read the key until it is reset.
+ */
+static
+DWORD
+_VmDirGetRaftQuorumOverride(BOOLEAN bForceKeyRead)
+{
+    DWORD dwQuorumOverride = 0;
+
+    if (!bForceKeyRead && !gQuorumOverride)
+    {
+        goto done;
+    }
+
+    (VOID)VmDirGetRegKeyValueDword(
+        VMDIR_CONFIG_PARAMETER_V1_KEY_PATH,
+        VMDIR_REG_KEY_RAFT_QUORUM_OVERRIDE,
+        &dwQuorumOverride, 0);
+
+    gQuorumOverride = dwQuorumOverride;
+
+    if (gQuorumOverride)
+    {
+        VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
+          "_VmDirGetRaftQuorumOverride: QuorumOverride is set - no Raft consensus attempted for transaction commit.");
+    }
+
+done:
+    return gQuorumOverride;
+}
diff --git a/lwraft/server/rest-head/Makefile.am b/lwraft/server/rest-head/Makefile.am
index b391dd035..cd0349ba5 100644
--- a/lwraft/server/rest-head/Makefile.am
+++ b/lwraft/server/rest-head/Makefile.am
@@ -2,33 +2,49 @@
 noinst_LTLIBRARIES = librest-head.la
 
 librest_head_la_SOURCES = \
-    accesstoken.c \
+    libmain.c
+
+if REST_ENABLED
+
+librest_head_la_SOURCES += \
     auth.c \
+    authtoken.c \
+    cache.c \
     decode.c \
     encode.c \
+    etcdapi.c \
     globals.c \
+    handler.c \
     httperror.c \
     ldapapi.c \
-    libmain.c \
+    ldapcontrol.c \
+    lightwave.c \
+    metricsapi.c \
+    objectapi.c \
     operation.c \
     param.c \
+	proxy.c \
     resource.c \
-    result.c
+    result.c \
+    vmafd.c
+
+endif
 
 librest_head_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@ \
-    @TRIDENT_INCLUDES@ \
     @JANSSON_INCLUDES@ \
     @COPENAPI_INCLUDES@ \
-    @SSOCOMMON_INCLUDES@ \
-    @OIDC_INCLUDES@
+    @CRESTENGINE_INCLUDES@
 
 librest_head_la_LDFLAGS = \
     -static
diff --git a/lwraft/server/rest-head/accesstoken.c b/lwraft/server/rest-head/accesstoken.c
deleted file mode 100644
index 406d2affc..000000000
--- a/lwraft/server/rest-head/accesstoken.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright © 2017 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirRESTAccessTokenInit(
-    PVDIR_REST_ACCESS_TOKEN*    ppAccessToken
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_REST_ACCESS_TOKEN pAccessToken = NULL;
-
-    if (!ppAccessToken)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VDIR_REST_ACCESS_TOKEN), (PVOID*)&pAccessToken);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppAccessToken = pAccessToken;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeRESTAccessToken(pAccessToken);
-    goto cleanup;
-}
-
-DWORD
-VmDirRESTAccessTokenParse(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken,
-    PSTR                    pszAuthData
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszTokenType = NULL;
-    PSTR    pszAccessToken = NULL;
-    PSTR    pszDomainName = NULL;
-    POIDC_SERVER_METADATA   pOidcMetadata = NULL;
-    POIDC_ACCESS_TOKEN      pOidcAccessToken = NULL;
-
-    if (!pAccessToken || IsNullOrEmptyString(pszAuthData))
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pszTokenType = VmDirStringTokA(pszAuthData, " ", &pszAccessToken);
-    if (IsNullOrEmptyString(pszTokenType) ||
-        IsNullOrEmptyString(pszAccessToken))
-    {
-        dwError = VMDIR_ERROR_AUTH_BAD_DATA;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (VmDirStringCompareA(pszTokenType, "Bearer", FALSE) == 0)
-    {
-        pAccessToken->tokenType = VDIR_REST_ACCESS_TOKEN_BEARER;
-    }
-    else
-    {
-        dwError = VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirDomainDNToName(
-            BERVAL_NORM_VAL(gVmdirServerGlobals.systemDomainDN),
-            &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = OidcServerMetadataAcquire(
-            &pOidcMetadata,
-            VMDIR_REST_OIDC_SERVER,
-            VMDIR_REST_OIDC_PORT,
-            pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = OidcAccessTokenBuild(
-            &pOidcAccessToken,
-            pszAccessToken,
-            OidcServerMetadataGetSigningCertificatePEM(pOidcMetadata),
-            NULL,
-            VMDIR_REST_DEFAULT_SCOPE,
-            VMDIR_REST_DEFAULT_CLOCK_TOLERANCE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringA(
-            OidcAccessTokenGetSubject(pOidcAccessToken),
-            &pAccessToken->pszBindUPN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-    OidcServerMetadataDelete(pOidcMetadata);
-    OidcAccessTokenDelete(pOidcAccessToken);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-    goto cleanup;
-}
-
-VOID
-VmDirFreeRESTAccessToken(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken
-    )
-{
-    if (pAccessToken)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pAccessToken->pszBindUPN);
-        VMDIR_SAFE_FREE_MEMORY(pAccessToken);
-    }
-}
diff --git a/lwraft/server/rest-head/auth.c b/lwraft/server/rest-head/auth.c
index 23ad38697..eb0fdf69b 100644
--- a/lwraft/server/rest-head/auth.c
+++ b/lwraft/server/rest-head/auth.c
@@ -20,51 +20,47 @@ VmDirRESTAuth(
     )
 {
     DWORD   dwError = 0;
-    PVDIR_OPERATION pBindOp = NULL;
 
     if (!pRestOp)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     if (IsNullOrEmptyString(pRestOp->pszAuth))
     {
-        /*
         dwError = VmDirMLSetupAnonymousAccessInfo(&pRestOp->pConn->AccessInfo);
         BAIL_ON_VMDIR_ERROR(dwError);
-        */
 
         pRestOp->pConn->bIsAnonymousBind = TRUE;
         goto cleanup;
     }
 
-    dwError = VmDirExternalOperationCreate(
-            NULL, -1, LDAP_REQ_BIND, pRestOp->pConn, &pBindOp);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRESTAuthBasic(pRestOp, pBindOp);
-    dwError = dwError ? VmDirRESTAuthToken(pRestOp, pBindOp) : 0;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirInternalBindEntry(pBindOp);
+    dwError = VmDirRESTAuthViaToken(pRestOp);
+    if (dwError && pRestOp->authMthd == VDIR_REST_AUTH_METHOD_UNDEF)
+    {
+        dwError = VmDirRESTAuthViaBasic(pRestOp);
+    }
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VMDIR_SET_REST_RESULT(pRestOp, pBindOp, dwError, NULL);
-    VmDirFreeOperation(pBindOp);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
+/*
+ * Note: In lwraft, basic auth is for lwraft accounts only
+ */
 DWORD
-VmDirRESTAuthBasic(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTAuthViaBasic(
+    PVDIR_REST_OPERATION    pRestOp
     )
 {
     DWORD   dwError = 0;
@@ -75,19 +71,24 @@ VmDirRESTAuthBasic(
     PSTR    pszDecode = NULL;
     PSTR    pszBindDN = NULL;
     PSTR    pszPasswd = NULL;
+    PVDIR_OPERATION pBindOp = NULL;
 
-    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth) || !pBindOp)
+    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth))
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
+    // unset previously set error
+    dwError = VmDirRESTResultUnsetError(pRestOp->pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     pszBasic = strstr(pRestOp->pszAuth, "Basic ");
     if (IsNullOrEmptyString(pszBasic))
     {
         dwError = VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
+    pRestOp->authMthd = VDIR_REST_AUTH_METHOD_BASIC;
 
     pszData = pszBasic + strlen("Basic ");
 
@@ -113,6 +114,10 @@ VmDirRESTAuthBasic(
     dwError = VmDirUPNToDN(pszDecode, &pszBindDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_BIND, pRestOp->pConn, &pBindOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     dwError = VmDirStringToBervalContent(pszBindDN, &pBindOp->reqDn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -121,9 +126,14 @@ VmDirRESTAuthBasic(
 
     pBindOp->request.bindReq.method = LDAP_AUTH_SIMPLE;
 
+    dwError = VmDirInternalBindEntry(pBindOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, pBindOp, dwError, NULL);
     VMDIR_SECURE_FREE_STRINGA(pszDecode);
     VMDIR_SAFE_FREE_STRINGA(pszBindDN);
+    VmDirFreeOperation(pBindOp);
     return dwError;
 
 error:
@@ -132,47 +142,150 @@ VmDirRESTAuthBasic(
 
 /*
  * Do Authentication based on received Token
+ *
+ * Note: In lwraft, token auth is for lightwave accounts only
  */
 DWORD
-VmDirRESTAuthToken(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTAuthViaToken(
+    PVDIR_REST_OPERATION    pRestOp
     )
 {
     DWORD   dwError = 0;
-    PSTR    pszBindDN = NULL;
-    PVDIR_REST_ACCESS_TOKEN pAccessToken = NULL;
+    DWORD   i = 0;
+    ULONG   ulBufLen = 0;
+    PVDIR_REST_AUTH_TOKEN   pAuthToken = NULL;
+    PACCESS_TOKEN           pAccessToken = NULL;
+    PTOKEN_USER             pUser  = NULL;
+    PTOKEN_GROUPS           pGroups = NULL;
+    PSTR                    pszUserSid = NULL;
+    PSID                    pBuiltInAdminsGroupSid = NULL;
+    PLW_MAP_SECURITY_CONTEXT    pMapSecurityContext = NULL;
+    VDIR_BERVALUE   berval = VDIR_BERVALUE_INIT;
+
+    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // unset previously set error
+    dwError = VmDirRESTResultUnsetError(pRestOp->pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTAuthTokenInit(&pAuthToken);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTAuthTokenParse(pAuthToken, pRestOp->pszAuth);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pRestOp->authMthd = VDIR_REST_AUTH_METHOD_TOKEN;
 
-    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth) || !pBindOp)
+    dwError = VmDirRESTAuthTokenValidate(pAuthToken);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pAuthToken->tokenType == VDIR_REST_AUTH_TOKEN_HOTK)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        // TODO Validate the proof of possession
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED);
     }
 
-    dwError = VmDirRESTAccessTokenInit(&pAccessToken);
+    // retrieve security information of the UPN
+    dwError = LwMapSecurityCreateContext(&pMapSecurityContext);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = LwMapSecurityCreateAccessTokenFromCStringUsername(
+            pMapSecurityContext, &pAccessToken, pAuthToken->pszBindUPN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // get user sid
+    dwError = VmDirQueryAccessTokenInformation(
+            pAccessToken, TokenUser, NULL, 0, &ulBufLen);
+    BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
+
+    dwError = VmDirAllocateMemory(ulBufLen, (PVOID*)&pUser);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTAccessTokenParse(pAccessToken, pRestOp->pszAuth);
+    dwError = VmDirQueryAccessTokenInformation(
+            pAccessToken, TokenUser, pUser, ulBufLen, &ulBufLen);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // TODO VDIR_REST_ACCESS_TOKEN_HOTK
-    if (pAccessToken->tokenType != VDIR_REST_ACCESS_TOKEN_BEARER)
+    dwError = VmDirAllocateCStringFromSid(&pszUserSid, pUser->User.Sid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // grant full access to members of admin group of joined lightwave domain
+    dwError = VmDirQueryAccessTokenInformation(
+            pAccessToken, TokenGroups, NULL, 0, &ulBufLen);
+    BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
+
+    dwError = VmDirAllocateMemory(ulBufLen, (PVOID*)&pGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirQueryAccessTokenInformation(
+            pAccessToken, TokenGroups, pGroups, ulBufLen, &ulBufLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTCacheGetBuiltInAdminsGroupSid(
+            gpVdirRestCache, &pBuiltInAdminsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i = 0; i < pGroups->GroupCount; i++)
     {
-        dwError = VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        if (RtlEqualSid(pGroups->Groups[i].Sid, pBuiltInAdminsGroupSid))
+        {
+            RtlReleaseAccessToken(&pAccessToken);
+            pAccessToken = NULL;
+
+            dwError = VmDirSrvCreateAccessTokenForAdmin(&pAccessToken);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            break;
+        }
     }
 
-    dwError = VmDirUPNToDN(pAccessToken->pszBindUPN, &pszBindDN);
+    // populate connection access info
+    pRestOp->pConn->AccessInfo.pszBindedObjectSid = pszUserSid;
+    pszUserSid = NULL;
+
+    pRestOp->pConn->AccessInfo.pAccessToken = pAccessToken;
+    pAccessToken = NULL;
+
+    // Note: copied from anonymous bind
+    // Set these flags so that the worker routines don't try to look up our
+    // info (since we don't have a real user to search against). Since we're
+    // anonymous we know we're not in any of these groups.
+    pRestOp->pConn->AccessInfo.accessRoleBitmap =
+            VDIR_ACCESS_DCGROUP_MEMBER_VALID_INFO |
+            VDIR_ACCESS_DCCLIENT_GROUP_MEMBER_VALID_INFO |
+            VDIR_ACCESS_ADMIN_MEMBER_VALID_INFO;
+
+    // build imaginary binded DN in format of "cn=<UPN>,<DOMAIN_DN>"
+    dwError = VmDirAllocateStringPrintf(
+            &berval.lberbv.bv_val,
+            "cn=%s,%s",
+            pAuthToken->pszBindUPN,
+            gVmdirServerGlobals.systemDomainDN.lberbv.bv_val);
     BAIL_ON_VMDIR_ERROR(dwError);
+    berval.bOwnBvVal = TRUE;
 
-    dwError = VmDirStringToBervalContent(pszBindDN, &pBindOp->reqDn);
+    dwError = VmDirNormalizeDNWrapper(&berval);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pBindOp->request.bindReq.method = LDAP_AUTH_NONE;
+    dwError = VmDirAllocateStringA(
+            berval.lberbv.bv_val, &pRestOp->pConn->AccessInfo.pszBindedDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(
+            berval.bvnorm_val, &pRestOp->pConn->AccessInfo.pszNormBindedDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VmDirFreeRESTAccessToken(pAccessToken);
-    VMDIR_SAFE_FREE_STRINGA(pszBindDN);
+    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
+    LwMapSecurityFreeContext(&pMapSecurityContext);
+    RtlReleaseAccessToken(&pAccessToken);
+    VmDirFreeRESTAuthToken(pAuthToken);
+    VmDirFreeBervalContent(&berval);
+    VMDIR_SAFE_FREE_MEMORY(pBuiltInAdminsGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszUserSid);
+    VMDIR_SAFE_FREE_MEMORY(pGroups);
+    VMDIR_SAFE_FREE_MEMORY(pUser);
     return dwError;
 
 error:
diff --git a/lwraft/server/rest-head/authtoken.c b/lwraft/server/rest-head/authtoken.c
new file mode 100644
index 000000000..16bc07d47
--- /dev/null
+++ b/lwraft/server/rest-head/authtoken.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirRESTAuthTokenInit(
+    PVDIR_REST_AUTH_TOKEN*  ppAuthToken
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_REST_AUTH_TOKEN   pAuthToken = NULL;
+
+    if (!ppAuthToken)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_REST_AUTH_TOKEN), (PVOID*)&pAuthToken);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppAuthToken = pAuthToken;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeRESTAuthToken(pAuthToken);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTAuthTokenParse(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken,
+    PCSTR                   pszAuthData
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszAuthDataCp = NULL;
+    PSTR    pszTokenType = NULL;
+    PSTR    pszAccessToken = NULL;
+
+    if (!pAuthToken || IsNullOrEmptyString(pszAuthData))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringA(pszAuthData, &pszAuthDataCp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszTokenType = VmDirStringTokA(pszAuthDataCp, " ", &pszAccessToken);
+    if (IsNullOrEmptyString(pszTokenType) ||
+        IsNullOrEmptyString(pszAccessToken))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_AUTH_BAD_DATA);
+    }
+
+    if (VmDirStringCompareA(pszTokenType, "Bearer", FALSE) == 0)
+    {
+        pAuthToken->tokenType = VDIR_REST_AUTH_TOKEN_BEARER;
+    }
+    else if (VmDirStringCompareA(pszTokenType, "hotk-pk", FALSE) == 0)
+    {
+        pAuthToken->tokenType = VDIR_REST_AUTH_TOKEN_HOTK;
+    }
+    else
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED);
+    }
+
+    dwError = VmDirAllocateStringA(pszAccessToken, &pAuthToken->pszAccessToken);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAuthDataCp);
+    return dwError;
+
+error:
+    // don't log error if VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED,
+    // because it will try other available auth methods
+    if (dwError != VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "%s failed, error (%d)",
+                __FUNCTION__,
+                dwError);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTAuthTokenValidate(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwOIDCError = 0;
+    BOOLEAN bCacheRefreshed = FALSE;
+    PSTR    pszOIDCSigningCertPEM = NULL;
+    POIDC_ACCESS_TOKEN  pOidcAccessToken = NULL;
+
+    if (!pAuthToken)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+retry:
+    VMDIR_SAFE_FREE_MEMORY(pszOIDCSigningCertPEM);
+    dwError = VmDirRESTCacheGetOIDCSigningCertPEM(
+            gpVdirRestCache, &pszOIDCSigningCertPEM);
+
+    // cache isn't setup - cannot support token auth
+    dwError = dwError ? VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    OidcAccessTokenDelete(pOidcAccessToken);
+    dwOIDCError = OidcAccessTokenBuild(
+            &pOidcAccessToken,
+            pAuthToken->pszAccessToken,
+            pszOIDCSigningCertPEM,
+            NULL,
+            VMDIR_REST_DEFAULT_SCOPE,
+            VMDIR_REST_DEFAULT_CLOCK_TOLERANCE);
+
+    if (dwOIDCError == SSOERROR_TOKEN_INVALID_SIGNATURE ||
+        dwOIDCError == SSOERROR_TOKEN_INVALID_AUDIENCE ||
+        dwOIDCError == SSOERROR_TOKEN_EXPIRED)
+    {
+        dwError = VMDIR_ERROR_AUTH_BAD_DATA;
+    }
+    else if (dwOIDCError)
+    {
+        dwError = VMDIR_ERROR_OIDC_UNAVAILABLE;
+    }
+
+    // no need to refresh cache if user provided a bad token
+    if (dwError && dwError != VMDIR_ERROR_AUTH_BAD_DATA && !bCacheRefreshed)
+    {
+        dwError = VmDirRESTCacheRefresh(gpVdirRestCache);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        bCacheRefreshed = TRUE;
+
+        goto retry;
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(
+            OidcAccessTokenGetSubject(pOidcAccessToken),
+            &pAuthToken->pszBindUPN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszOIDCSigningCertPEM);
+    OidcAccessTokenDelete(pOidcAccessToken);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d) OIDC error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwOIDCError);
+    goto cleanup;
+}
+
+VOID
+VmDirFreeRESTAuthToken(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken
+    )
+{
+    if (pAuthToken)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pAuthToken->pszAccessToken);
+        VMDIR_SAFE_FREE_MEMORY(pAuthToken->pszBindUPN);
+        VMDIR_SAFE_FREE_MEMORY(pAuthToken);
+    }
+}
diff --git a/lwraft/server/rest-head/cache.c b/lwraft/server/rest-head/cache.c
new file mode 100644
index 000000000..9bc523647
--- /dev/null
+++ b/lwraft/server/rest-head/cache.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirRESTCacheInit(
+    PVDIR_REST_HEAD_CACHE*  ppRestCache
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_REST_HEAD_CACHE   pRestCache = NULL;
+
+    if (!ppRestCache)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_REST_HEAD_CACHE), (PVOID*)&pRestCache);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateRWLock(&pRestCache->pRWLock);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTCacheRefresh(pRestCache);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppRestCache = pRestCache;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeRESTCache(pRestCache);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTCacheRefresh(
+    PVDIR_REST_HEAD_CACHE   pRestCache
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwAFDError = 0;
+    BOOLEAN bInLock = FALSE;
+    PSTR    pszDCName = NULL;
+    PSTR    pszDomainName = NULL;
+    PSTR    pszOIDCSigningCertPEM = NULL;
+    PSID    pBuiltInAdminsGroupSid = NULL;
+
+    if (!pRestCache)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwAFDError = gpVdirVmAfdApi->pfnGetDCName(NULL, &pszDCName);
+    dwError = dwAFDError ? VMDIR_ERROR_AFD_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwAFDError = gpVdirVmAfdApi->pfnGetDomainName(NULL, &pszDomainName);
+    dwError = dwAFDError ? VMDIR_ERROR_AFD_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // OIDC signing certificate PEM
+    dwError = VmDirRESTGetLightwaveOIDCSigningCertPEM(
+            pszDCName, pszDomainName, &pszOIDCSigningCertPEM);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // built-in administrators group sid
+    dwError = VmDirRESTGetLightwaveBuiltInAdminsGroupSid(
+            pszDCName, pszDomainName, &pBuiltInAdminsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VMDIR_RWLOCK_WRITELOCK(bInLock, pRestCache->pRWLock, 0);
+
+    VMDIR_SAFE_FREE_MEMORY(pRestCache->pszOIDCSigningCertPEM);
+    pRestCache->pszOIDCSigningCertPEM = pszOIDCSigningCertPEM;
+
+    VMDIR_SAFE_FREE_MEMORY(pRestCache->pBuiltInAdminsGroupSid);
+    pRestCache->pBuiltInAdminsGroupSid = pBuiltInAdminsGroupSid;
+
+cleanup:
+    VMDIR_RWLOCK_UNLOCK(bInLock, pRestCache->pRWLock);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
+    VMDIR_SAFE_FREE_MEMORY(pszDCName);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d) AFD error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwAFDError);
+
+    VMDIR_SAFE_FREE_MEMORY(pBuiltInAdminsGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszOIDCSigningCertPEM);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTCacheGetOIDCSigningCertPEM(
+    PVDIR_REST_HEAD_CACHE   pRestCache,
+    PSTR*                   ppszOIDCSigningCertPEM
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bInLock = FALSE;
+    PSTR    pszOIDCSigningCertPEM = NULL;
+
+    if (!pRestCache || !ppszOIDCSigningCertPEM)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_RWLOCK_READLOCK(bInLock, gpVdirRestCache->pRWLock, 0);
+
+    if (IsNullOrEmptyString(pRestCache->pszOIDCSigningCertPEM))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+    }
+
+    dwError = VmDirAllocateStringA(
+            pRestCache->pszOIDCSigningCertPEM, &pszOIDCSigningCertPEM);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszOIDCSigningCertPEM = pszOIDCSigningCertPEM;
+
+cleanup:
+    VMDIR_RWLOCK_UNLOCK(bInLock, gpVdirRestCache->pRWLock);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszOIDCSigningCertPEM);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTCacheGetBuiltInAdminsGroupSid(
+    PVDIR_REST_HEAD_CACHE   pRestCache,
+    PSID*                   ppBuiltInAdminsGroupSid
+    )
+{
+    DWORD   dwError = 0;
+    ULONG   ulSidLen = 0;
+    BOOLEAN bInLock = FALSE;
+    PSID    pSid = NULL;
+
+    if (!pRestCache || !ppBuiltInAdminsGroupSid)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_RWLOCK_READLOCK(bInLock, gpVdirRestCache->pRWLock, 0);
+
+    if (!RtlValidSid(pRestCache->pBuiltInAdminsGroupSid))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+    }
+
+    ulSidLen = RtlLengthSid(pRestCache->pBuiltInAdminsGroupSid);
+
+    dwError = VmDirAllocateMemory(ulSidLen, (PVOID*)&pSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = RtlCopySid(ulSidLen, pSid, pRestCache->pBuiltInAdminsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppBuiltInAdminsGroupSid = pSid;
+
+cleanup:
+    VMDIR_RWLOCK_UNLOCK(bInLock, gpVdirRestCache->pRWLock);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pSid);
+    goto cleanup;
+}
+
+VOID
+VmDirFreeRESTCache(
+    PVDIR_REST_HEAD_CACHE   pRestCache
+    )
+{
+    BOOLEAN bInLock = FALSE;
+
+    if (pRestCache)
+    {
+        VMDIR_RWLOCK_WRITELOCK(bInLock, pRestCache->pRWLock, 0);
+
+        VMDIR_SAFE_FREE_MEMORY(pRestCache->pBuiltInAdminsGroupSid);
+        VMDIR_SAFE_FREE_MEMORY(pRestCache->pszOIDCSigningCertPEM);
+
+        VMDIR_RWLOCK_UNLOCK(bInLock, pRestCache->pRWLock);
+
+        VMDIR_SAFE_FREE_RWLOCK(pRestCache->pRWLock);
+        VMDIR_SAFE_FREE_MEMORY(pRestCache);
+    }
+}
diff --git a/lwraft/server/rest-head/decode.c b/lwraft/server/rest-head/decode.c
index fc4efd983..310ff2145 100644
--- a/lwraft/server/rest-head/decode.c
+++ b/lwraft/server/rest-head/decode.c
@@ -14,6 +14,150 @@
 
 #include "includes.h"
 
+DWORD
+VmDirRESTDecodeAttributeNoAlloc(
+    json_t*         pjInput,
+    PVDIR_ATTRIBUTE pAttr
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    json_t* pjAttr = NULL;
+    json_t* pjType = NULL;
+    json_t* pjVals = NULL;
+    json_t* pjVal = NULL;
+    PCSTR   pszType = NULL;
+    PCSTR   pszVal = NULL;
+    PSTR    pszDecoded = NULL;
+    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
+    size_t  valLen = 0;
+    int     len = 0;
+
+    if (!pAttr)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjAttr = pjInput;
+    if (!pjAttr || !json_is_object(pjAttr))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjType = json_object_get(pjAttr, "type");
+    if (!pjType || !json_is_string(pjType))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    pszType = json_string_value(pjType);
+
+    dwError = VmDirStringToBervalContent(pszType, &pAttr->type);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaAttrNameToDescriptor(
+            pSchemaCtx, pszType, &pAttr->pATDesc);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pjVals = json_object_get(pjAttr, "value");
+    if (!pjVals || !json_is_array(pjVals))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    pAttr->numVals = (DWORD)json_array_size(pjVals);
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_BERVALUE) * (pAttr->numVals + 1),
+            (PVOID*)&pAttr->vals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i = 0; i < pAttr->numVals; i++)
+    {
+        pjVal = json_array_get(pjVals, i);
+        if (!pjVal || !json_is_string(pjVal))
+        {
+            dwError = VMDIR_ERROR_INVALID_REQUEST;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        pszVal = json_string_value(pjVal);
+
+        // check if value needs to be decoded
+        if (VmDirSchemaAttrIsOctetString(pAttr->pATDesc))
+        {
+            VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+
+            valLen = VmDirStringLenA(pszVal);
+            dwError = VmDirAllocateMemory(valLen + 1, (PVOID*)&pszDecoded);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = sasl_decode64(pszVal, valLen, pszDecoded, valLen, &len);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else
+        {
+            dwError = VmDirStringToBervalContent(pszVal, &pAttr->vals[i]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+    VmDirSchemaCtxRelease(pSchemaCtx);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTDecodeAttribute(
+    json_t*             pjInput,
+    PVDIR_ATTRIBUTE*    ppAttr
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_ATTRIBUTE pAttr = NULL;
+
+    if (!ppAttr)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VDIR_ATTRIBUTE), (PVOID*)&pAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTDecodeAttributeNoAlloc(pjInput, pAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppAttr = pAttr;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeAttribute(pAttr);
+    goto cleanup;
+}
+
 DWORD
 VmDirRESTDecodeEntry(
     json_t*         pjInput,
@@ -21,17 +165,12 @@ VmDirRESTDecodeEntry(
     )
 {
     DWORD   dwError = 0;
-    DWORD   i = 0, j = 0;
+    DWORD   i = 0;
     json_t* pjEntry = NULL;
     json_t* pjDN = NULL;
     json_t* pjAttrs = NULL;
     json_t* pjAttr = NULL;
-    json_t* pjType = NULL;
-    json_t* pjVals = NULL;
-    json_t* pjVal = NULL;
     PCSTR   pszDN = NULL;
-    PCSTR   pszType = NULL;
-    PCSTR   pszVal = NULL;
     PVDIR_ENTRY     pEntry = NULL;
     PVDIR_ATTRIBUTE pAttr = NULL;
 
@@ -73,54 +212,10 @@ VmDirRESTDecodeEntry(
 
     for (i = 0; i < json_array_size(pjAttrs); i++)
     {
-        dwError = VmDirAllocateMemory(sizeof(VDIR_ATTRIBUTE), (PVOID*)&pAttr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
         pjAttr = json_array_get(pjAttrs, i);
-        if (!pjAttr || !json_is_object(pjAttr))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        pjType = json_object_get(pjAttr, "type");
-        if (!pjType || !json_is_string(pjType))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        pszType = json_string_value(pjType);
-
-        dwError = VmDirStringToBervalContent(pszType, &pAttr->type);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pjVals = json_object_get(pjAttr, "value");
-        if (!pjVals || !json_is_array(pjVals))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        pAttr->numVals = (DWORD)json_array_size(pjVals);
-
-        dwError = VmDirAllocateMemory(
-                sizeof(VDIR_BERVALUE) * (pAttr->numVals + 1),
-                (PVOID*)&pAttr->vals);
+        dwError = VmDirRESTDecodeAttribute(pjAttr, &pAttr);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        for (j = 0; j < pAttr->numVals; j++)
-        {
-            pjVal = json_array_get(pjVals, j);
-            if (!pjVal || !json_is_string(pjVal))
-            {
-                dwError = VMDIR_ERROR_INVALID_REQUEST;
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-            pszVal = json_string_value(pjVal);
-
-            dwError = VmDirStringToBervalContent(pszVal, &pAttr->vals[j]);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
         pAttr->next = pEntry->attrs;
         pEntry->attrs = pAttr;
         pAttr = NULL;
@@ -132,8 +227,11 @@ VmDirRESTDecodeEntry(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeAttribute(pAttr);
     VmDirFreeEntry(pEntry);
@@ -141,7 +239,7 @@ VmDirRESTDecodeEntry(
 }
 
 DWORD
-VmDirRESTDecodeMods(
+VmDirRESTDecodeEntryMods(
     json_t*             pjInput,
     PVDIR_MODIFICATION* ppMods,
     DWORD*              pdwNumMods
@@ -149,17 +247,12 @@ VmDirRESTDecodeMods(
 {
     DWORD   dwError = 0;
     DWORD   dwNumMods = 0;
-    DWORD   i = 0, j = 0;
+    DWORD   i = 0;
     json_t* pjMods = NULL;
     json_t* pjMod = NULL;
     json_t* pjOp = NULL;
     json_t* pjAttr = NULL;
-    json_t* pjType = NULL;
-    json_t* pjVals = NULL;
-    json_t* pjVal = NULL;
     PCSTR   pszOp = NULL;
-    PCSTR   pszType = NULL;
-    PCSTR   pszVal = NULL;
     PVDIR_MODIFICATION  pMod = NULL;
     PVDIR_MODIFICATION  pMods = NULL;
 
@@ -222,60 +315,483 @@ VmDirRESTDecodeMods(
             BAIL_ON_VMDIR_ERROR(dwError);
         }
 
-        pjType = json_object_get(pjAttr, "type");
-        if (!pjType || !json_is_string(pjType))
+        dwError = VmDirRESTDecodeAttributeNoAlloc(pjAttr, &pMod->attr);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pMod->next = pMods;
+        pMods = pMod;
+        pMod = NULL;
+    }
+
+    *ppMods = pMods;
+    *pdwNumMods = dwNumMods;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirModificationFree(pMod);
+    for (pMod = pMods; pMod; )
+    {
+        PVDIR_MODIFICATION pNext = pMod->next;
+        VmDirModificationFree(pMod);
+        pMod = pNext;
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTDecodeObjectPathToDN(
+    PCSTR   pszObjPath,
+    PCSTR   pszTenant,
+    PSTR*   ppszDN
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0, j = 0;
+    size_t  RDNLen = 0;
+    size_t  localDNLen = 0;
+    PCSTR   pszRDN = NULL;
+    PSTR    pszLocalDN = NULL;
+    PSTR    pszTenantDN = NULL;
+    PSTR    pszDN = NULL;
+    PVMDIR_STRING_LIST  pRDNList = NULL;
+
+    if (!ppszDN ||
+        (IsNullOrEmptyString(pszObjPath) &&
+         IsNullOrEmptyString(pszTenant)))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!IsNullOrEmptyString(pszTenant))
+    {
+        dwError = VmDirDomainNameToDN(pszTenant, &pszTenantDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!IsNullOrEmptyString(pszObjPath))
+    {
+        dwError = VmDirStringToTokenList(
+                pszObjPath, VMDIR_URL_PATH_DELIMITER_STR, &pRDNList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        localDNLen = VmDirStringLenA(pszObjPath) + (pRDNList->dwCount * 3) + 2;
+
+        dwError = VmDirAllocateMemory(localDNLen, (PVOID*)&pszLocalDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (i = pRDNList->dwCount; i > 0; i--)
         {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
+            pszRDN = pRDNList->pStringList[i-1];
+            RDNLen = VmDirStringLenA(pszRDN);
+
+            dwError = VmDirCopyMemory(pszLocalDN+j, localDNLen-j, "cn=", 3);
             BAIL_ON_VMDIR_ERROR(dwError);
+            j += 3;
+
+            dwError = VmDirCopyMemory(pszLocalDN+j, localDNLen-j, pszRDN, RDNLen);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            j += RDNLen;
+
+            pszLocalDN[j++] = ',';
         }
-        pszType = json_string_value(pjType);
 
-        dwError = VmDirStringToBervalContent(pszType, &pMod->attr.type);
+        pszLocalDN[--j] = IsNullOrEmptyString(pszTenantDN) ? '\0' : ',';
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "%s%s",
+            VDIR_SAFE_STRING(pszLocalDN),
+            VDIR_SAFE_STRING(pszTenantDN));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszDN = pszDN;
+
+cleanup:
+    VmDirStringListFree(pRDNList);
+    VMDIR_SAFE_FREE_MEMORY(pszLocalDN);
+    VMDIR_SAFE_FREE_MEMORY(pszTenantDN);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTDecodeObjectFilter(
+    PVDIR_FILTER    pFilter,
+    PCSTR           pszTenant
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0, j = 0;
+    PSTR    pszFilType = NULL;
+    PSTR    pszFilVal = NULL;
+    PSTR    pszDecoded = NULL;
+    PVDIR_FILTER    f = NULL;
+    VDIR_BERVALUE   bvTmp = {0};
+
+    if (IsNullOrEmptyString(pszTenant))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!pFilter)
+    {
+        goto cleanup;
+    }
+
+    switch (pFilter->choice)
+    {
+    case LDAP_FILTER_AND:
+    case LDAP_FILTER_OR:
 
-        pjVals = json_object_get(pjAttr, "value");
-        if (!pjVals || !json_is_array(pjVals))
+        for (f = pFilter->filtComp.complex; f; f = f->next )
         {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
+            dwError = VmDirRESTDecodeObjectFilter(f, pszTenant);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
-        pMod->attr.numVals = (DWORD)json_array_size(pjVals);
+        break;
+
+    case LDAP_FILTER_NOT:
 
-        dwError = VmDirAllocateMemory(
-                sizeof(VDIR_BERVALUE) * (pMod->attr.numVals + 1),
-                (PVOID*)&pMod->attr.vals);
+        dwError = VmDirRESTDecodeObjectFilter(
+                pFilter->filtComp.complex, pszTenant);
         BAIL_ON_VMDIR_ERROR(dwError);
+        break;
 
-        for (j = 0; j < pMod->attr.numVals; j++)
+    case LDAP_FILTER_EQUALITY:
+    case LDAP_FILTER_GE:
+    case LDAP_FILTER_LE:
+
+        pszFilType = pFilter->filtComp.ava.type.lberbv.bv_val;
+        pszFilVal = pFilter->filtComp.ava.value.lberbv.bv_val;
+
+        if (VmDirSchemaAttrIsDN(pFilter->filtComp.ava.pATDesc))
+        {
+            dwError = VmDirRESTDecodeObjectPathToDN(
+                    pszFilVal, pszTenant, &pszDecoded);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirStringToBervalContent(
+                    pszDecoded, &pFilter->filtComp.ava.value);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        break;
+
+    case LDAP_FILTER_SUBSTRINGS:
+
+        pszFilType = pFilter->filtComp.subStrings.type.lberbv.bv_val;
+
+        /*
+         * TODO Only final works currently, fix initial and any
+         */
+        if (VmDirSchemaAttrIsDN(pFilter->filtComp.subStrings.pATDesc))
         {
-            pjVal = json_array_get(pjVals, j);
-            if (!pjVal || !json_is_string(pjVal))
+            // switch initial and final
+            dwError = VmDirBervalContentDup(
+                    &pFilter->filtComp.subStrings.initial, &bvTmp);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirBervalContentDup(
+                    &pFilter->filtComp.subStrings.final,
+                    &pFilter->filtComp.subStrings.initial);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirBervalContentDup(
+                    &bvTmp, &pFilter->filtComp.subStrings.final);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            // reverse any array
+            for (i = 0; i < pFilter->filtComp.subStrings.anySize / 2; i++)
             {
-                dwError = VMDIR_ERROR_INVALID_REQUEST;
+                j = pFilter->filtComp.subStrings.anySize - i - 1;
+
+                dwError = VmDirBervalContentDup(
+                        &pFilter->filtComp.subStrings.any[i], &bvTmp);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirBervalContentDup(
+                        &pFilter->filtComp.subStrings.any[j],
+                        &pFilter->filtComp.subStrings.any[i]);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirBervalContentDup(
+                        &bvTmp, &pFilter->filtComp.subStrings.any[j]);
                 BAIL_ON_VMDIR_ERROR(dwError);
             }
-            pszVal = json_string_value(pjVal);
 
-            dwError = VmDirStringToBervalContent(pszVal, &pMod->attr.vals[j]);
-            BAIL_ON_VMDIR_ERROR(dwError);
+            // decode initial
+            if (pFilter->filtComp.subStrings.initial.lberbv.bv_len)
+            {
+                pszFilVal = pFilter->filtComp.subStrings.initial.lberbv.bv_val;
+
+                dwError = VmDirRESTDecodeObjectPathToDN(
+                        pszFilVal, NULL, &pszDecoded);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirStringToBervalContent(
+                        pszDecoded, &pFilter->filtComp.subStrings.initial);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+
+            // decode final
+            if (pFilter->filtComp.subStrings.final.lberbv.bv_len)
+            {
+                pszFilVal = pFilter->filtComp.subStrings.final.lberbv.bv_val;
+
+                VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+                dwError = VmDirRESTDecodeObjectPathToDN(
+                        pszFilVal, pszTenant, &pszDecoded);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirStringToBervalContent(
+                        pszDecoded, &pFilter->filtComp.subStrings.final);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+
+            // decode any array
+            for (i = 0; i < pFilter->filtComp.subStrings.anySize; i++)
+            {
+                pszFilVal = pFilter->filtComp.subStrings.any[i].lberbv.bv_val;
+
+                VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+                dwError = VmDirRESTDecodeObjectPathToDN(
+                        pszFilVal, NULL, &pszDecoded);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirStringToBervalContent(
+                        pszDecoded, &pFilter->filtComp.subStrings.any[i]);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
         }
+        break;
 
-        pMod->next = pMods;
-        pMods = pMod;
-        pMod = NULL;
+    default:
+        break;
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+    VmDirFreeBervalContent(&bvTmp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTDecodeObject(
+    json_t*         pjInput,
+    PCSTR           pszObjPath,
+    PCSTR           pszTenant,
+    PVDIR_ENTRY*    ppObj
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0, j = 0;
+    json_t* pjObj = NULL;
+    json_t* pjAttrs = NULL;
+    json_t* pjAttr = NULL;
+    PSTR    pszDN = NULL;
+    PSTR    pszCN = NULL;
+    BOOLEAN bAddDefaultCN = TRUE;
+    PVDIR_ENTRY     pObj = NULL;
+    PVDIR_ATTRIBUTE pAttr = NULL;
+
+    if (IsNullOrEmptyString(pszObjPath) || IsNullOrEmptyString(pszTenant) || !ppObj)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjObj = pjInput;
+    if (!pjObj || !json_is_object(pjObj))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VDIR_ENTRY), (PVOID*)&pObj);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pObj->allocType = ENTRY_STORAGE_FORMAT_NORMAL;
+
+    dwError = VmDirRESTDecodeObjectPathToDN(pszObjPath, pszTenant, &pszDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirDnLastRDNToCn(pszDN, &pszCN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszDN, &pObj->dn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pjAttrs = json_object_get(pjObj, "attributes");
+    if (!pjAttrs || !json_is_array(pjAttrs))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    for (i = 0; i < json_array_size(pjAttrs); i++)
+    {
+        pjAttr = json_array_get(pjAttrs, i);
+        dwError = VmDirRESTDecodeAttribute(pjAttr, &pAttr);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // decode if attr syntax is DN
+        if (VmDirSchemaAttrIsDN(pAttr->pATDesc))
+        {
+            for (j = 0; j < pAttr->numVals; j++)
+            {
+                VMDIR_SAFE_FREE_MEMORY(pszDN);
+
+                dwError = VmDirRESTDecodeObjectPathToDN(
+                        pAttr->vals[j].lberbv.bv_val, pszTenant, &pszDN);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirStringToBervalContent(pszDN, &pAttr->vals[j]);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+        // check if explicit CN list contains objectpath-derived CN
+        else if (VmDirStringCompareA(
+                pAttr->type.lberbv.bv_val, ATTR_CN, FALSE) == 0)
+        {
+            for (j = 0; j < pAttr->numVals; j++)
+            {
+                if (VmDirStringCompareA(
+                        pAttr->vals[j].lberbv.bv_val, pszCN, FALSE) == 0)
+                {
+                    bAddDefaultCN = FALSE;
+                    break;
+                }
+            }
+        }
+
+        pAttr->next = pObj->attrs;
+        pObj->attrs = pAttr;
+        pAttr = NULL;
+    }
+
+    if (bAddDefaultCN)
+    {
+        dwError = VmDirSchemaCtxAcquire(&pObj->pSchemaCtx);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirEntryAddSingleValueStrAttribute(pObj, ATTR_CN, pszCN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppObj = pObj;
+
+cleanup:
+    if (pObj)
+    {
+        VmDirSchemaCtxRelease(pObj->pSchemaCtx);
+        pObj->pSchemaCtx = NULL;
+    }
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
+    VMDIR_SAFE_FREE_MEMORY(pszCN);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeAttribute(pAttr);
+    VmDirFreeEntry(pObj);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTDecodeObjectMods(
+    json_t*             pjInput,
+    PCSTR               pszTenant,
+    PVDIR_MODIFICATION* ppMods,
+    DWORD*              pdwNumMods
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwNumMods = 0;
+    DWORD   i = 0;
+    PSTR    pszDN = NULL;
+    PVDIR_MODIFICATION  pMods = NULL;
+    PVDIR_MODIFICATION  pMod = NULL;
+
+    if (IsNullOrEmptyString(pszTenant) || !ppMods || !pdwNumMods)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirRESTDecodeEntryMods(pjInput, &pMods, &dwNumMods);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (pMod = pMods; pMod; )
+    {
+        PVDIR_MODIFICATION pNext = pMod->next;
+        PVDIR_ATTRIBUTE pAttr = &pMod->attr;
+
+        // decode if attr syntax is DN
+        if (VmDirSchemaAttrIsDN(pAttr->pATDesc))
+        {
+            for (i = 0; i < pAttr->numVals; i++)
+            {
+                VMDIR_SAFE_FREE_MEMORY(pszDN);
+
+                dwError = VmDirRESTDecodeObjectPathToDN(
+                        pAttr->vals[i].lberbv.bv_val, pszTenant, &pszDN);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirStringToBervalContent(pszDN, &pAttr->vals[i]);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+
+        pMod = pNext;
     }
 
     *ppMods = pMods;
     *pdwNumMods = dwNumMods;
 
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    VmDirModificationFree(pMod);
     for (pMod = pMods; pMod; )
     {
         PVDIR_MODIFICATION pNext = pMod->next;
diff --git a/lwraft/server/rest-head/defines.h b/lwraft/server/rest-head/defines.h
index 9d0d7c451..82ef27c41 100644
--- a/lwraft/server/rest-head/defines.h
+++ b/lwraft/server/rest-head/defines.h
@@ -12,24 +12,36 @@
  * under the License.
  */
 
-// REST ENGINE CONFIG VALUES
-// TRIDENT
-#define VMDIR_REST_SSLCERT          LWRAFT_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "vmdircert.pem"
-#define VMDIR_REST_SSLKEY           LWRAFT_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "vmdirkey.pem"
-#define REST_API_SPEC               LWRAFT_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "lwraft-rest.json"
-#define VMDIR_REST_DEBUGLOGFILE     "/tmp/lwraft-rest.log"
-//#define VMDIR_REST_DEBUGLOGFILE     VMDIR_LOG_DIR    VMDIR_PATH_SEPARATOR_STR "lwraft-rest.log"    TODO use this when lightwave-first is complete
-#define VMDIR_REST_CLIENTCNT        "5"
-#define VMDIR_REST_WORKERTHCNT      "5"
+// C REST ENGINE CONFIG VALUES
+#define REST_API_SPEC               LWRAFT_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "post-rest.json"
+#define VMDIR_HTTP_DEBUGLOGFILE     "/var/log/lightwave/post-rest-HTTP.log"
+#define VMDIR_HTTPS_DEBUGLOGFILE    "/var/log/lightwave/post-rest-HTTPS.log"
+//TODO-update LWRAFT_LOG_DIR to correct path, is still pointing to /var/log/lightwave/post
+//#define VMDIR_HTTP_DEBUGLOGFILE      LWRAFT_LOG_DIR VMDIR_PATH_SEPARATOR_STR "post-rest-HTTP.log"
+//#define VMDIR_HTTPS_DEBUGLOGFILE     LWRAFT_LOG_DIR VMDIR_PATH_SEPARATOR_STR "post-rest-HTTPS.log"
+
+#define VMDIR_REST_CLIENTCNT        "64"
+#define VMDIR_REST_WORKERTHCNT      "64"
 
 #define MAX_REST_PAYLOAD_LENGTH     4096
 
-// OIDC
-#define VMDIR_REST_OIDC_SERVER              "localhost"
+#define VMDIR_V1_LDAP_RESOURCE      "/v1/post/ldap"
+#define VMDIR_V1_OBJ_RESOURCE       "/v1/post/object"
+#define VMDIR_V1_OBJ_RESOURCE_ALL   "/v1/post/object/*"
+
+// Lightwave
+#define VMDIR_REST_LIGHTWAVE_LDAP_PORT      389
+
+// Lightwave OIDC
 #define VMDIR_REST_OIDC_PORT                443
-#define VMDIR_REST_DEFAULT_SCOPE            "rs_lwraft"
+#define VMDIR_REST_DEFAULT_SCOPE            "rs_post"
 #define VMDIR_REST_DEFAULT_CLOCK_TOLERANCE  60.0
 
+// HTTP headers
+#define VMDIR_REST_HEADER_AUTHENTICATION    "Authorization"
+#define VMDIR_REST_HEADER_IF_MATCH          "If-Match"
+#define VMDIR_REST_HEADER_CONTENT_TYPE      "Content-Type"
+
 // HTTP STATUS CODES
 // 1xx Informational
 #define HTTP_CONTINUE                           100
@@ -100,7 +112,6 @@
 #define HTTP_NETWORK_AUTHENTICATION_REQUIRED    511
 #define HTTP_NETWORK_CONNECT_TIMEOUT_ERROR      599
 
-
 #define VMDIR_SET_REST_RESULT(pRestOp, pMLOp, dwError, pszErrMsg)       \
     do                                                                  \
     {                                                                   \
@@ -115,7 +126,7 @@
         {                                                               \
             pResource = ((PVDIR_REST_OPERATION)pRestOp)->pResource;     \
             pRestRslt = ((PVDIR_REST_OPERATION)pRestOp)->pResult;       \
-            (pResource)->pfnSetResult(                                   \
+            (pResource)->pfnSetResult(                                  \
                     pRestRslt, pLdapRslt, dwError, pszErrMsg);          \
         }                                                               \
     } while (0)
diff --git a/lwraft/server/rest-head/encode.c b/lwraft/server/rest-head/encode.c
index 6e9813a7e..4d5cbe2fe 100644
--- a/lwraft/server/rest-head/encode.c
+++ b/lwraft/server/rest-head/encode.c
@@ -24,7 +24,7 @@ VmDirRESTEncodeAttribute(
     DWORD   i = 0;
     json_t* pjVals = NULL;
     json_t* pjAttr = NULL;
-    PSTR    pszEncodedVal = NULL;
+    PSTR    pszEncoded = NULL;
     int     len = 0;
 
     if (!pAttr || !ppjOutput)
@@ -45,23 +45,23 @@ VmDirRESTEncodeAttribute(
         // check if value needs to be encoded
         if (VmDirSchemaAttrIsOctetString(pAttr->pATDesc))
         {
-            VMDIR_SAFE_FREE_STRINGA(pszEncodedVal);
+            VMDIR_SAFE_FREE_STRINGA(pszEncoded);
 
             dwError = VmDirAllocateMemory(
                     pAttr->vals[i].lberbv.bv_len * 2 + 1,
-                    (PVOID*)&pszEncodedVal);
+                    (PVOID*)&pszEncoded);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             dwError = sasl_encode64(
                     pAttr->vals[i].lberbv.bv_val,
                     pAttr->vals[i].lberbv.bv_len,
-                    pszEncodedVal,
+                    pszEncoded,
                     pAttr->vals[i].lberbv.bv_len * 2 + 1,
                     &len);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             dwError = json_array_append_new(
-                    pjVals, json_string(pszEncodedVal));
+                    pjVals, json_string(pszEncoded));
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else
@@ -79,12 +79,15 @@ VmDirRESTEncodeAttribute(
     *ppjOutput = pjAttr;
 
 cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszEncodedVal);
+    VMDIR_SAFE_FREE_STRINGA(pszEncoded);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjVals)
     {
@@ -107,6 +110,8 @@ VmDirRESTEncodeEntry(
     DWORD   dwError = 0;
     DWORD   i = 0, j = 0;
     BOOLEAN bReturn = FALSE;
+    BOOLEAN bAsterisk = FALSE;
+    BOOLEAN bPlusSign = FALSE;
     PVDIR_ATTRIBUTE pAttr = NULL;
     PVDIR_ATTRIBUTE pAttrs[3] = {0};
     json_t*         pjAttr = NULL;
@@ -126,7 +131,18 @@ VmDirRESTEncodeEntry(
             pjEntry, "dn", json_string(pEntry->dn.lberbv.bv_val));
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // TODO special char?
+    for (i = 0; pbvAttrs && pbvAttrs[i].lberbv.bv_val; i++)
+    {
+        if (VmDirStringCompareA("*", pbvAttrs[i].lberbv.bv_val, TRUE) == 0)
+        {
+            bAsterisk = TRUE;
+        }
+        else if (VmDirStringCompareA("+", pbvAttrs[i].lberbv.bv_val, TRUE) == 0)
+        {
+            bPlusSign = TRUE;
+        }
+    }
+
     pAttrs[0] = pEntry->attrs;
     pAttrs[1] = pEntry->pComputedAttrs;
 
@@ -134,17 +150,32 @@ VmDirRESTEncodeEntry(
     {
         for (pAttr = pAttrs[i]; pAttr; pAttr = pAttr->next)
         {
-            bReturn = pbvAttrs == NULL;
+            bReturn = FALSE;
 
-            for (j = 0; pbvAttrs && pbvAttrs[j].lberbv.bv_val; j++)
+            if ((bAsterisk || !pbvAttrs) &&
+                    pAttr->pATDesc->usage ==
+                            VDIR_LDAP_USER_APPLICATIONS_ATTRIBUTE)
+            {
+                bReturn = TRUE;
+            }
+            else if (bPlusSign &&
+                    pAttr->pATDesc->usage ==
+                            VDIR_LDAP_DIRECTORY_OPERATION_ATTRIBUTE)
             {
-                if (VmDirStringCompareA(
-                        pAttr->type.lberbv.bv_val,
-                        pbvAttrs[j].lberbv.bv_val,
-                        FALSE) == 0)
+                bReturn = TRUE;
+            }
+            else if (pbvAttrs)
+            {
+                for (j = 0; pbvAttrs[j].lberbv.bv_val; j++)
                 {
-                    bReturn = TRUE;
-                    break;
+                    if (VmDirStringCompareA(
+                            pAttr->type.lberbv.bv_val,
+                            pbvAttrs[j].lberbv.bv_val,
+                            FALSE) == 0)
+                    {
+                        bReturn = TRUE;
+                        break;
+                    }
                 }
             }
 
@@ -170,8 +201,11 @@ VmDirRESTEncodeEntry(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjAttr)
     {
@@ -227,8 +261,11 @@ VmDirRESTEncodeEntryArray(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjEntry)
     {
@@ -240,3 +277,353 @@ VmDirRESTEncodeEntryArray(
     }
     goto cleanup;
 }
+
+DWORD
+VmDirRESTEncodeDNToObjectPath(
+    PCSTR   pszDN,
+    PCSTR   pszTenant,
+    PSTR*   ppszObjPath
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwLocalRDNs = 0;
+    DWORD   i = 0, j = 0;
+    PSTR    pszTenantDN = NULL;
+    PSTR    pszObjPath = NULL;
+    PCSTR   pszRDN = NULL;
+    size_t  objPathLen = 0;
+    size_t  RDNLen = 0;
+    PVMDIR_STRING_LIST  pRDNList = NULL;
+    PVMDIR_STRING_LIST  pTenantRDNList = NULL;
+
+    if (IsNullOrEmptyString(pszDN) || IsNullOrEmptyString(pszTenant) || !ppszObjPath)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirDomainNameToDN(pszTenant, &pszTenantDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // DN must be under the target tenant
+    if (!VmDirStringEndsWith(pszDN, pszTenantDN, FALSE))
+    {
+        dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirDNToRDNList(pszDN, 0, &pRDNList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirDNToRDNList(pszTenantDN, 0, &pTenantRDNList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwLocalRDNs = pRDNList->dwCount - pTenantRDNList->dwCount;
+
+    objPathLen = VmDirStringLenA(pszDN)
+               - VmDirStringLenA(pszTenantDN)
+               - (dwLocalRDNs * 3) + 2;
+
+    dwError = VmDirAllocateMemory(objPathLen, (PVOID*)&pszObjPath);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszObjPath[0] = '/';
+    for (i = dwLocalRDNs; i > 0; i--)
+    {
+        pszRDN = pRDNList->pStringList[i-1];
+
+        // - each RDN must be cn
+        // - each RDN must not contain '/'
+        if (!VmDirStringStartsWith(pszRDN, "cn=", FALSE) ||
+            VmDirStringChrA(pszRDN, '/'))
+        {
+            dwError = VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        pszRDN += 3;
+        RDNLen = VmDirStringLenA(pszRDN);
+
+        pszObjPath[j++] = '/';
+
+        dwError = VmDirCopyMemory(pszObjPath+j, objPathLen-j, pszRDN, RDNLen);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        j += RDNLen;
+    }
+
+    *ppszObjPath = pszObjPath;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszTenantDN);
+    VmDirStringListFree(pTenantRDNList);
+    VmDirStringListFree(pRDNList);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszObjPath);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTEncodeObjectAttribute(
+    PVDIR_ATTRIBUTE pObjAttr,
+    PCSTR           pszTenant,
+    json_t**        ppjOutput
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    PSTR    pszObjPath = NULL;
+    json_t* pjObjAttr = NULL;
+
+    if (!pObjAttr || IsNullOrEmptyString(pszTenant) || !ppjOutput)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirSchemaAttrIsDN(pObjAttr->pATDesc))
+    {
+        for (i = 0; i < pObjAttr->numVals; i++)
+        {
+            VMDIR_SAFE_FREE_STRINGA(pszObjPath);
+
+            dwError = VmDirRESTEncodeDNToObjectPath(
+                    pObjAttr->vals[i].lberbv.bv_val, pszTenant, &pszObjPath);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirStringToBervalContent(
+                    pszObjPath, &pObjAttr->vals[i]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    dwError = VmDirRESTEncodeAttribute(pObjAttr, &pjObjAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppjOutput = pjObjAttr;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszObjPath);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    if (pjObjAttr)
+    {
+        json_decref(pjObjAttr);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTEncodeObject(
+    PVDIR_ENTRY     pObj,
+    PVDIR_BERVALUE  pbvAttrs,
+    PCSTR           pszTenant,
+    json_t**        ppjOutput
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0, j = 0;
+    BOOLEAN bReturn = FALSE;
+    BOOLEAN bAsterisk = FALSE;
+    BOOLEAN bPlusSign = FALSE;
+    PSTR    pszObjPath = NULL;
+    PVDIR_ATTRIBUTE pObjAttr = NULL;
+    PVDIR_ATTRIBUTE pObjAttrs[3] = {0};
+    json_t*         pjObjAttr = NULL;
+    json_t*         pjObjAttrs = NULL;
+    json_t*         pjObj = NULL;
+
+    if (!pObj || IsNullOrEmptyString(pszTenant) || !ppjOutput)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjObj = json_object();
+    pjObjAttrs = json_array();
+
+    dwError = VmDirRESTEncodeDNToObjectPath(
+            pObj->dn.lberbv.bv_val, pszTenant, &pszObjPath);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = json_object_set_new(
+            pjObj, "objectpath", json_string(pszObjPath));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i = 0; pbvAttrs && pbvAttrs[i].lberbv.bv_val; i++)
+    {
+        if (VmDirStringCompareA("*", pbvAttrs[i].lberbv.bv_val, TRUE) == 0)
+        {
+            bAsterisk = TRUE;
+        }
+        else if (VmDirStringCompareA("+", pbvAttrs[i].lberbv.bv_val, TRUE) == 0)
+        {
+            bPlusSign = TRUE;
+        }
+    }
+
+    pObjAttrs[0] = pObj->attrs;
+    pObjAttrs[1] = pObj->pComputedAttrs;
+
+    for (i = 0; pObjAttrs[i]; i++)
+    {
+        for (pObjAttr = pObjAttrs[i]; pObjAttr; pObjAttr = pObjAttr->next)
+        {
+            bReturn = FALSE;
+
+            if ((bAsterisk || !pbvAttrs) &&
+                    pObjAttr->pATDesc->usage ==
+                            VDIR_LDAP_USER_APPLICATIONS_ATTRIBUTE)
+            {
+                bReturn = TRUE;
+            }
+            else if (bPlusSign &&
+                    pObjAttr->pATDesc->usage ==
+                            VDIR_LDAP_DIRECTORY_OPERATION_ATTRIBUTE)
+            {
+                bReturn = TRUE;
+            }
+            else if (pbvAttrs)
+            {
+                for (j = 0; pbvAttrs[j].lberbv.bv_val; j++)
+                {
+                    if (VmDirStringCompareA(
+                            pObjAttr->type.lberbv.bv_val,
+                            pbvAttrs[j].lberbv.bv_val,
+                            FALSE) == 0)
+                    {
+                        bReturn = TRUE;
+                        break;
+                    }
+                }
+            }
+
+            if (bReturn)
+            {
+                dwError = VmDirRESTEncodeObjectAttribute(
+                        pObjAttr, pszTenant, &pjObjAttr);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = json_array_append_new(pjObjAttrs, pjObjAttr);
+                BAIL_ON_VMDIR_ERROR(dwError);
+                pjObjAttr = NULL;
+            }
+        }
+    }
+
+    dwError = json_object_set_new(pjObj, "attributes", pjObjAttrs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pjObjAttrs = NULL;
+
+    *ppjOutput = pjObj;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszObjPath);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    if (pjObjAttr)
+    {
+        json_decref(pjObjAttr);
+    }
+    if (pjObjAttrs)
+    {
+        json_decref(pjObjAttrs);
+    }
+    if (pjObj)
+    {
+        json_decref(pjObj);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTEncodeObjectArray(
+    PVDIR_ENTRY_ARRAY   pObjArray,
+    PVDIR_BERVALUE      pbvAttrs,
+    PCSTR               pszTenant,
+    json_t**            ppjOutput,
+    size_t*             pSkipped
+    )
+{
+    DWORD   dwError = 0;
+    size_t  skipped = 0;
+    size_t  i = 0;
+    PVDIR_ENTRY pObj = NULL;
+    json_t*     pjObj = NULL;
+    json_t*     pjObjArray = NULL;
+
+    if (!pObjArray || IsNullOrEmptyString(pszTenant) || !ppjOutput)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjObjArray = json_array();
+
+    for (i = 0; i < pObjArray->iSize; i++)
+    {
+        pObj = &pObjArray->pEntry[i];
+
+        dwError = VmDirRESTEncodeObject(pObj, pbvAttrs, pszTenant, &pjObj);
+        if (dwError == VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION)
+        {
+            // skip objects that violate constraint
+            dwError = 0;
+            skipped++;
+            continue;
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = json_array_append_new(pjObjArray, pjObj);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pjObj = NULL;
+    }
+
+    if (pSkipped)
+    {
+        *pSkipped = skipped;
+    }
+
+    *ppjOutput = pjObjArray;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    if (pjObj)
+    {
+        json_decref(pjObj);
+    }
+    if (pjObjArray)
+    {
+        json_decref(pjObjArray);
+    }
+    goto cleanup;
+}
diff --git a/lwraft/server/rest-head/etcdapi.c b/lwraft/server/rest-head/etcdapi.c
new file mode 100644
index 000000000..9e4728092
--- /dev/null
+++ b/lwraft/server/rest-head/etcdapi.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * REST_MODULE (from copenapitypes.h)
+ * callback indices must correspond to:
+ *      GET, PUT, POST, DELETE, PATCH
+ */
+REST_MODULE _etcd_rest_module[] =
+{
+    {
+        "/v1/post/etcd/KV/put",
+        { NULL, NULL, VmDirRESTEtcdPut, NULL, NULL}
+    },
+    {
+        "/v1/post/etcd/KV/range",
+        { NULL, NULL, VmDirRESTEtcdGet, NULL, NULL}
+    },
+    {
+        "/v1/post/etcd/KV/deleteRange",
+        { NULL, NULL, VmDirRESTEtcdDelete, NULL, NULL}
+    }
+};
+
+DWORD
+VmDirRESTGetEtcdModule(
+    PREST_MODULE* ppRestModule
+    )
+{
+    *ppRestModule = _etcd_rest_module;
+    return 0;
+}
+
+DWORD
+VmDirRESTEtcdPut(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    // NOT IMPLEMENTED
+    return 0;
+}
+
+DWORD
+VmDirRESTEtcdGet(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    // NOT IMPLEMENTED
+    return 0;
+}
+
+DWORD
+VmDirRESTEtcdDelete(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    // NOT IMPLEMENTED
+    return 0;
+}
diff --git a/lwraft/server/rest-head/externs.h b/lwraft/server/rest-head/externs.h
index ae03d050c..0a9e7528c 100644
--- a/lwraft/server/rest-head/externs.h
+++ b/lwraft/server/rest-head/externs.h
@@ -13,3 +13,10 @@
  */
 
 extern PREST_API_DEF gpVdirRestApiDef;
+
+extern PVMREST_HANDLE gpVdirRestHTTPHandle;
+extern PVMREST_HANDLE gpVdirRestHTTPSHandle;
+
+extern PVDIR_VMAFD_API gpVdirVmAfdApi;
+
+extern PVDIR_REST_HEAD_CACHE gpVdirRestCache;
diff --git a/lwraft/server/rest-head/globals.c b/lwraft/server/rest-head/globals.c
index e08cfa791..57d380a3e 100644
--- a/lwraft/server/rest-head/globals.c
+++ b/lwraft/server/rest-head/globals.c
@@ -15,3 +15,10 @@
 #include "includes.h"
 
 PREST_API_DEF gpVdirRestApiDef = NULL;
+
+PVMREST_HANDLE gpVdirRestHTTPHandle = NULL;
+PVMREST_HANDLE gpVdirRestHTTPSHandle = NULL;
+
+PVDIR_VMAFD_API gpVdirVmAfdApi = NULL;
+
+PVDIR_REST_HEAD_CACHE gpVdirRestCache = NULL;
diff --git a/lwraft/server/rest-head/handler.c b/lwraft/server/rest-head/handler.c
new file mode 100644
index 000000000..6e1e29cd4
--- /dev/null
+++ b/lwraft/server/rest-head/handler.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * We provide this function as callback to c-rest-engine,
+ * c-rest-engine will use this callback upon receiving a request
+ */
+DWORD
+VmDirHTTPRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = VmDirRESTRequestHandlerInternal(
+            pRESTHandle, pRequest, ppResponse, paramsCount, TRUE);//TRUE - if HTTP request
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDirHTTPSRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = VmDirRESTRequestHandlerInternal(
+            pRESTHandle, pRequest, ppResponse, paramsCount, FALSE);//FALSE - if HTTPS request
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTRequestHandlerInternal(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount,
+    BOOLEAN         bHttpRequest
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwRestOpErr = 0;    // don't bail on this
+    PVDIR_REST_OPERATION    pRestOp = NULL;
+    VDIR_RAFT_ROLE  role = VDIR_RAFT_ROLE_CANDIDATE;
+
+    if (!pRESTHandle || !pRequest || !ppResponse)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
+    {
+        goto cleanup;
+    }
+
+    dwRestOpErr = VmDirRESTOperationCreate(&pRestOp);
+    if (dwRestOpErr)
+    {
+        dwError = VmDirRESTWriteSimpleErrorResponse(
+                pRESTHandle, ppResponse, 500);  // 500 = Internal Server Error
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        VmDirRaftGetRole(&role);
+        if (role == VDIR_RAFT_ROLE_LEADER)
+        {
+            dwRestOpErr = VmDirRESTProcessRequest(
+                    pRestOp, pRESTHandle, pRequest, paramsCount);
+
+            dwError = VmDirRESTOperationWriteResponse(
+                    pRestOp, pRESTHandle, ppResponse);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (role == VDIR_RAFT_ROLE_FOLLOWER)
+        {
+            dwRestOpErr = VmDirRESTForwardRequest(
+                    pRestOp, paramsCount, pRequest, pRESTHandle, bHttpRequest);
+
+            dwError = VmDirRESTWriteProxyResponse(
+                    pRestOp, ppResponse, pRESTHandle);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else  // role == VDIR_RAFT_ROLE_CANDIDATE
+        {
+            dwError = VmDirRESTWriteSimpleErrorResponse(
+                    pRESTHandle, ppResponse, 503);  // 503 = Service Unavailable
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    VmDirFreeRESTOperation(pRestOp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d), rest operation error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwRestOpErr);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTProcessRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest,
+    uint32_t                paramsCount
+    )
+{
+    DWORD   dwError = 0;
+    PREST_API_METHOD    pMethod = NULL;
+
+    if (!pRestOp || !pRESTHandle || !pRequest)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirRESTOperationReadRequest(
+            pRestOp, pRESTHandle, pRequest, paramsCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTAuth(pRestOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = coapi_find_handler(
+            gpVdirRestApiDef,
+            pRestOp->pszPath,
+            pRestOp->pszMethod,
+            &pMethod);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = pMethod->pFnImpl((void*)pRestOp, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTWriteSimpleErrorResponse(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_RESPONSE* ppResponse,
+    int             httpStatus
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_HTTP_ERROR    pHttpError = NULL;
+
+    if (!pRESTHandle || !ppResponse)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmRESTSetHttpStatusVersion(ppResponse, "HTTP/1.1");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pHttpError = VmDirRESTGetHttpError(httpStatus);
+
+    dwError = VmRESTSetHttpStatusCode(ppResponse, pHttpError->pszHttpStatus);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpReasonPhrase(ppResponse, pHttpError->pszHttpReason);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
diff --git a/lwraft/server/rest-head/includes.h b/lwraft/server/rest-head/includes.h
index c467f681d..1a430ae97 100644
--- a/lwraft/server/rest-head/includes.h
+++ b/lwraft/server/rest-head/includes.h
@@ -17,6 +17,8 @@
 #include <config.h>
 #include <vmdirsys.h>
 
+#include <ldap_log.h>
+
 #else
 
 #pragma once
@@ -43,9 +45,13 @@
 
 #include <backend.h>
 #include <middlelayer.h>
+#include <ldaphead.h>
 #include <resthead.h>
+#include <schema.h>
 #include <vmdirserver.h>
 
+#ifdef REST_ENABLED
+
 #include <copenapi/copenapi.h>
 #include <curl/curl.h>
 #include <gssapi/gssapi.h>
@@ -54,11 +60,14 @@
 #include <sasl/saslutil.h>
 #include <vmrest.h>
 
-#include <common_types.h>
+#include <ssotypes.h>
+#include <ssoerrors.h>
 #include <oidc_types.h>
 #include <oidc.h>
 
 #include "defines.h"
-#include "externs.h"
 #include "structs.h"
+#include "externs.h"
 #include "prototypes.h"
+
+#endif
diff --git a/lwraft/server/rest-head/ldapapi.c b/lwraft/server/rest-head/ldapapi.c
index c27b4d880..3be716710 100644
--- a/lwraft/server/rest-head/ldapapi.c
+++ b/lwraft/server/rest-head/ldapapi.c
@@ -22,10 +22,9 @@
 REST_MODULE _ldap_rest_module[] =
 {
     {
-        "/v1/lwraft/ldap",
+        VMDIR_V1_LDAP_RESOURCE,
         {VmDirRESTLdapSearch, VmDirRESTLdapAdd, NULL, VmDirRESTLdapDelete, VmDirRESTLdapModify}
-    },
-    {0}
+    }
 };
 
 DWORD
@@ -82,8 +81,12 @@ VmDirRESTLdapAdd(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -116,9 +119,11 @@ VmDirRESTLdapSearch(
             NULL, -1, LDAP_REQ_SEARCH, pRestOp->pConn, &pSearchOp);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirRESTGetStrParam(pRestOp, "dn", &pszDN, TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError)
+
     dwError = VmDirRESTGetLdapSearchParams(
             pRestOp,
-            &pszDN,
             &pSearchOp->request.searchReq.scope,
             &pSearchOp->request.searchReq.filter,
             &pSearchOp->request.searchReq.attrs,
@@ -171,8 +176,11 @@ VmDirRESTLdapSearch(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjResult)
     {
@@ -208,7 +216,7 @@ VmDirRESTLdapModify(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirRESTGetStrParam(pRestOp, "dn", &pszDN, TRUE);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    BAIL_ON_VMDIR_ERROR(dwError)
 
     dwError = VmDirStringToBervalContent(pszDN, &pModifyOp->reqDn);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -216,12 +224,20 @@ VmDirRESTLdapModify(
     dwError = VmDirStringToBervalContent(pszDN, &pModifyOp->request.modifyReq.dn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTDecodeMods(
+    dwError = VmDirRESTDecodeEntryMods(
             pRestOp->pjInput,
             &pModifyOp->request.modifyReq.mods,
             &pModifyOp->request.modifyReq.numMods);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    if (pRestOp->pszHeaderIfMatch)
+    {
+        dwError = VmDirAddCondWriteCtrl(
+                    pModifyOp,
+                    pRestOp->pszHeaderIfMatch);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
     dwError = VmDirMLModify(pModifyOp);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -232,8 +248,12 @@ VmDirRESTLdapModify(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -282,8 +302,12 @@ VmDirRESTLdapDelete(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -333,8 +357,12 @@ VmDirRESTLdapSetResult(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -396,6 +424,10 @@ VmDirRESTLdapGetHttpError(
         httpStatus = HTTP_PAYLOAD_TOO_LARGE;
         break;
 
+    case VMDIR_LDAP_ERROR_PRE_CONDITION:
+        httpStatus = HTTP_PRECONDITION_FAILED;
+        break;
+
     default:
         httpStatus = HTTP_INTERNAL_SERVER_ERROR;
         break;
@@ -410,7 +442,11 @@ VmDirRESTLdapGetHttpError(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
diff --git a/lwraft/server/rest-head/ldapcontrol.c b/lwraft/server/rest-head/ldapcontrol.c
new file mode 100644
index 000000000..9c01eb567
--- /dev/null
+++ b/lwraft/server/rest-head/ldapcontrol.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+
+DWORD
+VmDirAddCondWriteCtrl(
+    PVDIR_OPERATION pOp,
+    PCSTR           pszCondWriteFilter
+    )
+{
+    DWORD               dwError = 0;
+    PSTR                pszLocalFilter = NULL;
+    PVDIR_LDAP_CONTROL  pCondWriteCtrl = NULL;
+
+    if (!pOp || !pszCondWriteFilter)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringA(pszCondWriteFilter, &pszLocalFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateMemory(sizeof(*pCondWriteCtrl), (PVOID*)&pCondWriteCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pCondWriteCtrl->type = LDAP_CONTROL_CONDITIONAL_WRITE;  // same as ldap control in-place memory
+    pCondWriteCtrl->criticality = TRUE;
+
+    pCondWriteCtrl->next = pOp->reqControls;
+    pOp->reqControls = pCondWriteCtrl;
+
+    pOp->pCondWriteCtrl = pCondWriteCtrl;
+    pOp->pCondWriteCtrl->value.condWriteCtrlVal.pszFilter = pszLocalFilter;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszLocalFilter);
+    DeleteControls(&pCondWriteCtrl);
+
+    goto cleanup;
+}
+
diff --git a/lwraft/server/rest-head/libmain.c b/lwraft/server/rest-head/libmain.c
index 4aea8580a..d60110a6b 100644
--- a/lwraft/server/rest-head/libmain.c
+++ b/lwraft/server/rest-head/libmain.c
@@ -14,70 +14,109 @@
 
 #include "includes.h"
 
-REST_PROCESSOR sVmDirRESTHandlers =
+#ifdef REST_ENABLED
+
+static
+DWORD
+_VmDirRESTServerInitHTTP(
+    VOID
+    );
+
+static
+DWORD
+_VmDirRESTServerInitHTTPS(
+    VOID
+    );
+
+static
+VOID
+_VmDirRESTServerShutdownHTTP(
+    VOID
+    );
+
+static
+VOID
+_VmDirRESTServerShutdownHTTPS(
+    VOID
+    );
+
+static
+VOID
+_VmDirFreeRESTHandle(
+    PVMREST_HANDLE pHandle
+    );
+
+REST_PROCESSOR sVmDirHTTPHandlers =
 {
-    .pfnHandleCreate = &VmDirRESTRequestHandler,
-    .pfnHandleRead = &VmDirRESTRequestHandler,
-    .pfnHandleUpdate = &VmDirRESTRequestHandler,
-    .pfnHandleDelete = &VmDirRESTRequestHandler,
-    .pfnHandleOthers = &VmDirRESTRequestHandler
+    .pfnHandleCreate = &VmDirHTTPRequestHandler,
+    .pfnHandleRead = &VmDirHTTPRequestHandler,
+    .pfnHandleUpdate = &VmDirHTTPRequestHandler,
+    .pfnHandleDelete = &VmDirHTTPRequestHandler,
+    .pfnHandleOthers = &VmDirHTTPRequestHandler
 };
 
+REST_PROCESSOR sVmDirHTTPSHandlers =
+{
+    .pfnHandleCreate = &VmDirHTTPSRequestHandler,
+    .pfnHandleRead = &VmDirHTTPSRequestHandler,
+    .pfnHandleUpdate = &VmDirHTTPSRequestHandler,
+    .pfnHandleDelete = &VmDirHTTPSRequestHandler,
+    .pfnHandleOthers = &VmDirHTTPSRequestHandler
+};
+
+// TODO
+// should we call this only if promoted? or we need rest-head
+// to return unwilling to perform in unpromoted state.
 DWORD
 VmDirRESTServerInit(
     VOID
     )
 {
     DWORD   dwError = 0;
-    REST_CONF   config = {0};
-    PREST_PROCESSOR     pHandlers = &sVmDirRESTHandlers;
-    PREST_API_MODULE    pModule = NULL;
 
     MODULE_REG_MAP stRegMap[] =
     {
         {"ldap", VmDirRESTGetLdapModule},
+        {"object", VmDirRESTGetObjectModule},
+        {"etcd", VmDirRESTGetEtcdModule},
+        {"metrics", VmDirRESTGetMetricsModule},
         {NULL, NULL}
     };
 
-    config.pSSLCertificate = VMDIR_REST_SSLCERT;
-    config.pSSLKey = VMDIR_REST_SSLKEY;
-    config.pServerPort = gVmdirGlobals.pszRestListenPort;
-    config.pDebugLogFile = VMDIR_REST_DEBUGLOGFILE;
-    config.pClientCount = VMDIR_REST_CLIENTCNT;
-    config.pMaxWorkerThread = VMDIR_REST_WORKERTHCNT;
+    dwError = OidcClientGlobalInit();
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmRESTInit(&config, NULL);
+    dwError = VmDirRESTLoadVmAfdAPI(&gpVdirVmAfdApi);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    // cache is only required for token auth
+    // post should still handle simple auth
+    (VOID)VmDirRESTCacheInit(&gpVdirRestCache);
+
     dwError = coapi_load_from_file(REST_API_SPEC, &gpVdirRestApiDef);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = coapi_map_api_impl(gpVdirRestApiDef, stRegMap);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (pModule = gpVdirRestApiDef->pModules; pModule; pModule = pModule->pNext)
+    dwError = _VmDirRESTServerInitHTTP();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirRESTServerInitHTTPS();
+    if (dwError != 0)
     {
-        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
-        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
-        {
-            dwError = VmRESTRegisterHandler(pEndPoint->pszName, pHandlers, NULL);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
+        VMDIR_LOG_WARNING(
+                VMDIR_LOG_MASK_ALL,
+                "VmDirRESTServerInit: HTTPS port init failed with error %d, (failure is expected before promote)",
+                dwError);
+        dwError = 0;
     }
 
-    // TODO uncomment
-//    dwError = OidcClientGlobalInit();
-//    BAIL_ON_VMCA_ERROR(dwError);
-
-    dwError = VmRESTStart();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
 cleanup:
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                    "%s failed, error (%d)", __FUNCTION__, dwError);
+    VmDirRESTServerShutdown();
     goto cleanup;
 }
 
@@ -86,81 +125,217 @@ VmDirRESTServerShutdown(
     VOID
     )
 {
+    _VmDirRESTServerShutdownHTTP();
+    _VmDirRESTServerShutdownHTTPS();
+    //cleanup all global variables
+    OidcClientGlobalCleanup();
+    VmDirRESTUnloadVmAfdAPI(gpVdirVmAfdApi);
+    VmDirFreeRESTCache(gpVdirRestCache);
+    VMDIR_SAFE_FREE_MEMORY(gpVdirRestApiDef);
+}
+
+static
+DWORD
+_VmDirRESTServerInitHTTP(
+    VOID
+    )
+{
+    DWORD   dwError = 0;
+    REST_CONF   config = {0};
+    PREST_PROCESSOR     pHandlers = &sVmDirHTTPHandlers;
     PREST_API_MODULE    pModule = NULL;
 
-    VmRESTStop();
-    if (gpVdirRestApiDef)
+    /*
+     * pszHTTPListenPort can never be NULL because of default values assigned to them
+     * if Port string is empty, it means user wants to disable corresponding service
+     */
+    if (IsNullOrEmptyString(gVmdirGlobals.pszHTTPListenPort))
+    {
+        VMDIR_LOG_WARNING(
+                VMDIR_LOG_MASK_ALL,
+                "%s : not listening in HTTP port",
+                __FUNCTION__);
+        goto cleanup;
+    }
+
+    config.pSSLCertificate = RSA_SERVER_CERT;
+    config.pSSLKey = RSA_SERVER_KEY;
+    config.pServerPort = gVmdirGlobals.pszHTTPListenPort;
+    config.pDebugLogFile = VMDIR_HTTP_DEBUGLOGFILE;
+    config.pClientCount = VMDIR_REST_CLIENTCNT;
+    config.pMaxWorkerThread = VMDIR_REST_WORKERTHCNT;
+
+    dwError = VmRESTInit(&config, NULL, &gpVdirRestHTTPHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (pModule = gpVdirRestApiDef->pModules; pModule; pModule = pModule->pNext)
     {
-        pModule = gpVdirRestApiDef->pModules;
-        for (; pModule; pModule = pModule->pNext)
+        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
         {
-            PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
-            for (; pEndPoint; pEndPoint = pEndPoint->pNext)
-            {
-                (VOID)VmRESTUnRegisterHandler(pEndPoint->pszName);
-            }
+            dwError = VmRESTRegisterHandler(
+                    gpVdirRestHTTPHandle, pEndPoint->pszName, pHandlers, NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
-    VmRESTShutdown();
 
-    // TODO uncomment
-//    OidcClientGlobalCleanup();
-    VMDIR_SAFE_FREE_MEMORY(gpVdirRestApiDef);
+    dwError = VmRESTStart(gpVdirRestHTTPHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    _VmDirRESTServerShutdownHTTP();
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed with error %d, not going to listen on REST port",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
 }
 
+static
 DWORD
-VmDirRESTRequestHandler(
-    PREST_REQUEST   pRequest,
-    PREST_RESPONSE* ppResponse,
-    uint32_t        paramsCount
+_VmDirRESTServerInitHTTPS(
+    VOID
     )
 {
     DWORD   dwError = 0;
-    PVDIR_REST_OPERATION    pRestOp = NULL;
-    PREST_API_METHOD    pMethod = NULL;
-
-    if (!pRequest || !ppResponse)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    PSTR    pszCert = NULL;
+    PSTR    pszKey = NULL;
+    REST_CONF   config = {0};
+    PREST_PROCESSOR     pHandlers = &sVmDirHTTPSHandlers;
+    PREST_API_MODULE    pModule = NULL;
 
-    if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
+    /*
+     * pszHTTPSListenPort can never be NULL because of default values assigned to them
+     * if Port string is empty, it means user wants to disable corresponding service
+     */
+    if (IsNullOrEmptyString(gVmdirGlobals.pszHTTPSListenPort))
     {
+        VMDIR_LOG_WARNING(
+                VMDIR_LOG_MASK_ALL,
+                "%s : not listening in HTTP port",
+                __FUNCTION__);
         goto cleanup;
     }
 
-    dwError = VmDirRESTOperationCreate(&pRestOp);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    config.pSSLCertificate = NULL;
+    config.pSSLKey = NULL;
+    config.pServerPort = gVmdirGlobals.pszHTTPSListenPort;
+    config.pDebugLogFile = VMDIR_HTTPS_DEBUGLOGFILE;
+    config.pClientCount = VMDIR_REST_CLIENTCNT;
+    config.pMaxWorkerThread = VMDIR_REST_WORKERTHCNT;
 
-    dwError = VmDirRESTOperationReadRequest(pRestOp, pRequest, paramsCount);
+    dwError = VmRESTInit(&config, NULL, &gpVdirRestHTTPSHandle);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTAuth(pRestOp);
+    //Get Certificate and Key from VECS and Set it to Rest Engine
+    dwError = VmDirGetVecsMachineCert(&pszCert, &pszKey);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = coapi_find_handler(
-            gpVdirRestApiDef,
-            pRestOp->pszEndpoint,
-            pRestOp->pszMethod,
-            &pMethod);
+    dwError = VmRESTSetSSLInfo(gpVdirRestHTTPSHandle, pszCert, VmDirStringLenA(pszCert)+1, SSL_DATA_TYPE_CERT);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = pMethod->pFnImpl((void*)pRestOp, NULL);
+    dwError = VmRESTSetSSLInfo(gpVdirRestHTTPSHandle, pszKey, VmDirStringLenA(pszKey)+1, SSL_DATA_TYPE_KEY);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-response:
-    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
-    // Nothing can be done if failed to send response
-    dwError = VmDirRESTOperationWriteResponse(pRestOp, ppResponse);
-    goto cleanup;
+    for (pModule = gpVdirRestApiDef->pModules; pModule; pModule = pModule->pNext)
+    {
+        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+        {
+            dwError = VmRESTRegisterHandler(
+                    gpVdirRestHTTPSHandle, pEndPoint->pszName, pHandlers, NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    dwError = VmRESTStart(gpVdirRestHTTPSHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VmDirFreeRESTOperation(pRestOp);
+    VMDIR_SAFE_FREE_MEMORY(pszCert);
+    VMDIR_SAFE_FREE_MEMORY(pszKey);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-    goto response;
+    _VmDirRESTServerShutdownHTTPS();
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed with error %d, not going to listen on REST port (expected before promote)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
 }
+
+static
+VOID
+_VmDirRESTServerShutdownHTTP(
+    VOID
+    )
+{
+    _VmDirFreeRESTHandle(gpVdirRestHTTPHandle);
+    gpVdirRestHTTPHandle = NULL;
+}
+
+static
+VOID
+_VmDirRESTServerShutdownHTTPS(
+    VOID
+    )
+{
+    _VmDirFreeRESTHandle(gpVdirRestHTTPSHandle);
+    gpVdirRestHTTPSHandle = NULL;
+}
+
+static
+VOID
+_VmDirFreeRESTHandle(
+    PVMREST_HANDLE    pHandle
+    )
+{
+    PREST_API_MODULE  pModule = NULL;
+
+    if (pHandle)
+    {
+        VmRESTStop(pHandle);
+        if (gpVdirRestApiDef)
+        {
+            pModule = gpVdirRestApiDef->pModules;
+            for (; pModule; pModule = pModule->pNext)
+            {
+                PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+                for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+                {
+                    (VOID)VmRESTUnRegisterHandler(
+                            pHandle, pEndPoint->pszName);
+                }
+            }
+        }
+        VmRESTShutdown(pHandle);
+    }
+}
+
+#else
+
+DWORD
+VmDirRESTServerInit(
+    VOID
+    )
+{
+    return 0;
+}
+
+VOID
+VmDirRESTServerShutdown(
+    VOID
+    )
+{
+    return;
+}
+
+#endif
diff --git a/lwraft/server/rest-head/lightwave.c b/lwraft/server/rest-head/lightwave.c
new file mode 100644
index 000000000..2df140be5
--- /dev/null
+++ b/lwraft/server/rest-head/lightwave.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirRESTGetLightwaveOIDCSigningCertPEM(
+    PCSTR   pszDCName,
+    PCSTR   pszDomainName,
+    PSTR*   ppszOIDCSigningCertPEM
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwOIDCError = 0;
+    PSTR    pszOIDCSigningCertPEM = NULL;
+    POIDC_SERVER_METADATA   pOidcMetadata = NULL;
+
+    if (IsNullOrEmptyString(pszDCName) ||
+        IsNullOrEmptyString(pszDomainName) ||
+        !ppszOIDCSigningCertPEM)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwOIDCError = OidcServerMetadataAcquire(
+            &pOidcMetadata,
+            pszDCName,
+            VMDIR_REST_OIDC_PORT,
+            pszDomainName,
+            NULL /* pszTlsCAPath: NULL means skip TLS validation, pass LIGHTWAVE_TLS_CA_PATH to turn on */);
+    dwError = dwOIDCError ? VMDIR_ERROR_OIDC_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(
+            OidcServerMetadataGetSigningCertificatePEM(pOidcMetadata),
+            &pszOIDCSigningCertPEM);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszOIDCSigningCertPEM = pszOIDCSigningCertPEM;
+
+cleanup:
+    OidcServerMetadataDelete(pOidcMetadata);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d) OIDC error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwOIDCError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszOIDCSigningCertPEM);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTGetLightwaveObjectSid(
+    PCSTR   pszDCName,
+    PCSTR   pszDomainName,
+    PCSTR   pszDN,
+    PSID*   ppObjectSid
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwAFDError = 0;
+    DWORD   dwPort = VMDIR_REST_LIGHTWAVE_LDAP_PORT;
+    PSTR    pszAccount = NULL;
+    PSTR    pszAccountUPN = NULL;
+    PSTR    pszPassword = NULL;
+    LDAP*   pLd = NULL;
+    LDAPMessage*    pResult = NULL;
+    LDAPMessage*    pEntry = NULL;
+    struct berval** ppSidVals = NULL;
+    PSID    pSid = NULL;
+
+    PSTR    ppszAttrs[] = { ATTR_OBJECT_SID, NULL };
+
+    if (IsNullOrEmptyString(pszDCName) ||
+        IsNullOrEmptyString(pszDN) ||
+        !ppObjectSid)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwAFDError = gpVdirVmAfdApi->pfnGetMachineAccountInfo(
+            NULL, &pszAccount, &pszPassword);
+    dwError = dwAFDError ? VMDIR_ERROR_AFD_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszAccountUPN, "%s@%s", pszAccount, pszDomainName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSafeLDAPBindToPort(
+            &pLd, pszDCName, dwPort, pszAccountUPN, pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+            pLd, pszDN, LDAP_SCOPE_BASE, NULL, ppszAttrs, TRUE,
+            NULL, NULL, NULL, 0,
+            &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    if (pEntry == NULL)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NOT_FOUND);
+    }
+
+    ppSidVals = ldap_get_values_len(pLd, pEntry, ATTR_OBJECT_SID);
+    if (ldap_count_values_len(ppSidVals) == 0)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NOT_FOUND);
+    }
+
+    dwError = VmDirAllocateSidFromCString(ppSidVals[0]->bv_val, &pSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppObjectSid = pSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAccount);
+    VMDIR_SAFE_FREE_MEMORY(pszAccountUPN);
+    VMDIR_SAFE_FREE_MEMORY(pszPassword);
+    VDIR_SAFE_LDAP_UNBIND_EXT_S(pLd);
+    VDIR_SAFE_LDAP_MSGFREE(pResult);
+    VDIR_SAFE_LDAP_VALUE_FREE_LEN(ppSidVals);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d) AFD error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwAFDError);
+
+    VMDIR_SAFE_FREE_MEMORY(pSid);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTGetLightwaveBuiltInAdminsGroupSid(
+    PCSTR   pszDCName,
+    PCSTR   pszDomainName,
+    PSID*   ppBuiltInAdminsGroupSid
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDomainDN = NULL;
+    PSTR    pszBuiltInAdminsGroupDN = NULL;
+    PSID    pSid = NULL;
+
+    if (IsNullOrEmptyString(pszDCName) ||
+        IsNullOrEmptyString(pszDomainName) ||
+        !ppBuiltInAdminsGroupSid)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszBuiltInAdminsGroupDN,
+            "cn=Administrators,cn=Builtin,%s",
+            pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetLightwaveObjectSid(
+            pszDCName, pszDomainName, pszBuiltInAdminsGroupDN, &pSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppBuiltInAdminsGroupSid = pSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszBuiltInAdminsGroupDN);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pSid);
+    goto cleanup;
+}
diff --git a/lwraft/server/rest-head/metricsapi.c b/lwraft/server/rest-head/metricsapi.c
new file mode 100644
index 000000000..90b6926b9
--- /dev/null
+++ b/lwraft/server/rest-head/metricsapi.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * REST_MODULE (from copenapitypes.h)
+ * callback indices must correspond to:
+ *      GET, PUT, POST, DELETE, PATCH
+ */
+REST_MODULE _metrics_rest_module[] =
+{
+    {
+        "/v1/post/metrics",
+        {VmDirRESTMetricsGet, NULL, NULL, NULL, NULL}
+    }
+};
+
+DWORD
+VmDirRESTGetMetricsModule(
+    PREST_MODULE*   ppRestModule
+    )
+{
+    *ppRestModule = _metrics_rest_module;
+    return 0;
+}
+
+/*
+ * Performs GET operation for all the VmDir metrics
+ */
+DWORD
+VmDirRESTMetricsGet(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    DWORD dwError = 0;
+    PVDIR_REST_OPERATION pRestOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pRestOp = (PVDIR_REST_OPERATION)pIn;
+
+    dwError = VmMetricsGetPrometheusData(pmContext,
+                        &pRestOp->pResult->pszData,
+                        &pRestOp->pResult->dwDataLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
diff --git a/lwraft/server/rest-head/objectapi.c b/lwraft/server/rest-head/objectapi.c
new file mode 100644
index 000000000..64ba0ad0d
--- /dev/null
+++ b/lwraft/server/rest-head/objectapi.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+_VmDirRESTCreateCondWriteCtrl(
+    PVDIR_OPERATION pOp,
+    PCSTR           pszTenant,
+    PCSTR           pszCondWriteFilter
+    );
+
+/*
+ * REST_MODULE (from copenapitypes.h)
+ * callback indices must correspond to:
+ *      GET, PUT, POST, DELETE, PATCH
+ */
+REST_MODULE _object_rest_module[] =
+{
+    {
+        VMDIR_V1_OBJ_RESOURCE_ALL,
+        {VmDirRESTObjectGet, VmDirRESTObjectPut, NULL, VmDirRESTObjectDelete, VmDirRESTObjectPatch}
+    }
+};
+
+DWORD
+VmDirRESTGetObjectModule(
+    PREST_MODULE*   ppRestModule
+    )
+{
+    *ppRestModule = _object_rest_module;
+    return 0;
+}
+
+DWORD
+VmDirRESTObjectPut(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszTenant = NULL;
+    PVDIR_ENTRY pObj = NULL;
+    PVDIR_REST_OPERATION    pRestOp = NULL;
+    PVDIR_OPERATION         pAddOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pRestOp = (PVDIR_REST_OPERATION)pIn;
+
+    // put request must have subpath (=objectpath)
+    if (IsNullOrEmptyString(pRestOp->pszSubPath))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_ADD, pRestOp->pConn, &pAddOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetObjectTenantParam(pRestOp, &pszTenant);
+    BAIL_ON_VMDIR_ERROR(dwError)
+
+    dwError = VmDirRESTDecodeObject(
+            pRestOp->pjInput, pRestOp->pszSubPath, pszTenant, &pObj);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirResetAddRequestEntry(pAddOp, pObj);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pObj = NULL;
+
+    dwError = VmDirMLAdd(pAddOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, pAddOp, dwError, NULL);
+    VMDIR_SAFE_FREE_MEMORY(pszTenant);
+    VmDirFreeOperation(pAddOp);
+    VmDirFreeEntry(pObj);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTObjectGet(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszTenant = NULL;
+    PSTR    pszDN = NULL;
+    size_t  skipped = 0;
+    PVDIR_LDAP_CONTROL  pPagedResultsCtrl = NULL;
+    json_t*             pjResult = NULL;
+    PVDIR_REST_OPERATION    pRestOp = NULL;
+    PVDIR_OPERATION         pSearchOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pRestOp = (PVDIR_REST_OPERATION)pIn;
+
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_SEARCH, pRestOp->pConn, &pSearchOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetObjectGetParams(
+            pRestOp,
+            &pszTenant,
+            &pSearchOp->request.searchReq.scope,
+            &pSearchOp->request.searchReq.filter,
+            &pSearchOp->request.searchReq.attrs,
+            &pPagedResultsCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTDecodeObjectPathToDN(
+            pRestOp->pszSubPath, pszTenant, &pszDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszDN, &pSearchOp->reqDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pSearchOp->showPagedResultsCtrl = pPagedResultsCtrl;
+    pSearchOp->request.searchReq.bStoreRsltInMem = TRUE;
+
+    dwError = VmDirMLSearch(pSearchOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // set operation result
+    dwError = VmDirRESTEncodeObjectArray(
+            &pSearchOp->internalSearchEntryArray,
+            pSearchOp->request.searchReq.attrs,
+            pszTenant,
+            &pjResult,
+            &skipped);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTResultSetObjData(pRestOp->pResult, "result", pjResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTResultSetIntData(
+            pRestOp->pResult,
+            "result_count",
+            pSearchOp->internalSearchEntryArray.iSize - skipped);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pPagedResultsCtrl)
+    {
+        VDIR_PAGED_RESULT_CONTROL_VALUE* pCtrl =
+                &pPagedResultsCtrl->value.pagedResultCtrlVal;
+
+        if (!IsNullOrEmptyString(pCtrl->cookie))
+        {
+            dwError = VmDirRESTResultSetStrData(
+                    pRestOp->pResult, "paged_results_cookie", pCtrl->cookie);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, pSearchOp, dwError, NULL);
+    VMDIR_SAFE_FREE_MEMORY(pPagedResultsCtrl);
+    VMDIR_SAFE_FREE_MEMORY(pszTenant);
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
+    VmDirFreeOperation(pSearchOp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    if (pjResult)
+    {
+        json_decref(pjResult);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTObjectPatch(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszTenant = NULL;
+    PSTR    pszDN = NULL;
+    PVDIR_REST_OPERATION    pRestOp = NULL;
+    PVDIR_OPERATION         pModifyOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pRestOp = (PVDIR_REST_OPERATION)pIn;
+
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_MODIFY, pRestOp->pConn, &pModifyOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetObjectTenantParam(pRestOp, &pszTenant);
+    BAIL_ON_VMDIR_ERROR(dwError)
+
+    dwError = VmDirRESTDecodeObjectPathToDN(
+            pRestOp->pszSubPath, pszTenant, &pszDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszDN, &pModifyOp->reqDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszDN, &pModifyOp->request.modifyReq.dn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTDecodeObjectMods(
+            pRestOp->pjInput,
+            pszTenant,
+            &pModifyOp->request.modifyReq.mods,
+            &pModifyOp->request.modifyReq.numMods);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pRestOp->pszHeaderIfMatch)
+    {
+        dwError = _VmDirRESTCreateCondWriteCtrl(
+                    pModifyOp,
+                    pszTenant,
+                    pRestOp->pszHeaderIfMatch);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirMLModify(pModifyOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, pModifyOp, dwError, NULL);
+    VMDIR_SAFE_FREE_MEMORY(pszTenant);
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
+    VmDirFreeOperation(pModifyOp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTObjectDelete(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszTenant = NULL;
+    PSTR    pszDN = NULL;
+    BOOLEAN bRecursive = FALSE;
+    PVDIR_REST_OPERATION    pRestOp = NULL;
+    PVDIR_OPERATION         pDeleteOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pRestOp = (PVDIR_REST_OPERATION)pIn;
+
+    dwError = VmDirRESTGetBoolParam(pRestOp, "recursive", &bRecursive, FALSE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // TODO implement recursive option
+    dwError = bRecursive ? VMDIR_ERROR_UNWILLING_TO_PERFORM : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_DELETE, pRestOp->pConn, &pDeleteOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetObjectTenantParam(pRestOp, &pszTenant);
+    BAIL_ON_VMDIR_ERROR(dwError)
+
+    dwError = VmDirRESTDecodeObjectPathToDN(
+            pRestOp->pszSubPath, pszTenant, &pszDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszDN, &pDeleteOp->reqDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToBervalContent(pszDN, &pDeleteOp->request.deleteReq.dn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirMLDelete(pDeleteOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, pDeleteOp, dwError, NULL);
+    VMDIR_SAFE_FREE_MEMORY(pszTenant);
+    VMDIR_SAFE_FREE_MEMORY(pszDN);
+    VmDirFreeOperation(pDeleteOp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirRESTCreateCondWriteCtrl(
+    PVDIR_OPERATION pOp,
+    PCSTR           pszTenant,
+    PCSTR           pszCondWriteFilter
+    )
+{
+    DWORD           dwError = 0;
+    VDIR_BERVALUE   bvFilter = VDIR_BERVALUE_INIT;
+    PVDIR_FILTER    pObjectFilter = NULL;
+    PVDIR_FILTER    pDNFilter = NULL;
+
+    dwError = StrFilterToFilter(pszCondWriteFilter, &pObjectFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTFilterObjectToDN(
+                pszTenant,
+                pObjectFilter,
+                &pDNFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = FilterToStrFilter(pDNFilter, &bvFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAddCondWriteCtrl(pOp, bvFilter.lberbv_val);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeBervalContent(&bvFilter);
+    DeleteFilter(pObjectFilter);
+    DeleteFilter(pDNFilter);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/lwraft/server/rest-head/operation.c b/lwraft/server/rest-head/operation.c
index 8165bc41f..1472f65c4 100644
--- a/lwraft/server/rest-head/operation.c
+++ b/lwraft/server/rest-head/operation.c
@@ -46,7 +46,10 @@ VmDirRESTOperationCreate(
     dwError = VmDirRESTResultCreate(&pRestOp->pResult);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pRestOp->pResource = VmDirRESTGetResource(VDIR_REST_RSC_UNKNOWN);
+    pRestOp->pResource = VmDirRESTGetResource(NULL);
+
+    dwError = VmDirRESTCreateProxyResult(&pRestOp->pProxyResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppRestOp = pRestOp;
 
@@ -54,8 +57,11 @@ VmDirRESTOperationCreate(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeRESTOperation(pRestOp);
     goto cleanup;
@@ -64,21 +70,21 @@ VmDirRESTOperationCreate(
 DWORD
 VmDirRESTOperationReadRequest(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_REQUEST           pRestReq,
     DWORD                   dwParamCount
     )
 {
     DWORD   dwError = 0;
-    DWORD   i = 0, done = 0;
+    DWORD   i = 0, bytesRead = 0;
     json_error_t    jError = {0};
-    VDIR_REST_RESOURCE_TYPE  rscType = VDIR_REST_RSC_UNKNOWN;
     PSTR    pszTmp = NULL;
     PSTR    pszKey = NULL;
     PSTR    pszVal = NULL;
     PSTR    pszInput = NULL;
     size_t  len = 0;
 
-    if (!pRestOp || !pRestReq)
+    if (!pRestOp || !pRESTHandle || !pRestReq)
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -89,26 +95,38 @@ VmDirRESTOperationReadRequest(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // read request URI
-    dwError = VmRESTGetHttpURI(pRestReq, &pRestOp->pszEndpoint);
+    dwError = VmRESTGetHttpURI(pRestReq, &pRestOp->pszPath);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pszTmp = VmDirStringChrA(pRestOp->pszEndpoint, '?');
+    pszTmp = VmDirStringChrA(pRestOp->pszPath, '?');
     if (pszTmp)
     {
         *pszTmp = '\0';
     }
 
-    // determine resource and assign error callbacks
-    rscType = VmDirRESTGetEndpointRscType(pRestOp->pszEndpoint);
-    if (rscType == VDIR_REST_RSC_UNKNOWN)
+    // determine resource
+    pRestOp->pResource = VmDirRESTGetResource(pRestOp->pszPath);
+    if (pRestOp->pResource->rscType == VDIR_REST_RSC_UNKNOWN)
     {
         dwError = VMDIR_ERROR_INVALID_REQUEST;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
-    pRestOp->pResource = VmDirRESTGetResource(rscType);
+
+    // extract sub-path
+    if (pRestOp->pResource->bIsEndpointPrefix)
+    {
+        dwError = VmDirAllocateStringA(
+                pRestOp->pszPath + strlen(pRestOp->pResource->pszEndpoint) + 1,
+                &pRestOp->pszSubPath);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     // read request authorization info
-    dwError = VmRESTGetHttpHeader(pRestReq, "Authorization", &pRestOp->pszAuth);
+    dwError = VmRESTGetHttpHeader(pRestReq, VMDIR_REST_HEADER_AUTHENTICATION, &pRestOp->pszAuth);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // read header If-Match
+    dwError = VmRESTGetHttpHeader(pRestReq, VMDIR_REST_HEADER_IF_MATCH, &pRestOp->pszHeaderIfMatch);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // read request params
@@ -125,37 +143,64 @@ VmDirRESTOperationReadRequest(
     }
 
     // read request input json
-    while (!done)
+    do
     {
-        dwError = VmDirReallocateMemory(
-                (PVOID)pszInput,
-                (PVOID*)&pszInput,
-                len + MAX_REST_PAYLOAD_LENGTH);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        if (bytesRead || !pszInput)
+        {
+            dwError = VmDirReallocateMemoryWithInit(
+                    (PVOID)pszInput,
+                    (PVOID*)&pszInput,
+                    len + MAX_REST_PAYLOAD_LENGTH + 1,
+                    len);     // +1 for NULL char
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
 
-        dwError = VmRESTGetData(pRestReq, pszInput + len, &done);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        bytesRead = 0;
+        dwError = VmRESTGetData(
+                pRESTHandle, pRestReq, pszInput + len, &bytesRead);
 
-        len = strlen(pszInput);
+        len += bytesRead;
     }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     if (!IsNullOrEmptyString(pszInput))
     {
         pRestOp->pjInput = json_loads(pszInput, 0, &jError);
         if (!pRestOp->pjInput)
         {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                    "%s failed to parse json payload: "
+                    "(text=%s), "
+                    "(source=%s), "
+                    "(line=%d), "
+                    "(column=%d), "
+                    "(position=%d)",
+                    __FUNCTION__,
+                    jError.text,
+                    jError.source,
+                    jError.line,
+                    jError.column,
+                    jError.position);
+
             dwError = VMDIR_ERROR_INVALID_REQUEST;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
+    // Save the input in string format for proxy
+    pRestOp->pszInput = pszInput;
+
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszInput);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+    VMDIR_SAFE_FREE_STRINGA(pszInput);
     goto cleanup;
 }
 
@@ -165,11 +210,12 @@ VmDirRESTOperationReadRequest(
 DWORD
 VmDirRESTOperationWriteResponse(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_RESPONSE*         ppResponse
     )
 {
     DWORD   dwError = 0;
-    DWORD   done = 0;
+    DWORD   bytesWritten = 0;
     PSTR    pszHttpStatus = NULL;
     PSTR    pszHttpReason = NULL;
     PSTR    pszBody = NULL;
@@ -177,7 +223,7 @@ VmDirRESTOperationWriteResponse(
     size_t  bodyLen = 0;
     size_t  sentLen = 0;
 
-    if (!pRestOp || !ppResponse)
+    if (!pRestOp || !pRESTHandle || !ppResponse)
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -199,14 +245,30 @@ VmDirRESTOperationWriteResponse(
     dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "application/json");
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pRestOp->pResult->pszData)
+    {
+        dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "text/plain");
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTResultToResponseBody(
-            pRestOp->pResult, pRestOp->pResource, &pszBody);
-    BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = VmDirAllocateAndCopyMemory(
+                        (PVOID)pRestOp->pResult->pszData,
+                        pRestOp->pResult->dwDataLen,
+                        (PVOID*)&pszBody);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    bodyLen = VmDirStringLenA(VDIR_SAFE_STRING(pszBody));
+        bodyLen = pRestOp->pResult->dwDataLen;
+    }
+    else
+    {
+        dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "application/json");
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirRESTResultToResponseBody(
+                pRestOp->pResult, pRestOp->pResource, &pszBody);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        bodyLen = VmDirStringLenA(VDIR_SAFE_STRING(pszBody));
+    }
 
     dwError = VmDirAllocateStringPrintf(&pszBodyLen, "%ld", bodyLen);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -215,19 +277,22 @@ VmDirRESTOperationWriteResponse(
             ppResponse, bodyLen > MAX_REST_PAYLOAD_LENGTH ? NULL : pszBodyLen);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    while (pszBody && !done)
+    do
     {
         size_t chunkLen = bodyLen > MAX_REST_PAYLOAD_LENGTH ?
                 MAX_REST_PAYLOAD_LENGTH : bodyLen;
 
-        dwError = VmRESTSetData(ppResponse, pszBody + sentLen, chunkLen, &done);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = VmRESTSetData(
+                pRESTHandle,
+                ppResponse,
+                VDIR_SAFE_STRING(pszBody) + sentLen,
+                chunkLen,
+                &bytesWritten);
 
-        sentLen += chunkLen;
-        bodyLen -= chunkLen;
+        sentLen += bytesWritten;
+        bodyLen -= bytesWritten;
     }
-
-    dwError = VmRESTSetHttpPayload(ppResponse, "", 0, &done);
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
@@ -236,8 +301,12 @@ VmDirRESTOperationWriteResponse(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -250,7 +319,11 @@ VmDirFreeRESTOperation(
     {
         VMDIR_SAFE_FREE_MEMORY(pRestOp->pszAuth);
         VMDIR_SAFE_FREE_MEMORY(pRestOp->pszMethod);
-        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszEndpoint);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszPath);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszSubPath);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszHeaderIfMatch);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszContentType);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszInput);
         if (pRestOp->pjInput)
         {
             json_decref(pRestOp->pjInput);
@@ -259,6 +332,7 @@ VmDirFreeRESTOperation(
         LwRtlFreeHashMap(&pRestOp->pParamMap);
         VmDirDeleteConnection(&pRestOp->pConn);
         VmDirFreeRESTResult(pRestOp->pResult);
+        VmDirFreeProxyResult(pRestOp->pProxyResult);
         VMDIR_SAFE_FREE_MEMORY(pRestOp);
     }
 }
diff --git a/lwraft/server/rest-head/param.c b/lwraft/server/rest-head/param.c
index c73c4afa6..2933448de 100644
--- a/lwraft/server/rest-head/param.c
+++ b/lwraft/server/rest-head/param.c
@@ -17,7 +17,7 @@
 DWORD
 VmDirRESTGetStrParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PSTR*                   ppszVal,
     BOOLEAN                 bRequired
     )
@@ -47,9 +47,12 @@ VmDirRESTGetStrParam(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (pszKey=%s)",
-            __FUNCTION__, dwError, VDIR_SAFE_STRING(pszKey));
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
 
     goto cleanup;
 }
@@ -57,7 +60,7 @@ VmDirRESTGetStrParam(
 DWORD
 VmDirRESTGetIntParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     int*                    piVal,
     BOOLEAN                 bRequired
     )
@@ -86,9 +89,63 @@ VmDirRESTGetIntParam(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (pszKey=%s)",
-            __FUNCTION__, dwError, VDIR_SAFE_STRING(pszKey));
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTGetBoolParam(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszKey,
+    BOOLEAN*                pbVal,
+    BOOLEAN                 bRequired
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszVal = NULL;
+
+    if (!pRestOp || IsNullOrEmptyString(pszKey) || !pbVal)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (LwRtlHashMapFindKey(pRestOp->pParamMap, (PVOID*)&pszVal, pszKey) ||
+        IsNullOrEmptyString(pszVal))
+    {
+        dwError = bRequired ? VMDIR_ERROR_INVALID_REQUEST : 0;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else if (VmDirStringCompareA(pszVal, "true", FALSE) == 0)
+    {
+        *pbVal = TRUE;
+    }
+    else if (VmDirStringCompareA(pszVal, "false", FALSE) == 0)
+    {
+        *pbVal = FALSE;
+    }
+    else
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d) (pszKey=%s)",
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
 
     goto cleanup;
 }
@@ -96,7 +153,7 @@ VmDirRESTGetIntParam(
 DWORD
 VmDirRESTGetStrListParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PVMDIR_STRING_LIST*     ppValList,
     BOOLEAN                 bRequired
     )
@@ -126,9 +183,12 @@ VmDirRESTGetStrListParam(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (pszKey=%s)",
-            __FUNCTION__, dwError, VDIR_SAFE_STRING(pszKey));
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
 
     goto cleanup;
 }
@@ -136,7 +196,6 @@ VmDirRESTGetStrListParam(
 DWORD
 VmDirRESTGetLdapSearchParams(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR*                   ppszDN,
     int*                    piScope,
     PVDIR_FILTER*           ppFilter,
     PVDIR_BERVALUE*         ppbvAttrs,
@@ -145,7 +204,6 @@ VmDirRESTGetLdapSearchParams(
 {
     DWORD   dwError = 0;
     DWORD   i = 0;
-    PSTR    pszDN = NULL;
     PSTR    pszScope = NULL;
     PSTR    pszFilter = NULL;
     PVMDIR_STRING_LIST  pAttrs = NULL;
@@ -162,9 +220,6 @@ VmDirRESTGetLdapSearchParams(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirRESTGetStrParam(pRestOp, "dn", &pszDN, TRUE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirRESTGetStrParam(pRestOp, "scope", &pszScope, FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -257,7 +312,6 @@ VmDirRESTGetLdapSearchParams(
         VMDIR_SAFE_FREE_MEMORY(pPagedResultsCtrl);
     }
 
-    *ppszDN = pszDN;
     *piScope = scope;
     *ppFilter = pFilter;
     *ppbvAttrs = pbvAttrs;
@@ -271,12 +325,209 @@ VmDirRESTGetLdapSearchParams(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    VMDIR_SAFE_FREE_MEMORY(pszDN);
     DeleteFilter(pFilter);
     VMDIR_SAFE_FREE_MEMORY(pbvAttrs);
     VMDIR_SAFE_FREE_MEMORY(pPagedResultsCtrl);
     goto cleanup;
 }
+
+DWORD
+VmDirRESTGetObjectTenantParam(
+    PVDIR_REST_OPERATION    pRestOp,
+    PSTR*                   ppszTenant
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszTenant = NULL;
+
+    if (!pRestOp || !ppszTenant)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirRESTGetStrParam(pRestOp, "tenant", &pszTenant, FALSE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (IsNullOrEmptyString(pszTenant))
+    {
+        dwError = VmDirDomainDNToName(
+                BERVAL_NORM_VAL(gVmdirServerGlobals.systemDomainDN),
+                &pszTenant);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppszTenant = pszTenant;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszTenant);
+    goto cleanup;
+}
+
+/*
+ * Convert filter from ObjectPath format to DN format
+ */
+DWORD
+VmDirRESTFilterObjectToDN(
+    PCSTR           pszTenant,
+    PVDIR_FILTER    pObjectFilter,
+    PVDIR_FILTER*   ppDNFilter
+    )
+{
+    DWORD           dwError = 0;
+    VDIR_BERVALUE   bvFilter = VDIR_BERVALUE_INIT;
+    PVDIR_FILTER    pDNFilter = NULL;
+
+    if (!pszTenant || !pObjectFilter || !ppDNFilter)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirRESTDecodeObjectFilter(pObjectFilter, pszTenant);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // need to convert filter -> string -> filter because
+    // parsing the first filter might have failed
+    dwError = FilterToStrFilter(pObjectFilter, &bvFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = StrFilterToFilter(bvFilter.lberbv.bv_val, &pDNFilter);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppDNFilter = pDNFilter;
+
+cleanup:
+    VmDirFreeBervalContent(&bvFilter);
+    return dwError;
+
+error:
+    DeleteFilter(pDNFilter);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTGetObjectGetParams(
+    PVDIR_REST_OPERATION    pRestOp,
+    PSTR*                   ppszTenant,
+    int*                    piSearchScope,
+    PVDIR_FILTER*           ppFilter,
+    PVDIR_BERVALUE*         ppbvAttrs,
+    PVDIR_LDAP_CONTROL*     ppPagedResultsCtrl
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszTenant = NULL;
+    int     scope = LDAP_SCOPE_BASE;
+
+    PVDIR_FILTER    pFilter = NULL;
+    PVDIR_FILTER    pDecodedFilter = NULL;
+    PVDIR_BERVALUE  pbvAttrs = NULL;
+    PVDIR_LDAP_CONTROL  pPagedResultsCtrl = NULL;
+
+    if (!pRestOp || !ppszTenant || !piSearchScope || !ppFilter || !ppbvAttrs || !ppPagedResultsCtrl)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirRESTRenameParamKey(pRestOp, "searchscope", "scope");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetLdapSearchParams(
+            pRestOp,
+            &scope,
+            &pFilter,
+            &pbvAttrs,
+            &pPagedResultsCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTGetObjectTenantParam(pRestOp, &pszTenant);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pFilter)
+    {
+        dwError = VmDirRESTFilterObjectToDN(pszTenant, pFilter, &pDecodedFilter);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppPagedResultsCtrl = pPagedResultsCtrl;
+    *ppFilter = pDecodedFilter;
+    *ppszTenant = pszTenant;
+    *piSearchScope = scope;
+    *ppbvAttrs = pbvAttrs;
+
+cleanup:
+    DeleteFilter(pFilter);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pPagedResultsCtrl);
+    VMDIR_SAFE_FREE_MEMORY(pszTenant);
+    VMDIR_SAFE_FREE_MEMORY(pbvAttrs);
+    DeleteFilter(pDecodedFilter);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTRenameParamKey(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszOldKey,
+    PCSTR                   pszNewKey
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszNewKeyCp = NULL;
+    LW_HASHMAP_PAIR pair = {NULL, NULL};
+
+    if (IsNullOrEmptyString(pszOldKey) || IsNullOrEmptyString(pszNewKey))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (LwRtlHashMapRemove(pRestOp->pParamMap, (PVOID)pszOldKey, &pair) == 0)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pair.pKey);
+
+        dwError = VmDirAllocateStringA(pszNewKey, &pszNewKeyCp);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = LwRtlHashMapInsert(
+                pRestOp->pParamMap, pszNewKeyCp, pair.pValue, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszNewKeyCp);
+    goto cleanup;
+}
diff --git a/lwraft/server/rest-head/prototypes.h b/lwraft/server/rest-head/prototypes.h
index 7bdef13b3..24d9cb497 100644
--- a/lwraft/server/rest-head/prototypes.h
+++ b/lwraft/server/rest-head/prototypes.h
@@ -12,42 +12,85 @@
  * under the License.
  */
 
-// accesstoken.c
+// auth.c
+DWORD
+VmDirRESTAuth(
+    PVDIR_REST_OPERATION    pRestOp
+    );
+
+DWORD
+VmDirRESTAuthViaBasic(
+    PVDIR_REST_OPERATION    pRestOp
+    );
+
+DWORD
+VmDirRESTAuthViaToken(
+    PVDIR_REST_OPERATION    pRestOp
+    );
+
+// authtoken.c
+DWORD
+VmDirRESTAuthTokenInit(
+    PVDIR_REST_AUTH_TOKEN*  ppAuthToken
+    );
+
 DWORD
-VmDirRESTAccessTokenInit(
-    PVDIR_REST_ACCESS_TOKEN*    ppAccessToken
+VmDirRESTAuthTokenParse(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken,
+    PCSTR                   pszAuthData
     );
 
 DWORD
-VmDirRESTAccessTokenParse(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken,
-    PSTR                    pszAuthData
+VmDirRESTAuthTokenValidate(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken
     );
 
 VOID
-VmDirFreeRESTAccessToken(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken
+VmDirFreeRESTAuthToken(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken
     );
 
-// auth.c
+// cache.c
 DWORD
-VmDirRESTAuth(
-    PVDIR_REST_OPERATION    pRestOp
+VmDirRESTCacheInit(
+    PVDIR_REST_HEAD_CACHE*  ppRestCache
     );
 
 DWORD
-VmDirRESTAuthBasic(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTCacheRefresh(
+    PVDIR_REST_HEAD_CACHE   pRestCache
     );
 
 DWORD
-VmDirRESTAuthToken(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTCacheGetOIDCSigningCertPEM(
+    PVDIR_REST_HEAD_CACHE   pRestCache,
+    PSTR*                   ppszOIDCSigningCertPEM
+    );
+
+DWORD
+VmDirRESTCacheGetBuiltInAdminsGroupSid(
+    PVDIR_REST_HEAD_CACHE   pRestCache,
+    PSID*                   ppBuiltInAdminsGroupSid
+    );
+
+VOID
+VmDirFreeRESTCache(
+    PVDIR_REST_HEAD_CACHE   pRestCache
     );
 
 // decode.c
+DWORD
+VmDirRESTDecodeAttributeNoAlloc(
+    json_t*         pjInput,
+    PVDIR_ATTRIBUTE pAttr
+    );
+
+DWORD
+VmDirRESTDecodeAttribute(
+    json_t*             pjInput,
+    PVDIR_ATTRIBUTE*    ppAttr
+    );
+
 DWORD
 VmDirRESTDecodeEntry(
     json_t*         pjInput,
@@ -55,8 +98,37 @@ VmDirRESTDecodeEntry(
     );
 
 DWORD
-VmDirRESTDecodeMods(
+VmDirRESTDecodeEntryMods(
+    json_t*             pjInput,
+    PVDIR_MODIFICATION* ppMods,
+    DWORD*              pdwNumMods
+    );
+
+DWORD
+VmDirRESTDecodeObjectPathToDN(
+    PCSTR   pszObjPath,
+    PCSTR   pszTenant,
+    PSTR*   ppszDN
+    );
+
+DWORD
+VmDirRESTDecodeObjectFilter(
+    PVDIR_FILTER    pFilter,
+    PCSTR           pszTenant
+    );
+
+DWORD
+VmDirRESTDecodeObject(
+    json_t*         pjInput,
+    PCSTR           pszObjPath,
+    PCSTR           pszTenant,
+    PVDIR_ENTRY*    ppObj
+    );
+
+DWORD
+VmDirRESTDecodeObjectMods(
     json_t*             pjInput,
+    PCSTR               pszTenant,
     PVDIR_MODIFICATION* ppMods,
     DWORD*              pdwNumMods
     );
@@ -82,6 +154,102 @@ VmDirRESTEncodeEntryArray(
     json_t**            ppjOutput
     );
 
+DWORD
+VmDirRESTEncodeDNToObjectPath(
+    PCSTR   pszDN,
+    PCSTR   pszTenant,
+    PSTR*   ppszObjPath
+    );
+
+DWORD
+VmDirRESTEncodeObjectAttribute(
+    PVDIR_ATTRIBUTE pObjAttr,
+    PCSTR           pszTenant,
+    json_t**        ppjOutput
+    );
+
+DWORD
+VmDirRESTEncodeObject(
+    PVDIR_ENTRY     pObj,
+    PVDIR_BERVALUE  pbvAttrs,
+    PCSTR           pszTenant,
+    json_t**        ppjOutput
+    );
+
+DWORD
+VmDirRESTEncodeObjectArray(
+    PVDIR_ENTRY_ARRAY   pObjArray,
+    PVDIR_BERVALUE      pbvAttrs,
+    PCSTR               pszTenant,
+    json_t**            ppjOutput,
+    size_t*             pSkipped
+    );
+
+// etcdapi.c
+DWORD
+VmDirRESTGetEtcdModule(
+    PREST_MODULE*   ppRestModule
+    );
+
+DWORD
+VmDirRESTEtcdPut(
+    void*   pIn,
+    void**  ppOut
+    );
+
+DWORD
+VmDirRESTEtcdGet(
+    void*   pIn,
+    void**  ppOut
+    );
+
+DWORD
+VmDirRESTEtcdDelete(
+    void*   pIn,
+    void**  ppOut
+    );
+
+// handler.c
+DWORD
+VmDirHTTPRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    );
+
+DWORD
+VmDirHTTPSRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    );
+
+DWORD
+VmDirRESTRequestHandlerInternal(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount,
+    BOOLEAN         bHttpRequest
+    );
+
+DWORD
+VmDirRESTProcessRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest,
+    uint32_t                paramsCount
+    );
+
+DWORD
+VmDirRESTWriteSimpleErrorResponse(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_RESPONSE* ppResponse,
+    int             httpStatus
+    );
+
 // httperror.c
 PVDIR_HTTP_ERROR
 VmDirRESTGetHttpError(
@@ -126,6 +294,13 @@ VmDirRESTLdapSetResult(
     PSTR                pszErrMsg
     );
 
+// ldapcontro.c
+DWORD
+VmDirAddCondWriteCtrl(
+    PVDIR_OPERATION pOp,
+    PCSTR           pszCondWriteFilter
+    );
+
 DWORD
 VmDirRESTLdapGetHttpError(
     PVDIR_REST_RESULT   pRestRslt,
@@ -133,12 +308,69 @@ VmDirRESTLdapGetHttpError(
     PSTR*               ppszHttpReason
     );
 
-// libmain.c
+// lightwave.c
 DWORD
-VmDirRESTRequestHandler(
-    PREST_REQUEST   pRequest,
-    PREST_RESPONSE* ppResponse,
-    uint32_t        paramsCount
+VmDirRESTGetLightwaveOIDCSigningCertPEM(
+    PCSTR   pszDCName,
+    PCSTR   pszDomainName,
+    PSTR*   ppszOIDCSigningCertPEM
+    );
+
+DWORD
+VmDirRESTGetLightwaveObjectSid(
+    PCSTR   pszDCName,
+    PCSTR   pszDomainName,
+    PCSTR   pszDN,
+    PSID*   ppSid
+    );
+
+DWORD
+VmDirRESTGetLightwaveBuiltInAdminsGroupSid(
+    PCSTR   pszDCName,
+    PCSTR   pszDomainName,
+    PSID*   ppBuiltInAdminsGroupSid
+    );
+
+// metricsapi.c
+DWORD
+VmDirRESTGetMetricsModule(
+    PREST_MODULE*   ppRestModule
+    );
+
+DWORD
+VmDirRESTMetricsGet(
+    void*   pIn,
+    void**  ppOut
+    );
+
+// objectapi.c
+DWORD
+VmDirRESTGetObjectModule(
+    PREST_MODULE*   ppRestModule
+    );
+
+DWORD
+VmDirRESTObjectPut(
+    void*   pIn,
+    void**  ppOut
+    );
+
+DWORD
+VmDirRESTObjectGet(
+    void*   pIn,
+    void**  ppOut
+    );
+
+DWORD
+VmDirRESTObjectPatch(
+    void*   pIn,
+    void**  ppOut
+    );
+
+DWORD
+VmDirRESTObjectDelete(
+    void*   pIn,
+    void**  ppOut
     );
 
 // operation.c
@@ -150,6 +382,7 @@ VmDirRESTOperationCreate(
 DWORD
 VmDirRESTOperationReadRequest(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_REQUEST           pRestReq,
     DWORD                   dwParamCount
     );
@@ -157,6 +390,7 @@ VmDirRESTOperationReadRequest(
 DWORD
 VmDirRESTOperationWriteResponse(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_RESPONSE*         ppResponse
     );
 
@@ -169,7 +403,7 @@ VmDirFreeRESTOperation(
 DWORD
 VmDirRESTGetStrParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PSTR*                   ppszVal,
     BOOLEAN                 bRequired
     );
@@ -177,15 +411,23 @@ VmDirRESTGetStrParam(
 DWORD
 VmDirRESTGetIntParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     int*                    piVal,
     BOOLEAN                 bRequired
     );
 
+DWORD
+VmDirRESTGetBoolParam(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszKey,
+    BOOLEAN*                pbVal,
+    BOOLEAN                 bRequired
+    );
+
 DWORD
 VmDirRESTGetStrListParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PVMDIR_STRING_LIST*     ppValList,
     BOOLEAN                 bRequired
     );
@@ -193,22 +435,46 @@ VmDirRESTGetStrListParam(
 DWORD
 VmDirRESTGetLdapSearchParams(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR*                   ppszDN,
     int*                    piScope,
     PVDIR_FILTER*           ppFilter,
     PVDIR_BERVALUE*         ppbvAttrs,
     PVDIR_LDAP_CONTROL*     ppPagedResultsCtrl
     );
 
-// resource.c
-VDIR_REST_RESOURCE_TYPE
-VmDirRESTGetEndpointRscType(
-    PSTR    pszEndpoint
+DWORD
+VmDirRESTGetObjectTenantParam(
+    PVDIR_REST_OPERATION    pRestOp,
+    PSTR*                   ppszTenant
+    );
+
+DWORD
+VmDirRESTGetObjectGetParams(
+    PVDIR_REST_OPERATION    pRestOp,
+    PSTR*                   ppszTenant,
+    int*                    piSearchScope,
+    PVDIR_FILTER*           ppFilter,
+    PVDIR_BERVALUE*         ppbvAttrs,
+    PVDIR_LDAP_CONTROL*     ppPagedResultsCtrl
+    );
+
+DWORD
+VmDirRESTRenameParamKey(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszOldKey,
+    PCSTR                   pszNewKey
+    );
+
+DWORD
+VmDirRESTFilterObjectToDN(
+    PCSTR           pszTenant,
+    PVDIR_FILTER    pObjectFilter,
+    PVDIR_FILTER*   ppDNFilter
     );
 
+// resource.c
 PVDIR_REST_RESOURCE
 VmDirRESTGetResource(
-    VDIR_REST_RESOURCE_TYPE rscType
+    PSTR    pszPath
     );
 
 DWORD
@@ -239,6 +505,11 @@ VmDirRESTResultSetError(
     PSTR                pszErrMsg
     );
 
+DWORD
+VmDirRESTResultUnsetError(
+    PVDIR_REST_RESULT   pRestRslt
+    );
+
 DWORD
 VmDirRESTResultSetStrData(
     PVDIR_REST_RESULT   pRestRslt,
@@ -271,3 +542,41 @@ VOID
 VmDirFreeRESTResult(
     PVDIR_REST_RESULT   pRestRslt
     );
+
+// vmafd.c
+DWORD
+VmDirRESTLoadVmAfdAPI(
+    PVDIR_VMAFD_API*    ppVmAfdAPI
+    );
+
+VOID
+VmDirRESTUnloadVmAfdAPI(
+    PVDIR_VMAFD_API pVmAfdAPI
+    );
+
+// proxy.c
+DWORD
+VmDirRESTForwardRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    uint32_t                dwParamCount,
+    PREST_REQUEST           pRequest,
+    PVMREST_HANDLE          pRESTHandle,
+    BOOLEAN                 bHttpRequest
+    );
+
+DWORD
+VmDirRESTWriteProxyResponse(
+    PVDIR_REST_OPERATION     pRestOp,
+    PREST_RESPONSE*          ppResponse,
+    PVMREST_HANDLE           pRESTHandle
+    );
+
+DWORD
+VmDirRESTCreateProxyResult(
+    PVDIR_PROXY_RESULT*      ppProxyresult
+    );
+
+VOID
+VmDirFreeProxyResult(
+    PVDIR_PROXY_RESULT       pProxyResult
+    );
diff --git a/lwraft/server/rest-head/proxy.c b/lwraft/server/rest-head/proxy.c
new file mode 100644
index 000000000..f27077da6
--- /dev/null
+++ b/lwraft/server/rest-head/proxy.c
@@ -0,0 +1,804 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+_VmDirRESTProxyResultGetHttpCode(
+    PVDIR_PROXY_RESULT  pProxyResult,
+    DWORD*              pdwHttpCode
+    );
+
+static
+VOID
+_VmDirSetProxyResult(
+    PVDIR_REST_OPERATION    pRestOp,
+    DWORD                   statusCode,
+    DWORD                   dwInError,
+    DWORD                   dwCurlError
+    );
+
+static
+DWORD
+_VmDirRESTFormHttpURL(
+    PVDIR_REST_OPERATION    pRestOp,
+    PSTR                    pszLeader,
+    BOOLEAN                 bHttpRequest,
+    PSTR*                   ppszURL
+    );
+
+static
+DWORD
+_VmDirRESTFormEncodedParam(
+    PSTR    pszKey,
+    PSTR    pszValue,
+    PSTR    *ppEncodedParam
+    );
+
+static
+DWORD
+_VmDirRESTProxyReadRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest,
+    DWORD                   dwParamCount
+    );
+
+static
+size_t
+_VmDirRESTWriteResponseCallback(
+    PVOID   pMemPointer,
+    size_t  responseSize,
+    size_t  memorySize,
+    PVOID   pContext
+    );
+
+static
+DWORD
+_VmDirRESTCurlToHttpCode(
+        DWORD   dwCurlError
+        );
+
+DWORD
+VmDirRESTForwardRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    uint32_t                dwParamCount,
+    PREST_REQUEST           pRequest,
+    PVMREST_HANDLE          pRESTHandle,
+    BOOLEAN                 bHttpRequest
+    )
+{
+    DWORD                   dwError = 0;
+    DWORD                   dwCurlError = 0;
+    DWORD                   statusCode = 0;
+    CURL*                   pCurlHandle = NULL;
+    PSTR                    pszURL = NULL;
+    PSTR                    pszLeader = NULL;
+    PSTR                    pszAuthHeader = NULL;
+    PSTR                    pszIfMatchHeader = NULL;
+    PSTR                    pszContentHeader = NULL;
+    struct curl_slist*      pHeaders = NULL;
+    uint64_t                uiStartTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
+
+    if (!pRestOp || !pRequest || !pRESTHandle)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirRESTProxyReadRequest(
+            pRestOp, pRESTHandle, pRequest, dwParamCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Get the leader for forwarding if leader not set no use of proceeding
+    dwError = VmDirRaftGetLeader(&pszLeader);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!pszLeader)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NO_LEADER);
+    }
+
+    pCurlHandle = curl_easy_init();
+    if (!pCurlHandle)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_CURL_FAILED_INIT);
+    }
+
+    if (bHttpRequest == TRUE)
+    {
+        dwCurlError = curl_easy_setopt(
+                pCurlHandle,
+                CURLOPT_PROTOCOLS,
+                CURLPROTO_HTTP);
+        BAIL_ON_CURL_ERROR(dwCurlError);
+    }
+    else
+    {
+        dwCurlError = curl_easy_setopt(
+                pCurlHandle,
+                CURLOPT_PROTOCOLS,
+                CURLPROTO_HTTPS);
+        BAIL_ON_CURL_ERROR(dwCurlError);
+
+        //Skip Peer verification
+        curl_easy_setopt(pCurlHandle, CURLOPT_SSL_VERIFYPEER, FALSE);
+        BAIL_ON_CURL_ERROR(dwCurlError);
+
+        //Skip Host Verification
+        curl_easy_setopt(pCurlHandle, CURLOPT_SSL_VERIFYHOST, FALSE);
+        BAIL_ON_CURL_ERROR(dwCurlError);
+    }
+
+    // If Authorization exists
+    if (pRestOp->pszAuth && VmDirStringLenA(pRestOp->pszAuth) != 0)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszAuthHeader,
+                "Authorization: %s",
+                pRestOp->pszAuth);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pHeaders = curl_slist_append(pHeaders, pszAuthHeader);
+        if (!pHeaders)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_CURL_NULLSLIST);
+        }
+    }
+    // If If-Match exists
+    if (pRestOp->pszHeaderIfMatch && VmDirStringLenA(pRestOp->pszHeaderIfMatch) != 0)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszIfMatchHeader,
+                "If-Match: %s",
+                pRestOp->pszHeaderIfMatch);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pHeaders = curl_slist_append(pHeaders, pszIfMatchHeader);
+        if (!pHeaders)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_CURL_NULLSLIST);
+        }
+    }
+    // Content-type header
+    if (pRestOp->pszContentType && VmDirStringLenA(pRestOp->pszContentType))
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszContentHeader,
+                "Content-Type: %s",
+                pRestOp->pszContentType);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pHeaders = curl_slist_append(pHeaders, pszContentHeader);
+        if (!pHeaders)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_CURL_NULLSLIST);
+        }
+    }
+    dwCurlError = curl_easy_setopt(
+            pCurlHandle,
+            CURLOPT_HTTPHEADER,
+            pHeaders);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    // Add the payload if exists
+    if(pRestOp->pszInput && VmDirStringLenA(pRestOp->pszInput) != 0)
+    {
+        dwCurlError = curl_easy_setopt(
+                pCurlHandle,
+                CURLOPT_POSTFIELDS,
+                pRestOp->pszInput);
+        BAIL_ON_CURL_ERROR(dwCurlError);
+
+        dwCurlError = curl_easy_setopt(
+                pCurlHandle,
+                CURLOPT_POSTFIELDSIZE,
+                VmDirStringLenA(pRestOp->pszInput));
+        BAIL_ON_CURL_ERROR(dwCurlError);
+    }
+
+    // set http URL
+    dwError = _VmDirRESTFormHttpURL(
+            pRestOp,
+            pszLeader,
+            bHttpRequest,
+            &pszURL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwCurlError = curl_easy_setopt(pCurlHandle, CURLOPT_URL, pszURL);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    // set the appropiate method
+    dwCurlError = curl_easy_setopt(pCurlHandle, CURLOPT_CUSTOMREQUEST, pRestOp->pszMethod);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    // set writeback function and data type
+    dwCurlError = curl_easy_setopt(
+            pCurlHandle,
+            CURLOPT_WRITEFUNCTION,
+            _VmDirRESTWriteResponseCallback);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    dwCurlError = curl_easy_setopt(
+            pCurlHandle,
+            CURLOPT_WRITEDATA,
+            pRestOp->pProxyResult);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    // Set timeout for curl request
+    dwCurlError = curl_easy_setopt(
+            pCurlHandle,
+            CURLOPT_TIMEOUT,
+            gVmdirGlobals.dwProxyCurlTimeout);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    // send the request to leader
+    dwCurlError = curl_easy_perform(pCurlHandle);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+    VMDIR_LOG_INFO(
+            VMDIR_LOG_MASK_ALL,
+            "Proxy forwarding done to leader: %s time taken: %d milliseconds",
+            pszLeader,
+            VMDIR_RESPONSE_TIME(VmDirGetTimeInMilliSec()-uiStartTime));
+    // set error
+    dwCurlError = curl_easy_getinfo(pCurlHandle, CURLINFO_RESPONSE_CODE, &statusCode);
+    BAIL_ON_CURL_ERROR(dwCurlError);
+
+cleanup:
+    _VmDirSetProxyResult(
+            pRestOp, statusCode, dwError, dwCurlError);
+
+    curl_slist_free_all(pHeaders);
+    curl_easy_cleanup(pCurlHandle);
+
+    VMDIR_SAFE_FREE_STRINGA(pszURL);
+    VMDIR_SAFE_FREE_STRINGA(pszLeader);
+    VMDIR_SAFE_FREE_STRINGA(pszAuthHeader);
+    VMDIR_SAFE_FREE_STRINGA(pszIfMatchHeader);
+    VMDIR_SAFE_FREE_STRINGA(pszContentHeader);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s Failed with error: %d curl error: %d, time taken %d for leader: %s",
+            __FUNCTION__,
+            dwError,
+            dwCurlError,
+            VMDIR_RESPONSE_TIME(VmDirGetTimeInMilliSec()-uiStartTime),
+            pszLeader ? pszLeader : "");
+    goto cleanup;
+
+curlerror:
+    dwError = VmDirCurlToDirError(dwCurlError);
+    goto error;
+}
+
+DWORD
+VmDirRESTWriteProxyResponse(
+    PVDIR_REST_OPERATION     pRestOp,
+    PREST_RESPONSE*          ppResponse,
+    PVMREST_HANDLE           pRESTHandle
+    )
+{
+    DWORD               dwError = 0;
+    DWORD               bytesWritten = 0;
+    DWORD               dwHttpErrorCode = 0;
+    PSTR                pszBodyLen = NULL;
+    PVDIR_HTTP_ERROR    pHttpError = NULL;
+    size_t              sentLen = 0;
+
+    if (!pRestOp || !ppResponse || !pRESTHandle )
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmRESTSetHttpStatusVersion(ppResponse, "HTTP/1.1");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirRESTProxyResultGetHttpCode(pRestOp->pProxyResult, &dwHttpErrorCode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pHttpError = VmDirRESTGetHttpError(dwHttpErrorCode);
+
+    dwError = VmRESTSetHttpStatusCode(ppResponse, pHttpError->pszHttpStatus);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpReasonPhrase(ppResponse, pHttpError->pszHttpReason);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "application/json");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(&pszBodyLen, "%ld", pRestOp->pProxyResult->dwResponseLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetDataLength(
+            ppResponse,
+            pRestOp->pProxyResult->dwResponseLen > MAX_REST_PAYLOAD_LENGTH ? NULL : pszBodyLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    do
+    {
+        size_t chunkLen = pRestOp->pProxyResult->dwResponseLen > MAX_REST_PAYLOAD_LENGTH ?
+            MAX_REST_PAYLOAD_LENGTH : pRestOp->pProxyResult->dwResponseLen;
+
+        dwError = VmRESTSetData(
+                pRESTHandle,
+                ppResponse,
+                VDIR_SAFE_STRING(pRestOp->pProxyResult->pResponse) + sentLen,
+                chunkLen,
+                &bytesWritten);
+        sentLen += bytesWritten;
+        pRestOp->pProxyResult->dwResponseLen -= bytesWritten;
+    }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszBodyLen);
+    return dwError;
+
+error:
+    goto cleanup;
+
+}
+
+DWORD
+VmDirRESTCreateProxyResult(
+    PVDIR_PROXY_RESULT* ppProxyResult
+    )
+{
+    DWORD               dwError = 0;
+    PVDIR_PROXY_RESULT  pProxyResult = NULL;
+
+    if (!ppProxyResult)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_PROXY_RESULT), (PVOID*)&pProxyResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pProxyResult->dwResponseLen = 0;
+    *ppProxyResult = pProxyResult;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed , error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeProxyResult(pProxyResult);
+    goto cleanup;
+}
+
+VOID
+VmDirFreeProxyResult(
+    PVDIR_PROXY_RESULT pProxyResult
+    )
+{
+    if (pProxyResult)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pProxyResult->pResponse);
+        VMDIR_SAFE_FREE_MEMORY(pProxyResult);
+    }
+}
+
+static
+DWORD
+_VmDirRESTProxyResultGetHttpCode(
+    PVDIR_PROXY_RESULT  pProxyResult,
+    DWORD*              pdwHttpCode
+    )
+{
+    DWORD dwError = 0;
+
+    if (!pProxyResult)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (pProxyResult->statusCode)
+    {
+        *pdwHttpCode = pProxyResult->statusCode;
+    }
+    else if(pProxyResult->dwCurlError)
+    {
+        *pdwHttpCode = _VmDirRESTCurlToHttpCode(pProxyResult->dwCurlError);
+    }
+    else
+    {
+        *pdwHttpCode = 500;
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirSetProxyResult(
+    PVDIR_REST_OPERATION    pRestOp,
+    DWORD                   statusCode,
+    DWORD                   dwInError,
+    DWORD                   dwCurlError
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestOp)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    pRestOp->pProxyResult->dwError = dwInError;
+    pRestOp->pProxyResult->dwCurlError = dwCurlError;
+    pRestOp->pProxyResult->statusCode = statusCode;
+
+cleanup:
+    return;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "VmDirSetProxyResult failed : %d",
+            dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirRESTFormHttpURL(
+    PVDIR_REST_OPERATION    pRestOp,
+    PSTR                    pszLeader,
+    BOOLEAN                 bHttpRequest,
+    PSTR*                   ppszURL
+    )
+{
+    DWORD               dwError = 0;
+    DWORD               currQueryLen = 0;
+    DWORD               portNumber = 0;
+    PSTR                pszURL = NULL;
+    PSTR                pszQuery = NULL;
+    PSTR                pszEncodedParam = NULL;
+    PSTR                pszRequest = NULL;
+    LW_HASHMAP_ITER     iter = LW_HASHMAP_ITER_INIT;
+    LW_HASHMAP_PAIR     pair = {NULL, NULL};
+
+    if (!pRestOp || !ppszURL || !pszLeader)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // append parameters to query
+    while(LwRtlHashMapIterate(pRestOp->pParamMap, &iter, &pair))
+    {
+        dwError = _VmDirRESTFormEncodedParam((PSTR)pair.pKey, (PSTR)pair.pValue, &pszEncodedParam);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // readjust size of query
+        dwError = VmDirReallocateMemoryWithInit(
+                (PVOID)pszQuery,
+                (PVOID*)&pszQuery,
+                currQueryLen + VmDirStringLenA(pszEncodedParam) + 2, // +2 for & and \0
+                currQueryLen);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // Copy parameter
+        dwError = VmDirStringCpyA(
+                &pszQuery[currQueryLen],
+                VmDirStringLenA(pszEncodedParam) + 1,
+                pszEncodedParam);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        currQueryLen = VmDirStringLenA(pszQuery);
+        pszQuery[currQueryLen++] = '&';
+        VMDIR_SAFE_FREE_MEMORY(pszEncodedParam);
+    }
+
+    if(pszQuery)
+    {
+        // Remove the trailing &
+        pszQuery[currQueryLen-1] = '\0';
+    }
+
+    if (bHttpRequest == TRUE)
+    {
+        portNumber = DEFAULT_HTTP_PORT_NUM;
+        pszRequest = "http";
+    }
+    else
+    {
+        portNumber = DEFAULT_HTTPS_PORT_NUM;
+        pszRequest = "https";
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszURL,
+            "%s://%s:%d%s%s%s",
+            pszRequest,
+            pszLeader,
+            portNumber,
+            pRestOp->pszPath,
+            pszQuery ? "?" : "",
+            VDIR_SAFE_STRING(pszQuery));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszURL = pszURL;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszQuery);
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszEncodedParam);
+    VMDIR_SAFE_FREE_STRINGA(pszURL);
+    goto cleanup;
+
+}
+
+// Would be avoided if c-rest-engine provides a way to
+// get the encoded uri - 1972913
+static
+DWORD
+_VmDirRESTFormEncodedParam(
+    PSTR    pszKey,
+    PSTR    pszValue,
+    PSTR    *ppEncodedParam
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    DWORD   j = 0;
+    PSTR    pEncodedParam = NULL;
+    PSTR    pEncodedValue = NULL;
+    char    currchar;
+
+    if (!pszKey || !pszValue || !ppEncodedParam)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // memory considering all characters are encoded
+    // For example "=" is encoded as "%3D"
+    // So each encoded character expands into 3 characters
+
+    dwError = VmDirAllocateMemory(
+            VmDirStringLenA(pszValue)*3 + 1, // +1 for \0
+            (PVOID*)&pEncodedValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    while(pszValue[i] != '\0')
+    {
+        currchar = pszValue[i++];
+        if ((currchar >= 'a' && currchar <= 'z') ||
+                (currchar >= 'A' && currchar <= 'Z') ||
+                (currchar >= '0' && currchar <= '9') ||
+                (currchar >= 39 && currchar <= 42) ||
+                (currchar >= 45 && currchar <= 46) ||
+                (currchar == 33) ||
+                (currchar == 95) ||
+                (currchar == 126))
+        {
+            pEncodedValue[j++] = currchar;
+        }
+        else
+        {
+            pEncodedValue[j++] = '%';
+            sprintf(pEncodedValue + j, "%02X", currchar);
+            j += 2;
+        }
+    }
+    dwError = VmDirAllocateStringPrintf(
+            &pEncodedParam,
+            "%s=%s",
+            pszKey,
+            pEncodedValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppEncodedParam = pEncodedParam;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pEncodedValue);
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pEncodedParam);
+    goto cleanup;
+
+}
+
+static
+DWORD
+_VmDirRESTProxyReadRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest,
+    DWORD                   dwParamCount
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   bytesRead = 0;
+    DWORD   len = 0;
+    DWORD   i = 0;
+    PSTR    pszInput = NULL;
+    PSTR    pszTmp = NULL;
+    PSTR    pszKey = NULL;
+    PSTR    pszVal = NULL;
+
+    if (!pRestOp || !pRESTHandle || !pRequest)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // request method
+    dwError = VmRESTGetHttpMethod(pRequest, &pRestOp->pszMethod);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // request URI
+    dwError = VmRESTGetHttpURI(pRequest, &pRestOp->pszPath);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszTmp = VmDirStringChrA(pRestOp->pszPath, '?');
+    if (pszTmp)
+    {
+        *pszTmp = '\0';
+    }
+
+    // auth header
+    dwError = VmRESTGetHttpHeader(pRequest, VMDIR_REST_HEADER_AUTHENTICATION, &pRestOp->pszAuth);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // if-match
+    dwError = VmRESTGetHttpHeader(pRequest, VMDIR_REST_HEADER_IF_MATCH, &pRestOp->pszHeaderIfMatch);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Content-type
+    dwError = VmRESTGetHttpHeader(pRequest, VMDIR_REST_HEADER_CONTENT_TYPE, &pRestOp->pszContentType);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // read request input json
+    do
+    {
+        if (bytesRead || !pszInput)
+        {
+            dwError = VmDirReallocateMemoryWithInit(
+                    (PVOID)pszInput,
+                    (PVOID*)&pszInput,
+                    len + MAX_REST_PAYLOAD_LENGTH + 1,  // +1 for NULL char
+                    len);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        bytesRead = 0;
+        dwError = VmRESTGetData(
+                pRESTHandle, pRequest, pszInput + len, &bytesRead);
+
+        len += bytesRead;
+    }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pRestOp->pszInput = pszInput;
+
+    // Read request params
+    for (i = 1; i <= dwParamCount; i++)
+    {
+        dwError = VmRESTGetParamsByIndex(pRequest, dwParamCount, i, &pszKey, &pszVal);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = LwRtlHashMapInsert(pRestOp->pParamMap, pszKey, pszVal, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszKey = NULL;
+        pszVal = NULL;
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszInput);
+    goto cleanup;
+}
+
+static
+size_t
+_VmDirRESTWriteResponseCallback(
+    PVOID   pMemPointer,
+    size_t  responseSize,
+    size_t  memorySize,
+    PVOID   pContext
+    )
+{
+    DWORD                       dwError = 0;
+    size_t                      bytesRead = responseSize * memorySize;
+    PVDIR_PROXY_RESULT          pProxyResult = NULL;
+
+    if (!pMemPointer || !pContext)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    pProxyResult = (PVDIR_PROXY_RESULT)pContext;
+
+    dwError = VmDirReallocateMemoryWithInit(
+            (PVOID)pProxyResult->pResponse,
+            (PVOID*)&pProxyResult->pResponse,
+            pProxyResult->dwResponseLen + bytesRead + 1,
+            pProxyResult->dwResponseLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCopyMemory(
+            (PVOID)&pProxyResult->pResponse[pProxyResult->dwResponseLen],
+            bytesRead,
+            pMemPointer,
+            bytesRead);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pProxyResult->dwResponseLen += bytesRead;
+
+cleanup:
+    return bytesRead;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "Proxy writeback failed with error: %d!",
+            dwError);
+    bytesRead = 0;
+    goto cleanup;
+
+}
+
+static
+DWORD
+_VmDirRESTCurlToHttpCode(
+    DWORD   dwCurlError
+    )
+{
+    DWORD httpStatus = 0;
+
+    switch(dwCurlError)
+    {
+        case CURLE_COULDNT_RESOLVE_PROXY:
+        case CURLE_COULDNT_RESOLVE_HOST:
+        case CURLE_COULDNT_CONNECT:
+            httpStatus = HTTP_NETWORK_CONNECT_TIMEOUT_ERROR;
+            break;
+
+        case CURLE_URL_MALFORMAT:
+            httpStatus = HTTP_BAD_REQUEST;
+            break;
+
+        case CURLE_OPERATION_TIMEDOUT:
+            httpStatus = HTTP_REQUEST_TIMEOUT;
+            break;
+
+        default:
+            httpStatus = HTTP_INTERNAL_SERVER_ERROR;
+    }
+
+    return httpStatus;
+}
diff --git a/lwraft/server/rest-head/resource.c b/lwraft/server/rest-head/resource.c
index 25de249b8..b659df7ee 100644
--- a/lwraft/server/rest-head/resource.c
+++ b/lwraft/server/rest-head/resource.c
@@ -14,48 +14,89 @@
 
 #include "includes.h"
 
-static VDIR_REST_RESOURCE_ENDPOINT rsourceEndpoints[] =
-{
-    {VDIR_REST_RSC_LDAP,    "/v1/lwraft/ldap"},
-    {VDIR_REST_RSC_UNKNOWN, NULL}
-};
-
 static VDIR_REST_RESOURCE resources[VDIR_REST_RSC_COUNT] =
 {
-    {VDIR_REST_RSC_LDAP,    VmDirRESTLdapSetResult,     VmDirRESTLdapGetHttpError,      "error-code",   "error-message"},
-    {VDIR_REST_RSC_UNKNOWN, VmDirRESTUnknownSetResult,  VmDirRESTUnknownGetHttpError,   NULL,           NULL}
-};
-
-VDIR_REST_RESOURCE_TYPE
-VmDirRESTGetEndpointRscType(
-    PSTR    pszEndpoint
-    )
-{
-    DWORD i = 0;
-
-    for (i = 0; rsourceEndpoints[i].pszEndpoint; i++)
     {
-        if (VmDirStringCompareA(
-                rsourceEndpoints[i].pszEndpoint, pszEndpoint, FALSE) == 0)
-        {
-            break;
-        }
+        VDIR_REST_RSC_LDAP,
+        VMDIR_V1_LDAP_RESOURCE,
+        FALSE,
+        VmDirRESTLdapSetResult,
+        VmDirRESTLdapGetHttpError,
+        "error_code",
+        "error_message"
+    },
+    {
+        VDIR_REST_RSC_OBJECT,
+        VMDIR_V1_OBJ_RESOURCE,
+        TRUE,
+        VmDirRESTLdapSetResult,
+        VmDirRESTLdapGetHttpError,
+        "error_code",
+        "error_message"
+    },
+    {
+        VDIR_REST_RSC_ETCD,
+        "/v1/post/etcd",
+        TRUE,
+        VmDirRESTLdapSetResult,
+        VmDirRESTLdapGetHttpError,
+        "code",
+        "error"
+    },
+    {
+        VDIR_REST_RSC_METRICS,
+        "/v1/post/metrics",
+        FALSE,
+        VmDirRESTUnknownSetResult,
+        VmDirRESTUnknownGetHttpError,
+        "error_code",
+        "error_message"
+    },
+    {
+        VDIR_REST_RSC_UNKNOWN,
+        NULL,
+        FALSE,
+        VmDirRESTUnknownSetResult,
+        VmDirRESTUnknownGetHttpError,
+        NULL,
+        NULL
     }
-
-    return rsourceEndpoints[i].rscType;
-}
+};
 
 PVDIR_REST_RESOURCE
 VmDirRESTGetResource(
-    VDIR_REST_RESOURCE_TYPE rscType
+    PSTR    pszPath
     )
 {
-    if (rscType > VDIR_REST_RSC_UNKNOWN)
+    DWORD   i = 0;
+    BOOLEAN bValidPath = FALSE;
+
+    bValidPath = !IsNullOrEmptyString(pszPath);
+
+    for (i = 0; resources[i].pszEndpoint; i++)
     {
-        return &resources[VDIR_REST_RSC_UNKNOWN];
+        if (bValidPath)
+        {
+            if (resources[i].bIsEndpointPrefix)
+            {
+                if (VmDirStringStartsWith(
+                        pszPath, resources[i].pszEndpoint, FALSE))
+                {
+                    break;
+                }
+            }
+            else
+            {
+                if (VmDirStringCompareA(
+                        pszPath, resources[i].pszEndpoint, FALSE) == 0)
+                {
+                    break;
+                }
+            }
+        }
     }
 
-    return &resources[rscType];
+    return &resources[i];
 }
 
 DWORD
@@ -81,8 +122,12 @@ VmDirRESTUnknownSetResult(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -127,7 +172,11 @@ VmDirRESTUnknownGetHttpError(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
diff --git a/lwraft/server/rest-head/result.c b/lwraft/server/rest-head/result.c
index 32ca6462d..95fdb08e5 100644
--- a/lwraft/server/rest-head/result.c
+++ b/lwraft/server/rest-head/result.c
@@ -47,8 +47,11 @@ VmDirRESTResultCreate(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeRESTResult(pRestRslt);
     goto cleanup;
@@ -84,8 +87,42 @@ VmDirRESTResultSetError(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTResultUnsetError(
+    PVDIR_REST_RESULT   pRestRslt
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestRslt)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    VMDIR_SAFE_FREE_MEMORY(pRestRslt->pszErrMsg);
+    pRestRslt->pszErrMsg = NULL;
+    pRestRslt->errCode = 0;
+    pRestRslt->bErrSet = FALSE;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -112,8 +149,12 @@ VmDirRESTResultSetStrData(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -133,8 +174,12 @@ VmDirRESTResultSetIntData(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -164,8 +209,11 @@ VmDirRESTResultSetObjData(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VMDIR_SAFE_FREE_MEMORY(pszKeyCp);
     goto cleanup;
@@ -223,7 +271,7 @@ VmDirRESTResultToResponseBody(
 
     if (json_object_size(pjBody))
     {
-        pszBody = json_dumps(pjBody, JSON_INDENT(4));
+        pszBody = json_dumps(pjBody, JSON_COMPACT);
         *ppszBody = pszBody;
     }
 
@@ -235,8 +283,11 @@ VmDirRESTResultToResponseBody(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VMDIR_SAFE_FREE_MEMORY(pszBody);
     goto cleanup;
@@ -267,6 +318,7 @@ VmDirFreeRESTResult(
         VMDIR_SAFE_FREE_MEMORY(pRestRslt->pszErrMsg);
         LwRtlHashMapClear(pRestRslt->pDataMap, _DataMapPairFree, NULL);
         LwRtlFreeHashMap(&pRestRslt->pDataMap);
+        VMDIR_SAFE_FREE_STRINGA(pRestRslt->pszData);
         VMDIR_SAFE_FREE_MEMORY(pRestRslt);
     }
 }
diff --git a/lwraft/server/rest-head/structs.h b/lwraft/server/rest-head/structs.h
index bcfdd0334..a6bf5cf33 100644
--- a/lwraft/server/rest-head/structs.h
+++ b/lwraft/server/rest-head/structs.h
@@ -12,9 +12,20 @@
  * under the License.
  */
 
+typedef enum
+{
+    VDIR_REST_AUTH_METHOD_UNDEF,
+    VDIR_REST_AUTH_METHOD_BASIC,
+    VDIR_REST_AUTH_METHOD_TOKEN
+
+} VDIR_REST_AUTH_METHOD;
+
 typedef enum
 {
     VDIR_REST_RSC_LDAP,
+    VDIR_REST_RSC_OBJECT,
+    VDIR_REST_RSC_ETCD,
+    VDIR_REST_RSC_METRICS,
     VDIR_REST_RSC_UNKNOWN,
     VDIR_REST_RSC_COUNT,
 
@@ -25,6 +36,8 @@ typedef struct _VDIR_REST_RESULT
     int         errCode;
     PSTR        pszErrMsg;
     PLW_HASHMAP pDataMap;
+    PSTR        pszData;
+    DWORD       dwDataLen;
     BOOLEAN     bErrSet;
 
 } VDIR_REST_RESULT, *PVDIR_REST_RESULT;
@@ -45,6 +58,8 @@ typedef DWORD (*PFN_GET_HTTP_ERROR)(
 typedef struct _VDIR_REST_RESOURCE
 {
     VDIR_REST_RESOURCE_TYPE rscType;
+    PCSTR                   pszEndpoint;
+    BOOLEAN                 bIsEndpointPrefix;
     PFN_SET_RESULT          pfnSetResult;
     PFN_GET_HTTP_ERROR      pfnGetHttpError;
     PCSTR                   pszErrCodeKey;
@@ -52,33 +67,51 @@ typedef struct _VDIR_REST_RESOURCE
 
 } VDIR_REST_RESOURCE, *PVDIR_REST_RESOURCE;
 
+// proxy.c
+typedef struct _VDIR_PROXY_RESULT
+{
+    DWORD   statusCode;
+    DWORD   dwError;
+    DWORD   dwCurlError;
+    PSTR    pResponse;
+    DWORD   dwResponseLen;
+
+} VDIR_PROXY_RESULT, *PVDIR_PROXY_RESULT;
+
 typedef struct _VDIR_REST_OPERATION
 {
-    PSTR                pszAuth;
-    PSTR                pszMethod;
-    PSTR                pszEndpoint;
-    json_t*             pjInput;
-    PLW_HASHMAP         pParamMap;
-    PVDIR_CONNECTION    pConn;
-    PVDIR_REST_RESULT   pResult;
-    PVDIR_REST_RESOURCE pResource;
+    PSTR                    pszAuth;
+    PSTR                    pszMethod;
+    PSTR                    pszPath;
+    PSTR                    pszSubPath;
+    PSTR                    pszHeaderIfMatch;
+    PSTR                    pszContentType;
+    PSTR                    pszInput;
+    json_t*                 pjInput;
+    PLW_HASHMAP             pParamMap;
+    VDIR_REST_AUTH_METHOD   authMthd;
+    PVDIR_CONNECTION        pConn;
+    PVDIR_REST_RESULT       pResult;
+    PVDIR_REST_RESOURCE     pResource;
+    PVDIR_PROXY_RESULT      pProxyResult;
 
 } VDIR_REST_OPERATION, *PVDIR_REST_OPERATION;
 
-// accesstoken.c
+// authtoken.c
 typedef enum
 {
-    VDIR_REST_ACCESS_TOKEN_BEARER,
-    VDIR_REST_ACCESS_TOKEN_HOTK
+    VDIR_REST_AUTH_TOKEN_BEARER,
+    VDIR_REST_AUTH_TOKEN_HOTK
 
-} VDIR_REST_ACCESS_TOKEN_TYPE;
+} VDIR_REST_AUTH_TOKEN_TYPE;
 
-typedef struct _VDIR_REST_ACCESS_TOKEN
+typedef struct _VDIR_REST_AUTH_TOKEN
 {
-    VDIR_REST_ACCESS_TOKEN_TYPE tokenType;
+    VDIR_REST_AUTH_TOKEN_TYPE   tokenType;
+    PSTR                        pszAccessToken;
     PSTR                        pszBindUPN;
 
-} VDIR_REST_ACCESS_TOKEN, *PVDIR_REST_ACCESS_TOKEN;
+} VDIR_REST_AUTH_TOKEN, *PVDIR_REST_AUTH_TOKEN;
 
 // httperror.c
 typedef struct _VDIR_HTTP_ERROR
@@ -89,10 +122,37 @@ typedef struct _VDIR_HTTP_ERROR
 
 } VDIR_HTTP_ERROR, *PVDIR_HTTP_ERROR;
 
-// resource.c
-typedef struct _VDIR_REST_RESOURCE_ENDPOINT
+// vmafd.c
+typedef DWORD (*PFN_VMAFD_GET_DC_NAME)(
+        PCSTR,
+        PSTR*
+        );
+
+typedef DWORD (*PFN_VMAFD_GET_DOMAIN_NAME)(
+        PCSTR,
+        PSTR*
+        );
+
+typedef DWORD (*PFN_VMAFD_GET_MACHINE_ACCOUNT_INFO)(
+        PCSTR,
+        PSTR*,
+        PSTR*
+        );
+
+typedef struct _VDIR_VMAFD_API
 {
-    VDIR_REST_RESOURCE_TYPE rscType;
-    PCSTR                   pszEndpoint;
+    VMDIR_LIB_HANDLE                    pVmAfdLib;
+    PFN_VMAFD_GET_DC_NAME               pfnGetDCName;
+    PFN_VMAFD_GET_DOMAIN_NAME           pfnGetDomainName;
+    PFN_VMAFD_GET_MACHINE_ACCOUNT_INFO  pfnGetMachineAccountInfo;
+
+} VDIR_VMAFD_API, *PVDIR_VMAFD_API;
+
+// cache.c
+typedef struct _VDIR_REST_HEAD_CACHE
+{
+    PVMDIR_RWLOCK   pRWLock;
+    PSTR            pszOIDCSigningCertPEM;
+    PSID            pBuiltInAdminsGroupSid;
 
-} VDIR_REST_RESOURCE_ENDPOINT, *PVDIR_REST_RESOURCE_ENDPOINT;
+} VDIR_REST_HEAD_CACHE, *PVDIR_REST_HEAD_CACHE;
diff --git a/lwraft/server/rest-head/vmafd.c b/lwraft/server/rest-head/vmafd.c
new file mode 100644
index 000000000..4ee864754
--- /dev/null
+++ b/lwraft/server/rest-head/vmafd.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirRESTLoadVmAfdAPI(
+    PVDIR_VMAFD_API*    ppVmAfdApi
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_VMAFD_API pVmAfdApi = NULL;
+
+    if (!ppVmAfdApi)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VDIR_VMAFD_API), (PVOID*)&pVmAfdApi);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirOpenVmAfdClientLib(&pVmAfdApi->pVmAfdLib);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pVmAfdApi->pfnGetDCName =
+            (PFN_VMAFD_GET_DC_NAME)VmDirGetLibSym(
+                    pVmAfdApi->pVmAfdLib, "VmAfdGetDCNameA");
+    dwError = pVmAfdApi->pfnGetDCName ? 0 : VMDIR_ERROR_NOT_FOUND;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pVmAfdApi->pfnGetDomainName =
+            (PFN_VMAFD_GET_DOMAIN_NAME)VmDirGetLibSym(
+                    pVmAfdApi->pVmAfdLib, "VmAfdGetDomainNameA");
+    dwError = pVmAfdApi->pfnGetDomainName ? 0 : VMDIR_ERROR_NOT_FOUND;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pVmAfdApi->pfnGetMachineAccountInfo =
+            (PFN_VMAFD_GET_MACHINE_ACCOUNT_INFO)VmDirGetLibSym(
+                    pVmAfdApi->pVmAfdLib, "VmAfdGetMachineAccountInfoA");
+    dwError = pVmAfdApi->pfnGetMachineAccountInfo ? 0 : VMDIR_ERROR_NOT_FOUND;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppVmAfdApi = pVmAfdApi;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirRESTUnloadVmAfdAPI(pVmAfdApi);
+    goto cleanup;
+}
+
+VOID
+VmDirRESTUnloadVmAfdAPI(
+    PVDIR_VMAFD_API pVmAfdApi
+    )
+{
+    if (pVmAfdApi)
+    {
+        VmDirCloseLibrary(pVmAfdApi->pVmAfdLib);
+        VMDIR_SAFE_FREE_MEMORY(pVmAfdApi);
+    }
+}
diff --git a/lwraft/server/saslvmdirdb/Makefile.am b/lwraft/server/saslvmdirdb/Makefile.am
index 6e9a7df82..a846b1cb7 100644
--- a/lwraft/server/saslvmdirdb/Makefile.am
+++ b/lwraft/server/saslvmdirdb/Makefile.am
@@ -1,21 +1,21 @@
-lwraftsasl_LTLIBRARIES = libsasllwraftdb.la
+postsasl_LTLIBRARIES = libsaslpostdb.la
 
-libsasllwraftdb_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+libsaslpostdb_la_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
-libsasllwraftdb_la_SOURCES = \
+libsaslpostdb_la_SOURCES = \
     vmdirdb_init.c \
     vmdirdb.c
 
-libsasllwraftdb_la_LIBADD = \
-    $(top_builddir)/client/liblwraftclient.la \
+libsaslpostdb_la_LIBADD = \
+    $(top_builddir)/lwraft/client/libpostclient.la \
     @CRYPTO_LIBS@ \
     @PTHREAD_LIBS@
 
-libsasllwraftdb_la_LDFLAGS = \
+libsaslpostdb_la_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/lwraft/server/saslvmdirdb/vmdirdb.c b/lwraft/server/saslvmdirdb/vmdirdb.c
index c228b465d..01bd6637c 100644
--- a/lwraft/server/saslvmdirdb/vmdirdb.c
+++ b/lwraft/server/saslvmdirdb/vmdirdb.c
@@ -60,7 +60,7 @@ _VmDirSRPGetIdentityData(
 ///////////////////////////////////////////////////////////////////////////////////////
 static
 int
-lwraftdb_auxprop_lookup (
+postdb_auxprop_lookup (
     void*                   glob_context,
     sasl_server_params_t*   pSrvParams,
     unsigned                flags,
@@ -113,19 +113,19 @@ lwraftdb_auxprop_lookup (
 
 static
 sasl_auxprop_plug_t
-lwraftdb_auxprop_plugin =
+postdb_auxprop_plugin =
 {
     0,
     0,
     NULL,
     NULL,
-    lwraftdb_auxprop_lookup,
-    "lwraftdb",
+    postdb_auxprop_lookup,
+    "postdb",
     NULL
 };
 
 int
-lwraftdb_auxprop_plug_init (
+postdb_auxprop_plug_init (
     const sasl_utils_t *     utils,
     int                      max_version,
     int *                    out_version,
@@ -135,7 +135,7 @@ lwraftdb_auxprop_plug_init (
 {
 
     *out_version = SASL_AUXPROP_PLUG_VERSION;
-    *plug = &lwraftdb_auxprop_plugin;
+    *plug = &postdb_auxprop_plugin;
 
     return SASL_OK;
 }
diff --git a/lwraft/server/saslvmdirdb/vmdirdb_init.c b/lwraft/server/saslvmdirdb/vmdirdb_init.c
index 0fa8abf4d..ea7ad1b9f 100644
--- a/lwraft/server/saslvmdirdb/vmdirdb_init.c
+++ b/lwraft/server/saslvmdirdb/vmdirdb_init.c
@@ -65,4 +65,4 @@ BOOL APIENTRY DllMain( HANDLE hModule,
 }
 #endif
 
-SASL_AUXPROP_PLUG_INIT( lwraftdb )
+SASL_AUXPROP_PLUG_INIT( postdb )
diff --git a/lwraft/server/schema/Makefile.am b/lwraft/server/schema/Makefile.am
index e9dbfa6ca..071eab107 100644
--- a/lwraft/server/schema/Makefile.am
+++ b/lwraft/server/schema/Makefile.am
@@ -14,22 +14,18 @@ libschema_la_SOURCES = \
     parse.c \
     patch.c \
     syntax.c \
-    util.c \
-    legacy/legacylibmain.c \
-    legacy/legacyload.c \
-    legacy/legacypatch.c \
-    legacy/legacyutil.c
+    util.c
 
 libschema_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libschema_la_LDFLAGS = \
     -static
-
diff --git a/lwraft/server/schema/api.c b/lwraft/server/schema/api.c
index bfce5f73d..f3db61a0a 100644
--- a/lwraft/server/schema/api.c
+++ b/lwraft/server/schema/api.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -481,6 +481,134 @@ VmDirSchemaAttrList(
     goto cleanup;
 }
 
+DWORD
+VmDirSchemaClassGetAllMayAttrs(
+    PVDIR_SCHEMA_CTX        pCtx,           // IN
+    PVDIR_SCHEMA_OC_DESC    pOCDesc,        // IN
+    PLW_HASHMAP             pAllMayAttrMap  // IN
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+    PVDIR_SCHEMA_OC_DESC pCurOC = NULL;
+    PVDIR_SCHEMA_CR_DESC pCR = NULL;
+
+    if (!pCtx || !pOCDesc || !pAllMayAttrMap)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pCurOC = pOCDesc;
+    while (pCurOC)
+    {
+        for (i = 0; pCurOC->ppszMayATs && pCurOC->ppszMayATs[i]; i++)
+        {
+            dwError = LwRtlHashMapInsert(pAllMayAttrMap,
+                    pCurOC->ppszMayATs[i], pCurOC->ppszMayATs[i], NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        if (pCurOC->type == VDIR_LDAP_STRUCTURAL_CLASS)
+        {
+            dwError = VmDirSchemaCRNameToDescriptor(
+                    pCtx, pCurOC->pszName, &pCR);
+
+            if (dwError == 0)
+            {
+                for (i = 0; pCR->ppszMayATs && pCR->ppszMayATs[i]; i++)
+                {
+                    dwError = LwRtlHashMapInsert(pAllMayAttrMap,
+                            pCR->ppszMayATs[i], pCR->ppszMayATs[i], NULL);
+                    BAIL_ON_VMDIR_ERROR(dwError);
+                }
+            }
+            else if (dwError != ERROR_NO_SUCH_DITCONTENTRULES)
+            {
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+
+        if (VmDirStringCompareA(OC_TOP, pCurOC->pszName, FALSE) == 0)
+        {
+            pCurOC = NULL;
+        }
+        else
+        {
+            dwError = VmDirSchemaOCNameToDescriptor(
+                    pCtx, pCurOC->pszSup, &pCurOC);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+error:
+    return dwError;
+}
+
+DWORD
+VmDirSchemaClassGetAllMustAttrs(
+    PVDIR_SCHEMA_CTX        pCtx,           // IN
+    PVDIR_SCHEMA_OC_DESC    pOCDesc,        // IN
+    PLW_HASHMAP             pAllMustAttrMap // IN
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+    PVDIR_SCHEMA_OC_DESC pCurOC = NULL;
+    PVDIR_SCHEMA_CR_DESC pCR = NULL;
+
+    if (!pCtx || !pOCDesc || !pAllMustAttrMap)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pCurOC = pOCDesc;
+    while (pCurOC)
+    {
+        for (i = 0; pCurOC->ppszMustATs && pCurOC->ppszMustATs[i]; i++)
+        {
+            dwError = LwRtlHashMapInsert(pAllMustAttrMap,
+                    pCurOC->ppszMustATs[i], pCurOC->ppszMustATs[i], NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        if (pCurOC->type == VDIR_LDAP_STRUCTURAL_CLASS)
+        {
+            dwError = VmDirSchemaCRNameToDescriptor(
+                    pCtx, pCurOC->pszName, &pCR);
+
+            if (dwError == 0)
+            {
+                for (i = 0; pCR->ppszMustATs && pCR->ppszMustATs[i]; i++)
+                {
+                    dwError = LwRtlHashMapInsert(pAllMustAttrMap,
+                            pCR->ppszMustATs[i], pCR->ppszMustATs[i], NULL);
+                    BAIL_ON_VMDIR_ERROR(dwError);
+                }
+            }
+            else if (dwError != ERROR_NO_SUCH_DITCONTENTRULES)
+            {
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+
+        if (VmDirStringCompareA(OC_TOP, pCurOC->pszName, FALSE) == 0)
+        {
+            pCurOC = NULL;
+        }
+        else
+        {
+            dwError = VmDirSchemaOCNameToDescriptor(
+                    pCtx, pCurOC->pszSup, &pCurOC);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+error:
+    return dwError;
+}
+
 BOOLEAN
 VmDirSchemaIsNameEntryLeafStructureOC(
     PVDIR_ENTRY     pEntry,
@@ -554,7 +682,7 @@ VmDirSchemaAttrIsOctetString(
     if (pATDesc && pATDesc->pSyntax)
     {
         if (!IsNullOrEmptyString(pATDesc->pSyntax->pszOid) &&
-                 VmDirStringCompareA(pATDesc->pSyntax->pszOid, VDIR_OID_OCTET_STRING, FALSE) == 0)
+            VmDirStringCompareA(pATDesc->pSyntax->pszOid, VDIR_OID_OCTET_STRING, FALSE) == 0)
         {
             bIsOctetStr = TRUE;
         }
@@ -563,6 +691,24 @@ VmDirSchemaAttrIsOctetString(
     return bIsOctetStr;
 }
 
+BOOLEAN
+VmDirSchemaAttrIsDN(
+    PVDIR_SCHEMA_AT_DESC    pATDesc
+    )
+{
+    BOOLEAN bIsDN = FALSE;
+    if (pATDesc && pATDesc->pSyntax)
+    {
+        if (!IsNullOrEmptyString(pATDesc->pSyntax->pszOid) &&
+            VmDirStringCompareA(pATDesc->pSyntax->pszOid, VDIR_OID_DN, FALSE) == 0)
+        {
+            bIsDN = TRUE;
+        }
+    }
+
+    return bIsDN;
+}
+
 /*
  * Berval syntax check
  */
@@ -597,7 +743,7 @@ VmDirSchemaBervalSyntaxCheck(
         pCtx->dwErrorCode = ERROR_INVALID_SYNTAX;
 
         VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                 &pCtx->pszErrorMsg,
                 "%s value (%s) is not a valid (%s) syntax",
                 pATDesc->pszName,
diff --git a/lwraft/server/schema/check.c b/lwraft/server/schema/check.c
index 1cae6ea56..06b9656b2 100644
--- a/lwraft/server/schema/check.c
+++ b/lwraft/server/schema/check.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -43,10 +43,10 @@ _getOCAttr(
     if (!pAttr || pAttr->numVals < 1)
     {
         VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-        VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+        VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                 "Entry has no objectclass");
 
-        dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+        dwError = pCtx->dwErrorCode = VMDIR_ERROR_OBJECTCLASS_VIOLATION;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -98,11 +98,11 @@ _getOCDescs(
         if (dwError)
         {
             VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-            VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+            VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                     "Objectclass (%s) is not defined in schema",
                     pszOCName);
 
-            dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+            dwError = pCtx->dwErrorCode = ERROR_NO_SUCH_OBJECTCLASS;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
 
@@ -198,136 +198,6 @@ _getCRDescs(
     goto cleanup;
 }
 
-static
-DWORD
-_getAllMayAttributes(
-    PVDIR_SCHEMA_CTX        pCtx,           // IN
-    PVDIR_SCHEMA_OC_DESC    pOCDesc,        // IN
-    PLW_HASHMAP             pAllMayAttrMap  // IN
-    )
-{
-    DWORD dwError = 0;
-    DWORD i = 0;
-    PVDIR_SCHEMA_OC_DESC pCurOC = NULL;
-    PVDIR_SCHEMA_CR_DESC pCR = NULL;
-
-    if (!pCtx || !pOCDesc || !pAllMayAttrMap)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pCurOC = pOCDesc;
-    while (pCurOC)
-    {
-        for (i = 0; pCurOC->ppszMayATs && pCurOC->ppszMayATs[i]; i++)
-        {
-            dwError = LwRtlHashMapInsert(pAllMayAttrMap,
-                    pCurOC->ppszMayATs[i], pCurOC->ppszMayATs[i], NULL);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pCurOC->type == VDIR_LDAP_STRUCTURAL_CLASS)
-        {
-            dwError = VmDirSchemaCRNameToDescriptor(
-                    pCtx, pCurOC->pszName, &pCR);
-
-            if (dwError == 0)
-            {
-                for (i = 0; pCR->ppszMayATs && pCR->ppszMayATs[i]; i++)
-                {
-                    dwError = LwRtlHashMapInsert(pAllMayAttrMap,
-                            pCR->ppszMayATs[i], pCR->ppszMayATs[i], NULL);
-                    BAIL_ON_VMDIR_ERROR(dwError);
-                }
-            }
-            else if (dwError != ERROR_NO_SUCH_DITCONTENTRULES)
-            {
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-        }
-
-        if (VmDirStringCompareA(OC_TOP, pCurOC->pszName, FALSE) == 0)
-        {
-            pCurOC = NULL;
-        }
-        else
-        {
-            dwError = VmDirSchemaOCNameToDescriptor(
-                    pCtx, pCurOC->pszSup, &pCurOC);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-error:
-    return dwError;
-}
-
-static
-DWORD
-_getAllMustAttributes(
-    PVDIR_SCHEMA_CTX        pCtx,           // IN
-    PVDIR_SCHEMA_OC_DESC    pOCDesc,        // IN
-    PLW_HASHMAP             pAllMustAttrMap // IN
-    )
-{
-    DWORD dwError = 0;
-    DWORD i = 0;
-    PVDIR_SCHEMA_OC_DESC pCurOC = NULL;
-    PVDIR_SCHEMA_CR_DESC pCR = NULL;
-
-    if (!pCtx || !pOCDesc || !pAllMustAttrMap)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pCurOC = pOCDesc;
-    while (pCurOC)
-    {
-        for (i = 0; pCurOC->ppszMustATs && pCurOC->ppszMustATs[i]; i++)
-        {
-            dwError = LwRtlHashMapInsert(pAllMustAttrMap,
-                    pCurOC->ppszMustATs[i], pCurOC->ppszMustATs[i], NULL);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pCurOC->type == VDIR_LDAP_STRUCTURAL_CLASS)
-        {
-            dwError = VmDirSchemaCRNameToDescriptor(
-                    pCtx, pCurOC->pszName, &pCR);
-
-            if (dwError == 0)
-            {
-                for (i = 0; pCR->ppszMustATs && pCR->ppszMustATs[i]; i++)
-                {
-                    dwError = LwRtlHashMapInsert(pAllMustAttrMap,
-                            pCR->ppszMustATs[i], pCR->ppszMustATs[i], NULL);
-                    BAIL_ON_VMDIR_ERROR(dwError);
-                }
-            }
-            else if (dwError != ERROR_NO_SUCH_DITCONTENTRULES)
-            {
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-        }
-
-        if (VmDirStringCompareA(OC_TOP, pCurOC->pszName, FALSE) == 0)
-        {
-            pCurOC = NULL;
-        }
-        else
-        {
-            dwError = VmDirSchemaOCNameToDescriptor(
-                    pCtx, pCurOC->pszSup, &pCurOC);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-error:
-    return dwError;
-}
-
 static
 DWORD
 _checkAttributeSyntax(
@@ -368,11 +238,11 @@ _checkAttributeDimension(
         if (pAttr->pATDesc->bSingleValue && pAttr->numVals != 1)
         {
             VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-            VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+            VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                     "Attribute (%s) can have at most one value",
                     VDIR_SAFE_STRING(pAttr->type.lberbv.bv_val));
 
-            dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+            dwError = pCtx->dwErrorCode = ERROR_DATA_CONSTRAINT_VIOLATION;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
@@ -404,11 +274,11 @@ _checkObjectClassHierarchy(
         else if (!VmDirSchemaIsAncestorOC(pCtx, pBottomOC, ppStrOCs[i]))
         {
             VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-            VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+            VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                     "Entry has incompatible structural objectclass (%s) (%s)",
                     pBottomOC->pszName, ppStrOCs[i]->pszName);
 
-            dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+            dwError = pCtx->dwErrorCode = ERROR_DATA_CONSTRAINT_VIOLATION;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
@@ -416,10 +286,10 @@ _checkObjectClassHierarchy(
     if (!pBottomOC)
     {
         VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-        VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+        VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                 "Entry has no structural objectclass");
 
-        dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+        dwError = pCtx->dwErrorCode = ERROR_DATA_CONSTRAINT_VIOLATION;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -428,11 +298,11 @@ _checkObjectClassHierarchy(
        if (!VmDirSchemaIsAncestorOC(pCtx, pBottomOC, ppAbsOCs[i]))
        {
            VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-           VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+           VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                    "Entry has invalid abstract objectclass (%s)",
                    ppAbsOCs[i]->pszName);
 
-           dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+           dwError = pCtx->dwErrorCode = ERROR_DATA_CONSTRAINT_VIOLATION;
            BAIL_ON_VMDIR_ERROR(dwError);
        }
     }
@@ -476,11 +346,11 @@ _checkAuxContentRules(
         if (LwRtlHashMapFindKey(pAllowedAuxOCMap, NULL, ppAuxOCs[i]->pszName))
         {
             VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-            VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+            VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                     "Aux objectclass (%s) is not allowed.",
                     ppAuxOCs[i]->pszName);
 
-            dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+            dwError = pCtx->dwErrorCode = ERROR_DATA_CONSTRAINT_VIOLATION;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
@@ -524,18 +394,22 @@ _checkAttributePresences(
             NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _getAllMayAttributes(pCtx, pBottomOC, pAllMayAttrMap);
+    dwError = VmDirSchemaClassGetAllMayAttrs(
+            pCtx, pBottomOC, pAllMayAttrMap);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _getAllMustAttributes(pCtx, pBottomOC, pAllMustAttrMap);
+    dwError = VmDirSchemaClassGetAllMustAttrs(
+            pCtx, pBottomOC, pAllMustAttrMap);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     for (i = 0; ppAuxOCs && ppAuxOCs[i]; i++)
     {
-        dwError = _getAllMayAttributes(pCtx, ppAuxOCs[i], pAllMayAttrMap);
+        dwError = VmDirSchemaClassGetAllMayAttrs(
+                pCtx, ppAuxOCs[i], pAllMayAttrMap);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = _getAllMustAttributes(pCtx, ppAuxOCs[i], pAllMustAttrMap);
+        dwError = VmDirSchemaClassGetAllMustAttrs(
+                pCtx, ppAuxOCs[i], pAllMustAttrMap);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -546,11 +420,11 @@ _checkAttributePresences(
             pAttr->pATDesc->usage == VDIR_LDAP_USER_APPLICATIONS_ATTRIBUTE)
         {
             VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-            VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+            VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                     "Attribute (%s) is not allowed.",
                     pAttr->pATDesc->pszName);
 
-            dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+            dwError = pCtx->dwErrorCode = VMDIR_ERROR_OBJECTCLASS_VIOLATION;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
@@ -572,11 +446,11 @@ _checkAttributePresences(
         }
 
         VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-        VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+        VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                 "Missing must attribute (%s)",
                 pszAttrName);
 
-        dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+        dwError = pCtx->dwErrorCode = VMDIR_ERROR_OBJECTCLASS_VIOLATION;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -800,11 +674,11 @@ VmDirSchemaCheckSetAttrDesc(
             if (!pAttr->pATDesc)
             {
                 VMDIR_SAFE_FREE_MEMORY(pCtx->pszErrorMsg);
-                VmDirAllocateStringAVsnprintf(&pCtx->pszErrorMsg,
+                VmDirAllocateStringPrintf(&pCtx->pszErrorMsg,
                         "Attribute (%s) is not defined in schema",
                         VDIR_SAFE_STRING(pAttr->type.lberbv.bv_val));
 
-                dwError = pCtx->dwErrorCode = ERROR_INVALID_ENTRY;
+                dwError = pCtx->dwErrorCode = ERROR_NO_SUCH_ATTRIBUTE;
                 BAIL_ON_VMDIR_ERROR(dwError);
             }
         }
@@ -844,13 +718,13 @@ VmDirSchemaGetEntryStructureOCDesc(
             pEntry->pSchemaCtx,
             pObjectClassAttr->vals[0].lberbv.bv_val,
             &pOCDesc);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (dwError == ERROR_NO_SUCH_OBJECTCLASS ||
-            pOCDesc->type != VDIR_LDAP_STRUCTURAL_CLASS)
+    if (pOCDesc->type != VDIR_LDAP_STRUCTURAL_CLASS)
     {
-        dwError = ERROR_INVALID_ENTRY;
+        dwError = ERROR_DATA_CONSTRAINT_VIOLATION;
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    BAIL_ON_VMDIR_ERROR(dwError);
 
     // pszStructureOC point into pEntry->attrs content.
     pEntry->pszStructureOC = pObjectClassAttr->vals[0].lberbv.bv_val;
diff --git a/lwraft/server/schema/defines.h b/lwraft/server/schema/defines.h
index 9e3c42c64..0ea34a7c5 100644
--- a/lwraft/server/schema/defines.h
+++ b/lwraft/server/schema/defines.h
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -713,40 +713,20 @@
     },                                                                  \
     {                                                                   \
     VMDIR_SF_INIT(.usAttrID, 18),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.1.1"                                 \
-            " NAME 'uSNCreated'"                                        \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 19),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.1.2"                                 \
-            " NAME 'uSNChanged'"                                        \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 20),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 999.999.0.9"                                              \
             " NAME 'dn'"                                                \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )")                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 21),                                       \
+    VMDIR_SF_INIT(.usAttrID, 19),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " VMWare.DIR.attribute.0.20"                                \
             " NAME 'vmwSecurityDescriptor'"                             \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )")                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, SCHEMA_BOOTSTRAP_EID_SEQ_ATTRID_22),       \
+    VMDIR_SF_INIT(.usAttrID, 20),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " VMWare.DIR.attribute.0.23"                                \
             " NAME 'vmwEntryIdSequenceNumber'"                          \
@@ -757,18 +737,7 @@
             " USAGE directoryOperation )")                              \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, SCHEMA_BOOTSTRAP_USN_SEQ_ATTRID_23),       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.0.24"                                \
-            " NAME 'vmwUSNSequenceNumber'"                              \
-            " DESC 'ID NEEDS TO BE 23'"                                 \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 24),                                       \
+    VMDIR_SF_INIT(.usAttrID, 21),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " VMWare.DIR.attribute.1.4"                                 \
             " NAME 'objectGUID'"                                        \
@@ -779,7 +748,7 @@
             " USAGE directoryOperation )")                              \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 25),                                       \
+    VMDIR_SF_INIT(.usAttrID, 22),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 2.5.18.4"                                                 \
             " NAME 'modifiersName'"                                     \
@@ -789,7 +758,7 @@
             " USAGE directoryOperation )")                              \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 26),                                       \
+    VMDIR_SF_INIT(.usAttrID, 23),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.33"                                    \
             " NAME 'isSingleValued'"                                    \
@@ -798,7 +767,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 27),                                       \
+    VMDIR_SF_INIT(.usAttrID, 24),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.32"                                    \
             " NAME 'attributeSyntax'"                                   \
@@ -807,7 +776,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 28),                                       \
+    VMDIR_SF_INIT(.usAttrID, 25),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.460"                                   \
             " NAME 'lDAPDisplayName'"                                   \
@@ -815,7 +784,7 @@
             " SINGLE-VALUE )")                                          \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 29),                                       \
+    VMDIR_SF_INIT(.usAttrID, 26),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.30"                                    \
             " NAME 'attributeID'"                                       \
@@ -824,7 +793,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 30),                                       \
+    VMDIR_SF_INIT(.usAttrID, 27),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.231"                                   \
             " NAME 'oMSyntax'"                                          \
@@ -833,7 +802,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 31),                                       \
+    VMDIR_SF_INIT(.usAttrID, 28),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.4.148"                                   \
             " NAME 'schemaIDGUID'"                                      \
@@ -842,7 +811,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 32),                                       \
+    VMDIR_SF_INIT(.usAttrID, 29),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.21"                                    \
             " NAME 'subClassOf'"                                        \
@@ -851,7 +820,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 33),                                       \
+    VMDIR_SF_INIT(.usAttrID, 30),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.22"                                    \
             " NAME 'governsID'"                                         \
@@ -860,7 +829,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 34),                                       \
+    VMDIR_SF_INIT(.usAttrID, 31),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.370"                                   \
             " NAME 'objectClassCategory'"                               \
@@ -869,7 +838,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 35),                                       \
+    VMDIR_SF_INIT(.usAttrID, 32),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.4.783"                                   \
             " NAME 'defaultObjectCategory'"                             \
@@ -877,7 +846,7 @@
             " SINGLE-VALUE )")                                          \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 36),                                       \
+    VMDIR_SF_INIT(.usAttrID, 33),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.4.197"                                   \
             " NAME 'systemMustContain'"                                 \
@@ -885,7 +854,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 37),                                       \
+    VMDIR_SF_INIT(.usAttrID, 34),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.4.196"                                   \
             " NAME 'systemMayContain'"                                  \
@@ -893,7 +862,7 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 38),                                       \
+    VMDIR_SF_INIT(.usAttrID, 35),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.4.198"                                   \
             " NAME 'systemAuxiliaryClass'"                              \
@@ -901,28 +870,28 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 39),                                       \
+    VMDIR_SF_INIT(.usAttrID, 36),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.24"                                    \
             " NAME 'mustContain'"                                       \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )")                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 40),                                       \
+    VMDIR_SF_INIT(.usAttrID, 37),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.25"                                    \
             " NAME 'mayContain'"                                        \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )")                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 41),                                       \
+    VMDIR_SF_INIT(.usAttrID, 38),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.351"                                   \
             " NAME 'auxiliaryClass'"                                    \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )")                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 42),                                       \
+    VMDIR_SF_INIT(.usAttrID, 39),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.4.661"                                   \
             " NAME 'isDefunct'"                                         \
@@ -930,7 +899,7 @@
             " SINGLE-VALUE )")                                          \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 43),                                       \
+    VMDIR_SF_INIT(.usAttrID, 40),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " VMWare.DIR.attribute.0.58"                                \
             " NAME 'vmwAttributeUsage'"                                 \
@@ -939,14 +908,14 @@
             " NO-USER-MODIFICATION )")                                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 44),                                       \
+    VMDIR_SF_INIT(.usAttrID, 41),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 2.5.4.13"                                                 \
             " NAME 'description'"                                       \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )")                  \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 45),                                       \
+    VMDIR_SF_INIT(.usAttrID, 42),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " 1.2.840.113556.1.2.334"                                   \
             " NAME 'searchFlags'"                                       \
@@ -954,13 +923,89 @@
             " SINGLE-VALUE )")                                          \
     },                                                                  \
     {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 46),                                       \
+    VMDIR_SF_INIT(.usAttrID, 43),                                       \
     VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
             " VMWare.DIR.attribute.1.7"                                 \
             " NAME 'vmwAttrUniquenessScope'"                            \
             " SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )")                  \
     },                                                                  \
     {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 44),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " VMWare.DIR.attribute.1.19"                                \
+            " NAME 'vmwRaftLogChanged'"                                 \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
+            " SINGLE-VALUE"                                             \
+            " NO-USER-MODIFICATION"                                     \
+            " USAGE directoryOperation )")                              \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 45),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " 1.2.840.113556.1.2.281"                                   \
+            " NAME 'nTSecurityDescriptor'"                              \
+            " SYNTAX 1.2.840.113556.1.4.907"                            \
+            " SINGLE-VALUE )")                                          \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 46),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " VMWare.DIR.attribute.1.11"                                \
+            " NAME 'vmwRaftLogindex'"                                   \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
+            " SINGLE-VALUE )")                                          \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 47),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " 2.5.4.31"                                                 \
+            " NAME 'member'"                                            \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )")                  \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 48),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " 1.2.840.113556.1.4.146"                                   \
+            " NAME 'objectSid'"                                         \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.40"                     \
+            " SINGLE-VALUE"                                             \
+            " NO-USER-MODIFICATION"                                     \
+            " USAGE directoryOperation )")                              \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 49),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " VMWare.DIR.attribute.0.25"                                \
+            " NAME 'parentid'"                                          \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
+            " SINGLE-VALUE"                                             \
+            " NO-USER-MODIFICATION"                                     \
+            " USAGE directoryOperation )")                              \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 50),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " 1.2.840.113556.1.4.221"                                   \
+            " NAME 'sAMAccountName'"                                    \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
+            " SINGLE-VALUE )")                                          \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 51),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " 1.2.840.113556.1.4.771"                                   \
+            " NAME 'servicePrincipalName'"                              \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )")                  \
+    },                                                                  \
+    {                                                                   \
+    VMDIR_SF_INIT(.usAttrID, 52),                                       \
+    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
+            " 1.2.840.113556.1.4.656"                                   \
+            " NAME 'userPrincipalName'"                                 \
+            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
+            " SINGLE-VALUE )")                                          \
+    },                                                                  \
+    {                                                                   \
     VMDIR_SF_INIT(.usAttrID, 0),                                        \
     VMDIR_SF_INIT(.pszDesc, NULL)                                       \
     },                                                                  \
diff --git a/lwraft/server/schema/globalmutex.c b/lwraft/server/schema/globalmutex.c
index b9b2b3c28..e3d9cb4d2 100644
--- a/lwraft/server/schema/globalmutex.c
+++ b/lwraft/server/schema/globalmutex.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -38,12 +38,14 @@ VmDirSchemaModMutexAcquire(
     }
 
     if (VmDirStringEndsWith(pszDN, SCHEMA_NAMING_CONTEXT_DN, FALSE) &&
-            VmDirStringLenA(pszDN) > (SCHEMA_NAMING_CONTEXT_DN_LEN))
+        pszDN[SCHEMA_NAMING_CONTEXT_DN_LEN])
     {
-        dwError = VmDirLockMutex(gVdirSchemaGlobals.cacheModMutex);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pOperation->bSchemaWriteOp = TRUE;
+        if (pOperation->dwSchemaWriteOp == 0)
+        {
+            dwError = VmDirLockMutex(gVdirSchemaGlobals.cacheModMutex);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        pOperation->dwSchemaWriteOp++;
     }
 
 error:
@@ -63,10 +65,14 @@ VmDirSchemaModMutexRelease(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (pOperation->bSchemaWriteOp)
+    if (pOperation->dwSchemaWriteOp > 0)
     {
-        dwError = VmDirUnLockMutex(gVdirSchemaGlobals.cacheModMutex);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        pOperation->dwSchemaWriteOp--;
+        if (pOperation->dwSchemaWriteOp == 0)
+        {
+            dwError = VmDirUnLockMutex(gVdirSchemaGlobals.cacheModMutex);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
     }
 
 error:
diff --git a/lwraft/server/schema/head.c b/lwraft/server/schema/head.c
index 6df09ef08..3df019fb0 100644
--- a/lwraft/server/schema/head.c
+++ b/lwraft/server/schema/head.c
@@ -59,6 +59,7 @@ VmDirSubSchemaSubEntry(
     dwError = VmDirAttrListToNewEntry(pSchemaCtx,
             SUB_SCHEMA_SUB_ENTRY_DN,
             ppszBaseAttr,
+            TRUE,
             &pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/lwraft/server/schema/idmap.c b/lwraft/server/schema/idmap.c
index 6b90361e3..073d91ccc 100644
--- a/lwraft/server/schema/idmap.c
+++ b/lwraft/server/schema/idmap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -126,6 +126,7 @@ VmDirSchemaAttrIdMapReadDB(
     {
         beCtx.pBE->pfnBETxnAbort(&beCtx);
     }
+    VmDirBackendCtxContentFree(&beCtx);
     VmDirStringListFree(pStringList);
     return dwError;
 
@@ -168,7 +169,7 @@ VmDirSchemaAttrIdMapUpdateDB(
 
     while (LwRtlHashMapIterate(pAttrIdMap->pNewIds, &iter, &pair))
     {
-        dwError = VmDirAllocateStringAVsnprintf(&pszMapStr, "%d%s%s",
+        dwError = VmDirAllocateStringPrintf(&pszMapStr, "%d%s%s",
                 (USHORT)(uintptr_t)pair.pValue,
                 SCHEMA_ATTR_ID_MAP_SEP,
                 (PSTR)pair.pKey);
@@ -206,6 +207,7 @@ VmDirSchemaAttrIdMapUpdateDB(
     {
         beCtx.pBE->pfnBETxnAbort(&beCtx);
     }
+    VmDirBackendCtxContentFree(&beCtx);
     VmDirStringListFree(pMapStrList);
     return dwError;
 
diff --git a/lwraft/server/schema/includes.h b/lwraft/server/schema/includes.h
index 9050a36e1..062db2e01 100644
--- a/lwraft/server/schema/includes.h
+++ b/lwraft/server/schema/includes.h
@@ -89,4 +89,3 @@
 #include "structs.h"
 #include "prototypes.h"
 #include "externs.h"
-#include "legacy/defines.h"
diff --git a/lwraft/server/schema/legacy/defines.h b/lwraft/server/schema/legacy/defines.h
deleted file mode 100644
index 82e9c0549..000000000
--- a/lwraft/server/schema/legacy/defines.h
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#define ATTR_VMW_ATTRIBUTE_TO_ID_MAP    "vmwAttributeToIdMap"
-#define SCHEMA_ATTR_ID_MAP_TOKEN_SEP    ":"
-
-// NOTE: order of fields MUST stay in sync with struct definition...
-#define VDIR_LEGACY_SCHEMA_BOOTSTRP_ATTR_INITIALIZER                    \
-{                                                                       \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 1),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.6"                                                 \
-            " NAME 'objectClasses'"                                     \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 2),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.5 "                                                \
-            " NAME 'attributeTypes' "                                   \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 3),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 1.3.6.1.4.1.1466.101.120.16"                              \
-            " NAME 'ldapSyntaxes'"                                      \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.5"                      \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 4),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.8"                                                 \
-            " NAME 'matchingRuleUse'"                                   \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.5"                      \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 5),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.4"                                                 \
-            " NAME 'matchingRules'"                                     \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.5"                      \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 6),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.18.10"                                                \
-            " NAME 'subSchemaSubentry'"                                 \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.12"                     \
-            " NO-USER-MODIFICATION )")                                  \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 7),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.9"                                                 \
-            " NAME 'structuralObjectClass'"                             \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )")                  \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 8),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 1.3.6.1.1.20"                                             \
-            " NAME 'entryDN'"                                           \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.12"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 9),                                        \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.4.0"                                                  \
-            " NAME 'objectClass'"                                       \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )")                  \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 10),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.1"                                                 \
-            " NAME 'dITStructureRules'"                                 \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.17"                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 11),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.2"                                                 \
-            " NAME 'dITContentRules'"                                   \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 12),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.21.7"                                                 \
-            " NAME 'nameForms'"                                         \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.35"                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 14),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.18.1"                                                 \
-            " NAME 'createTimeStamp'"                                   \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.24"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 15),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.18.2"                                                 \
-            " NAME 'modifyTimeStamp'"                                   \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.24"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 16),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.0.1"                                 \
-            " NAME 'vmwAttributeToIdMap'"                               \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 17),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 2.5.4.3"                                                  \
-            " NAME 'cn'"                                                \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
-            " SINGLE-VALUE )")                                          \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 18),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.1.1"                                 \
-            " NAME 'uSNCreated'"                                        \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 19),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.1.2"                                 \
-            " NAME 'uSNChanged'"                                        \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 20),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " 999.999.0.9"                                              \
-            " NAME 'dn'"                                                \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )")                  \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 21),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.0.20"                                \
-            " NAME 'vmwSecurityDescriptor'"                             \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )")                  \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, SCHEMA_BOOTSTRAP_EID_SEQ_ATTRID_22),       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.0.23"                                \
-            " NAME 'vmwEntryIdSequenceNumber'"                          \
-            " DESC 'ID NEEDS TO BE 22'"                                 \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, SCHEMA_BOOTSTRAP_USN_SEQ_ATTRID_23),       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.0.24"                                \
-            " NAME 'vmwUSNSequenceNumber'"                              \
-            " DESC 'ID NEEDS TO BE 23'"                                 \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.27"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 24),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.1.4"                                 \
-            " NAME 'objectGUID'"                                        \
-            " DESC 'ID NEEDS TO BE 24'"                                 \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.15"                     \
-            " SINGLE-VALUE"                                             \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 99),                                       \
-    VMDIR_SF_INIT(.pszDesc, "attributeTypes: ("                         \
-            " VMWare.DIR.attribute.0.59"                                \
-            " NAME 'attributeValueMetaData'"                            \
-            " SYNTAX 1.3.6.1.4.1.1466.115.121.1.40"                     \
-            " NO-USER-MODIFICATION"                                     \
-            " USAGE directoryOperation )")                              \
-    },                                                                  \
-    {                                                                   \
-    VMDIR_SF_INIT(.usAttrID, 0),                                        \
-    VMDIR_SF_INIT(.pszDesc, NULL)                                       \
-    },                                                                  \
-}
diff --git a/lwraft/server/schema/legacy/legacylibmain.c b/lwraft/server/schema/legacy/legacylibmain.c
deleted file mode 100644
index 160a6bc3b..000000000
--- a/lwraft/server/schema/legacy/legacylibmain.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "../includes.h"
-
-/*
- * Auxiliary function to tune schema library compatible with legacy data
- */
-DWORD
-VmDirSchemaLibInitLegacy(
-    VOID
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_ENTRY pSchemaEntry = NULL;
-    VDIR_SCHEMA_BOOTSTRAP_TABLE ATTable[] =
-            VDIR_SCHEMA_BOOTSTRP_ATTR_INITIALIZER;
-
-    // Take attrIdMap if subschema subentry is found because
-    // attrIds in subschema subentry should prevail in order
-    // to be able to read entries from legacy db
-    dwError = VmDirReadSubSchemaSubEntry(&pSchemaEntry);
-    if (dwError == 0)
-    {
-        dwError = VmDirSchemaAttrIdMapLoadSubSchemaSubEntry(
-                gVdirSchemaGlobals.pAttrIdMap, pSchemaEntry);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (dwError == ERROR_BACKEND_ENTRY_NOTFOUND)
-    {
-        dwError = 0;
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // VmDirSchemaLibInit() loads legacy bootstrap table to avoid
-    // possible conflict with subschema subentry. After attempt
-    // taking attrIdMap from subschema subentry, it is time to
-    // load the new bootstrap table
-    dwError = VmDirLdapSchemaCopy(
-            gVdirSchemaGlobals.pLdapSchema,
-            &gVdirSchemaGlobals.pPendingLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaLibLoadBootstrapTable(ATTable);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaLibUpdate(0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VmDirFreeEntry(pSchemaEntry);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
-
-DWORD
-VmDirSchemaLibPrepareUpdateViaSubSchemaSubEntry(
-    PVDIR_ENTRY pSchemaEntry
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_LDAP_SCHEMA   pCurLdapSchema = NULL;
-    PVDIR_LDAP_SCHEMA   pTmpLdapSchema = NULL;
-    PVDIR_LDAP_SCHEMA   pNewLdapSchema = NULL;
-    PVDIR_SCHEMA_INSTANCE   pNewVdirSchema = NULL;
-
-    pCurLdapSchema = gVdirSchemaGlobals.pLdapSchema;
-
-    dwError = VmDirLdapSchemaInit(&pTmpLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaLoadSubSchemaSubEntry(pTmpLdapSchema, pSchemaEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaRemoveNoopData(pTmpLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaMerge(
-            pCurLdapSchema, pTmpLdapSchema, &pNewLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaInstanceCreate(pNewLdapSchema, &pNewVdirSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    gVdirSchemaGlobals.pPendingLdapSchema = pNewLdapSchema;
-    gVdirSchemaGlobals.pPendingVdirSchema = pNewVdirSchema;
-
-cleanup:
-    VmDirFreeLdapSchema(pTmpLdapSchema);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeLdapSchema(pNewLdapSchema);
-    VmDirFreeSchemaInstance(pNewVdirSchema);
-    goto cleanup;
-}
diff --git a/lwraft/server/schema/legacy/legacyload.c b/lwraft/server/schema/legacy/legacyload.c
deleted file mode 100644
index bd62b0e8d..000000000
--- a/lwraft/server/schema/legacy/legacyload.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "../includes.h"
-
-DWORD
-VmDirSchemaAttrIdMapLoadSubSchemaSubEntry(
-    PVDIR_SCHEMA_ATTR_ID_MAP    pAttrIdMap,
-    PVDIR_ENTRY                 pSchemaEntry
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_ATTRIBUTE pAttr = NULL;
-    PSTR    pszBuf = NULL;
-    PSTR    pszToken = NULL;
-    char*   save = NULL;
-    PSTR    pszName = NULL;
-    PSTR    pszId = NULL;
-    USHORT  usId = 0;
-
-    if (!pAttrIdMap || !pSchemaEntry)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pAttr = VmDirFindAttrByName(pSchemaEntry, ATTR_VMW_ATTRIBUTE_TO_ID_MAP);
-
-    if (!pAttr || pAttr->numVals != 1)
-    {
-        dwError = ERROR_INVALID_DATA;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringA(pAttr->vals[0].lberbv_val, &pszBuf);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pszToken = VmDirStringTokA(pszBuf, SCHEMA_ATTR_ID_MAP_TOKEN_SEP, &save);
-    while (pszToken && VmDirStringChrA(pszToken, SCHEMA_ATTR_ID_MAP_SEP[0]))
-    {
-        pszId = VmDirStringTokA(pszToken, SCHEMA_ATTR_ID_MAP_SEP, &pszName);
-        usId = (USHORT)VmDirStringToIA(pszId);
-
-        if (VmDirSchemaAttrIdMapGetAttrId(pAttrIdMap, pszName, NULL) != 0)
-        {
-            dwError = VmDirSchemaAttrIdMapAddNewAttr(pAttrIdMap, pszName, usId);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        pszToken = VmDirStringTokA(NULL, SCHEMA_ATTR_ID_MAP_TOKEN_SEP, &save);
-    }
-    pAttrIdMap->usNextId = (USHORT)VmDirStringToIA(pszToken);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszBuf);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
-
-DWORD
-VmDirLdapSchemaLoadSubSchemaSubEntry(
-    PVDIR_LDAP_SCHEMA   pLdapSchema,
-    PVDIR_ENTRY         pSchemaEntry
-    )
-{
-    DWORD   dwError = 0;
-    DWORD   i = 0;
-    PVDIR_ATTRIBUTE pAttrAts = NULL;
-    PVDIR_ATTRIBUTE pAttrOcs = NULL;
-    PVDIR_ATTRIBUTE pAttrCrs = NULL;
-    PVMDIR_STRING_LIST  pAtStrList = NULL;
-    PVMDIR_STRING_LIST  pOcStrList = NULL;
-    PVMDIR_STRING_LIST  pCrStrList = NULL;
-    PSTR    pszDef = NULL;
-
-    if (!pLdapSchema || !pSchemaEntry)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pAttrAts = VmDirFindAttrByName(pSchemaEntry, ATTR_ATTRIBUTETYPES);
-    pAttrOcs = VmDirFindAttrByName(pSchemaEntry, ATTR_OBJECTCLASSES);
-    pAttrCrs = VmDirFindAttrByName(pSchemaEntry, ATTR_DITCONTENTRULES);
-
-    if (!pAttrAts || !pAttrOcs || !pAttrCrs)
-    {
-        dwError = ERROR_INVALID_DATA;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirStringListInitialize(&pAtStrList, 2048);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < pAttrAts->numVals; i++)
-    {
-        pszDef = pAttrAts->vals[i].lberbv_val;
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirStringListAdd(pAtStrList, pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirStringListInitialize(&pOcStrList, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < pAttrOcs->numVals; i++)
-    {
-        pszDef = pAttrOcs->vals[i].lberbv_val;
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirStringListAdd(pOcStrList, pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirStringListInitialize(&pCrStrList, 512);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < pAttrCrs->numVals; i++)
-    {
-        pszDef = pAttrCrs->vals[i].lberbv_val;
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirStringListAdd(pCrStrList, pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirLdapSchemaLoadStrLists(
-            pLdapSchema, pAtStrList, pOcStrList, pCrStrList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VmDirStringListFree(pAtStrList);
-    VmDirStringListFree(pOcStrList);
-    VmDirStringListFree(pCrStrList);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
-
-DWORD
-VmDirLegacySchemaLoadSubSchemaSubEntry(
-    PVDIR_LEGACY_SCHEMA pLegacySchema,
-    PVDIR_ENTRY         pSchemaEntry
-    )
-{
-    DWORD   dwError = 0;
-    DWORD   i = 0;
-    PVDIR_ATTRIBUTE pAttrAts = NULL;
-    PVDIR_ATTRIBUTE pAttrOcs = NULL;
-    PVDIR_ATTRIBUTE pAttrCrs = NULL;
-    PVDIR_LDAP_ATTRIBUTE_TYPE   pAt = NULL;
-    PVDIR_LDAP_OBJECT_CLASS     pOc = NULL;
-    PVDIR_LDAP_CONTENT_RULE     pCr = NULL;
-    PSTR    pszDef = NULL;
-
-    if (!pLegacySchema || !pSchemaEntry)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pAttrAts = VmDirFindAttrByName(pSchemaEntry, ATTR_ATTRIBUTETYPES);
-    pAttrOcs = VmDirFindAttrByName(pSchemaEntry, ATTR_OBJECTCLASSES);
-    pAttrCrs = VmDirFindAttrByName(pSchemaEntry, ATTR_DITCONTENTRULES);
-
-    if (!pAttrAts || !pAttrOcs || !pAttrCrs)
-    {
-        dwError = ERROR_INVALID_DATA;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    for (i = 0; i < pAttrAts->numVals; i++)
-    {
-        pszDef = pAttrAts->vals[i].lberbv_val;
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapAtParseStr(pszDef, &pAt);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = LwRtlHashMapInsert(pLegacySchema->pAtDefStrMap,
-                pAt->pszName, pszDef, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapSchemaAddAt(pLegacySchema->pSchema, pAt);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pAt = NULL;
-    }
-
-    for (i = 0; i < pAttrOcs->numVals; i++)
-    {
-        pszDef = pAttrOcs->vals[i].lberbv_val;
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapOcParseStr(pszDef, &pOc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = LwRtlHashMapInsert(pLegacySchema->pOcDefStrMap,
-                pOc->pszName, pszDef, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapSchemaAddOc(pLegacySchema->pSchema, pOc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pOc = NULL;
-    }
-
-    for (i = 0; i < pAttrCrs->numVals; i++)
-    {
-        pszDef = pAttrCrs->vals[i].lberbv_val;
-
-        dwError = VmDirFixLegacySchemaDefSyntaxErr(pszDef, &pszDef);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapCrParseStr(pszDef, &pCr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = LwRtlHashMapInsert(pLegacySchema->pCrDefStrMap,
-                pCr->pszName, pszDef, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirLdapSchemaAddCr(pLegacySchema->pSchema, pCr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pCr = NULL;
-    }
-
-    dwError = VmDirLdapSchemaResolveAndVerifyAll(pLegacySchema->pSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeLdapAt(pAt);
-    VmDirFreeLdapOc(pOc);
-    VmDirFreeLdapCr(pCr);
-    goto cleanup;
-}
diff --git a/lwraft/server/schema/legacy/legacypatch.c b/lwraft/server/schema/legacy/legacypatch.c
deleted file mode 100644
index 98885a45b..000000000
--- a/lwraft/server/schema/legacy/legacypatch.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "../includes.h"
-
-DWORD
-VmDirPatchLocalSubSchemaSubEntry(
-    VOID
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_ENTRY pSchemaEntry = NULL;
-    PVDIR_LEGACY_SCHEMA pLegacySchema = NULL;
-    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
-    PVDIR_LDAP_SCHEMA   pMergedSchema = NULL;
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod = NULL;
-
-    dwError = VmDirReadSubSchemaSubEntry(&pSchemaEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaInit(&pLegacySchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaLoadSubSchemaSubEntry(
-            pLegacySchema, pSchemaEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLdapSchemaMerge(
-            pLegacySchema->pSchema, pSchemaCtx->pLdapSchema, &pMergedSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaModInit(&pLegacySchemaMod);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLegacySchemaModPopulate(
-            pLegacySchemaMod, pLegacySchema, pMergedSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirUpdateSubSchemaSubEntry(pLegacySchemaMod);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VmDirSchemaCtxRelease(pSchemaCtx);
-    VmDirFreeEntry(pSchemaEntry);
-    VmDirFreeLegacySchema(pLegacySchema);
-    VmDirFreeLdapSchema(pMergedSchema);
-    VmDirFreeLegacySchemaMod(pLegacySchemaMod);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
diff --git a/lwraft/server/schema/legacy/legacyutil.c b/lwraft/server/schema/legacy/legacyutil.c
deleted file mode 100644
index 4fa805f23..000000000
--- a/lwraft/server/schema/legacy/legacyutil.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "../includes.h"
-
-DWORD
-VmDirReadSubSchemaSubEntry(
-    PVDIR_ENTRY*    ppSubSchemaSubEntry
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_BACKEND_INTERFACE pBE = NULL;
-    PVDIR_ENTRY pEntry = NULL;
-
-    // bootstrap indication is required if and
-    // only if we search subschema subentry
-    gVdirSchemaGlobals.pVdirSchema->bIsBootStrapSchema = TRUE;
-
-    pBE = VmDirBackendSelect(NULL);
-    assert(pBE);
-
-    dwError = VmDirAllocateMemory(sizeof(VDIR_ENTRY), (PVOID*)&pEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = pBE->pfnBESimpleIdToEntry(SUB_SCEHMA_SUB_ENTRY_ID, pEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppSubSchemaSubEntry = pEntry;
-
-cleanup:
-    gVdirSchemaGlobals.pVdirSchema->bIsBootStrapSchema = FALSE;
-    return dwError;
-
-error:
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-            "%s subschema subentry not found (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeEntry(pEntry);
-    goto cleanup;
-}
-
-static
-DWORD
-_AddOperationMod(
-    PVDIR_OPERATION     pOperation,
-    int                 modOp,
-    PSTR                modType,
-    PVMDIR_STRING_LIST  modVals
-    )
-{
-    DWORD   dwError = 0, i = 0;
-    PVDIR_BERVALUE  pBerv = NULL;
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VDIR_BERVALUE) * (modVals->dwCount + 1),
-            (PVOID*)&pBerv);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (i = 0; i < modVals->dwCount; i++)
-    {
-        pBerv[i].lberbv_val = (PSTR)modVals->pStringList[i];
-        pBerv[i].lberbv_len = VmDirStringLenA(pBerv[i].lberbv_val);
-    }
-
-    dwError = VmDirOperationAddModReq(pOperation,
-            modOp, modType, pBerv, modVals->dwCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pBerv);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
-
-DWORD
-VmDirUpdateSubSchemaSubEntry(
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod
-    )
-{
-    DWORD   dwError = 0;
-    VDIR_OPERATION  ldapOp = {0};
-
-    dwError = VmDirInitStackOperation(&ldapOp,
-            VDIR_OPERATION_TYPE_INTERNAL,
-            LDAP_REQ_MODIFY,
-            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    ldapOp.pBEIF = VmDirBackendSelect(NULL);
-    ldapOp.reqDn.lberbv.bv_val = SUB_SCHEMA_SUB_ENTRY_DN;
-    ldapOp.reqDn.lberbv.bv_len = VmDirStringLenA(SUB_SCHEMA_SUB_ENTRY_DN);
-
-    ldapOp.request.modifyReq.dn.lberbv.bv_val = ldapOp.reqDn.lberbv.bv_val;
-    ldapOp.request.modifyReq.dn.lberbv.bv_len = ldapOp.reqDn.lberbv.bv_len;
-
-    if (pLegacySchemaMod->pAddCr->dwCount > 0)
-    {
-        dwError = _AddOperationMod(&ldapOp,
-                LDAP_MOD_ADD,
-                ATTR_DITCONTENTRULES,
-                pLegacySchemaMod->pAddCr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pLegacySchemaMod->pDelCr->dwCount > 0)
-    {
-        dwError = _AddOperationMod(&ldapOp,
-                LDAP_MOD_DELETE,
-                ATTR_DITCONTENTRULES,
-                pLegacySchemaMod->pDelCr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pLegacySchemaMod->pAddOc->dwCount > 0)
-    {
-        dwError = _AddOperationMod(&ldapOp,
-                LDAP_MOD_ADD,
-                ATTR_OBJECTCLASSES,
-                pLegacySchemaMod->pAddOc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pLegacySchemaMod->pDelOc->dwCount > 0)
-    {
-        dwError = _AddOperationMod(&ldapOp,
-                LDAP_MOD_DELETE,
-                ATTR_OBJECTCLASSES,
-                pLegacySchemaMod->pDelOc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pLegacySchemaMod->pAddAt->dwCount > 0)
-    {
-        dwError = _AddOperationMod(&ldapOp,
-                LDAP_MOD_ADD,
-                ATTR_ATTRIBUTETYPES,
-                pLegacySchemaMod->pAddAt);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pLegacySchemaMod->pDelAt->dwCount > 0)
-    {
-        dwError = _AddOperationMod(&ldapOp,
-                LDAP_MOD_DELETE,
-                ATTR_ATTRIBUTETYPES,
-                pLegacySchemaMod->pDelAt);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (ldapOp.request.modifyReq.numMods > 0)
-    {
-        dwError = VmDirInternalModifyEntry(&ldapOp);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-                "%s Updated local subschema subentry",
-                __FUNCTION__ );
-    }
-    else
-    {
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-                "%s local subschema subentry is up-to-date",
-                __FUNCTION__ );
-    }
-
-cleanup:
-    VmDirFreeOperationContent(&ldapOp);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
diff --git a/lwraft/server/schema/libmain.c b/lwraft/server/schema/libmain.c
index c04c9d596..74fdbac30 100644
--- a/lwraft/server/schema/libmain.c
+++ b/lwraft/server/schema/libmain.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -36,16 +36,18 @@
  */
 DWORD
 VmDirSchemaLibInit(
-    VOID
+    PVMDIR_MUTEX*   ppModMutex
     )
 {
     DWORD   dwError = 0;
 
-    // legacy support
-    // - replace with VDIR_SCHEMA_BOOTSTRP_ATTR_INITIALIZER
-    //   when legacy support is no longer required
     VDIR_SCHEMA_BOOTSTRAP_TABLE ATTable[] =
-            VDIR_LEGACY_SCHEMA_BOOTSTRP_ATTR_INITIALIZER;
+            VDIR_SCHEMA_BOOTSTRP_ATTR_INITIALIZER;
+
+    if (!ppModMutex)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
     dwError = VdirSyntaxLoad();
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -59,7 +61,15 @@ VmDirSchemaLibInit(
     dwError = VmDirAllocateMutex(&gVdirSchemaGlobals.cacheModMutex);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapSchemaInit(&gVdirSchemaGlobals.pPendingLdapSchema);
+    dwError = VmDirLdapSchemaInit(&gVdirSchemaGlobals.pLdapSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaInstanceCreate(
+            gVdirSchemaGlobals.pLdapSchema,
+            &gVdirSchemaGlobals.pVdirSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VdirSchemaCtxAcquireInLock(TRUE, &gVdirSchemaGlobals.pCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSchemaAttrIdMapInit(&gVdirSchemaGlobals.pAttrIdMap);
@@ -73,19 +83,17 @@ VmDirSchemaLibInit(
     dwError = VmDirSchemaLibLoadBootstrapTable(ATTable);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSchemaLibUpdate(0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // legacy support
-    dwError = VmDirSchemaLibInitLegacy();
-    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppModMutex = gVdirSchemaGlobals.cacheModMutex;
 
 cleanup:
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -97,14 +105,18 @@ VmDirSchemaLibLoadBootstrapTable(
 {
     DWORD   dwError = 0;
     DWORD   i = 0;
-    PVDIR_LDAP_SCHEMA   pLdapSchema = NULL;
-    PVDIR_SCHEMA_INSTANCE   pVdirSchema = NULL;
+    PVDIR_LDAP_SCHEMA   pCurLdapSchema = NULL;
+    PVDIR_LDAP_SCHEMA   pNewLdapSchema = NULL;
+    PVDIR_SCHEMA_INSTANCE   pNewVdirSchema = NULL;
     PVDIR_SCHEMA_ATTR_ID_MAP    pAttrIdMap = NULL;
 
-    pLdapSchema = gVdirSchemaGlobals.pPendingLdapSchema;
+    pCurLdapSchema = gVdirSchemaGlobals.pLdapSchema;
     pAttrIdMap = gVdirSchemaGlobals.pAttrIdMap;
 
-    assert(pLdapSchema && pAttrIdMap);
+    assert(pCurLdapSchema && pAttrIdMap);
+
+    dwError = VmDirLdapSchemaCopy(pCurLdapSchema, &pNewLdapSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     for (i = 0 ; bootstrapTable[i].usAttrID; i++)
     {
@@ -113,7 +125,7 @@ VmDirSchemaLibLoadBootstrapTable(
         dwError = VmDirLdapAtParseStr(bootstrapTable[i].pszDesc, &pAt);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapSchemaAddAt(pLdapSchema, pAt);
+        dwError = VmDirLdapSchemaAddAt(pNewLdapSchema, pAt);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         if (VmDirSchemaAttrIdMapGetAttrId(pAttrIdMap, pAt->pszName, NULL) != 0)
@@ -124,48 +136,56 @@ VmDirSchemaLibLoadBootstrapTable(
         }
     }
 
-    dwError = VmDirSchemaInstanceCreate(pLdapSchema, &pVdirSchema);
+    dwError = VmDirSchemaInstanceCreate(pNewLdapSchema, &pNewVdirSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    gVdirSchemaGlobals.pPendingVdirSchema = pVdirSchema;
+    gVdirSchemaGlobals.pPendingLdapSchema = pNewLdapSchema;
+    pNewLdapSchema = NULL;
+
+    gVdirSchemaGlobals.pPendingVdirSchema = pNewVdirSchema;
+    pNewVdirSchema = NULL;
+
+    dwError = VmDirSchemaLibUpdate(0);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    VmDirFreeSchemaInstance(pVdirSchema);
+    VmDirFreeLdapSchema(pNewLdapSchema);
+    VmDirFreeSchemaInstance(pNewVdirSchema);
     goto cleanup;
 }
 
 DWORD
-VmDirSchemaLibPrepareUpdateViaFile(
+VmDirSchemaLibLoadFile(
     PCSTR   pszSchemaFilePath
     )
 {
     DWORD   dwError = 0;
     PVDIR_LDAP_SCHEMA   pCurLdapSchema = NULL;
-    PVDIR_LDAP_SCHEMA   pTmpLdapSchema = NULL;
     PVDIR_LDAP_SCHEMA   pNewLdapSchema = NULL;
     PVDIR_SCHEMA_INSTANCE   pNewVdirSchema = NULL;
     LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
     LW_HASHMAP_PAIR pair = {NULL, NULL};
 
-    pCurLdapSchema = gVdirSchemaGlobals.pLdapSchema;
-
-    dwError = VmDirLdapSchemaInit(&pTmpLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (IsNullOrEmptyString(pszSchemaFilePath))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
-    dwError = VmDirLdapSchemaLoadFile(pTmpLdapSchema, pszSchemaFilePath);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    pCurLdapSchema = gVdirSchemaGlobals.pLdapSchema;
 
-    dwError = VmDirLdapSchemaMerge(
-            pCurLdapSchema, pTmpLdapSchema, &pNewLdapSchema);
+    dwError = VmDirLdapSchemaCopy(pCurLdapSchema, &pNewLdapSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapSchemaRemoveNoopData(pNewLdapSchema);
+    dwError = VmDirLdapSchemaLoadFile(pNewLdapSchema, pszSchemaFilePath);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     while (LwRtlHashMapIterate(pNewLdapSchema->attributeTypes, &iter, &pair))
@@ -185,15 +205,23 @@ VmDirSchemaLibPrepareUpdateViaFile(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     gVdirSchemaGlobals.pPendingLdapSchema = pNewLdapSchema;
+    pNewLdapSchema = NULL;
+
     gVdirSchemaGlobals.pPendingVdirSchema = pNewVdirSchema;
+    pNewVdirSchema = NULL;
+
+    dwError = VmDirSchemaLibUpdate(0);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VmDirFreeLdapSchema(pTmpLdapSchema);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeLdapSchema(pNewLdapSchema);
     VmDirFreeSchemaInstance(pNewVdirSchema);
@@ -201,9 +229,8 @@ VmDirSchemaLibPrepareUpdateViaFile(
 }
 
 DWORD
-VmDirSchemaLibPrepareUpdateViaEntries(
-    PVDIR_ENTRY_ARRAY   pAtEntries,
-    PVDIR_ENTRY_ARRAY   pOcEntries
+VmDirSchemaLibLoadAttributeSchemaEntries(
+    PVDIR_ENTRY_ARRAY   pAtEntries
     )
 {
     DWORD   dwError = 0;
@@ -212,10 +239,9 @@ VmDirSchemaLibPrepareUpdateViaEntries(
     PVDIR_LDAP_SCHEMA   pNewLdapSchema = NULL;
     PVDIR_SCHEMA_INSTANCE   pNewVdirSchema = NULL;
 
-    if (!pAtEntries || !pOcEntries)
+    if (!pAtEntries)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pCurLdapSchema = gVdirSchemaGlobals.pLdapSchema;
@@ -234,6 +260,57 @@ VmDirSchemaLibPrepareUpdateViaEntries(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    dwError = VmDirLdapSchemaResolveAndVerifyAll(pNewLdapSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaInstanceCreate(pNewLdapSchema, &pNewVdirSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    gVdirSchemaGlobals.pPendingLdapSchema = pNewLdapSchema;
+    pNewLdapSchema = NULL;
+
+    gVdirSchemaGlobals.pPendingVdirSchema = pNewVdirSchema;
+    pNewVdirSchema = NULL;
+
+    dwError = VmDirSchemaLibUpdate(0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeLdapSchema(pNewLdapSchema);
+    VmDirFreeSchemaInstance(pNewVdirSchema);
+    goto cleanup;
+}
+
+DWORD
+VmDirSchemaLibLoadClassSchemaEntries(
+    PVDIR_ENTRY_ARRAY   pOcEntries
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    PVDIR_LDAP_SCHEMA   pCurLdapSchema = NULL;
+    PVDIR_LDAP_SCHEMA   pNewLdapSchema = NULL;
+    PVDIR_SCHEMA_INSTANCE   pNewVdirSchema = NULL;
+
+    if (!pOcEntries)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    pCurLdapSchema = gVdirSchemaGlobals.pLdapSchema;
+
+    dwError = VmDirLdapSchemaCopy(pCurLdapSchema, &pNewLdapSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     for (i = 0; i < pOcEntries->iSize; i++)
     {
         PVDIR_LDAP_OBJECT_CLASS pOc = NULL;
@@ -262,14 +339,23 @@ VmDirSchemaLibPrepareUpdateViaEntries(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     gVdirSchemaGlobals.pPendingLdapSchema = pNewLdapSchema;
+    pNewLdapSchema = NULL;
+
     gVdirSchemaGlobals.pPendingVdirSchema = pNewVdirSchema;
+    pNewVdirSchema = NULL;
+
+    dwError = VmDirSchemaLibUpdate(0);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeLdapSchema(pNewLdapSchema);
     VmDirFreeSchemaInstance(pNewVdirSchema);
@@ -296,15 +382,16 @@ VmDirSchemaLibPrepareUpdateViaModify(
 
     if (!pSchemaEntry || !pOperation)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     pClassAttr = VmDirFindAttrByName(pSchemaEntry, ATTR_OBJECT_CLASS);
     if (!pClassAttr)
     {
-        dwError = ERROR_INVALID_ENTRY;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg,
+        dwError = VMDIR_ERROR_OBJECTCLASS_VIOLATION;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                dwError,
+                pszLocalErrMsg,
                 "missing objectclass attribute");
     }
 
@@ -375,7 +462,9 @@ VmDirSchemaLibPrepareUpdateViaModify(
     }
 
     dwError = ERROR_INVALID_ENTRY;
-    BAIL_ON_VMDIR_ERROR_WITH_MSG(dwError, pszLocalErrMsg,
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(
+            dwError,
+            pszLocalErrMsg,
             "Not a schema object entry");
 
 updatelib:
@@ -390,9 +479,12 @@ VmDirSchemaLibPrepareUpdateViaModify(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (%s)",
-            __FUNCTION__, dwError, pszLocalErrMsg );
+            __FUNCTION__,
+            dwError,
+            pszLocalErrMsg);
 
     VMDIR_SET_LDAP_RESULT_ERROR(&pOperation->ldapResult,
             dwError, pszLocalErrMsg);
@@ -458,8 +550,11 @@ VmDirSchemaLibUpdate(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirSchemaAttrIdMapRemoveAllPending(gVdirSchemaGlobals.pAttrIdMap);
     VmDirFreeSchemaInstance(pNewVdirSchema);
diff --git a/lwraft/server/schema/parse.c b/lwraft/server/schema/parse.c
index 6be738974..124486f09 100644
--- a/lwraft/server/schema/parse.c
+++ b/lwraft/server/schema/parse.c
@@ -25,8 +25,7 @@ VmDirSchemaATDescCreate(
 
     if (!pLdapAt || !ppATDesc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -77,8 +76,7 @@ VmDirSchemaOCDescCreate(
 
     if (!pLdapOc || !ppOCDesc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -116,8 +114,7 @@ VmDirSchemaCRDescCreate(
 
     if (!pLdapCr || !ppCRDesc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -155,8 +152,7 @@ VmDirSchemaSRDescCreate(
 
     if (!pLdapSr || !ppSRDesc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -189,8 +185,7 @@ VmDirSchemaNFDescCreate(
 
     if (!pLdapNf || !ppNFDesc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -229,8 +224,7 @@ VmDirLdapAtParseVdirEntry(
 
     if (!pEntry || !ppAt)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -308,17 +302,20 @@ VmDirLdapAtParseVdirEntry(
         else if (VmDirStringCompareA(ATTR_UNIQUENESS_SCOPE,
                 pAttr->type.lberbv_val, FALSE) == 0)
         {
-            dwError = VmDirAllocateMemory(
-                    sizeof(char*)*(pAttr->numVals+1),
-                    (PVOID*)&ppszUniqueScopes);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            for (i = 0; i < pAttr->numVals; i++)
+            if (pAttr->numVals > 0)
             {
-                dwError = VmDirAllocateStringA(
-                        pAttr->vals[i].lberbv_val,
-                        &ppszUniqueScopes[i]);
+                dwError = VmDirAllocateMemory(
+                        sizeof(char*)*(pAttr->numVals+1),
+                        (PVOID*)&ppszUniqueScopes);
                 BAIL_ON_VMDIR_ERROR(dwError);
+
+                for (i = 0; i < pAttr->numVals; i++)
+                {
+                    dwError = VmDirAllocateStringA(
+                            pAttr->vals[i].lberbv_val,
+                            &ppszUniqueScopes[i]);
+                    BAIL_ON_VMDIR_ERROR(dwError);
+                }
             }
         }
         pAttr = pAttr->next;
@@ -340,6 +337,7 @@ VmDirLdapAtParseVdirEntry(
     {
         ldap_attributetype_free(pSource);
     }
+    VmDirFreeStrArray(ppszUniqueScopes);
     VmDirFreeLdapAt(pAt);
     goto cleanup;
 }
@@ -357,8 +355,7 @@ VmDirLdapOcParseVdirEntry(
 
     if (!pEntry || !ppOc)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
@@ -478,8 +475,7 @@ VmDirLdapCrParseVdirEntry(
 
     if (!pEntry || !ppCr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     dwError = VmDirAllocateMemory(
diff --git a/lwraft/server/schema/prototypes.h b/lwraft/server/schema/prototypes.h
index 48233a0f1..a0e50726c 100644
--- a/lwraft/server/schema/prototypes.h
+++ b/lwraft/server/schema/prototypes.h
@@ -53,13 +53,6 @@ VmDirSchemaIsAncestorOC(
     PVDIR_SCHEMA_OC_DESC    pAncestorOCDesc
     );
 
-// check.c
-DWORD
-VmDirSchemaGetEntryStructureOCDesc(
-    PVDIR_ENTRY             pEntry,
-    PVDIR_SCHEMA_OC_DESC*   ppStructureOCDesc   // caller does not own *ppStructureOCDesc
-    );
-
 // idmap.c
 DWORD
 VmDirSchemaAttrIdMapInit(
@@ -253,31 +246,6 @@ syntaxOID(
     PVDIR_BERVALUE pBerv
     );
 
-// legacy/legacyload.c
-DWORD
-VmDirSchemaAttrIdMapLoadSubSchemaSubEntry(
-    PVDIR_SCHEMA_ATTR_ID_MAP    pAttrIdMap,
-    PVDIR_ENTRY                 pSchemaEntry
-    );
-
-DWORD
-VmDirLdapSchemaLoadSubSchemaSubEntry(
-    PVDIR_LDAP_SCHEMA   pLdapSchema,
-    PVDIR_ENTRY         pSchemaEntry
-    );
-
-DWORD
-VmDirLegacySchemaLoadSubSchemaSubEntry(
-    PVDIR_LEGACY_SCHEMA pLegacySchema,
-    PVDIR_ENTRY         pSchemaEntry
-    );
-
-// legacy/legacyutil.c
-DWORD
-VmDirUpdateSubSchemaSubEntry(
-    PVDIR_LEGACY_SCHEMA_MOD pLegacySchemaMod
-    );
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/schema/structs.h b/lwraft/server/schema/structs.h
index 01c2006c0..506d46f93 100644
--- a/lwraft/server/schema/structs.h
+++ b/lwraft/server/schema/structs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -54,22 +54,6 @@ typedef struct _VDIR_SCHEMA_AT_COLLECION
 
 } VDIR_SCHEMA_AT_COLLECTION, *PVDIR_SCHEMA_AT_COLLECTION;
 
-typedef struct _VDIR_SCHEMA_OC_DESC
-{
-    PVDIR_LDAP_OBJECT_CLASS pLdapOc;
-
-    PSTR        pszName;
-    PSTR        pszOid;
-    PSTR        pszSup;
-    PSTR*       ppszMustATs;    // ends with NULL PSTR
-    PSTR*       ppszMayATs;     // ends with NULL PSTR
-
-    BOOLEAN     bObsolete;
-
-    VDIR_LDAP_OBJECT_CLASS_TYPE type;
-
-} VDIR_SCHEMA_OC_DESC;
-
 typedef struct _VDIR_SCHEMA_OC_COLLECTION
 {
     PLW_HASHMAP byName;
diff --git a/lwraft/server/schema/util.c b/lwraft/server/schema/util.c
index e8de3be79..850f20599 100644
--- a/lwraft/server/schema/util.c
+++ b/lwraft/server/schema/util.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -15,27 +15,23 @@
 #include "includes.h"
 
 DWORD
-VmDirReadSchemaObjects(
-    PVDIR_ENTRY_ARRAY*  ppAtEntries,
-    PVDIR_ENTRY_ARRAY*  ppOcEntries
+VmDirReadAttributeSchemaObjects(
+    PVDIR_ENTRY_ARRAY*  ppAtEntries
     )
 {
     DWORD   dwError = 0;
     PVDIR_ENTRY_ARRAY   pAtEntries = NULL;
-    PVDIR_ENTRY_ARRAY   pOcEntries = NULL;
 
-    assert(ppAtEntries && ppOcEntries);
+    if (!ppAtEntries)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
     dwError = VmDirAllocateMemory(
             sizeof(VDIR_ENTRY_ARRAY),
             (PVOID*)&pAtEntries);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateMemory(
-            sizeof(VDIR_ENTRY_ARRAY),
-            (PVOID*)&pOcEntries);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirSimpleEqualFilterInternalSearch(
             SCHEMA_NAMING_CONTEXT_DN,
             LDAP_SCOPE_SUBTREE,
@@ -44,53 +40,72 @@ VmDirReadSchemaObjects(
             pAtEntries);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSimpleEqualFilterInternalSearch(
-            SCHEMA_NAMING_CONTEXT_DN,
-            LDAP_SCOPE_SUBTREE,
-            ATTR_OBJECT_CLASS,
-            OC_CLASS_SCHEMA,
-            pOcEntries);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (pAtEntries->iSize == 0 && pOcEntries->iSize == 0)
+    if (pAtEntries->iSize == 0)
     {
         dwError = ERROR_BACKEND_ENTRY_NOTFOUND;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     *ppAtEntries = pAtEntries;
-    *ppOcEntries = pOcEntries;
 
 cleanup:
     return dwError;
 
 error:
+    VMDIR_LOG_WARNING(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     VmDirFreeEntryArray(pAtEntries);
-    VmDirFreeEntryArray(pOcEntries);
     goto cleanup;
 }
 
 DWORD
-VmDirWriteSchemaObjects(
-    VOID
+VmDirReadClassSchemaObjects(
+    PVDIR_ENTRY_ARRAY*  ppOcEntries
     )
 {
     DWORD   dwError = 0;
-    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+    PVDIR_ENTRY_ARRAY   pOcEntries = NULL;
+
+    if (!ppOcEntries)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
-    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_ENTRY_ARRAY),
+            (PVOID*)&pOcEntries);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirPatchLocalSchemaObjects(NULL, pSchemaCtx);
+    dwError = VmDirSimpleEqualFilterInternalSearch(
+            SCHEMA_NAMING_CONTEXT_DN,
+            LDAP_SCOPE_SUBTREE,
+            ATTR_OBJECT_CLASS,
+            OC_CLASS_SCHEMA,
+            pOcEntries);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    if (pOcEntries->iSize == 0)
+    {
+        dwError = ERROR_BACKEND_ENTRY_NOTFOUND;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppOcEntries = pOcEntries;
+
 cleanup:
-    VmDirSchemaCtxRelease(pSchemaCtx);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_WARNING(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
+    VmDirFreeEntryArray(pOcEntries);
     goto cleanup;
 }
diff --git a/lwraft/server/vmdir/Makefile.am b/lwraft/server/vmdir/Makefile.am
index 649fa353a..7afd3085c 100644
--- a/lwraft/server/vmdir/Makefile.am
+++ b/lwraft/server/vmdir/Makefile.am
@@ -1,80 +1,81 @@
-sbin_PROGRAMS = lwraftd
+sbin_PROGRAMS = postd
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/lwraft/idl
 
-lwraftd_SOURCES = \
+postd_SOURCES = \
     accountmgmt.c \
     auth.c \
     globals.c \
     index.c \
     init.c \
     instance.c \
-    ipcserver.c \
-    ipclocalapi.c \
     ipcapihandler.c \
-    parseargs.c \
+    ipclocalapi.c \
+    ipcserver.c \
+    krb.c \
     main.c \
+    metricsinit.c \
+    parseargs.c \
     regconfig.c \
+    rpc.c \
     rpcserv.c \
-    rpcsrpserv.c \
     rpcstring.c \
-    rpc.c \
     schema.c \
     service.c \
     shutdown.c \
     signal.c \
     srvthr.c \
     superlogging.c \
+    tenantmgmt.c \
+    tracklastlogin.c \
     utils.c \
-    krb.c \
+    vmevent.c \
     vmdir_sstub.c \
-    vmdirftp_sstub.c \
     vmdirdbcp_sstub.c \
-    srp_verifier_sstub.c \
     vmdirsuperlog_sstub.c \
-    vmevent.c \
-    urgentrepl.c \
-    tracklastlogin.c \
-    vmdirurgentrepl_sstub.c \
     vmdirraft_sstub.c
 
-if HAVE_MDB_STORE
 VMDIRD_BACKEND_INCLUDES=
 VMDIRD_BACKEND_LD_FLAGS=
-VMDIRD_BACKEND_STORE= $(top_builddir)/server/mdb-store/libmdb-store.la
-endif
+VMDIRD_BACKEND_STORE= $(top_builddir)/lwraft/server/mdb-store/libmdb-store.la
 
-lwraftd_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty \
-    -I$(top_srcdir)/server/include \
+postd_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/lwraft/thirdparty \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public \
+    -I$(top_srcdir)/vmevent/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
     $(VMDIRD_BACKEND_INCLUDES) \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@ \
-    @VMEVENT_INCLUDES@
+    @OPENSSL_INCLUDES@
 
-lwraftd_LDADD = \
-    $(top_builddir)/server/vmkdc/libvmkdcserv.la \
-    $(top_builddir)/server/ldap-head/libldap-head.la \
-    $(top_builddir)/server/indexcfg/libindexcfg.la \
-    $(top_builddir)/server/middle-layer/libmiddle-layer.la \
-    $(top_builddir)/server/schema/libschema.la \
-    $(top_builddir)/server/acl/libvmacl.la \
-    $(top_builddir)/server/backend/libbackend.la \
+postd_LDADD = \
+    $(top_builddir)/lwraft/server/ldap-head/libldap-head.la \
+    $(top_builddir)/lwraft/server/rest-head/librest-head.la \
+    $(top_builddir)/lwraft/server/indexcfg/libindexcfg.la \
+    $(top_builddir)/lwraft/server/middle-layer/libmiddle-layer.la \
+    $(top_builddir)/lwraft/server/schema/libschema.la \
+    $(top_builddir)/lwraft/server/acl/libvmacl.la \
+    $(top_builddir)/lwraft/server/backend/libbackend.la \
     $(VMDIRD_BACKEND_STORE) \
-    $(top_builddir)/server/replication/libreplication.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/lwraft/server/replication/libreplication.la \
+    $(top_builddir)/lwraft/client/libpostclient.la \
+    $(top_builddir)/lwraft/server/common/libsrvcommon.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    $(top_builddir)/lwraft/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
+    $(top_builddir)/lwraft/thirdparty/heimdal/asn1/libasn1db.la \
+    $(top_builddir)/lwraft/thirdparty/heimdal/asn1/libasn1.la \
+    $(top_builddir)/lwraft/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmidentity/ssoclients/common/src/libssocommon.la \
+    $(top_builddir)/vmidentity/ssoclients/oidc/src/libssooidc.la \
+    $(top_builddir)/vmmetrics/libvmmetrics.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -89,56 +90,44 @@ lwraftd_LDADD = \
     @LBER_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
-    @PTHREAD_LIBS@
+    @PTHREAD_LIBS@ \
+    @JANSSON_LIBS@ \
+    @COPENAPI_LIBS@ \
+    @CRESTENGINE_LIBS@
 
-lwraftd_LDFLAGS = \
+postd_LDFLAGS = \
     -rdynamic -ldl \
     $(VMDIRD_BACKEND_LD_FLAGS) \
     @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
+    @LW_LDFLAGS@ \
+    @JANSSON_LDFLAGS@ \
+    @COPENAPI_LDFLAGS@ \
+    @CRESTENGINE_LDFLAGS@
 
 CLEANFILES = \
     vmdir_h.h \
     vmdir_cstub.c \
     vmdir_sstub.c \
-    vmdirftp_h.h \
     vmdirdbcp_h.h \
-    vmdirftp_cstub.c \
     vmdirdbcp_cstub.c \
-    vmdirftp_sstub.c \
     vmdirdbcp_sstub.c \
-    srp_verifier_h.h \
-    srp_verifier_cstub.c \
-    srp_verifier_sstub.c \
     vmdirsuperlog_h.h \
     vmdirsuperlog_cstub.c \
     vmdirsuperlog_sstrub.c \
-    vmdirurgentrepl_h.h \
-    vmdirurgentrepl_cstub.c \
-    vmdirurgentrepl_sstub.c \
     vmdirraft_h.h \
     vmdirraft_cstub.c \
     vmdirraft_sstub.c
 
-BUILT_SOURCES = vmdir_h.h vmdirftp_h.h vmdirdbcp_h.h srp_verifier_h.h vmdirsuperlog_h.h vmdirurgentrepl_h.h vmdirraft_h.h
+BUILT_SOURCES = vmdir_h.h vmdirdbcp_h.h vmdirsuperlog_h.h vmdirraft_h.h
 
 vmdir_h.h vmdir_sstub.c: $(idl_srcdir)/vmdir.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdir_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
 
-vmdirftp_h.h vmdirftp_sstub.c: $(idl_srcdir)/vmdirftp.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirftp_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) $<
-
 vmdirdbcp_h.h vmdirdbcp_sstub.c: $(idl_srcdir)/vmdirdbcp.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirdbcp_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) $<
 
-srp_verifier_h.h srp_verifier_sstub.c: $(idl_srcdir)/srp_verifier.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header srp_verifier_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) $<
-
 vmdirsuperlog_h.h vmdirsuperlog_sstub.c: $(idl_srcdir)/vmdirsuperlog.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
-
-vmdirurgentrepl_h.h vmdirurgentrepl_sstub.c: $(idl_srcdir)/vmdirurgentrepl.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirurgentrepl_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/lwraft/include/public $<
 
 vmdirraft_h.h vmdirraft_sstub.c: $(idl_srcdir)/vmdirraft.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirraft_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) $<
diff --git a/lwraft/server/vmdir/accountmgmt.c b/lwraft/server/vmdir/accountmgmt.c
index 006aac962..eee31123f 100644
--- a/lwraft/server/vmdir/accountmgmt.c
+++ b/lwraft/server/vmdir/accountmgmt.c
@@ -265,7 +265,7 @@ VmDirUPNToAccountDN(
     dwError = VmDirFQDNToDN(pszRealm+1, &pszLocalDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszLocalAccountDN,
                     "%s=%s,%s,%s",
                     pszAccountRDNAttr,
@@ -317,7 +317,7 @@ VmDirResetPassword(
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
     VmDirFreeBervalContent(&bvPassword);
 
     return dwError;
diff --git a/lwraft/server/vmdir/auth.c b/lwraft/server/vmdir/auth.c
index be63f0c5d..c59a32d45 100644
--- a/lwraft/server/vmdir/auth.c
+++ b/lwraft/server/vmdir/auth.c
@@ -24,132 +24,12 @@ LogAccessInfo(
     ULONG ulAccessDesired
     );
 
-static
-ULONG
-ConstructBasicSD(
-    PSECURITY_DESCRIPTOR_ABSOLUTE * ppSD
-    );
-
 static
 VOID
 VmDirSrvFreeAccessToken(
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken
     );
 
-// Construct SD for VMware Identity Service resources.
-//
-// Current ACLs are:
-// - Allow READ access to all Authenticated users.
-// - Allow READ-WRITE access to Builtin admins
-ULONG
-ConstructSDForVmDirServ(
-    PSECURITY_DESCRIPTOR_ABSOLUTE * ppSD
-    )
-{
-    ULONG ulError = 0;
-    PACL  pDacl = NULL;
-    ULONG ulDaclSize = 0;
-
-    union
-    {
-        SID sid;
-        BYTE buffer[SID_MAX_SIZE];
-    } authenticatedUsersSID;
-
-    union
-    {
-        SID sid;
-        BYTE buffer[SID_MAX_SIZE];
-    } builtinAdminsSID;
-
-    ULONG sidSize = 0;
-    ULONG ulAccessMask = 0;
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSD = NULL;
-
-    ulError = ConstructBasicSD(&pSD);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    // obtain a sid for the Authenticated Users Group
-    sidSize = sizeof(authenticatedUsersSID.buffer);
-
-    ulError = VmDirCreateWellKnownSid(
-                WinAuthenticatedUserSid,
-                NULL,
-                &authenticatedUsersSID.sid,
-                &sidSize);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    // obtain a sid for the Builtin Admins Group
-    sidSize = sizeof(builtinAdminsSID.buffer);
-
-    ulError = VmDirCreateWellKnownSid(
-                WinBuiltinAdministratorsSid,
-                NULL,
-                &builtinAdminsSID.sid,
-                &sidSize);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    // Compute size needed for the ACL.
-    ulDaclSize = ACL_HEADER_SIZE +
-                 sizeof(ACCESS_ALLOWED_ACE) + SID_MAX_SIZE +
-                 sizeof(ACCESS_ALLOWED_ACE) + SID_MAX_SIZE;
-
-    ulError = VmDirAllocateMemory(ulDaclSize, (PVOID *) &pDacl);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    ulError = VmDirCreateAcl(
-                pDacl,
-                ulDaclSize,
-                ACL_REVISION
-    );
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    // Add the READ access allowed to Authenticated users ACE to the DACL.
-    ulAccessMask = GENERIC_READ;
-    ulError = VmDirAddAccessAllowedAceEx(
-                    pDacl,
-                    ACL_REVISION,
-                    0,
-                    ulAccessMask,
-                    &authenticatedUsersSID.sid
-    );
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    // Add the READ-WRITE access allowed to Builtin admins ACE to the DACL.
-    ulAccessMask = GENERIC_READ | GENERIC_WRITE;
-    ulError = VmDirAddAccessAllowedAceEx(
-                              pDacl,
-                              ACL_REVISION,
-                              0,
-                              ulAccessMask,
-                              &builtinAdminsSID.sid
-    );
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    // Set our DACL in the SD.
-    ulError = VmDirSetDaclSecurityDescriptor(
-                               pSD,
-                               TRUE,
-                               pDacl,
-                               FALSE);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   *ppSD = pSD;
-
-cleanup:
-
-   return ulError;
-
-error:
-
-    *ppSD = NULL;
-
-    VMDIR_SAFE_FREE_MEMORY(pSD);
-    VMDIR_SAFE_FREE_MEMORY(pDacl);
-
-    goto cleanup;
-}
-
 DWORD
 VmDirSrvCreateAccessToken(
     PCSTR pszUPN,
@@ -469,69 +349,6 @@ LogAccessInfo(
    return ulError;
 }
 
-//
-// Construct basic security descriptor without ACLs
-//
-static
-ULONG
-ConstructBasicSD(
-    PSECURITY_DESCRIPTOR_ABSOLUTE * ppSD
-    )
-{
-   ULONG ulError = 0;
-   PCSTR pAdminSID = "S-1-5-32-544"; // Built-in Administrators SID
-   PSID  pOwnerSid = NULL;
-   PSID  pGroupSid = NULL;
-   PSECURITY_DESCRIPTOR_ABSOLUTE pSD = NULL;
-
-   ulError = VmDirAllocateMemory(
-                   SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE,
-                   (PVOID *) &pSD);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   ulError = VmDirCreateSecurityDescriptorAbsolute(
-                               pSD,
-                               SECURITY_DESCRIPTOR_REVISION);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   // Just set Administrators group as Owner & Group
-   ulError = VmDirAllocateSidFromCString(pAdminSID, &pOwnerSid);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   ulError = VmDirSetOwnerSecurityDescriptor(
-                               pSD,
-                               pOwnerSid,
-                               FALSE);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   // Just set Administrators group as Owner & Group
-   ulError = VmDirAllocateSidFromCString(pAdminSID, &pGroupSid);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   ulError = VmDirSetGroupSecurityDescriptor(
-                               pSD,
-                               pGroupSid,
-                               FALSE);
-   BAIL_ON_VMDIR_ERROR(ulError);
-
-   *ppSD = pSD;
-
-cleanup:
-
-   return ulError;
-
-error:
-
-    *ppSD = NULL;
-
-    VMDIR_SAFE_FREE_MEMORY(pSD);
-
-    VMDIR_SAFE_FREE_MEMORY(pOwnerSid);
-    VMDIR_SAFE_FREE_MEMORY(pGroupSid);
-
-    goto cleanup;
-}
-
 static
 VOID
 VmDirSrvFreeAccessToken(
diff --git a/lwraft/server/vmdir/defines.h b/lwraft/server/vmdir/defines.h
index 659609ec1..a84496edc 100644
--- a/lwraft/server/vmdir/defines.h
+++ b/lwraft/server/vmdir/defines.h
@@ -24,9 +24,8 @@
 #define VMDIR_OPTION_LDAP_PORT              'p'
 #define VMDIR_OPTION_ENABLE_SYSLOG          's'
 #define VMDIR_OPTION_CONSOLE_MODE           'c'
-#define VMDIR_OPTION_PATCH_SCHEMA           'u'
 #define VMDIR_OPTION_RUN_MODE               'm' // Start server in restore or stand-alone mode
-#define VMDIR_OPTIONS_VALID                 "f:l:L:p:scum:"
+#define VMDIR_OPTIONS_VALID                 "f:l:L:p:scm:"
 
 #define VMDIR_IF_HANDLE_T rpc_if_handle_t
 #define VMDIR_RPC_BINDING_VECTOR_P_T rpc_binding_vector_p_t
@@ -36,8 +35,8 @@
 
 
 #define VMDIR_MAX_CONFIG_VALUE_LENGTH   2048
-#define VMDIR_CONFIG_PARAMETER_PARAMS_KEY_PATH "Services\\lwraft\\Parameters"
-#define VMDIR_CONFIG_CREDS_KEY_PATH     "Services\\lwraft\\Parameters\\Credentials"
+#define VMDIR_CONFIG_PARAMETER_PARAMS_KEY_PATH "Services\\post\\Parameters"
+#define VMDIR_CONFIG_CREDS_KEY_PATH     "Services\\post\\Parameters\\Credentials"
 
 #define VMDIR_ADDR_INFO_NEXT( ifa ) ifa->ifa_next
 #define VMDIR_ADDR_INFO_FLAGS( ifa ) ifa->ifa_flags
@@ -54,7 +53,6 @@
 #define VMDIR_OPTION_LDAP_PORT              "-p"
 #define VMDIR_OPTION_ENABLE_SYSLOG          "-s"
 #define VMDIR_OPTION_CONSOLE_MODE           "-c"
-#define VMDIR_OPTION_PATCH_SCHEMA           "-u"
 #define VMDIR_OPTION_RUN_MODE               "-m" // Start server in restore or stand-alone mode
 
 #if defined(HAVE_DCERPC_WIN32)
@@ -157,58 +155,47 @@
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_LDAP_LISTEN_PORTS,  \
-        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_MULTISTRING,  \
-        /*.RegDataType    = */ REG_MULTI_SZ,                     \
-        /*.dwMin          = */ 0,                                \
-        /*.dwMax          = */ 0,                                \
-        /*.dwDefault      = */ 0,                                \
-        /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAP_PORT_STR "\000",     \
-        /*.pszValue       = */ NULL                              \
-    },                                                           \
-    {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_LDAPS_LISTEN_PORTS, \
-        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_MULTISTRING,  \
-        /*.RegDataType    = */ REG_MULTI_SZ,                     \
+        /*.pszName        = */ VMDIR_REG_KEY_LDAP_PORT,          \
+        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_DWORD,    \
+        /*.RegDataType    = */ REG_DWORD,                        \
         /*.dwMin          = */ 0,                                \
-        /*.dwMax          = */ 0,                                \
-        /*.dwDefault      = */ 0,                                \
+        /*.dwMax          = */ 99999,                            \
+        /*.dwDefault      = */ 38900,                            \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAPS_PORT_STR "\000",    \
+        /*.pszDefault     = */ NULL,                             \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_LDAP_CONNECT_PORTS, \
-        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_MULTISTRING,  \
-        /*.RegDataType    = */ REG_MULTI_SZ,                     \
+        /*.pszName        = */ VMDIR_REG_KEY_LDAPS_PORT,         \
+        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_DWORD,    \
+        /*.RegDataType    = */ REG_DWORD,                        \
         /*.dwMin          = */ 0,                                \
-        /*.dwMax          = */ 0,                                \
-        /*.dwDefault      = */ 0,                                \
+        /*.dwMax          = */ 99999,                            \
+        /*.dwDefault      = */ 63600,                            \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAP_PORT_STR "\000",     \
+        /*.pszDefault     = */ NULL,                             \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_LDAPS_CONNECT_PORTS,\
-        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_MULTISTRING,  \
-        /*.RegDataType    = */ REG_MULTI_SZ,                     \
+        /*.pszName        = */ VMDIR_REG_KEY_HTTP_LISTEN_PORT,   \
+        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_STRING,   \
+        /*.RegDataType    = */ REG_SZ,                           \
         /*.dwMin          = */ 0,                                \
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAPS_PORT_STR "\000",    \
+        /*.pszDefault     = */ DEFAULT_HTTP_PORT_STR,            \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_REST_LISTEN_PORT,   \
+        /*.pszName        = */ VMDIR_REG_KEY_HTTPS_LISTEN_PORT,  \
         /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_STRING,   \
         /*.RegDataType    = */ REG_SZ,                           \
         /*.dwMin          = */ 0,                                \
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_REST_PORT_STR,            \
+        /*.pszDefault     = */ DEFAULT_HTTPS_PORT_STR,           \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
@@ -309,17 +296,6 @@
         /*.pszDefault     = */ NULL,                             \
         /*.pszValue       = */ NULL                              \
     },                                                           \
-    {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_URGENT_REPL_TIMEOUT_MSEC,  \
-        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_DWORD,    \
-        /*.RegDataType    = */ REG_DWORD,                        \
-        /*.dwMin          = */ 0,                                \
-        /*.dwMax          = */ 60000,                            \
-        /*.dwDefault      = */ 10000,                            \
-        /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ NULL,                             \
-        /*.pszValue       = */ NULL                              \
-    },                                                           \
     {                                                            \
         /*.pszName        = */ VMDIR_REG_KEY_PAGED_SEARCH_READ_AHEAD,  \
         /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_BOOLEAN,  \
@@ -348,7 +324,7 @@
         /*.RegDataType    = */ REG_DWORD,                        \
         /*.dwMin          = */ 200,                              \
         /*.dwMax          = */ 90000,                            \
-        /*.dwDefault      = */ 20000,                             \
+        /*.dwDefault      = */ 10000,                            \
         /*.dwValue        = */ 0,                                \
         /*.pszDefault     = */ NULL,                             \
         /*.pszValue       = */ NULL                              \
@@ -359,7 +335,7 @@
         /*.RegDataType    = */ REG_DWORD,                        \
         /*.dwMin          = */ 100,                              \
         /*.dwMax          = */ 30000,                            \
-        /*.dwDefault      = */ 7000,                                \
+        /*.dwDefault      = */ 3000,                             \
         /*.dwValue        = */ 0,                                \
         /*.pszDefault     = */ NULL,                             \
         /*.pszValue       = */ NULL                              \
@@ -370,9 +346,51 @@
         /*.RegDataType    = */ REG_DWORD,                        \
         /*.dwMin          = */ 50,                               \
         /*.dwMax          = */ 10000,                            \
-        /*.dwDefault      = */ 100,                                \
+        /*.dwDefault      = */ 500,                              \
         /*.dwValue        = */ 0,                                \
         /*.pszDefault     = */ NULL,                             \
         /*.pszValue       = */ NULL                              \
     },                                                           \
+    {                                                            \
+        /*.pszName        = */ VMDIR_REG_KEY_CURL_TIMEOUT_SEC,  \
+        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_DWORD,    \
+        /*.RegDataType    = */ REG_DWORD,                        \
+        /*.dwMin          = */ 0,                                \
+        /*.dwMax          = */ 10000,                            \
+        /*.dwDefault      = */ 3,                                \
+        /*.dwValue        = */ 0,                                \
+        /*.pszDefault     = */ NULL,                             \
+        /*.pszValue       = */ NULL                              \
+    },                                                          \
 }
+
+typedef enum
+{
+    METRICS_RPC_OP_GENERATEPASSWORD,
+    METRICS_RPC_OP_CREATEUSER,
+    METRICS_RPC_OP_CREATEUSEREX,
+    METRICS_RPC_OP_SETLOGLEVEL,
+    METRICS_RPC_OP_SETLOGMASK,
+    METRICS_RPC_OP_SETSTATE,
+    METRICS_RPC_OP_SUPERLOGQUERYSERVERDATA,
+    METRICS_RPC_OP_SUPERLOGENABLE,
+    METRICS_RPC_OP_SUPERLOGDISABLE,
+    METRICS_RPC_OP_ISSUPERLOGENABLED,
+    METRICS_RPC_OP_SUPERLOGFLUSH,
+    METRICS_RPC_OP_SUPERLOGSETSIZE,
+    METRICS_RPC_OP_SUPERLOGGETSIZE,
+    METRICS_RPC_OP_SUPERLOGGETENTRIESLDAPOPERATION,
+    METRICS_RPC_OP_OPENDATABASEFILE,
+    METRICS_RPC_OP_READDATABASEFILE,
+    METRICS_RPC_OP_CLOSEDATABASEFILE,
+    METRICS_RPC_OP_SETBACKENDSTATE,
+    METRICS_RPC_OP_GETSTATE,
+    METRICS_RPC_OP_GETLOGLEVEL,
+    METRICS_RPC_OP_GETLOGMASK,
+    METRICS_RPC_OP_SETMODE,
+    METRICS_RPC_OP_GETMODE,
+    METRICS_RPC_OP_RAFTREQUESTVOTE,
+    METRICS_RPC_OP_RAFTAPPENDENTRIES,
+    METRICS_RPC_OP_COUNT
+
+} METRICS_RPC_OPS;
diff --git a/lwraft/server/vmdir/externs.h b/lwraft/server/vmdir/externs.h
index 235addc7f..19f3acb83 100644
--- a/lwraft/server/vmdir/externs.h
+++ b/lwraft/server/vmdir/externs.h
@@ -27,3 +27,4 @@
 
 extern VMDIR_GLOBALS gVmdirGlobals;
 
+extern PVM_METRICS_HISTOGRAM pRpcRequestDuration[];
diff --git a/lwraft/server/vmdir/globals.c b/lwraft/server/vmdir/globals.c
index 8ca023ab4..ff5987de5 100644
--- a/lwraft/server/vmdir/globals.c
+++ b/lwraft/server/vmdir/globals.c
@@ -37,25 +37,20 @@ VMDIR_GLOBALS gVmdirGlobals =
     {
         // NOTE: order of fields MUST stay in sync with struct definition...
         VMDIR_SF_INIT(.pszBootStrapSchemaFile, NULL),
-        VMDIR_SF_INIT(.bPatchSchema, FALSE),
         VMDIR_SF_INIT(.pszBDBHome, NULL),
         VMDIR_SF_INIT(.bAllowInsecureAuth, 0),
         VMDIR_SF_INIT(.bAllowAdminLockout, 0),
         VMDIR_SF_INIT(.bDisableVECSIntegration, 0),
-        VMDIR_SF_INIT(.pdwLdapListenPorts, NULL),
-        VMDIR_SF_INIT(.dwLdapListenPorts, 0),
-        VMDIR_SF_INIT(.pdwLdapsListenPorts, NULL),
-        VMDIR_SF_INIT(.dwLdapsListenPorts, 0),
-        VMDIR_SF_INIT(.pdwLdapConnectPorts, NULL),
-        VMDIR_SF_INIT(.dwLdapConnectPorts, 0),
-        VMDIR_SF_INIT(.pdwLdapsConnectPorts, NULL),
-        VMDIR_SF_INIT(.dwLdapsConnectPorts, 0),
-        VMDIR_SF_INIT(.pszRestListenPort, NULL),
+        VMDIR_SF_INIT(.dwLdapPort, DEFAULT_LDAP_PORT_NUM),
+        VMDIR_SF_INIT(.dwLdapsPort, DEFAULT_LDAPS_PORT_NUM),
+        VMDIR_SF_INIT(.dwProxyCurlTimeout, 0),
+        VMDIR_SF_INIT(.pszHTTPListenPort, NULL),
+        VMDIR_SF_INIT(.pszHTTPSListenPort, NULL),
         VMDIR_SF_INIT(.dwLdapRecvTimeoutSec, 0),
+        VMDIR_SF_INIT(.bIsLDAPPortOpen, FALSE),
         VMDIR_SF_INIT(.mutex, NULL),
         VMDIR_SF_INIT(.vmdirdState, VMDIRD_STATE_UNDEFINED),
         VMDIR_SF_INIT(.pSrvThrInfo, NULL),
-        VMDIR_SF_INIT(.bReplNow, FALSE),
 #if !defined(_WIN32) || defined(HAVE_DCERPC_WIN32)
         VMDIR_SF_INIT(.pRPCServerThread, NULL),
 #endif
@@ -63,7 +58,6 @@ VMDIR_GLOBALS gVmdirGlobals =
         VMDIR_SF_INIT(.hStopServiceEvent, 0),
 #endif
         VMDIR_SF_INIT(.bRegisterTcpEndpoint, TRUE),
-        VMDIR_SF_INIT(.gpVmDirSrvSD, 0),
         VMDIR_SF_INIT(.replAgrsMutex, NULL),
         VMDIR_SF_INIT(.replAgrsCondition, NULL),
         VMDIR_SF_INIT(.replCycleDoneMutex, NULL),
@@ -142,30 +136,6 @@ VMDIR_SERVER_GLOBALS gVmdirServerGlobals =
 
 VMDIR_REPLICATION_AGREEMENT * gVmdirReplAgrs = NULL;
 
-VMDIR_URGENT_REPL gVmdirUrgentRepl =
-    {
-        // NOTE: order of fields MUST stay in sync with struct definition...
-        VMDIR_SF_INIT(.pUrgentReplMutex, NULL),
-        VMDIR_SF_INIT(.bUrgentReplicationPending, FALSE),
-        VMDIR_SF_INIT(.dwUrgentReplResponseCount, 0),
-        VMDIR_SF_INIT(.dwUrgentReplTimeout, 0),
-        VMDIR_SF_INIT(.consensusUSN, 0),
-        VMDIR_SF_INIT(.pUTDVector, NULL),
-        VMDIR_SF_INIT(.pUrgentReplResponseRecvMutex, NULL),
-        VMDIR_SF_INIT(.pUrgentReplResponseRecvCondition, NULL),
-        VMDIR_SF_INIT(.bUrgentReplResponseRecv, FALSE),
-        VMDIR_SF_INIT(.pUrgentReplThreadMutex, NULL),
-        VMDIR_SF_INIT(.pUrgentReplThreadCondition, NULL),
-        VMDIR_SF_INIT(.bUrgentReplThreadPredicate, FALSE),
-        VMDIR_SF_INIT(.pUrgentReplDoneMutex, NULL),
-        VMDIR_SF_INIT(.pUrgentReplDoneCondition, NULL),
-        VMDIR_SF_INIT(.bUrgentReplDone, FALSE),
-        VMDIR_SF_INIT(.pUrgentReplStartMutex, NULL),
-        VMDIR_SF_INIT(.pUrgentReplStartCondition, NULL),
-        VMDIR_SF_INIT(.pUrgentReplPartnerTable, NULL),
-        VMDIR_SF_INIT(.pUrgentReplServerList, NULL)
-    };
-
 VMDIR_TRACK_LAST_LOGIN_TIME gVmdirTrackLastLoginTime =
     {
         // NOTE: order of fields MUST stay in sync with struct definition...
diff --git a/lwraft/server/vmdir/includes.h b/lwraft/server/vmdir/includes.h
index 6184ca438..568a2d7c2 100644
--- a/lwraft/server/vmdir/includes.h
+++ b/lwraft/server/vmdir/includes.h
@@ -70,16 +70,14 @@
 #include <ldaphead.h>
 #include <resthead.h>
 #include <vmevent.h>
+#include <metricscommon.h>
 
 #include "defines.h"
 #include "structs.h"
 
 #include "vmdir_h.h"
-#include "vmdirftp_h.h"
 #include "vmdirdbcp_h.h"
-#include "srp_verifier_h.h"
 #include "vmdirsuperlog_h.h"
-#include "vmdirurgentrepl_h.h"
 #include "vmdirraft_h.h"
 #include "prototypes.h"
 
@@ -145,16 +143,15 @@
 #include <vmdirserver.h>
 #include <ldaphead.h>
 #include <vmevent.h>
+#include <metricscommon.h>
 
 #include "defines.h"
 #include "structs.h"
 
 #include "vmdir_h.h"
-#include "vmdirftp_h.h"
 #include "vmdirdbcp_h.h"
 #include "srp_verifier_h.h"
 #include "vmdirsuperlog_h.h"
-#include "vmdirurgentrepl_h.h"
 #include "prototypes.h"
 
 #include "externs.h"
diff --git a/lwraft/server/vmdir/index.c b/lwraft/server/vmdir/index.c
index 0788ac5e8..a86382c14 100644
--- a/lwraft/server/vmdir/index.c
+++ b/lwraft/server/vmdir/index.c
@@ -16,7 +16,7 @@
 
 DWORD
 VmDirLoadIndex(
-    BOOLEAN bFirstboot
+    VOID
     )
 {
     DWORD   dwError = 0;
@@ -25,13 +25,6 @@ VmDirLoadIndex(
     PVDIR_SCHEMA_AT_DESC*   ppATDescList = NULL;
     PVDIR_INDEX_CFG         pIndexCfg = NULL;
 
-    if (bFirstboot)
-    {
-        // Firstboot should use only the default indices
-        // Nothing to load
-        goto cleanup;
-    }
-
     dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/lwraft/server/vmdir/init.c b/lwraft/server/vmdir/init.c
index 3dca98fec..27981b4df 100644
--- a/lwraft/server/vmdir/init.c
+++ b/lwraft/server/vmdir/init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -23,13 +23,6 @@
     NULL                                    \
 }
 
-#define VDIR_CFG_ORG_ENTRY_INITIALIZER      \
-{                                           \
-    "objectclass",  "vmwDirCfg",            \
-    "cn",           "organization",         \
-    NULL                                    \
-}
-
 #define VDIR_OPEN_FILES_MAX 16384
 
 static
@@ -64,10 +57,6 @@ static
 DWORD
 _VmDirWriteBackInvocationId(VOID);
 
-static
-DWORD
-_VmDirRestoreInstance(VOID);
-
 static
 DWORD
 _VmDirGenerateInvocationId(VOID);
@@ -79,14 +68,8 @@ static
 DWORD
 _VmDirSrvCreatePersistedDSERoot(VOID);
 
-static
-DWORD _VmDirGetHostsInternal(
-    PSTR**  ppServerInfo,
-    size_t* pdwInfoCount
-    );
-
 /*
- * load krb master key into gVmdirKrbGlobals.bervMasterKey
+ * no krb function needed in lwraft, but we use gVmdirKrbGlobals.pszRealm in various places.
  */
 DWORD
 VmDirKrbInit(
@@ -94,83 +77,50 @@ VmDirKrbInit(
     )
 {
     DWORD               dwError = 0;
-    PSTR                pszLocalRealm = NULL;
-    PSTR                pszLocalDomain = NULL;
     VDIR_ENTRY_ARRAY    entryArray = {0};
-    int                 iCnt = 0;
+    PVDIR_ATTRIBUTE     pAttrRootNamingCtx = NULL;
     BOOLEAN             bInLock = FALSE;
 
-    //TODO, use PERSISTED_DSE_ROOT_DN.ATTR_ROOT_DOMAIN_NAMING_CONTEXT instead of "/SUBTREE search?
-    // find domain entries (objectclass=dcobject)
     dwError = VmDirSimpleEqualFilterInternalSearch(
-                    "",
-                    LDAP_SCOPE_SUBTREE,
+                    PERSISTED_DSE_ROOT_DN,
+                    LDAP_SCOPE_BASE,
                     ATTR_OBJECT_CLASS,
-                    OC_DC_OBJECT,
+                    OC_DSE_ROOT,
                     &entryArray);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (iCnt = 0; iCnt < entryArray.iSize; iCnt++)
+    if (entryArray.iSize != 1
+        ||
+        ((pAttrRootNamingCtx = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_ROOT_DOMAIN_NAMING_CONTEXT)) == NULL))
     {
-        PVDIR_ATTRIBUTE pAttrKrbMKey = VmDirFindAttrByName(&(entryArray.pEntry[iCnt]), ATTR_KRB_MASTER_KEY);
-
-        if (pAttrKrbMKey)
-        {
-            VMDIR_LOCK_MUTEX(bInLock, gVmdirKrbGlobals.pmutex);
-
-            // BUGBUG BUGBUG, assume we only have one realm now
-            dwError = VmDirNormalizeDNWrapper( &(entryArray.pEntry[iCnt].dn) );
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirAllocateStringA( entryArray.pEntry[iCnt].dn.bvnorm_val,
-                                            &pszLocalDomain );
-            BAIL_ON_VMDIR_ERROR(dwError);
-            gVmdirKrbGlobals.pszDomainDN = pszLocalDomain;  // gVmdirKrbGlobals takes over pszLocalDomain
-            pszLocalDomain = NULL;
-
-            dwError = VmDirKrbSimpleDNToRealm( &(entryArray.pEntry[iCnt].dn), &pszLocalRealm);
-            BAIL_ON_VMDIR_ERROR(dwError);
-            gVmdirKrbGlobals.pszRealm = pszLocalRealm;   // gVmdirKrbGlobals takes over pszLocalRealm
-            pszLocalRealm = NULL;
-
-            dwError = VmDirBervalContentDup( &(pAttrKrbMKey->vals[0]), &gVmdirKrbGlobals.bervMasterKey);
-            BAIL_ON_VMDIR_ERROR(dwError);
+        goto cleanup; // not promoted yet
+    }
 
-            VmDirConditionSignal(gVmdirKrbGlobals.pcond);   // wake up VmKdcInitKdcServiceThread
-            VMDIR_UNLOCK_MUTEX(bInLock, gVmdirKrbGlobals.pmutex);
+    VMDIR_LOCK_MUTEX(bInLock, gVmdirKrbGlobals.pmutex);
 
-            break;
-        }
-    }
+    dwError = VmDirKrbSimpleDNToRealm( pAttrRootNamingCtx->vals, (PSTR*)(&gVmdirKrbGlobals.pszRealm));
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirKrbInit, REALM (%s)", VDIR_SAFE_STRING(gVmdirKrbGlobals.pszRealm));
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Set realm to (%s)", gVmdirKrbGlobals.pszRealm);
 
 cleanup:
-
     VMDIR_UNLOCK_MUTEX(bInLock, gVmdirKrbGlobals.pmutex);
-
     VmDirFreeEntryArrayContent(&entryArray);
 
     return dwError;
 
 error:
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirKrbInit failed (%d), REALM (%s)",
-                     dwError, VDIR_SAFE_STRING(gVmdirKrbGlobals.pszRealm));
-
-    VMDIR_SAFE_FREE_MEMORY(pszLocalRealm);
-    VMDIR_SAFE_FREE_MEMORY(pszLocalDomain);
-
     goto cleanup;
 }
 
 DWORD
 VmDirInitBackend(
-    PBOOLEAN    pbLegacyDataLoaded
+    VOID
     )
 {
     DWORD   dwError = 0;
     PVDIR_BACKEND_INTERFACE pBE = NULL;
+    PVMDIR_MUTEX    pSchemaModMutex = NULL;
     BOOLEAN bInitializeEntries = FALSE;
 
     dwError = VmDirBackendConfig();
@@ -182,16 +132,24 @@ VmDirInitBackend(
     dwError = pBE->pfnBEInit();
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirIndexLibInit();
+    /*
+     * Attribute indices are configured by attribute type entries.
+     *
+     * Note this implies that all index modification is schema modification.
+     *
+     * Concurrency control can be simplified by sharing mutex
+     * between schema library and index library.
+     */
+    dwError = VmDirSchemaLibInit(&pSchemaModMutex);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSchemaLibInit();
+    dwError = VmDirIndexLibInit(pSchemaModMutex);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLoadSchema(&bInitializeEntries, pbLegacyDataLoaded);
+    dwError = VmDirLoadSchema(&bInitializeEntries);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLoadIndex(bInitializeEntries || *pbLegacyDataLoaded);
+    dwError = VmDirLoadIndex();
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // prepare USNList to guarantee safe USN for replication
@@ -211,7 +169,6 @@ VmDirInitBackend(
 
         dwError = _VmDirSrvCreatePersistedDSERoot();
         BAIL_ON_VMDIR_ERROR(dwError);
-
     }
 
 cleanup:
@@ -280,7 +237,6 @@ VmDirInit(
     )
 {
     DWORD   dwError = 0;
-    BOOLEAN bLegacyDataLoaded = FALSE;
     BOOLEAN bWriteInvocationId = FALSE;
     BOOLEAN bWaitTimeOut = FALSE;
     VMDIR_RUNMODE runMode = VmDirdGetRunMode();
@@ -298,6 +254,9 @@ VmDirInit(
     dwError = VmDirSuperLoggingInit(&gVmdirGlobals.pLogger);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirMetricsInitialize();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 #ifndef _WIN32
     dwError = InitializeResouceLimit();
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -312,9 +271,6 @@ VmDirInit(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = ConstructSDForVmDirServ(&gVmdirGlobals.gpVmDirSrvSD);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirOpensslInit();
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -327,7 +283,7 @@ VmDirInit(
     dwError = VmDirPluginInit();
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirInitBackend(&bLegacyDataLoaded);
+    dwError = VmDirInitBackend();
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // load server globals before any write operations
@@ -344,62 +300,21 @@ VmDirInit(
     dwError = VmDirVmAclInit();
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (!gVmdirGlobals.bPatchSchema && bLegacyDataLoaded)
+    if (runMode == VMDIR_RUNMODE_NORMAL)
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                "Legacy data store is detected. "
-                "Run schema patch (-u option) before running in normal mode" );
-        dwError = ERROR_NO_SCHEMA;
+        dwError = VmDirRpcServerInit();
         BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (gVmdirGlobals.bPatchSchema)
-    {
-        if (IsNullOrEmptyString(gVmdirGlobals.pszBootStrapSchemaFile))
-        {
-            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                    "Schema file must be provided in schema patch mode (-u option)" );
-            dwError = VMDIR_ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (bLegacyDataLoaded)
-        {
-            dwError = VmDirSchemaPatchLegacyViaFile(
-                    gVmdirGlobals.pszBootStrapSchemaFile);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else
-        {
-            dwError = VmDirSchemaPatchViaFile(
-                    gVmdirGlobals.pszBootStrapSchemaFile);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        (VOID)VmDirSetAdministratorPasswordNeverExpires();
-    }
-    else
-    {
-        if ( runMode == VMDIR_RUNMODE_NORMAL )
-        {
-            dwError = VmDirRpcServerInit();
-            BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = VmDirIpcServerInit();
-            BAIL_ON_VMDIR_ERROR (dwError);
+        dwError = VmDirIpcServerInit();
+        BAIL_ON_VMDIR_ERROR (dwError);
 
-            dwError = VmDirReplicationLibInit();
-            BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = VmDirReplicationLibInit();
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-            if (gVmdirGlobals.bTrackLastLoginTime)
-            {
-                dwError = VmDirInitTrackLastLoginThread();
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-        }
-        else if (runMode == VMDIR_RUNMODE_RESTORE)
+        if (gVmdirGlobals.bTrackLastLoginTime)
         {
-            // TBD: What happens if server is started in restore mode even when it has not been promoted?
-            dwError = _VmDirRestoreInstance(); // fix invocationId and up-to-date-vector before starting replicating in.
-            BAIL_ON_VMDIR_ERROR( dwError );
+            dwError = VmDirInitTrackLastLoginThread();
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
@@ -410,22 +325,20 @@ VmDirInit(
     }
 
     //Will not free gVmdirGlobals.pPortListenSyncCounter since it maybe accessed when
-    //  timeout occured (e.g. waiting for promote) though there is a onetime memory leak.
+    //  timeout occurred (e.g. waiting for promote) though there is a one time memory leak.
     dwError = VmDirAllocateSyncCounter( &gVmdirGlobals.pPortListenSyncCounter,
-                                        VmDirGetAllLdapPortsCount(),
+                                        2,      // ldap and ldaps - two ports
                                         SYNC_SIGNAL,
                                         5000);  // wait time 5 seconds
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (!(VmDirdGetRestoreMode() || gVmdirGlobals.bPatchSchema))
+    if (!VmDirdGetRestoreMode())
     {
         dwError = VmDirInitConnAcceptThread();
         BAIL_ON_VMDIR_ERROR(dwError);
 
-#if 0
         dwError = VmDirRESTServerInit();
         BAIL_ON_VMDIR_ERROR(dwError);
-#endif
     }
 
     //Wait only if there is not a vdcprome pending.
@@ -442,8 +355,12 @@ VmDirInit(
 
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Config MaxLdapOpThrs (%d)", gVmdirGlobals.dwMaxFlowCtrlThr );
 
-error:
+cleanup:
     return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s failed (%d)", __FUNCTION__, dwError );
+    goto cleanup;
 }
 
 static
@@ -493,203 +410,6 @@ _VmDirSrvCreatePersistedDSERoot(VOID)
     goto cleanup;
 }
 
-// _VmDirRestoreInstance():
-// 1. Get new invocation ID.
-//    So I can rejoin the federation with a fresh ID.
-// 2. Fix the up-to-date vector and invocation id in the server object and in the DSE root entry.
-// 3. Advance USN to proper value. i.e. My MAX(USN) seen by partners.
-//    So partners will pick up new changes from me.
-// 4. Advance RID sequence number.
-//    So there will be no ObjectSid conflict with entries created after backup.
-
-static
-DWORD
-_VmDirRestoreInstance(VOID)
-{
-    DWORD                   dwError = LDAP_SUCCESS;
-    size_t                  i = 0;
-    VDIR_OPERATION          op = {0};
-    VDIR_BERVALUE           newUtdVector = VDIR_BERVALUE_INIT;
-    USN                     nextUsn = 0;
-    USN                     restoredUsn = 0;
-    DWORD                   dwAdvanceRID = 1;  // as we advance nextUsn once before final nextUsn while loop
-    char                    nextUsnStr[VMDIR_MAX_USN_STR_LEN] = {0};
-    PSTR                    pszLocalErrMsg = NULL;
-    PSTR                    pszDCAccount = NULL;
-    PSTR*                   pServerInfo = NULL;
-    size_t                  dwInfoCount = 0;
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Restore Lotus Instance.");
-
-    dwError = VmDirRegReadDCAccount(&pszDCAccount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirGetHostsInternal(&pServerInfo, &dwInfoCount);
-    if (dwError != 0)
-    {
-        printf("_VmDirRestoreInstance: fail to get hosts from topology: %d\n", dwError );
-    }
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-            "_VmDirRestoreInstance: fail to get hosts from topology: %d", dwError );
-
-    if ( dwInfoCount == 1 )
-    {
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Single node deployment topology, skip restore procedure.");
-        printf("Single node deployment topology, skip restore procedure.\n");
-
-        goto cleanup;
-    }
-
-    /*
-     *  Try those servers one by one until one of the hosts can be reached and be used
-     *  to query up-to-date servers topology, and then follow those servers if they
-     *  are partners of the local host, and get the highest USN.
-     */
-    for (i=0; i<dwInfoCount; i++)
-    {
-        if (VmDirStringCompareA(pServerInfo[i], pszDCAccount, FALSE) == 0)
-        {
-            //Don't try to query self for the uptodate topology.
-            continue;
-        }
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Trying to get topology from host %s ...", pServerInfo[i]);
-        printf("Trying to get topology from host %s ...\n", pServerInfo[i]);
-
-        dwError = VmDirGetUsnFromPartners(pServerInfo[i], &restoredUsn);
-        if (dwError == 0)
-        {
-             VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Got topology from host %s", pServerInfo[i]);
-             printf("Topology obtained from host %s.\n", pServerInfo[i]);
-             break;
-        }
-    }
-    if (dwError !=0 || restoredUsn == 0)
-    {
-        if (restoredUsn == 0 )
-        {
-            dwError = ERROR_NOT_FOUND;
-        }
-        printf("_VmDirRestoreInstance: failed to get restored USN from partners, error code: %d\n.", dwError );
-        BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-            "_VmDirRestoreInstance: cannot get restored USN from partners, error code: %d.", dwError );
-    }
-
-    dwError = VmDirInitStackOperation( &op, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-            "_VmDirRestoreInstance: VmDirInitStackOperation failed with error code: %d.", dwError );
-
-    // Setup target DN
-
-    dwError = VmDirBervalContentDup( &gVmdirServerGlobals.serverObjDN, &op.reqDn );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-            "_VmDirRestoreInstance: BervalContentDup failed with error code: %d.", dwError );
-
-    op.pBEIF = VmDirBackendSelect(op.reqDn.lberbv.bv_val);
-    assert(op.pBEIF);
-
-    dwError = VmDirBervalContentDup( &op.reqDn, &op.request.modifyReq.dn );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: BervalContentDup failed with error code: %d.", dwError );
-
-    // Setup utdVector mod
-
-    // create an entry for the old invocationID in the up-to-date vector
-
-    dwError = op.pBEIF->pfnBEGetNextUSN( op.pBECtx, &nextUsn );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-            "_VmDirRestoreInstance: pfnBEGetNextUSN failed with error code: %d, error message: %s", dwError,
-            VDIR_SAFE_STRING(op.pBECtx->pszBEErrorMsg) );
-
-    //gVmdirServerGlobals.initialNextUSN was set by the first pfnBEGetNextUSN call.
-    //It's value less 1 is the one that has been consumed by the server to be restored.
-    nextUsn = gVmdirServerGlobals.initialNextUSN - 1;
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRestoreInstance: highest USN observed from partners %lu, local USN: %lu",
-                   restoredUsn, nextUsn);
-    printf("Highest USN observed from partners %lu, local USN: %lu\n", restoredUsn, nextUsn);
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Utilize larger of %lu and %lu for new USN", restoredUsn, nextUsn );
-    printf("Utilize larger of %lu and %lu for new USN \n", restoredUsn, nextUsn );
-
-    dwError = VmDirStringNPrintFA( nextUsnStr, sizeof(nextUsnStr), sizeof(nextUsnStr) - 1, "%ld", nextUsn);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: VmDirStringNPrintFA failed with error code: %d", dwError,
-                VDIR_SAFE_STRING(op.pBECtx->pszBEErrorMsg) );
-
-    // <existing up-to-date vector>,<old invocation ID>:<local USN>,
-    dwError = VmDirAllocateStringAVsnprintf( &(newUtdVector.lberbv.bv_val), "%s%s:%s,",
-                                            gVmdirServerGlobals.utdVector.lberbv.bv_val,
-                                            gVmdirServerGlobals.invocationId.lberbv.bv_val,
-                                            nextUsnStr);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: VmDirAllocateStringAVsnprintf failed with error code: %d", dwError,
-                VDIR_SAFE_STRING(op.pBECtx->pszBEErrorMsg) );
-
-    newUtdVector.bOwnBvVal = TRUE;
-
-    newUtdVector.lberbv.bv_len = VmDirStringLenA(newUtdVector.lberbv.bv_val);
-
-    dwError = VmDirBervalContentDup( &newUtdVector, &(gVmdirServerGlobals.utdVector) );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: BervalContentDup failed with error code: %d.", dwError );
-
-    dwError = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_UP_TO_DATE_VECTOR, ATTR_UP_TO_DATE_VECTOR_LEN,
-                              gVmdirServerGlobals.utdVector.lberbv.bv_val, gVmdirServerGlobals.utdVector.lberbv.bv_len );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: VmDirAppendAMod failed with error code: %d.", dwError );
-
-    // Setup invocationId mod
-
-    dwError = _VmDirGenerateInvocationId();
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: _VmDirGenerateInvocationId failed with error code: %d.", dwError );
-
-    dwError = VmDirAppendAMod( &op, MOD_OP_REPLACE, ATTR_INVOCATION_ID, ATTR_INVOCATION_ID_LEN,
-                       gVmdirServerGlobals.invocationId.lberbv.bv_val, gVmdirServerGlobals.invocationId.lberbv.bv_len );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                "_VmDirRestoreInstance: VmDirAppendAMod failed with error code: %d.", dwError );
-
-    dwError = VmDirInternalModifyEntry( &op );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg, "_VmDirRestoreInstance: InternalModifyEntry failed. DN: %s, "
-              "Error code: %d, Error string: %s", op.reqDn.lberbv.bv_val, dwError,
-              VDIR_SAFE_STRING( op.ldapResult.pszErrMsg ) );
-
-    printf("Setup new invocationId [%s]\n", gVmdirServerGlobals.invocationId.lberbv.bv_val);
-
-    // Advance the USN to the upToDateUsn passed in, which should be the maximum USN that has been seen by peer nodes.
-    // This will avoid the situation where some new entries will be skipped in replication to peer nodes.
-    // See Bug 1272548 for details.
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Advancing USN if neccessary, current: %d, goal to restore to: %d",
-                    nextUsn, restoredUsn );
-    while ( nextUsn < restoredUsn )
-    {
-        dwAdvanceRID++;
-
-        dwError = op.pBEIF->pfnBEGetNextUSN( op.pBECtx, &nextUsn );
-        BAIL_ON_VMDIR_ERROR( dwError );
-    }
-
-    // Advance RID for all realms, USN advance (all writes) should >= RID advance (new entries).
-    dwError = VmDirAdvanceDomainRID( dwAdvanceRID );
-    BAIL_ON_VMDIR_ERROR(dwError);
-    printf("Domain RID advanced count=%u\n", dwAdvanceRID);
-
-    printf("Lotus instance restore succeeded.\n");
-
-cleanup:
-    VmDirFreeBervalContent(&newUtdVector);
-    VmDirFreeOperationContent(&op);
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, VDIR_SAFE_STRING(pszLocalErrMsg) );
-    printf("Lotus instance restore failed, error (%s)(%u)\n", VDIR_SAFE_STRING(pszLocalErrMsg), dwError );
-    goto cleanup;
-}
-
 static
 DWORD
 InitializeServerStatusGlobals(
@@ -725,7 +445,7 @@ InitializeVmdirdSystemEntries(
     iError = VmDirSchemaCtxAcquire(&pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(iError);
 
-    iError = InitializeSchemaEntries(pSchemaCtx);
+    iError = VmDirSchemaInitializeSubtree(pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(iError);
 
     iError = InitializeCFGEntries(pSchemaCtx);
@@ -1130,7 +850,6 @@ LoadServerGlobals(BOOLEAN *pbWriteInvocationId)
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Domain Functional Level (%d)",
                     gVmdirServerGlobals.dwDomainFunctionalLevel);
 
-
 cleanup:
 
     VMDIR_SECURE_FREE_STRINGA(pszDcAccountPwd);
@@ -1197,7 +916,6 @@ InitializeCFGEntries(
 {
     DWORD   dwError = 0;
     static PSTR ppszCFG_ROOT[] = VDIR_CFG_ROOT_ENTRY_INITIALIZER;
-    static PSTR ppszCFG_ORG[] = VDIR_CFG_ORG_ENTRY_INITIALIZER;
 
     dwError = VmDirSimpleEntryCreate(
             pSchemaCtx,
@@ -1206,13 +924,6 @@ InitializeCFGEntries(
             CFG_ROOT_ENTRY_ID);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSimpleEntryCreate(
-            pSchemaCtx,
-            ppszCFG_ORG,
-            CFG_INDEX_ORGANIZATION_DN,
-            CFG_ORGANIZATION_ENTRY_ID);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
 cleanup:
     return dwError;
 
@@ -1304,9 +1015,6 @@ InitializeGlobalVars(
     dwError = VmDirAllocateMutex(&gVmdirGlobals.replAgrsMutex);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateMutex(&gVmdirUrgentRepl.pUrgentReplMutex);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirAllocateCondition(&gVmdirGlobals.replAgrsCondition);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -1322,30 +1030,6 @@ InitializeGlobalVars(
     dwError = VmDirAllocateCondition(&gVmdirKrbGlobals.pcond);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateCondition(&gVmdirUrgentRepl.pUrgentReplResponseRecvCondition);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMutex(&gVmdirUrgentRepl.pUrgentReplResponseRecvMutex);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateCondition(&gVmdirUrgentRepl.pUrgentReplThreadCondition);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMutex(&gVmdirUrgentRepl.pUrgentReplThreadMutex);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMutex(&gVmdirUrgentRepl.pUrgentReplDoneMutex);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateCondition(&gVmdirUrgentRepl.pUrgentReplDoneCondition);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMutex(&gVmdirUrgentRepl.pUrgentReplStartMutex);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateCondition(&gVmdirUrgentRepl.pUrgentReplStartCondition);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     // LDAP operation threads shutdown synchronization, shutdown continue
     // when count == 0 (i.e. all op thrs are done)
     dwError = VmDirAllocateSyncCounter( &gVmdirGlobals.pOperationThrSyncCounter,
@@ -1388,55 +1072,61 @@ InitializeGlobalVars(
  * Lookup servers topology internally first. Then one of the servers
  * will be used to query uptoupdate servers topology
  */
-static
-DWORD _VmDirGetHostsInternal(
-    PSTR**  ppServerInfo,
+DWORD
+VmDirGetHostsInternal(
+    PSTR**  pppszServerInfo,
     size_t* pdwInfoCount
     )
 {
-    DWORD               dwError = 0;
-    DWORD               i = 0;
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    PSTR    pszSearchBaseDN = NULL;
     VDIR_ENTRY_ARRAY    entryArray = {0};
-    PSTR                pszSearchBaseDN = NULL;
     PVDIR_ATTRIBUTE     pAttr = NULL;
-    PSTR*  pServerInfo = NULL;
+    PSTR*   ppszServerInfo = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(
-                &pszSearchBaseDN,
-                "cn=Sites,cn=Configuration,%s",
-                gVmdirServerGlobals.systemDomainDN.bvnorm_val
-                );
+    dwError = VmDirAllocateStringPrintf(
+            &pszSearchBaseDN,
+            "cn=Sites,cn=Configuration,%s",
+            gVmdirServerGlobals.systemDomainDN.bvnorm_val);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSimpleEqualFilterInternalSearch(
-                    pszSearchBaseDN,
-                    LDAP_SCOPE_SUBTREE,
-                    ATTR_OBJECT_CLASS,
-                    OC_DIR_SERVER,
-                    &entryArray);
+            pszSearchBaseDN,
+            LDAP_SCOPE_SUBTREE,
+            ATTR_OBJECT_CLASS,
+            OC_DIR_SERVER,
+            &entryArray);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (entryArray.iSize == 0 )
+    if (entryArray.iSize == 0)
     {
         dwError = LDAP_NO_SUCH_OBJECT;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateMemory( entryArray.iSize*sizeof(PSTR), (PVOID*)&pServerInfo);
+    dwError = VmDirAllocateMemory(
+            sizeof(PSTR) * (entryArray.iSize+1),
+            (PVOID*)&ppszServerInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     for (i=0; i<entryArray.iSize; i++)
     {
-         pAttr =  VmDirEntryFindAttribute(ATTR_CN, entryArray.pEntry+i);
-         dwError = VmDirAllocateStringA( pAttr->vals[0].lberbv.bv_val, &pServerInfo[i]);
+         pAttr = VmDirEntryFindAttribute(ATTR_CN, entryArray.pEntry+i);
+         dwError = VmDirAllocateStringA(pAttr->vals[0].lberbv.bv_val, &ppszServerInfo[i]);
          BAIL_ON_VMDIR_ERROR(dwError);
     }
-    *ppServerInfo = pServerInfo;
+
+    *pppszServerInfo = ppszServerInfo;
     *pdwInfoCount = entryArray.iSize;
 
 cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszSearchBaseDN);
     VmDirFreeEntryArrayContent(&entryArray);
     return dwError;
+
 error:
+    VmDirFreeStrArray(ppszServerInfo);
     goto cleanup;
 }
 
diff --git a/lwraft/server/vmdir/instance.c b/lwraft/server/vmdir/instance.c
index b279f165d..acb396834 100644
--- a/lwraft/server/vmdir/instance.c
+++ b/lwraft/server/vmdir/instance.c
@@ -16,36 +16,6 @@
 
 #include "includes.h"
 
-static
-DWORD
-VmDirSrvSetupDomainInstance(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    BOOLEAN          bSetupHost,
-    BOOLEAN          bFirstNodeBootstrap,
-    PCSTR            pszFQDomainName,
-    PCSTR            pszDomainDN,
-    PCSTR            pszUsername,
-    PCSTR            pszPassword
-    );
-
-static
-DWORD
-VmDirSrvInitKrb(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszFQDomainName,
-    PCSTR            pszDomainDN,
-    PSTR             *ppszTgtDN,
-    PSTR             *ppszKMDN
-    );
-
-static
-DWORD
-VmDirSrvCreateConfigContainer(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszContainerDN,
-    PCSTR            pszContainerName
-    );
-
 static
 DWORD
 VmDirSrvCreateOUContainer(
@@ -59,11 +29,9 @@ DWORD
 VmDirSrvModifyPersistedDSERoot(
     PVDIR_SCHEMA_CTX pSchemaCtx,
     PSTR             pszRootNamingContextDN,
-    PSTR             pszConfigNamingContextDN,
     PSTR             pszSchemaNamingContextDN,
     PSTR             pszSubSchemaSubEntryDN,
-    PSTR             pszDefaultAdminDN,
-    PSTR             pszSiteName
+    PSTR             pszDefaultAdminDN
     );
 
 static
@@ -89,16 +57,6 @@ VmDirSrvCreateUser(
     PCSTR            pszKrbUPN
     );
 
-static
-DWORD
-VmDirSrvCreateBuiltInUsersGroup(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszGroupName,
-    PCSTR            pszUserDN,
-    PCSTR            pszMemberDN,
-    PSTR             pszBuiltinUsersGroupSid
-    );
-
 static
 DWORD
 VmDirSrvCreateBuiltInAdminGroup(
@@ -114,27 +72,10 @@ DWORD
 _VmDirSrvCreateBuiltInGroup(
     PVDIR_SCHEMA_CTX pSchemaCtx,
     PCSTR            pszGroupName,
+    PCSTR            pszGroupSid,
     PCSTR            pszDN
     );
 
-static
-DWORD
-_VmDirSrvCreateBuiltInCertGroup(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszGroupName,
-    PCSTR            pszDN,
-    PCSTR            pszAdminDN,
-    PCSTR            pszDCGroupDN,
-    PCSTR            pszDCClientGroupDN
-    );
-
-static
-DWORD
-VmDirSrvCreateDefaultPasswdPolicy(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszPolicyDN
-    );
-
 static
 DWORD
 VmDirSrvCreateBuiltinContainer(
@@ -145,99 +86,103 @@ VmDirSrvCreateBuiltinContainer(
 
 VMDIR_FIRST_REPL_CYCLE_MODE   gFirstReplCycleMode;
 
+//
+// Set security descriptor for objects that were created prior to the creation
+// of the various users and groups we need to exist in order to create the
+// security descriptor in the first place.
+//
+DWORD
+_VmDirAclServerObjects(
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousRead,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescNoDelete,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescFullAccess
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirSetRecursiveSecurityDescriptorForDn(
+                RAFT_LOGS_CONTAINER_DN,
+                pSecDescFullAccess);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetSecurityDescriptorForDn(
+                RAFT_PERSIST_STATE_DN,
+                pSecDescNoDelete);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetSecurityDescriptorForDn(
+                RAFT_CONTEXT_DN,
+                pSecDescNoDelete);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetSecurityDescriptorForDn(
+                PERSISTED_DSE_ROOT_DN,
+                pSecDescAnonymousRead);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetRecursiveSecurityDescriptorForDn(
+                SCHEMA_NAMING_CONTEXT_DN,
+                pSecDescAnonymousRead);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetSecurityDescriptorForDn(
+                CFG_ROOT_DN,
+                pSecDescNoDelete);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
 DWORD
 VmDirSrvSetupHostInstance(
     PCSTR   pszFQDomainName,
     PCSTR   pszUsername,
     PCSTR   pszPassword,
-    PCSTR   pszSiteName,
     PCSTR   pszReplURI,
     UINT32  firstReplCycleMode
     )
 {
     DWORD   dwError = 0;
 
-    PCSTR   pszDelObjsContainerName =     "Deleted Objects";
-    PCSTR   pszConfigContainerName =      VMDIR_CONFIGURATION_CONTAINER_NAME;
-    PCSTR   pszCAContainerName =          VMDIR_CA_CONTAINER_NAME;
-    PCSTR   pszSitesContainerName =       VMDIR_SITES_RDN_VAL;
-    PCSTR   pszSiteContainerName =        "Default-First-Site";
     PCSTR   pszDCsContainerName =         VMDIR_DOMAIN_CONTROLLERS_RDN_VAL;
-    PCSTR   pszComputersContainerName =   VMDIR_COMPUTERS_RDN_VAL;
-    PCSTR   pszMSAsContainerName =        VMDIR_MSAS_RDN_VAL;
-
     PSTR    pszDomainDN = NULL;
-    PSTR    pszDelObjsContainerDN = NULL;     // CN=Deleted Objects,<domain DN>
-    PSTR    pszConfigContainerDN = NULL;      // CN=Configuration,<domain DN>
-    PSTR    pszCAContainerDN = NULL;          // CN=Certificate-Authorities,CN=Configuration,<domain DN>
-    PSTR    pszSitesContainerDN = NULL;       // CN=Sites,<configuration DN>
-    PSTR    pszSiteContainerDN = NULL;        // CN=<Site-Name>,<Sites container DN>
-    PSTR    pszReplAgrDN = NULL;              // labeledURI=<ldap://192.165.226.127>,<ReplAgrsContainerDN>
     PSTR    pszDCsContainerDN = NULL;         // OU=Domain Controllers,<domain DN>
-    PSTR    pszComputersContainerDN = NULL;   // OU=Computers,<domain DN>
     PSTR    pszDCAccountDN = NULL;            // CN=<fully qualified host name>,OU=Domain Controllers,<domain DN>
     PSTR    pszDCAccountUPN = NULL;            // <hostname>@<domain name>
-    PSTR    pszComputerAccountDN = NULL;      // CN=<fully qualified host name>,OU=Domain Computers,<domain DN>
-    PSTR    pszMSAsDN = NULL;                 // CN=<Managed Service Accounts>,<domain DN>
     PSTR    pszUpperCaseFQDomainName = NULL;
     PSTR    pszLowerCaseHostName = NULL;
     PSTR    pszDefaultAdminDN = NULL;
-    PSTR    pszSiteDN = NULL;
 
-    PVDIR_SCHEMA_CTX     pSchemaCtx = NULL;
-    char                 pszHostName[VMDIR_MAX_HOSTNAME_LEN];
-    VDIR_BERVALUE        bv = VDIR_BERVALUE_INIT;
+    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
+    char                pszHostName[VMDIR_MAX_HOSTNAME_LEN];
+    VDIR_BERVALUE       bv = VDIR_BERVALUE_INIT;
 
-    BOOLEAN                       bInLock = FALSE;
-    PSTR                          pszUserDN = NULL;
-    PCSTR                         pszUsersContainerName    = "Users";
-    PSTR                          pszUsersContainerDN   = NULL; // CN=Users,<domain DN>
-    PSTR pszPartnerHostName = NULL;
+    BOOLEAN bInLock = FALSE;
+    PCSTR   pszUsersContainerName    = "Users";
+    PSTR    pszPartnerHostName = NULL;
+    VMDIR_SECURITY_DESCRIPTOR SecDescServices = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescAnonymousRead = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescNoDelete = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescFullAccess = {0};
 
     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
                    "Setting up a host instance (%s).",
                    VDIR_SAFE_STRING(pszFQDomainName));
 
-    if (pszSiteName)
-    {
-        pszSiteContainerName = pszSiteName;
-    }
-
     dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Construct important DNs and create the persisted DSE Root entry
 
     // Domain DN
-    dwError = VmDirSrvCreateDomainDN( pszFQDomainName, &pszDomainDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Deleted objects container DN
-    dwError = VmDirSrvCreateDN( pszDelObjsContainerName, pszDomainDN, &pszDelObjsContainerDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Configuration container DN
-    dwError = VmDirSrvCreateDN( pszConfigContainerName, pszDomainDN, &pszConfigContainerDN );
+    dwError = VmDirDomainNameToDN( pszFQDomainName, &pszDomainDN );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Domain Controllers container DN
-    dwError = VmDirAllocateStringAVsnprintf(&pszDCsContainerDN, "%s=%s,%s", ATTR_OU, pszDCsContainerName, pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Domain Computers container DN
-    dwError = VmDirAllocateStringAVsnprintf(&pszComputersContainerDN, "%s=%s,%s", ATTR_OU, pszComputersContainerName, pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Sites container DN
-    dwError = VmDirSrvCreateDN( pszSitesContainerName, pszConfigContainerDN, &pszSitesContainerDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Certificate-Authorities container DN
-    dwError = VmDirSrvCreateDN( pszCAContainerName, pszConfigContainerDN, &pszCAContainerDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Particular site container DN
-    dwError = VmDirSrvCreateDN( pszSiteContainerName, pszSitesContainerDN, &pszSiteContainerDN );
+    dwError = VmDirAllocateStringPrintf(&pszDCsContainerDN, "%s=%s,%s", ATTR_OU, pszDCsContainerName, pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // vdcpromo sets this key.
@@ -258,28 +203,19 @@ VmDirSrvSetupHostInstance(
     dwError = VmDirAllocASCIILowerToUpper( pszFQDomainName, &pszUpperCaseFQDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszDCAccountUPN, "%s@%s", pszLowerCaseHostName, pszUpperCaseFQDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Computer account DN
-    dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszComputersContainerDN, &pszComputerAccountDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Managed Service Accounts container DN
-    dwError = VmDirSrvCreateDN( pszMSAsContainerName, pszDomainDN, &pszMSAsDN );
+    dwError = VmDirAllocateStringPrintf(&pszDCAccountUPN, "%s@%s", pszLowerCaseHostName, pszUpperCaseFQDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Default administrator DN
-    dwError = VmDirAllocateStringAVsnprintf( &pszDefaultAdminDN, "cn=%s,cn=%s,%s",
+    dwError = VmDirAllocateStringPrintf( &pszDefaultAdminDN, "cn=%s,cn=%s,%s",
                                              pszUsername, pszUsersContainerName, pszDomainDN );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (firstReplCycleMode != FIRST_REPL_CYCLE_MODE_USE_COPIED_DB)
     {
         // Modify persisted DSE Root entry
-        dwError = VmDirSrvModifyPersistedDSERoot( pSchemaCtx, pszDomainDN, pszConfigContainerDN, SCHEMA_NAMING_CONTEXT_DN,
-                                                  SUB_SCHEMA_SUB_ENTRY_DN, pszDefaultAdminDN,
-                                                  (PSTR) pszSiteContainerName );
+        dwError = VmDirSrvModifyPersistedDSERoot( pSchemaCtx, pszDomainDN, SCHEMA_NAMING_CONTEXT_DN,
+                                                  SUB_SCHEMA_SUB_ENTRY_DN, pszDefaultAdminDN);
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -320,37 +256,6 @@ VmDirSrvSetupHostInstance(
                 pszDCAccountUPN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Set replInterval and replPageSize
-    gVmdirServerGlobals.replInterval = VmDirStringToIA(VMDIR_DEFAULT_REPL_INTERVAL);
-    gVmdirServerGlobals.replPageSize = VmDirStringToIA(VMDIR_DEFAULT_REPL_PAGE_SIZE);
-
-    // Set utdVector
-    VmDirFreeBervalContent(&bv);
-    bv.lberbv.bv_val = "";
-    bv.lberbv.bv_len = 0;
-    dwError = VmDirBervalContentDup( &bv, &gVmdirServerGlobals.utdVector );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Set delObjsContainerDN
-    VmDirFreeBervalContent(&bv);
-    bv.lberbv.bv_val = pszDelObjsContainerDN;
-    bv.lberbv.bv_len = VmDirStringLenA( bv.lberbv.bv_val );
-    dwError = VmDirBervalContentDup( &bv, &gVmdirServerGlobals.delObjsContainerDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirNormalizeDN(&gVmdirServerGlobals.delObjsContainerDN, pSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringA( pszSiteContainerName, &gVmdirServerGlobals.pszSiteName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Create Administrator DN
-    dwError = VmDirSrvCreateDN( pszUsersContainerName, pszDomainDN, &pszUsersContainerDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateUserDN( pszUsername, pszUsersContainerDN, &pszUserDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     // set DomainControllerGroupDN for first,second+ host setup
     dwError = VmDirAllocateBerValueAVsnprintf(
                 &gVmdirServerGlobals.bvDCGroupDN,
@@ -363,68 +268,34 @@ VmDirSrvSetupHostInstance(
     dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvDCGroupDN), pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // set DCClientGroupDN for first,second+ host setup
-    dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.bvDCClientGroupDN,
-                "cn=%s,cn=%s,%s",
-                VMDIR_DCCLIENT_GROUP_NAME,
-                VMDIR_BUILTIN_CONTAINER_NAME,
-                pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvDCClientGroupDN), pSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // set ServicesRootDN for first,second+ host setup
-    dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.bvServicesRootDN,
-                "cn=%s,%s",
-                VMDIR_SERVICES_CONTAINER_NAME,
-                pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvServicesRootDN), pSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     if (IsNullOrEmptyString(pszReplURI)) // 1st directory instance is being setup
     {
-        dwError = VmDirSrvSetupDomainInstance( pSchemaCtx, TRUE, TRUE, pszFQDomainName, pszDomainDN, pszUsername,
-                                               pszPassword );
+        dwError = VmDirSrvSetupDomainInstance(
+                pSchemaCtx,
+                TRUE,
+                TRUE,
+                pszFQDomainName,
+                pszDomainDN,
+                pszUsername,
+                pszPassword,
+                &SecDescServices,
+                &SecDescAnonymousRead,
+                &SecDescNoDelete,
+                &SecDescFullAccess);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        // Create Deleted Objects container
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszDelObjsContainerDN, pszDelObjsContainerName);
+        // Set default security descriptor for vmwraftlogentry class
+        dwError = VmDirSetDefaultSecurityDescriptorForClass(
+                OC_CLASS_RAFT_LOG_ENTRY, &SecDescFullAccess);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        // Create Domain Controllers container
-        dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszDCsContainerDN, pszDCsContainerName );
+        // Go back and ACL objects that were created early.
+        dwError = _VmDirAclServerObjects(
+                &SecDescAnonymousRead, &SecDescNoDelete, &SecDescFullAccess);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        // Create Computers container
-        dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszComputersContainerDN, pszComputersContainerName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Create Managed Service Accounts container
-
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszMSAsDN, pszMSAsContainerName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Create Configuration container
-        dwError = VmDirSrvCreateConfigContainer( pSchemaCtx, pszConfigContainerDN, pszConfigContainerName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Create Certificate-Authorities container
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszCAContainerDN, pszCAContainerName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Create Sites container
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszSitesContainerDN, pszSitesContainerName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAllocateStringAVsnprintf(&pszSiteDN, "%s=%s,%s", ATTR_CN, gVmdirServerGlobals.pszSiteName, pszSitesContainerDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszSiteDN, gVmdirServerGlobals.pszSiteName );
+        // Create Domain Controllers container
+        dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszDCsContainerDN, pszDCsContainerName );
         BAIL_ON_VMDIR_ERROR(dwError);
 
         //wake up repliation thread so that it can dynamically adding peers
@@ -449,35 +320,20 @@ VmDirSrvSetupHostInstance(
     }
 
 cleanup:
-
-    if (pSchemaCtx)
-    {
-        VmDirSchemaCtxRelease(pSchemaCtx);
-    }
-
+    VmDirSchemaCtxRelease(pSchemaCtx);
     VMDIR_SAFE_FREE_MEMORY(pszPartnerHostName);
     VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
-    VMDIR_SAFE_FREE_MEMORY(pszDelObjsContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszConfigContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszCAContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszSitesContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszSiteContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszReplAgrDN);
     VMDIR_SAFE_FREE_MEMORY(pszDCsContainerDN);
     VMDIR_SAFE_FREE_MEMORY(pszDCAccountDN);
     VMDIR_SAFE_FREE_MEMORY(pszDCAccountUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszComputersContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszComputerAccountDN);
-    VMDIR_SAFE_FREE_MEMORY(pszMSAsDN);
     VMDIR_SAFE_FREE_MEMORY(pszUpperCaseFQDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszUsersContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszUserDN);
     VMDIR_SAFE_FREE_MEMORY(pszDefaultAdminDN);
-    VMDIR_SAFE_FREE_MEMORY(pszSiteDN);
     VMDIR_SAFE_FREE_MEMORY(pszLowerCaseHostName);
-
+    VMDIR_SAFE_FREE_MEMORY(SecDescServices.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescAnonymousRead.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescNoDelete.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescFullAccess.pSecDesc);
     VmDirFreeBervalContent(&bv);
-
     return dwError;
 
 error:
@@ -486,52 +342,101 @@ VmDirSrvSetupHostInstance(
 }
 
 DWORD
-VmDirSrvSetupTenantInstance(
-    PCSTR pszFQDomainName,
-    PCSTR pszUsername,
-    PCSTR pszPassword
+_VmDirAclRootDomainObject(
+    PCSTR pszDn,
+    PCSTR pszUserDn,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
     )
 {
     DWORD dwError = 0;
-    PSTR  pszDomainDN = NULL;
-    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Setting up a tenant instance (%s).",
-			               VDIR_SAFE_STRING(pszFQDomainName));
-
-    dwError = VmDirSrvCreateDomainDN(pszFQDomainName, &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvSetupDomainInstance(
-                    pSchemaCtx,
-                    FALSE,
-                    FALSE,
-                    pszFQDomainName,
-                    pszDomainDN,
-                    pszUsername,
-                    pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
+    PVDIR_ENTRY pEntry = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE pCurrentSecDesc = NULL;
+    ULONG ulLength = 0;
+
+    dwError = VmDirSimpleDNToEntry(pszDn, &pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetSecurityDescriptorForEntry(
+                pEntry,
+                OWNER_SECURITY_INFORMATION |
+                    GROUP_SECURITY_INFORMATION |
+                    DACL_SECURITY_INFORMATION |
+                    SACL_SECURITY_INFORMATION,
+                    &pCurrentSecDesc,
+                    &ulLength);
+    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
+    {
+        dwError = VmDirSetSecurityDescriptorForDn(pszDn, pSecDesc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else if (dwError == ERROR_SUCCESS)
+    {
+        dwError = VmDirAddAceToSecurityDescriptor(pEntry, pCurrentSecDesc, pszUserDn, VMDIR_RIGHT_DS_READ_PROP | VMDIR_RIGHT_DS_DELETE_OBJECT);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pCurrentSecDesc);
+    VmDirFreeEntry(pEntry);
+    return dwError;
+error:
+    goto cleanup;
+}
 
-    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
+//
+// Takes a DN of the form "dc=foo,dc=bar" and the respective admin DN (e.g.,
+// "cn=Administrator,cn=users,dc=foo,dc=bar") and gives that admin user read
+// access to the top-level portion of the domain. So, if "vsphere.local"
+// already exists and someone creates the tenant "secondary.local" we want
+// the secondary.local admin to be able to see "dc=local" in searches. Also,
+// we give the admin user permission to delete the top-level domain object.
+// (they'll only ever be able to do that if all domains in that TLD are gone,
+// so there's no security concern w.r.t. them deleting anything they shouldn't).
+//
+DWORD
+_VmDirAclDomainObjects(
+    PCSTR pszDomainDN,
+    PCSTR pszAdminUserDn, // DN of the admin user for the domain being created.
+    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    )
+{
+    DWORD dwError = 0;
+    int i = 0;
+    int startOfRdnInd = 0;
+    BOOLEAN bAcledRootObject = FALSE; // Have we already ACL'ed the root domain object?
 
-    if (pSchemaCtx)
+    for (i = (int)VmDirStringLenA(pszDomainDN) - 1; i >= 0; --i)
     {
-        VmDirSchemaCtxRelease(pSchemaCtx);
+        if (i == 0 || pszDomainDN[i] == RDN_SEPARATOR_CHAR)
+        {
+            startOfRdnInd = (i == 0) ? 0 : i + 1 /* for , */;
+            if (!bAcledRootObject)
+            {
+                dwError = _VmDirAclRootDomainObject(
+                            pszDomainDN + startOfRdnInd,
+                            pszAdminUserDn,
+                            pSecDesc);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                bAcledRootObject = TRUE;
+            }
+            else
+            {
+                dwError = VmDirSetSecurityDescriptorForDn(pszDomainDN + startOfRdnInd, pSecDesc);
+            }
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
     }
 
+cleanup:
     return dwError;
-
 error:
-    VmDirLog(LDAP_DEBUG_ANY, "VmDirSrvSetupTenantInstance failed. Error(%u)", dwError);
     goto cleanup;
 }
 
-static
 DWORD
 VmDirSrvSetupDomainInstance(
     PVDIR_SCHEMA_CTX pSchemaCtx,
@@ -540,43 +445,37 @@ VmDirSrvSetupDomainInstance(
     PCSTR            pszFQDomainName,
     PCSTR            pszDomainDN,
     PCSTR            pszUsername,
-    PCSTR            pszPassword
+    PCSTR            pszPassword,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescServicesOut,         // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousReadOut,    // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescNoDeleteOut,         // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescFullAccessOut        // OPTIONAL
     )
 {
     DWORD dwError = 0;
 
     PCSTR pszUsersContainerName    = "Users";
     PCSTR pszBuiltInContainerName  = "Builtin";
-    PCSTR pszFSPsContainerName  = FSP_CONTAINER_RDN_ATTR_VALUE;
-    PCSTR pszBuiltInUsersGroupName = "Users";
     PCSTR pszBuiltInAdministratorsGroupName = "Administrators";
 
     PSTR pszUsersContainerDN   = NULL; // CN=Users,<domain DN>
     PSTR pszBuiltInContainerDN = NULL; // CN=BuiltIn,<domain DN>
-    PSTR pszFSPsContainerDN = NULL;     // CN=ForeignSecurityPrincipals,<domain DN>
     PSTR pszUserDN = NULL;
-    PSTR pszBuiltInUsersGroupDN = NULL;
     PSTR pszBuiltInAdministratorsGroupDN = NULL;
-    PSTR pszDefaultPasswdLockoutPolicyDN = NULL;
     PSTR pszDCGroupDN = NULL;
-    PSTR pszDCClientGroupDN = NULL;
-    PSTR pszCertGroupDN = NULL;
     PSTR pszTenantRealmName = NULL;
-    PSTR pszTgtDN = NULL;
-    PSTR pszKMDN = NULL;
-
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel = NULL;
-    ULONG                         ulSecDescRel = 0;
-    SECURITY_INFORMATION          SecInfo = 0;
-
+    VMDIR_SECURITY_DESCRIPTOR SecDescFullAccess = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescNoDelete = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescNoDeleteChild = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescAnonymousRead = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescServices = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescDomain = {0};
     PSTR pszAdminSid = NULL;
-    PSTR pszBuiltInUsersGroupSid = NULL;
     PSTR pszAdminsGroupSid = NULL;
+    PSTR pszDomainAdminsGroupSid = NULL;
+    PSTR pszDomainClientsGroupSid = NULL;
     PSTR pszAdminUserKrbUPN = NULL;
 
-    int i = 0;
-    int startOfRdnInd = 0;
-
     // Create host/tenant domain
 
     dwError = VmDirSrvCreateDomain(pSchemaCtx, bSetupHost, pszDomainDN);
@@ -598,29 +497,16 @@ VmDirSrvSetupDomainInstance(
     dwError = VmDirSrvCreateBuiltinContainer( pSchemaCtx, pszBuiltInContainerDN, pszBuiltInContainerName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Create ForeignSecurityPrincipals container
-
-    dwError = VmDirSrvCreateDN( pszFSPsContainerName, pszDomainDN, &pszFSPsContainerDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateContainer( pSchemaCtx, pszFSPsContainerDN, pszFSPsContainerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     if (bSetupHost)
     {
         // only do this for the very first node startup.
         if (bFirstNodeBootstrap)
         {
-            dwError = VmDirSrvInitKrb(
-                        pSchemaCtx,
-                        pszFQDomainName,
-                        pszDomainDN,
-                        &pszTgtDN,
-                        &pszKMDN);
+            dwError = VmDirKrbInit();
             BAIL_ON_VMDIR_ERROR(dwError);
 
             // prepare administrator krb UPN for the very first node
-            dwError = VmDirAllocateStringAVsnprintf(
+            dwError = VmDirAllocateStringPrintf(
                             &pszAdminUserKrbUPN,
                             "%s@%s",
                             pszUsername,
@@ -634,7 +520,7 @@ VmDirSrvSetupDomainInstance(
         dwError = VmDirKrbRealmNameNormalize(pszFQDomainName, &pszTenantRealmName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirAllocateStringAVsnprintf(
+        dwError = VmDirAllocateStringPrintf(
                         &pszAdminUserKrbUPN,
                         "%s@%s",
                         pszUsername,
@@ -661,37 +547,25 @@ VmDirSrvSetupDomainInstance(
     dwError = VmDirSetAdministratorPasswordNeverExpires();
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Create BuiltInUsers group
+    // Create BuiltInAdministrators group
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszBuiltInUsersGroupDN, "cn=%s,%s", pszBuiltInUsersGroupName,
-                                             pszBuiltInContainerDN);
+    dwError = VmDirAllocateStringPrintf( &pszBuiltInAdministratorsGroupDN, "cn=%s,%s",
+                                             pszBuiltInAdministratorsGroupName, pszBuiltInContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_USERS,
-                                        &pszBuiltInUsersGroupSid);
+                                        VMDIR_DOMAIN_ALIAS_RID_ADMINS,
+                                        &pszAdminsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    //
-    // Create the user group for tenant setup or for first host setup.
-    //
-    if (bSetupHost == FALSE || bFirstNodeBootstrap == TRUE)
-    {
-        dwError = VmDirSrvCreateBuiltInUsersGroup( pSchemaCtx, pszBuiltInUsersGroupName,
-                                                   pszBuiltInUsersGroupDN, pszUserDN,
-                                                   pszBuiltInUsersGroupSid);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    // Create BuiltInAdministrators group
-
-    dwError = VmDirAllocateStringAVsnprintf( &pszBuiltInAdministratorsGroupDN, "cn=%s,%s",
-                                             pszBuiltInAdministratorsGroupName, pszBuiltInContainerDN);
+    dwError = VmDirGenerateWellknownSid(pszDomainDN,
+                                        VMDIR_DOMAIN_ADMINS_RID,
+                                        &pszDomainAdminsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_ADMINS,
-                                        &pszAdminsGroupSid);
+                                        VMDIR_DOMAIN_CLIENTS_RID,
+                                        &pszDomainClientsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     //
@@ -706,13 +580,13 @@ VmDirSrvSetupDomainInstance(
     }
 
     //
-    // Create DCadmins/DCClients/CERTAdmins groups only for the very first
+    // Create DCadmins group only for the very first
     // host setup.
     //
     if ( bSetupHost && bFirstNodeBootstrap )
     {
         // create DCAdmins Group
-        dwError = VmDirAllocateStringAVsnprintf( &pszDCGroupDN,
+        dwError = VmDirAllocateStringPrintf( &pszDCGroupDN,
                                                  "cn=%s,%s",
                                                  VMDIR_DC_GROUP_NAME,
                                                  pszBuiltInContainerDN);
@@ -720,148 +594,185 @@ VmDirSrvSetupDomainInstance(
 
         dwError = _VmDirSrvCreateBuiltInGroup( pSchemaCtx,
                                                VMDIR_DC_GROUP_NAME,
+                                               pszDomainAdminsGroupSid,
                                                pszDCGroupDN);
         BAIL_ON_VMDIR_ERROR(dwError);
-
-        // create DCClients Group
-        dwError = VmDirAllocateStringAVsnprintf( &pszDCClientGroupDN,
-                                                 "cn=%s,%s",
-                                                 VMDIR_DCCLIENT_GROUP_NAME,
-                                                 pszBuiltInContainerDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = _VmDirSrvCreateBuiltInGroup( pSchemaCtx,
-                                               VMDIR_DCCLIENT_GROUP_NAME,
-                                               pszDCClientGroupDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // create CertAdmins Group
-        dwError = VmDirAllocateStringAVsnprintf( &pszCertGroupDN,
-                                                 "cn=%s,%s",
-                                                 VMDIR_CERT_GROUP_NAME,
-                                                 pszBuiltInContainerDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = _VmDirSrvCreateBuiltInCertGroup( pSchemaCtx,
-                                                   VMDIR_CERT_GROUP_NAME,
-                                                   pszCertGroupDN,
-                                                   pszUserDN,           // member: default administrator
-                                                   pszDCGroupDN,        // member: DCAdmins group
-                                                   pszDCClientGroupDN); // member: DCClients group
-        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    // Set up SD for the entries created during instance set up
-    // Default allows administrator VMDIR_ENTRY_ALL_ACCESS,
-    // oneself VMDIR_ENTRY_GENERIC_WRITE
-    dwError = VmDirSrvCreateDefaultSecDescRel( pszUserDN, pszAdminsGroupSid,
-                                               &pSecDescRel, &ulSecDescRel, &SecInfo);
+    //
+    // Create default security descriptor for internally-created entries.
+    //
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT,
+                pszUserDN,
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                FALSE,
+                FALSE,
+                FALSE,
+                FALSE,
+                FALSE,
+                &SecDescFullAccess);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // add the same sd for all the objects created during instance set-up
-
-    // Set SD for the Domain objects
-    for (i = (int) VmDirStringLenA(pszDomainDN) - 1; i >= 0; i-- )
-    {
-        if (i == 0 || pszDomainDN[i] == RDN_SEPARATOR_CHAR)
-        {
-            startOfRdnInd = (i == 0) ? 0 : i + 1 /* for , */;
-            dwError = VmDirSetSecurityDescriptorForDn((PSTR)pszDomainDN + startOfRdnInd, SecInfo, pSecDescRel, ulSecDescRel);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
+    //
+    // Create the default security descriptor for the builtin container, which
+    // doesn't have the DELETE_CHILD permission (as we don't want the builtin
+    // groups to be deletable by default). Note that an admin can still delete
+    // these entries if they adjust the ACL.
+    //
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD,
+                pszUserDN,
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                TRUE,
+                FALSE,
+                FALSE,
+                FALSE,
+                FALSE,
+                &SecDescNoDelete);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSetSecurityDescriptorForDn((PSTR)pszDomainDN, SecInfo, pSecDescRel, ulSecDescRel);
+    //
+    // Create the default security descriptor for the users container, which
+    // doesn't have the DELETE_CHILD permission (as we don't want the administrator
+    // account to be deletable by default) but does inherit the delete-object
+    // permission so that future users can be deleted. Note that an admin can
+    // still delete the administrator account if they adjust the ACL.
+    //
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT,
+                pszUserDN,
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                FALSE,
+                FALSE,
+                FALSE,
+                FALSE,
+                FALSE,
+                &SecDescNoDeleteChild);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD,
+                pszUserDN,
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                FALSE,
+                TRUE,
+                FALSE,
+                FALSE,
+                FALSE,
+                &SecDescAnonymousRead);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS,
+                pszUserDN,
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                FALSE,
+                FALSE,
+                FALSE,
+                TRUE,
+                FALSE,
+                &SecDescServices);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSrvCreateSecurityDescriptor(
+                VMDIR_ENTRY_ALL_ACCESS,
+                pszUserDN,
+                pszAdminsGroupSid,
+                pszDomainAdminsGroupSid,
+                pszDomainClientsGroupSid,
+                TRUE,
+                FALSE,
+                FALSE,
+                FALSE,
+                !bSetupHost,
+                &SecDescDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirAclDomainObjects(pszDomainDN, pszUserDN, &SecDescDomain);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set SD for the administrator object
-
-    dwError = VmDirSetSecurityDescriptorForDn(pszUserDN, SecInfo, pSecDescRel, ulSecDescRel);
+    dwError = VmDirSetSecurityDescriptorForDn(pszUserDN, &SecDescNoDelete);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set SD for Users container
-
-    dwError = VmDirSetSecurityDescriptorForDn(pszUsersContainerDN, SecInfo, pSecDescRel, ulSecDescRel);
+    dwError = VmDirSetSecurityDescriptorForDn(pszUsersContainerDN, &SecDescNoDeleteChild);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set SD for Builtin container
-
-    dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInContainerDN, SecInfo, pSecDescRel, ulSecDescRel);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Set SD for ForeignSecurityPrincipals container
-
-    dwError = VmDirSetSecurityDescriptorForDn(pszFSPsContainerDN, SecInfo, pSecDescRel, ulSecDescRel);
+    dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInContainerDN, &SecDescNoDelete);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (bSetupHost == FALSE || bFirstNodeBootstrap == TRUE)
     {
-        // Set SD for BuiltInUsers group
-
-        dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInUsersGroupDN, SecInfo, pSecDescRel, ulSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
         // Set SD for BuiltInAdministrators group
-
-        dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInAdministratorsGroupDN, SecInfo, pSecDescRel, ulSecDescRel);
+        dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInAdministratorsGroupDN, &SecDescNoDelete);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     if (bSetupHost && bFirstNodeBootstrap)
     {
         // Set SD for BuiltIn DC group
-        dwError = VmDirSetSecurityDescriptorForDn(pszDCGroupDN, SecInfo, pSecDescRel, ulSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Set SD for BuiltIn DCClients group
-        dwError = VmDirSetSecurityDescriptorForDn(pszDCClientGroupDN, SecInfo, pSecDescRel, ulSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Set SD for BuiltIn Cert group
-        dwError = VmDirSetSecurityDescriptorForDn(pszCertGroupDN, SecInfo, pSecDescRel, ulSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // Set SD for kerberos users
-        dwError = VmDirSetSecurityDescriptorForDn(pszTgtDN, SecInfo, pSecDescRel, ulSecDescRel);
+        dwError = VmDirSetSecurityDescriptorForDn(pszDCGroupDN, &SecDescNoDelete);
         BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-        dwError = VmDirSetSecurityDescriptorForDn(pszKMDN, SecInfo, pSecDescRel, ulSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
+    if (pSecDescServicesOut)
+    {
+        *pSecDescServicesOut = SecDescServices;
+        SecDescServices.pSecDesc = NULL;
     }
 
-    // Create default password and lockout policy
-    dwError = VmDirSrvCreateDN(PASSWD_LOCKOUT_POLICY_DEFAULT_CN, pszDomainDN, &pszDefaultPasswdLockoutPolicyDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pSecDescAnonymousReadOut)
+    {
+        *pSecDescAnonymousReadOut = SecDescAnonymousRead;
+        SecDescAnonymousRead.pSecDesc = NULL;
+    }
 
-    dwError = VmDirSrvCreateDefaultPasswdPolicy(pSchemaCtx, pszDefaultPasswdLockoutPolicyDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pSecDescNoDeleteOut)
+    {
+        *pSecDescNoDeleteOut = SecDescNoDelete;
+        SecDescNoDelete.pSecDesc = NULL;
+    }
 
-    // Set SD for Password lockout policy object
-    dwError = VmDirSetSecurityDescriptorForDn(pszDefaultPasswdLockoutPolicyDN, SecInfo, pSecDescRel, ulSecDescRel);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pSecDescFullAccessOut)
+    {
+        *pSecDescFullAccessOut = SecDescFullAccess;
+        SecDescFullAccess.pSecDesc = NULL;
+    }
 
 cleanup:
 
     VMDIR_SAFE_FREE_MEMORY(pszUsersContainerDN);
     VMDIR_SAFE_FREE_MEMORY(pszBuiltInContainerDN);
-    VMDIR_SAFE_FREE_MEMORY(pszFSPsContainerDN);
     VMDIR_SAFE_FREE_MEMORY(pszUserDN);
-    VMDIR_SAFE_FREE_MEMORY(pszBuiltInUsersGroupDN);
     VMDIR_SAFE_FREE_MEMORY(pszBuiltInAdministratorsGroupDN);
-    VMDIR_SAFE_FREE_MEMORY(pszDefaultPasswdLockoutPolicyDN);
     VMDIR_SAFE_FREE_MEMORY(pszDCGroupDN);
-    VMDIR_SAFE_FREE_MEMORY(pszDCClientGroupDN);
-    VMDIR_SAFE_FREE_MEMORY(pszCertGroupDN);
     VMDIR_SAFE_FREE_MEMORY(pszTenantRealmName);
 
-    VMDIR_SAFE_FREE_MEMORY(pSecDescRel);
+    VMDIR_SAFE_FREE_MEMORY(SecDescFullAccess.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescNoDelete.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescNoDeleteChild.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescAnonymousRead.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescServices.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(SecDescDomain.pSecDesc);
 
     VMDIR_SAFE_FREE_MEMORY(pszAdminSid);
-    VMDIR_SAFE_FREE_MEMORY(pszBuiltInUsersGroupSid);
     VMDIR_SAFE_FREE_MEMORY(pszAdminsGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainAdminsGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainClientsGroupSid);
     VMDIR_SAFE_FREE_MEMORY(pszAdminUserKrbUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszTgtDN);
-    VMDIR_SAFE_FREE_MEMORY(pszKMDN);
 
     return dwError;
 
@@ -870,36 +781,6 @@ VmDirSrvSetupDomainInstance(
     goto cleanup;
 }
 
-static
-DWORD
-VmDirSrvCreateConfigContainer(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszContainerDN,
-    PCSTR            pszContainerName
-    )
-{
-    DWORD dwError = 0;
-    PSTR ppszAttributes[] =
-    {
-            ATTR_OBJECT_CLASS,              OC_TOP,
-            ATTR_OBJECT_CLASS,              OC_CONTAINER,
-            ATTR_CN,                        (PSTR)pszContainerName,
-            ATTR_FOREST_FUNCTIONAL_LEVEL,   VDIR_FOREST_FUNCTIONAL_LEVEL,
-            NULL
-    };
-
-    dwError = VmDirSimpleEntryCreate(
-                    pSchemaCtx,
-                    ppszAttributes,
-                    (PSTR)pszContainerDN,
-                    0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
 static
 DWORD
 VmDirSrvCreateOUContainer(
@@ -955,11 +836,9 @@ DWORD
 VmDirSrvModifyPersistedDSERoot(
     PVDIR_SCHEMA_CTX pSchemaCtx,
     PSTR             pszRootNamingContextDN,
-    PSTR             pszConfigNamingContextDN,
     PSTR             pszSchemaNamingContextDN,
     PSTR             pszSubSchemaSubEntryDN,
-    PSTR             pszDefaultAdminDN,
-    PSTR             pszSiteName
+    PSTR             pszDefaultAdminDN
     )
 {
     DWORD dwError = 0;
@@ -967,14 +846,11 @@ VmDirSrvModifyPersistedDSERoot(
     {
             ATTR_ROOT_DOMAIN_NAMING_CONTEXT,    pszRootNamingContextDN,
             ATTR_DEFAULT_NAMING_CONTEXT,        pszRootNamingContextDN,
-            ATTR_CONFIG_NAMING_CONTEXT,         pszConfigNamingContextDN,
             ATTR_SCHEMA_NAMING_CONTEXT,         pszSchemaNamingContextDN,
             ATTR_SUB_SCHEMA_SUB_ENTRY,          pszSubSchemaSubEntryDN,
             ATTR_NAMING_CONTEXTS,               pszRootNamingContextDN,
-            ATTR_NAMING_CONTEXTS,               pszConfigNamingContextDN,
             ATTR_NAMING_CONTEXTS,               pszSchemaNamingContextDN,
             ATTR_DEFAULT_ADMIN_DN,              pszDefaultAdminDN,
-            ATTR_SITE_NAME,                     pszSiteName,
             NULL
     };
 
@@ -1056,7 +932,7 @@ VmDirSrvCreateUserDN(
     DWORD dwError = 0;
     PSTR  pszUserDN = NULL;
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszUserDN,
                     "cn=%s,%s",
                     pszUsername,
@@ -1136,39 +1012,6 @@ VmDirSrvCreateUser(
     goto cleanup;
 }
 
-static
-DWORD
-VmDirSrvCreateBuiltInUsersGroup(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszGroupName,
-    PCSTR            pszUserDN,
-    PCSTR            pszMemberDN,
-    PSTR             pszBuiltinUsersGroupSid
-    )
-{
-    DWORD dwError = 0;
-    PSTR ppszAttributes[] =
-    {
-            ATTR_OBJECT_CLASS,    OC_GROUP,
-            ATTR_CN,              (PSTR)pszGroupName,
-            ATTR_SAM_ACCOUNT_NAME,(PSTR)pszGroupName,
-            ATTR_MEMBER,          (PSTR)pszMemberDN,
-            ATTR_OBJECT_SID,      pszBuiltinUsersGroupSid,
-            NULL
-    };
-
-    dwError = VmDirSimpleEntryCreate(
-                    pSchemaCtx,
-                    ppszAttributes,
-                    (PSTR)pszUserDN,
-                    0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
 static
 DWORD
 VmDirSrvCreateBuiltInAdminGroup(
@@ -1207,15 +1050,17 @@ DWORD
 _VmDirSrvCreateBuiltInGroup(
     PVDIR_SCHEMA_CTX pSchemaCtx,
     PCSTR            pszGroupName,
+    PCSTR            pszGroupSid,
     PCSTR            pszDN
     )
 {
     DWORD dwError = 0;
     PSTR ppszAttributes[] =
     {
-            ATTR_OBJECT_CLASS,    OC_GROUP,
-            ATTR_CN,              (PSTR)pszGroupName,
-            ATTR_SAM_ACCOUNT_NAME,(PSTR)pszGroupName,
+            ATTR_OBJECT_CLASS,     OC_GROUP,
+            ATTR_CN,               (PSTR)pszGroupName,
+            ATTR_SAM_ACCOUNT_NAME, (PSTR)pszGroupName,
+            ATTR_OBJECT_SID,       (PSTR)pszGroupSid,
             NULL
     };
 
@@ -1230,226 +1075,3 @@ _VmDirSrvCreateBuiltInGroup(
 
     return dwError;
 }
-
-static
-DWORD
-_VmDirSrvCreateBuiltInCertGroup(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszGroupName,
-    PCSTR            pszDN,
-    PCSTR            pszAdminDN,
-    PCSTR            pszDCGroupDN,
-    PCSTR            pszDCClientGroupDN
-    )
-{
-    DWORD dwError = 0;
-    PSTR ppszAttributes[] =
-    {
-            ATTR_OBJECT_CLASS,    OC_GROUP,
-            ATTR_CN,              (PSTR)pszGroupName,
-            ATTR_SAM_ACCOUNT_NAME,(PSTR)pszGroupName,
-            ATTR_MEMBER,          (PSTR)pszAdminDN,
-            ATTR_MEMBER,          (PSTR)pszDCGroupDN,
-            ATTR_MEMBER,          (PSTR)pszDCClientGroupDN,
-            NULL
-    };
-
-    dwError = VmDirSimpleEntryCreate(
-                    pSchemaCtx,
-                    ppszAttributes,
-                    (PSTR)pszDN,
-                    0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
-static
-DWORD
-VmDirSrvCreateDefaultPasswdPolicy(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR            pszPolicyDN
-    )
-{
-    DWORD dwError = 0;
-
-    PSTR ppszAttributes[] =
-    {
-        ATTR_OBJECT_CLASS,          OC_VMW_POLICY,
-        ATTR_OBJECT_CLASS,          OC_VMW_PASSWORD_POLICY,
-        ATTR_OBJECT_CLASS,          OC_VMW_LOCKOUT_POLICY,
-        ATTR_CN,                    PASSWD_LOCKOUT_POLICY_DEFAULT_CN,
-        ATTR_ENABLED,               VDIR_LDAP_BOOLEN_SYNTAX_TRUE_STR,
-        ATTR_PASS_RECYCLE_CNT,          "5",
-        ATTR_PASS_EXP_IN_DAY,           "90",
-        ATTR_PASS_MAX_SIZE,             "20",
-        ATTR_PASS_MIN_SIZE,             "8",
-        ATTR_PASS_MIN_ALPHA_CHAR,       "2",
-        ATTR_PASS_MIN_UPPER_CHAR,       "1",
-        ATTR_PASS_MIN_LOWER_CHAR,       "1",
-        ATTR_PASS_MIN_MUN_CHAR,         "1",
-        ATTR_PASS_MIN_SP_CHAR,          "1",
-        ATTR_PASS_MAX_SAME_ADJ_CHAR,    "3",
-        ATTR_PASS_MAX_FAIL_ATTEMPT,     "5",
-        ATTR_PASS_FAIL_ATTEMPT_SEC,     "180",
-        ATTR_PASS_AUTO_UNLOCK_SEC,      "300",
-        NULL
-    };
-
-    dwError = VmDirSimpleEntryCreate(
-                    pSchemaCtx,
-                    ppszAttributes,
-                    (PSTR)pszPolicyDN,
-                    0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
-static
-DWORD
-VmDirSrvInitKrb(
-    PVDIR_SCHEMA_CTX pSchemaCtx,
-    PCSTR pszFQDomainName,
-    PCSTR pszDomainDN,
-    PSTR *ppszTgtDN,
-    PSTR *ppszKMDN
-    )
-{
-    DWORD       dwError = 0;
-    PSTR        pszRealmName = NULL;
-    PBYTE       pMasterKey = NULL;
-    DWORD       dwMasterKeyLen = 0;
-    PBYTE       pEncMasterKey = NULL;
-    DWORD       dwEncMasterKeyLen = 0;
-    PSTR        pszTgtUPN = NULL;
-    PSTR        pszTgtCN = NULL;
-    PSTR        pszTgtDN = NULL;
-    PSTR        pszTgtPasswd = NULL;
-    PSTR        pszKMUPN = NULL;
-    PSTR        pszKMPasswd = NULL;
-    PSTR        pszKMDN = NULL;
-    VDIR_BERVALUE   bervMKey = VDIR_BERVALUE_INIT;
-    VDIR_BERVALUE   bervEncMKey = VDIR_BERVALUE_INIT;
-
-    assert (pSchemaCtx && pszFQDomainName && pszDomainDN );
-
-    dwError = VmDirKrbRealmNameNormalize(pszFQDomainName, &pszRealmName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // create krb master key
-    dwError = VmKdcGenerateMasterKey(
-                    &pMasterKey,
-                    &dwMasterKeyLen,
-                    &pEncMasterKey,
-                    &dwEncMasterKeyLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    bervMKey.lberbv.bv_val = pMasterKey;
-    bervMKey.lberbv.bv_len = dwMasterKeyLen;
-    bervEncMKey.lberbv.bv_val = pEncMasterKey;
-    bervEncMKey.lberbv.bv_len = dwEncMasterKeyLen;
-
-    // add krb master key to domain entry
-    dwError = VmDirInternalEntryAttributeReplace(
-                    pSchemaCtx,
-                    pszDomainDN,
-                    ATTR_KRB_MASTER_KEY,
-                    &bervMKey);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // init gVmdirKrbGlobals (to cache krbMKey), which is needed in VmDirCreateAccount below.
-    dwError = VmDirKrbInit();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                    &pszTgtUPN,
-                    "krbtgt/%s@%s",
-                    pszRealmName,
-                    pszRealmName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                    &pszTgtCN,
-                    "krbtgt/%s",
-                    pszRealmName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmKdcGenerateRandomPassword(
-                    VMDIR_KDC_RANDOM_PWD_LEN,
-                    &pszTgtPasswd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirUPNToAccountDN(pszTgtUPN, ATTR_CN, pszTgtCN, &pszTgtDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // create krbtgt principal
-    dwError = VmDirCreateAccount(
-                    pszTgtUPN,
-                    pszTgtCN,
-                    pszTgtPasswd,
-                    pszTgtDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                    &pszKMUPN,
-                    "K/M@%s",
-                    pszRealmName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmKdcGenerateRandomPassword(
-                    VMDIR_KDC_RANDOM_PWD_LEN,
-                    &pszKMPasswd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirUPNToAccountDN(
-                    pszKMUPN,
-                    "cn",
-                    "K/M",
-                    &pszKMDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // create K/M principal
-    dwError = VmDirCreateAccount(
-                    pszKMUPN,
-                    "K/M",           // TODO, cn=k/M for now
-                    pszKMPasswd,
-                    pszKMDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // K/M principal need special ATTR_KRB_PRINCIPAL - encoded master key/pEncMasterKey
-    dwError = VmDirInternalEntryAttributeReplace(
-                    pSchemaCtx,
-                    pszKMDN,
-                    ATTR_KRB_PRINCIPAL_KEY,
-                    &bervEncMKey);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppszTgtDN = pszTgtDN;
-    pszTgtDN = NULL;
-
-    *ppszKMDN = pszKMDN;
-    pszKMDN = NULL;
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pMasterKey);
-    VMDIR_SAFE_FREE_MEMORY(pEncMasterKey);
-    VMDIR_SAFE_FREE_MEMORY(pszTgtUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszTgtCN);
-    VMDIR_SAFE_FREE_MEMORY(pszTgtPasswd);
-    VMDIR_SAFE_FREE_MEMORY(pszKMUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszKMPasswd);
-    VMDIR_SAFE_FREE_MEMORY(pszRealmName);
-    VMDIR_SAFE_FREE_MEMORY(pszKMDN);
-    VMDIR_SAFE_FREE_MEMORY(pszTgtDN);
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
diff --git a/lwraft/server/vmdir/ipcapihandler.c b/lwraft/server/vmdir/ipcapihandler.c
index 1ffa6811f..fadf68bd9 100644
--- a/lwraft/server/vmdir/ipcapihandler.c
+++ b/lwraft/server/vmdir/ipcapihandler.c
@@ -29,7 +29,8 @@ VmDirLocalAPIHandler(
     PBYTE pResponse = NULL;
     DWORD dwResponseSize = 0;
 
-    if (dwRequestSize < sizeof (UINT32)){
+    if (dwRequestSize < sizeof(UINT32))
+    {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR (dwError);
     }
@@ -77,6 +78,17 @@ VmDirLocalAPIHandler(
                         );
         break;
 
+      case VMDIR_IPC_GET_SRP_SECRET:
+
+        dwError = VmDirIpcGetSRPSecret(
+                        pSecurityContext,
+                        pRequest,
+                        dwRequestSize,
+                        &pResponse,
+                        &dwResponseSize
+                        );
+        break;
+
       case VMDIR_IPC_SET_SRP_SECRET:
 
         dwError = VmDirIpcSetSRPSecret(
@@ -100,14 +112,14 @@ VmDirLocalAPIHandler(
         break;
 
       case VMDIR_IPC_GET_SERVER_STATE:
-	dwError = VmDirIpcGetServerState(
+        dwError = VmDirIpcGetServerState(
                         pSecurityContext,
                         pRequest,
                         dwRequestSize,
                         &pResponse,
                         &dwResponseSize
                         );
-	break;
+        break;
 
       default:
 
diff --git a/lwraft/server/vmdir/ipclocalapi.c b/lwraft/server/vmdir/ipclocalapi.c
index 10a0a9f36..5026f9b7e 100644
--- a/lwraft/server/vmdir/ipclocalapi.c
+++ b/lwraft/server/vmdir/ipclocalapi.c
@@ -76,8 +76,8 @@ VmDirIpcInitializeHost(
     // Unmarshall the request buffer to the format
     // that the API actually has
     //
-    noOfArgsIn = sizeof (input_spec) / sizeof (VMW_TYPE_SPEC);
-    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsIn = VMDIR_ARRAY_SIZE(input_spec);
+    noOfArgsOut = VMDIR_ARRAY_SIZE(output_spec);
     dwError = VmDirUnMarshal (
                     apiType,
                     VER1_INPUT,
@@ -176,8 +176,8 @@ VmDirIpcInitializeTenant(
     // Unmarshall the request buffer to the format
     // that the API actually has
     //
-    noOfArgsIn = sizeof (input_spec) / sizeof (VMW_TYPE_SPEC);
-    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsIn = VMDIR_ARRAY_SIZE(input_spec);
+    noOfArgsOut = VMDIR_ARRAY_SIZE(output_spec);
     dwError = VmDirUnMarshal (
                     apiType,
                     VER1_INPUT,
@@ -271,8 +271,8 @@ VmDirIpcForceResetPassword(
     // Unmarshall the request buffer to the format
     // that the API actually has
     //
-    noOfArgsIn = sizeof (input_spec) / sizeof (VMW_TYPE_SPEC);
-    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsIn = VMDIR_ARRAY_SIZE(input_spec);
+    noOfArgsOut = VMDIR_ARRAY_SIZE(output_spec);
     dwError = VmDirUnMarshal (
                     apiType,
                     VER1_INPUT,
@@ -306,7 +306,7 @@ VmDirIpcForceResetPassword(
 
     output_spec[0].data.pUint32 = &uResult;
     output_spec[1].data.pUint32 = &dwContainerLength;
-    output_spec[2].data.pByte = (PBYTE) pContainerBlob;
+    output_spec[2].data.pByte = pContainerBlob;
 
     dwError = VmDirMarshalResponse (
                     apiType,
@@ -379,7 +379,7 @@ VmDirIpcGeneratePassword(
         BAIL_ON_VMDIR_ERROR (dwError);
     }
 
-    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsOut = VMDIR_ARRAY_SIZE(output_spec);
     dwError = VmDirUnMarshal (
                         apiType,
                         VER1_INPUT,
@@ -418,7 +418,7 @@ VmDirIpcGeneratePassword(
 
     output_spec[0].data.pUint32 = &uResult;
     output_spec[1].data.pUint32 = &dwContainerLength;
-    output_spec[2].data.pByte = (PBYTE) pContainerBlob;
+    output_spec[2].data.pByte = pContainerBlob;
 
     dwError = VmDirMarshalResponse (
                     apiType,
@@ -494,8 +494,8 @@ VmDirIpcSetSRPSecret(
     // Unmarshall the request buffer to the format
     // that the API actually has
     //
-    noOfArgsIn = sizeof (input_spec) / sizeof (VMW_TYPE_SPEC);
-    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsIn = VMDIR_ARRAY_SIZE(input_spec);
+    noOfArgsOut = VMDIR_ARRAY_SIZE(output_spec);
     dwError = VmDirUnMarshal (
                     apiType,
                     VER1_INPUT,
@@ -584,7 +584,7 @@ VmDirIpcGetServerState(
     // Unmarshall the request buffer to the format
     // that the API actually has
     //
-    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsOut = VMDIR_ARRAY_SIZE(output_spec);
 
     dwError = VmDirUnMarshal (
                     apiType,
@@ -756,3 +756,167 @@ VmDirMarshalResponse (
 
     goto cleanup;
 }
+
+static
+DWORD
+VmDirSrvGetSRPSecret(
+    PSTR       pszUPN,               // [in] account UPN
+    VMDIR_DATA_CONTAINER* pContainer // [out]
+    )
+{
+    DWORD   dwError = 0;
+    PBYTE   pLocalByte = NULL;
+    DWORD   dwKeySize = 0;
+
+    if (   IsNullOrEmptyString(pszUPN)
+        || !pContainer
+       )
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirSRPGetIdentityData( pszUPN,
+                                       &pLocalByte,
+                                       &dwKeySize);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pContainer->data    = pLocalByte;
+    pContainer->dwCount = dwKeySize;
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    VmDirRpcFreeMemory( pLocalByte );
+
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSrvGetSRPSecret failed (%u)(%s)",
+                                      dwError, VDIR_SAFE_STRING(pszUPN) );
+
+    goto cleanup;
+}
+
+
+
+
+DWORD
+VmDirIpcGetSRPSecret(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    )
+{
+    DWORD dwError = 0;
+    UINT32 uResult = 0;
+    UINT32 apiType = VMDIR_IPC_GET_SRP_SECRET;
+    DWORD noOfArgsIn = 0;
+    DWORD noOfArgsOut = 0;
+    PBYTE pResponse = NULL;
+    DWORD dwResponseSize = 0;
+    PSTR pszUPN = NULL;
+    VMDIR_DATA_CONTAINER dataContainer = {0};
+    DWORD dwContainerLength = 0;
+    PBYTE pContainerBlob = NULL;
+    VMW_TYPE_SPEC input_spec[] = GET_SRP_SECRET_INPUT_PARAMS;
+    VMW_TYPE_SPEC output_spec[] = GET_SRP_SECRET_OUTPUT_PARAMS;
+
+    VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "Entering VmDirIpcGetSRPSecret");
+
+    if (!pSecurityContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR (dwError);
+    }
+
+    if (!VmDirIsRootSecurityContext(pSecurityContext))
+    {
+        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                         "%s: Access Denied",
+                         __FUNCTION__);
+        dwError = ERROR_ACCESS_DENIED;
+        BAIL_ON_VMDIR_ERROR (dwError);
+    }
+
+    //
+    // Unmarshall the request buffer to the format
+    // that the API actually has
+    //
+    noOfArgsIn = sizeof (input_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    dwError = VmDirUnMarshal (
+                    apiType,
+                    VER1_INPUT,
+                    noOfArgsIn,
+                    pRequest,
+                    dwRequestSize,
+                    input_spec);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    pszUPN = input_spec[0].data.pString;
+
+    uResult = VmDirSrvGetSRPSecret(
+                    pszUPN,
+                    &dataContainer);
+
+    dwError = VmDirMarshalContainerLength(
+                              (PVMDIR_IPC_DATA_CONTAINER)&dataContainer,
+                              &dwContainerLength);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    dwError = VmDirAllocateMemory(
+                             dwContainerLength,
+                             (PVOID*)&pContainerBlob);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    dwError = VmDirMarshalContainer(
+                               (PVMDIR_IPC_DATA_CONTAINER)&dataContainer,
+                               dwContainerLength,
+                               pContainerBlob);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    output_spec[0].data.pUint32 = &uResult;
+    output_spec[1].data.pUint32 = &dwContainerLength;
+    output_spec[2].data.pByte = (PBYTE) pContainerBlob;
+
+    dwError = VmDirMarshalResponse (
+                    apiType,
+                    output_spec,
+                    noOfArgsOut,
+                    &pResponse,
+                    &dwResponseSize);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "Exiting VmDirIpcGetSRPSecret");
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(dataContainer.data);
+    VMDIR_SAFE_FREE_MEMORY(pContainerBlob);
+
+    *ppResponse = pResponse;
+    *pdwResponseSize = dwResponseSize;
+
+    VmDirFreeTypeSpecContent (input_spec, noOfArgsIn);
+    return dwError;
+
+error:
+    VmDirHandleError(
+            apiType,
+            dwError,
+            output_spec,
+            noOfArgsOut,
+            &pResponse,
+            &dwResponseSize
+            );
+
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                     "VmDirIpcGetSRPSecret failed (%u)",
+                     dwError);
+
+    dwError = 0;
+    goto cleanup;
+}
diff --git a/lwraft/server/vmdir/krb.c b/lwraft/server/vmdir/krb.c
index 5bd2ef654..3ba2774a7 100644
--- a/lwraft/server/vmdir/krb.c
+++ b/lwraft/server/vmdir/krb.c
@@ -12,8 +12,6 @@
  * under the License.
  */
 
-
-
 #include "includes.h"
 
 DWORD
@@ -55,207 +53,3 @@ VmDirKrbRealmNameNormalize(
     VmDirFreeMemory(pszRealmName);
     goto cleanup;
 }
-
-DWORD
-VmDirGetKrbMasterKey(
-    PSTR        pszFQDN, // [in] FQDN
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-)
-{
-    DWORD       dwError = 0;
-    PBYTE       pRetMasterKey = NULL;
-
-    if (IsNullOrEmptyString(pszFQDN)
-        || !ppKeyBlob
-        || !pSize
-       )
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    // Currently, we only support single krb realm.
-    // Global cache gVmdirKrbGlobals is initialized during startup stage.
-
-    if (VmDirStringCompareA( pszFQDN, VDIR_SAFE_STRING(gVmdirKrbGlobals.pszRealm), FALSE) != 0)
-    {
-        dwError = VMDIR_ERROR_INVALID_REALM;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(
-                    gVmdirKrbGlobals.bervMasterKey.lberbv.bv_len,
-                    (PVOID*)&pRetMasterKey
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCopyMemory (
-                    pRetMasterKey,
-                    gVmdirKrbGlobals.bervMasterKey.lberbv.bv_len,
-                    gVmdirKrbGlobals.bervMasterKey.lberbv.bv_val,
-                    gVmdirKrbGlobals.bervMasterKey.lberbv.bv_len
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppKeyBlob = pRetMasterKey;
-    *pSize     = (DWORD) gVmdirKrbGlobals.bervMasterKey.lberbv.bv_len;
-    pRetMasterKey = NULL;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR( LDAP_DEBUG_RPC, "VmDirGetKrbMasterKey failed. (%u)(%s)",
-                                     dwError, VDIR_SAFE_STRING(pszFQDN));
-    VMDIR_SAFE_FREE_MEMORY(pRetMasterKey);
-
-    goto cleanup;
-
-}
-
-DWORD
-VmDirGetKrbUPNKey(
-    PSTR        pszUpnName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-)
-{
-    DWORD               dwError = 0;
-    PVDIR_ATTRIBUTE     pKrbUPNKey = NULL;
-    PBYTE               pRetUPNKey = NULL;
-    VDIR_ENTRY_ARRAY    entryArray = {0};
-
-    if (IsNullOrEmptyString(pszUpnName)
-        || !ppKeyBlob
-        || !pSize
-       )
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirSimpleEqualFilterInternalSearch(
-                    "",
-                    LDAP_SCOPE_SUBTREE,
-                    ATTR_KRB_UPN,
-                    pszUpnName,
-                    &entryArray);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (entryArray.iSize == 1)
-    {
-        pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY);
-
-        if (!pKrbUPNKey)
-        {
-            dwError = VMDIR_ERROR_NO_SUCH_ATTRIBUTE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        dwError = VmDirAllocateMemory(
-                            pKrbUPNKey->vals[0].lberbv.bv_len,
-                            (PVOID*)&pRetUPNKey
-                            );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirCopyMemory(
-                        pRetUPNKey,
-                        pKrbUPNKey->vals[0].lberbv.bv_len,
-                        pKrbUPNKey->vals[0].lberbv.bv_val,
-                        pKrbUPNKey->vals[0].lberbv.bv_len
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        *ppKeyBlob = pRetUPNKey;
-        *pSize     = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len;
-        pRetUPNKey = NULL;
-    }
-    else
-    {
-        dwError = VMDIR_ERROR_ENTRY_NOT_FOUND;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-cleanup:
-
-    VmDirFreeEntryArrayContent(&entryArray);
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR( LDAP_DEBUG_RPC, "VmDirGetKrbUPNKey failed. (%u)(%s)",
-                                     dwError, VDIR_SAFE_STRING(pszUpnName));
-    VMDIR_SAFE_FREE_MEMORY(pRetUPNKey);
-
-    goto cleanup;
-
-}
-
-DWORD
-VmDirGetKeyTabRecBlob(
-    PSTR      pszUpnName,
-    PBYTE*    ppBlob,
-    DWORD*    pdwBlobLen
-)
-{
-    DWORD                  dwError = 0;
-    PBYTE                  pBlob = NULL;
-    DWORD                  dwBlobLen = 0;
-    PVMDIR_KEYTAB_HANDLE   pKeyTabHandle = NULL;
-    PBYTE                  pUPNKeyByte = NULL;
-    DWORD                  dwUPNKeySize = 0;
-
-    if ( !pszUpnName || !ppBlob || !pdwBlobLen )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR( dwError );
-    }
-
-    dwError = VmDirAllocateMemory(sizeof(VMDIR_KEYTAB_HANDLE),
-                                 (PVOID*)&pKeyTabHandle);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetKrbUPNKey(
-                    pszUpnName,
-                    &pUPNKeyByte,
-                    &dwUPNKeySize);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirKeyTabWriteKeysBlob(
-                      pKeyTabHandle,
-                      pszUpnName,
-                      pUPNKeyByte,
-                      dwUPNKeySize,
-                      gVmdirKrbGlobals.bervMasterKey.lberbv.bv_val,
-                      (DWORD)gVmdirKrbGlobals.bervMasterKey.lberbv.bv_len,
-                      &pBlob,
-                      &dwBlobLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppBlob     = pBlob;
-    *pdwBlobLen = dwBlobLen;
-    pBlob       = NULL;
-
-cleanup:
-
-    if (pKeyTabHandle)
-    {
-        VmDirKeyTabClose(pKeyTabHandle);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY( pUPNKeyByte );
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR( LDAP_DEBUG_RPC, "VmDirGetKeyTabRecBlob failed, (%u)(%s)",
-                                     dwError, VDIR_SAFE_STRING(pszUpnName));
-    VMDIR_SAFE_FREE_MEMORY( pBlob );
-
-    goto cleanup;
-}
diff --git a/lwraft/server/vmdir/main.c b/lwraft/server/vmdir/main.c
index 6067068c4..9858890d4 100644
--- a/lwraft/server/vmdir/main.c
+++ b/lwraft/server/vmdir/main.c
@@ -22,18 +22,19 @@ static
 DWORD
 VmDirNotifyLikewiseServiceManager(
     VOID
-);
+    );
 
 static
 DWORD
 VmDirSetEnvironment(
     VOID
-);
+    );
 
 int
 main(
-   int     argc,
-   char  * argv[])
+    int     argc,
+    char*   argv[]
+    )
 {
     DWORD        dwError = 0;
     const char * logFileName = NULL;
@@ -41,23 +42,23 @@ main(
     const char * pszStateDir = LWRAFT_DB_DIR VMDIR_PATH_SEPARATOR_STR;
     BOOLEAN      bEnableSysLog = FALSE;
     BOOLEAN      bConsoleMode = FALSE;
-    BOOLEAN      bPatchSchema = FALSE;
     int          iLocalLogMask = 0;
     BOOLEAN      bVmDirInit = FALSE;
     BOOLEAN      bWaitTimeOut = FALSE;
 
+    static PCSTR    pszRunMode[] = { VMDIR_RUN_MODE_NORMAL, VMDIR_RUN_MODE_STANDALONE, VMDIR_RUN_MODE_RESTORE };
+
     dwError = VmDirSrvUpdateConfig();
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirParseArgs(
-                    argc,
-                    argv,
-                    &pszBootstrapSchemaFile,
-                    &iLocalLogMask,
-                    &logFileName,
-                    &bEnableSysLog,
-                    &bConsoleMode,
-                    &bPatchSchema);
+            argc,
+            argv,
+            &pszBootstrapSchemaFile,
+            &iLocalLogMask,
+            &logFileName,
+            &bEnableSysLog,
+            &bConsoleMode);
     if(dwError != ERROR_SUCCESS)
     {
         ShowUsage( argv[0] );
@@ -69,16 +70,14 @@ main(
             &gVmdirGlobals.pszBootStrapSchemaFile);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    gVmdirGlobals.bPatchSchema = bPatchSchema;
-
     dwError = VmDirAllocateStringA(pszStateDir, &gVmdirGlobals.pszBDBHome);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLogInitialize( logFileName, bEnableSysLog, "lwraftd", VMDIR_LOG_INFO, iLocalLogMask);
+    dwError = VmDirLogInitialize(logFileName, bEnableSysLog, "postd", VMDIR_LOG_INFO, iLocalLogMask);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirdStateSet(VMDIRD_STATE_STARTUP);
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Lightwave lwraftd: starting...");
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Persistent Objectstore postd: starting...");
 
     VmDirBlockSelectedSignals();
 
@@ -89,29 +88,27 @@ main(
     BAIL_ON_VMDIR_ERROR(dwError);
     bVmDirInit = TRUE;
 
-
-    if ( ! bPatchSchema && VmDirdGetRunMode() != VMDIR_RUNMODE_RESTORE )
+    if (!VmDirdGetRestoreMode())
     {   // Normal server startup route
 
         dwError = VmDirNotifyLikewiseServiceManager();
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        VmDirdStateSet( VMDIRD_STATE_NORMAL );
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Ligthtwave lwraftd: running..., run mode = %s",
-              (VmDirdGetRunMode() == VMDIR_RUNMODE_RESTORE) ? VMDIR_RUN_MODE_RESTORE :
-              ((VmDirdGetRunMode() == VMDIR_RUNMODE_STANDALONE) ? VMDIR_RUN_MODE_STANDALONE : "normal" ) );
+        VmDirdStateSet(VMDIRD_STATE_NORMAL);
+        VMDIR_LOG_INFO(
+                VMDIR_LOG_MASK_ALL,
+                "Persistent Objectstore postd: running..., run mode = %s",
+                pszRunMode[VmDirdGetRunMode()]);
 
         // main thread waits on signals
         dwError = VmDirHandleSignals();
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Ligthtwave lwraftd: exiting..." );
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Persistent Objectstore postd: exiting..." );
 
 cleanup:
-
-
-    if ( bVmDirInit )
+    if (bVmDirInit)
     {
         VmDirdStateSet(VMDIRD_STATE_SHUTDOWN);
         VmDirShutdown(&bWaitTimeOut);
@@ -125,7 +122,6 @@ main(
     }
 
     VmDirLogTerminate();
-
     VmDirSrvFreeConfig();
 
 done:
@@ -137,7 +133,9 @@ main(
 
 static
 DWORD
-VmDirNotifyLikewiseServiceManager()
+VmDirNotifyLikewiseServiceManager(
+    VOID
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PCSTR   pszSmNotify = NULL;
@@ -172,7 +170,6 @@ VmDirNotifyLikewiseServiceManager()
             BAIL_ON_VMDIR_ERROR(dwError);
 #undef BUFFER_SIZE
         }
-
     }
 
 error:
@@ -188,7 +185,7 @@ static
 DWORD
 VmDirSetEnvironment(
     VOID
-)
+    )
 {
     DWORD dwError = 0;
     PSTR pszKrb5Conf = NULL;
@@ -207,15 +204,11 @@ VmDirSetEnvironment(
     }
 
 cleanup:
-
     VMDIR_SAFE_FREE_STRINGA(pszKrb5Conf);
-
     return dwError;
 
 error:
-
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSetEnvironment failed (%u)", dwError);
-
     goto cleanup;
 }
 
diff --git a/lwraft/server/vmdir/metricsinit.c b/lwraft/server/vmdir/metricsinit.c
new file mode 100644
index 000000000..b2049de1a
--- /dev/null
+++ b/lwraft/server/vmdir/metricsinit.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+PVM_METRICS_CONTEXT pmContext = NULL;
+
+PVM_METRICS_HISTOGRAM pRpcRequestDuration[METRICS_RPC_OP_COUNT];
+
+static
+DWORD
+_VmDirRpcMetricsInit(
+    VOID);
+
+DWORD
+VmDirMetricsInitialize(
+    VOID
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = VmMetricsInit(&pmContext);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLdapMetricsInit();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirRpcMetricsInit();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirMetricsInitialize failed (%d)", dwError);
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirRpcMetricsInit(
+    VOID)
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+
+    uint64_t buckets[5] = {1, 10, 100, 500, 1000};
+
+    VM_METRICS_LABEL labelOps[METRICS_RPC_OP_COUNT][1] = {
+        {{"operation", "GeneratePassword"}},
+        {{"operation", "CreateUser"}},
+        {{"operation", "CreateUserEx"}},
+        {{"operation", "SetLogLevel"}},
+        {{"operation", "SetLogMask"}},
+        {{"operation", "SetState"}},
+        {{"operation", "SuperLogQueryServerData"}},
+        {{"operation", "SuperLogEnable"}},
+        {{"operation", "SuperLogDisable"}},
+        {{"operation", "IsSuperLogEnabled"}},
+        {{"operation", "SuperLogFlush"}},
+        {{"operation", "SuperLogSetSize"}},
+        {{"operation", "SuperLogGetSize"}},
+        {{"operation", "SuperLogGetEntriesLdapOperation"}},
+        {{"operation", "OpenDatabaseFile"}},
+        {{"operation", "ReadDatabaseFile"}},
+        {{"operation", "CloseDatabaseFile"}},
+        {{"operation", "SetBackendState"}},
+        {{"operation", "GetState"}},
+        {{"operation", "GetLogLevel"}},
+        {{"operation", "GetLogMask"}},
+        {{"operation", "SetMode"}},
+        {{"operation", "GetMode"}},
+        {{"operation", "RaftRequestVote"}},
+        {{"operation", "RaftAppendEntries"}}
+    };
+
+    for (i=0; i < METRICS_RPC_OP_COUNT; i++)
+    {
+        dwError = VmMetricsHistogramNew(pmContext,
+                                "post_dcerpc_request_duration",
+                                labelOps[i], 1,
+                                "Histogram for DCERPC Request Durations for different operations",
+                                buckets, 5,
+                                &pRpcRequestDuration[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/lwraft/server/vmdir/parseargs.c b/lwraft/server/vmdir/parseargs.c
index a6bcb9a5e..3cbcfd5e6 100644
--- a/lwraft/server/vmdir/parseargs.c
+++ b/lwraft/server/vmdir/parseargs.c
@@ -26,8 +26,7 @@ VmDirParseArgs(
     int*        pLoggingLevel,
     PCSTR*      ppszLogFileName,
     PBOOLEAN    pbEnableSysLog,
-    PBOOLEAN    pbConsoleMode,
-    PBOOLEAN    pbPatchSchema
+    PBOOLEAN    pbConsoleMode
     )
 {
     DWORD dwError = ERROR_SUCCESS;
@@ -74,13 +73,6 @@ VmDirParseArgs(
                 }
                 break;
 
-            case VMDIR_OPTION_PATCH_SCHEMA:
-                if ( pbPatchSchema != NULL )
-                {
-                    *pbPatchSchema = TRUE;
-                }
-                break;
-
             case VMDIR_OPTION_RUN_MODE:
                 if ( VmDirStringCompareA(VMDIR_RUN_MODE_RESTORE, optarg, TRUE ) == 0 )
                 {
@@ -122,8 +114,7 @@ VmDirParseArgs(
     int*        pLoggingLevel,
     PCSTR*      ppszLogFileName,
     PBOOLEAN    pbEnableSysLog,
-    PBOOLEAN    pbConsoleMode,
-    PBOOLEAN    pbPatchSchema
+    PBOOLEAN    pbConsoleMode
     )
 {
     DWORD dwError = ERROR_SUCCESS;
@@ -170,14 +161,6 @@ VmDirParseArgs(
                     *pbConsoleMode = TRUE;
                 }
             }
-            else if ( VmDirStringCompareA(
-                            VMDIR_OPTION_PATCH_SCHEMA, argv[i], TRUE ) == 0 )
-            {
-                if ( pbPatchSchema != NULL )
-                {
-                    *pbPatchSchema = TRUE;
-                }
-            }
             else if ( VmDirStringCompareA(
                             VMDIR_OPTION_RUN_MODE, argv[i], TRUE ) == 0 )
             {
diff --git a/lwraft/server/vmdir/prototypes.h b/lwraft/server/vmdir/prototypes.h
index ae2aeb04e..f935ac9e7 100644
--- a/lwraft/server/vmdir/prototypes.h
+++ b/lwraft/server/vmdir/prototypes.h
@@ -56,11 +56,6 @@ VmDirCreateAccountEx(
 
 // auth.c
 
-ULONG
-ConstructSDForVmDirServ(
-    PSECURITY_DESCRIPTOR_ABSOLUTE * ppSD
-    );
-
 DWORD
 VmDirSrvCreateAccessToken(
     PCSTR pszUPN,
@@ -111,7 +106,7 @@ VmDirFreeMemberships(
 
 DWORD
 VmDirLoadIndex(
-    BOOLEAN bFirstboot
+    VOID
     );
 
 // init.c
@@ -127,25 +122,38 @@ VmDirAllocateBerValueAVsnprintf(
     ...
     );
 
+DWORD
+VmDirGetHostsInternal(
+    PSTR**  pppszServerInfo,
+    size_t* pdwInfoCount
+    );
+
 // instance.c
 
+DWORD
+VmDirSrvSetupDomainInstance(
+    PVDIR_SCHEMA_CTX pSchemaCtx,
+    BOOLEAN          bSetupHost,
+    BOOLEAN          bFirstNodeBootstrap,
+    PCSTR            pszFQDomainName,
+    PCSTR            pszDomainDN,
+    PCSTR            pszUsername,
+    PCSTR            pszPassword,
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescServicesOut,         // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousReadOut,    // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescNoDeleteOut,         // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescFullAccessOut        // OPTIONAL
+    );
+
 DWORD
 VmDirSrvSetupHostInstance(
     PCSTR pszDomainName,
     PCSTR pszUsername,
     PCSTR pszPassword,
-    PCSTR pszSiteName,
     PCSTR pszReplURI,
     UINT32  firstReplicationCycleMode
     );
 
-DWORD
-VmDirSrvSetupTenantInstance(
-    PCSTR pszDomainName,
-    PCSTR pszUsername,
-    PCSTR pszPassword
-    );
-
 // regconfig.c
 
 DWORD
@@ -177,25 +185,14 @@ VmDirRpcAllocateStringW(
 
 DWORD
 VmDirLoadSchema(
-    PBOOLEAN    pbWriteSchemaEntry,
-    PBOOLEAN    pbLegacyDataLoaded
+    PBOOLEAN    pbWriteSchemaEntry
     );
 
 DWORD
-InitializeSchemaEntries(
+VmDirSchemaInitializeSubtree(
     PVDIR_SCHEMA_CTX    pSchemaCtx
     );
 
-DWORD
-VmDirSchemaPatchViaFile(
-    PCSTR       pszSchemaFilePath
-    );
-
-DWORD
-VmDirSchemaPatchLegacyViaFile(
-    PCSTR       pszSchemaFilePath
-    );
-
 /* service.c */
 
 ULONG
@@ -287,13 +284,6 @@ VmDirSrvInitializeHost(
     UINT32   firstReplCycleMode
     );
 
-DWORD
-VmDirSrvInitializeTenant(
-    PWSTR    pwszDomainName,
-    PWSTR    pwszUsername,
-    PWSTR    pwszPassword
-    );
-
 DWORD
 VmDirSrvForceResetPassword(
     PWSTR                   pwszTargetDN,
@@ -341,8 +331,7 @@ VmDirParseArgs(
     int*        pLoggingLevel,
     PCSTR*      ppszLogFileName,
     PBOOLEAN    pbEnableSysLog,
-    PBOOLEAN    pbConsoleMode,
-    PBOOLEAN    pbPatchSchema
+    PBOOLEAN    pbConsoleMode
     );
 
 VOID
@@ -350,29 +339,6 @@ ShowUsage(
     PSTR pName
     );
 
-/* krb.c */
-DWORD
-VmDirGetKrbMasterKey(
-    PSTR        pszDomainName, // [in] FQDN
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    );
-
-DWORD
-VmDirGetKrbUPNKey(
-    PSTR       pszUpnName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    );
-
-
-DWORD
-VmDirGetKeyTabRecBlob(
-    PSTR      pszUpnName,
-    PBYTE*    ppBYTE,
-    DWORD*    pSize
-    );
-
 /* accountmgmt.c */
 DWORD
 VmDirResetPassword(
@@ -483,6 +449,33 @@ VmDirIpcInitializeTenant(
     PDWORD pdwResponseSize
     );
 
+DWORD
+VmDirIpcCreateTenant(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    );
+
+DWORD
+VmDirIpcDeleteTenant(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    );
+
+DWORD
+VmDirIpcEnumerateTenants(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    );
+
 DWORD
 VmDirIpcForceResetPassword(
     PVM_DIR_SECURITY_CONTEXT pSecurityContext,
@@ -530,6 +523,31 @@ VmDirLoadEventLogLibrary(
     PFEVENTLOG_ADD *ppfEventLogAdd
     );
 
+// tenantmgmt.c
+DWORD
+VmDirSrvInitializeTenant(
+    PWSTR    pwszDomainName,
+    PWSTR    pwszUsername,
+    PWSTR    pwszPassword
+    );
+
+DWORD
+VmDirSrvCreateTenant(
+    PCSTR pszDomainName,
+    PCSTR pszUserName,
+    PCSTR pszPassword
+    );
+
+DWORD
+VmDirSrvEnumerateTenants(
+    PVMDIR_STRING_LIST pTenantList
+    );
+
+DWORD
+VmDirSrvDeleteTenant(
+    PCSTR pszDomainName
+    );
+
 // tracklastlogin.c
 
 DWORD
@@ -537,6 +555,16 @@ VmDirInitTrackLastLoginThread(
     VOID
     );
 
+
+DWORD
+VmDirIpcGetSRPSecret(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lwraft/server/vmdir/regconfig.c b/lwraft/server/vmdir/regconfig.c
index 6ae4a79cc..00b295b72 100644
--- a/lwraft/server/vmdir/regconfig.c
+++ b/lwraft/server/vmdir/regconfig.c
@@ -70,14 +70,6 @@ VmDirRegConfigTableFreeContents(
     DWORD dwNumEntries
     );
 
-static
-DWORD
-VmDirRegConfigMultiStringToDwords(
-    PCSTR   pszValues,
-    PDWORD* ppdwValues,
-    DWORD*  pdwValues
-    );
-
 static
 DWORD
 VmDirRegConfigMultiStringToStrList(
@@ -113,7 +105,7 @@ VmDirSrvUpdateConfig(
         {
             gVmdirGlobals.bAllowInsecureAuth = pEntry->dwValue ? TRUE : FALSE;
         }
-        if (!VmDirStringCompareA(
+        else if (!VmDirStringCompareA(
                      pEntry->pszName,
                      VMDIR_REG_KEY_DISABLE_VECS,
                      TRUE))
@@ -122,56 +114,36 @@ VmDirSrvUpdateConfig(
         }
         else if (!VmDirStringCompareA(
                     pEntry->pszName,
-                    VMDIR_REG_KEY_LDAP_LISTEN_PORTS,
-                    TRUE))
-        {
-            dwError = VmDirRegConfigMultiStringToDwords(
-                        pEntry->pszValue,
-                        &gVmdirGlobals.pdwLdapListenPorts,
-                        &gVmdirGlobals.dwLdapListenPorts);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else if (!VmDirStringCompareA(
-                    pEntry->pszName,
-                    VMDIR_REG_KEY_LDAPS_LISTEN_PORTS,
+                    VMDIR_REG_KEY_LDAP_PORT,
                     TRUE))
         {
-            dwError = VmDirRegConfigMultiStringToDwords(
-                        pEntry->pszValue,
-                        &gVmdirGlobals.pdwLdapsListenPorts,
-                        &gVmdirGlobals.dwLdapsListenPorts);
-            BAIL_ON_VMDIR_ERROR(dwError);
+            gVmdirGlobals.dwLdapPort = pEntry->dwValue;
         }
         else if (!VmDirStringCompareA(
                     pEntry->pszName,
-                    VMDIR_REG_KEY_LDAP_CONNECT_PORTS,
+                    VMDIR_REG_KEY_LDAPS_PORT,
                     TRUE))
         {
-            dwError = VmDirRegConfigMultiStringToDwords(
-                        pEntry->pszValue,
-                        &gVmdirGlobals.pdwLdapConnectPorts,
-                        &gVmdirGlobals.dwLdapConnectPorts);
-            BAIL_ON_VMDIR_ERROR(dwError);
+            gVmdirGlobals.dwLdapsPort = pEntry->dwValue;
         }
         else if (!VmDirStringCompareA(
                     pEntry->pszName,
-                    VMDIR_REG_KEY_LDAPS_CONNECT_PORTS,
+                    VMDIR_REG_KEY_HTTP_LISTEN_PORT,
                     TRUE))
         {
-            dwError = VmDirRegConfigMultiStringToDwords(
+            dwError = VmDirAllocateStringA(
                         pEntry->pszValue,
-                        &gVmdirGlobals.pdwLdapsConnectPorts,
-                        &gVmdirGlobals.dwLdapsConnectPorts);
+                        &gVmdirGlobals.pszHTTPListenPort);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else if (!VmDirStringCompareA(
                     pEntry->pszName,
-                    VMDIR_REG_KEY_REST_LISTEN_PORT,
+                    VMDIR_REG_KEY_HTTPS_LISTEN_PORT,
                     TRUE))
         {
             dwError = VmDirAllocateStringA(
                         pEntry->pszValue,
-                        &gVmdirGlobals.pszRestListenPort);
+                        &gVmdirGlobals.pszHTTPSListenPort);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else if (!VmDirStringCompareA(
@@ -237,13 +209,6 @@ VmDirSrvUpdateConfig(
         {
             gVmdirGlobals.bTrackLastLoginTime = pEntry->dwValue ? TRUE : FALSE;
         }
-        else if (!VmDirStringCompareA(
-                    pEntry->pszName,
-                    VMDIR_REG_KEY_URGENT_REPL_TIMEOUT_MSEC,
-                    TRUE))
-        {
-            gVmdirUrgentRepl.dwUrgentReplTimeout = pEntry->dwValue;
-        }
         else if (!VmDirStringCompareA(
                     pEntry->pszName,
                     VMDIR_REG_KEY_PAGED_SEARCH_READ_AHEAD,
@@ -255,29 +220,37 @@ VmDirSrvUpdateConfig(
                     pEntry->pszName,
                     VMDIR_REG_KEY_ENABLE_RAFT_REFERRAL,
                     TRUE))
-       {
-           gVmdirGlobals.dwEnableRaftReferral = pEntry->dwValue;
-       }
-       else if (!VmDirStringCompareA(
+        {
+            gVmdirGlobals.dwEnableRaftReferral = pEntry->dwValue;
+        }
+        else if (!VmDirStringCompareA(
                     pEntry->pszName,
                     VMDIR_REG_KEY_RAFT_PING_INTERVAL,
                     TRUE))
-       {
-           gVmdirGlobals.dwRaftPingIntervalMS = pEntry->dwValue;
-       }
-       else if (!VmDirStringCompareA(
+        {
+            gVmdirGlobals.dwRaftPingIntervalMS = pEntry->dwValue;
+        }
+        else if (!VmDirStringCompareA(
                     pEntry->pszName,
                     VMDIR_REG_KEY_RAFT_ELECTION_TIMEOUT,
                     TRUE))
-       {
-           gVmdirGlobals.dwRaftElectionTimeoutMS = pEntry->dwValue;
-       } else if (!VmDirStringCompareA(
+        {
+            gVmdirGlobals.dwRaftElectionTimeoutMS = pEntry->dwValue;
+        }
+        else if (!VmDirStringCompareA(
                     pEntry->pszName,
                     VMDIR_REG_KEY_RAFT_KEEP_LOGS,
                     TRUE))
-       {
-           gVmdirGlobals.dwRaftKeeplogs = pEntry->dwValue;
-       }
+        {
+            gVmdirGlobals.dwRaftKeeplogs = pEntry->dwValue;
+        }
+        else if(!VmDirStringCompareA(
+                    pEntry->pszName,
+                    VMDIR_REG_KEY_CURL_TIMEOUT_SEC,
+                    TRUE))
+        {
+            gVmdirGlobals.dwProxyCurlTimeout = pEntry->dwValue;
+        }
     }
 
 cleanup:
@@ -298,17 +271,8 @@ VmDirSrvFreeConfig(
     VOID
     )
 {
-    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pdwLdapListenPorts);
-    gVmdirGlobals.dwLdapListenPorts = 0;
-
-    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pdwLdapsListenPorts);
-    gVmdirGlobals.dwLdapsListenPorts = 0;
-
-    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pdwLdapConnectPorts);
-    gVmdirGlobals.dwLdapConnectPorts = 0;
-
-    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pdwLdapsConnectPorts);
-    gVmdirGlobals.dwLdapsConnectPorts = 0;
+    gVmdirGlobals.dwLdapPort = DEFAULT_LDAP_PORT_NUM;
+    gVmdirGlobals.dwLdapsPort = DEFAULT_LDAPS_PORT_NUM;
 }
 
 DWORD
@@ -753,56 +717,6 @@ VmDirRegConfigTableFreeContents(
     }
 }
 
-static
-DWORD
-VmDirRegConfigMultiStringToDwords(
-    PCSTR   pszValues,
-    PDWORD* ppdwValues,
-    DWORD*  pdwValuesLen
-    )
-{
-    DWORD dwError = 0;
-    PDWORD pdwValues = NULL;
-    DWORD dwValuesLen = 0;
-    DWORD dwCount = 0;
-    PCSTR pszIter = NULL;
-
-    if (pszValues)
-    {
-        pszIter = pszValues;
-        while (pszIter != NULL && *pszIter != '\0')
-        {
-            dwValuesLen++;
-
-            pszIter += VmDirStringLenA(pszIter) + 1;
-        }
-
-        /* Allocate space for one even if no space is really needed,
-         * that way we have a valid pointer.
-         */
-        dwError = VmDirAllocateMemory(sizeof(DWORD) * (dwValuesLen == 0 ? 1 : dwValuesLen), (PVOID)&pdwValues);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pszIter = pszValues;
-        while (pszIter != NULL && *pszIter != '\0')
-        {
-            DWORD dwVal = atoi(pszIter);
-            pdwValues[dwCount++] = dwVal;
-            pszIter += VmDirStringLenA(pszIter) + 1;
-        }
-    }
-
-    *ppdwValues = pdwValues;
-    *pdwValuesLen = dwValuesLen;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_MEMORY(pdwValues);
-    goto cleanup;
-}
-
 static
 DWORD
 VmDirRegConfigMultiStringToStrList(
@@ -882,3 +796,80 @@ VmDirGetMaxDbSizeMb(
 error:
     goto cleanup;
 }
+
+DWORD
+VmDirGetMdbWalEnable(
+    BOOLEAN *pbMdbEnableWal
+    )
+{
+    DWORD keyValue = 1;
+    DWORD dwError = 0;
+
+    *pbMdbEnableWal = TRUE;
+
+    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle = NULL;
+
+    dwError = VmDirRegConfigHandleOpen(&pCfgHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRegConfigGetDword(
+                            pCfgHandle,
+                            VMDIR_CONFIG_PARAMETER_PARAMS_KEY_PATH,
+                            VMDIR_REG_KEY_MDB_ENABLE_WAL,
+                            &keyValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pbMdbEnableWal = (keyValue!=0);
+
+cleanup:
+    if (pCfgHandle)
+    {
+        VmDirRegConfigHandleClose(pCfgHandle);
+    }
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirGetMdbChkptInterval(
+    DWORD *pdwMdbChkptInterval
+    )
+{
+    DWORD keyValue = 0;
+    DWORD dwError = 0;
+
+    *pdwMdbChkptInterval = VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_DEFAULT;
+
+    PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle = NULL;
+
+    dwError = VmDirRegConfigHandleOpen(&pCfgHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRegConfigGetDword(
+                            pCfgHandle,
+                            VMDIR_CONFIG_PARAMETER_PARAMS_KEY_PATH,
+                            VMDIR_REG_KEY_MDB_CHKPT_INTERVAL,
+                            &keyValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (keyValue < VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_MIN ||
+        keyValue > VMDIR_REG_KEY_MDB_CHKPT_INTERVAL_MAX)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *pdwMdbChkptInterval = keyValue;
+
+cleanup:
+    if (pCfgHandle)
+    {
+        VmDirRegConfigHandleClose(pCfgHandle);
+    }
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/lwraft/server/vmdir/rpc.c b/lwraft/server/vmdir/rpc.c
index 0b3403439..2ee2a0801 100644
--- a/lwraft/server/vmdir/rpc.c
+++ b/lwraft/server/vmdir/rpc.c
@@ -312,7 +312,10 @@ VmDirRpcEpRegister(
 )
 {
     ULONG ulError = 0;
-
+#if 1
+    /* Do not register with dcerpc; all services use fixed endpoints */
+    return ulError;
+#else
     DCETHREAD_TRY
     {
        rpc_ep_register(
@@ -336,6 +339,7 @@ VmDirRpcEpRegister(
     DCETHREAD_ENDTRY;
 
     return ulError;
+#endif
 }
 
 ULONG
diff --git a/lwraft/server/vmdir/rpcserv.c b/lwraft/server/vmdir/rpcserv.c
index 67ebf1963..27d95de73 100644
--- a/lwraft/server/vmdir/rpcserv.c
+++ b/lwraft/server/vmdir/rpcserv.c
@@ -46,7 +46,7 @@ _VmDirRequestVoteGetReply(
     );
 
 DWORD
-_VmDirAppendEntriesGetReply(
+VmDirAppendEntriesGetReply(
     UINT32 term,
     char *leader,
     unsigned long long preLogIndex,
@@ -55,7 +55,7 @@ _VmDirAppendEntriesGetReply(
     int entrySize,
     char *entries,
     UINT32 *currentTerm,
-    UINT32 *status
+    unsigned long long *status
     );
 
 DWORD
@@ -118,7 +118,6 @@ VmDirSrvInitializeHost(
                     pszDomainName,
                     pszSystemDomainAdminName,
                     pszPassword,
-                    pszSiteName,
                     pszReplURI,
                     firstReplCycleMode );
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -149,62 +148,6 @@ VmDirSrvInitializeHost(
     goto cleanup;
 }
 
-DWORD
-VmDirSrvInitializeTenant(
-    PWSTR    pwszDomainName,
-    PWSTR    pwszUsername,
-    PWSTR    pwszPassword
-    )
-{
-    DWORD dwError = 0;
-    PSTR  pszDomainName = NULL;
-    PSTR  pszUsername = NULL;
-    PSTR  pszPassword = NULL;
-
-    if (IsNullOrEmptyString(pwszDomainName) ||
-        IsNullOrEmptyString(pwszUsername) ||
-        IsNullOrEmptyString(pwszPassword))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringAFromW(pwszDomainName, &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAFromW(pwszUsername, &pszUsername);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAFromW(pwszPassword, &pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvSetupTenantInstance(
-                    pszDomainName,
-                    pszUsername,
-                    pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirSrvInitializeTenant (%u)(%s)(%s)",
-                                       dwError,
-                                       VDIR_SAFE_STRING(pszDomainName),
-                                       VDIR_SAFE_STRING(pszUsername));
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszUsername);
-    VMDIR_SAFE_FREE_MEMORY(pszPassword);
-
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSrvInitializeTenant failed (%u)(%s)(%s)",
-                                      dwError,
-                                      VDIR_SAFE_STRING(pszDomainName),
-                                      VDIR_SAFE_STRING(pszUsername));
-    goto cleanup;
-}
-
 DWORD
 VmDirSrvForceResetPassword(
     PWSTR                   pwszTargetUPN,  // [in] UPN
@@ -304,6 +247,10 @@ Srv_RpcVmDirGeneratePassword(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
     int pwdLen = 0;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     if ( !pContainer)
     {
@@ -346,92 +293,9 @@ Srv_RpcVmDirGeneratePassword(
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
 
-    return dwAPIError;
-
-error:
-
-    VmDirRpcFreeMemory( pContainerBlob );
-    VMDIR_API_ERROR_MAP( dwError, dwAPIError, dwAPIErrorMap);
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcVmDirGeneratePassword failed (%u)(%u)", dwError, dwAPIError);
-
-    goto cleanup;
-
-}
-
-UINT32
-Srv_RpcVmDirGetKeyTabRecBlob(
-    handle_t    hBinding,
-    PWSTR       pwszUPN,                // [in] FQDN
-    VMDIR_DATA_CONTAINER* pContainer    // [out]
-    )
-{
-    DWORD dwError = 0;
-    DWORD dwAPIError = 0;
-    PSTR  pszUPN = NULL;
-    PBYTE pLocalByte = NULL;
-    DWORD dwByteSize = 0;
-    PBYTE pContainerBlob = NULL;
-    DWORD dwAPIErrorMap[] = {  VMDIR_ERROR_INVALID_PARAMETER   //TODO, not complete
-                            };
-    DWORD dwRpcFlags = VMDIR_RPC_FLAG_ALLOW_NCALRPC
-                     | VMDIR_RPC_FLAG_ALLOW_TCPIP
-                     | VMDIR_RPC_FLAG_REQUIRE_AUTH_NCALRPC
-                     | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
-                     | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
-    PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
-
-    if (IsNullOrEmptyString(pwszUPN)
-        || !pContainer )
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAFromW(
-                    pwszUPN,
-                    &pszUPN
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetKeyTabRecBlob(
-                    pszUPN,
-                    &pLocalByte,
-                    &dwByteSize
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //clone data into container
-    dwError = VmDirRpcAllocateMemory(
-                    dwByteSize,
-                    (PVOID*)&pContainerBlob
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCopyMemory (
-                    pContainerBlob,
-                    dwByteSize,
-                    pLocalByte,
-                    dwByteSize
-                    );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pContainer->dwCount = dwByteSize;
-    pContainer->data    = pContainerBlob;
-    pContainerBlob      = NULL;
-
-    VMDIR_LOG_DEBUG( LDAP_DEBUG_RPC, "RpcVmDirGetKeyTabRecBlob (%s)", VDIR_SAFE_STRING(pszUPN) );
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY( pLocalByte );
-    VMDIR_SAFE_FREE_STRINGA(pszUPN);
-    if (pAccessToken)
-    {
-        VmDirSrvReleaseAccessToken(pAccessToken);
-    }
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GENERATEPASSWORD],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
 
     return dwAPIError;
 
@@ -440,87 +304,7 @@ Srv_RpcVmDirGetKeyTabRecBlob(
     VmDirRpcFreeMemory( pContainerBlob );
     VMDIR_API_ERROR_MAP( dwError, dwAPIError, dwAPIErrorMap);
 
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcVmDirGetKeyTabRecBlob failed (%u)(%u)(%s)",
-                                      dwError, dwAPIError, VDIR_SAFE_STRING(pszUPN) );
-
-    goto cleanup;
-}
-
-UINT32
-Srv_RpcVmDirGetKrbMasterKey(
-    handle_t    hBinding,
-    PWSTR       pwszDomainName,      // [in] FQDN
-    VMDIR_DATA_CONTAINER* pContainer // [out]
-    )
-{
-    DWORD   dwError = 0;
-    DWORD   dwAPIError = 0;
-    PBYTE   pLocalByte = NULL;
-    PBYTE   pLocalRPCByte = NULL;
-    DWORD   dwKeySize = 0;
-    PSTR    pszDomainName = NULL;
-    DWORD   dwAPIErrorMap[] = {  VMDIR_ERROR_INVALID_PARAMETER,
-                                 VMDIR_ERROR_INVALID_REALM
-                              };
-    DWORD   dwRpcFlags = VMDIR_RPC_FLAG_ALLOW_NCALRPC
-                       | VMDIR_RPC_FLAG_REQUIRE_AUTH_NCALRPC
-                       | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
-    PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
-
-    dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (IsNullOrEmptyString(pwszDomainName)
-        || !pContainer
-       )
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringAFromW( pwszDomainName,
-                                         &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetKrbMasterKey( pszDomainName,
-                                    &pLocalByte,
-                                    &dwKeySize);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRpcAllocateMemory( dwKeySize,
-                                      (PVOID*)&pLocalRPCByte);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCopyMemory ( pLocalRPCByte,
-                                dwKeySize,
-                                pLocalByte,
-                                dwKeySize);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pContainer->data    = pLocalRPCByte;
-    pContainer->dwCount = dwKeySize;
-    pLocalRPCByte = NULL;
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "RpcVmDirGetKrbMasterKey (%s)", VDIR_SAFE_STRING(pszDomainName) );
-
-cleanup:
-    if (pAccessToken)
-    {
-        VmDirSrvReleaseAccessToken(pAccessToken);
-    }
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_MEMORY( pLocalByte );
-
-    return dwAPIError;
-
-error:
-
-    VmDirRpcFreeMemory( pLocalRPCByte );
-    VMDIR_API_ERROR_MAP( dwError, dwAPIError, dwAPIErrorMap);
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcVmDirGetKrbMasterKey failed (%u)(%u)(%s)",
-                                      dwError, dwAPIError, VDIR_SAFE_STRING(pszDomainName) );
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcVmDirGeneratePassword failed (%u)(%u)", dwError, dwAPIError);
 
     goto cleanup;
 }
@@ -572,85 +356,6 @@ VmDirSrvSetSRPSecret(
     goto cleanup;
 }
 
-UINT32
-Srv_RpcVmDirGetKrbUPNKey(
-    handle_t    hBinding,
-    PWSTR       pwszUpnName,
-    VMDIR_DATA_CONTAINER *pContainer
-    )
-{
-    DWORD   dwError = 0;
-    PBYTE   pLocalByte = NULL;
-    PBYTE   pLocalRPCByte = NULL;
-    DWORD   dwKeySize = 0;
-    PSTR    pszUpnName = NULL;
-    DWORD   dwAPIError = 0;
-    DWORD   dwAPIErrorMap[] = {  VMDIR_ERROR_INVALID_PARAMETER,
-                                 VMDIR_ERROR_NO_SUCH_ATTRIBUTE,
-                                 VMDIR_ERROR_ENTRY_NOT_FOUND
-                              };
-    DWORD   dwRpcFlags = VMDIR_RPC_FLAG_ALLOW_NCALRPC
-                       | VMDIR_RPC_FLAG_REQUIRE_AUTH_NCALRPC
-                       | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
-    PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
-
-    dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (IsNullOrEmptyString(pwszUpnName)
-        || !pContainer
-       )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringAFromW( pwszUpnName,
-                                         &pszUpnName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-
-    dwError = VmDirGetKrbUPNKey( pszUpnName,
-                                 &pLocalByte,
-                                 &dwKeySize);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRpcAllocateMemory( dwKeySize,
-                                      (PVOID*)&pLocalRPCByte);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCopyMemory ( pLocalRPCByte,
-                                dwKeySize,
-                                pLocalByte,
-                                dwKeySize);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pContainer->data    = pLocalRPCByte;
-    pContainer->dwCount = dwKeySize;
-    pLocalRPCByte = NULL;
-
-    VMDIR_LOG_DEBUG( LDAP_DEBUG_RPC, "RpcVmDirGetKrbUPNKey (%s)", VDIR_SAFE_STRING(pszUpnName) );
-
-cleanup:
-    if (pAccessToken)
-    {
-        VmDirSrvReleaseAccessToken(pAccessToken);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pszUpnName);
-    VMDIR_SAFE_FREE_MEMORY( pLocalByte );
-
-    return dwAPIError;
-
-error:
-
-    VmDirRpcFreeMemory( pLocalRPCByte );
-    VMDIR_API_ERROR_MAP( dwError, dwAPIError, dwAPIErrorMap);
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcVmDirGetKrbUPNKey failed (%u)(%u)(%s)",
-                                     dwError, dwAPIError, VDIR_SAFE_STRING(pszUpnName) );
-    goto cleanup;
-}
-
 static
 DWORD
 _RpcVmDirCreateUserInternal(
@@ -793,6 +498,10 @@ Srv_RpcVmDirCreateUser(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -810,6 +519,11 @@ Srv_RpcVmDirCreateUser(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_CREATEUSER],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -832,6 +546,10 @@ Srv_RpcVmDirCreateUserEx(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     if (!hBinding || !pCreateParams)
     {
@@ -852,6 +570,10 @@ Srv_RpcVmDirCreateUserEx(
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_CREATEUSEREX],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -859,15 +581,6 @@ Srv_RpcVmDirCreateUserEx(
     goto cleanup;
 }
 
-UINT32
-Srv_RpcVmDirReplNow(
-    handle_t    hBinding
-    )
-{
-    //Deplicated by Raft protocol
-    return ERROR_INVALID_PARAMETER;
-}
-
 UINT32
 Srv_RpcVmDirSetLogLevel(
     handle_t        hBinding,
@@ -881,6 +594,10 @@ Srv_RpcVmDirSetLogLevel(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -892,6 +609,11 @@ Srv_RpcVmDirSetLogLevel(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETLOGLEVEL],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -914,6 +636,10 @@ Srv_RpcVmDirSetLogMask(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -925,6 +651,11 @@ Srv_RpcVmDirSetLogMask(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETLOGMASK],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -944,6 +675,10 @@ Srv_RpcVmDirSetState(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -957,13 +692,18 @@ Srv_RpcVmDirSetState(
 
     VmDirdStateSet(dwState);
 
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Srv_RpcVmDirSetState: Set lwraftd state to: %u", dwState );
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Srv_RpcVmDirSetState: Set postd state to: %u", dwState );
 
 cleanup:
     if (pAccessToken)
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETSTATE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -971,51 +711,6 @@ Srv_RpcVmDirSetState(
     goto cleanup;
 }
 
-UINT32
-Srv_RpcVmDirOpenDBFile(
-    handle_t    hBinding,
-    PWSTR       pwszDBFileName,
-    vmdir_ftp_handle_t  *   ppFileHandle)
-{
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "Srv_RpcVmDirOpenDBFile is obsolete.");
-    return LDAP_OPERATIONS_ERROR;
-}
-
-UINT32
-Srv_RpcVmDirReadDBFile(
-    handle_t    hBinding,
-    vmdir_ftp_handle_t pFileHandle,
-    UINT32      dwCount,
-    VMDIR_FTP_DATA_CONTAINER  * pReadBufferContainer)
-{
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "Srv_RpcVmDirReadDBFile is obsolete.");
-    return LDAP_OPERATIONS_ERROR;
-}
-
-UINT32
-Srv_RpcVmDirCloseDBFile(
-    handle_t    hBinding,
-    vmdir_ftp_handle_t pFileHandle)
-{
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "Srv_RpcVmDirCloseDBFile is obsolete.");
-    return LDAP_OPERATIONS_ERROR;
-}
-
-
-/*
- * Rundown function for vmdir_ftp_handle data. Handle the case where the
- * client/server connection is lost and the existing connection handle (FILE *)
- * is still open. Close the file to prevent a fd leak. However, must protect
- * against calling fclose() twice on the same open FILE *.
- */
-void vmdir_ftp_handle_t_rundown(void *ctx)
-{
-    if (ctx && fileno((FILE *) ctx) != -1)
-    {
-        fclose((FILE *) ctx);
-    }
-}
-
 static
 DWORD
 _VmDirRPCCheckAccess(
@@ -1123,7 +818,6 @@ _VmDirRPCCheckAccess(
     {
         rpc_string_free((unsigned_char_p_t *)&pszRpcHandle, &rpc_status);
     }
-
     return dwError;
 
 error:
@@ -1192,7 +886,6 @@ _VmDirRemoteDBCopyWhiteList(
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pszFullPathName);
-
     return dwError;
 
 error:
@@ -1212,6 +905,10 @@ Srv_RpcVmDirSuperLogQueryServerData(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1224,6 +921,11 @@ Srv_RpcVmDirSuperLogQueryServerData(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGQUERYSERVERDATA],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1243,6 +945,10 @@ Srv_RpcVmDirSuperLogEnable(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1255,6 +961,11 @@ Srv_RpcVmDirSuperLogEnable(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGENABLE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1274,6 +985,10 @@ Srv_RpcVmDirSuperLogDisable(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1286,6 +1001,11 @@ Srv_RpcVmDirSuperLogDisable(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGDISABLE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1307,6 +1027,10 @@ Srv_RpcVmDirIsSuperLogEnabled(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
     BOOLEAN bEnabled = FALSE;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1319,6 +1043,11 @@ Srv_RpcVmDirIsSuperLogEnabled(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_ISSUPERLOGENABLED],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1338,6 +1067,10 @@ Srv_RpcVmDirSuperLogFlush(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1350,6 +1083,11 @@ Srv_RpcVmDirSuperLogFlush(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGFLUSH],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1370,6 +1108,10 @@ Srv_RpcVmDirSuperLogSetSize(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1382,6 +1124,11 @@ Srv_RpcVmDirSuperLogSetSize(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGSETSIZE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1402,6 +1149,10 @@ Srv_RpcVmDirSuperLogGetSize(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1414,6 +1165,11 @@ Srv_RpcVmDirSuperLogGetSize(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGGETSIZE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1468,6 +1224,10 @@ Srv_RpcVmDirSuperLogGetEntriesLdapOperation(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1483,6 +1243,11 @@ Srv_RpcVmDirSuperLogGetEntriesLdapOperation(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGGETENTRIESLDAPOPERATION],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1505,6 +1270,10 @@ Srv_RpcVmDirOpenDatabaseFile(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1555,6 +1324,11 @@ Srv_RpcVmDirOpenDatabaseFile(
     }
     VMDIR_SAFE_FREE_MEMORY(pszDBFileName);
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_OPENDATABASEFILE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1582,6 +1356,10 @@ Srv_RpcVmDirReadDatabaseFile(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1624,6 +1402,11 @@ Srv_RpcVmDirReadDatabaseFile(
     }
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_READDATABASEFILE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
+
     return dwError;
 
 error:
@@ -1645,6 +1428,10 @@ Srv_RpcVmDirCloseDatabaseFile(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1669,6 +1456,11 @@ Srv_RpcVmDirCloseDatabaseFile(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_CLOSEDATABASEFILE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1698,6 +1490,10 @@ Srv_RpcVmDirSetBackendState(
     DWORD dwDbSizeMb = 0;
     DWORD dwDbMapSizeMb = 0;
     PBYTE pData = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1724,6 +1520,11 @@ Srv_RpcVmDirSetBackendState(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETBACKENDSTATE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1746,6 +1547,10 @@ Srv_RpcVmDirGetState(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1763,6 +1568,11 @@ Srv_RpcVmDirGetState(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETSTATE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1782,6 +1592,10 @@ Srv_RpcVmDirGetLogLevel(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1799,6 +1613,11 @@ Srv_RpcVmDirGetLogLevel(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETLOGLEVEL],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1818,6 +1637,10 @@ Srv_RpcVmDirGetLogMask(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1835,6 +1658,11 @@ Srv_RpcVmDirGetLogMask(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETLOGMASK],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1872,28 +1700,6 @@ void vmdir_dbcp_handle_t_rundown(void *ctx)
     VmDirdStateSet(VMDIRD_STATE_NORMAL);
 }
 
-UINT32
-Srv_RpcVmDirUrgentReplicationRequest(
-    handle_t    hBinding,
-    PWSTR       pwszServerName
-    )
-{
-    //deplicated by Raft protocol
-    return ERROR_INVALID_PARAMETER;
-}
-
-UINT32
-Srv_RpcVmDirUrgentReplicationResponse(
-    handle_t  hBinding,
-    PWSTR     pwszInvocationId,
-    PWSTR     pwszUtdVector,
-    PWSTR     pwszHostName
-    )
-{
-   //Deplicated by Raft protocol
-   return ERROR_INVALID_PARAMETER;
-}
-
 UINT32
 Srv_RpcVmDirSetMode(
     handle_t hBinding,
@@ -1906,6 +1712,10 @@ Srv_RpcVmDirSetMode(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1920,13 +1730,18 @@ Srv_RpcVmDirSetMode(
 
     VmDirdSetRunMode(dwMode);
 
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "%s: Set lwraftd runmode to: %u", __FUNCTION__, dwMode );
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "%s: Set postd runmode to: %u", __FUNCTION__, dwMode );
 
 cleanup:
     if (pAccessToken)
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETMODE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1947,6 +1762,10 @@ Srv_RpcVmDirGetMode(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1964,6 +1783,11 @@ Srv_RpcVmDirGetMode(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETMODE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1992,6 +1816,10 @@ Srv_RpcVmDirRaftRequestVote(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -2014,6 +1842,11 @@ Srv_RpcVmDirRaftRequestVote(
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_RAFTREQUESTVOTE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
+
     return dwError;
 
 error:
@@ -2031,15 +1864,19 @@ UINT32 Srv_RpcVmDirRaftAppendEntries(
     /* [in] */ idl_uhyper_int leaderCommit,
     /* [in] */  chglog_container *entries,
     /* [out] */ UINT32 *currentTerm,
-    /* [out] */ UINT32 *status
+    /* [out] */ idl_uhyper_int *status
 )
 {
     DWORD  dwError = 0;
     UINT32 iCurrentTerm = 0;
-    UINT32 iStatus = 0;
+    unsigned long long iStatus = 0;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     *currentTerm = 0;
-    *status = 1;
+    *status = 0;
 
     DWORD dwRpcFlags = VMDIR_RPC_FLAG_ALLOW_NCALRPC
                        | VMDIR_RPC_FLAG_ALLOW_TCPIP
@@ -2051,7 +1888,7 @@ UINT32 Srv_RpcVmDirRaftAppendEntries(
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirAppendEntriesGetReply(term, (char *)leader, preLogIndex, prevLogTerm,
+    dwError = VmDirAppendEntriesGetReply(term, (char *)leader, preLogIndex, prevLogTerm,
                                           leaderCommit, entries->chglog_size, entries->chglog_bytes, &iCurrentTerm, &iStatus);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -2063,6 +1900,11 @@ UINT32 Srv_RpcVmDirRaftAppendEntries(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_RAFTAPPENDENTRIES],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
diff --git a/lwraft/server/vmdir/schema.c b/lwraft/server/vmdir/schema.c
index 1be9b4c35..178c21637 100644
--- a/lwraft/server/vmdir/schema.c
+++ b/lwraft/server/vmdir/schema.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -21,103 +21,79 @@
     NULL                                                \
 }
 
-static
-DWORD
-_MarkDefaultIndices(
-    VOID
-    );
-
 /*
  * Examines the following options in order and use the first detected source
  * to initialize schema:
  *
- * 1. Individual schema entries (7.0)
- * 2. Subschema subentry (6.x)
- * 3. Schema file
+ * 1. Schema entries
+ * 2. Schema file
  *
  * OUTPUT:
- * pbWriteSchemaEntry will be TRUE if option 3 was used
- * pbLegacyDataLoaded will be TRUE if option 2 was used
+ * pbWriteSchemaEntry will be TRUE if option 2 was used
  */
 DWORD
 VmDirLoadSchema(
-    PBOOLEAN    pbWriteSchemaEntry,
-    PBOOLEAN    pbLegacyDataLoaded
+    PBOOLEAN    pbWriteSchemaEntry
     )
 {
-    DWORD               dwError = 0;
+    DWORD   dwError = 0;
     PVDIR_ENTRY_ARRAY   pAtEntries = NULL;
     PVDIR_ENTRY_ARRAY   pOcEntries = NULL;
-    PVDIR_ENTRY         pSchemaEntry = NULL;
 
-    assert(pbWriteSchemaEntry && pbLegacyDataLoaded);
+    assert(pbWriteSchemaEntry);
 
-    dwError = VmDirReadSchemaObjects(&pAtEntries, &pOcEntries);
+    dwError = VmDirReadAttributeSchemaObjects(&pAtEntries);
     if (dwError == 0)
     {
-        dwError = VmDirSchemaLibPrepareUpdateViaEntries(pAtEntries, pOcEntries);
+        dwError = VmDirSchemaLibLoadAttributeSchemaEntries(pAtEntries);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirSchemaLibUpdate(0);
+        dwError = VmDirReadClassSchemaObjects(&pOcEntries);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirSchemaLibLoadClassSchemaEntries(pOcEntries);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
     else if (dwError == ERROR_BACKEND_ENTRY_NOTFOUND)
     {
-        dwError = VmDirReadSubSchemaSubEntry(&pSchemaEntry);
-        if (dwError == 0)
-        {
-            dwError = VmDirSchemaLibPrepareUpdateViaSubSchemaSubEntry(pSchemaEntry);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            *pbLegacyDataLoaded = TRUE;
-        }
-        else if (dwError == ERROR_BACKEND_ENTRY_NOTFOUND)
+        PCSTR pszSchemaFilePath = gVmdirGlobals.pszBootStrapSchemaFile;
+        if (IsNullOrEmptyString(pszSchemaFilePath))
         {
-            PSTR pszSchemaFilePath = gVmdirGlobals.pszBootStrapSchemaFile;
-            if (!pszSchemaFilePath)
-            {
-                dwError = ERROR_NO_SCHEMA;
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-
-            dwError = VmDirSchemaLibPrepareUpdateViaFile(pszSchemaFilePath);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            *pbWriteSchemaEntry = TRUE;
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NO_SCHEMA);
         }
-        BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirSchemaLibUpdate(0);
+        dwError = VmDirSchemaLibLoadFile(pszSchemaFilePath);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = _MarkDefaultIndices();
-        BAIL_ON_VMDIR_ERROR(dwError);
+        *pbWriteSchemaEntry = TRUE;
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     VmDirFreeEntryArray(pAtEntries);
     VmDirFreeEntryArray(pOcEntries);
-    VmDirFreeEntry(pSchemaEntry);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
 
 /*
  * Initialize schemacontext subtree entries
- * Should be called if InitializeSchema() results pbWriteSchemaEntry = TRUE
+ * Should be called if VmDirLoadSchema() results pbWriteSchemaEntry = TRUE
  */
 DWORD
-InitializeSchemaEntries(
+VmDirSchemaInitializeSubtree(
     PVDIR_SCHEMA_CTX    pSchemaCtx
     )
 {
-    DWORD dwError = 0;
+    DWORD   dwError = 0;
 
     static PSTR ppszSchemaContext[] =
             VDIR_SCHEMA_NAMING_CONTEXT_ENTRY_INITIALIZER;
@@ -136,143 +112,10 @@ InitializeSchemaEntries(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-    goto cleanup;
-}
-
-/*
- * During upgrade 7.0 or later, we can patch schema via this function.
- *
- * INPUT:
- * new version of Lotus schema file
- */
-DWORD
-VmDirSchemaPatchViaFile(
-    PCSTR       pszSchemaFilePath
-    )
-{
-    DWORD    dwError = 0;
-    PVDIR_SCHEMA_CTX    pOldSchemaCtx = NULL;
-    PVDIR_SCHEMA_CTX    pNewSchemaCtx = NULL;
-
-    dwError = VmDirSchemaCtxAcquire(&pOldSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaLibPrepareUpdateViaFile(pszSchemaFilePath);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaLibUpdate(0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaCtxAcquire(&pNewSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirPatchLocalSchemaObjects(pOldSchemaCtx, pNewSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VmDirSchemaCtxRelease(pOldSchemaCtx);
-    VmDirSchemaCtxRelease(pNewSchemaCtx);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
-
-/*
- * During upgrade 6.x, we can patch schema via this function.
- * Should be called if InitializeSchema() results pbLegacyDataLoaded = TRUE
- *
- * INPUT:
- * new version of Lotus schema file
- */
-DWORD
-VmDirSchemaPatchLegacyViaFile(
-    PCSTR       pszSchemaFilePath
-    )
-{
-    DWORD    dwError = 0;
-
-    dwError = VmDirSchemaLibPrepareUpdateViaFile(pszSchemaFilePath);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaLibUpdate(0);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirPatchLocalSubSchemaSubEntry();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirWriteSchemaObjects();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    goto cleanup;
-}
-
-static
-DWORD
-_MarkDefaultIndices(
-    VOID
-    )
-{
-    DWORD   dwError = 0;
-    PLW_HASHMAP pIndexCfgMap = NULL;
-    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
-    LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
-    LW_HASHMAP_PAIR pair = {NULL, NULL};
-
-    dwError = VmDirIndexCfgMap(&pIndexCfgMap);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    while (LwRtlHashMapIterate(pIndexCfgMap, &iter, &pair))
-    {
-        PVDIR_INDEX_CFG pIndexCfg = (PVDIR_INDEX_CFG)pair.pValue;
-        PVDIR_SCHEMA_AT_DESC pATDesc = NULL;
-
-        dwError = VmDirSchemaAttrNameToDescriptor(
-                pSchemaCtx, pIndexCfg->pszAttrName, &pATDesc);
-
-        // VMIT support
-        if (dwError == VMDIR_ERROR_NO_SUCH_ATTRIBUTE)
-        {
-            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                    "%s detected index for unknown attribute %s, "
-                    "the index will be deleted",
-                    __FUNCTION__, pIndexCfg->pszAttrName, dwError );
-
-            pIndexCfg->status = VDIR_INDEXING_DISABLED;
-            continue;
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirIndexCfgGetAllScopesInStrArray(
-                pIndexCfg, &pATDesc->ppszUniqueScopes);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pATDesc->dwSearchFlags |= 1;
-
-        // for free later
-        pATDesc->pLdapAt->ppszUniqueScopes = pATDesc->ppszUniqueScopes;
-        pATDesc->pLdapAt->dwSearchFlags = pATDesc->dwSearchFlags;
-    }
-
-cleanup:
-    VmDirSchemaCtxRelease(pSchemaCtx);
-    return dwError;
-
-error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
     goto cleanup;
 }
diff --git a/lwraft/server/vmdir/service.c b/lwraft/server/vmdir/service.c
index 2d13de39a..52b1d5c37 100644
--- a/lwraft/server/vmdir/service.c
+++ b/lwraft/server/vmdir/service.c
@@ -115,74 +115,53 @@ VmDirRegisterRpcServer(
     ULONG ulError = 0;
     VMDIR_RPC_ENDPOINT endpoints[] =
         {
-            {"ncalrpc",      VMDIR_NCALRPC_END_POINT},
-            {"ncacn_ip_tcp", VMDIR_RPC_TCP_END_POINT}
+            {"ncalrpc",      LWRAFT_NCALRPC_END_POINT},
+            {"ncacn_ip_tcp", LWRAFT_RPC_TCP_END_POINT}
         };
     DWORD dwEpCount = sizeof(endpoints)/sizeof(endpoints[0]);
     VMDIR_IF_HANDLE_T pVmDirInterfaceSpec    = vmdir_v1_4_s_ifspec;
-    VMDIR_IF_HANDLE_T pVmDirFtpInterfaceSpec = vmdirftp_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
-    VMDIR_IF_HANDLE_T pSrpVerifierInterfaceSpec = rpc_srp_verifier_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pSuperLogInterfaceSpec = vmdirsuperlog_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pVmDirDbcpInterfaceSpec = vmdirdbcp_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
-    VMDIR_IF_HANDLE_T pVmDirUrgentReplInterfaceSpec = vmdirurgentrepl_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pVmDirRaftInterfaceSpec = vmdirraft_v1_0_s_ifspec;
     VMDIR_RPC_BINDING_VECTOR_P_T pServerBinding = NULL;
+#if 0
     BOOLEAN bEndpointsRegistered = TRUE;
+#endif
 
     ulError = VmDirRpcServerRegisterIf(pVmDirInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    ulError = VmDirRpcServerRegisterIf(pVmDirFtpInterfaceSpec);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
-    ulError = VmDirRpcServerRegisterIf(pSrpVerifierInterfaceSpec);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
     ulError = VmDirRpcServerRegisterIf(pSuperLogInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
     ulError = VmDirRpcServerRegisterIf(pVmDirDbcpInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    ulError = VmDirRpcServerRegisterIf(pVmDirUrgentReplInterfaceSpec);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
     ulError = VmDirRpcServerRegisterIf(pVmDirRaftInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Lightwave Raft Service registered successfully.");
+    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Persistent Objectstore Service registered successfully.");
 
     ulError = VmDirBindServer( &pServerBinding, endpoints, VmDirRegisterForTcpEndpoint() ? dwEpCount : dwEpCount - 1);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Lightwave Raft Service bound successfully.");
+    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Persistent Objectstore Service bound successfully.");
 
+#if 0
 #if !defined(HAVE_DCERPC_WIN32)
-    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirInterfaceSpec, "Lightwave Raft Service");
-    if (ulError)
-    {
-        bEndpointsRegistered = FALSE;
-    }
-
-    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirFtpInterfaceSpec, "Lightwave Raft Service FTP");
-    if (ulError)
-    {
-        bEndpointsRegistered = FALSE;
-    }
-
-    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirDbcpInterfaceSpec, "Lightwave Raft Service dbcp");
+    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirInterfaceSpec, "Persistent Objectstore Service");
     if (ulError)
     {
         bEndpointsRegistered = FALSE;
     }
 
-    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirUrgentReplInterfaceSpec, "Lightwave Raft Service Urgent Repl");
+    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirDbcpInterfaceSpec, "Persistent Objectstore Service dbcp");
     if (ulError)
     {
         bEndpointsRegistered = FALSE;
     }
 
-    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirRaftInterfaceSpec, "Lightwave Raft Service Raft");
+    ulError = VmDirRpcEpRegister( pServerBinding, pVmDirRaftInterfaceSpec, "Persistent Objectstore Service Raft");
     if (ulError)
     {
         bEndpointsRegistered = FALSE;
@@ -192,6 +171,7 @@ VmDirRegisterRpcServer(
     {
         VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "RPC Endpoints registered successfully.");
     }
+#endif
 #endif
 
     ulError = VmDirRpcServerRegisterAuthInfo();
@@ -219,31 +199,23 @@ VmDirUnRegisterRpcServer(
 {
     ULONG ulError = 0;
     VMDIR_IF_HANDLE_T pVmDirInterfaceSpec    = vmdir_v1_4_s_ifspec;
-    VMDIR_IF_HANDLE_T pVmDirFtpInterfaceSpec = vmdirftp_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pVmDirSuperLogInterfaceSpec = vmdirsuperlog_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pVmDirDbcpInterfaceSpec = vmdirdbcp_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
-    VMDIR_IF_HANDLE_T pVmDirUrgentReplInterfaceSpec = vmdirurgentrepl_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pVmDirRaftInterfaceSpec = vmdirraft_v1_0_s_ifspec;
 
     ulError = VmDirRpcServerUnRegisterIf(pVmDirInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    ulError = VmDirRpcServerUnRegisterIf(pVmDirFtpInterfaceSpec);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
     ulError = VmDirRpcServerUnRegisterIf(pVmDirSuperLogInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
     ulError = VmDirRpcServerUnRegisterIf(pVmDirDbcpInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    ulError = VmDirRpcServerUnRegisterIf(pVmDirUrgentReplInterfaceSpec);
-    BAIL_ON_VMDIR_ERROR(ulError);
-
     ulError = VmDirRpcServerUnRegisterIf(pVmDirRaftInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
 
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Lightwave Raft Service unregistered successfully.");
+    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Persistent Objectstore Service unregistered successfully.");
 
 error:
 
@@ -377,26 +349,5 @@ VmDirHaveLegacy(
     VOID
     )
 {
-    DWORD    i = 0;
-    PDWORD pdwPorts = NULL;
-    DWORD  dwPorts = 0;
-
-    VmDirGetLdapListenPorts(&pdwPorts, &dwPorts);
-    for ( i = 0; i < dwPorts; i++)
-    {
-        if (pdwPorts[i] == LEGACY_DEFAULT_LDAP_PORT_NUM)
-        {
-            return TRUE;
-        }
-    }
-
-    VmDirGetLdapsListenPorts(&pdwPorts, &dwPorts);
-    for ( i = 0; i < dwPorts; i++)
-    {
-        if (pdwPorts[i] == LEGACY_DEFAULT_LDAPS_PORT_NUM)
-        {
-            return TRUE;
-        }
-    }
     return FALSE;
 }
diff --git a/lwraft/server/vmdir/shutdown.c b/lwraft/server/vmdir/shutdown.c
index a44e02ccd..3af6bce1d 100644
--- a/lwraft/server/vmdir/shutdown.c
+++ b/lwraft/server/vmdir/shutdown.c
@@ -45,10 +45,8 @@ VmDirShutdown(
 
     pBE = VmDirBackendSelect(NULL);
 
-#if 0
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: stop REST listening threads", __func__);
     VmDirRESTServerShutdown();
-#endif
 
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: stop LDAP listening threads", __func__);
     VmDirShutdownConnAcceptThread();
@@ -73,14 +71,11 @@ VmDirShutdown(
         VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: operation threads stopped gracefully", __func__);
     }
 
-    if (!gVmdirGlobals.bPatchSchema)
-    {
-        VmDirRpcServerShutdown();
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: RPC service stopped", __func__);
+    VmDirRpcServerShutdown();
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: RPC service stopped", __func__);
 
-        VmDirIpcServerShutDown();
-        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: IPC service stopped", __func__);
-    }
+    VmDirIpcServerShutDown();
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: IPC service stopped", __func__);
 
     VmDirStopSrvThreads();
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: server threads stopped", __func__);
@@ -116,6 +111,8 @@ VmDirShutdown(
 
     VmDirCleanupGlobals();
 
+    VmMetricsDestroy(pmContext);
+
     (VOID)VmDirSetRegKeyValueDword(
             VMDIR_CONFIG_PARAMETER_KEY_PATH,
             VMDIR_REG_KEY_DIRTY_SHUTDOWN,
@@ -197,8 +194,8 @@ VmDirCleanupGlobals(
     // Free vmdir global 'gVmdirGlobals' upon shutdown
     VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszBDBHome);
     VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszBootStrapSchemaFile);
-    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszRestListenPort);
-    VMDIR_SAFE_FREE_MEMORY(gVmdirUrgentRepl.pUTDVector);
+    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszHTTPListenPort);
+    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszHTTPSListenPort);
 
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.replCycleDoneMutex );
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.replAgrsMutex );
@@ -206,26 +203,15 @@ VmDirCleanupGlobals(
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.pMutexIPCConnection );
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.pFlowCtrlMutex );
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.mutex );
-    VMDIR_SAFE_FREE_MUTEX( gVmdirUrgentRepl.pUrgentReplMutex );
-    VMDIR_SAFE_FREE_MUTEX( gVmdirUrgentRepl.pUrgentReplResponseRecvMutex );
-    VMDIR_SAFE_FREE_MUTEX( gVmdirUrgentRepl.pUrgentReplThreadMutex );
-    VMDIR_SAFE_FREE_MUTEX( gVmdirUrgentRepl.pUrgentReplDoneMutex );
-    VMDIR_SAFE_FREE_MUTEX( gVmdirUrgentRepl.pUrgentReplStartMutex );
 
     VMDIR_SAFE_FREE_CONDITION(gVmdirGlobals.replCycleDoneCondition);
     VMDIR_SAFE_FREE_CONDITION(gVmdirGlobals.replAgrsCondition);
-    VMDIR_SAFE_FREE_CONDITION(gVmdirUrgentRepl.pUrgentReplResponseRecvCondition);
-    VMDIR_SAFE_FREE_CONDITION(gVmdirUrgentRepl.pUrgentReplThreadCondition);
-    VMDIR_SAFE_FREE_CONDITION(gVmdirUrgentRepl.pUrgentReplDoneCondition);
-    VMDIR_SAFE_FREE_CONDITION(gVmdirUrgentRepl.pUrgentReplStartCondition);
 
     VMDIR_SAFE_FREE_SYNCCOUNTER(gVmdirGlobals.pOperationThrSyncCounter);
 
     // Free vmdir plugin global 'gVmdirPluginGlobals'
     VmDirPluginShutdown();
 
-    VmDirFreeAbsoluteSecurityDescriptor(&gVmdirGlobals.gpVmDirSrvSD);
-
     VMDIR_SAFE_FREE_MUTEX( gVmdirKrbGlobals.pmutex );
     VMDIR_SAFE_FREE_CONDITION(gVmdirKrbGlobals.pcond);
 
diff --git a/lwraft/server/vmdir/superlogging.c b/lwraft/server/vmdir/superlogging.c
index 1bff7375a..59646ae55 100644
--- a/lwraft/server/vmdir/superlogging.c
+++ b/lwraft/server/vmdir/superlogging.c
@@ -174,7 +174,11 @@ _VmDirInitEventLogPublisherThread(
     dwError = VmDirSrvThrInit(&pThrInfo, NULL, NULL, TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateThread(&pThrInfo->tid, FALSE, _VmDirEventLogPublisherThrFun, (PVOID)pCircularBuffer);
+    dwError = VmDirCreateThread(
+            &pThrInfo->tid,
+            pThrInfo->bJoinThr,
+            _VmDirEventLogPublisherThrFun,
+            (PVOID)pCircularBuffer);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pThrInfo);
diff --git a/lwraft/server/vmdir/tenantmgmt.c b/lwraft/server/vmdir/tenantmgmt.c
new file mode 100644
index 000000000..f4824c1e5
--- /dev/null
+++ b/lwraft/server/vmdir/tenantmgmt.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+
+DWORD
+VmDirSrvInitializeTenant(
+    PWSTR    pwszDomainName,
+    PWSTR    pwszUsername,
+    PWSTR    pwszPassword
+    )
+{
+    DWORD dwError = 0;
+    PSTR  pszDomainName = NULL;
+    PSTR  pszUsername = NULL;
+    PSTR  pszPassword = NULL;
+
+    if (IsNullOrEmptyString(pwszDomainName) ||
+        IsNullOrEmptyString(pwszUsername) ||
+        IsNullOrEmptyString(pwszPassword))
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringAFromW(pwszDomainName, &pszDomainName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringAFromW(pwszUsername, &pszUsername);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringAFromW(pwszPassword, &pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSrvCreateTenant(pszDomainName, pszUsername, pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmDirSrvInitializeTenant (%u)(%s)(%s)",
+                                       dwError,
+                                       VDIR_SAFE_STRING(pszDomainName),
+                                       VDIR_SAFE_STRING(pszUsername));
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
+    VMDIR_SAFE_FREE_MEMORY(pszUsername);
+    VMDIR_SAFE_FREE_MEMORY(pszPassword);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSrvInitializeTenant failed (%u)(%s)(%s)",
+                                      dwError,
+                                      VDIR_SAFE_STRING(pszDomainName),
+                                      VDIR_SAFE_STRING(pszUsername));
+    goto cleanup;
+}
+
+//
+// This routine verifies that the tenant domain is at most two levels deep
+// (e.g., vsphere.local is OK, vsphere.foo.local is not).
+//
+DWORD
+_VmDirSrvCheckDomainDepth(
+    PCSTR pszDomainName
+    )
+{
+    PCSTR pszFirstDot = NULL;
+    PCSTR pszLastDot = NULL;
+    DWORD dwError = 0;
+
+    pszFirstDot = VmDirStringChrA(pszDomainName, '.');
+    pszLastDot = VmDirStringRChrA(pszDomainName, '.');
+
+    if (pszFirstDot != pszLastDot)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirSrvCreateTenant(
+    PCSTR pszFQDomainName,
+    PCSTR pszUsername,
+    PCSTR pszPassword
+    )
+{
+    DWORD dwError = 0;
+    PSTR  pszDomainDN = NULL;
+    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+                   "Setting up a tenant instance (%s).",
+                   VDIR_SAFE_STRING(pszFQDomainName));
+
+    dwError = _VmDirSrvCheckDomainDepth(pszFQDomainName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirDomainNameToDN(pszFQDomainName, &pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSrvSetupDomainInstance(
+                    pSchemaCtx,
+                    FALSE,
+                    FALSE,
+                    pszFQDomainName,
+                    pszDomainDN,
+                    pszUsername,
+                    pszPassword,
+                    NULL,
+                    NULL,
+                    NULL,
+                    NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
+
+    if (pSchemaCtx)
+    {
+        VmDirSchemaCtxRelease(pSchemaCtx);
+    }
+
+    return dwError;
+
+error:
+    VmDirLog(LDAP_DEBUG_ANY, "VmDirSrvCreateTenantInstance failed. Error(%u)", dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDirSrvDeleteTenant(
+    PCSTR pszDomainName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDomainDn = NULL;
+    PSTR pszParentDn = NULL;
+    PVDIR_ENTRY pEntry = NULL;
+    VDIR_ENTRY_ARRAY entryArray = {0};
+    int iIdx = 0;
+    int iCnt = 0;
+
+    dwError = VmDirFQDNToDN(pszDomainName, &pszDomainDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszParentDn = strchr(pszDomainDn, ',');
+    if (pszParentDn == NULL)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+    pszParentDn++;
+
+    dwError = VmDirFilterInternalSearch(pszDomainDn,
+                                        LDAP_SCOPE_SUBTREE,
+                                        "objectClass=*",
+                                        0,
+                                        NULL,
+                                        &entryArray);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (iCnt = 0, iIdx = (int)entryArray.iSize - 1; iCnt < entryArray.iSize; iCnt++, iIdx--)
+    {
+        dwError = VmDirDeleteEntry(&entryArray.pEntry[iIdx]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    //
+    // Now, try to delete the parent. This can fail if there are other tenants
+    // still in that root (e.g., we just deleted "pepsi.com" but "coke.com"
+    // is still around).
+    //
+    dwError = VmDirSimpleDNToEntry(pszParentDn, &pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirDeleteEntry(pEntry);
+    if (dwError == VMDIR_ERROR_NOT_ALLOWED_ON_NONLEAF)
+    {
+        dwError = 0;
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainDn);
+    VmDirFreeEntryArrayContent(&entryArray);
+    VmDirFreeEntry(pEntry);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirSrvEnumerateDomains(
+    PVMDIR_STRING_LIST pTenantList,
+    PCSTR pszBaseDn
+    )
+{
+    DWORD dwError = 0;
+    VDIR_ENTRY_ARRAY entryArray = {0};
+    int iCnt = 0;
+    PSTR pszDomainName = NULL;
+
+    dwError = VmDirFilterInternalSearch(pszBaseDn,
+                                        LDAP_SCOPE_ONELEVEL,
+                                        "objectClass=dcObject",
+                                        0,
+                                        NULL,
+                                        &entryArray);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (iCnt = 0; iCnt < entryArray.iSize; ++iCnt)
+    {
+        dwError = _VmDirSrvEnumerateDomains(
+                    pTenantList,
+                    entryArray.pEntry[iCnt].dn.lberbv.bv_val);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (entryArray.iSize == 0)
+    {
+        dwError = VmDirDomainDNToName(pszBaseDn, &pszDomainName);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirStringListAdd(pTenantList, pszDomainName);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszDomainName = NULL;
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
+    VmDirFreeEntryArrayContent(&entryArray);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirSrvEnumerateTenants(
+    PVMDIR_STRING_LIST pTenantList
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = _VmDirSrvEnumerateDomains(pTenantList, "");
+    BAIL_ON_VMDIR_ERROR(dwError);
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/server/vmdir/tracklastlogin.c b/lwraft/server/vmdir/tracklastlogin.c
index d8f7f0ffe..1a23bb229 100644
--- a/lwraft/server/vmdir/tracklastlogin.c
+++ b/lwraft/server/vmdir/tracklastlogin.c
@@ -103,7 +103,7 @@ VmDirInitTrackLastLoginThread(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirTrackLastLoginTimeThreadFun,
                 pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/lwraft/server/vmdir/urgentrepl.c b/lwraft/server/vmdir/urgentrepl.c
deleted file mode 100644
index e69de29bb..000000000
diff --git a/lwraft/server/vmdir/utils.c b/lwraft/server/vmdir/utils.c
index 65fcf28b8..fca2d1208 100644
--- a/lwraft/server/vmdir/utils.c
+++ b/lwraft/server/vmdir/utils.c
@@ -239,34 +239,6 @@ VmDirdSetRunMode(
     VMDIR_UNLOCK_MUTEX(bInLock, gVmdirRunmodeGlobals.pMutex);
 }
 
-VOID
-VmDirdSetReplNow(
-    BOOLEAN bReplNow)
-{
-    BOOLEAN             bInLock = FALSE;
-
-    VMDIR_LOCK_MUTEX(bInLock, gVmdirGlobals.mutex);
-    gVmdirGlobals.bReplNow = bReplNow;
-    VMDIR_UNLOCK_MUTEX(bInLock, gVmdirGlobals.mutex);
-
-    return;
-}
-
-BOOLEAN
-VmDirdGetReplNow(
-    VOID
-    )
-{
-    BOOLEAN     bReplNow = FALSE;
-    BOOLEAN     bInLock = FALSE;
-
-    VMDIR_LOCK_MUTEX(bInLock, gVmdirGlobals.mutex);
-    bReplNow = gVmdirGlobals.bReplNow;
-    VMDIR_UNLOCK_MUTEX(bInLock, gVmdirGlobals.mutex);
-
-    return bReplNow;
-}
-
 VOID
 VmDirdSetLimitLocalUsnToBeSupplied(
     USN usn
@@ -302,52 +274,115 @@ VmDirdGetAllowInsecureAuth(
     return gVmdirGlobals.bAllowInsecureAuth;
 }
 
-VOID
-VmDirGetLdapListenPorts(
-    PDWORD* ppdwLdapListenPorts,
-    PDWORD  pdwLdapListenPorts
+DWORD
+VmDirGetLdapPort(
+    VOID
     )
 {
-    *ppdwLdapListenPorts = gVmdirGlobals.pdwLdapListenPorts;
-    *pdwLdapListenPorts = gVmdirGlobals.dwLdapListenPorts;
+    return gVmdirGlobals.dwLdapPort;
 }
 
-VOID
-VmDirGetLdapsListenPorts(
-    PDWORD* ppdwLdapsListenPorts,
-    PDWORD  pdwLdapsListenPorts
+DWORD
+VmDirGetLdapsPort(
+    VOID
     )
 {
-    *ppdwLdapsListenPorts = gVmdirGlobals.pdwLdapsListenPorts;
-    *pdwLdapsListenPorts = gVmdirGlobals.dwLdapsListenPorts;
+    return gVmdirGlobals.dwLdapsPort;
 }
 
-VOID
-VmDirGetLdapConnectPorts(
-    PDWORD* ppdwLdapConnectPorts,
-    PDWORD  pdwLdapConnectPorts
+DWORD
+VmDirCheckPortAvailability(
+    DWORD   dwPort
     )
 {
-    *ppdwLdapConnectPorts = gVmdirGlobals.pdwLdapConnectPorts;
-    *pdwLdapConnectPorts = gVmdirGlobals.dwLdapConnectPorts;
-}
+    DWORD   dwError = 0;
+    BOOLEAN bIPV4Addr = FALSE;
+    BOOLEAN bIPV6Addr = FALSE;
+    int     ip4_fd = -1;
+    int     ip6_fd = -1;
+    int     level = 0;
+    int     optname = 0;
+    int     on = 1;
+    struct sockaddr_in  serv_4addr = {0};
+    struct sockaddr_in6 serv_6addr = {0};
 
-VOID
-VmDirGetLdapsConnectPorts(
-    PDWORD* ppdwLdapsConnectPorts,
-    PDWORD  pdwLdapsConnectPorts
-    )
-{
-    *ppdwLdapsConnectPorts = gVmdirGlobals.pdwLdapsConnectPorts;
-    *pdwLdapsConnectPorts = gVmdirGlobals.dwLdapsConnectPorts;
-}
+#ifdef _WIN32
+    level = IPPROTO_IPV6;
+    optname = SO_EXCLUSIVEADDRUSE;
+#else
+    level = SOL_IPV6;
+    optname = SO_REUSEADDR;
+#endif
 
-DWORD
-VmDirGetAllLdapPortsCount(
-    VOID
-)
-{
-    return gVmdirGlobals.dwLdapConnectPorts + gVmdirGlobals.dwLdapsConnectPorts;
+    dwError = VmDirWhichAddressPresent(&bIPV4Addr, &bIPV6Addr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (bIPV4Addr)
+    {
+        if ((ip4_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+        {
+            dwError = LwErrnoToWin32Error(errno);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        bzero((char *) &serv_4addr, sizeof(serv_4addr));
+        serv_4addr.sin_family = AF_INET;
+        serv_4addr.sin_addr.s_addr = INADDR_ANY;
+        serv_4addr.sin_port = htons(dwPort);
+
+        if (setsockopt(ip4_fd, SOL_SOCKET, optname, (const char *)(&on), sizeof(on)) < 0 ||
+            bind(ip4_fd, (struct sockaddr *)&serv_4addr, sizeof(serv_4addr)) < 0)
+        {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                    "%s failed to bind to (IPV4) port %d with errno %d",
+                    __FUNCTION__, dwPort, errno );
+
+            dwError = VMDIR_ERROR_INVALID_STATE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    if (bIPV6Addr)
+    {
+        if ((ip6_fd = socket(AF_INET6, SOCK_STREAM, 0)) < 0)
+        {
+            dwError = LwErrnoToWin32Error(errno);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        memset((char *) &serv_6addr, 0, sizeof(serv_6addr));
+        serv_6addr.sin6_family = AF_INET6;
+        serv_6addr.sin6_port = htons(dwPort);
+
+        if (setsockopt(ip6_fd, SOL_SOCKET, optname, (const char *)(&on), sizeof(on)) < 0 ||
+            setsockopt(ip6_fd, level, IPV6_V6ONLY, (const char *)(&on), sizeof(on)) < 0 ||
+            bind(ip6_fd, (struct sockaddr *)&serv_6addr, sizeof(serv_6addr)) < 0)
+        {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                    "%s failed to bind to (IPV6) port %d with errno %d",
+                    __FUNCTION__, dwPort, errno );
+
+            dwError = VMDIR_ERROR_INVALID_STATE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    if (ip4_fd >= 0)
+    {
+        tcp_close(ip4_fd);
+    }
+    if (ip6_fd >= 0)
+    {
+        tcp_close(ip6_fd);
+    }
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError);
+
+    goto cleanup;
 }
 
 DWORD
@@ -405,6 +440,7 @@ VmDirServerStatusEntry(
     dwError = VmDirAttrListToNewEntry( pSchemaCtx,
                                        SERVER_STATUS_DN,
                                        ppszAttrList,
+                                       FALSE,
                                        &pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -480,17 +516,17 @@ VmDirReplicationStatusEntry(
 
     maxOriginatingUSN = backendCtx.pBE->pfnBEGetMaxOriginatingUSN( &backendCtx );
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszPartnerVisibleUSN,
+    dwError = VmDirAllocateStringPrintf( &pszPartnerVisibleUSN,
                                              "%u",
                                              maxPartnerVisibleUSN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszCycleCount,
+    dwError = VmDirAllocateStringPrintf( &pszCycleCount,
                                              "%u",
                                              VmDirGetReplCycleCounter());
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszMaxOriginatingUSN,
+    dwError = VmDirAllocateStringPrintf( &pszMaxOriginatingUSN,
                                              "%u",
                                              maxOriginatingUSN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -525,7 +561,7 @@ VmDirReplicationStatusEntry(
             dwError = VmDirAllocateStringA( ppszArray[dwCnt*3], &ppszAttrList[dwIndex++]);
             BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = VmDirAllocateStringAVsnprintf( &(ppszAttrList[dwIndex++]),
+            dwError = VmDirAllocateStringPrintf( &(ppszAttrList[dwIndex++]),
                                                      "%s%s",
                                                      ppszArray[dwCnt*3+1] ? ppszArray[dwCnt*3+1] : "" ,
                                                      ppszArray[dwCnt*3+2] ? ppszArray[dwCnt*3+2] : "Unknown" );
@@ -539,6 +575,7 @@ VmDirReplicationStatusEntry(
     dwError = VmDirAttrListToNewEntry( pSchemaCtx,
                                        REPLICATION_STATUS_DN,
                                        ppszAttrList,
+                                       FALSE,
                                        &pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -596,6 +633,106 @@ VmDirSrvValidateUserCreateParams(
     return dwError;
 }
 
+DWORD
+VmDirRaftStateEntry(
+    PVDIR_ENTRY*    ppEntry
+    )
+{
+    DWORD dwError = 0;
+    DEQUE members = {0};
+    DEQUE membersState = {0};
+    PSTR pNode = NULL;
+    PSTR pHost = NULL;
+    PVDIR_ENTRY pEntry = NULL;
+    PVDIR_SCHEMA_CTX pSchemaCtx = NULL;
+    PVDIR_BERVALUE pBerv = NULL;
+    int i = 0;
+    int attrCnt = 0;
+
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRaftGetMembers(&members);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (members.iSize == 0)
+    {
+        dwError = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    while(dequePopLeft(&members, (PVOID*)&pHost) == 0)
+    {
+        dwError = VmDirAppendRaftState(&membersState, pHost);
+        if (dwError)
+        {
+            //best-effort to get state from members
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirRaftStateEntry fail to get raft state on host %s, error %d",
+                            pHost, dwError);
+        }
+        VMDIR_SAFE_FREE_MEMORY(pHost);
+
+        if (dwError==0)
+        {
+            dwError = VmDirAllocateStringPrintf(&pNode, "-");
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = dequePush(&membersState, pNode);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            pNode = NULL;
+        }
+    }
+
+    attrCnt = membersState.iSize;
+    if (attrCnt == 0)
+    {
+        dwError = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    {
+        PSTR ppStateEntry[] = {ATTR_CN, "raftstate", ATTR_OBJECT_CLASS, OC_CLASS_RAFT_STATE, NULL};
+        dwError = VmDirAttrListToNewEntry(pSchemaCtx, RAFT_STATE_DN, ppStateEntry, FALSE, &pEntry);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VDIR_BERVALUE) * (attrCnt + 1), (PVOID*)&pBerv);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    i=0;
+    while(dequePopLeft(&membersState, (PVOID*)&pNode) == 0)
+    {
+         pBerv[i].lberbv_len = VmDirStringLenA(pNode);
+         pBerv[i].lberbv_val = pNode;
+         pBerv[i].bOwnBvVal = TRUE;
+         pNode = NULL;
+         i++;
+    }
+    dwError = VmDirEntryAddBervArrayAttribute(pEntry, ATTR_RAFT_STATE, pBerv, attrCnt);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppEntry = pEntry;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pNode);
+    dequeFreeStringContents(&members);
+    dequeFreeStringContents(&membersState);
+    if (pSchemaCtx)
+    {
+        VmDirSchemaCtxRelease(pSchemaCtx);
+    }
+    VmDirFreeBervalArrayContent(pBerv, attrCnt);
+    VMDIR_SAFE_FREE_MEMORY(pBerv);
+    return dwError;
+
+error:
+    if (pEntry)
+    {
+        VmDirFreeEntry(pEntry);
+    }
+    goto cleanup;
+}
+
 #ifdef _WIN32
 
 DWORD
@@ -670,7 +807,7 @@ VmDirGetBootStrapSchemaFilePath(
     {
        dwError = VmDirAppendStringToEnvVar(
                         TEXT("PROGRAMDATA"),
-                        TEXT("\\VMware\\CIS\\cfg\\lwraftd\\vmdirschema.ldif"),
+                        TEXT("\\VMware\\CIS\\cfg\\lwraftd\\lwraftschema.ldif"),
                         pBootStrapSchemaFile
                         );
     }
diff --git a/lwraft/server/vmkdc/Makefile.am b/lwraft/server/vmkdc/Makefile.am
deleted file mode 100644
index 7d07600ce..000000000
--- a/lwraft/server/vmkdc/Makefile.am
+++ /dev/null
@@ -1,63 +0,0 @@
-#sbin_PROGRAMS = vmkdcd
-lib_LTLIBRARIES = libvmkdcserv.la
-
-libvmkdcserv_la_SOURCES = \
-    globals.c     \
-    init.c        \
-    directory.c   \
-    kdcmain.c     \
-    networking.c  \
-    process.c     \
-    parseargs.c   \
-    regconfig.c   \
-    shutdown.c    \
-    signal.c      \
-    srvthr.c      \
-    utils.c       
-#    rpc.c         
-#    rpcmemory.c   
-#    rpcserv.c     
-#    service.c     
-#    vmkdc_sstub.c
-
-libvmkdcserv_la_CPPFLAGS = \
-    -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/kdctools \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    @DCERPC_INCLUDES@ \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-libvmkdcserv_la_LIBADD = \
-    $(top_builddir)/server/kdckrb5/libvmkrb5.la \
-    $(top_builddir)/server/kdctools/libvmkdctools.la \
-    $(top_builddir)/server/kdcsrvcommon/libkdcsrvcommon.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    @DCERPC_LIBS@ \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWRSUTILS_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @UUID_LIBS@ \
-    @PTHREAD_LIBS@ \
-    @LDAP_LIBS@
-
-#    $(VMKDCD_BACKEND_LD_FLAGS) 
-libvmkdcserv_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/server/vmkdc/libvmkdcserv.exp \
-    @LW_LDFLAGS@ \
-    @OPENSSL_LDFLAGS@
diff --git a/lwraft/server/vmkdc/defines.h b/lwraft/server/vmkdc/defines.h
deleted file mode 100644
index d38b82ee7..000000000
--- a/lwraft/server/vmkdc/defines.h
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-
-#ifdef _WIN32
-#define VMKDC_CONFIG_BASE_DIR "C:\\Program Files\\VMware\\cis\\config\\"
-#define VMKDC_LOG_FILE        "C:\\Documents and Settings\\All Users\\Application Data\\VMware\\cis\\logs\\vmdird\\vmkdc.log"
-#else
-#define VMKDC_CONFIG_BASE_DIR "/opt/vmware/share/config/"
-#define VMKDC_LOG_FILE        "/var/log/vmware/vmkdc/vmkdcd.log"
-#endif
-
-#define VMKDC_KERBEROS_PORT         88
-#define VMKDC_DEFAULT_REALM         "VSPHERE.LOCAL"
-#define VMKDC_CLOCK_SKEW            300
-#define VMKDC_MAX_LIFE              28800
-#define VMKDC_MAX_RENEWABLE_LIFE    604800
-
-#define VMKDC_TCP_READ_BUFSIZ 4096
-#define VMKDC_UDP_READ_BUFSIZ 2048
-#define MAX_KRB_REQ_LEN (1024 * 16) // 16K
-
-#ifndef _WIN32
-#define VMKDC_RPC_SERVER_NOTAVAIL 1225
-#else
-#define VMKDC_RPC_SERVER_NOTAVAIL 1727
-#endif
-#define VMKDC_DIRECTORY_NOTREADY 2103
-#define VMKDC_PRINCIPAL_NOTFOUND 2003
-#define VMKDC_DIRECTORY_POLL_SECS 10
-
-#ifndef _WIN32
-
-#define VMKDC_OPTION_LOGGING_LEVEL 'l'
-#define VMKDC_OPTION_ENABLE_SYSLOG 's'
-#define VMKDC_OPTIONS_VALID "l:s"
-
-#define VMKDC_MAX_CONFIG_VALUE_LENGTH       2048
-#define VMKDC_CONFIG_PARAMETER_KEY_PATH     "Services\\vmdir\\Parameters"
-
-#define VMKDC_REG_KEY_KERBEROS_PORT         "KerberosPort"
-#define VMKDC_REG_KEY_DEFAULT_REALM         "DefaultRealm"
-#define VMKDC_REG_KEY_CLOCK_SKEW            "KdcClockSkew"
-#define VMKDC_REG_KEY_MAX_LIFE              "KdcMaxLife"
-#define VMKDC_REG_KEY_MAX_RENEWABLE_LIFE    "KdcMaxRenewableLife"
-#define VMKDC_REG_KEY_LOG_FILE              "KdcLogFile"
-
-#define VMKDC_ADDR_INFO_NEXT( ifa ) ifa->ifa_next
-#define VMKDC_ADDR_INFO_FLAGS( ifa ) ifa->ifa_flags
-#define VMKDC_ADDR_INFO_ADDR( ifa ) ifa->ifa_addr
-
-#else // #ifndef _WIN32
-
-#define VMKDC_OPTION_LOGGING_LEVEL "-l"
-#define VMKDC_OPTION_ENABLE_SYSLOG "-s"
-#define VMKDC_OPTION_ENABLE_CONSOLE "-c"
-#define VMKDC_OPTION_ENABLE_CONSOLE_LONG "--console-debug"
-
-#define VMKDC_NT_SERVICE_NAME _T("VMwareKdcService")
-
-#define VMKDC_CLOSE_HANDLE(handle) \
-    {                              \
-        if ((handle) != NULL)      \
-        {                          \
-            CloseHandle((handle)); \
-            (handle) = NULL;       \
-        }                          \
-    }
-
-#define VMKDC_CLOSE_SERVICE_HANDLE(hServiceHandle) \
-    {                                              \
-         if ( (hServiceHandle) != NULL )           \
-         {                                         \
-             CloseServiceHandle((hServiceHandle)); \
-             (hServiceHandle) = NULL;              \
-         }                                         \
-    }
-
-#define VMKDC_MAX_CONFIG_VALUE_LENGTH       2048
-#define VMKDC_CONFIG_PARAMETER_KEY_PATH     _T("SYSTEM\\CurrentControlSet\\Services\\LightwaveRaftService\\Parameters")
-
-#define VMKDC_REG_KEY_KERBEROS_PORT         _T("KerberosPort")
-#define VMKDC_REG_KEY_DEFAULT_REALM         _T("DefaultRealm")
-#define VMKDC_REG_KEY_CLOCK_SKEW            _T("ClockSkew")
-#define VMKDC_REG_KEY_MAX_LIFE              _T("MaxLife")
-#define VMKDC_REG_KEY_MAX_RENEWABLE_LIFE    _T("MaxRenewableLife")
-#define VMKDC_REG_KEY_LOG_FILE              _T("KdcLogFile")
-
-#define VMKDC_ADDR_INFO_NEXT( ai ) ai->ai_next
-#define VMKDC_ADDR_INFO_FLAGS( ai ) ai->ai_flags
-#define VMKDC_ADDR_INFO_ADDR( ai ) ai->ai_addr
-
-#define tcp_close( s )	(shutdown( s, SD_BOTH ), closesocket( s ))
-
-#endif
-
-/*
- * Table to define and initialize VMKDC configuration data.
- *
- * To add a new configuration key,
- * 1. define its name in vmkdccommon.h
- * 2. define its entry in the table below and init default/cfg Value
- *
- * VMKDC_CONFIG_VALUE_TYPE_STRING <-> REG_SZ
- * VMKDC_CONFIG_VALUE_TYPE_DWORD  <-> REG_DWORD
- * VMKDC_CONFIG_VALUE_TYPE_BOOLEAN <-> REG_DWORD
- *
- */
-
-#define VMKDC_CONFIG_INIT_TABLE_INITIALIZER   \
-{                                             \
-    {                                         \
-        VMKDC_REG_KEY_KERBEROS_PORT,          \
-        VMKDC_CONFIG_VALUE_TYPE_DWORD,        \
-        REG_DWORD,                            \
-        0,                                    \
-        UINT32_MAX,                           \
-        {VMKDC_KERBEROS_PORT, NULL},          \
-        {0, NULL},                            \
-    },                                        \
-    {                                         \
-        VMKDC_REG_KEY_CLOCK_SKEW,             \
-        VMKDC_CONFIG_VALUE_TYPE_DWORD,        \
-        REG_DWORD,                            \
-        0,                                    \
-        UINT32_MAX,                           \
-        {VMKDC_CLOCK_SKEW, NULL},             \
-        {0, NULL},                            \
-    },                                        \
-    {                                         \
-        VMKDC_REG_KEY_MAX_LIFE,               \
-        VMKDC_CONFIG_VALUE_TYPE_DWORD,        \
-        REG_DWORD,                            \
-        0,                                    \
-        UINT32_MAX,                           \
-        {VMKDC_MAX_LIFE, NULL},               \
-        {0, NULL},                            \
-    },                                        \
-    {                                         \
-        VMKDC_REG_KEY_MAX_RENEWABLE_LIFE,     \
-        VMKDC_CONFIG_VALUE_TYPE_DWORD,        \
-        REG_DWORD,                            \
-        0,                                    \
-        UINT32_MAX,                           \
-        {VMKDC_MAX_RENEWABLE_LIFE, NULL},     \
-        {0, NULL},                            \
-    },                                        \
-    {                                         \
-        VMKDC_REG_KEY_LOG_FILE,               \
-        VMKDC_CONFIG_VALUE_TYPE_STRING,       \
-        REG_SZ,                               \
-        0,                                    \
-        0,                                    \
-        {0, VMKDC_LOG_FILE},                  \
-        {0, NULL},                            \
-    },                                        \
-}
diff --git a/lwraft/server/vmkdc/directory.c b/lwraft/server/vmkdc/directory.c
deleted file mode 100644
index 507b0db12..000000000
--- a/lwraft/server/vmkdc/directory.c
+++ /dev/null
@@ -1,437 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-#if 0 /* Disable using MIT DB dump by default */
-/* Use MIT principal database dump as the KDC database, vs VMDIR */
-#define HAVE_MIT_KERBEROS_DB  
-#endif
-
-
-#ifdef HAVE_MIT_KERBEROS_DB
-#define MIT_KERBEROS_DB 1
-#define MIT_KERBEROS_DB_NAME "/storage/db/vmware-vmdir/principal.db"
-#endif
-
-#ifndef MIT_KERBEROS_DB
-static
-DWORD
-_VmKdcGetKrbUPNKey(
-    PSTR        pszUpnName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    );
-#endif
-
-VOID
-VmKdcFreeDirectoryEntry(
-    PVMKDC_DIRECTORY_ENTRY pDirectoryEntry)
-{
-    if (pDirectoryEntry)
-    {
-        VMKDC_SAFE_FREE_STRINGA(pDirectoryEntry->princName);
-        VMKDC_SAFE_FREE_KEYSET(pDirectoryEntry->keyset);
-        VMKDC_SAFE_FREE_MEMORY(pDirectoryEntry);
-    }
-}
-
-DWORD
-VmKdcInitializeDirectory(
-    PVMKDC_GLOBALS pGlobals)
-{
-    DWORD dwError = 0;
-    PBYTE pPrincKeyBlob = NULL;
-    PVMKDC_KEY master = NULL;
-    PVMKDC_KEY kmEncKey = NULL;
-    PVMKDC_CRYPTO pCrypto = NULL;
-    PVMKDC_DATA kmKey = NULL;
-    PSTR pszMasterName = NULL;
-    BOOLEAN     bInLock = FALSE;
-#ifdef MIT_KERBEROS_DB
-    PVMKDC_KEYTAB_HANDLE hKtFile = NULL;
-    PVMKDC_MIT_KEYTAB_FILE ktEntry = NULL;  /* Typedef named "wrong" */
-    PVMKDC_KEYSET pKmKeySet = NULL;
-#else
-    PCSTR pszRealm = NULL;
-    DWORD dwPrincKeySize = 0;
-#endif
-
-    // wait until vmdir gVmdirKrbGlobals is initialized
-    VMDIR_LOCK_MUTEX( bInLock, gVmdirKrbGlobals.pmutex);
-    while ( gVmdirKrbGlobals.pszRealm == NULL       &&
-            VmKdcdState() == VMKDCD_STARTUP
-          )
-    {
-        VmDirConditionTimedWait( gVmdirKrbGlobals.pcond,
-                                 gVmdirKrbGlobals.pmutex,
-                                 1 * 1000); // wait 1 second
-    }
-    VMDIR_UNLOCK_MUTEX( bInLock, gVmdirKrbGlobals.pmutex);
-
-#ifdef MIT_KERBEROS_DB
-{
-    /* MIT Principal DB stashed master keytab */
-    PSTR pszMasterKt = "/storage/db/vmware-vmdir/master.kt";
-
-    /* Open keytab */
-    dwError = VmKdcParseKeyTabOpen(pszMasterKt, "r", &hKtFile);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Master keytab has only one entry */
-    dwError = VmKdcParseKeyTabRead(hKtFile, &ktEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Populate KDC master key structure entry */
-    dwError = VmKdcMakeKey(
-                  ktEntry->key->type,
-                  1,
-                  VMKDC_GET_PTR_DATA(ktEntry->key->data),
-                  VMKDC_GET_LEN_DATA(ktEntry->key->data),
-                  &master);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Retrieve K/M from MIT dump, and decrypt this entry */
-    dwError = VmKdcAllocateStringPrintf(&pszMasterName,
-                                        "K/M@%s", ktEntry->realm);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Get K/M entry for current realm */
-    dwError = VmKdcGetUpnKeysMitDb(pszMasterName,
-                                   MIT_KERBEROS_DB_NAME, NULL, /* Full UPN, already known */
-                                   &pKmKeySet);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Decrypt K/M using stashed master key */
-    dwError = VmKdcMakeKey(
-                  pKmKeySet->encKeys[0]->keytype,
-                  1,
-                  VMKDC_GET_PTR_DATA(pKmKeySet->encKeys[0]->encdata->data),
-                  VMKDC_GET_LEN_DATA(pKmKeySet->encKeys[0]->encdata->data),
-                  &kmEncKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcInitCrypto(pGlobals->pKrb5Ctx, master, &pCrypto);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcCryptoDecrypt(pCrypto, 0, kmEncKey->data,  &kmKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (VMKDC_GET_LEN_DATA(master->data) != VMKDC_GET_LEN_DATA(kmKey) ||
-        memcmp(VMKDC_GET_PTR_DATA(master->data),
-               VMKDC_GET_PTR_DATA(kmKey),
-               VMKDC_GET_LEN_DATA(kmKey)))
-    {
-        // TBD: Not quite right error
-        dwError = ERROR_ALLOC_KRB5_CRYPTO_CONTEXT;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    pthread_mutex_lock(&pGlobals->mutex);
-    VMKDC_SAFE_FREE_KEY(pGlobals->masterKey);
-    pGlobals->masterKey = master;
-    master = NULL;
-    pthread_mutex_unlock(&pGlobals->mutex);
-}
-#else
-    if ( VmKdcdState() == VMKDCD_STARTUP )
-    {
-        VMKDC_SAFE_FREE_STRINGA( pGlobals->pszDefaultRealm );
-        dwError = VmKdcAllocateStringA( gVmdirKrbGlobals.pszRealm, &pGlobals->pszDefaultRealm );
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        pszRealm = pGlobals->pszDefaultRealm;
-
-        dwError = VmKdcDecodeMasterKey(
-                        gVmdirKrbGlobals.bervMasterKey.lberbv.bv_val, //pMasterKeyBlob,
-                        (DWORD) gVmdirKrbGlobals.bervMasterKey.lberbv.bv_len, //dwMasterKeySize,
-                        &master);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        dwError = VmKdcAllocateStringPrintf(&pszMasterName,
-                                            "K/M@%s", pszRealm);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-
-        dwError = _VmKdcGetKrbUPNKey(
-                      pszMasterName,
-                      &pPrincKeyBlob,
-                      &dwPrincKeySize);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-
-        /*
-         * The K/M master key is ASN.1 encoded and encrypted in the master key
-         */
-        dwError = VmKdcDecodeMasterKey(
-                      pPrincKeyBlob,
-                      dwPrincKeySize,
-                      &kmEncKey);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        dwError = VmKdcInitCrypto(pGlobals->pKrb5Ctx, master, &pCrypto);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        dwError = VmKdcCryptoDecrypt(pCrypto, 0, kmEncKey->data,  &kmKey);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        if (VMKDC_GET_LEN_DATA(master->data) != VMKDC_GET_LEN_DATA(kmKey) ||
-            memcmp(VMKDC_GET_PTR_DATA(master->data),
-                   VMKDC_GET_PTR_DATA(kmKey),
-                   VMKDC_GET_LEN_DATA(kmKey)))
-        {
-            // TBD: Not quite right error
-            dwError = ERROR_ALLOC_KRB5_CRYPTO_CONTEXT;
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-
-        pthread_mutex_lock(&pGlobals->mutex);
-        VMKDC_SAFE_FREE_KEY(pGlobals->masterKey);
-        pGlobals->masterKey = master;
-        master = NULL;
-        pthread_mutex_unlock(&pGlobals->mutex);
-    }
-#endif
-
-error:
-#ifdef MIT_KERBEROS_DB
-    VmKdcParseKeyTabFreeEntry(ktEntry);
-    VmKdcParseKeyTabClose(hKtFile);
-    VMKDC_SAFE_FREE_KEYSET(pKmKeySet);
-#endif
-    VMKDC_SAFE_FREE_STRINGA(pszMasterName);
-    VMKDC_SAFE_FREE_MEMORY(pPrincKeyBlob);
-    VMKDC_SAFE_FREE_KEY(kmEncKey);
-    VMKDC_SAFE_FREE_KEY(master);
-    VMKDC_SAFE_FREE_DATA(kmKey);
-    VmKdcDestroyCrypto(pCrypto);
-
-    VMDIR_UNLOCK_MUTEX( bInLock, gVmdirKrbGlobals.pmutex);
-
-    return dwError;
-}
-
-VOID
-VmKdcTerminateDirectory(
-    PVMKDC_GLOBALS pGlobals)
-{
-    pthread_mutex_lock(&pGlobals->mutex);
-    if (pGlobals->pDirectory)
-    {
-        // TBD: Free memory here?
-        pGlobals->pDirectory = NULL;
-    }
-    VMKDC_SAFE_FREE_KEY(pGlobals->masterKey);
-    pthread_mutex_unlock(&pGlobals->mutex);
-}
-
-DWORD
-VmKdcSearchDirectory(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_PRINCIPAL pPrincipal,
-    PVMKDC_DIRECTORY_ENTRY *ppRetDirectoryEntry)
-{
-    DWORD dwError = 0;
-    PSTR pszPrincName = NULL;
-    PVMKDC_KEYSET princKeySet = NULL;
-    PVMKDC_DIRECTORY_ENTRY pDirectoryEntry = NULL;
-    PVMKDC_DATA princAsn1KeyData = NULL;
-    PBYTE pPrincAsn1KeyBlob = NULL;
-#ifndef MIT_KERBEROS_DB
-    DWORD dwPrincAsn1KeySize = 0;
-#endif
-
-    BAIL_ON_VMKDC_INVALID_POINTER(pContext, dwError);
-    BAIL_ON_VMKDC_INVALID_POINTER(pPrincipal, dwError);
-    BAIL_ON_VMKDC_INVALID_POINTER(ppRetDirectoryEntry, dwError);
-
-    /*
-     * When vmdir is unavailable, the master key will be NULL.
-     */
-    if (!pContext->pRequest->masterKey)
-    {
-        dwError = VMKDC_RPC_SERVER_NOTAVAIL;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    dwError = VmKdcUnparsePrincipalName(pPrincipal, &pszPrincName);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-
-#ifdef MIT_KERBEROS_DB
-{
-    /* Get K/M entry for current realm */
-    dwError = VmKdcGetUpnKeysMitDb(pszPrincName,
-                                   MIT_KERBEROS_DB_NAME,
-                                   NULL, /* Full UPN, already known */
-                                   &princKeySet);
-    BAIL_ON_VMKDC_ERROR(dwError);
-}
-#else
-    dwError = _VmKdcGetKrbUPNKey(pszPrincName, &pPrincAsn1KeyBlob, &dwPrincAsn1KeySize);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-
-    dwError = VmKdcAllocateData(
-                  pPrincAsn1KeyBlob,
-                  dwPrincAsn1KeySize,
-                  &princAsn1KeyData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcDecodeKeySet(princAsn1KeyData , &princKeySet);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-#endif
-    dwError = VmKdcDecryptKeySet(pContext,
-                                 pContext->pRequest->masterKey,
-                                 princKeySet);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcAllocateMemory(sizeof(VMKDC_DIRECTORY_ENTRY),
-                                  (PVOID*)&pDirectoryEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pDirectoryEntry->princName = pszPrincName;
-    pDirectoryEntry->keyset = princKeySet;
-    *ppRetDirectoryEntry = pDirectoryEntry;
-
-error:
-    VMKDC_SAFE_FREE_DATA(princAsn1KeyData);
-    VMKDC_SAFE_FREE_MEMORY(pPrincAsn1KeyBlob);
-    if (dwError)
-    {
-        VMKDC_SAFE_FREE_KEYSET(princKeySet);
-        VMKDC_SAFE_FREE_STRINGA(pszPrincName);
-        VMKDC_SAFE_FREE_MEMORY(pDirectoryEntry);
-    }
-    return dwError;
-}
-
-DWORD
-VmKdcFindKeyByEType(
-    PVMKDC_DIRECTORY_ENTRY pDirectoryEntry,
-    VMKDC_ENCTYPE etype,
-    PVMKDC_KEY *ppRetKey)
-{
-    DWORD dwError = 0;
-    PVMKDC_KEY pKey = NULL;
-    DWORD k = 0;
-
-    if (!pDirectoryEntry)
-    {
-        dwError = ERROR_NO_DATA_AVAILABLE;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    dwError = 0;
-    for (k=0; k<pDirectoryEntry->keyset->numKeys; k++)
-    {
-        if (etype == pDirectoryEntry->keyset->keys[k]->type)
-        {
-            pKey = pDirectoryEntry->keyset->keys[k];
-            goto found_key;
-        }
-    }
-    dwError = ERROR_NO_KEY_ETYPE;
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-found_key:
-
-    if (pKey)
-    {
-        *ppRetKey = pKey;
-    }
-
-error:
-    return dwError;
-}
-
-#ifndef MIT_KERBEROS_DB
-static
-DWORD
-_VmKdcGetKrbUPNKey(
-    PSTR        pszUpnName,
-    PBYTE*      ppKeyBlob,
-    DWORD*      pSize
-    )
-{
-    DWORD               dwError = 0;
-    PVDIR_ATTRIBUTE     pKrbUPNKey = NULL;
-    PBYTE               pRetUPNKey = NULL;
-    VDIR_ENTRY_ARRAY    entryArray = {0};
-
-    if (IsNullOrEmptyString(pszUpnName)
-        || !ppKeyBlob
-        || !pSize
-       )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    dwError = VmDirSimpleEqualFilterInternalSearch(
-                    "",
-                    LDAP_SCOPE_SUBTREE,
-                    ATTR_KRB_UPN,
-                    pszUpnName,
-                    &entryArray);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (entryArray.iSize == 1)
-    {
-        pKrbUPNKey = VmDirFindAttrByName(&(entryArray.pEntry[0]), ATTR_KRB_PRINCIPAL_KEY);
-
-        if (!pKrbUPNKey)
-        {
-            dwError = ERROR_NO_PRINC;
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-
-        dwError = VmDirAllocateAndCopyMemory(
-                        pKrbUPNKey->vals[0].lberbv.bv_val,
-                        pKrbUPNKey->vals[0].lberbv.bv_len,
-                        (PVOID*)& pRetUPNKey
-                        );
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        *ppKeyBlob = pRetUPNKey;
-        *pSize     = (DWORD) pKrbUPNKey->vals[0].lberbv.bv_len;
-        pRetUPNKey = NULL;
-    }
-    else
-    {
-        dwError = ERROR_NO_PRINC;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-cleanup:
-
-    VmDirFreeEntryArrayContent(&entryArray);
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmKdcGetKrbUPNKey: failed (%u)(%s)", dwError, VDIR_SAFE_STRING(pszUpnName));
-
-    VMKDC_SAFE_FREE_MEMORY(pRetUPNKey);
-
-    // keep error code space to KDC specific
-    dwError = ERROR_NO_PRINC;
-
-    goto cleanup;
-
-}
-#endif
diff --git a/lwraft/server/vmkdc/directory.h b/lwraft/server/vmkdc/directory.h
deleted file mode 100644
index 1d0560801..000000000
--- a/lwraft/server/vmkdc/directory.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _VMKDC_DIRECTORY_H
-#define _VMKDC_DIRECTORY_H
-
-typedef struct _VMKDC_DIRECTORY {
-    PSTR fileName;
-} VMKDC_DIRECTORY, *PVMKDC_DIRECTORY;
-
-typedef struct _VMKDC_DIRECTORY_ENTRY {
-    char *princName;
-    PVMKDC_KEYSET keyset;
-} VMKDC_DIRECTORY_ENTRY, *PVMKDC_DIRECTORY_ENTRY;
-
-VOID
-VmKdcFreeDirectoryEntry(
-    PVMKDC_DIRECTORY_ENTRY pDirectoryEntry);
-
-DWORD
-VmKdcInitializeDirectory(
-    PVMKDC_GLOBALS pGlobals);
-
-VOID
-VmKdcTerminateDirectory(
-    PVMKDC_GLOBALS pGlobals);
-
-DWORD
-VmKdcOpenDirectory(
-    PSTR pszServerHost,
-    int pszServerPort,
-    PSTR pszUserDn,
-    PSTR pszPassword,
-    PVMKDC_DIRECTORY *ppRetDirectory);
-
-VOID
-VmKdcCloseDirectory(
-    PVMKDC_DIRECTORY pDirectory);
-
-DWORD
-VmKdcSearchDirectory(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_PRINCIPAL pPrincipal,
-    PVMKDC_DIRECTORY_ENTRY *pRetDirectoryEntry);
-
-DWORD
-VmKdcFindKeyByEType(
-    PVMKDC_DIRECTORY_ENTRY pDirectoryEntry,
-    VMKDC_ENCTYPE etype,
-    PVMKDC_KEY *ppRetKey);
-
-#define VMKDC_SAFE_FREE_DIRECTORY_ENTRY(x) \
-do { \
-    if (x) \
-    { \
-        VmKdcFreeDirectoryEntry(x); \
-        x = NULL; \
-    } \
-} while (0)
-
-#endif /* _VMKDC_DIRECTORY_H */
diff --git a/lwraft/server/vmkdc/externs.h b/lwraft/server/vmkdc/externs.h
deleted file mode 100644
index 60b7d8d9b..000000000
--- a/lwraft/server/vmkdc/externs.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: Kdc main
- *
- * Filename: externs.h
- *
- * Abstract:
- *
- * Structures
- *
- */
-
-extern VMKDC_GLOBALS gVmkdcGlobals;
-
diff --git a/lwraft/server/vmkdc/globals.c b/lwraft/server/vmkdc/globals.c
deleted file mode 100644
index c4e555560..000000000
--- a/lwraft/server/vmkdc/globals.c
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: Kdc main
- *
- * Filename: globals.c
- *
- * Abstract:
- *
- * Globals
- *
- */
-
-#include "includes.h"
-
-// All global variables are automatically initialized to 0 for free
-VMKDC_GLOBALS gVmkdcGlobals;
diff --git a/lwraft/server/vmkdc/includes.h b/lwraft/server/vmkdc/includes.h
deleted file mode 100644
index 551ffa99c..000000000
--- a/lwraft/server/vmkdc/includes.h
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: Kdc main
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * Kdc main module include file
- *
- */
-
-
-#ifndef _WIN32/* ============= LINUX ONLY ================ */
-#include <config.h>
-#include <vmkdcsys.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <lwrpcrt/lwrpcrt.h>
-#include <reg/lwreg.h>
-#include <reg/regutil.h>
-
-#include <net/if.h>
-#include <ifaddrs.h>
-
-#else
-/* ========================= WIN32 ONLY ======================== */
-
-#pragma once
-#include <errno.h>
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-#include <windows.h>
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <tchar.h>
-#include <winsvc.h>
-#include <Winreg.h>
-#include <assert.h>
-#include <Ws2tcpip.h>
-
-#define LW_STRICT_NAMESPACE
-#include <lw/types.h>
-#include <lw/hash.h>
-#include <lw/security-types.h>
-
-#endif
-
-//SUNG vmkdc merge,
-#include <topdefines.h>
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdircommon.h>
-#include "srvcommon.h"
-#include "vmdirserver.h"
-#include "ldaphead.h"
-#include "middlelayer.h"
-#include <dce/rpc.h>
-#include <pthread.h>
-
-
-/* Common include between Linux and Windows */
-#include <vmkdc.h>
-#include <vmkdctypes.h>
-#include <vmkdcdefines.h>
-#include <vmkdcerrorcode.h>
-#include <vmkdccommon.h>
-#include <kdcsrvcommon.h>
-#include <vmkdcserver.h>
-
-#include "defines.h"
-#include "structs.h"
-#include "prototypes.h"
-#include "externs.h"
-
-#include <kdckrb5/types.h>
-#include <kdckrb5/structs.h>
-#include <kdckrb5/prototypes.h>
-
-#include "directory.h"
-#include "networking.h"
-#include "process.h"
-#include "parsekt.h"
-#include "princtok.h"
-#include "fgetsl.h"
-
-#include <krb5-crypto/includes.h>
diff --git a/lwraft/server/vmkdc/init.c b/lwraft/server/vmkdc/init.c
deleted file mode 100644
index e940483b0..000000000
--- a/lwraft/server/vmkdc/init.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-static
-DWORD
-InitializeResourceLimit(
-    VOID
-    );
-
-static
-VOID
-InitializeGlobals(
-    PVMKDC_GLOBALS pGlobals)
-{
-    pGlobals->iAcceptSock = -1;
-    pGlobals->iAcceptSockUdp = -1;
-    pGlobals->workerThreadMax = 10; // Get from registry configuration
-    pGlobals->workerThreadCount = 0; // Total number of running threads
-    pthread_mutex_init(&pGlobals->mutex, NULL);
-    pthread_cond_init(&pGlobals->cond, NULL);
-    pthread_cond_init(&pGlobals->stateCond, NULL);
-    pthread_attr_init(&pGlobals->attrDetach);
-    pthread_attr_setdetachstate(&pGlobals->attrDetach, TRUE);
-}
-
-/*
- * Initialize vmkdcd components
- */
-DWORD
-VmKdcInit()
-{
-    DWORD dwError = 0;
-    extern VMKDC_GLOBALS gVmkdcGlobals;
-
-    InitializeGlobals(&gVmkdcGlobals);
-
-#ifndef _WIN32
-    dwError = InitializeResourceLimit();
-    BAIL_ON_VMKDC_ERROR(dwError);
-#endif
-    dwError = VmKdcInitKrb5(&gVmkdcGlobals.pKrb5Ctx);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, VMKDC_SERVICE_PORT_TCP);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, VMKDC_SERVICE_PORT_UDP);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcSrvServicePortListen(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-#if 0
-    dwError = VmKdcRpcServerInit();
-    BAIL_ON_VMKDC_ERROR(dwError);
-#endif
-
-    dwError = VmKdcInitConnAcceptThread(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "VmKdcInit: done!");
-
-error:
-    return dwError;
-}
-
-/*
- * Main initialization loop.
- */
-DWORD
-VmKdcInitLoop(
-    PVMKDC_GLOBALS pGlobals)
-{
-    DWORD dwError = 0;
-    int sts = 0;
-    time_t now = 0;
-    struct timespec timeout = {0};
-
-    while (1)
-    {
-        switch (VmKdcdState())
-        {
-            case VMKDCD_STARTUP:
-                /*
-                 * Try to initialize the directory.
-                 */
-                VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Vmkdc: initializing directory");
-                dwError = VmKdcInitializeDirectory(pGlobals);
-                if ( VmKdcdState() == VMKDCD_STARTUP    &&
-                     dwError == 0
-                   )
-                {
-                    VmKdcdStateSet(VMKDCD_RUNNING);
-                    continue;
-                }
-
-                /*
-                 * Initialization of the directory failed or stopping/shutdown noticed.
-                 * Wait for a while before retrying.
-                 */
-                pthread_mutex_lock(&pGlobals->mutex);
-                now = time(NULL);
-                timeout.tv_sec = now + VMKDC_DIRECTORY_POLL_SECS;
-                timeout.tv_nsec = 0;
-                sts = 0;
-                while (pGlobals->vmkdcdState == VMKDCD_STARTUP && sts == 0)
-                {
-                    sts = pthread_cond_timedwait(&pGlobals->stateCond,
-                                                 &pGlobals->mutex,
-                                                 &timeout);
-                }
-                pthread_mutex_unlock(&pGlobals->mutex);
-                break;
-
-            case VMKDCD_RUNNING:
-                /*
-                 * Wait until the server state changes.
-                 */
-                pthread_mutex_lock(&pGlobals->mutex);
-                while (pGlobals->vmkdcdState == VMKDCD_RUNNING)
-                {
-                    pthread_cond_wait(&pGlobals->stateCond,
-                                      &pGlobals->mutex);
-                }
-                pthread_mutex_unlock(&pGlobals->mutex);
-                break;
-
-            case VMKDC_STOPPING:
-                /*
-                 * Notify VmKdcShutdown() STOPPING has been received.
-                 * It is now safe to tear down pGlobal mutex/condition
-                 * variable resources after this point.
-                 */
-                VmKdcdStateSet(VMKDC_SHUTDOWN);
-
-                /* don't break here because we can't use the global mutex any more */
-                goto cleanup;
-
-            case VMKDC_SHUTDOWN:
-                goto cleanup;
-        }
-    }
-
-cleanup:
-
-    return dwError;
-}
-
-/*
- * Set process resource limits
- */
-static
-DWORD
-InitializeResourceLimit(
-    VOID
-    )
-{
-    DWORD           dwError = 0;
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-#ifndef _WIN32
-    struct rlimit   VMLimit = {0};
-
-    // unlimited virtual memory
-    VMLimit.rlim_cur = RLIM_INFINITY;
-    VMLimit.rlim_max = RLIM_INFINITY;
-
-    dwError = setrlimit(RLIMIT_AS, &VMLimit);
-    if (dwError != 0)
-    {
-        dwError = ERROR_INVALID_CONFIGURATION;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-#endif
-
-error:
-
-    return dwError;
-}
diff --git a/lwraft/server/vmkdc/kdcmain.c b/lwraft/server/vmkdc/kdcmain.c
deleted file mode 100644
index cd0828656..000000000
--- a/lwraft/server/vmkdc/kdcmain.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-
-static
-DWORD
-_VmKdcInitKdcServiceThread(
-    PVMKDC_GLOBALS pGlobals
-	);
-
-DWORD
-VmKdcServiceStartup(
-    VOID
-    )
-{
-    DWORD    dwError = 0;
-
-    /*
-     * Load the server configuration from the registry.
-     * Note that this may create a new thread.
-     */
-    dwError = VmKdcSrvUpdateConfig(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcInit();
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = _VmKdcInitKdcServiceThread(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmKdcSrvInit");
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ERROR: vmkdc VmKdcServiceStartup failed (%d)", dwError);
-    goto cleanup;
-}
-
-VOID
-VmKdcServiceShutdown(
-    VOID
-    )
-{
-    VmKdcdStateSet(VMKDC_STOPPING);
-    VmKdcShutdown();
-    //VmKdcLogTerminate();
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Vmkdcd: stop");
-
-    return;
-}
-
-static
-DWORD
-_VmKdcInitKdcServiceThread(
-    PVMKDC_GLOBALS pGlobals
-	)
-{
-    DWORD dwError = 0;
-    int   sts = 0;
-    void*(*pThrFn)(void*) = (void*(*)(void*))VmKdcInitLoop;
-
-    sts = pthread_create(
-            &pGlobals->thread,
-            NULL,
-            pThrFn,
-            pGlobals);
-    if (sts)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmKdcInitKdcServiceThread: failed (%u)", dwError);
-    goto cleanup;
-}
diff --git a/lwraft/server/vmkdc/libvmkdcserv.exp b/lwraft/server/vmkdc/libvmkdcserv.exp
deleted file mode 100644
index db3777205..000000000
--- a/lwraft/server/vmkdc/libvmkdcserv.exp
+++ /dev/null
@@ -1,2 +0,0 @@
-VmKdcServiceStartup
-VmKdcServiceShutdown
diff --git a/lwraft/server/vmkdc/main.c b/lwraft/server/vmkdc/main.c
deleted file mode 100644
index 8bbd16274..000000000
--- a/lwraft/server/vmkdc/main.c
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-#ifndef _WIN32
-
-//TODO, move to gVmkdcGlobals?
-int  ldap_syslog_level = 0;
-int  ldap_syslog = 0;
-int  slap_debug = 0;
-
-static
-DWORD
-VmKdcNotifyLikewiseServiceManager();
-
-int
-main(
-   int     argc,
-   char  * argv[])
-{
-    DWORD        dwError = 0;
-    int          logLevel = 0;
-    BOOLEAN      bEnableSysLog = FALSE;
-    BOOLEAN      bEnableConsole = FALSE;
-
-    /*
-     * Block selected signals.  This must be done prior to creating
-     * any threads since the signal mask is inherited.
-     */
-    VmKdcBlockSelectedSignals();
-
-    /*
-     * Load the server configuration from the registry.
-     * Note that this may create a new thread.
-     */
-    dwError = VmKdcSrvUpdateConfig(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcParseArgs(
-                    argc,
-                    argv,
-                    &logLevel,
-                    &bEnableSysLog,
-                    &bEnableConsole);
-    if(dwError != ERROR_SUCCESS)
-    {
-        ShowUsage( argv[0] );
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    ldap_syslog_level = slap_debug = logLevel; // Used by lber too
-    if( bEnableSysLog != FALSE )
-    {
-        ldap_syslog = 1;
-    }
-
-    dwError = VmKdcInit();
-    if (dwError)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ERROR: vmkdc VmKdcInit failed (%d)",
-                 dwError);
-    }
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcNotifyLikewiseServiceManager();
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Create a dedicated thread to handle signals synchronously.
-     */
-    dwError = VmKdcInitSignalThread(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "vmkdcd: started!");
-
-    /*
-     * Start the init loop which initializes the directory and
-     * then waits until signaled to reinitialize.  It returns
-     * when shutting down.
-     */
-    dwError = VmKdcInitLoop(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-cleanup:
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Vmkdcd: stop");
-    VmKdcShutdown();
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-DWORD
-VmKdcInitKdcServiceThread(
-    PVMKDC_GLOBALS pGlobals)
-{
-    DWORD dwError = 0;
-    int   sts = 0;
-    void*(*pThrFn)(void*) = (void*(*)(void*))VmKdcInitLoop;
-
-    sts = pthread_create(
-            &pGlobals->thread,
-            NULL,
-            //((PVOID)(*)(PVOID))VmKdcInitLoop,
-            pThrFn,
-            pGlobals);
-    if (sts)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-error:
-
-    return dwError;
-}
-
-DWORD
-VmKdcServiceStartup(
-    VOID
-    )
-{
-    DWORD    dwError = 0;
-
-    /*
-     * Load the server configuration from the registry.
-     * Note that this may create a new thread.
-     */
-    dwError = VmKdcSrvUpdateConfig(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcInit();
-    if (dwError)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ERROR: vmkdc VmKdcInit failed (%d)",
-                 dwError);
-    }
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcInitKdcServiceThread(&gVmkdcGlobals);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmKdcSrvInit");
-
-cleanup:
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-VmKdcServiceShutdown(
-    VOID
-    )
-{
-    VmKdcdStateSet(VMKDC_SHUTDOWN);
-    VmKdcShutdown();
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Vmkdcd: stop");
-
-    return;
-}
-
-static
-DWORD
-VmKdcNotifyLikewiseServiceManager()
-{
-    DWORD dwError = ERROR_SUCCESS;
-    PCSTR   pszSmNotify = NULL;
-    int  ret = 0;
-    int  notifyFd = -1;
-    char notifyCode = 0;
-
-    // interact with likewise service manager (start/stop control)
-    if ((pszSmNotify = getenv("LIKEWISE_SM_NOTIFY")) != NULL)
-    {
-        notifyFd = atoi(pszSmNotify);
-
-        do
-        {
-            ret = write(notifyFd, &notifyCode, sizeof(notifyCode));
-
-        } while (ret != sizeof(notifyCode) && errno == EINTR);
-
-        if (ret < 0)
-        {
-#define BUFFER_SIZE 1024
-            char buffer[BUFFER_SIZE]= {0};
-            int errorNumber = errno;
-
-            VmKdcStringErrorA( buffer, BUFFER_SIZE, errorNumber );
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                      "Could not notify service manager: %s (%i)",
-                      buffer,
-                      errorNumber);
-
-            dwError = LwErrnoToWin32Error(errno);
-            BAIL_ON_VMKDC_ERROR(dwError);
-#undef BUFFER_SIZE
-        }
-
-    }
-
-error:
-    if(notifyFd != -1)
-    {
-        close(notifyFd);
-    }
-
-    return dwError;
-}
-
-#endif
diff --git a/lwraft/server/vmkdc/networking.c b/lwraft/server/vmkdc/networking.c
deleted file mode 100644
index 399461ee1..000000000
--- a/lwraft/server/vmkdc/networking.c
+++ /dev/null
@@ -1,941 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-static DWORD
-VmKdcRecvTcp(
-    int sock,
-    unsigned char *msg,
-    int msgLen);
-
-static DWORD
-VmKdcSendTcpResponse(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA krbMsg);
-
-static
-VOID
-VmKdcSignalThreadDone(
-    PVMKDC_CONTEXT pContext)
-{
-    pthread_mutex_lock(&pContext->pGlobals->mutex);
-    pContext->pGlobals->workerThreadCount--;
-    pthread_mutex_unlock(&pContext->pGlobals->mutex);
-    pthread_cond_signal(&pContext->pGlobals->cond);
-}
-
-
-static
-DWORD
-VmKdcCreateThreadMaxLimit(
-    PVMKDC_CONTEXT pContext,
-    VmKdcStartRoutine* pStartRoutine)
-{
-    DWORD dwError = 0;
-
-
-    pthread_mutex_lock(&pContext->pGlobals->mutex);
-    while (pContext->pGlobals->workerThreadCount >= pContext->pGlobals->workerThreadMax)
-    {
-        pthread_cond_wait(&pContext->pGlobals->cond, &pContext->pGlobals->mutex);
-    }
-
-    dwError = pthread_create(
-                  &pContext->pGlobals->thread,
-                  &pContext->pGlobals->attrDetach,
-                  pStartRoutine,
-                  pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-    pContext->pGlobals->workerThreadCount++;
-
-error:
-    pthread_mutex_unlock(&pContext->pGlobals->mutex);
-    return dwError;
-}
-
-
-static DWORD
-_VmKdcIsIPV6AddressPresent(BOOLEAN  *pIPV6AddressPresent)
-{
-    int                 retVal = 0;
-#ifndef _WIN32
-    struct ifaddrs *    myaddrs = NULL;
-    struct ifaddrs *    ifa = NULL;
-#else
-    PADDRINFOA          myaddrs = NULL;
-    PADDRINFOA          ifa = NULL;
-    unsigned long       loopback_addr = 0;
-    struct sockaddr_in  *pIp4Addr = NULL;
-    struct addrinfo     hints = {0};
-#endif
-
-    *pIPV6AddressPresent = FALSE;
-
-#ifndef _WIN32
-    retVal = getifaddrs(&myaddrs);
-#else
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    loopback_addr = inet_addr("127.0.0.1");
-
-    if (getaddrinfo( "", NULL, &hints, &myaddrs ) != 0 )
-    {
-        retVal = WSAGetLastError();
-    }
-#endif
-    BAIL_ON_VMKDC_ERROR( retVal );
-
-    for (ifa = myaddrs; ifa != NULL; ifa = VMKDC_ADDR_INFO_NEXT(ifa))
-    {
-        if ((VMKDC_ADDR_INFO_ADDR(ifa) == NULL)
-#ifndef _WIN32 // because getaddrinfo() does NOT set ai_flags in the returned address info structures.
-            || ((VMKDC_ADDR_INFO_FLAGS(ifa) & IFF_UP) == 0)
-            || ((VMKDC_ADDR_INFO_FLAGS(ifa) & IFF_LOOPBACK) != 0)
-#endif
-        )
-        {
-            continue;
-        }
-        if (VMKDC_ADDR_INFO_ADDR(ifa)->sa_family == AF_INET6)
-        {
-            *pIPV6AddressPresent = TRUE;
-        }
-        else if (VMKDC_ADDR_INFO_ADDR(ifa)->sa_family == AF_INET)
-        {
-#ifdef _WIN32
-            pIp4Addr = (struct sockaddr_in *) VMKDC_ADDR_INFO_ADDR(ifa);
-            if (memcmp(&pIp4Addr->sin_addr.s_addr,
-                &loopback_addr,
-                sizeof(loopback_addr)) == 0)
-            {
-                continue;
-            }
-#endif
-
-            *pIPV6AddressPresent = FALSE;
-            break;
-        }
-    }
-
-cleanup:
-    if (myaddrs)
-    {
-#ifndef _WIN32
-        freeifaddrs(myaddrs);
-#else
-        freeaddrinfo(myaddrs);
-#endif
-    }
-    return retVal;
-
-error:
-    goto cleanup;
-}
-
-
-static DWORD
-_VmKdcMakeIpAddress(
-    int port,
-    struct sockaddr **ppAddr,
-    int *pAddrLen,
-    int *pAddrType)
-{
-    DWORD dwError = 0;
-    struct sockaddr_in  *p4addr = NULL;
-    struct sockaddr_in6 *p6addr = NULL;
-    void                *pAddr = NULL;
-    short               addrType = AF_INET;
-    int                 addrLen = 0;
-    BOOLEAN bIsIpV6 = FALSE;
-
-    dwError = _VmKdcIsIPV6AddressPresent(&bIsIpV6);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    addrLen = bIsIpV6 ? sizeof(struct sockaddr_in6) :
-                        sizeof(struct sockaddr_in);
-    dwError = VmKdcAllocateMemory(
-                  addrLen,
-                  (PVOID*)&pAddr);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (bIsIpV6)
-    {
-        addrType = AF_INET6;
-        p6addr = (struct sockaddr_in6 *) pAddr;
-        p6addr->sin6_family = addrType;
-        p6addr->sin6_port = htons((UINT16) port);
-    }
-    else
-    {
-        addrType = AF_INET;
-        p4addr = (struct sockaddr_in *) pAddr;
-        p4addr->sin_family = addrType;
-        p4addr->sin_port = htons((UINT16) port);
-    }
-
-    *ppAddr = (struct sockaddr *) pAddr;
-    *pAddrLen = addrLen;
-    *pAddrType = addrType;
-
-error:
-    return dwError;
-}
-
-
-DWORD
-VmKdcSrvOpenServicePort(
-    PVMKDC_GLOBALS pGlobals,
-    VMKDC_SERVICE_PORT_TYPE portType)
-{
-    DWORD dwError = 0;
-    INT64 sock = -1;
-    int sts = 0;
-    int on = 1;
-    char *portTypeStr = "Udp";
-    int socketType = SOCK_DGRAM;
-    struct sockaddr *saddr = NULL;
-    int saddr_len = 0;
-    int saddr_type = AF_INET;
-    int optname = 0;
-
-    dwError = _VmKdcMakeIpAddress(
-                   pGlobals->iListenPort,
-                   &saddr,
-                   &saddr_len,
-                   &saddr_type);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (portType == VMKDC_SERVICE_PORT_TCP)
-    {
-        portTypeStr = "Tcp";
-        socketType = SOCK_STREAM;
-    }
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-             "VmKdcSrvOpenServicePort%s called...",
-             portTypeStr);
-
-    sock = socket(saddr_type, socketType, 0);
-    if (sock == -1)
-    {
-#ifdef _WIN32
-        errno = WSAGetLastError();
-#endif
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    if (portType == VMKDC_SERVICE_PORT_TCP)
-    {
-#ifdef _WIN32
-        optname = SO_EXCLUSIVEADDRUSE;
-#else
-        optname = SO_REUSEADDR;
-#endif
-        if (setsockopt(sock,
-                   SOL_SOCKET,
-                   optname,
-                   (const char *)(&on),
-                   sizeof(on)) == -1)
-        {
-#ifdef _WIN32
-            errno = WSAGetLastError();
-#endif
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-    }
-
-    sts = bind(sock, saddr, saddr_len);
-    if (sts == -1)
-    {
-#ifdef _WIN32
-        errno = WSAGetLastError();
-#endif
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    if (portType == VMKDC_SERVICE_PORT_TCP)
-    {
-        pGlobals->iAcceptSock = sock;
-    }
-    else
-    {
-        pGlobals->iAcceptSockUdp = sock;
-    }
-    pGlobals->addrLen = saddr_len;
-
-error:
-    VMKDC_SAFE_FREE_MEMORY(saddr);
-    if (dwError)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "dwError=%d errno=%d", dwError, errno);
-        if (sock != -1)
-        {
-            tcp_close(sock);
-        }
-    }
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmKdcSrvOpenServicePort%s done.", portTypeStr);
-
-    return dwError;
-}
-
-
-DWORD
-VmKdcSrvServicePortListen(
-    PVMKDC_GLOBALS pGlobals)
-{
-    DWORD dwError = 0;
-    int sts = 0;
-
-    sts = listen(pGlobals->iAcceptSock, 5);
-    if (sts == -1)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-error:
-    return dwError;
-}
-
-
-static DWORD
-VmKdcSrvServiceAcceptConn(
-    PVMKDC_GLOBALS pGlobals,
-    int *acceptSocket,
-    int *acceptSocketUdp)
-{
-    DWORD dwError = 0;
-    fd_set rmask;
-    INT64 sts = 0;
-    INT64 maxFd = -1;
-
-    FD_ZERO(&rmask);
-    FD_SET(pGlobals->iAcceptSock, &rmask);
-    if (pGlobals->iAcceptSock > maxFd)
-    {
-        maxFd = pGlobals->iAcceptSock;
-    }
-    FD_SET(pGlobals->iAcceptSockUdp, &rmask);
-    if (pGlobals->iAcceptSockUdp > maxFd)
-    {
-        maxFd = pGlobals->iAcceptSockUdp;
-    }
-
-    sts = select((int) (maxFd + 1), &rmask, NULL, NULL, NULL);
-    if (sts <= 0)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    if (VmKdcdState() == VMKDC_SHUTDOWN)
-    {
-        goto error;
-    }
-    if (FD_ISSET(pGlobals->iAcceptSock, &rmask))
-    {
-        sts = accept(pGlobals->iAcceptSock, NULL, NULL);
-        if (sts != -1)
-        {
-            *acceptSocket = (int) sts;
-        }
-    }
-    if (FD_ISSET(pGlobals->iAcceptSockUdp, &rmask))
-    {
-        *acceptSocketUdp = (int) pGlobals->iAcceptSockUdp;
-    }
-error:
-    return dwError;
-}
-
-
-static void
-VmKdcFreeRequest(
-    PVMKDC_REQUEST *ppRequest)
-{
-    PVMKDC_REQUEST pRequest = *ppRequest;
-
-    if (pRequest)
-    {
-        if (pRequest->requestSocket >= 0)
-        {
-            tcp_close(pRequest->requestSocket);
-            pRequest->requestSocket = -1;
-        }
-        VMKDC_SAFE_FREE_MEMORY(pRequest->requestBuf);
-        VMKDC_SAFE_FREE_MEMORY(pRequest->pvClientAddr);
-        VMKDC_SAFE_FREE_KEY(pRequest->masterKey);
-    }
-    VMKDC_SAFE_FREE_MEMORY(pRequest);
-    *ppRequest = NULL;
-}
-
-
-static DWORD
-VmKdcAllocateRequest(
-    int requestSocket,
-    BOOLEAN bRequestIsUdp,
-    PVMKDC_GLOBALS pGlobals,
-    PVMKDC_REQUEST *ppRetRequest)
-{
-    PVMKDC_REQUEST pRequest = NULL;
-    PUCHAR pRequestBuf = NULL;
-    DWORD dwError = 0;
-    PVOID pClientAddr = NULL;
-
-    dwError = VmKdcAllocateMemory(
-                  sizeof(VMKDC_REQUEST),
-                  (PVOID*)&pRequest);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcAllocateMemory(
-                  pGlobals->addrLen,
-                  (PVOID*)&pClientAddr);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-
-    if (bRequestIsUdp)
-    {
-        dwError = VmKdcAllocateMemory(
-                      VMKDC_UDP_READ_BUFSIZ,
-                      (PVOID*) &pRequestBuf);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        pRequest->requestBufLen = VMKDC_UDP_READ_BUFSIZ;
-        pRequest->requestBuf = pRequestBuf;
-        pRequest->bRequestIsUdp = bRequestIsUdp;
-    }
-
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-    /*
-     * The global masterKey will be NULL when vmdir is unavailable.
-     */
-    if (gVmkdcGlobals.masterKey)
-    {
-        dwError = VmKdcCopyKey(gVmkdcGlobals.masterKey,
-                               &pRequest->masterKey);
-    }
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pRequest->pvClientAddr = pClientAddr;
-    pRequest->dwClientAddrLen = pGlobals->addrLen;
-    pRequest->requestSocket = requestSocket;
-    *ppRetRequest = pRequest;
-
-error:
-    if (dwError)
-    {
-        VMKDC_SAFE_FREE_MEMORY(pRequest);
-        VMKDC_SAFE_FREE_MEMORY(pClientAddr);
-        VMKDC_SAFE_FREE_MEMORY(pRequestBuf);
-    }
-    return dwError;
-}
-
-static DWORD
-VmKdcAllocateContext(
-    int requestSocket,
-    BOOLEAN bRequestIsUdp,
-    PVMKDC_GLOBALS pGlobals,
-    PVMKDC_CONTEXT *ppContext)
-{
-    DWORD dwError = 0;
-    PVMKDC_CONTEXT pContext = NULL;
-    PVMKDC_REQUEST pRequest = NULL;
-
-    dwError = VmKdcAllocateRequest(
-                  requestSocket,
-                  bRequestIsUdp,
-                  pGlobals,
-                  &pRequest);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcAllocateMemory(sizeof(VMKDC_CONTEXT), (PVOID*)&pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pContext->pGlobals = pGlobals;
-    pContext->pRequest = pRequest;
-
-    *ppContext = pContext;
-
-error:
-    if (dwError)
-    {
-        VMKDC_SAFE_FREE_MEMORY(pRequest);
-        VMKDC_SAFE_FREE_MEMORY(pContext);
-    }
-    return dwError;
-}
-
-
-static VOID
-VmKdcFreeContext(
-    PVMKDC_CONTEXT *ppContext)
-{
-    PVMKDC_CONTEXT pContext = NULL;
-
-    if (ppContext)
-    {
-        pContext = *ppContext;
-    }
-    if (pContext)
-    {
-        VmKdcFreeRequest(&pContext->pRequest);
-        VMKDC_SAFE_FREE_MEMORY(pContext);
-    }
-    *ppContext = NULL;
-}
-
-
-static DWORD
-VmKdcReadTcpRequestSize(
-    PVMKDC_CONTEXT pContext)
-{
-    DWORD dwError = 0;
-    INT32 krbMsgLen = 0;
-    PUCHAR requestBuf = NULL;
-
-    dwError = VmKdcRecvTcp(
-                  pContext->pRequest->requestSocket,
-                  (void *) &krbMsgLen,
-                  sizeof(krbMsgLen));
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    krbMsgLen = ntohl(krbMsgLen);
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-             "VmKdcReadTcpRequestSize: KrbMsgLen=%d", krbMsgLen);
-    if (krbMsgLen > MAX_KRB_REQ_LEN || krbMsgLen < 0)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    dwError = VmKdcAllocateMemory(
-                  krbMsgLen,
-                  (PVOID*) &requestBuf);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-    if (dwError)
-    {
-        if (pContext->pRequest)
-         {
-            VmKdcFreeRequest(&pContext->pRequest);
-         }
-    }
-    else
-    {
-        pContext->pRequest->requestAllocLen = krbMsgLen;
-        pContext->pRequest->requestBuf = requestBuf;
-    }
-    return dwError;
-}
-
-DWORD
-VmKdcSendTcp(
-    int sock,
-    unsigned char *msg,
-    int msgLen)
-{
-    DWORD dwError = 0;
-    int sts = 0;
-    int len = 0;
-    int slen = 0;
-
-    slen = msgLen;
-    do
-    {
-        sts = send(sock, &msg[len], slen, 0);
-        if (sts > 0)
-        {
-            slen -= sts;
-            len += sts;
-        }
-        else
-        {
-#ifdef _WIN32
-            errno = WSAGetLastError();
-#endif
-            dwError =  errno;
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-    } while (sts > 0 && slen < msgLen);
-
-error:
-    return dwError;
-}
-
-static DWORD
-VmKdcRecvTcp(
-    int sock,
-    unsigned char *msg,
-    int msgLen)
-{
-    DWORD dwError = 0;
-    int sts = 0;
-    int len = 0;
-    int rlen = 0;
-
-    len = msgLen;
-
-    // pGlobals is useful for timeout information when
-    // this is implemented to use select() with a timeout.
-    do
-    {
-        /* TBD: Need select() around recv() to prevent DoS timeout attack */
-        sts = recv(sock, &msg[rlen], len, 0);
-        if (sts > 0)
-        {
-            rlen += sts;
-            len -= sts;
-        }
-        else
-        {
-#ifdef _WIN32
-            errno = WSAGetLastError();
-#endif
-            dwError =  errno;
-            if (sts == 0)
-            {
-                VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmKdcRecvTcp: peer disconnection detected.");
-                dwError = ERROR_PROTOCOL;
-            }
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-    } while (sts > 0 && len > 0);
-error:
-
-    return dwError;
-}
-
-
-static DWORD
-VmKdcReadTcpRequest(
-    PVMKDC_CONTEXT pContext)
-{
-    DWORD dwError = 0;
-
-    dwError = VmKdcRecvTcp(
-                  pContext->pRequest->requestSocket,
-                  pContext->pRequest->requestBuf,
-                  pContext->pRequest->requestAllocLen);
-    BAIL_ON_VMKDC_ERROR(dwError);
-    pContext->pRequest->requestBufLen = pContext->pRequest->requestAllocLen;
-
-error:
-    return dwError;
-}
-
-static DWORD
-VmKdcSendTcpResponse(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA krbMsg)
-{
-    DWORD dwError = 0;
-    PUCHAR krbMsgPtr = NULL;
-    DWORD krbMsgLen = 0;
-    UINT32 netLen = 0;
-    UCHAR netLenBuf[sizeof(netLen)] = {0};
-
-    krbMsgLen = VMKDC_GET_LEN_DATA(krbMsg);
-    krbMsgPtr = VMKDC_GET_PTR_DATA(krbMsg);
-
-    netLen = htonl(krbMsgLen);
-    memcpy(netLenBuf, &netLen, sizeof(netLen));
-
-    dwError = VmKdcSendTcp(
-                  pContext->pRequest->requestSocket,
-                  netLenBuf,
-                  sizeof(netLenBuf));
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcSendTcp(pContext->pRequest->requestSocket, krbMsgPtr, krbMsgLen);
-    BAIL_ON_VMKDC_ERROR(dwError);
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-             "VmKdcListenKdcService: sent %d bytes", krbMsgLen);
-
-error:
-    return dwError;
-}
-
-DWORD
-VmKdcProcessUdpRequest(PVMKDC_CONTEXT pContext)
-{
-    DWORD dwError = 0;
-    int len = 0;
-    PVMKDC_DATA krbMsg = NULL;
-
-    dwError = VmKdcProcessKdcReq(pContext, &krbMsg);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    len = sendto(pContext->pRequest->requestSocket,
-                 VMKDC_GET_PTR_DATA(krbMsg),
-                 VMKDC_GET_LEN_DATA(krbMsg),
-                 0,
-                 (struct sockaddr *) pContext->pRequest->pvClientAddr,
-                 pContext->pRequest->dwClientAddrLen);
-    if (len <= 0)
-    {
-        dwError = ERROR_PROTOCOL;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-error:
-    VmKdcSignalThreadDone(pContext);
-    VmKdcFreeData(krbMsg);
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmKdcProcessUdpRequest: finished");
-
-    //Each UDP accept() call will not create a new socket (file descriptor),
-    // so there is no socket leak here.
-    pContext->pRequest->requestSocket = -1;
-    VmKdcFreeContext(&pContext);
-
-    /* Running as a detached thread; no one really cares about return status */
-    return dwError;
-}
-
-
-DWORD
-VmKdcProcessTcpRequest(PVMKDC_CONTEXT pContext)
-{
-    DWORD dwError = 0;
-    PVMKDC_DATA krbMsg = NULL;
-
-    dwError = VmKdcReadTcpRequestSize(pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcReadTcpRequest(pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcProcessKdcReq(pContext, &krbMsg);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcSendTcpResponse(
-                  pContext,
-                  krbMsg);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-    VmKdcSignalThreadDone(pContext);
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VmKdcProcessTcpRequest: done");
-    VmKdcFreeContext(&pContext);
-    VmKdcFreeData(krbMsg);
-
-    /* Running as a detached thread; no one really cares about return status */
-    return dwError;
-}
-
-PVOID
-VmKdcProcessThread(PVOID pVoidContext)
-{
-    DWORD dwError = 0;
-    PVMKDC_CONTEXT pContext = (PVMKDC_CONTEXT) pVoidContext;
-
-    if (pContext->pRequest->bRequestIsUdp)
-    {
-        VmKdcProcessUdpRequest(pContext);
-    }
-    else
-    {
-        VmKdcProcessTcpRequest(pContext);
-    }
-
-    /* Running as a detached thread; no one really cares about return status */
-    return dwError ? /* error pointer */ NULL : NULL;
-}
-
-static DWORD
-VmKdcReadUdpRequest(PVMKDC_CONTEXT pContext)
-{
-    DWORD dwError = 0;
-    int len = 0;
-
-    len = recvfrom(pContext->pRequest->requestSocket,
-                   pContext->pRequest->requestBuf,
-                   VMKDC_UDP_READ_BUFSIZ,
-                   0,
-                   (struct sockaddr *) pContext->pRequest->pvClientAddr,
-                   (socklen_t *) &pContext->pRequest->dwClientAddrLen);
-    if (len <= 0)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    pContext->pRequest->requestBufLen = len;
-
-error:
-    return dwError;
-}
-
-
-static
-PVOID
-VmKdcListenKdcService(
-    PVOID pInfo
-    )
-{
-    PVMKDC_CONTEXT pContext = NULL;
-    PVMKDC_GLOBALS pGlobals = (PVMKDC_GLOBALS) pInfo;
-    DWORD dwError = 0;
-    int requestSocket = -1;
-    int requestSocketUdp = -1;
-
-    do
-    {
-        requestSocket = -1;
-        requestSocketUdp = -1;
-        dwError = VmKdcSrvServiceAcceptConn(
-                      pGlobals,
-                      &requestSocket,
-                      &requestSocketUdp);
-        if (VmKdcdState() == VMKDC_SHUTDOWN)
-        {
-            break;
-        }
-        if (requestSocket >= 0 || requestSocketUdp >= 0)
-        {
-            VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "vmkdc: accepted connection!");
-        }
-        else
-        {
-            continue;
-        }
-        if (requestSocketUdp != -1)
-        {
-            /* Process UDP request here */
-            dwError = VmKdcAllocateContext(
-                          requestSocketUdp,
-                          TRUE,
-                          pGlobals,
-                          &pContext);
-            BAIL_ON_VMKDC_ERROR(dwError);
-
-            dwError = VmKdcReadUdpRequest(pContext);
-            if (dwError)
-            {
-                pContext->pRequest->requestSocket = -1;
-                VmKdcFreeContext(&pContext);
-            } else
-            {
-                /* TBD: Use thread pool here */
-                dwError = VmKdcCreateThreadMaxLimit(
-                          pContext,
-                          VmKdcProcessThread);
-                BAIL_ON_VMKDC_ERROR(dwError);
-            }
-        }
-
-        if (requestSocket != -1)
-        {
-            /* Process TCP request here */
-            dwError = VmKdcAllocateContext(
-                          requestSocket,
-                          FALSE,
-                          pGlobals,
-                          &pContext);
-            BAIL_ON_VMKDC_ERROR(dwError);
-
-            /* TBD: Use thread pool here */
-            dwError = VmKdcCreateThreadMaxLimit(
-                          pContext,
-                          VmKdcProcessThread);
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-    } while ((requestSocket >= 0 || requestSocketUdp >= 0) && VmKdcdState() != VMKDC_SHUTDOWN);
-error:
-    return NULL;
-}
-
-
-DWORD
-VmKdcInitConnAcceptThread(
-    PVMKDC_GLOBALS pGlobals)
-{
-    DWORD  dwError = 0;
-    int    sts = 0;
-
-    sts = pthread_create(
-            &pGlobals->thread,
-            NULL,
-            VmKdcListenKdcService,
-            pGlobals);
-    if (sts)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    BAIL_ON_VMKDC_ERROR(dwError);
-error:
-
-    return dwError;
-}
-
-
-void
-VmKdcSrvCloseSocketAcceptFd(
-    VOID
-    )
-{
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-
-    if (gVmkdcGlobals.iAcceptSock >= 0)
-    {
-        tcp_close(gVmkdcGlobals.iAcceptSock);
-        gVmkdcGlobals.iAcceptSock = -1;
-    }
-
-    if (gVmkdcGlobals.iAcceptSockUdp >= 0)
-    {
-        tcp_close(gVmkdcGlobals.iAcceptSockUdp);
-        gVmkdcGlobals.iAcceptSockUdp = -1;
-    }
-
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-}
-
-
-void
-VmKdcSrvIncrementThreadCount(
-    PVMKDC_GLOBALS pGlobals)
-{
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-    pGlobals->workerThreadCount++;
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-}
-
-void
-VmKdcSrvDecrementThreadCount(
-    PVMKDC_GLOBALS pGlobals)
-{
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-    pGlobals->workerThreadCount--;
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-}
-
-
-void
-VmKdcSrvGetThreadCount(
-    PVMKDC_GLOBALS pGlobals,
-    PDWORD pWorkerThreadCount)
-{
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-    *pWorkerThreadCount = pGlobals->workerThreadCount;
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-}
diff --git a/lwraft/server/vmkdc/networking.h b/lwraft/server/vmkdc/networking.h
deleted file mode 100644
index ceac5e109..000000000
--- a/lwraft/server/vmkdc/networking.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-typedef enum _VMKDC_SERVICE_PORT_TYPE
-{
-    VMKDC_SERVICE_PORT_UDP = 1,
-    VMKDC_SERVICE_PORT_TCP,
-} VMKDC_SERVICE_PORT_TYPE;
-
-
-DWORD
-VmKdcSrvOpenServicePort(
-    PVMKDC_GLOBALS pGlobals,
-    VMKDC_SERVICE_PORT_TYPE portType);
-
-DWORD
-VmKdcSrvServicePortListen(
-    PVMKDC_GLOBALS pGlobals);
-
-DWORD
-VmKdcInitConnAcceptThread(
-    PVMKDC_GLOBALS pGlobals);
-
-DWORD
-VmKdcSendTcp(
-    int sock,
-    unsigned char *msg,
-    int msgLen);
-
-void
-VmKdcSrvCloseSocketAcceptFd(
-    VOID);
-
-void
-VmKdcSrvIncrementThreadCount(
-    PVMKDC_GLOBALS pGlobals);
-
-void
-VmKdcSrvDecrementThreadCount(
-    PVMKDC_GLOBALS pGlobals);
-
-void
-VmKdcSrvGetThreadCount(
-    PVMKDC_GLOBALS pGlobals,
-    PDWORD pWorkerThreadCount);
diff --git a/lwraft/server/vmkdc/parseargs.c b/lwraft/server/vmkdc/parseargs.c
deleted file mode 100644
index 2d3269168..000000000
--- a/lwraft/server/vmkdc/parseargs.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-#ifndef _WIN32
-
-DWORD
-VmKdcParseArgs(
-    int argc,
-    char* argv[],
-    int* pLoggingLevel,
-    PBOOLEAN pbEnableSysLog,
-    PBOOLEAN pbEnableConsole
-)
-{
-    DWORD dwError = ERROR_SUCCESS;
-    int opt = 0;
-    setlocale(LC_ALL, "");
-
-    //TODO, change to use long opt
-    while ( (opt = getopt( argc, argv, VMKDC_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VMKDC_OPTION_LOGGING_LEVEL:
-                if( pLoggingLevel != NULL )
-                {
-                    *pLoggingLevel = atoi( optarg );
-                }
-                break;
-
-            case VMKDC_OPTION_ENABLE_SYSLOG:
-                if ( pbEnableSysLog != NULL )
-                {
-                    *pbEnableSysLog = TRUE;
-                }
-                break;
-
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMKDC_ERROR(dwError);
-        }
-    }
-error:
-    return dwError;
-}
-
-#else
-
-DWORD
-VmKdcParseArgs(
-    int argc,
-    char* argv[],
-    int* pLoggingLevel,
-    PBOOLEAN pbEnableSysLog,
-    PBOOLEAN pbEnableConsole
-)
-{
-    DWORD dwError = ERROR_SUCCESS;
-    int i = 1; // first arg is the <name of exe>.exe
-
-    while( i < argc )
-    {
-        if( VmKdcIsCmdLineOption( argv[i] ) != FALSE )
-        {
-            if ( VmKdcStringCompareA(
-                          VMKDC_OPTION_LOGGING_LEVEL, argv[i], TRUE ) == 0 )
-            {
-                dwError = VmKdcGetCmdLineIntOption(
-                    argc, argv, &i, pLoggingLevel
-                );
-                BAIL_ON_VMKDC_ERROR(dwError);
-            }
-            else if ( VmKdcStringCompareA(
-                          VMKDC_OPTION_ENABLE_SYSLOG, argv[i], TRUE ) == 0 )
-            {
-                if ( pbEnableSysLog != NULL )
-                {
-                    *pbEnableSysLog = TRUE;
-                }
-            }
-#if defined(WIN32) && defined(_DEBUG)
-            else if ( VmKdcStringCompareA(
-                          VMKDC_OPTION_ENABLE_CONSOLE, argv[i], TRUE ) == 0 ||
-                      VmKdcStringCompareA(
-                          VMKDC_OPTION_ENABLE_CONSOLE_LONG, argv[i], TRUE ) == 0 )
-            {
-                if ( pbEnableConsole != NULL )
-                {
-                    *pbEnableConsole = TRUE;
-                }
-            }
-#endif
-            else
-            {
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMKDC_ERROR(dwError);
-            }
-        }
-
-        i++;
-    } // while
-
-error:
-
-    return dwError;
-}
-
-#endif
-
-VOID
-ShowUsage(
-    PSTR pName
-)
-{
-    //TODO, cleanup after use long opt
-   fprintf(
-       stderr,
-       "Usage: %s [-l <logging level>] [-s]",
-       pName
-   );
-}
diff --git a/lwraft/server/vmkdc/process.c b/lwraft/server/vmkdc/process.c
deleted file mode 100644
index 80fea9f28..000000000
--- a/lwraft/server/vmkdc/process.c
+++ /dev/null
@@ -1,751 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-static
-DWORD
-VmKdcProcessAsReq(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA *ppKrbMsg);
-
-static
-DWORD
-VmKdcProcessTgsReq(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA *ppkrbMsg);
-
-DWORD
-VmKdcProcessKdcReq(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA *ppKrbMsg)
-{
-    DWORD dwError = 0;
-    if (pContext->pRequest->requestBuf[0] == VMKDC_MSG_TAG_AS_REQ)
-    {
-        dwError = VmKdcProcessAsReq(pContext, ppKrbMsg);
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    else if (pContext->pRequest->requestBuf[0] == VMKDC_MSG_TAG_TGS_REQ)
-    {
-        dwError = VmKdcProcessTgsReq(pContext, ppKrbMsg);
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    else
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-error:
-    return dwError;
-}
-
-static
-DWORD
-VmKdcProcessAsReq(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA *ppKrbMsg)
-{
-    DWORD dwError = 0;
-    DWORD dwError2 = 0;
-    PVMKDC_ASREQ asRequest = NULL;
-    PVMKDC_DATA krbMsg = NULL;
-    PVMKDC_KEY pCKey = NULL;
-    PVMKDC_KEY pSKey = NULL;
-    PVMKDC_KEY pSessionKey = NULL;
-    PVMKDC_PRINCIPAL pCname = NULL;
-    PVMKDC_PRINCIPAL pSname = NULL;
-    DWORD nonce = 0;
-    PVMKDC_DATA pAsnData = NULL;
-    PVMKDC_TICKET pTicket = NULL;
-    PVMKDC_ASREP pAsRep = NULL;
-    time_t t_start = 0;
-    time_t t_end = 0;
-    time_t *t_reqTill = NULL;
-    time_t *renew_till = NULL;
-    PVMKDC_DIRECTORY_ENTRY pClientEntry = NULL;
-    PVMKDC_DIRECTORY_ENTRY pServerEntry = NULL;
-    DWORD error_code = 0;
-    PVMKDC_DATA e_data = NULL;
-    PSTR pszClientName = NULL;
-    VMKDC_TICKET_FLAGS flags = 0;
-    time_t kdc_time = 0;
-    time_t maxrt = 0;
-    BOOLEAN renewable_ok = 0;
-
-    dwError = VmKdcAllocateData(
-                  pContext->pRequest->requestBuf,
-                  pContext->pRequest->requestBufLen,
-                  &pAsnData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcDecodeAsReq(pAsnData, &asRequest);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pCname = asRequest->req_body.cname;
-    pSname = asRequest->req_body.sname;
-    nonce = asRequest->req_body.nonce;
-
-/* RFC4120 Page 26
- * If the requested starttime is absent, indicates a time in the past,
- * or is within the window of acceptable clock skew for the KDC and the
- * POSTDATE option has not been specified, then the starttime of the
- * ticket is set to the authentication server's current time.  If it
- * indicates a time in the future beyond the acceptable clock skew, but
- * the POSTDATED option has not been specified, then the error
- * KDC_ERR_CANNOT_POSTDATE is returned.  Otherwise the requested
- * starttime is checked against the policy of the local realm (the
- * administrator might decide to prohibit certain types or ranges of
- * postdated tickets), and if the ticket's starttime is acceptable, it
- * is set as requested, and the INVALID flag is set in the new ticket.
- * The postdated ticket MUST be validated before use by presenting it to
- * the KDC after the starttime has been reached.
- */
-
-    kdc_time = time(NULL);
-    if (!asRequest->req_body.from ||
-        *asRequest->req_body.from < kdc_time ||
-        (abs((long) (*asRequest->req_body.from - kdc_time)) <
-         pContext->pGlobals->iClockSkew))
-
-    {
-        t_start = kdc_time;
-    }
-    else
-    {
-        dwError = ERROR_CANNOT_POSTDATE;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-/*
- * The expiration time of the ticket will be set to the earlier of the
- * requested endtime and a time determined by local policy, possibly by
- * using realm- or principal-specific factors.  For example, the
- * expiration time MAY be set to the earliest of the following:
- *
- *    *  The expiration time (endtime) requested in the KRB_AS_REQ
- *       message.
- *
- *    *  The ticket's starttime plus the maximum allowable lifetime
- *       associated with the client principal from the authentication
- *       server's database.
- *
- *    *  The ticket's starttime plus the maximum allowable lifetime
- *       associated with the server principal.
- *
- *    *  The ticket's starttime plus the maximum lifetime set by the
- *       policy of the local realm.
- *
- * If the requested expiration time minus the starttime (as determined
- * above) is less than a site-determined minimum lifetime, an error
- * message with code KDC_ERR_NEVER_VALID is returned.  If the requested
- * expiration time for the ticket exceeds what was determined as above,
- * and if the 'RENEWABLE-OK' option was requested, then the 'RENEWABLE'
- * flag is set in the new ticket, and the renew-till value is set as if
- * the 'RENEWABLE' option were requested (the field and option names are
- * described fully in Section 5.4.1).
- */
-
-    t_end = t_start + pContext->pGlobals->iMaxLife;
-    t_reqTill = asRequest->req_body.till;
-    if (t_reqTill)
-    {
-        if (*t_reqTill > t_end)
-        {
-            renewable_ok = VMKDC_FLAG_ISSET(asRequest->req_body.kdc_options,
-                                            VMKDC_KO_RENEWABLE_OK);
-            if (renewable_ok)
-            {
-                maxrt = t_start + pContext->pGlobals->iMaxRenewableLife;
-                if (*t_reqTill <= maxrt)
-                {
-                    renew_till = t_reqTill;
-                }
-                else
-                {
-                    renew_till = &maxrt;
-                }
-                VMKDC_FLAG_SET(flags, VMKDC_TF_RENEWABLE);
-            }
-        }
-        else
-        {
-            t_end = *t_reqTill;
-        }
-    }
-    if ((t_end - t_start) < pContext->pGlobals->iClockSkew)
-    {
-        dwError = ERROR_NEVER_VALID;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    dwError = VmKdcUnparsePrincipalName(pCname, &pszClientName);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-             "Received AS-REQ for client %s",
-             pszClientName);
-
-    /*
-     * Get the client key
-     */
-    dwError = VmKdcSearchDirectory(
-                  pContext,
-                  pCname,
-                  &pClientEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * TBD: Adam below using first ENCTYPE req_body.etype.type[0];
-     * Need to search for strongest supported between C/S and KDC policy
-     */
-    dwError = VmKdcFindKeyByEType(
-                  pClientEntry,
-                  asRequest->req_body.etype.type[0], // Use first ENCTYPE; need to search for strongest supported between C/S
-                  &pCKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Get the server key
-     */
-    dwError = VmKdcSearchDirectory(
-                  pContext,
-                  pSname,
-                  &pServerEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcFindKeyByEType(
-                  pServerEntry,
-                  asRequest->req_body.etype.type[0], // Use first ENCTYPE; need to search for strongest supported between C/S
-                  &pSKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Verify the preauthentication data.
-     */
-    dwError = VmKdcVerifyAsReqPaData(pContext, asRequest, pCKey);
-    if (dwError == ERROR_NO_PREAUTH)
-    {
-        dwError2 = VmKdcBuildKrbErrorEData(pCKey, &e_data);
-        BAIL_ON_VMKDC_ERROR(dwError2);
-    }
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Create a random session key
-     */
-    dwError = VmKdcRandomKey(pContext,
-                             asRequest->req_body.etype.type[0],
-                             &pSessionKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMKDC_FLAG_SET(flags, VMKDC_TF_INITIAL);
-    VMKDC_FLAG_SET(flags, VMKDC_TF_PRE_AUTHENT);
-    if (VMKDC_FLAG_ISSET(asRequest->req_body.kdc_options, VMKDC_KO_FORWARDABLE))
-    {
-        VMKDC_FLAG_SET(flags, VMKDC_TF_FORWARDABLE);
-    }
-    if (VMKDC_FLAG_ISSET(asRequest->req_body.kdc_options, VMKDC_KO_PROXIABLE))
-    {
-        VMKDC_FLAG_SET(flags, VMKDC_TF_PROXIABLE);
-    }
-
-    /*
-     * Build a TICKET
-     */
-    dwError = VmKdcBuildTicket(pContext,
-                               pCname,
-                               pSname,
-                               pSKey,      /* key */
-                               pSessionKey,
-                               flags,      /* flags */
-                               NULL,       /* transited */
-                               t_start,    /* authtime */
-                               &t_start,   /* starttime */
-                               t_end,      /* endtime */
-                               renew_till, /* renew_till */
-                               NULL,       /* caddr */
-                               NULL,       /* authorization_data */
-                               &pTicket);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Build an AS-REP
-     */
-    dwError = VmKdcBuildAsRep(pContext,
-                              pCname,
-                              pSname,
-                              pCKey,      /* key */
-                              pSessionKey,
-                              pTicket,
-                              NULL,       /* last-req */
-                              nonce,      /* nonce */
-                              NULL,       /* key-expiration (optional) */
-                              flags,      /* flags */
-                              t_start,    /* authtime */
-                              &t_start,   /* starttime (optional) */
-                              t_end,      /* endtime */
-                              renew_till, /* renew-till (optional) */
-                              NULL,       /* caddr */
-                              &pAsRep);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * ASN.1 encode the AS-REP, and send the response.
-     */
-    dwError = VmKdcEncodeAsRep(pAsRep, &krbMsg);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-             "Sending AS-REP for client %s",
-             pszClientName);
-
-    *ppKrbMsg = krbMsg;
-
-error:
-    switch (dwError)
-    {
-        case 0: /* success, don't set error_code */
-            break;
-        case ERROR_NO_PREAUTH:
-            error_code = VMKDC_KDC_ERR_PREAUTH_REQUIRED;
-            break;
-        case ERROR_FAILED_PREAUTH:
-            error_code = VMKDC_KDC_ERR_PREAUTH_FAILED;
-            break;
-        case VMKDC_RPC_SERVER_NOTAVAIL:
-            /*
-             * Clear the global masterKey so it can't be used when vmdir is unavailable.
-             */
-            VmKdcTerminateDirectory(pContext->pGlobals);
-            VmKdcdStateSet(VMKDCD_STARTUP);
-            error_code = VMKDC_KDC_ERR_SVC_UNAVAILABLE;
-            break;
-        case ERROR_CANNOT_POSTDATE:
-            error_code = VMKDC_KDC_ERR_CANNOT_POSTDATE;
-            break;
-        case ERROR_NEVER_VALID:
-            error_code = VMKDC_KDC_ERR_NEVER_VALID;
-            break;
-        case ERROR_NO_PRINC:
-        case ERROR_NO_KEY_ETYPE:
-        default:
-            error_code = VMKDC_KDC_ERR_C_PRINCIPAL_UNKNOWN;
-            break;
-    }
-    if (asRequest && pCname && pSname && error_code)
-    {
-        dwError = VmKdcBuildKrbError(
-                          asRequest->pvno,
-                          NULL, /* ctime */
-                          time(NULL), /* stime */
-                          error_code, /* error_code */
-                          VMKDC_GET_PTR_DATA(pCname->realm), /* crealm */
-                          pCname, /* cname */
-                          VMKDC_GET_PTR_DATA(pSname->realm), /* realm */
-                          pSname, /* sname */
-                          NULL, /* e_text */
-                          e_data, /* e_data */
-                          &krbMsg);
-        if (dwError == 0)
-        {
-            *ppKrbMsg = krbMsg;
-
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-                     "Sending KRB-ERROR %d for client %s",
-                     error_code, pszClientName);
-        }
-        else
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                     "Failed to build KRB-ERROR %d for client %s",
-                     error_code, pszClientName);
-        }
-    }
-    else if (dwError)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                 "VmKdcProcessAsRequest failed, error code: (%u)",
-                 dwError);
-    }
-    VMKDC_SAFE_FREE_DATA(e_data);
-    VMKDC_SAFE_FREE_DIRECTORY_ENTRY(pClientEntry);
-    VMKDC_SAFE_FREE_DIRECTORY_ENTRY(pServerEntry);
-    VMKDC_SAFE_FREE_ASREQ(asRequest);
-    VMKDC_SAFE_FREE_ASREP(pAsRep);
-    VMKDC_SAFE_FREE_KEY(pSessionKey);
-    VMKDC_SAFE_FREE_TICKET(pTicket);
-    VMKDC_SAFE_FREE_DATA(pAsnData);
-    VMKDC_SAFE_FREE_STRINGA(pszClientName);
-
-    return dwError;
-}
-
-static
-DWORD
-VmKdcProcessTgsReq(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA *ppKrbMsg)
-{
-    DWORD dwError = 0;
-    DWORD error_code = 0;
-    PVMKDC_ASREQ tgsRequest = NULL;
-    PVMKDC_DATA krbMsg = NULL;
-    PVMKDC_KEY pSKey = NULL;
-    PVMKDC_KEY pPresentedSKey = NULL;
-    PVMKDC_KEY pSessionKey = NULL;
-    PVMKDC_PRINCIPAL pSname = NULL;
-    DWORD nonce = 0;
-    PVMKDC_DATA pAsnData = NULL;
-    PVMKDC_TICKET pTicket = NULL;
-    PVMKDC_TGSREP pTgsRep = NULL;
-    time_t t_start = 0;
-    time_t t_end = 0;
-    time_t *t_reqTill = NULL;
-    time_t *renew_till = NULL;
-    time_t kdc_time = 0;
-    PVMKDC_METHOD_DATA pMethodData = NULL;
-    PVMKDC_PADATA pPaData = NULL;
-    PVMKDC_APREQ apReq = NULL;
-    PVMKDC_ENCTICKETPART pEncTicketPart = NULL;
-    PVMKDC_DATA pData = NULL;
-    PVMKDC_AUTHENTICATOR pAuthenticator = NULL;
-    PVMKDC_DIRECTORY_ENTRY pServerEntry = NULL;
-    PVMKDC_DIRECTORY_ENTRY pDirectoryEntry = NULL;
-    PSTR pszServerName = NULL;
-    VMKDC_TICKET_FLAGS flags = 0;
-    BOOLEAN renew = FALSE;
-
-    dwError = VmKdcAllocateData(
-                  pContext->pRequest->requestBuf,
-                  pContext->pRequest->requestBufLen,
-                  &pAsnData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcDecodeTgsReq(pAsnData, &tgsRequest);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pSname = tgsRequest->req_body.sname;
-    nonce = tgsRequest->req_body.nonce;
-    pMethodData = tgsRequest->padata;
-
-    dwError = VmKdcUnparsePrincipalName(pSname, &pszServerName);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-            "Received TGS-REQ for server %s",
-            pszServerName);
-
-    /*
-     * Get the server key
-     */
-    dwError = VmKdcSearchDirectory(
-                  pContext,
-                  pSname,
-                  &pServerEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcFindKeyByEType(
-                  pServerEntry,
-                  tgsRequest->req_body.etype.type[0], // Use first ENCTYPE; need to search for strongest supported between C/S
-                  &pSKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Get the preauth
-     */
-    if (!pMethodData)
-    {
-        dwError = ERROR_PROTOCOL;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    dwError = VmKdcFindPaData(VMKDC_PADATA_AP_REQ, pMethodData, &pPaData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Decode the AP-REQ
-     */
-    dwError = VmKdcDecodeApReq(pPaData->data, &apReq);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Get the key for the server principal in the ticket (krbtgt).
-     */
-    dwError = VmKdcSearchDirectory(
-                  pContext,
-                  apReq->ticket->sname,
-                  &pDirectoryEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcFindKeyByEType(
-                  pDirectoryEntry,
-                  tgsRequest->req_body.etype.type[0], // Use first ENCTYPE; need to search for strongest supported between C/S
-                  &pPresentedSKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Decrypt the encrypted part of the ticket
-     */
-    dwError = VmKdcDecryptEncData(pContext,
-                                  pPresentedSKey,
-                                  VMKDC_KU_TICKET,
-                                  apReq->ticket->enc_part,
-                                  &pData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Decode the encrypted part of the ticket
-     */
-    dwError = VmKdcDecodeEncTicketPart(pData, &pEncTicketPart);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMKDC_SAFE_FREE_DATA(pData);
-
-    /*
-     * Decrypt the authenticator
-     */
-    dwError = VmKdcDecryptEncData(pContext,
-                                  pEncTicketPart->key,
-                                  VMKDC_KU_TGS_REQ_AUTH,
-                                  apReq->authenticator,
-                                  &pData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Decode the authenticator
-     */
-    dwError = VmKdcDecodeAuthenticator(pData, &pAuthenticator);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * Create a random session key
-     */
-    dwError = VmKdcRandomKey(pContext,
-                             tgsRequest->req_body.etype.type[0],
-                             &pSessionKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-/*  RFC 4120, section 3.3.3, page 38
- *  By default, the address field, the client's name and realm, the list
- *  of transited realms, the time of initial authentication, the
- *  expiration time, and the authorization data of the newly-issued
- *  ticket will be copied from the TGT or renewable ticket.  If the
- *  transited field needs to be updated, but the transited type is not
- *  supported, the KDC_ERR_TRTYPE_NOSUPP error is returned.
- */
-
-    kdc_time = time(NULL);
-    if (!tgsRequest->req_body.from ||
-        *tgsRequest->req_body.from < kdc_time ||
-        (abs((long) (*tgsRequest->req_body.from - kdc_time)) <
-         pContext->pGlobals->iClockSkew))
-    {
-        t_start = kdc_time;
-    }
-    else
-    {
-        dwError = ERROR_CANNOT_POSTDATE;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-/*
- * If the request specifies an endtime, then the endtime of the new
- * ticket is set to the minimum of (a) that request, (b) the endtime
- * from the TGT, and (c) the starttime of the TGT plus the minimum of
- * the maximum life for the application server and the maximum life for
- * the local realm (the maximum life for the requesting principal was
- * already applied when the TGT was issued).  If the new ticket is to be
- * a renewal, then the endtime above is replaced by the minimum of (a)
- * the value of the renew_till field of the ticket and (b) the starttime
- * for the new ticket plus the life (endtime-starttime) of the old
- * ticket.
- */
-
-    renew = VMKDC_FLAG_ISSET(tgsRequest->req_body.kdc_options, VMKDC_KO_RENEW);
-    if (renew)
-    {
-        t_end = t_start + (pEncTicketPart->endtime - *pEncTicketPart->starttime);
-        renew_till = pEncTicketPart->renew_till;
-        if (*renew_till < t_end)
-        {
-            t_end = *renew_till;
-        }
-    }
-    else
-    {
-        t_end = *pEncTicketPart->starttime + pContext->pGlobals->iMaxLife;
-        t_reqTill = tgsRequest->req_body.till;
-        if (t_reqTill)
-        {
-            if (*t_reqTill < t_end)
-            {
-                t_end = *t_reqTill;
-            }
-            if (pEncTicketPart->endtime < t_end)
-            {
-                t_end = pEncTicketPart->endtime;
-            }
-        }
-    }
-
-    VMKDC_FLAG_SET(flags, VMKDC_TF_PRE_AUTHENT);
-    if (VMKDC_FLAG_ISSET(tgsRequest->req_body.kdc_options, VMKDC_KO_RENEWABLE))
-    {
-        VMKDC_FLAG_SET(flags, VMKDC_TF_RENEWABLE);
-    }
-    if (VMKDC_FLAG_ISSET(tgsRequest->req_body.kdc_options, VMKDC_KO_FORWARDABLE))
-    {
-        VMKDC_FLAG_SET(flags, VMKDC_TF_FORWARDABLE);
-    }
-    if (VMKDC_FLAG_ISSET(tgsRequest->req_body.kdc_options, VMKDC_KO_PROXIABLE))
-    {
-        VMKDC_FLAG_SET(flags, VMKDC_TF_PROXIABLE);
-    }
-
-    /*
-     * Build a TICKET
-     */
-    dwError = VmKdcBuildTicket(pContext,
-                               pEncTicketPart->cname,
-                               pSname,
-                               pSKey,
-                               pSessionKey,
-                               flags,      /* flags */
-                               NULL,       /* transited */
-                               t_start,    /* authtime */
-                               &t_start,   /* starttime */
-                               t_end,      /* endtime */
-                               renew_till, /* renew_till */
-                               NULL,       /* caddr */
-                               NULL,       /* authorization_data */
-                               &pTicket);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-/*  RFC 4120, section 3.3.3, page 40
- *  The ciphertext part of the response in the KRB_TGS_REP message is
- *  encrypted in the sub-session key from the Authenticator, if present,
- *  or in the session key from the TGT.  It is not encrypted using the
- *  client's secret key.  Furthermore, the client's key's expiration date
- *  and the key version number fields are left out since these values are
- *  stored along with the client's database record, and that record is
- *  not needed to satisfy a request based on a TGT.
- */
-
-    /*
-     * Build a TGS-REP
-     */
-    dwError = VmKdcBuildTgsRep(pContext,
-                               pEncTicketPart->cname,
-                               pSname,
-                               pEncTicketPart->key,
-                               pAuthenticator->subkey,
-                               pSessionKey,
-                               pTicket,
-                               NULL,       /* last-req */
-                               nonce,      /* nonce */
-                               NULL,       /* key-expiration (optional) */
-                               flags,      /* flags */
-                               t_start,    /* authtime */
-                               &t_start,   /* starttime */
-                               t_end,      /* endtime */
-                               renew_till, /* renew-till (optional) */
-                               NULL,       /* caddr */
-                               &pTgsRep);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /*
-     * ASN.1 encode the TGS-REP
-     */
-    dwError = VmKdcEncodeTgsRep(pTgsRep, &krbMsg);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-            "Sending TGS-REP for server %s",
-            pszServerName);
-
-    *ppKrbMsg = krbMsg;
-
-error:
-    switch (dwError)
-    {
-        case 0: /* success, don't set error_code */
-            break;
-        case VMKDC_RPC_SERVER_NOTAVAIL:
-            /*
-             * Clear the global masterKey so it can't be used when vmdir is unavailable.
-             */
-            VmKdcTerminateDirectory(pContext->pGlobals);
-            VmKdcdStateSet(VMKDCD_STARTUP);
-            error_code = VMKDC_KDC_ERR_SVC_UNAVAILABLE;
-            break;
-        case ERROR_CANNOT_POSTDATE:
-            error_code = VMKDC_KDC_ERR_CANNOT_POSTDATE;
-            break;
-        case ERROR_NO_PRINC:
-        case ERROR_NO_KEY_ETYPE:
-        default:
-            error_code = VMKDC_KDC_ERR_C_PRINCIPAL_UNKNOWN;
-            break;
-    }
-    if (tgsRequest && pSname && error_code)
-    {
-        dwError = VmKdcBuildKrbError(
-                      tgsRequest->pvno,
-                      NULL, /* ctime */
-                      time(NULL), /* stime */
-                      error_code, /* error_code */
-                      NULL,
-                      NULL,
-                      VMKDC_GET_PTR_DATA(pSname->realm), /* realm */
-                      pSname, /* sname */
-                      NULL, /* e_text */
-                      NULL, /* e_data */
-                      &krbMsg);
-        if (dwError == 0)
-        {
-            *ppKrbMsg = krbMsg;
-
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-                     "Sending KRB-ERROR %d for server %s",
-                     error_code, pszServerName);
-        }
-        else
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                     "Failed to build KRB-ERROR %d for server %s",
-                     error_code, pszServerName);
-        }
-    }
-    else if (dwError)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                 "VmKdcProcessTgsRequest failed, error code: (%u)",
-                 dwError);
-    }
-    VMKDC_SAFE_FREE_DIRECTORY_ENTRY(pDirectoryEntry);
-    VMKDC_SAFE_FREE_DIRECTORY_ENTRY(pServerEntry);
-    VMKDC_SAFE_FREE_TGSREQ(tgsRequest);
-    VMKDC_SAFE_FREE_TGSREP(pTgsRep);
-    VMKDC_SAFE_FREE_APREQ(apReq);
-    VMKDC_SAFE_FREE_ENCTICKETPART(pEncTicketPart);
-    VMKDC_SAFE_FREE_AUTHENTICATOR(pAuthenticator);
-    VMKDC_SAFE_FREE_DATA(pData);
-    VMKDC_SAFE_FREE_KEY(pSessionKey);
-    VMKDC_SAFE_FREE_TICKET(pTicket);
-    VMKDC_SAFE_FREE_DATA(pAsnData);
-    VMKDC_SAFE_FREE_STRINGA(pszServerName);
-
-    return dwError;
-}
diff --git a/lwraft/server/vmkdc/process.h b/lwraft/server/vmkdc/process.h
deleted file mode 100644
index 2058e170c..000000000
--- a/lwraft/server/vmkdc/process.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-// TBD: Adam Put this in the right place (registry?)
-#define VMKDC_TICKET_MAX_LIFETIME (8 * 60 * 60)
-
-DWORD
-VmKdcProcessKdcReq(
-    PVMKDC_CONTEXT pContext,
-    PVMKDC_DATA *ppKrbMsg);
diff --git a/lwraft/server/vmkdc/prototypes.h b/lwraft/server/vmkdc/prototypes.h
deleted file mode 100644
index af7456896..000000000
--- a/lwraft/server/vmkdc/prototypes.h
+++ /dev/null
@@ -1,261 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: Kdc main
- *
- * Filename: prototypes.h
- *
- * Abstract:
- *
- * Kdc main module prototypes
- *
- */
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* auth.c */
-
-ULONG
-ConstructSDForVmKdcServ(
-    PSECURITY_DESCRIPTOR_ABSOLUTE * ppSD
-    );
-
-BOOL
-VmKdcIsRpcOperationAllowed(
-    handle_t pBinding,
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSD,
-    ULONG    ulAccessDesired
-    );
-
-/* init.c */
-
-DWORD
-VmKdcInit(
-    VOID
-    );
-
-DWORD
-VmKdcInitLoop(
-    PVMKDC_GLOBALS pGlobals
-    );
-
-int
-LoadServerGlobals();
-
-/* instance.c */
-
-DWORD
-VmKdcSrvSetupHostInstance(
-    PCSTR pszDomainName,
-    PCSTR pszUsername,
-    PCSTR pszPassword,
-    PCSTR pszSiteName,
-    PCSTR pszServerId,
-    PCSTR pszReplURI,
-    PCSTR pszReplBindDN,
-    PCSTR pszReplBindPassword,
-    PCSTR pszReplBase
-    );
-
-DWORD
-VmKdcSrvSetupTenantInstance(
-    PCSTR pszDomainName,
-    PCSTR pszUsername,
-    PCSTR pszPassword
-    );
-
-/* main.c */
-/*
-DWORD
-VmKdcServiceStartup(
-    VOID
-);
-
-VOID
-VmKdcServiceShutdown(
-    VOID
-);
-*/
-
-/* regconfig.c */
-
-DWORD
-VmKdcSrvUpdateConfig(
-    PVMKDC_GLOBALS pGlobals
-    );
-
-/* rpcmemory.c */
-
-DWORD
-VmKdcRpcAllocateMemory(
-    size_t size,
-    PVOID* ppMemory
-    );
-
-/* rpcstring.c */
-
-DWORD
-VmKdcRpcAllocateStringW(
-    PWSTR  pwszSrc,
-    PWSTR* ppwszDst
-    );
-
-/* service.c */
-
-DWORD
-VmKdcRpcServerInit(
-    VOID
-    );
-
-VOID
-VmKdcRpcServerShutdown(
-    VOID
-    );
-
-DWORD
-VmKdcRpcAuthCallback(
-    PVOID         Context
-);
-
-/* rpc.c */
-
-DWORD
-VmKdcRpcServerStartListen(
-    VOID
-);
-
-DWORD
-VmKdcRpcServerStopListen(
-    VOID
-);
-
-DWORD
-VmKdcRpcServerRegisterIf(
-    rpc_if_handle_t pInterfaceSpec
-);
-
-DWORD
-VmKdcRpcServerUseProtSeq(
-    PCSTR pszProtSeq
-);
-
-DWORD
-VmKdcRpcServerUseProtSeqEp(
-    PCSTR pszProtSeq,
-    PCSTR pszEndpoint
-);
-
-DWORD
-VmKdcRpcServerInqBindings(
-    rpc_binding_vector_p_t* ppServerBindings
-);
-
-DWORD
-VmKdcRpcEpRegister(
-    rpc_binding_vector_p_t pServerBinding,
-    rpc_if_handle_t        pInterfaceSpec,
-    PCSTR                  pszAnnotation
-);
-
-DWORD
-VmKdcRpcServerRegisterAuthInfo(
-    VOID
-);
-
-DWORD
-VmKdcRpcBindingInqAuthClient(
-    rpc_binding_handle_t hClientBinding,
-    rpc_authz_handle_t* pPrivs,
-    PSTR* ppServerPrincName,
-    DWORD* pAuthnLevel,
-    DWORD* pAuthnSvc,
-    DWORD* pAuthzSvc
-);
-
-DWORD
-VmKdcRpcBindingVectorFree(
-    rpc_binding_vector_p_t* ppServerBindings
-);
-
-#ifndef _WIN32
-
-/* signal.c */
-
-VOID
-VmKdcBlockSelectedSignals(
-    VOID
-    );
-
-DWORD
-VmKdcHandleSignals(
-    VOID
-    );
-
-DWORD
-VmKdcInitSignalThread(
-    PVMKDC_GLOBALS pGlobals
-    );
-
-#endif /* ifndef _WIN32 */
-
-VOID
-VmKdcRpcFreeMemory(
-    PVOID pMemory
-    );
-
-/* parseargs.c */
-
-DWORD
-VmKdcParseArgs(
-    int argc,
-    char* argv[],
-    int* pLoggingLevel,
-    PBOOLEAN pbEnableSysLog,
-    PBOOLEAN pbEnableConsole
-);
-
-VOID
-ShowUsage(
-    PSTR pName
-);
-
-/* utils.c */
-
-VOID
-VmKdcdStateSet(
-    VMKDC_SERVER_STATE   state
-);
-
-VMKDC_SERVER_STATE
-VmKdcdState(
-    VOID
-);
-
-#ifdef _WIN32
-DWORD
-VmKdcGetMasterKeyStashFile(
-    _TCHAR *lpMasterKeyStashFile
-);
-#endif
-
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/lwraft/server/vmkdc/regconfig.c b/lwraft/server/vmkdc/regconfig.c
deleted file mode 100644
index 92c063103..000000000
--- a/lwraft/server/vmkdc/regconfig.c
+++ /dev/null
@@ -1,466 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#if defined(_WIN32) && !defined(WIN2008)
-#define NTDDI_VERSION NTDDI_VISTA
-#define _WIN32_WINNT _WIN32_WINNT_VISTA
-#define WINVER _WIN32_WINNT
-#endif
-
-#include "includes.h"
-
-#ifndef _WIN32
-
-#define VmKdcRegOpenServer(phConnection) \
-    RegOpenServer(phConnection)
-
-#define VmKdcRegCloseServer(hConnection) \
-    RegCloseServer(hConnection)
-
-#define VmKdcRegOpenHKLM(hRegConnection, ulOptions,                   \
-                         AccessDesired, phkResult)                    \
-    RegOpenKeyExA(hRegConnection, NULL, HKEY_THIS_MACHINE, ulOptions, \
-                  AccessDesired, phkResult)
-
-#define VmKdcRegCloseKey(hConnection, hKey) \
-    RegCloseKey(hConnection, hKey)
-
-#define VmKdcRegGetValueA(hConnection, hKey, pSubKey, pValue, Flags, pdwType, \
-                          pvData, pcbData)                                    \
-    RegGetValueA(hConnection, hKey, pSubKey, pValue, Flags, pdwType,          \
-                 pvData, pcbData)
-
-#else
-
-#define VmKdcRegOpenServer(phConnection) \
-    ERROR_SUCCESS
-
-#define VmKdcRegCloseServer(hConnection)
-
-#define VmKdcRegOpenHKLM(hRegConnection, ulOptions,    \
-                      AccessDesired, phkResult)        \
-    RegOpenKeyExA(HKEY_LOCAL_MACHINE, NULL, ulOptions, \
-                  AccessDesired, phkResult)
-
-#define VmKdcRegCloseKey(hRegConnection, hKey) \
-    RegCloseKey(hKey)
-
-#define VmKdcRegGetValueA(hConnection, hKey, pSubKey, pValue, Flags, pdwType, \
-                          pvData, pcbData)                                    \
-    RegGetValueA(hKey, pSubKey, pValue, Flags, pdwType,                       \
-                 pvData, pcbData)
-
-#endif
-
-static
-DWORD
-VmKdcRegGetConfig(
-    PCSTR               pszSubKey,
-    PVMKDC_CONFIG_ENTRY pCfgTable,
-    DWORD               dwNumEntries
-    );
-
-static
-DWORD
-VmKdcRegConfigHandleOpen(
-    PVMKDC_CONFIG_CONNECTION_HANDLE *ppCfgHandle
-    );
-
-static
-DWORD
-VmKdcRegConfigGetDword(
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle,
-    PCSTR  pszSubKey,
-    PCSTR  pszKeyName,
-    PDWORD pdwValue
-    );
-
-static
-DWORD
-VmKdcRegConfigGetString(
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle,
-    PCSTR   pszSubKey,
-    PCSTR   pszKeyName,
-    PSTR    *ppszValue
-    );
-
-static
-VOID
-VmKdcRegConfigHandleClose(
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle
-    );
-
-static
-VOID
-VmKdcRegConfigTableFreeContents(
-    PVMKDC_CONFIG_ENTRY pCfgTable,
-    DWORD dwNumEntries
-    );
-
-DWORD
-VmKdcSrvUpdateConfig(
-    PVMKDC_GLOBALS pGlobals
-    )
-{
-    DWORD dwError = 0;
-    VMKDC_CONFIG_ENTRY initTable[] = VMKDC_CONFIG_INIT_TABLE_INITIALIZER;
-    DWORD dwNumEntries = sizeof(initTable)/sizeof(initTable[0]);
-    DWORD iEntry = 0;
-
-    dwError = VmKdcRegGetConfig(
-                VMKDC_CONFIG_PARAMETER_KEY_PATH,
-                initTable,
-                dwNumEntries);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    for (; iEntry < dwNumEntries; iEntry++)
-    {
-        PVMKDC_CONFIG_ENTRY pEntry = &initTable[iEntry];
-
-        if (!VmKdcStringCompareA(
-                pEntry->pszName,
-                VMKDC_REG_KEY_KERBEROS_PORT,
-                TRUE))
-        {
-            pGlobals->iListenPort = pEntry->cfgValue.dwValue;
-        }
-        else if (!VmKdcStringCompareA(
-                pEntry->pszName,
-                VMKDC_REG_KEY_DEFAULT_REALM,
-                TRUE))
-        {
-            dwError = VmKdcAllocateStringA(pEntry->cfgValue.pszValue,
-                                           &pGlobals->pszDefaultRealm);
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-        else if (!VmKdcStringCompareA(
-                pEntry->pszName,
-                VMKDC_REG_KEY_CLOCK_SKEW,
-                TRUE))
-        {
-            pGlobals->iClockSkew = pEntry->cfgValue.dwValue;
-        }
-        else if (!VmKdcStringCompareA(
-                pEntry->pszName,
-                VMKDC_REG_KEY_MAX_LIFE,
-                TRUE))
-        {
-            pGlobals->iMaxLife = pEntry->cfgValue.dwValue;
-        }
-        else if (!VmKdcStringCompareA(
-                pEntry->pszName,
-                VMKDC_REG_KEY_MAX_RENEWABLE_LIFE,
-                TRUE))
-        {
-            pGlobals->iMaxRenewableLife = pEntry->cfgValue.dwValue;
-        }
-    }
-
-cleanup:
-
-    VmKdcRegConfigTableFreeContents(initTable, dwNumEntries);
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-static
-DWORD
-VmKdcRegGetConfig(
-    PCSTR               pszSubKey,
-    PVMKDC_CONFIG_ENTRY pCfgTable,
-    DWORD               dwNumEntries
-    )
-{
-    DWORD dwError = 0;
-    DWORD iEntry = 0;
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle = NULL;
-
-    dwError = VmKdcRegConfigHandleOpen(&pCfgHandle);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    for (; iEntry < dwNumEntries; iEntry++)
-    {
-        PVMKDC_CONFIG_ENTRY pEntry = &pCfgTable[iEntry];
-
-        switch (pEntry->Type)
-        {
-            case VMKDC_CONFIG_VALUE_TYPE_STRING:
-
-                dwError = VmKdcRegConfigGetString(
-                            pCfgHandle,
-                            pszSubKey,
-                            pEntry->pszName,
-                            &pEntry->cfgValue.pszValue);
-                if (dwError != 0)
-                {   // use default value
-                    dwError = VmKdcAllocateStringA(
-                                    pEntry->defaultValue.pszDefault,
-                                    &pEntry->cfgValue.pszValue);
-                    BAIL_ON_VMKDC_ERROR(dwError);
-                }
-                break;
-
-            case VMKDC_CONFIG_VALUE_TYPE_DWORD:
-
-                dwError = VmKdcRegConfigGetDword(
-                            pCfgHandle,
-                            pszSubKey,
-                            pEntry->pszName,
-                            &pEntry->cfgValue.dwValue);
-                if (dwError != 0)
-                {   // use default value
-                    pEntry->cfgValue.dwValue = pEntry->defaultValue.dwDefault;
-                }
-
-                if (pCfgTable[iEntry].cfgValue.dwValue > pCfgTable[iEntry].dwMax)
-                {
-                    VMDIR_LOG_WARNING(
-                            VMDIR_LOG_MASK_ALL,
-                            "Config [%s] value (%d) too big, using (%d).",
-                            pEntry->pszName,
-                            pEntry->cfgValue.dwValue,
-                            pEntry->dwMax);
-
-                    pEntry->cfgValue.dwValue = pEntry->dwMax;
-
-                }
-
-                if (pEntry->cfgValue.dwValue < pEntry->dwMin)
-                {
-                    VMDIR_LOG_WARNING(
-                            VMDIR_LOG_MASK_ALL,
-                            "Config [%s] value (%d) too small, using (%d).",
-                            pEntry->pszName,
-                            pEntry->cfgValue.dwValue,
-                            pEntry->dwMin);
-
-                    pEntry->cfgValue.dwValue = pEntry->dwMin;
-                }
-
-                break;
-
-            case VMKDC_CONFIG_VALUE_TYPE_BOOLEAN:
-
-                dwError = VmKdcRegConfigGetDword(
-                            pCfgHandle,
-                            pszSubKey,
-                            pEntry->pszName,
-                            &pEntry->cfgValue.dwValue);
-
-                if (dwError != 0)
-                {   // use default value
-                    pEntry->cfgValue.dwValue = pEntry->defaultValue.dwDefault;
-                }
-
-                pEntry->cfgValue.dwValue =
-                        pEntry->cfgValue.dwValue == 0 ? FALSE : TRUE;
-
-                break;
-
-            default:
-
-                VMDIR_LOG_ERROR(
-                        VMDIR_LOG_MASK_ALL,
-                        "VmKdcRegConfigProcess key [%s] type (%d) not supported.",
-                        pEntry->pszName,
-                        pEntry->Type);
-
-                break;
-        }
-    }
-
-    dwError = 0;
-
-cleanup:
-
-    if (pCfgHandle)
-    {
-        VmKdcRegConfigHandleClose(pCfgHandle);
-    }
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-static
-DWORD
-VmKdcRegConfigHandleOpen(
-    PVMKDC_CONFIG_CONNECTION_HANDLE *ppCfgHandle)
-{
-    DWORD dwError = 0;
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle = NULL;
-
-    dwError = VmKdcAllocateMemory(
-                sizeof(VMKDC_CONFIG_CONNECTION_HANDLE),
-                (PVOID*)&pCfgHandle);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcRegOpenServer(&pCfgHandle->hConnection);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcRegOpenHKLM(
-                pCfgHandle->hConnection,
-                0,
-                KEY_READ,
-                &pCfgHandle->hKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    *ppCfgHandle = pCfgHandle;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    *ppCfgHandle = NULL;
-
-    if (pCfgHandle)
-    {
-        VmKdcRegConfigHandleClose(pCfgHandle);
-    }
-
-    goto cleanup;
-}
-
-static
-DWORD
-VmKdcRegConfigGetDword(
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle,
-    PCSTR  pszSubKey,
-    PCSTR  pszKeyName,
-    PDWORD pdwValue
-    )
-{
-    DWORD dwError =0;
-    DWORD dwValue = 0;
-    DWORD dwValueSize = sizeof(dwValue);
-
-    dwError = VmKdcRegGetValueA(
-                pCfgHandle->hConnection,
-                pCfgHandle->hKey,
-                pszSubKey,
-                pszKeyName,
-                RRF_RT_REG_DWORD,
-                NULL,
-                (PVOID)&dwValue,
-                &dwValueSize);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    *pdwValue = dwValue;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    *pdwValue = 0;
-
-    goto cleanup;
-}
-
-static
-DWORD
-VmKdcRegConfigGetString(
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle,
-    PCSTR   pszSubKey,
-    PCSTR   pszKeyName,
-    PSTR    *ppszValue)
-{
-    DWORD dwError = 0;
-    char szValue[VMKDC_MAX_CONFIG_VALUE_LENGTH] = {0};
-    DWORD dwszValueSize = sizeof(szValue);
-    PSTR pszValue = NULL;
-
-    dwError = VmKdcRegGetValueA(
-                pCfgHandle->hConnection,
-                pCfgHandle->hKey,
-                pszSubKey,
-                pszKeyName,
-                RRF_RT_REG_SZ,
-                NULL,
-                szValue,
-                &dwszValueSize);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcAllocateStringA(szValue, &pszValue);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    *ppszValue = pszValue;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    *ppszValue = NULL;
-
-    VMKDC_SAFE_FREE_STRINGA(pszValue);
-
-    goto cleanup;
-}
-
-static
-VOID
-VmKdcRegConfigHandleClose(
-    PVMKDC_CONFIG_CONNECTION_HANDLE pCfgHandle
-    )
-{
-    if (pCfgHandle->hKey)
-    {
-        DWORD dwError = VmKdcRegCloseKey(pCfgHandle->hConnection,
-                                         pCfgHandle->hKey);
-        if (dwError != 0)
-        {   // Do not bail, best effort to cleanup.
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                     "VmKdcRegCloseKey failed, Error code: (%u)",
-                     dwError);
-        }
-    }
-
-    VmKdcRegCloseServer(pCfgHandle->hConnection);
-
-    VMKDC_SAFE_FREE_MEMORY(pCfgHandle);
-}
-
-static
-VOID
-VmKdcRegConfigTableFreeContents(
-    PVMKDC_CONFIG_ENTRY pCfgTable,
-    DWORD dwNumEntries
-    )
-{
-    DWORD iEntry = 0;
-
-    for (; iEntry < dwNumEntries; iEntry++)
-    {
-        PVMKDC_CONFIG_ENTRY pEntry = &pCfgTable[iEntry];
-
-        if (pEntry->Type == VMKDC_CONFIG_VALUE_TYPE_STRING)
-        {
-            VMKDC_SAFE_FREE_STRINGA(pEntry->cfgValue.pszValue);
-        }
-    }
-}
diff --git a/lwraft/server/vmkdc/rpc.c b/lwraft/server/vmkdc/rpc.c
deleted file mode 100644
index 676d273ca..000000000
--- a/lwraft/server/vmkdc/rpc.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-static
-PVOID
-VmKdcListenRpcServer(
-    PVOID pInfo
-    );
-
-static
-BOOLEAN
-VmKdcRpcCheckServerIsActive(
-    VOID
-    );
-
-static
-DWORD
-VmKdcStopRpcServer(
-    VOID
-    );
-
-static
-VOID
-VmKdcRpcIfCallbackFn(
-    rpc_if_handle_t InterfaceUuid,
-    PVOID           Context,
-    unsigned32*     status
-    );
-
-DWORD
-VmKdcRpcServerStartListen(
-    VOID
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    int status = 0;
-
-    status = dcethread_create(
-                            &gVmkdcGlobals.pRPCServerThread,
-                            NULL,
-                            VmKdcListenRpcServer,
-                            NULL);
-
-#ifndef _WIN32
-    dwError = LwErrnoToWin32Error(status);
-#else
-    dwError = status;
-#endif
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    while (!VmKdcRpcCheckServerIsActive())
-    {
-        // Wait for RPC Server to come up.
-        VmKdcSleep(1000);
-    }
-
-error:
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcServerStopListen(
-    VOID
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    int status = 0;
-
-    dwError = VmKdcStopRpcServer();
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (gVmkdcGlobals.pRPCServerThread)
-    {
-        status = dcethread_interrupt(
-                        gVmkdcGlobals.pRPCServerThread);
-
-#ifndef _WIN32
-        dwError = LwErrnoToWin32Error(status);
-#else
-        dwError = status;
-#endif
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        status = dcethread_join(
-                        gVmkdcGlobals.pRPCServerThread,
-                        NULL);
-
-#ifndef _WIN32
-        dwError = LwErrnoToWin32Error(status);
-#else
-        dwError = status;
-#endif
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        gVmkdcGlobals.pRPCServerThread = NULL;
-    }
-
-error:
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcServerRegisterIf(
-    rpc_if_handle_t pInterfaceSpec
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_server_register_if_ex(
-            pInterfaceSpec,
-            NULL,
-            NULL,
-            rpc_if_allow_secure_only,
-            rpc_c_listen_max_calls_default,
-            VmKdcRpcIfCallbackFn,
-            &rpcStatus);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcServerUseProtSeq(
-    PCSTR pszProtSeq
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_server_use_protseq(
-            (unsigned char*) pszProtSeq,
-            rpc_c_protseq_max_calls_default,
-            (unsigned32*)&rpcStatus);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcServerUseProtSeqEp(
-    PCSTR pszProtSeq,
-    PCSTR pszEndpoint
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_server_use_protseq_ep(
-            (unsigned char*) pszProtSeq,
-            rpc_c_protseq_max_calls_default,
-            (unsigned char*) pszEndpoint,
-            (unsigned32*)&dwError);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcServerInqBindings(
-    rpc_binding_vector_p_t* ppServerBindings
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_server_inq_bindings(
-            ppServerBindings,
-            (unsigned32*)&rpcStatus);
-
-    dwError = rpcStatus;
-
-     return dwError;
-}
-
-DWORD
-VmKdcRpcEpRegister(
-    rpc_binding_vector_p_t pServerBinding,
-    rpc_if_handle_t        pInterfaceSpec,
-    PCSTR                  pszAnnotation
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_ep_register(
-            pInterfaceSpec,
-            pServerBinding,
-            NULL,
-            (idl_char*)pszAnnotation,
-            (unsigned32*)&rpcStatus);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcServerRegisterAuthInfo(
-    VOID
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_server_register_auth_info (
-            NULL, // Server principal name
-            rpc_c_authn_gss_negotiate, // Authentication service
-            NULL, // Use default key function
-            NULL,
-            &rpcStatus);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcBindingInqAuthClient(
-    rpc_binding_handle_t hClientBinding,
-    rpc_authz_handle_t* pPrivs,
-    PSTR* ppServerPrincName,
-    DWORD* pAuthnLevel,
-    DWORD* pAuthnSvc,
-    DWORD* pAuthzSvc
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_binding_inq_auth_client(
-            hClientBinding,
-            pPrivs, // The data referenced by this parameter is read-only,
-                    // and therefore should not be modified/freed.
-            (unsigned_char_p_t*)ppServerPrincName,
-            pAuthnLevel,
-            pAuthnSvc,
-            pAuthzSvc,
-            &rpcStatus);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcBindingVectorFree(
-    rpc_binding_vector_p_t* ppServerBindings
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    if ( (ppServerBindings == NULL) || ((*ppServerBindings) == NULL) )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    rpc_binding_vector_free(
-            ppServerBindings,
-            &rpcStatus);
-
-    dwError = rpcStatus;
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
-static
-PVOID
-VmKdcListenRpcServer(
-    PVOID pInfo
-    )
-{
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_server_listen(
-        rpc_c_listen_max_calls_default,
-        (unsigned32*)&rpcStatus);
-
-    raise(SIGTERM); // indicate that process must terminate
-
-    return NULL;
-}
-
-static
-BOOLEAN
-VmKdcRpcCheckServerIsActive(
-    VOID
-    )
-{
-    BOOLEAN bIsActive = FALSE;
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    bIsActive = rpc_mgmt_is_server_listening(
-                        NULL,
-                        (unsigned32*)&rpcStatus);
-
-    dwError = rpcStatus;
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-cleanup:
-
-    return bIsActive;
-
-error:
-
-    bIsActive = FALSE;
-
-    goto cleanup;
-}
-
-static
-DWORD
-VmKdcStopRpcServer(
-    VOID
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-    error_status_t rpcStatus = rpc_s_ok;
-
-    rpc_mgmt_stop_server_listening(
-            NULL,
-            (unsigned32*)&rpcStatus);
-
-    dwError = rpcStatus;
-
-    return dwError;
-}
-
-static
-VOID
-VmKdcRpcIfCallbackFn(
-    rpc_if_handle_t InterfaceUuid,
-    PVOID           Context,
-    unsigned32*     status
-    )
-{
-    unsigned32 sts = 0;
-    *status = sts;
-}
diff --git a/lwraft/server/vmkdc/rpcmemory.c b/lwraft/server/vmkdc/rpcmemory.c
deleted file mode 100644
index 56266aae7..000000000
--- a/lwraft/server/vmkdc/rpcmemory.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-DWORD
-VmKdcRpcAllocateMemory(
-    size_t size,
-    PVOID* ppMemory
-    )
-{
-    DWORD dwError = 0;
-    PVOID pMemory = NULL;
-
-    if (size <= 0 || !ppMemory)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    pMemory = rpc_ss_allocate(size);
-    if (!pMemory)
-    {
-        dwError = ERROR_OUTOFMEMORY;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    memset(pMemory,0, size);
-
-    *ppMemory = pMemory;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    if (ppMemory)
-    {
-        *ppMemory = NULL;
-    }
-
-    goto cleanup;
-}
-
-VOID
-VmKdcRpcFreeMemory(
-    PVOID pMemory
-    )
-{
-    DWORD dwError = 0;
-
-    if (pMemory)
-    {
-        rpc_sm_client_free(pMemory, &dwError);
-    }
-}
diff --git a/lwraft/server/vmkdc/rpcserv.c b/lwraft/server/vmkdc/rpcserv.c
deleted file mode 100644
index 4bdd168e0..000000000
--- a/lwraft/server/vmkdc/rpcserv.c
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-UINT32
-VmKdcStartupInstance(
-    handle_t hBinding,
-    unsigned char *arg)
-{
-    DWORD dwError = 0;
-
-   BAIL_ON_VMKDC_ERROR(dwError);
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
-
-UINT32
-VmKdcShutdownInstance(
-    handle_t hBinding,
-    unsigned char *arg)
-{
-    DWORD dwError = 0;
-
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
diff --git a/lwraft/server/vmkdc/rpcstring.c b/lwraft/server/vmkdc/rpcstring.c
deleted file mode 100644
index db3ea292e..000000000
--- a/lwraft/server/vmkdc/rpcstring.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-#ifndef _WIN32
-
-ULONG
-VmKdcRpcAllocateStringW(
-    PWSTR  pwszSrc,
-    PWSTR* ppwszDst
-    )
-{
-    ULONG  ulError = 0;
-    size_t len = 0;
-    PWSTR  pwszDst = NULL;
-
-    if (!pwszSrc || !ppwszDst)
-    {
-        ulError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(ulError);
-    }
-
-    ulError = VmKdcGetStringLengthW(pwszSrc, &len);
-    BAIL_ON_VMKDC_ERROR(ulError);
-
-    ulError = VmKdcRpcAllocateMemory(
-                    sizeof(WCHAR) * (len + 1),
-                    (PVOID*)&pwszDst);
-    BAIL_ON_VMKDC_ERROR(ulError);
-
-    memcpy((PBYTE)pwszDst, (PBYTE)pwszSrc, sizeof(WCHAR) * len);
-
-    *ppwszDst = pwszDst;
-
-cleanup:
-
-    return ulError;
-
-error:
-
-    if (ppwszDst)
-    {
-        *ppwszDst = NULL;
-    }
-
-    if (pwszDst)
-    {
-        VmKdcRpcFreeMemory(pwszDst);
-    }
-
-    goto cleanup;
-}
-
-#endif //#ifndef _WIN32
diff --git a/lwraft/server/vmkdc/service.c b/lwraft/server/vmkdc/service.c
deleted file mode 100644
index a8b46f3d0..000000000
--- a/lwraft/server/vmkdc/service.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-static
-DWORD
-VmKdcRegisterRpcServer(
-    VOID
-    );
-
-static
-DWORD
-VmKdcBindServer(
-    rpc_binding_vector_p_t* server_binding,
-    PVMKDC_RPC_ENDPOINT     pEndPoints,
-    ULONG                   ulCount
-    );
-
-DWORD
-VmKdcRpcServerInit(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-
-    dwError  = VmKdcRegisterRpcServer();
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcRpcServerStartListen();
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
-VOID
-VmKdcRpcServerShutdown(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmKdcRpcServerStopListen();
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-
-    return;
-}
-
-static
-DWORD
-VmKdcRegisterRpcServer(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    VMKDC_RPC_ENDPOINT endpoints[] =
-        {
-#if 0
-            {"ncalrpc", VMKDC_NCALRPC_END_POINT},
-#endif
-            {"ncacn_ip_tcp", VMKDC_RPC_TCP_END_POINT}
-        };
-    DWORD dwEpCount = sizeof(endpoints)/sizeof(endpoints[0]);
-    rpc_if_handle_t pInterfaceSpec = vmkdc_v1_0_s_ifspec;
-    rpc_binding_vector_p_t pServerBinding = NULL;
-
-    dwError = VmKdcRpcServerRegisterIf(pInterfaceSpec);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-        "VMware Kdc Service registered successfully.");
-
-    dwError = VmKdcBindServer(
-                      &pServerBinding,
-                      endpoints,
-                      dwEpCount);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-        "VMware Kdc Service bound successfully.");
-
-#ifndef _WIN32
-    dwError = VmKdcRpcEpRegister(
-        pServerBinding,
-        pInterfaceSpec,
-        "VMware Kdc Service"
-    );
-    BAIL_ON_VMKDC_ERROR(dwError);
-#endif
-
-    VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-        "RPC Endpoints registered successfully.");
-
-#ifndef _WIN32
-/*
- * XXX
- * TODO: this does not work yet with DCERPC-WIN32 for release builds
- * FIXME
- */
-    dwError = VmKdcRpcServerRegisterAuthInfo();
-    BAIL_ON_VMKDC_ERROR(dwError);
-#endif
-
-error:
-
-    if( pServerBinding != NULL )
-    {
-        VmKdcRpcBindingVectorFree( &pServerBinding );
-    }
-
-    return dwError;
-}
-
-static
-DWORD
-VmKdcBindServer(
-    rpc_binding_vector_p_t* server_binding,
-    PVMKDC_RPC_ENDPOINT     pEndPoints,
-    ULONG                   ulCount
-    )
-{
-    DWORD dwError = 0;
-    DWORD iEP = 0;
-
-    /*
-     * Prepare the server binding handle
-     * use all avail protocols (UDP and TCP). This basically allocates
-     * new sockets for us and associates the interface UUID and
-     * object UUID of with those communications endpoints.
-     */
-    for (iEP = 0; iEP < ulCount; iEP++)
-    {
-        if (!pEndPoints[iEP].pszEndPointName)
-        {
-            dwError = VmKdcRpcServerUseProtSeq(
-                pEndPoints[iEP].pszEndPointType);
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-        else
-        {
-            dwError = VmKdcRpcServerUseProtSeqEp(
-                pEndPoints[iEP].pszEndPointType,
-                pEndPoints[iEP].pszEndPointName);
-            BAIL_ON_VMKDC_ERROR(dwError);
-        }
-    }
-
-    dwError = VmKdcRpcServerInqBindings( server_binding );
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-
-    return dwError;
-}
-
-DWORD
-VmKdcRpcAuthCallback(
-    PVOID         Context
-    )
-{
-    rpc_authz_handle_t hPrivs = NULL;
-    DWORD dwAuthnLevel = 0;
-    DWORD dwAuthnSvc = 0;
-    DWORD dwAuthzSvc = 0;
-    DWORD dwError = ERROR_SUCCESS;
-
-    dwError = VmKdcRpcBindingInqAuthClient(
-            Context,
-            &hPrivs, // The data referenced by this parameter is read-only,
-                     // and therefore should not be modified/freed.
-            NULL,    // ServerPrincipalName - we don't need it
-            &dwAuthnLevel,
-            &dwAuthnSvc,
-            &dwAuthzSvc);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VMDIR_LOG_INFO(
-            VMDIR_LOG_MASK_ALL,
-            "Authentication Level = %d, Authentication Service = %d,"
-            "Authorization Service = %d.",
-            dwAuthnLevel,
-            dwAuthnSvc,
-            dwAuthzSvc);
-
-    // Now check the authentication level. We require at least packet-level
-    // authentication.
-    if (dwAuthnLevel < rpc_c_authn_level_pkt)
-    {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-            "Attempt by client to use weak authentication.");
-
-        dwError = ERROR_ACCESS_DENIED;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-error:
-
-    return dwError;
-}
diff --git a/lwraft/server/vmkdc/shutdown.c b/lwraft/server/vmkdc/shutdown.c
deleted file mode 100644
index 781b6d7f9..000000000
--- a/lwraft/server/vmkdc/shutdown.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-static
-VOID
-VmKdcStopSrvThreads(
-    VOID);
-
-
-static
-VOID
-VmKdcCleanupGlobals(
-    PVMKDC_GLOBALS pGlobals);
-    
-
-/*
- * Server shutdown
- */
-VOID
-VmKdcShutdown(
-    VOID)
-{
-    PVMKDC_GLOBALS pGlobals = &gVmkdcGlobals;
-#if 0
-    VmKdcRpcServerShutdown();
-#endif
-
-    // Free gVmkdcGlobals.pSrvThrInfo
-    VmKdcStopSrvThreads();
-
-    /* Synchronize with KDC thread it is really gone */
-    pthread_mutex_lock(&pGlobals->mutex);
-    while (pGlobals->vmkdcdState == VMKDC_STOPPING)
-    {
-        pthread_cond_wait(&pGlobals->stateCond,
-                          &pGlobals->mutex);
-    }
-    pthread_mutex_unlock(&pGlobals->mutex);
-
-#ifndef _WIN32
-    VmKdcSrvCloseSocketAcceptFd();
-#endif
-
-    VmKdcTerminateDirectory(&gVmkdcGlobals);
-
-    VmKdcDestroyKrb5(gVmkdcGlobals.pKrb5Ctx);
-
-    VmKdcCleanupGlobals(&gVmkdcGlobals);
-}
-
-static
-VOID
-VmKdcStopSrvThreads(
-    VOID)
-{
-#if 0
-    PVMKDC_THREAD_INFO   pThrInfo = NULL;
-
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-
-    pThrInfo = gVmkdcGlobals.pSrvThrInfo;
-
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-
-    // do shutdown outside lock as mutex is used for other resources too
-    while (pThrInfo)
-    {
-        PVMKDC_THREAD_INFO pNext = pThrInfo->pNext;
-
-        VmKdcSrvThrShutdown(pThrInfo); // this free pThrInfo
-        pThrInfo = pNext;
-    }
-#endif
-
-    return;
-}
-
-static
-VOID
-VmKdcCleanupGlobals(
-    PVMKDC_GLOBALS pGlobals
-    )
-{
-    // Free Server global 'gVmkdcServerGlobals' upon shutdown
-    pthread_mutex_destroy(&pGlobals->mutex);
-// Adam: TBD VmKdcFreeAbsoluteSecurityDescriptor(&gVmkdcGlobals.gpVmKdcSrvSD);
-}
diff --git a/lwraft/server/vmkdc/signal.c b/lwraft/server/vmkdc/signal.c
deleted file mode 100644
index 62d28704e..000000000
--- a/lwraft/server/vmkdc/signal.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: main
- *
- * Filename: signal.c
- *
- * Abstract: VMware Kdc Service.
- *
- * Signal handling
- *
- */
-
-#include "includes.h"
-
-#ifndef _WIN32
-
-static
-VOID
-VmKdcInterruptHandler(
-    int Signal
-    );
-
-VOID
-VmKdcBlockSelectedSignals(
-    VOID
-    )
-{
-    sigset_t default_signal_mask;
-
-    sigemptyset(&default_signal_mask);
-    sigaddset(&default_signal_mask, SIGINT);
-    sigaddset(&default_signal_mask, SIGTERM);
-    sigaddset(&default_signal_mask, SIGHUP);
-    sigaddset(&default_signal_mask, SIGQUIT);
-    sigaddset(&default_signal_mask, SIGPIPE);
-
-    pthread_sigmask(SIG_BLOCK,  &default_signal_mask, NULL);
-}
-
-DWORD
-VmKdcHandleSignals(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    struct sigaction action;
-    sigset_t catch_signal_mask;
-    int which_signal = 0;
-    int sysRet = 0;
-
-    // After starting up threads, we now want to handle SIGINT async
-    // instead of using sigwait() on it.  The reason for this is so
-    // that a debugger (such as gdb) can break in properly.
-    // See http://sourceware.org/ml/gdb/2007-03/msg00145.html and
-    // http://bugzilla.kernel.org/show_bug.cgi?id=9039.
-
-    memset(&action, 0, sizeof(action));
-    action.sa_handler = VmKdcInterruptHandler;
-
-    sysRet = sigaction(SIGINT, &action, NULL);
-    dwError = (sysRet != 0) ? errno : 0;
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    // Unblock SIGINT
-    sigemptyset(&catch_signal_mask);
-    sigaddset(&catch_signal_mask, SIGINT);
-
-    dwError = pthread_sigmask(SIG_UNBLOCK, &catch_signal_mask, NULL);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    // These should already be blocked...
-    sigemptyset(&catch_signal_mask);
-    sigaddset(&catch_signal_mask, SIGTERM);
-    sigaddset(&catch_signal_mask, SIGQUIT);
-    sigaddset(&catch_signal_mask, SIGHUP);
-    sigaddset(&catch_signal_mask, SIGPIPE);
-
-    while (1)
-    {
-        /* Wait for a signal to arrive */
-        sigwait(&catch_signal_mask, &which_signal);
-
-        switch (which_signal)
-        {
-            case SIGINT:
-            case SIGQUIT:
-            case SIGTERM:
-            {
-                VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Handled SIG[%d]\n",which_signal);
-                goto error;
-            }
-            case SIGPIPE:
-            {
-                VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Handled SIGPIPE");
-                break;
-            }
-            case SIGHUP:
-            {
-                break;
-            }
-            default:
-                break;
-        }
-    }
-
-error:
-
-    return dwError;
-}
-
-static
-VOID
-VmKdcInterruptHandler(
-    int Signal
-    )
-{
-    if (Signal == SIGINT) {
-        raise(SIGTERM);
-    }
-}
-
-static
-PVOID
-VmKdcSignalService(
-    PVOID pInfo)
-{
-    VmKdcHandleSignals();
-
-    VmKdcdStateSet(VMKDC_STOPPING);
-
-    return NULL;
-}
-
-DWORD
-VmKdcInitSignalThread(
-    PVMKDC_GLOBALS pGlobals)
-{
-    DWORD dwError = 0;
-    int   sts = 0;
-
-    sts = pthread_create(
-            &pGlobals->thread,
-            NULL,
-            VmKdcSignalService,
-            pGlobals);
-    if (sts)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-error:
-
-    return dwError;
-}
-#endif
diff --git a/lwraft/server/vmkdc/srvthr.c b/lwraft/server/vmkdc/srvthr.c
deleted file mode 100644
index 30afc0a26..000000000
--- a/lwraft/server/vmkdc/srvthr.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: Vmkdc main
- *
- * Filename: srvthr.c
- *
- * Abstract: Routines to handle server threads start/stop
- *
- */
-#include "includes.h"
-
-#if 0
-VOID
-VmKdcSrvThrAdd(
-    PVMKDC_THREAD_INFO   pThrInfo
-    )
-{
-    BOOLEAN bInLock = FALSE;
-
-    assert(pThrInfo);
-
-    VMKDC_LOCK_MUTEX(bInLock, gVmkdcGlobals.mutex);
-
-    if (gVmkdcGlobals.pSrvThrInfo)
-    {
-        pThrInfo->pNext = gVmkdcGlobals.pSrvThrInfo;
-    }
-    gVmkdcGlobals.pSrvThrInfo = pThrInfo;
-
-    VMKDC_UNLOCK_MUTEX(bInLock, gVmkdcGlobals.mutex);
-}
-
-VOID
-VmKdcSrvThrInit(
-    PVMKDC_THREAD_INFO   pThrInfo,
-    PVMKDC_MUTEX        pAltMutex,
-    PVMKDC_COND         pAltCond,
-    BOOLEAN             bJoinFlag
-    )
-{
-    assert (pThrInfo);
-
-    if (pAltMutex && pAltMutex != pThrInfo->mutex)
-    {
-        pThrInfo->mutexUsed = pAltMutex;
-    }
-    else
-    {
-        VmKdcAllocateMutex(&pThrInfo->mutex);
-        pThrInfo->mutexUsed = pThrInfo->mutex;
-    }
-
-    if (pAltCond && pAltCond != pThrInfo->condition)
-    {
-        pThrInfo->conditionUsed = pAltCond;
-    }
-    else
-    {
-        VmKdcAllocateCondition(&pThrInfo->condition);
-        pThrInfo->conditionUsed = pThrInfo->condition;
-    }
-
-    pThrInfo->bJoinThr = bJoinFlag;
-
-    return;
-}
-
-
-VOID
-VmKdcSrvThrFree(
-    PVMKDC_THREAD_INFO   pThrInfo
-    )
-{
-    assert(pThrInfo);
-
-    if (pThrInfo->conditionUsed && pThrInfo->conditionUsed == pThrInfo->condition)
-    {
-        VMKDC_SAFE_FREE_CONDITION(pThrInfo->condition);
-        pThrInfo->conditionUsed = NULL;
-    }
-
-    if (pThrInfo->mutexUsed && pThrInfo->mutexUsed == pThrInfo->mutex)
-    {
-        VMKDC_SAFE_FREE_MUTEX( pThrInfo->mutex );
-        pThrInfo->mutexUsed = NULL;
-    }
-
-    VmKdcFreeVmKdcThread( &(pThrInfo->tid) );
-
-    VMKDC_SAFE_FREE_MEMORY(pThrInfo);
-}
-#endif
-
-VOID
-VmKdcSrvThrShutdown(
-    PVMKDC_THREAD_INFO   pThrInfo
-    )
-{
-#if 0
-    assert(pThrInfo);
-
-    VmKdcSrvThrSignal(pThrInfo);
-
-    if (pThrInfo->bJoinThr)
-    {
-        VmKdcThreadJoin(&pThrInfo->tid, NULL);
-    }
-
-    VmKdcSrvThrFree(pThrInfo);
-#endif
-}
-
-
-#if 0
-VOID
-VmKdcSrvThrSignal(
-    PVMKDC_THREAD_INFO   pThrInfo
-    )
-{
-    BOOLEAN bInLock = FALSE;
-
-    assert(pThrInfo);
-
-    if (pThrInfo->mutexUsed && pThrInfo->conditionUsed)
-    {
-        VMKDC_LOCK_MUTEX(bInLock, pThrInfo->mutexUsed);
-
-        VmKdcConditionSignal(pThrInfo->conditionUsed);
-
-        VMKDC_UNLOCK_MUTEX(bInLock, pThrInfo->mutexUsed);
-    }
-
-    return;
-}
-#endif
diff --git a/lwraft/server/vmkdc/structs.h b/lwraft/server/vmkdc/structs.h
deleted file mode 100644
index 5fee29f68..000000000
--- a/lwraft/server/vmkdc/structs.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: Kdc Main
- *
- * Filename: structs.h
- *
- * Abstract:
- *
- * Kdc Main module
- *
- * Private Structures
- *
- */
-
-typedef enum
-{
-    VMKDC_CONFIG_VALUE_TYPE_STRING = 0,
-    VMKDC_CONFIG_VALUE_TYPE_DWORD,
-    VMKDC_CONFIG_VALUE_TYPE_BOOLEAN
-} VMKDC_CONFIG_VALUE_TYPE;
-
-typedef struct _VMKDC_RPC_ENDPOINT
-{
-    PCSTR pszEndPointType;
-    PCSTR pszEndPointName;
-} VMKDC_RPC_ENDPOINT, *PVMKDC_RPC_ENDPOINT;
-
-#ifdef _WIN32
-
-typedef struct _VMKDC_NTSERVICE_DATA
-{
-    SERVICE_STATUS_HANDLE hServiceStatus;
-    HANDLE stopServiceEvent;
-} VMKDC_NTSERVICE_DATA, *PVMKDC_NTSERVICE_DATA;
-
-#endif
-
-typedef struct _VMKDC_CONFIG_CONNECTION_HANDLE
-{
-#ifndef _WIN32
-    HANDLE hConnection;
-#endif
-    HKEY hKey;
-} VMKDC_CONFIG_CONNECTION_HANDLE, *PVMKDC_CONFIG_CONNECTION_HANDLE;
-
-typedef struct _VMKDC_CONFIG_ENTRY
-{
-    PCSTR   pszName;
-    VMKDC_CONFIG_VALUE_TYPE Type;
-#ifdef _WIN32
-    DWORD RegDataType;
-#else
-    REG_DATA_TYPE RegDataType;    //Corresponding likewise type
-#endif
-    DWORD dwMin;                  //DWORD type min value
-    DWORD dwMax;                  //DWORD type max value
-    struct
-    {
-        DWORD dwDefault;          //DWORD type default value
-        PSTR  pszDefault;         //SZ type default value
-    } defaultValue;
-    struct
-    {
-        DWORD dwValue;            //DWORD type value
-        // User own this memory
-        PSTR  pszValue;           //SZ type value
-    } cfgValue;
-} VMKDC_CONFIG_ENTRY, *PVMKDC_CONFIG_ENTRY;
diff --git a/lwraft/server/vmkdc/utils.c b/lwraft/server/vmkdc/utils.c
deleted file mode 100644
index a321e07dd..000000000
--- a/lwraft/server/vmkdc/utils.c
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#include "includes.h"
-
-VOID
-VmKdcdStateSet(
-    VMKDC_SERVER_STATE   state)
-{
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-    gVmkdcGlobals.vmkdcdState = state;
-    pthread_cond_signal(&gVmkdcGlobals.stateCond);
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Vmkdc: VmKdcdStateSet(%d)", state);
-}
-
-VMKDC_SERVER_STATE
-VmKdcdState(
-    VOID
-    )
-{
-    VMKDC_SERVER_STATE rtnState;
-
-    pthread_mutex_lock(&gVmkdcGlobals.mutex);
-    rtnState = gVmkdcGlobals.vmkdcdState;
-    pthread_mutex_unlock(&gVmkdcGlobals.mutex);
-
-    return rtnState;
-}
-
-#ifdef _WIN32
-/*
- * Get the filename of the master key stash file, i.e.,
- * %PROGRAMDATA%\VMware\CIS\cfg\%COMPONENT%\principal-masterkey.stash
- * which usually expands to 
- * C:\ProgramData\VMware\CIS\cfg\vmkdc\principal-masterkey.stash
- */
-DWORD
-VmKdcGetMasterKeyStashFile(_TCHAR *lpMasterKeyStashFile)
-{
-    DWORD   dwError              = 0;
-#ifdef WIN2008
-    const   _TCHAR vmkdcMasterKeyStashFile[]    = _T("\\VMware\\CIS\\cfg\\vmkdcd\\principal-masterkey.stash");
-#else
-    const   _TCHAR vmkdcMasterKeyStashFile[]    = _T("\\Application Data\\VMware\\CIS\\cfg\\vmkdcd\\principal-masterkey.stash");
-#endif
-    size_t  vmkdcMasterKeyStashFileLen          = VmKdcStringLenA(vmkdcMasterKeyStashFile);
-    size_t  vmkdcSchemaFilePrefixLen        = 0 ;
-
-#ifdef WIN2008
-    dwError =  GetEnvironmentVariable(
-        _T("PROGRAMDATA"),          // __in_opt   LPCTSTR lpName,
-        lpMasterKeyStashFile,       // __out_opt  LPTSTR lpBuffer,
-        MAX_PATH                    // __in       DWORD nSize
-    );
-#else
-    dwError =  GetEnvironmentVariable(
-        _T("ALLUSERSPROFILE"),      // __in_opt   LPCTSTR lpName,
-        lpMasterKeyStashFile,       // __out_opt  LPTSTR lpBuffer,
-        MAX_PATH                    // __in       DWORD nSize
-    );
-#endif
-    BAIL_ON_VMKDC_ERROR(0 == dwError);
-    dwError = ERROR_SUCCESS;
-
-    vmkdcSchemaFilePrefixLen = VmKdcStringLenA(lpMasterKeyStashFile);
-
-    if ( vmkdcSchemaFilePrefixLen + vmkdcMasterKeyStashFileLen < MAX_PATH )
-    {
-        dwError = VmKdcStringCatA(lpMasterKeyStashFile, MAX_PATH, vmkdcMasterKeyStashFile);
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    else // path too long
-    {
-        dwError = ERROR_BUFFER_OVERFLOW;    // The file name is too long.
-                                            // In WinError.h, this error message maps to
-                                            // ERROR_BUFFER_OVERFLOW. Not very
-                                            // straight forward, though.
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-error:
-    return dwError;
-}
-#endif
diff --git a/lwraft/server/vmkdc_mit_tools/Makefile.am b/lwraft/server/vmkdc_mit_tools/Makefile.am
deleted file mode 100644
index 18405c1a2..000000000
--- a/lwraft/server/vmkdc_mit_tools/Makefile.am
+++ /dev/null
@@ -1,73 +0,0 @@
-thirdparty_srcdir = $(top_srcdir)/../lwraft/thirdparty
-thirdparty_builddir = $(top_builddir)/../../lwraft/build/thirdparty
-
-noinst_PROGRAMS = \
-    parsedb \
-    testcrypto
-
-#noinst_PROGRAMS = \
-#    parsedb \
-#    ktdump \
-#    testcrypto \
-#    krb5keys-test
-
-MIT_TOOLS_INCLUDES = \
-    -I$(top_srcdir)/server/vmkdc \
-    -I$(top_srcdir)/server/kdctools \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/server/tools \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/vmkrb5 \
-    -I$(thirdparty_srcdir)/heimdal \
-    -I$(thirdparty_srcdir)/heimdal/krb5-crypto \
-    -I$(thirdparty_srcdir)/heimdal/asn1 \
-    -I$(top_srcdir)/server/vmkdc \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-MIT_TOOLS_LDADD = \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/server/kdctools/libvmkdctools.la \
-    $(top_builddir)/server/kdckrb5/libvmkrb5.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/common/libcommon.la \
-    $(thirdparty_builddir)/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(thirdparty_builddir)/heimdal/asn1/libasn1db.la \
-    $(thirdparty_builddir)/heimdal/asn1/libasn1.la \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @LWBASE_LIBS@ \
-    @PTHREAD_LIBS@
-
-MIT_TOOLS_LD_FLAGS = \
-    @LW_LDFLAGS@ \
-    @OPENSSL_LDFLAGS@
-
-# # ---- krb5keys-test ----
-# krb5keys_test_SOURCES = krb5keys-test.c
-# krb5keys_test_CPPFLAGS = $(MIT_TOOLS_INCLUDES)
-# krb5keys_test_LDADD = $(MIT_TOOLS_LDADD)
-# krb5keys_test_LDFLAGS = $(MIT_TOOLS_LD_FLAGS)
-# 
-# ---- parsedb ----
-parsedb_SOURCES = parsedb.c
-parsedb_CPPFLAGS = $(MIT_TOOLS_INCLUDES)
-parsedb_LDADD = $(MIT_TOOLS_LDADD)
-parsedb_LDFLAGS = $(MIT_TOOLS_LD_FLAGS)
-
-# # ---- ktdump ----
-# ktdump_SOURCES = ktdump.c
-# ktdump_CPPFLAGS = $(MIT_TOOLS_INCLUDES)
-# ktdump_LDADD = $(MIT_TOOLS_LDADD)
-# ktdump_LDFLAGS = $(MIT_TOOLS_LD_FLAGS)
-# 
-# ---- testcrypto ----
-testcrypto_SOURCES = test-crypto.c
-testcrypto_LDADD = $(MIT_TOOLS_LDADD)
-testcrypto_CPPFLAGS = \
-    -DHEIMDAL_SMALLER \
-    $(MIT_TOOLS_INCLUDES)
-testcrypto_LDFLAGS = $(MIT_TOOLS_LD_FLAGS)
diff --git a/lwraft/server/vmkdc_mit_tools/parsedb.c b/lwraft/server/vmkdc_mit_tools/parsedb.c
deleted file mode 100644
index 62eb1f912..000000000
--- a/lwraft/server/vmkdc_mit_tools/parsedb.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-
-int ldap_syslog = 0;
-int slap_debug = 0;
-
-void printBufInHex(unsigned char *buf, int len)
-{
-    int i = 0;
-    for (i=0; i<len; i++)
-    {
-        printf("%02x", buf[i]);
-    }
-}
-
-/* TBD: change name to KeySet */
-void printKeyEntry(char *princName, PVMKDC_KEYSET pKeyEntry)
-{
-    int i;
-
-    for (i=0; i<pKeyEntry->numKeys; i++)
-    {
-        printf("Principal:	%s	", princName);
-        printf("    key[%d]: type=%-2d kvno=%-2d len=%-3d ", 
-               i, 
-               pKeyEntry->encKeys[i]->keytype, 
-               pKeyEntry->encKeys[i]->encdata->kvno, 
-               VMKDC_GET_LEN_DATA(pKeyEntry->encKeys[i]->encdata->data));
-        printBufInHex(VMKDC_GET_PTR_DATA(pKeyEntry->encKeys[i]->encdata->data), 
-                      VMKDC_GET_LEN_DATA(pKeyEntry->encKeys[i]->encdata->data));
-        printf("\n");
-    }
-}
-
-int main(int argc, char *argv[])
-{
-    char *line = NULL;
-    char *princName = NULL;
-    FILE *infp = NULL;
-    PVMKDC_KEYSET key = NULL;
-    int i=0;
-    int sts = 0;
-
-    if (argc == 1)
-    {
-        fprintf(stderr, "usage: %s dumpfile\n", argv[0]);
-        return 1;
-    }
-
-    sts =  VmKdcGetUpnKeysMitDb(
-               "K/M@",
-               argv[1],
-               &princName,
-               &key);
-    if (sts == 0)
-    {
-        printKeyEntry(princName, key);
-        free(princName);
-        princName = NULL;
-        VMKDC_SAFE_FREE_KEYSET(key);
-    }
-
-    infp = fopen(argv[1], "r");
-    if (!infp)
-    {
-        fprintf(stderr, "fopen(%s) failed\n", argv[1]);
-        return 1;
-    }
-    line = fgets_long(infp);
-    while (line)
-    {
-        i++;
-        if (princName)
-        {
-            free(princName);
-            princName = NULL;
-        }
-        sts = tokenizeLine(line, &princName, &key);
-        if (sts == 0 && princName && key)
-        {
-            printKeyEntry(princName, key);
-            printf("\n");
-        }
-        VMKDC_SAFE_FREE_KEYSET(key);
-        free(line);
-        line = fgets_long(infp);
-    }
-
-    if (infp)
-    {
-        fclose(infp);
-    }
-    if (line)
-    {
-        free(line);
-    }
-    if (princName)
-    {
-        free(princName);
-    }
-
-    return 0;
-}
diff --git a/lwraft/server/vmkdc_mit_tools/test-crypto.c b/lwraft/server/vmkdc_mit_tools/test-crypto.c
deleted file mode 100644
index a18d412cc..000000000
--- a/lwraft/server/vmkdc_mit_tools/test-crypto.c
+++ /dev/null
@@ -1,364 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-#if 0
-#include <vmkrb5/types.h>
-#include <vmkrb5/structs.h>
-#include <vmkrb5/prototypes.h>
-
-
-#define DWORD int
-#include "parsekt.h"
-#include "fgetsl.h"
-#include "princtok.h"
-#endif
-
-#define SEARCH_PRINC_NAME "K/M";
-
-int ldap_syslog = 0;
-int slap_debug = 0;
-VMKDC_GLOBALS gVmkdcGlobals = {};
-
-typedef struct _PROG_ARGS
-{
-    char *keytabFile;
-    char *princDbFile;
-    char *princName;
-    char *plainText;
-} PROG_ARGS;
-
-
-void
-usage(char *argv0, char *msg)
-{
-    printf("usage: %s --keytab-file ktfile [--princdb-file princ_file] [--princ-name princ] [--plaintext \"string\"] [--help | -h]\n", argv0);
-
-    if (msg)
-    {
-        printf("%s\n", msg);
-    }
-    exit(1);
-}
-
-void
-parseArgs(int argc, char *argv[], PROG_ARGS *args)
-{
-    int i;
-
-    i = 1;
-    while (i<argc)
-    {
-        if (strcmp("--keytab-file", argv[i]) == 0)
-        {
-            i++;
-            if (i >= argc)
-            {
-                usage(argv[0], "--keytab-file missing argument");
-            }
-            args->keytabFile = strdup(argv[i]);
-            i++;
-        }
-        else if (strcmp("--princdb-file", argv[i]) == 0)
-        {
-            i++;
-            if (i >= argc)
-            {
-                usage(argv[0], "--princdb-file missing argument");
-            }
-            args->princDbFile = strdup(argv[i]);
-            i++;
-        }
-        else if (strcmp("--princ-name", argv[i]) == 0)
-        {
-            i++;
-            if (i >= argc)
-            {
-                usage(argv[0], "--princ-name missing argument");
-            }
-            args->princName = strdup(argv[i]);
-            i++;
-        }
-        else if (strcmp("--plaintext", argv[i]) == 0)
-        {
-            i++;
-            if (i >= argc)
-            {
-                usage(argv[0], "--plaintext missing argument");
-            }
-            args->plainText = strdup(argv[i]);
-            i++;
-        }
-        else if (strcmp("--help", argv[i]) == 0 || strcmp("-h", argv[i]))
-        {
-            i++;
-            usage(argv[0], NULL);
-        }
-        else
-        {
-            usage(argv[0], argv[i]);
-        }
-    }
-}
-
-
-DWORD
-encryptDecryptText(
-    PVMKDC_CRYPTO krb5Crypto,
-    char *plainText)
-{
-    DWORD dwError = 0;
-    PVMKDC_DATA plainTextData = NULL;
-    PVMKDC_DATA cipherTextData = NULL;
-    PVMKDC_DATA decryptedTextData = NULL;
-    int i;
-    int len;
-    unsigned char *data;
-
-    dwError = VmKdcAllocateDataString(plainText, &plainTextData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcCryptoEncrypt(
-                krb5Crypto,
-                0, // key usage
-                plainTextData,
-                &cipherTextData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    data = VMKDC_GET_PTR_DATA(cipherTextData);
-    len = VMKDC_GET_LEN_DATA(cipherTextData);
-
-    printf("\nEncrypted result: length=%d\n", len);
-    for (i=0; i<len; i++)
-    {
-        printf("%02x", data[i]);
-    }
-    printf("\n");
-    printf("\n");
-
-
-    dwError = VmKdcCryptoDecrypt(
-                  krb5Crypto,
-                  0,
-                  cipherTextData,
-                  &decryptedTextData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-    len = VMKDC_GET_LEN_DATA(decryptedTextData);
-    data = VMKDC_GET_PTR_DATA(decryptedTextData);
-    printf("Decrypted result: length=%d <%.*s>\n", len, len, (char *) data);
-
-error:
-    return dwError;
-}
-
-
-DWORD
-decryptPrincKey(PVMKDC_CRYPTO krb5Crypto,
-                PVMKDC_KEY princKey)
-{
-    DWORD dwError = 0;
-    PVMKDC_DATA encKey = {0};
-    PVMKDC_DATA decKey = {0};
-    unsigned char *cipherData;
-    int i;
-    int len;
-
-    dwError = VmKdcAllocateData(
-                  VMKDC_GET_PTR_DATA(princKey->data),
-                  VMKDC_GET_LEN_DATA(princKey->data),
-                  &encKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcCryptoDecrypt(
-                  krb5Crypto,
-                  0,
-                  encKey,
-                  &decKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    cipherData = VMKDC_GET_PTR_DATA(decKey);
-    len = VMKDC_GET_LEN_DATA(decKey);
-    printf("Decrypted key: len=%d\n", (int) len);
-    for (i=0; i<len; i++)
-    {
-        printf("%02x", cipherData[i]);
-    }
-    printf("\n");
-
-error:
-    if (dwError)
-    {
-        printf("decryptPrincKey: failed %d\n", dwError);
-    }
-    return dwError;
-}
-
-int main(int argc, char *argv[])
-{
-    DWORD dwError = 0;
-    PVMKDC_KEYSET dbEntry = NULL;
-    FILE *indb = NULL;
-    char *line = NULL;
-    int sts = 0;
-    int i;
-    unsigned char *cipherData;
-    PROG_ARGS progArgs = {0};
-    char *keytabFile = NULL;
-    char *princDbFile = NULL;
-    char *plainText = NULL;
-    char *searchPrincName = SEARCH_PRINC_NAME;
-    char *princName = NULL;
-    int bSearchPrincName = FALSE;
-    PVMKDC_MIT_KEYTAB_FILE ktData = NULL;
-    PVMKDC_KRB5_CONTEXT krb5Ctx = NULL;
-    PVMKDC_KEY vmkdcMasterKey = NULL;
-    PVMKDC_KEY princKey = NULL;
-    PVMKDC_CRYPTO krb5Crypto = NULL;
-    PVMKDC_KEYTAB_HANDLE pKtHandle = NULL;
-
-    dwError = VmKdcInitKrb5(&gVmkdcGlobals.pKrb5Ctx);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    parseArgs(argc, argv, &progArgs);
-    if (!progArgs.keytabFile)
-    {
-        usage(argv[0], "No keytab file specified");
-    }
-    keytabFile = progArgs.keytabFile;
-
-    if (progArgs.princDbFile)
-    {
-        princDbFile = progArgs.princDbFile;
-    }
-    if (progArgs.princName)
-    {
-        searchPrincName = progArgs.princName;
-    }
-    if (progArgs.plainText)
-    {
-        plainText = progArgs.plainText;
-    }
-
-    if (princDbFile)
-    {
-        indb = fopen(princDbFile, "rb");
-        if (!indb)
-        {
-            perror("fopen(indb)");
-            return 1;
-        }
-    }
-
-    dwError = VmKdcParseKeyTabOpen(
-                  keytabFile,
-                  "r",
-                  &pKtHandle);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    sts = VmKdcParseKeyTabRead(pKtHandle, &ktData);
-    if (sts)
-    {
-        printf("VmKDcParseKeyTabFile: failed %d\n", sts);
-        return 1;
-    }
-    printf("Master Key: keytype=%d keylen=%d\n", 
-           ktData->key->type, VMKDC_GET_LEN_DATA(ktData->key->data));
-
-    cipherData = (unsigned char *) VMKDC_GET_PTR_DATA(ktData->key->data);
-    for (i=0; i<VMKDC_GET_LEN_DATA(ktData->key->data); i++)
-    {
-        printf("%02x", cipherData[i]);
-    }
-    printf("\n");
-    printf("\n");
-
-    dwError = VmKdcInitKrb5(&krb5Ctx);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcMakeKey(
-                  ktData->key->type,
-                  1,
-                  VMKDC_GET_PTR_DATA(ktData->key->data),
-                  VMKDC_GET_LEN_DATA(ktData->key->data),
-                  &vmkdcMasterKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcInitCrypto(krb5Ctx, vmkdcMasterKey, &krb5Crypto);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (indb)
-    {
-        line = fgets_long(indb);
-        while (line)
-        {
-            if (princName)
-            {
-                free(princName);
-                princName = NULL;
-            }
-            tokenizeLine(line, &princName, &dbEntry);
-            free(line);
-            if (dbEntry)
-            {
-                if (strncmp(searchPrincName, 
-                            princName,
-                            strlen(searchPrincName)) == 0)
-                {
-                    dwError = VmKdcMakeKey(
-                                  dbEntry->encKeys[0]->keytype,
-                                  1,
-#if 1
-                                  VMKDC_GET_PTR_DATA(dbEntry->encKeys[0]->encdata->data),
-                                  VMKDC_GET_LEN_DATA(dbEntry->encKeys[0]->encdata->data),
-#else
-                                  VMKDC_GET_PTR_DATA(dbEntry->encKeys[0]->encdata->data) + 2,
-                                  VMKDC_GET_LEN_DATA(dbEntry->encKeys[0]->encdata->data) - 2,
-#endif
-                                  &princKey);
-                    BAIL_ON_VMKDC_ERROR(dwError);
-                    printf("Found %s keyType=%d keyLen=%d\n", 
-                           princName,
-                           dbEntry->encKeys[0]->keytype, 
-                           VMKDC_GET_LEN_DATA(dbEntry->encKeys[0]->encdata->data));
-                    bSearchPrincName = TRUE;
-                    decryptPrincKey(krb5Crypto, princKey);
-                }
-            }
-            line = fgets_long(indb);
-        }
-        if (!bSearchPrincName)
-        {
-            printf("WARNING: Principal not found %s\n", searchPrincName);
-        }
-    }
-
-    if (plainText)
-    {
-        dwError = encryptDecryptText(krb5Crypto, plainText);
-    }
-
-error:
-    VmKdcParseKeyTabClose(pKtHandle);
-    if (princName)
-    {
-        free(princName);
-    }
-
-    if (indb)
-    {
-        fclose(indb);
-    }
-    return 0;
-}
diff --git a/lwraft/testing/Makefile.am b/lwraft/testing/Makefile.am
index 3865fa9a8..727043913 100644
--- a/lwraft/testing/Makefile.am
+++ b/lwraft/testing/Makefile.am
@@ -1,4 +1,8 @@
 
 SUBDIRS = \
+    test_lib \
+    test_runner \
+    integration_tests \
+    unittests \
     query \
     kerberos
diff --git a/lwraft/testing/integration_tests/Makefile.am b/lwraft/testing/integration_tests/Makefile.am
new file mode 100644
index 000000000..894a511a3
--- /dev/null
+++ b/lwraft/testing/integration_tests/Makefile.am
@@ -0,0 +1,2 @@
+SUBDIRS = \
+    acls
diff --git a/lwraft/testing/integration_tests/acls/Makefile.am b/lwraft/testing/integration_tests/acls/Makefile.am
new file mode 100644
index 000000000..4e2be6462
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/Makefile.am
@@ -0,0 +1,47 @@
+lib_LTLIBRARIES = libsecuritydescriptortests.la
+
+libsecuritydescriptortests_la_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    @OPENSSL_INCLUDES@ \
+    @DCERPC_INCLUDES@ \
+    @LW_INCLUDES@
+
+libsecuritydescriptortests_la_SOURCES = \
+    administratorrights.c \
+    administratorsrights.c \
+    bad_parameters.c \
+    custom_groups.c \
+    domainadminsrights.c \
+    domainclientsrights.c \
+    inheritance.c \
+    legacy_access_checks.c \
+    main.c \
+    ntsecuritydescriptor.c \
+    protected_entries.c \
+    sddl.c \
+    standard_operations.c \
+    util.c \
+    wellknownsids.c
+
+libsecuritydescriptortests_la_LIBADD = \
+    @top_builddir@/lwraft/testing/test_lib/liblwrafttesting.la \
+    @DCERPC_LIBS@ \
+    @LWIO_LIBS@ \
+    @SCHANNEL_LIBS@ \
+    @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
+    @LWREG_LIBS@ \
+    @LWBASE_LIBS@ \
+    @GSSAPI_LIBS@ \
+    @UUID_LIBS@ \
+    @LDAP_LIBS@ \
+    @LBER_LIBS@ \
+    @CRYPTO_LIBS@ \
+    @PTHREAD_LIBS@
+
+libsecuritydescriptortests_la_LDFLAGS = \
+    -export-symbols @top_srcdir@/lwraft/testing/integration_tests/acls/libsecuritydescriptortests.exp \
+    @DCERPC_LDFLAGS@ \
+    @OPENSSL_LDFLAGS@ \
+    @LW_LDFLAGS@
diff --git a/lwraft/testing/integration_tests/acls/administratorrights.c b/lwraft/testing/integration_tests/acls/administratorrights.c
new file mode 100644
index 000000000..7a52f3227
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/administratorrights.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+#if 0 // TODO
+
+DWORD
+AdminShouldBeAbleToDeleteObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer // TODO
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestDeleteUser(pState, pszContainer, pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    return dwError;
+}
+
+DWORD
+AdminShouldBeAbleToReadProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_SAM_ACCOUNT_NAME,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(pszAttribute, pszUserName);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+AdminShouldBeAbleToReadSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strlen(pszAttribute) > 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+AdminShouldBeAbleToWriteProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    ppszAttributeValues[0] = "206-555-1212";
+    dwError = VmDirTestAddAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                "telephoneNumber",
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+    return dwError;
+}
+
+DWORD
+AdminShouldBeAbleToWriteSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Random SD. Actual values don't (entirely) matter.
+    dwError = VmDirAllocateStringPrintf(
+                &ppszAttributeValues[0],
+                "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)",
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(ppszAttributeValues[0]);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+AdminShouldBeAbleToListObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDn = NULL;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszDn,
+                NULL,
+                NULL);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+AdminShouldBeAbleToListChildObjects(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszContainerDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszContainerDn,
+                "cn=%s,%s",
+                pszContainerName,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    TestAssertEquals(dwError, 0);
+    return dwError;
+}
+
+DWORD
+TestStandardRightsForAdminUser(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszContainerName = VmDirTestGetTestContainerCn(pState);
+
+    dwError = AdminShouldBeAbleToListChildObjects(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminShouldBeAbleToDeleteObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminShouldBeAbleToReadProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminShouldBeAbleToReadSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminShouldBeAbleToWriteProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminShouldBeAbleToWriteSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminShouldBeAbleToListObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
+
+#endif
+DWORD
+TestStandardRightsForAdminUser(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszContainerName = VmDirTestGetTestContainerCn(pState);
+
+    dwError = TryToListChildObjects(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = TryToDeleteObject(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = TryToReadProperties(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = TryToReadSD(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = TryToWriteProperties(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = TryToWriteSD(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = TryToListObject(pState, pszContainerName);
+    TestAssertEquals(dwError, 0);
+
+    return dwError;
+}
diff --git a/lwraft/testing/integration_tests/acls/administratorsrights.c b/lwraft/testing/integration_tests/acls/administratorsrights.c
new file mode 100644
index 000000000..74a7d38e6
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/administratorsrights.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+AdminGroupShouldBeAbleToDeleteObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestDeleteUser(pState, pszContainer, pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    return dwError;
+}
+
+DWORD
+AdminGroupShouldBeAbleToReadProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_SAM_ACCOUNT_NAME,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(pszAttribute, pszUserName);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+AdminGroupShouldBeAbleToReadSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strlen(pszAttribute) > 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+AdminGroupShouldBeAbleToWriteProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    ppszAttributeValues[0] = "206-555-1212";
+    dwError = VmDirTestAddAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                "telephoneNumber",
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+    return dwError;
+}
+
+DWORD
+AdminGroupShouldBeAbleToWriteSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Random SD. Actual values don't (entirely) matter as long as the admin
+    // user has SD (delete) permission.
+    //
+    dwError = VmDirAllocateStringPrintf(
+                &ppszAttributeValues[0],
+                // "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)(A;;RCRPWPWDSD;;;%s-544)",
+                "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)",
+                pszDomainSid,
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(ppszAttributeValues[0]);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+AdminGroupShouldBeAbleToListObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDn = NULL;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszDn,
+                NULL,
+                NULL);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+AdminGroupShouldBeAbleToListChildObjects(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszContainerDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszContainerDn,
+                "cn=%s,%s",
+                pszContainerName,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    TestAssertEquals(dwError, 0);
+    return dwError;
+}
+
+//
+// Members of the admin group get full access to the tree.
+//
+DWORD
+TestStandardRightsForAdminGroup(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszContainerName = VmDirTestGetTestContainerCn(pState);
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszGroupDn = NULL;
+    LDAP *pLdNewUser = NULL;
+    LDAP *pLdOld = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainerName,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszGroupDn,
+                "cn=Administrators,cn=Builtin,%s",
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroupByDn(pState->pLd, pszUserDn, pszGroupDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestConnectionFromUser(pState, pszUserName, &pLdNewUser);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pLdOld = pState->pLd;
+    pState->pLd = pLdNewUser;
+
+    dwError = AdminGroupShouldBeAbleToListChildObjects(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminGroupShouldBeAbleToDeleteObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminGroupShouldBeAbleToReadProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminGroupShouldBeAbleToReadSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminGroupShouldBeAbleToWriteProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminGroupShouldBeAbleToWriteSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = AdminGroupShouldBeAbleToListObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    if (pLdOld != NULL)
+    {
+        pState->pLd = pLdOld;
+    }
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
+    return dwError;
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/bad_parameters.c b/lwraft/testing/integration_tests/acls/bad_parameters.c
new file mode 100644
index 000000000..251dee967
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/bad_parameters.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+SpecifyingAclStringAndSecurityDescriptorShouldFail(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserName,
+    PCSTR pszAcl
+    )
+{
+    DWORD dwError = 0;
+    BYTE *pbSecurityDescriptor = NULL;
+    DWORD dwLength = 0;
+    PCSTR valsAcl[] = {NULL, NULL};
+    PCSTR valsCn[] = {pszUserName, NULL};
+    PCSTR valssAMActName[] = {pszUserName, NULL};
+    PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
+    PCSTR valsPNE[] = {"TRUE", NULL};
+    PCSTR valsPN[] = {NULL, NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
+    PSTR pszUPN = NULL;
+    PSTR pszDN = NULL;
+    struct berval bvSecurityDescriptor = {0};
+    struct berval *bvSecurityDescriptorValues[2] = {NULL, NULL};
+    LDAPMod mod[9]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_PASSWORD_NEVER_EXPIRES, {(PSTR*)valsPNE}},
+        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsPN}},
+        {LDAP_MOD_ADD, ATTR_USER_PASSWORD, {(PSTR*)valsPass}},
+        {LDAP_MOD_ADD, ATTR_SN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+        {0,NULL,{NULL}}
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], &mod[5], &mod[6], &mod[7], &mod[8], NULL};
+
+    dwError = _VdcGetObjectSecurityDescriptor(
+                pState,
+                pState->pszBaseDN,
+                &pbSecurityDescriptor,
+                &dwLength);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    bvSecurityDescriptor.bv_val = pbSecurityDescriptor;
+    bvSecurityDescriptor.bv_len = dwLength;
+    bvSecurityDescriptorValues[0] = &bvSecurityDescriptor;
+    mod[8].mod_op = LDAP_MOD_ADD | LDAP_MOD_BVALUES;
+    mod[8].mod_type = ATTR_OBJECT_SECURITY_DESCRIPTOR;
+    mod[8].mod_bvalues = bvSecurityDescriptorValues;
+
+    dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pState->pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    valsPN[0] = pszUPN;
+    valsAcl[0] = pszAcl;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                "Users",
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(
+                pState->pLd,
+                pszDN,
+                attrs,
+                NULL,
+                NULL);
+    TestAssertEquals(dwError, LDAP_CONSTRAINT_VIOLATION);
+    printf("Add of %s returned %d\n", pszDN, dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VMDIR_SAFE_FREE_STRINGA(pszUPN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+TestBadParameters(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszDomainSid = NULL;
+    PSTR pszSecurityDescriptor = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszSecurityDescriptor,
+                "O:%s-500G:BAD:P(A;;RCRP;;;%s-500)",
+                pszDomainSid,
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = SpecifyingAclStringAndSecurityDescriptorShouldFail(
+                pState,
+                pszUserName,
+                pszSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszSecurityDescriptor);
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/custom_groups.c b/lwraft/testing/integration_tests/acls/custom_groups.c
new file mode 100644
index 000000000..874676347
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/custom_groups.c
@@ -0,0 +1,524 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+CleanupCustomSetup(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    (VOID)VmDirTestDeleteUser(pState, NULL, "non_member");
+
+    (VOID)VmDirTestDeleteUser(pState, NULL, "c_client");
+
+    (VOID)VmDirTestDeleteUser(pState, NULL, "c_admin");
+
+    (VOID)VmDirTestDeleteContainer(pState, "CustomObjects");
+
+    (VOID)VmDirTestDeleteGroup(pState, NULL, "CustomClients");
+
+    (VOID)VmDirTestDeleteGroup(pState, NULL, "CustomAdmins");
+
+    return 0;
+}
+
+DWORD
+InitializeCustomSetup(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDomainSid = NULL;
+    PSTR    pszAdminsSid = NULL;
+    PSTR    pszClientsSid = NULL;
+    PSTR    pszGroupSD = NULL;
+    PSTR    pszContainerSD = NULL;
+
+    pState->pfnCleanupCallback = CleanupCustomSetup;
+
+    // Cleanup leftover from previous run
+    dwError = CleanupCustomSetup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Override SD to be deletable by administrator
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupSD, "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)", pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateGroup(pState, NULL, "CustomAdmins", pszGroupSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateGroup(pState, NULL, "CustomClients", pszGroupSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetGroupSid(pState, "CustomAdmins", NULL, &pszAdminsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetGroupSid(pState, "CustomClients", NULL, &pszClientsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Grant CustomAdmins READ+WRITE permissions and
+    // grant CustomClients READ permission
+    dwError = VmDirAllocateStringPrintf(
+            &pszContainerSD,
+            "O:BAG:BAD:(A;CIOIID;GXRCCCDCRPWP;;;%s)(A;CIOIID;RP;;;%s)",
+            pszAdminsSid,
+            pszClientsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateContainer(pState, "CustomObjects", pszContainerSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Create users and assign memberships
+    dwError = VmDirTestCreateUser(pState, NULL, "c_admin", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, NULL, "c_client", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, NULL, "non_member", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroup(
+            pState, "c_admin", NULL, "CustomAdmins", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroup(
+            pState, "c_client", NULL, "CustomClients", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszAdminsSid);
+    VMDIR_SAFE_FREE_STRINGA(pszClientsSid);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupSD);
+    VMDIR_SAFE_FREE_STRINGA(pszContainerSD);
+    return dwError;
+}
+
+DWORD
+CreateCustomObject(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PCSTR   valsCn[] = { pszName, NULL };
+    PCSTR   valsClass[] = { "user", NULL };
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLdCustom, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+DeleteCustomObject(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_delete_ext_s(pState->pLdCustom, pszDN, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ListCustomObjects(
+    PVMDIR_TEST_STATE   pState,
+    PDWORD              pdwCount
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PVMDIR_STRING_LIST  pObjects = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=CustomObjects,cn=%s,%s",
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetObjectList(pState->pLdCustom, pszDN, &pObjects);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCount = pObjects->dwCount;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VmDirStringListFree(pObjects);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadCustomObjectProperties(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PSTR    pszCN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+            pState->pLdCustom, pszDN, LDAP_SCOPE_BASE, NULL, ATTR_CN, &pszCN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszCN);
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+WriteCustomObjectProperties(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PCSTR   ppszAttrVals[] = {"hello world", NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+            pState->pLdCustom,
+            pszDN,
+            ATTR_DESCRIPTION,
+            ppszAttrVals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadCustomObjectSD(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PSTR    pszSD = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+            pState->pLdCustom,
+            pszDN,
+            LDAP_SCOPE_BASE,
+            NULL,
+            ATTR_ACL_STRING,
+            &pszSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszSD);
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+WriteCustomObjectSD(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PCSTR   ppszAttrVals[] = {"O:BAG:BAD:(A;;RCRPWPWDSD;;;BA)", NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+            pState->pLdCustom,
+            pszDN,
+            ATTR_ACL_STRING,
+            ppszAttrVals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+
+}
+
+DWORD
+TestCustomAdminRights(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+
+    dwError = VmDirTestConnectionFromUser(pState, "c_admin", &pState->pLdCustom);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // should be able to create objects
+    dwError = CreateCustomObject(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    dwError = CreateCustomObject(pState, "co-2");
+    TestAssertEquals(dwError, 0);
+
+    dwError = CreateCustomObject(pState, "co-3");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to delete objects
+    dwError = DeleteCustomObject(pState, "co-3");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to list objects
+    dwError = ListCustomObjects(pState, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 2);
+
+    // should be able to read properties
+    dwError = ReadCustomObjectProperties(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to write properties
+    dwError = WriteCustomObjectProperties(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to read SD
+    dwError = ReadCustomObjectSD(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    // should NOT be able to write SD
+    dwError = WriteCustomObjectSD(pState, "co-1");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // pass all tests, return 0
+    dwError = 0;
+
+error:
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    pState->pLdCustom = NULL;
+    return dwError;
+}
+
+DWORD
+TestCustomClientRights(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+
+    dwError = VmDirTestConnectionFromUser(pState, "c_client", &pState->pLdCustom);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // should NOT be able to create objects
+    dwError = CreateCustomObject(pState, "co-4");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to delete objects
+    dwError = DeleteCustomObject(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should be able to list objects
+    dwError = ListCustomObjects(pState, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 2);
+
+    // should be able to read properties
+    dwError = ReadCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, 0);
+
+    // should NOT be able to write properties
+    dwError = WriteCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to read SD
+    dwError = ReadCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, ERROR_INVALID_STATE);
+
+    // should NOT be able to write SD
+    dwError = WriteCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // pass all tests, return 0
+    dwError = 0;
+
+error:
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    pState->pLdCustom = NULL;
+    return dwError;
+}
+
+DWORD
+TestNonMemberRights(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+
+    dwError = VmDirTestConnectionFromUser(pState, "non_member", &pState->pLdCustom);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // should NOT be able to create objects
+    dwError = CreateCustomObject(pState, "co-4");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to delete objects
+    dwError = DeleteCustomObject(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to list objects
+    dwError = ListCustomObjects(pState, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 0);
+
+    // should NOT be able to read properties
+    dwError = ReadCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, ERROR_INVALID_STATE);
+
+    // should NOT be able to write properties
+    dwError = WriteCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to read SD
+    dwError = ReadCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, ERROR_INVALID_STATE);
+
+    // should NOT be able to write SD
+    dwError = WriteCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // pass all tests, return 0
+    dwError = 0;
+
+error:
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    pState->pLdCustom = NULL;
+    return dwError;
+}
+
+DWORD
+TestCustomGroups(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = InitializeCustomSetup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCustomAdminRights(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCustomClientRights(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestNonMemberRights(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = CleanupCustomSetup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    printf("%s %s (%d)\n", __FUNCTION__, dwError ? "failed" : "succeeded", dwError);
+    return dwError;
+
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/defines.h b/lwraft/testing/integration_tests/acls/defines.h
new file mode 100644
index 000000000..17f093a3f
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/defines.h
@@ -0,0 +1,25 @@
+#if 0 // TODO
+#define DOMAIN_GROUP_RID_ADMINS                 512 // Domain Admins
+#define DOMAIN_GROUP_RID_USERS                  513 // Domain Users
+#define DOMAIN_GROUP_RID_GUESTS                 514 // Domain Guests
+#define DOMAIN_GROUP_RID_COMPUTERS              515 // Domain Computers
+#define DOMAIN_GROUP_RID_CONTROLLERS            516 // Domain Controllers
+#define DOMAIN_GROUP_RID_CERT_ADMINS            517 // Cert Publishers
+#define DOMAIN_GROUP_RID_SCHEMA_ADMINS          518 // Schema Admins
+#define       519 // Enterprise
+#define DOMAIN_GROUP_RID_POLICY_ADMINS          520 // Group Policy Creator Owners
+
+//
+//// Well-Known Local Groups (S-1-5-32-*)
+////
+//
+//#define DOMAIN_ALIAS_RID_ADMINS                         544 // BUILTIN\Administrators
+//#define DOMAIN_ALIAS_RID_USERS                          545 // BUILTIN\Users
+//#define DOMAIN_ALIAS_RID_GUESTS                         546 // BUILTIN\Guests
+//
+#define VMDIR_DOMAIN_USER_RID_ADMIN 500
+#define VMDIR_DOMAIN_ADMINS_RID 512
+#define VMDIR_DOMAIN_CLIENTS_RID 513
+#define VMDIR_DOMAIN_ALIAS_RID_ADMINS 544
+#define VMDIR_DOMAIN_ALIAS_RID_USERS 545
+#endif
diff --git a/lwraft/testing/integration_tests/acls/domainadminsrights.c b/lwraft/testing/integration_tests/acls/domainadminsrights.c
new file mode 100644
index 000000000..47a4b7e46
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/domainadminsrights.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+DomainAdminShouldBeAbleToDeleteObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer // TODO
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestDeleteUser(pState, pszContainer, pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    return dwError;
+}
+
+DWORD
+DomainAdminShouldBeAbleToReadProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_SAM_ACCOUNT_NAME,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(pszAttribute, pszUserName);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+DomainAdminShouldBeAbleToReadSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strlen(pszAttribute) > 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+DomainAdminShouldBeAbleToWriteProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    ppszAttributeValues[0] = "206-555-1212";
+    dwError = VmDirTestAddAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                "telephoneNumber",
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+    return dwError;
+}
+
+DWORD
+DomainAdminShouldBeAbleToWriteSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Random SD. Actual values don't (entirely) matter.
+    dwError = VmDirAllocateStringPrintf(
+                &ppszAttributeValues[0],
+                "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)",
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(ppszAttributeValues[0]);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+DomainAdminShouldBeAbleToListObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDn = NULL;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszDn,
+                NULL,
+                NULL);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+DomainAdminShouldBeAbleToListChildObjects(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszContainerDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszContainerDn,
+                "cn=%s,%s",
+                pszContainerName,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    TestAssertEquals(dwError, 0);
+    return dwError;
+}
+
+//
+// Domain admins get full access to the tree.
+//
+DWORD
+TestStandardRightsForDomainAdmin(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszContainerName = VmDirTestGetTestContainerCn(pState);
+
+    // TODO -- Create user and add to DCAdmins group.
+
+    dwError = DomainAdminShouldBeAbleToListChildObjects(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainAdminShouldBeAbleToDeleteObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainAdminShouldBeAbleToReadProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainAdminShouldBeAbleToReadSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainAdminShouldBeAbleToWriteProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainAdminShouldBeAbleToWriteSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainAdminShouldBeAbleToListObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/domainclientsrights.c b/lwraft/testing/integration_tests/acls/domainclientsrights.c
new file mode 100644
index 000000000..94bf031fe
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/domainclientsrights.c
@@ -0,0 +1,304 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+DomainClientsShouldBeAbleToDeleteObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer // TODO
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestDeleteUser(pState, pszContainer, pszUserName);
+    TestAssertEquals(dwError, 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    return dwError;
+}
+
+DWORD
+DomainClientsShouldBeAbleToReadProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_SAM_ACCOUNT_NAME,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(pszAttribute, pszUserName);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+DomainClientsShouldBeAbleToReadSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                &pszAttribute);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strlen(pszAttribute) > 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+}
+
+DWORD
+DomainClientsShouldBeAbleToWriteProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    ppszAttributeValues[0] = "206-555-1212";
+    dwError = VmDirTestAddAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                "telephoneNumber",
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+    return dwError;
+}
+
+DWORD
+DomainClientsShouldBeAbleToWriteSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Random SD. Actual values don't (entirely) matter.
+    dwError = VmDirAllocateStringPrintf(
+                &ppszAttributeValues[0],
+                "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)",
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                (PCSTR*)ppszAttributeValues);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(ppszAttributeValues[0]);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+DomainClientsShouldBeAbleToListObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDn = NULL;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszDn,
+                NULL,
+                NULL);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+DomainClientsShouldBeAbleToListChildObjects(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszContainerDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssertEquals(dwError, 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszContainerDn,
+                "cn=%s,%s",
+                pszContainerName,
+                pState->pszBaseDN);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    TestAssertEquals(dwError, 0);
+    return dwError;
+}
+
+DWORD
+TestStandardRightsForDomainClients(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszContainerName = VmDirTestGetTestContainerCn(pState);
+
+    // TODO -- Create user and add to DCClients group
+
+    dwError = DomainClientsShouldBeAbleToListChildObjects(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainClientsShouldBeAbleToDeleteObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainClientsShouldBeAbleToReadProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainClientsShouldBeAbleToReadSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainClientsShouldBeAbleToWriteProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainClientsShouldBeAbleToWriteSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = DomainClientsShouldBeAbleToListObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/includes.h b/lwraft/testing/integration_tests/acls/includes.h
new file mode 100644
index 000000000..bf74ebc6b
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/includes.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifdef _WIN32
+#pragma once
+
+#include "targetver.h"
+
+#include <windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <tchar.h>
+#include <winsock2.h>
+#include "ldap-int.h"
+#define LDAP_UNICODE 0
+
+#include <vmdir.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+
+#include "banned.h"
+#else
+
+#include <config.h>
+
+#include <vmdirsys.h>
+#include <ldap.h>
+#include <lber.h>
+
+#include <vmdir.h>
+#include <vmdirtypes.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+#endif
+
+#include <vmdirtesting.h>
+
+#include "prototypes.h"
+#include "structs.h"
diff --git a/lwraft/testing/integration_tests/acls/inheritance.c b/lwraft/testing/integration_tests/acls/inheritance.c
new file mode 100644
index 000000000..2d0fbce7f
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/inheritance.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+TestProtectedSecurityDescriptor(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszSecurityDescriptor = NULL;
+    PSTR pszObjectSD = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //
+    // The permissions are duplicated oddly due to a likewise bug; this ensures
+    // that the string looks the same on the way back "out".
+    //
+    dwError = VmDirAllocateStringPrintf(
+                &pszSecurityDescriptor,
+                "O:%s-500G:BAD:P(A;;RCSDSDRCRP;;;%s-500)",
+                pszDomainSid,
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, "testcontainer", pszUserName, pszSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=testcontainer,%s",
+                pszUserName,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszUserDn,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                ATTR_ACL_STRING,
+                &pszObjectSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    TestAssertStrEquals(pszSecurityDescriptor, pszObjectSD);
+
+cleanup:
+    VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszSecurityDescriptor);
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSD);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+
+    return dwError;
+error:
+    TestAssert(false);
+    goto cleanup;
+}
+
+// TODO -- Test that specifies ACL and make sure that it's merged properly
+//         with inherited ACLs (make sure ALLOW/DENY ACEs are arranged sensibly).
+DWORD
+TestSecurityDescriptorInheritance(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = TestProtectedSecurityDescriptor(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/legacy_access_checks.c b/lwraft/testing/integration_tests/acls/legacy_access_checks.c
new file mode 100644
index 000000000..398254660
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/legacy_access_checks.c
@@ -0,0 +1,342 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+_VmDirApplyAttributeModification(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pObjectList,
+    PCSTR pszAttribute,
+    PCSTR pszValue
+    )
+{
+    DWORD i = 0;
+    PCSTR ppszVals[] = {pszValue, NULL};
+    DWORD dwError = 0;
+
+    for (i = 0; i < pObjectList->dwCount; ++i)
+    {
+        printf("Setting attribute %s for %s to %s\n", pszAttribute, pObjectList->pStringList[i], ppszVals[0]);
+        dwError = VmDirTestReplaceAttributeValues(
+                    pState->pLd,
+                    pObjectList->pStringList[i],
+                    pszAttribute,
+                    ppszVals);
+        printf("dwError ==> %d\n", dwError);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestGetParentDn(
+    PCSTR pszBaseDn,
+    PSTR *ppszParentDn
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszParentDn = NULL;
+
+    pszParentDn = strchr(pszBaseDn, ',');
+    if (pszParentDn == NULL)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringA(pszParentDn + 1, &pszParentDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszParentDn = pszParentDn;
+
+cleanup:
+    return dwError = 0;
+error:
+    goto cleanup;
+}
+
+
+DWORD
+_VmDirSetSecurityDescriptors(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAcl = NULL;
+    PSTR pszDomainSid = NULL;
+    PSTR pszParentDn = NULL;
+    PVMDIR_STRING_LIST pObjectList = NULL;
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszAcl,
+                "O:%s-500G:%s-544D:(A;;RPWP;;;S-1-7-32-666)(A;;GXNRNWGXCCDCRPWP;;;%s-544)(A;;GXNRNWGXCCDCRPWP;;;%s-500)",
+                pszDomainSid,
+                pszDomainSid,
+                pszDomainSid,
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    printf("acl ==> %s\n", pszAcl);
+
+    dwError = VmDirTestGetParentDn(pState->pszBaseDN, &pszParentDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetObjectList(pState->pLd, pszParentDn, &pObjectList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirApplyAttributeModification(
+                pState,
+                pObjectList,
+                ATTR_ACL_STRING,
+                pszAcl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszParentDn);
+    VMDIR_SAFE_FREE_STRINGA(pszAcl);
+    VmDirStringListFree(pObjectList);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+static
+LW_PCVOID
+DescriptorCacheRecordGetKey(
+    PLW_HASHTABLE_NODE      pNode,
+    PVOID                   pUnused
+    )
+{
+    PVMDIR_SD_CACHE_ENTRY pCacheEntry = NULL;
+
+    pCacheEntry = LW_STRUCT_FROM_FIELD(pNode, VMDIR_SD_CACHE_ENTRY, Node);
+
+    return pCacheEntry->pszDn;
+}
+
+
+VOID
+_FreeCacheEntry( // TODO -- Naming
+    PVMDIR_SD_CACHE_ENTRY pCacheEntry // TODO -- Naming. Struct should have "TEST" in it?
+    )
+{
+    VMDIR_SAFE_FREE_STRINGA(pCacheEntry->pszDn);
+    VMDIR_SAFE_FREE_STRINGA(pCacheEntry->pszAcl);
+    VmDirFreeMemory(pCacheEntry);
+}
+
+VOID
+_FreeSecurityDescriptorCache(
+    PLW_HASHTABLE pHashTbl
+    )
+{
+    PLW_HASHTABLE_NODE pNode = NULL;
+    LW_HASHTABLE_ITER iter = LW_HASHTABLE_ITER_INIT;
+    PVMDIR_SD_CACHE_ENTRY pCacheEntry = NULL;
+
+    if (pHashTbl != NULL)
+    {
+        while ((pNode = LwRtlHashTableIterate(pHashTbl, &iter)))
+        {
+            pCacheEntry = LW_STRUCT_FROM_FIELD(pNode, VMDIR_SD_CACHE_ENTRY, Node);
+            LwRtlHashTableRemove(pHashTbl, pNode);
+            _FreeCacheEntry(pCacheEntry);
+        }
+
+        LwRtlFreeHashTable(&pHashTbl);
+    }
+}
+
+VOID
+_RestoreSecurityDescriptors( // TODO -- This could be combined with _FreeSecurityDescriptorCache
+    PVMDIR_TEST_STATE pState,
+    PLW_HASHTABLE pHashTbl
+    )
+{
+    PLW_HASHTABLE_NODE pNode = NULL;
+    LW_HASHTABLE_ITER iter = LW_HASHTABLE_ITER_INIT;
+    PVMDIR_SD_CACHE_ENTRY pCacheEntry = NULL;
+    PCSTR ppszVals[2] = {NULL, NULL};
+    DWORD dwError = 0;
+
+    if (pHashTbl != NULL)
+    {
+        while ((pNode = LwRtlHashTableIterate(pHashTbl, &iter)))
+        {
+            pCacheEntry = LW_STRUCT_FROM_FIELD(pNode, VMDIR_SD_CACHE_ENTRY, Node);
+            ppszVals[0] = pCacheEntry->pszAcl;
+            printf("Resetting acl for %s to %s\n", pCacheEntry->pszDn, pCacheEntry->pszAcl); // TODO
+            dwError = VmDirTestReplaceAttributeValues(
+                    pState->pLd,
+                    pCacheEntry->pszDn,
+                    ATTR_ACL_STRING,
+                    ppszVals);
+            if (dwError != 0)
+            {
+                printf("Resetting the SD on entry %s failed with dwError %d\n", pCacheEntry->pszDn, dwError);
+            }
+        }
+    }
+}
+
+DWORD
+_VmDirTestAllocateCacheEntry(
+    LDAP *pLd,
+    LDAPMessage *pEntry,
+    PVMDIR_SD_CACHE_ENTRY *ppCacheEntry
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_SD_CACHE_ENTRY pCacheEntry = NULL;
+    BerValue** ppBerValues = NULL;
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_SD_CACHE_ENTRY), (PVOID)&pCacheEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(ldap_get_dn(pLd, pEntry), &pCacheEntry->pszDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ATTR_ACL_STRING);
+    if (!ppBerValues || (ldap_count_values_len(ppBerValues) != 1))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_STATE); // TODO
+    }
+
+    dwError = VmDirAllocateStringA(ppBerValues[0]->bv_val, &pCacheEntry->pszAcl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppCacheEntry = pCacheEntry;
+
+cleanup:
+    return dwError;
+error:
+    _FreeCacheEntry(pCacheEntry);
+    goto cleanup;
+}
+
+DWORD
+_VmDirCacheExistingSecurityDescriptors(
+    PVMDIR_TEST_STATE pState,
+    PLW_HASHTABLE *ppHashTbl
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwObjectCount = 0;
+    PCSTR ppszAttrs[] = {ATTR_ACL_STRING, NULL};
+    LDAPMessage *pResult = NULL;
+    LDAPMessage* pEntry = NULL;
+    PLW_HASHTABLE pHashTbl = NULL;
+    LDAP *pLd = pState->pLd; // TODO
+    PVMDIR_SD_CACHE_ENTRY pCacheEntry = NULL;
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pState->pszBaseDN,
+                LDAP_SCOPE_SUBTREE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwObjectCount = ldap_count_entries(pLd, pResult);
+    dwError = LwRtlCreateHashTable(
+                    &pHashTbl,
+                    DescriptorCacheRecordGetKey,
+                    LwRtlHashDigestPstr,
+                    LwRtlHashEqualPstr,
+                    NULL,
+                    dwObjectCount);
+    dwError = LwNtStatusToWin32Error(dwError);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
+    {
+        dwError = _VmDirTestAllocateCacheEntry(pLd, pEntry, &pCacheEntry);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        printf("Adding entry %s => %s\n", pCacheEntry->pszDn, pCacheEntry->pszAcl); // TODO
+        LwRtlHashTableResizeAndInsert(
+                pHashTbl,
+                &pCacheEntry->Node,
+                NULL);
+    }
+
+    *ppHashTbl = pHashTbl;
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    return dwError;
+error:
+    _FreeSecurityDescriptorCache(pHashTbl);
+    goto cleanup;
+}
+
+DWORD
+TestLegacyAccessChecks(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PLW_HASHTABLE pHashTbl = NULL;
+
+    dwError = _VmDirCacheExistingSecurityDescriptors(pState, &pHashTbl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirSetSecurityDescriptors(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // TODO
+    printf("Sleeping ...\n");
+    VmDirSleep(30 * 1000);
+    printf("Awake ...\n");
+    // TODO
+    //
+#if 0 // TODO
+    dwError = TestStandardRightsForAdminUser(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestStandardRightsForAdminGroup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestStandardRightsForDomainAdmin(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestStandardRightsForDomainClients(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+#endif
+
+    _RestoreSecurityDescriptors(pState, pHashTbl);
+
+cleanup:
+    _FreeSecurityDescriptorCache(pHashTbl);
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/libsecuritydescriptortests.exp b/lwraft/testing/integration_tests/acls/libsecuritydescriptortests.exp
new file mode 100644
index 000000000..2d5e3eac6
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/libsecuritydescriptortests.exp
@@ -0,0 +1,3 @@
+TestSetup
+TestRunner
+TestCleanup
diff --git a/lwraft/testing/integration_tests/acls/main.c b/lwraft/testing/integration_tests/acls/main.c
new file mode 100644
index 000000000..6148f61a8
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/main.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+TestSetup(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    return 0;
+}
+
+
+DWORD
+TestCleanup(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    return 0;
+}
+
+// TODO -- Test that specifies ACL and make sure that it's merged properly
+//         with inherited ACLs.
+// TODO -- Test that has a class-based ACL and make sure that it's merged
+//         properly with inherited ACLs.
+// TODO -- Tests that make sure that group permissions work.
+// TODO -- Tests that make sure that nested groups work.
+// TODO -- Tests that make sure domain admins/clients privileges don't
+//         extend to secondary tenants.
+// TODO -- Behavior of inheritance for containers but with OBJECT_INHERIT_ACE (https://msdn.microsoft.com/en-us/library/windows/desktop/aa374924(v=vs.85).aspx)
+// TODO -- What rights, if any, do users in the CAAdmins group get in 6.5?
+// TODO -- Make sure that the read/write permissions on the things under "cn=schemacontext" are correct.
+// TODO -- Make sure we handle entries under cn=services,<domain> properly
+// TODO -- Test various inheritance flags (e.g., no_propagate)
+// TODO -- Test for anonymous access (make sure error value is correct).
+// TODO -- Test with non-binding anonymous access (cf bug #1793712).
+// TODO -- Verify appropriate "Deleted Objects" access (admins should be able to delete them, too).
+// TODO -- Make sure no one can write to dse root.
+
+DWORD
+TestRunner(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    printf("Testing security descriptor code ...\n");
+
+    dwError = TestProtectedEntries(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCustomGroups(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+#if 0 // TODO
+    dwError = TestStandardRightsForAdminUser(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestStandardRightsForAdminGroup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestSecurityDescriptorInheritance(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestBadParameters(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestSecurityDescriptors(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestStandardRightsForDomainAdmin(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestStandardRightsForDomainClients(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestWellknownSids(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestSecurityDescriptorsSddl(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestLegacyAccessChecks(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+#endif
+
+    printf("Security descriptor tests finished successfully.\n");
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/ntsecuritydescriptor.c b/lwraft/testing/integration_tests/acls/ntsecuritydescriptor.c
new file mode 100644
index 000000000..5994f941c
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/ntsecuritydescriptor.c
@@ -0,0 +1,850 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+VOID
+_VdcSendRandomAclStrings(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PCSTR pszBaseDN = pState->pszBaseDN;
+    DWORD dwError = 0;
+    int i = 0;
+    PCSTR ppszRandomStrings[] = {
+        "abc",
+        "xyz",
+        "hello, world!",
+        "()"
+    };
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszRandomStrings); ++i)
+    {
+        dwError = VmDirTestReplaceBinaryAttributeValues(
+                    pState->pLd,
+                    pszBaseDN,
+                    ATTR_OBJECT_SECURITY_DESCRIPTOR,
+                    (PBYTE)ppszRandomStrings[i],
+                    strlen(ppszRandomStrings[i]));
+       TestAssert(dwError == LDAP_INVALID_SYNTAX);
+    }
+}
+
+DWORD
+_VdcPermuteSecurityDescriptor(
+    PVMDIR_TEST_STATE pState,
+    const BYTE *pbOriginalSecurityDescriptor,
+    DWORD dwSDLength
+    )
+{
+    PCSTR pszBaseDN = pState->pszBaseDN;
+    BYTE bOldValue = 0;
+    int i = 0;
+    DWORD dwError = 0;
+    BYTE *pbSecDescriptor = NULL;
+    BOOLEAN bReturn = FALSE;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescriptor = NULL;
+
+    dwError = VmDirAllocateAndCopyMemory(
+                (PVOID)pbOriginalSecurityDescriptor,
+                dwSDLength,
+                (PVOID*)&pbSecDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    srand(time(NULL));
+
+    for (i = 0; i < 100; ++i)
+    {
+        bOldValue = pbSecDescriptor[i];
+        pbSecDescriptor[i] = rand() % 256;
+
+        dwError = VmDirTestReplaceBinaryAttributeValues(
+                    pState->pLd,
+                    pszBaseDN,
+                    ATTR_OBJECT_SECURITY_DESCRIPTOR,
+                    pbSecDescriptor,
+                    dwSDLength);
+        TestAssert(dwError == 0 || dwError == LDAP_INVALID_SYNTAX);
+
+        pSecurityDescriptor = (PSECURITY_DESCRIPTOR_RELATIVE)pbSecDescriptor;
+        bReturn = RtlValidRelativeSecurityDescriptor(
+                    pSecurityDescriptor,
+                    dwSDLength,
+                    OWNER_SECURITY_INFORMATION |
+                        GROUP_SECURITY_INFORMATION |
+                        DACL_SECURITY_INFORMATION);
+        //
+        // RtlValidRelativeSecurityDescriptor should return false unless
+        // the VmDirTestReplaceBinaryAttributeValues call succeeded (absent networking
+        // or memory issues, which aren't relevant in the controlled
+        // environment of this test).
+        //
+        TestAssert(bReturn == FALSE || dwError == 0);
+        pbSecDescriptor[i] = bOldValue;
+    }
+
+    //
+    // Clear out any error as if it were significant it would have been
+    // caught and handled above.
+    //
+    dwError = 0;
+
+cleanup:
+    VmDirFreeMemory(pbSecDescriptor);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+VOID
+AllObjectsShouldHaveASecurityDescriptor(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PCSTR pszBaseDN = pState->pszBaseDN;
+    LDAPMessage *pSearchRes = NULL;
+    PCSTR pszSearchFilter = "(!(nTSecurityDescriptor=*))";
+    DWORD dwError = 0;
+    DWORD dwCount = 0;
+
+    dwError = ldap_search_ext_s(
+                pState->pLd,
+                pszBaseDN,
+                LDAP_SCOPE_SUBTREE,
+                pszSearchFilter,
+                NULL,
+                TRUE,
+                NULL,
+                NULL,
+                NULL,
+                0,
+                &pSearchRes);
+    TestAssert(dwError == 0);
+
+    dwCount = ldap_count_entries(pState->pLd, pSearchRes);
+    TestAssertMsg(
+        dwCount == 0,
+        "Found some entries that don't have security descriptors!");
+
+    ldap_msgfree(pSearchRes);
+}
+
+VOID
+SecurityDescriptorsShouldntBeDeletable(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PCSTR pszBaseDN = pState->pszBaseDN;
+    PSTR pszAdminDN = NULL;
+    DWORD dwError = 0;
+    LDAPMod mod = {0};
+    LDAPMod *mods[2] = {&mod, NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszAdminDN,
+                "cn=Administrator,cn=Users,%s",
+                pszBaseDN);
+    TestAssert(dwError == 0);
+
+    mod.mod_op = LDAP_MOD_DELETE;
+    mod.mod_type = ATTR_OBJECT_SECURITY_DESCRIPTOR;
+
+    dwError = ldap_modify_ext_s(pState->pLd, pszAdminDN, mods, NULL, NULL);
+    TestAssertMsg(
+        dwError == LDAP_CONSTRAINT_VIOLATION,
+        "Security descriptors shouldn't be deletable");
+
+    mod.mod_op = LDAP_MOD_DELETE;
+    mod.mod_type = ATTR_ACL_STRING;
+
+    //
+    // TODO -- right now this returns success (but doesn't delete the
+    // ntSecurityDescriptor attribute or anything). Conceptually, deleting
+    // a computed attribute should return an error (right?).
+    //
+#if 0
+
+    dwError = ldap_modify_ext_s(pState->pLd, pszAdminDN, mods, NULL, NULL);
+printf("dwError ==> %d\n", dwError);
+    TestAssertMsg(
+        dwError == LDAP_CONSTRAINT_VIOLATION,
+        "Security descriptors shouldn't be deletable via vmwAclString");
+#endif
+
+    VMDIR_SAFE_FREE_STRINGA(pszAdminDN);
+}
+
+VOID
+TestAclReadPermissionRespected(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PSTR pszUserContainerDN = NULL;
+    PSTR pszContainerSD = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirTestGetTestContainerDn(pState, &pszUserContainerDN);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszUserContainerDN,
+                LDAP_SCOPE_BASE,
+                "(cn=Users)",
+                ATTR_ACL_STRING,
+                &pszContainerSD);
+    TestAssert(dwError == ERROR_INVALID_STATE); // TODO -- Get this to translate to VMDIR_ERROR_ACCESS_DENIED
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserContainerDN);
+    VMDIR_SAFE_FREE_STRINGA(pszContainerSD);
+}
+
+VOID
+TestAclWritePermissionRespected(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PSTR pszContainerSD = NULL;
+    PSTR pszUserContainerDN = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirTestGetTestContainerDn(pState, &pszUserContainerDN);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszUserContainerDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                ATTR_ACL_STRING,
+                &pszContainerSD);
+    TestAssert(dwError == 0);
+
+    //
+    // Try to set the security descriptor as a limited user. This should fail
+    // as we don't have write access to the ACL.
+    //
+    dwError = VmDirTestReplaceBinaryAttributeValues(
+                pState->pLdLimited,
+                pszUserContainerDN,
+                ATTR_ACL_STRING,
+                pszContainerSD,
+                strlen(pszContainerSD));
+    TestAssert(dwError == LDAP_INSUFFICIENT_ACCESS);
+
+    //
+    // Now make sure the write works as administrator.
+    //
+    dwError = VmDirTestReplaceBinaryAttributeValues(
+                pState->pLd,
+                pszUserContainerDN,
+                ATTR_ACL_STRING,
+                pszContainerSD,
+                strlen(pszContainerSD));
+    TestAssert(dwError == 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserContainerDN);
+    VMDIR_SAFE_FREE_STRINGA(pszContainerSD);
+}
+
+VOID
+CreateNewUserWithSecurityDescriptor(
+    PVMDIR_TEST_STATE pState,
+    PBYTE pbSecurityDescriptor,
+    DWORD dwLength
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestCreateUserWithSecurityDescriptor(
+                pState,
+                "testcontainer", // TODO -- Query test container
+                pszUserName,
+                pbSecurityDescriptor,
+                dwLength);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
+    TestAssert(dwError == 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+}
+
+
+//
+// NB -- We don't try to clean up (delete) the class that we create because
+// objects under "cn=schemacontext" can't be deleted.
+//
+DWORD
+TestClassBasedAclCode(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszClassName = NULL;
+    PSTR pszObjectName = NULL;
+    PSTR pszObjectDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszObjectName);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestGetGuid(&pszClassName);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestCreateClass(pState, pszClassName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateObject(pState, "testcontainer"/*TODO*/, pszClassName, pszObjectName);
+    printf("create object ==> %d\n", dwError);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // TODO - Check ACL
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszObjectDn);
+
+    // TODO -- Routine that does the printf and delete
+    dwError = VmDirAllocateStringPrintf(&pszObjectDn, "cn=%s,cn=testcontainer,%s", pState->pszBaseDN);
+    ldap_delete_ext_s(pState->pLd, pszObjectName, NULL, NULL);
+    VMDIR_SAFE_FREE_STRINGA(pszObjectDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+VOID
+CreateNewUserWithSddlString(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszSddlString
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssert(dwError == 0); // TODO
+
+    // TODO -- container name
+    dwError = VmDirTestCreateUser(pState, "testcontainer", pszUserName, pszSddlString);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
+    TestAssert(dwError == 0);
+}
+
+//
+// All objects should be owned by the administrator account, even if they're
+// created with a different account.
+//
+DWORD
+TestOwnerAndGroupInformation(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszAcl = NULL;
+    PSTR pszDomainSid = NULL;
+    PSTR pszOwnerAndGroup = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssert(dwError == 0); // TODO
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // TODO -- container name
+    dwError = VmDirTestCreateUserWithLimitedAccount(pState, "testcontainer", pszUserName, NULL);
+    TestAssert(dwError == 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pState->pszBaseDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                ATTR_ACL_STRING,
+                &pszAcl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    TestAssert(dwError == 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszOwnerAndGroup,
+                "O:%s-500G:BA",
+                pszDomainSid);
+    TestAssert(dwError == 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (VmDirStringStrA(pszAcl, pszOwnerAndGroup) == NULL)
+    {
+        TestAssert(false);
+    }
+
+cleanup:
+    dwError = VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VMDIR_SAFE_FREE_STRINGA(pszOwnerAndGroup);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    return dwError;
+error:
+    TestAssert(false);
+    goto cleanup;
+}
+
+//
+// Security principals (users and groups) should be able to read and write
+// their own properties.
+// TODO: Test groups
+// TODO: Reset SN after modifying?
+//
+DWORD
+SecurityPrincipalsShouldBeAbleToReadWriteSelf(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserDn = NULL;
+    PSTR pszAttribute = NULL;
+    PCSTR ppszVals[] = { NULL, NULL };
+
+    dwError = VmDirTestGetInternalUserDn(pState, &pszUserDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLdLimited,
+                pszUserDn,
+                LDAP_SCOPE_BASE,
+                "(objectClass=User)",
+                ATTR_SN,
+                &pszAttribute);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ppszVals[0] = "New SN";
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLdLimited,
+                pszUserDn,
+                ATTR_SN,
+                ppszVals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLdLimited,
+                pszUserDn,
+                LDAP_SCOPE_BASE,
+                "(objectClass=User)",
+                ATTR_SN,
+                &pszAttribute);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+error:
+    TestAssert(dwError == 0);
+    goto cleanup;
+}
+
+#if 0
+DWORD _GetBuiltinGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupCn,
+    PSTR *ppszGroupSid
+    )
+{
+    PSTR pszGroupDn = NULL;
+    PSTR pszGroupSid = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszGroupDn,
+                "cn=%s,cn=Builtin,%s",
+                pszGroupCn,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszGroupDn,
+                LDAP_SCOPE_BASE,
+                "(objectclass=*)",
+                "objectSid",
+                &pszGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszGroupSid = pszGroupSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+#endif
+
+DWORD
+TestDeleteObjectPermission(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    //
+    // TODO -- Creating a second user is currently easier than modifying the ACL
+    // on the existing user.
+    //
+    PSTR pszUserName2 = NULL;
+    PSTR pszLimitedUserSid = NULL;
+    PSTR pszAclString = NULL;
+#if 0
+    PSTR pszContainerName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszContainerName); // TODO -- We need to be freeing these strings.
+    TestAssert(dwError == 0); // TODO
+#endif
+    BAIL_ON_VMDIR_ERROR(dwError); // TODO
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    dwError = VmDirTestGetGuid(&pszUserName2);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestCreateUser(pState, "testcontainer", pszUserName, NULL);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestDeleteUserEx(pState, "testcontainer", pszUserName, TRUE);
+    TestAssert(dwError == LDAP_INSUFFICIENT_ACCESS);
+
+    dwError = VmDirTestGetUserSid(pState, VmDirTestGetInternalUserCn(pState), NULL, &pszLimitedUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszAclString,
+                "O:S-1-7-21-2091630953-806373015-2991373445-997581456-500G:BAD:(A;;SD;;;%s)",
+                pszLimitedUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, "testcontainer", pszUserName2, pszAclString);
+    TestAssert(dwError == 0); // TODO
+
+    dwError = VmDirTestDeleteUserEx(pState, "testcontainer", pszUserName2, TRUE);
+    TestAssert(dwError == 0);
+
+cleanup:
+    VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszLimitedUserSid);
+    return dwError;
+error:
+    TestAssert(dwError == 0);
+    goto cleanup;
+}
+
+#if 0
+BOOLEAN
+CompareWellknownSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszObjectSid,
+    PCSTR pszDomainSid,
+    DWORD dwWellknownRid
+    )
+{
+    PSTR pszComputedSid = NULL;
+    DWORD dwError = 0;
+    BOOLEAN bMatch = FALSE;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszComputedSid,
+                "%s-%d",
+                pszDomainSid,
+                dwWellknownRid);
+    TestAssert(dwError == 0);
+
+    bMatch = (VmDirStringCompareA(pszObjectSid, pszComputedSid, TRUE) == 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszComputedSid);
+
+    return bMatch;
+}
+
+#if 1 // TODO
+#define VMDIR_DOMAIN_USER_RID_ADMIN      500 // Administrator user
+#define VMDIR_DOMAIN_ADMINS_RID          512 // Domain Admins group
+#define VMDIR_DOMAIN_CLIENTS_RID         513 // Domain Users group
+#define VMDIR_DOMAIN_ALIAS_RID_ADMINS    544 // BUILTIN\Administrators group
+#define VMDIR_DOMAIN_ALIAS_RID_USERS     545 // BUILTIN\Users group
+#endif
+
+//
+// TODO -- Do per tenant
+//
+DWORD
+TestWellknownSids(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszObjectSid = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestGetUserSid(pState, "administrator", NULL, &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, VMDIR_DOMAIN_USER_RID_ADMIN));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "DCAdmins", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, VMDIR_DOMAIN_ADMINS_RID));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "DCClients", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, VMDIR_DOMAIN_CLIENTS_RID));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "Administrators", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, VMDIR_DOMAIN_ALIAS_RID_ADMINS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "Users", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, VMDIR_DOMAIN_ALIAS_RID_USERS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    return dwError;
+error:
+    goto cleanup;
+}
+#endif
+
+DWORD
+TestDomainAdminPrivileges(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszGroupDn = NULL;
+    LDAP *pLd = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestCreateUser(pState, "testcontainer", pszUserName, NULL);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=testcontainer,%s",
+                pszUserName,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszGroupDn,
+                "cn=DCAdmins,cn=Builtin,%s",
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcConnectionFromUser(pState, pszUserName, &pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+#if 0 // TODO -- This isn't returning an error for this case.
+    dwError = VmDirTestGetObjectList(pLd, pState->pszBaseDN, NULL);
+    printf("ldapgetobjectlist returned %d\n", dwError);
+    TestAssert(dwError != 0);
+#endif
+    VmDirTestLdapUnbind(pLd); pLd = NULL;
+
+    dwError = VmDirTestAddUserToGroupByDn(pState->pLd, pszUserDn, pszGroupDn);
+    TestAssert(dwError == 0);
+
+    dwError = _VdcConnectionFromUser(pState, pszUserName, &pLd); // TODO -- Why are we re-opening this connection?
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetObjectList(pLd, pState->pszBaseDN, NULL);
+    TestAssert(dwError == 0);
+    VmDirTestLdapUnbind(pLd); pLd = NULL;
+
+    dwError = VmDirTestRemoveUserFromGroupByDn(pState->pLd, pszUserDn, pszGroupDn);
+    TestAssert(dwError == 0);
+
+cleanup:
+    VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestRoundTrip(
+    PVMDIR_TEST_STATE pState,
+    BYTE *pbSecurityDescriptor,
+    DWORD dwLength
+    )
+{
+    DWORD dwError = 0;
+
+    //
+    // First, make sure we can round-trip the current SD.
+    //
+    dwError = VmDirTestReplaceBinaryAttributeValues(
+                pState->pLd,
+                pState->pszBaseDN,
+                ATTR_OBJECT_SECURITY_DESCRIPTOR,
+                pbSecurityDescriptor,
+                dwLength);
+    TestAssert(dwError == 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+// TODO -- Test that has a class-based ACL and make sure that it's merged
+//         properly with inherited ACLs.
+// TODO -- Tests that make sure that group permissions work.
+// TODO -- Tests that make sure that nested groups work.
+// TODO -- Tests that make sure domain admins/clients privileges don't
+//         extend to secondary tenants.
+// TODO -- Test protected ACL flag (inherited ACEs aren't inherited).
+// TODO -- Test behavior where owner doesn't have explicit ACE; do they still
+//         get any access?
+// TODO -- Make sure specifying an acl string and binary SD fails.
+// TODO -- Test that makes sure that an ordinary user has no rights.
+// TODO -- Make sure that if I create a user under cn=builtin,<domain> that I
+//         can subsequently delete that user (currently will fail).
+DWORD
+TestSecurityDescriptors(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    BYTE *pbSecurityDescriptor = NULL;
+    DWORD dwLength = 0;
+    PSTR pszSddlString = NULL;
+
+    printf("Testing security descriptor related code ...\n");
+
+    dwError = _VdcGetObjectSecurityDescriptor(
+                pState,
+                pState->pszBaseDN,
+                &pbSecurityDescriptor,
+                &dwLength);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pState->pszBaseDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                ATTR_ACL_STRING,
+                &pszSddlString);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    TestWellknownSids(pState);
+
+    // TestCreatorGroupSid(pState);
+    // TestCreatorOwnerSid(pState);
+
+    // TODO
+    // TestClassBasedAclCode(pState);
+
+    TestDeleteObjectPermission(pState);
+
+    TestStandardRightsForAdminUser(pState);
+    TestStandardRightsForAdminGroup(pState);
+
+    TestDomainAdminPrivileges(pState);
+
+    SecurityPrincipalsShouldBeAbleToReadWriteSelf(pState);
+    TestOwnerAndGroupInformation(pState);
+
+    AllObjectsShouldHaveASecurityDescriptor(pState);
+
+    SecurityDescriptorsShouldntBeDeletable(pState);
+
+    //
+    // These two calls verify that we can specify the SD descriptor (either
+    // via nTSecurityDescriptor or vmwAclString) when we create an object (as
+    // opposed to just being able to change it later).
+    //
+    // TODO -- Currently hitting some error.
+    // CreateNewUserWithSecurityDescriptor(pState, pbSecurityDescriptor, dwLength);
+    CreateNewUserWithSddlString(pState, pszSddlString);
+
+    TestRoundTrip(pState, pbSecurityDescriptor, dwLength);
+
+    //
+    // Second, we send a bunch of random garbage.
+    //
+    _VdcSendRandomAclStrings(pState);
+
+    dwError = _VdcPermuteSecurityDescriptor(
+                pState,
+                (const BYTE *)pbSecurityDescriptor,
+                dwLength);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //
+    // Finally, set the SD back to its initial (good) value.
+    //
+    dwError = VmDirTestReplaceBinaryAttributeValues(
+                pState->pLd,
+                pState->pszBaseDN,
+                ATTR_OBJECT_SECURITY_DESCRIPTOR,
+                pbSecurityDescriptor,
+                dwLength);
+    if (dwError != 0)
+    {
+        printf("Failed to set SD back to original value!\n");
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+
+    TestAclReadPermissionRespected(pState);
+    TestAclWritePermissionRespected(pState);
+
+    // TODO -- Standardize output
+    printf("Security descriptor tests succceeded!\n");
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pbSecurityDescriptor);
+    VMDIR_SAFE_FREE_STRINGA(pszSddlString);
+    return dwError;
+
+error:
+    printf("Security Descriptor tests failed with error 0n%d\n", dwError);
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/protected_entries.c b/lwraft/testing/integration_tests/acls/protected_entries.c
new file mode 100644
index 000000000..ec2e76139
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/protected_entries.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+TestEntriesProtectedByEid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszDomain
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+    PSTR pszObjectDn = NULL;
+    PSTR ppszObjects[] = {
+        "cn=DSE Root",
+        "cn=objectclass,cn=schemacontext",
+        "cn=persiststate,cn=raftcontext",
+        "cn=config",
+        "cn=Administrator,cn=Users,%s"
+    };
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszObjects); ++i)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszObjectDn,
+                    ppszObjects[i],
+                    pszDomain);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = ldap_delete_ext_s(pState->pLd, pszObjectDn, NULL, NULL);
+        //
+        // This previously returned LDAP_UNWILLING_TO_PERFORM but we probably don't
+        // need to maintain that (access denied is better).
+        //
+        TestAssert(dwError == LDAP_UNWILLING_TO_PERFORM || dwError == LDAP_INSUFFICIENT_ACCESS);
+
+        VMDIR_SAFE_FREE_STRINGA(pszObjectDn);
+    }
+
+    dwError = 0;
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszObjectDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+
+// TODO -- Call this for tenant domains.
+DWORD
+TestEntriesProtectedByName(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszDomain
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+    PSTR pszObjectDn = NULL;
+    PSTR ppszObjects[] = {
+        "cn=Administrators,cn=Builtin",
+        "cn=DCAdmins,cn=Builtin",
+        "cn=Administrator,cn=Users"
+    };
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszObjects); ++i)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszObjectDn,
+                    "%s,%s",
+                    ppszObjects[i],
+                    pszDomain);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = ldap_delete_ext_s(pState->pLd, pszObjectDn, NULL, NULL);
+        TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+        VMDIR_SAFE_FREE_STRINGA(pszObjectDn);
+    }
+
+    dwError = 0;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszObjectDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+//
+// Prior to 7.0 we had code that prevented any entry under "cn=schemacontext"
+// from being deleted (by doing a string comparison). In 7.0 this is due via
+// ACLs.
+//
+DWORD
+TestProtectedSchemaEntries(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = ldap_delete_ext_s(pState->pLd, "cn=facsimileTelephoneNumber,cn=schemacontext", NULL, NULL);
+    // TODO
+    // Version specific error code asserts? 6.5 will return the former, 7.0
+    // the latter
+    TestAssert(dwError == LDAP_UNWILLING_TO_PERFORM || dwError == LDAP_INSUFFICIENT_ACCESS);
+
+    return 0;
+}
+
+//
+// Make sure that we can create a random user under the builtin container
+// and then delete it (there are other entries under builtin that shouldn't be
+// deletable, so we want to make sure that doesn't "leak" out onto other objects
+// created under it).
+//
+DWORD
+TestBuiltinContainerDeletion(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszUserName = NULL;
+    PSTR    pszDomainSid = NULL;
+    PSTR    pszSD = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // TODO
+    // By default, we do not allow deleting object under builtin container.
+    // Validate and update (or remove) this test case
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszSD, "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)", pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, "builtin", pszUserName, pszSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestDeleteUser(pState, "builtin", pszUserName);
+    TestAssertEquals(dwError, 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestProtectedEntries(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = TestEntriesProtectedByEid(pState, pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestEntriesProtectedByName(pState, pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestProtectedSchemaEntries(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestBuiltinContainerDeletion(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    printf("%s %s (%d)\n", __FUNCTION__, dwError ? "failed" : "succeeded", dwError);
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/prototypes.h b/lwraft/testing/integration_tests/acls/prototypes.h
new file mode 100644
index 000000000..eff60c1de
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/prototypes.h
@@ -0,0 +1,172 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// administratorrights.c
+DWORD
+TestStandardRightsForAdminUser(
+    PVMDIR_TEST_STATE pState
+    );
+
+// administratorsrights.c
+DWORD
+TestStandardRightsForAdminGroup(
+    PVMDIR_TEST_STATE pState
+    );
+
+// bad_parameters.c
+DWORD
+TestBadParameters(
+    PVMDIR_TEST_STATE pState
+    );
+
+// custom_groups.c
+DWORD
+TestCustomGroups(
+    PVMDIR_TEST_STATE pState
+    );
+
+// domainadminsrights.c
+DWORD
+TestStandardRightsForDomainAdmin(
+    PVMDIR_TEST_STATE pState
+    );
+
+// domainclientsrights.c
+DWORD
+TestStandardRightsForDomainClients(
+    PVMDIR_TEST_STATE pState
+    );
+
+// ntsecuritydescriptor.c
+DWORD
+TestSecurityDescriptors(
+    PVMDIR_TEST_STATE pState
+    );
+
+// sddl.c
+DWORD
+TestSecurityDescriptorsSddl(
+    PVMDIR_TEST_STATE pState
+    );
+
+// protected_entries.c
+DWORD
+TestProtectedEntries(
+    PVMDIR_TEST_STATE pState
+    );
+
+// inheritance.c
+DWORD
+TestSecurityDescriptorInheritance(
+    PVMDIR_TEST_STATE
+    );
+
+//legacy_access_checks.
+DWORD
+TestLegacyAccessChecks(
+    PVMDIR_TEST_STATE
+    );
+
+// standard_rights.c
+DWORD
+TryToListChildObjects(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+
+DWORD
+TryToDeleteObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+DWORD
+TryToReadProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+DWORD
+TryToReadSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+
+DWORD
+TryToWriteProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+
+DWORD
+TryToWriteSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+
+DWORD
+TryToListObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    );
+
+// util.c -- TODO: Move some to core library
+DWORD
+_GetObjectAcl(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszObjectDn,
+    PSTR *ppszAcl
+    );
+
+DWORD
+_VdcSearchForEntryAndAttribute(
+    LDAP *pLd,
+    PCSTR pszBaseDN,
+    PCSTR pszAttribute, // OPTIONAL
+    PSTR *ppszValue // OUT OPTIONAL
+    );
+
+DWORD
+VmDirTestAddAttributeValues(
+    LDAP *pLd,
+    PCSTR pszDN,
+    PCSTR pszAttribute,
+    PCSTR *ppszAttributeValues
+    );
+
+DWORD
+_VdcGetObjectSecurityDescriptor(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszObjectDN,
+    BYTE **ppbSecurityDescriptor,
+    PDWORD pdwSDLength
+    );
+
+DWORD
+_GetBuiltinGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupCn,
+    PSTR *ppszGroupSid
+    );
+
+DWORD
+_VdcConnectionFromUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserCn,
+    LDAP **ppLd
+    );
+
+// wellknownsids.c
+DWORD
+TestWellknownSids(
+    PVMDIR_TEST_STATE pState
+    );
diff --git a/lwraft/testing/integration_tests/acls/sddl.c b/lwraft/testing/integration_tests/acls/sddl.c
new file mode 100644
index 000000000..0cd5a9ea5
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/sddl.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+_ConvertStringToDescriptor(
+    PCSTR pszSddl,
+    PSECURITY_DESCRIPTOR_RELATIVE *ppSecurityDescriptor
+    )
+{
+    DWORD dwError = 0;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescriptor = NULL;
+
+    dwError = RtlAllocateSecurityDescriptorFromSddlCString(
+                &pSecurityDescriptor,
+                NULL,
+                pszSddl,
+                SDDL_REVISION_1);
+    dwError = LwNtStatusToWin32Error(dwError);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppSecurityDescriptor = pSecurityDescriptor;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+_ConvertDescriptorToString(
+    PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescriptor,
+    PSTR *ppszSddl
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszLocalAclString = NULL;
+    SECURITY_INFORMATION secInfoAll = (OWNER_SECURITY_INFORMATION |
+                                       GROUP_SECURITY_INFORMATION |
+                                       DACL_SECURITY_INFORMATION |
+                                       SACL_SECURITY_INFORMATION);
+
+    dwError = RtlAllocateSddlCStringFromSecurityDescriptor(
+                &pszLocalAclString,
+                pSecurityDescriptor,
+                SDDL_REVISION_1,
+                secInfoAll);
+    dwError = LwNtStatusToWin32Error(dwError);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszSddl = pszLocalAclString;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestSDDLRoundTrip(
+    PVMDIR_TEST_STATE pState
+    )
+{
+#if 0 // TODO
+    original SDDL ==> O:BAG:BAD:(A;;SDRPWPCC;;;S-1-7-32-666)(A;;GXWDRCCCDCRPWP;;;BA)
+    converted SDDL ==> O:BAG:BAD:(A;;SDCCRPWP;;;S-1-7-32-666)(A;;GXRCWDGXCCDCRPWP;;;BA)
+
+#endif
+
+    // TODO
+    PCSTR pszOriginalSddl = "O:BAG:BAD:(A;;SDCCRPWP;;;S-1-7-32-666)(A;;GXRCWDCCDCRPWP;;;BA)";
+    PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescriptor = NULL;
+    PSTR pszConvertedSddl = NULL;
+    DWORD dwError = 0;
+
+    dwError = _ConvertStringToDescriptor(pszOriginalSddl, &pSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _ConvertDescriptorToString(pSecurityDescriptor, &pszConvertedSddl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    printf("original SDDL ==> %s\n", pszOriginalSddl);
+    printf("converted SDDL ==> %s\n", pszConvertedSddl);
+    dwError = VmDirStringCompareA(pszOriginalSddl, pszConvertedSddl, TRUE);
+    TestAssert(dwError == 0);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pSecurityDescriptor);
+    VMDIR_SAFE_FREE_MEMORY(pszConvertedSddl);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+
+// TODO -- Make sure all permissions (and permutations?) are tested
+// TODO -- Move to unit tests.
+DWORD
+TestSecurityDescriptorsSddl(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    printf("Testing security descriptor SDDL related code ...\n");
+
+    dwError = TestSDDLRoundTrip(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    printf("Security Descriptor tests failed with error 0n%d\n", dwError);
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/standard_operations.c b/lwraft/testing/integration_tests/acls/standard_operations.c
new file mode 100644
index 000000000..9d87fa574
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/standard_operations.c
@@ -0,0 +1,333 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+TryToDeleteObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer // TODO
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestDeleteUser(pState, pszContainer, pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TryToReadProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_SAM_ACCOUNT_NAME,
+                &pszAttribute);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (strcmp(pszAttribute, pszUserName) != 0)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION);
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TryToReadSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAttribute = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                &pszAttribute);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //
+    // Make sure there's data. We don't bother validating the contents of the
+    // SD as that's installation- and entry-specific.
+    //
+    if (strlen(pszAttribute) == 0)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_DATA_CONSTRAINT_VIOLATION);
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszAttribute);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TryToWriteProperties(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { "206-555-1212", NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                "telephoneNumber",
+                (PCSTR*)ppszAttributeValues);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TryToWriteSD(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+    PSTR pszUserName = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Random SD. Actual values don't (entirely) matter.
+    dwError = VmDirAllocateStringPrintf(
+                &ppszAttributeValues[0],
+                "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)(A;;RCRPWPWDSD;;;%s-544)",
+                pszDomainSid,
+                pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pszUserDn,
+                ATTR_ACL_STRING,
+                (PCSTR*)ppszAttributeValues);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(ppszAttributeValues[0]);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TryToListObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDn = NULL;
+    PSTR pszUserName = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDn,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VdcSearchForEntryAndAttribute(
+                pState->pLd,
+                pszDn,
+                NULL,
+                NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TryToListChildObjects(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainerName
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserName = NULL;
+    PSTR pszContainerDn = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszContainerDn,
+                "cn=%s,%s",
+                pszContainerName,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+#if 0 // TODO
+DWORD
+TestStandardRightsForUser(
+    PVMDIR_TEST_STATE pState,
+    LDAP *pLd,
+    PCSTR pszContainerName
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = TryToListChildObjects(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TryToDeleteObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TryToReadProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TryToReadSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TryToWriteProperties(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TryToWriteSD(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TryToListObject(pState, pszContainerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
+#endif
diff --git a/lwraft/testing/integration_tests/acls/structs.h b/lwraft/testing/integration_tests/acls/structs.h
new file mode 100644
index 000000000..1e505506c
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/structs.h
@@ -0,0 +1,6 @@
+typedef struct _VMDIR_SD_CACHE_ENTRY
+{
+    LW_HASHTABLE_NODE Node;
+    PSTR pszDn;
+    PSTR pszAcl;
+} VMDIR_SD_CACHE_ENTRY, *PVMDIR_SD_CACHE_ENTRY;
diff --git a/lwraft/testing/integration_tests/acls/util.c b/lwraft/testing/integration_tests/acls/util.c
new file mode 100644
index 000000000..55ab327e2
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/util.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+
+// TODO -- No one calls this.
+DWORD
+_GetObjectAcl(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszObjectDn,
+    PSTR *ppszAcl
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszAcl = NULL;
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pState->pszBaseDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                ATTR_ACL_STRING,
+                &pszAcl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszAcl = pszAcl;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+_VdcSearchForEntryAndAttribute(
+    LDAP *pLd,
+    PCSTR pszBaseDN,
+    PCSTR pszAttribute, // OPTIONAL
+    PSTR *ppszValue // OUT OPTIONAL
+    )
+{
+    DWORD dwError = 0;
+    LDAPMessage* pResult = NULL;
+    PCSTR ppszAttrs[] = { NULL, NULL };
+    PSTR pszAttributeValue = NULL;
+    BerValue **ppBerValues = NULL;
+
+    if (pszAttribute != NULL)
+    {
+        ppszAttrs[0] = pszAttribute;
+    }
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszBaseDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                TRUE, /* get values      */
+                NULL,  /* server controls */
+                NULL,  /* client controls */
+                NULL,  /* timeout         */
+                0,     /* size limit */
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pszAttribute != NULL)
+    {
+        if (ldap_count_entries(pLd, pResult) > 0)
+        {
+            LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
+
+            for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
+            {
+                BerValue** ppBerValues = NULL;
+                ppBerValues = ldap_get_values_len(pLd, pEntry, pszAttribute);
+                if (ppBerValues != NULL && ldap_count_values_len(ppBerValues) > 0)
+                {
+                    dwError = VmDirAllocateStringA(
+                                ppBerValues[0][0].bv_val,
+                                &pszAttributeValue);
+                    BAIL_ON_VMDIR_ERROR(dwError);
+                    break;
+                }
+            }
+        }
+
+        *ppszValue = pszAttributeValue;
+    }
+
+cleanup:
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszAttributeValue);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirTestAddAttributeValues(
+    LDAP *pLd,
+    PCSTR pszDN,
+    PCSTR pszAttribute,
+    PCSTR *ppszAttributeValues
+    )
+{
+    DWORD dwError = 0;
+
+    LDAPMod addition;
+    LDAPMod *mods[2];
+
+    addition.mod_op     = LDAP_MOD_ADD;
+    addition.mod_type   = (PSTR) pszAttribute;
+    addition.mod_values = (PSTR*) ppszAttributeValues;
+
+    mods[0] = &addition;
+    mods[1] = NULL;
+
+    dwError = ldap_modify_ext_s(pLd, pszDN, mods, NULL, NULL);
+
+    return dwError;
+}
+
+// TODO -- Get rid of this and just call VmDirTestGetAttributeValue
+DWORD
+_VdcGetObjectSecurityDescriptor(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszObjectDN,
+    BYTE **ppbSecurityDescriptor,
+    PDWORD pdwSDLength
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszFilter = NULL;
+    BYTE *pbSecurityDescriptor = NULL;
+    DWORD dwSDLength = 0;
+    BOOLEAN bValidDescriptor = FALSE;
+    PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescriptor = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszFilter,
+                "%s=*",
+                ATTR_OBJECT_CLASS);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValue(
+                pState->pLd,
+                pszObjectDN,
+                LDAP_SCOPE_BASE,
+                pszFilter,
+                ATTR_OBJECT_SECURITY_DESCRIPTOR,
+                &pbSecurityDescriptor,
+                &dwSDLength);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pSecurityDescriptor = (PSECURITY_DESCRIPTOR_RELATIVE)pbSecurityDescriptor;
+    bValidDescriptor = RtlValidRelativeSecurityDescriptor(
+                        pSecurityDescriptor,
+                        dwSDLength,
+                        OWNER_SECURITY_INFORMATION |
+                            GROUP_SECURITY_INFORMATION |
+                            DACL_SECURITY_INFORMATION);
+    TestAssertMsg(bValidDescriptor, "The object already has a bad SD?!?");
+
+    *ppbSecurityDescriptor = pbSecurityDescriptor;
+    *pdwSDLength = dwSDLength;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszFilter);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+_GetBuiltinGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupCn,
+    PSTR *ppszGroupSid
+    )
+{
+    PSTR pszGroupDn = NULL;
+    PSTR pszGroupSid = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszGroupDn,
+                "cn=%s,cn=Builtin,%s",
+                pszGroupCn,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszGroupDn,
+                LDAP_SCOPE_BASE,
+                "(objectclass=*)",
+                "objectSid",
+                &pszGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszGroupSid = pszGroupSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+_VdcConnectionFromUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserCn,
+    LDAP **ppLd
+    )
+{
+    DWORD dwError = 0;
+    LDAP *pLd = NULL;
+    PSTR pszUserUPN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserUPN,
+                "%s@%s",
+                pszUserCn,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSafeLDAPBind(
+                &pLd,
+                pState->pszServerName,
+                pszUserUPN,
+                pState->pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppLd = pLd;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserUPN);
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/integration_tests/acls/wellknownsids.c b/lwraft/testing/integration_tests/acls/wellknownsids.c
new file mode 100644
index 000000000..81eb59b23
--- /dev/null
+++ b/lwraft/testing/integration_tests/acls/wellknownsids.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+BOOLEAN
+CompareWellknownSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszObjectSid,
+    PCSTR pszDomainSid,
+    DWORD dwWellknownRid
+    )
+{
+    PSTR pszComputedSid = NULL;
+    DWORD dwError = 0;
+    BOOLEAN bMatch = FALSE;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszComputedSid,
+                "%s-%d",
+                pszDomainSid,
+                dwWellknownRid);
+    TestAssert(dwError == 0);
+
+    bMatch = (VmDirStringCompareA(pszObjectSid, pszComputedSid, TRUE) == 0);
+
+    VMDIR_SAFE_FREE_STRINGA(pszComputedSid);
+
+    return bMatch;
+}
+
+DWORD
+TestWellknownSids(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszObjectSid = NULL;
+    PSTR pszDomainSid = NULL;
+    PSTR pszKerberosUser = NULL;
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    TestAssert(dwError == 0);
+
+    dwError = VmDirTestGetUserSid(pState, "administrator", NULL, &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, DOMAIN_ALIAS_RID_ADMINS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(&pszKerberosUser, "%s/%d", NULL, &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = VmDirTestGetUserSid(pState, pszKerberosUser, NULL, &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, DOMAIN_USER_RID_KRBTGT));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "DCAdmins", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, DOMAIN_GROUP_RID_ADMINS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "DCClients", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, DOMAIN_GROUP_RID_USERS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "Administrators", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, DOMAIN_GROUP_RID_ADMINS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _GetBuiltinGroupSid(pState, "Users", &pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    TestAssert(CompareWellknownSid(pState, pszObjectSid, pszDomainSid, DOMAIN_ALIAS_RID_USERS));
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/kerberos/Makefile.am b/lwraft/testing/kerberos/Makefile.am
index 84cc6318c..05d5bcb05 100644
--- a/lwraft/testing/kerberos/Makefile.am
+++ b/lwraft/testing/kerberos/Makefile.am
@@ -5,21 +5,22 @@ krb5keys_test_SOURCES = \
     krb5keys-test.c
 
 krb5keys_test_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/server/tools \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/server \
+    -I$(top_srcdir)/lwraft/server/tools \
+    -I$(top_srcdir)/lwraft/server/include \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 krb5keys_test_LDADD = \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
+    $(top_builddir)/lwraft/server/common/libsrvcommon.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    $(top_builddir)/lwraft/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
+    $(top_builddir)/lwraft/thirdparty/heimdal/asn1/libasn1db.la \
+    $(top_builddir)/lwraft/thirdparty/heimdal/asn1/libasn1.la \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @LWBASE_LIBS@ \
diff --git a/lwraft/testing/query/Makefile.am b/lwraft/testing/query/Makefile.am
index 9f65d5523..297f47274 100644
--- a/lwraft/testing/query/Makefile.am
+++ b/lwraft/testing/query/Makefile.am
@@ -5,14 +5,14 @@ vmdir_test_query_SOURCES = \
     main.c
 
 vmdir_test_query_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
     -DLDAP_DEPRECATED=1 \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmdir_test_query_LDADD = \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
     @LWBASE_LIBS@ \
     @LDAP_LIBS@ \
     @LBER_LIBS@ \
diff --git a/lwraft/testing/query/main.c b/lwraft/testing/query/main.c
index 1c6eceacd..acff425dd 100644
--- a/lwraft/testing/query/main.c
+++ b/lwraft/testing/query/main.c
@@ -55,7 +55,7 @@ int main(int argc, char* argv[])
     dwError = VmDirQueryParseArgs(argc, argv, &pArgs);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf(
+    dwError = VmDirAllocateStringPrintf(
                     &pszLdapURL,
                     "ldap://%s",
                     pArgs->pszHostname);
diff --git a/lwraft/testing/test_lib/Makefile.am b/lwraft/testing/test_lib/Makefile.am
new file mode 100644
index 000000000..c0cbb3893
--- /dev/null
+++ b/lwraft/testing/test_lib/Makefile.am
@@ -0,0 +1,35 @@
+noinst_LTLIBRARIES = liblwrafttesting.la
+
+liblwrafttesting_la_SOURCES = \
+    assert.c \
+    connection.c \
+    misc.c \
+    ldap.c \
+    testinfrastructure.c \
+    user.c
+
+liblwrafttesting_la_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    @OPENSSL_INCLUDES@ \
+    @LW_INCLUDES@
+
+liblwrafttesting_la_LIBADD = \
+    @top_builddir@/lwraft/common/libcommon.la \
+    @DCERPC_LIBS@ \
+    @LWIO_LIBS@ \
+    @SCHANNEL_LIBS@ \
+    @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
+    @LWREG_LIBS@ \
+    @LWBASE_LIBS@ \
+    @GSSAPI_LIBS@ \
+    @UUID_LIBS@ \
+    @LDAP_LIBS@ \
+    @LBER_LIBS@ \
+    @CRYPTO_LIBS@ \
+    @PTHREAD_LIBS@
+
+liblwrafttesting_la_LDFLAGS = \
+    -static \
+    @OPENSSL_LDFLAGS@
diff --git a/lwraft/testing/test_lib/assert.c b/lwraft/testing/test_lib/assert.c
new file mode 100644
index 000000000..59df0b0f0
--- /dev/null
+++ b/lwraft/testing/test_lib/assert.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+
+VOID
+_VmDirTestBreakIntoDebugger(
+    VOID)
+{
+#ifdef _WIN32
+    DbgBreakPoint();
+#else
+    raise(SIGTRAP);
+#endif
+}
+
+VOID
+_VmDirTestAssertionWorker(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    if (pState->bBreakIntoDebugger)
+    {
+        _VmDirTestBreakIntoDebugger();
+    }
+
+    if (!pState->bKeepGoing)
+    {
+        (*pState->pfnCleanupCallback)(pState);
+        exit(1);
+    }
+}
+
+VOID
+VmDirTestReportAssertionFailure(
+    PCSTR pszExpression,
+    PCSTR pszCustomMsg,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    )
+{
+    if (!IsNullOrEmptyString(pszCustomMsg))
+    {
+        printf("ERROR: %s\n", pszCustomMsg);
+    }
+
+    printf("%s:%d: %s: Assertion `%s` failed.\n", pszFile, dwLineNumber, pszFunction, pszExpression);
+    _VmDirTestAssertionWorker(pState);
+}
+
+VOID
+VmDirTestReportAssertionFailureDwordOperands(
+    PCSTR pszSideA,
+    PCSTR pszSideB,
+    DWORD dwValueA,
+    DWORD dwValueB,
+    BOOLEAN bEquality,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("%s:%d: %s:\n", pszFile, dwLineNumber, pszFunction);
+    printf("Assertion Failure: %s %s %s\n", pszSideA, bEquality ? "==" : "!=", pszSideB);
+    printf("Actual values: %d / %d\n", dwValueA, dwValueB);
+
+    _VmDirTestAssertionWorker(pState);
+}
+
+VOID
+VmDirTestReportAssertionFailurePtrOperands(
+    PCSTR pszSideA,
+    PCSTR pszSideB,
+    PVOID pValueA,
+    PVOID pValueB,
+    BOOLEAN bEquality,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("%s:%d: %s:\n", pszFile, dwLineNumber, pszFunction);
+    printf("Assertion Failure: %s %s %s\n", pszSideA, bEquality ? "==" : "!=", pszSideB);
+    printf("Actual values: %p / %p\n", pValueA, pValueB);
+
+    _VmDirTestAssertionWorker(pState);
+}
+
+VOID
+VmDirTestReportAssertionFailureStringOperands(
+    PCSTR pszSideA,
+    PCSTR pszSideB,
+    PCSTR pszValueA,
+    PCSTR pszValueB,
+    BOOLEAN bEquality,
+    PCSTR pszFile,
+    PCSTR pszFunction,
+    DWORD dwLineNumber,
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("%s:%d: %s:\n", pszFile, dwLineNumber, pszFunction);
+    printf("Assertion Failure: %s %s %s\n", pszSideA, bEquality ? "==" : "!=", pszSideB);
+    printf("Actual values: %s / %s\n", pszValueA, pszValueB);
+
+    _VmDirTestAssertionWorker(pState);
+}
diff --git a/lwraft/testing/test_lib/connection.c b/lwraft/testing/test_lib/connection.c
new file mode 100644
index 000000000..45c3e5675
--- /dev/null
+++ b/lwraft/testing/test_lib/connection.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+VmDirTestCreateAnonymousConnection(
+    PCSTR pszServerName,
+    LDAP **ppLd
+    )
+{
+    DWORD dwError = 0;
+    LDAP *pLd = NULL;
+    PSTR pszLdapUri = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszLdapUri,
+                "ldap://%s:389",
+                pszServerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAnonymousLDAPBind(&pLd, pszLdapUri);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppLd = pLd;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/test_lib/includes.h b/lwraft/testing/test_lib/includes.h
new file mode 100644
index 000000000..1ab6fa5a2
--- /dev/null
+++ b/lwraft/testing/test_lib/includes.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifdef _WIN32
+#pragma once
+
+#include "targetver.h"
+
+#include <windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <tchar.h>
+#include <winsock2.h>
+#include "ldap-int.h"
+#define LDAP_UNICODE 0
+
+#include <vmdir.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+
+#include "banned.h"
+#else
+
+#include <config.h>
+
+#include <vmdirsys.h>
+#include <ldap.h>
+#include <lber.h>
+
+#include <vmdir.h>
+#include <vmdirtypes.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+#endif
+
+#include <vmdirtesting.h>
diff --git a/lwraft/testing/test_lib/ldap.c b/lwraft/testing/test_lib/ldap.c
new file mode 100644
index 000000000..14201a696
--- /dev/null
+++ b/lwraft/testing/test_lib/ldap.c
@@ -0,0 +1,384 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+VmDirTestReplaceBinaryAttributeValues(
+    LDAP *pLd,
+    PCSTR pszDN,
+    PCSTR pszAttribute,
+    BYTE *pbAttributeValue,
+    DWORD dwDataLength
+    )
+{
+    DWORD dwError = 0;
+    BerValue *ppBerValues[2] = {NULL, NULL};
+    BerValue bvSecurityDescriptor = {0};
+    LDAPMod addReplace;
+    LDAPMod *mods[2];
+
+    /* Initialize the attribute, specifying 'modify' as the operation */
+    bvSecurityDescriptor.bv_val = pbAttributeValue;
+    bvSecurityDescriptor.bv_len = dwDataLength;
+    ppBerValues[0] = &bvSecurityDescriptor;
+    addReplace.mod_op     = LDAP_MOD_REPLACE | LDAP_MOD_BVALUES;
+    addReplace.mod_type   = (PSTR)pszAttribute;
+    addReplace.mod_bvalues = ppBerValues;
+
+    /* Fill the attributes array (remember it must be NULL-terminated) */
+    mods[0] = &addReplace;
+    mods[1] = NULL;
+
+    dwError = ldap_modify_ext_s(pLd, pszDN, mods, NULL, NULL);
+
+    return dwError;
+}
+
+DWORD
+VmDirTestGetAttributeValueString(
+    LDAP *pLd,
+    PCSTR pBase,
+    int ldapScope,
+    PCSTR pszFilter,
+    PCSTR pszAttribute,
+    PSTR *ppszAttributeValue
+    )
+{
+    DWORD dwError = 0;
+    PCSTR ppszAttrs[2] = {0};
+    LDAPMessage *pResult = NULL;
+    BerValue** ppBerValues = NULL;
+    PSTR pszAttributeValue = NULL;
+    LDAPMessage *pEntry = NULL;
+
+    ppszAttrs[0] = pszAttribute;
+    dwError = ldap_search_ext_s(
+                pLd,
+                pBase,
+                ldapScope,
+                pszFilter,
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (ldap_count_entries(pLd, pResult) != 1)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_STATE);
+    }
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    if (!pEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_STATE);
+    }
+
+    ppBerValues = ldap_get_values_len(pLd, pEntry, pszAttribute);
+    if (!ppBerValues || (ldap_count_values_len(ppBerValues) != 1))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_STATE);
+    }
+
+    dwError = VmDirAllocateStringA(ppBerValues[0]->bv_val, &pszAttributeValue);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszAttributeValue = pszAttributeValue;
+    pszAttributeValue = NULL;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszAttributeValue);
+
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+        ppBerValues = NULL;
+    }
+
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+        pResult = NULL;
+    }
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestReplaceAttributeValues(
+    LDAP *pLd,
+    PCSTR pszDN,
+    PCSTR pszAttribute,
+    PCSTR *ppszAttributeValues
+    )
+{
+    DWORD dwError = 0;
+
+    LDAPMod addReplace;
+    LDAPMod *mods[2];
+
+    /* Initialize the attribute, specifying 'ADD' as the operation */
+    addReplace.mod_op     = LDAP_MOD_REPLACE;
+    addReplace.mod_type   = (PSTR) pszAttribute;
+    addReplace.mod_values = (PSTR*) ppszAttributeValues;
+
+    /* Fill the attributes array (remember it must be NULL-terminated) */
+    mods[0] = &addReplace;
+    mods[1] = NULL;
+
+    /* ....initialize connection, etc. */
+
+    dwError = ldap_modify_ext_s(pLd, pszDN, mods, NULL, NULL);
+
+    return dwError;
+}
+
+DWORD
+VmDirTestGetAttributeValue(
+    LDAP *pLd,
+    PCSTR pBase,
+    int ldapScope,
+    PCSTR pszFilter,
+    PCSTR pszAttribute,
+    BYTE **ppbAttributeValue,
+    PDWORD pdwAttributeLength
+    )
+{
+    DWORD dwError = 0;
+    PCSTR ppszAttrs[2] = {0};
+    LDAPMessage *pResult = NULL;
+    BerValue** ppBerValues = NULL;
+    BYTE *pbAttributeValue = NULL;
+    DWORD dwAttributeLength = 0;
+
+    ppszAttrs[0] = pszAttribute;
+    dwError = ldap_search_ext_s(
+                pLd,
+                pBase,
+                ldapScope,
+                pszFilter ? pszFilter : "",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (ldap_count_entries(pLd, pResult) > 0)
+    {
+        LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
+
+        for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
+        {
+            BerValue** ppBerValues = NULL;
+            ppBerValues = ldap_get_values_len(pLd, pEntry, pszAttribute);
+            if (ppBerValues != NULL && ldap_count_values_len(ppBerValues) > 0)
+            {
+                dwError = VmDirAllocateAndCopyMemory(
+                            ppBerValues[0][0].bv_val,
+                            ppBerValues[0][0].bv_len,
+                            (PVOID*)&pbAttributeValue);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwAttributeLength = ppBerValues[0][0].bv_len;
+                break;
+            }
+        }
+    }
+
+    *ppbAttributeValue = pbAttributeValue;
+    *pdwAttributeLength = dwAttributeLength;
+    pbAttributeValue = NULL;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pbAttributeValue);
+
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+        ppBerValues = NULL;
+    }
+
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+        pResult = NULL;
+    }
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+VOID
+VmDirTestLdapUnbind(
+    LDAP *pLd
+    )
+{
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+}
+
+//
+// Enumerates the objects at a certain DN. If you just want to verify that the
+// user can enumerate but don't care about the actual objects, pass NULL
+// for ppObjectList.
+//
+// NB -- The VMDIR_STRING_LIST returned contains full DNs for the individual
+// objects.
+//
+DWORD
+VmDirTestGetObjectList(
+    LDAP *pLd,
+    PCSTR pszDn,
+    PVMDIR_STRING_LIST *ppObjectList /* OPTIONAL */
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwObjectCount = 0;
+    PCSTR ppszAttrs[] = {NULL};
+    LDAPMessage *pResult = NULL;
+    PVMDIR_STRING_LIST pObjectList = NULL;
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszDn,
+                LDAP_SCOPE_SUBTREE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (ppObjectList != NULL)
+    {
+        dwObjectCount = ldap_count_entries(pLd, pResult);
+        dwError = VmDirStringListInitialize(&pObjectList, dwObjectCount);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (dwObjectCount > 0)
+        {
+            LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
+
+            //
+            // Grab the next entry. The first one will be the base DN itself.
+            //
+            pEntry = ldap_next_entry(pLd, pEntry);
+            for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
+            {
+                dwError = VmDirStringListAddStrClone(ldap_get_dn(pLd, pEntry), pObjectList);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+
+        *ppObjectList = pObjectList;
+    }
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pObjectList);
+    goto cleanup;
+}
+
+DWORD
+VmDirTestConnectionFromUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserName,
+    LDAP **ppLd
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserUPN = NULL;
+    LDAP *pLd;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserUPN,
+                "%s@%s",
+                pszUserName,
+                pState->pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSafeLDAPBind(
+                &pLd,
+                pState->pszServerName,
+                pszUserUPN,
+                pState->pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppLd = pLd;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserUPN);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteContainerByDn(
+    LDAP *pLd,
+    PCSTR pszContainerDn
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pObjectList = NULL;
+
+    dwError = VmDirTestGetObjectList(pLd, pszContainerDn, &pObjectList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwIndex = 0; dwIndex < pObjectList->dwCount; ++dwIndex)
+    {
+        dwError = ldap_delete_ext_s(
+                pLd, pObjectList->pStringList[dwIndex], NULL, NULL);
+        if (dwError == LDAP_NOT_ALLOWED_ON_NONLEAF)
+        {
+            dwError = VmDirTestDeleteContainerByDn(
+                    pLd, pObjectList->pStringList[dwIndex]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    dwError = ldap_delete_ext_s(pLd, pszContainerDn, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirStringListFree(pObjectList);
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/test_lib/misc.c b/lwraft/testing/test_lib/misc.c
new file mode 100644
index 000000000..884f14050
--- /dev/null
+++ b/lwraft/testing/test_lib/misc.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+VmDirTestGetDomainSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszDomainDn,
+    PSTR *ppszDomainSid
+    )
+{
+    DWORD dwError;
+    PSTR pszDomainSid = NULL;
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszDomainDn,
+                LDAP_SCOPE_BASE,
+                "(objectclass=dcObject)",
+                "objectSid",
+                &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppszDomainSid = pszDomainSid;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateClass(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszClassName
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsCn[] = {pszClassName, NULL};
+    PCSTR valsClass[] = {"classschema", NULL};
+    PCSTR valsSubclass[] = {OC_TOP, NULL};
+    PCSTR valsGovernsId[] = {"111.111.4.001", NULL};
+    PCSTR valsCategory[] = {"1", NULL};
+    PSTR pszDN = NULL;
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, "governsid", {(PSTR*)valsGovernsId}},
+        {LDAP_MOD_ADD, "objectclasscategory", {(PSTR*)valsCategory}},
+        {LDAP_MOD_ADD, "subclassof", {(PSTR*)valsSubclass}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=schemacontext",
+                pszClassName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(
+                pState->pLd,
+                pszDN,
+                attrs,
+                NULL,
+                NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateObject(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszClassName,
+    PCSTR pszObjectName
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsCn[] = {pszObjectName, NULL};
+    PCSTR valsClass[] = {"classschema", NULL};
+    PSTR pszDN = NULL;
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,cn=%s,%s",
+            pszClassName,
+            pszContainer,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateContainer(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszAcl /* OPTIONAL */
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsCn[] = {pszContainer, NULL};
+    PCSTR valsClass[] = {"top", "container", NULL};
+    PCSTR valsAcl[] = {pszAcl, NULL};
+    PSTR pszDN = NULL;
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
+
+    if (IsNullOrEmptyString(pszContainer))
+    {
+        valsCn[0] = VmDirTestGetTestContainerCn(pState);
+
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,%s",
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=%s,%s",
+                pszContainer,
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (IsNullOrEmptyString(pszAcl))
+    {
+        attrs[2] = NULL;
+    }
+
+    dwError = ldap_add_ext_s(
+            pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteContainer(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+
+    if (IsNullOrEmptyString(pszContainer))
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,%s",
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=%s,%s",
+                pszContainer,
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirTestDeleteContainerByDn(pState->pLd, pszDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestGetGuid(
+    PSTR *ppszGuid
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszGuid = NULL;
+    uuid_t guid = {0};
+    char szGuid[VMDIR_GUID_STR_LEN] = {0};
+
+    VmDirUuidGenerate(&guid);
+    VmDirUuidToStringLower(&guid, szGuid, VMDIR_ARRAY_SIZE(szGuid));
+
+    dwError = VmDirAllocateStringA(szGuid, &pszGuid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszGuid = pszGuid;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/test_lib/testinfrastructure.c b/lwraft/testing/test_lib/testinfrastructure.c
new file mode 100644
index 000000000..a74ee16e4
--- /dev/null
+++ b/lwraft/testing/test_lib/testinfrastructure.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+PCSTR
+VmDirTestGetInternalUserCn(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    return pState->pszInternalUserName;
+}
+
+DWORD
+VmDirTestGetInternalUserDn(
+    PVMDIR_TEST_STATE pState,
+    PSTR *ppszDn
+    )
+{
+    PSTR pszDn = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDn,
+                "cn=%s,cn=Users,%s",
+                VmDirTestGetInternalUserCn(pState),
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszDn = pszDn;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+PCSTR
+VmDirTestGetTestContainerCn(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    return pState->pszTestContainerName;
+}
+
+DWORD
+VmDirTestGetTestContainerDn(
+    PVMDIR_TEST_STATE pState,
+    PSTR *ppszDN
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,%s",
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppszDN = pszDN;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/test_lib/user.c b/lwraft/testing/test_lib/user.c
new file mode 100644
index 000000000..e66c29030
--- /dev/null
+++ b/lwraft/testing/test_lib/user.c
@@ -0,0 +1,692 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+VmDirTestGetUserSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserName,
+    PCSTR pszUserContainer, // optional
+    PSTR *ppszUserSid
+    )
+{
+    DWORD dwError;
+    PSTR pszUserSid = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszContainerDn = NULL;
+
+    if (pszUserContainer != NULL)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszContainerDn,
+                    "cn=%s,",
+                    pszContainerDn);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=%s,%scn=users,%s",
+                pszUserName,
+                pszUserContainer ? pszContainerDn : "",
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszUserDn,
+                LDAP_SCOPE_BASE,
+                "(objectclass=*)",
+                "objectSid",
+                &pszUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppszUserSid = pszUserSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    VMDIR_SAFE_FREE_STRINGA(pszContainerDn);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteUserEx(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    BOOLEAN bUseLimitedAccount
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pszContainer ? pszContainer : "Users",
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (bUseLimitedAccount)
+    {
+        dwError = ldap_delete_ext_s(pState->pLdLimited, pszDN, NULL, NULL);
+    }
+    else
+    {
+        dwError = ldap_delete_ext_s(pState->pLd, pszDN, NULL, NULL);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName
+    )
+{
+    return VmDirTestDeleteUserEx(pState, pszContainer, pszUserName, FALSE);
+}
+
+DWORD
+VmDirTestCreateUserWithLimitedAccount(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    PCSTR pszAcl /* OPTIONAL */
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsAcl[] = {pszAcl, NULL};
+    PCSTR valsCn[] = {pszUserName, NULL};
+    PCSTR valssAMActName[] = {pszUserName, NULL};
+    PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
+    PCSTR valsPNE[] = {"TRUE", NULL};
+    PCSTR valsUPN[] = {NULL, NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
+    PSTR pszUPN = NULL;
+    PSTR pszDN = NULL;
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_PASSWORD_NEVER_EXPIRES, {(PSTR*)valsPNE}},
+        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsUPN}},
+        {LDAP_MOD_ADD, ATTR_USER_PASSWORD, {(PSTR*)valsPass}},
+        {LDAP_MOD_ADD, ATTR_SN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], &mod[5], &mod[6], &mod[7], NULL};
+
+    dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pState->pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    valsUPN[0] = pszUPN;
+
+    if (IsNullOrEmptyString(pszAcl))
+    {
+        attrs[7] = NULL;
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszContainer ? pszContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLdLimited, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VMDIR_SAFE_FREE_STRINGA(pszUPN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateUser(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    PCSTR pszAcl /* OPTIONAL */
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsAcl[] = {pszAcl, NULL};
+    PCSTR valsCn[] = {pszUserName, NULL};
+    PCSTR valssAMActName[] = {pszUserName, NULL};
+    PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
+    PCSTR valsPNE[] = {"TRUE", NULL};
+    PCSTR valsUPN[] = {NULL, NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
+    PSTR pszUPN = NULL;
+    PSTR pszDN = NULL;
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_PASSWORD_NEVER_EXPIRES, {(PSTR*)valsPNE}},
+        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsUPN}},
+        {LDAP_MOD_ADD, ATTR_USER_PASSWORD, {(PSTR*)valsPass}},
+        {LDAP_MOD_ADD, ATTR_SN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], &mod[5], &mod[6], &mod[7], NULL};
+
+    dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pState->pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    valsUPN[0] = pszUPN;
+
+    if (IsNullOrEmptyString(pszAcl))
+    {
+        attrs[7] = NULL;
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszContainer ? pszContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VMDIR_SAFE_FREE_STRINGA(pszUPN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateUserWithSecurityDescriptor(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName,
+    PBYTE pbSecurityDescriptor,
+    DWORD dwLength
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsCn[] = {pszUserName, NULL};
+    PCSTR valssAMActName[] = {pszUserName, NULL};
+    PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
+    PCSTR valsPNE[] = {"TRUE", NULL};
+    PCSTR valsPN[] = {NULL, NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
+    PSTR pszUPN = NULL;
+    PSTR pszDN = NULL;
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_PASSWORD_NEVER_EXPIRES, {(PSTR*)valsPNE}},
+        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsPN}},
+        {LDAP_MOD_ADD, ATTR_USER_PASSWORD, {(PSTR*)valsPass}},
+        {LDAP_MOD_ADD, ATTR_SN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD | LDAP_MOD_BVALUES, ATTR_OBJECT_SECURITY_DESCRIPTOR, {0}},
+    };
+    BerValue *pbvSecurityDescriptors[2] = {NULL, NULL};
+    BerValue bvSecurityDescriptor = {0};
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], &mod[4], &mod[5], &mod[6], &mod[7], NULL};
+
+    dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pState->pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    valsPN[0] = pszUPN;
+
+    bvSecurityDescriptor.bv_len = dwLength;
+    bvSecurityDescriptor.bv_val = (char*)pbSecurityDescriptor;
+    pbvSecurityDescriptors[0] = &bvSecurityDescriptor;
+    mod[7].mod_vals.modv_bvals = pbvSecurityDescriptors;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszContainer ? pszContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VMDIR_SAFE_FREE_STRINGA(pszUPN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestAddUserToGroupByDn(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PCSTR pszGroupDn
+    )
+{
+    DWORD dwError = 0;
+    LDAPMod addition;
+    LDAPMod *mods[2];
+    PCSTR ppszAttributeValues[] = { pszUserDn, NULL };
+
+    addition.mod_op     = LDAP_MOD_ADD;
+    addition.mod_type   = ATTR_MEMBER;
+    addition.mod_values = (PSTR*)ppszAttributeValues;
+
+    mods[0] = &addition;
+    mods[1] = NULL;
+
+    dwError = ldap_modify_ext_s(pLd, pszGroupDn, mods, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestAddUserToGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszUserDN = NULL;
+    PSTR    pszGroupDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszUserDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszUserContainer ? pszUserContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupDN,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszGroupContainer ? pszGroupContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroupByDn(pState->pLd, pszUserDN, pszGroupDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserDN);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestRemoveUserFromGroupByDn(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PCSTR pszGroupDn
+    )
+{
+    DWORD dwError = 0;
+    LDAPMod addition;
+    LDAPMod *mods[2];
+    PCSTR ppszAttributeValues[] = { pszUserDn, NULL };
+
+    addition.mod_op     = LDAP_MOD_DELETE;
+    addition.mod_type   = ATTR_MEMBER;
+    addition.mod_values = (PSTR*)ppszAttributeValues;
+
+    mods[0] = &addition;
+    mods[1] = NULL;
+
+    dwError = ldap_modify_ext_s(pLd, pszGroupDn, mods, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestRemoveUserFromGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszUserDN = NULL;
+    PSTR    pszGroupDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszUserDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszUserContainer ? pszUserContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupDN,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszGroupContainer ? pszGroupContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestRemoveUserFromGroupByDn(pState->pLd, pszUserDN, pszGroupDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserDN);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestListGroupMembers(
+    LDAP *pLd,
+    PCSTR pszGroupDN,
+    PVMDIR_STRING_LIST *ppvsMembers
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwMemberCount = 0;
+    DWORD dwIndex = 0;
+    PCSTR ppszAttrs[] = {ATTR_MEMBER, NULL};
+    LDAPMessage *pResult = NULL;
+    PVMDIR_STRING_LIST pvsMembers = NULL;
+    BerValue** ppBerValues = NULL;
+    LDAPMessage* pEntry = NULL;
+
+    dwError = VmDirStringListInitialize(&pvsMembers, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszGroupDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ATTR_MEMBER);
+    if (ppBerValues != NULL)
+    {
+        dwMemberCount = ldap_count_values_len(ppBerValues);
+
+        for (dwIndex = 0; dwIndex < dwMemberCount; ++dwIndex)
+        {
+            dwError = VmDirStringListAddStrClone(ppBerValues[dwIndex]->bv_val, pvsMembers);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *ppvsMembers = pvsMembers;
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pvsMembers);
+    goto cleanup;
+}
+
+DWORD
+VmDirTestListUsersGroups(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PVMDIR_STRING_LIST *ppvsGroups /* OUT */
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwGroupCount = 0;
+    DWORD dwIndex = 0;
+    PCSTR ppszAttrs[] = {ATTR_MEMBEROF, NULL};
+    LDAPMessage *pResult = NULL;
+    PVMDIR_STRING_LIST pvsGroups = NULL;
+    BerValue** ppBerValues = NULL;
+    LDAPMessage* pEntry = NULL;
+
+    dwError = VmDirStringListInitialize(&pvsGroups, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszUserDn,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ATTR_MEMBEROF);
+    if (ppBerValues != NULL)
+    {
+        dwGroupCount = ldap_count_values_len(ppBerValues);
+
+        for (dwIndex = 0; dwIndex < dwGroupCount; ++dwIndex)
+        {
+            dwError = VmDirStringListAddStrClone(ppBerValues[dwIndex]->bv_val, pvsGroups);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *ppvsGroups = pvsGroups;
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pvsGroups);
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer, /* OPTIONAL */
+    PCSTR pszGroupName,
+    PCSTR pszAcl /* OPTIONAL */
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+    PCSTR valsAcl[] = {pszAcl, NULL};
+    PCSTR valsCn[] = {pszGroupName, NULL};
+    PCSTR valssAMActName[] = {pszGroupName, NULL};
+    PCSTR valsClass[] = {OC_GROUP, OC_TOP, NULL};
+    LDAPMod mod[] = {
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], NULL};
+
+    if (IsNullOrEmptyString(pszAcl))
+    {
+        attrs[3] = NULL;
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszContainer ? pszContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteGroupEx(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroupName,
+    BOOLEAN bUseLimitedAccount
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=%s,%s",
+                pszGroupName,
+                pszContainer ? pszContainer : "Builtin",
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (bUseLimitedAccount)
+    {
+        dwError = ldap_delete_ext_s(pState->pLdLimited, pszDN, NULL, NULL);
+    }
+    else
+    {
+        dwError = ldap_delete_ext_s(pState->pLd, pszDN, NULL, NULL);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroupName
+    )
+{
+    return VmDirTestDeleteGroupEx(pState, pszContainer, pszGroupName, FALSE);
+}
+
+DWORD
+VmDirTestGetGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupName,
+    PCSTR pszContainer, // optional
+    PSTR *ppszGroupSid
+    )
+{
+    DWORD   dwError;
+    PSTR    pszGroupDn = NULL;
+    PSTR    pszGroupSid = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupDn,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszContainer ? pszContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+            pState->pLd,
+            pszGroupDn,
+            LDAP_SCOPE_BASE,
+            NULL,
+            "objectSid",
+            &pszGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszGroupSid = pszGroupSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupSid);
+    goto cleanup;
+}
diff --git a/lwraft/testing/test_runner/Makefile.am b/lwraft/testing/test_runner/Makefile.am
new file mode 100644
index 000000000..7b2f4ab40
--- /dev/null
+++ b/lwraft/testing/test_runner/Makefile.am
@@ -0,0 +1,29 @@
+noinst_PROGRAMS = vmdir_test_runner
+
+vmdir_test_runner_SOURCES = \
+    main.c \
+    testinfrastructure.c
+
+vmdir_test_runner_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    @LW_INCLUDES@ \
+    @OPENSSL_INCLUDES@
+
+vmdir_test_runner_LDADD = \
+    $(top_builddir)/lwraft/client/libpostclient.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    ../test_lib/liblwrafttesting.la \
+    @LWIO_LIBS@ \
+    @SCHANNEL_LIBS@ \
+    @LWMSG_LIBS@ \
+    @LWREG_LIBS@ \
+    @LWBASE_LIBS@ \
+    @CRYPTO_LIBS@ \
+    @CRYPT_LIBS@ \
+    @GSSAPI_LIBS@ \
+    @LDAP_LIBS@
+
+vmdir_test_runner_LDFLAGS = \
+    @OPENSSL_LDFLAGS@ \
+    @LW_LDFLAGS@
diff --git a/lwraft/testing/test_runner/includes.h b/lwraft/testing/test_runner/includes.h
new file mode 100644
index 000000000..6f3951c01
--- /dev/null
+++ b/lwraft/testing/test_runner/includes.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifdef _WIN32
+#pragma once
+
+#include "targetver.h"
+
+#include <windows.h>
+#include <stdio.h>
+#include <dirent.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <tchar.h>
+#include <winsock2.h>
+#include "ldap-int.h"
+#define LDAP_UNICODE 0
+
+#include <vmdir.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+
+#include "banned.h"
+#else
+
+#include <stdio.h>
+#include <dirent.h>
+#include <config.h>
+#include <dlfcn.h>
+
+#include <vmdirsys.h>
+#include <ldap.h>
+#include <lber.h>
+
+#include <vmdir.h>
+#include <vmdirtypes.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+#endif
+
+#include <vmdirtesting.h>
+
+#include "prototypes.h"
diff --git a/lwraft/testing/test_runner/main.c b/lwraft/testing/test_runner/main.c
new file mode 100644
index 000000000..2d8a8d4eb
--- /dev/null
+++ b/lwraft/testing/test_runner/main.c
@@ -0,0 +1,440 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+#define DEFAULT_INTERNAL_USER_NAME "integration_tests_lua"
+#define DEFAULT_TEST_CONTAINER_NAME "testcontainer"
+
+VOID
+ShowUsage(
+    PVOID pvState
+    )
+{
+    printf("Usage: vmdir_integration_test <args>\n");
+    printf("Required arguments:\n");
+    printf("\t-H/--host <host> -- The host to connect to.\n");
+    printf("\t-u/--username <user UPN> -- user@domain to connect with.\n");
+    printf("\t-w/--password <password> -- The password to authenticate with\n");
+    printf("\t-d/--domain domain -- The domain to use (e.g., vsphere.local)\n");
+    printf("\t-b/--break -- Break into debugger if a test fails.\n");
+    printf("\t-k/--keep-going -- Don't stop on failed test result.\n");
+    printf("\t-t/--test -- The directory containing tests or the test DLL itself\n");
+}
+
+DWORD
+PostValidationRoutine(
+    PVOID pvContext
+    )
+{
+    PVMDIR_TEST_STATE pContext = (PVMDIR_TEST_STATE)pvContext;
+
+    //
+    // These parameters are all required.
+    //
+    if (pContext->pszServerName == NULL ||
+        pContext->pszUserName == NULL ||
+        pContext->pszDomain == NULL ||
+        pContext->pszTest == NULL)
+    {
+        return VMDIR_ERROR_INVALID_PARAMETER;
+    }
+
+    return 0;
+}
+
+DWORD VmDirSetBaseDN(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PSTR pszBaseDN = NULL;
+    DWORD dwError = 0;
+    PSTR pszDot = NULL;
+
+    pszDot = strchr(pState->pszDomain, '.');
+    if (pszDot == NULL)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+    *pszDot = '\0';
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszBaseDN,
+                "dc=%s,dc=%s",
+                pState->pszDomain,
+                pszDot + 1);
+    *pszDot = '.';
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pState->pszBaseDN = pszBaseDN;
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszBaseDN);
+    goto cleanup;
+}
+
+DWORD
+TestInfrastructureCleanup(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    if (pState->pLd == NULL)
+    {
+        return 0;
+    }
+
+    dwError = VmDirTestDeleteUser(pState, NULL, VmDirTestGetInternalUserCn(pState));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestDeleteContainer(pState, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeStringA((PSTR)pState->pszBaseDN);
+    VmDirTestLdapUnbind(pState->pLd);
+    VmDirTestLdapUnbind(pState->pLdLimited);
+    VmDirTestLdapUnbind(pState->pLdAnonymous);
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    return 0;
+
+error:
+    printf("Test cleanup failed with error %d\n", dwError);
+    goto cleanup;
+}
+
+
+DWORD
+_VmDirTestCreateLimitedUserAndConnection(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszUserUPN = NULL;
+    LDAP *pLd;
+
+    dwError = VmDirTestCreateUser(
+                pState,
+                NULL,
+                VmDirTestGetInternalUserCn(pState),
+                NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserUPN,
+                "%s@%s",
+                VmDirTestGetInternalUserCn(pState),
+                pState->pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSafeLDAPBind(
+                &pLd,
+                pState->pszServerName,
+                pszUserUPN,
+                pState->pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pState->pLdLimited = pLd;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserUPN);
+    return dwError;
+error:
+    printf("%s failed with error %d\n", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+DWORD
+_VmDirTestCreateTestContainer(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PCSTR valsCn[] = {DEFAULT_TEST_CONTAINER_NAME, NULL};
+    PCSTR valsClass[] = {OC_TOP, OC_CONTAINER, NULL};
+    PCSTR valsAcl[] = {NULL, NULL};
+    PSTR pszDN = NULL;
+    PSTR pszDomainSid = NULL;
+    PSTR pszAclString = NULL;
+    PSTR pszLimitedUserSid = NULL;
+    LDAPMod mod[] = {
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,%s",
+                DEFAULT_TEST_CONTAINER_NAME,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetUserSid(pState, VmDirTestGetInternalUserCn(pState), NULL, &pszLimitedUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // O:%s-500G:BAD:(A;;RPWP;;;S-1-7-32-666)(A;;GXNRNWGXCCDCRPWP;;;BA)(A;;GXNRNWGXCCDCRPWP;;;%s-500)",
+    dwError = VmDirAllocateStringPrintf(
+                &pszAclString,
+                "O:%s-500G:BAD:(A;;CCDCRPWP;;;BA)(A;;CCDCRPWP;;;%s-500)(A;;CCRPWP;;;%s)",
+                pszDomainSid,
+                pszDomainSid,
+                pszLimitedUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    valsAcl[0] = pszAclString;
+
+    dwError = ldap_add_ext_s(
+                pState->pLd,
+                pszDN,
+                attrs,
+                NULL,
+                NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszAclString);
+    VMDIR_SAFE_FREE_STRINGA(pszLimitedUserSid);
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+error:
+    printf("%s failed with error %d\n", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+DWORD
+TestInfrastructureInitialize(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszLdapUri = NULL;
+
+    pState->pfnCleanupCallback = TestInfrastructureCleanup;
+    pState->pszTestContainerName = DEFAULT_TEST_CONTAINER_NAME;
+    pState->pszInternalUserName = DEFAULT_INTERNAL_USER_NAME;
+
+    dwError = VmDirSetBaseDN(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSafeLDAPBind(
+                &pState->pLd,
+                pState->pszServerName,
+                pState->pszUserName,
+                pState->pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //
+    // Cleanup any leftover state from a previous run.
+    //
+    (VOID)VmDirTestDeleteContainer(pState, NULL);
+
+    dwError = VmDirTestCreateAnonymousConnection(
+                pState->pszServerName,
+                &pState->pLdAnonymous);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+
+    dwError = _VmDirTestCreateLimitedUserAndConnection(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirTestCreateTestContainer(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszLdapUri);
+    goto cleanup;
+}
+
+DWORD
+_VmDirExecuteTestModule(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszModule
+    )
+{
+    PVOID pDllHandle = NULL;
+    PTEST_SETUP_CALLBACK pfnTestSetup = NULL;
+    PTEST_RUNNER_CALLBACK pfnTestRunner = NULL;
+    PTEST_CLEANUP_CALLBACK pfnTestCleanup = NULL;
+    DWORD dwError = 0;
+
+    printf("Executing test module: %s ...\n", pszModule);
+
+    // Need to make sure that there's a slash in the name
+    pDllHandle = dlopen(pszModule, RTLD_NOW | RTLD_LOCAL);
+    if (pDllHandle == NULL)
+    {
+        printf("error ==> %s\n", dlerror());
+        BAIL_WITH_VMDIR_ERROR(dwError, errno);
+    }
+
+    pfnTestSetup = (PTEST_SETUP_CALLBACK)dlsym(pDllHandle, "TestSetup");
+    pfnTestRunner = (PTEST_RUNNER_CALLBACK)dlsym(pDllHandle, "TestRunner");
+    pfnTestCleanup = (PTEST_CLEANUP_CALLBACK)dlsym(pDllHandle, "TestCleanup");
+    if (pfnTestSetup == NULL || pfnTestRunner == NULL || pfnTestCleanup == NULL)
+    {
+        printf("error ==> %s\n", dlerror());
+        BAIL_WITH_VMDIR_ERROR(dwError, errno);
+    }
+
+    dwError = (*pfnTestSetup)(pState);
+    if (dwError != 0)
+    {
+        printf("Test setup failed with error %d\n", dwError);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = (*pfnTestRunner)(pState);
+    if (dwError != 0)
+    {
+        //
+        // If there's an error let the user know, but don't bail yet so we
+        // can call the cleanup callback.
+        //
+        printf("Test module %s failed with error %d\n", pszModule, dwError);
+    }
+
+    dwError = (*pfnTestCleanup)(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    if (pDllHandle != NULL)
+    {
+        (VOID)dlclose(pDllHandle);
+    }
+
+    return dwError;
+error:
+    goto cleanup;
+}
+
+int
+VmDirMain(
+    int argc,
+    char* argv[]
+    )
+{
+    DWORD dwError = 0;
+    VMDIR_TEST_STATE State = { 0 };
+    PVMDIR_STRING_LIST pStringList = NULL;
+    DWORD dwIndex = 0;
+    VMDIR_COMMAND_LINE_OPTION CommandLineOptions[] =
+    {
+        {'H', "host", CL_STRING_PARAMETER, &State.pszServerName},
+        {'u', "username", CL_STRING_PARAMETER, &State.pszUserName},
+        {'w', "password", CL_STRING_PARAMETER, &State.pszPassword},
+        {'d', "domain", CL_STRING_PARAMETER, &State.pszDomain},
+        {'b', "break", CL_NO_PARAMETER, &State.bBreakIntoDebugger},
+        {'k', "keep-going", CL_NO_PARAMETER, &State.bKeepGoing},
+        {'t', "test", CL_STRING_PARAMETER, &State.pszTest},
+        {0, 0, 0, 0}
+    };
+
+    VMDIR_PARSE_ARG_CALLBACKS Callbacks =
+    {
+        PostValidationRoutine,
+        ShowUsage,
+        &State
+    };
+
+    dwError = VmDirParseArguments(
+                CommandLineOptions,
+                &Callbacks,
+                argc,
+                argv);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    printf("VmDir integration tests starting ...\n");
+
+    dwError = TestInfrastructureInitialize(&State);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringListInitialize(&pStringList, 8);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirEnumerateTests(State.pszTest, pStringList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pStringList->dwCount == 0)
+    {
+        printf("No tests found!\n");
+        goto cleanup;
+    }
+
+    for (dwIndex = 0; dwIndex < pStringList->dwCount; dwIndex++)
+    {
+        _VmDirExecuteTestModule(&State, pStringList->pStringList[dwIndex]);
+    }
+
+cleanup:
+    TestInfrastructureCleanup(&State);
+
+    return dwError;
+
+error:
+    printf("Integration test failed with error 0n%d\n", dwError);
+    goto cleanup;
+}
+
+#ifdef _WIN32
+
+int wmain(int argc, wchar_t* argv[])
+{
+    DWORD dwError = 0;
+    PSTR* ppszArgs = NULL;
+    int   iArg = 0;
+
+    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (; iArg < argc; iArg++)
+    {
+        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirMain(argc, ppszArgs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+error:
+    if (ppszArgs)
+    {
+        for (iArg = 0; iArg < argc; iArg++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
+        }
+
+        VmDirFreeMemory(ppszArgs);
+    }
+
+    return dwError;
+}
+
+#else
+
+int main(int argc, char* argv[])
+{
+    return VmDirMain(argc, argv);
+}
+
+#endif
diff --git a/lwraft/testing/test_runner/prototypes.h b/lwraft/testing/test_runner/prototypes.h
new file mode 100644
index 000000000..b25438fc9
--- /dev/null
+++ b/lwraft/testing/test_runner/prototypes.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+DWORD
+_VmDirEnumerateTests(
+    PCSTR pszDirectoryName,
+    PVMDIR_STRING_LIST pStringList
+    );
diff --git a/lwraft/testing/test_runner/testinfrastructure.c b/lwraft/testing/test_runner/testinfrastructure.c
new file mode 100644
index 000000000..e42efc6ae
--- /dev/null
+++ b/lwraft/testing/test_runner/testinfrastructure.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+DWORD
+_VmDirEnumerateTests(
+    PCSTR pszDirectoryName,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+    DIR *d = NULL;
+    struct dirent *dir = NULL;
+    PSTR pszFilePath = NULL;
+
+    d = opendir(pszDirectoryName);
+    if (d)
+    {
+        while ((dir = readdir(d)) != NULL)
+        {
+            if (VmDirStringEndsWith(dir->d_name, ".so", FALSE))
+            {
+                dwError = VmDirAllocateStringPrintf(
+                            &pszFilePath,
+                            "%s/%s",
+                            pszDirectoryName,
+                            dir->d_name);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirStringListAdd(pStringList, pszFilePath);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }
+
+        closedir(d);
+    }
+    else if (errno == ENOTDIR)
+    {
+        dwError = VmDirStringListAddStrClone(pszDirectoryName, pStringList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/unittests/Makefile.am b/lwraft/testing/unittests/Makefile.am
new file mode 100644
index 000000000..5c347e551
--- /dev/null
+++ b/lwraft/testing/unittests/Makefile.am
@@ -0,0 +1,2 @@
+SUBDIRS = \
+    libcommon
diff --git a/lwraft/testing/unittests/libcommon/Makefile.am b/lwraft/testing/unittests/libcommon/Makefile.am
new file mode 100644
index 000000000..c2344ca15
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/Makefile.am
@@ -0,0 +1,47 @@
+lib_LTLIBRARIES = libcommonunittests.la
+
+libcommonunittests_la_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    @OPENSSL_INCLUDES@ \
+    @LW_INCLUDES@
+
+libcommonunittests_la_SOURCES = \
+    circularbuffer.c \
+    deque.c \
+    main.c \
+    parseargs.c \
+    registry.c \
+    stringlist.c \
+    VmDirGetVmDirLogPath.c \
+    VmDirAllocateStringA.c \
+    VmDirAllocateStringOfLenA.c \
+    VmDirAllocateStringPrintf.c \
+    VmDirStringCpyA.c \
+    VmDirStringNCpyA.c \
+    VmDirStringCatA.c \
+    VmDirStringNCatA.c \
+    VmDirReadString.c \
+    VmDirStringToTokenList.c
+
+libcommonunittests_la_LIBADD = \
+    @top_builddir@/lwraft/testing/test_lib/liblwrafttesting.la \
+    @DCERPC_LIBS@ \
+    @LWIO_LIBS@ \
+    @SCHANNEL_LIBS@ \
+    @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
+    @LWREG_LIBS@ \
+    @LWBASE_LIBS@ \
+    @GSSAPI_LIBS@ \
+    @UUID_LIBS@ \
+    @LDAP_LIBS@ \
+    @LBER_LIBS@ \
+    @CRYPTO_LIBS@ \
+    @PTHREAD_LIBS@
+
+libcommonunittests_la_LDFLAGS = \
+    -export-symbols @top_srcdir@/lwraft/testing/unittests/libcommon/libcommonunittests.exp \
+    @DCERPC_LDFLAGS@ \
+    @OPENSSL_LDFLAGS@ \
+    @LW_LDFLAGS@
diff --git a/lwraft/testing/unittests/libcommon/VmDirAllocateStringA.c b/lwraft/testing/unittests/libcommon/VmDirAllocateStringA.c
new file mode 100644
index 000000000..99ac62470
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirAllocateStringA.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+VOID
+_Test_VmDirAllocateStringA_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = (PSTR)0xDEADBEEF;
+
+    dwError = VmDirAllocateStringA(NULL, &pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(pszString == NULL);
+}
+
+VOID
+_Test_VmDirAllocateStringA_EmptySourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = NULL;
+
+    dwError = VmDirAllocateStringA("", &pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(*pszString == '\0');
+}
+
+VOID
+_Test_VmDirAllocateStringA_NullDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirAllocateStringA("test", NULL);
+    TestAssertEquals(dwError, 0);
+}
+
+VOID
+_Test_VmDirAllocateStringA_CallShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = NULL;
+
+    dwError = VmDirAllocateStringA("Hello, world!", &pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(pszString, "Hello, world!");
+}
+
+
+VOID
+TestVmDirAllocateStringA(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirAllocateStringA ...");
+
+    _Test_VmDirAllocateStringA_NullSourceString(pState);
+    _Test_VmDirAllocateStringA_EmptySourceString(pState);
+    _Test_VmDirAllocateStringA_NullDestinationString(pState);
+    _Test_VmDirAllocateStringA_CallShouldSucceed(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirAllocateStringOfLenA.c b/lwraft/testing/unittests/libcommon/VmDirAllocateStringOfLenA.c
new file mode 100644
index 000000000..079a9eddd
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirAllocateStringOfLenA.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+VOID
+_Test_VmDirAllocateStringOfLenA_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = (PSTR)0xDEADBEEF;
+
+    dwError = VmDirAllocateStringOfLenA(NULL, 0, &pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(pszString == NULL);
+}
+
+VOID
+_Test_VmDirAllocateStringOfLenA_EmptySourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = NULL;
+
+    dwError = VmDirAllocateStringOfLenA("", 0, &pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(*pszString == '\0');
+}
+
+VOID
+_Test_VmDirAllocateStringOfLenA_NullDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirAllocateStringOfLenA("test", 2, NULL);
+    TestAssertEquals(dwError, 0);
+}
+
+VOID
+_Test_VmDirAllocateStringOfLenA_TooManyCharactersRequestedShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = NULL;
+
+    dwError = VmDirAllocateStringOfLenA("Hello, world!", 20, &pszString);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirAllocateStringOfLenA_CallShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = NULL;
+
+    dwError = VmDirAllocateStringOfLenA("Hello, world!", 5, &pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(pszString, "Hello");
+}
+
+
+VOID
+TestVmDirAllocateStringOfLenA(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirAllocateStringOfLenA ...");
+
+    _Test_VmDirAllocateStringOfLenA_NullSourceString(pState);
+    _Test_VmDirAllocateStringOfLenA_EmptySourceString(pState);
+    _Test_VmDirAllocateStringOfLenA_NullDestinationString(pState);
+    _Test_VmDirAllocateStringOfLenA_TooManyCharactersRequestedShouldFail(pState);
+    _Test_VmDirAllocateStringOfLenA_CallShouldSucceed(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirAllocateStringPrintf.c b/lwraft/testing/unittests/libcommon/VmDirAllocateStringPrintf.c
new file mode 100644
index 000000000..c878e28cd
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirAllocateStringPrintf.c
@@ -0,0 +1,79 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+
+DWORD
+_TestVmDirAllocateStringPrintfWithBadParameters(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+                NULL,
+                "dword ==> %d, string ==> '%s'",
+                42,
+                "Hello, world!");
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszString,
+                NULL,
+                42,
+                "Hello, world!");
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+
+    return 0;
+}
+
+DWORD
+_TestVmDirAllocateStringPrintfWithGoodParameters(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PSTR pszString = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszString,
+                "dword ==> %d, string ==> '%s'",
+                (DWORD)42,
+                "Hello, world!");
+    TestAssertEquals(dwError, ERROR_SUCCESS);
+    TestAssertStrEquals(pszString, "dword ==> 42, string ==> 'Hello, world!'");
+
+    return 0;
+}
+
+DWORD
+TestVmDirAllocateStringPrintf(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = _TestVmDirAllocateStringPrintfWithBadParameters(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _TestVmDirAllocateStringPrintfWithGoodParameters(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirGetVmDirLogPath.c b/lwraft/testing/unittests/libcommon/VmDirGetVmDirLogPath.c
new file mode 100644
index 000000000..c7916bd80
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirGetVmDirLogPath.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+#define LOG_SUBDIRECTORY "UnitTests"
+
+#ifndef _WIN32
+VOID
+_Test_VmDirGetVmDirLogPathSucceeds(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szPath[MAX_PATH] = {0};
+
+    dwError = VmDirGetVmDirLogPath(szPath, LOG_SUBDIRECTORY);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strlen(LWRAFT_LOG_DIR) != 0);
+    TestAssertStrEquals(szPath, LWRAFT_LOG_DIR LOG_SUBDIRECTORY);
+}
+#endif
+
+VOID
+TestVmDirGetVmDirLogPath(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirGetVmDirLogPath ...");
+
+#ifndef _WIN32
+    _Test_VmDirGetVmDirLogPathSucceeds(pState);
+#endif
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirReadString.c b/lwraft/testing/unittests/libcommon/VmDirReadString.c
new file mode 100644
index 000000000..877f09ed5
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirReadString.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+
+#ifndef _WIN32
+VOID
+_Test_VmDirReadStringSucceeds(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    CHAR wszString[10] =  {0};
+    FILE *pfOldStdin = NULL;
+    PSTR pszData = "This is a test string";
+
+    pfOldStdin = stdin;
+    stdin = fmemopen(pszData, strlen(pszData), "r");
+    VmDirReadString("", wszString, sizeof(wszString), TRUE);
+    TestAssert(strncmp(wszString, pszData, sizeof(wszString) - 1) == 0);
+
+    stdin = pfOldStdin;
+}
+#endif
+
+
+VOID
+TestVmDirReadString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirReadString ...");
+
+#ifndef _WIN32
+    _Test_VmDirReadStringSucceeds(pState);
+#endif
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirStringCatA.c b/lwraft/testing/unittests/libcommon/VmDirStringCatA.c
new file mode 100644
index 000000000..1655aaf9e
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirStringCatA.c
@@ -0,0 +1,124 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+VOID
+_Test_VmDirStringCatA_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 0 };
+
+    dwError = VmDirStringCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                NULL);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssert(szDestination[0] == 0);
+}
+
+VOID
+_Test_VmDirStringCatA_EmptySourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 'a', 'b', 'c', 0 };
+
+    dwError = VmDirStringCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "");
+    TestAssertEquals(dwError, 0);
+    TestAssert(strcmp(szDestination, "abc") == 0);
+}
+
+VOID
+_Test_VmDirStringCatA_NullDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirStringCatA(NULL, 4, "test");
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringCatA_EmptyDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szString[16] = { 0 };
+
+    dwError = VmDirStringCatA(
+                szString,
+                VMDIR_ARRAY_SIZE(szString),
+                "test");
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szString, "test");
+}
+
+VOID
+_Test_VmDirStringCatA_SourceStringTooLong(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[4] = { 0 };
+
+    dwError = VmDirStringCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!");
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssert(szDestination[0] == 0);
+}
+
+VOID
+_Test_VmDirStringCatA_CallShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[14] = { 0 };
+
+    dwError = VmDirStringCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!");
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szDestination, "Hello, world!");
+}
+
+
+VOID
+TestVmDirStringCatA(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirStringCatA ...");
+
+    _Test_VmDirStringCatA_NullSourceString(pState);
+    _Test_VmDirStringCatA_EmptySourceString(pState);
+    _Test_VmDirStringCatA_NullDestinationString(pState);
+    _Test_VmDirStringCatA_EmptyDestinationString(pState);
+    _Test_VmDirStringCatA_SourceStringTooLong(pState);
+    _Test_VmDirStringCatA_CallShouldSucceed(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirStringCpyA.c b/lwraft/testing/unittests/libcommon/VmDirStringCpyA.c
new file mode 100644
index 000000000..2726c6323
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirStringCpyA.c
@@ -0,0 +1,107 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+VOID
+_Test_VmDirStringCpyA_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 'a' };
+
+    dwError = VmDirStringCpyA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                NULL);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssert(szDestination[0] == 'a');
+}
+
+VOID
+_Test_VmDirStringCpyA_EmptySourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 'a' };
+
+    dwError = VmDirStringCpyA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "");
+    TestAssertEquals(dwError, 0);
+    TestAssert(szDestination[0] == '\0');
+}
+
+VOID
+_Test_VmDirStringCpyA_NullDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirStringCpyA(NULL, 4, "test");
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringCpyA_SourceStringTooLong(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[4] = { 'a' };
+
+    dwError = VmDirStringCpyA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!");
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssertEquals(szDestination[0], 'a');
+}
+
+VOID
+_Test_VmDirStringCpyA_CallShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[128] = { 'a' };
+
+    dwError = VmDirStringCpyA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!");
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szDestination, "Hello, world!");
+}
+
+
+VOID
+TestVmDirStringCpyA(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirStringCpyA ...");
+
+    _Test_VmDirStringCpyA_NullSourceString(pState);
+    _Test_VmDirStringCpyA_EmptySourceString(pState);
+    _Test_VmDirStringCpyA_NullDestinationString(pState);
+    _Test_VmDirStringCpyA_SourceStringTooLong(pState);
+    _Test_VmDirStringCpyA_CallShouldSucceed(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirStringNCatA.c b/lwraft/testing/unittests/libcommon/VmDirStringNCatA.c
new file mode 100644
index 000000000..3702c9bb7
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirStringNCatA.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+VOID
+_Test_VmDirStringNCatA_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 0 };
+
+    dwError = VmDirStringNCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                NULL,
+                0);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssert(szDestination[0] == 0);
+}
+
+VOID
+_Test_VmDirStringNCatA_EmptySourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 0 };
+
+    dwError = VmDirStringNCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "",
+                0);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(szDestination[0], '\0');
+}
+
+VOID
+_Test_VmDirStringNCatA_NullDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirStringNCatA(NULL, 4, "test", 3);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringNCatA_EmptyDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szString[16] = { 0 };
+
+    dwError = VmDirStringNCatA(
+                szString,
+                VMDIR_ARRAY_SIZE(szString),
+                "test",
+                3);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szString, "tes");
+}
+
+VOID
+_Test_VmDirStringNCatA_SourceStringTooLong(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[4] = { 0 };
+
+    dwError = VmDirStringNCatA(
+                &szDestination[0],
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!",
+                strlen("Hello, world!"));
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssertEquals(szDestination[0], 0);
+}
+
+VOID
+_Test_VmDirStringNCatA_CallShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[128] = { 'H', 'e', 'l', 'l', 'o', 0 };
+
+    dwError = VmDirStringNCatA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                ", world!",
+                8);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szDestination, "Hello, world!");
+}
+
+VOID
+TestVmDirStringNCatA(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirStringNCatA ...");
+
+    _Test_VmDirStringNCatA_NullSourceString(pState);
+    _Test_VmDirStringNCatA_EmptySourceString(pState);
+    _Test_VmDirStringNCatA_NullDestinationString(pState);
+    _Test_VmDirStringNCatA_EmptyDestinationString(pState);
+    _Test_VmDirStringNCatA_SourceStringTooLong(pState);
+    _Test_VmDirStringNCatA_CallShouldSucceed(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirStringNCpyA.c b/lwraft/testing/unittests/libcommon/VmDirStringNCpyA.c
new file mode 100644
index 000000000..9b02e6d26
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirStringNCpyA.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+VOID
+_Test_VmDirStringNCpyA_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                NULL,
+                10);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssertEquals(szDestination[0], 'a');
+}
+
+VOID
+_Test_VmDirStringNCpyA_EmptySourceStringRightCount(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { '\0' };
+
+    //
+    // This call will yield different results on windows and linux. On
+    // the former we call the _s version of strncpy so the string's first byte
+    // will be NULL, regardless of what it is coming into the call. However,
+    // on linux the string will be untouched after the call.
+    //
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                "",
+                0);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(szDestination[0], '\0');
+}
+
+VOID
+_Test_VmDirStringNCpyA_EmptySourceStringWrongCount(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[16] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                "",
+                10);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(szDestination[0], '\0');
+}
+
+VOID
+_Test_VmDirStringNCpyA_NullDestinationString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirStringNCpyA(NULL, 4, "test", 4);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringNCpyA_SourceStringTooLong(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[4] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!",
+                7);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssertEquals(szDestination[0], 'a');
+}
+
+VOID
+_Test_VmDirStringNCpyA_CallShouldSucceedWithoutTruncation(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[128] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!",
+                strlen("Hello, world!"));
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szDestination, "Hello, world!");
+}
+
+VOID
+_Test_VmDirStringNCpyA_CallShouldSucceedExactlyRightSize(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[14] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!",
+                VMDIR_ARRAY_SIZE(szDestination) - 1);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szDestination, "Hello, world!");
+}
+
+VOID
+_Test_VmDirStringNCpyA_CallShouldSucceedWithTruncation(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szDestination[6] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szDestination,
+                VMDIR_ARRAY_SIZE(szDestination),
+                "Hello, world!",
+                VMDIR_ARRAY_SIZE(szDestination) - 1);
+    TestAssertEquals(dwError, 0);
+    TestAssertStrEquals(szDestination, "Hello");
+}
+
+VOID
+_Test_VmDirStringNCpyA_CallShouldFailCountMatchesSize(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    CHAR szBuffer[4] = { 'a' };
+
+    dwError = VmDirStringNCpyA(
+                szBuffer,
+                VMDIR_ARRAY_SIZE(szBuffer),
+                "abcd",
+                4);
+    TestAssertEquals(dwError, ERROR_INVALID_PARAMETER);
+    TestAssertEquals(szBuffer[0], 'a');
+}
+
+VOID
+TestVmDirStringNCpyA(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirStringNCpyA ...");
+
+    _Test_VmDirStringNCpyA_NullSourceString(pState);
+    _Test_VmDirStringNCpyA_EmptySourceStringRightCount(pState);
+    _Test_VmDirStringNCpyA_EmptySourceStringWrongCount(pState);
+    _Test_VmDirStringNCpyA_NullDestinationString(pState);
+    _Test_VmDirStringNCpyA_SourceStringTooLong(pState);
+    _Test_VmDirStringNCpyA_CallShouldFailCountMatchesSize(pState);
+    _Test_VmDirStringNCpyA_CallShouldSucceedWithTruncation(pState);
+    _Test_VmDirStringNCpyA_CallShouldSucceedWithoutTruncation(pState);
+    _Test_VmDirStringNCpyA_CallShouldSucceedExactlyRightSize(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/VmDirStringToTokenList.c b/lwraft/testing/unittests/libcommon/VmDirStringToTokenList.c
new file mode 100644
index 000000000..9b4a7d1a9
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/VmDirStringToTokenList.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+VOID
+_Test_VmDirStringToTokenList_NullSourceString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringToTokenList( NULL, ",", &pList);
+
+    TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringToTokenList_NullDelimiterString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList( "abcdefghijklmnop", NULL, &pList);
+    TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringToTokenList_NullStringList(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirStringToTokenList( "abcdefghijklmnop", ",", NULL);
+    TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+}
+
+VOID
+_Test_VmDirStringToTokenList_StringIsDelimiter(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringToTokenList( ",", ",", &pList);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(pList->dwCount, 0);
+}
+
+VOID
+_Test_VmDirStringToTokenList_NoDelimiters(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList( "abcdefghijklmnopqrstuvwxyz1234567890", ",", &pList);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(pList->dwCount,  1);
+    TestAssertStrEquals(pList->pStringList[0], "abcdefghijklmnopqrstuvwxyz1234567890");
+}
+
+VOID
+_Test_VmDirStringToTokenList_StartWithDelimiter(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList(",abcdefghijklmnopqrstuvwxyz1234567890", ",", &pList);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(pList->dwCount, 1);
+    TestAssertStrEquals(pList->pStringList[0], "abcdefghijklmnopqrstuvwxyz1234567890");
+}
+
+VOID
+_Test_VmDirStringToTokenList_EndWithDelimiter(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList( "abcdefghijklmnopqrstuvwxyz1234567890,", ",", &pList);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(pList->dwCount, 1);
+    TestAssertStrEquals(pList->pStringList[0], "abcdefghijklmnopqrstuvwxyz1234567890");
+}
+
+VOID
+_Test_VmDirStringToTokenList_DelimiterInMiddle(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList( "abcdefghijklmnopqrstuvwxyz,1234567890", ",", &pList);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(pList->dwCount, 2);
+    TestAssertStrEquals(pList->pStringList[0], "abcdefghijklmnopqrstuvwxyz");
+    TestAssertStrEquals(pList->pStringList[1], "1234567890");
+}
+
+VOID
+_Test_VmDirStringToTokenList_MultipleDelimiters(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList( ",abcdefghijklm,nopqrstuvwxyz,1234567,890,", ",", &pList);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(pList->dwCount, 4);
+    TestAssertStrEquals(pList->pStringList[0], "abcdefghijklm");
+    TestAssertStrEquals(pList->pStringList[1], "nopqrstuvwxyz");
+    TestAssertStrEquals(pList->pStringList[2], "1234567");
+    TestAssertStrEquals(pList->pStringList[3], "890");
+}
+
+VOID
+_Test_VmDirStringToTokenList_MulticharDelimiterInMiddle(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pList = NULL;
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirStringToTokenList( "abcdefghijklmnopqrstuvwxyz:;:1234567890", ":;:", &pList);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(pList->dwCount, 2);
+    TestAssertStrEquals(pList->pStringList[0], "abcdefghijklmnopqrstuvwxyz");
+    TestAssertStrEquals(pList->pStringList[1], "1234567890");
+}
+
+VOID
+TestVmDirStringToTokenList(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirStringToTokenList ...");
+
+    _Test_VmDirStringToTokenList_NullSourceString(pState);
+    _Test_VmDirStringToTokenList_NullDelimiterString(pState);
+    _Test_VmDirStringToTokenList_NullStringList(pState);
+    _Test_VmDirStringToTokenList_StringIsDelimiter(pState);
+    _Test_VmDirStringToTokenList_NoDelimiters(pState);
+    _Test_VmDirStringToTokenList_StartWithDelimiter(pState);
+    _Test_VmDirStringToTokenList_EndWithDelimiter(pState);
+    _Test_VmDirStringToTokenList_DelimiterInMiddle(pState);
+    _Test_VmDirStringToTokenList_MultipleDelimiters(pState);
+    _Test_VmDirStringToTokenList_MulticharDelimiterInMiddle(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/circularbuffer.c b/lwraft/testing/unittests/libcommon/circularbuffer.c
new file mode 100644
index 000000000..349339339
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/circularbuffer.c
@@ -0,0 +1,334 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+#include "includes.h"
+
+typedef struct _CIRCULAR_BUFFER_TEST_ELEMENT
+{
+    PVMDIR_TEST_STATE pState;
+    PCSTR   name;
+    int     age;
+} CIRCULAR_BUFFER_TEST_ELEMENT, *PCIRCULAR_BUFFER_TEST_ELEMENT;
+
+CIRCULAR_BUFFER_TEST_ELEMENT arrCircularBufferTestData[] = {
+                            {NULL, "user1", 1},
+                            {NULL, "user2", 2},
+                            {NULL, "user3", 3},
+                            {NULL, "user4", 4},
+                            {NULL, "user5", 5}};
+
+VOID
+FillBuffer(
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer,
+    UINT Count
+    )
+{
+    UINT i = 0;
+
+    for (; i < Count; ++i)
+    {
+        PCIRCULAR_BUFFER_TEST_ELEMENT Destination = VmDirCircularBufferGetNextEntry(pCircularBuffer);
+        PCIRCULAR_BUFFER_TEST_ELEMENT Source;
+
+        Source = &arrCircularBufferTestData[i % 5];
+        Destination->name = Source->name;
+        Destination->age = Source->age;
+    }
+}
+
+BOOLEAN
+Callback(
+    PVOID Element,
+    PVOID Context
+    )
+{
+    PCIRCULAR_BUFFER_TEST_ELEMENT TestElement = (PCIRCULAR_BUFFER_TEST_ELEMENT)Element;
+    PCIRCULAR_BUFFER_TEST_ELEMENT ReferenceElement = (PCIRCULAR_BUFFER_TEST_ELEMENT)Context;
+    PVMDIR_TEST_STATE pState = NULL;
+
+    pState = TestElement->pState;
+    TestAssertEquals(TestElement->age, ReferenceElement->age);
+    TestAssertStrEquals(TestElement->name, ReferenceElement->name);
+
+    return TRUE;
+}
+
+VOID
+TestCleanupOfValidCircularBuffer(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
+    DWORD dwError = 0;
+
+    dwError = VmDirCircularBufferCreate(4, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    VmDirCircularBufferFree(pCircularBuffer);
+}
+
+VOID
+TestCleanupOfNullCircularBuffer(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    VmDirCircularBufferFree(NULL);
+}
+
+VOID
+TestSingleElement(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
+    DWORD dwError = 0;
+    PCIRCULAR_BUFFER_TEST_ELEMENT Element = NULL;
+
+    dwError = VmDirCircularBufferCreate(4, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
+    Element->name = arrCircularBufferTestData[0].name;
+    Element->age = arrCircularBufferTestData[0].age;
+    Element->pState = pState;
+
+    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 1, Callback, &arrCircularBufferTestData[0]);
+    TestAssertEquals(dwError, 0);
+
+    VmDirCircularBufferFree(pCircularBuffer);
+}
+
+VOID
+TestWrap(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
+    PCIRCULAR_BUFFER_TEST_ELEMENT Element;
+    DWORD dwError = 0;
+
+    dwError = VmDirCircularBufferCreate(3, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
+    Element->name = arrCircularBufferTestData[0].name;
+    Element->age = arrCircularBufferTestData[0].age;
+
+    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
+    Element->name = arrCircularBufferTestData[1].name;
+    Element->age = arrCircularBufferTestData[1].age;
+
+    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
+    Element->name = arrCircularBufferTestData[2].name;
+    Element->age = arrCircularBufferTestData[2].age;
+
+    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
+    Element->name = arrCircularBufferTestData[3].name;
+    Element->age = arrCircularBufferTestData[3].age;
+
+    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 1, Callback, &arrCircularBufferTestData[1]);
+    TestAssertEquals(dwError, 0);
+
+    VmDirCircularBufferFree(pCircularBuffer);
+}
+
+VOID
+TestZeroSizedBufferShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirCircularBufferCreate(0, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertNotEquals(dwError, 0);
+}
+
+VOID
+TestOverflowSizedBufferShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirCircularBufferCreate((0XFFFFFFFF / sizeof(CIRCULAR_BUFFER_TEST_ELEMENT)) + 2, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertNotEquals(dwError, 0);
+}
+
+VOID
+TestMakeCapacityBiggerShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirCircularBufferCreate(2, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirCircularBufferSetCapacity(pCircularBuffer, 4);
+    TestAssertEquals(dwError, 0);
+}
+
+VOID
+TestMakeCapacitySmallerShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirCircularBufferCreate(4, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    FillBuffer(pCircularBuffer, 4);
+
+    dwError = VmDirCircularBufferSetCapacity(pCircularBuffer, 2);
+    TestAssertEquals(pCircularBuffer->dwCapacity, 2);
+    TestAssertEquals(dwError, 0);
+    TestAssert(pCircularBuffer->dwHead < pCircularBuffer->dwCapacity);
+}
+
+BOOLEAN
+Callback2(
+    PVOID Element,
+    PVOID Context
+    )
+{
+    PCIRCULAR_BUFFER_TEST_ELEMENT TestElement = (PCIRCULAR_BUFFER_TEST_ELEMENT)Element;
+    PDWORD pdwCount = (PDWORD)Context;
+    PVMDIR_TEST_STATE pState = NULL;
+
+    pState = TestElement->pState;
+
+    switch (*pdwCount)
+    {
+        case 0:
+        TestAssert(memcmp(TestElement, &arrCircularBufferTestData[3], sizeof(CIRCULAR_BUFFER_TEST_ELEMENT)) == 0);
+        break;
+
+        case 1:
+        TestAssert(memcmp(TestElement, &arrCircularBufferTestData[4], sizeof(CIRCULAR_BUFFER_TEST_ELEMENT)) == 0);
+        break;
+
+        case 2:
+        TestAssert(memcmp(TestElement, &arrCircularBufferTestData[0], sizeof(CIRCULAR_BUFFER_TEST_ELEMENT)) == 0);
+        break;
+
+        case 3:
+        TestAssert(memcmp(TestElement, &arrCircularBufferTestData[1], sizeof(CIRCULAR_BUFFER_TEST_ELEMENT)) == 0);
+        break;
+    }
+
+    *pdwCount += 1;
+    return TRUE;
+}
+
+VOID
+TestSelectReturnsCorrectElementsInCorrectOrder(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+    DWORD dwCount = 0;
+
+    dwError = VmDirCircularBufferCreate(4, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    FillBuffer(pCircularBuffer, 7);
+
+    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 4, Callback2, &dwCount);
+    TestAssertEquals(dwError, 0);
+}
+
+BOOLEAN
+CountingCallback(
+    PVOID Element,
+    PVOID Context
+    )
+{
+    PDWORD pdwCount = (PDWORD)Context;
+    PCIRCULAR_BUFFER_TEST_ELEMENT TestElement = (PCIRCULAR_BUFFER_TEST_ELEMENT)Element;
+
+    if (TestElement->age == 3)
+    {
+        return FALSE;
+    }
+
+    *pdwCount += 1;
+    return TRUE;
+}
+
+VOID
+TestSelectReturnsWhenCallbackReturnsFalse(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+    DWORD dwCount = 0;
+
+    dwError = VmDirCircularBufferCreate(4, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    FillBuffer(pCircularBuffer, 4);
+
+    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 4, CountingCallback, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 2);
+}
+
+VOID
+TestSelectTooManyElementsQuietlySucceeds(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
+    DWORD dwError = 0;
+    DWORD dwCount = 0;
+
+    dwError = VmDirCircularBufferCreate(4, sizeof(CIRCULAR_BUFFER_TEST_ELEMENT), &pCircularBuffer);
+    TestAssertEquals(dwError, 0);
+
+    FillBuffer(pCircularBuffer, 4);
+
+    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 20, CountingCallback, &dwCount);
+    TestAssertEquals(dwError, 0);
+}
+
+VOID
+TestCircularBufferCode(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing circular buffer code ...");
+
+    TestSingleElement(pState);
+    TestWrap(pState);
+
+    TestZeroSizedBufferShouldFail(pState);
+    TestOverflowSizedBufferShouldFail(pState);
+    TestMakeCapacityBiggerShouldSucceed(pState);
+    TestMakeCapacitySmallerShouldSucceed(pState);
+    TestSelectReturnsCorrectElementsInCorrectOrder(pState);
+    TestSelectReturnsWhenCallbackReturnsFalse(pState);
+    TestSelectTooManyElementsQuietlySucceeds(pState);
+    TestCleanupOfValidCircularBuffer(pState);
+    TestCleanupOfNullCircularBuffer(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/deque.c b/lwraft/testing/unittests/libcommon/deque.c
new file mode 100644
index 000000000..9322261fd
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/deque.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+typedef struct _DEQUEUE_TEST_ELEMENT
+{
+    PCSTR   name;
+    int     age;
+} DEQUEUE_TEST_ELEMENT, *PDEQUEUE_TEST_ELEMENT;
+
+DEQUEUE_TEST_ELEMENT arrDequeTestData[] = {
+    {"user1", 1},
+    {"user2", 2},
+    {"user3", 3},
+    {"user4", 4},
+    {"user5", 5}
+};
+
+VOID
+testEmpty(
+    PVMDIR_TEST_STATE pState,
+    PDEQUE pDeque
+    )
+{
+    DWORD dwError = 0;
+    PDEQUEUE_TEST_ELEMENT pElement = NULL;
+    BOOLEAN fEmpty = FALSE;
+
+    //Test case: pop from empty queue
+    fEmpty = dequeIsEmpty(pDeque);
+    TestAssertEquals(fEmpty, TRUE);
+
+    dwError = dequePopLeft(pDeque, (PVOID*)&pElement);
+    TestAssertEquals(dwError, ERROR_NO_MORE_ITEMS);
+}
+
+VOID
+testQueue(
+    PVMDIR_TEST_STATE pState,
+    PDEQUE pDeque
+    )
+{
+    DWORD dwError = 0;
+    PDEQUEUE_TEST_ELEMENT pElement = NULL;
+    int i = 0;
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(arrDequeTestData); i++)
+    {
+        dwError = dequePush(pDeque, &arrDequeTestData[i]);
+        TestAssertEquals(dwError, ERROR_SUCCESS);
+    }
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(arrDequeTestData); i++)
+    {
+        dwError = dequePopLeft(pDeque, (PVOID*)&pElement);
+        TestAssertEquals(dwError, ERROR_SUCCESS);
+        TestAssertPtrEquals(pElement, &arrDequeTestData[i]);
+    }
+}
+
+VOID
+testStack(
+    PVMDIR_TEST_STATE pState,
+    PDEQUE pDeque
+    )
+{
+    DWORD dwError = 0;
+    PDEQUEUE_TEST_ELEMENT pElement = NULL;
+    int i = 0;
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(arrDequeTestData); i++)
+    {
+        dwError = dequePush(pDeque, &arrDequeTestData[i]);
+        TestAssertEquals(dwError, ERROR_SUCCESS);
+    }
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(arrDequeTestData); i++)
+    {
+        dwError = dequePop(pDeque, (PVOID*)&pElement);
+        TestAssertEquals(dwError, ERROR_SUCCESS);
+        TestAssertPtrEquals(pElement, &arrDequeTestData[VMDIR_ARRAY_SIZE(arrDequeTestData)-i-1]);
+    }
+}
+
+VOID
+TestDequeCode(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PDEQUE pDeque = NULL;
+
+    printf("Testing deque code ...");
+
+    dwError = dequeCreate(&pDeque);
+    TestAssertEquals(dwError, ERROR_SUCCESS);
+
+    testEmpty(pState, pDeque);
+    testQueue(pState, pDeque);
+    testStack(pState, pDeque);
+    testEmpty(pState, pDeque);
+
+    dequeFree(pDeque);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/includes.h b/lwraft/testing/unittests/libcommon/includes.h
new file mode 100644
index 000000000..f1fbf919d
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/includes.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifdef _WIN32
+#pragma once
+
+#include "targetver.h"
+
+#include "banned.h"
+#include <windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <tchar.h>
+#include <winsock2.h>
+#include "ldap-int.h"
+#include "ldap.h"
+#define LDAP_UNICODE 0
+
+#include <vmdir.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+
+#else
+
+
+#include <config.h>
+
+#include <vmdirsys.h>
+#include <ldap.h>
+#include <lber.h>
+
+#include <vmdir.h>
+#include <vmdirtypes.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+#endif
+
+#include <vmdirtesting.h>
+
+#include "prototypes.h"
diff --git a/lwraft/testing/unittests/libcommon/libcommonunittests.exp b/lwraft/testing/unittests/libcommon/libcommonunittests.exp
new file mode 100644
index 000000000..2d5e3eac6
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/libcommonunittests.exp
@@ -0,0 +1,3 @@
+TestSetup
+TestRunner
+TestCleanup
diff --git a/lwraft/testing/unittests/libcommon/main.c b/lwraft/testing/unittests/libcommon/main.c
new file mode 100644
index 000000000..e3eee8daf
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/main.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+TestSetup(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    return 0;
+}
+
+DWORD
+TestCleanup(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    return 0;
+}
+
+DWORD
+TestRunner(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    TestCircularBufferCode(pState);
+    TestDequeCode(pState);
+    TestRegistryCode(pState);
+    TestVmDirParseArguments(pState);
+    TestVmDirAllocateStringA(pState);
+    TestVmDirAllocateStringOfLenA(pState);
+    TestVmDirAllocateStringPrintf(pState);
+    TestVmDirGetVmDirLogPath(pState);
+    TestVmDirStringList(pState);
+    TestVmDirReadString(pState);
+    TestVmDirStringCpyA(pState);
+    TestVmDirStringNCpyA(pState);
+    TestVmDirStringCatA(pState);
+    TestVmDirStringNCatA(pState);
+    TestVmDirStringToTokenList(pState);
+    return 0;
+}
diff --git a/lwraft/testing/unittests/libcommon/parseargs.c b/lwraft/testing/unittests/libcommon/parseargs.c
new file mode 100644
index 000000000..bfd023d32
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/parseargs.c
@@ -0,0 +1,1683 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+typedef struct
+{
+    PSTR pszString1;
+    PSTR pszString2;
+    PSTR pszString3;
+    DWORD dwInteger1;
+    DWORD dwInteger2;
+    DWORD dwInteger3;
+    BOOLEAN bBoolean1;
+    BOOLEAN bBoolean2;
+    BOOLEAN bBoolean3;
+    BOOLEAN bShowUsageTriggered;
+    BOOLEAN bPostValidationCallbackTriggered;
+    BOOLEAN bReturnFailure;
+} COMMAND_LINE_STATE, *PCOMMAND_LINE_STATE;
+
+DWORD
+PostValidateParameters(
+    PVOID pvParameter
+    )
+{
+    PCOMMAND_LINE_STATE State = (PCOMMAND_LINE_STATE)pvParameter;
+
+    State->bPostValidationCallbackTriggered = TRUE;
+
+    if (State->bReturnFailure)
+    {
+        return VMDIR_ERROR_INVALID_PARAMETER;
+    }
+    else
+    {
+        return 0;
+    }
+}
+
+VOID
+ShowUsage(
+    PVOID pvParameter
+    )
+{
+    PCOMMAND_LINE_STATE State = (PCOMMAND_LINE_STATE)pvParameter;
+
+    State->bShowUsageTriggered = TRUE;
+}
+
+VOID
+FreeCLStateContent(
+    PCOMMAND_LINE_STATE pState
+    )
+{
+    if (pState)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pState->pszString1);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszString2);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszString3);
+    }
+}
+
+DWORD
+VmDirParseArgumentsTestWrapper(
+    PCOMMAND_LINE_STATE pState,
+    int argc,
+    PSTR* argv
+    )
+{
+    VMDIR_COMMAND_LINE_OPTION Options[] =
+    {
+            {'s', "string1", CL_STRING_PARAMETER, &pState->pszString1},
+            {'t', "string2", CL_STRING_PARAMETER, &pState->pszString2},
+            {'u', "string3", CL_STRING_PARAMETER, &pState->pszString3},
+            {'i', "integer1", CL_INTEGER_PARAMETER, &pState->dwInteger1},
+            {'j', "integer2", CL_INTEGER_PARAMETER, &pState->dwInteger2},
+            {'k', "integer3", CL_INTEGER_PARAMETER, &pState->dwInteger3},
+            {'n', "noparameter1", CL_NO_PARAMETER, &pState->bBoolean1},
+            {'o', "noparameter2", CL_NO_PARAMETER, &pState->bBoolean2},
+            {'p', "noparameter3", CL_NO_PARAMETER, &pState->bBoolean3},
+            {0, 0, 0, 0}
+    };
+
+    VMDIR_PARSE_ARG_CALLBACKS Callbacks =
+    {
+            PostValidateParameters,
+            ShowUsage,
+            pState
+    };
+
+    return VmDirParseArguments(Options, &Callbacks, argc, argv);
+}
+
+VOID
+_Test_WithInvalidEnumValueFails(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-s"};
+
+    VMDIR_COMMAND_LINE_OPTION Options[] =
+    {
+            {'s', NULL, 0xFFFFFFFF, &Parameters.pszString1},
+            {0, 0, 0, 0}
+    };
+
+    dwError = VmDirParseArguments(Options, NULL, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_WithNullLongFlagDoesntCrash(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--invalid"};
+
+    VMDIR_COMMAND_LINE_OPTION Options[] =
+    {
+            {'s', NULL, CL_STRING_PARAMETER, &Parameters.pszString1},
+            {0, 0, 0, 0}
+    };
+
+    dwError = VmDirParseArguments(Options, NULL, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_WithEmptyLongFlagDoesntCrash(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--invalid"};
+
+    VMDIR_COMMAND_LINE_OPTION Options[] =
+    {
+            {'s', "", CL_STRING_PARAMETER, &Parameters.pszString1},
+            {0, 0, 0, 0}
+    };
+
+    dwError = VmDirParseArguments(Options, NULL, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_StringParameterWithNoParameterShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-s"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_IntegerParameterWithNoParameterShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-i"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_IntegerParameterWithStringParameterShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-i", "hello"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_NoParameterWithParameterShouldFail(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-n", "extraparameter"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringParameterWithStringParameterShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-s", "hello"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strcmp(Parameters.pszString1, "hello") == 0);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerParameterWithIntegerParameterShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-i", "42"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.dwInteger1 = 42);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoParameterWithNoParameterShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "-n"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringParameterWithStringParameterShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--string1", "hello, world!"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(strcmp(Parameters.pszString1, "hello, world!") == 0);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerParameterWithIntegerParameterShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--integer1", "-37"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.dwInteger1 == (DWORD)-37);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoParameterWithNoParameterShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--noparameter1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_InvalidParametersShowUsageShouldBeCalled(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--invalid-parameter"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    TestAssert(Parameters.bShowUsageTriggered);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ValidParametersPostValidtionShouldBeCalled(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--noparameter1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.bPostValidationCallbackTriggered);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ValidParametersPostValidtionShouldBeCalledAndShowUsage(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app", "--noparameter1"};
+
+    Parameters.bReturnFailure = TRUE;
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    TestAssert(Parameters.bPostValidationCallbackTriggered);
+    TestAssert(Parameters.bShowUsageTriggered);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringStringStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-u", "string3"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString3, "string3", TRUE) == 0);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringStringStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--string3", "string3"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString3, "string3", TRUE) == 0);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringStringIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-i", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringStringIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--integer1", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringStringNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-n"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringStringNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--noparameter1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringIntegerStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-t", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringIntegerStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--string2", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringIntegerIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-j", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringIntegerIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--integer2", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringIntegerNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-n"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringIntegerNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--noparameter1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringNoneStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-n", "-t", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringNoneStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--string2", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringNoneIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-n", "-i", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringNoneIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--integer1", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortStringNoneNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-s", "string1", "-n", "-o"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongStringNoneNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--noparameter2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerStringStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-t", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerStringStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--string2", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerStringIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-j", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerStringIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--integer2", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerStringNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-n"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerStringNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--noparameter1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerIntegerStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-s", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerIntegerStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--string1", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerIntegerIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-k", "3"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 3);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerIntegerIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--integer3", "3"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 3);
+    TestAssert(Parameters.bBoolean1 == FALSE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerIntegerNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-n"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerIntegerNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--noparameter1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerNoneStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-n", "-s", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerNoneStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--string1", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerNoneIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-n", "-j", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerNoneIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--integer2", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortIntegerNoneNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-i", "1", "-n", "-o"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongIntegerNoneNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--noparameter2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneStringStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-s", "string1", "-t", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneStringStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--string2", "string2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString2, "string2", TRUE) == 0);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneStringIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-s", "string1", "-i", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneStringIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--integer1", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneStringNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-s", "string1", "-o"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneStringNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--noparameter2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneIntegerStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-i", "1", "-s", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneIntegerStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--string1", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneIntegerIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-i", "1", "-j", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneIntegerIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--integer2", "2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 2);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == FALSE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneIntegerNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-i", "1", "-o"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneIntegerNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--noparameter2"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneNoneStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-o", "-s", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneNoneStringWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--string1", "string1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringCompareA(Parameters.pszString1, "string1", TRUE) == 0);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneNoneIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-o", "-i", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneNoneIntegerWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--integer1", "1"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 1);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == FALSE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_ShortNoneNoneNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "-n", "-o", "-p"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == TRUE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+_Test_LongNoneNoneNoneWithValidParametersShouldSucceed(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    COMMAND_LINE_STATE Parameters = { 0 };
+    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--noparameter3"};
+
+    dwError = VmDirParseArgumentsTestWrapper(&Parameters, VMDIR_ARRAY_SIZE(argv), argv);
+    TestAssertEquals(dwError, 0);
+    TestAssert(Parameters.pszString1 == NULL);
+    TestAssert(Parameters.pszString2 == NULL);
+    TestAssert(Parameters.pszString3 == NULL);
+    TestAssert(Parameters.dwInteger1 == 0);
+    TestAssert(Parameters.dwInteger2 == 0);
+    TestAssert(Parameters.dwInteger3 == 0);
+    TestAssert(Parameters.bBoolean1 == TRUE);
+    TestAssert(Parameters.bBoolean2 == TRUE);
+    TestAssert(Parameters.bBoolean3 == TRUE);
+    FreeCLStateContent(&Parameters);
+}
+
+VOID
+TestVmDirParseArguments(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing VmDirParseArguments ...");
+
+    _Test_WithInvalidEnumValueFails(pState);
+    _Test_WithNullLongFlagDoesntCrash(pState);
+    _Test_WithEmptyLongFlagDoesntCrash(pState);
+
+    _Test_StringParameterWithNoParameterShouldFail(pState);
+    _Test_IntegerParameterWithNoParameterShouldFail(pState);
+    _Test_IntegerParameterWithStringParameterShouldFail(pState);
+    _Test_NoParameterWithParameterShouldFail(pState);
+    _Test_ShortStringParameterWithStringParameterShouldSucceed(pState);
+    _Test_ShortIntegerParameterWithIntegerParameterShouldSucceed(pState);
+    _Test_ShortNoParameterWithNoParameterShouldSucceed(pState);
+    _Test_LongStringParameterWithStringParameterShouldSucceed(pState);
+    _Test_LongIntegerParameterWithIntegerParameterShouldSucceed(pState);
+    _Test_LongNoParameterWithNoParameterShouldSucceed(pState);
+
+    _Test_InvalidParametersShowUsageShouldBeCalled(pState);
+    _Test_ValidParametersPostValidtionShouldBeCalled(pState);
+    _Test_ValidParametersPostValidtionShouldBeCalledAndShowUsage(pState);
+
+    _Test_LongStringStringStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringStringStringWithValidParametersShouldSucceed(pState);
+    _Test_LongStringStringIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringStringIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongStringStringNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringStringNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongStringIntegerStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringIntegerStringWithValidParametersShouldSucceed(pState);
+    _Test_LongStringIntegerIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringIntegerIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongStringIntegerNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringIntegerNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongStringNoneStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringNoneStringWithValidParametersShouldSucceed(pState);
+    _Test_LongStringNoneIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringNoneIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongStringNoneNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortStringNoneNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerStringStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerStringStringWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerStringIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerStringIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerStringNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerStringNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerIntegerStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerIntegerStringWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerIntegerIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerIntegerIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerIntegerNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerIntegerNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerNoneStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerNoneStringWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerNoneIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerNoneIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongIntegerNoneNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortIntegerNoneNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneStringStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneStringStringWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneStringIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneStringIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneStringNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneStringNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneIntegerStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneIntegerStringWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneIntegerIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneIntegerIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneIntegerNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneIntegerNoneWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneNoneStringWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneNoneStringWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneNoneIntegerWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneNoneIntegerWithValidParametersShouldSucceed(pState);
+    _Test_LongNoneNoneNoneWithValidParametersShouldSucceed(pState);
+    _Test_ShortNoneNoneNoneWithValidParametersShouldSucceed(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/prototypes.h b/lwraft/testing/unittests/libcommon/prototypes.h
new file mode 100644
index 000000000..b99617932
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/prototypes.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *-
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+VOID
+TestCircularBufferCode(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirAllocateStringA(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirAllocateStringOfLenA(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestDequeCode(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirParseArguments(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestRegistryCode(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirStringList(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirStringCpyA(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirStringNCpyA(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirStringCatA(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirStringNCatA(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID TestVmDirReadString(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirGetVmDirLogPath(
+    PVMDIR_TEST_STATE pState
+    );
+
+VOID
+TestVmDirStringToTokenList(
+    PVMDIR_TEST_STATE pState
+    );
+
+DWORD
+TestVmDirAllocateStringPrintf(
+    PVMDIR_TEST_STATE pState
+    );
diff --git a/lwraft/testing/unittests/libcommon/registry.c b/lwraft/testing/unittests/libcommon/registry.c
new file mode 100644
index 000000000..29940ed00
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/registry.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+VOID
+TestDwordRoundTrip(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwTestValue = 0;
+    DWORD dwComparisonValue = 0;
+    DWORD dwError = 0;
+
+    dwTestValue = 42;
+    dwError = VmDirSetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_KEY_PATH,
+                "TestValue",
+                dwTestValue);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_KEY_PATH,
+                "TestValue",
+                &dwComparisonValue,
+                0);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwTestValue, dwComparisonValue);
+}
+
+VOID
+TestDwordDefaultValue(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwTestValue = 0;
+    DWORD dwComparisonValue = 0;
+    DWORD dwError = 0;
+
+    dwTestValue = 42;
+    dwError = VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_KEY_PATH,
+                "TestValueDoesNotExist",
+                &dwComparisonValue,
+                dwTestValue);
+    TestAssertNotEquals(dwError, 0);
+    TestAssert(dwTestValue == dwComparisonValue);
+}
+
+VOID
+TestMaxDwordValueRoundTrip(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwTestValue = 0;
+    DWORD dwComparisonValue = 0;
+    DWORD dwError = 0;
+
+    dwTestValue = 0xFFFFFFFF; // Biggest possible DWORD
+    dwError = VmDirSetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_KEY_PATH,
+                "TestMaxValue",
+                dwTestValue);
+    TestAssertEquals(dwError, 0);
+
+    dwError = VmDirGetRegKeyValueDword(
+                VMDIR_CONFIG_PARAMETER_KEY_PATH,
+                "TestMaxValue",
+                &dwComparisonValue,
+                0);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwTestValue, dwComparisonValue);
+}
+
+VOID
+TestRegistryCode(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    printf("Testing registry code ...");
+
+    TestDwordRoundTrip(pState);
+    TestDwordDefaultValue(pState);
+    TestMaxDwordValueRoundTrip(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/testing/unittests/libcommon/stringlist.c b/lwraft/testing/unittests/libcommon/stringlist.c
new file mode 100644
index 000000000..c8930236f
--- /dev/null
+++ b/lwraft/testing/unittests/libcommon/stringlist.c
@@ -0,0 +1,310 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+PSTR GenerateString(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    static DWORD i = 0;
+    PSTR pszString = NULL;
+    DWORD dwError = 0;
+
+    //
+    // This is a unit test so we assume that the allocation succeeds.
+    //
+    dwError = VmDirAllocateStringPrintf(
+                &pszString,
+                "Test String #%d",
+                i++);
+    TestAssertEquals(dwError, 0);
+
+    return pszString;
+}
+
+VOID
+TestStringListInitialization(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST *ppStringList
+    )
+{
+    PVMDIR_STRING_LIST pStringList;
+    DWORD dwError = 0;
+
+    dwError = VmDirStringListInitialize(&pStringList, 10);
+    TestAssertEquals(dwError, 0);
+    TestAssert(pStringList != NULL);
+    TestAssert(pStringList->dwCount == 0);
+    TestAssert(pStringList->dwSize == 10);
+
+    *ppStringList = pStringList;
+}
+
+VOID
+TestStringListInitializationCountTooBig(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_STRING_LIST pStringList = NULL;
+    DWORD dwError = 0;
+
+    dwError = VmDirStringListInitialize(&pStringList, 0xFFFFFFFF);
+    TestAssert(dwError == VMDIR_ERROR_INVALID_PARAMETER);
+    TestAssert(pStringList == NULL);
+}
+
+VOID
+TestStringListAdd(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszString = GenerateString(pState);
+
+    dwError = VmDirStringListAdd(pStringList, pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringListContains(pStringList, pszString));
+}
+
+VOID
+TestStringListAddWithReallocation(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    UINT i = 0;
+    DWORD dwMaxSize = 0;
+    DWORD dwError = 0;
+
+    dwMaxSize = pStringList->dwSize + 5;
+    for (i = pStringList->dwCount; i < dwMaxSize; ++i)
+    {
+        dwError = VmDirStringListAdd(
+                    pStringList,
+                    GenerateString(pState));
+        TestAssertEquals(dwError, 0);
+    }
+
+    TestAssert(pStringList->dwSize > pStringList->dwCount);
+    TestAssert(pStringList->dwSize > dwMaxSize);
+    TestAssert(pStringList->dwCount >= dwMaxSize);
+}
+
+VOID
+TestStringListAddLayout(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PSTR ppszStrings[5];
+    DWORD dwError = 0;
+    DWORD i = 0;
+    PVMDIR_STRING_LIST pStringList;
+
+    dwError = VmDirStringListInitialize(&pStringList, 10);
+    TestAssertEquals(dwError, 0);
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
+    {
+        ppszStrings[i] = GenerateString(pState);
+        dwError = VmDirStringListAdd(pStringList, ppszStrings[i]);
+        TestAssertEquals(dwError, 0);
+    }
+
+    TestAssert(pStringList->dwCount == VMDIR_ARRAY_SIZE(ppszStrings));
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
+    {
+        TestAssert(pStringList->pStringList[i] == ppszStrings[i]);
+    }
+
+    VmDirStringListFree(pStringList);
+}
+
+VOID
+TestStringListRemoveShouldSucceed(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszString = GenerateString(pState);
+    DWORD dwCount = 0;
+
+    VmDirStringListAdd(pStringList, pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(VmDirStringListContains(pStringList, pszString));
+    dwCount = pStringList->dwCount;
+
+    dwError = VmDirStringListRemove(pStringList, pszString);
+    TestAssertEquals(dwError, 0);
+    TestAssert(!VmDirStringListContains(pStringList, pszString));
+    TestAssert(dwCount == pStringList->dwCount + 1);
+}
+
+VOID
+TestStringListRemoveShouldHaveCorrectLayout(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PCSTR ppszStrings[] = {
+        "Test 1",
+        "Test 2",
+        "Test 3",
+        "Test 4",
+        "Test 5"
+    };
+    PVMDIR_STRING_LIST pStringList = NULL;
+    DWORD dwError = 0;
+    DWORD i = 0;
+
+    dwError = VmDirStringListInitialize(&pStringList, 10);
+    TestAssertEquals(dwError, 0);
+
+    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
+    {
+        dwError = VmDirStringListAdd(pStringList, ppszStrings[i]);
+        TestAssertEquals(dwError, 0);
+    }
+
+    dwError = VmDirStringListRemove(pStringList, ppszStrings[2]);
+    TestAssertEquals(dwError, 0);
+    TestAssert(pStringList->dwCount == VMDIR_ARRAY_SIZE(ppszStrings) - 1);
+    TestAssert(pStringList->pStringList[0] == ppszStrings[0]);
+    TestAssert(pStringList->pStringList[1] == ppszStrings[1]);
+    TestAssert(pStringList->pStringList[2] == ppszStrings[3]);
+    TestAssert(pStringList->pStringList[3] == ppszStrings[4]);
+}
+
+VOID
+TestStringListRemoveShouldFail(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszString = GenerateString(pState);
+
+    dwError = VmDirStringListRemove(pStringList, pszString);
+    TestAssert(dwError == VMDIR_ERROR_NOT_FOUND);
+    TestAssert(!VmDirStringListContains(pStringList, pszString));
+}
+
+VOID
+TestStringListRemoveNullShouldFail(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmDirStringListRemove(pStringList, NULL);
+    TestAssert(dwError == VMDIR_ERROR_NOT_FOUND);
+    TestAssert(!VmDirStringListContains(pStringList, NULL));
+}
+
+VOID
+TestStringListContainsNullShouldFail(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    TestAssert(!VmDirStringListContains(pStringList, NULL));
+}
+
+VOID
+TestStringListContainsShouldFail(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    TestAssert(!VmDirStringListContains(pStringList, GenerateString(pState)));
+}
+
+VOID
+TestStringListFree(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    VmDirStringListFree(pStringList);
+}
+
+VOID
+TestStringListFreeWithNull(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    VmDirStringListFree(NULL);
+}
+
+VOID
+TestStringListMultiStringRoutines(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwByteCount = 0;
+    PVMDIR_STRING_LIST pStringList = NULL;
+    PSTR pszMultiStringResult = NULL;
+    BYTE pbMultiString[] = {
+        'l', 'o', 't', 'u', 's', '\0',
+        'v', 'm', 'd', 'i', 'r', '\0',
+        'v', 'm', 'w', 'a', 'r', 'e', '\0', '\0'};
+
+    dwError = VmDirStringListFromMultiString(
+                (PCSTR)pbMultiString,
+                0,
+                &pStringList);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(pStringList->dwCount, 3);
+    TestAssertStrEquals(pStringList->pStringList[0], "lotus");
+    TestAssertStrEquals(pStringList->pStringList[1], "vmdir");
+    TestAssertStrEquals(pStringList->pStringList[2], "vmware");
+
+    dwError = VmDirMultiStringFromStringList(
+                pStringList,
+                &pszMultiStringResult,
+                &dwByteCount);
+    TestAssertEquals(dwError, 0);
+
+    TestAssertEquals(dwByteCount, sizeof(pbMultiString));
+    TestAssert(memcmp(pbMultiString, pszMultiStringResult, dwByteCount) == 0);
+}
+
+
+VOID TestVmDirStringList(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    PVMDIR_STRING_LIST pStringList;
+
+    printf("Testing VmDirStringList code ...");
+    TestStringListInitialization(pState, &pStringList);
+    TestStringListInitializationCountTooBig(pState);
+    TestStringListAdd(pState, pStringList);
+    TestStringListAddWithReallocation(pState, pStringList);
+    TestStringListAddLayout(pState);
+    TestStringListRemoveShouldSucceed(pState, pStringList);
+    TestStringListRemoveShouldHaveCorrectLayout(pState);
+    TestStringListRemoveShouldFail(pState, pStringList);
+    TestStringListRemoveNullShouldFail(pState, pStringList);
+    TestStringListContainsNullShouldFail(pState, pStringList);
+    TestStringListContainsShouldFail(pState, pStringList);
+    TestStringListFree(pState, pStringList);
+    TestStringListFreeWithNull(pState);
+    TestStringListMultiStringRoutines(pState);
+
+    printf(" PASSED\n");
+}
diff --git a/lwraft/thirdparty/heimdal/asn1/Makefile.am b/lwraft/thirdparty/heimdal/asn1/Makefile.am
index 596499b95..835f716a2 100644
--- a/lwraft/thirdparty/heimdal/asn1/Makefile.am
+++ b/lwraft/thirdparty/heimdal/asn1/Makefile.am
@@ -16,9 +16,9 @@ libasn1_la_SOURCES = \
     hex.c
 
 libasn1_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/public \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/public \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1
 
 libasn1_la_LDFLAGS = \
     -static
@@ -28,7 +28,7 @@ libasn1db_la_SOURCES = \
     asn1_kerberos_db.c
 
 libasn1db_la_CPPFLAGS = \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1
 
 libasn1db_la_LDFLAGS = \
     -static
diff --git a/lwraft/thirdparty/heimdal/krb5-crypto/Makefile.am b/lwraft/thirdparty/heimdal/krb5-crypto/Makefile.am
index b563766ff..9b619d0fd 100644
--- a/lwraft/thirdparty/heimdal/krb5-crypto/Makefile.am
+++ b/lwraft/thirdparty/heimdal/krb5-crypto/Makefile.am
@@ -30,9 +30,9 @@ libkrb5crypto_la_SOURCES = \
 libkrb5crypto_la_CPPFLAGS = \
     -DHEIMDAL_SMALLER \
     @OPENSSL_INCLUDES@ \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/server/tools
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/lwraft/server/tools
 
 libkrb5crypto_la_LDFLAGS = \
-    -export-symbols $(top_srcdir)/thirdparty/heimdal/krb5-crypto/krb5-crypto.exp
+    -export-symbols $(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto/krb5-crypto.exp
diff --git a/lwraft/thirdparty/heimdal/ntlm/Makefile.am b/lwraft/thirdparty/heimdal/ntlm/Makefile.am
index b6231a3d3..983bc4bcc 100644
--- a/lwraft/thirdparty/heimdal/ntlm/Makefile.am
+++ b/lwraft/thirdparty/heimdal/ntlm/Makefile.am
@@ -5,11 +5,11 @@ libheimntlm_la_SOURCES = \
 
 libheimntlm_la_CPPFLAGS = \
     @OPENSSL_INCLUDES@ \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/public \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/public \
     -DHAVE_OPENSSL \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/lwraft/thirdparty/heimdal/krb5-crypto
 
 libheimntlm_la_LDFLAGS = \
     -static
diff --git a/lwraft/thirdparty/openldap/libraries/mdb/Makefile.am b/lwraft/thirdparty/openldap/libraries/mdb/Makefile.am
index 74bbbe94f..4ca916c81 100644
--- a/lwraft/thirdparty/openldap/libraries/mdb/Makefile.am
+++ b/lwraft/thirdparty/openldap/libraries/mdb/Makefile.am
@@ -5,9 +5,9 @@ liblwraftmdb_la_SOURCES = \
     midl.c
 
 liblwraftmdb_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/public \
-    -I$(top_srcdir)/thirdparty/openldap/include
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/public \
+    -I$(top_srcdir)/lwraft/thirdparty/openldap/include
 
 liblwraftmdb_la_LDFLAGS = \
     -static
diff --git a/lwraft/thirdparty/openldap/libraries/mdb/lmdb.h b/lwraft/thirdparty/openldap/libraries/mdb/lmdb.h
index c6f236c14..532c3f165 100644
--- a/lwraft/thirdparty/openldap/libraries/mdb/lmdb.h
+++ b/lwraft/thirdparty/openldap/libraries/mdb/lmdb.h
@@ -266,7 +266,20 @@ typedef void (MDB_rel_func)(MDB_val *item, void *oldptr, void *newptr, void *rel
  * The transaction will be aborted if this callback return non zero
  * Used for Raft implementation to commit a log
  */
-typedef int  (MDB_commit_hook_func)(void);
+typedef int  (MDB_raft_prepare_commit_func)(void **raft_commit_ctx);
+
+
+/** @brief A callback function invoked when MDB transaction
+ * has been succeessfully committed (after obtaining raft consensus).
+ */
+typedef void  (MDB_raft_post_commit_func)(void *raft_commit_ctx);
+
+/** @brief A callback function invoked when MDB transaction
+ * fail to flush WAL or write meta page (usually due to disk full/failure)
+ * The callback should put the server on Raft Follower state so that it will
+ * not reuse the same logIndex/logTerm for new client request.
+ */
+typedef void  (MDB_raft_commit_fail_func)(void *raft_commit_ctx);
 
 /** @defgroup	mdb_env	Environment Flags
  *	@{
@@ -295,6 +308,8 @@ typedef int  (MDB_commit_hook_func)(void);
 #define MDB_NOMEMINIT	0x1000000
         /** keep WAL files after checkpoint -- this version of MDB doesn't support WAL, and the flag is for forward-compatability*/
 #define MDB_KEEPXLOGS   0x2000000
+        /** Enable WAL (Write Ahead Logging) feature */
+#define MDB_WAL   0x4000000
 /** @} */
 
 /**	@defgroup	mdb_dbi_open	Database Flags
@@ -422,7 +437,9 @@ typedef enum MDB_cursor_op {
 #define MDB_WAL_INVALID_META    (-30780)
         /** WAL recover failure pages in transaction mismatch */
 #define MDB_WAL_WRONG_TXN_PAGES (-30779)
-#define MDB_LAST_ERRCODE MDB_WAL_WRONG_TXN_PAGES
+        /** Missing WAL file or invalid WAL file */
+#define MDB_WAL_FILE_ERROR (-30778)
+#define MDB_LAST_ERRCODE MDB_WAL_FILE_ERROR
 /** @} */
 
 /** @brief Statistics for a database in the environment */
@@ -791,6 +808,13 @@ int  mdb_env_set_mapsize(MDB_env *env, size_t size);
 	 */
 int  mdb_env_set_maxreaders(MDB_env *env, unsigned int readers);
 
+         /** @brief set database checkpoint interval in WAL mode
+          *
+          * @param[in] the interval in seconds
+          * @return A non-zero error value on failure and 0 on success
+          */
+int mdb_env_set_chkpt_interval(MDB_env *env, int interval);
+
 	/** @brief Get the maximum number of threads/reader slots for the environment.
 	 *
 	 * @param[in] env An environment handle returned by #mdb_env_create()
@@ -1146,7 +1170,7 @@ int  mdb_set_relfunc(MDB_txn *txn, MDB_dbi dbi, MDB_rel_func *rel);
         /** @brief Set commit hook func for Raft
          *
          */
-void mdb_set_commit_hook_func(MDB_env *env, MDB_commit_hook_func *commit_hook_func);
+void mdb_set_raft_prepare_commit_func(MDB_env *env, MDB_raft_prepare_commit_func *raft_prepare_commit_func);
 
 	/** @brief Set a context pointer for a #MDB_FIXEDMAP database's relocation function.
 	 *
@@ -1162,6 +1186,11 @@ void mdb_set_commit_hook_func(MDB_env *env, MDB_commit_hook_func *commit_hook_fu
 	 *	<li>EINVAL - an invalid parameter was specified.
 	 * </ul>
 	 */
+
+        /** @brief callback for raft post commit - set raft volatle state with logIndex argument when commit succeeded
+         */
+void mdb_set_raft_post_commit_func(MDB_env *env, MDB_raft_post_commit_func  *raft_post_commit_func);
+
 int  mdb_set_relctx(MDB_txn *txn, MDB_dbi dbi, void *ctx);
 
 	/** @brief Get items from a database.
diff --git a/lwraft/thirdparty/openldap/libraries/mdb/mdb.c b/lwraft/thirdparty/openldap/libraries/mdb/mdb.c
index 6d2215c52..549762f9c 100644
--- a/lwraft/thirdparty/openldap/libraries/mdb/mdb.c
+++ b/lwraft/thirdparty/openldap/libraries/mdb/mdb.c
@@ -247,7 +247,6 @@ typedef _W64 int        ssize_t;
 #define LOCK_MUTEX_W(env)	mdb_sem_wait((env)->me_wmutex)
 #define UNLOCK_MUTEX_W(env)	sem_post((env)->me_wmutex)
 
-
 static int
 mdb_sem_wait(sem_t *sem)
 {
@@ -318,7 +317,6 @@ mdb_sem_wait(sem_t *sem)
 #ifndef MDB_DSYNC
 # define MDB_DSYNC	O_DSYNC
 #endif
-
 /**
  * initial and incremental database size in Bytes - 256MB
  */
@@ -653,7 +651,7 @@ typedef struct MDB_txninfo {
 #define	mti_wmname	mt2.mt2_wmname
 #else
 		pthread_mutex_t	mt2_wmutex;
-#define	mti_wmutex	mt2.mt2_wmutex
+#define mti_wmutex	mt2.mt2_wmutex
 #endif
 		char pad[(MNAME_LEN+CACHELINE-1) & ~(CACHELINE-1)];
 	} mt2;
@@ -692,6 +690,7 @@ typedef struct MDB_page {
 #define	P_DIRTY		 0x10		/**< dirty page, also set for #P_SUBP pages */
 #define	P_LEAF2		 0x20		/**< for #MDB_DUPFIXED records */
 #define	P_SUBP		 0x40		/**< for #MDB_DUPSORT sub-pages */
+#define	P_KEEP		 0x8000		/**< leave this page alone during spill */
 /** @} */
 	uint16_t	mp_flags;		/**< @ref mdb_page */
 #define mp_lower	mp_pb.pb.pb_lower
@@ -896,15 +895,14 @@ typedef struct MDB_meta {
 #define	mm_flags	mm_dbs[0].md_flags
 	pgno_t		mm_last_pg;			/**< last used page in file */
 	txnid_t		mm_txnid;			/**< txnid that committed this page */
-                /** number of pages of this transaction not including the meta page
-                    used for WAL auditing */
+        /** number of pages of this transaction not including the meta page used for WAL auditing */
         uint32_t        mm_txn_pages;
-                /** The last xlog num being used.
-                    If the server was shutdown gracefully and all xlog files were purged,
-                    then this number is taken in database file's meta data, otherwise
-                    the meta data is rollforwarded  by txn log files.
-                 */
+        /** The last xlog num being used.
+         * If the server was shutdown gracefully and all xlog files were purged,
+         * then this number is taken in database file's meta data, otherwise
+         * the meta data is rollforwarded by txn log files. */
         uint32_t        mm_xlog_num;
+        uint32_t        mm_xlog_num_pre_chkpt;
 } MDB_meta;
 
 	/** Buffer for a stack-allocated meta page.
@@ -948,8 +946,13 @@ struct MDB_txn {
 	/** The list of pages that became unused during this transaction.
 	 */
 	MDB_IDL		mt_free_pgs;
+	/** The sorted list of dirty pages we temporarily wrote to disk
+	 *	because the dirty list was full. page numbers in here are
+	 *	shifted left by 1, deleted slots have the LSB set.
+	 */
+	MDB_IDL		mt_spill_pgs;
 	union {
-		/** For write txns: Modified pages. */
+		/** For write txns: Modified pages. Sorted when not MDB_WRITEMAP. */
 		MDB_ID2L	dirty_list;
 		/** For read txns: This thread/txn's reader table slot, or NULL. */
 		MDB_reader	*reader;
@@ -983,6 +986,7 @@ struct MDB_txn {
 #define MDB_TXN_RDONLY		0x01		/**< read-only transaction */
 #define MDB_TXN_ERROR		0x02		/**< an error has occurred */
 #define MDB_TXN_DIRTY		0x04		/**< must write, even if dirty list is empty */
+#define MDB_TXN_SPILLS		0x08		/**< txn or a parent has spilled pages */
 /** @} */
 	unsigned int	mt_flags;		/**< @ref mdb_txn */
 	/** dirty_list room: Array size - #dirty pages visible to this txn.
@@ -1075,19 +1079,23 @@ typedef struct MDB_pgstate {
 #define XLOG_MIN_NUM 10000001
 #define XLOG_MAX_NUM 99999999
 
+/* purge upto current xlog_num file less the margin */
+#define XLOG_PURGE_SAFE_MARGIN 5
+
+/* the default value of check point interval */
+#define CHKPT_INTERVAL_DEFAULT 30
+
 typedef struct MDB_walstate {
         pthread_t       chkpt_thread;   /* check point thread id */
         unsigned long   xlog_num;       /* current WAL file number that derives the file name */
+        unsigned long   xlog_num_pre_chkpt; /* WAL file number right before chkpt completed */
         unsigned long   xlog_purged;    /* last WAL file number being purged */
 	HANDLE		xlog_fd;	/* current WAL file fd */
-	uint32_t        xlog_offset;	/* current WAL file offset */
+	uint32_t        xlog_pages;     /* number of pages written to current WAL file */
+        uint32_t        chkpt_interval; /* the interval in seconds of doing checkpoint on database */
 	pthread_cond_t  chkpt_waitcond;	/* for waking up check point thread */
 	pthread_mutex_t chkpt_waitmutex;/* Mutex for check point thread */
-        char            *walbuf_p;      /* WAL buffer for writing to wal file - page aligned */
-	char            *walbuf_real_p; /* base pointer of walbuf_p  - used for walbuf_p free */
-        unsigned long   walbuf_pos;     /* current position in WAL buffer for new pages */
-	long            walbuf_size;    /* size of WAL buffer */
-        int             direct_io;      /* non-zero if file ststem supports direct I/O */
+        unsigned long   txn_pages;      /* number of pages to write to wal for current transaction */
         int             chkpt_thread_active; /* set to 1 when  chkpt_thread started */
 } MDB_walstate;
 
@@ -1095,6 +1103,7 @@ typedef struct MDB_walstate {
 struct MDB_env {
 	HANDLE		me_fd;		/**< The main data file */
 	HANDLE		me_lfd;		/**< The lock file */
+	HANDLE		me_mfd;			/**< just for writing the meta pages */
 	/** Failed to update the meta page. Probably an I/O error. */
 #define	MDB_FATAL_ERROR	0x80000000U
 	/** Some fields are initialized. */
@@ -1118,7 +1127,7 @@ struct MDB_env {
 	void		*me_pbuf;		/**< scratch area for DUPSORT put() */
 	MDB_txn		*me_txn;		/**< current write transaction */
 	size_t		me_mapsize;		/**< size of the data memory map */
-	size_t		me_size;		/**< current file size */
+	off_t		me_size;		/**< current file size */
 	pgno_t		me_maxpg;		/**< me_mapsize / me_psize */
 	MDB_dbx		*me_dbxs;		/**< array of static DB info */
 	uint16_t	*me_dbflags;	/**< array of flags from MDB_db.md_flags */
@@ -1150,8 +1159,10 @@ struct MDB_env {
 #endif
 	void		*me_userctx;	 /**< User-settable context */
 	MDB_assert_func *me_assert_func; /**< Callback for assertion failures */
-        MDB_commit_hook_func *me_commit_hook_func; /** Commit hook function used for Raft committing a log **/
-	MDB_walstate	me_walstate;	/** WAL (write ahead logging) state **/
+        MDB_raft_prepare_commit_func *me_raft_prepare_commit_func; /** Commit hook function used for Raft committing a log **/
+        MDB_raft_post_commit_func *me_raft_post_commit_func; /** callback that sets raft state for the logIndex **/
+        MDB_raft_commit_fail_func *me_raft_commit_fail_func; /** callback that sets raft state if fail to write WAL or meta page  **/
+        MDB_walstate    me_walstate;    /** WAL (write ahead logging) state **/
 };
 
 	/** Nested transaction */
@@ -1160,6 +1171,13 @@ typedef struct MDB_ntxn {
 	MDB_pgstate	mnt_pgstate;	/**< parent transaction's saved freestate */
 } MDB_ntxn;
 
+	/** max number of pages to commit in one writev() call */
+#define MDB_COMMIT_PAGES	 64
+#if defined(IOV_MAX) && IOV_MAX < MDB_COMMIT_PAGES
+#undef MDB_COMMIT_PAGES
+#define MDB_COMMIT_PAGES	IOV_MAX
+#endif
+
 	/* max bytes to write in one call */
 #define MAX_WRITE		(0x80000000U >> (sizeof(ssize_t) == 4))
 
@@ -1220,13 +1238,15 @@ static void	mdb_xcursor_init0(MDB_cursor *mc);
 static void	mdb_xcursor_init1(MDB_cursor *mc, MDB_node *node);
 
 static int	mdb_drop0(MDB_cursor *mc, int subs);
-static void mdb_default_cmp(MDB_txn *txn, MDB_dbi dbi);
+static void     mdb_default_cmp(MDB_txn *txn, MDB_dbi dbi);
 static int      mdb_wal_init(MDB_env *env);
-static int	mdb_walbuf_cpy(MDB_env *env, char *dp, unsigned long pgs);
-static int	wal_write(MDB_env *env, txnid_t tid);
-static int	mdb_rollxlogs(MDB_env *env, int purge);
-static void *	mdb_chkpt_main(void *param_ptr);
-static int      extend_map(MDB_env *env, pgno_t pgno, int num);
+static int      mdb_rollxlogs(MDB_env *env, int purge);
+static int      mdb_rollforward_file(MDB_env *env, char * xlog_file);
+static void *   mdb_chkpt_main(void *param_ptr);
+#ifndef _WIN32
+static int      wal_sync_meta(MDB_env *env, txnid_t tid);
+static int      write_wal_pages(MDB_env *env, const struct iovec *iov, int n);
+#endif
 
 /** @cond */
 static MDB_cmp_func	mdb_cmp_memn, mdb_cmp_memnr, mdb_cmp_int, mdb_cmp_cint, mdb_cmp_long;
@@ -1254,7 +1274,7 @@ static char *const mdb_errstr[] = {
 	"MDB_NOTFOUND: No matching key/data pair found",
 	"MDB_PAGE_NOTFOUND: Requested page not found",
 	"MDB_CORRUPTED: Located page was wrong type",
-	"MDB_PANIC: WAL, msync or meta page update failed",
+	"MDB_PANIC: Update of meta page or WAL file failed",
 	"MDB_VERSION_MISMATCH: Database environment version mismatch",
 	"MDB_INVALID: File is not an MDB file",
 	"MDB_MAP_FULL: Environment mapsize limit reached",
@@ -1271,6 +1291,7 @@ static char *const mdb_errstr[] = {
 	"MDB_BAD_VALSIZE: Too big key/data, key is empty, or wrong DUPFIXED size",
         "MDB_WAL_INVALID_META: WAL recover failure - invalid meta page or missing WAL file",
         "MDB_WAL_WRONG_TXN_PAGES: WAL recover failure - pages in transaction mismatch",
+        "MDB_WAL_FILE_ERROR: Missing or bad WAL file"
 };
 
 char *
@@ -1523,7 +1544,230 @@ mdb_page_free(MDB_env *env, MDB_page *mp)
 	env->me_dpages = mp;
 }
 
-static int mdb_page_flush(MDB_txn *txn);
+/** Free a dirty page */
+static void
+mdb_dpage_free(MDB_env *env, MDB_page *dp)
+{
+	if (!IS_OVERFLOW(dp) || dp->mp_pages == 1) {
+		mdb_page_free(env, dp);
+	} else {
+		/* large pages just get freed directly */
+		VGMEMP_FREE(env, dp);
+		free(dp);
+	}
+}
+
+/**	Return all dirty pages to dpage list */
+static void
+mdb_dlist_free(MDB_txn *txn)
+{
+	MDB_env *env = txn->mt_env;
+	MDB_ID2L dl = txn->mt_u.dirty_list;
+	unsigned i, n = (unsigned int) dl[0].mid;
+
+	for (i = 1; i <= n; i++) {
+		mdb_dpage_free(env, dl[i].mptr);
+	}
+	dl[0].mid = 0;
+}
+
+/** Set or clear P_KEEP in dirty, non-overflow, non-sub pages watched by txn.
+ * @param[in] mc A cursor handle for the current operation.
+ * @param[in] pflags Flags of the pages to update:
+ * P_DIRTY to set P_KEEP, P_DIRTY|P_KEEP to clear it.
+ * @param[in] all No shortcuts. Needed except after a full #mdb_page_flush().
+ * @return 0 on success, non-zero on failure.
+ */
+static int
+mdb_pages_xkeep(MDB_cursor *mc, unsigned pflags, int all)
+{
+	enum { Mask = P_SUBP|P_DIRTY|P_KEEP };
+	MDB_txn *txn = mc->mc_txn;
+	MDB_cursor *m3;
+	MDB_xcursor *mx;
+	MDB_page *dp, *mp;
+	MDB_node *leaf;
+	unsigned i, j;
+	int rc = MDB_SUCCESS, level;
+
+	/* Mark pages seen by cursors */
+	if (mc->mc_flags & C_UNTRACK)
+		mc = NULL;				/* will find mc in mt_cursors */
+	for (i = txn->mt_numdbs;; mc = txn->mt_cursors[--i]) {
+		for (; mc; mc=mc->mc_next) {
+			if (!(mc->mc_flags & C_INITIALIZED))
+				continue;
+			for (m3 = mc;; m3 = &mx->mx_cursor) {
+				mp = NULL;
+				for (j=0; j<m3->mc_snum; j++) {
+					mp = m3->mc_pg[j];
+					if ((mp->mp_flags & Mask) == pflags)
+						mp->mp_flags ^= P_KEEP;
+				}
+				mx = m3->mc_xcursor;
+				/* Proceed to mx if it is at a sub-database */
+				if (! (mx && (mx->mx_cursor.mc_flags & C_INITIALIZED)))
+					break;
+				if (! (mp && (mp->mp_flags & P_LEAF)))
+					break;
+				leaf = NODEPTR(mp, m3->mc_ki[j-1]);
+				if (!(leaf->mn_flags & F_SUBDATA))
+					break;
+			}
+		}
+		if (i == 0)
+			break;
+	}
+
+	if (all) {
+		/* Mark dirty root pages */
+		for (i=0; i<txn->mt_numdbs; i++) {
+			if (txn->mt_dbflags[i] & DB_DIRTY) {
+				pgno_t pgno = txn->mt_dbs[i].md_root;
+				if (pgno == P_INVALID)
+					continue;
+				if ((rc = mdb_page_get(txn, pgno, &dp, &level)) != MDB_SUCCESS)
+					break;
+				if ((dp->mp_flags & Mask) == pflags && level <= 1)
+					dp->mp_flags ^= P_KEEP;
+			}
+		}
+	}
+
+	return rc;
+}
+
+static int mdb_page_flush(MDB_txn *txn, int keep);
+
+/**	Spill pages from the dirty list back to disk.
+ * This is intended to prevent running into #MDB_TXN_FULL situations,
+ * but note that they may still occur in a few cases:
+ *	1) our estimate of the txn size could be too small. Currently this
+ *	 seems unlikely, except with a large number of #MDB_MULTIPLE items.
+ *	2) child txns may run out of space if their parents dirtied a
+ *	 lot of pages and never spilled them. TODO: we probably should do
+ *	 a preemptive spill during #mdb_txn_begin() of a child txn, if
+ *	 the parent's dirty_room is below a given threshold.
+ *
+ * Otherwise, if not using nested txns, it is expected that apps will
+ * not run into #MDB_TXN_FULL any more. The pages are flushed to disk
+ * the same way as for a txn commit, e.g. their P_DIRTY flag is cleared.
+ * If the txn never references them again, they can be left alone.
+ * If the txn only reads them, they can be used without any fuss.
+ * If the txn writes them again, they can be dirtied immediately without
+ * going thru all of the work of #mdb_page_touch(). Such references are
+ * handled by #mdb_page_unspill().
+ *
+ * Also note, we never spill DB root pages, nor pages of active cursors,
+ * because we'll need these back again soon anyway. And in nested txns,
+ * we can't spill a page in a child txn if it was already spilled in a
+ * parent txn. That would alter the parent txns' data even though
+ * the child hasn't committed yet, and we'd have no way to undo it if
+ * the child aborted.
+ *
+ * @param[in] m0 cursor A cursor handle identifying the transaction and
+ *	database for which we are checking space.
+ * @param[in] key For a put operation, the key being stored.
+ * @param[in] data For a put operation, the data being stored.
+ * @return 0 on success, non-zero on failure.
+ */
+static int
+mdb_page_spill(MDB_cursor *m0, MDB_val *key, MDB_val *data)
+{
+	MDB_txn *txn = m0->mc_txn;
+	MDB_page *dp;
+	MDB_ID2L dl = txn->mt_u.dirty_list;
+	unsigned int i, j, need;
+	int rc;
+
+	if (m0->mc_flags & C_SUB)
+		return MDB_SUCCESS;
+
+	/* Estimate how much space this op will take */
+	i = m0->mc_db->md_depth;
+	/* Named DBs also dirty the main DB */
+	if (m0->mc_dbi > MAIN_DBI)
+		i += txn->mt_dbs[MAIN_DBI].md_depth;
+	/* For puts, roughly factor in the key+data size */
+	if (key)
+		i += (unsigned int) (LEAFSIZE(key, data) + txn->mt_env->me_psize) / txn->mt_env->me_psize;
+	i += i;	/* double it for good measure */
+	need = i;
+
+	if (txn->mt_dirty_room > i)
+		return MDB_SUCCESS;
+
+	if (!txn->mt_spill_pgs) {
+		txn->mt_spill_pgs = mdb_midl_alloc(MDB_IDL_UM_MAX);
+		if (!txn->mt_spill_pgs)
+			return ENOMEM;
+	} else {
+		/* purge deleted slots */
+		MDB_IDL sl = txn->mt_spill_pgs;
+		unsigned int num = (unsigned int) sl[0];
+		j=0;
+		for (i=1; i<=num; i++) {
+			if (!(sl[i] & 1))
+				sl[++j] = sl[i];
+		}
+		sl[0] = j;
+	}
+
+	/* Preserve pages which may soon be dirtied again */
+	if ((rc = mdb_pages_xkeep(m0, P_DIRTY, 1)) != MDB_SUCCESS)
+		goto done;
+
+	/* Less aggressive spill - we originally spilled the entire dirty list,
+	 * with a few exceptions for cursor pages and DB root pages. But this
+	 * turns out to be a lot of wasted effort because in a large txn many
+	 * of those pages will need to be used again. So now we spill only 1/8th
+	 * of the dirty pages. Testing revealed this to be a good tradeoff,
+	 * better than 1/2, 1/4, or 1/10.
+	 */
+	if (need < MDB_IDL_UM_MAX / 8)
+		need = MDB_IDL_UM_MAX / 8;
+
+	/* Save the page IDs of all the pages we're flushing */
+	/* flush from the tail forward, this saves a lot of shifting later on. */
+	for (i=(unsigned int) dl[0].mid; i && need; i--) {
+		MDB_ID pn = dl[i].mid << 1;
+		dp = dl[i].mptr;
+		if (dp->mp_flags & P_KEEP)
+			continue;
+		/* Can't spill twice, make sure it's not already in a parent's
+		 * spill list.
+		 */
+		if (txn->mt_parent) {
+			MDB_txn *tx2;
+			for (tx2 = txn->mt_parent; tx2; tx2 = tx2->mt_parent) {
+				if (tx2->mt_spill_pgs) {
+					j = mdb_midl_search(tx2->mt_spill_pgs, pn);
+					if (j <= tx2->mt_spill_pgs[0] && tx2->mt_spill_pgs[j] == pn) {
+						dp->mp_flags |= P_KEEP;
+						break;
+					}
+				}
+			}
+			if (tx2)
+				continue;
+		}
+		if ((rc = mdb_midl_append(&txn->mt_spill_pgs, pn)))
+			goto done;
+		need--;
+	}
+	mdb_midl_sort(txn->mt_spill_pgs);
+
+	/* Flush the spilled part of dirty list */
+	if ((rc = mdb_page_flush(txn, i)) != MDB_SUCCESS)
+		goto done;
+
+	/* Reset any dirty pages we kept that page_flush didn't see */
+	rc = mdb_pages_xkeep(m0, P_DIRTY|P_KEEP, i);
+
+done:
+	txn->mt_flags |= rc ? MDB_TXN_ERROR : MDB_TXN_SPILLS;
+	return rc;
+}
 
 /** Find oldest txnid still referenced. Expects txn->mt_txnid > 0. */
 static txnid_t
@@ -1549,11 +1793,16 @@ static void
 mdb_page_dirty(MDB_txn *txn, MDB_page *mp)
 {
 	MDB_ID2 mid;
-	int rc;
+	int rc, (*insert)(MDB_ID2L, MDB_ID2 *);
 
+	if (txn->mt_env->me_flags & MDB_WRITEMAP) {
+		insert = mdb_mid2l_append;
+	} else {
+		insert = mdb_mid2l_insert;
+	}
 	mid.mid = mp->mp_pgno;
 	mid.mptr = mp;
-	rc = mdb_mid2l_append(txn->mt_u.dirty_list, &mid);
+	rc = insert(txn->mt_u.dirty_list, &mid);
 	mdb_tassert(txn, rc == 0);
 	txn->mt_dirty_room--;
 }
@@ -1701,13 +1950,14 @@ mdb_page_alloc(MDB_cursor *mc, int num, MDB_page **mp)
 	}
 
 search_done:
-        if (env->me_psize * (pgno + num) >= env->me_size)
-        {
-            rc=extend_map(env, pgno, num);
-            if (rc)
-                goto fail;
-        }
-	np = (MDB_page *)(env->me_map + env->me_psize * pgno);
+	if (env->me_flags & MDB_WRITEMAP) {
+		np = (MDB_page *)(env->me_map + env->me_psize * pgno);
+	} else {
+		if (!(np = mdb_page_malloc(txn, num))) {
+			rc = ENOMEM;
+			goto fail;
+		}
+	}
 	if (i) {
 		mop[0] = mop_len -= num;
 		/* Move any stragglers down */
@@ -1751,6 +2001,68 @@ mdb_page_copy(MDB_page *dst, MDB_page *src, unsigned int psize)
 	}
 }
 
+/** Pull a page off the txn's spill list, if present.
+ * If a page being referenced was spilled to disk in this txn, bring
+ * it back and make it dirty/writable again.
+ * @param[in] txn the transaction handle.
+ * @param[in] mp the page being referenced. It must not be dirty.
+ * @param[out] ret the writable page, if any. ret is unchanged if
+ * mp wasn't spilled.
+ */
+static int
+mdb_page_unspill(MDB_txn *txn, MDB_page *mp, MDB_page **ret)
+{
+	MDB_env *env = txn->mt_env;
+	const MDB_txn *tx2;
+	unsigned x;
+	pgno_t pgno = mp->mp_pgno, pn = pgno << 1;
+
+	for (tx2 = txn; tx2; tx2=tx2->mt_parent) {
+		if (!tx2->mt_spill_pgs)
+			continue;
+		x = mdb_midl_search(tx2->mt_spill_pgs, pn);
+		if (x <= tx2->mt_spill_pgs[0] && tx2->mt_spill_pgs[x] == pn) {
+			MDB_page *np;
+			int num;
+			if (txn->mt_dirty_room == 0)
+				return MDB_TXN_FULL;
+			if (IS_OVERFLOW(mp))
+				num = mp->mp_pages;
+			else
+				num = 1;
+			if (env->me_flags & MDB_WRITEMAP) {
+				np = mp;
+			} else {
+				np = mdb_page_malloc(txn, num);
+				if (!np)
+					return ENOMEM;
+				if (num > 1)
+					memcpy(np, mp, num * env->me_psize);
+				else
+					mdb_page_copy(np, mp, env->me_psize);
+			}
+			if (tx2 == txn) {
+				/* If in current txn, this page is no longer spilled.
+				 * If it happens to be the last page, truncate the spill list.
+				 * Otherwise mark it as deleted by setting the LSB.
+				 */
+				if (x == txn->mt_spill_pgs[0])
+					txn->mt_spill_pgs[0]--;
+				else
+					txn->mt_spill_pgs[x] |= 1;
+			}	/* otherwise, if belonging to a parent txn, the
+				 * page remains spilled until child commits
+				 */
+
+			mdb_page_dirty(txn, np);
+			np->mp_flags |= P_DIRTY;
+			*ret = np;
+			break;
+		}
+	}
+	return MDB_SUCCESS;
+}
+
 /** Touch a page: make it dirty and re-insert into tree with updated pgno.
  * @param[in] mc cursor pointing to the page to be touched
  * @return 0 on success, non-zero on failure.
@@ -1765,6 +2077,14 @@ mdb_page_touch(MDB_cursor *mc)
 	int rc;
 
 	if (!F_ISSET(mp->mp_flags, P_DIRTY)) {
+		if (txn->mt_flags & MDB_TXN_SPILLS) {
+			np = NULL;
+			rc = mdb_page_unspill(txn, mp, &np);
+			if (rc)
+				goto fail;
+			if (np)
+				goto done;
+		}
 		if ((rc = mdb_midl_need(&txn->mt_free_pgs, 1)) ||
 			(rc = mdb_page_alloc(mc, 1, &np)))
 			goto fail;
@@ -1782,10 +2102,6 @@ mdb_page_touch(MDB_cursor *mc)
 			mc->mc_db->md_root = pgno;
 		}
 	} else if (txn->mt_parent && !IS_SUBP(mp)) {
-                /*
-                 * WAL implementation is not supporting nested transaction,
-                 * thus the flow will not reach here
-                 */
 		MDB_ID2 mid, *dl = txn->mt_u.dirty_list;
 		pgno = mp->mp_pgno;
 		/* If txn has a parent, make sure the page is in our
@@ -1819,6 +2135,7 @@ mdb_page_touch(MDB_cursor *mc)
 	np->mp_pgno = pgno;
 	np->mp_flags |= P_DIRTY;
 
+done:
 	/* Adjust cursors pointing to mp */
 	mc->mc_pg[mc->mc_top] = np;
 	m2 = txn->mt_cursors[mc->mc_dbi];
@@ -1855,9 +2172,21 @@ int
 mdb_env_sync(MDB_env *env, int force)
 {
 	int rc = 0;
-
-    if (MDB_MSYNC(env->me_map, env->me_size, MS_SYNC))
-		rc = ENOMEM;
+	if (force || !F_ISSET(env->me_flags, MDB_NOSYNC)) {
+		if (env->me_flags & MDB_WRITEMAP) {
+			int flags = ((env->me_flags & MDB_MAPASYNC) && !force)
+				? MS_ASYNC : MS_SYNC;
+			if (MDB_MSYNC(env->me_map, env->me_mapsize, flags))
+				rc = ErrCode();
+#ifdef _WIN32
+			else if (flags == MS_SYNC && MDB_FDATASYNC(env->me_fd))
+				rc = ErrCode();
+#endif
+		} else {
+			if (MDB_FDATASYNC(env->me_fd))
+				rc = ErrCode();
+		}
+	}
 	return rc;
 }
 
@@ -1885,7 +2214,7 @@ mdb_cursor_shadow(MDB_txn *src, MDB_txn *dst)
 				/* Kill pointers into src - and dst to reduce abuse: The
 				 * user may not use mc until dst ends. Otherwise we'd...
 				 */
-				mc->mc_txn= NULL;	/* ...set this to dst */
+				mc->mc_txn    = NULL;	/* ...set this to dst */
 				mc->mc_dbflag = NULL;	/* ...and &dst->mt_dbflags[i] */
 				if ((mx = mc->mc_xcursor) != NULL) {
 					*(MDB_xcursor *)(bk+1) = *mx;
@@ -1945,13 +2274,13 @@ mdb_cursors_close(MDB_txn *txn, unsigned merge)
 static void
 mdb_txn_reset0(MDB_txn *txn, const char *act);
 
-#if !(MDB_PIDLOCK)	/* Currently the same as defined(_WIN32) */
+#if !(MDB_PIDLOCK)		/* Currently the same as defined(_WIN32) */
 enum Pidlock_op {
-    Pidset, Pidcheck
+	Pidset, Pidcheck
 };
 #else
 enum Pidlock_op {
-    Pidset = F_SETLK, Pidcheck = F_GETLK
+	Pidset = F_SETLK, Pidcheck = F_GETLK
 };
 #endif
 
@@ -2087,6 +2416,7 @@ mdb_txn_renew0(MDB_txn *txn)
 		txn->mt_u.dirty_list[0].mid = 0;
 		txn->mt_free_pgs = env->me_free_pgs;
 		txn->mt_free_pgs[0] = 0;
+		txn->mt_spill_pgs = NULL;
 		env->me_txn = txn;
 	}
 
@@ -2151,8 +2481,15 @@ mdb_txn_begin(MDB_env *env, MDB_txn *parent, unsigned int flags, MDB_txn **ret)
 	if ((env->me_flags & MDB_RDONLY) && !(flags & MDB_RDONLY))
 		return EACCES;
 	if (parent) {
-		/* No nested transaction with writemap */
-		return MDB_BAD_TXN;
+		/* Nested transactions: Max 1 child, write txns only, no writemap */
+		if (parent->mt_child ||
+			(flags & MDB_RDONLY) ||
+			(parent->mt_flags & (MDB_TXN_RDONLY|MDB_TXN_ERROR)) ||
+			(env->me_flags & MDB_WRITEMAP))
+		{
+			return (parent->mt_flags & MDB_TXN_RDONLY) ? EINVAL : MDB_BAD_TXN;
+		}
+		tsize = sizeof(MDB_ntxn);
 	}
 	size = tsize + env->me_maxdbs * (sizeof(MDB_db)+1);
 	if (!(flags & MDB_RDONLY))
@@ -2185,6 +2522,7 @@ mdb_txn_begin(MDB_env *env, MDB_txn *parent, unsigned int flags, MDB_txn **ret)
 		txn->mt_txnid = parent->mt_txnid;
 		txn->mt_dirty_room = parent->mt_dirty_room;
 		txn->mt_u.dirty_list[0].mid = 0;
+		txn->mt_spill_pgs = NULL;
 		txn->mt_next_pgno = parent->mt_next_pgno;
 		parent->mt_child = txn;
 		txn->mt_parent = parent;
@@ -2271,10 +2609,6 @@ mdb_txn_reset0(MDB_txn *txn, const char *act)
 	/* Close any DBI handles opened in this txn */
 	mdb_dbis_update(txn, 0);
 
-        /* Forfeit contents in WAL buffer for the write transaction */
-        if (!(txn->mt_flags & MDB_TXN_RDONLY))
-            env->me_walstate.walbuf_pos = 0;
-
 	DPRINTF(("%s txn %"Z"u%c %p on mdbenv %p, root page %"Z"u",
 		act, txn->mt_txnid, (txn->mt_flags & MDB_TXN_RDONLY) ? 'r' : 'w',
 		(void *) txn, (void *)env, txn->mt_dbs[MAIN_DBI].md_root));
@@ -2290,12 +2624,16 @@ mdb_txn_reset0(MDB_txn *txn, const char *act)
 	} else {
 		mdb_cursors_close(txn, 0);
 
+		if (!(env->me_flags & MDB_WRITEMAP)) {
+			mdb_dlist_free(txn);
+		}
 		mdb_midl_free(env->me_pghead);
 
 		if (txn->mt_parent) {
 			txn->mt_parent->mt_child = NULL;
 			env->me_pgstate = ((MDB_ntxn *)txn)->mnt_pgstate;
 			mdb_midl_free(txn->mt_free_pgs);
+			mdb_midl_free(txn->mt_spill_pgs);
 			free(txn->mt_u.dirty_list);
 			return;
 		}
@@ -2357,7 +2695,7 @@ mdb_freelist_save(MDB_txn *txn)
 	int rc, maxfree_1pg = env->me_maxfree_1pg, more = 1;
 	txnid_t	pglast = 0, head_id = 0;
 	pgno_t	freecnt = 0, *free_pgs, *mop;
-	ssize_t	head_room = 0, total_room = 0, mop_len;
+	ssize_t	head_room = 0, total_room = 0, mop_len, clean_limit;
 
 	mdb_cursor_init(&mc, txn, FREE_DBI, NULL);
 
@@ -2368,6 +2706,10 @@ mdb_freelist_save(MDB_txn *txn)
 			return rc;
 	}
 
+	/* MDB_RESERVE cancels meminit in ovpage malloc (when no WRITEMAP) */
+	clean_limit = (env->me_flags & (MDB_NOMEMINIT|MDB_WRITEMAP))
+		? SSIZE_MAX : maxfree_1pg;
+
 	for (;;) {
 		/* Come back here after each Put() in case freelist changed */
 		MDB_val key, data;
@@ -2458,7 +2800,7 @@ mdb_freelist_save(MDB_txn *txn)
 			return rc;
 		/* IDL is initially empty, zero out at least the length */
 		pgs = (pgno_t *)data.mv_data;
-		j = head_room > SSIZE_MAX ? head_room : 0;
+		j = head_room > clean_limit ? head_room : 0;
 		do {
 			pgs[j] = 0;
 		} while (--j >= 0);
@@ -2499,33 +2841,147 @@ mdb_freelist_save(MDB_txn *txn)
 
 /** Flush (some) dirty pages to the map, after clearing their dirty flag.
  * @param[in] txn the transaction that's being committed
+ * @param[in] keep number of initial pages in dirty_list to keep dirty.
  * @return 0 on success, non-zero on failure.
  */
 static int
-mdb_page_flush(MDB_txn *txn)
+mdb_page_flush(MDB_txn *txn, int keep)
 {
 	MDB_env		*env = txn->mt_env;
 	MDB_ID2L	dl = txn->mt_u.dirty_list;
-	int		rc = 0, i, j, pagecount = (int) dl[0].mid;
+	unsigned	psize = env->me_psize, j;
+	int			i, pagecount = (int) dl[0].mid, rc;
+	size_t		size = 0, pos = 0;
+	pgno_t		pgno = 0;
 	MDB_page	*dp = NULL;
+#ifdef _WIN32
+	OVERLAPPED	ov;
+#else
+	struct iovec iov[MDB_COMMIT_PAGES];
+	ssize_t		wpos = 0, wsize = 0, wres;
+	size_t		next_pos = 1; /* impossible pos, so pos != next_pos */
+	int			n = 0;
+#endif
 
-	i = 0;
-    while (++i <= pagecount) {
-        dp = dl[i].mptr;
-        dp->mp_flags &= ~P_DIRTY;
-	if (IS_OVERFLOW(dp)){
-            j = dp->mp_pages;
-		//printf("copy %lu overflow pages - pgno %lu\n", (unsigned long)dp->mp_pages, (unsigned long)dp->mp_pgno);
-	 }
-         else
-            j = 1;
-        rc = mdb_walbuf_cpy(env, (char *)dp, j);
-	if (rc != MDB_SUCCESS)
-		return rc;
-    }
-    txn->mt_dirty_room = pagecount;
-    dl[0].mid = 0;
-    return MDB_SUCCESS;
+	j = i = keep;
+
+	if (env->me_flags & MDB_WRITEMAP) {
+		/* Clear dirty flags */
+		while (++i <= pagecount) {
+			dp = dl[i].mptr;
+			/* Don't flush this page yet */
+			if (dp->mp_flags & P_KEEP) {
+				dp->mp_flags ^= P_KEEP;
+				dl[++j] = dl[i];
+				continue;
+			}
+			dp->mp_flags &= ~P_DIRTY;
+		}
+		goto done;
+	}
+
+	/* Write the pages */
+	for (;;) {
+		if (++i <= pagecount) {
+			dp = dl[i].mptr;
+			/* Don't flush this page yet */
+			if (dp->mp_flags & P_KEEP) {
+				dp->mp_flags ^= P_KEEP;
+				dl[i].mid = 0;
+				continue;
+			}
+			pgno = dl[i].mid;
+			/* clear dirty flag */
+			dp->mp_flags &= ~P_DIRTY;
+			pos = pgno * psize;
+			size = psize;
+			if (IS_OVERFLOW(dp)) size *= dp->mp_pages;
+		}
+#ifdef _WIN32
+		else break;
+
+		/* Windows actually supports scatter/gather I/O, but only on
+		 * unbuffered file handles. Since we're relying on the OS page
+		 * cache for all our data, that's self-defeating. So we just
+		 * write pages one at a time. We use the ov structure to set
+		 * the write offset, to at least save the overhead of a Seek
+		 * system call.
+		 */
+		DPRINTF(("committing page %"Z"u", pgno));
+		memset(&ov, 0, sizeof(ov));
+		ov.Offset = pos & 0xffffffff;
+		ov.OffsetHigh = (DWORD) (pos >> 32);
+		if (!WriteFile(env->me_fd, dp, (DWORD) size, NULL, &ov)) {
+			rc = ErrCode();
+			DPRINTF(("WriteFile: %d", rc));
+			return rc;
+		}
+#else
+		/* Write up to MDB_COMMIT_PAGES dirty pages at a time. */
+		if (pos!=next_pos || n==MDB_COMMIT_PAGES || wsize+size>MAX_WRITE) {
+			if (n) {
+                                /* write pages to WAL file */
+                                rc = write_wal_pages(env, iov, n);
+                                if (rc)
+                                    return rc;
+#ifdef MDB_USE_PWRITEV
+
+				/* Write previous page(s) */
+				wres = pwritev(env->me_fd, iov, n, wpos);
+#else
+				if (n == 1) {
+					wres = pwrite(env->me_fd, iov[0].iov_base, wsize, wpos);
+				} else {
+					if (lseek(env->me_fd, wpos, SEEK_SET) == -1) {
+						rc = ErrCode();
+						DPRINTF(("lseek: %s", strerror(rc)));
+						return rc;
+					}
+					wres = writev(env->me_fd, iov, n);
+				}
+#endif
+				if (wres != wsize) {
+					if (wres < 0) {
+						rc = ErrCode();
+						DPRINTF(("Write error: %s", strerror(rc)));
+					} else {
+						rc = EIO; /* TODO: Use which error code? */
+						DPUTS("short write, filesystem full?");
+					}
+					return rc;
+				}
+				n = 0;
+			}
+			if (i > pagecount)
+				break;
+			wpos = pos;
+			wsize = 0;
+		}
+		DPRINTF(("committing page %"Z"u", pgno));
+		next_pos = pos + size;
+		iov[n].iov_len = size;
+		iov[n].iov_base = (char *)dp;
+		wsize += size;
+		n++;
+#endif	/* _WIN32 */
+	}
+
+	for (i = keep; ++i <= pagecount; ) {
+		dp = dl[i].mptr;
+		/* This is a page we skipped above */
+		if (!dl[i].mid) {
+			dl[++j] = dl[i];
+			dl[j].mid = dp->mp_pgno;
+			continue;
+		}
+		mdb_dpage_free(env, dp);
+	}
+
+done:
+	i--;
+	txn->mt_dirty_room += i - j;
+	dl[0].mid = j;
+	return MDB_SUCCESS;
 }
 
 int
@@ -2534,6 +2990,7 @@ mdb_txn_commit(MDB_txn *txn)
 	int		rc;
 	unsigned int i;
 	MDB_env	*env;
+        void *raft_commit_ctx = NULL;
 
 	if (txn == NULL || txn->mt_env == NULL)
 		return EINVAL;
@@ -2565,7 +3022,8 @@ mdb_txn_commit(MDB_txn *txn)
 	if (txn->mt_parent) {
 		MDB_txn *parent = txn->mt_parent;
 		MDB_ID2L dst, src;
-		unsigned x, y, len;
+		MDB_IDL pspill;
+		unsigned x, y, len, ps_len;
 
 		/* Append our free list to parent's */
 		rc = mdb_midl_append_list(&parent->mt_free_pgs, txn->mt_free_pgs);
@@ -2595,6 +3053,26 @@ mdb_txn_commit(MDB_txn *txn)
 
 		dst = parent->mt_u.dirty_list;
 		src = txn->mt_u.dirty_list;
+		/* Remove anything in our dirty list from parent's spill list */
+		if ((pspill = parent->mt_spill_pgs) && (ps_len = (unsigned int) pspill[0])) {
+			x = y = ps_len;
+			pspill[0] = (pgno_t)-1;
+			/* Mark our dirty pages as deleted in parent spill list */
+			for (i=0, len=(unsigned int)src[0].mid; ++i <= len; ) {
+				MDB_ID pn = src[i].mid << 1;
+				while (pn > pspill[x])
+					x--;
+				if (pn == pspill[x]) {
+					pspill[x] = 1;
+					y = --x;
+				}
+			}
+			/* Squash deleted pagenums if we deleted any */
+			for (x=y; ++x <= ps_len; )
+				if (!(pspill[x] & 1))
+					pspill[++y] = pspill[x];
+			pspill[0] = y;
+		}
 
 		/* Find len = length of merging our dirty list with parent's */
 		x = (unsigned int) dst[0].mid;
@@ -2627,6 +3105,19 @@ mdb_txn_commit(MDB_txn *txn)
 		dst[0].mid = len;
 		free(txn->mt_u.dirty_list);
 		parent->mt_dirty_room = txn->mt_dirty_room;
+		if (txn->mt_spill_pgs) {
+			if (parent->mt_spill_pgs) {
+				/* TODO: Prevent failure here, so parent does not fail */
+				rc = mdb_midl_append_list(&parent->mt_spill_pgs, txn->mt_spill_pgs);
+				if (rc)
+					parent->mt_flags |= MDB_TXN_ERROR;
+				mdb_midl_free(txn->mt_spill_pgs);
+				mdb_midl_sort(parent->mt_spill_pgs);
+			} else {
+				parent->mt_spill_pgs = txn->mt_spill_pgs;
+			}
+		}
+
 		parent->mt_child = NULL;
 		mdb_midl_free(((MDB_ntxn *)txn)->mnt_pgstate.mf_pghead);
 		free(txn);
@@ -2642,11 +3133,11 @@ mdb_txn_commit(MDB_txn *txn)
 	mdb_cursors_close(txn, 0);
 
 	if (!txn->mt_u.dirty_list[0].mid &&
-		!(txn->mt_flags & MDB_TXN_DIRTY))
+		!(txn->mt_flags & (MDB_TXN_DIRTY|MDB_TXN_SPILLS)))
 		goto done;
 
 	DPRINTF(("committing txn %"Z"u %p on mdbenv %p, root page %"Z"u",
-	txn->mt_txnid, (void*)txn, (void*)env, txn->mt_dbs[MAIN_DBI].md_root));
+	    txn->mt_txnid, (void*)txn, (void*)env, txn->mt_dbs[MAIN_DBI].md_root));
 
 	/* Update DB root pointers */
 	if (txn->mt_numdbs > 2) {
@@ -2678,23 +3169,33 @@ mdb_txn_commit(MDB_txn *txn)
 #if (MDB_DEBUG) > 2
 	mdb_audit(txn);
 #endif
+        if ((rc = mdb_page_flush(txn, 0)))
+        {
+                goto fail;
+        }
 
-	if ((rc = mdb_page_flush(txn)) ||
-            (env->me_commit_hook_func && (rc = env->me_commit_hook_func())))
-    {
-		goto fail;
-    }
+        if (!(env->me_flags & MDB_WAL)){
+            if((rc = mdb_env_sync(env, 0)))
+                goto fail;
+        }
 
-    if((rc = mdb_env_write_meta(txn)))
-    {
-		goto fail;
-    }
+        if ((env->me_raft_prepare_commit_func &&
+             (rc = env->me_raft_prepare_commit_func(&raft_commit_ctx))) ||
+            (rc = mdb_env_write_meta(txn)))
+        {
+                goto fail;
+        }
 
 done:
 	env->me_pglast = 0;
 	env->me_txn = NULL;
 	mdb_dbis_update(txn, 1);
 
+        if (env->me_raft_post_commit_func)
+        {
+            env->me_raft_post_commit_func(raft_commit_ctx);
+        }
+
 	if (env->me_txns)
 		UNLOCK_MUTEX_W(env);
 	free(txn);
@@ -2702,6 +3203,10 @@ mdb_txn_commit(MDB_txn *txn)
 	return MDB_SUCCESS;
 
 fail:
+        if (env->me_raft_commit_fail_func)
+        {
+            env->me_raft_commit_fail_func(raft_commit_ctx);
+        }
 	mdb_txn_abort(txn);
 	return rc;
 }
@@ -2727,13 +3232,13 @@ mdb_env_read_header(MDB_env *env, MDB_meta *meta)
 
 	for (i=off=0; i<2; i++, off = meta->mm_psize) {
 #ifdef _WIN32
-            DWORD len;
-            OVERLAPPED ov;
-            memset(&ov, 0, sizeof(ov));
-            ov.Offset = off;
-            rc = ReadFile(env->me_fd, &pbuf, Size, &len, &ov) ? (int)len : -1;
-            if (rc == -1 && ErrCode() == ERROR_HANDLE_EOF)
-                    rc = 0;
+		DWORD len;
+		OVERLAPPED ov;
+		memset(&ov, 0, sizeof(ov));
+		ov.Offset = off;
+		rc = ReadFile(env->me_fd, &pbuf, Size, &len, &ov) ? (int)len : -1;
+		if (rc == -1 && ErrCode() == ERROR_HANDLE_EOF)
+			rc = 0;
 #else
 		rc = pread(env->me_fd, &pbuf, Size, off);
 #endif
@@ -2782,9 +3287,9 @@ mdb_env_init_meta(MDB_env *env, MDB_meta *meta)
 	int rc;
 	unsigned int	 psize;
 #ifdef _WIN32
-    DWORD len;
-    OVERLAPPED ov;
-    memset(&ov, 0, sizeof(ov));
+	DWORD len;
+	OVERLAPPED ov;
+	memset(&ov, 0, sizeof(ov));
 #define DO_PWRITE(rc, fd, ptr, size, len, pos)	do { \
 	ov.Offset = pos;	\
 	rc = WriteFile(fd, ptr, size, &len, &ov);	} while(0)
@@ -2808,7 +3313,8 @@ mdb_env_init_meta(MDB_env *env, MDB_meta *meta)
 	meta->mm_flags |= MDB_INTEGERKEY;
 	meta->mm_dbs[0].md_root = P_INVALID;
 	meta->mm_dbs[1].md_root = P_INVALID;
-	meta->mm_xlog_num = XLOG_MIN_NUM - 1;
+        meta->mm_xlog_num = XLOG_MIN_NUM - 1;
+        meta->mm_xlog_num_pre_chkpt = XLOG_MIN_NUM;
 
 	p = calloc(2, psize);
 	p->mp_pgno = 0;
@@ -2838,68 +3344,167 @@ mdb_env_init_meta(MDB_env *env, MDB_meta *meta)
 static int
 mdb_env_write_meta(MDB_txn *txn)
 {
-    MDB_env *env;
-    MDB_meta *mp, *wal_mp;
-    int toggle, rc = 0;
-    MDB_metabuf *mbufp;
-    MDB_page *p, *copy;
+	MDB_env *env;
+	MDB_meta	meta, metab, *mp;
+	off_t off;
+	int rc, len, toggle;
+	char *ptr;
+	HANDLE mfd;
+        MDB_metabuf mbuf = {0};
+        MDB_page *dp;
+        MDB_page *np = NULL;
+        int nw = 0;
 
+#ifdef _WIN32
+	OVERLAPPED ov;
+#else
+	int r2;
+#endif
 
-    toggle = txn->mt_txnid & 1;
-    DPRINTF(("writing meta page %d for root page %"Z"u",
-        toggle, txn->mt_dbs[MAIN_DBI].md_root));
+	toggle = txn->mt_txnid & 1;
+	DPRINTF(("writing meta page %d for root page %"Z"u",
+		toggle, txn->mt_dbs[MAIN_DBI].md_root));
 
-    env = txn->mt_env;
-    mp = env->me_metas[toggle];
+	env = txn->mt_env;
+	mp = env->me_metas[toggle];
+        dp = (MDB_page *)env->me_map;
+        if (toggle)
+            dp = (MDB_page *)(env->me_map + env->me_psize);
+        memcpy(&mbuf.mb_page, (char *)dp, PAGEHDRSZ);
+
+	if (env->me_flags & MDB_WRITEMAP) {
+		/* Persist any increases of mapsize config */
+		if (env->me_mapsize > mp->mm_mapsize)
+			mp->mm_mapsize = env->me_mapsize;
+		mp->mm_dbs[0] = txn->mt_dbs[0];
+		mp->mm_dbs[1] = txn->mt_dbs[1];
+		mp->mm_last_pg = txn->mt_next_pgno - 1;
+		mp->mm_txnid = txn->mt_txnid;
+		if (!(env->me_flags & (MDB_NOMETASYNC|MDB_NOSYNC))) {
+			unsigned meta_size = env->me_psize;
+			rc = (env->me_flags & MDB_MAPASYNC) ? MS_ASYNC : MS_SYNC;
+			ptr = env->me_map;
+			if (toggle) {
+#ifndef _WIN32	/* POSIX msync() requires ptr = start of OS page */
+				if (meta_size < env->me_os_psize)
+					meta_size += meta_size;
+				else
+#endif
+					ptr += meta_size;
+			}
+			if (MDB_MSYNC(ptr, meta_size, rc)) {
+				rc = ErrCode();
+				goto fail;
+			}
+		}
+		goto done;
+	}
+	metab.mm_txnid = env->me_metas[toggle]->mm_txnid;
+	metab.mm_last_pg = env->me_metas[toggle]->mm_last_pg;
 
-    p = (MDB_page *)env->me_map;
-    if (toggle)
-        p = (MDB_page *)(env->me_map + env->me_psize);
+	ptr = (char *)&meta;
+	if (env->me_mapsize > mp->mm_mapsize) {
+		/* Persist any increases of mapsize config */
+		meta.mm_mapsize = env->me_mapsize;
+		off = (off_t) offsetof(MDB_meta, mm_mapsize);
+	} else {
+		off = (off_t) offsetof(MDB_meta, mm_dbs[0].md_depth);
+	}
+	len = sizeof(MDB_meta) - off;
+
+	ptr += off;
+        mbuf.mb_metabuf.mm_meta.mm_magic = mp->mm_magic;
+        mbuf.mb_metabuf.mm_meta.mm_version = mp->mm_version;
+        mbuf.mb_metabuf.mm_meta.mm_address = mp->mm_address;
+	mbuf.mb_metabuf.mm_meta.mm_dbs[0] = meta.mm_dbs[0] = txn->mt_dbs[0];
+	mbuf.mb_metabuf.mm_meta.mm_dbs[1] = meta.mm_dbs[1] = txn->mt_dbs[1];
+	mbuf.mb_metabuf.mm_meta.mm_last_pg = meta.mm_last_pg = txn->mt_next_pgno - 1;
+	mbuf.mb_metabuf.mm_meta.mm_txnid = meta.mm_txnid = txn->mt_txnid;
+        mbuf.mb_metabuf.mm_meta.mm_txn_pages = meta.mm_txn_pages = env->me_walstate.txn_pages;
+        mbuf.mb_metabuf.mm_meta.mm_xlog_num = meta.mm_xlog_num = env->me_walstate.xlog_num;
+        mbuf.mb_metabuf.mm_meta.mm_xlog_num_pre_chkpt = meta.mm_xlog_num_pre_chkpt = env->me_walstate.xlog_num_pre_chkpt;
+        env->me_walstate.txn_pages = 0;
 
-    copy = mdb_page_malloc(txn, 1);
-    if (copy == NULL)
-        return ENOMEM;
+#ifndef _WIN32
+        if (env->me_flags & MDB_WAL)
+        {
+            np = mdb_page_malloc(txn, 1);
+            if (np == NULL)
+            {
+                rc = ENOMEM;
+                goto fail;
+            }
 
-    memcpy(copy, (char *)p, env->me_psize);
-    mbufp = (MDB_metabuf *)copy;
-
-    wal_mp = &mbufp->mb_metabuf.mm_meta;
-    wal_mp->mm_mapsize = env->me_mapsize;
-    wal_mp->mm_dbs[0] = txn->mt_dbs[0];
-    wal_mp->mm_dbs[1] = txn->mt_dbs[1];
-    wal_mp->mm_last_pg = txn->mt_next_pgno - 1;
-    wal_mp->mm_txnid = txn->mt_txnid;
-    wal_mp->mm_txn_pages = env->me_walstate.walbuf_pos/env->me_psize;
-    wal_mp->mm_xlog_num = env->me_walstate.xlog_num;
-    rc = mdb_walbuf_cpy(env, (char *)copy, 1);
-    mdb_page_free(env, copy);
-    if (rc != MDB_SUCCESS)
-        return rc;
+            memcpy(np, (char *)&mbuf, sizeof(MDB_metabuf));
+            nw = write(env->me_walstate.xlog_fd, np, env->me_psize);
+            mdb_page_free(env, np);
 
-    if (wal_write(env, txn->mt_txnid) != 0) {
-        env->me_flags |= MDB_FATAL_ERROR;
-        return MDB_PANIC;
-    }
+            if (nw != env->me_psize)
+            {
+                if (nw < 0)
+                    rc = ErrCode();
+                else
+                    rc = ENOMEM;
+                goto fail;
+            }
+            env->me_walstate.xlog_pages++;
 
-    //now writem into memory map
-    /* Persist any change of mapsize config */
-    mp->mm_mapsize = env->me_mapsize;
-    mp->mm_dbs[0] = txn->mt_dbs[0];
-    mp->mm_dbs[1] = txn->mt_dbs[1];
-    mp->mm_last_pg = txn->mt_next_pgno - 1;
-    mp->mm_txnid = txn->mt_txnid;
-    mp->mm_xlog_num = env->me_walstate.xlog_num;
-
-    /* Memory ordering issues are irrelevant; since the entire writer
-     * is wrapped by wmutex, all of these changes will become visible
-     * after the wmutex is unlocked. Since the DB is multi-version,
-     * readers will get consistent data regardless of how fresh or
-     * how stale their view of these values is.
-     */
-    if (env->me_txns)
-        env->me_txns->mti_txnid = txn->mt_txnid;
+            if (wal_sync_meta(env, txn->mt_txnid) != 0)
+            {
+                goto fail;
+            }
+        }
+#endif
 
-    return MDB_SUCCESS;
+	if (toggle)
+		off += env->me_psize;
+	off += PAGEHDRSZ;
+
+	/* Write to the SYNC fd */
+	mfd = env->me_flags & (MDB_NOSYNC|MDB_NOMETASYNC) ?
+		env->me_fd : env->me_mfd;
+#ifdef _WIN32
+	{
+		memset(&ov, 0, sizeof(ov));
+		ov.Offset = off;
+		if (!WriteFile(mfd, ptr, len, (DWORD *)&rc, &ov))
+			rc = -1;
+	}
+#else
+        rc = pwrite(env->me_fd, ptr, len, off);
+#endif
+	if (rc != len) {
+		rc = rc < 0 ? ErrCode() : EIO;
+		DPUTS("write failed, disk error?");
+		/* On a failure, the pagecache still contains the new data.
+		 * Write some old data back, to prevent it from being used.
+		 * Use the non-SYNC fd; we know it will fail anyway.
+		 */
+		meta.mm_last_pg = metab.mm_last_pg;
+		meta.mm_txnid = metab.mm_txnid;
+#ifdef _WIN32
+		memset(&ov, 0, sizeof(ov));
+		ov.Offset = off;
+		WriteFile(env->me_fd, ptr, len, NULL, &ov);
+#else
+		r2 = pwrite(env->me_fd, ptr, len, off);
+		(void)r2;	/* Silence warnings. We don't care about pwrite's return value */
+#endif
+fail:
+		env->me_flags |= MDB_FATAL_ERROR;
+		return rc;
+	}
+done:
+	/* Memory ordering issues are irrelevant; since the entire writer
+	 * is wrapped by wmutex, all of these changes will become visible
+	 * after the wmutex is unlocked. Since the DB is multi-version,
+	 * readers will get consistent data regardless of how fresh or
+	 * how stale their view of these values is.
+	 */
+	if (env->me_txns)
+		env->me_txns->mti_txnid = txn->mt_txnid;
+
+	return MDB_SUCCESS;
 }
 
 /** Check both meta pages to see which one is newer.
@@ -2925,6 +3530,7 @@ mdb_env_create(MDB_env **env)
 	e->me_maxdbs = e->me_numdbs = 2;
 	e->me_fd = INVALID_HANDLE_VALUE;
 	e->me_lfd = INVALID_HANDLE_VALUE;
+	e->me_mfd = INVALID_HANDLE_VALUE;
 #ifdef MDB_USE_POSIX_SEM
 	e->me_rmutex = SEM_FAILED;
 	e->me_wmutex = SEM_FAILED;
@@ -2957,46 +3563,32 @@ mdb_env_map(MDB_env *env, void *addr, int newsize)
 			|| SetFilePointer(env->me_fd, 0, NULL, 0) != 0)
 			return ErrCode();
 	}
-	mh = CreateFileMapping(env->me_fd, NULL, PAGE_READWRITE,
+	mh = CreateFileMapping(env->me_fd, NULL, flags & MDB_WRITEMAP ?
+		PAGE_READWRITE : PAGE_READONLY,
 		sizehi, sizelo, NULL);
 	if (!mh)
 		return ErrCode();
-	env->me_map = MapViewOfFileEx(mh, FILE_MAP_WRITE,
+	env->me_map = MapViewOfFileEx(mh, flags & MDB_WRITEMAP ?
+		FILE_MAP_WRITE : FILE_MAP_READ,
 		0, 0, env->me_mapsize, addr);
 	rc = env->me_map ? 0 : ErrCode();
 	CloseHandle(mh);
-        env->me_size = env->me_mapsize;
 	if (rc)
 		return rc;
 #else
-	int prot = PROT_READ|PROT_WRITE;
-        off_t dbfile_cur_size = 0;
-
-        dbfile_cur_size = lseek(env->me_fd, 0L, SEEK_END);
-        if (dbfile_cur_size < 0)
-            return ErrCode();
-
-        if (dbfile_cur_size==0)
-        {
-            //new db enviroment
-            if (env->me_mapsize < DB_SIZE_INC)
-                env->me_size = env->me_mapsize;
-            else
-                env->me_size = DB_SIZE_INC;
-
-            if(ftruncate(env->me_fd, env->me_size) < 0)
-	        return ErrCode();
-        } else
-            env->me_size = dbfile_cur_size;
-
-	env->me_map = mmap(addr, env->me_mapsize, prot, MAP_SHARED, env->me_fd, 0);
+	int prot = PROT_READ;
+	if (flags & MDB_WRITEMAP) {
+		prot |= PROT_WRITE;
+		if (ftruncate(env->me_fd, env->me_mapsize) < 0)
+			return ErrCode();
+	}
+	env->me_map = mmap(addr, env->me_mapsize, prot, MAP_SHARED,
+		env->me_fd, 0);
 	if (env->me_map == MAP_FAILED) {
 		env->me_map = NULL;
 		return ErrCode();
 	}
 
-        DPRINTF(("DB current size %.2f MB, configured max size %.2f MB\n",
-               (float)(env->me_size/(1024*1024)), (float)(env->me_mapsize/(1024*1024))));
 	if (flags & MDB_NORDAHEAD) {
 		/* Turn off readahead. It's harmful when the DB is larger than RAM. */
 #ifdef MADV_RANDOM
@@ -3076,6 +3668,16 @@ mdb_env_set_maxreaders(MDB_env *env, unsigned int readers)
 	return MDB_SUCCESS;
 }
 
+int
+mdb_env_set_chkpt_interval(MDB_env *env, int interval)
+{
+    if (env == NULL)
+       return EINVAL;
+
+    env->me_walstate.chkpt_interval = interval;
+    return MDB_SUCCESS;
+}
+
 int
 mdb_env_get_maxreaders(MDB_env *env, unsigned int *readers)
 {
@@ -3160,13 +3762,13 @@ mdb_env_open2(MDB_env *env)
 
 		DPRINTF(("opened database version %u, pagesize %u",
 			env->me_metas[0]->mm_version, env->me_psize));
-		DPRINTF(("using meta page %d",toggle));
-		DPRINTF(("depth: %u",         db->md_depth));
-		DPRINTF(("entries: %"Z"u",    db->md_entries));
+		DPRINTF(("using meta page %d",    toggle));
+		DPRINTF(("depth: %u",             db->md_depth));
+		DPRINTF(("entries: %"Z"u",        db->md_entries));
 		DPRINTF(("branch pages: %"Z"u",   db->md_branch_pages));
-		DPRINTF(("leaf pages: %"Z"u", db->md_leaf_pages));
+		DPRINTF(("leaf pages: %"Z"u",     db->md_leaf_pages));
 		DPRINTF(("overflow pages: %"Z"u", db->md_overflow_pages));
-		DPRINTF(("root: %"Z"u",       db->md_root));
+		DPRINTF(("root: %"Z"u",           db->md_root));
 	}
 #endif
 
@@ -3326,6 +3928,7 @@ mdb_env_excl_lock(MDB_env *env, int *excl)
 #endif
 	return rc;
 }
+
 #ifdef MDB_USE_HASH
 /*
  * hash_64 - 64 bit Fowler/Noll/Vo-0 FNV-1a hash code
@@ -3587,7 +4190,7 @@ mdb_env_setup_locks(MDB_env *env, char *lpath, int mode, int *excl)
 			O_CREAT|O_EXCL, mode, 1);
 		if (env->me_wmutex == SEM_FAILED) goto fail_errno;
 #else	/* MDB_USE_POSIX_SEM */
-    /* for Linux and (_WIN32 + HAVE_PTHREADS_WIN32) scenario */
+        /* for Linux and (_WIN32 + HAVE_PTHREADS_WIN32) scenario */
 		pthread_mutexattr_t mattr;
 
 		if ((rc = pthread_mutexattr_init(&mattr))
@@ -3650,8 +4253,8 @@ mdb_env_setup_locks(MDB_env *env, char *lpath, int mode, int *excl)
 	 *	environment and re-opening it with the new flags.
 	 */
 #define	CHANGEABLE	(MDB_NOSYNC|MDB_NOMETASYNC|MDB_MAPASYNC|MDB_NOMEMINIT|MDB_KEEPXLOGS)
-#define	CHANGELESS	(MDB_FIXEDMAP|MDB_NOSUBDIR|MDB_RDONLY| \
-	MDB_NOTLS|MDB_NOLOCK|MDB_NORDAHEAD)
+#define	CHANGELESS	(MDB_FIXEDMAP|MDB_NOSUBDIR|MDB_RDONLY|MDB_WRITEMAP| \
+	MDB_NOTLS|MDB_NOLOCK|MDB_NORDAHEAD|MDB_WAL)
 
 #if VALID_FLAGS & PERSISTENT_FLAGS & (CHANGEABLE|CHANGELESS)
 # error "Persistent DB flags & env flags overlap, but both go in mm_flags"
@@ -3660,12 +4263,17 @@ mdb_env_setup_locks(MDB_env *env, char *lpath, int mode, int *excl)
 int
 mdb_env_open(MDB_env *env, const char *path, unsigned int flags, mdb_mode_t mode)
 {
-	int oflags, rc, len, excl = -1;
+	int		oflags, rc, len, excl = -1;
 	char *lpath, *dpath;
 
-	if (env->me_fd!=INVALID_HANDLE_VALUE || (flags & ~(CHANGEABLE|CHANGELESS)))
+	if (env->me_fd!=INVALID_HANDLE_VALUE || (flags & ~(CHANGEABLE|CHANGELESS)) ||
+            ((flags & MDB_WAL) && (flags & MDB_WRITEMAP)))
 		return EINVAL;
-
+#ifdef _WIN32
+       //WAL feature is currently not supported on Windows
+       if (flags & MDB_WAL)
+           return EINVAL;
+#endif
 	len = (int) strlen(path);
 	if (flags & MDB_NOSUBDIR) {
 		rc = len + sizeof(LOCKSUFF) + len + 1;
@@ -3687,7 +4295,10 @@ mdb_env_open(MDB_env *env, const char *path, unsigned int flags, mdb_mode_t mode
 
 	rc = MDB_SUCCESS;
 	flags |= env->me_flags;
-	if (!(flags & MDB_RDONLY)) {
+	if (flags & MDB_RDONLY) {
+		/* silently ignore WRITEMAP when we're only getting read access */
+		flags &= ~MDB_WRITEMAP;
+	} else {
 		if (!((env->me_free_pgs = mdb_midl_alloc(MDB_IDL_UM_MAX)) &&
 			  (env->me_dirty_list = calloc(MDB_IDL_UM_SIZE, sizeof(MDB_ID2)))))
 			rc = ENOMEM;
@@ -3742,6 +4353,26 @@ mdb_env_open(MDB_env *env, const char *path, unsigned int flags, mdb_mode_t mode
 	}
 
 	if ((rc = mdb_env_open2(env)) == MDB_SUCCESS) {
+		if (flags & (MDB_RDONLY|MDB_WRITEMAP)) {
+			env->me_mfd = env->me_fd;
+		} else {
+			/* Synchronous fd for meta writes. Needed even with
+			 * MDB_NOSYNC/MDB_NOMETASYNC, in case these get reset.
+			 */
+#ifdef _WIN32
+			len = OPEN_EXISTING;
+			env->me_mfd = CreateFile(dpath, oflags,
+				FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, len,
+				mode | FILE_FLAG_WRITE_THROUGH, NULL);
+#else
+			oflags &= ~O_CREAT;
+			env->me_mfd = open(dpath, oflags | MDB_DSYNC, mode);
+#endif
+			if (env->me_mfd == INVALID_HANDLE_VALUE) {
+				rc = ErrCode();
+				goto leave;
+			}
+		}
 		DPRINTF(("opened dbenv %p", (void *) env));
 		if (excl > 0) {
 			rc = mdb_env_share_locks(env, &excl);
@@ -3751,22 +4382,25 @@ mdb_env_open(MDB_env *env, const char *path, unsigned int flags, mdb_mode_t mode
 		if (!((flags & MDB_RDONLY) ||
 			  (env->me_pbuf = calloc(1, env->me_psize))))
 			rc = ENOMEM;
-	} else
-	goto leave;
+	}
+        if (env->me_flags & MDB_WAL)
+        {
+            if ((rc=mdb_rollxlogs(env, 0)) != MDB_SUCCESS)
+            {
+                 goto done;
+            }
 
-    if ((rc=mdb_rollxlogs(env, 0)) != MDB_SUCCESS)
-    {
-         goto done;
-    }
-    if ((rc=mdb_wal_init(env) != MDB_SUCCESS))
-    {
-	  goto leave;
-    }
+            if ((rc=mdb_wal_init(env) != MDB_SUCCESS))
+            {
+                goto leave;
+            }
+        }
 
 leave:
 	if (rc) {
 		mdb_env_close0(env, excl);
 	}
+
 done:
 	free(lpath);
 	return rc;
@@ -3781,33 +4415,41 @@ mdb_env_close0(MDB_env *env, int excl)
 	if (!(env->me_flags & MDB_ENV_ACTIVE))
 		return;
 
-	env->me_flags &= ~MDB_ENV_ACTIVE;
-	pthread_cond_signal(&env->me_walstate.chkpt_waitcond);
-        if (env->me_walstate.chkpt_thread_active)
-             pthread_join(env->me_walstate.chkpt_thread, NULL);
+        if (env->me_flags & MDB_WAL)
+        {
+            env->me_flags &= ~MDB_ENV_ACTIVE;
+            pthread_cond_signal(&env->me_walstate.chkpt_waitcond);
+            if (env->me_walstate.chkpt_thread_active)
+                 pthread_join(env->me_walstate.chkpt_thread, NULL);
 
-	if (env->me_walstate.xlog_fd != INVALID_HANDLE_VALUE)
-	{
-	    close(env->me_walstate.xlog_fd);
-	    env->me_walstate.xlog_fd = INVALID_HANDLE_VALUE;
-	}
+            if (env->me_walstate.xlog_fd != INVALID_HANDLE_VALUE)
+            {
+                close(env->me_walstate.xlog_fd);
+                env->me_walstate.xlog_fd = INVALID_HANDLE_VALUE;
+            }
 
-	if (mdb_env_sync(env, 1) == 0 &&
-            !(env->me_flags & MDB_KEEPXLOGS) &&
-            !(env->me_flags & MDB_FATAL_ERROR))
-        {
-	    //Don't purge WAL files if sync mdb or WAL write failed
-	    //thus when env reopened, rollfoward will be performed.
-	    mdb_rollxlogs(env, 1);
+            if (!(env->me_flags & MDB_FATAL_ERROR) &&
+                mdb_env_sync(env, 1) == 0 &&
+                !(env->me_flags & MDB_KEEPXLOGS))
+            {
+                /* Don't purge WAL files and sync database if a fatal error condition exists,
+                 * and go through WAL recovery procedure when server restarts.
+                 * Don't purge WAL files if sync database failed, and go through WAL
+                 * recovery procedure when server restarts.
+                 */
+                mdb_rollxlogs(env, 1);
+            }
         }
 
 	/* Doing this here since me_dbxs may not exist during mdb_env_close */
 	for (i = env->me_maxdbs; --i > MAIN_DBI; )
 		free(env->me_dbxs[i].md_name.mv_data);
 
-        pthread_mutex_destroy(&env->me_walstate.chkpt_waitmutex);
-        pthread_cond_destroy(&env->me_walstate.chkpt_waitcond);
-        free(env->me_walstate.walbuf_real_p);
+        if (env->me_flags & MDB_WAL)
+        {
+            pthread_mutex_destroy(&env->me_walstate.chkpt_waitmutex);
+            pthread_cond_destroy(&env->me_walstate.chkpt_waitcond);
+        }
 	free(env->me_pbuf);
 	free(env->me_dbflags);
 	free(env->me_dbxs);
@@ -3831,6 +4473,8 @@ mdb_env_close0(MDB_env *env, int excl)
 	if (env->me_map) {
 		munmap(env->me_map, env->me_mapsize);
 	}
+	if (env->me_mfd != env->me_fd && env->me_mfd != INVALID_HANDLE_VALUE)
+		(void) close(env->me_mfd);
 	if (env->me_fd != INVALID_HANDLE_VALUE)
 		(void) close(env->me_fd);
 	if (env->me_txns) {
@@ -3888,7 +4532,7 @@ mdb_env_copyfd(MDB_env *env, HANDLE fd)
 	MDB_txn *txn = NULL;
 	int rc;
 	char *ptr;
-size_t wsize, w2, len;
+    size_t wsize, w2, len;
 #ifdef _WIN32
 #define DO_WRITE(rc, fd, ptr, w2, len)	rc = WriteFile(fd, ptr, (DWORD) w2, (DWORD*)&len, NULL)
 #else
@@ -4148,8 +4792,8 @@ mdb_node_search(MDB_cursor *mc, MDB_val *key, int *exactp)
 	nkeys = NUMKEYS(mp);
 
 	DPRINTF(("searching %u keys in %s %spage %"Z"u",
-	nkeys, IS_LEAF(mp) ? "leaf" : "branch", IS_SUBP(mp) ? "sub-" : "",
-	mdb_dbg_pgno(mp)));
+	    nkeys, IS_LEAF(mp) ? "leaf" : "branch", IS_SUBP(mp) ? "sub-" : "",
+	    mdb_dbg_pgno(mp)));
 
 	low = IS_LEAF(mp) ? 0 : 1;
 	high = nkeys - 1;
@@ -4173,7 +4817,7 @@ mdb_node_search(MDB_cursor *mc, MDB_val *key, int *exactp)
 			nodekey.mv_data = LEAF2KEY(mp, i, nodekey.mv_size);
 			rc = cmp(key, &nodekey);
 			DPRINTF(("found leaf index %u [%s], rc = %i",
-			i, DKEY(&nodekey), rc));
+			    i, DKEY(&nodekey), rc));
 			if (rc == 0)
 				break;
 			if (rc > 0)
@@ -4193,10 +4837,10 @@ mdb_node_search(MDB_cursor *mc, MDB_val *key, int *exactp)
 #if MDB_DEBUG
 			if (IS_LEAF(mp))
 				DPRINTF(("found leaf index %u [%s], rc = %i",
-				i, DKEY(&nodekey), rc));
+				    i, DKEY(&nodekey), rc));
 			else
 				DPRINTF(("found branch index %u [%s -> %"Z"u], rc = %i",
-				i, DKEY(&nodekey), NODEPGNO(node), rc));
+				    i, DKEY(&nodekey), NODEPGNO(node), rc));
 #endif
 			if (rc == 0)
 				break;
@@ -4288,6 +4932,36 @@ mdb_page_get(MDB_txn *txn, pgno_t pgno, MDB_page **ret, int *lvl)
 	MDB_page *p = NULL;
 	int level;
 
+	if (!((txn->mt_flags & MDB_TXN_RDONLY) | (env->me_flags & MDB_WRITEMAP))) {
+		MDB_txn *tx2 = txn;
+		level = 1;
+		do {
+			MDB_ID2L dl = tx2->mt_u.dirty_list;
+			unsigned x;
+			/* Spilled pages were dirtied in this txn and flushed
+			 * because the dirty list got full. Bring this page
+			 * back in from the map (but don't unspill it here,
+			 * leave that unless page_touch happens again).
+			 */
+			if (tx2->mt_spill_pgs) {
+				MDB_ID pn = pgno << 1;
+				x = mdb_midl_search(tx2->mt_spill_pgs, pn);
+				if (x <= tx2->mt_spill_pgs[0] && tx2->mt_spill_pgs[x] == pn) {
+					p = (MDB_page *)(env->me_map + env->me_psize * pgno);
+					goto done;
+				}
+			}
+			if (dl[0].mid) {
+				unsigned x = mdb_mid2l_search(dl, pgno);
+				if (x <= dl[0].mid && dl[x].mid == pgno) {
+					p = dl[x].mptr;
+					goto done;
+				}
+			}
+			level++;
+		} while ((tx2 = tx2->mt_parent) != NULL);
+	}
+
 	if (pgno < txn->mt_next_pgno) {
 		level = 0;
 		p = (MDB_page *)(env->me_map + env->me_psize * pgno);
@@ -4297,6 +4971,7 @@ mdb_page_get(MDB_txn *txn, pgno_t pgno, MDB_page **ret, int *lvl)
 		return MDB_PAGE_NOTFOUND;
 	}
 
+done:
 	*ret = p;
 	if (lvl)
 		*lvl = level;
@@ -4359,13 +5034,13 @@ mdb_page_search_root(MDB_cursor *mc, MDB_val *key, int flags)
 
 	if (!IS_LEAF(mp)) {
 		DPRINTF(("internal error, index points to a %02X page!?",
-		mp->mp_flags));
+		    mp->mp_flags));
 		mc->mc_txn->mt_flags |= MDB_TXN_ERROR;
 		return MDB_CORRUPTED;
 	}
 
 	DPRINTF(("found leaf page %"Z"u for key [%s]", mp->mp_pgno,
-	key ? DKEY(key) : "null"));
+	    key ? DKEY(key) : "null"));
 	mc->mc_flags |= C_INITIALIZED;
 	mc->mc_flags &= ~C_EOF;
 
@@ -4484,17 +5159,23 @@ mdb_ovpage_free(MDB_cursor *mc, MDB_page *mp)
 	pgno_t pg = mp->mp_pgno;
 	unsigned x = 0, ovpages = mp->mp_pages;
 	MDB_env *env = txn->mt_env;
+	MDB_IDL sl = txn->mt_spill_pgs;
+	MDB_ID pn = pg << 1;
 	int rc;
 
 	DPRINTF(("free ov page %"Z"u (%d)", pg, ovpages));
-	/* If the page is dirty, we should give it back to our current free list, if any.
+	/* If the page is dirty or on the spill list we just acquired it,
+	 * so we should give it back to our current free list, if any.
 	 * Otherwise put it onto the list of pages we freed in this txn.
 	 *
 	 * Won't create me_pghead: me_pglast must be inited along with it.
 	 * Unsupported in nested txns: They would need to hide the page
-	 * range in ancestor txns' dirty.
+	 * range in ancestor txns' dirty and spilled lists.
 	 */
-	if (env->me_pghead && !txn->mt_parent && (mp->mp_flags & P_DIRTY))
+	if (env->me_pghead &&
+		!txn->mt_parent &&
+		((mp->mp_flags & P_DIRTY) ||
+		 (sl && (x = mdb_midl_search(sl, pn)) <= sl[0] && sl[x] == pn)))
 	{
 		unsigned i, j;
 		pgno_t *mop;
@@ -4503,6 +5184,11 @@ mdb_ovpage_free(MDB_cursor *mc, MDB_page *mp)
 		if (rc)
 			return rc;
 		if (!(mp->mp_flags & P_DIRTY)) {
+			/* This page is no longer spilled */
+			if (x == sl[0])
+				sl[0]--;
+			else
+				sl[x] |= 1;
 			goto release;
 		}
 		/* Remove from dirty list */
@@ -4521,6 +5207,8 @@ mdb_ovpage_free(MDB_cursor *mc, MDB_page *mp)
 				return MDB_CORRUPTED;
 			}
 		}
+		if (!(env->me_flags & MDB_WRITEMAP))
+			mdb_dpage_free(env, mp);
 release:
 		/* Insert in me_pghead */
 		mop = env->me_pghead;
@@ -4573,7 +5261,7 @@ mdb_node_read(MDB_txn *txn, MDB_node *leaf, MDB_val *data)
 
 int
 mdb_get(MDB_txn *txn, MDB_dbi dbi,
-MDB_val *key, MDB_val *data)
+    MDB_val *key, MDB_val *data)
 {
 	MDB_cursor	mc;
 	MDB_xcursor	mx;
@@ -4619,9 +5307,9 @@ mdb_cursor_sibling(MDB_cursor *mc, int move_right)
 		mc->mc_pg[mc->mc_top]->mp_pgno, mc->mc_ki[mc->mc_top]));
 
 	if (move_right ? (mc->mc_ki[mc->mc_top] + 1u >= NUMKEYS(mc->mc_pg[mc->mc_top]))
-		   : (mc->mc_ki[mc->mc_top] == 0)) {
+		       : (mc->mc_ki[mc->mc_top] == 0)) {
 		DPRINTF(("no more keys left, moving to %s sibling",
-		move_right ? "right" : "left"));
+		    move_right ? "right" : "left"));
 		if ((rc = mdb_cursor_sibling(mc, move_right)) != MDB_SUCCESS) {
 			/* undo cursor_pop before returning */
 			mc->mc_top++;
@@ -4634,7 +5322,7 @@ mdb_cursor_sibling(MDB_cursor *mc, int move_right)
 		else
 			mc->mc_ki[mc->mc_top]--;
 		DPRINTF(("just moving to %s index key %u",
-		move_right ? "right" : "left", mc->mc_ki[mc->mc_top]));
+		    move_right ? "right" : "left", mc->mc_ki[mc->mc_top]));
 	}
 	mdb_cassert(mc, IS_BRANCH(mc->mc_pg[mc->mc_top]));
 
@@ -4704,7 +5392,7 @@ mdb_cursor_next(MDB_cursor *mc, MDB_val *key, MDB_val *data, MDB_cursor_op op)
 
 skip:
 	DPRINTF(("==> cursor points to page %"Z"u with %u keys, key index %u",
-	mdb_dbg_pgno(mp), NUMKEYS(mp), mc->mc_ki[mc->mc_top]));
+	    mdb_dbg_pgno(mp), NUMKEYS(mp), mc->mc_ki[mc->mc_top]));
 
 	if (IS_LEAF2(mp)) {
 		key->mv_size = mc->mc_db->md_pad;
@@ -4780,7 +5468,7 @@ mdb_cursor_prev(MDB_cursor *mc, MDB_val *key, MDB_val *data, MDB_cursor_op op)
 	mc->mc_flags &= ~C_EOF;
 
 	DPRINTF(("==> cursor points to page %"Z"u with %u keys, key index %u",
-	mdb_dbg_pgno(mp), NUMKEYS(mp), mc->mc_ki[mc->mc_top]));
+	    mdb_dbg_pgno(mp), NUMKEYS(mp), mc->mc_ki[mc->mc_top]));
 
 	if (IS_LEAF2(mp)) {
 		key->mv_size = mc->mc_db->md_pad;
@@ -4812,7 +5500,7 @@ mdb_cursor_prev(MDB_cursor *mc, MDB_val *key, MDB_val *data, MDB_cursor_op op)
 /** Set the cursor on a specific data item. */
 static int
 mdb_cursor_set(MDB_cursor *mc, MDB_val *key, MDB_val *data,
-MDB_cursor_op op, int *exactp)
+    MDB_cursor_op op, int *exactp)
 {
 	int		 rc;
 	MDB_page	*mp;
@@ -5088,7 +5776,7 @@ mdb_cursor_last(MDB_cursor *mc, MDB_val *key, MDB_val *data)
 
 int
 mdb_cursor_get(MDB_cursor *mc, MDB_val *key, MDB_val *data,
-MDB_cursor_op op)
+    MDB_cursor_op op)
 {
 	int		 rc;
 	int		 exact = 0;
@@ -5279,9 +5967,12 @@ mdb_cursor_touch(MDB_cursor *mc)
 	return rc;
 }
 
+/** Do not spill pages to disk if txn is getting full, may fail instead */
+#define MDB_NOSPILL	0x8000
+
 int
 mdb_cursor_put(MDB_cursor *mc, MDB_val *key, MDB_val *data,
-unsigned int flags)
+    unsigned int flags)
 {
 	enum { MDB_NO_ROOT = MDB_LAST_ERRCODE+10 }; /* internal code */
 	MDB_env		*env;
@@ -5291,7 +5982,7 @@ unsigned int flags)
 	MDB_val		xdata, *rdata, dkey, olddata;
 	MDB_db dummy;
 	int do_sub = 0, insert;
-	unsigned int mcount = 0, dcount = 0;
+	unsigned int mcount = 0, dcount = 0, nospill;
 	size_t nsize;
 	int rc, rc2;
 	unsigned int nflags;
@@ -5312,6 +6003,9 @@ unsigned int flags)
 			return MDB_INCOMPATIBLE;
 	}
 
+	nospill = flags & MDB_NOSPILL;
+	flags &= ~MDB_NOSPILL;
+
 	if (mc->mc_txn->mt_flags & (MDB_TXN_RDONLY|MDB_TXN_ERROR))
 		return (mc->mc_txn->mt_flags & MDB_TXN_RDONLY) ? EACCES : MDB_BAD_TXN;
 
@@ -5372,7 +6066,17 @@ unsigned int flags)
 	if (mc->mc_flags & C_DEL)
 		mc->mc_flags ^= C_DEL;
 
-	/* Cursor is positioned */
+	/* Cursor is positioned, check for room in the dirty list */
+	if (!nospill) {
+		if (flags & MDB_MULTIPLE) {
+			rdata = &xdata;
+			xdata.mv_size = data->mv_size * dcount;
+		} else {
+			rdata = data;
+		}
+		if ((rc2 = mdb_page_spill(mc, key, rdata)))
+			return rc2;
+	}
 
 	if (rc == MDB_NO_ROOT) {
 		MDB_page *np;
@@ -5577,11 +6281,13 @@ unsigned int flags)
 
 			/* Is the ov page large enough? */
 			if (ovpages >= dpages) {
-			  if (!(omp->mp_flags & P_DIRTY))
+			  if (!(omp->mp_flags & P_DIRTY) &&
+				  (level || (env->me_flags & MDB_WRITEMAP)))
 			  {
-				omp->mp_flags |= P_DIRTY;
+				rc = mdb_page_unspill(mc->mc_txn, omp, &omp);
+				if (rc)
+					return rc;
 				level = 0;		/* dirty in this txn or clean */
-                                mdb_page_dirty(mc->mc_txn, omp);
 			  }
 			  /* Is it dirty? */
 			  if (omp->mp_flags & P_DIRTY) {
@@ -5591,10 +6297,6 @@ unsigned int flags)
 				 */
 				if (level > 1) {
 					/* It is writable only in a parent txn */
-                                        /*
-                                         * With WAL, level is set to 0 by mdb_page_get(),
-                                         * so the flow will not reach here
-                                         */
 					size_t sz = (size_t) env->me_psize * ovpages, off;
 					MDB_page *np = mdb_page_malloc(mc->mc_txn, ovpages);
 					MDB_ID2 id2;
@@ -5692,10 +6394,11 @@ unsigned int flags)
 			xdata.mv_data = "";
 			leaf = NODEPTR(mc->mc_pg[mc->mc_top], mc->mc_ki[mc->mc_top]);
 			if (flags & MDB_CURRENT) {
-				xflags = MDB_CURRENT;
+				xflags = MDB_CURRENT|MDB_NOSPILL;
 			} else {
 				mdb_xcursor_init1(mc, leaf);
-				xflags = (flags & MDB_NODUPDATA) ?  MDB_NOOVERWRITE : 0;
+				xflags = (flags & MDB_NODUPDATA) ?
+					MDB_NOOVERWRITE|MDB_NOSPILL : MDB_NOSPILL;
 			}
 			/* converted, write the original data first */
 			if (dkey.mv_size) {
@@ -5770,6 +6473,9 @@ mdb_cursor_del(MDB_cursor *mc, unsigned int flags)
 	if (mc->mc_ki[mc->mc_top] >= NUMKEYS(mc->mc_pg[mc->mc_top]))
 		return MDB_NOTFOUND;
 
+	if (!(flags & MDB_NOSPILL) && (rc = mdb_page_spill(mc, NULL, NULL)))
+		return rc;
+
 	rc = mdb_cursor_touch(mc);
 	if (rc)
 		return rc;
@@ -5782,7 +6488,7 @@ mdb_cursor_del(MDB_cursor *mc, unsigned int flags)
 			if (!F_ISSET(leaf->mn_flags, F_SUBDATA)) {
 				mc->mc_xcursor->mx_cursor.mc_pg[0] = NODEDATA(leaf);
 			}
-			rc = mdb_cursor_del(&mc->mc_xcursor->mx_cursor, 0);
+			rc = mdb_cursor_del(&mc->mc_xcursor->mx_cursor, MDB_NOSPILL);
 			/* If sub-DB still has entries, we're done */
 			if (mc->mc_xcursor->mx_db.md_entries) {
 				if (leaf->mn_flags & F_SUBDATA) {
@@ -5840,7 +6546,7 @@ mdb_page_new(MDB_cursor *mc, uint32_t flags, int num, MDB_page **mp)
 	if ((rc = mdb_page_alloc(mc, num, &np)))
 		return rc;
 	DPRINTF(("allocated new mpage %"Z"u, page size %u",
-	np->mp_pgno, mc->mc_txn->mt_env->me_psize));
+	    np->mp_pgno, mc->mc_txn->mt_env->me_psize));
 	np->mp_flags = flags | P_DIRTY;
 	np->mp_lower = PAGEHDRSZ;
 	np->mp_upper = mc->mc_txn->mt_env->me_psize;
@@ -5925,7 +6631,7 @@ mdb_branch_size(MDB_env *env, MDB_val *key)
  */
 static int
 mdb_node_add(MDB_cursor *mc, indx_t indx,
-MDB_val *key, MDB_val *data, pgno_t pgno, unsigned int flags)
+    MDB_val *key, MDB_val *data, pgno_t pgno, unsigned int flags)
 {
 	unsigned int	 i;
 	size_t		 node_size = NODESIZE;
@@ -5939,7 +6645,7 @@ MDB_val *key, MDB_val *data, pgno_t pgno, unsigned int flags)
 	mdb_cassert(mc, mp->mp_upper >= mp->mp_lower);
 
 	DPRINTF(("add to %s %spage %"Z"u index %i, data size %"Z"u key size %"Z"u [%s]",
-	IS_LEAF(mp) ? "leaf" : "branch",
+	    IS_LEAF(mp) ? "leaf" : "branch",
 		IS_SUBP(mp) ? "sub-" : "",
 		mdb_dbg_pgno(mp), indx, data ? data->mv_size : 0,
 		key ? key->mv_size : 0, key ? DKEY(key) : "null"));
@@ -5973,7 +6679,7 @@ MDB_val *key, MDB_val *data, pgno_t pgno, unsigned int flags)
 			int rc;
 			/* Put data on overflow page. */
 			DPRINTF(("data size is %"Z"u, node would be %"Z"u, put data on overflow page",
-			data->mv_size, node_size+data->mv_size));
+			    data->mv_size, node_size+data->mv_size));
 			node_size = EVEN(node_size + sizeof(pgno_t));
 			if ((ssize_t)node_size > room)
 				goto full;
@@ -6019,15 +6725,15 @@ MDB_val *key, MDB_val *data, pgno_t pgno, unsigned int flags)
 		if (ofp == NULL) {
 			if (F_ISSET(flags, F_BIGDATA))
 				memcpy(node->mn_data + key->mv_size, data->mv_data,
-				sizeof(pgno_t));
+				    sizeof(pgno_t));
 			else if (F_ISSET(flags, MDB_RESERVE))
 				data->mv_data = node->mn_data + key->mv_size;
 			else
 				memcpy(node->mn_data + key->mv_size, data->mv_data,
-				data->mv_size);
+				    data->mv_size);
 		} else {
 			memcpy(node->mn_data + key->mv_size, &ofp->mp_pgno,
-			sizeof(pgno_t));
+			    sizeof(pgno_t));
 			if (F_ISSET(flags, MDB_RESERVE))
 				data->mv_data = METADATA(ofp);
 			else
@@ -6063,7 +6769,7 @@ mdb_node_del(MDB_cursor *mc, int ksize)
 	char		*base;
 
 	DPRINTF(("delete node %u on %s page %"Z"u", indx,
-	IS_LEAF(mp) ? "leaf" : "branch", mdb_dbg_pgno(mp)));
+	    IS_LEAF(mp) ? "leaf" : "branch", mdb_dbg_pgno(mp)));
 	numkeys = NUMKEYS(mp);
 	mdb_cassert(mc, indx < numkeys);
 
@@ -6458,7 +7164,7 @@ mdb_node_move(MDB_cursor *csrc, MDB_cursor *cdst)
 
 	/* Mark src and dst as dirty. */
 	if ((rc = mdb_page_touch(csrc)) ||
-	(rc = mdb_page_touch(cdst)))
+	    (rc = mdb_page_touch(cdst)))
 		return rc;
 
 	if (IS_LEAF2(csrc->mc_pg[csrc->mc_top])) {
@@ -6519,11 +7225,11 @@ mdb_node_move(MDB_cursor *csrc, MDB_cursor *cdst)
 	}
 
 	DPRINTF(("moving %s node %u [%s] on page %"Z"u to node %u on page %"Z"u",
-	IS_LEAF(csrc->mc_pg[csrc->mc_top]) ? "leaf" : "branch",
-	csrc->mc_ki[csrc->mc_top],
+	    IS_LEAF(csrc->mc_pg[csrc->mc_top]) ? "leaf" : "branch",
+	    csrc->mc_ki[csrc->mc_top],
 		DKEY(&key),
-	csrc->mc_pg[csrc->mc_top]->mp_pgno,
-	cdst->mc_ki[cdst->mc_top], cdst->mc_pg[cdst->mc_top]->mp_pgno));
+	    csrc->mc_pg[csrc->mc_top]->mp_pgno,
+	    cdst->mc_ki[cdst->mc_top], cdst->mc_pg[cdst->mc_top]->mp_pgno));
 
 	/* Add the node to the destination page.
 	 */
@@ -6686,7 +7392,7 @@ mdb_page_merge(MDB_cursor *csrc, MDB_cursor *cdst)
 	}
 
 	DPRINTF(("dst page %"Z"u now has %u keys (%.1f%% filled)",
-	cdst->mc_pg[cdst->mc_top]->mp_pgno, NUMKEYS(cdst->mc_pg[cdst->mc_top]),
+	    cdst->mc_pg[cdst->mc_top]->mp_pgno, NUMKEYS(cdst->mc_pg[cdst->mc_top]),
 		(float)PAGEFILL(cdst->mc_txn->mt_env, cdst->mc_pg[cdst->mc_top]) / 10));
 
 	/* Unlink the src page from parent and add to free list.
@@ -6773,14 +7479,14 @@ mdb_rebalance(MDB_cursor *mc)
 
 	minkeys = 1 + (IS_BRANCH(mc->mc_pg[mc->mc_top]));
 	DPRINTF(("rebalancing %s page %"Z"u (has %u keys, %.1f%% full)",
-	IS_LEAF(mc->mc_pg[mc->mc_top]) ? "leaf" : "branch",
-	mdb_dbg_pgno(mc->mc_pg[mc->mc_top]), NUMKEYS(mc->mc_pg[mc->mc_top]),
+	    IS_LEAF(mc->mc_pg[mc->mc_top]) ? "leaf" : "branch",
+	    mdb_dbg_pgno(mc->mc_pg[mc->mc_top]), NUMKEYS(mc->mc_pg[mc->mc_top]),
 		(float)PAGEFILL(mc->mc_txn->mt_env, mc->mc_pg[mc->mc_top]) / 10));
 
 	if (PAGEFILL(mc->mc_txn->mt_env, mc->mc_pg[mc->mc_top]) >= FILL_THRESHOLD &&
 		NUMKEYS(mc->mc_pg[mc->mc_top]) >= minkeys) {
 		DPRINTF(("no need to rebalance page %"Z"u, above fill threshold",
-		mdb_dbg_pgno(mc->mc_pg[mc->mc_top])));
+		    mdb_dbg_pgno(mc->mc_pg[mc->mc_top])));
 		return MDB_SUCCESS;
 	}
 
@@ -6899,7 +7605,7 @@ mdb_rebalance(MDB_cursor *mc)
 	}
 
 	DPRINTF(("found neighbor page %"Z"u (%u keys, %.1f%% full)",
-	mn.mc_pg[mn.mc_top]->mp_pgno, NUMKEYS(mn.mc_pg[mn.mc_top]),
+	    mn.mc_pg[mn.mc_top]->mp_pgno, NUMKEYS(mn.mc_pg[mn.mc_top]),
 		(float)PAGEFILL(mc->mc_txn->mt_env, mn.mc_pg[mn.mc_top]) / 10));
 
 	/* If the neighbor page is above threshold and has enough keys,
@@ -6985,7 +7691,7 @@ mdb_cursor_del0(MDB_cursor *mc, MDB_node *leaf)
 
 int
 mdb_del(MDB_txn *txn, MDB_dbi dbi,
-MDB_val *key, MDB_val *data)
+    MDB_val *key, MDB_val *data)
 {
 	MDB_cursor mc;
 	MDB_xcursor mx;
@@ -7072,8 +7778,8 @@ mdb_page_split(MDB_cursor *mc, MDB_val *newkey, MDB_val *newdata, pgno_t newpgno
 	nkeys = NUMKEYS(mp);
 
 	DPRINTF(("-----> splitting %s page %"Z"u and adding [%s] at index %i/%i",
-	IS_LEAF(mp) ? "leaf" : "branch", mp->mp_pgno,
-	DKEY(newkey), mc->mc_ki[mc->mc_top], nkeys));
+	    IS_LEAF(mp) ? "leaf" : "branch", mp->mp_pgno,
+	    DKEY(newkey), mc->mc_ki[mc->mc_top], nkeys));
 
 	/* Create a right sibling. */
 	if ((rc = mdb_page_new(mc, mp->mp_flags, 1, &rp)))
@@ -7272,7 +7978,7 @@ mdb_page_split(MDB_cursor *mc, MDB_val *newkey, MDB_val *newdata, pgno_t newpgno
 		 * Check if left page also changed parent.
 		 */
 		if (mn.mc_pg[ptop] != mc->mc_pg[ptop] &&
-		mc->mc_ki[ptop] >= NUMKEYS(mc->mc_pg[ptop])) {
+		    mc->mc_ki[ptop] >= NUMKEYS(mc->mc_pg[ptop])) {
 			for (i=0; i<ptop; i++) {
 				mc->mc_pg[i] = mn.mc_pg[i];
 				mc->mc_ki[i] = mn.mc_ki[i];
@@ -7435,7 +8141,7 @@ mdb_page_split(MDB_cursor *mc, MDB_val *newkey, MDB_val *newdata, pgno_t newpgno
 
 int
 mdb_put(MDB_txn *txn, MDB_dbi dbi,
-MDB_val *key, MDB_val *data, unsigned int flags)
+    MDB_val *key, MDB_val *data, unsigned int flags)
 {
 	MDB_cursor mc;
 	MDB_xcursor mx;
@@ -7930,7 +8636,7 @@ int mdb_reader_list(MDB_env *env, MDB_msg_func *func, void *ctx)
 #endif
 			if (first) {
 				first = 0;
-				rc = func("pid     thread     txnid\n", ctx);
+				rc = func("    pid     thread     txnid\n", ctx);
 				if (rc < 0)
 					break;
 			}
@@ -8061,27 +8767,22 @@ int commit_xlog_txn(MDB_env *env, MDB_ID2L xlog_pgs, int start, int end)
         p = xlog_pgs[i].mptr;
         if (IS_OVERFLOW(p))
         {
-            if(extend_map(env, p->mp_pgno, p->mp_pages)!=0)
-                return ENOMEM;
             for (j=0; j < (int)p->mp_pages; j++) {
                 unsigned long d_offset = (unsigned long)(((p->mp_pgno +j ) * env->me_psize));
                 char *s_pos = xlog_pgs[i+j].mptr;
-                memcpy(env->me_map + d_offset, s_pos, env->me_psize);
+                pwrite(env->me_fd, s_pos, env->me_psize, d_offset);
             }
             i += p->mp_pages;
         } else if (F_ISSET(p->mp_flags, P_META))
         {
             mbufp = (MDB_metabuf *)p;
             m = &mbufp->mb_metabuf.mm_meta;
-            memcpy((env->me_map + (p->mp_pgno * env->me_psize)), p, env->me_psize);
-            if (m->mm_txnid > env->me_txns->mti_txnid)
-                env->me_txns->mti_txnid = m->mm_txnid;
+            pwrite(env->me_mfd, p, env->me_psize, (p->mp_pgno * env->me_psize));
+            env->me_txns->mti_txnid = m->mm_txnid;
             i++;
         } else
         {
-           if (extend_map(env, p->mp_pgno, 1)!=0)
-               return ENOMEM;
-           memcpy((env->me_map + (p->mp_pgno * env->me_psize)), p, env->me_psize);
+           pwrite(env->me_fd, p, env->me_psize, (p->mp_pgno * env->me_psize));
            i++;
         }
     }
@@ -8128,7 +8829,7 @@ int mdb_rollforward_file(MDB_env *env, char * xlog_file)
         rc = ErrCode();
         goto cleanup;
     }
-    p = malloc(env->me_psize);
+    p = aligned_alloc(env->me_psize, env->me_psize);
     if (p == NULL)
     {
         rc = ENOMEM;
@@ -8234,11 +8935,10 @@ int mdb_rollxlogs(MDB_env *env, int purge)
 {
     char xlog_file[256];
     char xlog_file_dir[256];
-    unsigned long xlog_num = 0, i, c;
+    char xlog_bad_file[256];
+    unsigned long xlog_num = 0, i;
     int rc = 0;
-    unsigned long start_mm_xlog_num = env->me_metas[mdb_env_pick_meta(env)]->mm_xlog_num;
-    unsigned long cur_mm_xlog_num = start_mm_xlog_num;
-    unsigned long last_xlog_num = 0, first_xlog_num = 0;
+    unsigned long mm_xlog_num_pre_chkpt = env->me_metas[mdb_env_pick_meta(env)]->mm_xlog_num_pre_chkpt;
 
 #ifdef _WIN32
     WIN32_FIND_DATA ffd;
@@ -8266,7 +8966,14 @@ int mdb_rollxlogs(MDB_env *env, int purge)
     {
         xlog_num=atol(ffd.cFileName);
         if(xlog_num>=XLOG_MIN_NUM && xlog_num <= XLOG_MAX_NUM)
-            mdb_midl_xappend(xlog_ids, xlog_num);
+        {
+            rc = mdb_midl_xappend(xlog_ids, xlog_num);
+            if (rc)
+            {
+                rc = ENOMEM;
+                goto done;
+            }
+        }
     }
     while (1)
     {
@@ -8305,12 +9012,30 @@ int mdb_rollxlogs(MDB_env *env, int purge)
         xlog_num=atol(dir->d_name);
 #endif
         if(xlog_num>=XLOG_MIN_NUM && xlog_num <= XLOG_MAX_NUM)
+        {
+            if (xlog_ids[0] > (MDB_IDL_UM_MAX - 2))
+            {
+                rc = ENOMEM;
+                goto done;
+            }
             mdb_midl_xappend(xlog_ids, xlog_num);
+        }
     }
     mdb_midl_sort(xlog_ids);
-    c = i = (unsigned long)xlog_ids[0];
-    if (!purge && c > 0)
+    i = (unsigned long)xlog_ids[0];
+    if (!purge && i > 0)
+    {
+        if ((xlog_ids[1] - xlog_ids[i] + 1) != i || //logs are not continous numbers (missing files)
+            xlog_ids[1] < mm_xlog_num_pre_chkpt) //the last log is older than database
+        {
+            //Missing one or more WAL files
+            rc = MDB_WAL_FILE_ERROR;
+            mdb_eassert(env, rc == 0);
+            goto done;
+        }
         DPRINTF(("MDB recover is needed; roll forward %ld transaction log files...", c));
+    }
+
     for (; i; i--)
     {
 #ifdef _WIN32
@@ -8321,49 +9046,44 @@ int mdb_rollxlogs(MDB_env *env, int purge)
         if (purge)
         {
             rc = UNLINK_FILE(xlog_file);
-            if (rc)
-                rc = ENOMEM;
-        } else {
-            if (xlog_ids[i] < start_mm_xlog_num)
-            {
-                //database is newer than the xlog file.
-                DPRINTF(("skip rollfoward xlog_file %s\n", xlog_file));
-                if (!(env->me_flags & MDB_KEEPXLOGS))
-                    UNLINK_FILE(xlog_file);
-            } else
-            {
-                cur_mm_xlog_num = env->me_metas[mdb_env_pick_meta(env)]->mm_xlog_num;
-                if ((cur_mm_xlog_num + 1) < xlog_ids[i])
-                {
-                     DPRINTF(("fatal error: missing xlog file with xlog_num %lu\n", cur_mm_xlog_num + 1));
-                     env->me_flags |= MDB_FATAL_ERROR;
-                     rc = MDB_WAL_INVALID_META;
-                     goto done;
-                }
-                DPRINTF(("rollfoward xlog_file %s\n", xlog_file));
-                rc = mdb_rollforward_file(env, xlog_file);
-                if (rc)
-                {
-                     env->me_flags |= MDB_FATAL_ERROR;
-                     goto done;
-                }
-                if (!first_xlog_num)
-                {
-                    first_xlog_num = (unsigned long)xlog_ids[i];
-                    if (first_xlog_num > start_mm_xlog_num)
-                    {
-                        //The first xlog if applied, must cover all transactions in database file
-                        env->me_flags |= MDB_FATAL_ERROR;
-                        rc = MDB_WAL_INVALID_META;
-                        goto done;
-                    }
-                }
-                last_xlog_num = (unsigned long)xlog_ids[i];
-            }
+            //If unlink failed, the next startup may roll forward it, compromising integrity
+            mdb_eassert(env, rc == 0);
+            continue;
+        }
+
+        if ((xlog_ids[i] + 1)< mm_xlog_num_pre_chkpt)
+        {
+            //Database is newer than the xlog file.
+            DPRINTF(("skip rollfoward xlog_file %s\n", xlog_file));
+            if (!(env->me_flags & MDB_KEEPXLOGS))
+                UNLINK_FILE(xlog_file);
+            continue;
         }
+
+        DPRINTF(("rollfoward xlog_file %s\n", xlog_file));
+        rc = mdb_rollforward_file(env, xlog_file);
         if (rc)
-            break;
+        {
+#ifndef _WIN32
+             sprintf(xlog_bad_file, "%s/garbled-%08lu", xlog_file_dir, xlog_ids[i]);
+             rename(xlog_file, xlog_bad_file);
+#endif
+             if (i==1)
+             {
+                 //This failure is most likely recoverable, and the garbled file was due
+                 // to machine powered off before fdatasync completed on the WAL file,
+                 // leaving the incompleted (the last) transaction in the WAL file.
+                 rc = 0;
+                 continue;
+             }
+             else
+                 //This is usually not recoverable, namely a WAL is inconsistent even
+                 //though it has completed fdatasync, and proceeded to the next log file.
+                 mdb_eassert(env, rc == 0);
+             goto done;
+        }
     }
+
 done:
 #ifdef _WIN32
     if (d != INVALID_HANDLE_VALUE)
@@ -8373,44 +9093,9 @@ int mdb_rollxlogs(MDB_env *env, int purge)
         closedir(d);
 #endif
     mdb_midl_free(xlog_ids);
-    if ((last_xlog_num && last_xlog_num < start_mm_xlog_num))
-    {
-        // data file is newer than data in last xlog file,
-        // then database file may contain incomplete transactions.
-        env->me_flags |= MDB_FATAL_ERROR;
-        rc = MDB_WAL_INVALID_META;
-    }
     return rc;
 }
 
-/* Allocate and return page_size aligned memory,
- * and keep track of the original memory pointer for
- * calling free() later. Note that me_walstate.walbuf_p
- * IS NOT set here so that caller can access the old
- * buffer, e.g. implementing realloc WAL buffer.
-*/
-static
-void *wal_buf_alloc(MDB_env *env, int wal_buf_size)
-{
-    char *p = NULL;
-    unsigned int offset = 0;
-
-    int actual_size = wal_buf_size + env->me_psize;
-
-    /* Previously allocated buffer must have been
-       freed already with walbuf_real_p set to NULL */
-    if (env->me_walstate.walbuf_real_p)
-        return NULL;
-
-    if ((p=malloc(actual_size))==NULL)
-        return NULL;
-
-    env->me_walstate.walbuf_real_p = p;
-    env->me_walstate.walbuf_size = wal_buf_size;
-    offset = (unsigned long long)p % env->me_psize;
-    return p + env->me_psize - offset;
-}
-
 /* Initialize WAL state structure.
  * Called once when the environment is opened
  */
@@ -8421,8 +9106,7 @@ int mdb_wal_init(MDB_env *env)
     DWORD dwAttrib;
 #endif
     char xlog_dir[256];
-    char *p;
-    int rc = 0, wal_buf_init_size;
+    int rc = 0;
 
     env->me_walstate.xlog_fd = INVALID_HANDLE_VALUE;
     env->me_walstate.xlog_num = env->me_metas[mdb_env_pick_meta(env)]->mm_xlog_num + 1;
@@ -8430,7 +9114,13 @@ int mdb_wal_init(MDB_env *env)
         //This may occur once when switching from no-wal data.mdb to wal data.mdb
         env->me_walstate.xlog_num = XLOG_MIN_NUM;
     env->me_walstate.xlog_purged = XLOG_MIN_NUM - 1;
-    env->me_walstate.xlog_offset = 0;
+    env->me_walstate.xlog_pages = 0;
+    env->me_walstate.txn_pages = 0;
+    if (env->me_walstate.chkpt_interval == 0)
+    {
+        //If mdb_env_set_chkpt_interval is not called, set to default value.
+        env->me_walstate.chkpt_interval = CHKPT_INTERVAL_DEFAULT;
+    }
     if ((rc=pthread_mutex_init(&env->me_walstate.chkpt_waitmutex, NULL)) ||
         (rc=pthread_cond_init(&env->me_walstate.chkpt_waitcond, NULL)))
       return rc;
@@ -8452,16 +9142,10 @@ int mdb_wal_init(MDB_env *env)
         return rc;
     }
     env->me_walstate.chkpt_thread_active = 1;
-    wal_buf_init_size = env->me_psize * WAL_INIT_PGS;
-    env->me_walstate.walbuf_real_p = NULL;
-    if ((p = wal_buf_alloc(env, wal_buf_init_size))==NULL)
-        return  ENOMEM;
-
-    env->me_walstate.walbuf_p = p;
-    env->me_walstate.walbuf_pos = 0;
     return MDB_SUCCESS;
 }
 
+#ifndef _WIN32
 /* The all pages associated with the transaction
  * into the WAL file. The last pages should always
  * the meta page. Try to use O_DIRECT if the the OS/FS
@@ -8469,135 +9153,46 @@ int mdb_wal_init(MDB_env *env)
  * WAL file. Close the WAL if its size exceeded the defined
  * limit */
 static
-int wal_write(MDB_env *env, txnid_t tid)
+int wal_sync_meta(MDB_env *env, txnid_t tid)
 {
     char xlog_file[256];
-    int rc = 0, nw=0, wal_buf_init_size = 0;
+    int rc = 0;
+    int i = 0;
     HANDLE fd;
-#ifdef _WIN32
-    DWORD len;
-#endif
-
-    if (env->me_walstate.xlog_fd == INVALID_HANDLE_VALUE)
-    {
-        sprintf(xlog_file, "%s/xlogs/%08lu", env->me_path, env->me_walstate.xlog_num);
-#ifdef _WIN32
-        fd = CreateFile(xlog_file, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL|FILE_FLAG_NO_BUFFERING, NULL);
-#else
-        fd = creat(xlog_file, S_IRUSR|S_IWUSR);
-#endif
-        if (fd == INVALID_HANDLE_VALUE)
-        {
-            rc = ENOMEM;
-            goto done;
-        }
-
-        env->me_walstate.xlog_fd = fd;
-        env->me_walstate.xlog_offset = 0;
-        // now it is opened for writing;
-    }
 
-#ifdef _WIN32
-    rc = WriteFile(env->me_walstate.xlog_fd, env->me_walstate.walbuf_p,
-                   (DWORD)env->me_walstate.walbuf_pos, &len, NULL);
-    if (rc ==0 )
-        nw = -1;
-    else
-    {
-        nw = len;
-        rc = 0;
-    }
-#else
-    nw = write(env->me_walstate.xlog_fd, env->me_walstate.walbuf_p, env->me_walstate.walbuf_pos);
-#endif
-    if (nw != env->me_walstate.walbuf_pos)
+    for(i=0; i<3; i++)
     {
-        rc = ENOMEM;
-        goto done;
+        rc = fdatasync(env->me_walstate.xlog_fd);
+        if (rc == 0)
+            break;
     }
 
-#ifndef _WIN32
-    //direct-io is not safe with ESXi Linux VM though fcntl(fd, F_SETFL, rc | O_DIRECT) return 0
-    // So need to do a fdatasync.
-    if (MDB_FDATASYNC(env->me_walstate.xlog_fd)!=0)
+    if (rc)
     {
-        rc = ENOMEM;
-        goto done;
+       goto done;
     }
-#endif
-
-    DPRINTF(("WAL wrote %lu pages on txn %llu\n",
-             env->me_walstate.walbuf_pos/env->me_psize,
-             (unsigned long long)tid));
 
-    env->me_walstate.xlog_offset += env->me_walstate.walbuf_pos;
-    env->me_walstate.walbuf_pos = 0;
-
-    if (env->me_walstate.xlog_offset >= (MAX_WAL_PGS * env->me_psize))
+    if (env->me_walstate.xlog_pages >= MAX_WAL_PGS)
     {
         close(env->me_walstate.xlog_fd);
         env->me_walstate.xlog_fd = INVALID_HANDLE_VALUE;
         env->me_walstate.xlog_num++;
-        env->me_walstate.xlog_offset = 0;
-        wal_buf_init_size = env->me_psize * WAL_INIT_PGS;
-        /* shrink WAL buffer back to the default if it becomes too large */
-        if (env->me_walstate.walbuf_size > (wal_buf_init_size << 2))
+        env->me_walstate.xlog_pages = 0;
+        env->me_walstate.txn_pages = 0;
+        sprintf(xlog_file, "%s/xlogs/%08lu", env->me_path, env->me_walstate.xlog_num);
+        fd = open(xlog_file, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+        if (fd == INVALID_HANDLE_VALUE)
         {
-            //printf("shrink WAL buffer to %lu bytes\n", wal_buf_init_size);
-            free(env->me_walstate.walbuf_real_p);
-            env->me_walstate.walbuf_real_p = NULL;
-            if ((env->me_walstate.walbuf_p = wal_buf_alloc(env, wal_buf_init_size))==NULL)
-                rc = ENOMEM;
+            rc = ENOMEM;
+            goto done;
         }
+        env->me_walstate.xlog_fd = fd;
     }
 
 done:
     return rc;
 }
-
-/* Copy "pgs" pages from "dp" to wal buffer,
- * realloc page with alligned memory when needed.
- * Update walbuf pos to the length of the data in buffer.
- */
-static
-int mdb_walbuf_cpy(MDB_env *env, char *dp, unsigned long pgs)
-{
-    char *p, *real_p;
-    int pgsize = env->me_psize;
-    unsigned long new_mem_len = pgs * pgsize;
-    unsigned long pos = env->me_walstate.walbuf_pos;
-    unsigned long new_size = pos + new_mem_len;
-
-    /* Now a transaction can't write more than (MDB_IDL_UM_MAX - 1)
-       pages to WAL file for mdb_rollforward to handle */
-    if ((pos/pgsize + pgs) >= (MDB_IDL_UM_MAX - 1))
-    {
-        // Discard all pages in WAL buffer on transaction
-        env->me_walstate.walbuf_pos = 0;
-        return MDB_BAD_TXN;
-    }
-    if (new_size > (unsigned long)env->me_walstate.walbuf_size) {
-        //printf("expand wal buffer to %lu bytes\n", new_size);
-        real_p = env->me_walstate.walbuf_real_p;
-        env->me_walstate.walbuf_real_p = NULL;
-        if ((p = wal_buf_alloc(env, new_size<<1))==NULL)
-            return  ENOMEM;
-        if (pos  > 0)
-            memcpy(p, env->me_walstate.walbuf_p, pos);
-        free(real_p);
-        env->me_walstate.walbuf_p = p;
-    }
-    memcpy(env->me_walstate.walbuf_p + pos, dp, new_mem_len);
-    pos += new_mem_len;
-    env->me_walstate.walbuf_pos = pos;
-
-   return MDB_SUCCESS;
-}
-
-/* purge upto current xlog_num file less the margin */
-#define XLOG_PURGE_SAFE_MARGIN 5
-/* check point interval (seconds) */
-#define CHKPT_INTERVAL_SEC 30
+#endif
 
 /* The checkpoint thread main function
  * performs msync in a fixed interval, and
@@ -8614,9 +9209,9 @@ int mdb_walbuf_cpy(MDB_env *env, char *dp, unsigned long pgs)
 static
 void *mdb_chkpt_main(void *param_ptr)
 {
-    unsigned long i, rc=0;
+    long i, rc=0;
     char xlog_file_to_purge[256];
-    unsigned long xlog_num_before_chkpt;
+    long xlog_num_pre_chkpt;
     time_t now;
     struct timespec ts;
     int fatal_error = 0;
@@ -8630,17 +9225,25 @@ void *mdb_chkpt_main(void *param_ptr)
             fatal_error = 1; //This can occur if disk is full when writing WAL file
         else
         {
-            xlog_num_before_chkpt = env->me_walstate.xlog_num;
-            if (xlog_num_before_chkpt < XLOG_MIN_NUM)
+            xlog_num_pre_chkpt = env->me_walstate.xlog_num;
+            if (xlog_num_pre_chkpt < XLOG_MIN_NUM)
                 //This can occur once when switching from no-wal mdb to wal mdb
-                xlog_num_before_chkpt = xlog_num_before_chkpt;
+                xlog_num_pre_chkpt = XLOG_MIN_NUM;
 
             DPRINTF(("mdb_chkpt_main calls mdb_env_sync ..."));
-            rc = mdb_env_sync(env, 1);
+            for(i=0; i<3; i++)
+            {
+                rc = mdb_env_sync(env, 1);
+                if (rc == 0)
+                    break;
+            }
             if (rc)
             {
                 env->me_flags |= MDB_FATAL_ERROR;
                 fatal_error = 1;
+            } else
+            {
+                env->me_walstate.xlog_num_pre_chkpt = xlog_num_pre_chkpt;
             }
         }
         UNLOCK_MUTEX_W(env);
@@ -8650,7 +9253,7 @@ void *mdb_chkpt_main(void *param_ptr)
             /* Any closed xlog files before chkpt can be safely purged
              * - keep a few more files as a safe margin
              */
-            for (i=env->me_walstate.xlog_purged + 1; i<(xlog_num_before_chkpt - XLOG_PURGE_SAFE_MARGIN); i++)
+            for (i=env->me_walstate.xlog_purged + 1; i<(xlog_num_pre_chkpt - XLOG_PURGE_SAFE_MARGIN); i++)
             {
                 sprintf(xlog_file_to_purge, "%s/xlogs/%08lu", env->me_path, i);
                 if (UNLINK_FILE(xlog_file_to_purge) == 0)
@@ -8662,7 +9265,7 @@ void *mdb_chkpt_main(void *param_ptr)
             return NULL; //env has been shutdown
 
         now = time(NULL);
-        ts.tv_sec = now + CHKPT_INTERVAL_SEC;
+        ts.tv_sec = now + env->me_walstate.chkpt_interval;
         ts.tv_nsec = 0;
         pthread_mutex_lock(&env->me_walstate.chkpt_waitmutex);
         pthread_cond_timedwait(&env->me_walstate.chkpt_waitcond,
@@ -8673,52 +9276,6 @@ void *mdb_chkpt_main(void *param_ptr)
     return NULL;
 }
 
-/*
- * For Windows, the database size is set to
- * me_mapsize when MDB_env is opened.
- *
- * For Linux, the database is created with size of
- * smaller of DB_SIZE_INC or env->me_mapsize for new database;
- * or the current size if the database already exists; the database
- * size is then extended on demand with DB_SIZE_INC increament.
- */
-static int
-extend_map(MDB_env *env, pgno_t pgno, int num)
-{
-#ifndef _WIN32
-    size_t new_db_size = 0;
-
-    if (env->me_size > env->me_psize * (pgno + num))
-        return 0;
-
-    new_db_size = env->me_psize * (pgno + num) + DB_SIZE_INC;
-
-    if (new_db_size % DB_SIZE_INC != 0)
-        new_db_size = (new_db_size/DB_SIZE_INC + DB_SIZE_INC) * (pgno + num);
-
-    if (new_db_size > env->me_mapsize)
-        new_db_size = env->me_mapsize;
-
-    if (new_db_size <= env->me_psize * (pgno + num))
-    {
-        env->me_flags |= MDB_FATAL_ERROR;
-        return MDB_MAP_FULL;
-    }
-
-    env->me_size = new_db_size;
-    if (ftruncate(env->me_fd, env->me_size) < 0)
-    {
-       env->me_flags |= MDB_FATAL_ERROR;
-       DPRINTF(("error ftruncate with new size %lu error: %s\n", new_db_size, strerror(errno)));
-       return MDB_MAP_FULL;
-    }
-    DPRINTF(("datasize increased to %.2f MB\n", (float)(env->me_size/(1024*1024))));
-    return 0;
-#else
-    return 0;
-#endif
-}
-
 /** @brief set, clear or query MDB state for database file cold or hot copy.
  * Refer its description in lmdb.h for parameters.
  */
@@ -8730,7 +9287,7 @@ mdb_env_set_state(MDB_env *env, MDB_state_op op, unsigned long *last_xlog_num, u
     int ret = 0;
 
     if (env == NULL)
-        return EINVAL; 
+        return EINVAL;
 
     *last_xlog_num = 0;
     LOCK_MUTEX_W(env);
@@ -8747,11 +9304,20 @@ mdb_env_set_state(MDB_env *env, MDB_state_op op, unsigned long *last_xlog_num, u
          env->me_flags |= MDB_RDONLY;
     else if (op == MDB_STATE_KEEPXLOGS)
     {
-         *last_xlog_num = env->me_walstate.xlog_num;
-         env->me_flags |= MDB_KEEPXLOGS;
+         if (env->me_flags & MDB_WAL)
+         {
+             *last_xlog_num = env->me_walstate.xlog_num;
+             env->me_flags |= MDB_KEEPXLOGS;
+         } else
+         {
+             env->me_flags |= MDB_RDONLY;
+         }
     } else if (op == MDB_STATE_GETXLOGNUM)
     {
-         *last_xlog_num = env->me_walstate.xlog_num;
+         if (env->me_flags & MDB_WAL)
+         {
+             *last_xlog_num = env->me_walstate.xlog_num;
+         }
     } else if ( op == MDB_STATE_CLEAR)
     {
          env->me_flags &= ~MDB_RDONLY;
@@ -8776,8 +9342,99 @@ mdb_env_set_state(MDB_env *env, MDB_state_op op, unsigned long *last_xlog_num, u
 
 /** @brief Set commit hook func for Raft
  */
-void mdb_set_commit_hook_func(MDB_env *env, MDB_commit_hook_func *commit_hook_func)
+void mdb_set_raft_prepare_commit_func(MDB_env *env, MDB_raft_prepare_commit_func *raft_prepare_commit_func)
+{
+    env->me_raft_prepare_commit_func = raft_prepare_commit_func;
+}
+
+/** @brief callback for raft post commit - set raft volatle state with logIndex argument when commit succeeded
+ */
+void mdb_set_raft_post_commit_func(MDB_env *env, MDB_raft_post_commit_func  *raft_post_commit_func)
+{
+    env->me_raft_post_commit_func = raft_post_commit_func;
+}
+
+/** @brief callback for raft commit fail to write WAL or meta page (due to disk full/failure). The callback
+ *  would set the server to Raft Follower role to avoid reusing the logIndex/logTerm for new client requests.
+ */
+void mdb_set_raft_commit_fail_func(MDB_env *env, MDB_raft_commit_fail_func  *raft_commit_fail_func)
+{
+    env->me_raft_commit_fail_func = raft_commit_fail_func;
+}
+
+#ifndef _WIN32
+/** @brief flush an array of dirty pages to WAL file
+ */
+static
+int write_wal_pages(MDB_env *env, const struct iovec *iov, int n)
 {
-    env->me_commit_hook_func = commit_hook_func;
+    int rc = 0;
+    int i = 0;
+    int nw = 0;
+    int total_bytes = 0;
+    char xlog_file[256];
+    HANDLE fd = INVALID_HANDLE_VALUE;
+
+    if (!(env->me_flags & MDB_WAL))
+        goto done;
+
+    if (env->me_walstate.xlog_fd == INVALID_HANDLE_VALUE)
+    {
+        sprintf(xlog_file, "%s/xlogs/%08lu", env->me_path, env->me_walstate.xlog_num);
+        fd = open(xlog_file, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
+        if (fd == INVALID_HANDLE_VALUE)
+        {
+            rc = ENOMEM;
+            goto fatal_error;
+        }
+
+        env->me_walstate.xlog_fd = fd;
+        env->me_walstate.xlog_pages = 0;
+        env->me_walstate.txn_pages = 0;
+    }
+
+    for(i=0; i<n; i++)
+    {
+        total_bytes += iov[i].iov_len;
+    }
+
+    /* The xlog rollforward procedure can handle up to MDB_IDL_UM_MAX-1 pages (2^17-1 pages),
+     * including the meta page. Let the server quit if the limit is reached, and do WAL recovery
+     * procedure.
+     * A more desirable way is to clean-up the incompleted pages in WAL file, and abort
+     * the current transaction.
+     */
+    if((env->me_walstate.xlog_pages + (total_bytes/env->me_psize)) >= (MDB_IDL_UM_MAX - 2))
+    {
+        rc = ENOMEM;
+        goto fatal_error;
+    }
+
+    nw = writev(env->me_walstate.xlog_fd, iov, n);
+    if (nw < 0)
+    {
+        rc = ENOMEM;
+        goto fatal_error;
+    }
+
+    if (total_bytes != nw)
+    {
+        rc = ENOMEM;
+        goto fatal_error;
+    }
+
+    env->me_walstate.txn_pages += nw/env->me_psize;
+    env->me_walstate.xlog_pages += nw/env->me_psize;
+
+done:
+    return rc;
+
+fatal_error:
+    //The server will shutdown, and go though WAL recovery procedure
+    // to cleanup imcomplete pages in WAL file.
+    env->me_flags|=MDB_FATAL_ERROR;
+    goto done;
 }
+#endif
+
 /** @} */
diff --git a/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/Makefile b/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/Makefile
index ebce846fc..6bd8732df 100644
--- a/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/Makefile
+++ b/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/Makefile
@@ -1,19 +1,14 @@
-all: libmdb_nowal.so libmdb_wal.so mdb_wal_test.cpp
-	gcc -g -o mdb_wal_test_linux mdb_wal_test.cpp -lpthread -L . -lmdb -lstdc++
+all: mdb_wal_test
 
-libmdb_nowal.so:
+mdb_wal_test:
 	cp ../lmdb.h lmdb.h
 	cp ../midl.h midl.h
 	cp ../midl.c midl.c
-	gcc -shared -o libmdb_nowal.so -fpic mdb_nowal.c midl.c
-	ln -s libmdb_nowal.so libmdb.so
-
-libmdb_wal.so:
-	cp ../lmdb.h lmdb.h
-	cp ../midl.h midl.h
-	cp ../midl.c midl.c
-	cp ../mdb.c mdb_wal.c
-	gcc -shared -o libmdb_wal.so -fpic mdb_wal.c midl.c
+	cp ../mdb.c mdb.c
+	gcc -g -DMDB_USE_PWRITEV -o mdb_wal_test -fpic mdb_wal_test.cpp mdb.c midl.c -lpthread -lstdc++
 
 clean:
-	rm -rf mdb_wal.c midl.c lmdb.h midl.h *.o *.so mdb_wal_test_linux backupdb testdb
+	rm -rf mdb.c midl.c lmdb.h mdb.c midl.h *.o mdb_wal_test backupdb testdb
+
+cleandbs:
+	rm -rf backupdb testdb
diff --git a/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_nowal.c b/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_nowal.c
index 063d6639f..6f60f7e04 100644
--- a/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_nowal.c
+++ b/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_nowal.c
@@ -1118,6 +1118,9 @@ struct MDB_env {
 #endif
 	void		*me_userctx;	 /**< User-settable context */
 	MDB_assert_func *me_assert_func; /**< Callback for assertion failures */
+        MDB_raft_prepare_commit_func *me_raft_prepare_commit_func; /** Commit hook function used for Raft committing a log **/
+        MDB_raft_post_commit_func *me_raft_post_commit_func; /** callback that sets raft state for the logIndex **/
+        MDB_raft_commit_fail_func *me_raft_commit_fail_func; /** callback that sets raft state if fail to write WAL or meta page  **/
 };
 
 	/** Nested transaction */
@@ -2929,6 +2932,9 @@ mdb_txn_commit(MDB_txn *txn)
 	int		rc;
 	unsigned int i;
 	MDB_env	*env;
+        unsigned long long raft_logindex = 0;
+        unsigned int raft_logterm = 0;
+        unsigned int raft_op = 0;
 
 	if (txn == NULL || txn->mt_env == NULL)
 		return EINVAL;
@@ -3107,17 +3113,33 @@ mdb_txn_commit(MDB_txn *txn)
 #if (MDB_DEBUG) > 2
 	mdb_audit(txn);
 #endif
-
-	if ((rc = mdb_page_flush(txn, 0)) ||
-		(rc = mdb_env_sync(env, 0)) ||
-		(rc = mdb_env_write_meta(txn)))
-		goto fail;
+        if ((rc = mdb_page_flush(txn, 0))||
+                (rc = mdb_env_sync(env, 0)))
+        {
+                goto fail;
+        }
+
+        if ((env->me_raft_prepare_commit_func &&
+             (rc = env->me_raft_prepare_commit_func(&raft_logindex, &raft_logterm, &raft_op))) ||
+            (rc = mdb_env_write_meta(txn)))
+        {
+                if (env->me_raft_commit_fail_func && raft_logindex > 0)
+                {
+                    env->me_raft_commit_fail_func();
+                }
+                goto fail;
+        }
 
 done:
 	env->me_pglast = 0;
 	env->me_txn = NULL;
 	mdb_dbis_update(txn, 1);
 
+        if (env->me_raft_post_commit_func && raft_logindex > 0)
+        {
+            env->me_raft_post_commit_func(raft_logindex, raft_logterm, raft_op);
+        }
+
 	if (env->me_txns)
 		UNLOCK_MUTEX_W(env);
 	free(txn);
@@ -8588,4 +8610,28 @@ mdb_env_set_state(MDB_env *env, MDB_state_op op, unsigned long *last_xlog_num, u
     UNLOCK_MUTEX_W(env);
     return ret;
 }
+
+
+/** @brief Set commit hook func for Raft
+ */
+void mdb_set_raft_prepare_commit_func(MDB_env *env, MDB_raft_prepare_commit_func *raft_prepare_commit_func)
+{
+    env->me_raft_prepare_commit_func = raft_prepare_commit_func;
+}
+
+/** @brief callback for raft post commit - set raft volatle state with logIndex argument when commit succeeded
+ */
+void mdb_set_raft_post_commit_func(MDB_env *env, MDB_raft_post_commit_func  *raft_post_commit_func)
+{
+    env->me_raft_post_commit_func = raft_post_commit_func;
+}
+
+/** @brief callback for raft commit fail to write WAL or meta page (due to disk full/failure). The callback
+ *  would set the server to Raft Follower role to avoid reusing the logIndex/logTerm for new client requests.
+ */
+void mdb_set_raft_commit_fail_func(MDB_env *env, MDB_raft_commit_fail_func  *raft_commit_fail_func)
+{
+    env->me_raft_commit_fail_func = raft_commit_fail_func;
+}
+
 /** @} */
diff --git a/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_wal_test.cpp b/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_wal_test.cpp
index f5e39928f..10ad18f4b 100644
--- a/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_wal_test.cpp
+++ b/lwraft/thirdparty/openldap/libraries/mdb/mdb_wal_test/mdb_wal_test.cpp
@@ -41,18 +41,18 @@ class MdbTester
     int txn_commit();
     void txn_abort();
     int test_modify(int idx);
-    int test_del(int idx);
+    int test_del(int idx, const char *prefix);
     int test_modify_nested(int idx1, int in_child_txn = 0, int commit = 1);
-    int test_bigdata_modify(int i, int datasize);
-    int test_bigdata_search(int i);
+    int largedata_modify(int i, int datasize, const char *datamark = "default");
+    int largedata_search(int i);
     int test_mod_search(int idx, MDB_txn *txn = NULL);
     int test_provision_search(int idx);
     int db_init();
     int db_close();
     int shrink_db(int dbsize);
-    int backup_db();
-    int truncate_backup_db(long dbSize);
-    int restore_db();
+    static int backup_db();
+    static int truncate_backup_db(long dbSize);
+    static int restore_db();
     MDB_env *get_dbenv() { return _env; };
 
  private:
@@ -87,8 +87,11 @@ int MdbTester::db_init()
   strcpy(path_buf, "./testdb");
 #endif
 
-  if (mdb_env_create(&_env))
-    return -1;
+  if ((rc=mdb_env_create(&_env)))
+  {
+    cout<<"mdb_env_create error"<<endl;
+    return rc;
+  }
 
   if (_mapsize > 0)
   {
@@ -97,8 +100,11 @@ int MdbTester::db_init()
      printf("mapsize set to %.2f MB\n", (float)_mapsize/(float)(1024*1024));
   }
 
-  if(mdb_env_set_maxdbs(_env, 10))
-      return -1;
+  if((rc=mdb_env_set_maxdbs(_env, 10)))
+  {
+      cout<<"mdb_env_set_maxdbs"<<endl;
+      return rc;
+  }
 
   if (_keep_xlog)
      flags |= MDB_KEEPXLOGS;
@@ -107,13 +113,15 @@ int MdbTester::db_init()
   if (rc)
   {
      printf("mdb_env_open failed with error %d: %s\n", rc, mdb_strerror(rc));
-     return -1;
+     return rc;
   }
 
-  if (mdb_txn_begin(_env, NULL, 0, &txn) ||
-      mdb_open(txn, "second", MDB_CREATE, &_dbi) ||
-      mdb_txn_commit(txn))
-     return -1;
+  if ((rc=mdb_txn_begin(_env, NULL, 0, &txn)) ||
+      (rc=mdb_open(txn, "second", MDB_CREATE, &_dbi)) ||
+      (rc=mdb_txn_commit(txn)))
+  {
+     cout<<"Warninig: fail to create second db."<<endl;
+  }
 
    return 0;
 }
@@ -128,12 +136,17 @@ int MdbTester::db_close()
 
 MdbTester::MdbTester(unsigned int env_flags, int mapsize, int keep_xlog):_env_flags(env_flags), _max_keys(400000),_env(NULL), _mapsize(mapsize), _txn(NULL),_keep_xlog(keep_xlog)
 {
+  int rc =0;
+
   for(int i=0; i<_max_keys; i++)
   {
     _keys.push_back(800000+i);
   }
-  if (db_init())
+  if ((rc=db_init()))
+  {
+    cout<<"Error db_init: "<<rc<<endl;
     exit(-1);
+  }
 }
 
 int MdbTester::txn_begin()
@@ -179,7 +192,7 @@ int MdbTester::search_data(MDB_val *key, MDB_val *data)
 
   if (_txn == NULL)
   {
-    rc = mdb_txn_begin(_env, NULL, 1, &txn);
+    rc = mdb_txn_begin(_env, NULL, MDB_RDONLY, &txn);
     if (rc)
       return rc;
   }
@@ -222,7 +235,7 @@ void MdbTester::show_keys()
 void MdbTester::provision(int cnt, int start_idx)
 {
   MDB_txn *txn = _txn;
-  int rc, j, k, data_size = 1200;
+  int rc, j, k, data_size;
   MDB_val key, data;
   char kval[128];
   char sval[512];
@@ -237,12 +250,13 @@ void MdbTester::provision(int cnt, int start_idx)
   {
       string small_data;
       key.mv_data = kval;
-      sprintf(kval, "provision key %08d", _keys[si]);
+      sprintf(kval, "provision key %d", _keys[si]);
       if (i==0)
           printf("provision %d data items starting with key '%s'\n", cnt, kval);
       key.mv_size = strlen(kval);
       j = 0;
       k = 0;
+      data_size = rand()%997;
       while (j < data_size)
       {
           sprintf(sval, "Dummy small data -------------------------------- key %d, i=%d,", _keys[si], k++);
@@ -309,7 +323,7 @@ int MdbTester::test_search(int idx, const char *key_prefix, MDB_txn *txn)
   if (i >= _max_keys)
     i = _max_keys - 1;
   key.mv_data = kval;
-  sprintf(kval, "%s %08d", key_prefix,  _keys[i]);
+  sprintf(kval, "%s %d", key_prefix,  _keys[i]);
   key.mv_size = strlen(kval);
   if (txn)
     rc = search_data(&key, &data, txn);
@@ -318,23 +332,23 @@ int MdbTester::test_search(int idx, const char *key_prefix, MDB_txn *txn)
   return rc;
 }
 
-int MdbTester::test_bigdata_search(int i)
+int MdbTester::largedata_search(int i)
 {
   char kval[512];
   MDB_val key, data;
   int rc = 0;
   char *p;
 
-  sprintf(kval, "modify key %08d", _keys[i]);
+  sprintf(kval, "%d", _keys[i]);
   key.mv_data = kval;
   key.mv_size  = strlen(kval);
   rc = search_data(&key, &data);
   if (rc == 0) {
-      cout<< "test_bigdata_search for key '" << kval << "' got data with size " << data.mv_size <<endl;
+      cout<< "largedata_search for key '" << kval << "' got data with size " << data.mv_size <<endl;
       p = (char *)malloc(data.mv_size + 1);
       memset(p, 0, data.mv_size + 1);
       memcpy(p, data.mv_data, data.mv_size);
-      printf("last 80 chars of data for key '%s' is %s\n", (char *)key.mv_data, &p[data.mv_size - 80]);
+      printf("last 80 chars of data for key '%s' is: %s\n", (char *)key.mv_data, &p[data.mv_size - 80]);
       free(p);
   }
   return rc;
@@ -353,7 +367,7 @@ int MdbTester::test_modify(int idx)
     i = _max_keys - 1;
 
   key.mv_data = kval;
-  sprintf(kval, "modify key %08d", _keys[i]);
+  sprintf(kval, "modify key %d", _keys[i]);
   key.mv_size = strlen(kval);
   sprintf(sval, "This is the data item with key '%s' for mdb_put testing.", kval);
   data.mv_data = sval;
@@ -361,7 +375,7 @@ int MdbTester::test_modify(int idx)
 
   if (_txn == NULL)
   {
-    rc = mdb_txn_begin(_env, NULL, 1, &txn);
+    rc = mdb_txn_begin(_env, NULL, 0, &txn);
     if (rc)
       return rc;
   }
@@ -388,7 +402,7 @@ int MdbTester::test_modify(int idx)
   return rc;
 }
 
-int MdbTester::test_del(int idx)
+int MdbTester::test_del(int idx, const char *prefix)
 {
   char kval[128];
   MDB_val key, data;
@@ -401,7 +415,7 @@ int MdbTester::test_del(int idx)
     i = _max_keys - 1;
 
   key.mv_data = kval;
-  sprintf(kval, "modify key %08d", _keys[i]);
+  sprintf(kval, "%s%d", prefix, _keys[i]);
   key.mv_size = strlen(kval);
   sprintf(sval, "This is the data item with key '%s' for mdb_put testing.", kval);
   data.mv_data = sval;
@@ -409,7 +423,7 @@ int MdbTester::test_del(int idx)
 
   if (_txn == NULL)
   {
-    rc = mdb_txn_begin(_env, NULL, 1, &txn);
+    rc = mdb_txn_begin(_env, NULL, 0, &txn);
     if (rc)
       return rc;
   }
@@ -454,7 +468,7 @@ int MdbTester::test_modify_nested(int idx, int in_child_txn, int commit)
 
   i = idx;
   key.mv_data = kval;
-  sprintf(kval, "modify key %08d", _keys[i]);
+  sprintf(kval, "modify key %d", _keys[i]);
   key.mv_size = strlen(kval);
   sprintf(sval, "This is the data item with key '%s' for mdb_put testing.", kval);
   data.mv_data = sval;
@@ -462,7 +476,7 @@ int MdbTester::test_modify_nested(int idx, int in_child_txn, int commit)
 
   if (in_child_txn)
   {
-    rc = mdb_txn_begin(_env, txn, 1, &child_txn);
+    rc = mdb_txn_begin(_env, txn, 0, &child_txn);
     if (rc)
     {
       printf("mdb_txn_begin on child transaction failed: %s\n", mdb_strerror(rc));
@@ -502,7 +516,7 @@ int MdbTester::test_modify_nested(int idx, int in_child_txn, int commit)
   return rc;
 }
 
-int MdbTester::test_bigdata_modify(int i, int data_size)
+int MdbTester::largedata_modify(int i, int data_size, const char *datamark)
 {
   char kval[128];
   MDB_val key, data;
@@ -512,39 +526,39 @@ int MdbTester::test_bigdata_modify(int i, int data_size)
   MDB_txn *txn = _txn;
 
   key.mv_data = kval;
-  sprintf(kval, "modify key %08d", _keys[i]);
+  sprintf(kval, "%d", _keys[i]);
   key.mv_size = strlen(kval);
   j = 0;
   k = 0;
   while (j < data_size)
   {
-      sprintf(sval, "Dummy big data size %d -------------------------------- key %d, i=%d,", data_size, _keys[i], k++);
+      sprintf(sval, "largedata modify: size %d, key %d, data-mark=%s, i=%d,", data_size, _keys[i], datamark, k++);
       big_data += sval;
       j += (int)strlen(sval);
   }
   data.mv_size = big_data.size();
   data.mv_data = (char *)big_data.c_str();
 
-  cout<<"Modifying big data on key " << _keys[i] << " with data size " << data.mv_size << endl;
+  cout<<"largedata modify on key " << _keys[i] << " with data size " << data.mv_size << endl;
 
   if (_txn == NULL)
   {
-    rc = mdb_txn_begin(_env, NULL, 1, &txn);
+    rc = mdb_txn_begin(_env, NULL, 0, &txn);
     if (rc)
       return rc;
   }
   rc = mdb_put(txn, _dbi, &key, &data, 0);
   if (!rc)
   {
-    cout<<"mdb_put for modifying big data succeeded on key "<<_keys[i]<<endl;
+    cout<<"mdb_put for largedata modify succeeded on key "<<_keys[i]<<endl;
     if (_txn == NULL)
     {
       rc = mdb_txn_commit(txn);
       if (rc)
-	cout<<"txn_commit for modifying big data failed on key "<<_keys[i]<<endl;
+	cout<<"txn_commit for largedata modify failed on key "<<_keys[i]<<endl;
     }
   } else {
-    cout<<"mdb_put for modifying big data failed on key "<<_keys[i]<<endl;
+    cout<<"mdb_put for largedata modify failed on key "<<_keys[i]<<endl;
     if (_txn == NULL)
       mdb_txn_abort(txn);
   }
@@ -578,7 +592,7 @@ int MdbTester::truncate_backup_db(long dbSize)
     else
         printf("tailed to truncat backupdb/data.mdb to %lu bytes ...\n", dbSize);
 #endif
-    return 0; 
+    return 0;
 }
 
 int MdbTester::restore_db()
@@ -601,7 +615,7 @@ int MdbTester::restore_db()
 
 static void show_usage(char *path)
 {
-    printf("Usage %s -w1|-w2|-w3|-w4|-w5|-w6|-r1|-r2|-r3|-r4|-b1|-b2|-b3|-b4|-b5|-d1|-d2|-s\n", path);
+    printf("Usage %s -w1|-w2|-w3|-w4|-w5|-w6|-w7|-r1|-r2|-r3|-r4|-b1|-b2|-b3|-b4|-b5|-d1|-d2|-s\n", path);
     exit(-1);
 }
 
@@ -613,9 +627,24 @@ main(int argc, char **argv)
 {
   int t_modify = 0, t_search=0, t_db_shrink=0, t_delete=0, rc=0;
   int t_bigdata = 0;
+  int wal_enabled = 1;
+  unsigned int env_flags = 0;
+  char *envp = NULL;
+
   if (argc != 2)
     show_usage(argv[0]);
 
+  envp = getenv("MDB_ENV_WALL");
+  if (envp && strcasecmp(envp, "0") == 0)
+  {
+      wal_enabled = 0;
+      printf("MDB_ENV_WALL disabled\n");
+  } else
+  {
+      env_flags = MDB_WAL;
+      printf("MDB_ENV_WALL enabled\n");
+  }
+
   if (strcmp(argv[1], "-w1")==0)
     t_modify=1;
   else if (strcmp(argv[1], "-w2")==0)
@@ -628,16 +657,10 @@ main(int argc, char **argv)
     t_modify=5;
   else if (strcmp(argv[1], "-w6")==0)
     t_modify=6;
+  else if (strcmp(argv[1], "-w7")==0)
+    t_modify=7;
   else if (strcmp(argv[1], "-b1")==0)
     t_bigdata = 1;
-  else if (strcmp(argv[1], "-b2")==0)
-    t_bigdata =2;
-  else if (strcmp(argv[1], "-b3")==0)
-    t_bigdata =3;
-  else if (strcmp(argv[1], "-b4")==0)
-    t_bigdata =4;
-  else if (strcmp(argv[1], "-b5")==0)
-    t_bigdata =5;
   else if (strcmp(argv[1], "-r1")==0)
     t_search = 1;
   else if (strcmp(argv[1], "-r2")==0)
@@ -646,16 +669,16 @@ main(int argc, char **argv)
     t_search = 3;
   else if (strcmp(argv[1], "-r4")==0)
     t_search = 4;
+  else if (strcmp(argv[1], "-r5")==0)
+    t_search = 5;
   else if (strcmp(argv[1], "-s")==0)
     t_db_shrink = 1;
   else if (strcmp(argv[1], "-d1")==0)
     t_delete = 1;
-  else if (strcmp(argv[1], "-d2")==0)
-    t_delete = 2;
   else
     show_usage(argv[0]);
 
-  if (t_modify || t_bigdata == 1 || t_bigdata == 4|t_bigdata ==5|| t_delete == 1)
+  if (t_modify || t_bigdata == 1 ||t_delete == 1 || t_db_shrink == 1)
   {
 #ifdef _WIN32
     //rc = GetCurrentDirectory(sizeof(cmdbuf), cmdbuf);
@@ -674,110 +697,56 @@ main(int argc, char **argv)
 
   if (t_bigdata == 1)
   {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>4, 1);
-    cout << "Making a backup of mdb into backupdb"<<endl;
-    mtp->backup_db();
-    mtp->provision(3000);
-    mtp->test_provision_search(100);
-    mtp->test_modify(1);
-    mtp->test_mod_search(1);
-    mtp->test_modify(2);
-    mtp->test_mod_search(2);
-    mtp->test_bigdata_modify(3, 4096*3);
-    mtp->test_bigdata_search(3);
-    mtp->test_bigdata_modify(4, 4096*4); //four overflow pages
-    mtp->test_bigdata_search(4);
-    mtp->test_bigdata_modify(5, 1200); //no overflow page
-    mtp->test_bigdata_search(5);
-    mtp->test_bigdata_modify(7, 2100); //one overflow page
-     mtp->test_bigdata_search(7);
-    mtp->test_modify(1);
-    mtp->test_bigdata_modify(6, 5000); //two overflow page
-    mtp->test_bigdata_search(6);
-    //printf("Pause 32 seconds for checkpoint...\n");
-    //SLEEP(32); //observe checkpoint
-    delete mtp;
-  }
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE>>4, 1);
+    if (wal_enabled)
+    {
+      cout << "Making a backup of mdb into backupdb"<<endl;
+      MdbTester::backup_db();
+    }
 
-  if (t_bigdata == 2)
-  {
-    mtp->restore_db();
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>4, 1);
-    printf("search big data again after retore...\n");
-    mtp->test_provision_search(100);
-    mtp->test_mod_search(1);
-    mtp->test_mod_search(2);
-    mtp->test_bigdata_search(3);
-    mtp->test_bigdata_search(4);
-    mtp->test_bigdata_search(5);
-    mtp->test_bigdata_search(7);
-    mtp->test_bigdata_search(6);
-    mtp->test_bigdata_search(1);
-    delete mtp;
-  }
+    mtp->provision(256);
 
-  if (t_bigdata == 3)
-  {
-    // search again
-    mtp = new MdbTester(0);
     mtp->test_provision_search(100);
-    mtp->test_mod_search(1);
-    mtp->test_mod_search(2);
-    mtp->test_bigdata_search(3);
-    mtp->test_bigdata_search(4);
-    mtp->test_bigdata_search(5);
-    mtp->test_bigdata_modify(1, 2100); //one overflow page
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
-    delete mtp;
-  }
+    mtp->test_provision_search(200);
+    mtp->test_provision_search(255);
 
-  if (t_bigdata == 4)
-  {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>4);
-    cout << "Making a backup of mdb into backupdb"<<endl;
-    mtp->backup_db();
-    //mtp->txn_begin();
-    mtp->test_bigdata_modify(1, 2100); //one overflow page
-    mtp->test_bigdata_search(1);
-    mtp->test_bigdata_modify(1, 100);
-    mtp->test_bigdata_search(1);
-    //mtp->txn_commit();
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
-    delete mtp;
-  }
+    cout << endl<<"Test big data modify:"<<endl;
+    mtp->largedata_modify(4, 4096*4, "mark1"); //four overflow pages
+    mtp->largedata_search(4);
 
-  if (t_bigdata == 5)
-  {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>4, 1);
-    cout << "Making a backup of mdb into backupdb"<<endl;
-    mtp->backup_db();
-    //mtp->txn_begin();
-    mtp->test_bigdata_modify(1, 2100); //one overflow page
-    mtp->test_bigdata_search(1);
-    mtp->test_bigdata_modify(1, 4096*2); //three overflow page on the same key
-    mtp->test_bigdata_search(1);
-    //mtp->txn_commit();
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
+    mtp->largedata_modify(4, 4096*4, "mark2"); //four overflow pages
+    mtp->largedata_search(4);
+
+    cout << endl<<"Test large data modify:"<<endl;
+    mtp->largedata_modify(5, 500, "mark3"); //no overflow page
+    mtp->largedata_search(5);
+
+    mtp->largedata_modify(5, 500, "mark4"); //no overflow page
+    mtp->largedata_search(5);
     delete mtp;
+
+    if (wal_enabled)
+    {
+      cout<<endl<<"restore database..."<<endl;
+      MdbTester::restore_db();
+    }
+    t_search = 5; // t_search 5 will restore db and search for added data.
   }
 
   if (t_db_shrink == 1) {
-    mtp = new MdbTester(0);
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
+    rc = mtp->test_modify(1);
     rc = mtp->test_mod_search(1);
     rc = mtp->shrink_db(DB_DEFAULT_SIZE/2);
     rc = mtp->test_mod_search(1);
     //For Linux: must have atleast one write transaction
     //to write the new size into meta data
-    rc = mtp->test_modify(1);
     delete mtp;
   }
 
   if (t_modify == 1) {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE);
-    mtp->provision(32000);
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
+    mtp->provision(320);
 
     rc = mtp->test_modify(1);
     if (rc)
@@ -789,63 +758,42 @@ main(int argc, char **argv)
 
     rc = mtp->test_mod_search(2);
     if (rc == 0 ) {
-      printf("test search returned a value for no-such-data\n");
+      printf("test search faild: returned a value for no-such-data\n");
       rc = -1;
     } else
       rc = 0;
 
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
     delete mtp;
-	SLEEP(1);
+    SLEEP(1);
   }
 
   if (t_modify == 2) {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE);
+    // Test transaction commit
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
     mtp->txn_begin();
-    mtp->provision(160000);
+    mtp->provision(8000);
     printf ("search data inside transaction...\n");
     mtp->test_provision_search(1000);
-    mtp->test_provision_search(70001);
+    mtp->test_provision_search(7001);
     rc = mtp->txn_commit();
     if (rc)
     {
-      /* This can be triggered with a modified mdb.c
-       * where wal write is limited to 2000 pags:
-       * if ((pos/pgsize + pgs) >= 2000)
-       * in function mdb_walbuf_cpy()
-       */
-
+      /* There is no easy way to trigger this condition */
       printf ("search again after commit failed\n");
       mtp->test_provision_search(1000);
-      mtp->test_provision_search(70001);
+      mtp->test_provision_search(7001);
     } else
     {
       printf ("search again after commit succeed outside transaction...\n");
       mtp->test_provision_search(1000);
-      mtp->test_provision_search(70001);
+      mtp->test_provision_search(7001);
     }
-
-    if (rc)
-    {
-       mtp->txn_begin();
-       mtp->provision(1000);
-       mtp->test_provision_search(100);
-       mtp->test_provision_search(701);
-       rc = mtp->txn_commit();
-       printf("transaction commit %s with 1000 data provisioned.\n", rc?"failed":"succeed");
-       printf("search again outside transaction after 1000 data provisioned...\n");
-       mtp->test_provision_search(100);
-       mtp->test_provision_search(701);
-    }
-
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
     delete mtp;
   }
 
   if (t_modify == 3) {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>4);
+    // Test transaciton abort
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE>>4, 0);
     mtp->txn_begin();
     mtp->provision(8000);
     printf ("search data inside transaction...\n");
@@ -855,15 +803,13 @@ main(int argc, char **argv)
     printf ("search again after aborting the transaction...\n");
     mtp->test_provision_search(100);
     mtp->test_provision_search(201);
-
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
     delete mtp;
   }
 
   if (t_modify == 4) {
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>4);
-    mtp->provision(1000);
+    // Test nested transaction
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE>>4, 0);
+    mtp->provision(200);
 
     mtp->txn_begin();
 
@@ -871,10 +817,7 @@ main(int argc, char **argv)
     rc = mtp->test_modify_nested(1, 0, 0);
     rc = mtp->test_mod_search(1);
 
-    /* MDB doesn't support nested transaction with MDB_WRITEMAP,
-     * so modify/search below wouldn't generate expected results.
-     * The original mdb.c without MDB_WRITEMAP does.
-     */
+    /* MDB WAL now supports nested transaction */
     printf("\nmodify and search inside of transaction with child txn aborted...\n");
     rc = mtp->test_modify_nested(2, 1, 0);
     rc = mtp->test_mod_search(2);
@@ -885,19 +828,19 @@ main(int argc, char **argv)
 
     mtp->txn_commit();
 
-    printf("\nsearch outside of transaction...\n");
+    printf("\nsearch outside of transaction, only 1 and 3 should exist ...\n");
     rc = mtp->test_mod_search(1);
     rc = mtp->test_mod_search(2);
     rc = mtp->test_mod_search(3);
-
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
-    delete mtp;
   }
 
   if (t_modify == 5) {
-   /* test map full case */
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>5);
+    /* Test map full case */
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE>>7, 1);
+    mtp->largedata_modify(5, 300, "mark5");
+    printf("search added large data idx 5 ...\n");
+    mtp->largedata_search(5);
+
     mtp->txn_begin();
     mtp->provision(80000);
     printf ("search data inside transaction...\n");
@@ -910,25 +853,33 @@ main(int argc, char **argv)
       mtp->test_provision_search(1000);
       mtp->test_provision_search(70001);
     }
+    printf("search large data idx 5 after MAP_FULL ...\n");
+    mtp->largedata_search(5);
 
     delete mtp;
+
+    t_search = 1; //Go through to t_search 1 which will roll forward xlogs. Check database intact by doing -r1 again.
   }
 
   if (t_modify == 6) {
+    //Test database hot copy
     unsigned long current_xlog_num = 0;
     unsigned long dbSizeMb = 0;
     unsigned long dbMapSizeMb = 0;
     char cmd[1024];
 	char db_path[128];
     // Test xlogs rollforward case - skip xlogs that have been applied.
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE>>1, 1);
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE>>1, 1);
     mtp->provision(50000, 0); // idx 0 ~ 49999
-    mtp->backup_db(); //backup database with 50K items in the database
+    if (wal_enabled)
+    {
+      MdbTester::backup_db(); //backup database with 50K items in the database
+    }
     mdb_env_set_state(mtp->get_dbenv(), MDB_STATE_KEEPXLOGS, &current_xlog_num, &dbSizeMb, &dbMapSizeMb, db_path, sizeof(db_path));
     printf ("current xlog number: %lu dbsize %lu MB dbMapSize %lu MB\n", current_xlog_num, dbSizeMb, dbMapSizeMb);
-    //For database hop copy, only dbSizeMb is needed to be transfered instead of the whole file
-    //  -- scp on mdb.data will not take avantage of the spare file.
-    mtp->truncate_backup_db((dbSizeMb + 16)<<20);
+
+    //For database hop copy (Windows), only dbSizeMb is needed to be transfered instead of the whole sparse file
+    MdbTester::truncate_backup_db((dbSizeMb + 16)<<20);
     mtp->provision(20000, 50000); //provision additional 20K items idx 50000 ~ 69999
 
     mtp->test_provision_search(0);
@@ -936,98 +887,102 @@ main(int argc, char **argv)
     mtp->test_provision_search(50000);
     mtp->test_provision_search(69999);
 
-    printf("Please use option -r4 to verify data recovery.\n");
     delete mtp;
+
+    if (wal_enabled)
+    {
+      MdbTester::restore_db();
+    }
+    t_search = 4; //t_search 4 will search for added data after backup_db.
   }
 
-  if (t_delete == 1) {
-    /* test map full case in a transaction for each mdb_put  */
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE);
+  //Debug transaction log rollforward
+  if (t_modify == 7) {
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 1);
+    mtp->provision(200);
 
-    cout << "Making a backup of mdb into backupdb"<<endl;
-    mtp->backup_db();
+    if (wal_enabled)
+    {
+      MdbTester::backup_db(); //backup database with 200 items in the database
+    }
 
-    mtp->provision(8000);
-    rc = mtp->test_modify(1000);
-    printf("add idx 1000 %s\n", rc?"failed":"succeeded");
+    mtp->provision(1000, 200);
+    exit(0);
+    //use -r3 to test rollforward after copy back the backup database
+    delete mtp;
+  }
 
-    mtp->test_mod_search(1000);
+  if (t_delete == 1) {
+    //Test restore database for deleted data.
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 1);
+
+    if (wal_enabled)
+    {
+      cout << "Making a backup of mdb into backupdb"<<endl;
+      MdbTester::backup_db();
+    }
 
-    rc = mtp->test_del(1000);
-    printf("delete idx 1000 %s\n", rc?"failed":"succeeded");
+    mtp->provision(2000);
 
-    printf("search deleted small data idx 1000...\n");
+    rc = mtp->test_modify(1000);
     mtp->test_mod_search(1000);
 
-    mtp->test_bigdata_modify(200, 4096*4); //four overflow pages
-    printf("search added big data idx 200...\n");
-    mtp->test_bigdata_search(200);
-
-    printf("deleting big data idx 200 ...\n");
-    rc = mtp->test_del(200);
-    printf("delete bigdata idx 200 %s\n", rc?"failed":"succeeded");
+    rc = mtp->test_del(1000, "modify key ");
+    mtp->test_mod_search(1000);
 
-    printf("search deleted big data idx 200...\n");
-    mtp->test_bigdata_search(200);
+    mtp->largedata_modify(200, 4096*4); //four overflow pages
+    mtp->largedata_search(200);
 
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
+    rc = mtp->test_del(200, "");
+    mtp->largedata_search(200);
 
     delete mtp;
-  }
 
-  if (t_delete == 2) {
-    mtp->restore_db();
-    mtp = new MdbTester(0, DB_DEFAULT_SIZE);
+    if (wal_enabled)
+    {
+      MdbTester::restore_db();
+    }
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
 
     mtp->test_provision_search(100);
-    mtp->test_provision_search(2000);
+    mtp->test_provision_search(1200);
 
     mtp->test_mod_search(1000);
-    mtp->test_bigdata_search(200);
-
-    printf("add idx 1000 ...");
-    rc=mtp->test_modify(1000);
-    printf("add idx 1000 %s\n", rc?"failed":"succeeded");
-
-    printf("search  modified data idx 1000...\n");
-    mtp->test_mod_search(1000);
-
-    printf("add bigdata idx 200 ...\n");
-    rc = mtp->test_bigdata_modify(200, 4096*4); //four overflow pages
-    printf("add bigdata idx 200 %s\n", rc?"failed":"succeeded");
-
-    printf("search bigdata again ...\n");
-    mtp->test_bigdata_search(200);
-
-    printf("Pause 32 seconds for checkpoint...\n");
-    SLEEP(32); //observe checkpoint
+    mtp->largedata_search(200);
 
     delete mtp;
   }
 
   if (t_search == 1) {
-    mtp = new MdbTester(0, 0);
-    rc = mtp->test_mod_search(1);
+    printf("\nt_search 1:\n");
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
+    mtp->test_mod_search(1);
+    mtp->test_provision_search(1000);
+    mtp->test_provision_search(70001);
+    printf("search large data idx 5 which was committed before MAP_FULL ...\n");
+    mtp->largedata_search(5);
     delete mtp;
   }
+
   if (t_search == 2) {
-    mtp = new MdbTester(0, 0);
+    printf("\nt_search 2:\n");
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
     mtp->test_provision_search(100);
     mtp->test_provision_search(701);
     delete mtp;
   }
+
   if (t_search == 3) {
-    mtp = new MdbTester(0, 0);
+    printf("\nt_search 3:\n");
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
     mtp->test_provision_search(100);
     mtp->test_provision_search(201);
     delete mtp;
   }
 
   if (t_search == 4) {
-    // used to test with t_modify == 6
-    mtp->restore_db();
-    mtp = new MdbTester(0, 0, 0);
+    printf("\nt_search 4:\n");
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE, 0);
     mtp->test_provision_search(0);
     mtp->test_provision_search(49999);
     mtp->test_provision_search(50000);
@@ -1035,6 +990,19 @@ main(int argc, char **argv)
     delete mtp;
   }
 
+  if (t_search == 5) {
+    printf("\nt_search 5:\n");
+    mtp = new MdbTester(env_flags, DB_DEFAULT_SIZE>>4, 0);
+
+    mtp->largedata_search(4);
+    mtp->largedata_search(5);
+
+    mtp->test_provision_search(100);
+    mtp->test_provision_search(200);
+    mtp->test_provision_search(255);
+    delete mtp;
+  }
+
   printf("mdb_wal_test completed.\n");
   exit(0);
 }
diff --git a/lwraft/tools/Makefile.am b/lwraft/tools/Makefile.am
index bc107f9ad..7287fdddf 100644
--- a/lwraft/tools/Makefile.am
+++ b/lwraft/tools/Makefile.am
@@ -1,5 +1,6 @@
 SUBDIRS = \
-    test \
+    lwraft-cli \
     lwraftpromo \
+    vdcaclmgr \
     vdcadmintool \
-    vdcleavefed
+    vdcschema
diff --git a/lwraft/tools/lwraft-cli/Makefile.am b/lwraft/tools/lwraft-cli/Makefile.am
new file mode 100644
index 000000000..8f0d5104a
--- /dev/null
+++ b/lwraft/tools/lwraft-cli/Makefile.am
@@ -0,0 +1,35 @@
+bin_PROGRAMS = post-cli
+
+post_cli_SOURCES = \
+    clinode.c  \
+    main.c
+
+post_cli_CPPFLAGS = \
+    -DLDAP_DEPRECATED \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    @DCERPC_INCLUDES@ \
+    @LW_INCLUDES@ \
+    @OPENSSL_INCLUDES@
+
+post_cli_LDADD = \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    $(top_builddir)/lwraft/client/libpostclient.la \
+    @DCERPC_LIBS@ \
+    @LWIO_LIBS@ \
+    @SCHANNEL_LIBS@ \
+    @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
+    @LWREG_LIBS@ \
+    @LWBASE_LIBS@ \
+    @CRYPTO_LIBS@ \
+    @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
+    @GSSAPI_LIBS@ \
+    @LDAP_LIBS@ \
+    @PTHREAD_LIBS@
+
+post_cli_LDFLAGS = \
+    @DCERPC_LDFLAGS@ \
+    @OPENSSL_LDFLAGS@ \
+    @LW_LDFLAGS@
diff --git a/lwraft/tools/lwraft-cli/clinode.c b/lwraft/tools/lwraft-cli/clinode.c
new file mode 100644
index 000000000..406126fc2
--- /dev/null
+++ b/lwraft/tools/lwraft-cli/clinode.c
@@ -0,0 +1,499 @@
+/*
+ * Copyright © 2107 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+RaftCliParsePrincipal(
+    PCSTR pszHostname,
+    PCSTR pszLogin,
+    PSTR* ppszUser,
+    PSTR* ppszDomain
+    );
+
+static
+VOID
+RaftCliPrintClusterNode(
+    PVMDIR_RAFT_CLUSTER pCluster
+    );
+
+static
+VOID
+RaftCliPrintClusterState(
+    PVMDIR_RAFT_CLUSTER pCluster
+    );
+
+DWORD
+RaftCliListNodesA(
+    PCSTR     pszHostName
+    )
+{
+    DWORD     dwError = 0;
+    PVMDIR_RAFT_CLUSTER pCluster = NULL;
+
+    if (IsNullOrEmptyString(pszHostName))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirRaftListCluster(pszHostName, &pCluster);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    RaftCliPrintClusterNode(pCluster);
+
+cleanup:
+    VmDirFreeRaftCluster(pCluster);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+RaftCliShowNodesA(
+    PCSTR     pszHostName,
+    PCSTR     pszLogin,
+    PCSTR     pszPassword
+    )
+{
+    DWORD     dwError = 0;
+    PSTR      pszDomain = NULL;
+    PSTR      pszPassword1 = NULL;
+    PSTR      pszUser = NULL;
+    PCSTR     pszPasswordLocal = pszPassword;
+    PCSTR     pszLoginLocal = pszLogin ? pszLogin : RAFT_LOGIN_DEFAULT;
+    PVMDIR_RAFT_CLUSTER pCluster = NULL;
+
+    if (IsNullOrEmptyString(pszHostName))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = RaftCliParsePrincipal(pszHostName, pszLoginLocal, &pszUser, &pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (!pszPassword)
+    {
+        dwError = RaftCliReadPassword(
+                    pszUser,
+                    pszDomain,
+                    NULL,
+                    &pszPassword1);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pszPasswordLocal = pszPassword1;
+    }
+
+    dwError = VmDirRaftShowClusterState(
+                pszHostName,
+                pszDomain,
+                pszUser,
+                pszPasswordLocal,
+                &pCluster);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    RaftCliPrintClusterState(pCluster);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszUser);
+    VMDIR_SAFE_FREE_MEMORY(pszPassword1);
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+    VmDirFreeRaftCluster(pCluster);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+RaftCliPromoteA(
+    PCSTR     pszPreferredHostName,
+    PCSTR     pszDomain,
+    PCSTR     pszUser,
+    PCSTR     pszPassword
+    )
+{
+    DWORD   dwError = 0;
+    PCSTR   pszLocalUser = pszUser ? pszUser : RAFT_LOGIN_DEFAULT;
+    PSTR    pszPassword1 = NULL;
+    PCSTR   pszLocalPassword = pszPassword;
+
+    if (IsNullOrEmptyString(pszDomain))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (!pszLocalPassword)
+    {
+        dwError = RaftCliReadPassword(
+                    pszUser,
+                    pszDomain,
+                    NULL,
+                    &pszPassword1);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pszLocalPassword = pszPassword1;
+    }
+
+    dwError = VmDirSetupHostInstance(
+                pszDomain,
+                pszPreferredHostName ? pszPreferredHostName : "localhost",
+                pszLocalUser,
+                pszLocalPassword,
+                NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszPassword1);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+RaftCliPromotePartnerA(
+    PCSTR     pszPreferredHostName,
+    PCSTR     pszPartnerName,
+    PCSTR     pszUser,
+    PCSTR     pszPassword
+    )
+{
+    DWORD   dwError = 0;
+    PCSTR   pszLocalUser = pszUser ? pszUser : RAFT_LOGIN_DEFAULT;
+    PCSTR   pszLocalPassword = pszPassword;
+    PSTR    pszPassword1 = NULL;
+    PSTR    pszLeaderNameCanon = NULL;
+    PSTR    pszLeader = NULL;
+    PSTR    pszLocalDomain = NULL;
+
+    if (IsNullOrEmptyString(pszPartnerName))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (!pszLocalPassword)
+    {
+        dwError = VmDirGetDomainName(pszPartnerName, &pszLocalDomain);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = RaftCliReadPassword(
+                    pszLocalUser,
+                    pszLocalDomain,
+                    NULL,
+                    &pszPassword1);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pszLocalPassword = pszPassword1;
+    }
+
+    dwError = VmDirRaftLeader(pszPartnerName, &pszLeader);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetCanonicalHostName(pszLeader, &pszLeaderNameCanon);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirJoin(
+                pszPreferredHostName ? pszPreferredHostName : "localhost",
+                pszLocalUser,
+                pszLocalPassword,
+                NULL,
+                pszLeaderNameCanon,
+                FIRST_REPL_CYCLE_MODE_COPY_DB);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLeaderNameCanon);
+    VMDIR_SAFE_FREE_MEMORY(pszPassword1);
+    VMDIR_SAFE_FREE_MEMORY(pszLocalDomain);
+    VMDIR_SAFE_FREE_MEMORY(pszLeader);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+RaftCliDemoteA(
+    PCSTR     pszHostName,
+    PCSTR     pszLogin,
+    PCSTR     pszPassword,
+    PCSTR     pszLeaveNode
+    )
+{
+    DWORD     dwError = 0;
+    PSTR      pszDomain = NULL;
+    PSTR      pszPassword1 = NULL;
+    PSTR      pszUser = NULL;
+    PCSTR     pszPasswordLocal = pszPassword;
+    PCSTR     pszLoginLocal = pszLogin ? pszLogin : RAFT_LOGIN_DEFAULT;
+
+    if (IsNullOrEmptyString(pszHostName) ||
+        IsNullOrEmptyString(pszLeaveNode))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = RaftCliParsePrincipal(pszHostName, pszLoginLocal, &pszUser, &pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (!pszPassword)
+    {
+        dwError = RaftCliReadPassword(
+                    pszUser,
+                    pszDomain,
+                    NULL,
+                    &pszPassword1);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pszPasswordLocal = pszPassword1;
+    }
+
+    dwError = VmDirRaftLeaveCluster(
+                pszHostName,
+                pszDomain,
+                pszUser,
+                pszPasswordLocal,
+                pszLeaveNode);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszUser);
+    VMDIR_SAFE_FREE_MEMORY(pszPassword1);
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+RaftCliReadPassword(
+    PCSTR pszUser,
+    PCSTR pszDomain,
+    PCSTR pszPrompt,
+    PSTR* ppszPassword
+    )
+{
+    DWORD dwError = 0;
+    struct termios orig, nonecho;
+    CHAR  szPassword[33] = "";
+    PSTR  pszPassword = NULL;
+    DWORD iChar = 0;
+
+    memset(szPassword, 0, sizeof(szPassword));
+
+    if (IsNullOrEmptyString(pszPrompt))
+    {
+        fprintf(stdout, "Enter password for %s@%s: ", pszUser, pszDomain);
+    }
+    else
+    {
+        fprintf(stdout, "%s:", pszPrompt);
+    }
+    fflush(stdout);
+
+    tcgetattr(0, &orig); // get current settings
+    memcpy(&nonecho, &orig, sizeof(struct termios)); // copy settings
+    nonecho.c_lflag &= ~(ECHO); // don't echo password characters
+    tcsetattr(0, TCSANOW, &nonecho); // set current settings to not echo
+
+    // Read up to 32 characters of password
+
+    for (; iChar < sizeof(szPassword); iChar++)
+    {
+        ssize_t nRead = 0;
+        CHAR ch;
+
+        if ((nRead = read(STDIN_FILENO, &ch, 1)) < 0)
+        {
+            dwError = LwErrnoToWin32Error(errno);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        if (nRead == 0 || ch == '\n')
+        {
+            fprintf(stdout, "\n");
+            fflush(stdout);
+            break;
+        }
+        else if (ch == '\b') /* backspace */
+        {
+            if (iChar > 0)
+            {
+                iChar--;
+                szPassword[iChar] = '\0';
+            }
+        }
+        else
+        {
+            szPassword[iChar] = ch;
+        }
+    }
+
+    if (IsNullOrEmptyString(szPassword))
+    {
+        dwError = ERROR_PASSWORD_RESTRICTION;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringA(szPassword, &pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszPassword = pszPassword;
+
+cleanup:
+
+    tcsetattr(0, TCSANOW, &orig);
+
+    return dwError;
+
+error:
+
+    *ppszPassword = NULL;
+
+    goto cleanup;
+}
+
+static
+DWORD
+RaftCliParsePrincipal(
+    PCSTR pszHostname,
+    PCSTR pszLogin,
+    PSTR* ppszUser,
+    PSTR* ppszDomain
+    )
+{
+    DWORD dwError = 0;
+    PCSTR pszCursor = NULL;
+    PSTR  pszUser = NULL;
+    PSTR  pszDomain = NULL;
+
+    if (IsNullOrEmptyString(pszLogin) || *pszLogin == '@'
+            || !ppszUser || !ppszDomain)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!(pszCursor = strchr(pszLogin, '@')) || !pszCursor++)
+    {
+        dwError = VmDirGetDomainName(pszHostname, &pszDomain);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+
+        dwError = VmDirAllocateStringA(pszLogin, &pszUser);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        size_t len = pszCursor-pszLogin-1;
+        int i = 0;
+
+        dwError = VmDirAllocateStringA(pszCursor, &pszDomain);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAllocateMemory(len+1, (PVOID*)&pszUser);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (; i < len; i++)
+        {
+            pszUser[i] = pszLogin[i];
+        }
+    }
+
+    *ppszUser = pszUser;
+    *ppszDomain = pszDomain;
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    *ppszUser = NULL;
+    *ppszDomain = NULL;
+
+    VMDIR_SAFE_FREE_MEMORY(pszUser);
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+
+    goto cleanup;
+}
+
+static
+VOID
+RaftCliPrintClusterNode(
+    PVMDIR_RAFT_CLUSTER pCluster
+    )
+{
+    PVMDIR_RAFT_NODE    pNode = NULL;
+
+    fprintf(stdout,
+            "\nRaft leader:\n    %s\n\n",
+            pCluster->pszLeader ? pCluster->pszLeader:"N/A");
+
+    fprintf(stdout, "Raft follower:\n");
+    for (pNode = pCluster->pNode; pNode; pNode=pNode->pNext)
+    {
+        if (pNode->role == VMDIRD_RAFT_ROLE_FOLLOWER)
+        {
+            fprintf(stdout, "    %s\n", pNode->pszName);
+        }
+    }
+    fprintf(stdout, "\n");
+
+    fprintf(stdout, "Raft offline or candidate member:\n");
+    for (pNode = pCluster->pNode; pNode; pNode=pNode->pNext)
+    {
+        if (pNode->role == VMDIRD_RAFT_ROLE_CANDIDATE)
+        {
+            fprintf(stdout, "    %s\n", pNode->pszName);
+        }
+    }
+
+    fprintf(stdout,
+            "\n\n%-5d active followers\n%-5d nodes in Raft Cluster\n\n",
+            pCluster->dwNumActiveFollower,
+            pCluster->dwNumMmember);
+}
+
+static
+VOID
+RaftCliPrintClusterState(
+    PVMDIR_RAFT_CLUSTER pCluster
+    )
+{
+    PVMDIR_RAFT_NODE    pNode = NULL;
+
+    fprintf(stdout,
+            "\n%-30s %-10s %-6s %-15s %-15s\n",
+            "Node Name", "Role", "Term", "LastIndex", "LastAppliedIndex");
+    fprintf(stdout,
+            "%-30s %-10s %-6s %-15s %-15s\n",
+            "------------------------------", "----------", "------", "---------------", "----------------");
+
+    for (pNode = pCluster->pNode; pNode; pNode=pNode->pNext)
+    {
+        fprintf(stdout,
+                "%-30s %-10s %-6lu %-15lu %-15lu\n",
+                pNode->pszName,
+                pNode->role == VMDIRD_RAFT_ROLE_LEADER ? "Leader": (pNode->role == VMDIRD_RAFT_ROLE_FOLLOWER ? "Follower":"Member"),
+                pNode->iRaftTerm,
+                pNode->iLastLogIndex,
+                pNode->iLastAppliedIndex);
+    }
+    fprintf(stdout, "\n");
+}
diff --git a/lwraft/tools/lwraft-cli/defines.h b/lwraft/tools/lwraft-cli/defines.h
new file mode 100644
index 000000000..d46618240
--- /dev/null
+++ b/lwraft/tools/lwraft-cli/defines.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+typedef enum
+{
+    LWRAFT_DIR_COMMAND_UNKNOWN = 0,
+    LWRAFT_DIR_COMMAND_NODE_STATE,
+    LWRAFT_DIR_COMMAND_NODE_PROMOTE,
+    LWRAFT_DIR_COMMAND_NODE_DEMOTE,
+    LWRAFT_DIR_COMMAND_NODE_LIST,
+} LWRAFT_NODE_COMMAND;
+
+#define RAFT_LOGIN_DEFAULT           "administrator"
+
+
+#define ERROR_LOCAL_BASE                            (100000)
+#define ERROR_LOCAL_PASSWORDFILE_CANNOT_OPEN        (ERROR_LOCAL_BASE + 1)
+#define ERROR_LOCAL_PASSWORDFILE_CANNOT_READ        (ERROR_LOCAL_BASE + 2)
+#define ERROR_LOCAL_PASSWORD_EMPTY                  (ERROR_LOCAL_BASE + 3)
+
diff --git a/lwraft/tools/lwraft-cli/includes.h b/lwraft/tools/lwraft-cli/includes.h
new file mode 100644
index 000000000..a6e66ad45
--- /dev/null
+++ b/lwraft/tools/lwraft-cli/includes.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <config.h>
+
+#include <vmdirsys.h>
+#include <ldap.h>
+#include <lber.h>
+
+#include <vmdir.h>
+#include <vmdirtypes.h>
+#include <vmdirdefines.h>
+#include <vmdirerrors.h>
+#include <vmdircommon.h>
+#include <vmdirclient.h>
+#include "prototypes.h"
+#include "defines.h"
diff --git a/lwraft/tools/lwraft-cli/main.c b/lwraft/tools/lwraft-cli/main.c
new file mode 100644
index 000000000..5f4545962
--- /dev/null
+++ b/lwraft/tools/lwraft-cli/main.c
@@ -0,0 +1,610 @@
+/*
+ * Copyright �  2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+ParseArgs(
+    int   argc,
+    char* argv[]
+    );
+
+static
+void
+ShowUsage(
+    VOID
+    );
+
+static
+DWORD
+RaftCliExecNodePrincipalRequest(
+    int   argc,
+    char* argv[]
+    );
+
+int
+main(int argc, char* argv[])
+{
+    DWORD   dwError = 0;
+    int     retCode = 0;
+    PCSTR   pszErrorMsg = NULL;
+    PSTR    pszErrorDesc = NULL;
+
+    setlocale(LC_ALL, "");
+
+    // TODO, should switch to use VmDirParseArguments.  See vmdir/tool/vdcschema/parseargs.c for example.
+    dwError = ParseArgs(argc, argv);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+
+    VMDIR_SAFE_FREE_STRINGA(pszErrorDesc);
+    return dwError;
+
+error:
+
+    switch (dwError)
+    {
+        case VMDIR_ERROR_OPTION_UNKNOWN:
+            retCode = 2;
+            pszErrorMsg = "An unknown option was present on the command line.";
+            break;
+        case VMDIR_ERROR_OPTION_INVALID:
+            retCode = 3;
+            pszErrorMsg = "The options present on the command line are not valid.";
+            break;
+        case ERROR_LOCAL_PASSWORDFILE_CANNOT_OPEN:
+            retCode = 4;
+            pszErrorMsg = "Could not open password file.\nVerify the path is correct.";
+            break;
+        case ERROR_LOCAL_PASSWORDFILE_CANNOT_READ:
+            retCode = 5;
+            pszErrorMsg = "Problem reading password file.\nVerify contents of password file.";
+            break;
+        case ERROR_LOCAL_PASSWORD_EMPTY:
+            retCode = 6;
+            pszErrorMsg = "Invalid password; password cannot be empty.";
+            break;
+        case VMDIR_ERROR_CANNOT_CONNECT_VMDIR:
+            retCode = 21;
+            pszErrorMsg = "Could not connect to the local Persistent Objectstore Service.";
+            break;
+        case VMDIR_ERROR_SERVER_DOWN:
+            retCode = 23;
+            pszErrorMsg = "Could not connect to Persistent Objectstore Service.";
+            break;
+        case VMDIR_ERROR_USER_INVALID_CREDENTIAL:
+            retCode = 24;
+            pszErrorMsg = "Authentication to Persistent Objectstore Service failed.";
+            break;
+        case VMDIR_ERROR_ACCESS_DENIED:
+            retCode = 25;
+            pszErrorMsg = "Authorization failed.";
+            break;
+        case VMDIR_ERROR_NO_LEADER:
+            retCode = 26;
+            pszErrorMsg = "No raft leader.";
+            break;
+        case VMDIR_ERROR_ALREADY_PROMOTED:
+            retCode = 26;
+            pszErrorMsg = "Node already promoted.";
+            break;
+        case VMDIR_ERROR_UNWILLING_TO_PERFORM:
+            retCode = 27;
+            pszErrorMsg = "Server is unwilling to perform request.";
+            break;
+        case VMDIR_ERROR_UNAVAILABLE:
+            retCode = 28;
+            pszErrorMsg = "Server is not available.";
+            break;
+        default:
+            VmDirGetErrorMessage(dwError, &pszErrorDesc);
+            retCode = 1;
+    }
+
+    fprintf(
+        stderr,
+        "\n%s failed, error=%d %s %u\n",
+        argv[0],
+        retCode,
+        pszErrorMsg ? pszErrorMsg : VDIR_SAFE_STRING(pszErrorDesc),
+        dwError);
+
+
+    goto cleanup;
+}
+
+static
+DWORD
+ParseArgs(
+    int   argc,
+    char* argv[]
+    )
+{
+    DWORD dwError = 0;
+    DWORD iArg = 0;
+    DWORD dwArgsLeft = argc;
+    PSTR  pszArg = NULL;
+
+    if (!argc || !argv)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    /*
+     * Skipping the first argument
+     */
+    iArg++;
+    dwArgsLeft--;
+
+    /*
+     * case : No arguments provided
+     */
+    if (!dwArgsLeft)
+    {
+        dwError = VMDIR_ERROR_OPTION_INVALID;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    /*
+     * pszArg represents current argument that is being scanned and processed
+     */
+    pszArg = argv[iArg++];
+    dwArgsLeft--;
+
+    /*
+     * The first argument is the principal argument. Depending on this argument
+     * appropriate handler is called
+     */
+
+    if (!VmDirStringCompareA(pszArg, "help", TRUE))
+    {
+        ShowUsage();
+    }
+    else if (!VmDirStringNCompareA(pszArg, "node", VmDirStringLenA("node"), TRUE))
+    {
+        dwError = RaftCliExecNodePrincipalRequest(
+                        dwArgsLeft,
+                        dwArgsLeft > 0 ? &argv[iArg] : NULL);
+    }
+    else
+    {
+        dwError = VMDIR_ERROR_OPTION_UNKNOWN;
+    }
+
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    if (dwError == VMDIR_ERROR_INVALID_PARAMETER ||
+        dwError == VMDIR_ERROR_OPTION_UNKNOWN ||
+        dwError == VMDIR_ERROR_OPTION_INVALID)
+    {
+        ShowUsage();
+    }
+
+    goto cleanup;
+}
+
+static
+DWORD
+RaftCliExecNodePrincipalRequest(
+    int   argc,
+    char* argv[]
+    )
+{
+    DWORD dwError= 0;
+    DWORD idx = 0;
+
+    PSTR pszServerName = NULL;
+    PSTR pszLogin = NULL;
+    PSTR pszPassword = NULL;
+    PSTR pszDomain = NULL;
+    PSTR pszPartnerName = NULL;
+    PSTR pszDemoteName = NULL;
+    PSTR pszPreferredHostName = NULL;
+
+    typedef enum
+    {
+        PARSE_MODE_OPEN = 0,
+        PARSE_MODE_LIST,
+        PARSE_MODE_DEMOTE,
+        PARSE_MODE_PROMOTE,
+        PARSE_MODE_STATE
+    } PARSE_MODE;
+
+    typedef enum
+    {
+        PARSE_SUB_MODE_OPEN = 0,
+        PARSE_SUB_MODE_SERVER_NAME,
+        PARSE_SUB_MODE_USER_NAME,
+        PARSE_SUB_MODE_PASSWORD,
+        PARSE_SUB_MODE_DOMAIN_NAME,
+        PARSE_SUB_MODE_PARTNER_NAME,
+        PARSE_SUB_MODE_DEMOTE_NAME,
+        PARSE_SUB_MODE_PREFERRED_HOST_NAME
+    } PARSE_SUB_MODE;
+
+    /*
+     * Initializing to default values
+     */
+    PARSE_MODE          mode    = PARSE_MODE_OPEN;
+    PARSE_SUB_MODE      submode = PARSE_SUB_MODE_OPEN;
+    LWRAFT_NODE_COMMAND  command = LWRAFT_DIR_COMMAND_UNKNOWN;
+
+    /*
+     * @Todo:Add unit test for error message
+     */
+    if (!argc)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    /*
+     * Iterate over all arguments recursively.
+     *  1. Scan the first level - List, Demote, Promote, Show
+     *  2. Gather required sub-arguments
+     */
+    for (; idx < argc; idx++)
+    {
+        PSTR pszArg = argv[idx];
+
+        switch (mode)
+        {
+            case PARSE_MODE_OPEN:
+
+                if (!VmDirStringCompareA(pszArg, "demote", TRUE))
+                {
+                    command = LWRAFT_DIR_COMMAND_NODE_DEMOTE;
+                    mode = PARSE_MODE_DEMOTE;
+                }
+                else if (!VmDirStringCompareA(pszArg, "list", TRUE))
+                {
+                    command = LWRAFT_DIR_COMMAND_NODE_LIST;
+                    mode = PARSE_MODE_LIST;
+                }
+                else if (!VmDirStringCompareA(pszArg, "promote", TRUE))
+                {
+                    command = LWRAFT_DIR_COMMAND_NODE_PROMOTE;
+                    mode = PARSE_MODE_PROMOTE;
+                }
+                else if (!VmDirStringCompareA(pszArg, "state", TRUE))
+                {
+                    command = LWRAFT_DIR_COMMAND_NODE_STATE;
+                    mode = PARSE_MODE_STATE;
+                }
+                else
+                {
+                    BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_OPTION_INVALID);
+                }
+                break;
+
+
+            case PARSE_MODE_LIST:
+
+                switch (submode)
+                {
+                    case PARSE_SUB_MODE_OPEN:
+
+                        if (!VmDirStringCompareA(pszArg, "--server-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_SERVER_NAME;
+                        }
+                        else
+                        {
+                            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+                        }
+                        break;
+
+                    case PARSE_SUB_MODE_SERVER_NAME:
+
+                        pszServerName = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    default:
+
+                        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_OPTION_INVALID);
+                        break;
+                }
+
+                break;
+
+            case PARSE_MODE_STATE:
+
+                switch (submode)
+                {
+                    case PARSE_SUB_MODE_OPEN:
+
+                        if (!VmDirStringCompareA(pszArg, "--login", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_USER_NAME;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--password", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_PASSWORD;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--server-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_SERVER_NAME;
+                        }
+                        else
+                        {
+                            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+                        }
+                        break;
+
+                    case PARSE_SUB_MODE_SERVER_NAME:
+
+                        pszServerName = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_USER_NAME:
+
+                        pszLogin = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_PASSWORD:
+
+                        pszPassword = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    default:
+
+                        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_OPTION_INVALID);
+                        break;
+                }
+
+                break;
+
+
+            case PARSE_MODE_PROMOTE:
+
+                switch (submode)
+                {
+                    case PARSE_SUB_MODE_OPEN:
+
+                        if (!VmDirStringCompareA(pszArg, "--password", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_PASSWORD;
+                        }
+                        //else if (!VmDirStringCompareA(pszArg, "--administrator", TRUE))
+                        //{
+                        //    submode = PARSE_SUB_MODE_USER_NAME;
+                        //}
+                        else if (!VmDirStringCompareA(pszArg, "--domain-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_DOMAIN_NAME;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--partner-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_PARTNER_NAME;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--host-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_PREFERRED_HOST_NAME;
+                        }
+                        else
+                        {
+                            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+                        }
+                        break;
+
+                    case PARSE_SUB_MODE_DOMAIN_NAME:
+
+                        pszDomain = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_USER_NAME:
+
+                        pszLogin = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_PASSWORD:
+
+                        pszPassword = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_PARTNER_NAME:
+
+                        pszPartnerName = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_PREFERRED_HOST_NAME:
+
+                        pszPreferredHostName = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    default:
+
+                        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_OPTION_INVALID);
+                        break;
+
+                }
+
+                break;
+
+
+            case PARSE_MODE_DEMOTE:
+
+                switch (submode)
+                {
+                    case PARSE_SUB_MODE_OPEN:
+
+                        if (!VmDirStringCompareA(pszArg, "--login", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_USER_NAME;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--password", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_PASSWORD;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--server-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_SERVER_NAME;
+                        }
+                        else if (!VmDirStringCompareA(pszArg, "--demote-host-name", TRUE))
+                        {
+                            submode = PARSE_SUB_MODE_DEMOTE_NAME;
+                        }
+                        else
+                        {
+                            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+                        }
+                        break;
+
+                    case PARSE_SUB_MODE_SERVER_NAME:
+
+                        pszServerName = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_USER_NAME:
+
+                        pszLogin = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    case PARSE_SUB_MODE_PASSWORD:
+
+                        pszPassword = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+                    case PARSE_SUB_MODE_DEMOTE_NAME:
+
+                        pszDemoteName = pszArg;
+                        submode = PARSE_SUB_MODE_OPEN;
+                        break;
+
+                    default:
+
+                        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_OPTION_INVALID);
+                        break;
+
+                }
+
+                break;
+
+
+            default:
+                dwError = VMDIR_ERROR_INVALID_STATE;
+                BAIL_ON_VMDIR_ERROR(dwError);
+                break;
+
+        }
+    }
+
+    switch (command)
+    {
+        case LWRAFT_DIR_COMMAND_NODE_STATE:
+
+            dwError = RaftCliShowNodesA(pszServerName, pszLogin, pszPassword);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            break;
+
+        case LWRAFT_DIR_COMMAND_NODE_LIST:
+
+            dwError = RaftCliListNodesA(pszServerName);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            break;
+
+        case LWRAFT_DIR_COMMAND_NODE_DEMOTE:
+
+            dwError = RaftCliDemoteA(pszServerName, pszLogin, pszPassword, pszDemoteName);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            printf("Persistent Objectstore Service instance %s is removed from cluster successfully.\n", pszDemoteName);
+            break;
+
+        case LWRAFT_DIR_COMMAND_NODE_PROMOTE:
+
+            printf("Initializing Persistent Objectstore Service instance ... \n");
+
+            if ((pszDomain && pszPartnerName) || (!pszDomain && !pszPartnerName))
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_OPTION_INVALID);
+            }
+            else if (pszDomain)
+            {
+                dwError = RaftCliPromoteA(pszPreferredHostName, pszDomain, pszLogin, pszPassword);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+            else if (pszPartnerName)
+            {
+                dwError = RaftCliPromotePartnerA(pszPreferredHostName, pszPartnerName, pszLogin, pszPassword);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+
+            printf("Persistent Objectstore Service instance created successfully\n");
+            break;
+
+        default:
+
+            dwError = VMDIR_ERROR_INVALID_STATE;
+            break;
+    }
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    goto cleanup;
+}
+
+static
+void
+ShowUsage(
+    VOID
+    )
+{
+    fprintf(
+        stdout,
+        "Usage: post-cli { arguments }\n\n"
+        "Arguments:\n\n"
+        "\tnode list    --server-name      <host name>\n\n"
+
+        "\tnode state   --server-name      <host name>\n"
+        "\t             --login            <user@domain>\n"
+        "\t             --password         <password>\n\n"
+
+        "\tnode promote --password         <password>\n"
+ //       "\t            [--administrator    <user name> default to \"administrator\"]\n"
+        "\t            [--host-name        <host name> preferred Lightwave POST host name, can be FQDN or IP]\n"
+        "\t            [--domain-name      <domain name>      (for first node deployment)\n"
+        "\t             or \n"
+        "\t             --partner-name     <host of partner>  (for other nodes deployment)]\n\n"
+
+        "\tnode demote  --server-name      <host name>\n"
+        "\t             --login            <user@domain>\n"
+        "\t             --password         <password>\n"
+        "\t             --demote-host-name <host to demote>]\n\n"
+        "\thelp\n");
+}
+
diff --git a/lwraft/tools/lwraft-cli/prototypes.h b/lwraft/tools/lwraft-cli/prototypes.h
new file mode 100644
index 000000000..c65c33f3a
--- /dev/null
+++ b/lwraft/tools/lwraft-cli/prototypes.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// clinode.c
+
+DWORD
+RaftCliReadPassword(
+    PCSTR pszUser,
+    PCSTR pszDomain,
+    PCSTR pszPrompt,
+    PSTR* ppszPassword
+    );
+
+DWORD
+RaftCliListNodesA(
+    PCSTR     pszHostName
+    );
+
+DWORD
+RaftCliShowNodesA(
+    PCSTR     pszHostName,
+    PCSTR     pszLogin,
+    PCSTR     pszPassword
+    );
+
+DWORD
+RaftCliPromoteA(
+    PCSTR     pszHostName,
+    PCSTR     pszDomain,
+    PCSTR     pszLogin,
+    PCSTR     pszPassword
+    );
+
+DWORD
+RaftCliPromotePartnerA(
+    PCSTR     pszHostName,
+    PCSTR     pszPartnerName,
+    PCSTR     pszLogin,
+    PCSTR     pszPassword
+    );
+
+DWORD
+RaftCliDemoteA(
+    PCSTR     pszHostName,
+    PCSTR     pszLogin,
+    PCSTR     pszPassword,
+    PCSTR     pszLeaveNode
+    );
diff --git a/lwraft/tools/lwraftpromo/Makefile.am b/lwraft/tools/lwraftpromo/Makefile.am
index 641b21812..41fbf6d08 100644
--- a/lwraft/tools/lwraftpromo/Makefile.am
+++ b/lwraft/tools/lwraftpromo/Makefile.am
@@ -5,23 +5,25 @@ lwraftpromo_SOURCES = \
     main.c
 
 lwraftpromo_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 lwraftpromo_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    $(top_builddir)/lwraft/client/libpostclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@ \
     @PTHREAD_LIBS@
diff --git a/lwraft/tools/test/Makefile.am b/lwraft/tools/test/Makefile.am
deleted file mode 100644
index 85a3a2c3d..000000000
--- a/lwraft/tools/test/Makefile.am
+++ /dev/null
@@ -1,8 +0,0 @@
-SUBDIRS = \
-    circularbuffer  \
-    dequetest       \
-    parseargs       \
-    registry        \
-    string          \
-    vmdirclienttest
-
diff --git a/lwraft/tools/test/circularbuffer/Makefile.am b/lwraft/tools/test/circularbuffer/Makefile.am
deleted file mode 100644
index 69bc1d4e1..000000000
--- a/lwraft/tools/test/circularbuffer/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-bin_PROGRAMS = circularbuffertest
-
-circularbuffertest_SOURCES = \
-    main.c
-
-circularbuffertest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-circularbuffertest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-circularbuffertest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/test/circularbuffer/includes.h b/lwraft/tools/test/circularbuffer/includes.h
deleted file mode 100644
index d5cbf5cc1..000000000
--- a/lwraft/tools/test/circularbuffer/includes.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
diff --git a/lwraft/tools/test/circularbuffer/main.c b/lwraft/tools/test/circularbuffer/main.c
deleted file mode 100644
index 91ae4f2a2..000000000
--- a/lwraft/tools/test/circularbuffer/main.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
-
-typedef struct _TEST_ELEMENT
-{
-    PCSTR   name;
-    int     age;
-} TEST_ELEMENT, *PTEST_ELEMENT;
-int             arrLen = 5;
-TEST_ELEMENT    arrTestData[] = {
-                            {"user1", 1},
-                            {"user2", 2},
-                            {"user3", 3},
-                            {"user4", 4},
-                            {"user5", 5}};
-
-void FillBuffer(
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer,
-    UINT Count
-    )
-{
-    UINT i = 0;
-
-    for (; i < Count; ++i)
-    {
-        PTEST_ELEMENT Destination = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-        PTEST_ELEMENT Source;
-
-        Source = &arrTestData[i % 5];
-        Destination->name = Source->name;
-        Destination->age = Source->age;
-    }
-}
-
-BOOLEAN Callback(PVOID Element, PVOID Context)
-{
-    PTEST_ELEMENT TestElement = (PTEST_ELEMENT)Element;
-    PTEST_ELEMENT ReferenceElement = (PTEST_ELEMENT)Context;
-
-    ASSERT(TestElement->age == ReferenceElement->age);
-    ASSERT(strcmp(TestElement->name, ReferenceElement->name) == 0);
-
-    return TRUE;
-}
-
-void TestCleanupOfValidCircularBuffer()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
-    DWORD dwError = 0;
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    VmDirCircularBufferFree(pCircularBuffer);
-}
-
-void TestCleanupOfNullCircularBuffer()
-{
-    VmDirCircularBufferFree(NULL);
-}
-
-void TestSingleElement()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
-    DWORD dwError = 0;
-    PTEST_ELEMENT Element = NULL;
-
-    printf("TestSingleElement() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[0].name;
-    Element->age = arrTestData[0].age;
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 1, Callback, &arrTestData[0]);
-    ASSERT(dwError == 0);
-
-    VmDirCircularBufferFree(pCircularBuffer);
-}
-
-void TestWrap()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
-    PTEST_ELEMENT Element;
-    DWORD dwError = 0;
-
-    printf("TestWrap() ...\n");
-
-    dwError = VmDirCircularBufferCreate(3, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[0].name;
-    Element->age = arrTestData[0].age;
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[1].name;
-    Element->age = arrTestData[1].age;
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[2].name;
-    Element->age = arrTestData[2].age;
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[3].name;
-    Element->age = arrTestData[3].age;
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 1, Callback, &arrTestData[1]);
-    ASSERT(dwError == 0);
-
-    VmDirCircularBufferFree(pCircularBuffer);
-}
-
-void TestZeroSizedBufferShouldFail()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestZeroSizedBufferShouldFail() ...\n");
-
-    dwError = VmDirCircularBufferCreate(0, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError != 0);
-}
-
-void TestOverflowSizedBufferShouldFail()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestOverFlowSizedBufferShouldFail() ...\n");
-
-    dwError = VmDirCircularBufferCreate((0XFFFFFFFF / sizeof(TEST_ELEMENT)) + 2, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError != 0);
-}
-
-void TestMakeCapacityBiggerShouldSucceed()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestMakeCapacityBiggerShouldSucceed() ...\n");
-
-    dwError = VmDirCircularBufferCreate(2, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    dwError = VmDirCircularBufferSetCapacity(pCircularBuffer, 4);
-    ASSERT(dwError == 0);
-}
-
-void TestMakeCapacitySmallerShouldSucceed()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestMakeCapacitySmallerShouldSucceed() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 4);
-
-    dwError = VmDirCircularBufferSetCapacity(pCircularBuffer, 2);
-    ASSERT(pCircularBuffer->dwCapacity == 2);
-    ASSERT(dwError == 0);
-    ASSERT(pCircularBuffer->dwHead < pCircularBuffer->dwCapacity);
-}
-
-BOOLEAN Callback2(PVOID Element, PVOID Context)
-{
-    PDWORD pdwCount = (PDWORD)Context;
-
-    switch (*pdwCount)
-    {
-        case 0:
-        ASSERT(memcmp(Element, &arrTestData[3], sizeof(TEST_ELEMENT)) == 0);
-        break;
-
-        case 1:
-        ASSERT(memcmp(Element, &arrTestData[4], sizeof(TEST_ELEMENT)) == 0);
-        break;
-
-        case 2:
-        ASSERT(memcmp(Element, &arrTestData[0], sizeof(TEST_ELEMENT)) == 0);
-        break;
-
-        case 3:
-        ASSERT(memcmp(Element, &arrTestData[1], sizeof(TEST_ELEMENT)) == 0);
-        break;
-    }
-
-    *pdwCount += 1;
-    return TRUE;
-}
-
-void TestSelectReturnsCorrectElementsInCorrectOrder()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-    DWORD dwCount = 0;
-
-    printf("TestSelectReturnsCorrectElementsInCorrectOrder() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 7);
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 4, Callback2, &dwCount);
-    ASSERT(dwError == 0);
-}
-
-BOOLEAN CountingCallback(PVOID Element, PVOID Context)
-{
-    PDWORD pdwCount = (PDWORD)Context;
-    PTEST_ELEMENT TestElement = (PTEST_ELEMENT)Element;
-
-    if (TestElement->age == 3)
-    {
-        return FALSE;
-    }
-
-    *pdwCount += 1;
-    return TRUE;
-}
-
-void TestSelectReturnsWhenCallbackReturnsFalse()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-    DWORD dwCount = 0;
-
-    printf("TestSelectReturnsWhenCallbackReturnsFalse() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 4);
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 4, CountingCallback, &dwCount);
-    ASSERT(dwError == 0);
-    ASSERT(dwCount == 2);
-}
-
-void TestSelectTooManyElementsQuietlySucceeds()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-    DWORD dwCount = 0;
-
-    printf("TestSelectTooManyElementsQuietlySucceeds() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 4);
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 20, CountingCallback, &dwCount);
-    ASSERT(dwError == 0);
-}
-
-int
-main(int argc, char* argv[])
-{
-    TestSingleElement();
-    TestWrap();
-
-    TestZeroSizedBufferShouldFail();
-    TestOverflowSizedBufferShouldFail();
-    TestMakeCapacityBiggerShouldSucceed();
-    TestMakeCapacitySmallerShouldSucceed();
-    TestSelectReturnsCorrectElementsInCorrectOrder();
-    TestSelectReturnsWhenCallbackReturnsFalse();
-    TestSelectTooManyElementsQuietlySucceeds();
-    TestCleanupOfValidCircularBuffer();
-    TestCleanupOfNullCircularBuffer();
-
-    return 0;
-}
diff --git a/lwraft/tools/test/dequetest/Makefile.am b/lwraft/tools/test/dequetest/Makefile.am
deleted file mode 100644
index 59e797bb9..000000000
--- a/lwraft/tools/test/dequetest/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = dequetest
-
-dequetest_SOURCES = \
-    main.c
-
-dequetest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-dequetest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-dequetest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/test/dequetest/includes.h b/lwraft/tools/test/dequetest/includes.h
deleted file mode 100644
index a182442b5..000000000
--- a/lwraft/tools/test/dequetest/includes.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
diff --git a/lwraft/tools/test/dequetest/main.c b/lwraft/tools/test/dequetest/main.c
deleted file mode 100644
index 3be6a51cc..000000000
--- a/lwraft/tools/test/dequetest/main.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-typedef struct _TEST_ELEMENT
-{
-    PCSTR   name;
-    int     age;
-} TEST_ELEMENT, *PTEST_ELEMENT;
-int             arrLen = 5;
-TEST_ELEMENT    arrTestData[] = {
-                            {"user1", 1},
-                            {"user2", 2},
-                            {"user3", 3},
-                            {"user4", 4},
-                            {"user5", 5}};
-DWORD
-testEmpty(PDEQUE pDeque)
-{
-    DWORD           dwError = 0;
-    PTEST_ELEMENT   pElement = NULL;
-    //Test case: pop from empty queue
-    printf("\nTest empty deque...\n");
-    if (!dequeIsEmpty(pDeque))
-    {
-        printf("deque is not NULL.\n");
-        goto error;
-    }
-
-    dwError = dequePopLeft(pDeque, (PVOID*)&pElement);
-    if (dwError != ERROR_NO_MORE_ITEMS)
-    {
-        printf("PopLeft is not NULL from empty queue.\n");
-        goto error;
-    }
-    else
-    {
-        dwError = 0;
-    }
-
-cleanup:
-    printf("Test empty finished.\n");
-    return dwError;
-error:
-    goto cleanup;
-}
-
-DWORD
-testQueue(PDEQUE pDeque)
-{
-    DWORD           dwError = 0;
-    PTEST_ELEMENT   pElement = NULL;
-    int             i=0;
-
-    printf("\nTesting Queue...\n");
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePush(pDeque, &arrTestData[i]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePopLeft(pDeque, (PVOID*)&pElement);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        if(pElement != &arrTestData[i])
-        {
-            printf("test failed.\n");
-            dwError = 1;
-            goto error;
-        }
-        printf("Name: %s, Age: %d\n", pElement->name, pElement->age);
-    }
-
-cleanup:
-    printf("testQueue finished.\n");
-    return dwError;
-error:
-    goto cleanup;
-}
-
-DWORD
-testStack(PDEQUE pDeque)
-{
-    DWORD           dwError = 0;
-    PTEST_ELEMENT   pElement = NULL;
-    int             i=0;
-
-    printf("\nTesting Stack...\n");
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePush(pDeque, &arrTestData[i]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePop(pDeque, (PVOID*)&pElement);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        if(pElement != &arrTestData[arrLen-i-1])
-        {
-            printf("test failed.\n");
-            dwError = 1;
-            goto error;
-        }
-        printf("Name: %s, Age: %d\n", pElement->name, pElement->age);
-    }
-
-cleanup:
-    printf("testStack finished.\n");
-    return dwError;
-error:
-    goto cleanup;
-}
-
-int
-main(int argc, char* argv[])
-{
-    DWORD           dwError = 0;
-    PDEQUE          pDeque = NULL;
-
-    dwError = dequeCreate(&pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testEmpty(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testQueue(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testStack(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testEmpty(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    if (pDeque)
-    {
-        dequeFree(pDeque);
-    }
-
-    return dwError;
-error:
-
-    goto cleanup;
-}
diff --git a/lwraft/tools/test/parseargs/Makefile.am b/lwraft/tools/test/parseargs/Makefile.am
deleted file mode 100644
index 5f9dc194e..000000000
--- a/lwraft/tools/test/parseargs/Makefile.am
+++ /dev/null
@@ -1,28 +0,0 @@
-bin_PROGRAMS = parseargstest
-
-parseargstest_SOURCES = \
-    parseargs.c \
-    main.c
-
-parseargstest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-parseargstest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-parseargstest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/test/parseargs/defines.h b/lwraft/tools/test/parseargs/defines.h
deleted file mode 100644
index 1dd9f861c..000000000
--- a/lwraft/tools/test/parseargs/defines.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
diff --git a/lwraft/tools/test/parseargs/includes.h b/lwraft/tools/test/parseargs/includes.h
deleted file mode 100644
index b463f9688..000000000
--- a/lwraft/tools/test/parseargs/includes.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <config.h>
-#include <vmdirsys.h>
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
-#include "defines.h"
-#include "prototypes.h"
diff --git a/lwraft/tools/test/parseargs/main.c b/lwraft/tools/test/parseargs/main.c
deleted file mode 100644
index 41bec360a..000000000
--- a/lwraft/tools/test/parseargs/main.c
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-int
-main(int argc, char* argv[])
-{
-    TestVmDirParseArguments();
-    return 0;
-}
diff --git a/lwraft/tools/test/parseargs/parseargs.c b/lwraft/tools/test/parseargs/parseargs.c
deleted file mode 100644
index e5bbb2d2f..000000000
--- a/lwraft/tools/test/parseargs/parseargs.c
+++ /dev/null
@@ -1,1355 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-typedef struct
-{
-    PSTR pszString;
-    DWORD dwInteger;
-    BOOLEAN bTriggered;
-    BOOLEAN bShowUsageTriggered;
-    BOOLEAN bPostValidationCallbackTriggered;
-    BOOLEAN bReturnFailure;
-    DWORD dwStringCallbackCount;
-    DWORD dwIntegerCallbackCount;
-    DWORD dwNoneCallbackCount;
-} COMMAND_LINE_PARAMETER_STATE, *PCOMMAND_LINE_PARAMETER_STATE;
-
-
-DWORD
-PostValidateParameters(
-    PVOID pvParameter
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE State = (PCOMMAND_LINE_PARAMETER_STATE)pvParameter;
-
-    State->bPostValidationCallbackTriggered = TRUE;
-
-    if (State->bReturnFailure)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-    else
-    {
-        return 0;
-    }
-}
-
-VOID
-ShowUsage(
-    PVOID pvParameter
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE State = (PCOMMAND_LINE_PARAMETER_STATE)pvParameter;
-
-    State->bShowUsageTriggered = TRUE;
-}
-
-DWORD
-HandleStringParameter(
-    PVOID pContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE ParameterState = (PCOMMAND_LINE_PARAMETER_STATE)pContext;
-
-    ParameterState->pszString = (PSTR)pValue;
-    ParameterState->dwStringCallbackCount++;
-    return 0;
-}
-
-DWORD
-HandleIntegerParameter(
-    PVOID pContext,
-    DWORD dwValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE ParameterState = (PCOMMAND_LINE_PARAMETER_STATE)pContext;
-
-    ParameterState->dwInteger = dwValue;
-    ParameterState->dwIntegerCallbackCount++;
-    return 0;
-}
-
-DWORD
-HandleNoParameter(
-    PVOID pContext
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE ParameterState = (PCOMMAND_LINE_PARAMETER_STATE)pContext;
-
-    ParameterState->bTriggered = TRUE;
-    ParameterState->dwNoneCallbackCount++;
-
-    return 0;
-}
-
-VMDIR_COMMAND_LINE_OPTIONS CommandLineOptions =
-{
-    ShowUsage,
-    PostValidateParameters,
-    {
-        {'s', "string1", CL_STRING_PARAMETER, HandleStringParameter},
-        {'t', "string2", CL_STRING_PARAMETER, HandleStringParameter},
-        {'u', "string3", CL_STRING_PARAMETER, HandleStringParameter},
-        {'i', "integer1", CL_INTEGER_PARAMETER, HandleIntegerParameter},
-        {'j', "integer2", CL_INTEGER_PARAMETER, HandleIntegerParameter},
-        {'k', "integer3", CL_INTEGER_PARAMETER, HandleIntegerParameter},
-        {'n', "noparameter1", CL_NO_PARAMETER, HandleNoParameter},
-        {'o', "noparameter2", CL_NO_PARAMETER, HandleNoParameter},
-        {'p', "noparameter3", CL_NO_PARAMETER, HandleNoParameter},
-        {0, 0, 0, 0}
-    }
-};
-
-VOID
-_Test_VmDirParseArgumentsWithInvalidEnumValueFails(
-    VOID)
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-s"};
-    static VMDIR_COMMAND_LINE_OPTIONS Options =
-    {
-        ShowUsage,
-        PostValidateParameters,
-        {
-            {'s', NULL, 0xFFFFFFFF, HandleStringParameter}
-        }
-    };
-
-    dwError = VmDirParseArguments(&Options, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArgumentsWithNullLongFlagDoesntCrash(
-    VOID)
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--invalid"};
-    static VMDIR_COMMAND_LINE_OPTIONS Options =
-    {
-        ShowUsage,
-        PostValidateParameters,
-        {
-            {'s', NULL, CL_STRING_PARAMETER, HandleStringParameter},
-        }
-    };
-
-    dwError = VmDirParseArguments(&Options, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArgumentsWithEmptyLongFlagDoesntCrash(
-    VOID)
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--invalid"};
-    static VMDIR_COMMAND_LINE_OPTIONS Options =
-    {
-        ShowUsage,
-        PostValidateParameters,
-        {
-            {'s', "", CL_STRING_PARAMETER, HandleStringParameter},
-        }
-    };
-
-    dwError = VmDirParseArguments(&Options, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_StringParameterWithNoParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-s"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_IntegerParameterWithNoParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-i"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, 2, argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_IntegerParameterWithStringParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-i", "hello"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_NoParameterWithParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-n", "extraparameter"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_ShortStringParameterWithStringParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-s", "hello"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(Parameters.pszString, "hello") == 0);
-}
-
-VOID
-_Test_VmDirParseArguments_ShortIntegerParameterWithIntegerParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-i", "42"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwInteger = 42);
-}
-
-VOID
-_Test_VmDirParseArguments_ShortNoParameterWithNoParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.bTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_LongStringParameterWithStringParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--string1", "hello, world!"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(Parameters.pszString, "hello, world!") == 0);
-}
-
-VOID
-_Test_VmDirParseArguments_LongIntegerParameterWithIntegerParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--integer1", "-37"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwInteger == (DWORD)-37);
-}
-
-VOID
-_Test_VmDirParseArguments_LongNoParameterWithNoParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.bTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_InvalidParametersShowUsageShouldBeCalled(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--invalid-parameter"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-    ASSERT(Parameters.bShowUsageTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalled(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.bPostValidationCallbackTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalledAndShowUsage(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--noparameter1"};
-
-    Parameters.bReturnFailure = TRUE;
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-    ASSERT(Parameters.bPostValidationCallbackTriggered);
-    ASSERT(Parameters.bShowUsageTriggered);
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-u", "string3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 3);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--string3", "string3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 3);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-n", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-n", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-n", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-k", "3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 3);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--integer3", "3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 3);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-n", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-n", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-n", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-s", "string1", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-s", "string1", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-s", "string1", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-i", "1", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-i", "1", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-i", "1", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-o", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-o", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-o", "-p"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 3);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--noparameter3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 3);
-
-}
-
-VOID
-TestVmDirParseArguments(
-    VOID
-    )
-{
-    printf("Testing VmDirParseArguments ...\n");
-
-    _Test_VmDirParseArgumentsWithInvalidEnumValueFails();
-    _Test_VmDirParseArgumentsWithNullLongFlagDoesntCrash();
-    _Test_VmDirParseArgumentsWithEmptyLongFlagDoesntCrash();
-
-    _Test_VmDirParseArguments_StringParameterWithNoParameterShouldFail();
-    _Test_VmDirParseArguments_IntegerParameterWithNoParameterShouldFail();
-    _Test_VmDirParseArguments_IntegerParameterWithStringParameterShouldFail();
-    _Test_VmDirParseArguments_NoParameterWithParameterShouldFail();
-    _Test_VmDirParseArguments_ShortStringParameterWithStringParameterShouldSucceed();
-    _Test_VmDirParseArguments_ShortIntegerParameterWithIntegerParameterShouldSucceed();
-    _Test_VmDirParseArguments_ShortNoParameterWithNoParameterShouldSucceed();
-    _Test_VmDirParseArguments_LongStringParameterWithStringParameterShouldSucceed();
-    _Test_VmDirParseArguments_LongIntegerParameterWithIntegerParameterShouldSucceed();
-    _Test_VmDirParseArguments_LongNoParameterWithNoParameterShouldSucceed();
-
-    _Test_VmDirParseArguments_InvalidParametersShowUsageShouldBeCalled();
-    _Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalled();
-    _Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalledAndShowUsage();
-
-    _Test_VmDirParseArgumentsLongStringStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneNoneNoneWithValidParametersShouldSucceed();
-}
diff --git a/lwraft/tools/test/parseargs/prototypes.h b/lwraft/tools/test/parseargs/prototypes.h
deleted file mode 100644
index 135cd2311..000000000
--- a/lwraft/tools/test/parseargs/prototypes.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-VOID
-TestVmDirParseArguments(
-    VOID
-    );
diff --git a/lwraft/tools/test/registry/Makefile.am b/lwraft/tools/test/registry/Makefile.am
deleted file mode 100644
index 1aa700877..000000000
--- a/lwraft/tools/test/registry/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-bin_PROGRAMS = registrytest
-
-registrytest_SOURCES = \
-    main.c
-
-registrytest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-registrytest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-registrytest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/test/registry/includes.h b/lwraft/tools/test/registry/includes.h
deleted file mode 100644
index d5cbf5cc1..000000000
--- a/lwraft/tools/test/registry/includes.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
diff --git a/lwraft/tools/test/registry/main.c b/lwraft/tools/test/registry/main.c
deleted file mode 100644
index 2b379040d..000000000
--- a/lwraft/tools/test/registry/main.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
-
-void TestDwordRoundTrip()
-{
-    DWORD dwTestValue = 0;
-    DWORD dwComparisonValue = 0;
-    DWORD dwError = 0;
-
-    printf("TestDwordRoundTrip() ...\n");
-
-    dwTestValue = 42;
-    dwError = VmDirSetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestValue", dwTestValue);
-    ASSERT(dwError == 0);
-
-    dwError = VmDirGetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestValue", &dwComparisonValue, 0);
-    ASSERT(dwError == 0);
-
-    ASSERT(dwTestValue == dwComparisonValue);
-}
-
-void TestDwordDefaultValue()
-{
-    DWORD dwTestValue = 0;
-    DWORD dwComparisonValue = 0;
-    DWORD dwError = 0;
-
-    printf("TestDwordDefaultValue() ...\n");
-
-    dwTestValue = 42;
-    dwError = VmDirGetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestValueDoesNotExist", &dwComparisonValue, dwTestValue);
-    ASSERT(dwError != 0);
-
-    ASSERT(dwTestValue == dwComparisonValue);
-}
-
-void TestMaxDwordValueRoundTrip()
-{
-    DWORD dwTestValue = 0;
-    DWORD dwComparisonValue = 0;
-    DWORD dwError = 0;
-
-    printf("TestMaxDwordValueRoundTrip() ...\n");
-
-    dwTestValue = 0xFFFFFFFF; // Biggest possible DWORD
-    dwError = VmDirSetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestMaxValue", dwTestValue);
-    ASSERT(dwError == 0);
-
-    VmDirGetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestMaxValue", &dwComparisonValue, 0);
-    ASSERT(dwError == 0);
-
-    ASSERT(dwTestValue == dwComparisonValue);
-}
-
-
-int
-main(int argc, char* argv[])
-{
-    TestDwordRoundTrip();
-    TestDwordDefaultValue();
-    TestMaxDwordValueRoundTrip();
-
-    return 0;
-}
diff --git a/lwraft/tools/test/string/Makefile.am b/lwraft/tools/test/string/Makefile.am
deleted file mode 100644
index f6409ffc7..000000000
--- a/lwraft/tools/test/string/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = stringtest
-
-stringtest_SOURCES = \
-    VmDirAllocateStringOfLenA.c \
-    VmDirAllocateStringA.c \
-    stringlist.c    \
-    main.c
-
-stringtest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-stringtest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-stringtest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/test/string/VmDirAllocateStringA.c b/lwraft/tools/test/string/VmDirAllocateStringA.c
deleted file mode 100644
index 4f1909df0..000000000
--- a/lwraft/tools/test/string/VmDirAllocateStringA.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-VOID
-_Test_VmdirAllocateStringA_NullSourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = (PSTR)0xDEADBEEF;
-
-    dwError = VmDirAllocateStringA(NULL, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(pszString == NULL);
-}
-
-VOID
-_Test_VmdirAllocateStringA_EmptySourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringA("", &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(*pszString == '\0');
-}
-
-VOID
-_Test_VmdirAllocateStringA_NullDestinationString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirAllocateStringA("test", NULL);
-    ASSERT(dwError == 0);
-}
-
-VOID
-_Test_VmdirAllocateStringA_CallShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringA("Hello, world!", &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(pszString, "Hello, world!") == 0);
-}
-
-
-VOID
-TestVmDirAllocateStringA(
-    VOID
-    )
-{
-    printf("Testing VmDirAllocateStringA ...\n");
-    _Test_VmdirAllocateStringA_NullSourceString();
-    _Test_VmdirAllocateStringA_EmptySourceString();
-    _Test_VmdirAllocateStringA_NullDestinationString();
-    _Test_VmdirAllocateStringA_CallShouldSucceed();
-}
diff --git a/lwraft/tools/test/string/VmDirAllocateStringOfLenA.c b/lwraft/tools/test/string/VmDirAllocateStringOfLenA.c
deleted file mode 100644
index 732add5b6..000000000
--- a/lwraft/tools/test/string/VmDirAllocateStringOfLenA.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-VOID
-_Test_VmdirAllocateStringOfLenA_NullSourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = (PSTR)0xDEADBEEF;
-
-    dwError = VmDirAllocateStringOfLenA(NULL, 0, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(pszString == NULL);
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_EmptySourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringOfLenA("", 0, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(*pszString == '\0');
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_NullDestinationString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirAllocateStringOfLenA("test", 2, NULL);
-    ASSERT(dwError == 0);
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_TooManyCharactersRequestedShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringOfLenA("Hello, world!", 20, &pszString);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_CallShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringOfLenA("Hello, world!", 5, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(pszString, "Hello") == 0);
-}
-
-
-VOID
-TestVmDirAllocateStringOfLenA(
-    VOID
-    )
-{
-    printf("Testing VmDirAllocateStringOfLenA ...\n");
-    _Test_VmdirAllocateStringOfLenA_NullSourceString();
-    _Test_VmdirAllocateStringOfLenA_EmptySourceString();
-    _Test_VmdirAllocateStringOfLenA_NullDestinationString();
-    _Test_VmdirAllocateStringOfLenA_TooManyCharactersRequestedShouldFail();
-    _Test_VmdirAllocateStringOfLenA_CallShouldSucceed();
-}
diff --git a/lwraft/tools/test/string/defines.h b/lwraft/tools/test/string/defines.h
deleted file mode 100644
index 11c78754c..000000000
--- a/lwraft/tools/test/string/defines.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
diff --git a/lwraft/tools/test/string/includes.h b/lwraft/tools/test/string/includes.h
deleted file mode 100644
index 67384d2a7..000000000
--- a/lwraft/tools/test/string/includes.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
-#include "defines.h"
-#include "prototypes.h"
diff --git a/lwraft/tools/test/string/main.c b/lwraft/tools/test/string/main.c
deleted file mode 100644
index b22145d89..000000000
--- a/lwraft/tools/test/string/main.c
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-int
-main(int argc, char* argv[])
-{
-    TestVmDirAllocateStringA();
-    TestVmDirAllocateStringOfLenA();
-    TestVmDirStringList();
-
-    return 0;
-}
diff --git a/lwraft/tools/test/string/prototypes.h b/lwraft/tools/test/string/prototypes.h
deleted file mode 100644
index 24b888782..000000000
--- a/lwraft/tools/test/string/prototypes.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-VOID
-TestVmDirAllocateStringOfLenA(
-    VOID
-    );
-
-VOID
-TestVmDirAllocateStringA(
-    VOID
-    );
-
-VOID
-TestVmDirStringList(
-    VOID
-    );
diff --git a/lwraft/tools/test/string/stringlist.c b/lwraft/tools/test/string/stringlist.c
deleted file mode 100644
index 182287378..000000000
--- a/lwraft/tools/test/string/stringlist.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-#include "includes.h"
-
-PSTR GenerateString(
-    VOID
-    )
-{
-    static DWORD i = 0;
-    PSTR pszString = NULL;
-    DWORD dwError = 0;
-
-    //
-    // This is a unit test so we assume that the allocation succeeds.
-    //
-    dwError = VmDirAllocateStringAVsnprintf(
-                &pszString,
-                "Test String #%d",
-                i++);
-    ASSERT(dwError == 0);
-
-    return pszString;
-}
-
-VOID
-TestStringListInitialization(
-    PVMDIR_STRING_LIST *ppStringList
-    )
-{
-    PVMDIR_STRING_LIST pStringList;
-    DWORD dwError = 0;
-
-    dwError = VmDirStringListInitialize(&pStringList, 10);
-    ASSERT(dwError == 0);
-    ASSERT(pStringList != NULL);
-    ASSERT(pStringList->dwCount == 0);
-    ASSERT(pStringList->dwSize == 10);
-
-    *ppStringList = pStringList;
-}
-
-VOID
-TestStringListInitializationCountTooBig(
-    VOID
-    )
-{
-    PVMDIR_STRING_LIST pStringList = NULL;
-    DWORD dwError = 0;
-
-    dwError = VmDirStringListInitialize(&pStringList, 0xFFFFFFFF);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-    ASSERT(pStringList == NULL);
-}
-
-VOID
-TestStringListAdd(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-    PCSTR pszString = GenerateString();
-
-    dwError = VmDirStringListAdd(pStringList, pszString);
-    ASSERT(dwError == 0);
-    ASSERT(VmDirStringListContains(pStringList, pszString));
-}
-
-VOID
-TestStringListAddWithReallocation(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    UINT i = 0;
-    DWORD dwMaxSize = 0;
-    DWORD dwError = 0;
-
-    dwMaxSize = pStringList->dwSize + 5;
-    for (i = pStringList->dwCount; i < dwMaxSize; ++i)
-    {
-        dwError = VmDirStringListAdd(
-                    pStringList,
-                    GenerateString());
-        ASSERT(dwError == 0);
-    }
-
-    ASSERT(pStringList->dwSize > pStringList->dwCount);
-    ASSERT(pStringList->dwSize > dwMaxSize);
-    ASSERT(pStringList->dwCount >= dwMaxSize);
-}
-
-VOID
-TestStringListAddLayout(
-    VOID
-    )
-{
-    PSTR ppszStrings[5];
-    DWORD dwError = 0;
-    DWORD i = 0;
-    PVMDIR_STRING_LIST pStringList;
-
-    dwError = VmDirStringListInitialize(&pStringList, 10);
-    ASSERT(dwError == 0);
-
-    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
-    {
-        ppszStrings[i] = GenerateString();
-        dwError = VmDirStringListAdd(pStringList, ppszStrings[i]);
-        ASSERT(dwError == 0);
-    }
-
-    ASSERT(pStringList->dwCount == VMDIR_ARRAY_SIZE(ppszStrings));
-
-    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
-    {
-        ASSERT(pStringList->pStringList[i] == ppszStrings[i]);
-    }
-
-    VmDirStringListFree(pStringList);
-}
-
-VOID
-TestStringListRemoveShouldSucceed(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-    PCSTR pszString = GenerateString();
-    DWORD dwCount = 0;
-
-    VmDirStringListAdd(pStringList, pszString);
-    ASSERT(dwError == 0);
-    ASSERT(VmDirStringListContains(pStringList, pszString));
-    dwCount = pStringList->dwCount;
-
-    dwError = VmDirStringListRemove(pStringList, pszString);
-    ASSERT(dwError == 0);
-    ASSERT(!VmDirStringListContains(pStringList, pszString));
-    ASSERT(dwCount == pStringList->dwCount + 1);
-}
-
-VOID
-TestStringListRemoveShouldHaveCorrectLayout(
-    VOID)
-{
-    PCSTR ppszStrings[] = {
-        "Test 1",
-        "Test 2",
-        "Test 3",
-        "Test 4",
-        "Test 5"
-    };
-    PVMDIR_STRING_LIST pStringList = NULL;
-    DWORD dwError = 0;
-    DWORD i = 0;
-
-    dwError = VmDirStringListInitialize(&pStringList, 10);
-    ASSERT(dwError == 0);
-
-    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
-    {
-        dwError = VmDirStringListAdd(pStringList, ppszStrings[i]);
-        ASSERT(dwError == 0);
-    }
-
-    dwError = VmDirStringListRemove(pStringList, ppszStrings[2]);
-    ASSERT(dwError == 0);
-    ASSERT(pStringList->dwCount == VMDIR_ARRAY_SIZE(ppszStrings) - 1);
-    ASSERT(pStringList->pStringList[0] == ppszStrings[0]);
-    ASSERT(pStringList->pStringList[1] == ppszStrings[1]);
-    ASSERT(pStringList->pStringList[2] == ppszStrings[3]);
-    ASSERT(pStringList->pStringList[3] == ppszStrings[4]);
-}
-
-VOID
-TestStringListRemoveShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = GenerateString();
-
-    dwError = VmDirStringListRemove(pStringList, pszString);
-    ASSERT(dwError == VMDIR_ERROR_NOT_FOUND);
-    ASSERT(!VmDirStringListContains(pStringList, pszString));
-}
-
-VOID
-TestStringListRemoveNullShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirStringListRemove(pStringList, NULL);
-    ASSERT(dwError == VMDIR_ERROR_NOT_FOUND);
-    ASSERT(!VmDirStringListContains(pStringList, NULL));
-}
-
-VOID
-TestStringListContainsNullShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    ASSERT(!VmDirStringListContains(pStringList, NULL));
-}
-
-VOID
-TestStringListContainsShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    ASSERT(!VmDirStringListContains(pStringList, GenerateString()));
-}
-
-VOID
-TestStringListFree(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    VmDirStringListFree(pStringList);
-}
-
-VOID
-TestStringListFreeWithNull(
-    VOID
-    )
-{
-    VmDirStringListFree(NULL);
-}
-
-VOID TestVmDirStringList(
-    VOID
-    )
-{
-    PVMDIR_STRING_LIST pStringList;
-
-    printf("Testing VmDirStringList code ...\n");
-    TestStringListInitialization(&pStringList);
-    TestStringListInitializationCountTooBig();
-    TestStringListAdd(pStringList);
-    TestStringListAddWithReallocation(pStringList);
-    TestStringListAddLayout();
-    TestStringListRemoveShouldSucceed(pStringList);
-    TestStringListRemoveShouldHaveCorrectLayout();
-    TestStringListRemoveShouldFail(pStringList);
-    TestStringListRemoveNullShouldFail(pStringList);
-    TestStringListContainsNullShouldFail(pStringList);
-    TestStringListContainsShouldFail(pStringList);
-    TestStringListFree(pStringList);
-    TestStringListFreeWithNull();
-}
diff --git a/lwraft/tools/test/vmdirclienttest/Makefile.am b/lwraft/tools/test/vmdirclienttest/Makefile.am
deleted file mode 100644
index 1ddbd483b..000000000
--- a/lwraft/tools/test/vmdirclienttest/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-bin_PROGRAMS = lwraftclienttest
-
-lwraftclienttest_SOURCES = \
-    main.c \
-    saslclient.c
-
-lwraftclienttest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
-    @DCERPC_INCLUDES@ \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-lwraftclienttest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    @DCERPC_LIBS@ \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @SASL_LIBS@ \
-    @LDAP_LIBS@
-
-lwraftclienttest_LDFLAGS = \
-    @DCERPC_LDFLAGS@ \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/test/vmdirclienttest/defines.h b/lwraft/tools/test/vmdirclienttest/defines.h
deleted file mode 100644
index 31b6d2923..000000000
--- a/lwraft/tools/test/vmdirclienttest/defines.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#ifndef _VMDIR_CLIENT_TEST_DEFINES_H_
-#define _VMDIR_CLIENT_TEST_DEFINES_H_
-#endif
diff --git a/lwraft/tools/test/vmdirclienttest/includes.h b/lwraft/tools/test/vmdirclienttest/includes.h
deleted file mode 100644
index a8736eef4..000000000
--- a/lwraft/tools/test/vmdirclienttest/includes.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vmdirclienttest
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vmdirclienttest main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <vmdirerrors.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap.h"
-#include "lutil_ldap.h"
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <vmdirerrors.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#include "banned.h"
-
-#endif
diff --git a/lwraft/tools/test/vmdirclienttest/main.c b/lwraft/tools/test/vmdirclienttest/main.c
deleted file mode 100644
index 0440e952b..000000000
--- a/lwraft/tools/test/vmdirclienttest/main.c
+++ /dev/null
@@ -1,1235 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-/* Example of why you don't call public APIs internally */
-ULONG
-VmDirCreateBindingHandleA(
-    PCSTR      pszNetworkAddress,
-    PCSTR      pszNetworkEndpoint,
-    handle_t   *ppBinding
-    );
-
-DWORD
-TestVmDirLdapGetResults(
-    LDAP    *pLd,
-    int      msgid,
-    uint64_t startTime,
-    BOOLEAN  displayTimeTaken
-    );
-
-static
-DWORD
-_TestVmDirCreateThread(
-    VmDirStartRoutine* pStartRoutine,
-    DWORD startVal,
-    PVMDIR_THREAD *ppTID
-    );
-
-#define SIZE_256    256
-
-#if 0
-static void _PrintKrbKey(PBYTE pMasterKey, DWORD dwLen)
-{
-    DWORD i=0;
-    printf("\nkey size =  %d\n",dwLen);
-    for (i=0; i<dwLen; i++)
-    {
-        printf("%02x", pMasterKey[i]);
-        if ((i+1) % 32 == 0)
-        {
-            printf("\n");
-        }
-    }
-    printf("\n");
-}
-#endif
-
-#if 0
-void TestVmDirGetKrbMasterKey()
-{
-    char        pszDomainName[SIZE_256] = {0};
-    DWORD       dwError = 0;
-    PBYTE       pLocalByte = NULL;
-    DWORD       dwSize = 0;
-
-    printf( "  Kerberos realm name:");
-    scanf("%s", pszDomainName);
-
-    dwError = VmDirGetKrbMasterKey(
-        pszDomainName,
-        &pLocalByte,
-        &dwSize
-        );
-
-    printf("TestRpcVmDirGetKrbMasterKey returns %d\n",dwError);
-
-    if (dwError == 0 )
-    {
-        _PrintKrbKey(pLocalByte, dwSize);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY( pLocalByte );
-}
-#endif
-
-#if 0
-void TestVmDirGetKrbUPNKey()
-{
-    char        pszUpnName[SIZE_256] = {0};
-    DWORD       dwError = 0;
-    PBYTE       pLocalByte = NULL;
-    DWORD       dwSize = 0;
-
-    printf( "  UserPrincipalName:");
-    scanf("%s", pszUpnName);
-
-    dwError = VmDirGetKrbUPNKey(
-        pszUpnName,
-        &pLocalByte,
-        &dwSize
-        );
-    printf("TestRpcVmDirGetKrbUPNKey returns %d\n",dwError);
-
-    if (dwError == 0)
-    {
-        _PrintKrbKey(pLocalByte, dwSize);
-    }
-
-    printf("\n");
-    VMDIR_SAFE_FREE_MEMORY( pLocalByte );
-}
-#endif
-
-void
-TestVmDirForceResetPassword(
-    VOID
-    )
-{
-    char        pszDN[SIZE_256] = {0};
-    DWORD       dwError = 0;
-    PBYTE       pLocalByte = NULL;
-    DWORD       dwByteSize = 0;
-
-    printf( "  Account DN: ");
-    scanf("%s", pszDN);
-
-    dwError = VmDirForceResetPassword( pszDN, &pLocalByte, &dwByteSize );
-
-    printf("TestRpcVmDirForceResetPassword returns %d\n",dwError);
-
-    if (dwError == 0)
-    {
-        DWORD dwCnt = 0;
-        printf("Pasword reset to:");
-        for (dwCnt=0; dwCnt<dwByteSize; dwCnt++)
-        {
-            printf("%c", pLocalByte[dwCnt]);
-        }
-        printf("\n");
-    }
-
-    printf("\n");
-    VMDIR_SAFE_FREE_MEMORY( pLocalByte );
-}
-
-void
-TestVmDirSetLogParameters(
-    VOID
-    )
-{
-    DWORD       dwError = 0;
-    char        pszLogLevel[SIZE_256] = {0};
-    int         iMask = 0;
-
-    printf( "  Log level (ERROR|WARNING|INFO|VERBOSE|DEBUG):");
-    scanf("%s", pszLogLevel);
-    printf( "  Log mask :");
-    scanf("%d", &iMask);
-
-    dwError = VmDirSetLogLevel(pszLogLevel);
-    if (dwError)
-    {
-        printf( "VmDirSetLogLevel failed (%u)", dwError);
-    }
-
-    dwError = VmDirSetLogMask(iMask);
-    if (dwError)
-    {
-        printf( "VmDirSetLogMask failed (%u)", dwError);
-    }
-}
-
-void TestVmDirCreateUser()
-{
-    char        pszUserName[SIZE_256] = {0};
-    char        pszPassword[SIZE_256] = {0};
-    char        pszUPNName[SIZE_256] = {0};
-    DWORD       dwError = 0;
-
-    printf( "  User account:");
-    scanf("%s", pszUserName);
-    printf( "  User password:");
-    scanf("%s", pszPassword);
-    printf( "  UPN name:");
-    scanf("%s", pszUPNName);
-
-    dwError = VmDirCreateUser(
-        pszUserName,
-        pszPassword,
-        pszUPNName,
-        FALSE
-        );
-    printf("TestRpcVmDirCreateUser returns %d\n",dwError);
-}
-
-void TestVmDirCreateUserEx()
-{
-    DWORD  dwError = 0;
-    char   szAdmin[] = "Administrator";
-    char   szDomain[] = "vsphere.local";
-    char   szServer[SIZE_256] = {0};
-    char   szAdminPassword[SIZE_256] = {0};
-    char   szUserName[SIZE_256] = {0};
-    char   szAccount[SIZE_256] = {0};
-    char   szFirstname[SIZE_256] = {0};
-    char   szLastname[SIZE_256] = {0};
-    char   szUPNName[SIZE_256] = {0};
-    char   szPassword[SIZE_256] = {0};
-    PVMDIR_SERVER_CONTEXT pVmDirCtx = NULL;
-    VMDIR_USER_CREATE_PARAMS_A createParams = {0};
-
-    printf("DC:");
-    scanf("%s", szServer);
-    printf("Password (%s@%s):", szAdmin, szDomain);
-    scanf("%s", szAdminPassword);
-    printf("First name:");
-    scanf("%s", szFirstname);
-    printf("Last name:");
-    scanf("%s", szLastname);
-    printf("Account name:");
-    scanf("%s", szAccount);
-    printf("Common name:");
-    scanf("%s", szUserName);
-    printf("Password:");
-    scanf("%s", szPassword);
-
-    dwError = VmDirOpenServerA(
-                   IsNullOrEmptyString(szServer) ? "localhost" : szServer,
-                   szAdmin,
-                   szDomain,
-                   szAdminPassword,
-                   0,
-                   NULL,
-                   &pVmDirCtx);
-    BAIL_ON_VMDIR_ERROR(dwError);  
-
-    createParams.pszName = &szUserName[0];
-    createParams.pszAccount = &szAccount[0];
-    createParams.pszFirstname = &szFirstname[0];
-    createParams.pszLastname = &szLastname[0];
-    createParams.pszUPN      = szUPNName;
-    createParams.pszPassword = &szPassword[0];
-
-    dwError = VmDirCreateUserA(
-                   pVmDirCtx,
-                   &createParams);
-    BAIL_ON_VMDIR_ERROR(dwError);  
-
-error:
-
-    printf("TestRpcVmDirCreateUserEx returns %d\n",dwError);
-
-    if (pVmDirCtx)
-    {
-        VmDirCloseServer(pVmDirCtx);
-    }
-}
-
-void
-TestVmDirDBFileTransfer()
-{
-    printf("TestVmDirDBFileTransfer is not implemented yet.\n");
-}
-
-void
-TestVmDirReplNow()
-{
-
-    DWORD       dwError = 0;
-    char        pszServerName[VMDIR_MAX_HOSTNAME_LEN];
-    PSTR        pszLocalErrorMsg = NULL;
-
-    printf("Enter partner hostname: ");
-    scanf("%s", pszServerName);
-
-    dwError = VmDirReplNow( pszServerName );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                "TestVmDirReplNow: VmDirReplNow() call failed with error: %d", dwError  );
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
-    return;
-
-error:
-    printf( "%s\n", pszLocalErrorMsg ? pszLocalErrorMsg : "Hmmm ... no local error message."  );
-    goto cleanup;
-}
-
-/*  StrongConsistentWrite - create a test client capable of sending writes with control*/
-int
-TestVmDirCreateConsistentWriteControl(
-    LDAPControl **ppCtrl
-    )
-{
-   /* criticality of the control is false */
-   return ldap_control_create(LDAP_CONTROL_CONSISTENT_WRITE, 0, NULL, 0, ppCtrl);
-}
-
-DWORD
-TestVmDirGenerateNewUserAttributes(
-    PSTR    newDN,
-    PSTR    newSN,
-    PSTR    newCN,
-    DWORD   value
-    )
-{
-    char  *pPartialDN = ",cn=users,dc=vsphere,dc=local";
-    char  *pUser = "cn=newuser";
-    PSTR   pUserCount = NULL;
-    size_t newsize = 0;
-    DWORD  dwError = 0;
-
-    VmDirAllocateStringAVsnprintf(&pUserCount, "%d", value);
-
-    dwError = VmDirStringCpyA(newDN, VmDirStringLenA(pUser)+1, pUser);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    newsize = SIZE_256 - VmDirStringLenA(newDN);
-    dwError = VmDirStringCatA(newDN, newsize, pUserCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (newSN != NULL)
-    {
-        //generateSN
-        dwError = VmDirStringCpyA(newSN, VmDirStringLenA(newDN)+1, newDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (newCN != NULL)
-    {
-        //generateCN
-        dwError = VmDirStringCpyA(newCN, VmDirStringLenA(newDN)+1, newDN);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    //generateDN
-    newsize = SIZE_256 - VmDirStringLenA(newDN);
-    dwError = VmDirStringCatA(newDN, newsize, pPartialDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pUserCount);
-    return dwError;
-
-error:
-   printf(" \n TestVmDirGenerateNewUserDn failed. (%d)\n", dwError);
-   goto cleanup;
-}
-
-DWORD
-TestVmDirGenerateModifyCN(
-    PSTR   newCN,
-    DWORD  value
-    )
-{
-    PSTR   pUserCount = NULL;
-    char   *pUser = "newuser_";
-    DWORD  dwError = 0;
-    size_t newsize = 0;
-
-    VmDirAllocateStringAVsnprintf(&pUserCount, "%d", value);
-
-    dwError = VmDirStringCpyA(newCN, VmDirStringLenA(pUser)+1, pUser);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    newsize = SIZE_256 - VmDirStringLenA(newCN);
-    dwError = VmDirStringCatA(newCN, newsize, pUserCount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pUserCount);
-    return dwError;
-
-error:
-   printf(" \n TestVmDirGenerateModifyCN failed. (%d)\n", dwError);
-   goto cleanup;
-}
-
-VOID
-TestVmDirGetResults(
-    LDAP       *pLd,
-    int        *pMessageid,
-    DWORD       count,
-    uint64_t   *pStartTime,
-    BOOLEAN     displayTime
-    )
-{
-    DWORD  iter = 0;
-    DWORD  dwError = 0;
-
-    for (iter = 0; iter < count; iter++)
-    {
-        dwError = TestVmDirLdapGetResults(pLd, pMessageid[iter], pStartTime[iter], displayTime);
-        if (dwError != 0)
-        {
-            printf("\n messageid: %d failed", pMessageid[iter]);
-        }
-    }
-}
-
-VOID
-TestVmDirCreateUserWithControls(
-    DWORD  usrCount,
-    DWORD  startVal,
-    BOOLEAN displayTime
-    )
-{
-   int     msgid = 0;
-   char    pszServerHost[SIZE_256] = {0};
-   char    newdn[SIZE_256] = {0};
-   char    adminUPN[SIZE_256] = {0};
-   char    pwd[SIZE_256] = {0};
-   char    cn_value[SIZE_256] = {0};
-   char    sn_value[SIZE_256] = {0};
-   DWORD   dwError = 0;
-   DWORD   value = 0;
-   DWORD   count = 0;
-   int     messageid[SIZE_256] = {0};
-   LDAP    *pLd = NULL;
-   LDAPMod attribute = {0};
-   LDAPMod attribute1 = {0};
-   LDAPMod attribute2 = {0};
-   char    *pCn_values[2] = { NULL,
-                              NULL };
-   char    *pObjectclass_values[] = { "top",
-                                      "person",
-                                      "organizationalPerson",
-                                      "user",
-                                      NULL };
-   char    *pSn_values[2] = { NULL,
-                              NULL };
-   LDAPMod *pAttributes[4] = { &attribute,
-                               &attribute1,
-                               &attribute2,
-                               NULL };
-   LDAPControl *pCtrl = NULL;
-   LDAPControl *pSrvctrl[2] = { NULL,
-                                NULL };
-   uint64_t  startTime[SIZE_256] = {0};
-
-   if (usrCount == 0)
-   {
-       printf("\n hostname: (example: hostname or Ip addr): ");
-       scanf("%s",pszServerHost);
-       printf("\n admin UPN (example: Administrator@vsphere.local): ");
-       scanf("%s",adminUPN);
-       printf("\n password: ");
-       scanf("%s",pwd);
-       printf("\n new  dn (example: cn=newuser,cn=users,dc=vsphere,dc=local): ");
-       scanf("%s",newdn);
-       printf("\n sn value (example: newuser) ");
-       scanf("%s",sn_value);
-       printf("\n cn value (example: newuser) ");
-       scanf("%s",cn_value);
-
-       if (IsNullOrEmptyString(pszServerHost) ||
-           IsNullOrEmptyString(adminUPN) ||
-           IsNullOrEmptyString(pwd) ||
-           IsNullOrEmptyString(newdn) ||
-           IsNullOrEmptyString(sn_value) ||
-           IsNullOrEmptyString(cn_value))
-       {
-           printf("\n Invalid input parameter, empty or null string found ");
-           return;
-       }
-   }
-   else
-   {
-       dwError = VmDirStringCpyA(pszServerHost, VmDirStringLenA("localhost")+1, "localhost");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(adminUPN, VmDirStringLenA("Administrator@vsphere.local")+1, "Administrator@vsphere.local");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(pwd, VmDirStringLenA("Admin!23")+1, "Admin!23");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       value = startVal;
-       dwError = TestVmDirGenerateNewUserAttributes(newdn, sn_value, cn_value, value);
-       BAIL_ON_VMDIR_ERROR(dwError);
-   }
-
-   dwError = VmDirSafeLDAPBind(&pLd, pszServerHost, adminUPN, pwd);
-   BAIL_ON_VMDIR_ERROR(dwError);
-
-   dwError = TestVmDirCreateConsistentWriteControl(&pCtrl);
-   if (dwError != LDAP_SUCCESS  || pCtrl == NULL)
-   {
-       printf("\n not able to create control !!");
-       BAIL_ON_VMDIR_ERROR(dwError);
-   }
-   pSrvctrl[0] = pCtrl;
-
-   do
-   {
-       pSn_values[0] = sn_value;
-       pCn_values[0] = cn_value;
-
-       attribute.mod_op = LDAP_MOD_ADD;
-       attribute.mod_type = ATTR_CN;
-       attribute.mod_values = pCn_values;
-
-       attribute1.mod_op = LDAP_MOD_ADD;
-       attribute1.mod_type = ATTR_OBJECT_CLASS;
-       attribute1.mod_values = pObjectclass_values;
-
-       attribute2.mod_op = LDAP_MOD_ADD;
-       attribute2.mod_type = ATTR_SN;
-       attribute2.mod_values = pSn_values;
-
-       startTime[count] = VmDirGetTimeInMilliSec();
-       dwError = ldap_add_ext(pLd, newdn, pAttributes, pSrvctrl, NULL, &msgid);
-       BAIL_ON_VMDIR_ERROR(dwError);
-       printf("\n\n ldap_add_ext to add the new entry: %s corresponding messageid: %d", newdn, msgid);
-
-       value++;
-       dwError = TestVmDirGenerateNewUserAttributes(newdn, sn_value, cn_value, value);
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       messageid[count] = msgid;
-       count++;
-   }while (count < usrCount);
-
-   TestVmDirGetResults(pLd, messageid, count, startTime, displayTime);
-
-cleanup:
-
-   if (pLd)
-   {
-      dwError = ldap_unbind_ext_s(pLd, NULL, NULL);
-      BAIL_ON_VMDIR_ERROR(dwError);
-   }
-   return;
-
-error:
-   printf(" \nTestVmDirCreateUserWithControls failed. (%d)\n", dwError);
-   goto cleanup;
-}
-
-DWORD
-TestVmDirLdapGetResults(
-    LDAP    *pLd,
-    int      msgid,
-    uint64_t ldapOpStartTime,
-    BOOLEAN  displayTimeTaken
-    )
-{
-   DWORD            dwError = 0;
-   struct timeval   zerotime = {0};
-   BOOLEAN          completed = FALSE;
-   LDAPMessage      *pResult = NULL;
-   LDAPControl      **ppServerctrls = NULL;
-   int              parse_rc = 0;
-   int              status = 0;
-   BerElement       *ber = NULL;
-   time_t           startTime = time(NULL);
-
-   /* To indicate that client will be taking polling approach */
-   zerotime.tv_sec = zerotime.tv_usec = 0L;
-
-   while (completed == FALSE)
-   {
-      dwError = ldap_result(pLd, msgid, 0 /*all*/, &zerotime, &pResult);
-
-      switch (dwError)
-      {
-         case -1:
-            completed = TRUE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-            break;
-
-         case 0:
-	    if (time(NULL) - startTime > SECONDS_IN_MINUTE * 3)/* time out */
-	    {
-               completed = TRUE;
-               printf("\n TestVmDirLdapGetResults: Not able to obtain result for 3 mins - Timed out ");
-               dwError = -1;
-	       BAIL_ON_VMDIR_ERROR(dwError);
-	    }
-            break;
-
-         default:
-            completed = TRUE;
-
-            if (pResult == NULL)
-            {
-               printf("\n TestVmDirLdapGetResults: pResult is NULL ");
-               dwError = -1;
-	       BAIL_ON_VMDIR_ERROR(dwError);
-            }
-
-            parse_rc = ldap_parse_result(pLd, pResult, &dwError, NULL, NULL, NULL, &ppServerctrls, 1/*freeit*/);
-
-            if (parse_rc != 0)
-            {
-               printf("\n TestVmDirLdapGetResults: ldap_parse_result failed with status: %d ", parse_rc);
-               dwError = parse_rc;
-	       BAIL_ON_VMDIR_ERROR(parse_rc);
-            }
-
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            if (ppServerctrls == NULL || ppServerctrls[0] == NULL)
-            {
-               printf("\n TestVmDirLdapGetResults: Serverctrls is NULL failed to obtain controls ");
-               dwError = -1;
-	       BAIL_ON_VMDIR_ERROR(dwError);
-            }
-
-            if (VmDirStringCompareA(ppServerctrls[0]->ldctl_oid, LDAP_CONTROL_CONSISTENT_WRITE, TRUE) == 0)
-            {
-               ber = ber_init(&ppServerctrls[0]->ldctl_value);
-
-               if (ber == NULL)
-               {
-                  printf("\n TestVmDirLdapGetResults: ber_init failed (returned NULL) ");
-                  dwError = -1;
-	          BAIL_ON_VMDIR_ERROR(dwError);
-               }
-
-               if (ber_scanf(ber, "{i}", &status ) == LBER_ERROR)
-               {
-                  printf("\n TestVmDirLdapGetResults: Not able to read status from berElement ");
-                  dwError = -1;
-	          BAIL_ON_VMDIR_ERROR(dwError);
-               }
-
-               if (displayTimeTaken)
-               {
-	           printf("\n Success - Time taken: %d milliseconds msg-id: %d with status: %d",
-                       (DWORD)(VmDirGetTimeInMilliSec() - ldapOpStartTime), msgid, status);
-               }
-               else
-               {
-	           printf("\n Success - msg-id: %d with status: %d", msgid, status);
-               }
-            }
-            else
-            {
-               printf("\n\n Result: ");
-               printf("\n     control OID does not matches the Strong Consistency Write Control - failure ");
-               printf("\n     Actual control OID: %s Expected control OID: %s ", ppServerctrls[0]->ldctl_oid, LDAP_CONTROL_CONSISTENT_WRITE);
-            }
-      }
-   }
-
-cleanup:
-   if (ppServerctrls && ppServerctrls[0] != NULL)
-   {
-      ldap_controls_free(ppServerctrls);
-   }
-   return dwError;
-
-error:
-   printf("\n TestVmDirLdapGetResults: failed ");
-   goto cleanup;
-}
-
-VOID
-TestVmDirModifyUserWithControls(
-    DWORD  usrCount,
-    DWORD  startVal,
-    BOOLEAN displayTime
-    )
-{
-    int     msgid = 0;
-    char    serverName[SIZE_256] = {0};
-    char    modifydn[SIZE_256] = {0};
-    char    adminUPN[SIZE_256] = {0};
-    char    pwd[SIZE_256] = {0};
-    char    attrName[SIZE_256] = {0};
-    char    newValue[SIZE_256] = {0};
-    DWORD   messageid[SIZE_256] = {0};
-    DWORD   dwError = 0;
-    DWORD   count = 0;
-    DWORD   val = 0;
-    LDAP    *pLd = NULL;
-    char    *pvalues[2] = { newValue,
-                            NULL };
-    LDAPMod attribute = {0};
-    LDAPMod *pAttributes[2] = { &attribute,
-                                NULL };
-    LDAPControl *pCtrl = NULL;
-    LDAPControl *pSrvctrl[2] = { NULL,
-                                 NULL };
-   uint64_t  startTime[SIZE_256] = {0};
-
-
-    if (usrCount == 0)
-    {
-        printf("\n hostname: (example: hostname or Ip addr): ");
-        scanf("%s", serverName);
-        printf("\n admin UPN (example: Administrator@vsphere.local): ");
-        scanf("%s", adminUPN);
-        printf("\n password: ");
-        scanf("%s", pwd);
-        printf("\n modify dn (example: cn=newuser,cn=users,dc=vsphere,dc=local): ");
-        scanf("%s", modifydn);
-        printf("\n attribute name (example: cn) ");
-        scanf("%s", attrName);
-        printf("\n value (example: newuser) ");
-        scanf("%s", newValue);
-
-        if (IsNullOrEmptyString(serverName) ||
-            IsNullOrEmptyString(adminUPN) ||
-            IsNullOrEmptyString(pwd) ||
-            IsNullOrEmptyString(modifydn) ||
-            IsNullOrEmptyString(attrName) ||
-            IsNullOrEmptyString(newValue))
-        {
-            printf("\n Invalid input parameter, empty or null string found ");
-            return;
-        }
-    }
-    else
-    {
-       dwError = VmDirStringCpyA(serverName, VmDirStringLenA("localhost")+1, "localhost");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(adminUPN, VmDirStringLenA("Administrator@vsphere.local")+1, "Administrator@vsphere.local");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(pwd, VmDirStringLenA("Admin!23")+1, "Admin!23");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       val = startVal;
-       dwError = TestVmDirGenerateNewUserAttributes(modifydn, NULL, NULL, val);
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(attrName, VmDirStringLenA("cn")+1, "cn");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = TestVmDirGenerateModifyCN(newValue, val);
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirSafeLDAPBind(&pLd, serverName, adminUPN, pwd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    attribute.mod_op = LDAP_MOD_REPLACE;
-    attribute.mod_type = attrName;
-    attribute.mod_values = pvalues;
-
-    dwError = TestVmDirCreateConsistentWriteControl(&pCtrl);
-    if (dwError != LDAP_SUCCESS  || pCtrl == NULL)
-    {
-       printf("\n not able to create control !!");
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    pSrvctrl[0] = pCtrl;
-
-    do
-    {
-        startTime[count] = VmDirGetTimeInMilliSec();
-        dwError = ldap_modify_ext(pLd, modifydn, pAttributes, pSrvctrl, NULL, &msgid);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        printf("\n\n ldap_modify_ext to modify entry: %s corresponding message id: %d", modifydn, msgid);
-
-        messageid[count] = msgid;
-        count++;
-
-        val++;
-        dwError = TestVmDirGenerateNewUserAttributes(modifydn, NULL, NULL, val);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = TestVmDirGenerateModifyCN(newValue, val);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-    }while (count < usrCount);
-
-    TestVmDirGetResults(pLd, messageid, count, startTime, displayTime);
-
-cleanup:
-    if (pLd)
-    {
-        dwError = ldap_unbind_ext_s(pLd, NULL, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    return;
-
-error:
-    printf(" \nTestVmDirModifyUserWithControls failed. (%d)\n", dwError);
-    goto cleanup;
-}
-
-VOID
-TestVmDirDeleteUserWithControls(
-    DWORD  usrCount,
-    DWORD  startVal,
-    BOOLEAN displayTime
-    )
-{
-    int     msgid = 0;
-    char    serverName[SIZE_256] = {0};
-    char    deleteDN[SIZE_256] = {0};
-    char    adminUPN[SIZE_256] = {0};
-    char    pwd[SIZE_256] = {0};
-    int     messageid[SIZE_256] = {0};
-    DWORD   dwError = 0;
-    DWORD   count = 0;
-    DWORD   value = 0;
-    LDAP    *pLd = NULL;
-    LDAPControl *pCtrl = NULL;
-    LDAPControl *pSrvctrl[2] = { NULL,
-                                 NULL };
-    uint64_t  startTime[SIZE_256] = {0};
-
-    if (usrCount == 0)
-    {
-        printf("\n hostname: (example: hostname or Ip addr): ");
-        scanf("%s", serverName);
-        printf("\n admin UPN (example: Administrator@vsphere.local): ");
-        scanf("%s", adminUPN);
-        printf("\n password: ");
-        scanf("%s", pwd);
-        printf("\n delete dn (example: cn=newuser,cn=users,dc=vsphere,dc=local): ");
-        scanf("%s", deleteDN);
-
-        if (IsNullOrEmptyString(serverName) ||
-            IsNullOrEmptyString(adminUPN) ||
-            IsNullOrEmptyString(pwd) ||
-            IsNullOrEmptyString(deleteDN))
-        {
-            printf("\n Invalid input parameter, empty or null string found ");
-            return;
-        }
-    }
-    else
-    {
-       dwError = VmDirStringCpyA(serverName, VmDirStringLenA("localhost")+1, "localhost");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(adminUPN, VmDirStringLenA("Administrator@vsphere.local")+1, "Administrator@vsphere.local");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       dwError = VmDirStringCpyA(pwd, VmDirStringLenA("Admin!23")+1, "Admin!23");
-       BAIL_ON_VMDIR_ERROR(dwError);
-
-       value = startVal;
-       dwError = TestVmDirGenerateNewUserAttributes(deleteDN, NULL, NULL, value);
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirSafeLDAPBind(&pLd, serverName, adminUPN, pwd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = TestVmDirCreateConsistentWriteControl(&pCtrl);
-    if (dwError != LDAP_SUCCESS  || pCtrl == NULL)
-    {
-       printf("\n not able to create control !!");
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    pSrvctrl[0] = pCtrl;
-
-    do
-    {
-        startTime[count] = VmDirGetTimeInMilliSec();
-        dwError = ldap_delete_ext(pLd, deleteDN, pSrvctrl, NULL, &msgid);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("\n\n ldap_delete_ext to delete entry: %s corresponding messageid: %d", deleteDN, msgid);
-        messageid[count] = msgid;
-        count++;
-
-        value++;
-        dwError = TestVmDirGenerateNewUserAttributes(deleteDN, NULL, NULL, value);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }while (count < usrCount);
-
-    TestVmDirGetResults(pLd, messageid, count, startTime, displayTime);
-
-cleanup:
-    if (pLd)
-    {
-        dwError = ldap_unbind_ext_s(pLd, NULL, NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    return;
-
-error:
-    printf(" \nTestVmDirDeleteUserWithControls failed. (%d)\n", dwError);
-    goto cleanup;
-}
-
-VOID
-TestVmDirStrongConsistencyOperations(
-    VOID
-    )
-{
-    char   operation[SIZE_256] = {0};
-    DWORD  userCount = 0;
-    DWORD  startVal = 0;
-
-    printf("\n Ldap Operation: (ADD|MODIFY|DELETE): ");
-    scanf("%s", operation);
-    printf("\n Number of users: ");
-    scanf("%d", &userCount);
-    printf("\n startVal: (startVal is 100 auto generated user will start from newuser100): ");
-    scanf("%d", &startVal);
-
-    if (userCount < 0 || startVal < 0)
-    {
-        printf("\n Invalid Input parameters");
-        return;
-    }
-    else if (userCount > 256)
-    {
-        printf("\n Maximum of only 256 entries can be concurrently manipulated by this tool, resetting userCount to 256");
-        userCount = 256;
-    }
-
-    if (VmDirStringCompareA(operation, "ADD", TRUE) == 0)
-    {
-        TestVmDirCreateUserWithControls(userCount, startVal, FALSE);
-    }
-    else if (VmDirStringCompareA(operation, "MODIFY", TRUE) == 0)
-    {
-        TestVmDirModifyUserWithControls(userCount, startVal, FALSE);
-    }
-    else if (VmDirStringCompareA(operation, "DELETE", TRUE) == 0)
-    {
-        TestVmDirDeleteUserWithControls(userCount, startVal, FALSE);
-    }
-
-    return;
-}
-
-DWORD
-TestVmDirCreateUserWithControlsThreadFun(
-    PVOID  pStartVal
-    )
-{
-    DWORD  dwStartValue = 0;
-    DWORD  dwError = 0;
-
-    if (pStartVal != NULL)
-    {
-        dwStartValue = *(PDWORD)pStartVal;
-    }
-
-    TestVmDirCreateUserWithControls(
-        1,//userCount
-        dwStartValue,
-        TRUE
-        );
-
-    VMDIR_SAFE_FREE_MEMORY(pStartVal);
-
-    return dwError;
-}
-
-DWORD
-TestVmDirModifyUserWithControlsThreadFun(
-    PVOID  pStartVal
-    )
-{
-    DWORD  dwStartValue = 0;
-    DWORD  dwError = 0;
-
-    if (pStartVal != NULL)
-    {
-        dwStartValue = *(PDWORD)pStartVal;
-    }
-
-    TestVmDirModifyUserWithControls(
-        1,//userCount
-        dwStartValue,
-        TRUE
-        );
-
-    VMDIR_SAFE_FREE_MEMORY(pStartVal);
-
-    return dwError;
-}
-
-DWORD
-TestVmDirDeleteUserWithControlsThreadFun(
-    PVOID  pStartVal
-    )
-{
-    DWORD  dwStartValue = 0;
-    DWORD  dwError = 0;
-
-    if (pStartVal != NULL)
-    {
-        dwStartValue = *(PDWORD)pStartVal;
-    }
-
-    TestVmDirDeleteUserWithControls(
-        1,//userCount
-        dwStartValue,
-        TRUE
-        );
-
-    VMDIR_SAFE_FREE_MEMORY(pStartVal);
-
-    return dwError;
-}
-
-VOID
-TestVmDirConcurrentStrongConsistencyOperations(
-    VOID
-    )
-{
-    char   operation[SIZE_256] = {0};
-    DWORD  userCount = 0;
-    DWORD  count = 0;
-    DWORD  startVal = 0;
-    DWORD  dwError = 0;
-    PVMDIR_THREAD  pTID[10] = {0};
-
-    printf("\n Ldap Operation: (ADD|MODIFY|DELETE): ");
-    scanf("%s", operation);
-    printf("\n Number of users: ");
-    scanf("%d", &userCount);
-    printf("\n startVal: (startVal is 100 auto generated user will start from newuser100): ");
-    scanf("%d", &startVal);
-
-    if (userCount < 0 || startVal < 0)
-    {
-        printf("\n Invalid Input parameters");
-        return;
-    }
-    else if (userCount > 10)
-    {
-        printf("\n Maximum of only 10 entries can be concurrently manipulated by this tool, resetting userCount to 10");
-        userCount = 10;
-    }
-
-    for (count = 0; count < userCount; count++,startVal++)
-    {
-        if (VmDirStringCompareA(operation, "ADD", TRUE) == 0)
-        {
-            dwError = _TestVmDirCreateThread(
-                          TestVmDirCreateUserWithControlsThreadFun,
-                          startVal,
-                          &pTID[count]
-                          );
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else if (VmDirStringCompareA(operation, "MODIFY", TRUE) == 0)
-        {
-            dwError = _TestVmDirCreateThread(
-                          TestVmDirModifyUserWithControlsThreadFun,
-                          startVal,
-                          &pTID[count]
-                          );
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        else if (VmDirStringCompareA(operation, "DELETE", TRUE) == 0)
-        {
-            dwError = _TestVmDirCreateThread(
-                          TestVmDirDeleteUserWithControlsThreadFun,
-                          startVal,
-                          &pTID[count]
-                          );
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    for (count = 0; count < userCount; count++)
-    {
-        VmDirThreadJoin(pTID[count], NULL);
-    }
-
-cleanup:
-    for (count = 0; count < userCount; count++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pTID[count]);
-    }
-    return;
-
-error:
-    printf("\n TestVmDirConcurrentStrongConsistencyOperation: failed with error: %d", dwError);
-    goto cleanup;
-}
-
-static
-DWORD
-_TestVmDirCreateThread(
-    VmDirStartRoutine* pStartRoutine,
-    DWORD dwStartVal,
-    PVMDIR_THREAD *ppTID
-    )
-{
-    DWORD   dwError = ERROR_SUCCESS;
-    PDWORD  pdwStartVal = NULL;
-    PVMDIR_THREAD pTid = NULL;
-
-    // pTid will be freed by the caller
-    dwError = VmDirAllocateMemory(sizeof(VMDIR_THREAD), (PVOID)&pTid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // pdwStartVal will be freed by the newly created thread
-    dwError = VmDirAllocateMemory(sizeof(DWORD), (PVOID)&pdwStartVal);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    *pdwStartVal = dwStartVal;
-
-   //create and start the thread
-   dwError = VmDirCreateThread(pTid, FALSE, pStartRoutine, pdwStartVal);
-   BAIL_ON_VMDIR_ERROR(dwError);
-
-   *ppTID = pTid;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_MEMORY(pdwStartVal);
-    goto cleanup;
-}
-
-/*  StrongConsistentWrite end */
-
-#ifndef _WIN32
-int main(int argc, char* argv[])
-#else
-int _tmain(int argc, TCHAR *targv[])
-#endif
-{
-    while (1)
-    {
-        int choice = -1;
-
-        printf( "\n\n==================\n");
-        printf( "Please select:\n");
-        printf( "0. exit\n");
-        printf( "1. TestVmDirSASLClient\n");
-#if 0
-        printf( "2. TestVmDirGetKrbMasterKey\n");
-        printf( "3. TestVmDirGetKrbUPNKey\n");
-#endif
-        printf( "4. TestVmDirCreateUser\n");
-        printf( "5. TestVmDirDBFileTransfer\n");
-        printf( "6. TestVmDirReplNow\n");
-        printf( "7. TestVmDirForceResetPassword\n");
-        printf( "8. TestVmDirSetLogParameters\n");
-        printf( "9. TestVmDirCreateUserEx\n");
-        printf( "10. TestVmDirCreateUserWithControls\n");
-        printf( "11. TestVmDirModifyUserWithControls\n");
-        printf( "12. TestVmDirDeleteUserWithControls\n");
-        printf( "13. TestVmDirStrongConsistencyOperations\n");
-        printf( "14. TestVmDirConcurrentStrongConsistencyOperation\n");
-        printf( "==================\n\n");
-        scanf("%d", &choice);
-
-        if (!choice)
-        {
-            goto cleanup;
-        }
-
-        switch (choice)
-        {
-          case 1:
-              TestVmDirSASLClient();
-              break;
-
-#if 0
-          case 2:
-              TestVmDirGetKrbMasterKey();
-              break;
-
-          case 3:
-              TestVmDirGetKrbUPNKey();
-              break;
-#endif
-
-          case 4:
-              TestVmDirCreateUser();
-              break;
-
-          case 5:
-              TestVmDirDBFileTransfer();
-              break;
-
-          case 6:
-              TestVmDirReplNow();
-              break;
-
-          case 7:
-              TestVmDirForceResetPassword();
-              break;
-
-          case 8:
-              TestVmDirSetLogParameters();
-              break;
-
-          case 9:
-              TestVmDirCreateUserEx();
-              break;
-
-          case 10:
-              TestVmDirCreateUserWithControls(
-                  0,//userCount
-                  0,//startValue
-                  FALSE//displayTime
-                  );
-              break;
-
-          case 11:
-              TestVmDirModifyUserWithControls(
-                  0,//userCount
-                  0,//startValue
-                  FALSE//displayTime
-                  );
-              break;
-
-          case 12:
-              TestVmDirDeleteUserWithControls(
-                  0,//userCount
-                  0,//startValue
-                  FALSE//displayTime
-                  );
-              break;
-
-          case 13:
-               TestVmDirStrongConsistencyOperations();
-               break;
-
-          case 14:
-               TestVmDirConcurrentStrongConsistencyOperations();
-               break;
-
-          default:
-              goto cleanup;
-        }
-    }
-
-cleanup:
-
-    return 0;
-
-}
diff --git a/lwraft/tools/test/vmdirclienttest/prototypes.h b/lwraft/tools/test/vmdirclienttest/prototypes.h
deleted file mode 100644
index 96cc49f3a..000000000
--- a/lwraft/tools/test/vmdirclienttest/prototypes.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#ifndef _VMDIR_CLIENT_TEST_PROTOTYPE_H_
-#define _VMDIR_CLIENT_TEST_PROTOTYPE_H_
-
-void
-TestVmDirSASLClient(
-    void
-    );
-
-DWORD
-VmDirConnectLDAPServer(
-    LDAP**      pLd,
-    PCSTR       pszHostName,
-    PCSTR       pszDomain,
-    PCSTR       pszUserName,
-    PCSTR       pszPassword
-    );
-
-DWORD
-VmDirLdapGetMasterKey(
-    LDAP* pLd,
-    PCSTR pszDomainDN,
-    PBYTE* ppMasterKey,
-    DWORD* pLen
-    );
-
-#endif
diff --git a/lwraft/tools/test/vmdirclienttest/saslclient.c b/lwraft/tools/test/vmdirclienttest/saslclient.c
deleted file mode 100644
index 6efe73157..000000000
--- a/lwraft/tools/test/vmdirclienttest/saslclient.c
+++ /dev/null
@@ -1,302 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-static
-DWORD
-_VmDirSASLGSSBind(
-     LDAP*  pLD
-     );
-
-static
-int
-_VmDirSASLInteraction(
-    LDAP *      pLD,
-    unsigned    flags,
-    void *      pDefaults,
-    void *      pIn
-    );
-
-static
-void
-_VmDirClientTestGSSAPIBind(
-    PCSTR   pszLDAPURI
-    );
-
-static
-void
-_VmDirClientTestSimpleBind(
-    PCSTR   pszLDAPURI
-    );
-
-static
-void
-_VmDirClientTestSimpleSSLBind(
-    PCSTR   pszLDAPSURI
-    );
-
-void
-TestVmDirSASLClient(
-    void
-    )
-{
-    DWORD   dwError = 0;
-    char    pszServerHost[256] = {0};
-    PSTR    pszLDAPURI = NULL;
-    PSTR    pszLDAPSURI = NULL;
-
-    printf( "Please entry LDAP server host:");
-    scanf("%s", pszServerHost);
-
-    dwError = VmDirAllocateStringAVsnprintf(    &pszLDAPURI,
-                                                "ldap://%s:389",
-                                                pszServerHost[0] != '\0' ? pszServerHost : "localhost");
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(    &pszLDAPSURI,
-                                                "ldaps://%s",
-                                                pszServerHost[0] != '\0' ? pszServerHost : "localhost");
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    _VmDirClientTestSimpleBind( pszLDAPURI );
-
-    _VmDirClientTestSimpleSSLBind( pszLDAPSURI );
-
-    _VmDirClientTestGSSAPIBind( pszLDAPURI );
-
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pszLDAPURI);
-    VMDIR_SAFE_FREE_MEMORY(pszLDAPSURI);
-
-    return;
-
-error:
-
-	printf("TestVmDirSASLClient failed. (%d)\n", dwError);
-	goto cleanup;
-}
-
-static
-void
-_VmDirClientTestSimpleBind(
-    PCSTR   pszLDAPURI
-    )
-{
-    DWORD   dwError = 0;
-    int	    ldap_version_3 = LDAP_VERSION3;
-    LDAP *  pLD = NULL;
-    BerValue    ldapBindPwd = {0};
-
-    printf("_VmDirClientTestSimpleBind ldap simple bind initialize %s\n", pszLDAPURI);
-    dwError = ldap_initialize( &pLD, pszLDAPURI );
-    /* Set LDAP V3 protocol version */
-    ldap_set_option( pLD, LDAP_OPT_PROTOCOL_VERSION, &ldap_version_3 );
-
-    printf("_VmDirClientTestSimpleBind ldap simple ANONYMOUS bind started.\n");
-    dwError = ldap_sasl_bind_s(
-                                   pLD,
-                                   "",
-                                   LDAP_SASL_SIMPLE,
-                                   &ldapBindPwd,  // no credentials
-                                   NULL,
-                                   NULL,
-                                   NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("_VmDirClientTestSimpleBind ldap simple ANONYMOUS bind succeeded.\n");
-
-cleanup:
-    if (pLD)
-    {
-        dwError = ldap_unbind_ext_s(    pLD,
-                                        NULL,
-                                        NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("_VmDirClientTestSimpleBind ldap unbind succeeded.\n\n\n");
-    }
-
-    return;
-
-error:
-
-	printf("_VmDirClientTestSimpleBind failed. (%d)(%s)\n\n", dwError, ldap_err2string(dwError));
-
-	goto cleanup;
-}
-
-static
-void
-_VmDirClientTestSimpleSSLBind(
-    PCSTR   pszLDAPSURI
-    )
-{
-    DWORD   dwError = 0;
-    int     ldap_version_3 = LDAP_VERSION3;
-    int     iTLSNever = LDAP_OPT_X_TLS_NEVER;
-    int     iTLSMin = LDAP_OPT_X_TLS_PROTOCOL_TLS1_0;
-    LDAP *  pLD = NULL;
-    BerValue    ldapBindPwd = {0};
-    char    pszDefaultBindDN[256] = {0};
-    char    pszDefaultPasswd[256] = {0};
-
-    printf("_VmDirClientTestSimpleSSLBind ldaps simple bind initialize %s\n", pszLDAPSURI);
-    dwError = ldap_initialize( &pLD, pszLDAPSURI );
-    /* Set LDAP V3 protocol version */
-    ldap_set_option( pLD, LDAP_OPT_PROTOCOL_VERSION, &ldap_version_3 );
-    ldap_set_option(NULL, LDAP_OPT_X_TLS_PROTOCOL_MIN, &iTLSMin);
-    ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &iTLSNever);
-
-    printf("_VmDirClientTestSimpleSSLBind ldaps simple ANONYMOUS bind started.\n");
-    dwError = ldap_sasl_bind_s(
-                                   pLD,
-                                   "",
-                                   LDAP_SASL_SIMPLE,
-                                   &ldapBindPwd,  // no credentials
-                                   NULL,
-                                   NULL,
-                                   NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("_VmDirClientTestSimpleSSLBind ldaps simple ANONYMOUS bind succeeded.\n");
-
-    printf( "\n\nPlease entry LDAPS Bind DN:");
-    scanf("%s", pszDefaultBindDN);
-    printf( "Please entry LDAPS Bind password:");
-    scanf("%s", pszDefaultPasswd);
-
-    ldapBindPwd.bv_val = pszDefaultPasswd;
-    ldapBindPwd.bv_len = strlen( pszDefaultPasswd );
-
-    printf("_VmDirClientTestSimpleSSLBind ldaps simple bind started.\n");
-
-    dwError = ldap_sasl_bind_s(
-                                   pLD,
-                                   pszDefaultBindDN,
-                                   LDAP_SASL_SIMPLE,
-                                   &ldapBindPwd,  // ldaps with credentials
-                                   NULL,
-                                   NULL,
-                                   NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("_VmDirClientTestSimpleSSLBind ldaps simple bind succeeded.\n");
-
-
-cleanup:
-    if (pLD)
-    {
-        dwError = ldap_unbind_ext_s(    pLD,
-                                        NULL,
-                                        NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("_VmDirClientTestSimpleSSLBind ldaps unbind succeeded.\n\n\n");
-    }
-
-    return;
-
-error:
-
-    printf("_VmDirClientTestSimpleSSLBind failed. (%d)(%s)\n\n", dwError, ldap_err2string(dwError));
-
-    goto cleanup;
-}
-
-static
-void
-_VmDirClientTestGSSAPIBind(
-    PCSTR   pszLDAPURI
-    )
-{
-    DWORD   dwError = 0;
-    int	    ldap_version_3 = LDAP_VERSION3;
-    LDAP *  pLD = NULL;
-
-    printf("_VmDirClientTestGSSAPIBind ldap sasl GSSAPI bind initialize %s\n", pszLDAPURI);
-    dwError = ldap_initialize( &pLD, pszLDAPURI );
-    /* Set LDAP V3 protocol version */
-    ldap_set_option( pLD, LDAP_OPT_PROTOCOL_VERSION, &ldap_version_3 );
-
-    printf("_VmDirClientTestGSSAPIBind ldap sasl GSSAPI bind started.\n");
-    dwError = _VmDirSASLGSSBind(pLD);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("_VmDirClientTestGSSAPIBind ldap sasl GSSAPI bind succeeded.\n");
-
-cleanup:
-    if (pLD)
-    {
-        dwError = ldap_unbind_ext_s(    pLD,
-                                        NULL,
-                                        NULL);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("_VmDirClientTestGSSAPIBind ldap unbind succeeded.\n");
-    }
-
-    return;
-
-error:
-
-	printf("_VmDirClientTestGSSAPIBind failed. (%d)(%s)\n\n", dwError, ldap_err2string(dwError));
-
-	goto cleanup;
-}
-
-static
-DWORD
-_VmDirSASLGSSBind(
-     LDAP*  pLD
-     )
-{
-    DWORD   dwError = 0;
-
-    dwError = ldap_sasl_interactive_bind_s( pLD,
-                                            NULL,
-                                            "GSSAPI",
-                                            NULL,
-                                            NULL,
-                                            LDAP_SASL_QUIET,
-                                            _VmDirSASLInteraction,
-                                            NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    VmDirLog(LDAP_DEBUG_ANY, "VmDirSASLGSSBind failed. (%d)(%s)\n", dwError, ldap_err2string(dwError));
-
-    goto cleanup;
-}
-
-static
-int
-_VmDirSASLInteraction(
-    LDAP *      pLD,
-    unsigned    flags,
-    void *      pDefaults,
-    void *      pIn
-    )
-{
-    // dummy function to staisfy ldap_sasl_interactive_bind call
-    return LDAP_SUCCESS;
-}
diff --git a/lwraft/tools/vdcaclmgr/Makefile.am b/lwraft/tools/vdcaclmgr/Makefile.am
index 80c5ea5e8..0b08f1938 100644
--- a/lwraft/tools/vdcaclmgr/Makefile.am
+++ b/lwraft/tools/vdcaclmgr/Makefile.am
@@ -1,24 +1,25 @@
-bin_PROGRAMS = vdcaclmgr
+bin_PROGRAMS = postaclmgr
 
-vdcaclmgr_SOURCES = \
+postaclmgr_SOURCES = \
     acl.c           \
     ldap.c          \
-    stringlist.c    \
     main.c
 
-vdcaclmgr_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+postaclmgr_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/tools/include \
+    -I$(top_srcdir)/lwraft/client \
+    -I$(top_builddir)/lwraft/client \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
-vdcaclmgr_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
+postaclmgr_LDADD = \
+    $(top_builddir)/lwraft/client/libpostclient.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
     @LWREG_LIBS@ \
@@ -26,8 +27,11 @@ vdcaclmgr_LDADD = \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
+    @LDAP_LIBS@ \
+    @PTHREAD_LIBS@ \
+    @UUID_LIBS@ \
+    @LBER_LIBS@
 
-vdcaclmgr_LDFLAGS = \
+postaclmgr_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcaclmgr/acl.c b/lwraft/tools/vdcaclmgr/acl.c
index 4f9e5c3cb..ccd041f34 100644
--- a/lwraft/tools/vdcaclmgr/acl.c
+++ b/lwraft/tools/vdcaclmgr/acl.c
@@ -13,56 +13,223 @@
  */
 #include "includes.h"
 
+DWORD
+_VdcParsePermissionsString(
+    PCSTR pszPermissions,
+    PVMDIR_STRING_LIST pStringList
+    );
+
+DWORD
+_VdcParseAceFlagString(
+    PCSTR pszAceFlags,
+    PVMDIR_STRING_LIST pStringList
+    );
+
+static
+DWORD
+_VdcAppendNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum
+    );
+
+static
+VOID
+_VdcSkipNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum
+    );
+
+//
+// Looks up the user's SID give a username. However, pUserName might already
+// be the SID, in which case we just return that. On exit the caller owns
+// *ppUserSid.
+//
+DWORD
+_VdcLookupUserSid(
+    PLW_HASHMAP pUserToSidMapping,
+    PCSTR pszUserName,
+    PSTR *ppszUserSid
+    )
+{
+    PSTR pszUserSid = NULL;
+    PSTR pszPotentialUserSid = NULL;
+    DWORD dwError = 0;
+
+    dwError = LwRtlHashMapFindKey(pUserToSidMapping, (PVOID*)&pszPotentialUserSid, pszUserName);
+    if (dwError == ERROR_SUCCESS)
+    {
+
+        dwError = VmDirAllocateStringA(pszPotentialUserSid, &pszUserSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else if (dwError == LW_STATUS_NOT_FOUND)
+    {
+        //
+        // If it's LW_STATUS_NOT_FOUND then we assume the supplied user name is
+        // actually a SID. It might just be an invalid username but we have no
+        // simple/fast way to verify that.
+        //
+        dwError = VmDirAllocateStringA(pszUserName, &pszUserSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        //
+        // Otherwise, the error is fatal.
+        //
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppszUserSid = pszUserSid;
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+//
+// pszPermissionStatement :: = GRANTEE:(PERMISSIONS)*:(ACE_FLAGS)*
 //
-// pszPermissionStatement will be of the form "Username:PERMISSION". E.g.,
-// "testuser:RP".
+// GRANTEE          : could be cn or SID
+// (PERMISSIONS)*   : optional permissions
+// (ACE_FLAGS)*     : optional ACE_FLAGS (currently support 'CI' 'OI')
+//
+// Should have at lest one PERMISSIONS or ACE_FLAGS; otherwise, return VMDIR_ERROR_INVALID_PARAMETER
 //
 DWORD
 _VdcParsePermissionStatement(
     PCSTR pszPermissionStatement,
     PLW_HASHMAP pUserToSidMapping,
     PSTR *ppszUserSid,
-    PSTR *ppszPermission
+    PVMDIR_STRING_LIST *ppPermissionList,
+    PVMDIR_STRING_LIST *ppAceFlagList
     )
 {
     DWORD dwError = 0;
     PSTR pszUserSid = NULL;
-    PSTR pszUserName = NULL;
-    PSTR pszPermission = NULL;
-    PSTR pszStringEnd = NULL;
+    PVMDIR_STRING_LIST  pStrList = NULL;
+    PVMDIR_STRING_LIST  pPermissionList = NULL;
+    PVMDIR_STRING_LIST  pAceFlagList = NULL;
 
-    pszStringEnd = strchr(pszPermissionStatement, ':');
-    if (pszStringEnd == NULL)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    dwError = VmDirStringListInitialize(&pPermissionList, DEFAULT_PERMISSION_LIST_SIZE);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringOfLenA(pszPermissionStatement, pszStringEnd - pszPermissionStatement, &pszUserName);
+    dwError = VmDirStringListInitialize(&pAceFlagList, DEFAULT_PERMISSION_LIST_SIZE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringA(pszStringEnd + 1, &pszPermission);
+    dwError = VmDirStringToTokenListExt(pszPermissionStatement, ":", &pStrList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = LwRtlHashMapFindKey(pUserToSidMapping, (PVOID*)&pszUserSid, pszUserName);
+    if (!pStrList || pStrList->dwCount < 2 || pStrList->dwCount > 3)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VdcLookupUserSid(pUserToSidMapping, pStrList->pStringList[0], &pszUserSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    if (pStrList->pStringList[1][0] != '\0')
+    {
+        dwError = _VdcParsePermissionsString(pStrList->pStringList[1], pPermissionList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pStrList->dwCount == 3 && pStrList->pStringList[2][0] != '\0')
+    {
+        dwError = _VdcParseAceFlagString(pStrList->pStringList[2], pAceFlagList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    //
+    // no permission and no ace flag
+    //
+    if (pPermissionList->dwCount == 0 && (pAceFlagList->dwCount == 0))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
     *ppszUserSid = pszUserSid;
-    *ppszPermission = pszPermission;
+
+    if (pPermissionList->dwCount > 0)
+    {
+        *ppPermissionList = pPermissionList;
+        pPermissionList = NULL;
+    }
+
+    if (pAceFlagList->dwCount > 0)
+    {
+        *ppAceFlagList = pAceFlagList;
+        pAceFlagList = NULL;
+    }
 
 cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VmDirStringListFree(pStrList);
+    VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pAceFlagList);
+
     return dwError;
 
 error:
-    VMDIR_SAFE_FREE_STRINGA(pszPermission);
     VMDIR_SAFE_FREE_STRINGA(pszUserSid);
+
     goto cleanup;
 }
+
+DWORD
+_VdcParseAceFlagString(
+    PCSTR pszAceFlags,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszFlag = NULL;
+
+    //
+    // All ace flags are two characters long so the length of the entire string should
+    // be even.
+    //
+    if (strlen(pszAceFlags) % SDDL_PERMISSION_LENGTH != 0)
+    {
+        dwError = VMDIR_ERROR_INVALID_ACE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    while (*pszAceFlags)
+    {
+        //
+        // All ace flags are two characters long.
+        //
+        dwError = VmDirAllocateStringOfLenA(pszAceFlags, SDDL_PERMISSION_LENGTH, &pszFlag);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszAceFlags += SDDL_PERMISSION_LENGTH;
+
+        if (VmDirStringCompareA(pszFlag, "CI", TRUE) != 0 &&
+            VmDirStringCompareA(pszFlag, "OI", TRUE) != 0 )
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_ACE);
+        }
+
+        dwError = VmDirStringListAdd(pStringList, pszFlag);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pszFlag = NULL;
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszFlag);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
 DWORD
 _VdcParsePermissionsString(
     PCSTR pszPermissions,
-    PSTRING_LIST pStringList
+    PVMDIR_STRING_LIST pStringList
     )
 {
     DWORD dwError = 0;
@@ -71,9 +238,9 @@ _VdcParsePermissionsString(
     // All permissions are two characters long so the length of the entire string should
     // be even.
     //
-    if (strlen(pszPermissions) % 2 != 0)
+    if (strlen(pszPermissions) % SDDL_PERMISSION_LENGTH != 0)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        dwError = VMDIR_ERROR_INVALID_ACE;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -84,12 +251,12 @@ _VdcParsePermissionsString(
         //
         // All permissions are two characters long.
         //
-        dwError = VmDirAllocateStringOfLenA(pszPermissions, 2, &pszPermission);
+        dwError = VmDirAllocateStringOfLenA(pszPermissions, SDDL_PERMISSION_LENGTH, &pszPermission);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        pszPermissions += 2;
+        pszPermissions += SDDL_PERMISSION_LENGTH;
 
-        dwError = VdcStringListAdd(pStringList, pszPermission);
+        dwError = VmDirStringListAdd(pStringList, pszPermission);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -104,18 +271,18 @@ DWORD
 _VdcParseAce(
     PCSTR pszAce,
     PSTR *ppszSid,
-    PSTRING_LIST *ppPermissionList
+    PVMDIR_STRING_LIST *ppPermissionList
     )
 {
     DWORD dwError = 0;
     PSTR pszStringEnd = NULL;
     PSTR pszPermissions = NULL;
     PSTR pszSid = NULL;
-    PSTRING_LIST pPermissionList = NULL;
+    PVMDIR_STRING_LIST pPermissionList = NULL;
 
     assert(pszAce[0] == '(' && pszAce[strlen(pszAce) - 1] == ')');
 
-    dwError = VdcStringListInitialize(&pPermissionList, DEFAULT_PERMISSION_LIST_SIZE);
+    dwError = VmDirStringListInitialize(&pPermissionList, DEFAULT_PERMISSION_LIST_SIZE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     //
@@ -201,7 +368,7 @@ _VdcParseAce(
 
 error:
     VMDIR_SAFE_FREE_STRINGA(pszSid);
-    VdcStringListFree(pPermissionList);
+    VmDirStringListFree(pPermissionList);
     goto cleanup;
 }
 
@@ -210,16 +377,16 @@ _VdcParseSecurityDescriptor(
     PCSTR pszSecurityDescriptor,
     PSTR *ppszOwner,
     PSTR *ppszGroup,
-    PSTRING_LIST *ppAceList
+    PVMDIR_STRING_LIST *ppAceList
     )
 {
     DWORD dwError = 0;
     PSTR pszOwner = NULL;
     PSTR pszGroup = NULL;
-    PSTRING_LIST pAceList = NULL;
+    PVMDIR_STRING_LIST pAceList = NULL;
     PSTR pszStringEnd = NULL;
 
-    dwError = VdcStringListInitialize(&pAceList, DEFAULT_ACE_LIST_SIZE);
+    dwError = VmDirStringListInitialize(&pAceList, DEFAULT_ACE_LIST_SIZE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (pszSecurityDescriptor[0] != 'O' || pszSecurityDescriptor[1] != ':')
@@ -263,21 +430,32 @@ _VdcParseSecurityDescriptor(
     //
     pszSecurityDescriptor = pszStringEnd + 2;
 
+    //
+    // Skip any DACL flags.
+    //
+    if (*pszSecurityDescriptor != '(')
+    {
+        pszStringEnd = strchr(pszSecurityDescriptor, '(');
+        if (pszStringEnd == NULL)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+        }
+        pszSecurityDescriptor = pszStringEnd;
+    }
+
     while (*pszSecurityDescriptor)
     {
         PSTR pszAce = NULL;
 
         if (*pszSecurityDescriptor != '(')
         {
-            dwError = VMDIR_ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
         }
 
         pszStringEnd = strchr(pszSecurityDescriptor, ')');
         if (pszStringEnd == NULL)
         {
-            dwError = VMDIR_ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
         }
 
         //
@@ -286,7 +464,7 @@ _VdcParseSecurityDescriptor(
         dwError = VmDirAllocateStringOfLenA(pszSecurityDescriptor, pszStringEnd - pszSecurityDescriptor + 1, &pszAce);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VdcStringListAdd(pAceList, pszAce);
+        dwError = VmDirStringListAdd(pAceList, pszAce);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         //
@@ -305,7 +483,7 @@ _VdcParseSecurityDescriptor(
 error:
     VMDIR_SAFE_FREE_STRINGA(pszOwner);
     VMDIR_SAFE_FREE_STRINGA(pszGroup);
-    VdcStringListFree(pAceList);
+    VmDirStringListFree(pAceList);
     goto cleanup;
 }
 
@@ -337,6 +515,9 @@ _VdcInitializePermissionDescriptions(
     dwError = _VdcAddCopiesToHashTable(pHashMap, "GW", "Generic Write");
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = _VdcAddCopiesToHashTable(pHashMap, "GX", "Generic Execute");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     dwError = _VdcAddCopiesToHashTable(pHashMap, "GA", "Generic All");
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -398,15 +579,9 @@ _VdcGetObjectSecurityDescriptor(
 {
     DWORD dwError = 0;
     PSTR pszSecurityDescriptor = NULL;
-    PSTR pszFilter = NULL;
-
-    dwError = VmDirAllocateStringAVsnprintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
-    BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VdcLdapGetAttributeValue(pLd,
                                        pszBaseDN,
-                                       LDAP_SCOPE_BASE,
-                                       pszFilter,
                                        ATTR_ACL_STRING,
                                        &pszSecurityDescriptor);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -414,7 +589,6 @@ _VdcGetObjectSecurityDescriptor(
     *ppszSecurityDescriptor = pszSecurityDescriptor;
 
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszFilter);
     return dwError;
 
 error:
@@ -425,19 +599,82 @@ DWORD
 _VdcAddAceToSecurityDescriptor(
     PCSTR pszObjectSD,
     PCSTR pszUserSid,
-    PCSTR pszPermission,
+    PVMDIR_STRING_LIST  pPermissionList,
+    PVMDIR_STRING_LIST  pAceFlagList,
+    BOOLEAN bVerbose,
     PSTR *ppszNewSecurityDescriptor
     )
 {
     DWORD dwError = 0;
+    PSTR pszPermission = NULL;
+    PSTR pszAceFlag = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
+    PSTR pszNewAce = NULL;
+    SIZE_T  dwTmpSize = 0;
+    DWORD   dwIdx = 0;
+
+    if (pPermissionList)
+    {
+        dwTmpSize = pPermissionList->dwCount * 2 + 1; //  +1 for null
+        dwError = VmDirAllocateMemory(dwTmpSize, (PVOID*)&pszPermission);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (dwIdx = 0; dwIdx < pPermissionList->dwCount; dwIdx++)
+        {
+            dwError = VmDirStringCatA(
+                        pszPermission,
+                        dwTmpSize,
+                        pPermissionList->pStringList[dwIdx]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    if (pAceFlagList)
+    {
+        dwTmpSize = pAceFlagList->dwCount * 2 + 1; //  +1 for null
+        dwError = VmDirAllocateMemory(dwTmpSize, (PVOID*)&pszAceFlag);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (dwIdx = 0; dwIdx < pAceFlagList->dwCount; dwIdx++)
+        {
+            dwError = VmDirStringCatA(
+                        pszAceFlag,
+                        dwTmpSize,
+                        pAceFlagList->pStringList[dwIdx]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    if (!pszPermission && !pszAceFlag)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszNewAce, "(A;%s;%s;;;%s)",
+                pszAceFlag ? pszAceFlag : "",
+                pszPermission ? pszPermission : "",
+                pszUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (bVerbose)
+    {
+        printf("New ACE: %s\n\n", pszNewAce);
+    }
 
-    dwError = VmDirAllocateStringAVsnprintf(&pszNewSecurityDescriptor, "%s(A;;%s;;;%s)", pszObjectSD, pszPermission, pszUserSid);
+    dwError = VmDirAllocateStringPrintf(
+                &pszNewSecurityDescriptor,
+                "%s%s",
+                pszObjectSD,
+                pszNewAce);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszNewSecurityDescriptor = pszNewSecurityDescriptor;
 
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAceFlag);
+    VMDIR_SAFE_FREE_MEMORY(pszPermission);
+    VMDIR_SAFE_FREE_MEMORY(pszNewAce);
     return dwError;
 
 error:
@@ -448,112 +685,109 @@ DWORD
 _VdcUpdateSecurityDescriptor(
     PSTR *ppszNewSecurityDescriptor,
     PCSTR pszObjectSD,
-    PCSTR pszAce,
-    PCSTR pszPermission,
-    BOOLEAN fAddPermission
+    PCSTR pszTargetAce,
+    PVMDIR_STRING_LIST  pPermissionList,
+    PVMDIR_STRING_LIST  pAceFlagList,
+    BOOLEAN fAddPermission,
+    BOOLEAN bVerbose
     )
 {
     DWORD dwError = 0;
-    DWORD dwDestinationBufferSize = 0;
+    SIZE_T sDestinationBufferSize = 0;
     PSTR pszNewSecurityDescriptor = NULL;
     PSTR pszAceStart = NULL;
-    PSTR pszTokenizer = NULL;
+    PSTR pszRemainingSD = NULL;
+    PSTR pszNewAce = NULL;
+    PVMDIR_STRING_LIST  pLocalStrList = NULL;
 
     //
-    // +1 for the null.
+    // calculate buffer size
     //
-    dwDestinationBufferSize = strlen(pszObjectSD) + strlen(pszPermission) + 1;
-    dwError = VmDirAllocateMemory(dwDestinationBufferSize, (PVOID*)&pszNewSecurityDescriptor);
+    sDestinationBufferSize = strlen(pszObjectSD) +
+                             (pPermissionList ? pPermissionList->dwCount * 2 : 0) +   // permission is 2 chars
+                             (pAceFlagList ? pAceFlagList->dwCount * 2 : 0) +         // ace flag is 2 chars
+                             1;                                                       // +1 for null
+    dwError = VmDirAllocateMemory(sDestinationBufferSize, (PVOID*)&pszNewSecurityDescriptor);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pszAceStart = strstr(pszObjectSD, pszAce);
+    pszAceStart = strstr(pszObjectSD, pszTargetAce);
     dwError = VmDirStringNCpyA(
                 pszNewSecurityDescriptor,
-                dwDestinationBufferSize,
+                sDestinationBufferSize,
                 pszObjectSD,
                 pszAceStart - pszObjectSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    //
-    // Skip ahead to the permssion section of the ACE.
-    //
-    pszTokenizer = strchr(pszAceStart, ';');
-    if (pszTokenizer == NULL)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    pszTokenizer = strchr(pszTokenizer + 1, ';');
-    if (pszTokenizer == NULL)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pszTokenizer += 1;
+    pszRemainingSD = pszAceStart + VmDirStringLenA(pszTargetAce);
 
-    dwError = VmDirStringNCatA(
-                pszNewSecurityDescriptor,
-                dwDestinationBufferSize,
-                pszAceStart,
-                pszTokenizer - pszAceStart);
+    // separate pszTargetAce into token
+    dwError = VmDirStringToTokenListExt(pszTargetAce, ";", &pLocalStrList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (fAddPermission)
+    // proper ACE should have 6 parts
+    if (pLocalStrList->dwCount != 6)
     {
-        //
-        // Add this permission to the ACE.
-        //
-        dwError = VmDirStringCatA(
-                    pszNewSecurityDescriptor,
-                    dwDestinationBufferSize,
-                    pszPermission);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_ACE);
     }
-    else
-    {
-        PSTR pszPermissionInString = pszTokenizer;
 
-        while (*pszPermissionInString != ';')
+    if (fAddPermission)
+    {
+        if (pPermissionList && pPermissionList->dwCount > 0)
         {
-            if (strncmp(pszPermissionInString, pszPermission, strlen(pszPermission)) == 0)
-            {
-                break;
-            }
-            else
-            {
-                pszPermissionInString += 2;
-            }
+            dwError = _VdcAppendNewValue(pLocalStrList, pPermissionList, 2);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
 
-        if (*pszPermissionInString != ';')
+        if (pAceFlagList && pAceFlagList->dwCount > 0)
         {
-            //
-            // We found the permission in question. Copy everything before it to the
-            // new SD.
-            //
-            dwError = VmDirStringNCatA(
-                        pszNewSecurityDescriptor,
-                        dwDestinationBufferSize,
-                        pszTokenizer,
-                        pszPermissionInString - pszTokenizer);
+            dwError = _VdcAppendNewValue(pLocalStrList, pAceFlagList, 1);
             BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else
+    {   // delete permission
+        if (pPermissionList && pPermissionList->dwCount > 0)
+        {
+            _VdcSkipNewValue(pLocalStrList, pPermissionList, 2);
+        }
 
-            //
-            // Skip over the permission to "remove" it. The rest of the ACE will get
-            // copied below.
-            //
-            pszTokenizer = pszPermissionInString + 2;
+        if (pAceFlagList && pAceFlagList->dwCount > 0)
+        {
+            _VdcSkipNewValue(pLocalStrList, pAceFlagList, 1);
         }
-        else
+    }
+
+    // make sure we have at least one permission; otherwise, skip this ACE.
+    if (pLocalStrList->pStringList[2][0] != '\0')
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszNewAce, "%s;%s;%s;%s;%s;%s",
+                    pLocalStrList->pStringList[0],
+                    pLocalStrList->pStringList[1],
+                    pLocalStrList->pStringList[2],
+                    pLocalStrList->pStringList[3],
+                    pLocalStrList->pStringList[4],
+                    pLocalStrList->pStringList[5]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (bVerbose)
         {
-            //
-            // This user doesn't have the permission in question. Let's report an
-            // error.
-            //
-            printf("Error: User doesn't have the %s permission\n", pszPermission);
-            dwError = VMDIR_ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
+            printf("Old ACE: %s\n", pszTargetAce);
+            printf("New ACE: %s\n\n", pszNewAce);
+        }
+
+        dwError = VmDirStringCatA(
+                    pszNewSecurityDescriptor,
+                    sDestinationBufferSize,
+                    pszNewAce);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        if (bVerbose)
+        {
+            printf("Old ACE: %s\n", pszTargetAce);
+            printf("New ACE: %s\n\n", "NULL");
         }
     }
 
@@ -562,13 +796,15 @@ _VdcUpdateSecurityDescriptor(
     //
     dwError = VmDirStringCatA(
                 pszNewSecurityDescriptor,
-                dwDestinationBufferSize,
-                pszTokenizer);
+                sDestinationBufferSize,
+                pszRemainingSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszNewSecurityDescriptor = pszNewSecurityDescriptor;
 
 cleanup:
+    VmDirStringListFree(pLocalStrList);
+    VMDIR_SAFE_FREE_MEMORY(pszNewAce);
     return dwError;
 
 error:
@@ -580,8 +816,10 @@ DWORD
 _VdcUpdateAclInSD(
     PCSTR pszObjectSD,
     PCSTR pszUserSid,
-    PCSTR pszPermission,
+    PVMDIR_STRING_LIST pPermissionList,
+    PVMDIR_STRING_LIST pAceFlagList,
     BOOLEAN fAddPermission,
+    BOOLEAN bVerbose,
     PSTR *ppszNewSD
     )
 {
@@ -590,10 +828,11 @@ _VdcUpdateAclInSD(
     DWORD dwUserAce = 0;
     PSTR pszOwnerSid = NULL;
     PSTR pszGroupSid = NULL;
-    PSTRING_LIST pAceList = NULL;
+    PSTR pszSid = NULL;
+    PVMDIR_STRING_LIST pAceList = NULL;
     BOOLEAN bFoundUser = FALSE;
-    PSTRING_LIST pPermissionList = NULL;
-    PSTR pszNewSecurityDescriptor;
+    PVMDIR_STRING_LIST pTmpList = NULL;
+    PSTR pszNewSecurityDescriptor = NULL;
 
     dwError = _VdcParseSecurityDescriptor(
                 pszObjectSD,
@@ -604,13 +843,13 @@ _VdcUpdateAclInSD(
 
     for (i = 0; i < pAceList->dwCount; ++i)
     {
-        PSTR pszSid = NULL;
-
-        dwError = _VdcParseAce(pAceList->pStringList[i], &pszSid, &pPermissionList);
+        dwError = _VdcParseAce(pAceList->pStringList[i], &pszSid, &pTmpList);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         bFoundUser = (strcmp(pszSid, pszUserSid) == 0);
         VMDIR_SAFE_FREE_STRINGA(pszSid);
+        VmDirStringListFree(pTmpList);
+        pTmpList = NULL;
 
         if (bFoundUser)
         {
@@ -621,32 +860,40 @@ _VdcUpdateAclInSD(
 
     if (bFoundUser)
     {
-        //
-        // If the user already has this permission then bail out.
-        //
-        if (fAddPermission && VdcStringListContains(pPermissionList, pszPermission))
-        {
-            printf("The user (%s) already has the %s permission\n", pszUserSid, pszPermission);
-            dwError = VMDIR_ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        dwError = _VdcUpdateSecurityDescriptor(&pszNewSecurityDescriptor, pszObjectSD, pAceList->pStringList[dwUserAce], pszPermission, fAddPermission);
+        dwError = _VdcUpdateSecurityDescriptor(
+                    &pszNewSecurityDescriptor,
+                    pszObjectSD,
+                    pAceList->pStringList[dwUserAce],
+                    pPermissionList,
+                    pAceFlagList,
+                    fAddPermission,
+                    bVerbose);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
-    else
+    else if (fAddPermission)
     {
-        dwError = _VdcAddAceToSecurityDescriptor(pszObjectSD, pszUserSid, pszPermission, &pszNewSecurityDescriptor);
+        dwError = _VdcAddAceToSecurityDescriptor(
+                    pszObjectSD,
+                    pszUserSid,
+                    pPermissionList,
+                    pAceFlagList,
+                    bVerbose,
+                    &pszNewSecurityDescriptor);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
+    else
+    {   // delete permission but no such ACE exists
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACE_NOT_FOUND);
+    }
 
     *ppszNewSD = pszNewSecurityDescriptor;
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszOwnerSid);
     VMDIR_SAFE_FREE_STRINGA(pszGroupSid);
-    VdcStringListFree(pAceList);
-    VdcStringListFree(pPermissionList);
+    VMDIR_SAFE_FREE_STRINGA(pszSid);
+    VmDirStringListFree(pAceList);
+    VmDirStringListFree(pTmpList);
 
     return dwError;
 
@@ -659,42 +906,59 @@ VdcGrantPermissionToUser(
     LDAP *pLd,
     PLW_HASHMAP pUserToSidMapping,
     PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    COMMAND_LINE_PARAMETER_STATE*   pState
     )
 {
     DWORD dwError = 0;
     PSTR pszFilter = NULL;
     PSTR pszObjectSD = NULL;
     PSTR pszUserSid = NULL;
-    PSTR pszPermission = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
+    PVMDIR_STRING_LIST pPermissionList = NULL;
+    PVMDIR_STRING_LIST pAceFlagList = NULL;
 
     dwError = _VdcGetObjectSecurityDescriptor(pLd, pszObjectDN, &pszObjectSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    printf("Previous SD for %s ==> %s\n", pszObjectDN, pszObjectSD);
-
-    dwError = _VdcParsePermissionStatement(pszPermissionStatement, pUserToSidMapping, &pszUserSid, &pszPermission);
+    dwError = _VdcParsePermissionStatement(
+                pState->pszGrantParameter,
+                pUserToSidMapping,
+                &pszUserSid,
+                &pPermissionList,
+                &pAceFlagList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VdcUpdateAclInSD(pszObjectSD, pszUserSid, pszPermission, TRUE, &pszNewSecurityDescriptor);
+    dwError = _VdcUpdateAclInSD(
+                pszObjectSD,
+                pszUserSid,
+                pPermissionList,
+                pAceFlagList,
+                TRUE,
+                pState->bVerbose,
+                &pszNewSecurityDescriptor);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    printf("Updated SD ==> %s\n", pszNewSecurityDescriptor);
-
-    dwError = VmDirAllocateStringAVsnprintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
+    dwError = VmDirAllocateStringPrintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VdcLdapReplaceAttrOnEntries(pLd,
-                                          pszObjectDN,
-                                          LDAP_SCOPE_SUB,
-                                          pszFilter,
-                                          ATTR_ACL_STRING,
-                                          pszNewSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!pState->bDryrun)
+    {
+        dwError = VdcLdapReplaceAttrOnEntries(
+                    pLd,
+                    pszObjectDN,
+                    LDAP_SCOPE_BASE,
+                    pszFilter,
+                    ATTR_ACL_STRING,
+                    pszNewSecurityDescriptor);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszNewSecurityDescriptor);
+    VMDIR_SAFE_FREE_STRINGA(pszFilter);
+    VMDIR_SAFE_FREE_STRINGA(pszUserSid);
+    VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pAceFlagList);
     return dwError;
 
 error:
@@ -706,42 +970,58 @@ VdcRemovePermissionFromUser(
     LDAP *pLd,
     PLW_HASHMAP pUserToSidMapping,
     PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    COMMAND_LINE_PARAMETER_STATE*   pState
     )
 {
     DWORD dwError = 0;
     PSTR pszFilter = NULL;
     PSTR pszObjectSD = NULL;
     PSTR pszUserSid = NULL;
-    PSTR pszPermission = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
+    PVMDIR_STRING_LIST pPermissionList = NULL;
+    PVMDIR_STRING_LIST pAceFlagList = NULL;
 
     dwError = _VdcGetObjectSecurityDescriptor(pLd, pszObjectDN, &pszObjectSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    printf("Previous SD for %s ==> %s\n", pszObjectDN, pszObjectSD);
-
-    dwError = _VdcParsePermissionStatement(pszPermissionStatement, pUserToSidMapping, &pszUserSid, &pszPermission);
+    dwError = _VdcParsePermissionStatement(
+                pState->pszRemoveParameter,
+                pUserToSidMapping,
+                &pszUserSid,
+                &pPermissionList,
+                &pAceFlagList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VdcUpdateAclInSD(pszObjectSD, pszUserSid, pszPermission, FALSE, &pszNewSecurityDescriptor);
+    dwError = _VdcUpdateAclInSD(
+                pszObjectSD,
+                pszUserSid,
+                pPermissionList,
+                pAceFlagList,
+                FALSE,
+                pState->bVerbose,
+                &pszNewSecurityDescriptor);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    printf("Updated SD ==> %s\n", pszNewSecurityDescriptor);
-
-    dwError = VmDirAllocateStringAVsnprintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
+    dwError = VmDirAllocateStringPrintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VdcLdapReplaceAttrOnEntries(pLd,
-                                          pszObjectDN,
-                                          LDAP_SCOPE_SUB,
-                                          pszFilter,
-                                          ATTR_ACL_STRING,
-                                          pszNewSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!pState->bDryrun)
+    {
+        dwError = VdcLdapReplaceAttrOnEntries(
+                    pLd,
+                    pszObjectDN,
+                    LDAP_SCOPE_BASE,
+                    pszFilter,
+                    ATTR_ACL_STRING,
+                    pszNewSecurityDescriptor);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszNewSecurityDescriptor);
+    VMDIR_SAFE_FREE_STRINGA(pszUserSid);
+    VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pAceFlagList);
     return dwError;
 
 error:
@@ -752,14 +1032,14 @@ DWORD
 VdcPrintAce(
     PLW_HASHMAP pUserToSidMapping,
     PLW_HASHMAP pPermissionDescriptions,
-    PSTR pszAce
+    PCSTR pszAce
     )
 {
     DWORD dwError = 0;
     DWORD i = 0;
     PSTR pszSid = NULL;
     PSTR pszUserUPN = NULL;
-    PSTRING_LIST pPermissionList = NULL;
+    PVMDIR_STRING_LIST pPermissionList = NULL;
 
     dwError = _VdcParseAce(pszAce, &pszSid, &pPermissionList);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -770,7 +1050,7 @@ VdcPrintAce(
         pszUserUPN = pszSid;
     }
 
-    printf("\tACE for user/group %s:\n", pszUserUPN);
+    printf("\tACE for security principal %s:\n", pszUserUPN);
     for (i = 0; i < pPermissionList->dwCount; ++i)
     {
         PSTR pszDescription = NULL;
@@ -783,7 +1063,7 @@ VdcPrintAce(
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszSid);
-    VdcStringListFree(pPermissionList);
+    VmDirStringListFree(pPermissionList);
     return dwError;
 
 error:
@@ -801,8 +1081,8 @@ VdcLoadUsersAndGroups(
     DWORD dwError = 0;
     PLW_HASHMAP pUserToSidMapping = NULL;
     PLW_HASHMAP pSidToUserMapping = NULL;
-    PSTR pszUserFilter = "objectclass=user";
-    PSTR pszGroupFilter = "objectclass=group";
+    PCSTR pszUserFilter = "objectclass=user";
+    PCSTR pszGroupFilter = "objectclass=group";
 
     dwError = LwRtlCreateHashMap(
                 &pUserToSidMapping,
@@ -820,10 +1100,20 @@ VdcLoadUsersAndGroups(
                 );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VdcLdapGetObjectList(pLd, pszBaseDN, LDAP_SCOPE_SUBTREE, pszUserFilter, pUserToSidMapping, pSidToUserMapping);
+    dwError = VdcLdapGetObjectSidMappings(
+                pLd,
+                pszBaseDN,
+                pszUserFilter,
+                pUserToSidMapping,
+                pSidToUserMapping);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VdcLdapGetObjectList(pLd, pszBaseDN, LDAP_SCOPE_SUBTREE, pszGroupFilter, pUserToSidMapping, pSidToUserMapping);
+    dwError = VdcLdapGetObjectSidMappings(
+                pLd,
+                pszBaseDN,
+                pszGroupFilter,
+                pUserToSidMapping,
+                pSidToUserMapping);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppUserToSidMapping = pUserToSidMapping;
@@ -852,7 +1142,7 @@ VdcPrintSecurityDescriptorForObject(
     PSTR pszOwnerSid = NULL;
     PSTR pszGroup = NULL;
     PSTR pszGroupSid = NULL;
-    PSTRING_LIST pAceList = NULL;
+    PVMDIR_STRING_LIST pAceList = NULL;
     PLW_HASHMAP pPermissionDescriptions = NULL;
 
     dwError = _VdcGetObjectSecurityDescriptor(pLd, pszObjectDN, &pszSecurityDescriptor);
@@ -874,12 +1164,14 @@ VdcPrintSecurityDescriptorForObject(
         if (dwError != 0)
         {
             pszOwner = pszOwnerSid;
+            dwError = 0;
         }
 
         dwError = LwRtlHashMapFindKey(pSidToUserMapping, (PVOID*)&pszGroup, pszGroupSid);
         if (dwError != 0)
         {
             pszGroup = pszGroupSid;
+            dwError = 0;
         }
 
         printf("SD for %s\n", pszObjectDN);
@@ -899,7 +1191,7 @@ VdcPrintSecurityDescriptorForObject(
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszOwnerSid);
     VMDIR_SAFE_FREE_STRINGA(pszGroupSid);
-    VdcStringListFree(pAceList);
+    VmDirStringListFree(pAceList);
     VMDIR_SAFE_FREE_MEMORY(pszSecurityDescriptor);
 
     VdcFreeHashMap(&pPermissionDescriptions);
@@ -909,3 +1201,84 @@ VdcPrintSecurityDescriptorForObject(
 error:
     goto cleanup;
 }
+
+static
+DWORD
+_VdcAppendNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum)
+{
+    DWORD dwError;
+    DWORD dwIdx = 0;
+    SIZE_T dwNewSize = 0;
+
+    dwNewSize = VmDirStringLenA(pAceTokenList->pStringList[dwNum]) + (pNewValueList->dwCount*2) + 1;
+
+    dwError = VmDirReallocateMemory(
+                (PVOID)pAceTokenList->pStringList[dwNum],
+                (PVOID*)&(pAceTokenList->pStringList[dwNum]),
+                dwNewSize);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    //
+    // Add new values to proper ACE token
+    //
+    // TODO, it is ok to have duplicate permission. But we could have check and add only if it does not exists.
+    //
+    for (dwIdx = 0; dwIdx < pNewValueList->dwCount; dwIdx++)
+    {
+        dwError = VmDirStringCatA(
+                    (PSTR)pAceTokenList->pStringList[dwNum],
+                    dwNewSize,
+                    pNewValueList->pStringList[dwIdx]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+static
+VOID
+_VdcSkipNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum)
+{
+    DWORD dwIdx = 0;
+    PSTR  pszHead = NULL;
+    PSTR  pszCurrent = NULL;
+
+    pszHead = pszCurrent = (PSTR)pAceTokenList->pStringList[dwNum];
+
+    while (*pszCurrent != '\0')
+    {
+        for (dwIdx = 0; dwIdx < pNewValueList->dwCount; dwIdx++)
+        {
+            if (strncmp(pszCurrent, pNewValueList->pStringList[dwIdx], SDDL_PERMISSION_LENGTH) == 0)
+            {
+                break;
+            }
+        }
+
+        if (dwIdx == pNewValueList->dwCount)
+        {
+            if (pszHead != pszCurrent)
+            {
+                *(pszHead)   = *(pszCurrent);
+                *(pszHead+1) = *(pszCurrent+1);
+            }
+
+            pszHead += 2;
+        }
+
+        pszCurrent += 2;
+    }
+
+    *pszHead = '\0';
+
+    return;
+}
diff --git a/lwraft/tools/vdcaclmgr/defines.h b/lwraft/tools/vdcaclmgr/defines.h
index e55c51ff7..84e2e1807 100644
--- a/lwraft/tools/vdcaclmgr/defines.h
+++ b/lwraft/tools/vdcaclmgr/defines.h
@@ -14,3 +14,9 @@
 
 #define DEFAULT_ACE_LIST_SIZE 5
 #define DEFAULT_PERMISSION_LIST_SIZE 10
+
+//
+// Permissions (e.g., "CC" for the "Create Child" permission) are always two
+// letters long in SDDL.
+//
+#define SDDL_PERMISSION_LENGTH 2
diff --git a/lwraft/tools/vdcaclmgr/includes.h b/lwraft/tools/vdcaclmgr/includes.h
index c08bbd864..861e6242c 100644
--- a/lwraft/tools/vdcaclmgr/includes.h
+++ b/lwraft/tools/vdcaclmgr/includes.h
@@ -15,7 +15,6 @@
 
 #include <config.h>
 #include <getopt.h>
-#include <assert.h>
 
 #include <vmdirsys.h>
 
@@ -27,16 +26,13 @@
 #include <vmdirclient.h>
 #define LW_STRICT_NAMESPACE
 #include <lw/hash.h>
-#include "defines.h"
-#include "structs.h"
-#include "prototypes.h"
 
 #else
 #pragma once
 
 #include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
 
+#include <assert.h>
 #include <windows.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -53,6 +49,10 @@
 
 #define LW_STRICT_NAMESPACE
 #include <lw/hash.h>
+#include <lw/ntstatus.h>
 #include "banned.h"
-
 #endif
+
+#include "defines.h"
+#include "structs.h"
+#include "prototypes.h"
diff --git a/lwraft/tools/vdcaclmgr/ldap.c b/lwraft/tools/vdcaclmgr/ldap.c
index 04e2a8aa2..13ca338c3 100644
--- a/lwraft/tools/vdcaclmgr/ldap.c
+++ b/lwraft/tools/vdcaclmgr/ldap.c
@@ -107,25 +107,92 @@ _VdcGetAttributeFromEntry(
 }
 
 DWORD
-VdcLdapGetObjectList(
+VdcLdapEnumerateObjects(
     LDAP *pLd,
-    PCSTR pBase,
+    PCSTR pszBase,
     int ldapScope,
+    PVMDIR_STRING_LIST *ppObjectDNs
+    )
+{
+    DWORD dwError = 0;
+    PCSTR ppszAttrs[] = {NULL};
+    LDAPMessage *pResult = NULL;
+    LDAPMessage* pEntry = NULL;
+    PSTR pszObjectDN = NULL;
+    DWORD iEntryCount = 0;
+    PVMDIR_STRING_LIST pObjectDNs = NULL;
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszBase,
+                ldapScope,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    iEntryCount = ldap_count_entries(pLd, pResult);
+    if (iEntryCount > 0)
+    {
+        dwError = VmDirStringListInitialize(&pObjectDNs, iEntryCount);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pEntry = ldap_first_entry(pLd, pResult);
+        for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
+        {
+            assert(pObjectDNs->dwCount < iEntryCount);
+
+            dwError = VmDirAllocateStringA(ldap_get_dn(pLd, pEntry), &pszObjectDN);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirStringListAdd(pObjectDNs, pszObjectDN);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            pszObjectDN = NULL;
+        }
+    }
+
+    *ppObjectDNs = pObjectDNs;
+    pObjectDNs = NULL;
+
+cleanup:
+    VmDirStringListFree(pObjectDNs);
+    VMDIR_SAFE_FREE_STRINGA(pszObjectDN);
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VdcLdapGetObjectSidMappings(
+    LDAP *pLd,
+    PCSTR pszBase,
     PCSTR pszFilter,
-    PLW_HASHMAP pUserToSidHashMap,
-    PLW_HASHMAP pSidToUserHashMap
+    PLW_HASHMAP pObjectToSidMapping,
+    PLW_HASHMAP pSidToObjectMapping
     )
 {
     DWORD dwError = 0;
     PCSTR ppszAttrs[3] = {ATTR_CN, ATTR_OBJECT_SID, NULL};
     LDAPMessage *pResult = NULL;
-    PSTR pszUserCN = NULL;
-    PSTR pszUserSid = NULL;
+    PSTR pszObjectCN = NULL;
+    PSTR pszObjectSid = NULL;
 
     dwError = ldap_search_ext_s(
                 pLd,
-                pBase,
-                ldapScope,
+                pszBase,
+                LDAP_SCOPE_SUBTREE,
                 pszFilter ? pszFilter : "",
                 (PSTR*)ppszAttrs,
                 0,
@@ -134,6 +201,7 @@ VdcLdapGetObjectList(
                 NULL,
                 -1,
                 &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     if (ldap_count_entries(pLd, pResult) > 0)
     {
@@ -141,17 +209,20 @@ VdcLdapGetObjectList(
 
         for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
         {
-            dwError = _VdcGetAttributeFromEntry(pLd, pEntry, ATTR_CN, &pszUserCN);
+            dwError = _VdcGetAttributeFromEntry(pLd, pEntry, ATTR_CN, &pszObjectCN);
             BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = _VdcGetAttributeFromEntry(pLd, pEntry, ATTR_OBJECT_SID, &pszUserSid);
+            dwError = _VdcGetAttributeFromEntry(pLd, pEntry, ATTR_OBJECT_SID, &pszObjectSid);
             BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = _VdcAddCopiesToHashTable(pUserToSidHashMap, pszUserCN, pszUserSid);
+            dwError = _VdcAddCopiesToHashTable(pObjectToSidMapping, pszObjectCN, pszObjectSid);
             BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = _VdcAddCopiesToHashTable(pSidToUserHashMap, pszUserSid, pszUserCN);
+            dwError = _VdcAddCopiesToHashTable(pSidToObjectMapping, pszObjectSid, pszObjectCN);
             BAIL_ON_VMDIR_ERROR(dwError);
+
+            VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+            VMDIR_SAFE_FREE_STRINGA(pszObjectCN);
         }
     }
 
@@ -161,8 +232,8 @@ VdcLdapGetObjectList(
         ldap_msgfree(pResult);
     }
 
-    VMDIR_SAFE_FREE_STRINGA(pszUserSid);
-    VMDIR_SAFE_FREE_STRINGA(pszUserCN);
+    VMDIR_SAFE_FREE_STRINGA(pszObjectSid);
+    VMDIR_SAFE_FREE_STRINGA(pszObjectCN);
 
     return dwError;
 
@@ -173,9 +244,7 @@ VdcLdapGetObjectList(
 DWORD
 VdcLdapGetAttributeValue(
     LDAP *pLd,
-    PCSTR pBase,
-    int ldapScope,
-    PCSTR pszFilter,
+    PCSTR pszObjectDN,
     PCSTR pszAttribute,
     PSTR *ppszAttributeValue
     )
@@ -189,9 +258,9 @@ VdcLdapGetAttributeValue(
     ppszAttrs[0] = pszAttribute;
     dwError = ldap_search_ext_s(
                 pLd,
-                pBase,
-                ldapScope,
-                pszFilter ? pszFilter : "",
+                pszObjectDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
                 (PSTR*)ppszAttrs,
                 0,
                 NULL,
@@ -343,7 +412,7 @@ VdcIfDNExist(
 DWORD
 VdcLdapReplaceAttrOnEntries(
     LDAP *pLd,
-    PCSTR pBase,
+    PCSTR pszBase,
     int ldapScope,
     PCSTR pszFilter,
     PCSTR pAttrName,
@@ -370,7 +439,7 @@ VdcLdapReplaceAttrOnEntries(
 
     dwError = ldap_search_ext_s(
                 pLd,
-                pBase,
+                pszBase,
                 ldapScope,
                 pszFilter ? pszFilter : "",
                 (PSTR*)ppszAttrs,
@@ -398,8 +467,6 @@ VdcLdapReplaceAttrOnEntries(
             VMDIR_SAFE_FREE_STRINGA(oldAttrVal);
             dwError = VdcLdapGetAttributeValue( pLd,
                                         pszDn,
-                                        LDAP_SCOPE_BASE,
-                                        "objectClass=*",
                                         pAttrName,
                                         &oldAttrVal);
             if (dwError == LDAP_SUCCESS && VmDirStringCompareA(oldAttrVal, pAttrVal, FALSE)==0)
diff --git a/lwraft/tools/vdcaclmgr/main.c b/lwraft/tools/vdcaclmgr/main.c
index 47e5e8691..50bda3a6f 100644
--- a/lwraft/tools/vdcaclmgr/main.c
+++ b/lwraft/tools/vdcaclmgr/main.c
@@ -11,16 +11,26 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
+
 #include "includes.h"
 
+static
 VOID
-VdcHashMapFreeStringPair(
-    PLW_HASHMAP_PAIR pPair,
-    LW_PVOID pUserData
+_FreeCLStateContent(
+    PCOMMAND_LINE_PARAMETER_STATE pState
     )
 {
-    VMDIR_SAFE_FREE_MEMORY(pPair->pKey);
-    VMDIR_SAFE_FREE_MEMORY(pPair->pValue);
+    if (pState)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pState->pszServerName);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszUserName);
+        VMDIR_SECURE_FREE_STRINGA(pState->pszPassword);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszObjectName);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszBaseDN);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszGrantParameter);
+        VMDIR_SAFE_FREE_MEMORY(pState->pszRemoveParameter);
+        VMDIR_SECURE_FREE_STRINGA(pState->pszPasswordFile);
+    }
 }
 
 VOID
@@ -30,7 +40,7 @@ VdcFreeHashMap(
 {
     if (*ppHashMap != NULL)
     {
-        LwRtlHashMapClear(*ppHashMap, VdcHashMapFreeStringPair, NULL);
+        LwRtlHashMapClear(*ppHashMap, VmDirSimpleHashMapPairFree, NULL);
         LwRtlFreeHashMap(ppHashMap);
     }
 }
@@ -66,169 +76,25 @@ _VdcAddCopiesToHashTable(
 
 VOID
 ShowUsage(
-    PVOID pvState
-    )
-{
-    printf("Usage: vdcaclmgr -H <host> -u <user UPN> [-w <password> | -x <password file>] -o <object DN> [-g <username:permission>] [-r <username:permission>] [-v]\n");
-}
-
-DWORD
-HandleServerParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszServerName != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszServerName = pValue;
-
-    return 0;
-}
-
-DWORD
-HandleUserNameParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszUserName != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszUserName = pValue;
-
-    return 0;
-}
-
-DWORD
-HandlePasswordFileParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszPassword != NULL || pContext->pszPasswordFile != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszPasswordFile = pValue;
-
-    return 0;
-}
-
-DWORD
-HandlePasswordParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszPassword != NULL || pContext->pszPasswordFile != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszPassword = pValue;
-
-    return 0;
-}
-
-DWORD
-HandleBaseDNParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszBaseDN != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszBaseDN = pValue;
-
-    return 0;
-}
-
-DWORD
-HandleObjectParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszObjectName != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszObjectName = pValue;
-
-    return 0;
-}
-
-DWORD
-HandleGrantParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszGrantParameter != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszGrantParameter = pValue;
-
-    return 0;
-}
-
-DWORD
-HandleRemoveParameterCallback(
-    PVOID pContextPointer,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
-
-    if (pContext->pszRemoveParameter != NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    pContext->pszRemoveParameter = pValue;
-
-    return 0;
-}
-
-DWORD
-HandleVerboseParameterCallback(
-    PVOID pContextPointer
+    PVOID pvContext
     )
 {
-    PCOMMAND_LINE_PARAMETER_STATE pContext = (PCOMMAND_LINE_PARAMETER_STATE)pContextPointer;
 
-    //
-    // We don't check if the user specified '-v' multiple times.
-    //
-    pContext->bVerbose = TRUE;
-
-    return 0;
+    printf(
+        "Usage: postaclmgr { arguments }\n\n"
+        "Arguments:\n\n"
+        "\t-H\t<host name>\n\n"
+        "\t-u\t<user UPN> For example administrator@post.local>\n\n"
+        "\t-o\t<DN of the target object to grant/delete permission to -g/-d username> For example cn=myContainer,dc=post,dc=local\n"
+        "\t[-r]\t<recursively grant/delete permission to -o DN subtree>\n\n"
+        "\t-b\t<base DN to find users and groups to match -g/-d username>\n\n"
+        "\t[-g\t<grant username:FLAGS>]  For example -g MyAdmins:RP:CI\n"
+        "\t[-d\t<delete username:FALGS>] For example -d MyAdmins:WP:OI\n\n"
+        "\t[-v]\t<verbose output>\n\n"
+        "\t[-D]\t<dry run>\n\n"
+        "\t[-w <password> | -x <password file>]\n\n"
+        "Where FLAGS := (PERMISSIONS such as RPWP)*:(ACE_FLAGS such as CIOI)*\n\n"
+        "\t\n");
 }
 
 DWORD
@@ -257,26 +123,16 @@ PostValidationRoutine(
         return VMDIR_ERROR_INVALID_PARAMETER;
     }
 
-    return 0;
-}
-
-VMDIR_COMMAND_LINE_OPTIONS CommandLineOptions =
-{
-    ShowUsage,
-    PostValidationRoutine,
+    //
+    // Only one password is expected
+    //
+    if (pContext->pszPassword && pContext->pszPasswordFile)
     {
-        {'H', "host", CL_STRING_PARAMETER, HandleServerParameterCallback},
-        {'u', "username", CL_STRING_PARAMETER, HandleUserNameParameterCallback},
-        {'w', "password", CL_STRING_PARAMETER, HandlePasswordParameterCallback},
-        {'b', "basedn", CL_STRING_PARAMETER, HandleBaseDNParameterCallback},
-        {'o', "object", CL_STRING_PARAMETER, HandleObjectParameterCallback},
-        {'g', "grant", CL_STRING_PARAMETER, HandleGrantParameterCallback},
-        {'r', "remove", CL_STRING_PARAMETER, HandleRemoveParameterCallback},
-        {'x', "password-file", CL_STRING_PARAMETER, HandlePasswordFileParameterCallback},
-        {'v', "verbose", CL_NO_PARAMETER, HandleVerboseParameterCallback},
-        {0, 0, 0, 0}
+        return VMDIR_ERROR_INVALID_PARAMETER;
     }
-};
+
+    return 0;
+}
 
 DWORD
 VdcGetUsersPassword(
@@ -299,7 +155,8 @@ VdcGetUsersPassword(
         //
         dwError = VmDirStringCpyA(pszPasswordBuf, dwBufferSize - 1, pParameters->pszPassword);
         BAIL_ON_VMDIR_ERROR(dwError);
-    } else
+    }
+    else
     {
         //
         // VmDirReadString expects the buffer size to include the terminating null.
@@ -324,10 +181,37 @@ VmDirMain(int argc, char* argv[])
     PLW_HASHMAP pUserToSidMapping = NULL; // Used to store "user/group SID" => "display name" mapping.
     PLW_HASHMAP pSidToUserMapping = NULL; // Used to store "display name" => "user/group SID" mapping.
     CHAR pszPasswordBuf[VMDIR_MAX_PWD_LEN + 1] = { 0 };
+    PVMDIR_STRING_LIST pObjectDNs = NULL;
+    DWORD dwStringIndex = 0;
+    PSTR pszErrorMessage = NULL;
+
+    VMDIR_COMMAND_LINE_OPTION Options[] =
+    {
+            {'H', "host", CL_STRING_PARAMETER, &State.pszServerName},
+            {'u', "username", CL_STRING_PARAMETER, &State.pszUserName},
+            {'w', "password", CL_STRING_PARAMETER, &State.pszPassword},
+            {'b', "basedn", CL_STRING_PARAMETER, &State.pszBaseDN},
+            {'o', "object", CL_STRING_PARAMETER, &State.pszObjectName},
+            {'g', "grant", CL_STRING_PARAMETER, &State.pszGrantParameter},
+            {'d', "delete", CL_STRING_PARAMETER, &State.pszRemoveParameter},
+            {'x', "password-file", CL_STRING_PARAMETER, &State.pszPasswordFile},
+            {'v', "verbose", CL_NO_PARAMETER, &State.bVerbose},
+            {'r', "recursive", CL_NO_PARAMETER, &State.bRecursive},
+            {'D', "dryrun", CL_NO_PARAMETER, &State.bDryrun},
+
+            {0, 0, 0, 0}
+    };
+
+    VMDIR_PARSE_ARG_CALLBACKS Callbacks =
+    {
+            PostValidationRoutine,
+            ShowUsage,
+            &State
+    };
 
     dwError = VmDirParseArguments(
-                &CommandLineOptions,
-                &State,
+                Options,
+                &Callbacks,
                 argc,
                 argv);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -349,25 +233,53 @@ VmDirMain(int argc, char* argv[])
     // We're either granting a user/group privileges on an object or just showing the
     // existing privileges on it.
     //
-    if (State.pszGrantParameter)
-    {
-        dwError = VdcGrantPermissionToUser(pLd, pUserToSidMapping, State.pszObjectName, State.pszGrantParameter);
-    }
-    else if (State.pszRemoveParameter)
-    {
-        dwError = VdcRemovePermissionFromUser(pLd, pUserToSidMapping, State.pszObjectName, State.pszRemoveParameter);
-    }
-    else
+    dwError = VdcLdapEnumerateObjects(
+                pLd,
+                State.pszObjectName,
+                State.bRecursive ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE,
+                &pObjectDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwStringIndex = 0; dwStringIndex < pObjectDNs->dwCount; ++dwStringIndex)
     {
-        dwError = VdcPrintSecurityDescriptorForObject(pLd, pSidToUserMapping, State.pszObjectName, State.bVerbose);
+        if (State.pszGrantParameter)
+        {
+            dwError = VdcGrantPermissionToUser(
+                        pLd,
+                        pUserToSidMapping,
+                        pObjectDNs->pStringList[dwStringIndex],
+                        &State);
+
+        }
+        else if (State.pszRemoveParameter)
+        {
+            dwError = VdcRemovePermissionFromUser(
+                        pLd,
+                        pUserToSidMapping,
+                        pObjectDNs->pStringList[dwStringIndex],
+                        &State);
+        }
+        else
+        {
+            dwError = VdcPrintSecurityDescriptorForObject(
+                        pLd,
+                        pSidToUserMapping,
+                        pObjectDNs->pStringList[dwStringIndex],
+                        State.bVerbose);
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
 cleanup:
     VdcFreeHashMap(&pUserToSidMapping);
     VdcFreeHashMap(&pSidToUserMapping);
+    _FreeCLStateContent(&State);
+    VMDIR_SAFE_FREE_STRINGA(pszErrorMessage);
     return dwError;
 
 error:
+    VmDirGetErrorMessage(dwError, &pszErrorMessage);
+    printf("vdcaclmgr failed. Error[%d] - %s\n", dwError, VDIR_SAFE_STRING(pszErrorMessage));
     goto cleanup;
 }
 
diff --git a/lwraft/tools/vdcaclmgr/prototypes.h b/lwraft/tools/vdcaclmgr/prototypes.h
index d494dd914..541fa6cad 100644
--- a/lwraft/tools/vdcaclmgr/prototypes.h
+++ b/lwraft/tools/vdcaclmgr/prototypes.h
@@ -44,21 +44,26 @@ VdcLdapReplaceAttributeValues(
     );
 
 DWORD
-VdcLdapGetObjectList(
+VdcLdapGetObjectSidMappings(
     LDAP *pLd,
-    PCSTR pBase,
-    int ldapScope,
+    PCSTR pszBase,
     PCSTR pszFilter,
-    PLW_HASHMAP pUserToSidMapping,
-    PLW_HASHMAP pSidToUserMapping
+    PLW_HASHMAP pObjectToSidMapping,
+    PLW_HASHMAP pSidToObjectMapping
     );
 
 DWORD
-VdcLdapGetAttributeValue(
+VdcLdapEnumerateObjects(
     LDAP *pLd,
-    PCSTR pBase,
+    PCSTR pszBase,
     int ldapScope,
-    PCSTR pszFilter,
+    PVMDIR_STRING_LIST *ppObjectDNs
+    );
+
+DWORD
+VdcLdapGetAttributeValue(
+    LDAP *pLd,
+    PCSTR pszObjectDN,
     PCSTR pszAttribute,
     PSTR *ppszAttributeValue
     );
@@ -101,7 +106,7 @@ VdcLdapConnectSRP(
 DWORD
 VdcLdapReplaceAttrOnEntries(
     LDAP *pLd,
-    PCSTR pBase,
+    PCSTR pszBase,
     int ldapScope,
     PCSTR pszFilter,
     PCSTR pAttrName,
@@ -113,55 +118,23 @@ VdcLdapUnbind(
     LDAP *pLd
     );
 
-//
-// StringList routines
-//
-DWORD
-VdcStringListInitialize(
-    PSTRING_LIST *ppStringList,
-    DWORD dwInitialCount
-    );
-
-VOID
-VdcStringListFree(
-    PSTRING_LIST pStringList
-    );
-
-DWORD
-VdcStringListAdd(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    );
-
-DWORD
-VdcStringListRemove(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    );
-
-BOOLEAN
-VdcStringListContains(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    );
-
 //
 // ACL routines.
 //
 DWORD
 VdcGrantPermissionToUser(
-    LDAP *pLd,
+    LDAP*       pLd,
     PLW_HASHMAP pUserToSidMapping,
-    PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    PCSTR       pszObjectDN,
+    COMMAND_LINE_PARAMETER_STATE*   pState
     );
 
 DWORD
 VdcRemovePermissionFromUser(
-    LDAP *pLd,
+    LDAP*       pLd,
     PLW_HASHMAP pUserToSidMapping,
-    PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    PCSTR       pszObjectDN,
+    COMMAND_LINE_PARAMETER_STATE*   pState
     );
 
 DWORD
diff --git a/lwraft/tools/vdcaclmgr/stringlist.c b/lwraft/tools/vdcaclmgr/stringlist.c
deleted file mode 100644
index 9d8be7960..000000000
--- a/lwraft/tools/vdcaclmgr/stringlist.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-#include "includes.h"
-
-VOID
-VdcStringListFree(
-    PSTRING_LIST pStringList
-    )
-{
-    DWORD i = 0;
-
-    if (pStringList != NULL)
-    {
-        for (i = 0; i < pStringList->dwCount; ++i)
-        {
-            VmDirFreeStringA(pStringList->pStringList[i]);
-        }
-
-        pStringList->pStringList = NULL;
-        pStringList->dwCount = 0;
-    }
-}
-
-DWORD
-VdcStringListInitialize(
-    PSTRING_LIST *ppStringList,
-    DWORD dwInitialCount
-    )
-{
-    DWORD dwError = 0;
-    PSTRING_LIST pStringList = NULL;
-    size_t sAllocationSize = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(*pStringList), (PVOID *)&pStringList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    sAllocationSize = dwInitialCount * sizeof(PSTR);
-    if (sAllocationSize < dwInitialCount)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(sAllocationSize, (PVOID *)&pStringList->pStringList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pStringList->dwCount = 0;
-    pStringList->dwSize = dwInitialCount;
-
-    *ppStringList = pStringList;
-
-cleanup:
-    return dwError;
-
-error:
-    VdcStringListFree(pStringList);
-    goto cleanup;
-}
-
-DWORD
-VdcStringListAdd(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    )
-{
-    DWORD dwError = 0;
-
-    if (pStringList->dwCount == pStringList->dwSize)
-    {
-        size_t iOldSize = pStringList->dwCount;
-        size_t iNewSize = pStringList->dwSize * 2;
-
-        //
-        // Check for overflow.
-        //
-        if (iNewSize < pStringList->dwSize)
-        {
-            dwError = VMDIR_ERROR_SIZELIMIT_EXCEEDED;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        dwError = VmDirReallocateMemoryWithInit(
-                    pStringList->pStringList,
-                    (PVOID*)&pStringList->pStringList,
-                    (iNewSize + 1) * sizeof(PSTR),
-                    iOldSize * sizeof(PSTR));
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pStringList->dwSize = iNewSize;
-    }
-
-    pStringList->pStringList[pStringList->dwCount++] = (PSTR)pszString;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-DWORD
-VdcStringListRemove(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    )
-{
-    DWORD i = 0;
-
-    for (i = 0; i < pStringList->dwCount; ++i)
-    {
-        if (strcmp(pStringList->pStringList[i], pszString) == 0)
-        {
-            memmove(&pStringList->pStringList[i],
-                    &pStringList->pStringList[i + 1],
-                    pStringList->dwCount - i - 1);
-            pStringList->dwCount -= 1;
-        }
-    }
-
-    //
-    // Specified string not found.
-    //
-    return VMDIR_ERROR_INVALID_PARAMETER;
-}
-
-BOOLEAN
-VdcStringListContains(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    )
-{
-    DWORD i = 0;
-
-    for (i = 0; i < pStringList->dwCount; ++i)
-    {
-        if (strcmp(pStringList->pStringList[i], pszString) == 0)
-        {
-            return TRUE;
-        }
-    }
-
-    return FALSE;
-}
diff --git a/lwraft/tools/vdcaclmgr/structs.h b/lwraft/tools/vdcaclmgr/structs.h
index f9bce7148..0ba2d7502 100644
--- a/lwraft/tools/vdcaclmgr/structs.h
+++ b/lwraft/tools/vdcaclmgr/structs.h
@@ -14,20 +14,16 @@
 
 typedef struct
 {
-    PSTR *pStringList;
-    DWORD dwCount; // Current count.
-    DWORD dwSize; // Max number of strings we can store currently.
-} STRING_LIST, *PSTRING_LIST;
-
-typedef struct
-{
-    PCSTR pszServerName;        // the server name
-    PCSTR pszUserName;          // administrator user - default to "Administrator"
-    PCSTR pszPassword;          // administrator password
-    PCSTR pszObjectName;        // Name (DN) of the object to operate on.
-    PCSTR pszBaseDN;            // The base DN that we'll query against for users/groups.
-    PCSTR pszGrantParameter;    // What user/group we're granting privileges to (if any).
-    PCSTR pszRemoveParameter;   // What user/group we're removing a privilege from.
+    PSTR pszServerName;         // the server name
+    PSTR pszUserName;           // administrator user - default to "Administrator"
+    PSTR pszPassword;           // administrator password
+    PSTR pszObjectName;         // Name (DN) of the object to operate on.
+    PSTR pszBaseDN;             // The base DN that we'll query against for users/groups.
+    PSTR pszGrantParameter;     // What user/group we're granting privileges to (if any).
+    PSTR pszRemoveParameter;    // What user/group we're removing a privilege from.
+    PSTR pszPasswordFile;       // password file
     BOOLEAN bVerbose;           // Break down the object's ACL information.
-    PCSTR pszPasswordFile;      // password file
+    BOOLEAN bRecursive;         // Apply the operation to the specified object
+    BOOLEAN bDryrun;            // Do not make change to SD
+                                // and all objects below it.
 } COMMAND_LINE_PARAMETER_STATE, *PCOMMAND_LINE_PARAMETER_STATE;
diff --git a/lwraft/tools/vdcadmintool/Makefile.am b/lwraft/tools/vdcadmintool/Makefile.am
index ee99b48ac..765a07fc5 100644
--- a/lwraft/tools/vdcadmintool/Makefile.am
+++ b/lwraft/tools/vdcadmintool/Makefile.am
@@ -1,35 +1,37 @@
-bin_PROGRAMS = lwraftadmintool
+bin_PROGRAMS = postadmintool
 
-lwraftadmintool_SOURCES = \
+postadmintool_SOURCES = \
     main.c \
     ldapbindclient.c \
     util.c
 
-lwraftadmintool_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+postadmintool_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/tools/include \
+    -I$(top_srcdir)/lwraft/client \
+    -I$(top_builddir)/lwraft/client \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
-lwraftadmintool_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
+postadmintool_LDADD = \
+    $(top_builddir)/lwraft/common/libcommon.la \
+    $(top_builddir)/lwraft/client/libpostclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @SASL_LIBS@ \
     @LDAP_LIBS@
 
-lwraftadmintool_LDFLAGS = \
+postadmintool_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcadmintool/ldapbindclient.c b/lwraft/tools/vdcadmintool/ldapbindclient.c
index a1b7a5cc3..50d6ae700 100644
--- a/lwraft/tools/vdcadmintool/ldapbindclient.c
+++ b/lwraft/tools/vdcadmintool/ldapbindclient.c
@@ -98,13 +98,13 @@ VdcadminTestSASLClient(
 
     printf("\n");
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszLDAPURI,
+    dwError = VmDirAllocateStringPrintf( &pszLDAPURI,
                                              "ldap://%s:%s",
                                              pszServerHost[0] != '\0' ? pszServerHost : "localhost",
                                              pszServerPort);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringAVsnprintf( &pszLDAPSURI,
+    dwError = VmDirAllocateStringPrintf( &pszLDAPSURI,
                                              "ldaps://%s:%s",
                                              pszServerHost[0] != '\0' ? pszServerHost : "localhost",
                                              pszServerSSLPort);
diff --git a/lwraft/tools/vdcadmintool/main.c b/lwraft/tools/vdcadmintool/main.c
index 6068b73ae..7b80ddbb2 100644
--- a/lwraft/tools/vdcadmintool/main.c
+++ b/lwraft/tools/vdcadmintool/main.c
@@ -31,13 +31,11 @@ int _tmain(int argc, TCHAR *targv[])
             "Please select:\n"
             "0. exit\n"
             "1. Test LDAP connectivity\n"
-            "2. Force start replication cycle\n"
             "3. Reset account password\n"
             "4. Set log level and mask\n"
             "5. Set vmdir state\n"
             "6. Get vmdir state\n"
             "7. Get vmdir log level and mask\n"
-            "8. Send Urgent Replication request and display repl partner last updated USN \n"
 //            "99. Set SRP Authentication data\n"  do not want to expose this to users.  internal test only.
             "==================\n\n",
             pszChoice,
@@ -57,10 +55,6 @@ int _tmain(int argc, TCHAR *targv[])
               VdcadminTestSASLClient();
               break;
 
-          case 2:
-              VdcadminReplNow();
-              break;
-
           case 3:
               VdcadminForceResetPassword();
               break;
@@ -81,10 +75,6 @@ int _tmain(int argc, TCHAR *targv[])
               VdcadminGetLogParameters();
               break;
 
-          case 8:
-              VdcadminUrgentReplicationRequest();
-              break;
-
           case 99:
               VdcadminSetSRPAuthData();
               break;
diff --git a/lwraft/tools/vdcadmintool/prototypes.h b/lwraft/tools/vdcadmintool/prototypes.h
index d129eb5a2..539e0b8c2 100644
--- a/lwraft/tools/vdcadmintool/prototypes.h
+++ b/lwraft/tools/vdcadmintool/prototypes.h
@@ -21,11 +21,6 @@ VdcadminTestSASLClient(
     VOID
     );
 
-VOID
-VdcadminReplNow(
-    VOID
-    );
-
 VOID
 VdcadminForceResetPassword(
     VOID
@@ -56,9 +51,4 @@ VdcadminSetSRPAuthData(
     VOID
     );
 
-VOID
-VdcadminUrgentReplicationRequest(
-    VOID
-    );
-
 #endif
diff --git a/lwraft/tools/vdcadmintool/util.c b/lwraft/tools/vdcadmintool/util.c
index 23a7e8228..24a7e5978 100644
--- a/lwraft/tools/vdcadmintool/util.c
+++ b/lwraft/tools/vdcadmintool/util.c
@@ -248,39 +248,6 @@ VdcadminGetVmdirState(
     goto cleanup;
 }
 
-VOID
-VdcadminReplNow(
-    VOID
-    )
-{
-
-    DWORD       dwError = 0;
-    char        pszServerName[SIZE_256];
-    PSTR        pszLocalErrorMsg = NULL;
-
-    VmDirReadString(
-        " Enter hostname to start replication cycle: ",
-        pszServerName,
-        SIZE_256,
-        FALSE);
-
-    dwError = VmDirReplNow( pszServerName );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                "VdcadminReplNow: VmDirReplNow() call failed with error: %d", dwError  );
-
-    printf( "VmDirReplNow passed\n");
-
-cleanup:
-
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
-    return;
-
-error:
-
-    printf( "%s\n", pszLocalErrorMsg ? pszLocalErrorMsg : "Hmmm ... no local error message."  );
-    goto cleanup;
-}
-
 VOID
 VdcadminSetSRPAuthData(
     VOID
@@ -363,39 +330,3 @@ VdcadminSetSRPAuthData(
         printf("VmDirOpenServerA: failed %x\n", dwError);
     }
 }
-
-VOID
-VdcadminUrgentReplicationRequest(
-    VOID
-    )
-{
-    DWORD   dwError = 0;
-    char    remoteHostName[VMDIR_MAX_HOSTNAME_LEN] = {0};
-    PSTR    pszRemoteHostName = NULL;
-
-    printf("\n Please enter the replication partner's hostname: ");
-    scanf("%s", remoteHostName);
-
-    if (IsNullOrEmptyString(remoteHostName))
-    {
-        dwError = -1;
-        printf("\n Entered hostname is NULL or empty ");
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateStringAVsnprintf(&pszRemoteHostName, remoteHostName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirUrgentReplicationRequest(pszRemoteHostName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("\n RPC call succeeded ");
-
-cleanup:
-    return;
-
-error:
-    printf("\n RPC call failed with status: %d ",dwError);
-    VMDIR_SAFE_FREE_MEMORY(pszRemoteHostName);
-    goto cleanup;
-}
diff --git a/lwraft/tools/vdcbackup/Makefile.am b/lwraft/tools/vdcbackup/Makefile.am
deleted file mode 100644
index 100872d96..000000000
--- a/lwraft/tools/vdcbackup/Makefile.am
+++ /dev/null
@@ -1,18 +0,0 @@
-bin_PROGRAMS = vdcbackup
-
-vdcbackup_SOURCES = \
-    main.c
-
-vdcbackup_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    @DCERPC_INCLUDES@ \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcbackup_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la
-
-vdcbackup_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcbackup/includes.h b/lwraft/tools/vdcbackup/includes.h
deleted file mode 100644
index 6726b2a9c..000000000
--- a/lwraft/tools/vdcbackup/includes.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcbackup
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcbackup main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap-int.h"
-#include "ldap.h"
-#define LDAP_UNICODE 0
-
-#include "banned.h"
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-
-#endif
diff --git a/lwraft/tools/vdcbackup/main.c b/lwraft/tools/vdcbackup/main.c
deleted file mode 100644
index cddf9ec7c..000000000
--- a/lwraft/tools/vdcbackup/main.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcbackup
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcbackup main module entry point
- *
- */
-
-#include "includes.h"
-
-DWORD
-BackupDB(PCSTR srcDir, PCSTR tgtDir)
-{
-#define VMDIR_MDB_DATA_FILE_NAME "data.mdb"
-#define VMDIR_LOCK_DATA_FILE_NAME "lock.mdb"
-
-    DWORD       dwError = 0;
-    char        dbLocalFilename[VMDIR_MAX_FILE_NAME_LEN] = {0};
-    PSTR        pszLocalErrorMsg = NULL;
-    char        cpFileCmdLine[4 /* max of "cp" and "copy" */ + 1 + VMDIR_MAX_FILE_NAME_LEN + 1 +
-                              VMDIR_MAX_FILE_NAME_LEN] = {0};
-
-#ifndef _WIN32
-    const char * cpFileCmd = "cp";
-    const char   fileSeperator = '/';
-#else
-    const char * cpFileCmd = "copy";
-    const char   fileSeperator = '\\';
-#endif
-
-    printf( "BackupDB: Setting vmdir state to VMDIRD_READ_ONLY \n" );
-    dwError = VmDirSetState( NULL, VMDIRD_STATE_READ_ONLY );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirSetState() call failed with error: %d", dwError  );
-
-    // Backup data.mdb
-
-    dwError = VmDirStringPrintFA( dbLocalFilename, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", srcDir, fileSeperator,
-                                  VMDIR_MDB_DATA_FILE_NAME );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirStringPrintFA() call failed with error: %d", dwError );
-
-    dwError = VmDirStringPrintFA( cpFileCmdLine, sizeof(cpFileCmdLine), "%s %s %s", cpFileCmd, dbLocalFilename, tgtDir  );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirStringPrintFA() call failed with error: %d", dwError );
-
-    printf( "BackupDB: Backing up: %s \n", dbLocalFilename );
-
-    dwError = VmDirRun(cpFileCmdLine);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirRun() call failed, cmd: %s", cpFileCmdLine );
-
-    // Backup lock.mdb
-
-    dwError = VmDirStringPrintFA( dbLocalFilename, VMDIR_MAX_FILE_NAME_LEN, "%s%c%s", srcDir, fileSeperator,
-                                  VMDIR_LOCK_DATA_FILE_NAME );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirStringPrintFA() call failed with error: %d", dwError );
-
-    dwError = VmDirStringPrintFA( cpFileCmdLine, sizeof(cpFileCmdLine), "%s %s %s", cpFileCmd, dbLocalFilename, tgtDir  );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirStringPrintFA() call failed with error: %d", dwError );
-
-    printf( "BackupDB: Backing up: %s \n", dbLocalFilename );
-
-    dwError = VmDirRun(cpFileCmdLine);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                                  "BackupDB: VmDirRun() call failed, cmd: %s", cpFileCmdLine );
-
-cleanup:
-    printf( "BackupDB: Setting vmdir state to VMDIRD_NORMAL \n" );
-
-    if ((dwError = VmDirSetState( NULL, VMDIRD_STATE_NORMAL )) != 0)
-    {
-        fprintf(stderr, "BackupDB: Setting vmdir state to VMDIRD_NORMAL failed, error (%d) \n", dwError);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
-
-    return dwError;
-
-error:
-    fprintf( stderr, "%s\n", pszLocalErrorMsg ? pszLocalErrorMsg : "Hmmm ... no local error message."  );
-    goto cleanup;
-}
-
-static
-int
-VmDirMain(int argc, char* argv[])
-{
-    DWORD   dwError = 0;
-
-    if (argc != 3)
-    {
-        fprintf(stderr, "usage: %s srcpath dstpath\n", argv[0]);
-        exit(1);
-    }
-
-    dwError = BackupDB(argv[1], argv[2]);
-    exit(dwError);
-}
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-    return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    return VmDirMain(argc, argv);
-}
-
-#endif
diff --git a/lwraft/tools/vdcleavefed/Makefile.am b/lwraft/tools/vdcleavefed/Makefile.am
deleted file mode 100644
index c7faf6f3b..000000000
--- a/lwraft/tools/vdcleavefed/Makefile.am
+++ /dev/null
@@ -1,29 +0,0 @@
-bin_PROGRAMS = lwraftleavefed
-
-lwraftleavefed_SOURCES = \
-    parseargs.c \
-    main.c
-
-lwraftleavefed_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-lwraftleavefed_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-lwraftleavefed_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcleavefed/defines.h b/lwraft/tools/vdcleavefed/defines.h
deleted file mode 100644
index b66b21836..000000000
--- a/lwraft/tools/vdcleavefed/defines.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _WIN32
-
-#define VMDIR_OPTION_RAFT_LEADER        'H'
-#define VMDIR_OPTION_HOST_TO_REMOVE     'h'
-#define VMDIR_OPTION_USER_LOGIN         'u'
-#define VMDIR_OPTION_PASSWORD_LOGIN     'w'
-#define VMDIR_OPTIONS_VALID "H:h:u:w:"
-#else
-#define VMDIR_OPTION_HOST_RAFT_LEADER   "-H"
-#define VMDIR_OPTION_HOST_TO_REMOVE     "-h"
-#define VMDIR_OPTION_USER_LOGIN         "-u"
-#define VMDIR_OPTION_PASSWORD_LOGIN     "-w"
-
-#endif
diff --git a/lwraft/tools/vdcleavefed/includes.h b/lwraft/tools/vdcleavefed/includes.h
deleted file mode 100644
index 204f2fdc7..000000000
--- a/lwraft/tools/vdcleavefed/includes.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcleavefed
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcleavefed main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#include <reg/lwreg.h>
-#include <reg/regutil.h>
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "lber.h"
-#include "ldap.h"
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#include "banned.h"
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#endif
diff --git a/lwraft/tools/vdcleavefed/main.c b/lwraft/tools/vdcleavefed/main.c
deleted file mode 100644
index 58d0df5da..000000000
--- a/lwraft/tools/vdcleavefed/main.c
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcleavefed
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcleavefed module entry point
- *
- */
-
-#include "includes.h"
-
-DWORD
-_VdcSetReadOnlyState(
-    VOID
-    );
-
-static
-int
-VmDirMain(
-    int argc,
-    char* argv[]
-    )
-{
-    DWORD   dwError = 0;
-    CHAR    pszPath[MAX_PATH];
-    PSTR   pszRaftLeader = NULL;
-    PSTR   pszServerToLeave = NULL;
-    PSTR   pszUserName = NULL;
-    PSTR   pszPassword = NULL;
-    CHAR   pszPasswordBuf[VMDIR_MAX_PWD_LEN + 1] = {0};
-    PSTR   pszErrorMessage = NULL;
-
-#ifndef _WIN32
-    setlocale(LC_ALL, "");
-#endif
-
-    dwError = VmDirGetVmDirLogPath(pszPath, "vdcleavefed.log");
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLogInitialize( pszPath, FALSE, NULL, VMDIR_LOG_INFO, VMDIR_LOG_MASK_ALL );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VmDirLogSetLevel( VMDIR_LOG_VERBOSE );
-
-    dwError = VmDirParseArgs( argc, argv, &pszRaftLeader, &pszServerToLeave, &pszUserName, &pszPassword);
-    if (dwError != 0)
-    {
-        ShowUsage();
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pszUserName == NULL || pszServerToLeave == NULL || pszRaftLeader == NULL)
-    {
-        ShowUsage();
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pszPassword == NULL)
-    {
-        // read password from stdin
-        VmDirReadString(
-            "password: ",
-            pszPasswordBuf,
-            sizeof(pszPasswordBuf),
-            TRUE);
-        pszPassword = pszPasswordBuf;
-    }
-
-    dwError = VmDirLeaveFederation(pszRaftLeader, pszServerToLeave, pszUserName, pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf(" Leave federation cleanup done\n");
-
-cleanup:
-
-    memset(pszPasswordBuf, 0, sizeof(pszPasswordBuf));
-    VMDIR_SAFE_FREE_MEMORY(pszErrorMessage);
-
-    VmDirLogTerminate();
-    return dwError;
-
-error:
-    VmDirGetErrorMessage(dwError, &pszErrorMessage);
-    printf("Leave federation cleanup failed. Error[%d] - %s\n",
-        dwError, ( pszErrorMessage ) ? pszErrorMessage : "");
-
-    goto cleanup;
-}
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-    return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    return VmDirMain(argc, argv);
-}
-
-#endif
-
-DWORD
-_VdcSetReadOnlyState(
-    VOID
-    )
-{
-    DWORD       dwError = 0;
-
-    dwError = VmDirSetState( NULL, VMDIRD_STATE_READ_ONLY );
-    BAIL_ON_VMDIR_ERROR( dwError );
-
-    printf(" set local vmdir state to READ_ONLY\n");
-
-cleanup:
-    return dwError;
-
-error:
-    printf(" set VMDIR_STATE_READ_ONLY failed, (%u)\n", dwError);
-    goto cleanup;
-}
diff --git a/lwraft/tools/vdcleavefed/parseargs.c b/lwraft/tools/vdcleavefed/parseargs.c
deleted file mode 100644
index 847b3b7d5..000000000
--- a/lwraft/tools/vdcleavefed/parseargs.c
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcleavefed
- *
- * Filename: parseargs.c
- *
- * Abstract:
- *
- * vdcleavefed argument parsing functions
- *
- */
-
-#include "includes.h"
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszRaftLeader,
-    PSTR*   ppszServerToLeave,
-    PSTR*   ppszUserName,
-    PSTR*   ppszPassword
-    )
-{
-    DWORD   dwError = ERROR_SUCCESS;
-
-    PSTR    pszRaftLeader = NULL;
-    PSTR    pszServerToLeave = NULL;
-    PSTR    pszUserName = NULL;
-    PSTR    pszPassword = NULL;
-#ifndef _WIN32
-	int     opt = 0;
-#else
-	int i=1;
-	PSTR optarg = NULL;
-#endif
-
-    if (ppszRaftLeader == NULL || ppszServerToLeave == NULL || ppszUserName == NULL || ppszPassword == NULL )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-#ifndef _WIN32
-    while ( (opt = getopt( argc, argv, VMDIR_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VMDIR_OPTION_RAFT_LEADER:
-                pszRaftLeader = optarg;
-                break;
-
-            case VMDIR_OPTION_HOST_TO_REMOVE:
-                pszServerToLeave = optarg;
-                break;
-
-            case VMDIR_OPTION_USER_LOGIN:
-                pszUserName = optarg;
-                break;
-
-            case VMDIR_OPTION_PASSWORD_LOGIN:
-                pszPassword = optarg;
-                break;
-
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-        }
-    }
-#else
-    while (i < argc)
-    {
-        if (VmDirIsCmdLineOption(argv[i]) != FALSE)
-        {
-            if (VmDirStringCompareA(VMDIR_OPTION_RAFT_LEADER, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszRaftLeader);
-            } else if (VmDirStringCompareA(VMDIR_OPTION_RAFT_SERVR_TO_LEAVE, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszServerToLeave);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_USER_LOGIN, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszUserName);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_PASSWORD_LOGIN, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPassword);
-            } else
-                    {
-                            BAIL_ON_VMDIR_ERROR(dwError);
-                    }
-            }
-        i++;
-    }
-#endif
-    if (!pszUserName || !pszRaftLeader || !pszServerToLeave)
-    {
-         dwError = ERROR_INVALID_PARAMETER;
-         BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    *ppszRaftLeader = pszRaftLeader;
-    *ppszServerToLeave = pszServerToLeave;
-    *ppszUserName = pszUserName;
-    *ppszPassword = pszPassword;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-ShowUsage(
-    VOID
-    )
-{
-    printf(
-      "Usage: vdcleavefed -H <Raft leader in FQDN> -h <server to leave in FQDN>  -u <administrator user name> [-w <administrator password>]\n"
-      "        server to remove must have been down\n");
-}
diff --git a/lwraft/tools/vdcleavefed/prototypes.h b/lwraft/tools/vdcleavefed/prototypes.h
deleted file mode 100644
index 1a0c10f84..000000000
--- a/lwraft/tools/vdcleavefed/prototypes.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*prototypes.h*/
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszRaftLeader,
-    PSTR*   ppszServerToLeave,
-    PSTR*   ppszUserName,
-    PSTR*   ppszPassword
-    );
-
-VOID
-ShowUsage(
-    VOID
-    );
diff --git a/lwraft/tools/vdcmetric/Makefile.am b/lwraft/tools/vdcmetric/Makefile.am
index e1ccf1167..59ede789e 100644
--- a/lwraft/tools/vdcmetric/Makefile.am
+++ b/lwraft/tools/vdcmetric/Makefile.am
@@ -6,24 +6,26 @@ vdcmetric_SOURCES = \
     main.c
 
 vdcmetric_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/tools/include \
+    -I$(top_srcdir)/lwraft/client \
+    -I$(top_builddir)/lwraft/client \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcmetric_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/lwraft/client/liblwraftclient.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@
 
diff --git a/lwraft/tools/vdcpass/Makefile.am b/lwraft/tools/vdcpass/Makefile.am
deleted file mode 100644
index 2c7f429a3..000000000
--- a/lwraft/tools/vdcpass/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = vdcpass
-
-vdcpass_SOURCES = \
-    main.c \
-    parseargs.c
-
-vdcpass_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcpass_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-vdcpass_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
-
diff --git a/lwraft/tools/vdcpass/externs.h b/lwraft/tools/vdcpass/externs.h
deleted file mode 100644
index 2d71f963b..000000000
--- a/lwraft/tools/vdcpass/externs.h
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-extern VMDIR_COMMAND_LINE_OPTIONS CommandLineOptions;
diff --git a/lwraft/tools/vdcpass/includes.h b/lwraft/tools/vdcpass/includes.h
deleted file mode 100644
index ed0cc1c00..000000000
--- a/lwraft/tools/vdcpass/includes.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcpass
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcpass main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "structs.h"
-#include "externs.h"
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "structs.h"
-#include "externs.h"
-
-#include "banned.h"
-#endif
diff --git a/lwraft/tools/vdcpass/main.c b/lwraft/tools/vdcpass/main.c
deleted file mode 100644
index c42cfe325..000000000
--- a/lwraft/tools/vdcpass/main.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcpass
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcpass main module entry point
- *
- */
-
-#include "includes.h"
-
-static
-int
-VmDirMain(int argc, char* argv[])
-{
-    DWORD   dwError = 0;
-    CHAR    pszPasswordBuf[VMDIR_MAX_PWD_LEN + 1] = {0};
-    COMMAND_LINE_STATE State = { 0 };
-
-    dwError = VmDirParseArguments(
-                &CommandLineOptions,
-                &State,
-                argc,
-                argv);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (State.pszLoginPassword == NULL)
-    {
-        // read password from stdin
-        VmDirReadString(
-            "password: ",
-            pszPasswordBuf,
-            sizeof(pszPasswordBuf),
-            TRUE);
-        State.pszLoginPassword = pszPasswordBuf;
-    }
-
-    if (State.pszUserUPN) //set password
-    {
-        dwError = VmDirSetPassword(
-                            State.pszHostName,
-                            State.pszLoginUserUPN,
-                            State.pszLoginPassword,
-                            State.pszUserUPN,
-                            State.pszNewPassword);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("password was set successfully.\n");
-    }
-    else //change password
-    {
-        dwError = VmDirChangePassword(
-                            State.pszHostName,
-                            State.pszLoginUserUPN,
-                            State.pszLoginPassword,
-                            State.pszNewPassword);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("password was changed successfully.\n");
-    }
-
-cleanup:
-
-    memset(pszPasswordBuf, 0, sizeof(pszPasswordBuf));
-
-    return dwError;
-
-error:
-    printf("Vdcpass failed with error code %d.\n", dwError);
-
-    goto cleanup;
-}
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-    return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    setlocale(LC_ALL, "");
-
-    return VmDirMain(argc, argv);
-}
-
-#endif
diff --git a/lwraft/tools/vdcpass/parseargs.c b/lwraft/tools/vdcpass/parseargs.c
deleted file mode 100644
index 2b7282056..000000000
--- a/lwraft/tools/vdcpass/parseargs.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcpass
- *
- * Filename: parseargs.c
- *
- * Abstract:
- *
- * vdcpass argument parsing functions
- *
- */
-
-#include "includes.h"
-
-static
-VOID
-ShowUsage(
-    PVOID pvContext
-    )
-{
-    printf(
-      "Usage: vdcpass -h <hostname> -u <user UPN> -w <user password> -W <new password>\n"
-      "    [-U <user UPN for password change>]\n"
-      "Note: change password needs administrator privilege.\n");
-}
-
-static
-DWORD
-HandleServerParameterCallback(
-    PVOID pvContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_STATE pContext = (PCOMMAND_LINE_STATE)pvContext;
-
-    pContext->pszHostName = pValue;
-
-    return VMDIR_SUCCESS;
-}
-
-static
-DWORD
-HandleUserNameParameterCallback(
-    PVOID pvContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_STATE pContext = (PCOMMAND_LINE_STATE)pvContext;
-
-    pContext->pszLoginUserUPN = pValue;
-
-    return VMDIR_SUCCESS;
-}
-
-static
-DWORD
-HandlePasswordParameterCallback(
-    PVOID pvContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_STATE pContext = (PCOMMAND_LINE_STATE)pvContext;
-
-    pContext->pszLoginPassword = pValue;
-
-    return VMDIR_SUCCESS;
-}
-
-static
-DWORD
-HandleNewPassParameterCallback(
-    PVOID pvContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_STATE pContext = (PCOMMAND_LINE_STATE)pvContext;
-
-    pContext->pszNewPassword = pValue;
-
-    return VMDIR_SUCCESS;
-}
-
-static
-DWORD
-HandleNewLoginParameterCallback(
-    PVOID pvContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_STATE pContext = (PCOMMAND_LINE_STATE)pvContext;
-
-    pContext->pszUserUPN = pValue;
-
-    return VMDIR_SUCCESS;
-}
-
-static
-DWORD
-PostValidationRoutine(
-    PVOID pvContext
-    )
-{
-     PCOMMAND_LINE_STATE pContext = (PCOMMAND_LINE_STATE)pvContext;
-
-     //
-     // These parameters are all required.
-     //
-     if (pContext->pszHostName == NULL ||
-         pContext->pszLoginUserUPN == NULL ||
-         pContext->pszNewPassword == NULL)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-
-    return VMDIR_SUCCESS;
-}
-
-VMDIR_COMMAND_LINE_OPTIONS CommandLineOptions =
-{
-    ShowUsage,
-    PostValidationRoutine,
-    {
-        {'h', "host", CL_STRING_PARAMETER, HandleServerParameterCallback},
-        {'u', "username", CL_STRING_PARAMETER, HandleUserNameParameterCallback},
-        {'U', "newuser", CL_STRING_PARAMETER, HandleNewLoginParameterCallback},
-        {'w', "password", CL_STRING_PARAMETER, HandlePasswordParameterCallback},
-        {'W', "newpass", CL_STRING_PARAMETER, HandleNewPassParameterCallback},
-        {0, 0, 0, 0}
-    }
-};
diff --git a/lwraft/tools/vdcpass/structs.h b/lwraft/tools/vdcpass/structs.h
deleted file mode 100644
index 6d7ba583a..000000000
--- a/lwraft/tools/vdcpass/structs.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-typedef struct
-{
-    PCSTR pszHostName;
-    PCSTR pszLoginUserUPN;
-    PCSTR pszUserUPN;
-    PCSTR pszLoginPassword;
-    PCSTR pszNewPassword;
-} COMMAND_LINE_STATE, *PCOMMAND_LINE_STATE;
diff --git a/lwraft/tools/vdcrepadmin/Makefile.am b/lwraft/tools/vdcrepadmin/Makefile.am
deleted file mode 100644
index 834c35081..000000000
--- a/lwraft/tools/vdcrepadmin/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = vdcrepadmin
-
-vdcrepadmin_SOURCES = \
-    parseargs.c \
-    main.c
-
-vdcrepadmin_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcrepadmin_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-vdcrepadmin_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcrepadmin/defines.h b/lwraft/tools/vdcrepadmin/defines.h
deleted file mode 100644
index 5d0818c6a..000000000
--- a/lwraft/tools/vdcrepadmin/defines.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _VDCREPADMIN_DEFINE_H_
-#define _VDCREPADMIN_DEFINE_H_
-
-#define VDCREPADMIN_FEATURE_SHOW_PARTNERS              "showpartners"
-#define VDCREPADMIN_FEATURE_SHOW_PARTNER_STATUS        "showpartnerstatus"
-#define VDCREPADMIN_FEATURE_SHOW_FEDERATION_STATUS     "showfederationstatus"
-#define VDCREPADMIN_FEATURE_SHOW_SERVER_ATTRIBUTE      "showservers"
-#define VDCREPADMIN_FEATURE_CREATE_AGREEMENT           "createagreement"
-#define VDCREPADMIN_FEATURE_REMOVE_AGREEMENT           "removeagreement"
-#define VDCREPADMIN_FEATURE_DUMMY_DOMAIN_WRITE         "dummydomainwrite"
-#define VDCREPADMIN_QUERY_IS_FIRST_CYCLE_DONE          "isfirstcycledone"
-#define VDCREPADMIN_FEATURE_SHOW_ATTRIBUTE_METADATA    "showattributemetadata"
-#define VDCREPADMIN_FEATURE_SET_MODE                   "setreplicationmode"
-#define VDCREPADMIN_FEATURE_GET_MODE                   "getreplicationmode"
-
-#ifndef _WIN32
-
-#define VDCREPADMIN_OPTION_SOURCE_HOSTNAME    'h'
-#define VDCREPADMIN_OPTION_TARGET_HOSTNAME    'H'
-#define VDCREPADMIN_OPTION_SOURCE_PORT        'p'
-#define VDCREPADMIN_OPTION_TARGET_PORT        'P'
-#define VDCREPADMIN_OPTION_SOURCE_USERNAME    'u'
-#define VDCREPADMIN_OPTION_SOURCE_PASSWORD    'w'
-#define VDCREPADMIN_OPTION_VERBOSE            'v'
-#define VDCREPADMIN_OPTION_TWO_WAY_REPL       '2'
-#define VDCREPADMIN_OPTION_FEATURE_SET        'f'
-#define VDCREPADMIN_OPTION_ENTRY_DN           'e'
-#define VDCREPADMIN_OPTION_ATTRIBUTE          'a'
-#define VDCREPADMIN_OPTION_MODE               'm'
-#define VDCREPADMIN_OPTIONS_VALID             "2h:H:p:P:D:u:w:vf:e:a:m:"
-
-#else
-#define VDCREPADMIN_OPTION_SOURCE_HOSTNAME    "-h"
-#define VDCREPADMIN_OPTION_TARGET_HOSTNAME    "-H"
-#define VDCREPADMIN_OPTION_SOURCE_PORT        "-p"
-#define VDCREPADMIN_OPTION_TARGET_PORT        "-P"
-#define VDCREPADMIN_OPTION_SOURCE_USERNAME    "-u"
-#define VDCREPADMIN_OPTION_SOURCE_PASSWORD    "-w"
-#define VDCREPADMIN_OPTION_VERBOSE            "-v"
-#define VDCREPADMIN_OPTION_TWO_WAY_REPL       "-2"
-#define VDCREPADMIN_OPTION_FEATURE_SET        "-f"
-#define VDCREPADMIN_OPTION_ENTRY_DN           "-e"
-#define VDCREPADMIN_OPTION_ATTRIBUTE          "-a"
-#define VDCREPADMIN_OPTION_MODE               "-m"
-
-#endif
-
-#endif // ifndef _VDCREPADMIN_DEFINE_H_
-
diff --git a/lwraft/tools/vdcrepadmin/includes.h b/lwraft/tools/vdcrepadmin/includes.h
deleted file mode 100644
index f785f7b46..000000000
--- a/lwraft/tools/vdcrepadmin/includes.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcrepadmin
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcrepadmin main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include <srvcommon.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#define LW_STRICT_NAMESPACE
-#include <lw/types.h>
-#include <lw/hash.h>
-#include <lw/security-types.h>
-
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include <srvcommon.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#include "banned.h"
-
-#endif
diff --git a/lwraft/tools/vdcrepadmin/main.c b/lwraft/tools/vdcrepadmin/main.c
deleted file mode 100644
index 0ad49f111..000000000
--- a/lwraft/tools/vdcrepadmin/main.c
+++ /dev/null
@@ -1,977 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcrepadmin
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcrepadmin main module entry point
- *
- */
-
-#include "includes.h"
-
-static
-DWORD
-_VmDirGetAttributeMetadata(
-    PCSTR pszHostName,
-    PCSTR pszUserName,
-    PCSTR pszPassword,
-    PCSTR pszEntryDn,
-    PCSTR pszAttribute
-    );
-
-static
-VOID
-_VmDirPrintAttributeMetadata(
-    PVMDIR_METADATA pAttrMetadata
-    );
-
-
-static
-DWORD
-_VmDirGetConnection(
-    PCSTR   pszHostName,
-    PCSTR   pszUserName,
-    PCSTR   pszPassword,
-    PVMDIR_CONNECTION* ppConnection
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszDomainName = NULL;
-    PSTR    pszURI = NULL;
-    PVMDIR_CONNECTION pConnection = NULL;
-
-    if ( VmDirIsIPV6AddrFormat( pszHostName ) )
-    {
-        dwError = VmDirAllocateStringPrintf( &pszURI, "ldap://[%s]", pszHostName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        dwError = VmDirAllocateStringPrintf( &pszURI, "ldap://%s", pszHostName );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetDomainName( pszHostName, &pszDomainName );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirConnectionOpen( pszURI, pszDomainName, pszUserName, pszPassword, &pConnection );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppConnection = pConnection;
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-    VMDIR_SAFE_FREE_MEMORY(pszURI);
-    return dwError;
-
-error:
-    VmDirConnectionClose(pConnection);
-    goto cleanup;
-}
-
-static
-DWORD
-_VmDirGetDCList(
-    PCSTR   pszHostName,
-    PCSTR   pszUserName,
-    PCSTR   pszPassword,
-    PVMDIR_STRING_LIST*  ppDCList
-    )
-{
-    DWORD   dwError = 0;
-    DWORD   dwCnt = 0;
-    PSTR    pszName = NULL;
-    PVMDIR_SERVER_INFO  pServerInfo = NULL;
-    DWORD               dwServerInfoCount = 0;
-    PVMDIR_STRING_LIST  pDCList = NULL;
-
-    dwError = VmDirStringListInitialize(&pDCList, 16);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetServers(
-                pszHostName,
-                pszUserName,
-                pszPassword,
-                &pServerInfo,
-                &dwServerInfoCount
-                );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (dwCnt=0; dwCnt<dwServerInfoCount; dwCnt++)
-    {
-
-        VMDIR_SAFE_FREE_MEMORY(pszName);
-
-        dwError = VmDirDnLastRDNToCn(pServerInfo[dwCnt].pszServerDN,
-                                    &pszName);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirStringListAdd(pDCList, pszName);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        pszName = NULL;
-    }
-
-    *ppDCList = pDCList;
-
-cleanup:
-    for (dwCnt=0; dwCnt<dwServerInfoCount; dwCnt++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pServerInfo[dwCnt].pszServerDN);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pServerInfo);
-    VMDIR_SAFE_FREE_MEMORY(pszName);
-    return dwError;
-
-error:
-    VmDirStringListFree(pDCList);
-    goto cleanup;
-}
-
-static
-VOID
-_VmDirPrintReplState(
-    PCSTR             pszHostName,
-    PVMDIR_REPL_STATE pReplState)
-{
-    PVMDIR_REPL_UTDVECTOR       pVector = NULL;
-    PVMDIR_REPL_REPL_AGREEMENT  pRA = NULL;
-
-    if (pReplState)
-    {
-        printf("Domain Controller: %s\n",VDIR_SAFE_STRING(pReplState->pszHost));
-        printf("Invocation ID: %s\n",VDIR_SAFE_STRING(pReplState->pszInvocationId));
-        printf("Replication cycle count: %d\n",pReplState->dwCycleCount);
-        printf("Max consumable  USN: %lu\n",pReplState->maxConsumableUSN);
-        printf("Max originating USN: %lu\n",pReplState->maxOriginatingUSN);
-
-        pVector = pReplState->pReplUTDVec;
-        while (pVector)
-        {
-            printf("Has seen %lu USN from %s\n",pVector->maxOriginatingUSN,
-                   VDIR_SAFE_STRING(pVector->pszPartnerInvocationId));
-            pVector = pVector->next;
-        }
-
-        pRA = pReplState->pReplRA;
-        while (pRA)
-        {
-            printf("Has processed %lu USN from %s\n", pRA->maxProcessedUSN,
-                   VDIR_SAFE_STRING(pRA->pszPartnerName));
-            pRA = pRA->next;
-        }
-
-        printf("\n\n");
-    }
-}
-
-static
-VOID
-_VmDirPrintAttributeMetadata(
-    PVMDIR_METADATA pAttrMetadata
-    )
-{
-    if (pAttrMetadata)
-    {
-        printf("\tAttribute: %s\n", VDIR_SAFE_STRING(pAttrMetadata->pszAttribute));
-        printf("\tLocal USN: %lu\n", pAttrMetadata->localUsn);
-        printf("\tVersion: %u\n", pAttrMetadata->dwVersion);
-        printf("\tOriginating Id: %s\n", VDIR_SAFE_STRING(pAttrMetadata->pszOriginatingId));
-        printf("\tOriginating time: %s\n", VDIR_SAFE_STRING(pAttrMetadata->pszOriginatingTime));
-        printf("\tOriginating USN: %lu\n", pAttrMetadata->originatingUsn);
-    }
-    else
-    {
-        printf("\tAttribute metadata NOT found\n");
-    }
-
-    printf("\n");
-}
-
-static
-DWORD
-VmDirGetFederationStatus(
-    PCSTR   pszHostName,
-    PCSTR   pszUserName,
-    PCSTR   pszPassword
-    )
-{
-    DWORD   dwError = 0;
-    DWORD   dwCnt = 0;
-    PVMDIR_STRING_LIST pDCList = NULL;
-    PVMDIR_CONNECTION  pConnection = NULL;
-    PVMDIR_REPL_STATE  pReplState = NULL;
-
-    dwError = _VmDirGetDCList(
-                pszHostName,
-                pszUserName,
-                pszPassword,
-                &pDCList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (dwCnt=0; dwCnt<pDCList->dwCount; dwCnt++)
-    {
-        VmDirConnectionClose( pConnection );
-        pConnection = NULL;
-        dwError = _VmDirGetConnection(
-                        pDCList->pStringList[dwCnt],
-                        pszUserName,
-                        pszPassword,
-                        &pConnection);
-        if (dwError == VMDIR_ERROR_SERVER_DOWN)
-        {
-            printf("Domain Controller: %s is NOT available\n\n", pDCList->pStringList[dwCnt]);
-            dwError = 0;
-            continue;
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        VmDirFreeReplicationState(pReplState);
-        pReplState = NULL;
-        dwError = VmDirGetReplicationState(pConnection, &pReplState);
-        if (dwError == VMDIR_ERROR_ENTRY_NOT_FOUND)
-        {
-            printf("Domain Controller: %s is NOT supported\n\n", pDCList->pStringList[dwCnt]);
-            dwError = 0;
-            continue;
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        _VmDirPrintReplState(pDCList->pStringList[dwCnt], pReplState);
-    }
-
-cleanup:
-    VmDirStringListFree(pDCList);
-    VmDirConnectionClose(pConnection);
-    VmDirFreeReplicationState(pReplState);
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-_VmDirGetReplicateStatusCycle(
-    PCSTR   pszHostName,
-    PCSTR   pszUserName,
-    PCSTR   pszPassword
-    )
-{
-    DWORD   dwError = 0;
-    DWORD   dwCycleCount = 0;
-    PVMDIR_CONNECTION pConnection = NULL;
-
-    dwError = _VmDirGetConnection( pszHostName,
-                                   pszUserName,
-                                   pszPassword,
-                                   &pConnection);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetReplicationCycleCount( pConnection, &dwCycleCount );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (dwCycleCount == 0)
-    {
-        printf("First replication cycle done: FALSE\n");
-    }
-    else
-    {
-        printf("First replication cycle done: TRUE\n");
-    }
-
-cleanup:
-    VmDirConnectionClose( pConnection );
-
-    return dwError;
-
-error:
-    printf("First replication cycle done: UNKNOWN, error code (%u)\n", dwError);
-    goto cleanup;
-}
-
-DWORD
-VmDirShowReplicationPartnerInfo(
-    DWORD               dwNumPartner,
-    PVMDIR_REPL_PARTNER_INFO   pReplPartnerInfo
-)
-{
-    DWORD dwError = 0;
-    DWORD i = 0;
-    for (i=0; i<dwNumPartner; i++)
-    {
-        printf("%s\n", pReplPartnerInfo[i].pszURI);
-    }
-    return dwError;
-}
-
-DWORD
-VmDirShowReplicationPartnerStatus(
-    DWORD               dwNumPartner,
-    PVMDIR_REPL_PARTNER_STATUS   pReplPartnerStatus
-)
-{
-    DWORD dwError = 0;
-    DWORD i = 0;
-    USN lag = 0;
-    for (i=0; i<dwNumPartner; i++)
-    {
-        printf("Partner: %s\n", pReplPartnerStatus[i].pszHost);
-        printf("Host available:   %s\n", pReplPartnerStatus[i].bHostAvailable ? "Yes" : "No");
-        if (pReplPartnerStatus[i].bHostAvailable)
-        {
-            printf("Status available: %s\n", pReplPartnerStatus[i].bStatusAvailable ? "Yes" : "No");
-            if (pReplPartnerStatus[i].bStatusAvailable)
-            {
-                lag = pReplPartnerStatus[i].targetUsn - pReplPartnerStatus[i].partnerUsn;
-#ifdef _WIN32
-                printf("My last change number:             %I64d\n", (_Longlong)pReplPartnerStatus[i].targetUsn);
-                printf("Partner has seen my change number: %I64d\n", (_Longlong)pReplPartnerStatus[i].partnerUsn);
-                printf("Partner is %I64d changes behind.\n", (_Longlong)lag);
-#else
-                printf("My last change number:             %" PRId64 "\n", (int64_t)pReplPartnerStatus[i].targetUsn);
-                printf("Partner has seen my change number: %" PRId64 "\n", (int64_t)pReplPartnerStatus[i].partnerUsn);
-                printf("Partner is %" PRId64 " changes behind.\n", (int64_t)lag);
-#endif
-            }
-        }
-        if (i < dwNumPartner - 1)
-        {
-            printf("\n");
-        }
-    }
-    return dwError;
-}
-
-DWORD
-VmDirShowServerInfo(
-    DWORD               dwNumServer,
-    PVMDIR_SERVER_INFO   pServerInfo
-)
-{
-    DWORD dwError = 0;
-    DWORD i = 0;
-    for (i=0; i<dwNumServer; i++)
-    {
-        printf("%s\n", pServerInfo[i].pszServerDN);
-    }
-    return dwError;
-}
-
-static
-DWORD
-_VdcLdapReplaceAttributeValues(
-    LDAP *pLd,
-    PCSTR pszDN,
-    PCSTR pszAttribute,
-    PCSTR *ppszAttributeValues
-    )
-{
-    DWORD    dwError = 0;
-    LDAPMod  addReplace;
-    LDAPMod *mods[2];
-
-    addReplace.mod_op     = LDAP_MOD_REPLACE;
-    addReplace.mod_type   = (PSTR) pszAttribute;
-    addReplace.mod_values = (PSTR*) ppszAttributeValues;
-
-    mods[0] = &addReplace;
-    mods[1] = NULL;
-
-    dwError = ldap_modify_ext_s(pLd, pszDN, mods, NULL, NULL);
-
-    return dwError;
-}
-
-static
-DWORD
-_VdcLdapGetAttributeValue(
-    LDAP *pLd,
-    PCSTR pszDCDN,
-    PCSTR pszAttribute,
-    BOOL  bOptional,
-    PSTR *ppszAttrVal
-    )
-{
-    DWORD dwError = 0;
-    PCSTR ppszAttrs[2] = {pszAttribute, NULL};
-    LDAPMessage *pResult = NULL;
-    PSTR  pszAttrVal = NULL;
-
-    dwError = ldap_search_ext_s(
-                pLd,
-                pszDCDN,
-                LDAP_SCOPE_BASE,
-                NULL,
-                (PSTR*)ppszAttrs,
-                0,
-                NULL,
-                NULL,
-                NULL,
-                -1,
-                &pResult);
-
-    if (ldap_count_entries(pLd, pResult) > 0)
-    {
-        LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
-
-        for (; pEntry != NULL;
-             pEntry = ldap_next_entry(pLd,pEntry))
-        {
-            dwError = VmDirGetSingleAttributeFromEntry(pLd,
-                                                       pEntry,
-                                                       (PSTR)pszAttribute,
-                                                       bOptional,
-                                                       &pszAttrVal);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-    *ppszAttrVal = pszAttrVal;
-
-cleanup:
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-    }
-
-    return dwError;
-error:
-    VMDIR_SAFE_FREE_MEMORY(pszAttrVal);
-    goto cleanup;
-}
-
-/**
- * This is an innocuous domain modification to trigger a USN change at all
- * nodes in a domain. The write will be to the 'comment' attribute for each
- * DCAccountDN listed in the given FQDN's 'Domain Controllers' entry for the
- * domain as gleened from the user UPN. The value, or lack thereof, for the
- * attribute will be restored after the write.
- *
- * @param pszHostName The FQDN of node to be written to. This will be used
- *                    to create the DCAccountDN in form of:
- *                    cn=<FQDN>,ou=Domain Controllers,dc=vsphere,dc=local
- * @param pszUserName The user UPN in which to validate.
- * @param pszPassword The password for the given user.
- * @return 0 if successful, else a non-zero error code.
- */
-DWORD
-_VmDirDummyDomainWrite(
-    PCSTR   pszHostName,
-    PCSTR   pszUserName,
-    PCSTR   pszPassword
-)
-{
-    DWORD   dwError = 0;
-    PSTR    pszDomainName = NULL;
-    PSTR    pszDomainDN = NULL;
-    PSTR    pszServerName = NULL;
-    PSTR    pszName = NULL;
-    PSTR    pszAttrVal = NULL;
-    LDAP*   pLd = NULL;
-    PSTR    ppszVals [] = { "foobar", NULL };
-    PVMDIR_STRING_LIST pDCList = NULL;
-    DWORD   dwCnt = 0;
-
-    if( !pszPassword|| !pszHostName || !pszUserName ) {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError =  VmDirUPNToNameAndDomain(pszUserName, &pszName, &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSafeLDAPBind(&pLd, pszHostName, pszUserName, pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetDCDNList(
-                pLd,
-                pszDomainDN,
-                &pDCList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (dwCnt=0; dwCnt<pDCList->dwCount; dwCnt++)
-    {
-        if (pLd)
-        {
-            ldap_unbind_ext_s(pLd, NULL, NULL);
-        }
-
-        VMDIR_SAFE_FREE_MEMORY(pszServerName);
-
-        dwError = VmDirDnLastRDNToCn(pDCList->pStringList[dwCnt], &pszServerName);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirSafeLDAPBind(&pLd,
-                                    pszServerName,
-                                    pszUserName,
-                                    pszPassword);
-
-        if (dwError)
-        {
-            printf("Domain Controller: %s is NOT available. Error [%d]\n\n",
-                   pszServerName,
-                   dwError);
-            pLd = NULL;
-            dwError = 0;
-            continue;
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        /* Get current value of attribute to write back */
-        dwError = _VdcLdapGetAttributeValue(
-                        pLd,
-                        pDCList->pStringList[dwCnt],
-                        ATTR_COMMENT,
-                        TRUE,
-                        &pszAttrVal);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        /* write dummy value to attribute of the DC */
-        dwError = _VdcLdapReplaceAttributeValues(
-                        pLd,
-                        pDCList->pStringList[dwCnt],
-                        ATTR_COMMENT,
-                        (PCSTR*)ppszVals);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        // restore previous value of attribute
-        ppszVals[0] = pszAttrVal;
-
-        dwError = _VdcLdapReplaceAttributeValues( pLd,
-                                                  pDCList->pStringList[dwCnt],
-                                                  ATTR_COMMENT,
-                                                  (PCSTR*) ppszVals);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-cleanup:
-    VmDirStringListFree(pDCList);
-    VMDIR_SAFE_FREE_STRINGA(pszAttrVal);
-    VMDIR_SAFE_FREE_STRINGA(pszName);
-    VMDIR_SAFE_FREE_STRINGA(pszServerName);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainDN);
-
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-_VmDirGetAttributeMetadata(
-    PCSTR pszHostName,
-    PCSTR pszUserName,
-    PCSTR pszPassword,
-    PCSTR pszEntryDn,
-    PCSTR pszAttribute
-    )
-{
-    DWORD dwError = 0;
-    DWORD dwCnt = 0;
-    DWORD dwAttrs = 0;
-    PVMDIR_STRING_LIST pDCList = NULL;
-    PVMDIR_CONNECTION  pConnection = NULL;
-    PVMDIR_METADATA_LIST pMetadataList = NULL;
-
-    dwError = _VmDirGetDCList(
-                pszHostName,
-                pszUserName,
-                pszPassword,
-                &pDCList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (dwCnt=0; dwCnt<pDCList->dwCount; dwCnt++)
-    {
-        // VOID function, no return value to check
-        VmDirConnectionClose(pConnection);
-
-        pConnection = NULL;
-
-        dwError = _VmDirGetConnection(
-                        pDCList->pStringList[dwCnt],
-                        pszUserName,
-                        pszPassword,
-                        &pConnection);
-
-        if (dwError == VMDIR_ERROR_SERVER_DOWN)
-        {
-            printf("Domain Controller: %s is NOT available\n\n", VDIR_SAFE_STRING(pDCList->pStringList[dwCnt]));
-
-            dwError = 0;
-            continue;
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        printf("Domain Controller: %s\n", VDIR_SAFE_STRING(pDCList->pStringList[dwCnt]));
-
-        // VOID function, no return value to check
-        VmDirFreeMetadataList(pMetadataList);
-
-        pMetadataList = NULL;
-
-        dwError = VmDirGetAttributeMetadata(
-                        pConnection,
-                        pszEntryDn,
-                        pszAttribute,
-                        &pMetadataList);
-
-        if (dwError == LDAP_NO_SUCH_OBJECT)
-        {
-            printf("\tEntry NOT found\n\n");
-            dwError = 0;
-            continue;
-
-        }
-
-        if (dwError == VMDIR_ERROR_NO_SUCH_ATTRIBUTE)
-        {
-            printf("\tAttribute NOT found\n\n");
-            dwError = 0;
-            continue;
-
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        for (dwAttrs = 0; dwAttrs < pMetadataList->dwCount; dwAttrs++)
-        {
-            _VmDirPrintAttributeMetadata(pMetadataList->ppMetadataArray[dwAttrs]);
-        }
-    }
-
-cleanup:
-    VmDirStringListFree(pDCList);
-    VmDirConnectionClose(pConnection);
-    VmDirFreeMetadataList(pMetadataList);
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-int
-VmDirMain(int argc, char* argv[])
-{
-    DWORD       dwError = 0;
-    DWORD       i       = 0;
-    PSTR        pszFeatureSet  = NULL;
-    PSTR        pszSrcHostName = NULL;
-    PSTR        pszSrcPort     = NULL;
-    PSTR        pszSrcUserName = NULL;
-    PSTR        pszSrcPassword = NULL;
-    PSTR        pszTgtHostName = NULL;
-    PSTR        pszTgtPort     = NULL;
-    PSTR        pszEntryDn     = NULL;
-    PSTR        pszAttribute   = NULL;
-    BOOLEAN     bVerbose       = FALSE;
-    BOOLEAN     bTwoWayRepl    = FALSE;
-    PSTR        pszErrMsg      = NULL;
-    CHAR        pszPasswordBuf[VMDIR_MAX_PWD_LEN + 1] = {0};
-    PVMDIR_REPL_PARTNER_INFO    pReplPartnerInfo       = NULL;
-    PVMDIR_REPL_PARTNER_STATUS  pReplPartnerStatus     = NULL;
-    PVMDIR_SERVER_INFO          pServerInfo            = NULL;
-    DWORD                       dwReplPartnerInfoCount = 0;
-    DWORD                       dwReplPartnerStatusCount = 0;
-    DWORD                       dwServerInfoCount      = 0;
-
-    CHAR        pszPath[MAX_PATH];
-
-#ifndef _WIN32
-    setlocale(LC_ALL,"");
-#endif
-
-    dwError = VmDirGetVmDirLogPath(pszPath,
-                                   "vdcrepadmin.log");
-    BAIL_ON_VMDIR_ERROR(dwError);
-    dwError = VmDirLogInitialize(
-                pszPath,
-                FALSE,
-                NULL,
-                VMDIR_LOG_INFO,
-                VMDIR_LOG_MASK_ALL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //get commandline parameters
-    dwError = VmDirParseArgs(
-                    argc,
-                    argv,
-                    &pszFeatureSet,
-                    &bTwoWayRepl,
-                    &pszSrcHostName,
-                    &pszSrcPort,
-                    &pszSrcUserName,
-                    &pszSrcPassword,
-                    &pszTgtHostName,
-                    &pszTgtPort,
-                    &pszEntryDn,
-                    &pszAttribute,
-                    &bVerbose
-                    );
-
-    if (bVerbose)
-    {
-        VmDirSetLogLevel( "VERBOSE" );
-    }
-
-    if (dwError)
-    {
-        ShowUsage();
-        goto cleanup;
-    }
-
-    if (pszSrcPassword == NULL)
-    {
-        // read password from stdin
-        VmDirReadString(
-            "password: ",
-            pszPasswordBuf,
-            sizeof(pszPasswordBuf),
-            TRUE);
-        pszSrcPassword = pszPasswordBuf;
-    }
-
-    if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_PARTNERS,
-                             pszFeatureSet,
-                             TRUE) == 0 )
-    {
-        dwError = VmDirGetReplicationPartners(
-                        pszSrcHostName,
-                        pszSrcUserName,
-                        pszSrcPassword,
-                        &pReplPartnerInfo,
-                        &dwReplPartnerInfoCount
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        //Show replication partner info
-        dwError = VmDirShowReplicationPartnerInfo(
-                                dwReplPartnerInfoCount,
-                                pReplPartnerInfo
-                                );
-
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_PARTNER_STATUS,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        dwError = VmDirGetReplicationPartnerStatus(
-                        pszSrcHostName,
-                        pszSrcUserName,
-                        pszSrcPassword,
-                        &pReplPartnerStatus,
-                        &dwReplPartnerStatusCount
-                        );
-
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        //Show replication partner info
-        dwError = VmDirShowReplicationPartnerStatus(
-                                dwReplPartnerStatusCount,
-                                pReplPartnerStatus
-                                );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_FEDERATION_STATUS,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-       {
-           dwError = VmDirGetFederationStatus(
-                           pszSrcHostName,
-                           pszSrcUserName,
-                           pszSrcPassword
-                           );
-           BAIL_ON_VMDIR_ERROR(dwError);
-
-       }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_SERVER_ATTRIBUTE,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        dwError = VmDirGetServers(
-                        pszSrcHostName,
-                        pszSrcUserName,
-                        pszSrcPassword,
-                        &pServerInfo,
-                        &dwServerInfoCount
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        //Show replication partner info
-        dwError = VmDirShowServerInfo(
-                                dwServerInfoCount,
-                                pServerInfo
-                                );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_CREATE_AGREEMENT,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        dwError = VmDirAddReplicationAgreement(
-                    bTwoWayRepl,
-                    pszSrcHostName,
-                    pszSrcPort,
-                    pszSrcUserName,
-                    pszSrcPassword,
-                    pszTgtHostName,
-                    pszTgtPort
-                    );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_REMOVE_AGREEMENT,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        dwError = VmDirRemoveReplicationAgreement(
-                    bTwoWayRepl,
-                    pszSrcHostName,
-                    pszSrcPort,
-                    pszSrcUserName,
-                    pszSrcPassword,
-                    pszTgtHostName,
-                    pszTgtPort
-                    );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_QUERY_IS_FIRST_CYCLE_DONE,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        dwError = _VmDirGetReplicateStatusCycle(
-                        pszSrcHostName,
-                        pszSrcUserName,
-                        pszSrcPassword
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_DUMMY_DOMAIN_WRITE,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        dwError = _VmDirDummyDomainWrite(
-                        pszSrcHostName,
-                        pszSrcUserName,
-                        pszSrcPassword
-                        );
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_ATTRIBUTE_METADATA,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-       {
-           dwError = _VmDirGetAttributeMetadata(
-                                pszSrcHostName,
-                                pszSrcUserName,
-                                pszSrcPassword,
-                                pszEntryDn,
-                                pszAttribute
-                                );
-           BAIL_ON_VMDIR_ERROR(dwError);
-
-       }
-
-cleanup:
-    // Free internal memory used
-    for (i=0; i<dwReplPartnerInfoCount; i++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo[i].pszURI);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo);
-
-    for (i=0; i<dwReplPartnerStatusCount; i++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pReplPartnerStatus[i].pszHost);
-    }
-    VMDIR_SAFE_FREE_MEMORY(pReplPartnerStatus);
-    VMDIR_SAFE_FREE_MEMORY(pszErrMsg);
-
-    // Free internal memory used
-    for (i=0; i<dwServerInfoCount; i++)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pServerInfo[i].pszServerDN);
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pServerInfo);
-    memset(pszPasswordBuf, 0, sizeof(pszPasswordBuf));
-
-    return dwError;
-
-error:
-    VmDirGetErrorMessage(dwError, &pszErrMsg); // ignore error
-    printf("Vdcrepadmin failed. Error [%s] [%d]\n",
-           VDIR_SAFE_STRING(pszErrMsg),
-           dwError);
-    goto cleanup;
-}
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-    return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    return VmDirMain(argc, argv);
-}
-
-#endif
diff --git a/lwraft/tools/vdcrepadmin/parseargs.c b/lwraft/tools/vdcrepadmin/parseargs.c
deleted file mode 100644
index a397c9938..000000000
--- a/lwraft/tools/vdcrepadmin/parseargs.c
+++ /dev/null
@@ -1,420 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcrepadmin
- *
- * Filename: parseargs.c
- *
- * Abstract:
- *
- * vdcrepadmin argument parsing functions
- *
- */
-
-#include "includes.h"
-
-DWORD
-VmDirParseArgs(
-    int      argc,
-    char*    argv[],
-    PSTR*    ppszFeatureSet,
-    PBOOLEAN pbTwoWayRepl,
-    PSTR*    ppszSrcHostName,
-    PSTR*    ppszSrcPort,
-    PSTR*    ppszSrcUserName,
-    PSTR*    ppszSrcPassword,
-    PSTR*    ppszTgtHostName,
-    PSTR*    ppszTgtPort,
-    PSTR*    ppszEntryDn,
-    PSTR*    ppszAttribute,
-    PBOOLEAN pbVerbose
-    )
-{
-    DWORD   dwError        = ERROR_SUCCESS;
-    PSTR    pszFeatureSet  = NULL;
-    PSTR    pszSrcHostName = NULL;
-    PSTR    pszSrcPort     = DEFAULT_LDAPS_PORT_STR;
-    PSTR    pszSrcUserName = NULL;
-    PSTR    pszSrcPassword = NULL;
-    PSTR    pszTgtHostName = NULL;
-    PSTR    pszTgtPort     = DEFAULT_LDAPS_PORT_STR;
-    PSTR    pszEntryDn     = NULL;
-    PSTR    pszAttribute   = NULL;
-    BOOLEAN bVerbose       = FALSE;
-    BOOLEAN bTwoWayRepl    = FALSE;
-
-#ifndef _WIN32
-    int opt = 0;
-#else
-    int i=1;
-    PSTR optarg = NULL;
-#endif
-
-    if (
-           ppszFeatureSet  == NULL
-        || ppszSrcHostName == NULL
-        || ppszSrcPort     == NULL
-        || ppszSrcUserName == NULL
-        || ppszSrcPassword == NULL
-        || ppszTgtHostName == NULL
-        || ppszTgtPort     == NULL
-        || pbVerbose       == NULL
-        || pbTwoWayRepl    == NULL
-
-
-        )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-#ifndef _WIN32
-    while ( (opt = getopt( argc, argv, VDCREPADMIN_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VDCREPADMIN_OPTION_SOURCE_HOSTNAME:
-                pszSrcHostName = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_SOURCE_PORT:
-                pszSrcPort = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_SOURCE_USERNAME:
-                pszSrcUserName = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_SOURCE_PASSWORD:
-                pszSrcPassword = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_TARGET_HOSTNAME:
-                pszTgtHostName = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_TARGET_PORT:
-                pszTgtPort = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_VERBOSE:
-                bVerbose = TRUE;
-                break;
-
-            case VDCREPADMIN_OPTION_TWO_WAY_REPL:
-                bTwoWayRepl = TRUE;
-                break;
-
-            case VDCREPADMIN_OPTION_FEATURE_SET:
-                pszFeatureSet = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_ENTRY_DN:
-                pszEntryDn = optarg;
-                break;
-
-            case VDCREPADMIN_OPTION_ATTRIBUTE:
-                pszAttribute = optarg;
-                break;
-
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-        }
-    }
-#else
-    while (i < argc)
-    {
-        if (VmDirIsCmdLineOption(argv[i]) != FALSE)
-        {
-            if (VmDirStringCompareA(VDCREPADMIN_OPTION_SOURCE_HOSTNAME,
-                                    argv[i],
-                                    TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszSrcHostName);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_SOURCE_PORT,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszSrcPort);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_SOURCE_USERNAME,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszSrcUserName);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_SOURCE_PASSWORD,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszSrcPassword);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_TARGET_HOSTNAME,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszTgtHostName);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_TARGET_PORT,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszTgtPort);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_VERBOSE,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                bVerbose = TRUE;
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_TWO_WAY_REPL,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                bTwoWayRepl = TRUE;
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_FEATURE_SET,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszFeatureSet);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_ENTRY_DN,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszEntryDn);
-            }
-            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_ATTRIBUTE,
-                                         argv[i],
-                                         TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszAttribute);
-            }
-
-        }
-        i++;
-    }
-#endif
-
-    if ( pszFeatureSet  == NULL )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_QUERY_IS_FIRST_CYCLE_DONE,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_PARTNERS,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_PARTNER_STATUS,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_FEDERATION_STATUS,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_SERVER_ATTRIBUTE,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-            )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_CREATE_AGREEMENT,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-            || pszTgtHostName == NULL
-            || pszTgtPort     == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_REMOVE_AGREEMENT,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-            || pszTgtHostName == NULL
-            || pszTgtPort     == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_DUMMY_DOMAIN_WRITE,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_ATTRIBUTE_METADATA,
-                                  pszFeatureSet,
-                                  TRUE) == 0 )
-    {
-        if (
-               pszSrcHostName == NULL
-            || pszSrcPort     == NULL
-            || pszSrcUserName == NULL
-            || pszEntryDn     == NULL
-           )
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-    else
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszFeatureSet  = pszFeatureSet;
-    *ppszSrcHostName = pszSrcHostName;
-    *ppszSrcPort     = pszSrcPort;
-    *ppszSrcUserName = pszSrcUserName;
-    *ppszSrcPassword = pszSrcPassword;
-    *ppszTgtHostName = pszTgtHostName;
-    *ppszTgtPort     = pszTgtPort;
-    *ppszEntryDn     = pszEntryDn;
-    *ppszAttribute   = pszAttribute;
-    *pbVerbose       = bVerbose;
-    *pbTwoWayRepl    = bTwoWayRepl;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-ShowUsage(
-    VOID
-    )
-{
-    printf(
-        "Usage: vdcrepadmin -f showpartners\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "       vdcrepadmin -f showpartnerstatus\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "       vdcrepadmin -f showfederationstatus\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "       vdcrepadmin -f showservers\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "       vdcrepadmin -f createagreement [-2]\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "                   -H <target_hostname> [-P <target_portnumber>]\n"
-        "       Note: if create only one-way replication agreement (source->target),\n"
-        "             the entry is created on the target.\n"
-        "       vdcrepadmin -f removeagreement [-2]\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "                   -H <target_hostname> [-P <target_portnumber>]\n"
-        "       Note: if remove only one-way replication agreement (source->target),\n"
-        "             the entry is removed from the target.\n"
-        "       vdcrepadmin -f isfirstcycledone\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-        "       vdcrepadmin -f dummydomainwrite\n"
-        "                   -h <fully-qualified-domain-name>\n"
-        "                   -u <admin UPN, e.g. Administrator@vsphere.local>\n"
-        "                   [-w <password>]\n"
-        "       vdcrepadmin -f showattributemetadata\n"
-        "                   -e <entry_dn> [-a <attribute>]\n"
-        "                   -h <source_hostname> [-p <source_portnumber>]\n"
-        "                   -u <source_username> [-w <source_password>]\n"
-      );
-}
diff --git a/lwraft/tools/vdcrepadmin/prototypes.h b/lwraft/tools/vdcrepadmin/prototypes.h
deleted file mode 100644
index 4f6fa9f0c..000000000
--- a/lwraft/tools/vdcrepadmin/prototypes.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*prototypes.h*/
-
-DWORD
-VmDirParseArgs(
-    int      argc,
-    char*    argv[],
-    PSTR*    ppszFeatureSet,
-    PBOOLEAN pbTwoWayRepl,
-    PSTR*    ppszSrcHostName,
-    PSTR*    ppszSrcPort,
-    PSTR*    ppszSrcUserName,
-    PSTR*    ppszSrcPassword,
-    PSTR*    ppszTgtHostName,
-    PSTR*    ppszTgtPort,
-    PSTR*    ppszEntryDn,
-    PSTR*    ppszAttribute,
-    PBOOLEAN pbVerbose
-    );
-
-VOID
-ShowUsage(
-    VOID
-    );
-
diff --git a/lwraft/tools/vdcresetMachineActCred/Makefile.am b/lwraft/tools/vdcresetMachineActCred/Makefile.am
deleted file mode 100644
index d72b61a4a..000000000
--- a/lwraft/tools/vdcresetMachineActCred/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = vdcresetMachineActCred
-
-vdcresetMachineActCred_SOURCES = \
-    parseargs.c \
-    main.c
-
-vdcresetMachineActCred_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcresetMachineActCred_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-vdcresetMachineActCred_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcresetMachineActCred/defines.h b/lwraft/tools/vdcresetMachineActCred/defines.h
deleted file mode 100644
index 5efcd3895..000000000
--- a/lwraft/tools/vdcresetMachineActCred/defines.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef _WIN32
-
-#define VMDIR_OPTION_USER_NAME                 'u'
-#define VMDIR_OPTION_TARGET_HOSTNAME           'H'
-#define VMDIR_OPTION_SOURCE_PASSWORD           'w'
-#define VMDIR_OPTIONS_VALID                    "u:H:w:"
-
-#else
-
-#define VMDIR_OPTION_USER_NAME                 "-u"
-#define VMDIR_OPTION_TARGET_HOSTNAME           "-H"
-#define VMDIR_OPTION_SOURCE_PASSWORD           "-w"
-
-#endif
-
-#define VMDIR_MAX_PWD_LEN     128
diff --git a/lwraft/tools/vdcresetMachineActCred/includes.h b/lwraft/tools/vdcresetMachineActCred/includes.h
deleted file mode 100644
index 574908ab1..000000000
--- a/lwraft/tools/vdcresetMachineActCred/includes.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: VmDirResetMachineActCred
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * VmDirResetMachineActCred main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include <srvcommon.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#define LW_STRICT_NAMESPACE
-#include <lw/types.h>
-
-#include "banned.h"
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#endif
diff --git a/lwraft/tools/vdcresetMachineActCred/main.c b/lwraft/tools/vdcresetMachineActCred/main.c
deleted file mode 100644
index 1df290e97..000000000
--- a/lwraft/tools/vdcresetMachineActCred/main.c
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
-* Module Name: vdcresetMachineActCred
-*
-* Filename: main.c
-*
-* Abstract:
-*
-* vdcresetMachineActCred main module entry point
-*
-*/
-
-#include "includes.h"
-
-static
-int
-VmDirMain(
-    int argc,
-    char* argv[]
-    );
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-        return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    return VmDirMain(argc, argv);
-}
-
-#endif
-
-int
-VmDirMain(int argc, char* argv[])
-    {
-    DWORD   dwError              = 0;
-
-    PSTR    pszUserName          = NULL;
-    PSTR    pszPartnerHost       = NULL;
-    PSTR    pszPassword          = NULL;
-    PSTR    pszPasswordBuf       = NULL;
-
-    CHAR    pszPath[MAX_PATH];
-    CHAR    pszLocalHostName[VMDIR_MAX_HOSTNAME_LEN] = {0};
-#ifndef _WIN32
-    setlocale(LC_ALL,"");
-#endif
-
-    dwError = VmDirGetVmDirLogPath(pszPath, "vdcresetMachineActCred.log");
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirLogInitialize(pszPath, FALSE, NULL, VMDIR_LOG_INFO, VMDIR_LOG_MASK_ALL );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //get commandline parameters
-    dwError = VmDirParseArgs(argc,
-                             argv,
-                             &pszUserName,
-                             &pszPartnerHost,
-                             &pszPassword);
-
-    if ( dwError )
-    {
-        ShowUsage();
-        goto cleanup;
-    }
-
-    dwError = VmDirAllocateMemory(VMDIR_MAX_PWD_LEN+1, (PVOID *)&pszPasswordBuf);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if ( pszPassword != NULL )
-    {
-        dwError = VmDirStringCpyA(pszPasswordBuf, VMDIR_MAX_PWD_LEN, pszPassword);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    //no password, read password from stdin
-    {
-        VmDirReadString("password: ", pszPasswordBuf, VMDIR_MAX_PWD_LEN+1, TRUE);
-    }
-
-    dwError = VmDirGetHostName(pszLocalHostName, sizeof(pszLocalHostName)-1);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirResetMachineActCred(pszLocalHostName,
-                                       pszPartnerHost,
-                                       pszUserName,
-                                       pszPasswordBuf);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("vdcresetMachineActCred completed.\n");
-
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "vdcresetMachineActCred completed.");
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszPasswordBuf);
-    VmDirLogTerminate();
-
-    return dwError;
-
-error:
-    printf("vdcresetMachineActCred failed. Error[%d]\n", dwError);
-    goto cleanup;
-    }
diff --git a/lwraft/tools/vdcresetMachineActCred/parseargs.c b/lwraft/tools/vdcresetMachineActCred/parseargs.c
deleted file mode 100644
index 032f33fae..000000000
--- a/lwraft/tools/vdcresetMachineActCred/parseargs.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
-* Module Name: vdcresetMachineActCred
-*
-* Filename: parseargs.c
-*
-* Abstract:
-*
-* vdcresetMachineActCred argument parsing functions
-*
-*/
-
-#include "includes.h"
-
-DWORD
-VmDirParseArgs(
-    int      argc,
-    char*    argv[],
-    PSTR*    ppszUserName,
-    PSTR*    ppszPartnerHostName,
-    PSTR*    ppszPartnerCurrPassword
-    )
-{
-    DWORD   dwError                 = ERROR_SUCCESS;
-    PSTR    pszUserName             = NULL;
-    PSTR    pszPartnerHostName      = NULL;
-    PSTR    pszPartnerCurrPassword  = NULL;
-
-#ifndef _WIN32
-    int opt = 0;
-#else
-    int i=1;
-    PSTR optarg = NULL;
-#endif
-
-    if ( ppszUserName  == NULL ||
-        ppszPartnerHostName == NULL ||
-        ppszPartnerCurrPassword == NULL)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-#ifndef _WIN32
-    while ( (opt = getopt( argc, argv, VMDIR_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VMDIR_OPTION_USER_NAME:
-                pszUserName = optarg;
-                break;
-
-            case VMDIR_OPTION_TARGET_HOSTNAME:
-                pszPartnerHostName = optarg;
-                break;
-
-            case VMDIR_OPTION_SOURCE_PASSWORD:
-                pszPartnerCurrPassword = optarg;
-                break;
-
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-        }
-    }
-#else
-    while (i < argc)
-    {
-        if (VmDirIsCmdLineOption(argv[i]) != FALSE)
-        {
-            if (VmDirStringCompareA(VMDIR_OPTION_USER_NAME, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszUserName);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_TARGET_HOSTNAME, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPartnerHostName);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_SOURCE_PASSWORD, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPartnerCurrPassword);
-            }
-        }
-        i++;
-    }
-#endif
-
-    if ( pszUserName  == NULL )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszUserName               = pszUserName;
-    *ppszPartnerHostName        = pszPartnerHostName;
-    *ppszPartnerCurrPassword    = pszPartnerCurrPassword;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-ShowUsage(
-    VOID
-    )
-{
-    printf(
-        "Usage: vdcresetMachineActCred -u <UserName> [-H <PartnerHost>] [-w <current password>]\n"
-        "if -H is not specified, the local machine password will be modified\n"
-        "if -w is not specified, read password from stdin\n"
-        );
-}
diff --git a/lwraft/tools/vdcresetMachineActCred/prototypes.h b/lwraft/tools/vdcresetMachineActCred/prototypes.h
deleted file mode 100644
index 5ee16416a..000000000
--- a/lwraft/tools/vdcresetMachineActCred/prototypes.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-
-/*prototypes.h*/
-
-DWORD
-VmDirParseArgs(
-    int      argc,
-    char*    argv[],
-    PSTR*    ppszUPN,
-    PSTR*    ppszPartnerHostName,
-    PSTR*    ppszPartnerCurrPassword
-    );
-
-VOID
-ShowUsage(
-    VOID
-    );
diff --git a/lwraft/tools/vdcschema/Makefile.am b/lwraft/tools/vdcschema/Makefile.am
index 7ea11c248..dd80cebed 100644
--- a/lwraft/tools/vdcschema/Makefile.am
+++ b/lwraft/tools/vdcschema/Makefile.am
@@ -1,6 +1,6 @@
-bin_PROGRAMS = vdcschema
+bin_PROGRAMS = postschema
 
-vdcschema_SOURCES = \
+postschema_SOURCES = \
     conn.c \
     main.c \
     operations.c \
@@ -8,28 +8,31 @@ vdcschema_SOURCES = \
     syntax.c \
     util.c
 
-vdcschema_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+postschema_CPPFLAGS = \
+    -I$(top_srcdir)/lwraft/include \
+    -I$(top_srcdir)/lwraft/include/public \
+    -I$(top_srcdir)/lwraft/tools/include \
+    -I$(top_srcdir)/lwraft/client \
+    -I$(top_builddir)/lwraft/client \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
-vdcschema_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
+postschema_LDADD = \
+    $(top_builddir)/lwraft/client/libpostclient.la \
+    $(top_builddir)/lwraft/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
+    @LDAP_LIBS@ \
+    @PTHREAD_LIBS@
 
-vdcschema_LDFLAGS = \
+postschema_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcschema/conn.c b/lwraft/tools/vdcschema/conn.c
index 1ae32b6ab..838732cc0 100644
--- a/lwraft/tools/vdcschema/conn.c
+++ b/lwraft/tools/vdcschema/conn.c
@@ -118,11 +118,7 @@ VdcSchemaFreeConn(
 {
     if (pConn)
     {
-        if (pConn->pLd)
-        {
-            ldap_unbind_ext_s(pConn->pLd, NULL, NULL);
-            pConn->pLd = NULL;
-        }
+        VDIR_SAFE_LDAP_UNBIND_EXT_S(pConn->pLd);
         VMDIR_SAFE_FREE_MEMORY(pConn->pszDomain);
         VMDIR_SAFE_FREE_MEMORY(pConn->pszHostName);
         VMDIR_SAFE_FREE_MEMORY(pConn->pszUserName);
diff --git a/lwraft/tools/vdcschema/operations.c b/lwraft/tools/vdcschema/operations.c
index fadb4a4da..2e133641a 100644
--- a/lwraft/tools/vdcschema/operations.c
+++ b/lwraft/tools/vdcschema/operations.c
@@ -111,7 +111,7 @@ VdcSchemaOpPatchSchemaDefs(
     // perform patch (if not dryrun)
     if (!pOpParam->bDryrun)
     {
-        dwError = VmDirPatchRemoteSchemaObjects(pConn->pLd, pNewSchema);
+        dwError = VmDirPatchRemoteSchemaObjects(pConn->pLd, pSchemaDiff);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         printf("\nSuccessfully patched schema definitions\n");
diff --git a/lwraft/tools/vdcschema/util.c b/lwraft/tools/vdcschema/util.c
index 4d66c35ee..e13b06347 100644
--- a/lwraft/tools/vdcschema/util.c
+++ b/lwraft/tools/vdcschema/util.c
@@ -70,6 +70,7 @@ VmDirSchemaPrintDiff(
     LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
     LW_HASHMAP_PAIR pair = {NULL, NULL};
     DWORD   i = 0;
+    BOOLEAN bDiv = FALSE;
 
     static PCSTR ppszModOp[4] = { "add", "delete", "replace", NULL };
 
@@ -103,16 +104,18 @@ VmDirSchemaPrintDiff(
         printf("dn: %s\n", pDiff->pszDN);
         printf("changetype: modify\n");
 
+        bDiv = FALSE;
         LwRtlHashMapResetIter(&iter);
         while (LwRtlHashMapIterate(pDiff->mods, &iter, &pair))
         {
+            printf("%s", bDiv ? "-\n" : "");
             pMod = (PVDIR_LDAP_MOD)pair.pValue;
             printf("%s: %s\n", ppszModOp[pMod->op], pMod->pszType);
             for (i = 0; pMod->pVals->pStringList[i]; i++)
             {
                 printf("%s: %s\n", pMod->pszType, pMod->pVals->pStringList[i]);
             }
-            printf("%s", iter.Inner.pNext ? "-\n" : "");
+            bDiv = TRUE;
         }
         pNode = pNode->pPrev;
     }
@@ -145,16 +148,18 @@ VmDirSchemaPrintDiff(
         printf("dn: %s\n", pDiff->pszDN);
         printf("changetype: modify\n");
 
+        bDiv = FALSE;
         LwRtlHashMapResetIter(&iter);
         while (LwRtlHashMapIterate(pDiff->mods, &iter, &pair))
         {
+            printf("%s", bDiv ? "-\n" : "");
             pMod = (PVDIR_LDAP_MOD)pair.pValue;
             printf("%s: %s\n", ppszModOp[pMod->op], pMod->pszType);
             for (i = 0; pMod->pVals->pStringList[i]; i++)
             {
                 printf("%s: %s\n", pMod->pszType, pMod->pVals->pStringList[i]);
             }
-            printf("%s", iter.Inner.pNext ? "-\n" : "");
+            bDiv = TRUE;
         }
         pNode = pNode->pPrev;
     }
diff --git a/lwraft/tools/vdcsetupldu/Makefile.am b/lwraft/tools/vdcsetupldu/Makefile.am
deleted file mode 100644
index da90e196a..000000000
--- a/lwraft/tools/vdcsetupldu/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = vdcsetupldu
-
-vdcsetupldu_SOURCES = \
-    main.c \
-    parseargs.c
-
-vdcsetupldu_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcsetupldu_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-vdcsetupldu_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
-
diff --git a/lwraft/tools/vdcsetupldu/defines.h b/lwraft/tools/vdcsetupldu/defines.h
deleted file mode 100644
index 347092177..000000000
--- a/lwraft/tools/vdcsetupldu/defines.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _WIN32
-
-#define VMDIR_OPTION_HOST               'h'
-#define VMDIR_OPTION_DOMAIN             'd'
-#define VMDIR_OPTION_USER_LOGIN         'u'
-#define VMDIR_OPTION_PASSWORD_LOGIN     'w'
-#define VMDIR_OPTION_VERBOSE            'v'
-#define VMDIR_OPTION_PWD_FILE           'x'
-#define VMDIR_OPTIONS_VALID "h:d:u:w:x:v"
-
-
-#else
-
-#define VMDIR_OPTION_HOST               "-h"
-#define VMDIR_OPTION_DOMAIN             "-d"
-#define VMDIR_OPTION_USER_LOGIN         "-u"
-#define VMDIR_OPTION_PASSWORD_LOGIN     "-w"
-#define VMDIR_OPTION_VERBOSE            "-v"
-#define VMDIR_OPTION_PWD_FILE           "-x"
-
-#endif
diff --git a/lwraft/tools/vdcsetupldu/includes.h b/lwraft/tools/vdcsetupldu/includes.h
deleted file mode 100644
index 616474fca..000000000
--- a/lwraft/tools/vdcsetupldu/includes.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdccreatelduandsite
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcsetldu main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#include "banned.h"
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#endif
diff --git a/lwraft/tools/vdcsetupldu/main.c b/lwraft/tools/vdcsetupldu/main.c
deleted file mode 100644
index bd6a7bb18..000000000
--- a/lwraft/tools/vdcsetupldu/main.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcsetupldu
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcsetupldu main module entry point
- *
- */
-
-#include "includes.h"
-
-static
-int
-VmDirMain(
-    int argc,
-    char* argv[]
-    );
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-	DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-	int   iArg = 0;
-
-	dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-	BAIL_ON_VMDIR_ERROR(dwError);
-
-	for (; iArg < argc; iArg++)
-	{
-		dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-		BAIL_ON_VMDIR_ERROR(dwError);
-	}
-
-	dwError = VmDirMain(argc, ppszArgs);
-	BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-	if (ppszArgs)
-	{
-		for (iArg = 0; iArg < argc; iArg++)
-		{
-			VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-		}
-		VmDirFreeMemory(ppszArgs);
-	}
-
-	return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-	return VmDirMain(argc, argv);
-}
-
-#endif
-
-int
-VmDirMain(int argc, char* argv[])
-{
-    DWORD   dwError = 0;
-
-    PSTR        pszHostURI = NULL;
-    PSTR        pszDomain = NULL;
-    PSTR        pszLoginUser = NULL;
-    PSTR        pszLoginPassword = NULL;
-    PSTR        pszPwdFile = NULL;
-    PSTR        pszErrorMessage = NULL;
-    BOOLEAN     bVerbose = FALSE;
-    CHAR        pszGuid[VMDIR_GUID_STR_LEN] = {0};
-    CHAR        pszPath[MAX_PATH];
-    PSTR        pszPasswordBuf = NULL;
-    FILE *      fpPwdFile;
-#ifndef _WIN32
-    setlocale(LC_ALL, "");
-#endif
-
-    dwError = VmDirGetVmDirLogPath(pszPath, "vdcsetupldu.log");
-    BAIL_ON_VMDIR_ERROR(dwError);
-    dwError = VmDirLogInitialize(pszPath, FALSE, NULL, VMDIR_LOG_INFO, VMDIR_LOG_MASK_ALL );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirParseArgs(
-                        argc, argv,
-                        &pszHostURI,
-                        &pszDomain,
-                        &pszLoginUser,
-                        &pszLoginPassword,
-                        &bVerbose,
-			&pszPwdFile);
-
-    if (dwError != ERROR_SUCCESS)
-    {
-        ShowUsage();
-        goto cleanup;
-    }
-
-    if (bVerbose)
-    {
-        VmDirSetLogLevel( "VERBOSE" );
-    }
-
-    dwError = VmDirAllocateMemory(VMDIR_MAX_PWD_LEN+1, (PVOID *)&pszPasswordBuf);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (pszLoginPassword == NULL && pszPwdFile != NULL)
-    {
-       fpPwdFile = fopen(pszPwdFile, "rb");
-       if (fpPwdFile == NULL)
-       {
-           dwError = VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
-           VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "cannot open password file %s", pszPwdFile);
-           BAIL_ON_VMDIR_ERROR(dwError);
-       }
-       if (fread(pszPasswordBuf, 1, VMDIR_MAX_PWD_LEN, fpPwdFile) == 0)
-        {
-           dwError = VMDIR_ERROR_VDCPROMO;
-           VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "Invalid contents in password file %s", pszPwdFile);
-           BAIL_ON_VMDIR_ERROR(dwError);
-       }
-    }
-    else if (pszLoginPassword != NULL && pszPwdFile == NULL)
-    {
-       dwError = VmDirStringCpyA(pszPasswordBuf, VMDIR_MAX_PWD_LEN, pszLoginPassword);
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else //no password nor password-file, read password from stdin
-    {
-        VmDirReadString("password: ", pszPasswordBuf, VMDIR_MAX_PWD_LEN+1, FALSE);
-    }
-
-    dwError = VmDirSetupLdu(
-                                pszHostURI,
-                                pszDomain,
-                                pszLoginUser,
-                                pszPasswordBuf);
-
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //first is SiteGuid, second is LduGuid. first boot script will get them and publish install parameters
-    dwError = VmDirGetLocalSiteGuid(pszGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    printf("%s ", pszGuid);
-
-    dwError = VmDirGetLocalLduGuid(pszGuid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    printf("%s\n", pszGuid);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszPasswordBuf);
-    VMDIR_SAFE_FREE_MEMORY(pszErrorMessage);
-    VmDirLogTerminate();
-
-    return dwError;
-
-error:
-    VmDirGetErrorMessage(dwError, &pszErrorMessage);
-    printf("Vdcsetupldu failed. Error[%d] - %s\n",
-        dwError, ( pszErrorMessage ) ? pszErrorMessage : "");
-
-    goto cleanup;
-}
-
diff --git a/lwraft/tools/vdcsetupldu/parseargs.c b/lwraft/tools/vdcsetupldu/parseargs.c
deleted file mode 100644
index 1d55b2385..000000000
--- a/lwraft/tools/vdcsetupldu/parseargs.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcsetldu
- *
- * Filename: parseargs.c
- *
- * Abstract:
- *
- * vdcsetldu argument parsing functions
- *
- */
-
-#include "includes.h"
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszHostURI,
-    PSTR*   ppszDomain,
-    PSTR*   ppszLoginUser,
-    PSTR*   ppszLoginPassword,
-    PBOOLEAN pbVerbose,
-    PSTR*   ppszPwdFile
-    )
-{
-    DWORD   dwError = ERROR_SUCCESS;
-
-    PSTR    pszHostURI = NULL;
-    PSTR    pszDomain = NULL;
-    PSTR    pszLoginUser = NULL;
-    PSTR    pszLoginPassword = NULL;
-    BOOLEAN bVerbose = FALSE;
-    PSTR    pszPwdFile = NULL;
-#ifndef _WIN32
-	int     opt = 0;
-#else
-	int i=1;
-	PSTR optarg = NULL;
-#endif
-
-    if (ppszHostURI == NULL || ppszDomain == NULL || ppszLoginUser == NULL || ppszLoginPassword == NULL || ppszPwdFile == NULL)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-#ifndef _WIN32
-    while ( (opt = getopt( argc, argv, VMDIR_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VMDIR_OPTION_HOST:
-                pszHostURI = optarg;
-                break;
-
-            case VMDIR_OPTION_DOMAIN:
-                pszDomain = optarg;
-                break;
-
-            case VMDIR_OPTION_USER_LOGIN:
-                pszLoginUser = optarg;
-                break;
-
-            case VMDIR_OPTION_PASSWORD_LOGIN:
-                pszLoginPassword = optarg;
-                break;
-
-            case VMDIR_OPTION_VERBOSE:
-                bVerbose = TRUE;
-                break;
-
-	    case VMDIR_OPTION_PWD_FILE:
-                pszPwdFile = optarg;
-                break;
-
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-        }
-    }
-#else
-	while (i < argc)
-	{
-		if (VmDirIsCmdLineOption(argv[i]) != FALSE)
-		{
-			if (VmDirStringCompareA(VMDIR_OPTION_HOST, argv[i], TRUE) == 0)
-			{
-				VmDirGetCmdLineOption(argc, argv, &i, &pszHostURI);
-			}
-			else if (VmDirStringCompareA(VMDIR_OPTION_DOMAIN, argv[i], TRUE) == 0)
-			{
-				VmDirGetCmdLineOption(argc, argv, &i, &pszDomain);
-			}
-			else if (VmDirStringCompareA(VMDIR_OPTION_USER_LOGIN, argv[i], TRUE) == 0)
-			{
-				VmDirGetCmdLineOption(argc, argv, &i, &pszLoginUser);
-			}
-			else if (VmDirStringCompareA(VMDIR_OPTION_PASSWORD_LOGIN, argv[i], TRUE) == 0)
-			{
-				VmDirGetCmdLineOption(argc, argv, &i, &pszLoginPassword);
-			}
-			else if (VmDirStringCompareA(VMDIR_OPTION_VERBOSE, argv[i], TRUE) == 0)
-			{
-				bVerbose = TRUE;
-			} else if ( VmDirStringCompareA(VMDIR_OPTION_PWD_FILE, argv[i], TRUE ) == 0 )
-		        {
-		                VmDirGetCmdLineOption( argc, argv, &i, &pszPwdFile );
-                        }
-                }
-		i++;
-	}
-#endif
-
-    if (pszHostURI == NULL || pszDomain == NULL || pszLoginUser == NULL ||
-	(pszLoginPassword != NULL && pszPwdFile != NULL)) //if both specified
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszHostURI = pszHostURI;
-    *ppszDomain = pszDomain;
-    *ppszLoginUser = pszLoginUser;
-    *ppszLoginPassword = pszLoginPassword;
-    *pbVerbose = bVerbose;
-    *ppszPwdFile = pszPwdFile;
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-ShowUsage(
-    VOID
-    )
-{
-    printf(
-      "Usage: vdcsetldu -h <host URI> -d <domain name> -u <user DN> [-w <user password>|-x <password-file>]\n");
-}
diff --git a/lwraft/tools/vdcsetupldu/prototypes.h b/lwraft/tools/vdcsetupldu/prototypes.h
deleted file mode 100644
index 842a1a7ef..000000000
--- a/lwraft/tools/vdcsetupldu/prototypes.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*prototypes.h*/
-
-DWORD
-VmDirSetupLdu(
-    PCSTR pszHostURI,
-    PCSTR pszDomain,
-    PCSTR pszUser,
-    PCSTR pszPassword
-    );
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszHostURI,
-    PSTR*   ppszDomain,
-    PSTR*   ppszLoginUser,
-    PSTR*   ppszLoginPassword,
-    PBOOLEAN pbVerbose,
-    PSTR*   ppszPwdFile
-    );
-
-VOID
-ShowUsage(
-    VOID
-    );
diff --git a/lwraft/tools/vdcsrp/Makefile.am b/lwraft/tools/vdcsrp/Makefile.am
deleted file mode 100644
index 70dda4eef..000000000
--- a/lwraft/tools/vdcsrp/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = vdcsrp
-
-vdcsrp_SOURCES = \
-    main.c \
-    parseargs.c
-
-vdcsrp_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcsrp_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-vdcsrp_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
-
diff --git a/lwraft/tools/vdcsrp/defines.h b/lwraft/tools/vdcsrp/defines.h
deleted file mode 100644
index 521be159f..000000000
--- a/lwraft/tools/vdcsrp/defines.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _WIN32
-
-#define VMDIR_OPTION_UPN                'D'
-#define VMDIR_OPTION_SECRET             'W'
-#define VMDIR_OPTION_SECRET_FILE        'x'
-#define VMDIR_OPTIONS_VALID             "D:W:x:"
-
-#else
-
-#define VMDIR_OPTION_UPN                "-D"
-#define VMDIR_OPTION_SECRET             "-W"
-#define VMDIR_OPTION_SECRET_FILE        "-x"
-
-#endif
-
diff --git a/lwraft/tools/vdcsrp/includes.h b/lwraft/tools/vdcsrp/includes.h
deleted file mode 100644
index 789e923a9..000000000
--- a/lwraft/tools/vdcsrp/includes.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcpass
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcpass main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#include "banned.h"
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#endif
diff --git a/lwraft/tools/vdcsrp/main.c b/lwraft/tools/vdcsrp/main.c
deleted file mode 100644
index 1a716943b..000000000
--- a/lwraft/tools/vdcsrp/main.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcsrp
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcsrp module entry point
- *
- */
-
-#include "includes.h"
-
-static
-int
-VmDirMain(int argc, char* argv[])
-{
-    DWORD   dwError = 0;
-
-    PSTR    pszUPN = NULL;
-    PSTR    pszSecret = NULL;
-    PSTR    pszSecret_file = NULL;
-    PSTR    pszErrorMessage = NULL;
-    CHAR    pszSecretBuf[VMDIR_MAX_PWD_LEN+1];
-
-#ifndef _WIN32
-    setlocale(LC_ALL, "");
-#endif
-
-    dwError = VmDirParseArgs(
-                        argc, argv,
-                        &pszUPN,
-                        &pszSecret,
-                        &pszSecret_file);
-
-    if (dwError != ERROR_SUCCESS)
-    {
-        ShowUsage();
-        goto cleanup;
-    }
-
-    memset(pszSecretBuf, 0, sizeof(pszSecretBuf));
-
-    if (pszSecret == NULL && pszSecret_file != NULL)
-    {
-       dwError = VmDirReadStringFromFile(pszSecret_file, pszSecretBuf, sizeof(pszSecretBuf));
-       BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (pszSecret != NULL && pszSecret_file == NULL)
-    {
-       dwError = VmDirStringCpyA(pszSecretBuf, VMDIR_MAX_PWD_LEN, pszSecret);
-       BAIL_ON_VMDIR_ERROR(dwError);
-    } else //no password nor password-file, read password from stdin
-    {
-        VmDirReadString("password: ", pszSecretBuf, VMDIR_MAX_PWD_LEN+1, FALSE);
-    }
-
-    {
-        dwError = VmDirSetSRPSecret(pszUPN, pszSecretBuf);
-        if ( dwError == 0 )
-        {
-            printf("SRP secret was set successfully.\n");
-        }
-        else if ( dwError == VMDIR_ERROR_ENTRY_ALREADY_EXIST )
-        {
-            dwError = 0;
-            printf("SRP secret exists already.\n");
-            // TODO, do a SRP bind to make sure  it works?
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszErrorMessage);
-    memset(pszSecretBuf, 0, sizeof(pszSecretBuf));
-    return dwError;
-
-error:
-    VmDirGetErrorMessage(dwError, &pszErrorMessage);
-    printf("Vdcsrp failed. Error[%d] - %s\n",
-        dwError, ( pszErrorMessage ) ? pszErrorMessage : "");
-    printf("Make sure the UPN and password are correct\n");
-
-    goto cleanup;
-}
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-    return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    return VmDirMain(argc, argv);
-}
-
-#endif
diff --git a/lwraft/tools/vdcsrp/parseargs.c b/lwraft/tools/vdcsrp/parseargs.c
deleted file mode 100644
index 58380721c..000000000
--- a/lwraft/tools/vdcsrp/parseargs.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcpass
- *
- * Filename: parseargs.c
- *
- * Abstract:
- *
- * vdcpass argument parsing functions
- *
- */
-
-#include "includes.h"
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszUPN,
-    PSTR*   ppszSecret,
-    PSTR*   ppszSecret_file
-    )
-{
-    DWORD   dwError = ERROR_SUCCESS;
-#ifndef _WIN32
-    int     opt = 0;
-#else
-    int i = 1;
-    PSTR optarg = NULL;
-#endif
-    PSTR    pszUPN = NULL;
-    PSTR    pszSecret = NULL;
-    PSTR    pszSecret_file = NULL;
-
-    if (ppszUPN == NULL ||
-        ppszSecret == NULL ||
-        ppszSecret_file == NULL)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-#ifndef _WIN32
-    while ( (opt = getopt( argc, argv, VMDIR_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VMDIR_OPTION_UPN:
-                pszUPN = optarg;
-                break;
-
-            case VMDIR_OPTION_SECRET:
-                pszSecret = optarg;
-                break;
-
-            case VMDIR_OPTION_SECRET_FILE:
-                pszSecret_file = optarg;
-                break;
-
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-        }
-    }
-#else
-    while (i < argc)
-    {
-        if (VmDirIsCmdLineOption(argv[i]) != FALSE)
-        {
-            if (VmDirStringCompareA(VMDIR_OPTION_UPN, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszUPN);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_SECRET, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszSecret);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_SECRET_FILE, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszSecret_file);
-            }
-        }
-        i++;
-    }
-#endif
-
-    if (pszUPN == NULL ||
-	(pszSecret != NULL && pszSecret_file != NULL))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszUPN = pszUPN;
-    *ppszSecret = pszSecret;
-    *ppszSecret_file = pszSecret_file;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-ShowUsage(
-    VOID
-    )
-{
-    printf(
-      "Usage: vdcsrp -D <Bind UPN> [-W <current password>|-x <current password file>]\n"
-      "Note: setting SRP secret needs administrator privilege.\n");
-}
diff --git a/lwraft/tools/vdcsrp/prototypes.h b/lwraft/tools/vdcsrp/prototypes.h
deleted file mode 100644
index e48590b7c..000000000
--- a/lwraft/tools/vdcsrp/prototypes.h
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*prototypes.h*/
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszUPN,
-    PSTR*   ppszSecret,
-    PSTR*   ppszSecretFile
-    );
-
-VOID
-ShowUsage(
-    VOID
-    );
diff --git a/lwraft/tools/vdcupgrade/Makefile.am b/lwraft/tools/vdcupgrade/Makefile.am
deleted file mode 100644
index 9a2e7103b..000000000
--- a/lwraft/tools/vdcupgrade/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = vdcupgrade
-
-vdcupgrade_SOURCES = \
-    main.c \
-    ldap.c \
-    parseargs.c
-
-vdcupgrade_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vdcupgrade_LDADD = \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-vdcupgrade_LDFLAGS = \
-    @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
diff --git a/lwraft/tools/vdcupgrade/defines.h b/lwraft/tools/vdcupgrade/defines.h
deleted file mode 100644
index 922e06000..000000000
--- a/lwraft/tools/vdcupgrade/defines.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#ifndef _WIN32
-
-#define VMDIR_OPTION_SERVER_NAME        'H'
-#define VMDIR_OPTION_ADMIN_UPN          'D'
-#define VMDIR_OPTION_PASSWORD           'W'
-#define VMDIR_OPTION_PASSWORD_FILE      'x'
-#define VMDIR_OPTION_ACLONLY            'a'
-#define VMDIR_OPTION_PNIDFIX_DCACCOUNT  'd'
-#define VMDIR_OPTION_PNIDFIX_SAMACCOUNT 's'
-#define VMDIR_OPTIONS_VALID             "H:D:W:x:d:s:a"
-
-#else
-
-#define VMDIR_OPTION_SERVER_NAME        "-H"
-#define VMDIR_OPTION_ADMIN_UPN          "-D"
-#define VMDIR_OPTION_PASSWORD           "-W"
-#define VMDIR_OPTION_PASSWORD_FILE      "-x"
-#define VMDIR_OPTION_PNIDFIX_DCACCOUNT  "-d"
-#define VMDIR_OPTION_PNIDFIX_SAMACCOUNT "-s"
-#define VMDIR_OPTION_ACLONLY            "-a"
-
-#endif
diff --git a/lwraft/tools/vdcupgrade/includes.h b/lwraft/tools/vdcupgrade/includes.h
deleted file mode 100644
index 44edc0682..000000000
--- a/lwraft/tools/vdcupgrade/includes.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcupgrade
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcupgrade main module include file
- *
- */
-#ifndef _WIN32
-
-#include <config.h>
-
-#include <vmdirsys.h>
-#include <ldap.h>
-#include <lber.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#include <reg/lwreg.h>
-#include <reg/regutil.h>
-
-#else
-#pragma once
-
-#include "targetver.h"
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <tchar.h>
-#include <winsock2.h>
-#include "lber.h"
-#include "ldap.h"
-#include "ldap-int.h"
-#define LDAP_UNICODE 0
-
-#include "banned.h"
-#include <vmdir.h>
-#include <vmdirdefines.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <vmdirclient.h>
-#include "defines.h"
-#include "prototypes.h"
-
-#endif
diff --git a/lwraft/tools/vdcupgrade/ldap.c b/lwraft/tools/vdcupgrade/ldap.c
deleted file mode 100644
index 41b087e0c..000000000
--- a/lwraft/tools/vdcupgrade/ldap.c
+++ /dev/null
@@ -1,385 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcupgrade
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcupgrade module entry point
- *
- */
-
-#include "includes.h"
-
-DWORD
-VdcLdapAddAttributeValues(
-    LDAP *pLd,
-    PCSTR pszDN,
-    PCSTR pszAttribute,
-    PCSTR *ppszAttributeValues
-    )
-{
-    DWORD dwError = 0;
-
-    LDAPMod addition;
-    LDAPMod *mods[2];
-
-    /* Initialize the attribute, specifying 'ADD' as the operation */
-    addition.mod_op     = LDAP_MOD_ADD;
-    addition.mod_type   = (PSTR) pszAttribute;
-    addition.mod_values = (PSTR*) ppszAttributeValues;
-
-    /* Fill the attributes array (remember it must be NULL-terminated) */
-    mods[0] = &addition;
-    mods[1] = NULL;
-
-    /* ....initialize connection, etc. */
-
-    dwError = ldap_modify_ext_s(pLd, pszDN, mods, NULL, NULL);
-
-    return dwError;
-}
-
-DWORD
-VdcLdapReplaceAttributeValues(
-    LDAP *pLd,
-    PCSTR pszDN,
-    PCSTR pszAttribute,
-    PCSTR *ppszAttributeValues
-    )
-{
-    DWORD dwError = 0;
-
-    LDAPMod addReplace;
-    LDAPMod *mods[2];
-
-    /* Initialize the attribute, specifying 'ADD' as the operation */
-    addReplace.mod_op     = LDAP_MOD_REPLACE;
-    addReplace.mod_type   = (PSTR) pszAttribute;
-    addReplace.mod_values = (PSTR*) ppszAttributeValues;
-
-    /* Fill the attributes array (remember it must be NULL-terminated) */
-    mods[0] = &addReplace;
-    mods[1] = NULL;
-
-    /* ....initialize connection, etc. */
-
-    dwError = ldap_modify_ext_s(pLd, pszDN, mods, NULL, NULL);
-
-    return dwError;
-}
-
-DWORD
-VdcLdapGetAttributeValue(
-    LDAP *pLd,
-    PCSTR pBase,
-    int ldapScope,
-    PCSTR pszFilter,
-    PCSTR pszAttribute,
-    PSTR *ppszAttributeValue
-    )
-{
-    DWORD dwError = 0;
-    PCSTR ppszAttrs[2] = {0};
-    LDAPMessage *pResult = NULL;
-    PSTR pszDN = NULL;
-    BerValue** ppBerValues = NULL;
-    PSTR pszAttributeValue = NULL;
-
-    ppszAttrs[0] = pszAttribute;
-    dwError = ldap_search_ext_s(
-                pLd,
-                pBase,
-                ldapScope,
-                pszFilter ? pszFilter : "",
-                (PSTR*)ppszAttrs,
-                0,
-                NULL,
-                NULL,
-                NULL,
-                -1,
-                &pResult);
-
-    if (ldap_count_entries(pLd, pResult) > 0)
-    {
-        LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
-
-        for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
-        {
-            BerValue** ppBerValues = NULL;
-            ppBerValues = ldap_get_values_len(pLd, pEntry, pszAttribute);
-            if (ppBerValues != NULL && ldap_count_values_len(ppBerValues) > 0)
-            {
-                dwError = VmDirAllocateStringA(
-                            ppBerValues[0][0].bv_val,
-                            &pszAttributeValue);
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-            }
-        }
-    }
-
-    *ppszAttributeValue = pszAttributeValue;
-
-cleanup:
-
-    if (ppBerValues)
-    {
-        ldap_value_free_len(ppBerValues);
-        ppBerValues = NULL;
-    }
-
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-        pResult = NULL;
-    }
-
-    if (pszDN)
-    {
-        ldap_memfree(pszDN);
-        pszDN = NULL;
-    }
-
-    return dwError;
-
-error:
-
-    VMDIR_SAFE_FREE_STRINGA(pszAttributeValue);
-    goto cleanup;
-}
-
-DWORD
-VdcLdapAddContainer(
-    LDAP*  pLd,
-    PCSTR  pszDN,
-    PCSTR  pszCN
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       valsCn[] = {pszCN, NULL};
-    PCSTR       valsClass[] = {OC_TOP, OC_CONTAINER, NULL};
-    LDAPMod     mod[2]={
-                            {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
-                            {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}
-                       };
-    LDAPMod*    attrs[] = {&mod[0], &mod[1], NULL};
-
-    dwError = ldap_add_ext_s(
-                             pLd,
-                             pszDN,
-                             attrs,
-                             NULL,
-                             NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-DWORD
-VdcLdapAddGroup(
-    LDAP*  pLd,
-    PCSTR  pszDN,
-    PCSTR  pszCN
-    )
-{
-    DWORD       dwError = 0;
-    PCSTR       valsCn[] = {pszCN, NULL};
-    PCSTR       valssAMActName[] = {pszCN, NULL};
-    PCSTR       valsClass[] = {OC_TOP, OC_GROUP, NULL};
-    LDAPMod     mod[3]={
-                            {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
-                            {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
-                            {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}
-                       };
-    LDAPMod*    attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
-
-    dwError = ldap_add_ext_s(
-                             pLd,
-                             pszDN,
-                             attrs,
-                             NULL,
-                             NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-BOOLEAN
-VdcIfDNExist(
-    LDAP* pLd,
-    PCSTR pszDN)
-{
-    DWORD           dwError = 0;
-    LDAPMessage*    pSearchRes = NULL;
-
-    dwError = ldap_search_ext_s(
-                            pLd,
-                            pszDN,         /* base */
-                            LDAP_SCOPE_BASE,
-                            NULL,       /* filter */
-                            NULL,       /* attrs */
-                            FALSE,      /* attrsonly */
-                            NULL,       /* serverctrls */
-                            NULL,       /* clientctrls */
-                            NULL,       /* timeout */
-                            0,          /* sizelimit */
-                            &pSearchRes);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    if (pSearchRes)
-    {
-        ldap_msgfree(pSearchRes);
-    }
-    return dwError == 0;
-error:
-    goto cleanup;
-}
-
-/* Replace attribute on all matched entries */
-DWORD
-VdcLdapReplaceAttrOnEntries(
-    LDAP *pLd,
-    PCSTR pBase,
-    int ldapScope,
-    PCSTR pszFilter,
-    PCSTR pAttrName,
-    PCSTR pAttrVal,
-    int *pTotalCnt,
-    int *pFailedCnt
-    )
-{
-    DWORD dwError = 0;
-    LDAPMessage *pResult = NULL;
-    PSTR pszDn = NULL;
-    PCSTR ppszAttrs[] = {ATTR_DN, NULL};
-    LDAPMod mod = {0};
-    LDAPMod* mods[2] = {&mod, NULL};
-    PSTR vals[2] = {0};
-    int totalCnt = 0;
-    int failedCnt = 0;
-    int alreadyUpdatedCnt = 0;
-    PSTR oldAttrVal = NULL;
-
-    mod.mod_op = LDAP_MOD_REPLACE;
-    mod.mod_type = (PSTR)pAttrName;
-    vals[0] = (PSTR)pAttrVal;
-    vals[1] = NULL;
-    mod.mod_vals.modv_strvals = vals;
-
-    *pTotalCnt = 0;
-    *pFailedCnt = 0;
-
-    dwError = ldap_search_ext_s(
-                pLd,
-                pBase,
-                ldapScope,
-                pszFilter ? pszFilter : "",
-                (PSTR*)ppszAttrs,
-                0,
-                NULL,
-                NULL,
-                NULL,
-                -1,
-                &pResult);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (ldap_count_entries(pLd, pResult) > 0)
-    {
-
-        LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
-
-        for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
-        {
-            if (pszDn)
-            {
-                ldap_memfree(pszDn);
-                pszDn = NULL;
-            }
-            pszDn = ldap_get_dn(pLd, pEntry);
-
-            VMDIR_SAFE_FREE_STRINGA(oldAttrVal);
-            dwError = VdcLdapGetAttributeValue( pLd,
-                                        pszDn,
-                                        LDAP_SCOPE_BASE,
-                                        "objectClass=*",
-                                        pAttrName,
-                                        &oldAttrVal);
-            if (dwError == LDAP_SUCCESS && VmDirStringCompareA(oldAttrVal, pAttrVal, FALSE)==0)
-            {
-                totalCnt++;
-                alreadyUpdatedCnt++;
-                continue;
-            }
-            dwError = ldap_modify_ext_s( pLd, pszDn, mods, NULL, NULL);
-            if (dwError != LDAP_SUCCESS)
-            {
-                failedCnt++;
-                printf("Warning: vdcupgrade failed to replace attribute %s on entry %s\n",
-                       pAttrName, pszDn);
-            }
-            totalCnt++;
-        }
-    }
-    *pTotalCnt = totalCnt;
-    *pFailedCnt = failedCnt;
-    if (alreadyUpdatedCnt != 0)
-    {
-        printf("vdcupgrade %d out of %d attribute %s already up-to-date.\n", alreadyUpdatedCnt, totalCnt, pAttrName);
-    }
-
-cleanup:
-    if (pResult)
-    {
-        ldap_msgfree(pResult);
-        pResult = NULL;
-    }
-
-    if (pszDn)
-    {
-        ldap_memfree(pszDn);
-        pszDn = NULL;
-    }
-    VMDIR_SAFE_FREE_STRINGA(oldAttrVal);
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-VOID
-VdcLdapUnbind(
-    LDAP *pLd
-    )
-{
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-}
diff --git a/lwraft/tools/vdcupgrade/main.c b/lwraft/tools/vdcupgrade/main.c
deleted file mode 100644
index aaac87c5a..000000000
--- a/lwraft/tools/vdcupgrade/main.c
+++ /dev/null
@@ -1,1121 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcupgrade
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vdcupgrade module entry point
- *
- */
-
-#include "includes.h"
-
-static
-DWORD
-AddComputersContainer(
-    LDAP* pLd,
-    PCSTR pszServerName
-    );
-
-static
-DWORD
-AddCAContainer(
-    LDAP* pLd,
-    PCSTR pszServerName
-    );
-
-static
-DWORD
-AddBuiltinDCClientsGroup(
-    LDAP* pLd,
-    PCSTR pszServerName
-    );
-
-static
-DWORD
-AddBuiltinCAAdminsGroup(
-    LDAP* pLd,
-    PCSTR pszServerName
-    );
-
-static
-DWORD
-AccountDNToName(
-    PCSTR pszDCAccountDN,
-    PSTR* ppszDCAccount
-    );
-
-static
-DWORD
-SetDCAccountRegistryKey(
-    VOID
-    );
-
-static
-DWORD
-UpgradeDirectory(
-    LDAP* pLd,
-    PCSTR pszServerName,
-    PCSTR pszUserUpn,
-    PCSTR pszPassword
-    );
-
-static
-DWORD
-UpdateDCAccountSRPSecret(
-    LDAP* pLd
-    );
-
-static
-DWORD
-UpdateEntriesACL(
-    LDAP*   pLd,
-    PCSTR pszServerName,
-    PCSTR pszAdminUPN
-    );
-
-static
-DWORD
-_UpdatePSCVersion(
-    LDAP* pLd
-    );
-
-static
-int
-VmDirMain(
-    int argc,
-    char* argv[]
-    );
-
-static
-DWORD
-ReplaceSamAccountOnDn(
-    LDAP* pLd,
-    PCSTR pszAccountDn,
-    PCSTR pszNewSamAccount
-    );
-
-static
-DWORD
-getPSCVersion(
-    LDAP* pLd,
-    PSTR* ppszPSCVer
-    );
-
-#ifdef _WIN32
-
-int wmain(int argc, wchar_t* argv[])
-{
-    DWORD dwError = 0;
-    PSTR* ppszArgs = NULL;
-    int   iArg = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(PSTR) * argc, (PVOID*)&ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    for (; iArg < argc; iArg++)
-    {
-        dwError = VmDirAllocateStringAFromW(argv[iArg], &ppszArgs[iArg]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirMain(argc, ppszArgs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-error:
-
-    if (ppszArgs)
-    {
-        for (iArg = 0; iArg < argc; iArg++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(ppszArgs[iArg]);
-        }
-        VmDirFreeMemory(ppszArgs);
-    }
-
-    return dwError;
-}
-#else
-
-int main(int argc, char* argv[])
-{
-    return VmDirMain(argc, argv);
-}
-
-#endif
-
-static
-int
-VmDirMain(
-    int argc,
-    char* argv[]
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszServerName = NULL;
-    PSTR    pszAdminUPN = NULL;
-    PSTR    pszPassword = NULL;
-    PSTR    pszPasswordFile = NULL;
-    PSTR    pszPnidFixAccountDn = NULL;
-    PSTR    pszPnidFixSamAccount = NULL;
-    PSTR    pszErrorMessage = NULL;
-    PSTR    pszVersion = NULL;
-    LDAP*   pLd = NULL;
-    CHAR    pszPasswordBuf[VMDIR_MAX_PWD_LEN + 1];
-    BOOLEAN bAclOnly = FALSE;
-
-#ifndef _WIN32
-    setlocale(LC_ALL, "");
-#endif
-
-    dwError = VmDirParseArgs(
-                        argc, argv,
-                        &pszServerName,
-                        &pszAdminUPN,
-                        &pszPassword,
-                        &pszPasswordFile,
-                        &bAclOnly,
-                        &pszPnidFixAccountDn,
-                        &pszPnidFixSamAccount);
-    if (dwError != ERROR_SUCCESS)
-    {
-        ShowUsage();
-        goto cleanup;
-    }
-
-    if (!pszServerName ||
-        !pszAdminUPN   ||
-        (pszPassword && pszPasswordFile))
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    memset(pszPasswordBuf, 0, sizeof(pszPasswordBuf));
-
-    if (pszPassword == NULL && pszPasswordFile != NULL)
-    {
-        dwError = VmDirReadStringFromFile(pszPasswordFile, pszPasswordBuf, sizeof(pszPasswordBuf));
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (pszPassword != NULL && pszPasswordFile == NULL)
-    {
-        dwError = VmDirStringCpyA(pszPasswordBuf, VMDIR_MAX_PWD_LEN, pszPassword);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    } else
-    {
-        VmDirReadString("password: ", pszPasswordBuf, VMDIR_MAX_PWD_LEN+1, FALSE);
-    }
-
-    dwError = VmDirSafeLDAPBind(&pLd, pszServerName, pszAdminUPN, pszPasswordBuf);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = getPSCVersion(
-		pLd,
-		&pszVersion);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    // Only patch ACL from 5.5
-    if (VmDirStringNCompareA(pszVersion, "5.5", 3, FALSE) == 0)
-    {
-	// do ACL patch first, so newly added entry will have correct ACL.
-	dwError = UpdateEntriesACL( pLd, pszServerName, pszAdminUPN);
-	BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (!bAclOnly)
-    {
-
-        dwError = UpgradeDirectory(pLd, pszServerName, pszAdminUPN, pszPasswordBuf);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = UpdateDCAccountSRPSecret( pLd );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        if (pszPnidFixAccountDn && pszPnidFixSamAccount)
-        {
-            dwError = ReplaceSamAccountOnDn(pLd, pszPnidFixAccountDn, pszPnidFixSamAccount);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-    }
-
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszVersion);
-    VMDIR_SAFE_FREE_STRINGA(pszServerName);
-    VMDIR_SAFE_FREE_STRINGA(pszAdminUPN);
-    if (pszPassword)
-        memset(pszPassword, 0, strlen(pszPassword));
-    memset(pszPasswordBuf, 0, sizeof(pszPasswordBuf));
-    VMDIR_SAFE_FREE_STRINGA(pszPassword);
-    VMDIR_SAFE_FREE_STRINGA(pszPasswordFile);
-    VMDIR_SAFE_FREE_STRINGA(pszPnidFixAccountDn);
-    VMDIR_SAFE_FREE_STRINGA(pszPnidFixSamAccount);
-    VMDIR_SAFE_FREE_MEMORY(pszErrorMessage);
-    VdcLdapUnbind(pLd);
-    pLd = NULL;
-
-    return dwError;
-
-error:
-    VmDirGetErrorMessage(dwError, &pszErrorMessage);
-    printf("Vdcupgrade failed. Error[%d] - %s\n",
-        dwError, ( pszErrorMessage ) ? pszErrorMessage : "");
-    goto cleanup;
-}
-
-static
-DWORD
-UpgradeDirectory(
-    LDAP* pLd,
-    PCSTR pszServerName,
-    PCSTR pszAdminUPN,
-    PCSTR pszPassword
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = _UpdatePSCVersion(pLd);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = AddComputersContainer(pLd, pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = AddCAContainer(pLd, pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = AddBuiltinDCClientsGroup(pLd, pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = AddBuiltinCAAdminsGroup(pLd, pszServerName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = SetDCAccountRegistryKey();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-AddComputersContainer(
-    LDAP* pLd,
-    PCSTR pszServerName
-    )
-{
-    DWORD  dwError = 0;
-    PCSTR  pszComputersContainerName = VMDIR_COMPUTERS_RDN_VAL;
-    PSTR   pszDomainName = NULL;
-    PSTR   pszDomainDN = NULL;
-    PSTR   pszComputersContainerDN = NULL;
-
-    if (!pLd)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetDomainName(
-                  pszServerName,
-                  &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(
-                  pszDomainName,
-                  &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszComputersContainerDN, "%s=%s,%s",
-                  ATTR_OU,
-                  pszComputersContainerName,
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!VdcIfDNExist(pLd, pszComputersContainerDN))
-    {
-        dwError = VdcLdapAddContainer(
-                      pLd,
-                      pszComputersContainerDN,
-                      pszComputersContainerName);
-        if (dwError)
-        {
-            printf("Failed to add container %s to directory (%d)\n",
-                   pszComputersContainerDN, dwError);
-        }
-        else
-        {
-            printf("Added container %s to directory.\n",
-                   pszComputersContainerDN);
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        printf("Container %s already exists, not added.\n",
-               pszComputersContainerDN);
-    }
-
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainDN);
-    VMDIR_SAFE_FREE_STRINGA(pszComputersContainerDN);
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-/*
- * patch cn=certificate-authorities,cn=configuration,DOMAIN_DN entry
- */
-static
-DWORD
-AddCAContainer(
-    LDAP* pLd,
-    PCSTR pszServerName
-    )
-{
-    DWORD  dwError = 0;
-    PCSTR  pszCAContainerName = VMDIR_CA_CONTAINER_NAME;
-    PCSTR  pszConfigurationContainerName = VMDIR_CONFIGURATION_CONTAINER_NAME;
-    PSTR   pszDomainName = NULL;
-    PSTR   pszDomainDN = NULL;
-    PSTR   pszCAContainerDN = NULL;
-
-    if (!pLd)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetDomainName(
-                  pszServerName,
-                  &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(
-                  pszDomainName,
-                  &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszCAContainerDN, "%s=%s,%s=%s,%s",
-                  ATTR_CN,
-                  pszCAContainerName,
-                  ATTR_CN,
-                  pszConfigurationContainerName,
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!VdcIfDNExist(pLd, pszCAContainerDN))
-    {
-        dwError = VdcLdapAddContainer(
-                      pLd,
-                      pszCAContainerDN,
-                      pszCAContainerName);
-        if (dwError)
-        {
-            printf("Failed to add container %s to directory (%d)\n",
-                            pszCAContainerDN, dwError);
-        }
-        else
-        {
-            printf("Added container %s to directory.\n",
-                            pszCAContainerDN);
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        printf("Container %s already exists, not added.\n",
-                        pszCAContainerDN);
-    }
-
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainDN);
-    VMDIR_SAFE_FREE_STRINGA(pszCAContainerDN);
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-AddBuiltinDCClientsGroup(
-    LDAP* pLd,
-    PCSTR pszServerName
-    )
-{
-
-    DWORD  dwError = 0;
-    PSTR   pszDomainName = NULL;
-    PSTR   pszDomainDN = NULL;
-    PSTR   pszDCClientsGroupDN = NULL;
-
-    if (!pLd)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetDomainName(
-                  pszServerName,
-                  &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(
-                  pszDomainName,
-                  &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszDCClientsGroupDN, "cn=%s,cn=%s,%s",
-                  VMDIR_DCCLIENT_GROUP_NAME,
-                  VMDIR_BUILTIN_CONTAINER_NAME,
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!VdcIfDNExist(pLd, pszDCClientsGroupDN))
-    {
-        dwError = VdcLdapAddGroup(
-                      pLd,
-                      pszDCClientsGroupDN,
-                      VMDIR_DCCLIENT_GROUP_NAME);
-        if (dwError)
-        {
-            printf("Failed to add group %s to directory (%d)\n",
-                   pszDCClientsGroupDN, dwError);
-        }
-        else
-        {
-            printf("Added group %s to directory.\n",
-                   pszDCClientsGroupDN);
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        printf("Group %s already exists, not added.\n",
-               pszDCClientsGroupDN);
-    }
-
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainDN);
-    VMDIR_SAFE_FREE_STRINGA(pszDCClientsGroupDN);
-
-    return dwError;
-
-error:
-    goto cleanup;
-
-}
-
-static
-DWORD
-AddBuiltinCAAdminsGroup(
-    LDAP* pLd,
-    PCSTR pszServerName
-    )
-{
-    DWORD  dwError = 0;
-    PSTR   pszDomainName = NULL;
-    PSTR   pszDomainDN = NULL;
-    PSTR   pszCAAdminsGroupDN = NULL;
-    PSTR   pszAdministratorDN = NULL;
-    PSTR   pszDCAdminsGroupDN = NULL;
-    PSTR   pszDCClientsGroupDN = NULL;
-    PSTR   ppszVals [4] = { NULL, NULL, NULL, NULL };
-    if (!pLd)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirGetDomainName(
-                  pszServerName,
-                  &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(
-                  pszDomainName,
-                  &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszCAAdminsGroupDN, "cn=%s,cn=%s,%s",
-                  VMDIR_CERT_GROUP_NAME,
-                  VMDIR_BUILTIN_CONTAINER_NAME,
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszDCAdminsGroupDN, "cn=%s,cn=%s,%s",
-                  VMDIR_DC_GROUP_NAME,
-                  VMDIR_BUILTIN_CONTAINER_NAME,
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszDCClientsGroupDN, "cn=%s,cn=%s,%s",
-                  VMDIR_DCCLIENT_GROUP_NAME,
-                  VMDIR_BUILTIN_CONTAINER_NAME,
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(
-                  &pszAdministratorDN, "cn=%s,cn=%s,%s",
-                  "Administrator",
-                  "Users",
-                  pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (!VdcIfDNExist(pLd, pszCAAdminsGroupDN))
-    {
-        dwError = VdcLdapAddGroup(
-                      pLd,
-                      pszCAAdminsGroupDN,
-                      VMDIR_CERT_GROUP_NAME);
-        if (dwError)
-        {
-            printf("Failed to add group %s to directory (%d)\n",
-                   pszCAAdminsGroupDN, dwError);
-        }
-        else
-        {
-            printf("Added group %s to directory.\n",
-                   pszCAAdminsGroupDN);
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        ppszVals[0] = pszAdministratorDN;
-        ppszVals[1] = pszDCAdminsGroupDN;
-        ppszVals[2] = pszDCClientsGroupDN;
-
-        dwError = VdcLdapAddAttributeValues(
-                    pLd,
-                    pszCAAdminsGroupDN,
-                    ATTR_MEMBER,
-                    (PCSTR*) ppszVals);
-        if (dwError)
-        {
-            printf("Failed to add group members %s (%d)\n",
-                pszCAAdminsGroupDN, dwError);
-        }
-        else
-        {
-            printf("Added group members to %s.\n",
-                pszCAAdminsGroupDN);
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        printf("Group %s already exists, not added.\n",
-               pszCAAdminsGroupDN);
-    }
-
-cleanup:
-
-    VMDIR_SAFE_FREE_STRINGA(pszDomainName);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainDN);
-    VMDIR_SAFE_FREE_STRINGA(pszCAAdminsGroupDN);
-    VMDIR_SAFE_FREE_STRINGA(pszDCAdminsGroupDN);
-    VMDIR_SAFE_FREE_STRINGA(pszDCClientsGroupDN);
-    VMDIR_SAFE_FREE_STRINGA(pszAdministratorDN);
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-_UpdatePSCVersion(
-    LDAP* pLd
-    )
-{
-    DWORD  dwError = 0;
-    PSTR   pszDCAccountDN = NULL;
-    PSTR   ppszVals [] = { VDIR_PSC_VERSION, NULL };
-
-    if (!pLd)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VdcLdapReplaceAttributeValues(
-                pLd,
-                PERSISTED_DSE_ROOT_DN,
-                ATTR_PSC_VERSION,
-                (PCSTR*) ppszVals);
-    if (dwError)
-    {
-        printf("Failed to update DSE ROOT PSC version to %s, error (%d)\n", VDIR_PSC_VERSION, dwError);
-    }
-    else
-    {
-        printf("Update DSE ROOT PSC version to %s.\n", VDIR_PSC_VERSION);
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRegReadDCAccountDn( &pszDCAccountDN );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VdcLdapReplaceAttributeValues(
-                pLd,
-                pszDCAccountDN,
-                ATTR_PSC_VERSION,
-                (PCSTR*) ppszVals);
-    if (dwError)
-    {
-        printf("Failed to update DC PSC version to %s, error (%d)\n", VDIR_PSC_VERSION, dwError);
-    }
-    else
-    {
-        printf("Update DC PSC version to %s.\n", VDIR_PSC_VERSION);
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDCAccountDN);
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-AccountDNToName(
-    PCSTR pszDCAccountDN,
-    PSTR* ppszDCAccount)
-{
-    DWORD dwError = 0;
-    PSTR pszDCAccount = NULL;
-    PSTR pStart = NULL;
-    PSTR pEnd = NULL;
-    size_t len = 0;
-
-    if (VmDirStringNCompareA(pszDCAccountDN, "cn=", 3, FALSE))
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pStart = (PSTR)&pszDCAccountDN[3];
-    pEnd = VmDirStringChrA(pStart, ',');
-    if (!pEnd)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    len = pEnd - pStart;
-    dwError = VmDirAllocateMemory(len+1, (PVOID)&pszDCAccount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirStringNCpyA(pszDCAccount, len+1, pStart, len);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pszDCAccount[len] = '\0';
-
-    *ppszDCAccount = pszDCAccount;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
-    goto cleanup;
-}
-
-#ifndef _WIN32
-static
-DWORD
-SetDCAccountRegistryKey(
-    VOID
-    )
-{
-    DWORD  dwError = 0;
-    char   szDCAccountDN[256] = {0};
-    PSTR   pszDCAccount = NULL;
-
-    dwError = VmDirGetRegKeyValue(
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_DC_ACCOUNT_DN,
-                  szDCAccountDN,
-                  sizeof(szDCAccountDN));
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = AccountDNToName(
-                  szDCAccountDN,
-                  &pszDCAccount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = RegUtilSetValue(
-                  NULL,
-                  HKEY_THIS_MACHINE,
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  NULL,
-                  VMDIR_REG_KEY_DC_ACCOUNT,
-                  REG_SZ,
-                  (PVOID)pszDCAccount,
-                  VmDirStringLenA(pszDCAccount)+1);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("Set dcAccount registry key to %s\n", pszDCAccount);
-
-cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
-    return dwError;
-
-error:
-    printf("Failed to set dcAccount registry key (%d)\n", dwError);
-    goto cleanup;
-}
-#else
-static
-DWORD
-SetDCAccountRegistryKey(
-    VOID
-    )
-{
-    DWORD  dwError = 0;
-    char   szDCAccountDN[256] = {0};
-    PSTR   pszDCAccount = NULL;
-    HKEY   hKey = NULL;
-
-    dwError = VmDirGetRegKeyValue(
-                  VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                  VMDIR_REG_KEY_DC_ACCOUNT_DN,
-                  szDCAccountDN,
-                  sizeof(szDCAccountDN));
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = AccountDNToName(
-                  szDCAccountDN,
-                  &pszDCAccount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = RegCreateKeyExA(
-                        HKEY_LOCAL_MACHINE,
-                        VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                        0,
-                        NULL,
-                        REG_OPTION_NON_VOLATILE,
-                        KEY_WRITE,
-                        NULL,
-                        &hKey,
-                        NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = RegSetValueExA(
-                        hKey,
-                        VMDIR_REG_KEY_DC_ACCOUNT,
-                        0,
-                        REG_SZ,
-                        (BYTE*)pszDCAccount,
-                        (DWORD)VmDirStringLenA(pszDCAccount)+1);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    printf("Set dcAccount registry key to %s\n", pszDCAccount);
-
-cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszDCAccount);
-
-    if (hKey)
-    {
-        RegCloseKey(hKey);
-    }
-    return dwError;
-
-error:
-    printf("Failed to set dcAccount registry key (%d)\n", dwError);
-    goto cleanup;
-}
-#endif
-
-static
-DWORD
-UpdateDCAccountSRPSecret(
-    LDAP*   pLd
-    )
-{
-    DWORD       dwError = 0;
-    PSTR        pszSRPSecret = NULL;
-    PSTR        pszUPN = NULL;
-    PSTR        pszPassword = NULL;
-    PSTR        pszDomain = NULL;
-    PSTR        pszDCAccount = NULL;
-    PSTR        pszFilter = NULL;
-
-    dwError = VmDirRegReadDCAccount( &pszDCAccount );
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf( &pszFilter,
-                                             "sAMAccountName=%s",
-                                             pszDCAccount);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VdcLdapGetAttributeValue( pLd,
-                                        "",
-                                        LDAP_SCOPE_BASE,
-                                        pszFilter,
-                                        "vmwSrpSecret",
-                                        &pszSRPSecret);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if ( pszSRPSecret == NULL )
-    {
-        dwError = VmDirGetDomainName( "localhost", &pszDomain );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAllocateStringAVsnprintf( &pszUPN,
-                                                 "%s@%s",
-                                                 pszDCAccount,
-                                                 pszDomain);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirReadDCAccountPassword( &pszPassword );
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirSetSRPSecret( pszUPN, pszPassword );
-        if ( dwError == 0 )
-        {
-            printf("DC Account UPN(%s) SRP Secret set\n", pszUPN);
-        }
-        else if ( dwError == VMDIR_ERROR_ENTRY_ALREADY_EXIST )
-        {
-            dwError = 0;
-            printf("DC Account UPN(%s) SRP Secret already exists\n", pszUPN);
-
-        }
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszSRPSecret);
-    VMDIR_SAFE_FREE_MEMORY(pszUPN);
-    VMDIR_SAFE_FREE_MEMORY(pszPassword);
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszDCAccount);
-    VMDIR_SAFE_FREE_MEMORY(pszFilter);
-
-    return dwError;
-
-error:
-    printf("Failed to UpdateDCActSRPSecret (%d)\n", dwError);
-    goto cleanup;
-}
-
-/* Replace ATTR_ACL_STRING on entries which have attribute nTSecurityDescriptor */
-static
-DWORD
-UpdateEntriesACL(
-    LDAP*   pLd,
-    PCSTR pszServerName,
-    PCSTR pszAdminUPN
-    )
-{
-    DWORD       dwError = 0;
-    PSTR        pszFilter = NULL;
-    PSTR        pAdminSid = NULL;
-    PSTR        pAclString = NULL;
-    PSTR        pszDomainDn = NULL;
-    int         totalCnt = 0;
-    int         failedCnt = 0;
-
-    dwError = VmDirAllocateStringAVsnprintf( &pszFilter,
-                                             "%s=%s",
-                                             ATTR_KRB_UPN,
-                                             pszAdminUPN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VdcLdapGetAttributeValue( pLd,
-                                        "",
-                                        LDAP_SCOPE_SUB,
-                                        pszFilter,
-                                        ATTR_OBJECT_SID,
-                                        &pAdminSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-
-    VMDIR_SAFE_FREE_MEMORY(pszFilter);
-    dwError = VmDirAllocateStringAVsnprintf( &pszFilter,
-                                             "%s=*",
-                                             ATTR_OBJECT_CLASS);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VdcLdapGetAttributeValue( pLd,
-                                        "",
-                                        LDAP_SCOPE_BASE,
-                                        pszFilter,
-                                        ATTR_ROOT_DOMAIN_NAMING_CONTEXT,
-                                        &pszDomainDn);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringAVsnprintf(&pAclString,
-                "O:%sG:BAD:(A;;RPWP;;;%s)(A;;GXNRNWGXCCDCRPWP;;;BA)(A;;GXNRNWGXCCDCRPWP;;;%s)",
-                                            pAdminSid,
-                                            VMDIR_SELF_SID,
-                                            pAdminSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    VMDIR_SAFE_FREE_MEMORY(pszFilter);
-    dwError = VmDirAllocateStringAVsnprintf( &pszFilter,
-                                             "%s=*",
-                                             ATTR_OBJECT_SECURITY_DESCRIPTOR);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VdcLdapReplaceAttrOnEntries( pLd,
-                                          pszDomainDn,
-                                          LDAP_SCOPE_SUB,
-                                          pszFilter,
-                                          ATTR_ACL_STRING,
-                                          pAclString,
-                                          &totalCnt,
-                                          &failedCnt);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    if (failedCnt !=0 || totalCnt == 0)
-    {
-        printf("vdcupgrade Warn: %d out of %d entries failed to upgrade\n", failedCnt, totalCnt);
-    } else
-    {
-       printf("vdcupgrade successfully update %d entries for ACL\n", totalCnt);
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pAdminSid);
-    VMDIR_SAFE_FREE_MEMORY(pszFilter);
-    VMDIR_SAFE_FREE_MEMORY(pAclString);
-    VMDIR_SAFE_FREE_MEMORY(pszDomainDn);
-    return dwError;
-
-error:
-    printf("UpdateEntriesACL got error %d - vdcupgrade proceeds, and please upgrade ACL manually.\n", dwError);
-    dwError = 0;
-    goto cleanup;
-}
-
-static
-DWORD
-ReplaceSamAccountOnDn(
-    LDAP* pLd,
-    PCSTR pszAccountDn,
-    PCSTR pszNewSamAccount
-    )
-{
-    DWORD dwError = 0;
-    PSTR  ppszVals [] = { (PSTR) pszNewSamAccount, NULL };
-
-    if (!pLd || !pszAccountDn || !pszNewSamAccount)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VdcLdapReplaceAttributeValues(
-                pLd,
-                pszAccountDn,
-                ATTR_SAM_ACCOUNT_NAME,
-                (PCSTR*) ppszVals);
-
-    if (dwError)
-    {
-        printf("Failed to update samaccount to %s for %s, error (%d)\n", pszNewSamAccount, pszAccountDn, dwError);
-    }
-    else
-    {
-        printf("Updated samaccount to %s for %s.\n", pszNewSamAccount, pszAccountDn);
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-static
-DWORD
-getPSCVersion(
-    LDAP* pLd,
-    PSTR* ppszPSCVer
-    )
-{
-    DWORD  dwError = 0;
-    PSTR   pszPSCVer = NULL;
-    PCSTR  pszFilter = "objectclass=*";
-
-    if (!pLd || !ppszPSCVer)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VdcLdapGetAttributeValue(pLd,
-				       "",
-				       LDAP_SCOPE_BASE,
-				       pszFilter,
-				       ATTR_PSC_VERSION,
-				       &pszPSCVer);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (IsNullOrEmptyString(pszPSCVer))
-    {
-        dwError = VmDirAllocateStringA("5.5",
-                           &pszPSCVer);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszPSCVer = pszPSCVer;
-
-cleanup:
-
-    return dwError;
-
-error:
-
-    if (ppszPSCVer)
-    {
-        *ppszPSCVer = NULL;
-    }
-
-    VMDIR_SAFE_FREE_MEMORY(pszPSCVer);
-    goto cleanup;
-}
-
diff --git a/lwraft/tools/vdcupgrade/parseargs.c b/lwraft/tools/vdcupgrade/parseargs.c
deleted file mode 100644
index 25b11ed55..000000000
--- a/lwraft/tools/vdcupgrade/parseargs.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcupgrade
- *
- * Filename: parseargs.c
- *
- * Abstract:
- *
- * vdcupgrade argument parsing functions
- *
- */
-
-#include "includes.h"
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszServerName,
-    PSTR*   ppszAdminUPN,
-    PSTR*   ppszPassword,
-    PSTR*   ppszPasswordFile,
-    PBOOLEAN pbAclOnly,
-    PSTR*   ppszPnidFixDcAccountName,
-    PSTR*   ppszPnidFixNewSamAccount
-    )
-{
-    DWORD   dwError = ERROR_SUCCESS;
-#ifndef _WIN32
-    int     opt = 0;
-#else
-    int i = 1;
-    PSTR optarg = NULL;
-#endif
-    PSTR    pszServerName = NULL;
-    PSTR    pszAdminUPN = NULL;
-    PSTR    pszPassword = NULL;
-    PSTR    pszPasswordFile = NULL;
-    PSTR    pszPnidFixDcAccountName = NULL;
-    PSTR    pszPnidFixNewSamAccount = NULL;
-    PSTR    pszServerNameAlloc = NULL;
-    PSTR    pszAdminUPNAlloc = NULL;
-    PSTR    pszPasswordAlloc = NULL;
-    PSTR    pszPasswordFileAlloc = NULL;
-    PSTR    pszPnidFixDcAccountNameAlloc = NULL;
-    PSTR    pszPnidFixNewSamAccountAlloc = NULL;
-    BOOLEAN bAclOnly = FALSE;
-
-    if (ppszServerName == NULL ||
-        ppszAdminUPN == NULL  ||
-        ppszPassword == NULL ||
-        ppszPasswordFile == NULL ||
-        pbAclOnly == NULL )
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-#ifndef _WIN32
-    while ( (opt = getopt( argc, argv, VMDIR_OPTIONS_VALID)) != EOF )
-    {
-        switch ( opt )
-        {
-            case VMDIR_OPTION_SERVER_NAME:
-                pszServerName = optarg;
-                break;
-
-            case VMDIR_OPTION_ADMIN_UPN:
-                pszAdminUPN = optarg;
-                break;
-
-            case VMDIR_OPTION_PASSWORD:
-                pszPassword = optarg;
-                break;
-
-            case VMDIR_OPTION_PASSWORD_FILE:
-                pszPasswordFile = optarg;
-                break;
-            case VMDIR_OPTION_ACLONLY:
-                bAclOnly = TRUE;
-                break;
-            case VMDIR_OPTION_PNIDFIX_DCACCOUNT:
-                pszPnidFixDcAccountName = optarg;
-                break;
-            case VMDIR_OPTION_PNIDFIX_SAMACCOUNT:
-                pszPnidFixNewSamAccount = optarg;
-                break;
-            default:
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDIR_ERROR(dwError);
-                break;
-        }
-    }
-#else
-    while (i < argc)
-    {
-        if (VmDirIsCmdLineOption(argv[i]) != FALSE)
-        {
-            if (VmDirStringCompareA(VMDIR_OPTION_SERVER_NAME, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszServerName);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_ADMIN_UPN, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszAdminUPN);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_PASSWORD, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPassword);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_PASSWORD_FILE, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPasswordFile);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_ACLONLY, argv[i], TRUE) == 0)
-            {
-                bAclOnly = TRUE;
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_PNIDFIX_DCACCOUNT, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPnidFixDcAccountName);
-            }
-            else if (VmDirStringCompareA(VMDIR_OPTION_PNIDFIX_SAMACCOUNT, argv[i], TRUE) == 0)
-            {
-                VmDirGetCmdLineOption(argc, argv, &i, &pszPnidFixNewSamAccount);
-            }
-        }
-        i++;
-    }
-#endif
-
-    dwError = VmDirAllocateStringA(pszServerName, &pszServerNameAlloc);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringA(pszAdminUPN, &pszAdminUPNAlloc);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    if (pszPassword)
-    {
-        dwError = VmDirAllocateStringA(pszPassword, &pszPasswordAlloc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    } else if (pszPasswordFile)
-    {
-        dwError = VmDirAllocateStringA(pszPasswordFile, &pszPasswordFileAlloc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pszPnidFixDcAccountName)
-    {
-        dwError = VmDirAllocateStringA(pszPnidFixDcAccountName, &pszPnidFixDcAccountNameAlloc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (pszPnidFixNewSamAccount)
-    {
-        dwError = VmDirAllocateStringA(pszPnidFixNewSamAccount, &pszPnidFixNewSamAccountAlloc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    *ppszServerName = pszServerNameAlloc;
-    *ppszAdminUPN = pszAdminUPNAlloc;
-    *ppszPassword = pszPasswordAlloc;
-    *ppszPasswordFile = pszPasswordFileAlloc;
-    *pbAclOnly = bAclOnly;
-    *ppszPnidFixDcAccountName = pszPnidFixDcAccountNameAlloc;
-    *ppszPnidFixNewSamAccount = pszPnidFixNewSamAccountAlloc;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_SAFE_FREE_STRINGA(pszServerNameAlloc);
-    VMDIR_SAFE_FREE_STRINGA(pszAdminUPNAlloc);
-    VMDIR_SAFE_FREE_STRINGA(pszPasswordAlloc);
-    VMDIR_SAFE_FREE_STRINGA(pszPasswordFileAlloc);
-    VMDIR_SAFE_FREE_STRINGA(pszPnidFixDcAccountNameAlloc);
-    VMDIR_SAFE_FREE_STRINGA(pszPnidFixNewSamAccountAlloc);
-    goto cleanup;
-}
-
-VOID
-ShowUsage(
-    VOID
-    )
-{
-    printf(
-      "Usage: vdcupgrade -H <host> -D <AdminUPN> [-W <password>|-x <password-file>] -a\n"
-      "Note: -a for ACL upgrade only.\n");
-}
diff --git a/lwraft/tools/vdcupgrade/prototypes.h b/lwraft/tools/vdcupgrade/prototypes.h
deleted file mode 100644
index 503f94926..000000000
--- a/lwraft/tools/vdcupgrade/prototypes.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*prototypes.h*/
-
-DWORD
-VmDirParseArgs(
-    int     argc,
-    char*   argv[],
-    PSTR*   ppszServerName,
-    PSTR*   ppszAdminUPN,
-    PSTR*   ppszPassword,
-    PSTR*   ppszPasswordFile,
-    PBOOLEAN pbAclOnly,
-    PSTR*   ppszPnidFixDcAccountName,
-    PSTR*   ppszPnidFixNewSamAccount
-    );
-
-VOID
-ShowUsage(
-    VOID
-    );
-
-DWORD
-VdcLdapAddAttributeValues(
-    LDAP *pLd,
-    PCSTR pszDN,
-    PCSTR pszAttribute,
-    PCSTR *ppszAttributeValues
-    );
-
-DWORD
-VdcLdapReplaceAttributeValues(
-    LDAP *pLd,
-    PCSTR pszDN,
-    PCSTR pszAttribute,
-    PCSTR *ppszAttributeValues
-    );
-
-DWORD
-VdcLdapGetAttributeValue(
-    LDAP *pLd,
-    PCSTR pBase,
-    int ldapScope,
-    PCSTR pszFilter,
-    PCSTR pszAttribute,
-    PSTR *ppszAttributeValue
-    );
-
-DWORD
-VdcLdapAddContainer(
-    LDAP*  pLd,
-    PCSTR  pszContainerDN,
-    PCSTR  pszContainerName
-    );
-
-DWORD
-VdcLdapAddGroup(
-    LDAP*  pLd,
-    PCSTR  pszGroupDN,
-    PCSTR  pszGroupName
-    );
-
-BOOLEAN
-VdcIfDNExist(
-    LDAP* pLd,
-    PCSTR pszDN);
-
-DWORD
-VdcLdapConnect(
-    PCSTR pszLdapURI,
-    PCSTR pszUserDN,
-    PCSTR pszPassword,
-    LDAP **ppLd
-    );
-
-DWORD
-VdcLdapConnectSRP(
-    PCSTR pszLdapURI,
-    PCSTR pszUserDN,
-    PCSTR pszPassword,
-    LDAP **ppLd
-    );
-
-DWORD
-VdcLdapReplaceAttrOnEntries(
-    LDAP *pLd,
-    PCSTR pBase,
-    int ldapScope,
-    PCSTR pszFilter,
-    PCSTR pAttrName,
-    PCSTR pAttrVal,
-    int *pCnt,
-    int *pFailedCnt
-    );
-
-VOID
-VdcLdapUnbind(
-    LDAP *pLd
-    );
diff --git a/lwraft/tools/vmkdc_admin/Makefile.am b/lwraft/tools/vmkdc_admin/Makefile.am
deleted file mode 100644
index 4ec2d2d69..000000000
--- a/lwraft/tools/vmkdc_admin/Makefile.am
+++ /dev/null
@@ -1,47 +0,0 @@
-bin_PROGRAMS = vmkdc_admin
-
-thirdparty_srcdir = $(top_srcdir)/thirdparty
-thirdparty_builddir = $(top_builddir)/thirdparty
-
-vmkdc_admin_SOURCES = \
-    addprinc.c \
-    ktadd.c \
-    main.c
-
-vmkdc_admin_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server \
-    -I$(thirdparty_srcdir)/heimdal \
-    -I$(thirdparty_srcdir)/heimdal/krb5-crypto \
-    -I$(thirdparty_srcdir)/heimdal/asn1 \
-    @DCERPC_INCLUDES@ \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-vmkdc_admin_LDADD = \
-    $(top_builddir)/server/kdckrb5/libvmkrb5.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/client/liblwraftclient.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/server/kdctools/libvmkdctools.la \
-    $(thirdparty_builddir)/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(thirdparty_builddir)/heimdal/asn1/libasn1.la \
-    $(thirdparty_builddir)/heimdal/asn1/libasn1db.la \
-    @DCERPC_LIBS@ \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @UUID_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @PTHREAD_LIBS@
-
-vmkdc_admin_LDFLAGS = \
-    @DCERPC_LDFLAGS@ \
-    @LW_LDFLAGS@ \
-    @OPENSSL_LDFLAGS@
diff --git a/lwraft/tools/vmkdc_admin/addprinc.c b/lwraft/tools/vmkdc_admin/addprinc.c
deleted file mode 100644
index 3fe2be220..000000000
--- a/lwraft/tools/vmkdc_admin/addprinc.c
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vmkdc_admin
- *
- * Filename: addprinc.c
- *
- * Abstract:
- *
- * vmkdc_admin addprinc module
- *
- */
-
-#include "includes.h"
-
-DWORD
-VmKdcAdminAddPrinc(int argc, char *argv[], PROG_ARGS *args)
-{
-    DWORD   dwError = 0;
-    PCSTR   pszPassword = NULL;
-    PSTR    pszUsername = NULL;
-    PSTR    pszUPNName = NULL;
-    BOOLEAN bRandKey = FALSE;
-    PSTR    p = NULL;
-    PVMKDC_PRINCIPAL pPrincipal = NULL;
-    PVMKDC_CONTEXT pContext = NULL;
-
-    bRandKey = args->randKey;
-    pszPassword = args->password;
-
-    if (!bRandKey && !pszPassword)
-    {
-        ShowUsage(VmKdc_argv0, "no password or random key option specified");
-    }
-
-    if ( argc != 1 || IsNullOrEmptyString(argv[0]) ||
-        (IsNullOrEmptyString(pszPassword) && !bRandKey ) )
-    {
-        ShowUsage(VmKdc_argv0, "Wrong number of principals specified");
-    }
-
-    dwError = VmKdcAdminInitContext(&pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Get the UPN name by parsing/unparsing the input name */
-    dwError = VmKdcParsePrincipalName(pContext, argv[0], &pPrincipal);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcUnparsePrincipalName(pPrincipal, &pszUPNName);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Get the username by copying the UPN name and removing the realm */
-    dwError = VmKdcAllocateStringA(pszUPNName, &pszUsername);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    p = strchr(pszUsername, '@');
-    if (p)
-    {
-        *p = '\0';
-    }
-
-    /* Create the user in vmdir */
-    dwError = VmDirCreateUser((PSTR)pszUsername,
-                              (PSTR)pszPassword,
-                              pszUPNName,
-                              bRandKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-error:
-
-    VMKDC_SAFE_FREE_PRINCIPAL(pPrincipal);
-    VMKDC_SAFE_FREE_STRINGA(pszUPNName);
-    if (pContext)
-    {
-        VmKdcAdminDestroyContext(pContext);
-        pContext = NULL;
-    }
-
-    return dwError;
-}
diff --git a/lwraft/tools/vmkdc_admin/defines.h b/lwraft/tools/vmkdc_admin/defines.h
deleted file mode 100644
index 827d5092c..000000000
--- a/lwraft/tools/vmkdc_admin/defines.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-#define VMKDC_ADMIN_DEFAULT_REALM "VSPHERE.LOCAL"
-
-#ifndef _WIN32
-
-#define VMKDC_ADMIN_OPTION_PASSWORD 'p'
-#define VMKDC_ADMIN_OPTION_KEYTAB 'k'
-#define VMKDC_ADMIN_OPTION_RANDKEY 'r'
-#define VMKDC_ADMIN_OPTION_HELP 'h'
-#define VMKDC_ADMIN_ADDPRINC_OPTIONS_VALID "p:r"
-#define VMKDC_ADMIN_KTADD_OPTIONS_VALID "k:"
-
-#else
-
-#define VMKDC_ADMIN_OPTION_PASSWORD "-p"
-#define VMKDC_ADMIN_OPTION_KEYTAB "-k"
-#define VMKDC_ADMIN_OPTION_RANDKEY "-r"
-#define VMKDC_ADMIN_OPTION_HELP "-h"
-
-#endif
diff --git a/lwraft/tools/vmkdc_admin/includes.h b/lwraft/tools/vmkdc_admin/includes.h
deleted file mode 100644
index 52ffd9c5c..000000000
--- a/lwraft/tools/vmkdc_admin/includes.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vmkdc_admin
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vmkdc_admin main module include file
- *
- */
-#ifndef _WIN32 /* ============= LINUX ONLY ================ */
-
-#include <config.h>
-#include <vmkdcsys.h>
-
-#include <lwrpcrt/lwrpcrt.h>
-#include <reg/lwreg.h>
-#include <reg/regutil.h>
-
-#else
-/* ========================= WIN32 ONLY ======================== */
-
-#pragma once
-#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
-
-#include <windows.h>
-#include <stdio.h>
-#include <stdint.h>
-#include <tchar.h>
-
-#define LW_STRICT_NAMESPACE
-#include <lw/types.h>
-
-#include "banned.h"
-
-#endif
-
-#include <kdctools/includes.h>
-#include <public/vmdirclient.h>
-
-#include "defines.h"
-#include "structs.h"
-#include "prototypes.h"
-
diff --git a/lwraft/tools/vmkdc_admin/ktadd.c b/lwraft/tools/vmkdc_admin/ktadd.c
deleted file mode 100644
index 38010abb6..000000000
--- a/lwraft/tools/vmkdc_admin/ktadd.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vmkdc_admin
- *
- * Filename: ktadd.c
- *
- * Abstract:
- *
- * vmkdc_admin kdadd module
- *
- */
-
-#include "includes.h"
-
-static
-VOID
-VmKdcFreeKeyTabEntry(
-    PVMKDC_MIT_KEYTAB_FILE pKeyTabEntry)
-{
-    int i = 0;
-
-    if (pKeyTabEntry)
-    {
-        for (i=0; i<pKeyTabEntry->nameComponentsLen; i++)
-        {
-            VMKDC_SAFE_FREE_STRINGA(pKeyTabEntry->nameComponents[i]);
-        }
-        VMKDC_SAFE_FREE_MEMORY(pKeyTabEntry->nameComponents);
-        VMKDC_SAFE_FREE_KEY(pKeyTabEntry->key);
-        VMKDC_SAFE_FREE_STRINGA(pKeyTabEntry->realm);
-        VmKdcFreeMemory(pKeyTabEntry);
-    }
-}
-
-static
-DWORD
-VmKdcMakeKeyTabEntry(
-    PVMKDC_CONTEXT pContext,
-    PCSTR pszUpnName,
-    PVMKDC_KEY pKey,
-    PVMKDC_MIT_KEYTAB_FILE *ppRetKeyTabEntry)
-{
-    DWORD dwError = 0;
-    PVMKDC_MIT_KEYTAB_FILE pKeyTabEntry = NULL;
-    PVMKDC_PRINCIPAL pPrincipal = NULL;
-    int i = 0;
-
-    dwError = VmKdcAllocateMemory(sizeof(VMKDC_MIT_KEYTAB_FILE),
-                                  (PVOID*)&pKeyTabEntry);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcParsePrincipalName(pContext, pszUpnName, &pPrincipal);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pKeyTabEntry->princType = pPrincipal->type;
-
-    dwError = VmKdcAllocateStringA(VMKDC_GET_PTR_DATA(pPrincipal->realm),
-                                   &pKeyTabEntry->realm);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pKeyTabEntry->nameComponentsLen = pPrincipal->numComponents;
-
-    dwError = VmKdcAllocateMemory(sizeof(char *) * pKeyTabEntry->nameComponentsLen,
-                                  (PVOID*)&pKeyTabEntry->nameComponents);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    for (i=0; i<pPrincipal->numComponents; i++)
-    {
-        dwError = VmKdcAllocateStringA(VMKDC_GET_PTR_DATA(pPrincipal->components[i]),
-                                       &pKeyTabEntry->nameComponents[i]);
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    pKeyTabEntry->timeStamp = (int)time(NULL);
-
-    dwError = VmKdcCopyKey(pKey, &pKeyTabEntry->key);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    *ppRetKeyTabEntry = pKeyTabEntry;
-
-error:
-    if (dwError)
-    {
-        VmKdcFreeKeyTabEntry(pKeyTabEntry);
-        pKeyTabEntry = NULL;
-    }
-    VMKDC_SAFE_FREE_PRINCIPAL(pPrincipal);
-
-    return dwError;
-}
-
-DWORD
-VmKdcAdminKtAdd(int argc, char *argv[], PROG_ARGS *args)
-{
-    DWORD   dwError = 0;
-    PSTR    pszUpnName = NULL;
-    PCSTR   pszDomainName = NULL;
-    PCSTR   pszKeyTab = "/tmp/krb.keys";
-    PBYTE	pMasterKeyBlob = NULL;
-    DWORD	dwMasterKeySize = 0;
-    PBYTE	pUpnKeyBlob = NULL;
-    DWORD	dwUpnKeySize = 0;
-    PVMKDC_DATA pUpnKeyData = NULL;
-    PVMKDC_KEYSET pUpnKeySet = NULL;
-    PVMKDC_KEY pMasterKey = NULL;
-    PVMKDC_KEYTAB_HANDLE pKeyTab = NULL;
-    PVMKDC_MIT_KEYTAB_FILE pKeyTabEntry = NULL;
-    PVMKDC_PRINCIPAL pPrincipal = NULL;
-    PVMKDC_CONTEXT pContext = NULL;
-    int i = 0;
-
-    if (args->keytab)
-    {
-        pszKeyTab = args->keytab;
-    }
-
-    if (argc != 1 || IsNullOrEmptyString(argv[0]))
-    {
-        ShowUsage(VmKdc_argv0, "Wrong number of principals specified");
-    }
-
-    dwError = VmKdcAdminInitContext(&pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pszDomainName = gVmkdcGlobals.pszDefaultRealm;
-
-    /* Get the UPN name by parsing/unparsing the input name */
-    dwError = VmKdcParsePrincipalName(pContext, argv[0], &pPrincipal);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcUnparsePrincipalName(pPrincipal, &pszUpnName);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Get the encrypted principal keys */
-    dwError = VmDirGetKrbUPNKey((PSTR)pszUpnName, &pUpnKeyBlob, &dwUpnKeySize);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Decode the principal keys */
-    dwError = VmKdcAllocateData(pUpnKeyBlob,
-                                dwUpnKeySize,
-                                &pUpnKeyData);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcDecodeKeySet(pUpnKeyData, &pUpnKeySet);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Get the unencrypted master key */
-    dwError = VmDirGetKrbMasterKey((PSTR)pszDomainName, &pMasterKeyBlob, &dwMasterKeySize);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Decode the master key */
-    dwError = VmKdcDecodeMasterKey(pMasterKeyBlob,
-                                   dwMasterKeySize,
-                                   &pMasterKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Decrypt the principal keys */
-    dwError = VmKdcDecryptKeySet(pContext, pMasterKey, pUpnKeySet);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    /* Open keytab */
-    dwError = VmKdcParseKeyTabOpen((PSTR)pszKeyTab, "a", &pKeyTab);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    for (i=0; i<pUpnKeySet->numKeys; i++)
-    {
-        /* Construct a new keytab entry */
-        dwError = VmKdcMakeKeyTabEntry(pContext,
-                                       pszUpnName,
-                                       pUpnKeySet->keys[i],
-                                       &pKeyTabEntry);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        /* Write the keytab entry */
-        dwError = VmKdcParseKeyTabWrite(pKeyTab, pKeyTabEntry);
-        BAIL_ON_VMKDC_ERROR(dwError);
-
-        VmKdcFreeKeyTabEntry(pKeyTabEntry);
-        pKeyTabEntry = NULL;
-    }
-
-error:
-    if (pKeyTab)
-    {
-        VmKdcParseKeyTabClose(pKeyTab);
-        pKeyTab = NULL;
-    }
-    if (pKeyTabEntry)
-    {
-        VmKdcFreeKeyTabEntry(pKeyTabEntry);
-        pKeyTabEntry = NULL;
-    }
-    if (pContext)
-    {
-        VmKdcAdminDestroyContext(pContext);
-        pContext = NULL;
-    }
-    VMKDC_SAFE_FREE_KEY(pMasterKey);
-    VMKDC_SAFE_FREE_KEYSET(pUpnKeySet);
-    VMKDC_SAFE_FREE_DATA(pUpnKeyData);
-    VMKDC_SAFE_FREE_PRINCIPAL(pPrincipal);
-    VMKDC_SAFE_FREE_MEMORY(pMasterKeyBlob);
-    VMKDC_SAFE_FREE_MEMORY(pUpnKeyBlob);
-
-    return dwError;
-}
diff --git a/lwraft/tools/vmkdc_admin/main.c b/lwraft/tools/vmkdc_admin/main.c
deleted file mode 100644
index cf040557d..000000000
--- a/lwraft/tools/vmkdc_admin/main.c
+++ /dev/null
@@ -1,358 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vmkdc_admin
- *
- * Filename: main.c
- *
- * Abstract:
- *
- * vmkdc_admin main module entry point
- *
- */
-
-#include "includes.h"
-
-#define VMKDC_ADMIN_DEFAULT_REALM           "VSPHERE.LOCAL"
-#ifndef _WIN32
-#define VMKDC_CONFIG_PARAMETER_KEY_PATH     "Services\\vmafd\\Parameters"
-#define VMKDC_REG_KEY_DEFAULT_REALM         "DomainName"
-#else
-#define VMKDC_CONFIG_PARAMETER_KEY_PATH     _T("SYSTEM\\CurrentControlSet\\Services\\VMWareAfdService\\Parameters")
-#define VMKDC_REG_KEY_DEFAULT_REALM         _T("DomainName")
-#endif
-#define VMKDC_MAX_CONFIG_VALUE_LENGTH       255
-
-VMKDC_GLOBALS gVmkdcGlobals = {0};
-char *VmKdc_argv0 = NULL;
-
-VOID
-ShowUsage(
-    PSTR argv0,
-    PSTR msg)
-{
-    char usage[] = "Usage: %s addprinc [-p <password> | -r] <princ> \n"\
-                   "       %s ktadd [-k <keytab>] <princ>\n";
-    if (msg)
-    {
-        printf("%s\n", msg);
-    }
-    printf(usage, argv0, argv0);
-    exit(1);
-}
-
-VOID
-parseArgs(
-    int argc,
-    char *argv[],
-    PROG_ARGS *args,
-    int *params)
-{
-    int i;
-
-    i = 1;
-    while (i<argc && argv[i][0] == '-')
-    {
-        if (strcmp("-p", argv[i]) == 0 ||
-            strcmp("--password", argv[i]) == 0)
-        {
-            i++;
-            if (i >= argc)
-            {
-                ShowUsage(VmKdc_argv0, "-p password missing");
-            }
-            args->password = strdup(argv[i]);
-            i++;
-        }
-        else if (strcmp("-r", argv[i]) == 0 ||
-            strcmp("--randkey", argv[i]) == 0)
-        {
-            i++;
-            args->randKey = TRUE;
-        }
-        else if (strcmp("-k", argv[i]) == 0 ||
-            strcmp("--keytab", argv[i]) == 0)
-        {
-            i++;
-            if (i >= argc)
-            {
-                ShowUsage(VmKdc_argv0, "-k keytab file name missing");
-            }
-            args->keytab = strdup(argv[i]);
-            i++;
-        }
-        else
-        {
-            ShowUsage(VmKdc_argv0, "Unknown option");
-        }
-    }
-
-    if (i<argc)
-    {
-        *params = i;
-    }
-}
-
-typedef enum {
-    VMKDC_ADMIN_COMMAND_ADDPRINC=1,
-    VMKDC_ADMIN_COMMAND_KTADD,
-} VMKDC_ADMIN_COMMANDS;
-
-static
-DWORD
-VmKdcRegGetDefaultRealm(
-    PCHAR *ppszDefaultRealm)
-{
-    DWORD dwError = 0;
-    char szValue[VMKDC_MAX_CONFIG_VALUE_LENGTH] = {0};
-    DWORD dwValueSize = sizeof(szValue);
-    PCHAR pszDefaultRealm = NULL;
-    HKEY hKey = NULL;
-#ifndef _WIN32
-    HANDLE hConnection = NULL;
-#endif
-
-#ifndef _WIN32
-    dwError = RegOpenServer(&hConnection);
-    BAIL_ON_VMKDC_ERROR(dwError);
-#endif
-
-    dwError = RegOpenKeyExA(
-#ifndef _WIN32
-                hConnection,
-                NULL,
-                HKEY_THIS_MACHINE,
-#else
-                HKEY_LOCAL_MACHINE,
-                NULL,
-#endif
-                0,
-                KEY_READ,
-                &hKey);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = RegGetValueA(
-#ifndef _WIN32
-                           hConnection,
-#endif
-                           hKey,
-                           VMKDC_CONFIG_PARAMETER_KEY_PATH,
-                           VMKDC_REG_KEY_DEFAULT_REALM,
-                           RRF_RT_REG_SZ,
-                           NULL,
-                           szValue,
-                           &dwValueSize);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    dwError = VmKdcAllocateStringA(szValue,
-                                   &pszDefaultRealm);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    *ppszDefaultRealm = pszDefaultRealm;
-
-error:
-
-    if (hKey)
-    {
-        dwError = RegCloseKey(
-#ifndef _WIN32
-                           hConnection,
-#endif
-                           hKey);
-    }
-
-#ifndef _WIN32
-    if (hConnection)
-    {
-        RegCloseServer(hConnection);
-    }
-#endif
-
-    return dwError;
-}
-
-#ifndef _WIN32
-int main(int argc, char* argv[])
-#else
-int _tmain(int argc, TCHAR *targv[])
-#endif
-{
-    DWORD   dwError = 0;
-    PROG_ARGS args = {0};
-    int params = 0;
-    VMKDC_ADMIN_COMMANDS cmd;
-
-#ifdef _WIN32
-
-    char** allocArgv = NULL;
-    PSTR* argv = NULL;
-    char pathsep = '\\';
-
-#ifdef UNICODE
-    dwError = VmKdcAllocateArgsAFromArgsW( argc, targv, &allocArgv );
-    BAIL_ON_VMKDC_ERROR(dwError);
-    argv = allocArgv;
-#else
-    argv = targv; // non-unicode => targv is char
-#endif
-
-#else
-    char pathsep = '/';
-#endif
-
-    dwError = VmKdcRegGetDefaultRealm(&gVmkdcGlobals.pszDefaultRealm);
-    if (dwError)
-    {
-        dwError = VmKdcAllocateStringA(VMKDC_ADMIN_DEFAULT_REALM,
-                                       &gVmkdcGlobals.pszDefaultRealm);
-    }
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    VmKdc_argv0 = strrchr(argv[0], pathsep);
-    if (VmKdc_argv0)
-    {
-        VmKdc_argv0++;
-    }
-    else
-    {
-        VmKdc_argv0 = argv[0];
-    }
-
-    if (argc < 2)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-
-    if (VmKdcStringCompareA("addprinc",
-                            argv[1], TRUE) == 0)
-    {
-        cmd = VMKDC_ADMIN_COMMAND_ADDPRINC;
-    } 
-    else if (VmKdcStringCompareA("ktadd",
-                                  argv[1], TRUE) == 0)
-    {
-        cmd = VMKDC_ADMIN_COMMAND_KTADD;
-    }
-    else
-    {
-        ShowUsage(VmKdc_argv0, "Unknown command");
-    }
-
-    parseArgs(argc-1, &argv[1], &args, &params);
-    if (params == 0)
-    {
-        ShowUsage(VmKdc_argv0, "No UPN name specified");
-    }
-    params += 1; // Passed in argv[1]
-
-    switch (cmd)
-    {
-      case VMKDC_ADMIN_COMMAND_ADDPRINC:
-        dwError = VmKdcAdminAddPrinc(argc-params, &argv[params], &args);
-        BAIL_ON_VMKDC_ERROR(dwError);
-        break;
-
-      case VMKDC_ADMIN_COMMAND_KTADD:
-        dwError = VmKdcAdminKtAdd(argc-params, &argv[params], &args);
-        BAIL_ON_VMKDC_ERROR(dwError);
-        break;
-
-      default:
-        ShowUsage(VmKdc_argv0, "Unknown command");
-        break;
-    }
-
-error:
-    if (dwError == ERROR_INVALID_PARAMETER)
-    {
-        ShowUsage(VmKdc_argv0, NULL);
-    }
-    else if (dwError)
-    {
-        printf("command failed, dwError=%d\n", dwError);
-    }
-
-    VmKdcDestroyKrb5(gVmkdcGlobals.pKrb5Ctx);
-    gVmkdcGlobals.pKrb5Ctx = NULL;
-
-    VMKDC_SAFE_FREE_STRINGA(gVmkdcGlobals.pszDefaultRealm);
-
-    VmKdcDestroyKrb5(gVmkdcGlobals.pKrb5Ctx);
-    gVmkdcGlobals.pKrb5Ctx = NULL;
-
-#ifdef _WIN32
-    VmKdcDeallocateArgsA(argc, allocArgv);
-    allocArgv = NULL;
-#endif
-
-    return dwError;
-}
-
-VOID
-VmKdcAdminDestroyContext(
-    PVMKDC_CONTEXT pContext)
-{
-    if (pContext)
-    {
-        if (pContext->pGlobals)
-        {
-            if (pContext->pGlobals->pKrb5Ctx)
-            {
-                VmKdcDestroyKrb5(pContext->pGlobals->pKrb5Ctx);
-                pContext->pGlobals->pKrb5Ctx = NULL;
-            }
-            VMKDC_SAFE_FREE_STRINGA(pContext->pGlobals->pszDefaultRealm);
-        }
-        VMKDC_SAFE_FREE_MEMORY(pContext);
-    }
-}
-
-DWORD
-VmKdcAdminInitContext(
-    PVMKDC_CONTEXT *ppRetContext)
-{
-    DWORD dwError = 0;
-    PVMKDC_CONTEXT pContext = NULL;
-
-    dwError = VmKdcAllocateMemory(sizeof(VMKDC_CONTEXT),
-                                  (PVOID*)&pContext);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    pContext->pGlobals = &gVmkdcGlobals;
-    pContext->pRequest = NULL;
-
-    dwError = VmKdcInitKrb5(&pContext->pGlobals->pKrb5Ctx);
-    BAIL_ON_VMKDC_ERROR(dwError);
-
-    if (!pContext->pGlobals->pszDefaultRealm)
-    {
-        dwError = VmKdcAllocateStringA(VMKDC_ADMIN_DEFAULT_REALM,
-                                       &pContext->pGlobals->pszDefaultRealm);
-        BAIL_ON_VMKDC_ERROR(dwError);
-    }
-    *ppRetContext = pContext;
-
-error:
-    if (dwError)
-    {
-        VmKdcAdminDestroyContext(pContext);
-        pContext = NULL;
-    }
-
-    return dwError;
-}
diff --git a/lwraft/tools/vmkdc_admin/prototypes.h b/lwraft/tools/vmkdc_admin/prototypes.h
deleted file mode 100644
index 95b3465d1..000000000
--- a/lwraft/tools/vmkdc_admin/prototypes.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-
-extern char *VmKdc_argv0;
-
-VOID
-ShowUsage(
-    PSTR argv0,
-    PSTR msg
-    );
-
-DWORD
-VmKdcAdminAddPrinc(
-    int argc,
-    char *argv[],
-    PROG_ARGS *args
-    );
-
-DWORD
-VmKdcAdminKtAdd(
-    int argc,
-    char *argv[],
-    PROG_ARGS *args
-    );
-
-VOID
-VmKdcAdminDestroyContext(
-    PVMKDC_CONTEXT pContext
-    );
-
-DWORD
-VmKdcAdminInitContext(
-    PVMKDC_CONTEXT *ppRetContext
-    );
diff --git a/lwraft/tools/vmkdc_admin/structs.h b/lwraft/tools/vmkdc_admin/structs.h
deleted file mode 100644
index f67f9ddea..000000000
--- a/lwraft/tools/vmkdc_admin/structs.h
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-typedef struct _PROG_ARGS
-{
-    char *password;
-    int randKey;
-    char *keytab;
-} PROG_ARGS;
-
diff --git a/lwraft/m4/README b/m4/README
similarity index 100%
rename from lwraft/m4/README
rename to m4/README
diff --git a/config/m4/as-ac-expand.m4 b/m4/as-ac-expand.m4
similarity index 100%
rename from config/m4/as-ac-expand.m4
rename to m4/as-ac-expand.m4
diff --git a/config/m4/libtool.m4 b/m4/libtool.m4
similarity index 100%
rename from config/m4/libtool.m4
rename to m4/libtool.m4
diff --git a/config/m4/ltoptions.m4 b/m4/ltoptions.m4
similarity index 100%
rename from config/m4/ltoptions.m4
rename to m4/ltoptions.m4
diff --git a/config/m4/ltsugar.m4 b/m4/ltsugar.m4
similarity index 100%
rename from config/m4/ltsugar.m4
rename to m4/ltsugar.m4
diff --git a/config/m4/ltversion.m4 b/m4/ltversion.m4
similarity index 100%
rename from config/m4/ltversion.m4
rename to m4/ltversion.m4
diff --git a/config/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4
similarity index 100%
rename from config/m4/lt~obsolete.m4
rename to m4/lt~obsolete.m4
diff --git a/support/developer/bin/connect-lw-devkit b/support/developer/bin/connect-lw-devkit
deleted file mode 100755
index 17283efc9..000000000
--- a/support/developer/bin/connect-lw-devkit
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-docker exec -it lightwave-dev /bin/bash
-
diff --git a/support/developer/bin/make-lw-devkit b/support/developer/bin/make-lw-devkit
deleted file mode 100755
index 9b7a696de..000000000
--- a/support/developer/bin/make-lw-devkit
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-#
-# Note : Assumes your workspace is in $HOME/workspaces
-#
-
-docker run -d \
-           --name lightwave-dev \
-           --privileged \
-           -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
-           -v $HOME/workspaces:$HOME/workspaces \
-           -it \
-           vmware/lightwave-dev-kit
diff --git a/support/developer/buildenv/Dockerfile b/support/developer/buildenv/Dockerfile
deleted file mode 100644
index 97c1ce9af..000000000
--- a/support/developer/buildenv/Dockerfile
+++ /dev/null
@@ -1,50 +0,0 @@
-FROM vmware/photon:1.0
-MAINTAINER "Sriram Nambakam" <snambakam@vmware.com>
-ENV container=docker
-VOLUME ["/sys/fs/cgroup"]
-
-# install systemd
-RUN tdnf update -y tdnf; \
-    tdnf update -y rpm; \
-    tdnf install -y systemd; \
-    # Remove unused systemd services
-    rm -f /etc/systemd/system/*.wants/*;\
-    rm -f /lib/systemd/system/sysinit.target.wants/systemd-tmpfiles-setup.service;\
-    rm -f /lib/systemd/system/multi-user.target.wants/*;\
-    rm -f /lib/systemd/system/local-fs.target.wants/*; \
-    rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
-    rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
-    mkdir -p /var/run/sshd; chmod -rx /var/run/sshd; \
-    # configure journald
-    tdnf install -y sed; \
-    sed -i 's/#Storage=auto/Storage=persistent/' /etc/systemd/journald.conf; \
-    # setup tools required for development
-    tdnf install -y procps-ng; \
-    tdnf install -y binutils; \
-    tdnf install -y git; \
-    tdnf install -y make; \
-    tdnf install -y gawk; \
-    tdnf install -y autoconf; \
-    tdnf install -y automake; \
-    tdnf install -y libtool; \
-    tdnf install -y gcc; \
-    tdnf install -y glibc-devel; \
-    tdnf install -y linux-api-headers; \
-    tdnf install -y util-linux-devel; \
-    tdnf install -y e2fsprogs-devel; \
-    tdnf install -y rpm-build; \
-    tdnf install -y rpm-devel; \
-    tdnf install -y openjdk; \
-    tdnf install -y apache-maven; \
-    tdnf install -y apache-ant; \
-    tdnf install -y ant-contrib; \
-    tdnf install -y jaxws-ri; \
-    tdnf install -y python2-devel; \
-    tdnf install -y apache-tomcat; \
-    tdnf install -y boost-devel; \
-    tdnf install -y openssl-devel; \
-    tdnf install -y likewise-open-devel;
-
-EXPOSE 22
-
-ENTRYPOINT ["/bin/bash"]
diff --git a/support/developer/buildenv/Makefile b/support/developer/buildenv/Makefile
deleted file mode 100644
index 2d786c471..000000000
--- a/support/developer/buildenv/Makefile
+++ /dev/null
@@ -1,23 +0,0 @@
-SRCROOT := $(realpath .)
-
-STAGING_DIR=$(SRCROOT)/staging
-DOCKER_IMAGE=$(STAGING_DIR)/lightwave-dev-kit.tar
-DOCKER_IMAGE_TAG="vmware/lightwave-dev-kit"
-
-all: container
-
-container: $(DOCKER_IMAGE)
-	docker save $(DOCKER_IMAGE_TAG) > $(DOCKER_IMAGE)
-
-$(DOCKER_IMAGE): $(STAGING_DIR)/Dockerfile
-	docker build --no-cache --tag $(DOCKER_IMAGE_TAG) $(STAGING_DIR)
-
-$(STAGING_DIR)/Dockerfile: $(STAGING_DIR) Dockerfile
-	cp -f Dockerfile $@
-
-$(STAGING_DIR):
-	mkdir -p $@
-
-clean:
-	rm -rf $(STAGING_DIR)
-
diff --git a/support/docker/lightwave-init b/support/docker/lightwave-init
index a7acea8eb..8546f06dd 100755
--- a/support/docker/lightwave-init
+++ b/support/docker/lightwave-init
@@ -3,7 +3,7 @@
 # entry into container
 
 JSVC_BIN=/var/opt/commons-daemon-1.0.15/bin/jsvc
-JAVA_HOME=/var/opt/OpenJDK-1.8.0.112-bin
+JAVA_HOME=/etc/alternatives/jre/../
 
 function stop_idmd {
     local SERVICE_NAME=vmware-idmd
diff --git a/support/make/makedefs.mk b/support/make/makedefs.mk
index e67654d81..a31330d3f 100644
--- a/support/make/makedefs.mk
+++ b/support/make/makedefs.mk
@@ -18,9 +18,9 @@ LW_SERVER_SRCROOT=$(SRCROOT)/lw-server
 LW_SERVER_PKGDIR=$(LW_SERVER_SRCROOT)/rpmbuild/RPMS/$(ARCH)
 
 LW_SERVER_MAJOR_VER=1
-LW_SERVER_MINOR_VER=2
-LW_SERVER_RELEASE_VER=0
-LW_SERVER_PATCH_VER=0
+LW_SERVER_MINOR_VER=3
+LW_SERVER_RELEASE_VER=1
+LW_SERVER_PATCH_VER=5
 LW_SERVER_VERSION=$(LW_SERVER_MAJOR_VER).$(LW_SERVER_MINOR_VER).$(LW_SERVER_RELEASE_VER)-$(LW_SERVER_PATCH_VER)
 LW_SERVER_PKG_NAME=vmware-lightwave-server
 LW_SERVER_RPM=$(LW_SERVER_PKG_NAME)-$(LW_SERVER_VERSION).$(ARCH).rpm
@@ -29,9 +29,9 @@ LW_CLIENTS_SRCROOT=$(SRCROOT)/lw-clients
 LW_CLIENTS_PKGDIR=$(LW_CLIENTS_SRCROOT)/rpmbuild/RPMS/$(ARCH)
 
 LW_CLIENTS_MAJOR_VER=1
-LW_CLIENTS_MINOR_VER=2
+LW_CLIENTS_MINOR_VER=3
 LW_CLIENTS_RELEASE_VER=0
-LW_CLIENTS_PATCH_VER=0
+LW_CLIENTS_PATCH_VER=1
 LW_CLIENTS_VERSION=$(LW_CLIENTS_MAJOR_VER).$(LW_CLIENTS_MINOR_VER).$(LW_CLIENTS_RELEASE_VER)-$(LW_CLIENTS_PATCH_VER)
 LW_CLIENTS_PKG_NAME=vmware-lightwave-clients
 LW_CLIENTS_RPM=$(LW_CLIENTS_PKG_NAME)-$(LW_CLIENTS_VERSION).$(ARCH).rpm
@@ -40,11 +40,11 @@ LW_RAFT_SRCROOT=$(SRCROOT)/lw-raft
 LW_RAFT_PKGDIR=$(LW_RAFT_SRCROOT)/rpmbuild/RPMS/$(ARCH)
 
 LW_RAFT_MAJOR_VER=1
-LW_RAFT_MINOR_VER=2
+LW_RAFT_MINOR_VER=3
 LW_RAFT_RELEASE_VER=0
-LW_RAFT_PATCH_VER=0
+LW_RAFT_PATCH_VER=5
 LW_RAFT_VERSION=$(LW_RAFT_MAJOR_VER).$(LW_RAFT_MINOR_VER).$(LW_RAFT_RELEASE_VER)-$(LW_RAFT_PATCH_VER)
-LW_RAFT_PKG_NAME=vmware-lightwave-raft
+LW_RAFT_PKG_NAME=vmware-objectstore
 LW_RAFT_RPM=$(LW_RAFT_PKG_NAME)-$(LW_RAFT_VERSION).$(ARCH).rpm
 
 
@@ -54,9 +54,9 @@ VMEVENT_SRCROOT=$(SRCROOT)/vmevent
 VMEVENT_PKGDIR=$(VMEVENT_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 VMEVENT_MAJOR_VER=1
-VMEVENT_MINOR_VER=2
+VMEVENT_MINOR_VER=3
 VMEVENT_RELEASE_VER=0
-VMEVENT_PATCH_VER=0
+VMEVENT_PATCH_VER=3
 VMEVENT_VERSION=$(VMEVENT_MAJOR_VER).$(VMEVENT_MINOR_VER).$(VMEVENT_RELEASE_VER)-$(VMEVENT_PATCH_VER)
 VMEVENT_CLIENT_DEVEL_PKG_NAME=vmware-event-devel
 VMEVENT_CLIENT_DEVEL_RPM=$(VMEVENT_CLIENT_DEVEL_PKG_NAME)-$(VMEVENT_VERSION).$(ARCH).rpm
@@ -66,84 +66,92 @@ VMDIR_SRCROOT=$(SRCROOT)/vmdir
 VMDIR_PKGDIR=$(VMDIR_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 VMDIR_MAJOR_VER=1
-VMDIR_MINOR_VER=2
+VMDIR_MINOR_VER=3
 VMDIR_RELEASE_VER=0
-VMDIR_PATCH_VER=0
+VMDIR_PATCH_VER=5
 VMDIR_VERSION=$(VMDIR_MAJOR_VER).$(VMDIR_MINOR_VER).$(VMDIR_RELEASE_VER)-$(VMDIR_PATCH_VER)
-VMDIR_PSC_VERSION=6.7.0
 VMDIR_SERVER_PKG_NAME=vmware-directory
 VMDIR_CLIENT_PKG_NAME=vmware-directory-client
 VMDIR_CLIENT_DEVEL_PKG_NAME=vmware-directory-client-devel
+VMDIR_DBGINFO_PKG_NAME=vmware-directory-debuginfo
 VMDIR_SERVER_RPM=$(VMDIR_SERVER_PKG_NAME)-$(VMDIR_VERSION).$(ARCH).rpm
 VMDIR_CLIENT_RPM=$(VMDIR_CLIENT_PKG_NAME)-$(VMDIR_VERSION).$(ARCH).rpm
 VMDIR_CLIENT_DEVEL_RPM=$(VMDIR_CLIENT_DEVEL_PKG_NAME)-$(VMDIR_VERSION).$(ARCH).rpm
-VMDIR_RPMS=$(VMDIR_SERVER_RPM) $(VMDIR_CLIENT_RPM) $(VMDIR_CLIENT_DEVEL_RPM)
+VMDIR_DBGINFO_RPM=$(VMDIR_DBGINFO_PKG_NAME)-$(VMDIR_VERSION).$(ARCH).rpm
+VMDIR_RPMS=$(VMDIR_SERVER_RPM) $(VMDIR_CLIENT_RPM) $(VMDIR_CLIENT_DEVEL_RPM) $(VMDIR_DBGINFO_RPM)
 
 LWRAFT_SRCROOT=$(SRCROOT)/lwraft
 LWRAFT_PKGDIR=$(LWRAFT_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 LWRAFT_MAJOR_VER=1
-LWRAFT_MINOR_VER=2
+LWRAFT_MINOR_VER=3
 LWRAFT_RELEASE_VER=0
-LWRAFT_PATCH_VER=0
+LWRAFT_PATCH_VER=5
 LWRAFT_VERSION=$(LWRAFT_MAJOR_VER).$(LWRAFT_MINOR_VER).$(LWRAFT_RELEASE_VER)-$(LWRAFT_PATCH_VER)
-LWRAFT_SERVER_PKG_NAME=lightwave-raft
-LWRAFT_CLIENT_PKG_NAME=lightwave-raft-client
-LWRAFT_CLIENT_DEVEL_PKG_NAME=lightwave-raft-client-devel
+LWRAFT_SERVER_PKG_NAME=vmware-post
+LWRAFT_CLIENT_PKG_NAME=vmware-post-client
+LWRAFT_CLIENT_DEVEL_PKG_NAME=vmware-post-client-devel
+LWRAFT_DEBUGINFO_PKG_NAME=vmware-post-debuginfo
 LWRAFT_SERVER_RPM=$(LWRAFT_SERVER_PKG_NAME)-$(LWRAFT_VERSION).$(ARCH).rpm
 LWRAFT_CLIENT_RPM=$(LWRAFT_CLIENT_PKG_NAME)-$(LWRAFT_VERSION).$(ARCH).rpm
 LWRAFT_CLIENT_DEVEL_RPM=$(LWRAFT_CLIENT_DEVEL_PKG_NAME)-$(LWRAFT_VERSION).$(ARCH).rpm
-LWRAFT_RPMS=$(LWRAFT_SERVER_RPM) $(LWRAFT_CLIENT_RPM) $(LWRAFT_CLIENT_DEVEL_RPM)
+LWRAFT_DEBUGINFO_RPM=$(LWRAFT_DEBUGINFO_PKG_NAME)-$(LWRAFT_VERSION).$(ARCH).rpm
+LWRAFT_RPMS=$(LWRAFT_SERVER_RPM) $(LWRAFT_CLIENT_RPM) $(LWRAFT_CLIENT_DEVEL_RPM) $(LWRAFT_DEBUGINFO_RPM)
 
 VMDNS_SRCROOT=$(SRCROOT)/vmdns
 VMDNS_PKGDIR=$(VMDNS_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 VMDNS_MAJOR_VER=1
-VMDNS_MINOR_VER=2
+VMDNS_MINOR_VER=3
 VMDNS_RELEASE_VER=0
-VMDNS_PATCH_VER=0
+VMDNS_PATCH_VER=3
 VMDNS_VERSION=$(VMDNS_MAJOR_VER).$(VMDNS_MINOR_VER).$(VMDNS_RELEASE_VER)-$(VMDNS_PATCH_VER)
 VMDNS_SERVER_PKG_NAME=vmware-dns
 VMDNS_CLIENT_PKG_NAME=vmware-dns-client
 VMDNS_CLIENT_DEVEL_PKG_NAME=vmware-dns-client-devel
+VMDNS_DEBUGINFO_PKG_NAME=vmware-dns-debuginfo
 VMDNS_SERVER_RPM=$(VMDNS_SERVER_PKG_NAME)-$(VMDNS_VERSION).$(ARCH).rpm
 VMDNS_CLIENT_RPM=$(VMDNS_CLIENT_PKG_NAME)-$(VMDNS_VERSION).$(ARCH).rpm
 VMDNS_CLIENT_DEVEL_RPM=$(VMDNS_CLIENT_DEVEL_PKG_NAME)-$(VMDNS_VERSION).$(ARCH).rpm
-VMDNS_RPMS=$(VMDNS_SERVER_RPM) $(VMDNS_CLIENT_RPM) $(VMDNS_CLIENT_DEVEL_RPM)
+VMDNS_DEBUGINFO_RPM=$(VMDNS_DEBUGINFO_PKG_NAME)-$(VMDNS_VERSION).$(ARCH).rpm
+VMDNS_RPMS=$(VMDNS_SERVER_RPM) $(VMDNS_CLIENT_RPM) $(VMDNS_CLIENT_DEVEL_RPM) $(VMDNS_DEBUGINFO_RPM)
 
 VMAFD_SRCROOT=$(SRCROOT)/vmafd
 VMAFD_PKGDIR=$(VMAFD_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 VMAFD_MAJOR_VER=1
-VMAFD_MINOR_VER=2
+VMAFD_MINOR_VER=3
 VMAFD_RELEASE_VER=0
-VMAFD_PATCH_VER=0
+VMAFD_PATCH_VER=3
 VMAFD_VERSION=$(VMAFD_MAJOR_VER).$(VMAFD_MINOR_VER).$(VMAFD_RELEASE_VER)-$(VMAFD_PATCH_VER)
 VMAFD_SERVER_PKG_NAME=vmware-afd
 VMAFD_CLIENT_PKG_NAME=vmware-afd-client
 VMAFD_CLIENT_DEVEL_PKG_NAME=vmware-afd-client-devel
 VMAFD_CLIENT_PYTHON_PKG_NAME=vmware-afd-client-python
+VMAFD_DEBUGINFO_PKG_NAME=vmware-afd-debuginfo
 VMAFD_SERVER_RPM=$(VMAFD_SERVER_PKG_NAME)-$(VMAFD_VERSION).$(ARCH).rpm
 VMAFD_CLIENT_RPM=$(VMAFD_CLIENT_PKG_NAME)-$(VMAFD_VERSION).$(ARCH).rpm
 VMAFD_CLIENT_PYTHON_RPM=$(VMAFD_CLIENT_PYTHON_PKG_NAME)-$(VMAFD_VERSION).$(ARCH).rpm
 VMAFD_CLIENT_DEVEL_RPM=$(VMAFD_CLIENT_DEVEL_PKG_NAME)-$(VMAFD_VERSION).$(ARCH).rpm
-VMAFD_RPMS=$(VMAFD_SERVER_RPM) $(VMAFD_CLIENT_RPM) $(VMAFD_CLIENT_DEVEL_RPM)
-
+VMAFD_DEBUGINFO_RPM=$(VMAFD_DEBUGINFO_PKG_NAME)-$(VMAFD_VERSION).$(ARCH).rpm
+VMAFD_RPMS=$(VMAFD_SERVER_RPM) $(VMAFD_CLIENT_RPM) $(VMAFD_CLIENT_DEVEL_RPM) $(VMAFD_DEBUGINFO_RPM)
 VMCA_SRCROOT=$(SRCROOT)/vmca
 VMCA_PKGDIR=$(VMCA_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 VMCA_MAJOR_VER=1
-VMCA_MINOR_VER=2
+VMCA_MINOR_VER=3
 VMCA_RELEASE_VER=0
-VMCA_PATCH_VER=0
+VMCA_PATCH_VER=3
 VMCA_VERSION=$(VMCA_MAJOR_VER).$(VMCA_MINOR_VER).$(VMCA_RELEASE_VER)-$(VMCA_PATCH_VER)
 VMCA_SERVER_PKG_NAME=vmware-ca
 VMCA_CLIENT_PKG_NAME=vmware-ca-client
 VMCA_CLIENT_DEVEL_PKG_NAME=vmware-ca-client-devel
+VMCA_DEBUGINFO_PKG_NAME=vmware-ca-debuginfo
 VMCA_SERVER_RPM=$(VMCA_SERVER_PKG_NAME)-$(VMCA_VERSION).$(ARCH).rpm
 VMCA_CLIENT_RPM=$(VMCA_CLIENT_PKG_NAME)-$(VMCA_VERSION).$(ARCH).rpm
 VMCA_CLIENT_DEVEL_RPM=$(VMCA_CLIENT_DEVEL_PKG_NAME)-$(VMCA_VERSION).$(ARCH).rpm
-VMCA_RPMS=$(VMCA_SERVER_RPM) $(VMCA_CLIENT_RPM) $(VMCA_CLIENT_DEVEL_RPM)
+VMCA_DEBUGINFO_RPM=$(VMCA_DEBUGINFO_PKG_NAME)-$(VMCA_VERSION).$(ARCH).rpm
+VMCA_RPMS=$(VMCA_SERVER_RPM) $(VMCA_CLIENT_RPM) $(VMCA_CLIENT_DEVEL_RPM) $(VMCA_DEBUGINFO_RPM)
 
 VMSTS_SRCROOT=$(SRCROOT)/vmidentity
 VMSTS_PKGDIR=$(VMSTS_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
@@ -157,28 +165,33 @@ VMSTS_DIAGNOSTICS_LIB=$(VMSTS_SRCROOT)/diagnostics/lib
 VMSTS_LWUI_SRC_MAIN_RESOURCES=$(VMSTS_SRCROOT)/lightwaveui/src/main/resources
 
 VMSTS_MAJOR_VER=1
-VMSTS_MINOR_VER=2
+VMSTS_MINOR_VER=3
 VMSTS_RELEASE_VER=0
-VMSTS_PATCH_VER=0
+VMSTS_PATCH_VER=3
 VMSTS_VERSION=$(VMSTS_MAJOR_VER).$(VMSTS_MINOR_VER).$(VMSTS_RELEASE_VER)-$(VMSTS_PATCH_VER)
 VMSTS_SERVER_PKG_NAME=vmware-sts
 VMSTS_CLIENT_PKG_NAME=vmware-sts-client
 VMSTS_C_CLIENT_PKG_NAME=vmware-sts-c-client
+VMSTS_DEBUGINFO_PKG_NAME=vmware-sts-debuginfo
 VMSTS_SERVER_RPM=$(VMSTS_SERVER_PKG_NAME)-$(VMSTS_VERSION).$(ARCH).rpm
 VMSTS_CLIENT_RPM=$(VMSTS_CLIENT_PKG_NAME)-$(VMSTS_VERSION).$(ARCH).rpm
 VMSTS_C_CLIENT_RPM=$(VMSTS_C_CLIENT_PKG_NAME)-$(VMSTS_VERSION).$(ARCH).rpm
-VMSTS_RPMS=$(VMSTS_SERVER_RPM) $(VMSTS_CLIENT_RPM)
+VMSTS_DEBUGINFO_RPM=$(VMSTS_DEBUGINFO_PKG_NAME)-$(VMSTS_VERSION).$(ARCH).rpm
+VMSTS_RPMS=$(VMSTS_SERVER_RPM) $(VMSTS_CLIENT_RPM) $(VMSTS_DEBUGINFO_RPM)
 
 CFG_SRCROOT=$(SRCROOT)/config
 CFG_PKGDIR=$(CFG_SRCROOT)/build/rpmbuild/RPMS/$(ARCH)
 
 CFG_MAJOR_VER=1
-CFG_MINOR_VER=2
+CFG_MINOR_VER=3
 CFG_RELEASE_VER=0
-CFG_PATCH_VER=0
+CFG_PATCH_VER=3
 CFG_VERSION=$(CFG_MAJOR_VER).$(CFG_MINOR_VER).$(CFG_RELEASE_VER)-$(CFG_PATCH_VER)
 CFG_PKG_NAME=vmware-ic-config
+CFG_DEBUGINFO_PKG_NAME=vmware-ic-config-debuginfo
 CFG_RPM=$(CFG_PKG_NAME)-$(CFG_VERSION).$(ARCH).rpm
+CFG_DEBUGINFO_RPM=$(CFG_DEBUGINFO_PKG_NAME)-$(CFG_VERSION).$(ARCH).rpm
+CFG_RPMS=$(CFG_RPM) $(CFG_DEBUGINFO_RPM)
 
 LIGHTWAVE_OVA_STAGE=$(LIGHTWAVE_STAGE_DIR)/lw-appliance
 LIGHTWAVE_OVA=$(LIGHTWAVE_OVA_STAGE)/lightwave-$(LW_SERVER_VERSION).ova
@@ -188,7 +201,7 @@ APPLIANCE_BUILDER=$(SRCROOT)/appliance/build-lightwave-ova.sh
 
 DOCKER_SRCROOT=$(SRCROOT)/support/docker
 DOCKER_BUILDER=$(DOCKER_SRCROOT)/build-lightwave-container.sh
-DOCKER_IMAGE_VERSION=1.2.0
+DOCKER_IMAGE_VERSION=1.3.0
 DOCKER_IMAGE_TAG=vmware/lightwave-sts:$(DOCKER_IMAGE_VERSION)
 DOCKER_IMAGE=$(LIGHTWAVE_STAGE_DIR)/vmware-lightwave-sts-$(DOCKER_IMAGE_VERSION).tar
 
@@ -196,9 +209,8 @@ DOCKER_CLIENT_SRCROOT=$(SRCROOT)/support/docker
 DOCKER_CLIENT_BUILDER=$(DOCKER_SRCROOT)/build-lightwave-client-container.sh
 DOCKER_CLIENT_IMAGE=$(LIGHTWAVE_STAGE_DIR)/vmware-lightwave-client.tar
 
-JAVA_HOME?=/var/opt/OpenJDK-1.8.0.112-bin
-COMMONS_DAEMON?=/var/opt/commons-daemon-1.0.15
-ANT_HOME?=/var/opt/apache-ant-1.9.6
-TOMCAT_HOME?=/var/opt/apache-tomcat-8.5.8
-JAXWS_HOME?=/opt/jaxws-ri-2.2.10
-MAVEN_HOME?=/var/opt/apache-maven-3.3.9
+JAVA_HOME?=/etc/alternatives/jre/../
+COMMONS_DAEMON?=/usr/share/java/
+ANT_HOME?=/var/opt/apache-ant
+TOMCAT_HOME?=/var/opt/apache-tomcat
+MAVEN_HOME?=/var/opt/apache-maven
diff --git a/support/make/prepare-dev-env.sh b/support/make/prepare-dev-env.sh
index 50553845c..2ed6b523d 100755
--- a/support/make/prepare-dev-env.sh
+++ b/support/make/prepare-dev-env.sh
@@ -21,5 +21,4 @@ tdnf install -y openjdk
 tdnf install -y apache-maven
 tdnf install -y apache-ant
 tdnf install -y ant-contrib
-tdnf install -y jaxws-ri
 tdnf install -y likewise-open-6.2.2
diff --git a/support/make/publish.sh b/support/make/publish.sh
index cd812491f..ec17c74db 100755
--- a/support/make/publish.sh
+++ b/support/make/publish.sh
@@ -24,23 +24,17 @@ REPO_ID=lightwave
 
 #publish non-native maven projects, version number in pom.xml files need to be manually changed
 artifactList=(
-"com.vmware.identity diagnostics ../../vmidentity/build/vmware-sts/packages/vmware-identity-diagnostics.jar ../../vmidentity/diagnostics/pom.xml" \
-"com.vmware.identity.idm vmware-identity-idm-client ../../vmidentity/build/vmware-sts/packages/vmware-identity-idm-client.jar ../../vmidentity/idm/client/pom.xml" \
-"com.vmware.identity.idm vmware-identity-idm-interface ../../vmidentity/build/vmware-sts/packages/vmware-identity-idm-interface.jar ../../vmidentity/idm/interface/pom.xml" \
-"com.vmware.identity platform ../../vmidentity/build/vmware-sts/packages/vmware-identity-platform.jar ../../vmidentity/platform/pom.xml" \
-"com.vmware.identity samltoken ../../vmidentity/build/vmware-sts/packages/samltoken.jar ../../vmidentity/commons/samltoken/pom.xml" \
-"com.vmware.identity vmware-identity-websso-client ../../vmidentity/build/vmware-sts/packages/vmware-identity-websso-client.jar ../../vmidentity/ssolib/pom.xml" \
-"com.vmware.identity wsTrustClient ../../vmidentity/build/vmware-sts/packages/vmware-identity-wsTrustClient.jar ../../vmidentity/wsTrustClient/pom.xml" \
-"com.vmware.identity authentication-framework ../../vmafd/build/authentication-framework/packages/authentication-framework.jar" \
+"com.vmware.vmafd authentication-framework ../../vmafd/build/authentication-framework/packages/authentication-framework.jar" \
+"com.vmware.vmafd afd-heartbeat-service ../../vmafd/build/authentication-framework/packages/afd-heartbeat-service.jar" \
 "com.vmware.vmafd client-domain-controller-cache ../../vmafd/build/authentication-framework/packages/client-domain-controller-cache.jar ../../vmafd/interop/java/cdc/pom.xml" \
-"com.vmware.identity vmware-endpoint-certificate-store  ../../vmafd/build/authentication-framework/packages/vmware-endpoint-certificate-store.jar ../../vmafd/interop/java/vks/pom.xml"
-"com.vmware.identity vmware-vmca-client ../../vmca/build/packages/vmware-vmca-client.jar" \
-"com.vmware.identity vmware-identity-depends ../../vmidentity/build/vmware-sts/packages/vmware-identity-depends.jar" \
+"com.vmware.vmafd vmware-endpoint-certificate-store  ../../vmafd/build/authentication-framework/packages/vmware-endpoint-certificate-store.jar ../../vmafd/interop/java/vks/pom.xml"
+"com.vmware.vmca vmware-vmca-client ../../vmca/build/certificate-authority/packages/vmware-vmca-client.jar" \
 )
 
 for i in "${artifactList[@]}"; do
     artifact=($i)
     if [ ${#artifact[@]} -eq 3 ]
+    echo "Publishing Artifact : ${artifact[1]} to artifactory instance.";
     then
         mvn deploy:deploy-file \
         -DgroupId=${artifact[0]} \
@@ -66,9 +60,5 @@ done
 
 
 #publish native maven projects
-mvn -f ../../vmidentity/openidconnect/common/pom.xml deploy
-mvn -f ../../vmidentity/openidconnect/client/pom.xml deploy
-mvn -f ../../vmidentity/openidconnect/sample/pom.xml deploy
-mvn -f ../../vmidentity/openidconnect/protocol/pom.xml deploy
-mvn -f ../../vmidentity/rest/pom.xml deploy
+mvn -f ../../vmidentity/pom.xml deploy -DskipTests=true
 
diff --git a/support/scripts/bootstrap.sh b/support/scripts/bootstrap.sh
new file mode 100755
index 000000000..64e7023ef
--- /dev/null
+++ b/support/scripts/bootstrap.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+PROJECT_ROOT=$(pwd)
+
+cd $PROJECT_ROOT/build && \
+    autoreconf -fi .. && \
+    ../configure \
+    CFLAGS="-Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare" \
+    --prefix=/opt/vmware \
+    --libdir=/opt/vmware/lib64 \
+    --localstatedir=/var/lib/vmware \
+    --with-config=./config
diff --git a/support/scripts/build.sh b/support/scripts/build.sh
new file mode 100755
index 000000000..45ceae308
--- /dev/null
+++ b/support/scripts/build.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+PROJECT_ROOT=$(pwd)
+
+cd $PROJECT_ROOT/build && \
+    make
diff --git a/support/scripts/clean.sh b/support/scripts/clean.sh
new file mode 100755
index 000000000..5b9d8b9aa
--- /dev/null
+++ b/support/scripts/clean.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+PROJECT_ROOT=$(pwd)
+
+cd $PROJECT_ROOT/build && \
+        make distclean
+
+/bin/rm -rf `find $PROJECT_ROOT -name Makefile.in`
+
+/bin/rm -rf config \
+            include \
+            lwraft \
+            rpmbuild \
+            stage \
+            vmafd \
+            vmca \
+            vmdir \
+            vmdns \
+            vmevent \
+            vmidentity \
+            vmmetrics
diff --git a/support/scripts/pack.sh b/support/scripts/pack.sh
new file mode 100755
index 000000000..039af5fc9
--- /dev/null
+++ b/support/scripts/pack.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+PROJECT_ROOT=$(pwd)
+
+cd $PROJECT_ROOT/build && \
+    make package
diff --git a/support/toolchain/docker/photon/Dockerfile b/support/toolchain/docker/photon/Dockerfile
new file mode 100644
index 000000000..330535539
--- /dev/null
+++ b/support/toolchain/docker/photon/Dockerfile
@@ -0,0 +1,40 @@
+FROM vmware/photon:1.0
+MAINTAINER "Sriram Nambakam" <snambakam@vmware.com>
+ENV container=docker
+ENV GOROOT=/usr/lib/golang
+
+RUN tdnf update -y --refresh tdnf && \
+    tdnf makecache && \
+    tdnf update -y rpm && \
+    tdnf install -y sed && \
+    tdnf install -y procps-ng && \
+    tdnf install -y shadow && \
+    tdnf install -y binutils && \
+    tdnf install -y make && \
+    tdnf install -y gawk && \
+    tdnf install -y autoconf && \
+    tdnf install -y automake && \
+    tdnf install -y libtool && \
+    tdnf install -y gcc && \
+    tdnf install -y glibc-devel && \
+    tdnf install -y linux-api-headers && \
+    tdnf install -y util-linux-devel && \
+    tdnf install -y e2fsprogs-devel && \
+    tdnf install -y rpm-build && \
+    tdnf install -y rpm-devel && \
+    tdnf install -y openjdk && \
+    tdnf install -y apache-maven && \
+    tdnf install -y apache-ant && \
+    tdnf install -y ant-contrib && \
+    tdnf install -y jaxws-ri && \
+    tdnf install -y python2-devel && \
+    tdnf install -y apache-tomcat && \
+    tdnf install -y boost-devel && \
+    tdnf install -y jansson-devel && \
+    tdnf install -y openssl-devel && \
+    tdnf install -y likewise-open-devel && \
+    tdnf install -y copenapi-devel && \
+    tdnf install -y c-rest-engine-devel && \
+    tdnf install -y go && \
+    echo 'ALL ALL=NOPASSWD: ALL' >>/etc/sudoers && \
+    chmod -R o+r /opt/likewise/include
diff --git a/tools/common/VMIdentity.CommonUtils/Brand_lw.config b/tools/common/VMIdentity.CommonUtils/Brand_lw.config
index 6da3bae52..ba2e737d9 100755
--- a/tools/common/VMIdentity.CommonUtils/Brand_lw.config
+++ b/tools/common/VMIdentity.CommonUtils/Brand_lw.config
@@ -1,18 +1,19 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<configuration>
-  <configSections>
-    <section name="appSettings"
-             type="System.Configuration.AppSettingsSection"/>
-  </configSections>
-  <appSettings>
-    <add key="tenant" value="lightwave.local"/>
-    <add key="caRoot" value="Lightwave CA Servers"/>
-    <add key="csRoot" value="Lightwave Certificate Servers"/>
-    <add key="dirRoot" value="Lightwave Directory Servers"/>
-    <add key="pscRoot" value="Lightwave Servers"/>
-    <add key="ssoRoot" value="Lightwave SSO Servers"/>
-    <add key="dnsRoot" value="Lightwave Domain Name Server"/>
-    <add key= "schemaRoot" value="Lightwave Directory Schema"/>
-	<add key="product" value="lightwave"/>
-  </appSettings>
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+  <configSections>
+    <section name="appSettings"
+             type="System.Configuration.AppSettingsSection"/>
+  </configSections>
+  <appSettings>
+    <add key="tenant" value="lightwave.local"/>
+    <add key="caRoot" value="Lightwave CA Servers"/>
+    <add key="csRoot" value="Lightwave Certificate Servers"/>
+    <add key="dirRoot" value="Lightwave Directory Servers"/>
+    <add key="raftRoot" value="Lightwave Raft Browser"/>
+    <add key="pscRoot" value="Lightwave Servers"/>
+    <add key="ssoRoot" value="Lightwave SSO Servers"/>
+    <add key="dnsRoot" value="Lightwave Domain Name Server"/>
+    <add key= "schemaRoot" value="Lightwave Directory Schema"/>
+	<add key="product" value="lightwave"/>
+  </appSettings>
 </configuration>
\ No newline at end of file
diff --git a/tools/common/VMIdentity.CommonUtils/Utilities/Constants.cs b/tools/common/VMIdentity.CommonUtils/Utilities/Constants.cs
index 5b3994b84..1c0e3c51a 100755
--- a/tools/common/VMIdentity.CommonUtils/Utilities/Constants.cs
+++ b/tools/common/VMIdentity.CommonUtils/Utilities/Constants.cs
@@ -22,6 +22,7 @@ namespace VMIdentity.CommonUtils
{
    public static class CommonConstants
         public const string CA_ROOT = "caRoot";
         public const string CS_ROOT = "csRoot";
         public const string DIR_ROOT = "dirRoot";
+        public const string RAFT_ROOT = "raftRoot";
         public const string PSC_ROOT = "pscRoot";
         public const string SSO_ROOT = "ssoRoot";
         public const string DNS_ROOT = "dnsRoot";
diff --git a/tools/common/VMIdentity.CommonUtils/VMIdentity.CommonUtils.csproj b/tools/common/VMIdentity.CommonUtils/VMIdentity.CommonUtils.csproj
index b859d7543..788d071a0 100755
--- a/tools/common/VMIdentity.CommonUtils/VMIdentity.CommonUtils.csproj
+++ b/tools/common/VMIdentity.CommonUtils/VMIdentity.CommonUtils.csproj
@@ -1,81 +1,82 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{CD959E2E-5B9C-4329-B085-352844CFDCDD}</ProjectGuid>
-    <OutputType>Library</OutputType>
-    <RootNamespace>VMIdentity.CommonUtils</RootNamespace>
-    <AssemblyName>VMIdentity.CommonUtils</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
-    <UseMSBuildEngine>False</UseMSBuildEngine>
-    <TargetFrameworkProfile />
-    <ReleaseVersion>0.2</ReleaseVersion>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>..\..\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <ConsolePause>false</ConsolePause>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <DebugType>full</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>..\..\mmc\x64\Release\</OutputPath>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <ConsolePause>false</ConsolePause>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
-    <DebugSymbols>true</DebugSymbols>
-    <OutputPath>..\..\mmc\x64\Debug\</OutputPath>
-    <DefineConstants>DEBUG;</DefineConstants>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-    <WarningLevel>4</WarningLevel>
-    <Optimize>false</Optimize>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
-    <OutputPath>..\..\mmc\x64\Release\</OutputPath>
-    <Optimize>true</Optimize>
-    <DebugType>full</DebugType>
-    <PlatformTarget>x64</PlatformTarget>
-    <ErrorReport>prompt</ErrorReport>
-    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
-    <WarningLevel>4</WarningLevel>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="System" />
-    <Reference Include="System.Configuration" />
-    <Reference Include="System.Xml" />
-    <Reference Include="System.Core" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Log\FileLogger.cs" />
-    <Compile Include="Log\ILogger.cs" />
-    <Compile Include="Log\LogLevel.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-    <Compile Include="Utilities\CertificateExtensions.cs" />
-    <Compile Include="Utilities\Constants.cs" />
-    <Compile Include="Utilities\DateExtensions.cs" />
-    <Compile Include="Persistence\LocalData.cs" />
-    <Compile Include="Persistence\VMBaseSnapInEnvironment.cs" />
-    <Compile Include="Persistence\IServerDTO.cs" />
-    <Compile Include="Utilities\DateTimeConverter.cs" />
-    <Compile Include="Utilities\Network.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="VMIdentity.CommonUtils.dll.config">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
-  </ItemGroup>
-  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{CD959E2E-5B9C-4329-B085-352844CFDCDD}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <RootNamespace>VMIdentity.CommonUtils</RootNamespace>
+    <AssemblyName>VMIdentity.CommonUtils</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <UseMSBuildEngine>False</UseMSBuildEngine>
+    <TargetFrameworkProfile />
+    <ReleaseVersion>0.2</ReleaseVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>..\..\x64\Debug\</OutputPath>
+    <DefineConstants>DEBUG;</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>full</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>..\..\mmc\x64\Release\</OutputPath>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>..\..\mmc\x64\Debug\</OutputPath>
+    <DefineConstants>DEBUG;</DefineConstants>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <WarningLevel>4</WarningLevel>
+    <Optimize>false</Optimize>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+    <OutputPath>..\..\mmc\x64\Release\</OutputPath>
+    <Optimize>true</Optimize>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Configuration" />
+    <Reference Include="System.Xml" />
+    <Reference Include="System.Core" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Log\FileLogger.cs" />
+    <Compile Include="Log\ILogger.cs" />
+    <Compile Include="Log\LogLevel.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Utilities\CertificateExtensions.cs" />
+    <Compile Include="Utilities\Constants.cs" />
+    <Compile Include="Utilities\DateExtensions.cs" />
+    <Compile Include="Persistence\LocalData.cs" />
+    <Compile Include="Persistence\VMBaseSnapInEnvironment.cs" />
+    <Compile Include="Persistence\IServerDTO.cs" />
+    <Compile Include="Utilities\DateTimeConverter.cs" />
+    <Compile Include="Utilities\Network.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="VMIdentity.CommonUtils.dll.config">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+      <SubType>Designer</SubType>
+    </None>
+  </ItemGroup>
+  <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
 </Project>
\ No newline at end of file
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/AttributeTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/AttributeTableViewDataSource.cs
new file mode 100755
index 000000000..e1372b003
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/AttributeTableViewDataSource.cs
@@ -0,0 +1,68 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class AttributeTableViewDataSource :NSTableViewDataSource
+	{
+		public List<string> attrList;
+
+		public AttributeTableViewDataSource()
+		{
+			attrList = new List<string>();
+		}
+
+		public AttributeTableViewDataSource(List<string> attrList)
+		{
+			this.attrList = attrList;
+		}
+
+		// This method will be called by the NSTableView control to learn the number of rows to display.
+		[Export("numberOfRowsInTableView:")]
+		public int NumberOfRowsInTableView(NSTableView table)
+		{
+			if (attrList != null)
+				return this.attrList.Count;
+			else
+				return 0;
+		}
+
+		// This method will be called by the control for each column and each row.
+		[Export("tableView:objectValueForTableColumn:row:")]
+		public NSObject ObjectValueForTableColumn(NSTableView table, NSTableColumn col, int row)
+		{
+			try
+			{
+				if (attrList != null)
+				{
+					if (col.Title == "Attribute")
+						return (NSString)this.attrList[row];
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error in List Operation " + e.Message);
+			}
+			return null;
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/CreateObjectTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/CreateObjectTableViewDataSource.cs
new file mode 100755
index 000000000..8ea193e3b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/CreateObjectTableViewDataSource.cs
@@ -0,0 +1,102 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using System.Linq;
+using VMDir.Common.DTO;
+using VMDirInterop.LDAP;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class CreateObjectTableViewDataSource : NSTableViewDataSource
+	{
+		public Dictionary<string, VMDirAttributeDTO> Entries { get; set; }
+
+		public Dictionary<string, string> PendingMod { get; set; }
+
+
+		public CreateObjectTableViewDataSource()
+		{
+			Entries = new Dictionary<string, VMDirAttributeDTO>();
+			PendingMod = new Dictionary<string, string>();
+		}
+
+		public CreateObjectTableViewDataSource(Dictionary<string, VMDirAttributeDTO> classList)
+		{
+			PendingMod = new Dictionary<string, string>();
+			Entries = classList;
+		}
+
+
+		// This method will be called by the NSTableView control to learn the number of rows to display.
+		[Export("numberOfRowsInTableView:")]
+		public int NumberOfRowsInTableView(NSTableView table)
+		{
+			if (Entries != null)
+				return this.Entries.Count;
+			else
+				return 0;
+		}
+
+		// This method will be called by the control for each column and each row.
+		[Export("tableView:objectValueForTableColumn:row:")]
+		public NSObject ObjectValueForTableColumn(NSTableView table, NSTableColumn col, int row)
+		{
+			try
+			{
+				if (Entries != null)
+				{
+					string key = this.Entries.Keys.ElementAt(row);
+					if (col.Identifier.Equals("Key"))
+						return (NSString)key;
+					else
+						return (NSString)this.Entries[key].Values[0].StringValue;
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error in List Operation " + e.Message);
+			}
+			return null;
+		}
+
+		[Export("tableView:setObjectValue:forTableColumn:row:")]
+		public override void SetObjectValue(NSTableView tableView, NSObject editedVal, NSTableColumn col, nint row)
+		{
+			try
+			{
+				if (Entries != null && !string.IsNullOrEmpty(editedVal.ToString()))
+				{
+					if (col.Identifier == "Value")
+					{
+						string currKey = this.Entries.Keys.ElementAt((int)row);
+						LdapValue val = new LdapValue(editedVal.ToString());
+						this.Entries[currKey].Values = new List<VMDirInterop.LDAP.LdapValue>() { val };
+					}
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error in List Operation " + e.Message);
+			}
+
+		}
+
+	}
+}
+
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/GenericListViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/GenericListViewDataSource.cs
new file mode 100755
index 000000000..ad56c5f86
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/GenericListViewDataSource.cs
@@ -0,0 +1,62 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.DataSource
+{
+    public class GenericListViewDataSource: NSTableViewDataSource
+    {
+        private List<string> entries;
+
+        public GenericListViewDataSource ()
+        {
+            entries = null;
+        }
+
+        public GenericListViewDataSource (List<string> classList)
+        {
+            if (classList != null)
+                entries = classList;
+        }
+
+        // This method will be called by the NSTableView control to learn the number of rows to display.
+        [Export ("numberOfRowsInTableView:")]
+        public int NumberOfRowsInTableView (NSTableView table)
+        {
+            if (entries != null)
+                return entries.Count;
+            else
+                return 0;
+        }
+
+        // This method will be called by the control for each column and each row.
+        [Export ("tableView:objectValueForTableColumn:row:")]
+        public NSObject ObjectValueForTableColumn (NSTableView table, NSTableColumn col, int row)
+        {
+            try {
+                if (entries != null)
+                    return (NSString)this.entries [row];
+            } catch (Exception e) {
+                System.Diagnostics.Debug.WriteLine ("Error in List Operation " + e.Message);
+            }
+            return null;
+        }
+    }
+}
+
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/GenericTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/GenericTableViewDataSource.cs
new file mode 100755
index 000000000..c551a3232
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/GenericTableViewDataSource.cs
@@ -0,0 +1,68 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.DataSource
+{
+    public class GenericTableViewDataSource: NSTableViewDataSource
+    {
+
+        public List<KeyValuePair<string,string>> Entries { get; set; }
+
+        public GenericTableViewDataSource ()
+        {
+            Entries = null;
+
+        }
+
+        public GenericTableViewDataSource (List<KeyValuePair<string,string>>  classList)
+        {
+            Entries = classList;
+        }
+
+        // This method will be called by the NSTableView control to learn the number of rows to display.
+        [Export ("numberOfRowsInTableView:")]
+        public int NumberOfRowsInTableView (NSTableView table)
+        {
+            if (Entries != null)
+                return this.Entries.Count;
+            else
+                return 0;
+        }
+
+        // This method will be called by the control for each column and each row.
+        [Export ("tableView:objectValueForTableColumn:row:")]
+        public NSObject ObjectValueForTableColumn (NSTableView table, NSTableColumn col, int row)
+        {
+            try {
+                if (Entries != null) {
+                    if (col.Identifier.Equals ("Key"))
+                        return (NSString)this.Entries [row].Key;
+                    else
+                        return (NSString)this.Entries [row].Value;
+                }
+            } catch (Exception e) {
+                System.Diagnostics.Debug.WriteLine ("Error in List Operation " + e.Message);
+            }
+            return null;
+        }
+
+    }
+}
+
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/ModificationStatusTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/ModificationStatusTableViewDataSource.cs
new file mode 100755
index 000000000..ea51458ac
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/ModificationStatusTableViewDataSource.cs
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class ModificationStatusTableViewDataSource : NSTableViewDataSource
+	{
+		public List<AttributeModStatus> attrModStatusList;
+
+		public ModificationStatusTableViewDataSource()
+		{
+			attrModStatusList = new List<AttributeModStatus>();
+		}
+
+		public ModificationStatusTableViewDataSource(List<AttributeModStatus> attrList)
+		{
+			this.attrModStatusList = attrList;
+		}
+		public override nint GetRowCount(NSTableView tableView)
+		{
+			if (attrModStatusList != null)
+				return attrModStatusList.Count;
+			else
+				return 0;
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/NodesListView.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/NodesListView.cs
new file mode 100755
index 000000000..f25f95ac2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/NodesListView.cs
@@ -0,0 +1,82 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using LWRaftSnapIn.Nodes;
+using VMDir.Common.DTO;
+using AppKit;
+using Foundation;
+
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class NodesListView : NSTableViewDataSource
+	{
+		public List<ScopeNode> Entries { get; set; }
+		public VMDirServerDTO ServerDTO { get; set; }
+
+		public NodesListView()
+		{
+			Entries = new List<ScopeNode>();
+		}
+
+		public NodesListView(List<ScopeNode> nodesList)
+		{
+			Entries = nodesList;
+
+		}
+
+		// This method will be called by the NSTableView control to learn the number of rows to display.
+		[Export("numberOfRowsInTableView:")]
+		public int NumberOfRowsInTableView(NSTableView table)
+		{
+			if (Entries != null)
+				return Entries.Count;
+			else
+				return 0;
+		}
+
+		// This method will be called by the control for each column and each row.
+		[Export("tableView:objectValueForTableColumn:row:")]
+		public NSObject ObjectValueForTableColumn(NSTableView table, NSTableColumn col, int row)
+		{
+			try
+			{
+				if (Entries != null)
+				{
+					switch (col.Identifier)
+					{
+						case "Key":
+							return (NSString)(this.Entries[row]).DisplayName;
+						case "Value":
+							if (this.Entries[row] is DirectoryNode)
+							{
+								return (NSString)(this.Entries[row] as DirectoryNode).Dn;
+							}
+							break;
+						default:
+							break;
+					}
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error in List Operation " + e.Message);
+			}
+			return null;
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/OutlineViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/OutlineViewDataSource.cs
new file mode 100755
index 000000000..ba715e449
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/OutlineViewDataSource.cs
@@ -0,0 +1,128 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using AppKit;
+using Foundation;
+using LWRaftSnapIn.Nodes;
+using VMDirInterop.LDAPExceptions;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class OutlineViewDataSource : NSOutlineViewDataSource
+	{
+		public ScopeNode RootNode { get; set; }
+
+		public OutlineViewDataSource(DirectoryNode node) : base()
+		{
+			RootNode = node;
+		}
+
+		public override nint GetChildrenCount(NSOutlineView outlineView, NSObject item)
+		{
+			// if null, it's asking about the root element
+			if (item == null)
+			{
+				return 1;
+			}
+			else {
+				DirectoryNode passedNode = item as DirectoryNode;
+				if (passedNode != null)
+				{
+					return passedNode.NumberOfChildren();
+				}
+				else {
+					System.Diagnostics.Debug.WriteLine("could not cast, there is a problem here");
+
+					return 0;
+				}
+			}
+		}
+
+		public override bool ItemExpandable(NSOutlineView outlineView, NSObject item)
+		{
+			if (item != null)
+			{
+				try
+				{
+					if (item is DirectoryNode)
+					{
+						DirectoryNode node = item as DirectoryNode;
+						if (node.isChildrenLoaded)
+							return (node.NumberOfChildren() != 0);
+						else
+							return true;
+					}
+					else if (item is ScopeNode)
+					{
+						ScopeNode passedNode = item as ScopeNode; // cast to appropriate type of node
+
+						return (passedNode.NumberOfChildren() != 0);
+					}
+					else {
+						System.Diagnostics.Debug.WriteLine("passedNode cast failed.");
+						return false;
+					}
+				}
+				catch (Exception e)
+				{
+					System.Diagnostics.Debug.WriteLine(e.Message);
+
+					return false;
+				}
+			}
+			else {
+				// if null, it's asking about the root element
+				return true;
+			}
+		}
+
+		public override NSObject GetObjectValue(NSOutlineView outlineView, NSTableColumn tableColumn, NSObject item)
+		{
+			if (item == null)
+			{
+				System.Diagnostics.Debug.WriteLine("passed null, returning empty String");
+				return new NSString(" ");
+			}
+			else {
+
+				DirectoryNode passedNode = item as DirectoryNode;
+				if (passedNode != null)
+				{
+					if (passedNode.morePages)
+						return (NSString)(passedNode.DisplayName + " ...");
+					else
+						return (NSString)passedNode.DisplayName;
+				}
+				else {
+					System.Diagnostics.Debug.WriteLine("returning an empty string, cast failed.");
+					return new NSString();
+				}
+			}
+		}
+
+		public override NSObject GetChild(NSOutlineView outlineView, nint childIndex, NSObject item)
+		{
+			// null means it's asking for the root
+			if (item == null)
+			{
+				return this.RootNode;
+			}
+			else {
+				return (NSObject)((item as ScopeNode).ChildAtIndex((int)childIndex));
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/PropertiesTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/PropertiesTableViewDataSource.cs
new file mode 100755
index 000000000..e0584b4b2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/PropertiesTableViewDataSource.cs
@@ -0,0 +1,131 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using System.Linq;
+using VMDir.Common.VMDirUtilities;
+using VMDirInterop.LDAP;
+using VMDir.Common.DTO;
+using VMDir.Common.Schema;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class PropertiesTableViewDataSource : NSTableViewDataSource
+	{
+		public Dictionary<string, VMDirAttributeDTO> properties { get; set; }
+		public List<AttributeDTO> currAttrDTOList;
+		public List<AttributeDTO> optAttrDTOList;
+		public List<AttributeDTO> oprAttrDTOList;
+		public HashSet<string> modData;
+		private List<AttributeTypeDTO> mayAttrDTOList;
+		public List<AttributeDTO> displayAttrDTOList;
+		private string objectClass = string.Empty;
+		public string dn = string.Empty;
+		public VMDirServerDTO serverDTO;
+
+		public PropertiesTableViewDataSource()
+		{
+			properties = new Dictionary<string, VMDirAttributeDTO>();
+			currAttrDTOList = new List<AttributeDTO>();
+			optAttrDTOList = new List<AttributeDTO>();
+			oprAttrDTOList = new List<AttributeDTO>();
+			mayAttrDTOList = new List<AttributeTypeDTO>();
+			modData = new HashSet<string>();
+			displayAttrDTOList = new List<AttributeDTO>();
+		}
+
+		public PropertiesTableViewDataSource(string dn, string oc, VMDirServerDTO serverDTO, Dictionary<string, VMDirAttributeDTO> classList) : this()
+		{
+			this.dn = dn;
+			this.objectClass = oc;
+			this.serverDTO = serverDTO;
+			properties = classList;
+			FillData();
+		}
+
+		public void FillData()
+		{
+			oprAttrDTOList.Clear();
+			currAttrDTOList.Clear();
+			displayAttrDTOList.Clear();
+			optAttrDTOList.Clear();
+
+			if (serverDTO.OperationalAttrFlag)
+			{
+				GetOperationalAttribute();
+				displayAttrDTOList.AddRange(oprAttrDTOList);
+			}
+
+			currAttrDTOList = Utilities.ConvertToAttributeDTOList(properties);
+			displayAttrDTOList.AddRange(currAttrDTOList);
+
+			if (serverDTO.OptionalAttrFlag)
+			{
+				if (string.IsNullOrWhiteSpace(objectClass))
+					objectClass = Utilities.GetAttrLastVal(properties, VMDirConstants.ATTR_OBJECT_CLASS);
+				mayAttrDTOList = serverDTO.Connection.SchemaManager.GetOptionalAttributes(objectClass);
+				foreach (var item in mayAttrDTOList)
+					if (item != null)
+						optAttrDTOList.Add(new AttributeDTO(item.Name, string.Empty, item,false));
+				foreach (var item in currAttrDTOList)
+					if (item.AttrSyntaxDTO.SingleValue)
+						optAttrDTOList.RemoveAll(x => x.Name.Equals(item.Name));
+				optAttrDTOList.Sort((x, y) => string.Compare(x.Name, y.Name, StringComparison.InvariantCultureIgnoreCase));
+				displayAttrDTOList.AddRange(optAttrDTOList);
+			}
+		}
+
+		private void GetOperationalAttribute()
+		{
+			TextQueryDTO dto = new TextQueryDTO(dn, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC,
+												new string[] { "+" }, 0, IntPtr.Zero, 0);
+			var operationalProperties = new Dictionary<string, VMDirAttributeDTO>();
+			serverDTO.Connection.Search(dto, (l, e) =>
+			{
+				if (e.Count > 0)
+					operationalProperties = serverDTO.Connection.GetEntryProperties(e[0]);
+			});
+			oprAttrDTOList = Utilities.ConvertToAttributeDTOList(operationalProperties);
+		}
+
+		public void ReloadData()
+		{
+			TextQueryDTO dto = new TextQueryDTO(dn, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC, null, 0, IntPtr.Zero, 0);
+
+			serverDTO.Connection.Search(dto,
+				(l, e) =>
+				{
+					if (e.Count > 0)
+					{
+						dn = e[0].getDN();
+						properties = serverDTO.Connection.GetEntryProperties(e[0]);
+					}
+				});
+
+			FillData();
+		}
+
+		public override nint GetRowCount(NSTableView tableView)
+		{
+			if (displayAttrDTOList != null)
+				return displayAttrDTOList.Count;
+			else
+				return 0;
+		}
+	}
+}
\ No newline at end of file
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/ResultOutlineDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/ResultOutlineDataSource.cs
new file mode 100755
index 000000000..577c5a891
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/ResultOutlineDataSource.cs
@@ -0,0 +1,74 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using LWRaftSnapIn.Nodes;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class ResultOutlineDataSource : NSOutlineViewDataSource
+	{
+		public List<DirectoryNode> ResultList { get; set; }
+
+		public ResultOutlineDataSource() : base()
+		{
+			ResultList = new List<DirectoryNode>();
+		}
+		public ResultOutlineDataSource(List<DirectoryNode> resultList) : base()
+		{
+			ResultList = resultList;
+		}
+
+		public override nint GetChildrenCount(NSOutlineView outlineView, NSObject item)
+		{
+			if (ResultList != null)
+				return ResultList.Count;
+			else
+				return 0;
+		}
+
+		public override bool ItemExpandable(NSOutlineView outlineView, NSObject item)
+		{
+			return false;
+		}
+
+		public override NSObject GetObjectValue(NSOutlineView outlineView, NSTableColumn tableColumn, NSObject item)
+		{
+			if (item == null)
+			{
+				System.Diagnostics.Debug.WriteLine("passed null, returning empty String");
+				return new NSString(" ");
+			}
+			else {
+				DirectoryNode passedNode = item as DirectoryNode;
+				if (passedNode != null)
+				{
+					return (NSString)passedNode.Dn;
+				}
+				else {
+					System.Diagnostics.Debug.WriteLine("returning an empty string, cast failed.");
+					return new NSString();
+				}
+			}
+		}
+
+		public override NSObject GetChild(NSOutlineView outlineView, nint childIndex, NSObject item)
+		{
+			return ResultList[(int)childIndex];
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SchemaAttributesTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SchemaAttributesTableViewDataSource.cs
new file mode 100755
index 000000000..daccd64d9
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SchemaAttributesTableViewDataSource.cs
@@ -0,0 +1,73 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using VMDir.Common.Schema;
+
+namespace LWRaftSnapIn.DataSource
+{
+    public class SchemaAttributesTableViewDataSource: NSTableViewDataSource
+    {
+        private List<AttributeTypeDTO> entries;
+
+        public SchemaAttributesTableViewDataSource()
+        {
+            entries = new List<AttributeTypeDTO>();
+        }
+
+        public SchemaAttributesTableViewDataSource(List<AttributeTypeDTO> classList)
+        {
+            entries = new List<AttributeTypeDTO>();
+            entries = classList;
+        }
+
+        // This method will be called by the NSTableView control to learn the number of rows to display.
+        [Export("numberOfRowsInTableView:")]
+        public int NumberOfRowsInTableView(NSTableView table)
+        {
+            if (entries != null)
+                return this.entries.Count;
+            else
+                return 0;
+        }
+
+        // This method will be called by the control for each column and each row.
+        [Export("tableView:objectValueForTableColumn:row:")]
+        public NSObject ObjectValueForTableColumn(NSTableView table, NSTableColumn col, int row)
+        {
+            try
+            {
+                if (entries != null)
+                {
+                    if (col.Identifier == "Name")
+                        return (NSString)this.entries[row].Name;
+                    else if (col.Identifier == "Type")
+                        return (NSString)this.entries[row].AttributeSyntax;
+                    else if (col.Identifier == "Description")
+                        return (NSString)this.entries[row].Description;
+                } 
+            }
+            catch (Exception e)
+            {
+                System.Diagnostics.Debug.WriteLine("Error in List Operation " + e.Message);
+            }
+            return null;
+        }
+    }
+}
+
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SearchConditionsTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SearchConditionsTableViewDataSource.cs
new file mode 100755
index 000000000..ed3c4ae3e
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SearchConditionsTableViewDataSource.cs
@@ -0,0 +1,72 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class SearchConditionsTableViewDataSource:NSTableViewDataSource
+	{
+		public List<FilterDTO> condList;
+
+		public SearchConditionsTableViewDataSource()
+		{
+			condList = new List<FilterDTO>();
+		}
+
+		public SearchConditionsTableViewDataSource(List<FilterDTO> condList)
+		{
+			this.condList = condList;
+		}
+
+		// This method will be called by the NSTableView control to learn the number of rows to display.
+		[Export("numberOfRowsInTableView:")]
+		public int NumberOfRowsInTableView(NSTableView table)
+		{
+			if (condList != null)
+				return this.condList.Count;
+			else
+				return 0;
+		}
+
+		// This method will be called by the control for each column and each row.
+		[Export("tableView:objectValueForTableColumn:row:")]
+		public NSObject ObjectValueForTableColumn(NSTableView table, NSTableColumn col, int row)
+		{
+			try
+			{
+				if (condList != null)
+				{
+					if (col.Title == "Attribute")
+						return (NSString)this.condList[row].Attribute;
+					else if (col.Title == "Condition")
+						return (NSString)VMDirConstants.ConditionList[(int)this.condList[row].Condition];
+					else if (col.Title == "Value")
+						return (NSString)this.condList[row].Value;
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error in List Operation " + e.Message);
+			}
+			return null;
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SuperLoggingTableViewDataSource.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SuperLoggingTableViewDataSource.cs
new file mode 100755
index 000000000..b85dd14a4
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/DataSource/SuperLoggingTableViewDataSource.cs
@@ -0,0 +1,74 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.DataSource
+{
+	public class SuperLoggingTableViewDataSource: NSTableViewDataSource
+    {
+		private List<SuperLogDto> entries;
+		public List<SuperLogDto> Entries { get { return entries;} }
+
+		public SuperLoggingTableViewDataSource ()
+        {
+			entries = new List<SuperLogDto> ();
+        }
+
+		public SuperLoggingTableViewDataSource (List<SuperLogDto> classList)
+        {
+			entries = new List<SuperLogDto> ();
+            entries = classList;
+        }
+
+        // This method will be called by the NSTableView control to learn the number of rows to display.
+        [Export ("numberOfRowsInTableView:")]
+        public int NumberOfRowsInTableView (NSTableView table)
+        {
+            if (entries != null)
+                return this.entries.Count;
+            else
+                return 0;
+        }
+
+        // This method will be called by the control for each column and each row.
+        [Export ("tableView:objectValueForTableColumn:row:")]
+        public NSObject ObjectValueForTableColumn (NSTableView table, NSTableColumn col, int row)
+        {
+            try {
+                if (entries != null) {
+                    if (col.Identifier == "ClientIP")
+						return (NSString)this.entries [row].ClientIP;
+                    else if (col.Identifier == "Port")
+						return (NSString)this.entries [row].Port;
+					else if (col.Identifier == "LoginDN")
+						return (NSString)this.entries [row].LoginDN;
+					else if (col.Identifier == "Operation")
+						return (NSString)this.entries [row].Operation;
+					else if (col.Identifier == "ErrorCode")
+						return (NSString)this.entries [row].ErrorCode;
+					else if (col.Identifier == "Duration")
+						return (NSString)this.entries [row].Duration;
+                } 
+            } catch (Exception e) {
+                System.Diagnostics.Debug.WriteLine ("Error in List Operation " + e.Message);
+            }
+            return null;
+        }
+    }
+}
\ No newline at end of file
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/GenericTableDelegate.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/GenericTableDelegate.cs
new file mode 100755
index 000000000..0e41aff27
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/GenericTableDelegate.cs
@@ -0,0 +1,51 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using AppKit;
+using Foundation;
+
+namespace LWRaftSnapIn.Delegate
+{
+	public class GenericTableDelegate : NSTableViewDelegate
+	{
+		private NSImage directoryIcon;
+
+		public GenericTableDelegate()
+		{
+			directoryIcon = NSImage.ImageNamed("object.png");
+		}
+
+		public override void WillDisplayCell(NSTableView tableView, NSObject cell,
+											 NSTableColumn tableColumn, nint row)
+		{
+			try
+			{
+				if (tableColumn.Identifier == "Name" || tableColumn.Identifier == "Attribute")
+				{
+					NSBrowserCell browserCell = cell as NSBrowserCell;
+					if (browserCell != null)
+					{
+						browserCell.Leaf = true;
+						browserCell.Image = directoryIcon;
+					}
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Exception in casting : " + e.Message);
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/ModificationStatusTableDelegate.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/ModificationStatusTableDelegate.cs
new file mode 100755
index 000000000..c004619c4
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/ModificationStatusTableDelegate.cs
@@ -0,0 +1,75 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using AppKit;
+using CoreGraphics;
+using Foundation;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDir.Common.Schema;
+using VMDir.Common.VMDirUtilities;
+using LWRaftSnapIn.DataSource;
+using LWRaftSnapIn.UI;
+
+namespace LWRaftSnapIn.Delegate
+{
+	public class ModificationStatusTableDelegate : NSTableViewDelegate
+	{
+		private ModificationStatusTableViewDataSource ds;
+
+		public ModificationStatusTableDelegate(ModificationStatusTableViewDataSource ds)
+		{
+			this.ds = ds;
+		}
+
+		public override nint GetNextTypeSelectMatch(NSTableView tableView, nint startRow, nint endRow, string searchString)
+		{
+			nint row = 0;
+			foreach (var item in ds.attrModStatusList)
+			{
+				if (item.AttributeName.Contains(searchString)) return row;
+				++row;
+			}
+			return 0;
+		}
+
+		public override NSView GetViewForItem(NSTableView tableView, NSTableColumn tableColumn, nint row)
+		{
+			NSTextField view = new NSTextField();
+			view.Identifier = tableColumn.Identifier;
+			view.BackgroundColor = NSColor.Clear;
+			view.Bordered = false;
+			view.Selectable = false;
+			view.Editable = false;
+
+			// Setup view based on the column selected
+			switch (tableColumn.Title)
+			{
+				case "Attribute":
+					view.StringValue = ds.attrModStatusList[(int)row].AttributeName;
+					break;
+				case "Status":
+					if (ds.attrModStatusList[(int)row].ModStatus)
+						view.BackgroundColor = NSColor.Green;
+					else
+						view.BackgroundColor = NSColor.Red;
+					view.StringValue = ds.attrModStatusList[(int)row].ErrorMsg;
+					break;
+			}
+
+			return view;
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/OutlineDelegate.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/OutlineDelegate.cs
new file mode 100755
index 000000000..6dcb3eb47
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/OutlineDelegate.cs
@@ -0,0 +1,91 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using AppKit;
+using Foundation;
+using LWRaftSnapIn.Nodes;
+using LWRaftSnapIn.UI;
+using System.Linq;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.Delegate
+{
+	public class OutlineDelegate : NSOutlineViewDelegate
+	{
+		private NSImage directoryIcon, worldIcon, userIcon, groupIcon;
+		MainWindowController mwCtl;
+
+		public OutlineDelegate(MainWindowController mwCtl)
+		{
+			this.mwCtl = mwCtl;
+			directoryIcon = NSImage.ImageNamed("directoryObject.png");
+			worldIcon = NSImage.ImageNamed("home.png");
+			userIcon = NSImage.ImageNamed("UserImg.png");
+			groupIcon = NSImage.ImageNamed("GroupImg.png");
+		}
+
+
+		public override void WillDisplayCell(NSOutlineView outlineView, NSObject cell,
+											 NSTableColumn tableColumn, NSObject item)
+		{
+			try
+			{
+				NSBrowserCell browserCell = cell as NSBrowserCell;
+				if (browserCell != null)
+				{
+					browserCell.Leaf = true;
+					var node = item as DirectoryNode;
+					if (node.IsBaseNode)
+						browserCell.Image = worldIcon;
+					else if (string.Equals(node.ObjectClass, VMDirConstants.USER_OC))
+						browserCell.Image = userIcon;
+					else if (string.Equals(node.ObjectClass, VMDirConstants.GROUP_OC))
+						browserCell.Image = groupIcon;
+					else
+						browserCell.Image = directoryIcon;
+
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Exception in casting : " + e.Message);
+			}
+		}
+
+
+
+		public override void SelectionDidChange(NSNotification notification)
+		{
+			nint row = mwCtl.MainOutlineView.SelectedRow;
+			mwCtl.RefreshTableViewBasedOnSelection(row);
+		}
+
+		public override void ItemDidExpand(NSNotification notification)
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				if (notification.UserInfo != null)
+				{
+					var kp = notification.UserInfo.FirstOrDefault();
+
+					var node = kp.Value as DirectoryNode;
+					if (node != null)
+						node.Expand(node.Dn);
+				}
+			});
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/PropertiesTableDelegate.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/PropertiesTableDelegate.cs
new file mode 100755
index 000000000..6be74cd38
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/PropertiesTableDelegate.cs
@@ -0,0 +1,194 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using AppKit;
+using CoreGraphics;
+using Foundation;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDir.Common.Schema;
+using VMDir.Common.VMDirUtilities;
+using LWRaftSnapIn.DataSource;
+using LWRaftSnapIn.UI;
+
+namespace LWRaftSnapIn.Delegate
+{
+	public class PropertiesTableDelegate : NSTableViewDelegate
+	{
+		private PropertiesTableViewDataSource _ds;
+		private NSWindowController _controller;
+		private PropertiesViewController _propViewCtl;
+
+		public PropertiesTableDelegate(NSWindowController controller, PropertiesTableViewDataSource ds, PropertiesViewController propViewCtl)
+		{
+			_controller = controller;
+			_ds = ds;
+			_propViewCtl = propViewCtl;
+		}
+
+		public override nint GetNextTypeSelectMatch(NSTableView tableView, nint startRow, nint endRow, string searchString)
+		{
+			nint row = 0;
+			foreach (var item in _ds.displayAttrDTOList)
+			{
+				if (item.Name.Contains(searchString)) return row;
+				++row;
+			}
+			return 0;
+		}
+
+		private void ConfigureTextField(NSTableCellView view, nint row)
+		{
+			// Add to view
+			view.TextField.AutoresizingMask = NSViewResizingMask.WidthSizable;
+			view.AddSubview(view.TextField);
+
+			// Configure
+			view.TextField.BackgroundColor = NSColor.Clear;
+			view.TextField.Bordered = false;
+			view.TextField.Selectable = false;
+			if (string.Equals(view.Identifier, "Value"))
+				view.TextField.Editable = true;
+			else
+				view.TextField.Editable = false;
+
+			// Wireup events
+			view.TextField.EditingEnded += (sender, e) =>
+				{
+
+					// Take action based on type
+					switch (view.Identifier)
+					{
+						case "Value":
+							string currKey = _ds.displayAttrDTOList[(int)view.TextField.Tag].Name;
+
+							if (currKey != "objectClass")
+							{
+								if (!string.Equals(_ds.displayAttrDTOList[(int)view.TextField.Tag].Value, view.TextField.StringValue))
+								{
+									_ds.displayAttrDTOList[(int)view.TextField.Tag].Value = view.TextField.StringValue;
+									_ds.displayAttrDTOList[(int)view.TextField.Tag].Dirty = true;
+									_ds.modData.Add(currKey);
+									_propViewCtl.SetEditVisibility(true);
+								}
+							if(_ds.displayAttrDTOList[(int)view.TextField.Tag].Dirty)
+								view.TextField.BackgroundColor = NSColor.Orange;
+							}
+							break;
+					}
+				};
+
+			// Tag view
+			view.TextField.Tag = row;
+		}
+
+		public override NSView GetViewForItem(NSTableView tableView, NSTableColumn tableColumn, nint row)
+		{
+			NSTableCellView view = (NSTableCellView)tableView.MakeView(tableColumn.Title, this);
+			view = new NSTableCellView();
+
+			// Configure the view
+			view.Identifier = tableColumn.Title;
+
+			// Take action based on title
+			switch (tableColumn.Title)
+			{
+				case "Attribute":
+					view.TextField = new NSTextField(new CGRect(0, 0, 250, 17));
+					ConfigureTextField(view, row);
+					break;
+				case "Value":
+					view.TextField = new NSTextField(new CGRect(0, 0, 250, 17));
+					ConfigureTextField(view, row);
+					break;
+				case "Syntax":
+					view.TextField = new NSTextField(new CGRect(16, 0, 200, 17));
+					ConfigureTextField(view, row);
+					var button = new NSButton(new CGRect(0, 0, 16, 16));
+					button.SetButtonType(NSButtonType.MomentaryLightButton);
+					button.Image = new NSImage("Question.png");
+					button.Title = "";
+					button.Tag = row;
+
+					// Wireup events
+					button.Activated += (sender, e) =>
+					{
+						// Get button and product
+						var btn = sender as NSButton;
+						var name = _ds.displayAttrDTOList[(int)btn.Tag].Name;
+						var type = _ds.serverDTO.Connection.SchemaManager.GetAttributeType(name);
+						AttributeHelpDTO attrHelp = null;
+						if (type.AttributeSyntax != null)
+							VMDirCommonEnvironment.Instance.AttrHelpDict.TryGetValue(type.AttributeSyntax, out attrHelp);
+
+						SyntaxHelpWindowController shwc = new SyntaxHelpWindowController(attrHelp);
+						NSApplication.SharedApplication.BeginSheet(shwc.Window, _controller.Window, () =>
+							{
+							});
+						try
+						{
+							NSApplication.SharedApplication.RunModalForWindow(shwc.Window);
+						}
+						finally
+						{
+							_controller.Window.EndSheet(shwc.Window);
+							shwc.Dispose();
+						}
+					};
+					view.AddSubview(button);
+
+					break;
+			}
+
+			switch (tableColumn.Title)
+			{
+				case "Attribute":
+					view.TextField.StringValue = _ds.displayAttrDTOList[(int)row].Name;
+					view.TextField.Tag = row;
+					break;
+				case "Value":
+					var val = _ds.displayAttrDTOList[(int)row].Value == null ? string.Empty : _ds.displayAttrDTOList[(int)row].Value;
+					var type = _ds.displayAttrDTOList[(int)row].AttrSyntaxDTO;
+					if (type != null && type.Type.Equals("Generalized Time"))
+					{
+						val = Utilities.ConvertGeneralizedTimeIntoReadableFormat(val);
+					}
+					view.TextField.StringValue = val;
+					view.TextField.Tag = row;
+					if(_ds.displayAttrDTOList[(int)row].Dirty)
+						view.TextField.BackgroundColor = NSColor.Orange;
+					break;
+				case "Syntax":
+					view.TextField.StringValue = _ds.displayAttrDTOList[(int)row].AttrSyntaxDTO.Type == null ? string.Empty : _ds.displayAttrDTOList[(int)row].AttrSyntaxDTO.Type;
+					foreach (NSView subview in view.Subviews)
+					{
+						var bt = subview as NSButton;
+						if (bt != null)
+						{
+							bt.Tag = row;
+						}
+					}
+					break;
+			}
+			return view;
+		}
+
+		/*public override bool ShouldSelectRow(NSTableView tableView, nint row)
+		{
+			return false;
+		}*/
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/ResultOutlineDelegate.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/ResultOutlineDelegate.cs
new file mode 100755
index 000000000..299f4fee8
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Delegate/ResultOutlineDelegate.cs
@@ -0,0 +1,72 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+using LWRaftSnapIn.Nodes;
+using LWRaftSnapIn.UI;
+
+namespace LWRaftSnapIn.Delegate
+{
+	public class ResultOutlineDelegate : NSOutlineViewDelegate
+	{
+		private const string CellIdentifier = "ResultCell";
+		private NSImage directoryIcon, worldIcon, userIcon, groupIcon;
+		SearchWindowController swCtl;
+
+		public ResultOutlineDelegate(SearchWindowController swCtl)
+		{
+			this.swCtl = swCtl;
+			directoryIcon = NSImage.ImageNamed("directoryObject.png");
+			worldIcon = NSImage.ImageNamed("home.png");
+			userIcon = NSImage.ImageNamed("UserImg.png");
+			groupIcon = NSImage.ImageNamed("GroupImg.png");
+		}
+
+		public override void WillDisplayCell(NSOutlineView outlineView, NSObject cell,
+											 NSTableColumn tableColumn, NSObject item)
+		{
+			try
+			{
+				NSBrowserCell browserCell = cell as NSBrowserCell;
+				if (browserCell != null)
+				{
+					browserCell.Leaf = true;
+					var node = item as DirectoryNode;
+					if (node.IsBaseNode)
+						browserCell.Image = worldIcon;
+					else if (string.Equals(node.ObjectClass, VMDirConstants.USER_OC))
+						browserCell.Image = userIcon;
+					else if (string.Equals(node.ObjectClass, VMDirConstants.GROUP_OC))
+						browserCell.Image = groupIcon;
+					else
+						browserCell.Image = directoryIcon;
+
+				}
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Exception in casting : " + e.Message);
+			}
+		}
+
+		public override void SelectionDidChange(NSNotification notification)
+		{
+			nint row = swCtl.SearchResultOutlineView.SelectedRow;
+			swCtl.RefreshPropTableViewBasedOnSelection(row);
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Info.plist b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Info.plist
new file mode 100755
index 000000000..f837aef3b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Info.plist
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleIdentifier</key>
+	<string>com.vmware.LightwaveRaftBrowser</string>
+	<key>CFBundleName</key>
+	<string>Lightwave Raft Browser</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>10.10</string>
+	<key>NSMainNibFile</key>
+	<string>MainMenu</string>
+	<key>NSPrincipalClass</key>
+	<string>NSApplication</string>
+	<key>CFBundleIconFile</key>
+	<string>directory-service-256</string>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.developer-tools</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0.0</string>
+	<key>CFBundleDisplayName</key>
+	<string>Lightwave Raft Browser</string>
+</dict>
+</plist>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapInEnvironment.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapInEnvironment.cs
new file mode 100755
index 000000000..4ea535ea3
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapInEnvironment.cs
@@ -0,0 +1,97 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.IO;
+using System.Xml.Serialization;
+using AppKit;
+using VMDir.Common.Persistence;
+using Foundation;
+
+namespace LWRaftSnapIn
+{
+    public class LWRaftSnapInEnvironment
+    {
+        private static string DATA_FILE_NAME = "LWRaftData.xml";
+
+        public LocalData LocalData { get; set; }
+
+        string _applicationPath;
+        protected static LWRaftSnapInEnvironment _instance;
+
+        public NSWindow MainWindow { get; set; }
+
+        public string StoreFileName {
+            get {
+                return Path.Combine (ApplicationPath, DATA_FILE_NAME);
+            }
+        }
+
+        public string ApplicationPath {
+            get {
+                if (string.IsNullOrEmpty (_applicationPath)) {
+                    NSFileManager fileManager = NSFileManager.DefaultManager;
+                    string[] paths = NSSearchPath.GetDirectories (NSSearchPathDirectory.ApplicationSupportDirectory, NSSearchPathDomain.User);
+                    if (paths.Length > 0) {
+                        _applicationPath = paths [0] + "/LightwaveTools";
+                        if (!Directory.Exists (_applicationPath)) {
+                            Directory.CreateDirectory (_applicationPath);
+                        }
+                    }
+                }
+                return _applicationPath;
+            }
+        }
+
+        public static LWRaftSnapInEnvironment Instance {
+            get {
+                if (_instance == null)
+                    _instance = new LWRaftSnapInEnvironment ();
+                return _instance;
+            }
+        }
+
+        public void LoadLocalData ()
+        {
+            if (!File.Exists (StoreFileName)) {
+                LocalData = new LocalData ();
+                return;
+            }
+            try {
+                using (var ms = new MemoryStream ()) {
+                    var bytes = File.ReadAllBytes (StoreFileName);
+                    ms.Write (bytes, 0, bytes.Length);
+                    ms.Seek (0, SeekOrigin.Begin);
+                    var xmlSerializer = new XmlSerializer (typeof(LocalData));
+                    LocalData = xmlSerializer.Deserialize (ms) as LocalData;
+                }
+            } catch (Exception) {
+            }
+        }
+
+        public void SaveLocalData ()
+        {
+            try {
+                using (var ms = new MemoryStream ()) {
+                    var xmlSerializer = new XmlSerializer (typeof(LocalData));
+                    xmlSerializer.Serialize (ms, LWRaftSnapInEnvironment.Instance.LocalData);
+                    File.WriteAllBytes (StoreFileName, ms.ToArray ());
+                }
+            } catch (Exception e) {
+                System.Diagnostics.Debug.WriteLine (e.Message);
+            }
+        }
+    }
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Lightwave Raft.csproj b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Lightwave Raft.csproj
new file mode 100755
index 000000000..30918176a
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Lightwave Raft.csproj	
@@ -0,0 +1,337 @@
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectTypeGuids>{A3F8F2AB-B479-4A4A-A458-A89E7DC349F1};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
+    <ProjectGuid>{84EAD6E2-414C-4753-A512-6FA7B00474C0}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>VMDirSnapIn</RootNamespace>
+    <MonoMacResourcePrefix>Resources</MonoMacResourcePrefix>
+    <AssemblyName>Lightwave Raft Browser</AssemblyName>
+    <UseXamMacFullFramework>true</UseXamMacFullFramework>
+    <ReleaseVersion>0.2</ReleaseVersion>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>..\..\x64\Debug</OutputPath>
+    <DefineConstants>DEBUG;</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+    <UseRefCounting>false</UseRefCounting>
+    <UseSGen>false</UseSGen>
+    <IncludeMonoRuntime>true</IncludeMonoRuntime>
+    <EnablePackageSigning>false</EnablePackageSigning>
+    <EnableCodeSigning>false</EnableCodeSigning>
+    <CreatePackage>false</CreatePackage>
+    <CodeSigningKey>Mac Developer</CodeSigningKey>
+    <PackageSigningKey>Developer ID Installer</PackageSigningKey>
+    <XamMacArch>x86_64</XamMacArch>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>full</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>..\..\x64\Release</OutputPath>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+    <UseRefCounting>false</UseRefCounting>
+    <UseSGen>false</UseSGen>
+    <IncludeMonoRuntime>true</IncludeMonoRuntime>
+    <CreatePackage>false</CreatePackage>
+    <CodeSigningKey>Developer ID Application</CodeSigningKey>
+    <EnableCodeSigning>false</EnableCodeSigning>
+    <EnablePackageSigning>false</EnablePackageSigning>
+    <PackageSigningKey>Developer ID Installer</PackageSigningKey>
+    <XamMacArch>x86_64</XamMacArch>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'AppStore|AnyCPU' ">
+    <DebugType>full</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>..\..\x64\AppStore</OutputPath>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <ConsolePause>false</ConsolePause>
+    <UseRefCounting>false</UseRefCounting>
+    <UseSGen>false</UseSGen>
+    <IncludeMonoRuntime>false</IncludeMonoRuntime>
+    <CreatePackage>false</CreatePackage>
+    <EnableCodeSigning>false</EnableCodeSigning>
+    <EnablePackageSigning>false</EnablePackageSigning>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Xml" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="Xamarin.Mac" />
+    <Reference Include="VmDirInterop">
+      <HintPath>..\..\..\interop\lib64\VmDirInterop.dll</HintPath>
+    </Reference>
+  </ItemGroup>
+  <ItemGroup>
+    <Folder Include="Resources\" />
+    <Folder Include="Nodes\" />
+    <Folder Include="UI\" />
+    <Folder Include="DataSource\" />
+    <Folder Include="UI\PropertiesView\" />
+    <Folder Include="UI\SplitViewMMC\" />
+    <Folder Include="UI\Main\" />
+    <Folder Include="UI\WelcomeScreen\" />
+    <Folder Include="UI\AddUser\" />
+    <Folder Include="UI\AddGroup\" />
+    <Folder Include="UI\AddObject\" />
+    <Folder Include="UI\SuperLog\" />
+    <Folder Include="UI\Password\" />
+    <Folder Include="Delegate\" />
+    <Folder Include="UI\Search\" />
+    <Folder Include="UI\SelectObject\" />
+    <Folder Include="UI\AddToGroup\" />
+    <Folder Include="UI\PageSize\" />
+    <Folder Include="UI\SyntaxHelp\" />
+    <Folder Include="UI\ConnectToLdap\" />
+    <Folder Include="UI\Export\" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Main.cs" />
+    <Compile Include="Nodes\ChildScopeNode.cs" />
+    <Compile Include="Nodes\ScopeNode.cs" />
+    <Compile Include="LWRaftSnapInEnvironment.cs" />
+    <Compile Include="DataSource\OutlineViewDataSource.cs" />
+    <Compile Include="UI\AppDelegate.cs" />
+    <Compile Include="UI\AppDelegate.designer.cs">
+      <DependentUpon>AppDelegate.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\OutlineView.cs" />
+    <Compile Include="Nodes\DirectoryNode.cs" />
+    <Compile Include="DataSource\SchemaAttributesTableViewDataSource.cs" />
+    <Compile Include="DataSource\GenericListViewDataSource.cs" />
+    <Compile Include="DataSource\PropertiesTableViewDataSource.cs" />
+    <Compile Include="DataSource\GenericTableViewDataSource.cs" />
+    <Compile Include="Nodes\VMDirServerInfo.cs" />
+    <Compile Include="DataSource\CreateObjectTableViewDataSource.cs" />
+    <Compile Include="DataSource\NodesListView.cs" />
+    <Compile Include="UI\VMDirTableView.cs" />
+    <Compile Include="DataSource\SuperLoggingTableViewDataSource.cs" />
+    <Compile Include="UI\SplitViewMMC\VmdirSplitView.cs" />
+    <Compile Include="UI\SplitViewMMC\VmdirSplitViewController.cs" />
+    <Compile Include="UI\SplitViewMMC\VmdirSplitView.designer.cs">
+      <DependentUpon>VmdirSplitView.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SplitViewMMC\VmdirSplitViewController.designer.cs">
+      <DependentUpon>VmdirSplitViewController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PropertiesView\PropertiesView.cs" />
+    <Compile Include="UI\PropertiesView\PropertiesViewController.cs" />
+    <Compile Include="UI\PropertiesView\PropertiesView.designer.cs">
+      <DependentUpon>PropertiesView.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PropertiesView\PropertiesViewController.designer.cs">
+      <DependentUpon>PropertiesViewController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Main\MainWindow.cs" />
+    <Compile Include="UI\Main\MainWindow.designer.cs">
+      <DependentUpon>MainWindow.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Main\MainWindowController.cs" />
+    <Compile Include="UI\WelcomeScreen\WelcomeScreen.cs" />
+    <Compile Include="UI\WelcomeScreen\WelcomeScreen.designer.cs">
+      <DependentUpon>WelcomeScreen.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\WelcomeScreen\WelcomeScreenController.cs" />
+    <Compile Include="UI\WelcomeScreen\WelcomeScreenController.designer.cs">
+      <DependentUpon>WelcomeScreenController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\AddGroup\AddNewGroup.cs" />
+    <Compile Include="UI\AddGroup\AddNewGroup.designer.cs" />
+    <Compile Include="UI\AddGroup\AddNewGroupController.cs" />
+    <Compile Include="UI\AddGroup\AddNewGroupController.designer.cs" />
+    <Compile Include="UI\AddUser\AddNewUser.cs" />
+    <Compile Include="UI\AddUser\AddNewUser.designer.cs" />
+    <Compile Include="UI\AddUser\AddNewUserController.cs" />
+    <Compile Include="UI\AddUser\AddNewUserController.designer.cs" />
+    <Compile Include="UI\AddObject\CreateObjectWindow.cs" />
+    <Compile Include="UI\AddObject\CreateObjectWindow.designer.cs" />
+    <Compile Include="UI\AddObject\CreateObjectWindowController.cs" />
+    <Compile Include="UI\SuperLog\SuperLoggingBrowserWindow.cs" />
+    <Compile Include="UI\SuperLog\SuperLoggingBrowserWindow.designer.cs" />
+    <Compile Include="UI\SuperLog\SuperLoggingBrowserWindowController.cs" />
+    <Compile Include="UI\SuperLog\SuperLoggingBrowserWindowController.designer.cs" />
+    <Compile Include="UI\Password\ResetPasswordWindow.cs" />
+    <Compile Include="UI\Password\ResetPasswordWindow.designer.cs" />
+    <Compile Include="UI\Password\ResetPasswordWindowController.cs" />
+    <Compile Include="UI\Password\ResetPasswordWindowController.designer.cs" />
+    <Compile Include="Delegate\GenericTableDelegate.cs" />
+    <Compile Include="Delegate\OutlineDelegate.cs" />
+    <Compile Include="Delegate\PropertiesTableDelegate.cs" />
+    <Compile Include="UI\Search\SearchWindow.cs" />
+    <Compile Include="UI\Search\SearchWindow.designer.cs">
+      <DependentUpon>SearchWindow.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Search\SearchWindowController.cs" />
+    <Compile Include="UI\Search\SearchWindowController.designer.cs">
+      <DependentUpon>SearchWindowController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SelectObject\SelectObjectClassWindow.cs" />
+    <Compile Include="UI\SelectObject\SelectObjectClassWindowController.cs" />
+    <Compile Include="UI\SelectObject\SelectObjectClassWindow.designer.cs" />
+    <Compile Include="UI\AddToGroup\AddGroupByCNWindow.cs" />
+    <Compile Include="UI\AddToGroup\AddGroupByCNWindow.designer.cs" />
+    <Compile Include="UI\AddToGroup\AddGroupByCNWindowController.cs" />
+    <Compile Include="UI\AddToGroup\AddGroupByCNWindowController.designer.cs" />
+    <Compile Include="UI\Password\VerifyPassword.cs" />
+    <Compile Include="UI\Password\VerifyPassword.designer.cs">
+      <DependentUpon>VerifyPassword.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Password\VerifyPasswordController.cs" />
+    <Compile Include="UI\Password\VerifyPasswordController.designer.cs">
+      <DependentUpon>VerifyPasswordController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="DataSource\SearchConditionsTableViewDataSource.cs" />
+    <Compile Include="DataSource\ResultOutlineDataSource.cs" />
+    <Compile Include="UI\ResultOutlineView.cs" />
+    <Compile Include="Delegate\ResultOutlineDelegate.cs" />
+    <Compile Include="UI\PageSize\PageSize.cs" />
+    <Compile Include="UI\PageSize\PageSize.designer.cs">
+      <DependentUpon>PageSize.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PageSize\PageSizeController.cs" />
+    <Compile Include="UI\PageSize\PageSizeController.designer.cs">
+      <DependentUpon>PageSizeController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SyntaxHelp\SyntaxHelpWindow.cs" />
+    <Compile Include="UI\SyntaxHelp\SyntaxHelpWindow.designer.cs">
+      <DependentUpon>SyntaxHelpWindow.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SyntaxHelp\SyntaxHelpWindowController.cs" />
+    <Compile Include="UI\SyntaxHelp\SyntaxHelpWindowController.designer.cs">
+      <DependentUpon>SyntaxHelpWindowController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\ConnectToLdap\ConnectToLdapWindow.cs" />
+    <Compile Include="UI\ConnectToLdap\ConnectToLdapWindow.designer.cs" />
+    <Compile Include="UI\ConnectToLdap\ConnectToLdapWindowController.cs" />
+    <Compile Include="Nodes\DirectoryNonExpandableNode.cs" />
+    <Compile Include="DataSource\AttributeTableViewDataSource.cs" />
+    <Compile Include="UI\PropertiesView\ModSubmitConfirm.cs" />
+    <Compile Include="UI\PropertiesView\ModSubmitConfirm.designer.cs">
+      <DependentUpon>ModSubmitConfirm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PropertiesView\ModSubmitConfirmController.cs" />
+    <Compile Include="UI\PropertiesView\ModSubmitConfirmController.designer.cs">
+      <DependentUpon>ModSubmitConfirmController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PropertiesView\ModSubmitStatus.cs" />
+    <Compile Include="UI\PropertiesView\ModSubmitStatus.designer.cs">
+      <DependentUpon>ModSubmitStatus.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PropertiesView\ModSubmitStatusController.cs" />
+    <Compile Include="UI\PropertiesView\ModSubmitStatusController.designer.cs">
+      <DependentUpon>ModSubmitStatusController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Export\ExportSearchResult.cs" />
+    <Compile Include="UI\Export\ExportSearchResult.designer.cs">
+      <DependentUpon>ExportSearchResult.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Export\ExportSearchResultController.cs" />
+    <Compile Include="UI\Export\ExportSearchResultController.designer.cs">
+      <DependentUpon>ExportSearchResultController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="DataSource\ModificationStatusTableViewDataSource.cs" />
+    <Compile Include="UI\Search\ConditionValuesFromFile.cs" />
+    <Compile Include="UI\Search\ConditionValuesFromFile.designer.cs">
+      <DependentUpon>ConditionValuesFromFile.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\Search\ConditionValuesFromFileController.cs" />
+    <Compile Include="UI\Search\ConditionValuesFromFileController.designer.cs">
+      <DependentUpon>ConditionValuesFromFileController.cs</DependentUpon>
+    </Compile>
+    <Compile Include="Delegate\ModificationStatusTableDelegate.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <InterfaceDefinition Include="UI\SplitViewMMC\VmdirSplitView.xib" />
+    <InterfaceDefinition Include="UI\PropertiesView\PropertiesView.xib" />
+    <InterfaceDefinition Include="UI\Main\MainMenu.xib" />
+    <InterfaceDefinition Include="UI\Main\MainWindow.xib" />
+    <InterfaceDefinition Include="UI\WelcomeScreen\WelcomeScreen.xib" />
+    <InterfaceDefinition Include="UI\AddGroup\AddNewGroup.xib" />
+    <InterfaceDefinition Include="UI\AddUser\AddNewUser.xib" />
+    <InterfaceDefinition Include="UI\AddObject\CreateObjectWindow.xib" />
+    <InterfaceDefinition Include="UI\SuperLog\SuperLoggingBrowserWindow.xib" />
+    <InterfaceDefinition Include="UI\Password\ResetPasswordWindow.xib" />
+    <InterfaceDefinition Include="UI\Search\SearchWindow.xib" />
+    <InterfaceDefinition Include="UI\SelectObject\SelectObjectClassWindow.xib" />
+    <InterfaceDefinition Include="UI\AddToGroup\AddGroupByCNWindow.xib" />
+    <InterfaceDefinition Include="UI\Password\VerifyPassword.xib" />
+    <InterfaceDefinition Include="UI\PageSize\PageSize.xib" />
+    <InterfaceDefinition Include="UI\SyntaxHelp\SyntaxHelpWindow.xib" />
+    <InterfaceDefinition Include="UI\ConnectToLdap\ConnectToLdapWindow.xib" />
+    <InterfaceDefinition Include="UI\PropertiesView\ModSubmitConfirm.xib" />
+    <InterfaceDefinition Include="UI\PropertiesView\ModSubmitStatus.xib" />
+    <InterfaceDefinition Include="UI\Export\ExportSearchResult.xib" />
+    <InterfaceDefinition Include="UI\Search\ConditionValuesFromFile.xib" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Info.plist" />
+    <None Include="UI\Info.plist" />
+  </ItemGroup>
+  <ProjectExtensions>
+    <MonoDevelop>
+      <Properties>
+        <Policies>
+          <DotNetNamingPolicy DirectoryNamespaceAssociation="Hierarchical" ResourceNamePolicy="FileFormatDefault" />
+        </Policies>
+      </Properties>
+    </MonoDevelop>
+  </ProjectExtensions>
+  <ItemGroup>
+    <BundleResource Include="Resources\VMwareicon.png" />
+    <BundleResource Include="Resources\BulletBlackIcon.png" />
+    <BundleResource Include="Resources\lightwave.png" />
+    <BundleResource Include="Resources\Add_Group_64.png" />
+    <BundleResource Include="Resources\Add_Object_64.png" />
+    <BundleResource Include="Resources\Add_User_64.png" />
+    <BundleResource Include="Resources\Disconnect_64.png" />
+    <BundleResource Include="Resources\Edit_Properties_64.png" />
+    <BundleResource Include="Resources\View_Schema_64.png" />
+    <BundleResource Include="Resources\delete.png" />
+    <BundleResource Include="Resources\directory-service-256.icns" />
+    <BundleResource Include="Resources\directoryObject.png" />
+    <BundleResource Include="Resources\object.png" />
+    <BundleResource Include="Resources\home.png" />
+    <BundleResource Include="Resources\connect.png" />
+    <BundleResource Include="Resources\disconnect_64x.png" />
+    <BundleResource Include="Resources\Question.png" />
+    <BundleResource Include="Resources\UserImg.png" />
+    <BundleResource Include="Resources\SearchImg.png" />
+    <BundleResource Include="Resources\SearchBoxCollapseImg.png" />
+    <BundleResource Include="Resources\SaveImg.png" />
+    <BundleResource Include="Resources\ResetPasswordImg.png" />
+    <BundleResource Include="Resources\PageSizeImg.png" />
+    <BundleResource Include="Resources\OpenImg.png" />
+    <BundleResource Include="Resources\NextPageImg.png" />
+    <BundleResource Include="Resources\LoginImg.png" />
+    <BundleResource Include="Resources\GroupImg.png" />
+    <BundleResource Include="Resources\OperationalAttrImg.png" />
+    <BundleResource Include="Resources\OptionalAttrImg.png" />
+    <BundleResource Include="Resources\RefreshImg.png" />
+    <BundleResource Include="Resources\ExportImg.png" />
+  </ItemGroup>
+  <Import Project="$(MSBuildExtensionsPath)\Xamarin\Mac\Xamarin.Mac.CSharp.targets" />
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\common\VMDir.Common\VMDir.Common.csproj">
+      <Project>{76109B16-B0AE-47EB-8545-EB135EB92E2A}</Project>
+      <Name>VMDir.Common</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\..\common\VMIdentity.CommonUtils\VMIdentity.CommonUtils.csproj">
+      <Project>{CD959E2E-5B9C-4329-B085-352844CFDCDD}</Project>
+      <Name>VMIdentity.CommonUtils</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\VmIdentity.UI.Common\VmIdentity.UI.Common.csproj">
+      <Project>{35037B87-3B35-40FA-A9D3-7974DCDDABB5}</Project>
+      <Name>VmIdentity.UI.Common</Name>
+    </ProjectReference>
+  </ItemGroup>
+</Project>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Main.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Main.cs
new file mode 100755
index 000000000..f5ae35140
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Main.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using AppKit;
+using VmIdentity.UI.Common;
+using LWRaftSnapIn.UI;
+
+namespace LWRaftSnapIn
+{
+    class MainClass
+    {
+        static void Main (string[] args)
+        {
+            NSApplication.Init ();
+            LWRaftSnapInEnvironment.Instance.LoadLocalData ();
+            /* Workaround for a Bug in Xamarin. Cant load Views referenced in external project without referencing the assembly before NSApplication.Main
+            ref -https://forums.xamarin.com/discussion/1771/creating-a-custom-control-view-xamarin-mac#latest
+            */
+            Console.WriteLine (typeof(LoginWindow).Assembly);
+            NSApplication.Main (args);
+        }
+    }
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/ChildScopeNode.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/ChildScopeNode.cs
new file mode 100755
index 000000000..5e449bf8f
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/ChildScopeNode.cs
@@ -0,0 +1,32 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.Nodes
+{
+	public class ChildScopeNode : ScopeNode
+	{
+		public VMDirServerDTO ServerDTO { get; protected set; }
+
+		public ChildScopeNode()
+		{
+		}
+
+		public ChildScopeNode(VMDirServerDTO dto)
+		{
+			this.ServerDTO = dto;
+		}
+	}
+}
\ No newline at end of file
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/DirectoryNode.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/DirectoryNode.cs
new file mode 100755
index 000000000..1b2ba467f
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/DirectoryNode.cs
@@ -0,0 +1,421 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Linq;
+using AppKit;
+using Foundation;
+using LWRaftSnapIn.UI;
+using VmIdentity.UI.Common;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.DTO;
+using VMDir.Common.VMDirUtilities;
+using VMDirInterop.Interfaces;
+using VMDirInterop.LDAP;
+using System.Collections.Generic;
+using VMDir.Common;
+using UI.Password;
+using VMIdentity.CommonUtils;
+
+namespace LWRaftSnapIn.Nodes
+{
+	public class DirectoryNode : ChildScopeNode
+	{
+		public string Dn { get; private set; }
+		public List<string> ObjectClass { get; private set; }
+
+		private QueryDTO qdto;
+		private IntPtr cookie;
+		private int totalCount;
+		public bool morePages { get; private set; }
+		private int pageNumber;
+
+		public bool isChildrenLoaded { get; private set; }
+		public bool IsBaseNode { get; set; }
+		protected Dictionary<string, VMDirAttributeDTO> _properties;
+
+		public Dictionary<string, VMDirAttributeDTO> NodeProperties
+		{
+			get
+			{
+				if(_properties==null)
+					FillProperties();
+				return _properties;
+			}
+			set
+			{
+				_properties = value;
+			}
+		}
+
+		public DirectoryNode(string dn, List<string> ocSet, VMDirServerDTO dto, ScopeNode parent) : base(dto)
+		{
+			Dn = dn;
+			ObjectClass = ocSet;
+			DisplayName = VMDirServerDTO.DN2CN(Dn);
+			Parent = parent;
+			IsBaseNode = false;
+			InitPageSearch();
+		}
+
+		public void FillProperties()
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				TextQueryDTO dto = new TextQueryDTO(Dn, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC, null, 0, IntPtr.Zero, 0);
+
+				ServerDTO.Connection.Search(dto,
+					(l, e) =>
+					{
+					if(e.Count>0)
+						_properties = ServerDTO.Connection.GetEntryProperties(e[0]);
+					});
+			});
+		}
+
+		public void RefreshProperties()
+		{
+			_properties.Clear();
+			FillProperties();
+			NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+		}
+		private void InitPageSearch()
+		{
+			qdto = new TextQueryDTO(Dn, LdapScope.SCOPE_ONE_LEVEL, VMDirConstants.SEARCH_ALL_OC,
+			                        new string[] { VMDirConstants.ATTR_DN, VMDirConstants.ATTR_OBJECT_CLASS }, 0, IntPtr.Zero, 0);
+			cookie = IntPtr.Zero;
+			totalCount = 0;
+			pageNumber = 1;
+			morePages = true;
+		}
+
+		public void Expand(string itemDN)
+		{
+			if (!isChildrenLoaded)
+			{
+				InitPageSearch();
+				GetPage();
+			}
+		}
+
+		private void GetPage()
+		{
+			List<DirectoryNode> lst = new List<DirectoryNode>();
+			UIErrorHelper.CheckedExec(delegate
+			{
+				ServerDTO.Connection.PagedSearch(qdto, ServerDTO.PageSize, cookie, morePages,
+					delegate (ILdapMessage ldMsg, IntPtr ck, bool moreP, List<ILdapEntry> entries)
+					{
+						cookie = ck;
+						morePages = moreP;
+						totalCount += entries.Count();
+						pageNumber++;
+						foreach (var entry in entries)
+						{
+							var ocList = new List<string>(entry.getAttributeValues(VMDirConstants.ATTR_OBJECT_CLASS).Select(x => x.StringValue).ToArray());
+							var node = new DirectoryNode(entry.getDN(), ocList, ServerDTO, this);
+							//node.NodeProperties = ServerDTO.Connection.GetEntryProperties(entry);
+							lst.Add(node);
+						}
+					});
+				isChildrenLoaded = true;
+				this.Children.AddRange(lst.ToArray());
+				NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadOutlineView", this);
+			});
+		}
+
+		public void ReloadChildren()
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+
+				if (this.Children != null)
+				{
+					this.Children.Clear();
+					isChildrenLoaded = false;
+					InitPageSearch();
+					Expand(Dn);
+				}
+			});
+		}
+
+		//Events
+		public virtual void RefreshNode(object sender, EventArgs e)
+		{
+			RefreshProperties();
+			ReloadChildren();
+		}
+
+		public void Add(object sender, EventArgs e)
+		{
+			ShowAddWindow();
+		}
+
+		public virtual void Delete(object sender, EventArgs e)
+		{
+			PerformDelete();
+		}
+
+		public void AddUser(object sender, EventArgs e)
+		{
+			ShowAddUser();
+		}
+
+		public void AddGroup(object sender, EventArgs e)
+		{
+			ShowAddGroup();
+		}
+		public void Search(object sender, EventArgs e)
+		{
+			ShowSearch();
+		}
+
+		public void FetchNextPage(object sender, EventArgs e)
+		{
+			GetNextPage();
+		}
+
+		public void VerifyUserPassword(object sender, EventArgs e)
+		{
+			ShowVerifyUserPassword();
+		}
+
+		public void ShowSearch()
+		{
+			SearchWindowController swc = new SearchWindowController(Dn, ServerDTO);
+			NSApplication.SharedApplication.RunModalForWindow(swc.Window);
+			//swc.Window.MakeKeyAndOrderFront(this);
+		}
+
+		public void GetNextPage()
+		{
+			if (morePages)
+				GetPage();
+			else
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_NO_MORE_PAGES);
+		}
+
+		void ShowVerifyUserPassword()
+		{
+			var upn = Utilities.GetAttrLastVal(_properties, VMDirConstants.ATTR_KRB_UPN);
+
+			VerifyPasswordController cwc = new VerifyPasswordController(upn);
+			nint result = NSApplication.SharedApplication.RunModalForWindow(cwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				try
+				{
+					VMDirServerDTO ser = new VMDirServerDTO();
+					ser.Server = ServerDTO.Server;
+					ser.Password = cwc.Password;
+					ser.BindDN = cwc.Upn;
+					ser.Connection = new LdapConnectionService(ser.Server, ser.BindDN, ser.Password);
+					if (ser.Connection.CheckCredentials())
+						UIErrorHelper.ShowAlert(CommonConstants.CORRECT_PWD, "Success");
+				}
+				catch (Exception)
+				{
+					UIErrorHelper.ShowAlert(CommonConstants.INVALID_PWD, "Failure");
+				}
+			}
+		}
+
+		//Launch Dialogs
+		public virtual void AddUserToGroup(object sender, EventArgs e)
+		{
+			AddGroupByCNWindowController gwc = new AddGroupByCNWindowController(ServerDTO);
+			nint result = NSApplication.SharedApplication.RunModalForWindow(gwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					string[] values = new string[2];
+					values[1] = null;
+					values[0] = Dn;
+					LdapMod[] ldapVal = new LdapMod[1];
+					ldapVal[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_MEMBER, values);
+					ServerDTO.Connection.ModifyObject(gwc.DNText, ldapVal);
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_MEMBER_ADD_SUCC);
+					ReloadChildren();
+					RefreshProperties();
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+				});
+			}
+		}
+
+		public void ShowAddWindow()
+		{
+			SelectObjectClassWindowController swc = new SelectObjectClassWindowController(ServerDTO.Connection.SchemaManager);
+			nint result = NSApplication.SharedApplication.RunModalForWindow(swc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				CreateObjectWindowController cwc = new CreateObjectWindowController(swc.SelectedObject.Name, ServerDTO,Dn);
+				nint res = NSApplication.SharedApplication.RunModalForWindow(cwc.Window);
+				if (res == (nint)VMIdentityConstants.DIALOGOK)
+				{
+					UIErrorHelper.CheckedExec(delegate ()
+					{
+						var attr = cwc._properties.Select(x => Utilities.MakeAttribute(x)).ToArray();
+						string newdn = cwc.Rdn + "," + Dn;
+						ServerDTO.Connection.AddObject(newdn, attr);
+						UIErrorHelper.ShowInformation(VMDirConstants.STAT_OBJ_ADD_SUCC);
+						var oc = Utilities.GetObjectClassList(ServerDTO,newdn,LdapScope.SCOPE_BASE);
+						this.Children.Insert(0,new DirectoryNode(newdn,oc,ServerDTO,this));
+						//ReloadChildren();
+						RefreshProperties();
+						NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadOutlineView", this);
+						NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+					});
+
+				}
+				swc.Dispose();
+			}
+		}
+
+		public void ShowAddGroup()
+		{
+			GroupDTO dto = new GroupDTO();
+			AddNewGroupController agc = new AddNewGroupController(dto);
+			nint res = NSApplication.SharedApplication.RunModalForWindow(agc.Window);
+			if (res == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					LdapMod[] user = new LdapMod[4];
+					user[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_CN, new string[] {
+						dto.cn,
+						null
+					});
+					user[1] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_GROUPTYPE, new string[] {
+						dto.groupType.ToString (),
+						null
+					});
+					user[2] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_SAM_ACCOUNT_NAME, new string[] {
+						dto.sAMAccountName,
+						null
+					});
+					user[3] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_OBJECT_CLASS, new string[] {
+						dto.objectClass,
+						null
+					});
+					string dn = string.Format("cn={0},{1}", dto.cn, Dn);
+					ServerDTO.Connection.AddObject(dn, user);
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_GRP_ADD_SUCC);
+					var oc = Utilities.GetObjectClassList(ServerDTO, dn, LdapScope.SCOPE_BASE);
+					this.Children.Insert(0, new DirectoryNode(dn, oc, ServerDTO, this));
+					//ReloadChildren();
+					RefreshProperties();
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadOutlineView", this);
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+				});
+			}
+		}
+
+		public void ShowAddUser()
+		{

+            UserDTO userDTO = new UserDTO();
+			AddNewUserController awc = new AddNewUserController(userDTO);
+			nint res = NSApplication.SharedApplication.RunModalForWindow(awc.Window);
+			if (res == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					LdapMod[] user = new LdapMod[6];
+					user[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_GIVEN_NAME, new string[] {
+						userDTO.FirstName,
+						null
+					});
+					user[1] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_SN, new string[] {
+						userDTO.LastName,
+						null
+					});
+					user[2] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_CN, new string[] {
+						userDTO.Cn,
+						null
+					});
+					user[3] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_KRB_UPN, new string[] {
+						userDTO.UPN,
+						null
+					});
+					user[4] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_SAM_ACCOUNT_NAME, new string[] {
+						userDTO.SAMAccountName,
+						null
+					});
+					user[5] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_OBJECT_CLASS, new string[] {
+						VMDirConstants.USER_OC,
+						null
+					});
+					string dn = string.Format("cn={0},{1}", userDTO.Cn, Dn);
+					ServerDTO.Connection.AddObject(dn, user);
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_USR_ADD_SUCC);
+					var oc = Utilities.GetObjectClassList(ServerDTO, dn, LdapScope.SCOPE_BASE);
+					this.Children.Insert(0, new DirectoryNode(dn, oc, ServerDTO, this));
+					//ReloadChildren();
+					RefreshProperties();
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadOutlineView", this);
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+				});
+
+			}
+		}
+
+		public virtual void PerformDelete()
+		{
+			ConfirmationDialogController cwc = new ConfirmationDialogController("Are you sure?");
+			nint result = NSApplication.SharedApplication.RunModalForWindow(cwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					ServerDTO.Connection.DeleteObject(Dn);
+					ScopeNode node = this.Parent;
+					if (node != null)
+					{
+						node.Children.Remove(this);
+						if (node is DirectoryNode)
+							(node as DirectoryNode).ReloadChildren();
+						NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadOutlineView", node);
+						NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", node);
+						UIErrorHelper.ShowInformation(VMDirConstants.STAT_OBJ_DEL_SUCC);
+					}
+					else {
+						UIErrorHelper.ShowInformation(VMDirConstants.STAT_BASE_OBJ_DEL_SUCC);
+					}
+				});
+			}
+		}
+
+		public void RestUserPassword(object sender, EventArgs e)
+		{
+			ResetPasswordWindowController cwc = new ResetPasswordWindowController(Dn);
+			nint result = NSApplication.SharedApplication.RunModalForWindow(cwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					LdapMod[] mod = new LdapMod[1];
+					mod[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_REPLACE, VMDirConstants.ATTR_USER_PASSWORD, new string[] {
+						cwc.Password,
+						null
+					});
+					ServerDTO.Connection.ModifyObject(cwc.Dn, mod);
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_PWD_RESET_SUCC);
+					ReloadChildren();
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+				});
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/DirectoryNonExpandableNode.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/DirectoryNonExpandableNode.cs
new file mode 100755
index 000000000..01c7a575a
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/DirectoryNonExpandableNode.cs
@@ -0,0 +1,82 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDirInterop.LDAP;
+using LWRaftSnapIn.UI;
+using VmIdentity.UI.Common;
+using VmIdentity.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.Nodes
+{
+	public class DirectoryNonExpandableNode : DirectoryNode
+	{
+		public DirectoryNonExpandableNode(string dn, List<string> oc, VMDirServerDTO dto) : base(dn,oc,dto,null)
+		{
+		}
+		public override void AddUserToGroup(object sender, EventArgs e)
+		{
+			AddGroupByCNWindowController gwc = new AddGroupByCNWindowController(ServerDTO);
+			nint result = NSApplication.SharedApplication.RunModalForWindow(gwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					string[] values = new string[2];
+					values[1] = null;
+					values[0] = Dn;
+					LdapMod[] ldapVal = new LdapMod[1];
+					ldapVal[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_MEMBER, values);
+					ServerDTO.Connection.ModifyObject(gwc.DNText, ldapVal);
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_MEMBER_ADD_SUCC);
+					ReloadChildren();
+					RefreshProperties();
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadResultTableView", this);
+				});
+			}
+		}
+		public override void PerformDelete()
+		{
+			ConfirmationDialogController cwc = new ConfirmationDialogController("Are you sure?");
+			nint result = NSApplication.SharedApplication.RunModalForWindow(cwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				UIErrorHelper.CheckedExec(delegate ()
+				{
+					ServerDTO.Connection.DeleteObject(Dn);
+					NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadResultOutlineView", this);
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_OBJ_DEL_SUCC);
+				});
+			}
+		}
+		public override void Delete(object sender, EventArgs e)
+		{
+			PerformDelete();
+		}
+		public void PerformRefreshNode()
+		{
+			_properties.Clear();
+			FillProperties();
+			NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadResultTableView", this);
+		}
+		public override void RefreshNode(object sender, EventArgs e)
+		{
+			PerformRefreshNode();
+		}
+	}
+}
\ No newline at end of file
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/ScopeNode.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/ScopeNode.cs
new file mode 100755
index 000000000..89b2e7892
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/ScopeNode.cs
@@ -0,0 +1,56 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+
+namespace LWRaftSnapIn.Nodes
+{
+	public class ScopeNode : Foundation.NSObject
+	{
+		public String DisplayName;
+		public object Tag { get; set; }
+		public ScopeNode Parent { get; set; }
+		public List<ScopeNode> Children { get; set; }
+
+		public ScopeNode()
+		{
+			this.DisplayName = "";
+			this.Tag = null;
+			this.Children = new List<ScopeNode>();
+			this.Parent = null;
+		}
+
+		public int NumberOfChildren()
+		{
+			if (this.Children == null)
+				return 0;
+			else
+				return this.Children.Count;
+		}
+
+		public ScopeNode ChildAtIndex(int n)
+		{
+			if (this.Children != null && n < NumberOfChildren())
+			{
+				ScopeNode item = this.Children[n];
+				return item;
+			}
+			else {
+				return null;
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/VMDirServerInfo.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/VMDirServerInfo.cs
new file mode 100755
index 000000000..32561abea
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Nodes/VMDirServerInfo.cs
@@ -0,0 +1,75 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using VMDir.Common.DTO;
+using VMDir.Common.VMDirUtilities;
+using System.Threading.Tasks;
+using VMIdentity.CommonUtils;
+
+namespace Nodes
+{
+	public class VMDirServerInfo : Foundation.NSObject
+	{
+		public bool IsLoggedIn { get; set; }
+		public bool loginComplete { get; set; }
+		public VMDirServerDTO DTO { get; set; }
+
+		public VMDirServerInfo(VMDirServerDTO dto)
+		{
+			DTO = dto;
+			IsLoggedIn = false;
+			loginComplete = false;
+		}
+
+		public async Task DoLogin()
+		{
+			try
+			{
+				Task t = new Task(ServerConnect);
+				t.Start();
+				if (await Task.WhenAny(t, Task.Delay(CommonConstants.TEN_SEC * 3)) == t)
+				{
+					await t;
+				}
+				else {
+					throw new Exception(CommonConstants.SERVER_TIMEOUT);
+				}
+			}
+			catch (Exception ex)
+			{
+				throw ex;
+			}
+		}
+
+		public void ServerConnect()
+		{
+			try
+			{
+				DTO.Connection = new LdapConnectionService(DTO.Server, DTO.BindDN, DTO.Password);
+
+				if (DTO.Connection.CreateConnection() == 1)
+					IsLoggedIn = true;
+				else
+					IsLoggedIn = false;
+			}
+			catch (Exception)
+			{
+				IsLoggedIn = false;
+				throw;
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_Group_64.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_Group_64.png
new file mode 100755
index 000000000..f8dcfc940
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_Group_64.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_Object_64.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_Object_64.png
new file mode 100755
index 000000000..54742a5ed
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_Object_64.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_User_64.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_User_64.png
new file mode 100755
index 000000000..bca558228
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Add_User_64.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/BulletBlackIcon.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/BulletBlackIcon.png
new file mode 100755
index 000000000..cce755f5c
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/BulletBlackIcon.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Disconnect_64.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Disconnect_64.png
new file mode 100755
index 000000000..eacd4cc86
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Disconnect_64.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Edit_Properties_64.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Edit_Properties_64.png
new file mode 100755
index 000000000..587712b44
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Edit_Properties_64.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/ExportImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/ExportImg.png
new file mode 100755
index 000000000..73119ecb2
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/ExportImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/GroupImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/GroupImg.png
new file mode 100755
index 000000000..1d224aafd
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/GroupImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/LoginImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/LoginImg.png
new file mode 100755
index 000000000..33e89473b
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/LoginImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/NextPageImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/NextPageImg.png
new file mode 100755
index 000000000..8fd108449
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/NextPageImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OpenImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OpenImg.png
new file mode 100755
index 000000000..6ffb6d8d2
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OpenImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OperationalAttrImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OperationalAttrImg.png
new file mode 100755
index 000000000..71c50bd32
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OperationalAttrImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OptionalAttrImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OptionalAttrImg.png
new file mode 100755
index 000000000..9f1dd8e25
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/OptionalAttrImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/PageSizeImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/PageSizeImg.png
new file mode 100755
index 000000000..95686a642
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/PageSizeImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Question.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Question.png
new file mode 100755
index 000000000..d3f2e3664
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/Question.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/RefreshImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/RefreshImg.png
new file mode 100755
index 000000000..8aa2f6f46
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/RefreshImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/ResetPasswordImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/ResetPasswordImg.png
new file mode 100755
index 000000000..0f42aed21
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/ResetPasswordImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SaveImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SaveImg.png
new file mode 100755
index 000000000..bf72413fe
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SaveImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SearchBoxCollapseImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SearchBoxCollapseImg.png
new file mode 100755
index 000000000..53744046d
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SearchBoxCollapseImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SearchImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SearchImg.png
new file mode 100755
index 000000000..d1ae90bb4
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/SearchImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/UserImg.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/UserImg.png
new file mode 100755
index 000000000..340a3674a
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/UserImg.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/VMwareicon.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/VMwareicon.png
new file mode 100755
index 000000000..ae8a2dd3f
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/VMwareicon.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/View_Schema_64.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/View_Schema_64.png
new file mode 100755
index 000000000..a3d51e051
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/View_Schema_64.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/connect.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/connect.png
new file mode 100755
index 000000000..5c4a7471e
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/connect.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/delete.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/delete.png
new file mode 100755
index 000000000..d3f69a5f0
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/delete.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/directory-service-256.icns b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/directory-service-256.icns
new file mode 100755
index 000000000..ff22ee6b6
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/directory-service-256.icns differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/directoryObject.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/directoryObject.png
new file mode 100755
index 000000000..d05121fab
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/directoryObject.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/disconnect_64x.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/disconnect_64x.png
new file mode 100755
index 000000000..84ba13761
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/disconnect_64x.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/home.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/home.png
new file mode 100755
index 000000000..c96bc6f39
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/home.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/lightwave.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/lightwave.png
new file mode 100755
index 000000000..46e9004d4
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/lightwave.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/object.png b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/object.png
new file mode 100755
index 000000000..081001d4d
Binary files /dev/null and b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/Resources/object.png differ
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ActivatableToolBarItem.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ActivatableToolBarItem.cs
new file mode 100755
index 000000000..91537a6e2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ActivatableToolBarItem.cs
@@ -0,0 +1,50 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+
+using Foundation;
+using AppKit;
+
+namespace VmIdentity.UI.Common
+{
+    [Register ("ActivatableToolBarItem")]
+    public class ActivatableToolBarItem : NSToolbarItem
+    {
+        public bool Active { get; set; } = false;
+
+        public ActivatableToolBarItem ()
+        {
+        }
+
+        public ActivatableToolBarItem (IntPtr handle) : base (handle)
+        {
+        }
+
+        public ActivatableToolBarItem (NSObjectFlag  t) : base (t)
+        {
+        }
+
+        public ActivatableToolBarItem (string title) : base (title)
+        {
+        }
+
+        public override void Validate ()
+        {
+            base.Validate ();
+
+            Enabled = Active;
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.cs
new file mode 100755
index 000000000..75590575d
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class AddNewGroup : NSWindow
+	{
+		public AddNewGroup(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public AddNewGroup(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.designer.cs
new file mode 100755
index 000000000..9b0f3c214
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    [global::Foundation.Register ("AddNewGroup")]
+    public partial class AddNewGroup
+    {
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.xib
new file mode 100755
index 000000000..2d43e7f8d
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroup.xib
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="8191" systemVersion="14F27" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="8191"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="AddNewGroupController">
+            <connections>
+                <outlet property="GroupName" destination="7" id="37"/>
+                <outlet property="GroupNameTextField" destination="7" id="38"/>
+                <outlet property="SAMAccountNameTextField" destination="32" id="36"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application"/>
+        <window title="Add New Group" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="AddNewGroup">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="436" height="186"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="436" height="186"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField verticalHuggingPriority="750" id="7">
+                        <rect key="frame" x="171" y="126" width="229" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the group name or the cn" drawsBackground="YES" id="8">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="19">
+                        <rect key="frame" x="346" y="26" width="60" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="OK" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="20">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnOKButton:" target="-2" id="28"/>
+                        </connections>
+                    </button>
+                    <button verticalHuggingPriority="750" id="21">
+                        <rect key="frame" x="244" y="26" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="22">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancelButton:" target="-2" id="29"/>
+                        </connections>
+                    </button>
+                    <textField verticalHuggingPriority="750" id="32">
+                        <rect key="frame" x="171" y="82" width="229" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the sAMAccountName " drawsBackground="YES" id="33">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="34">
+                        <rect key="frame" x="38" y="84" width="129" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="SAMAccountName :" id="35">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="23">
+                        <rect key="frame" x="50" y="129" width="122" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Group Name (CN) :" id="24">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="30" id="39"/>
+            </connections>
+            <point key="canvasLocation" x="237" y="340"/>
+        </window>
+        <customObject id="30" customClass="AddNewGroup"/>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroupController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroupController.cs
new file mode 100755
index 000000000..1a7d7f4f0
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroupController.cs
@@ -0,0 +1,90 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+using VMDir.Common;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class AddNewGroupController : NSWindowController
+	{
+		GroupDTO _dto;
+
+		public AddNewGroupController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public AddNewGroupController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public AddNewGroupController(GroupDTO dto) : base("AddNewGroup")
+		{
+			_dto = dto;
+			_dto.groupType = VMDirConstants.GROUPTYPE_ACCOUNT;
+			_dto.objectClass = "group";
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+
+		partial void OnCancelButton(Foundation.NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		private bool DoValidateControls()
+		{
+			string msg = string.Empty;
+
+			if (String.IsNullOrWhiteSpace(GroupNameTextField.StringValue))
+				msg = VMDirConstants.WRN_GRP_NAME_ENT;
+			else if (String.IsNullOrWhiteSpace(SAMAccountNameTextField.StringValue))
+				msg = VMDirConstants.WRN_SAM_NAME_ENT;
+
+			if (!string.IsNullOrWhiteSpace(msg))
+			{
+				UIErrorHelper.ShowWarning(msg);
+				return false;
+			}
+			return true;
+		}
+
+		partial void OnOKButton(Foundation.NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+				if (!DoValidateControls())
+					return;
+				_dto.cn = GroupNameTextField.StringValue;
+				_dto.sAMAccountName = SAMAccountNameTextField.StringValue;
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			});
+		}
+
+		public new AddNewGroup Window
+		{
+			get { return (AddNewGroup)base.Window; }
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroupController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroupController.designer.cs
new file mode 100755
index 000000000..52f3e3f41
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup/AddNewGroupController.designer.cs
@@ -0,0 +1,56 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register("AddNewGroupController")]
+	partial class AddNewGroupController
+	{
+		[Outlet]
+		AppKit.NSTextField GroupNameTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField SAMAccountNameTextField { get; set; }
+
+		[Action("OnCancelButton:")]
+		partial void OnCancelButton(Foundation.NSObject sender);
+
+		[Action("OnOKButton:")]
+		partial void OnOKButton(Foundation.NSObject sender);
+
+		void ReleaseDesignerOutlets()
+		{
+			if (GroupNameTextField != null)
+			{
+				GroupNameTextField.Dispose();
+				GroupNameTextField = null;
+			}
+
+			if (SAMAccountNameTextField != null)
+			{
+				SAMAccountNameTextField.Dispose();
+				SAMAccountNameTextField = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.cs
new file mode 100755
index 000000000..d948b85cb
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.cs
@@ -0,0 +1,45 @@
+/*

+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.

+ *

+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not

+ * use this file except in compliance with the License.  You may obtain a copy

+ * of the License at http://www.apache.org/licenses/LICENSE-2.0

+ *·

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an “AS IS” BASIS, without

+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the

+ * License for the specific language governing permissions and limitations

+ * under the License.

+ */
+
+using System;

+using Foundation;

+

+namespace LWRaftSnapIn.UI

+{
+	public partial class CreateObjectWindow : AppKit.NSWindow
+	{
+		#region Constructors

+
+		// Called when created from unmanaged code
+		public CreateObjectWindow(IntPtr handle) : base(handle)
+		{
+			Initialize();
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public CreateObjectWindow(NSCoder coder) : base(coder)
+		{
+			Initialize();
+		}
+
+		// Shared initialization code
+		void Initialize()
+		{
+		}
+
+		#endregion

+	}

+}

+

diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.designer.cs
new file mode 100755
index 000000000..aeff9bdca
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.designer.cs
@@ -0,0 +1,81 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("CreateObjectWindowController")]
+	partial class CreateObjectWindowController
+	{
+		[Outlet]
+		AppKit.NSButton CancelButton { get; set; }
+
+		[Outlet]
+		AppKit.NSButton CreateButton { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField ParentDnTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTableView PropertiesTableView { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField RdnTextField { get; set; }
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (CancelButton != null) {
+				CancelButton.Dispose ();
+				CancelButton = null;
+			}
+
+			if (CreateButton != null) {
+				CreateButton.Dispose ();
+				CreateButton = null;
+			}
+
+			if (PropertiesTableView != null) {
+				PropertiesTableView.Dispose ();
+				PropertiesTableView = null;
+			}
+
+			if (ParentDnTextField != null) {
+				ParentDnTextField.Dispose ();
+				ParentDnTextField = null;
+			}
+
+			if (RdnTextField != null) {
+				RdnTextField.Dispose ();
+				RdnTextField = null;
+			}
+		}
+	}
+
+	[Register ("CreateObjectWindow")]
+	partial class CreateObjectWindow
+	{
+		
+		void ReleaseDesignerOutlets ()
+		{
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.xib
new file mode 100755
index 000000000..4fac090c4
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindow.xib
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <development version="5000" identifier="xcode"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="CreateObjectWindowController">
+            <connections>
+                <outlet property="CancelButton" destination="11" id="33"/>
+                <outlet property="CreateButton" destination="9" id="32"/>
+                <outlet property="ParentDnTextField" destination="kZV-0v-9Yr" id="t7P-KZ-u9X"/>
+                <outlet property="PropertiesTableView" destination="14" id="30"/>
+                <outlet property="RdnTextField" destination="AVF-zd-deV" id="TVx-dn-h0T"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Create Directory Object" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="CreateObjectWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="372" y="265" width="575" height="400"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="604" height="400"/>
+            <value key="maxSize" type="size" width="604" height="400"/>
+            <view key="contentView" autoresizesSubviews="NO" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="575" height="400"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <button verticalHuggingPriority="750" id="11">
+                        <rect key="frame" x="369" y="35" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="12">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                    </button>
+                    <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="13">
+                        <rect key="frame" x="30" y="83" width="520" height="246"/>
+                        <autoresizingMask key="autoresizingMask"/>
+                        <clipView key="contentView" drawsBackground="NO" id="M7a-Zp-Hxh">
+                            <rect key="frame" x="1" y="0.0" width="518" height="245"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <tableView toolTip="Double click the value field to enter new values" appearanceType="vibrantLight" verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" alternatingRowBackgroundColors="YES" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" headerView="16" id="14">
+                                    <rect key="frame" x="0.0" y="0.0" width="518" height="228"/>
+                                    <autoresizingMask key="autoresizingMask"/>
+                                    <size key="intercellSpacing" width="3" height="2"/>
+                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    <tableViewGridLines key="gridStyleMask" vertical="YES"/>
+                                    <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                    <tableColumns>
+                                        <tableColumn identifier="Key" width="204" minWidth="40" maxWidth="1000" id="18">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Attribute">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" continuous="YES" alignment="left" title="Text Cell" id="21">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="Value" width="308" minWidth="40" maxWidth="1000" id="19">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Value">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" continuous="YES" alignment="left" title="Text Cell" id="20">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                    </tableColumns>
+                                </tableView>
+                            </subviews>
+                            <nil key="backgroundColor"/>
+                        </clipView>
+                        <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="15">
+                            <rect key="frame" x="1" y="251" width="518" height="16"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="17">
+                            <rect key="frame" x="224" y="17" width="15" height="102"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <tableHeaderView key="headerView" id="16">
+                            <rect key="frame" x="0.0" y="0.0" width="518" height="17"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </tableHeaderView>
+                    </scrollView>
+                    <button verticalHuggingPriority="750" id="9">
+                        <rect key="frame" x="466" y="35" width="90" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Create" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="10">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                    </button>
+                    <textField verticalHuggingPriority="750" id="kZV-0v-9Yr">
+                        <rect key="frame" x="115" y="363" width="300" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" enabled="NO" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" drawsBackground="YES" id="8LO-qt-mx9">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="xde-8D-VjK">
+                        <rect key="frame" x="28" y="363" width="70" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Parent DN:" id="ka0-nw-Szo">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="Ynh-an-Beg">
+                        <rect key="frame" x="28" y="338" width="71" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Enter RDN:" id="e1I-FH-fLP">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="AVF-zd-deV">
+                        <rect key="frame" x="115" y="337" width="300" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="cn=" drawsBackground="YES" id="iag-Db-o3B">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <contentBorderThickness minY="22"/>
+            <connections>
+                <outlet property="delegate" destination="-2" id="xX1-Lp-Kxg"/>
+            </connections>
+            <point key="canvasLocation" x="398.5" y="395"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindowController.cs
new file mode 100755
index 000000000..982b4211a
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddObject/CreateObjectWindowController.cs
@@ -0,0 +1,177 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using AppKit;
+using Foundation;
+using LWRaftSnapIn.DataSource;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.DTO;
+using VMDir.Common;
+using VMDirInterop.LDAP;
+using VMDir.Common.VMDirUtilities;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class CreateObjectWindowController : AppKit.NSWindowController
+	{
+		private string _objectClass;
+		private VMDirServerDTO _serverDTO;
+		public Dictionary<string, VMDirAttributeDTO> _properties;
+		private CreateObjectTableViewDataSource ds;
+		private string _parentDn;
+		public string Rdn;
+
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public CreateObjectWindowController(IntPtr handle)
+			: base(handle)
+		{
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public CreateObjectWindowController(NSCoder coder)
+			: base(coder)
+		{
+		}
+
+		// Call to load from the XIB/NIB file
+		public CreateObjectWindowController()
+			: base("CreateObjectWindow")
+		{
+		}
+
+		// Call to load from the XIB/NIB file
+		public CreateObjectWindowController(string objectClass, VMDirServerDTO serverDTO, string parentDn)
+			: base("CreateObjectWindow")
+		{
+			_objectClass = objectClass;
+			_serverDTO = serverDTO;
+			_parentDn = parentDn;
+			Bind();
+		}
+
+		#endregion
+
+		private void Bind()
+		{
+			var requiredProps = _serverDTO.Connection.SchemaManager.GetRequiredAttributes(_objectClass);
+			_properties = new Dictionary<string, VMDirAttributeDTO>();
+			foreach (var prop in requiredProps)
+			{
+				VMDirAttributeDTO dto = new VMDirAttributeDTO(prop.Name, new List<VMDirInterop.LDAP.LdapValue>(), prop);
+				_properties.Add(prop.Name, dto);
+
+			}
+			var oc = _properties[VMDirConstants.ATTR_OBJECT_CLASS];
+			LdapValue val = new LdapValue(_objectClass);
+			oc.Values = new List<LdapValue>() { val };
+			Utilities.RemoveDontShowAttributes(_properties);
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			try
+			{
+				this.ParentDnTextField.StringValue = _parentDn;
+				ds = new CreateObjectTableViewDataSource(_properties);
+				this.PropertiesTableView.DataSource = ds;
+				NSTableColumn col;
+				col = this.PropertiesTableView.TableColumns()[0];
+				if (col != null)
+					col.DataCell = new NSBrowserCell();
+				this.PropertiesTableView.Delegate = new NSTableViewDelegate();
+				this.CreateButton.Activated += OnClickCreateButton;
+				this.CancelButton.Activated += OnClickCancelButton;
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error " + e.Message);
+			}
+		}
+
+		private void OnClickCancelButton(object sender, EventArgs e)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		private void OnClickCreateButton(object sender, EventArgs e)
+		{
+			if (DoValidate())
+			{
+				Rdn = this.RdnTextField.StringValue;
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			}
+		}
+
+		private bool DoValidate()
+		{
+			if (string.IsNullOrWhiteSpace(ParentDnTextField.StringValue))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_DN_ENT);
+				return false;
+			}
+			if (string.IsNullOrWhiteSpace(RdnTextField.StringValue))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_RDN_ENT);
+				return false;
+			}
+			var requiredPropsNotFilled = _properties.Where(x =>
+				{
+					var val = x.Value.Values;
+					if (val == null)
+						return true;
+					else if (val.Count <= 0)
+						return true;
+					else {
+						var flag = false;
+						foreach (LdapValue item in val)
+							if (string.IsNullOrEmpty(item.StringValue))
+								flag = true;
+						return flag;
+					}
+				});
+			if (requiredPropsNotFilled.Count() > 0)
+			{
+				string error = string.Format("{0} is empty", requiredPropsNotFilled.First().Key);
+				UIErrorHelper.ShowWarning(error);
+				return false;
+			}
+			return true;
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModal();
+		}
+
+		//strongly typed window accessor
+		public new CreateObjectWindow Window
+		{
+			get
+			{
+				return (CreateObjectWindow)base.Window;
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.cs
new file mode 100755
index 000000000..ffe87918b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.cs
@@ -0,0 +1,38 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AddGroupByCNWindow : NSWindow
+    {
+		public AddGroupByCNWindow (IntPtr handle) : base (handle)
+        {
+        }
+
+        [Export ("initWithCoder:")]
+        public AddGroupByCNWindow (NSCoder coder) : base (coder)
+        {
+        }
+
+        public override void AwakeFromNib ()
+        {
+            base.AwakeFromNib ();
+        }
+
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.designer.cs
new file mode 100755
index 000000000..433efb1d7
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    [global::Foundation.Register ("AddGroupByCNWindow")]
+    public partial class AddGroupByCNWindow
+    {
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.xib
new file mode 100755
index 000000000..25f785676
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindow.xib
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="8191" systemVersion="14F27" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="8191"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="GenericUserInputWindowController">
+            <connections>
+                <outlet property="DNTextField" destination="13" id="15"/>
+                <outlet property="DnLabel" destination="37" id="39"/>
+                <outlet property="FindDNButton" destination="22" id="35"/>
+                <outlet property="FindDnButton" destination="22" id="36"/>
+                <outlet property="OnFindDNButton" destination="22" id="33"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application"/>
+        <window title="Add to a Group" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" restorable="NO" oneShot="NO" animationBehavior="default" id="2" customClass="AddGroupByCNWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="493" y="315" width="539" height="167"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="494" height="136"/>
+            <value key="maxSize" type="size" width="404" height="136"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="539" height="167"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <button verticalHuggingPriority="750" id="9">
+                        <rect key="frame" x="345" y="53" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="10">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancelButton:" target="-2" id="17"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="11">
+                        <rect key="frame" x="24" y="118" width="110" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="  Group Name    :" id="12">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="13">
+                        <rect key="frame" x="152" y="116" width="270" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the group name here to search" drawsBackground="YES" id="14">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button toolTip="Click Find to list all the groups matching the search criteria" id="22">
+                        <rect key="frame" x="433" y="111" width="75" height="29"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="bevel" title="Find CN" bezelStyle="regularSquare" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="23">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnFindDnButton:" target="-2" id="34"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" setsMaxLayoutWidthAtFirstLayout="YES" id="37">
+                        <rect key="frame" x="36" y="22" width="298" height="81"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" lineBreakMode="charWrapping" sendsActionOnEndEditing="YES" id="38">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="keyboardFocusIndicatorColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="7">
+                        <rect key="frame" x="446" y="53" width="66" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Add" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="8">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnOKButton:" target="-2" id="16"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="18" id="19"/>
+            </connections>
+            <point key="canvasLocation" x="334.5" y="293.5"/>
+        </window>
+        <customObject id="18" customClass="AddGroupByCNWindow"/>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindowController.cs
new file mode 100755
index 000000000..bce3f1155
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindowController.cs
@@ -0,0 +1,91 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.VMDirUtilities;
+using VMDir.Common.DTO;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class AddGroupByCNWindowController : NSWindowController
+	{
+		public String DNText { get; set; }
+
+		VMDirServerDTO serverDTO;
+
+		public AddGroupByCNWindowController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public AddGroupByCNWindowController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public AddGroupByCNWindowController(VMDirServerDTO dto) : base("AddGroupByCNWindow")
+		{
+			serverDTO = dto;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+
+		partial void OnCancelButton(Foundation.NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		partial void OnOKButton(Foundation.NSObject sender)
+		{
+			if (!string.IsNullOrWhiteSpace(DnLabel.StringValue))
+			{
+				DNText = DnLabel.StringValue;
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			}
+			else
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_GRP_NAME_SEL);
+		}
+
+		partial void OnFindDnButton(Foundation.NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+				if (!string.IsNullOrWhiteSpace(DNTextField.StringValue))
+				{
+					DNText = DNTextField.StringValue;
+					string[] dn = Utilities.SearchItemCN(serverDTO.BaseDN, "group", DNText, null, serverDTO);
+					//if only single result is found
+					if (dn.Length == 1)
+						DnLabel.StringValue = dn[0];
+					else if (dn.Length <= 0)
+						DnLabel.StringValue = "Search item not found in groups.";
+					//else if dn.length>1 TODO - Display a separate window  listing all the multiple dn found  and let the user choose one.
+				}
+			});
+		}
+
+		public new AddGroupByCNWindow Window
+		{
+			get { return (AddGroupByCNWindow)base.Window; }
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindowController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindowController.designer.cs
new file mode 100755
index 000000000..eb6a48a1a
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup/AddGroupByCNWindowController.designer.cs
@@ -0,0 +1,65 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+    [Register ("AddGroupByCNWindowController")]
+    partial class AddGroupByCNWindowController
+    {
+        [Outlet]
+        AppKit.NSTextField DnLabel { get; set; }
+
+        [Outlet]
+        AppKit.NSTextField DNTextField { get; set; }
+
+        [Outlet]
+        AppKit.NSButton FindDnButton { get; set; }
+
+        [Action ("OnCancelButton:")]
+        partial void OnCancelButton (Foundation.NSObject sender);
+
+        [Action ("OnFindDnButton:")]
+        partial void OnFindDnButton (Foundation.NSObject sender);
+
+        [Action ("OnOKButton:")]
+        partial void OnOKButton (Foundation.NSObject sender);
+
+        void ReleaseDesignerOutlets ()
+        {
+            if (DNTextField != null) {
+                DNTextField.Dispose ();
+                DNTextField = null;
+            }
+
+            if (FindDnButton != null) {
+                FindDnButton.Dispose ();
+                FindDnButton = null;
+            }
+
+            if (DnLabel != null) {
+                DnLabel.Dispose ();
+                DnLabel = null;
+            }
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.cs
new file mode 100755
index 000000000..993a08a7d
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.cs
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AddNewUser : NSWindow
+    {
+        public AddNewUser (IntPtr handle) : base (handle)
+        {
+        }
+
+        [Export ("initWithCoder:")]
+        public AddNewUser (NSCoder coder) : base (coder)
+        {
+        }
+
+        public override void AwakeFromNib ()
+        {
+            base.AwakeFromNib ();
+        }
+
+        [Export ("windowWillClose:")]
+        public void WindowWillClose (NSNotification notification)
+        {
+            this.Close ();
+            NSApplication.SharedApplication.StopModalWithCode (0);
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.designer.cs
new file mode 100755
index 000000000..0b531045d
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    [global::Foundation.Register ("AddNewUser")]
+    public partial class AddNewUser
+    {
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.xib
new file mode 100755
index 000000000..3e6532084
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUser.xib
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="AddNewUserController">
+            <connections>
+                <outlet property="CNTextField" destination="11" id="33"/>
+                <outlet property="FirstNameTextField" destination="7" id="31"/>
+                <outlet property="LastNameTextField" destination="9" id="32"/>
+                <outlet property="UPNTextField" destination="13" id="34"/>
+                <outlet property="sAMAccountNameTextField" destination="15" id="35"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Add User" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="AddNewUser">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="475" height="312"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="475" height="312"/>
+            <value key="maxSize" type="size" width="475" height="312"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="475" height="312"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField verticalHuggingPriority="750" id="7">
+                        <rect key="frame" x="198" y="267" width="238" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the first name" drawsBackground="YES" id="8">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="9">
+                        <rect key="frame" x="198" y="220" width="238" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the last name" drawsBackground="YES" id="10">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="11">
+                        <rect key="frame" x="198" y="170" width="238" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the cn of the user E.g. TestUser" drawsBackground="YES" id="12">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="15">
+                        <rect key="frame" x="198" y="78" width="238" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="E.g. TestUser" drawsBackground="YES" id="16">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="17">
+                        <rect key="frame" x="105" y="270" width="85" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="First name :" id="18">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="19">
+                        <rect key="frame" x="105" y="220" width="75" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Last Name:" id="20">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="21">
+                        <rect key="frame" x="140" y="170" width="48" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="CN :" id="22">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="23">
+                        <rect key="frame" x="52" y="127" width="131" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="UserPrincipalName :" id="24">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="25">
+                        <rect key="frame" x="56" y="83" width="129" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="SAMAccountName :" id="26">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="27">
+                        <rect key="frame" x="361" y="28" width="81" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Create" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="28">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCreateUser:" target="-2" id="36"/>
+                        </connections>
+                    </button>
+                    <button verticalHuggingPriority="750" id="29">
+                        <rect key="frame" x="260" y="28" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="30">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancel:" target="-2" id="37"/>
+                        </connections>
+                    </button>
+                    <textField verticalHuggingPriority="750" id="13">
+                        <rect key="frame" x="198" y="124" width="238" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="E.g. TestUser@domainname" drawsBackground="YES" id="14">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="38" id="39"/>
+            </connections>
+            <point key="canvasLocation" x="293.5" y="351"/>
+        </window>
+        <customObject id="38" customClass="AddNewUser"/>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUserController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUserController.cs
new file mode 100755
index 000000000..c889bf656
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUserController.cs
@@ -0,0 +1,98 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+
+using Foundation;
+using AppKit;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class AddNewUserController : NSWindowController
+	{
+		UserDTO _dto;
+
+		public AddNewUserController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public AddNewUserController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public AddNewUserController(UserDTO dto) : base("AddNewUser")
+		{
+			_dto = dto;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+
+		private bool DoValidateControls()
+		{
+			string msg = string.Empty;
+
+			if (string.IsNullOrWhiteSpace(CNTextField.StringValue))
+				msg = VMDirConstants.WRN_CN_ENT;
+			else if (string.IsNullOrWhiteSpace(FirstNameTextField.StringValue))
+				msg = VMDirConstants.WRN_FN_ENT;
+			else if (string.IsNullOrWhiteSpace(LastNameTextField.StringValue))
+				msg = VMDirConstants.WRN_LN_ENT;
+			else if (string.IsNullOrWhiteSpace(sAMAccountNameTextField.StringValue))
+				msg = VMDirConstants.WRN_SAM_NAME_ENT;
+			else if (string.IsNullOrWhiteSpace(UPNTextField.StringValue))
+				msg = VMDirConstants.WRN_UPN_ENT;
+
+			if (!string.IsNullOrWhiteSpace(msg))
+			{
+				UIErrorHelper.ShowWarning(msg);
+				return false;
+			}
+			return true;
+		}
+
+		partial void OnCreateUser(Foundation.NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+				if (!DoValidateControls())
+					return;
+				_dto.Cn = CNTextField.StringValue;
+				_dto.FirstName = FirstNameTextField.StringValue;
+				_dto.LastName = LastNameTextField.StringValue;
+				_dto.SAMAccountName = sAMAccountNameTextField.StringValue;
+				_dto.UPN = UPNTextField.StringValue;
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			});
+		}
+
+		partial void OnCancel(Foundation.NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		public new AddNewUser Window
+		{
+			get { return (AddNewUser)base.Window; }
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUserController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUserController.designer.cs
new file mode 100755
index 000000000..f3cf76266
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser/AddNewUserController.designer.cs
@@ -0,0 +1,78 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+    [Register ("AddNewUserController")]
+    partial class AddNewUserController
+    {
+        [Outlet]
+        AppKit.NSTextField CNTextField { get; set; }
+
+        [Outlet]
+        AppKit.NSTextField FirstNameTextField { get; set; }
+
+        [Outlet]
+        AppKit.NSTextField LastNameTextField { get; set; }
+
+        [Outlet]
+        AppKit.NSTextField sAMAccountNameTextField { get; set; }
+
+        [Outlet]
+        AppKit.NSTextField UPNTextField { get; set; }
+
+        [Action ("OnCancel:")]
+        partial void OnCancel (Foundation.NSObject sender);
+
+        [Action ("OnCreateUser:")]
+        partial void OnCreateUser (Foundation.NSObject sender);
+
+        void ReleaseDesignerOutlets ()
+        {
+            if (CNTextField != null) {
+                CNTextField.Dispose ();
+                CNTextField = null;
+            }
+
+            if (FirstNameTextField != null) {
+                FirstNameTextField.Dispose ();
+                FirstNameTextField = null;
+            }
+
+            if (LastNameTextField != null) {
+                LastNameTextField.Dispose ();
+                LastNameTextField = null;
+            }
+
+            if (sAMAccountNameTextField != null) {
+                sAMAccountNameTextField.Dispose ();
+                sAMAccountNameTextField = null;
+            }
+
+            if (UPNTextField != null) {
+                UPNTextField.Dispose ();
+                UPNTextField = null;
+            }
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AppDelegate.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AppDelegate.cs
new file mode 100755
index 000000000..71e6a6cab
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AppDelegate.cs
@@ -0,0 +1,51 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using AppKit;
+using Foundation;
+using VmIdentity.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AppDelegate : NSApplicationDelegate
+    {
+        WelcomeScreenController welcomeScreenController;
+
+        public AppDelegate ()
+        {
+        }
+
+        partial void OnOpenConnection (Foundation.NSObject sender)
+        {
+            var window = NSApplication.SharedApplication.KeyWindow;
+            if (window == null)
+                welcomeScreenController.Window.MakeKeyAndOrderFront (this);
+        }
+
+        /*public override bool ApplicationShouldHandleReopen (NSApplication sender, bool flag)
+        {
+            var window = NSApplication.SharedApplication.KeyWindow;
+            if (window == null)
+                welcomeScreenController.Window.MakeKeyAndOrderFront (this);
+            return true;
+        }*/
+
+        public override void DidFinishLaunching (NSNotification notification)
+        {
+            welcomeScreenController = new WelcomeScreenController ();
+            welcomeScreenController.Window.MakeKeyAndOrderFront (this);
+        }
+    }
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AppDelegate.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AppDelegate.designer.cs
new file mode 100755
index 000000000..b9a91be07
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/AppDelegate.designer.cs
@@ -0,0 +1,43 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+    [Register ("AppDelegate")]
+    partial class AppDelegate
+    {
+        [Outlet]
+        public AppKit.NSMenuItem OpenConnectionMenuITem { get; set; }
+
+        [Action ("OnOpenConnection:")]
+        partial void OnOpenConnection (Foundation.NSObject sender);
+
+        void ReleaseDesignerOutlets ()
+        {
+            if (OpenConnectionMenuITem != null) {
+                OpenConnectionMenuITem.Dispose ();
+                OpenConnectionMenuITem = null;
+            }
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.cs
new file mode 100755
index 000000000..9b7c83eae
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.cs
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class ConnectToLdapWindow : AppKit.NSWindow
+    {
+        #region Constructors
+
+        // Called when created from unmanaged code
+        public ConnectToLdapWindow (IntPtr handle) : base (handle)
+        {
+            Initialize ();
+        }
+        
+        // Called when created directly from a XIB file
+        [Export ("initWithCoder:")]
+        public ConnectToLdapWindow (NSCoder coder) : base (coder)
+        {
+            Initialize ();
+        }
+        
+        // Shared initialization code
+        void Initialize ()
+        {
+        }
+
+        #endregion
+    }
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.designer.cs
new file mode 100755
index 000000000..4254c8f12
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.designer.cs
@@ -0,0 +1,92 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ConnectToLdapWindowController")]
+	partial class ConnectToLdapWindowController
+	{
+		[Outlet]
+		AppKit.NSTextField BaseDN { get; set; }
+
+		[Outlet]
+		public AppKit.NSTextField BindDN { get; private set; }
+
+		[Outlet]
+		public AppKit.NSButton CancelButton { get; private set; }
+
+		[Outlet]
+		public AppKit.NSButton OKButton { get; private set; }
+
+		[Outlet]
+		public AppKit.NSSecureTextField Password { get; private set; }
+
+		[Outlet]
+		AppKit.NSComboBox ServerComboBox { get; set; }
+
+		[Action ("OnServerComboBox:")]
+		partial void OnServerComboBox (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (BaseDN != null) {
+				BaseDN.Dispose ();
+				BaseDN = null;
+			}
+
+			if (BindDN != null) {
+				BindDN.Dispose ();
+				BindDN = null;
+			}
+
+			if (CancelButton != null) {
+				CancelButton.Dispose ();
+				CancelButton = null;
+			}
+
+			if (OKButton != null) {
+				OKButton.Dispose ();
+				OKButton = null;
+			}
+
+			if (Password != null) {
+				Password.Dispose ();
+				Password = null;
+			}
+
+			if (ServerComboBox != null) {
+				ServerComboBox.Dispose ();
+				ServerComboBox = null;
+			}
+		}
+	}
+
+	[Register ("ConnectToLdapWindow")]
+	partial class ConnectToLdapWindow
+	{
+		
+		void ReleaseDesignerOutlets ()
+		{
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.xib
new file mode 100755
index 000000000..69de3ee78
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindow.xib
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <development version="5000" identifier="xcode"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="ConnectToLdapWindowController">
+            <connections>
+                <outlet property="BaseDN" destination="eKK-x9-RP2" id="f8v-Fn-PBL"/>
+                <outlet property="BindDN" destination="15" id="E6V-R7-sL5"/>
+                <outlet property="CancelButton" destination="9" id="32"/>
+                <outlet property="OKButton" destination="7" id="31"/>
+                <outlet property="Password" destination="39" id="wGW-4O-Z6b"/>
+                <outlet property="ServerComboBox" destination="3mw-EA-QRX" id="nKJ-4p-uj9"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Connect To Server" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" visibleAtLaunch="NO" animationBehavior="default" id="2" customClass="ConnectToLdapWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES"/>
+            <rect key="contentRect" x="483" y="385" width="514" height="232"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="514" height="232"/>
+            <value key="maxSize" type="size" width="514" height="209"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="514" height="232"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField toolTip="Please enter the Bind UPN  E.g UserName@example.com" verticalHuggingPriority="750" id="15">
+                        <rect key="frame" x="134" y="147" width="310" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the UPN" drawsBackground="YES" id="16">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="23">
+                        <rect key="frame" x="47" y="147" width="69" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Bind UPN:" id="24">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="25">
+                        <rect key="frame" x="48" y="86" width="69" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Password:" id="26">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="7">
+                        <rect key="frame" x="370" y="35" width="80" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="OK" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="8">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                    </button>
+                    <textField toolTip="Please enter the host Name or IP to connect" horizontalHuggingPriority="251" verticalHuggingPriority="750" id="iOm-20-yif">
+                        <rect key="frame" x="68" y="184" width="49" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="   Host:" id="J67-RF-vnd">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="9">
+                        <rect key="frame" x="268" y="35" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="10">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="fsx-rJ-RJB">
+                        <rect key="frame" x="54" y="115" width="63" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Base DN:" id="1Bd-oZ-V3d">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <secureTextField verticalHuggingPriority="750" id="39">
+                        <rect key="frame" x="134" y="81" width="310" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <secureTextFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" placeholderString="Enter the Password" drawsBackground="YES" usesSingleLineMode="YES" id="40">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                            <allowedInputSourceLocales>
+                                <string>NSAllRomanInputSourcesLocaleIdentifier</string>
+                            </allowedInputSourceLocales>
+                        </secureTextFieldCell>
+                    </secureTextField>
+                    <textField toolTip="Enter the Base DN" verticalHuggingPriority="750" id="eKK-x9-RP2">
+                        <rect key="frame" x="134" y="113" width="310" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the Base DN" drawsBackground="YES" id="Lq3-3K-P1U">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <comboBox verticalHuggingPriority="750" id="3mw-EA-QRX">
+                        <rect key="frame" x="134" y="180" width="313" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" placeholderString="Enter the Host IP or the Name" drawsBackground="YES" numberOfVisibleItems="5" id="0mR-Ux-wG3">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </comboBoxCell>
+                        <connections>
+                            <action selector="OnServerComboBox:" target="-2" id="uVz-bd-daT"/>
+                        </connections>
+                    </comboBox>
+                </subviews>
+            </view>
+            <contentBorderThickness minY="22"/>
+            <connections>
+                <outlet property="delegate" destination="-2" id="35"/>
+            </connections>
+            <point key="canvasLocation" x="318" y="302"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindowController.cs
new file mode 100755
index 000000000..ed3aeccd5
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ConnectToLdap/ConnectToLdapWindowController.cs
@@ -0,0 +1,160 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using AppKit;
+using Foundation;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.DTO;
+using VmIdentity.UI.Common;
+using VMIdentity.CommonUtils;
+using VMDir.Common;
+using System.Collections.Generic;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ConnectToLdapWindowController : AppKit.NSWindowController
+	{
+		VMDirServerDTO _dto;
+
+		public VMDirServerDTO ServerDTO { get { return _dto; } }
+		private List<VMDirServerDTO> _serverList;
+
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public ConnectToLdapWindowController(IntPtr handle)
+			: base(handle)
+		{
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public ConnectToLdapWindowController(NSCoder coder)
+			: base(coder)
+		{
+		}
+
+		// Call to load from the XIB/NIB file
+		public ConnectToLdapWindowController(List<VMDirServerDTO> _dtoList)
+			: base("ConnectToLdapWindow")
+		{
+			_serverList = _dtoList;
+		}
+
+		#endregion
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+
+			foreach (var item in _serverList)
+				this.ServerComboBox.Add(new NSString(item.Server));
+			if (_serverList.Count > 0)
+			{
+				ServerComboBox.SelectItem(0);
+				_dto = _serverList[0];
+			}
+			else {
+				_dto = VMDirServerDTO.CreateInstance();
+			}
+			PrePopulateFields();
+			AddEventListeners();
+		}
+
+		private void PrePopulateFields()
+		{
+			var tenant = MiscUtil.GetBrandConfig(CommonConstants.TENANT);
+			BindDN.StringValue = string.IsNullOrWhiteSpace(_dto.BindDN) ?"Administrator@" + tenant:_dto.BindDN;
+			BaseDN.StringValue = string.IsNullOrWhiteSpace(_dto.BaseDN)?CommonConstants.GetDNFormat(tenant):_dto.BaseDN;
+		}
+
+		private void AddEventListeners()
+		{
+			OKButton.Activated += OnClickOKButton;
+			CancelButton.Activated += OnClickCancelButton;
+			ServerComboBox.Changed += OnServerChanged;
+			ServerComboBox.SelectionChanged += OnServerChanged;
+		}
+
+		//Event Handlers
+		private void OnClickCancelButton(object sender, EventArgs e)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		private void OnClickOKButton(object sender, EventArgs e)
+		{
+			FillDtoFromUIFields();
+			UIErrorHelper.CheckedExec(delegate ()
+				{
+					if (!ValidateDto())
+						return;
+					this.Close();
+					NSApplication.SharedApplication.StopModalWithCode(VmIdentity.UI.Common.VMIdentityConstants.DIALOGOK);
+				});
+		}
+
+		private void OnServerChanged(object sender, EventArgs e)
+		{
+			if (ServerComboBox.SelectedValue == null)
+				ServerComboBox.Select((NSString)ServerComboBox.StringValue);
+			if (ServerComboBox.SelectedValue == null)
+			{
+				_dto = VMDirServerDTO.CreateInstance();
+				_dto.Server = ServerComboBox.StringValue;
+			}
+			else
+				_dto = _serverList[(int)ServerComboBox.SelectedIndex];
+			PrePopulateFields();
+		}
+
+		private bool ValidateDto()
+		{
+			string msg = string.Empty;
+
+			if (string.IsNullOrEmpty(_dto.Server))
+				msg = VMDirConstants.WRN_SERVER_ENT;
+			else if (string.IsNullOrEmpty(_dto.BindDN))
+				msg = VMDirConstants.WRN_UPN_ENT;
+			else if (string.IsNullOrEmpty(_dto.Password))
+				msg = VMDirConstants.WRN_PWD_ENT;
+
+			if (!string.IsNullOrWhiteSpace(msg))
+			{
+				UIErrorHelper.ShowWarning(msg);
+				return false;
+			}
+			return true;
+		}
+
+		private void FillDtoFromUIFields()
+		{
+			_dto.BaseDN = BaseDN.StringValue;
+			_dto.BindDN = BindDN.StringValue;
+			_dto.Password = Password.StringValue;
+		}
+
+		//strongly typed window accessor
+		public new ConnectToLdapWindow Window
+		{
+			get
+			{
+				return (ConnectToLdapWindow)base.Window;
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.cs
new file mode 100755
index 000000000..19515234e
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ExportSearchResult : NSWindow
+	{
+		public ExportSearchResult(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ExportSearchResult(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.designer.cs
new file mode 100755
index 000000000..f37ba73b2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.designer.cs
@@ -0,0 +1,20 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	[global::Foundation.Register("ExportSearchResult")]
+	public partial class ExportSearchResult
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.xib
new file mode 100755
index 000000000..d123fd431
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResult.xib
@@ -0,0 +1,209 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+        <capability name="box content view" minToolsVersion="7.0"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="ExportSearchResultController">
+            <connections>
+                <outlet property="AddButton" destination="PH3-3P-QWS" id="9Mb-Ta-iIZ"/>
+                <outlet property="AllReturnAttrCheckBox" destination="mjA-MV-bxe" id="g2D-oD-h6F"/>
+                <outlet property="AttributeToExportComboBox" destination="IKg-vo-Atl" id="Pcx-wx-E3s"/>
+                <outlet property="AttributeToExportTableView" destination="dMX-oF-Usr" id="MDv-H7-muF"/>
+                <outlet property="FormatComboBox" destination="aIE-F9-WCU" id="vHj-yn-5sa"/>
+                <outlet property="RemoveAllButton" destination="JQo-vK-8I6" id="5zB-zc-LAr"/>
+                <outlet property="RemoveButton" destination="i8U-oF-YKQ" id="vW5-og-nDb"/>
+                <outlet property="ScopeComboBox" destination="GOd-if-9f9" id="cjX-Fe-gae"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="ExportSearchResult">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="421" height="354"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="421" height="354"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <comboBox verticalHuggingPriority="750" id="aIE-F9-WCU">
+                        <rect key="frame" x="91" y="303" width="200" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" completes="NO" numberOfVisibleItems="5" id="S2N-3F-Lxs">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </comboBoxCell>
+                    </comboBox>
+                    <comboBox verticalHuggingPriority="750" id="GOd-if-9f9">
+                        <rect key="frame" x="91" y="269" width="200" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" completes="NO" numberOfVisibleItems="5" id="X4E-mZ-HzM">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </comboBoxCell>
+                    </comboBox>
+                    <button verticalHuggingPriority="750" id="cJK-54-dXa">
+                        <rect key="frame" x="222" y="24" width="82" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="wzx-uh-ayd">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancel:" target="-2" id="T5c-rP-xVo"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="3Cn-5s-Ng7">
+                        <rect key="frame" x="18" y="307" width="51" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Format:" id="2dd-wI-PNj">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="qFH-U1-JIx">
+                        <rect key="frame" x="18" y="273" width="46" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Scope:" id="XOm-kB-bLV">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <box title="Attributes To Export:" borderType="line" id="VfU-Uc-BLU">
+                        <rect key="frame" x="17" y="68" width="374" height="185"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <view key="contentView" id="v7d-yf-gmb">
+                            <rect key="frame" x="1" y="1" width="372" height="169"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <comboBox verticalHuggingPriority="750" id="IKg-vo-Atl">
+                                    <rect key="frame" x="49" y="108" width="200" height="26"/>
+                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                    <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="4an-po-U0D">
+                                        <font key="font" metaFont="system"/>
+                                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    </comboBoxCell>
+                                </comboBox>
+                                <button verticalHuggingPriority="750" id="PH3-3P-QWS">
+                                    <rect key="frame" x="261" y="104" width="95" height="32"/>
+                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                    <buttonCell key="cell" type="push" title="Add" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="myo-jG-aHt">
+                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                        <font key="font" metaFont="system"/>
+                                    </buttonCell>
+                                    <connections>
+                                        <action selector="OnAdd:" target="-2" id="4CT-gY-iep"/>
+                                    </connections>
+                                </button>
+                                <button verticalHuggingPriority="750" id="i8U-oF-YKQ">
+                                    <rect key="frame" x="261" y="75" width="95" height="32"/>
+                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                    <buttonCell key="cell" type="push" title="Remove" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="Sw6-uO-LB3">
+                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                        <font key="font" metaFont="system"/>
+                                    </buttonCell>
+                                    <connections>
+                                        <action selector="OnRemove:" target="-2" id="aw9-xG-M0j"/>
+                                    </connections>
+                                </button>
+                                <button verticalHuggingPriority="750" id="JQo-vK-8I6">
+                                    <rect key="frame" x="261" y="47" width="95" height="32"/>
+                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                    <buttonCell key="cell" type="push" title="Remove All" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="jze-HS-uIQ">
+                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                        <font key="font" metaFont="system"/>
+                                    </buttonCell>
+                                    <connections>
+                                        <action selector="OnRemoveAll:" target="-2" id="ZZb-Qa-zCG"/>
+                                    </connections>
+                                </button>
+                                <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="e8y-xb-99F">
+                                    <rect key="frame" x="49" y="12" width="200" height="92"/>
+                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                    <clipView key="contentView" id="9ub-Dq-QB1">
+                                        <rect key="frame" x="1" y="1" width="198" height="90"/>
+                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                        <subviews>
+                                            <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" id="dMX-oF-Usr">
+                                                <rect key="frame" x="0.0" y="0.0" width="181.5" height="19"/>
+                                                <autoresizingMask key="autoresizingMask"/>
+                                                <size key="intercellSpacing" width="3" height="2"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                                <tableColumns>
+                                                    <tableColumn width="178.69921875" minWidth="40" maxWidth="1000" id="rlD-a5-nE0">
+                                                        <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Attribute">
+                                                            <font key="font" metaFont="smallSystem"/>
+                                                            <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                                        </tableHeaderCell>
+                                                        <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="XJr-OT-IYi">
+                                                            <font key="font" metaFont="system"/>
+                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                        </textFieldCell>
+                                                        <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                                    </tableColumn>
+                                                </tableColumns>
+                                            </tableView>
+                                        </subviews>
+                                        <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    </clipView>
+                                    <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="DwZ-aR-8aE">
+                                        <rect key="frame" x="1" y="119" width="223" height="15"/>
+                                        <autoresizingMask key="autoresizingMask"/>
+                                    </scroller>
+                                    <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="qqC-SR-SVq">
+                                        <rect key="frame" x="224" y="17" width="15" height="102"/>
+                                        <autoresizingMask key="autoresizingMask"/>
+                                    </scroller>
+                                </scrollView>
+                                <button id="mjA-MV-bxe">
+                                    <rect key="frame" x="47" y="141" width="160" height="18"/>
+                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                    <buttonCell key="cell" type="check" title="All Returned Attributes" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="I2D-hi-G10">
+                                        <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                                        <font key="font" metaFont="system"/>
+                                    </buttonCell>
+                                    <connections>
+                                        <action selector="OnAllAttrCheckBoxClick:" target="-2" id="87p-eB-HMm"/>
+                                    </connections>
+                                </button>
+                            </subviews>
+                        </view>
+                        <color key="borderColor" white="0.0" alpha="0.41999999999999998" colorSpace="calibratedWhite"/>
+                        <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                    </box>
+                    <button verticalHuggingPriority="750" id="Tw7-qg-rqp">
+                        <rect key="frame" x="314" y="24" width="80" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Export" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="ere-qI-PLa">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnExport:" target="-2" id="63G-zJ-ij3"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="-2" id="ITr-Ln-Wvh"/>
+            </connections>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResultController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResultController.cs
new file mode 100755
index 000000000..fade8f99b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResultController.cs
@@ -0,0 +1,203 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using LWRaftSnapIn.DataSource;
+using System.Collections.Generic;
+using LWRaftSnapIn.Nodes;
+using VMDir.Common;
+using VmIdentity.UI.Common.Utilities;
+using System.Text;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ExportSearchResultController : NSWindowController
+	{
+		private AttributeTableViewDataSource _attrToExportDs;
+		private List<DirectoryNonExpandableNode> _resultList;
+		private List<string> _returnedAttrList;
+		private int _currPage;
+		private int _pageSize;
+		enum ExportScope
+		{
+			CURR_PAGE = 0,
+			FETCHED_PAGE
+		}
+
+		public ExportSearchResultController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ExportSearchResultController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public ExportSearchResultController(List<DirectoryNonExpandableNode> _resultList, List<string> _returnedAttrList, int _currPage, int _pageSize) 
+			: base("ExportSearchResult")
+		{
+			this._resultList = _resultList;
+			this._returnedAttrList = _returnedAttrList;
+			this._currPage = _currPage;
+			this._pageSize = _pageSize;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			_attrToExportDs = new AttributeTableViewDataSource();
+			AttributeToExportTableView.DataSource = _attrToExportDs;
+			foreach (var item in _returnedAttrList)
+				AttributeToExportComboBox.Add((NSString)item);
+			foreach (var item in VMDirConstants.ResultExportFormatList)
+				FormatComboBox.Add((NSString)item);
+			foreach (var item in VMDirConstants.ResultExportScopeList)
+				ScopeComboBox.Add((NSString)item);
+			AttributeToExportComboBox.SelectItem(0);
+			FormatComboBox.SelectItem(0);
+			ScopeComboBox.SelectItem(0);
+			SetVisibility(false);
+		}
+
+		public new ExportSearchResult Window
+		{
+			get { return (ExportSearchResult)base.Window; }
+		}
+
+		bool ValidateExport()
+		{
+			if (FormatComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_FILE_FORMAT);
+				return false;
+			}
+			if (ScopeComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_SCOPE);
+				return false;
+			}
+			if (AllReturnAttrCheckBox.State == NSCellStateValue.Off && _attrToExportDs.attrList.Count <= 0)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+				return false;
+			}
+			return true;
+		}
+
+		void SetVisibility(bool v)
+		{
+			AttributeToExportComboBox.Enabled = v;
+			AttributeToExportTableView.Enabled = v;
+			AddButton.Enabled = v;
+			RemoveButton.Enabled = v;
+			RemoveAllButton.Enabled = v;
+		}
+
+		partial void OnAdd(NSObject sender)
+		{
+			_attrToExportDs.attrList.Add(AttributeToExportComboBox.SelectedValue.ToString());
+			AttributeToExportTableView.ReloadData();
+		}
+		partial void OnRemove(NSObject sender)
+		{
+			nint row = AttributeToExportTableView.SelectedRow;
+			if (row >= (nint)0)
+			{
+				_attrToExportDs.attrList.RemoveAt((int)row);
+				AttributeToExportTableView.ReloadData();
+			}
+		}
+		partial void OnRemoveAll(NSObject sender)
+		{
+			_attrToExportDs.attrList.Clear();
+			AttributeToExportTableView.ReloadData();
+		}
+		partial void OnCancel(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+		partial void OnExport(NSObject sender)
+		{
+			if (!ValidateExport())
+				return;
+			UIErrorHelper.CheckedExec(delegate
+			{
+				StringBuilder sb = new StringBuilder();
+				var start = 0;
+				var end = _resultList.Count;
+				if (ScopeComboBox.SelectedIndex == (int)ExportScope.CURR_PAGE)
+				{
+					start = (_currPage - 1) * _pageSize;
+					end = _currPage * _pageSize > _resultList.Count ? _resultList.Count : _currPage * _pageSize;
+				}
+				HashSet<string> attrToExport = new HashSet<string>();
+				if (AllReturnAttrCheckBox.State == NSCellStateValue.On)
+				{
+					foreach (var item in _returnedAttrList)
+					{
+						attrToExport.Add(item);
+					}
+				}
+				else
+				{
+					foreach (var item in _attrToExportDs.attrList)
+					{
+						attrToExport.Add(item);
+					}
+				}
+
+				foreach (var item in attrToExport)
+				{
+					sb.Append(item + ",");
+				}
+				sb.Append(Environment.NewLine);
+				for (var i = start; i < end; i++)
+				{
+					foreach (var item in attrToExport)
+					{
+						sb.Append("\"");
+						if (_resultList[i].NodeProperties.ContainsKey(item))
+						{
+							foreach (var val in _resultList[i].NodeProperties[item].Values)
+								sb.Append(val.StringValue + " ");
+						}
+						sb.Append("\"");
+						sb.Append(",");
+					}
+					sb.Append(Environment.NewLine);
+				}
+				if (FileIOUtil.WriteAllTextToFile(sb.ToString(), "Export Result", new string[] { "csv" }))
+				{
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_RES_EXPO_SUCC);
+				}
+			});
+		}
+
+		partial void OnAllAttrCheckBoxClick(NSObject sender)
+		{
+			if (AllReturnAttrCheckBox.State == NSCellStateValue.On)
+				SetVisibility(false);
+			else
+				SetVisibility(true);
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResultController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResultController.designer.cs
new file mode 100755
index 000000000..ed61a86f3
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Export/ExportSearchResultController.designer.cs
@@ -0,0 +1,114 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ExportSearchResultController")]
+	partial class ExportSearchResultController
+	{
+		[Outlet]
+		AppKit.NSButton AddButton { get; set; }
+
+		[Outlet]
+		AppKit.NSButton AllReturnAttrCheckBox { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox AttributeToExportComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSTableView AttributeToExportTableView { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox FormatComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSButton RemoveAllButton { get; set; }
+
+		[Outlet]
+		AppKit.NSButton RemoveButton { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox ScopeComboBox { get; set; }
+
+		[Action ("OnAdd:")]
+		partial void OnAdd (Foundation.NSObject sender);
+
+		[Action ("OnAllAttrCheckBoxClick:")]
+		partial void OnAllAttrCheckBoxClick (Foundation.NSObject sender);
+
+		[Action ("OnCancel:")]
+		partial void OnCancel (Foundation.NSObject sender);
+
+		[Action ("OnExport:")]
+		partial void OnExport (Foundation.NSObject sender);
+
+		[Action ("OnRemove:")]
+		partial void OnRemove (Foundation.NSObject sender);
+
+		[Action ("OnRemoveAll:")]
+		partial void OnRemoveAll (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (RemoveButton != null) {
+				RemoveButton.Dispose ();
+				RemoveButton = null;
+			}
+
+			if (AddButton != null) {
+				AddButton.Dispose ();
+				AddButton = null;
+			}
+
+			if (RemoveAllButton != null) {
+				RemoveAllButton.Dispose ();
+				RemoveAllButton = null;
+			}
+
+			if (AllReturnAttrCheckBox != null) {
+				AllReturnAttrCheckBox.Dispose ();
+				AllReturnAttrCheckBox = null;
+			}
+
+			if (AttributeToExportComboBox != null) {
+				AttributeToExportComboBox.Dispose ();
+				AttributeToExportComboBox = null;
+			}
+
+			if (AttributeToExportTableView != null) {
+				AttributeToExportTableView.Dispose ();
+				AttributeToExportTableView = null;
+			}
+
+			if (FormatComboBox != null) {
+				FormatComboBox.Dispose ();
+				FormatComboBox = null;
+			}
+
+			if (ScopeComboBox != null) {
+				ScopeComboBox.Dispose ();
+				ScopeComboBox = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Info.plist b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Info.plist
new file mode 100755
index 000000000..9cadb9163
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Info.plist
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleIdentifier</key>
+	<string>Vmware.LightwaveRaftBrowser</string>
+	<key>CFBundleVersion</key>
+	<string>1</string>
+	<key>LSMinimumSystemVersion</key>
+	<string>10.6</string>
+	<key>NSMainNibFile</key>
+	<string>MainMenu</string>
+	<key>NSPrincipalClass</key>
+	<string>NSApplication</string>
+	<key>CFBundleDisplayName</key>
+	<string>LightwaveRaftBrowser</string>
+	<key>LSApplicationCategoryType</key>
+	<string>public.app-category.developer-tools</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1</string>
+	<key>CFBundleName</key>
+	<string>LightwaveRaftBrowser</string>
+</dict>
+</plist>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainMenu.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainMenu.xib
new file mode 100755
index 000000000..8d86a82b1
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainMenu.xib
@@ -0,0 +1,211 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="12121" systemVersion="16D32" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="12121"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="NSApplication">
+            <connections>
+                <outlet property="delegate" destination="533" id="534"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application"/>
+        <menu title="AMainMenu" systemMenu="main" id="29">
+            <items>
+                <menuItem title="Lightwave Raft Browser" id="56">
+                    <menu key="submenu" title="Lightwave Raft Browser" systemMenu="apple" id="57">
+                        <items>
+                            <menuItem title="About Lightwave Raft Browser" id="58">
+                                <modifierMask key="keyEquivalentModifierMask"/>
+                                <connections>
+                                    <action selector="orderFrontStandardAboutPanel:" target="-2" id="142"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem isSeparatorItem="YES" id="236">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem title="Preferences…" keyEquivalent="," id="129"/>
+                            <menuItem isSeparatorItem="YES" id="143">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem isSeparatorItem="YES" id="144">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem title="Hide Lightwave Raft Browser" keyEquivalent="h" id="134">
+                                <connections>
+                                    <action selector="hide:" target="-1" id="367"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Hide Others" keyEquivalent="h" id="145">
+                                <modifierMask key="keyEquivalentModifierMask" option="YES" command="YES"/>
+                                <connections>
+                                    <action selector="hideOtherApplications:" target="-1" id="368"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Show All" id="150">
+                                <connections>
+                                    <action selector="unhideAllApplications:" target="-1" id="370"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem isSeparatorItem="YES" id="149">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem title="Quit Lightwave Raft Browser" keyEquivalent="q" id="136">
+                                <connections>
+                                    <action selector="terminate:" target="-3" id="449"/>
+                                </connections>
+                            </menuItem>
+                        </items>
+                    </menu>
+                </menuItem>
+                <menuItem title="File" id="83">
+                    <menu key="submenu" title="File" id="81">
+                        <items>
+                            <menuItem title="New" keyEquivalent="n" id="82">
+                                <connections>
+                                    <action selector="newDocument:" target="-1" id="373"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Open…" keyEquivalent="o" id="72">
+                                <connections>
+                                    <action selector="openDocument:" target="-1" id="374"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem isSeparatorItem="YES" id="79">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem title="Close" keyEquivalent="w" id="73">
+                                <connections>
+                                    <action selector="performClose:" target="-1" id="193"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Save" keyEquivalent="s" id="75">
+                                <connections>
+                                    <action selector="saveDocument:" target="-1" id="362"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Save As…" keyEquivalent="S" id="80">
+                                <modifierMask key="keyEquivalentModifierMask" shift="YES" command="YES"/>
+                                <connections>
+                                    <action selector="saveDocumentAs:" target="-1" id="363"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem isSeparatorItem="YES" id="74">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem title="Page Setup..." keyEquivalent="P" id="77">
+                                <modifierMask key="keyEquivalentModifierMask" shift="YES" command="YES"/>
+                                <connections>
+                                    <action selector="runPageLayout:" target="-1" id="87"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Print…" keyEquivalent="p" id="78">
+                                <connections>
+                                    <action selector="print:" target="-1" id="86"/>
+                                </connections>
+                            </menuItem>
+                        </items>
+                    </menu>
+                </menuItem>
+                <menuItem title="Edit" id="217">
+                    <menu key="submenu" title="Edit" id="205">
+                        <items>
+                            <menuItem title="Undo" keyEquivalent="z" id="207">
+                                <connections>
+                                    <action selector="undo:" target="-1" id="223"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Redo" keyEquivalent="Z" id="215">
+                                <modifierMask key="keyEquivalentModifierMask" shift="YES" command="YES"/>
+                                <connections>
+                                    <action selector="redo:" target="-1" id="231"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem isSeparatorItem="YES" id="206">
+                                <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                            </menuItem>
+                            <menuItem title="Cut" keyEquivalent="x" id="199">
+                                <connections>
+                                    <action selector="cut:" target="-1" id="228"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Copy" keyEquivalent="c" id="197">
+                                <connections>
+                                    <action selector="copy:" target="-1" id="224"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Paste" keyEquivalent="v" id="203">
+                                <connections>
+                                    <action selector="paste:" target="-1" id="226"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Paste and Match Style" keyEquivalent="V" id="485">
+                                <modifierMask key="keyEquivalentModifierMask" option="YES" command="YES"/>
+                                <connections>
+                                    <action selector="pasteAsPlainText:" target="-1" id="486"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Delete" id="202">
+                                <connections>
+                                    <action selector="delete:" target="-1" id="235"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Select All" keyEquivalent="a" id="198">
+                                <connections>
+                                    <action selector="selectAll:" target="-1" id="232"/>
+                                </connections>
+                            </menuItem>
+                        </items>
+                    </menu>
+                </menuItem>
+                <menuItem title="Connection" id="295">
+                    <menu key="submenu" title="Connection" systemMenu="window" id="549">
+                        <items>
+                            <menuItem title="Open Connection" keyEquivalent="o" id="550">
+                                <connections>
+                                    <action selector="OnOpenConnection:" target="533" id="557"/>
+                                </connections>
+                            </menuItem>
+                        </items>
+                    </menu>
+                </menuItem>
+                <menuItem title="Window" id="19">
+                    <menu key="submenu" title="Window" systemMenu="window" id="24">
+                        <items>
+                            <menuItem title="Minimize" keyEquivalent="m" id="23">
+                                <connections>
+                                    <action selector="performMiniaturize:" target="-1" id="37"/>
+                                </connections>
+                            </menuItem>
+                            <menuItem title="Zoom" id="239">
+                                <connections>
+                                    <action selector="performZoom:" target="-1" id="240"/>
+                                </connections>
+                            </menuItem>
+                        </items>
+                    </menu>
+                </menuItem>
+                <menuItem title="Help" id="490">
+                    <modifierMask key="keyEquivalentModifierMask"/>
+                    <menu key="submenu" title="Help" systemMenu="help" id="491">
+                        <items>
+                            <menuItem title="Lightwave Raft Browser Help" keyEquivalent="?" id="492">
+                                <connections>
+                                    <action selector="showHelp:" target="-1" id="493"/>
+                                </connections>
+                            </menuItem>
+                        </items>
+                    </menu>
+                </menuItem>
+            </items>
+        </menu>
+        <customObject id="420" customClass="NSFontManager"/>
+        <customObject id="533" customClass="AppDelegate">
+            <connections>
+                <outlet property="OpenConnectionMenuITem" destination="550" id="556"/>
+            </connections>
+        </customObject>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.cs
new file mode 100755
index 000000000..02d7789d7
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.cs
@@ -0,0 +1,52 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class MainWindow : AppKit.NSWindow
+	{
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public MainWindow(IntPtr handle) : base(handle)
+		{
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public MainWindow(NSCoder coder) : base(coder)
+		{
+		}
+
+		#endregion
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+            LWRaftSnapInEnvironment.Instance.SaveLocalData();
+			Cleanup();
+			NSApplication.SharedApplication.Terminate(this);
+		}
+
+		public void Cleanup()
+		{
+			NSNotificationCenter.DefaultCenter.PostNotificationName("CloseApplication", this);
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.designer.cs
new file mode 100755
index 000000000..f62ed2da0
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.designer.cs
@@ -0,0 +1,250 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("MainWindowController")]
+	partial class MainWindowController
+	{
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem AddGroupToolBarItem { get; private set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem AddObjectToolBarItem { get; private set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem AddUserToolBarItem { get; private set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem BackForwardToolBarItem { get; private set; }
+
+		[Outlet]
+		AppKit.NSMenuItem ConnectMenuItem { get; set; }
+
+		[Outlet]
+		public AppKit.NSView ContainerView { get; private set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem DeleteObjectToolBarItem { get; private set; }
+
+		[Outlet]
+		AppKit.NSMenuItem DisconnectMenuItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem FetchNextPageToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem OperationalToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem OptionalToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem PageSizeToolBarItem { get; set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem PropertiesToolBarItem { get; private set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem RefreshToolBarItem { get; set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem SchemaToolBarItem { get; private set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem SearchToolBarItem { get; private set; }
+
+		[Outlet]
+		public VmIdentity.UI.Common.ActivatableToolBarItem ServerToolBarItem { get; private set; }
+
+		[Outlet]
+		AppKit.NSTextField StatusLabel { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem SuperLogToolBarItem { get; set; }
+
+		[Action ("AddGroup:")]
+		partial void AddGroup (Foundation.NSObject sender);
+
+		[Action ("AddObject:")]
+		partial void AddObject (Foundation.NSObject sender);
+
+		[Action ("AddUser:")]
+		partial void AddUser (Foundation.NSObject sender);
+
+		[Action ("BackForwardAction:")]
+		partial void BackForwardAction (Foundation.NSObject sender);
+
+		[Action ("CloseConnection:")]
+		partial void CloseConnection (Foundation.NSObject sender);
+
+		[Action ("CloseSheet:")]
+		partial void CloseSheet (Foundation.NSObject sender);
+
+		[Action ("ConnectServer:")]
+		partial void ConnectServer (Foundation.NSObject sender);
+
+		[Action ("DeleteObject:")]
+		partial void DeleteObject (Foundation.NSObject sender);
+
+		[Action ("HandleConnection:")]
+		partial void HandleConnection (Foundation.NSObject sender);
+
+		[Action ("OnFetchNextPageToolBarItem:")]
+		partial void OnFetchNextPageToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnOperationalToolBarItem:")]
+		partial void OnOperationalToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnOptionalAttribute:")]
+		partial void OnOptionalAttribute (Foundation.NSObject sender);
+
+		[Action ("OnOptionalToolBatItem:")]
+		partial void OnOptionalToolBatItem (Foundation.NSObject sender);
+
+		[Action ("OnPageSizeToolBarItem:")]
+		partial void OnPageSizeToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnRefresh:")]
+		partial void OnRefresh (Foundation.NSObject sender);
+
+		[Action ("OnSearchToolBarItem:")]
+		partial void OnSearchToolBarItem (Foundation.NSObject sender);
+
+		[Action ("ShowSuperLogWindow:")]
+		partial void ShowSuperLogWindow (Foundation.NSObject sender);
+
+		[Action ("StartSearch:")]
+		partial void StartSearch (AppKit.NSSearchField sender);
+
+		[Action ("ViewProperties:")]
+		partial void ViewProperties (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (OptionalToolBarItem != null) {
+				OptionalToolBarItem.Dispose ();
+				OptionalToolBarItem = null;
+			}
+
+			if (AddGroupToolBarItem != null) {
+				AddGroupToolBarItem.Dispose ();
+				AddGroupToolBarItem = null;
+			}
+
+			if (AddObjectToolBarItem != null) {
+				AddObjectToolBarItem.Dispose ();
+				AddObjectToolBarItem = null;
+			}
+
+			if (AddUserToolBarItem != null) {
+				AddUserToolBarItem.Dispose ();
+				AddUserToolBarItem = null;
+			}
+
+			if (BackForwardToolBarItem != null) {
+				BackForwardToolBarItem.Dispose ();
+				BackForwardToolBarItem = null;
+			}
+
+			if (ConnectMenuItem != null) {
+				ConnectMenuItem.Dispose ();
+				ConnectMenuItem = null;
+			}
+
+			if (ContainerView != null) {
+				ContainerView.Dispose ();
+				ContainerView = null;
+			}
+
+			if (DeleteObjectToolBarItem != null) {
+				DeleteObjectToolBarItem.Dispose ();
+				DeleteObjectToolBarItem = null;
+			}
+
+			if (DisconnectMenuItem != null) {
+				DisconnectMenuItem.Dispose ();
+				DisconnectMenuItem = null;
+			}
+
+			if (FetchNextPageToolBarItem != null) {
+				FetchNextPageToolBarItem.Dispose ();
+				FetchNextPageToolBarItem = null;
+			}
+
+			if (OperationalToolBarItem != null) {
+				OperationalToolBarItem.Dispose ();
+				OperationalToolBarItem = null;
+			}
+
+			if (PageSizeToolBarItem != null) {
+				PageSizeToolBarItem.Dispose ();
+				PageSizeToolBarItem = null;
+			}
+
+			if (PropertiesToolBarItem != null) {
+				PropertiesToolBarItem.Dispose ();
+				PropertiesToolBarItem = null;
+			}
+
+			if (RefreshToolBarItem != null) {
+				RefreshToolBarItem.Dispose ();
+				RefreshToolBarItem = null;
+			}
+
+			if (SchemaToolBarItem != null) {
+				SchemaToolBarItem.Dispose ();
+				SchemaToolBarItem = null;
+			}
+
+			if (SearchToolBarItem != null) {
+				SearchToolBarItem.Dispose ();
+				SearchToolBarItem = null;
+			}
+
+			if (ServerToolBarItem != null) {
+				ServerToolBarItem.Dispose ();
+				ServerToolBarItem = null;
+			}
+
+			if (StatusLabel != null) {
+				StatusLabel.Dispose ();
+				StatusLabel = null;
+			}
+
+			if (SuperLogToolBarItem != null) {
+				SuperLogToolBarItem.Dispose ();
+				SuperLogToolBarItem = null;
+			}
+		}
+	}
+
+	[Register ("MainWindow")]
+	partial class MainWindow
+	{
+		
+		void ReleaseDesignerOutlets ()
+		{
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.xib
new file mode 100755
index 000000000..fc35e56e4
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindow.xib
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="12121" systemVersion="16D32" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="12121"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="MainWindowController">
+            <connections>
+                <outlet property="AddGroupToolBarItem" destination="4N0-IB-VDY" id="cDt-o3-tJr"/>
+                <outlet property="AddObjectToolBarItem" destination="83" id="100"/>
+                <outlet property="AddUserToolBarItem" destination="jvu-kW-zSR" id="hjp-tR-3hn"/>
+                <outlet property="BackForwardToolBarItem" destination="wOM-jE-s3t" id="9hQ-VD-nwq"/>
+                <outlet property="ContainerView" destination="7" id="16"/>
+                <outlet property="DeleteObjectToolBarItem" destination="79" id="103"/>
+                <outlet property="FetchNextPageToolBarItem" destination="yk9-cN-umY" id="u0H-UR-4C2"/>
+                <outlet property="FetchNextToolBatItem" destination="yk9-cN-umY" id="CKr-4u-yj7"/>
+                <outlet property="OperationalToolBarItem" destination="dMy-Yk-tkb" id="GWg-TD-ic9"/>
+                <outlet property="OptionalAttributeToolBarItem" destination="mId-3O-THE" id="gSs-MV-GAH"/>
+                <outlet property="OptionalToolBarItem" destination="mId-3O-THE" id="of9-r2-mnF"/>
+                <outlet property="PageSizeToolBarItem" destination="cpO-bk-e2V" id="Vyj-ee-aQD"/>
+                <outlet property="PropertiesToolBarItem" destination="82" id="101"/>
+                <outlet property="RefreshToolBarItem" destination="7cf-ae-wcN" id="ujb-3O-Gy0"/>
+                <outlet property="SchemaToolBarItem" destination="81" id="102"/>
+                <outlet property="SearchToolBarItem" destination="oD2-9n-hSl" id="JhO-AH-jhW"/>
+                <outlet property="ServerToolBarItem" destination="84" id="99"/>
+                <outlet property="StatusLabel" destination="dUt-mC-ey0" id="t3V-HG-bBo"/>
+                <outlet property="SuperLogToolBarItem" destination="V3d-Mz-kRb" id="hyX-yh-2JZ"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Lightwave Raft Browser" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="MainWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <windowCollectionBehavior key="collectionBehavior" fullScreenAuxiliary="YES"/>
+            <rect key="contentRect" x="351" y="220" width="1024" height="700"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="1024" height="700"/>
+            <value key="minFullScreenContentSize" type="size" width="1024" height="700"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="1024" height="700"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="dUt-mC-ey0">
+                        <rect key="frame" x="5" y="2" width="436" height="17"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" id="Qqe-0Z-YlT">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <customView id="7">
+                        <rect key="frame" x="4" y="22" width="1015" height="678"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                    </customView>
+                </subviews>
+            </view>
+            <toolbar key="toolbar" implicitIdentifier="FE36DD6A-C84E-4D20-A045-B50F20A3B5C4" autosavesConfiguration="NO" displayMode="iconAndLabel" sizeMode="small" id="8">
+                <allowedToolbarItems>
+                    <toolbarItem implicitItemIdentifier="NSToolbarShowColorsItem" id="12"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarShowFontsItem" id="11"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarPrintItem" id="9"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarSpaceItem" id="13"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarFlexibleSpaceItem" id="10"/>
+                    <toolbarItem implicitItemIdentifier="8A797D04-C71F-464E-A4D1-73BAA3B51167" label="Delete Object" paletteLabel="DeleteItem" tag="-1" image="delete" id="79" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="DeleteObject:" target="-2" id="92"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="7ECE2461-E414-4FBF-A814-8D5CF6C09356" label="Schema" paletteLabel="SchemaIcon" tag="-1" image="View_Schema_64" id="81" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="ShowSchema:" target="-2" id="93"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="FF007395-4CBD-4923-B1A6-3B9D6ABFBDF9" label="Properties" paletteLabel="PropertiesIcon" tag="-1" image="Edit_Properties_64" id="82" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="ViewProperties:" target="-2" id="94"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="A1781114-AC8E-4F46-A7F5-31278D6DF3D0" label="Add Object" paletteLabel="AddIcon" tag="-1" image="Add_Object_64" id="83" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="AddObject:" target="-2" id="95"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="0F2D3DFA-B0A9-45C0-954F-7A86E9C87363" label="Connect" paletteLabel="ServerIcon" tag="-1" image="connect" id="84" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="HandleConnection:" target="-2" id="4tk-eC-59p"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="D698208C-F8E7-402D-A61B-4E30308FD28C" label="Add User" paletteLabel="AddUser" tag="-1" image="Add_User_64" id="jvu-kW-zSR" customClass="ActivatableToolBarItem">
+                        <size key="minSize" width="20" height="20"/>
+                        <size key="maxSize" width="20" height="20"/>
+                        <connections>
+                            <action selector="AddUser:" target="-2" id="dcS-S1-Vg4"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="63960026-A18B-467F-950E-21F932ED5487" label="Add Group" paletteLabel="AddGroup" tag="-1" image="Add_Group_64" id="4N0-IB-VDY" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="AddGroup:" target="-2" id="UE2-Nd-dmD"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="61136502-73B5-46C9-A8B9-3F4CD10E78FD" label="" paletteLabel="BackForward" id="wOM-jE-s3t" customClass="ActivatableToolBarItem">
+                        <nil key="toolTip"/>
+                        <size key="minSize" width="61" height="25"/>
+                        <size key="maxSize" width="100" height="25"/>
+                        <segmentedControl key="view" verticalHuggingPriority="750" id="WLO-vQ-Etx">
+                            <rect key="frame" x="6" y="14" width="65" height="25"/>
+                            <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                            <segmentedCell key="cell" borderStyle="border" alignment="left" style="separated" trackingMode="selectOne" id="rzK-gA-Rf4">
+                                <font key="font" metaFont="system"/>
+                                <segments>
+                                    <segment label="&lt;"/>
+                                    <segment label="&gt;" tag="1"/>
+                                </segments>
+                            </segmentedCell>
+                        </segmentedControl>
+                        <connections>
+                            <action selector="BackForwardAction:" target="-2" id="A3M-bL-Qs1"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="7D579AA8-09B1-4B64-8D81-D24EFFEB2214" label="Refresh" paletteLabel="Refresh" tag="-1" image="RefreshImg" id="7cf-ae-wcN" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnRefresh:" target="-2" id="uj6-xk-O1W"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="A9C3D707-2177-495F-B0E2-8DDA24CF1F54" label="SuperLog" paletteLabel="SuperLog" tag="-1" image="NSMultipleDocuments" id="V3d-Mz-kRb" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="ShowSuperLogWindow:" target="-2" id="eaL-bi-BnT"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="4349610A-CB38-4BC3-B409-7C2586AF1476" label="Page Size" paletteLabel="Page Size" tag="-1" image="PageSizeImg" id="cpO-bk-e2V" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnPageSizeToolBarItem:" target="-2" id="8jG-oJ-KOr"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="24932C95-77F3-4BE8-92BB-3BE1E26D6C38" label="Operational Attribute" paletteLabel="Operational Attribute" tag="-1" image="OperationalAttrImg" id="dMy-Yk-tkb" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnOperationalToolBarItem:" target="-2" id="9mN-X1-Acr"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="5C4B1BB5-F8DB-4FD6-B967-8AD6C82408A4" label="Search" paletteLabel="Search" tag="-1" image="SearchImg" id="oD2-9n-hSl" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnSearchToolBarItem:" target="-2" id="UYD-v1-WwX"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="90A13DBF-8C94-474C-B30A-99EDFADB77BF" label="Next Page" paletteLabel="FetchNextPage" tag="-1" image="NextPageImg" id="yk9-cN-umY" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnFetchNextPageToolBarItem:" target="-2" id="sQt-9U-bnu"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="40735594-53FD-4581-A5CC-4EEA90BE934E" label="Optional Attribute" paletteLabel="OptionalAttribute" tag="-1" image="OptionalAttrImg" id="mId-3O-THE" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnOptionalToolBatItem:" target="-2" id="XZo-U1-idW"/>
+                        </connections>
+                    </toolbarItem>
+                </allowedToolbarItems>
+                <defaultToolbarItems>
+                    <toolbarItem reference="10"/>
+                    <toolbarItem reference="84"/>
+                    <toolbarItem reference="cpO-bk-e2V"/>
+                    <toolbarItem reference="yk9-cN-umY"/>
+                    <toolbarItem reference="dMy-Yk-tkb"/>
+                    <toolbarItem reference="mId-3O-THE"/>
+                    <toolbarItem reference="oD2-9n-hSl"/>
+                    <toolbarItem reference="83"/>
+                    <toolbarItem reference="jvu-kW-zSR"/>
+                    <toolbarItem reference="4N0-IB-VDY"/>
+                    <toolbarItem reference="79"/>
+                    <toolbarItem reference="7cf-ae-wcN"/>
+                    <toolbarItem reference="V3d-Mz-kRb"/>
+                    <toolbarItem reference="10"/>
+                </defaultToolbarItems>
+            </toolbar>
+            <contentBorderThickness minY="22"/>
+            <connections>
+                <outlet property="delegate" destination="14" id="19"/>
+            </connections>
+            <point key="canvasLocation" x="214" y="420"/>
+        </window>
+        <customObject id="14" customClass="MainWindow"/>
+    </objects>
+    <resources>
+        <image name="Add_Group_64" width="64" height="64"/>
+        <image name="Add_Object_64" width="64" height="64"/>
+        <image name="Add_User_64" width="64" height="64"/>
+        <image name="Edit_Properties_64" width="128" height="128"/>
+        <image name="NSMultipleDocuments" width="32" height="32"/>
+        <image name="NextPageImg" width="64" height="64"/>
+        <image name="OperationalAttrImg" width="64" height="64"/>
+        <image name="OptionalAttrImg" width="64" height="64"/>
+        <image name="PageSizeImg" width="64" height="64"/>
+        <image name="RefreshImg" width="64" height="64"/>
+        <image name="SearchImg" width="64" height="64"/>
+        <image name="View_Schema_64" width="64" height="64"/>
+        <image name="connect" width="64" height="64"/>
+        <image name="delete" width="64" height="64"/>
+    </resources>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindowController.cs
new file mode 100755
index 000000000..ff61467f2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Main/MainWindowController.cs
@@ -0,0 +1,541 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using AppKit;
+using Foundation;
+using Nodes;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.DataSource;
+using LWRaftSnapIn.Delegate;
+using LWRaftSnapIn.Nodes;
+using VmIdentity.UI.Common;
+using VmIdentity.UI.Common.Utilities;
+using System.Collections.Generic;
+using System.Linq;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class MainWindowController : NSWindowController
+	{
+		private VmdirSplitViewController splitViewController;
+		private OutlineViewDataSource outlineViewDataSource;
+		private OutlineViewNavigationController navigationController;
+		private NSTableView MainTableView;
+		public NSOutlineView MainOutlineView;
+		private VMDirServerDTO serverNode;
+
+		//observers
+		private NSObject ReloadOutlineViewNotificationObject;
+		private NSObject ReloadTableViewNotificationObject;
+		private NSObject CloseNotificationObject;
+
+		private List<VMDirServerDTO> server { get; set; }
+
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public MainWindowController(IntPtr handle)
+			: base(handle)
+		{
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public MainWindowController(NSCoder coder)
+			: base(coder)
+		{
+		}
+
+		// Call to load from the XIB/NIB file
+		public MainWindowController()
+			: base("MainWindow")
+		{
+			Initialise();
+		}
+
+		// Call to load from the XIB/NIB file
+		public MainWindowController(List<VMDirServerDTO> serverName)
+			: base("MainWindow")
+		{
+			Initialise();
+			server = serverName;
+		}
+
+		private void Initialise()
+		{
+			serverNode = VMDirServerDTO.CreateInstance();
+			navigationController = new OutlineViewNavigationController();
+		}
+
+		#endregion
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			try
+			{
+				Window.SetContentBorderThickness(24, NSRectEdge.MinYEdge);
+                LWRaftSnapInEnvironment.Instance.MainWindow = this.Window;
+
+				//Load SplitView
+				splitViewController = new VmdirSplitViewController();
+				this.ContainerView.AddSubview(splitViewController.View);
+
+				SetToolBarState(false);
+				(NSApplication.SharedApplication.Delegate as AppDelegate).OpenConnectionMenuITem.Hidden = true;
+
+				//Notifications for OutlineView and Tableview to reload
+				ReloadOutlineViewNotificationObject = NSNotificationCenter.DefaultCenter.AddObserver((NSString)"ReloadOutlineView", ReloadOutlineView);
+				ReloadTableViewNotificationObject = NSNotificationCenter.DefaultCenter.AddObserver((NSString)"ReloadTableView", ReloadTableView);
+				CloseNotificationObject = NSNotificationCenter.DefaultCenter.AddObserver((NSString)"CloseApplication", OnCloseConnectionNotificationReceived);
+				PageSizeToolBarItem.Active = true;
+			}
+			catch (Exception e)
+			{
+				System.Diagnostics.Debug.WriteLine("Error : " + e.Message);
+				UIErrorHelper.ShowAlert("", e.Message);
+			}
+		}
+
+		private void InitialiseViews()
+		{
+			AppDelegate appDelegate = NSApplication.SharedApplication.Delegate as AppDelegate;
+			appDelegate.OpenConnectionMenuITem.Hidden = true;
+			try
+			{
+				if (serverNode.IsLoggedIn)
+				{
+					InitialiseDefaultOutlineView();
+					var indx = server.FindIndex(x => string.Equals(x.Server, serverNode.Server));
+					if (indx >= 0)
+						server.RemoveAt(indx);
+                    LWRaftSnapInEnvironment.Instance.LocalData.AddServer(serverNode);
+					DirectoryNode baseNode = new DirectoryNode(serverNode.BaseDN, new List<string>() { string.Empty }, serverNode, null);
+					baseNode.IsBaseNode = true;
+					outlineViewDataSource = new OutlineViewDataSource(baseNode);
+					splitViewController.VmdirOutlineView.DataSource = outlineViewDataSource;
+					baseNode.Expand(serverNode.BaseDN);
+					SetToolBarState(true);
+					InitialiseDefaultTableView();
+					StatusLabel.StringValue = "Logged in : " + serverNode.BindDN;
+				}
+				else
+					UIErrorHelper.ShowAlert(VMDirConstants.ERR_LOGIN_FAILED, "Login not successful!");
+			}
+			catch (Exception e)
+			{
+				CloseConnection();
+				UIErrorHelper.ShowAlert(e.Message, "Login not successful!");
+			}
+		}
+
+		private void InitialiseDefaultOutlineView()
+		{
+			MainOutlineView = splitViewController.VmdirOutlineView;
+			MainOutlineView.OutlineTableColumn.HeaderCell.Title = " Connected to " + serverNode.Server;
+
+			MainOutlineView.Activated += OnOutlineViewActivated;
+
+			var col = MainOutlineView.OutlineTableColumn;
+			if (col != null)
+				col.DataCell = new NSBrowserCell();
+			MainOutlineView.Delegate = new OutlineDelegate(this);
+		}
+
+		private void InitialiseDefaultTableView()
+		{
+			MainTableView = splitViewController.propViewController.PropTableView;
+			RemoveTableColumns();
+
+			//Populate appropriate columns
+			NSTableColumn col = new NSTableColumn("Attribute");
+			col.HeaderCell.Title = "Attribute";
+			col.HeaderCell.Alignment = NSTextAlignment.Center;
+			col.DataCell = new NSBrowserCell();
+			col.MinWidth = 250;
+			col.ResizingMask = NSTableColumnResizing.UserResizingMask;
+			MainTableView.AddColumn(col);
+
+			NSTableColumn col1 = new NSTableColumn("Value");
+			col1.HeaderCell.Title = "Value";
+			col1.ResizingMask = NSTableColumnResizing.UserResizingMask;
+			col1.HeaderCell.Alignment = NSTextAlignment.Center;
+			col1.MinWidth = 250;
+			MainTableView.AddColumn(col1);
+
+			NSTableColumn col2 = new NSTableColumn("Syntax");
+			col2.HeaderCell.Title = "Syntax";
+			col2.ResizingMask = NSTableColumnResizing.UserResizingMask;
+			col2.HeaderCell.Alignment = NSTextAlignment.Center;
+			col2.MinWidth = 200;
+			MainTableView.AddColumn(col2);
+		}
+
+		public async void ConnectToServer(List<VMDirServerDTO> server)
+		{
+			ProgressWindowController pwc = new ProgressWindowController();
+			IntPtr session = new IntPtr(0);
+			ConnectToLdapWindowController awc = new ConnectToLdapWindowController(server);
+			NSApplication.SharedApplication.BeginSheet(awc.Window, this.Window, () =>
+				{
+				});
+			nint result = NSApplication.SharedApplication.RunModalForWindow(awc.Window);
+			try
+			{
+				if (result == VMIdentityConstants.DIALOGOK)
+				{
+					NSApplication.SharedApplication.BeginSheet(pwc.Window, this.Window as NSWindow, () =>
+						{
+						});
+					session = NSApplication.SharedApplication.BeginModalSession(pwc.Window);
+					serverNode = awc.ServerDTO;
+					await serverNode.DoLogin();
+					InitialiseViews();
+				}
+			}
+			catch (Exception e)
+			{
+				serverNode.IsLoggedIn = false;
+				UIErrorHelper.ShowAlert(VMDirConstants.ERR_LOGIN_FAILED + " : " + e.Message, "Login not successful!");
+			}
+			finally
+			{
+				if (pwc.ProgressBar != null)
+				{
+					pwc.ProgressBar.StopAnimation(pwc.Window);
+					pwc.Window.Close();
+					NSApplication.SharedApplication.EndModalSession(session);
+				}
+				Window.EndSheet(awc.Window);
+				awc.Dispose();
+			}
+		}
+
+		private void SetToolBarState(bool state)
+		{
+			if (state == false)
+			{
+				ServerToolBarItem.Label = "Connect";
+			}
+			else
+			{
+				ServerToolBarItem.Label = "Disconnect";
+			}
+			ServerToolBarItem.Active = true;
+			AddObjectToolBarItem.Active = state;
+			PropertiesToolBarItem.Active = state;
+			DeleteObjectToolBarItem.Active = state;
+			AddUserToolBarItem.Active = state;
+			AddGroupToolBarItem.Active = state;
+			BackForwardToolBarItem.Active = state;
+			RefreshToolBarItem.Active = state;
+			SuperLogToolBarItem.Active = state;
+			OperationalToolBarItem.Active = state;
+			SearchToolBarItem.Active = state;
+			FetchNextPageToolBarItem.Active = state;
+			OptionalToolBarItem.Active = state;
+		}
+
+		partial void ShowSuperLogWindow(NSObject sender)
+		{
+			SuperLoggingBrowserWindowController awc = new SuperLoggingBrowserWindowController(serverNode);
+			NSApplication.SharedApplication.BeginSheet(awc.Window, this.Window, () =>
+				{
+				});
+			try
+			{
+				NSApplication.SharedApplication.RunModalForWindow(awc.Window);
+			}
+			finally
+			{
+				Window.EndSheet(awc.Window);
+				awc.Dispose();
+			}
+		}
+
+		partial void HandleConnection(NSObject sender)
+		{
+			if (serverNode == null || serverNode.IsLoggedIn == false)
+			{
+				ConnectToServer(server);
+			}
+			else
+			{
+				ConfirmationDialogController cwc = new ConfirmationDialogController("Are you sure?");
+				nint result = NSApplication.SharedApplication.RunModalForWindow(cwc.Window);
+				if (result == (nint)VMIdentityConstants.DIALOGOK)
+				{
+					CloseConnection();
+				}
+			}
+		}
+
+		private bool isObjectSelected(nint row)
+		{
+			if (row < (nint)0)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+				return false;
+			}
+			else
+				return true;
+		}
+
+		partial void AddObject(NSObject sender)
+		{
+			nint row = MainOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNode node = MainOutlineView.ItemAtRow(row) as DirectoryNode;
+				node.ShowAddWindow();
+			}
+		}
+
+		partial void AddUser(NSObject sender)
+		{
+			nint row = MainOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNode node = MainOutlineView.ItemAtRow(row) as DirectoryNode;
+				node.ShowAddUser();
+			}
+		}
+
+		partial void AddGroup(NSObject sender)
+		{
+			nint row = MainOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNode node = MainOutlineView.ItemAtRow(row) as DirectoryNode;
+				node.ShowAddGroup();
+			}
+		}
+
+		partial void DeleteObject(NSObject sender)
+		{
+			nint row = MainOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNode node = MainOutlineView.ItemAtRow(row) as DirectoryNode;
+				node.PerformDelete();
+			}
+		}
+
+		public void CloseConnection()
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+				{
+					serverNode.Connection.CloseConnection();
+					serverNode.IsLoggedIn = false;
+					ResetViews();
+				});
+		}
+
+		private void ResetViews()
+		{
+			if (MainOutlineView != null)
+			{
+				MainOutlineView.DataSource = null;
+				if (outlineViewDataSource.RootNode.Children != null)
+					outlineViewDataSource.RootNode.Children.Clear();
+				outlineViewDataSource = null;
+				MainOutlineView.OutlineTableColumn.HeaderCell.Title = string.Empty;
+			}
+			if (MainTableView != null)
+			{
+				RemoveTableColumns();
+				MainTableView.DataSource = null;
+			}
+			Window.Title = "Lightwave Raft Browser";
+			StatusLabel.StringValue = "Logged in : none";
+
+			NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadOutlineView", this);
+			NSNotificationCenter.DefaultCenter.PostNotificationName("ReloadTableView", this);
+			SetToolBarState(false);
+		}
+
+		public void RefreshTableViewBasedOnSelection(nint row)
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				if (row >= (nint)0)
+				{
+					NSObject item = MainOutlineView.ItemAtRow(row);
+					if (item is DirectoryNode)
+					{
+						DirectoryNode node = item as DirectoryNode;
+						MainTableView.DataSource = new PropertiesTableViewDataSource(node.Dn, node.ObjectClass[node.ObjectClass.Count - 1], node.ServerDTO, node.NodeProperties);
+						splitViewController.propViewController.ds = (PropertiesTableViewDataSource)MainTableView.DataSource;
+						MainTableView.Delegate = new PropertiesTableDelegate(this, (PropertiesTableViewDataSource)MainTableView.DataSource, splitViewController.propViewController);
+					}
+				}
+				else
+				{
+					MainTableView.DataSource = null;
+				}
+				MainTableView.ReloadData();
+			});
+		}
+
+		//Handle the Right Panel Display logic here
+		private void OnOutlineViewActivated(object sender, EventArgs e)
+		{
+			NSOutlineView obj = sender as NSOutlineView;
+			if (obj != null)
+			{
+				nint row = obj.SelectedRow;
+				navigationController.AddPreviousSelectedRow((int)row);
+			}
+		}
+
+		private void RemoveTableColumns()
+		{
+			while (MainTableView.ColumnCount > 0)
+			{
+				MainTableView.RemoveColumn(MainTableView.TableColumns()[0]);
+			}
+		}
+
+		public void ReloadOutlineView(NSNotification notification)
+		{
+			MainOutlineView.ReloadData();
+		}
+
+		public void ReloadTableView(NSNotification notification)
+		{
+			RefreshTableViewBasedOnSelection(MainOutlineView.SelectedRow);
+		}
+
+		partial void BackForwardAction(Foundation.NSObject sender)
+		{
+			NSSegmentedControl control = sender as NSSegmentedControl;
+
+			nint selectedSeg = control.SelectedSegment;
+
+			switch (selectedSeg)
+			{
+				case 0:
+					GotoPreviousAction();
+					break;
+				case 1:
+					GotoNextAction();
+					break;
+				default:
+					break;
+			}
+		}
+
+		private void GotoNextAction()
+		{
+			MainOutlineView.DeselectAll(this);
+			nint row = (nint)navigationController.GetForwardSelectedRow();
+			MainOutlineView.SelectRow(row, true);
+		}
+
+		private void GotoPreviousAction()
+		{
+			MainOutlineView.DeselectAll(this);
+			nint row = (nint)navigationController.GetPreviousSelectedRow();
+			MainOutlineView.SelectRow(row, true);
+		}
+
+		public void OnCloseConnectionNotificationReceived(NSNotification notification)
+		{
+			NSNotificationCenter.DefaultCenter.RemoveObserver(ReloadOutlineViewNotificationObject);
+			NSNotificationCenter.DefaultCenter.RemoveObserver(ReloadTableViewNotificationObject);
+			NSNotificationCenter.DefaultCenter.RemoveObserver(CloseNotificationObject);
+		}
+
+		partial void OnRefresh(Foundation.NSObject sender)
+		{
+			(this.outlineViewDataSource.RootNode as DirectoryNode).ReloadChildren();
+		}
+
+		//strongly typed window accessor
+		public new MainWindow Window
+		{
+			get
+			{
+				return (MainWindow)base.Window;
+			}
+		}
+
+		public override void WindowDidLoad()
+		{
+			base.WindowDidLoad();
+			ConnectToServer(server);
+		}
+
+		partial void OnOperationalToolBarItem(NSObject sender)
+		{
+			if (serverNode.OperationalAttrFlag)
+				serverNode.OperationalAttrFlag = false;
+			else
+				serverNode.OperationalAttrFlag = true;
+			RefreshTableViewBasedOnSelection(MainOutlineView.SelectedRow);
+		}
+
+		partial void OnOptionalToolBatItem(NSObject sender)
+		{
+			if (serverNode.OptionalAttrFlag)
+				serverNode.OptionalAttrFlag = false;
+			else
+				serverNode.OptionalAttrFlag = true;
+			RefreshTableViewBasedOnSelection(MainOutlineView.SelectedRow);
+		}
+
+		partial void OnPageSizeToolBarItem(NSObject sender)
+		{
+			PageSizeController pswc = new PageSizeController(serverNode.PageSize);
+			NSApplication.SharedApplication.BeginSheet(pswc.Window, this.Window, () =>
+				{
+				});
+			try
+			{
+				nint result = NSApplication.SharedApplication.RunModalForWindow(pswc.Window);
+				if (result == (nint)VMIdentityConstants.DIALOGOK)
+				{
+					serverNode.PageSize = pswc.PageSize;
+				}
+			}
+			finally
+			{
+				Window.EndSheet(pswc.Window);
+				pswc.Dispose();
+			}
+		}
+
+		partial void OnSearchToolBarItem(NSObject sender)
+		{
+			nint row = MainOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNode node = MainOutlineView.ItemAtRow(row) as DirectoryNode;
+				node.ShowSearch();
+			}
+		}
+
+		partial void OnFetchNextPageToolBarItem(NSObject sender)
+		{
+			nint row = MainOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNode node = MainOutlineView.ItemAtRow(row) as DirectoryNode;
+				node.GetNextPage();
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/OutlineView.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/OutlineView.cs
new file mode 100755
index 000000000..3ec0d2cfe
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/OutlineView.cs
@@ -0,0 +1,90 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using AppKit;
+using Foundation;
+using LWRaftSnapIn.Nodes;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.UI
+{
+    [Register ("VmdirOutlineView")]
+    public class OutlineView : NSOutlineView
+    {
+        [Foundation.Export ("init")]
+        public OutlineView ()
+        {
+        }
+
+        [Foundation.Export ("initWithCoder:")]
+        public OutlineView (NSCoder coder) : base (coder)
+        {
+        }
+
+        public OutlineView (IntPtr handle) : base (handle)
+        {
+        }
+
+        //Right click menu event for the outlineview.
+        public override NSMenu MenuForEvent (NSEvent theEvent)
+        {
+            int row = (int)this.SelectedRow;
+            if (row >= (nint)0) {
+                NSObject obj = this.ItemAtRow (row);
+                if (obj != null) {
+                    NSMenu menu = new NSMenu ();
+                    if (obj is DirectoryNode) {
+                        DirectoryNode node = obj as DirectoryNode;
+
+						NSMenuItem search = new NSMenuItem("Search", node.Search);
+						menu.AddItem(search);
+						NSMenuItem fetchNextPage = new NSMenuItem("Fetch Next Page", node.FetchNextPage);
+						menu.AddItem(fetchNextPage);
+						NSMenuItem refresh = new NSMenuItem("Refresh", node.RefreshNode);
+						menu.AddItem(refresh);
+						NSMenuItem delete = new NSMenuItem("Delete", node.Delete);
+						menu.AddItem(delete);
+
+						if (node.ObjectClass.Contains(VMDirConstants.USER_OC)){
+							menu.AddItem(NSMenuItem.SeparatorItem);
+							NSMenuItem addUsertoGroup = new NSMenuItem("Add to a Group", node.AddUserToGroup);
+							menu.AddItem(addUsertoGroup);
+							NSMenuItem resetPassword = new NSMenuItem("Reset Password", node.RestUserPassword);
+							menu.AddItem(resetPassword);
+							NSMenuItem verifyUserPassword = new NSMenuItem("Verify Password", node.VerifyUserPassword);
+							menu.AddItem(verifyUserPassword);
+							}
+						else if (node.ObjectClass.Contains(VMDirConstants.GROUP_OC))
+						{
+							menu.AddItem(NSMenuItem.SeparatorItem);
+							NSMenuItem addGrouptoGroup = new NSMenuItem("Add to a Group", node.AddUserToGroup);
+							menu.AddItem(addGrouptoGroup);
+						}
+						menu.AddItem(NSMenuItem.SeparatorItem);
+						NSMenuItem addUser = new NSMenuItem("Add User", node.AddUser);
+						menu.AddItem(addUser);
+						NSMenuItem addGroup = new NSMenuItem("Add Group", node.AddGroup);
+						menu.AddItem(addGroup);
+						NSMenuItem add = new NSMenuItem("Add Object", node.Add);
+						menu.AddItem(add);
+                    }
+                    NSMenu.PopUpContextMenu (menu, theEvent, theEvent.Window.ContentView);
+                }
+            }
+            return base.MenuForEvent (theEvent);
+        }
+    }
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.cs
new file mode 100755
index 000000000..8dddb303f
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class PageSize : NSWindow
+	{
+		public PageSize(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public PageSize(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.designer.cs
new file mode 100755
index 000000000..f4c79aebc
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.designer.cs
@@ -0,0 +1,20 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	[global::Foundation.Register("PageSize")]
+	public partial class PageSize
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.xib
new file mode 100755
index 000000000..222dd5042
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSize.xib
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="PageSizeController">
+            <connections>
+                <outlet property="PageSizeTextField" destination="QCJ-ny-jCB" id="1vc-Tw-xuU"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" visibleAtLaunch="NO" animationBehavior="default" id="2" customClass="PageSize">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="256" height="144"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <value key="minSize" type="size" width="256" height="144"/>
+            <value key="maxSize" type="size" width="256" height="144"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="256" height="144"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="9Qr-OV-8E2">
+                        <rect key="frame" x="32" y="91" width="68" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Page Size:" id="qAM-Af-cOy">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="QCJ-ny-jCB">
+                        <rect key="frame" x="119" y="88" width="100" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" drawsBackground="YES" id="cpY-7E-u8q">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="znh-1O-R5i">
+                        <rect key="frame" x="45" y="26" width="82" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="Cbs-r8-6hb">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancelButton:" target="-2" id="wuh-EE-uae"/>
+                        </connections>
+                    </button>
+                    <button verticalHuggingPriority="750" id="LWM-17-1zf">
+                        <rect key="frame" x="142" y="26" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Submit" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="25c-66-1t7">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnSubmitButton:" target="-2" id="gk9-WH-RdX"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <contentBorderThickness minY="22"/>
+            <point key="canvasLocation" x="346" y="244"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSizeController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSizeController.cs
new file mode 100755
index 000000000..a42a4d00e
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSizeController.cs
@@ -0,0 +1,94 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class PageSizeController : NSWindowController
+	{
+		public int PageSize;
+		public PageSizeController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public PageSizeController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public PageSizeController(int pageSize) : base("PageSize")
+		{
+			PageSize = pageSize;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			PageSizeTextField.StringValue = PageSize.ToString();
+		}
+
+		public new PageSize Window
+		{
+			get { return (PageSize)base.Window; }
+		}
+
+		partial void OnCancelButton(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		private bool Validate()
+		{
+			int ps;
+			if (string.IsNullOrWhiteSpace(PageSizeTextField.StringValue))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_PAGE_SIZE);
+				return false;
+			}
+			if (int.TryParse(PageSizeTextField.StringValue, out ps))
+			{
+				if (ps <= 0)
+				{
+					UIErrorHelper.ShowWarning(VMDirConstants.WRN_PAGE_SIZE_MINVAL);
+					return false;
+				}
+				else if (ps>VMDirConstants.DEFAULT_PAGE_SIZE*10)
+				{
+					UIErrorHelper.ShowWarning(VMDirConstants.WRN_PAGE_SIZE_MAXVAL);
+					return false;
+				}
+				else
+					return true;
+			}
+			else {
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_INT_VAL);
+				return false;
+			}
+		}
+
+		partial void OnSubmitButton(NSObject sender)
+		{
+			if (!Validate())
+				return;
+			int.TryParse(PageSizeTextField.StringValue, out PageSize);
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(1);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSizeController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSizeController.designer.cs
new file mode 100755
index 000000000..4fe3c2564
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PageSize/PageSizeController.designer.cs
@@ -0,0 +1,46 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("PageSizeController")]
+	partial class PageSizeController
+	{
+		[Outlet]
+		AppKit.NSTextField PageSizeTextField { get; set; }
+
+		[Action ("OnCancelButton:")]
+		partial void OnCancelButton (Foundation.NSObject sender);
+
+		[Action ("OnSubmitButton:")]
+		partial void OnSubmitButton (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (PageSizeTextField != null) {
+				PageSizeTextField.Dispose ();
+				PageSizeTextField = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.cs
new file mode 100755
index 000000000..fc4324d9d
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class ResetPasswordWindow : NSWindow
+    {
+        public ResetPasswordWindow (IntPtr handle) : base (handle)
+        {
+        }
+
+        [Export ("initWithCoder:")]
+        public ResetPasswordWindow (NSCoder coder) : base (coder)
+        {
+        }
+
+        public override void AwakeFromNib ()
+        {
+            base.AwakeFromNib ();
+        }
+
+        [Export ("windowWillClose:")]
+        public void WindowWillClose (NSNotification notification)
+        {
+            this.Close ();
+            NSApplication.SharedApplication.StopModalWithCode (0);
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.designer.cs
new file mode 100755
index 000000000..91d27c298
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    [global::Foundation.Register ("ResetPasswordWindow")]
+    public partial class ResetPasswordWindow
+    {
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.xib
new file mode 100755
index 000000000..66c4a4d54
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindow.xib
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15F34" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="ResetPasswordWindowController">
+            <connections>
+                <outlet property="ConfirmPasswordTextField" destination="17" id="22"/>
+                <outlet property="DnTextField" destination="Vkp-Fr-P1o" id="pd9-b6-O9x"/>
+                <outlet property="NewPasswordTextField" destination="15" id="21"/>
+                <outlet property="OnCancelButton" destination="13" id="24"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Set Password" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="ResetPasswordWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES"/>
+            <rect key="contentRect" x="413" y="346" width="447" height="193"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="447" height="193"/>
+            <value key="maxSize" type="size" width="447" height="193"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="447" height="193"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="7">
+                        <rect key="frame" x="52" y="115" width="100" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="New Password:" id="8">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="11">
+                        <rect key="frame" x="348" y="25" width="60" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="OK" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="12">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnOKButton:" target="-2" id="23"/>
+                        </connections>
+                    </button>
+                    <textField verticalHuggingPriority="750" id="15" customClass="NSSecureTextField">
+                        <rect key="frame" x="166" y="112" width="236" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the new Password" drawsBackground="YES" id="16">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="17" customClass="NSSecureTextField">
+                        <rect key="frame" x="166" y="75" width="236" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Confirm the password entered above" drawsBackground="YES" id="18">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="13">
+                        <rect key="frame" x="254" y="25" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="14">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancelButton:" target="-2" id="25"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="oyk-4F-NfU">
+                        <rect key="frame" x="52" y="152" width="100" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="DN:" id="9f2-wP-1bE">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="9">
+                        <rect key="frame" x="30" y="78" width="122" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="Confirm Password:" id="10">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="Vkp-Fr-P1o">
+                        <rect key="frame" x="166" y="152" width="236" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter DN" drawsBackground="YES" id="0Xk-h1-ymI">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="26" id="27"/>
+            </connections>
+            <point key="canvasLocation" x="269.5" y="291.5"/>
+        </window>
+        <customObject id="26" customClass="ResetPasswordWindow"/>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindowController.cs
new file mode 100755
index 000000000..1c19e1555
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindowController.cs
@@ -0,0 +1,91 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ResetPasswordWindowController : NSWindowController
+	{
+		public string Password { get; set; }
+		public string Dn { get; set; }
+
+		public ResetPasswordWindowController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ResetPasswordWindowController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public ResetPasswordWindowController(string dn) : base("ResetPasswordWindow")
+		{
+			this.Dn = dn;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			this.DnTextField.StringValue = Dn;
+		}
+
+		private bool ValidateControls()
+		{
+			var msg = string.Empty;
+			if (string.IsNullOrWhiteSpace(this.DnTextField.StringValue))
+				msg = VMDirConstants.WRN_PWD_ENT;
+			else if (String.IsNullOrWhiteSpace(NewPasswordTextField.StringValue))
+				msg = VMDirConstants.WRN_NEW_PWD_ENT;
+			else if (!string.Equals(this.NewPasswordTextField.StringValue, this.ConfirmPasswordTextField.StringValue))
+				msg = VMDirConstants.WRN_PWD_NO_MATCH;
+
+			if (!string.IsNullOrWhiteSpace(msg))
+			{
+				UIErrorHelper.ShowWarning(msg);
+				return false;
+			}
+			return true;
+		}
+
+		partial void OnOKButton(Foundation.NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+				if (!ValidateControls())
+					return;
+
+				Dn = DnTextField.StringValue;
+				Password = NewPasswordTextField.StringValue;
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			});
+		}
+
+		partial void OnCancelButton(Foundation.NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		public new ResetPasswordWindow Window
+		{
+			get { return (ResetPasswordWindow)base.Window; }
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindowController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindowController.designer.cs
new file mode 100755
index 000000000..2260f0f11
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/ResetPasswordWindowController.designer.cs
@@ -0,0 +1,62 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ResetPasswordWindowController")]
+	partial class ResetPasswordWindowController
+	{
+		[Outlet]
+		AppKit.NSTextField ConfirmPasswordTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField DnTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField NewPasswordTextField { get; set; }
+
+		[Action ("OnCancelButton:")]
+		partial void OnCancelButton (Foundation.NSObject sender);
+
+		[Action ("OnOKButton:")]
+		partial void OnOKButton (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (DnTextField != null) {
+				DnTextField.Dispose ();
+				DnTextField = null;
+			}
+
+			if (ConfirmPasswordTextField != null) {
+				ConfirmPasswordTextField.Dispose ();
+				ConfirmPasswordTextField = null;
+			}
+
+			if (NewPasswordTextField != null) {
+				NewPasswordTextField.Dispose ();
+				NewPasswordTextField = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.cs
new file mode 100755
index 000000000..3b2a22e93
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace UI.Password
+{
+	public partial class VerifyPassword : NSWindow
+	{
+		public VerifyPassword(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public VerifyPassword(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.designer.cs
new file mode 100755
index 000000000..a1e08f334
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.designer.cs
@@ -0,0 +1,20 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace UI.Password
+{
+	[global::Foundation.Register("VerifyPassword")]
+	public partial class VerifyPassword
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.xib
new file mode 100755
index 000000000..5a2377c28
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPassword.xib
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15F34" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="VerifyPasswordController">
+            <connections>
+                <outlet property="PwdTextField" destination="PWg-NL-Vny" id="UEd-z7-8gE"/>
+                <outlet property="UpnTextField" destination="YZ7-LD-bkR" id="6Hr-EI-4qs"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application"/>
+        <window title="Verify User Password" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="VerifyPassword">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="435" height="182"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="435" height="182"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="8Gd-h0-ixs">
+                        <rect key="frame" x="39" y="94" width="100" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="Password:" id="8Bj-xm-3eY">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="PWg-NL-Vny" customClass="NSSecureTextField">
+                        <rect key="frame" x="153" y="91" width="236" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter the Password" drawsBackground="YES" id="x58-3D-Jr9">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="oMi-49-4vd">
+                        <rect key="frame" x="39" y="131" width="100" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="right" title="UPN:" id="2O2-89-t8B">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField verticalHuggingPriority="750" id="YZ7-LD-bkR">
+                        <rect key="frame" x="153" y="128" width="236" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="Enter UPN" drawsBackground="YES" id="ijE-9a-3bj">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="bNt-Rw-cH8">
+                        <rect key="frame" x="335" y="37" width="60" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="OK" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="Vwx-68-Fh1">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnOkButton:" target="-2" id="QkB-Ee-Nnl"/>
+                        </connections>
+                    </button>
+                    <button verticalHuggingPriority="750" id="9Kh-MR-hDl">
+                        <rect key="frame" x="246" y="37" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="jbl-aD-QFQ">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancelButton:" target="-2" id="F58-1O-y39"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <point key="canvasLocation" x="173.5" y="286"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPasswordController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPasswordController.cs
new file mode 100755
index 000000000..beef55a96
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPasswordController.cs
@@ -0,0 +1,90 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common;
+
+namespace UI.Password
+{
+	public partial class VerifyPasswordController : NSWindowController
+	{
+		public string Upn { get; set; }
+		public string Password { get; set; }
+
+		public VerifyPasswordController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public VerifyPasswordController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public VerifyPasswordController(string upn) : base("VerifyPassword")
+		{
+			this.Upn = upn;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			this.UpnTextField.StringValue = Upn;
+		}
+
+		private bool ValidateControls()
+		{
+			string msg = string.Empty;
+			if (string.IsNullOrWhiteSpace(this.UpnTextField.StringValue))
+				msg = VMDirConstants.WRN_UPN_ENT;
+			else if (String.IsNullOrWhiteSpace(this.PwdTextField.StringValue))
+			{
+				msg = VMDirConstants.WRN_PWD_ENT;
+			}
+
+			if (!string.IsNullOrWhiteSpace(msg))
+			{
+				UIErrorHelper.ShowWarning(msg);
+				return false;
+			}
+
+			return true;
+		}
+
+		partial void OnOkButton(Foundation.NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+				if (!ValidateControls())
+					return;
+
+				Password = PwdTextField.StringValue;
+				Upn = UpnTextField.StringValue;
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			});
+		}
+
+		partial void OnCancelButton(Foundation.NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+		public new VerifyPassword Window
+		{
+			get { return (VerifyPassword)base.Window; }
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPasswordController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPasswordController.designer.cs
new file mode 100755
index 000000000..b75af5e2e
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Password/VerifyPasswordController.designer.cs
@@ -0,0 +1,54 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace UI.Password
+{
+	[Register ("VerifyPasswordController")]
+	partial class VerifyPasswordController
+	{
+		[Outlet]
+		AppKit.NSSecureTextField PwdTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField UpnTextField { get; set; }
+
+		[Action ("OnCancelButton:")]
+		partial void OnCancelButton (Foundation.NSObject sender);
+
+		[Action ("OnOkButton:")]
+		partial void OnOkButton (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (UpnTextField != null) {
+				UpnTextField.Dispose ();
+				UpnTextField = null;
+			}
+
+			if (PwdTextField != null) {
+				PwdTextField.Dispose ();
+				PwdTextField = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.cs
new file mode 100755
index 000000000..3e1c98b92
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ModSubmitConfirm : NSWindow
+	{
+		public ModSubmitConfirm(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ModSubmitConfirm(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.designer.cs
new file mode 100755
index 000000000..5ea75dcdb
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.designer.cs
@@ -0,0 +1,20 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	[global::Foundation.Register("ModSubmitConfirm")]
+	public partial class ModSubmitConfirm
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.xib
new file mode 100755
index 000000000..76a4d1349
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirm.xib
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="ModSubmitConfirmController">
+            <connections>
+                <outlet property="ModifiedAttributeTableView" destination="ED3-3E-bbz" id="iMI-xD-vQR"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="ModSubmitConfirm">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="400" height="270"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="400" height="270"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <button verticalHuggingPriority="750" id="ZAx-Yy-Hp7">
+                        <rect key="frame" x="321" y="29" width="62" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Yes" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="tTO-Jw-UiA">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnYes:" target="-2" id="w8m-97-xZX"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="y5A-eQ-mTW">
+                        <rect key="frame" x="25" y="226" width="354" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Are you sure you want to modify following attributes?" id="FkK-ln-pwg">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="TIC-rZ-ror">
+                        <rect key="frame" x="27" y="78" width="350" height="135"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <clipView key="contentView" id="gkV-rd-rKO">
+                            <rect key="frame" x="1" y="1" width="348" height="133"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" id="ED3-3E-bbz">
+                                    <rect key="frame" x="0.0" y="0.0" width="348" height="133"/>
+                                    <autoresizingMask key="autoresizingMask"/>
+                                    <size key="intercellSpacing" width="3" height="2"/>
+                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                    <tableColumns>
+                                        <tableColumn width="335.01953125" minWidth="40" maxWidth="1000" id="eE0-68-r4r">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Attribute">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="fQh-rd-fUo">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                    </tableColumns>
+                                </tableView>
+                            </subviews>
+                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </clipView>
+                        <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="miH-X6-Yde">
+                            <rect key="frame" x="1" y="119" width="223" height="15"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="xMU-gs-gjm">
+                            <rect key="frame" x="224" y="17" width="15" height="102"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                    </scrollView>
+                    <button verticalHuggingPriority="750" id="q3j-tB-zdD">
+                        <rect key="frame" x="255" y="29" width="58" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="No" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="X93-Dk-Jhs">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnNo:" target="-2" id="uiy-B1-7r3"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="-2" id="2D2-XE-Ftk"/>
+            </connections>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirmController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirmController.cs
new file mode 100755
index 000000000..18b427179
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirmController.cs
@@ -0,0 +1,69 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using System.Collections.Generic;
+using LWRaftSnapIn.DataSource;
+using System.Linq;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ModSubmitConfirmController : NSWindowController
+	{
+		private Dictionary<string, List<string>> _modifications;
+		private AttributeTableViewDataSource _modAttrDs;
+		public ModSubmitConfirmController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ModSubmitConfirmController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public ModSubmitConfirmController(Dictionary<string, List<string>> modifications) : base("ModSubmitConfirm")
+		{
+			_modifications = modifications;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			_modAttrDs = new AttributeTableViewDataSource();
+			_modAttrDs.attrList.AddRange(_modifications.Select(x=>x.Key));
+			this.ModifiedAttributeTableView.DataSource = _modAttrDs;
+		}
+
+		public new ModSubmitConfirm Window
+		{
+			get { return (ModSubmitConfirm)base.Window; }
+		}
+		partial void OnYes(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(1);
+		}
+		partial void OnNo(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirmController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirmController.designer.cs
new file mode 100755
index 000000000..7c7a14047
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitConfirmController.designer.cs
@@ -0,0 +1,46 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ModSubmitConfirmController")]
+	partial class ModSubmitConfirmController
+	{
+		[Outlet]
+		AppKit.NSTableView ModifiedAttributeTableView { get; set; }
+
+		[Action ("OnNo:")]
+		partial void OnNo (Foundation.NSObject sender);
+
+		[Action ("OnYes:")]
+		partial void OnYes (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (ModifiedAttributeTableView != null) {
+				ModifiedAttributeTableView.Dispose ();
+				ModifiedAttributeTableView = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.cs
new file mode 100755
index 000000000..b7f1b9844
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ModSubmitStatus : NSWindow
+	{
+		public ModSubmitStatus(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ModSubmitStatus(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.designer.cs
new file mode 100755
index 000000000..6d4f935f2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.designer.cs
@@ -0,0 +1,20 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	[global::Foundation.Register("ModSubmitStatus")]
+	public partial class ModSubmitStatus
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.xib
new file mode 100755
index 000000000..791b3041b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatus.xib
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="ModSubmitStatusController">
+            <connections>
+                <outlet property="ModificationStatusTableView" destination="MrA-nk-PLK" id="O29-jG-1PP"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="ModSubmitStatus">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="540" height="270"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="540" height="270"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="CgE-C8-Kg6">
+                        <rect key="frame" x="18" y="226" width="504" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Following attributes were submitted for modification" id="a0g-LU-oRw">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="JX0-2K-ugh">
+                        <rect key="frame" x="20" y="83" width="500" height="135"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <clipView key="contentView" id="scy-Fp-Jxb">
+                            <rect key="frame" x="1" y="23" width="498" height="111"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" rowSizeStyle="automatic" headerView="evE-bQ-khJ" viewBased="YES" id="MrA-nk-PLK">
+                                    <rect key="frame" x="0.0" y="0.0" width="498" height="111"/>
+                                    <autoresizingMask key="autoresizingMask"/>
+                                    <size key="intercellSpacing" width="3" height="2"/>
+                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                    <tableColumns>
+                                        <tableColumn identifier="Attribute" width="116" minWidth="40" maxWidth="1000" id="SZy-zX-R1R">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Attribute">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="OW8-Zv-10D">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                            <prototypeCellViews>
+                                                <tableCellView id="sor-Cj-Cfo">
+                                                    <rect key="frame" x="1" y="1" width="116" height="17"/>
+                                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                    <subviews>
+                                                        <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" id="5cJ-sK-Bah">
+                                                            <rect key="frame" x="0.0" y="0.0" width="116" height="17"/>
+                                                            <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES"/>
+                                                            <textFieldCell key="cell" lineBreakMode="truncatingTail" sendsActionOnEndEditing="YES" title="Table View Cell" id="4Ty-uy-zlc">
+                                                                <font key="font" metaFont="system"/>
+                                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                            </textFieldCell>
+                                                        </textField>
+                                                    </subviews>
+                                                    <connections>
+                                                        <outlet property="textField" destination="5cJ-sK-Bah" id="x2f-Fe-Y0B"/>
+                                                    </connections>
+                                                </tableCellView>
+                                            </prototypeCellViews>
+                                        </tableColumn>
+                                        <tableColumn identifier="Status" width="376" minWidth="40" maxWidth="1000" id="eFh-eY-inw">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Status">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="z4h-kI-gQx">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                            <prototypeCellViews>
+                                                <tableCellView id="eRE-9P-fas">
+                                                    <rect key="frame" x="120" y="1" width="376" height="17"/>
+                                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                    <subviews>
+                                                        <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" id="dQx-h8-2ml">
+                                                            <rect key="frame" x="0.0" y="0.0" width="376" height="17"/>
+                                                            <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES"/>
+                                                            <textFieldCell key="cell" lineBreakMode="truncatingTail" sendsActionOnEndEditing="YES" title="Table View Cell" id="xVC-Xz-nWv">
+                                                                <font key="font" metaFont="system"/>
+                                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                            </textFieldCell>
+                                                        </textField>
+                                                    </subviews>
+                                                    <connections>
+                                                        <outlet property="textField" destination="dQx-h8-2ml" id="zeQ-wz-b1e"/>
+                                                    </connections>
+                                                </tableCellView>
+                                            </prototypeCellViews>
+                                        </tableColumn>
+                                    </tableColumns>
+                                </tableView>
+                            </subviews>
+                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </clipView>
+                        <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="355-E8-yBi">
+                            <rect key="frame" x="1" y="119" width="223" height="15"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="RxN-EF-3ZD">
+                            <rect key="frame" x="224" y="17" width="15" height="102"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <tableHeaderView key="headerView" id="evE-bQ-khJ">
+                            <rect key="frame" x="0.0" y="0.0" width="498" height="23"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </tableHeaderView>
+                    </scrollView>
+                    <button verticalHuggingPriority="750" id="PyU-5J-gTB">
+                        <rect key="frame" x="467" y="24" width="59" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="OK" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="M13-0n-4Jd">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnOk:" target="-2" id="s6p-jR-Moy"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="-2" id="Cxt-Uw-gvJ"/>
+            </connections>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatusController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatusController.cs
new file mode 100755
index 000000000..8b683f2ce
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatusController.cs
@@ -0,0 +1,67 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using System.Collections.Generic;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.DataSource;
+using LWRaftSnapIn.Delegate;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ModSubmitStatusController : NSWindowController
+	{
+		private List<AttributeModStatus> _modStatus;
+		private ModificationStatusTableViewDataSource _modStatusDs;
+		public ModSubmitStatusController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ModSubmitStatusController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public ModSubmitStatusController(List<AttributeModStatus> modStatus) : base("ModSubmitStatus")
+		{
+			_modStatus = modStatus;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			_modStatusDs = new ModificationStatusTableViewDataSource(_modStatus);
+			ModificationStatusTableView.DataSource = _modStatusDs;
+			ModificationStatusTableView.Delegate = new ModificationStatusTableDelegate(_modStatusDs);
+		}
+
+		public new ModSubmitStatus Window
+		{
+			get { return (ModSubmitStatus)base.Window; }
+		}
+
+		partial void OnOk(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatusController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatusController.designer.cs
new file mode 100755
index 000000000..f66880c21
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/ModSubmitStatusController.designer.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ModSubmitStatusController")]
+	partial class ModSubmitStatusController
+	{
+		[Outlet]
+		AppKit.NSTableView ModificationStatusTableView { get; set; }
+
+		[Action ("OnOk:")]
+		partial void OnOk (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (ModificationStatusTableView != null) {
+				ModificationStatusTableView.Dispose ();
+				ModificationStatusTableView = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.cs
new file mode 100755
index 000000000..0f509abde
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class PropertiesView : AppKit.NSView
+	{
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public PropertiesView(IntPtr handle) : base(handle)
+		{
+			Initialize();
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public PropertiesView(NSCoder coder) : base(coder)
+		{
+			Initialize();
+		}
+
+		// Shared initialization code
+		void Initialize()
+		{
+		}
+
+		#endregion
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.designer.cs
new file mode 100755
index 000000000..6d431d689
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	// Should subclass AppKit.NSView
+	[Foundation.Register("PropertiesView")]
+	public partial class PropertiesView
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.xib
new file mode 100755
index 000000000..8950558f2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesView.xib
@@ -0,0 +1,199 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15F34" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="PropertiesViewController">
+            <connections>
+                <outlet property="AttrAdd" destination="YgK-M3-Yxn" id="hM3-kF-IF6"/>
+                <outlet property="PropApply" destination="p1v-Od-eCd" id="V4k-Kd-o4M"/>
+                <outlet property="PropReset" destination="qzg-2V-PNs" id="bdF-Dz-Ioj"/>
+                <outlet property="PropTableView" destination="Itr-mh-M37" id="Uz0-9y-cnP"/>
+                <outlet property="view" destination="4" id="17"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <customView id="4" customClass="PropertiesView">
+            <rect key="frame" x="0.0" y="0.0" width="760" height="678"/>
+            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+            <subviews>
+                <button verticalHuggingPriority="750" id="p1v-Od-eCd">
+                    <rect key="frame" x="676" y="1" width="75" height="32"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxY="YES"/>
+                    <buttonCell key="cell" type="push" title="Apply" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="3wJ-EV-q5E">
+                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                        <font key="font" metaFont="system"/>
+                        <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                    </buttonCell>
+                    <connections>
+                        <action selector="PropApplyClick:" target="-2" id="RaJ-us-u0y"/>
+                    </connections>
+                </button>
+                <button verticalHuggingPriority="750" id="qzg-2V-PNs">
+                    <rect key="frame" x="601" y="1" width="75" height="32"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxY="YES"/>
+                    <buttonCell key="cell" type="push" title="Reset" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="aaY-n9-Xcf">
+                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                        <font key="font" metaFont="system"/>
+                    </buttonCell>
+                    <connections>
+                        <action selector="PropResetClick:" target="-2" id="Unz-kf-y3E"/>
+                    </connections>
+                </button>
+                <button id="YgK-M3-Yxn">
+                    <rect key="frame" x="8" y="8" width="30" height="20"/>
+                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMaxY="YES"/>
+                    <buttonCell key="cell" type="square" alternateTitle="Add another value" bezelStyle="shadowlessSquare" image="NSAddTemplate" imagePosition="overlaps" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="ZhT-bW-qlh">
+                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                        <font key="font" metaFont="system"/>
+                        <string key="keyEquivalent" base64-UTF8="YES">
+CA
+</string>
+                    </buttonCell>
+                    <connections>
+                        <action selector="AttrAddClick:" target="-2" id="F9A-ty-odF"/>
+                    </connections>
+                </button>
+                <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="iGf-m5-Pqd">
+                    <rect key="frame" x="0.0" y="36" width="760" height="642"/>
+                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                    <clipView key="contentView" drawsBackground="NO" id="58W-PJ-ff0">
+                        <rect key="frame" x="1" y="0.0" width="758" height="641"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <subviews>
+                            <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" alternatingRowBackgroundColors="YES" columnReordering="NO" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" rowSizeStyle="automatic" headerView="icm-Mf-h12" viewBased="YES" id="Itr-mh-M37">
+                                <rect key="frame" x="0.0" y="0.0" width="460" height="0.0"/>
+                                <autoresizingMask key="autoresizingMask"/>
+                                <size key="intercellSpacing" width="3" height="2"/>
+                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                <tableColumns>
+                                    <tableColumn editable="NO" width="166" minWidth="40" maxWidth="1000" id="Ohp-Fb-Ln4">
+                                        <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border">
+                                            <font key="font" metaFont="smallSystem"/>
+                                            <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                            <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                        </tableHeaderCell>
+                                        <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="Ega-EV-Kwp">
+                                            <font key="font" metaFont="system"/>
+                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                        </textFieldCell>
+                                        <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        <prototypeCellViews>
+                                            <tableCellView id="Ktg-md-IUE">
+                                                <rect key="frame" x="1" y="1" width="166" height="17"/>
+                                                <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                <subviews>
+                                                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" id="R28-tm-sV3">
+                                                        <rect key="frame" x="0.0" y="0.0" width="166" height="17"/>
+                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES"/>
+                                                        <textFieldCell key="cell" lineBreakMode="truncatingTail" sendsActionOnEndEditing="YES" title="Table View Cell" id="fAp-Et-R8q">
+                                                            <font key="font" metaFont="system"/>
+                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                        </textFieldCell>
+                                                    </textField>
+                                                </subviews>
+                                                <connections>
+                                                    <outlet property="textField" destination="R28-tm-sV3" id="ipj-UN-IQQ"/>
+                                                </connections>
+                                            </tableCellView>
+                                        </prototypeCellViews>
+                                    </tableColumn>
+                                    <tableColumn width="135" minWidth="40" maxWidth="1000" id="oN0-5d-0Rc">
+                                        <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border">
+                                            <font key="font" metaFont="smallSystem"/>
+                                            <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                            <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                        </tableHeaderCell>
+                                        <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" usesSingleLineMode="YES" id="Yd3-y9-oB3">
+                                            <font key="font" metaFont="system"/>
+                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                        </textFieldCell>
+                                        <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        <prototypeCellViews>
+                                            <tableCellView id="CTt-6B-Z41">
+                                                <rect key="frame" x="170" y="1" width="135" height="17"/>
+                                                <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                <subviews>
+                                                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" id="BfU-fU-bDL">
+                                                        <rect key="frame" x="0.0" y="0.0" width="135" height="17"/>
+                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES"/>
+                                                        <textFieldCell key="cell" lineBreakMode="truncatingTail" sendsActionOnEndEditing="YES" title="Table View Cell" usesSingleLineMode="YES" id="4PY-0D-uN2">
+                                                            <font key="font" metaFont="system"/>
+                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                        </textFieldCell>
+                                                    </textField>
+                                                </subviews>
+                                                <connections>
+                                                    <outlet property="textField" destination="BfU-fU-bDL" id="M6z-yW-a71"/>
+                                                </connections>
+                                            </tableCellView>
+                                        </prototypeCellViews>
+                                    </tableColumn>
+                                    <tableColumn identifier="" editable="NO" width="150" minWidth="10" maxWidth="3.4028234663852886e+38" id="Whh-78-HJa">
+                                        <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border">
+                                            <font key="font" metaFont="smallSystem"/>
+                                            <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                            <color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                                        </tableHeaderCell>
+                                        <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" identifier="syntax" title="Text Cell" id="xN3-is-BzV">
+                                            <font key="font" metaFont="system"/>
+                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                        </textFieldCell>
+                                        <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        <prototypeCellViews>
+                                            <tableCellView id="Fuo-cV-aDN">
+                                                <rect key="frame" x="308" y="1" width="150" height="17"/>
+                                                <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                <subviews>
+                                                    <textField verticalHuggingPriority="750" horizontalCompressionResistancePriority="250" id="4Tw-x6-8GB">
+                                                        <rect key="frame" x="0.0" y="0.0" width="150" height="17"/>
+                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMinY="YES"/>
+                                                        <textFieldCell key="cell" lineBreakMode="truncatingTail" sendsActionOnEndEditing="YES" title="Table View Cell" id="HGc-8y-MtP">
+                                                            <font key="font" metaFont="system"/>
+                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                        </textFieldCell>
+                                                    </textField>
+                                                </subviews>
+                                                <connections>
+                                                    <outlet property="textField" destination="4Tw-x6-8GB" id="zWc-ff-x8W"/>
+                                                </connections>
+                                            </tableCellView>
+                                        </prototypeCellViews>
+                                    </tableColumn>
+                                </tableColumns>
+                            </tableView>
+                        </subviews>
+                        <nil key="backgroundColor"/>
+                    </clipView>
+                    <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="h6e-7R-Whi">
+                        <rect key="frame" x="1" y="248" width="468" height="16"/>
+                        <autoresizingMask key="autoresizingMask"/>
+                    </scroller>
+                    <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="lX1-CV-zPk">
+                        <rect key="frame" x="224" y="17" width="15" height="102"/>
+                        <autoresizingMask key="autoresizingMask"/>
+                    </scroller>
+                    <tableHeaderView key="headerView" id="icm-Mf-h12">
+                        <rect key="frame" x="0.0" y="0.0" width="758" height="23"/>
+                        <autoresizingMask key="autoresizingMask"/>
+                    </tableHeaderView>
+                </scrollView>
+            </subviews>
+            <point key="canvasLocation" x="266" y="376"/>
+        </customView>
+        <userDefaultsController representsSharedInstance="YES" id="XyQ-f6-5dO"/>
+    </objects>
+    <resources>
+        <image name="NSAddTemplate" width="11" height="11"/>
+    </resources>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesViewController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesViewController.cs
new file mode 100755
index 000000000..d964a78c3
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesViewController.cs
@@ -0,0 +1,170 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Foundation;
+using LWRaftSnapIn.DataSource;
+using VMDirInterop.LDAP;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.DTO;
+using AppKit;
+using VmIdentity.UI.Common;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class PropertiesViewController : AppKit.NSViewController
+	{
+		public PropertiesTableViewDataSource ds;
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public PropertiesViewController(IntPtr handle) : base(handle)
+		{
+			Initialize();
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public PropertiesViewController(NSCoder coder) : base(coder)
+		{
+			Initialize();
+		}
+
+		// Call to load from the XIB/NIB file
+		public PropertiesViewController() : base("PropertiesView", NSBundle.MainBundle)
+		{
+			Initialize();
+		}
+
+		// Shared initialization code
+		void Initialize()
+		{
+		}
+
+		#endregion
+
+		//strongly typed view accessor
+		public new PropertiesView View
+		{
+			get
+			{
+				return (PropertiesView)base.View;
+			}
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			SetEditVisibility(false);
+		}
+
+		partial void PropApplyClick(NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				if (ds != null && ds.modData.Count > 0)
+				{
+					var finalMods = new Dictionary<string, List<string>>();
+					foreach (var item in ds.displayAttrDTOList)
+					{
+						var key = item.Name;
+						var val = item.Value;
+						if (ds.modData.Contains(key))
+						{
+							if (finalMods.ContainsKey(key))
+							{
+								finalMods[key].Add(val);
+							}
+							else
+							{
+								finalMods.Add(key, new List<string>() { val });
+							}
+						}
+					}
+
+					ModSubmitConfirmController mscwc = new ModSubmitConfirmController(finalMods);
+					nint result = NSApplication.SharedApplication.RunModalForWindow(mscwc.Window);
+					if (result != (nint)VMIdentityConstants.DIALOGOK)
+					{
+						return;
+					}
+
+					List<AttributeModStatus> modificationStatus = new List<AttributeModStatus>();
+					int i = 0;
+					foreach (var m in finalMods)
+					{
+						LdapMod[] attrMods = new LdapMod[1];
+						var values = m.Value.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
+						Array.Resize(ref values, values.Count() + 1);
+						attrMods[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_REPLACE, m.Key, values);
+						try
+						{
+							ds.serverDTO.Connection.ModifyObject(ds.dn, attrMods);
+							modificationStatus.Add(new AttributeModStatus(m.Key, true, "Success"));
+						}
+						catch (Exception exp)
+						{
+							modificationStatus.Add(new AttributeModStatus(m.Key, false, exp.Message));
+						}
+						i++;
+					}
+					ModSubmitStatusController msswc = new ModSubmitStatusController(modificationStatus);
+					NSApplication.SharedApplication.RunModalForWindow(msswc.Window);
+					ds.modData.Clear();
+					ds.ReloadData();
+					ReloadTable();
+					SetEditVisibility(false);
+				}
+			});
+		}
+
+		partial void PropResetClick(NSObject sender)
+		{
+			if (ds != null)
+			{
+				ds.modData.Clear();
+				ds.FillData();
+				ReloadTable();
+				SetEditVisibility(false);
+			}
+		}
+
+		partial void AttrAddClick(NSObject sender)
+		{
+			if (PropTableView.SelectedRowCount == 1)
+			{
+				var indx = (int)PropTableView.SelectedRow;
+				var item = ds.displayAttrDTOList[indx];
+				if (!item.AttrSyntaxDTO.SingleValue)
+				{
+					indx++;
+					ds.displayAttrDTOList.Insert(indx, new AttributeDTO(item.Name, string.Empty, item.AttrSyntaxDTO,true));
+					ReloadTable();
+				}
+			}
+		}
+
+		public void ReloadTable()
+		{
+			PropTableView.ReloadData();
+		}
+
+		public void SetEditVisibility(bool v)
+		{
+			PropApply.Hidden = !v;
+			PropReset.Hidden = !v;
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesViewController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesViewController.designer.cs
new file mode 100755
index 000000000..07054b8cd
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesView/PropertiesViewController.designer.cs
@@ -0,0 +1,73 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("PropertiesViewController")]
+	partial class PropertiesViewController
+	{
+		[Outlet]
+		AppKit.NSButton AttrAdd { get; set; }
+
+		[Outlet]
+		public AppKit.NSButton PropApply { get; set; }
+
+		[Outlet]
+		public AppKit.NSButton PropReset { get; set; }
+
+		[Outlet]
+		public AppKit.NSTableView PropTableView { get; set; }
+
+		[Action ("AttrAddClick:")]
+		partial void AttrAddClick (Foundation.NSObject sender);
+
+		[Action ("PropApplyClick:")]
+		partial void PropApplyClick (Foundation.NSObject sender);
+
+		[Action ("PropResetClick:")]
+		partial void PropResetClick (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (AttrAdd != null) {
+				AttrAdd.Dispose ();
+				AttrAdd = null;
+			}
+
+			if (PropApply != null) {
+				PropApply.Dispose ();
+				PropApply = null;
+			}
+
+			if (PropReset != null) {
+				PropReset.Dispose ();
+				PropReset = null;
+			}
+
+			if (PropTableView != null) {
+				PropTableView.Dispose ();
+				PropTableView = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ResultOutlineView.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ResultOutlineView.cs
new file mode 100755
index 000000000..9fe35df45
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/ResultOutlineView.cs
@@ -0,0 +1,82 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using AppKit;
+using Foundation;
+using VMDir.Common;
+using LWRaftSnapIn.Nodes;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register("ResultOutlineView")]
+	public class ResultOutlineView : NSOutlineView
+	{
+		[Foundation.Export("init")]
+		public ResultOutlineView()
+		{
+		}
+
+		[Foundation.Export("initWithCoder:")]
+		public ResultOutlineView(NSCoder coder) : base(coder)
+		{
+		}
+
+		public ResultOutlineView(IntPtr handle) : base(handle)
+		{
+		}
+
+		//Right click menu event for the outlineview.
+		public override NSMenu MenuForEvent(NSEvent theEvent)
+		{
+			int row = (int)this.SelectedRow;
+			if (row >= (nint)0)
+			{
+				NSObject obj = this.ItemAtRow(row);
+				if (obj != null)
+				{
+					NSMenu menu = new NSMenu();
+					if (obj is DirectoryNonExpandableNode)
+					{
+						DirectoryNonExpandableNode node = obj as DirectoryNonExpandableNode;
+
+						if (node.ObjectClass.Contains(VMDirConstants.USER_OC))
+						{
+							menu.AddItem(NSMenuItem.SeparatorItem);
+							NSMenuItem addUsertoGroup = new NSMenuItem("Add to a Group", node.AddUserToGroup);
+							menu.AddItem(addUsertoGroup);
+							NSMenuItem resetPassword = new NSMenuItem("Reset Password", node.RestUserPassword);
+							menu.AddItem(resetPassword);
+							NSMenuItem verifyUserPassword = new NSMenuItem("Verify Password", node.VerifyUserPassword);
+							menu.AddItem(verifyUserPassword);
+							menu.AddItem(NSMenuItem.SeparatorItem);
+						}
+						else if (node.ObjectClass.Contains(VMDirConstants.GROUP_OC))
+						{
+							menu.AddItem(NSMenuItem.SeparatorItem);
+							NSMenuItem addGrouptoGroup = new NSMenuItem("Add to a Group", node.AddUserToGroup);
+							menu.AddItem(addGrouptoGroup);
+							menu.AddItem(NSMenuItem.SeparatorItem);
+						}
+						NSMenuItem delete = new NSMenuItem("Delete", node.Delete);
+						menu.AddItem(delete);
+						NSMenuItem refresh = new NSMenuItem("Refresh", node.RefreshNode);
+						menu.AddItem(refresh);
+					}
+					NSMenu.PopUpContextMenu(menu, theEvent, theEvent.Window.ContentView);
+				}
+			}
+			return base.MenuForEvent(theEvent);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.cs
new file mode 100755
index 000000000..da4b15c18
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ConditionValuesFromFile : NSWindow
+	{
+		public ConditionValuesFromFile(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ConditionValuesFromFile(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.designer.cs
new file mode 100755
index 000000000..7d95d8765
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.designer.cs
@@ -0,0 +1,65 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ConditionValuesFromFile")]
+	partial class ConditionValuesFromFile
+	{
+		[Outlet]
+		AppKit.NSComboBox AttributeComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox ConditionComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSTableView ValuesTableView { get; set; }
+
+		[Action ("OnApply:")]
+		partial void OnApply (Foundation.NSObject sender);
+
+		[Action ("OnBrowse:")]
+		partial void OnBrowse (Foundation.NSObject sender);
+
+		[Action ("OnCancel:")]
+		partial void OnCancel (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (ValuesTableView != null) {
+				ValuesTableView.Dispose ();
+				ValuesTableView = null;
+			}
+
+			if (AttributeComboBox != null) {
+				AttributeComboBox.Dispose ();
+				AttributeComboBox = null;
+			}
+
+			if (ConditionComboBox != null) {
+				ConditionComboBox.Dispose ();
+				ConditionComboBox = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.xib
new file mode 100755
index 000000000..1e8936c83
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFile.xib
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="ConditionValuesFromFileController">
+            <connections>
+                <outlet property="AttributeComboBox" destination="R8m-aZ-qG4" id="Nx2-Au-5kG"/>
+                <outlet property="ConditionComboBox" destination="6AZ-id-2Vw" id="gkf-Qx-paW"/>
+                <outlet property="ValuesTextField" destination="2iK-gE-bX1" id="PEa-Ad-DKR"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="ConditionValuesFromFile">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="450" height="336"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="450" height="336"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <comboBox verticalHuggingPriority="750" id="R8m-aZ-qG4">
+                        <rect key="frame" x="96" y="282" width="200" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="Avf-9i-Gew">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </comboBoxCell>
+                    </comboBox>
+                    <comboBox verticalHuggingPriority="750" id="6AZ-id-2Vw">
+                        <rect key="frame" x="96" y="241" width="200" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="ubd-8b-OyH">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </comboBoxCell>
+                    </comboBox>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="wox-W1-wXW">
+                        <rect key="frame" x="23" y="286" width="61" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Attribute:" id="3Fa-am-ddy">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="1nP-1F-wpu">
+                        <rect key="frame" x="23" y="245" width="67" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Condition:" id="KF4-p7-QNJ">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="ZWc-gc-ydm">
+                        <rect key="frame" x="23" y="206" width="41" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Value:" id="6q7-Qe-f77">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="iUm-8t-Gke">
+                        <rect key="frame" x="225" y="35" width="82" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="O1n-4t-CAG">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancel:" target="-2" id="JHa-mb-cLp"/>
+                        </connections>
+                    </button>
+                    <button verticalHuggingPriority="750" id="yxW-Fq-ThF">
+                        <rect key="frame" x="302" y="35" width="75" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Apply" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="OGq-Qe-lf2">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnApply:" target="-2" id="1uL-DD-4Fs"/>
+                        </connections>
+                    </button>
+                    <button verticalHuggingPriority="750" id="8sE-VH-aET">
+                        <rect key="frame" x="371" y="197" width="52" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="..." bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="CDO-vb-QDl">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnBrowse:" target="-2" id="Qbk-vk-QOh"/>
+                        </connections>
+                    </button>
+                    <textField verticalHuggingPriority="750" id="2iK-gE-bX1">
+                        <rect key="frame" x="96" y="89" width="273" height="137"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" drawsBackground="YES" id="YIP-bK-hl4">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="AttributeComboBox" destination="R8m-aZ-qG4" id="Pty-iB-MkX"/>
+                <outlet property="ConditionComboBox" destination="6AZ-id-2Vw" id="gFe-kF-64L"/>
+                <outlet property="delegate" destination="-2" id="fFP-Xq-aiR"/>
+            </connections>
+            <point key="canvasLocation" x="372" y="371"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFileController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFileController.cs
new file mode 100755
index 000000000..aeb18f5b6
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFileController.cs
@@ -0,0 +1,117 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using System.Collections.Generic;
+using LWRaftSnapIn.DataSource;
+using VMDir.Common;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class ConditionValuesFromFileController : NSWindowController
+	{
+		private List<string> _attrList;
+		public List<string> ValuesList;
+		public string Attribute { get; set; }
+		public Condition Condition { get; set; }
+
+
+		public ConditionValuesFromFileController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public ConditionValuesFromFileController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public ConditionValuesFromFileController(List<string> attrList) : base("ConditionValuesFromFile")
+		{
+			_attrList = attrList;
+			ValuesList = new List<string>();
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			foreach (var item in _attrList)
+				this.AttributeComboBox.Add(new NSString(item));
+			foreach (var item in VMDirConstants.ConditionList)
+				this.ConditionComboBox.Add(new NSString(item));
+		}
+
+		private bool ValidateApply()
+		{
+			if (AttributeComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+				return false;
+			}
+			if (ConditionComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_COND);
+				return false;
+			}
+			if (string.IsNullOrWhiteSpace(ValuesTextField.StringValue))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_VAL);
+				return false;
+			}
+			return true;
+		}
+
+		public new ConditionValuesFromFile Window
+		{
+			get { return (ConditionValuesFromFile)base.Window; }
+		}
+		partial void OnApply(NSObject sender)
+		{
+			if (!ValidateApply())
+				return;
+			Attribute = this.AttributeComboBox.SelectedValue.ToString();
+			Condition = (Condition)(int)ConditionComboBox.SelectedIndex;
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(1);
+		}
+		partial void OnBrowse(NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				var values = FileIOUtil.ReadAllTextFromFile("Load Values From File", new string[] { "txt","csv" });
+				ValuesTextField.StringValue = values;
+				var charArr = new char[] { '\r', '\n' };
+				foreach (var item in ValuesTextField.StringValue.Split('\n'))
+				{
+					var val = item.Trim(charArr);
+					if(!string.IsNullOrWhiteSpace(val))
+						ValuesList.Add(val);
+				}
+			});
+		}
+		partial void OnCancel(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFileController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFileController.designer.cs
new file mode 100755
index 000000000..e1bdef735
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/ConditionValuesFromFileController.designer.cs
@@ -0,0 +1,64 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("ConditionValuesFromFileController")]
+	partial class ConditionValuesFromFileController
+	{
+		[Outlet]
+		AppKit.NSComboBox AttributeComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox ConditionComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField ValuesTextField { get; set; }
+
+		[Action ("OnApply:")]
+		partial void OnApply (Foundation.NSObject sender);
+
+		[Action ("OnBrowse:")]
+		partial void OnBrowse (Foundation.NSObject sender);
+
+		[Action ("OnCancel:")]
+		partial void OnCancel (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (AttributeComboBox != null) {
+				AttributeComboBox.Dispose ();
+				AttributeComboBox = null;
+			}
+
+			if (ConditionComboBox != null) {
+				ConditionComboBox.Dispose ();
+				ConditionComboBox = null;
+			}
+
+			if (ValuesTextField != null) {
+				ValuesTextField.Dispose ();
+				ValuesTextField = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.cs
new file mode 100755
index 000000000..74f7751b3
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SearchWindow : NSWindow
+	{
+		public SearchWindow(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public SearchWindow(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.designer.cs
new file mode 100755
index 000000000..9c209b2af
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.designer.cs
@@ -0,0 +1,20 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	[global::Foundation.Register("SearchWindow")]
+	public partial class SearchWindow
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.xib
new file mode 100755
index 000000000..8ec572f6b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindow.xib
@@ -0,0 +1,703 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+        <capability name="box content view" minToolsVersion="7.0"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="SearchWindowController">
+            <connections>
+                <outlet property="AttrToReturnComboBox" destination="zgM-iX-y8z" id="sl8-OJ-H0X"/>
+                <outlet property="AttrToReturnTableView" destination="vYu-vV-fn3" id="hJJ-cM-9md"/>
+                <outlet property="BfAttributeComboBox" destination="Isi-FF-5Lp" id="evn-3n-a6n"/>
+                <outlet property="BfConditionComboBox" destination="8d9-b1-XUh" id="vKs-Ao-2br"/>
+                <outlet property="BfConditionsTableView" destination="tJx-sf-GAy" id="IK9-mF-E1D"/>
+                <outlet property="BfOperatorComboBox" destination="DAJ-fr-ShU" id="cg2-yq-137"/>
+                <outlet property="BfValueTextField" destination="AGM-f6-dkS" id="Aq3-Ko-yEt"/>
+                <outlet property="DeleteToolBarItem" destination="vo7-JQ-QIs" id="N8d-BP-9Kr"/>
+                <outlet property="ExportToolBarItem" destination="IWa-9B-S3N" id="9Jm-i6-feb"/>
+                <outlet property="LoadQueryToolBarItem" destination="N41-Jv-RYq" id="obD-VI-Q6f"/>
+                <outlet property="OperationalAttrToolBarItem" destination="1h1-W5-p9C" id="WYy-vW-xaT"/>
+                <outlet property="OptionalToolBarItem" destination="V7g-5n-9tw" id="PaH-gy-AUg"/>
+                <outlet property="PageSizeToolBarItem" destination="55F-Ia-6K0" id="LsS-PB-CoF"/>
+                <outlet property="PrevResultButton" destination="HJb-pK-g6l" id="fBO-KS-qwi"/>
+                <outlet property="Refresh" destination="pYQ-na-ziw" id="znE-67-pUZ"/>
+                <outlet property="RefreshToolBarItem" destination="pYQ-na-ziw" id="aiw-fB-kMy"/>
+                <outlet property="ResultPageNoTextField" destination="keK-bx-g4b" id="2Fs-WP-SA9"/>
+                <outlet property="ResultPropView" destination="DzI-fy-Nko" id="VUl-6l-r5f"/>
+                <outlet property="SearchBaseTextField" destination="a6I-R3-bFc" id="rVH-TS-IKo"/>
+                <outlet property="SearchBoxVisibilityToolBarItem" destination="Krb-l9-4gy" id="hHX-9t-nKK"/>
+                <outlet property="SearchHorizontalSplitView" destination="Bxr-KG-9OU" id="qi9-AL-UB4"/>
+                <outlet property="SearchQueryContainerView" destination="8Gs-Um-0BA" id="041-BP-1DA"/>
+                <outlet property="SearchQueryTabView" destination="zOe-DB-cC7" id="nLs-Kn-jTU"/>
+                <outlet property="SearchResultContainerView" destination="RQI-eI-ema" id="bWx-3c-yJt"/>
+                <outlet property="SearchResultOutlineView" destination="v8H-fb-gTz" id="AW3-f4-gKx"/>
+                <outlet property="SearchScopeComboBox" destination="pHd-RQ-b14" id="K2p-XA-GIi"/>
+                <outlet property="StoreQueryToolBarItem" destination="V5I-ta-9xQ" id="nCL-Hb-y7v"/>
+                <outlet property="TfSearchFilterTextView" destination="5dT-El-NdN" id="RAM-x0-Wsp"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Search" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="SearchWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <windowCollectionBehavior key="collectionBehavior" fullScreenAuxiliary="YES"/>
+            <rect key="contentRect" x="131" y="74" width="1024" height="700"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <value key="minSize" type="size" width="1024" height="700"/>
+            <value key="minFullScreenContentSize" type="size" width="1024" height="700"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="1024" height="700"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <splitView dividerStyle="thin" id="Bxr-KG-9OU">
+                        <rect key="frame" x="0.0" y="5" width="1024" height="695"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <subviews>
+                            <customView id="8Gs-Um-0BA">
+                                <rect key="frame" x="0.0" y="0.0" width="1024" height="304"/>
+                                <autoresizingMask key="autoresizingMask"/>
+                                <subviews>
+                                    <view id="a3Z-ug-oK4">
+                                        <rect key="frame" x="0.0" y="0.0" width="1021" height="304"/>
+                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                        <subviews>
+                                            <box transparent="YES" borderType="line" id="AoG-Ut-z0P">
+                                                <rect key="frame" x="0.0" y="0.0" width="1021" height="304"/>
+                                                <autoresizingMask key="autoresizingMask" flexibleMinX="YES" flexibleMaxX="YES"/>
+                                                <view key="contentView" id="8ld-32-f3n">
+                                                    <rect key="frame" x="1" y="1" width="1019" height="288"/>
+                                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                    <subviews>
+                                                        <box borderType="line" titlePosition="noTitle" id="SoO-f8-TKr">
+                                                            <rect key="frame" x="2" y="29" width="319" height="247"/>
+                                                            <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                            <view key="contentView" id="yPT-ns-MHI">
+                                                                <rect key="frame" x="1" y="1" width="317" height="245"/>
+                                                                <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                <subviews>
+                                                                    <textField verticalHuggingPriority="750" id="a6I-R3-bFc">
+                                                                        <rect key="frame" x="104" y="213" width="201" height="22"/>
+                                                                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" drawsBackground="YES" id="Ig4-cd-7Qd">
+                                                                            <font key="font" metaFont="system"/>
+                                                                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                                                                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                        </textFieldCell>
+                                                                    </textField>
+                                                                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="edE-bu-dfb">
+                                                                        <rect key="frame" x="8" y="213" width="85" height="17"/>
+                                                                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Search Form:" id="tXS-1r-9kz">
+                                                                            <font key="font" metaFont="system"/>
+                                                                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                                                                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                                        </textFieldCell>
+                                                                    </textField>
+                                                                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="4Ju-VQ-hys">
+                                                                        <rect key="frame" x="8" y="179" width="92" height="17"/>
+                                                                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Search Scope:" id="Phr-ko-CXg">
+                                                                            <font key="font" metaFont="system"/>
+                                                                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                                                                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                                        </textFieldCell>
+                                                                    </textField>
+                                                                    <comboBox verticalHuggingPriority="750" id="pHd-RQ-b14">
+                                                                        <rect key="frame" x="104" y="175" width="204" height="26"/>
+                                                                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="eyS-Su-NmR">
+                                                                            <font key="font" metaFont="system"/>
+                                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                        </comboBoxCell>
+                                                                    </comboBox>
+                                                                    <box title="Attributes To Return:" borderType="line" id="Dvt-I7-fTe">
+                                                                        <rect key="frame" x="7" y="7" width="301" height="156"/>
+                                                                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                        <view key="contentView" id="mwF-qX-f4h">
+                                                                            <rect key="frame" x="1" y="1" width="299" height="140"/>
+                                                                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                            <subviews>
+                                                                                <comboBox verticalHuggingPriority="750" id="zgM-iX-y8z">
+                                                                                    <rect key="frame" x="10" y="104" width="190" height="26"/>
+                                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                    <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="YrQ-AB-YyO">
+                                                                                        <font key="font" metaFont="system"/>
+                                                                                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                    </comboBoxCell>
+                                                                                </comboBox>
+                                                                                <button verticalHuggingPriority="750" id="6FU-Xu-Obq">
+                                                                                    <rect key="frame" x="199" y="100" width="95" height="32"/>
+                                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                    <buttonCell key="cell" type="push" title="Add" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="j3n-4Q-IRb">
+                                                                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                        <font key="font" metaFont="system"/>
+                                                                                    </buttonCell>
+                                                                                    <connections>
+                                                                                        <action selector="OnAttrToReturnAdd:" target="-2" id="p1U-a3-6zo"/>
+                                                                                    </connections>
+                                                                                </button>
+                                                                                <button verticalHuggingPriority="750" id="laI-JA-cwP">
+                                                                                    <rect key="frame" x="199" y="71" width="95" height="32"/>
+                                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                    <buttonCell key="cell" type="push" title="Remove" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="u9f-Hf-ffi">
+                                                                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                        <font key="font" metaFont="system"/>
+                                                                                    </buttonCell>
+                                                                                    <connections>
+                                                                                        <action selector="OnAttrToReturnRemove:" target="-2" id="sEX-iF-oqo"/>
+                                                                                    </connections>
+                                                                                </button>
+                                                                                <button verticalHuggingPriority="750" id="W4r-RU-hNv">
+                                                                                    <rect key="frame" x="199" y="43" width="95" height="32"/>
+                                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                    <buttonCell key="cell" type="push" title="Remove All" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="8CN-oj-3kG">
+                                                                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                        <font key="font" metaFont="system"/>
+                                                                                    </buttonCell>
+                                                                                    <connections>
+                                                                                        <action selector="OnAttrToReturnRemoveAll:" target="-2" id="4SX-rB-phU"/>
+                                                                                    </connections>
+                                                                                </button>
+                                                                                <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="68u-mm-HQ4">
+                                                                                    <rect key="frame" x="10" y="8" width="187" height="92"/>
+                                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                    <clipView key="contentView" id="Iz6-tS-ik4">
+                                                                                        <rect key="frame" x="1" y="1" width="185" height="90"/>
+                                                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                                        <subviews>
+                                                                                            <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" id="vYu-vV-fn3">
+                                                                                                <rect key="frame" x="0.0" y="0.0" width="181.5" height="19"/>
+                                                                                                <autoresizingMask key="autoresizingMask"/>
+                                                                                                <size key="intercellSpacing" width="3" height="2"/>
+                                                                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                                <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                                                                                <tableColumns>
+                                                                                                    <tableColumn width="178.69921875" minWidth="40" maxWidth="1000" id="nmx-BX-1tL">
+                                                                                                        <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Attribute">
+                                                                                                            <font key="font" metaFont="smallSystem"/>
+                                                                                                            <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                            <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        </tableHeaderCell>
+                                                                                                        <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="Ynu-TR-Qia">
+                                                                                                            <font key="font" metaFont="system"/>
+                                                                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        </textFieldCell>
+                                                                                                        <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                                                                                    </tableColumn>
+                                                                                                </tableColumns>
+                                                                                            </tableView>
+                                                                                        </subviews>
+                                                                                        <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                    </clipView>
+                                                                                    <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="g4X-ck-7l0">
+                                                                                        <rect key="frame" x="1" y="119" width="223" height="15"/>
+                                                                                        <autoresizingMask key="autoresizingMask"/>
+                                                                                    </scroller>
+                                                                                    <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="A3c-0r-x3d">
+                                                                                        <rect key="frame" x="224" y="17" width="15" height="102"/>
+                                                                                        <autoresizingMask key="autoresizingMask"/>
+                                                                                    </scroller>
+                                                                                </scrollView>
+                                                                            </subviews>
+                                                                        </view>
+                                                                        <color key="borderColor" white="0.0" alpha="0.41999999999999998" colorSpace="calibratedWhite"/>
+                                                                        <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                                                                    </box>
+                                                                </subviews>
+                                                            </view>
+                                                            <color key="borderColor" white="0.0" alpha="0.41999999999999998" colorSpace="calibratedWhite"/>
+                                                            <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                                                        </box>
+                                                        <tabView id="zOe-DB-cC7">
+                                                            <rect key="frame" x="319" y="24" width="696" height="265"/>
+                                                            <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                            <font key="font" metaFont="system"/>
+                                                            <tabViewItems>
+                                                                <tabViewItem label="Build Filter" identifier="1" id="N8r-wT-svh">
+                                                                    <view key="view" id="oCa-cW-NvM">
+                                                                        <rect key="frame" x="10" y="33" width="676" height="219"/>
+                                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                        <subviews>
+                                                                            <comboBox verticalHuggingPriority="750" id="Isi-FF-5Lp">
+                                                                                <rect key="frame" x="12" y="168" width="180" height="26"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="Gkj-DJ-asd">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                </comboBoxCell>
+                                                                            </comboBox>
+                                                                            <comboBox verticalHuggingPriority="750" id="8d9-b1-XUh">
+                                                                                <rect key="frame" x="199" y="168" width="180" height="26"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="OLZ-oo-Glw">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                </comboBoxCell>
+                                                                            </comboBox>
+                                                                            <textField verticalHuggingPriority="750" id="AGM-f6-dkS">
+                                                                                <rect key="frame" x="386" y="172" width="183" height="22"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" drawsBackground="YES" id="uXW-mz-gjF">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                </textFieldCell>
+                                                                            </textField>
+                                                                            <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="zZC-ar-jMY">
+                                                                                <rect key="frame" x="10" y="195" width="61" height="17"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Attribute:" id="cUv-xl-CeK">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                                                </textFieldCell>
+                                                                            </textField>
+                                                                            <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="aT4-rj-qfy">
+                                                                                <rect key="frame" x="197" y="195" width="67" height="17"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Condition:" id="Ezw-cm-Lwc">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                                                </textFieldCell>
+                                                                            </textField>
+                                                                            <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="fCO-3o-o68">
+                                                                                <rect key="frame" x="386" y="195" width="41" height="17"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Value:" id="xFI-8n-3Ir">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                                                </textFieldCell>
+                                                                            </textField>
+                                                                            <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="o7N-oK-9Mk">
+                                                                                <rect key="frame" x="12" y="35" width="557" height="129"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <clipView key="contentView" id="7bt-XN-Lv1">
+                                                                                    <rect key="frame" x="1" y="1" width="555" height="127"/>
+                                                                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                                    <subviews>
+                                                                                        <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" id="tJx-sf-GAy">
+                                                                                            <rect key="frame" x="0.0" y="0.0" width="555" height="19"/>
+                                                                                            <autoresizingMask key="autoresizingMask"/>
+                                                                                            <size key="intercellSpacing" width="3" height="2"/>
+                                                                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                            <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                                                                            <tableColumns>
+                                                                                                <tableColumn width="177.7890625" minWidth="40" maxWidth="1000" id="ELn-sv-gj8">
+                                                                                                    <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Attribute">
+                                                                                                        <font key="font" metaFont="smallSystem"/>
+                                                                                                        <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                                                                                    </tableHeaderCell>
+                                                                                                    <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="alf-sr-x9Q">
+                                                                                                        <font key="font" metaFont="system"/>
+                                                                                                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                                    </textFieldCell>
+                                                                                                    <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                                                                                </tableColumn>
+                                                                                                <tableColumn width="185.796875" minWidth="40" maxWidth="1000" id="gfy-6o-6yP">
+                                                                                                    <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" title="Condition">
+                                                                                                        <font key="font" metaFont="smallSystem"/>
+                                                                                                        <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                                                                                    </tableHeaderCell>
+                                                                                                    <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="isL-Hd-ZT2">
+                                                                                                        <font key="font" metaFont="system"/>
+                                                                                                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                                    </textFieldCell>
+                                                                                                    <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                                                                                </tableColumn>
+                                                                                                <tableColumn width="182" minWidth="10" maxWidth="3.4028234663852886e+38" id="X1K-9s-kGA">
+                                                                                                    <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Value">
+                                                                                                        <font key="font" metaFont="smallSystem"/>
+                                                                                                        <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        <color key="backgroundColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                                                                                                    </tableHeaderCell>
+                                                                                                    <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="oXa-6r-Hui">
+                                                                                                        <font key="font" metaFont="system"/>
+                                                                                                        <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                                        <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                                    </textFieldCell>
+                                                                                                    <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                                                                                </tableColumn>
+                                                                                            </tableColumns>
+                                                                                        </tableView>
+                                                                                    </subviews>
+                                                                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                </clipView>
+                                                                                <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="xez-0T-PFq">
+                                                                                    <rect key="frame" x="1" y="112" width="555" height="16"/>
+                                                                                    <autoresizingMask key="autoresizingMask"/>
+                                                                                </scroller>
+                                                                                <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="H7E-Jd-l6N">
+                                                                                    <rect key="frame" x="224" y="17" width="15" height="102"/>
+                                                                                    <autoresizingMask key="autoresizingMask"/>
+                                                                                </scroller>
+                                                                            </scrollView>
+                                                                            <button verticalHuggingPriority="750" id="dWP-B5-mci">
+                                                                                <rect key="frame" x="571" y="52" width="95" height="32"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <buttonCell key="cell" type="push" title="From File" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="8af-Er-g5W">
+                                                                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                </buttonCell>
+                                                                                <connections>
+                                                                                    <action selector="OnBfMultipleValFromFile:" target="-2" id="ajs-Q1-aCO"/>
+                                                                                </connections>
+                                                                            </button>
+                                                                            <button verticalHuggingPriority="750" id="pgt-4A-f9A">
+                                                                                <rect key="frame" x="571" y="165" width="95" height="32"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <buttonCell key="cell" type="push" title="Add" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="Dwm-jZ-44d">
+                                                                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                </buttonCell>
+                                                                                <connections>
+                                                                                    <action selector="OnBfAddAction:" target="-2" id="HMd-iA-uC1"/>
+                                                                                </connections>
+                                                                            </button>
+                                                                            <comboBox verticalHuggingPriority="750" id="DAJ-fr-ShU">
+                                                                                <rect key="frame" x="12" y="3" width="80" height="26"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" drawsBackground="YES" numberOfVisibleItems="5" id="13F-1d-lkd">
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                    <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                    <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                                </comboBoxCell>
+                                                                            </comboBox>
+                                                                            <button verticalHuggingPriority="750" id="GCX-Uv-UvU">
+                                                                                <rect key="frame" x="571" y="136" width="95" height="32"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <buttonCell key="cell" type="push" title="Remove" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="sAi-Oc-Aia">
+                                                                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                </buttonCell>
+                                                                                <connections>
+                                                                                    <action selector="OnBfRemoveTableEntry:" target="-2" id="Xdu-RP-Ygx"/>
+                                                                                </connections>
+                                                                            </button>
+                                                                            <button verticalHuggingPriority="750" id="tMX-Xk-SGN">
+                                                                                <rect key="frame" x="571" y="108" width="95" height="32"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <buttonCell key="cell" type="push" title="Remove All" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="3Ii-Qu-3eo">
+                                                                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                </buttonCell>
+                                                                                <connections>
+                                                                                    <action selector="OnBfRemoveAllTableEntries:" target="-2" id="14E-sa-qpe"/>
+                                                                                </connections>
+                                                                            </button>
+                                                                            <button verticalHuggingPriority="750" id="Pj1-7Q-uNp">
+                                                                                <rect key="frame" x="571" y="82" width="95" height="32"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <buttonCell key="cell" type="push" title="Copy To" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="Vho-Gx-2UK">
+                                                                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                </buttonCell>
+                                                                                <connections>
+                                                                                    <action selector="OnBfCopyToTf:" target="-2" id="SSF-78-dh6"/>
+                                                                                </connections>
+                                                                            </button>
+                                                                        </subviews>
+                                                                    </view>
+                                                                </tabViewItem>
+                                                                <tabViewItem label="Text Filter" identifier="2" id="Qjf-jE-IJi">
+                                                                    <view key="view" id="AL4-Qm-kq8">
+                                                                        <rect key="frame" x="10" y="33" width="676" height="219"/>
+                                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                        <subviews>
+                                                                            <button verticalHuggingPriority="750" id="Qbi-mR-EoX">
+                                                                                <rect key="frame" x="330" y="-44" width="83" height="32"/>
+                                                                                <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                                <buttonCell key="cell" type="push" title="Search" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="PdW-0g-jnF">
+                                                                                    <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                                    <font key="font" metaFont="system"/>
+                                                                                </buttonCell>
+                                                                                <connections>
+                                                                                    <action selector="TFOnSearchAction:" target="-2" id="nd4-xE-S3Q"/>
+                                                                                </connections>
+                                                                            </button>
+                                                                            <scrollView horizontalLineScroll="10" horizontalPageScroll="10" verticalLineScroll="10" verticalPageScroll="10" hasHorizontalScroller="NO" usesPredominantAxisScrolling="NO" id="57a-jD-ZjA">
+                                                                                <rect key="frame" x="6" y="4" width="661" height="212"/>
+                                                                                <autoresizingMask key="autoresizingMask"/>
+                                                                                <clipView key="contentView" id="0yj-jQ-zFT">
+                                                                                    <rect key="frame" x="1" y="1" width="659" height="210"/>
+                                                                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                                    <subviews>
+                                                                                        <textView importsGraphics="NO" findStyle="panel" continuousSpellChecking="YES" allowsUndo="YES" usesRuler="YES" usesFontPanel="YES" verticallyResizable="YES" allowsNonContiguousLayout="YES" quoteSubstitution="YES" dashSubstitution="YES" spellingCorrection="YES" smartInsertDelete="YES" id="5dT-El-NdN">
+                                                                                            <rect key="frame" x="0.0" y="0.0" width="659" height="210"/>
+                                                                                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                                                            <color key="backgroundColor" white="1" alpha="1" colorSpace="calibratedWhite"/>
+                                                                                            <size key="minSize" width="659" height="210"/>
+                                                                                            <size key="maxSize" width="661" height="10000000"/>
+                                                                                            <color key="insertionPointColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                            <size key="minSize" width="659" height="210"/>
+                                                                                            <size key="maxSize" width="661" height="10000000"/>
+                                                                                        </textView>
+                                                                                    </subviews>
+                                                                                    <color key="backgroundColor" white="1" alpha="1" colorSpace="calibratedWhite"/>
+                                                                                </clipView>
+                                                                                <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" doubleValue="1" horizontal="YES" id="2sk-pg-zAG">
+                                                                                    <rect key="frame" x="-100" y="-100" width="87" height="18"/>
+                                                                                    <autoresizingMask key="autoresizingMask"/>
+                                                                                </scroller>
+                                                                                <scroller key="verticalScroller" verticalHuggingPriority="750" doubleValue="1" horizontal="NO" id="j6A-Om-Pki">
+                                                                                    <rect key="frame" x="644" y="1" width="16" height="210"/>
+                                                                                    <autoresizingMask key="autoresizingMask"/>
+                                                                                </scroller>
+                                                                            </scrollView>
+                                                                        </subviews>
+                                                                    </view>
+                                                                </tabViewItem>
+                                                            </tabViewItems>
+                                                        </tabView>
+                                                        <button verticalHuggingPriority="750" id="we4-B0-BAK">
+                                                            <rect key="frame" x="596" y="0.0" width="83" height="32"/>
+                                                            <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                            <buttonCell key="cell" type="push" title="Search" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="Glf-2S-aTl">
+                                                                <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                <font key="font" metaFont="system"/>
+                                                                <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                                                            </buttonCell>
+                                                            <connections>
+                                                                <action selector="OnSearchAction:" target="-2" id="iUl-I9-FHp"/>
+                                                            </connections>
+                                                        </button>
+                                                    </subviews>
+                                                </view>
+                                                <color key="borderColor" white="0.0" alpha="0.41999999999999998" colorSpace="calibratedWhite"/>
+                                                <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                                            </box>
+                                        </subviews>
+                                    </view>
+                                </subviews>
+                            </customView>
+                            <customView id="RQI-eI-ema">
+                                <rect key="frame" x="0.0" y="305" width="1024" height="390"/>
+                                <autoresizingMask key="autoresizingMask"/>
+                                <subviews>
+                                    <splitView dividerStyle="thin" vertical="YES" id="EUT-w6-uaZ">
+                                        <rect key="frame" x="0.0" y="0.0" width="1024" height="390"/>
+                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                        <subviews>
+                                            <customView id="iAU-OY-SBZ">
+                                                <rect key="frame" x="0.0" y="0.0" width="257" height="390"/>
+                                                <autoresizingMask key="autoresizingMask"/>
+                                                <subviews>
+                                                    <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="9dx-rQ-SA6">
+                                                        <rect key="frame" x="0.0" y="36" width="266" height="354"/>
+                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                        <clipView key="contentView" id="GzE-TI-eJ8">
+                                                            <rect key="frame" x="1" y="0.0" width="264" height="353"/>
+                                                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                            <subviews>
+                                                                <outlineView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" multipleSelection="NO" autosaveColumns="NO" rowSizeStyle="automatic" headerView="6CE-cB-dZF" viewBased="YES" indentationPerLevel="16" outlineTableColumn="vj2-9h-LvP" id="v8H-fb-gTz" customClass="ResultOutlineView">
+                                                                    <rect key="frame" x="0.0" y="0.0" width="264" height="0.0"/>
+                                                                    <autoresizingMask key="autoresizingMask"/>
+                                                                    <size key="intercellSpacing" width="3" height="2"/>
+                                                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                    <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                                                    <tableColumns>
+                                                                        <tableColumn width="260.9609375" minWidth="40" maxWidth="1000" id="vj2-9h-LvP">
+                                                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border">
+                                                                                <font key="font" metaFont="smallSystem"/>
+                                                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                                                            </tableHeaderCell>
+                                                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" title="Text Cell" id="fuq-FM-HTJ">
+                                                                                <font key="font" metaFont="system"/>
+                                                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                            </textFieldCell>
+                                                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES"/>
+                                                                        </tableColumn>
+                                                                    </tableColumns>
+                                                                </outlineView>
+                                                            </subviews>
+                                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                        </clipView>
+                                                        <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="m8k-pq-Xyn">
+                                                            <rect key="frame" x="1" y="119" width="223" height="15"/>
+                                                            <autoresizingMask key="autoresizingMask"/>
+                                                        </scroller>
+                                                        <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="Wad-yM-LGv">
+                                                            <rect key="frame" x="224" y="17" width="15" height="102"/>
+                                                            <autoresizingMask key="autoresizingMask"/>
+                                                        </scroller>
+                                                        <tableHeaderView key="headerView" id="6CE-cB-dZF">
+                                                            <rect key="frame" x="0.0" y="0.0" width="264" height="23"/>
+                                                            <autoresizingMask key="autoresizingMask"/>
+                                                        </tableHeaderView>
+                                                    </scrollView>
+                                                    <box borderWidth="0.0" borderType="line" titlePosition="noTitle" id="yGs-XQ-SIJ">
+                                                        <rect key="frame" x="0.0" y="0.0" width="261" height="41"/>
+                                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" flexibleMaxY="YES"/>
+                                                        <view key="contentView" id="yGj-fW-KQA">
+                                                            <rect key="frame" x="1" y="1" width="259" height="39"/>
+                                                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                                            <subviews>
+                                                                <textField verticalHuggingPriority="750" id="keK-bx-g4b">
+                                                                    <rect key="frame" x="105" y="7" width="88" height="22"/>
+                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                    <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" enabled="NO" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" alignment="center" drawsBackground="YES" id="d7j-LO-yVe">
+                                                                        <font key="font" metaFont="system"/>
+                                                                        <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                                                                        <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                                    </textFieldCell>
+                                                                </textField>
+                                                                <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="5Sd-GM-S2v">
+                                                                    <rect key="frame" x="62" y="9" width="44" height="17"/>
+                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                    <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Page" id="2i5-W7-sRV">
+                                                                        <font key="font" metaFont="system"/>
+                                                                        <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                                                                        <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                                                                    </textFieldCell>
+                                                                </textField>
+                                                                <button verticalHuggingPriority="750" id="H22-rY-vkC">
+                                                                    <rect key="frame" x="202" y="1" width="49" height="32"/>
+                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                    <buttonCell key="cell" type="push" title="&gt;" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="9bL-bP-ZLI">
+                                                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                        <font key="font" metaFont="system"/>
+                                                                    </buttonCell>
+                                                                    <connections>
+                                                                        <action selector="OnNextResultButton:" target="-2" id="oep-o2-oaO"/>
+                                                                    </connections>
+                                                                </button>
+                                                                <button verticalHuggingPriority="750" id="HJb-pK-g6l">
+                                                                    <rect key="frame" x="3" y="1" width="49" height="32"/>
+                                                                    <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                                                                    <buttonCell key="cell" type="push" title="&lt;" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="n6M-DR-XQi">
+                                                                        <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                                                                        <font key="font" metaFont="system"/>
+                                                                    </buttonCell>
+                                                                    <connections>
+                                                                        <action selector="OnPrevResultButton:" target="-2" id="x5Q-1p-QW2"/>
+                                                                    </connections>
+                                                                </button>
+                                                            </subviews>
+                                                        </view>
+                                                        <color key="borderColor" white="0.0" alpha="0.41999999999999998" colorSpace="calibratedWhite"/>
+                                                        <color key="fillColor" white="0.0" alpha="0.0" colorSpace="calibratedWhite"/>
+                                                        <font key="titleFont" size="13" name=".AppleSystemUIFont"/>
+                                                    </box>
+                                                </subviews>
+                                            </customView>
+                                            <customView id="DzI-fy-Nko">
+                                                <rect key="frame" x="258" y="0.0" width="766" height="390"/>
+                                                <autoresizingMask key="autoresizingMask"/>
+                                            </customView>
+                                        </subviews>
+                                        <holdingPriorities>
+                                            <real value="250"/>
+                                            <real value="250"/>
+                                        </holdingPriorities>
+                                    </splitView>
+                                </subviews>
+                            </customView>
+                        </subviews>
+                        <holdingPriorities>
+                            <real value="250"/>
+                            <real value="250"/>
+                        </holdingPriorities>
+                    </splitView>
+                </subviews>
+            </view>
+            <toolbar key="toolbar" implicitIdentifier="E25BE7C3-2099-4A62-80F1-E1A6E012F4C0" autosavesConfiguration="NO" displayMode="iconAndLabel" sizeMode="regular" id="LZb-D6-qyX">
+                <allowedToolbarItems>
+                    <toolbarItem implicitItemIdentifier="NSToolbarShowColorsItem" id="MhJ-st-6bU"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarShowFontsItem" id="Eee-8S-4EJ"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarPrintItem" id="3s9-QU-a8J"/>
+                    <toolbarItem implicitItemIdentifier="NSToolbarFlexibleSpaceItem" id="AXD-Wh-FKj"/>
+                    <toolbarItem implicitItemIdentifier="AACA025C-460D-4A69-99C1-C0F8C601335D" label="Store Query" paletteLabel="Store Query" tag="-1" image="SaveImg" id="V5I-ta-9xQ" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnStoreQueryToolBarItem:" target="-2" id="3RB-vR-1qy"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="B4EE2464-B71A-4441-94D6-CB2F11E18D15" label="Load Query" paletteLabel="Load Query" tag="-1" image="OpenImg" id="N41-Jv-RYq" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnLoadQueryToolBarItem:" target="-2" id="yLA-Ov-Jnw"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="EC938D57-45F0-45CE-B2E8-E7E9560A561A" label="Page Size" paletteLabel="Page Size" tag="-1" image="PageSizeImg" id="55F-Ia-6K0" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnPageSizeToolBarItem:" target="-2" id="xet-6k-A1V"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="D689E7C8-7C7A-4E9C-82A5-1C00E2386FFA" label="Operational Attribute" paletteLabel="Operational Attribute" tag="-1" image="OperationalAttrImg" id="1h1-W5-p9C" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnOperationalToolBarItem:" target="-2" id="kaO-io-YVb"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="F2D57DEA-54DB-4B15-BB08-9BE692C3131F" label="Show/Hide Search Box" paletteLabel="ShowHidaeSearchBox" tag="-1" image="SearchBoxCollapseImg" id="Krb-l9-4gy" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnSearchBoxVisibilityToolBarItem:" target="-2" id="YYf-ph-cKV"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="8273F3CA-0492-4B11-BAE7-0BE5300444C7" label="Optional Attribute" paletteLabel="OptionalAttribute" tag="-1" image="OptionalAttrImg" id="V7g-5n-9tw" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnOptionalToolBarItem:" target="-2" id="pmr-Tn-DTu"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="A1E4123A-F5AE-4DC4-A4A5-C0F00833E06F" label="Refresh" paletteLabel="Refresh" tag="-1" image="RefreshImg" id="pYQ-na-ziw" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnRefresh:" target="-2" id="alj-GC-QIG"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="504EED16-A267-44ED-9973-0D3F2A8CDE5F" label="Delete" paletteLabel="Delete" tag="-1" image="delete" id="vo7-JQ-QIs" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnDelete:" target="-2" id="JR6-us-h99"/>
+                        </connections>
+                    </toolbarItem>
+                    <toolbarItem implicitItemIdentifier="69EA8F61-F53A-469B-A441-E890E975134E" label="Export" paletteLabel="Export" tag="-1" image="ExportImg" id="IWa-9B-S3N" customClass="ActivatableToolBarItem">
+                        <connections>
+                            <action selector="OnExportToolBarItem:" target="-2" id="My3-9c-ToL"/>
+                        </connections>
+                    </toolbarItem>
+                </allowedToolbarItems>
+                <defaultToolbarItems>
+                    <toolbarItem reference="AXD-Wh-FKj"/>
+                    <toolbarItem reference="V5I-ta-9xQ"/>
+                    <toolbarItem reference="N41-Jv-RYq"/>
+                    <toolbarItem reference="55F-Ia-6K0"/>
+                    <toolbarItem reference="1h1-W5-p9C"/>
+                    <toolbarItem reference="V7g-5n-9tw"/>
+                    <toolbarItem reference="Krb-l9-4gy"/>
+                    <toolbarItem reference="pYQ-na-ziw"/>
+                    <toolbarItem reference="vo7-JQ-QIs"/>
+                    <toolbarItem reference="IWa-9B-S3N"/>
+                    <toolbarItem reference="AXD-Wh-FKj"/>
+                </defaultToolbarItems>
+            </toolbar>
+            <connections>
+                <outlet property="delegate" destination="-2" id="4CN-Sx-iCa"/>
+            </connections>
+            <point key="canvasLocation" x="588" y="440"/>
+        </window>
+    </objects>
+    <resources>
+        <image name="ExportImg" width="64" height="64"/>
+        <image name="OpenImg" width="64" height="64"/>
+        <image name="OperationalAttrImg" width="64" height="64"/>
+        <image name="OptionalAttrImg" width="64" height="64"/>
+        <image name="PageSizeImg" width="64" height="64"/>
+        <image name="RefreshImg" width="64" height="64"/>
+        <image name="SaveImg" width="64" height="64"/>
+        <image name="SearchBoxCollapseImg" width="64" height="64"/>
+        <image name="delete" width="64" height="64"/>
+    </resources>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindowController.cs
new file mode 100755
index 000000000..6fea93786
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindowController.cs
@@ -0,0 +1,719 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+using VMDir.Common.DTO;
+using VmIdentity.UI.Common.Utilities;
+using VMDir.Common.VMDirUtilities;
+using VMDir.Common;
+using System.Linq;
+using LWRaftSnapIn.DataSource;
+using VMDirInterop.LDAP;
+using System.Collections.Generic;
+using LWRaftSnapIn.Nodes;
+using VMDirInterop.Interfaces;
+using LWRaftSnapIn.Delegate;
+using VmIdentity.UI.Common;
+using System.IO;
+using System.Xml.Serialization;
+using System.Runtime.InteropServices;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SearchWindowController : NSWindowController
+	{
+		private string _dn;
+		private VMDirServerDTO _serverDTO;
+		private SearchConditionsTableViewDataSource _searchCondDs;
+		private AttributeTableViewDataSource _attrToReturnDs;
+		private PropertiesViewController _propViewController;
+		private ResultOutlineDataSource _resultDs;
+		private int _pageSize;
+		private IntPtr _cookie = IntPtr.Zero;
+		private int _totalCount = 0;
+		private int _pageNumber = 1;
+		private bool _morePages = false;
+		private QueryDTO _qdto;
+		private bool _searchBoxFlag = false;
+		public List<DirectoryNonExpandableNode> _resultList { get; set; }
+		private int _currPage { get; set; }
+		private int _totalPage { get; set; }
+		private List<string> _attrList;
+		private List<string> _returnedAttrList;
+
+		private NSObject ReloadResultOutlineViewNotificationObject;
+		private NSObject ReloadResultTableViewNotificationObject;
+		private NSObject CloseSearchNotificationObject;
+
+		public SearchWindowController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public SearchWindowController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public SearchWindowController(string dn, VMDirServerDTO serverDTO) : base("SearchWindow")
+		{
+			this._dn = dn;
+			this._serverDTO = serverDTO;
+			_pageSize = 100;
+			_currPage = 0;
+			_totalPage = 0;
+			_resultList = new List<DirectoryNonExpandableNode>();
+			_returnedAttrList = new List<string>();
+		}
+
+		void InitPageSearch()
+		{
+			_qdto = GetQuery();
+			_cookie = IntPtr.Zero;
+			_totalCount = 0;
+			_pageNumber = 1;
+			_morePages = false;
+			_currPage = 0;
+			_totalPage = 0;
+			_resultList.Clear();
+			_resultDs.ResultList.Clear();
+			_returnedAttrList.Clear();
+			_returnedAttrList.AddRange(_qdto.AttrToReturn);
+			SetHeaderText("");
+		}
+
+		private void BindView()
+		{
+			this.SearchBaseTextField.StringValue = _dn;
+			foreach (var item in VMDirConstants.ScopeList)
+			{
+				this.SearchScopeComboBox.Add(new NSString(item));
+			}
+
+			foreach (var item in VMDirConstants.ConditionList)
+				this.BfConditionComboBox.Add(new NSString(item));
+
+			var attrTypes = _serverDTO.Connection.SchemaManager.GetAttributeTypeManager();
+			_attrList = attrTypes.Data.Select(x => x.Key).ToList();
+			_attrList.Sort((x, y) => string.Compare(x, y, StringComparison.InvariantCultureIgnoreCase));
+			foreach (var item in _attrList)
+			{
+				this.BfAttributeComboBox.Add(new NSString(item));
+				this.AttrToReturnComboBox.Add(new NSString(item));
+			}
+
+			foreach (var item in VMDirConstants.OperatorList)
+				this.BfOperatorComboBox.Add(new NSString(item));
+
+			BfConditionComboBox.SelectItem(0);
+			SearchScopeComboBox.SelectItem(2);
+			BfAttributeComboBox.SelectItem(0);
+			BfOperatorComboBox.SelectItem(0);
+			AttrToReturnComboBox.SelectItem(0);
+
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			BindView();
+			ReloadResultOutlineViewNotificationObject = NSNotificationCenter.DefaultCenter.AddObserver((NSString)"ReloadResultOutlineView", ReloadResultOutlineView);
+			ReloadResultTableViewNotificationObject = NSNotificationCenter.DefaultCenter.AddObserver((NSString)"ReloadResultTableView", ReloadResultTableView);
+			CloseSearchNotificationObject = NSNotificationCenter.DefaultCenter.AddObserver((NSString)"CloseSearchApplication", OnCloseSearchApplication);
+
+			_propViewController = new PropertiesViewController();
+			_propViewController.PropTableView = new VMDirTableView();
+			_propViewController.View.SetFrameSize(ResultPropView.Frame.Size);
+			ResultPropView.AddSubview(_propViewController.View);
+			LoadQueryToolBarItem.Active = true;
+			//SearchResultContainerView.RemoveFromSuperview();
+			RemoveTableColumns();
+
+			//Populate appropriate columns
+			NSTableColumn col = new NSTableColumn("Attribute");
+			col.HeaderCell.Title = "Attribute";
+			col.HeaderCell.Alignment = NSTextAlignment.Center;
+			col.DataCell = new NSBrowserCell();
+			col.MinWidth = 250;
+			col.ResizingMask = NSTableColumnResizing.UserResizingMask;
+			_propViewController.PropTableView.AddColumn(col);
+
+			NSTableColumn col1 = new NSTableColumn("Value");
+			col1.HeaderCell.Title = "Value";
+			col1.ResizingMask = NSTableColumnResizing.UserResizingMask;
+			col1.HeaderCell.Alignment = NSTextAlignment.Center;
+			col1.MinWidth = 250;
+			_propViewController.PropTableView.AddColumn(col1);
+
+			NSTableColumn col2 = new NSTableColumn("Syntax");
+			col2.HeaderCell.Title = "Syntax";
+			col2.ResizingMask = NSTableColumnResizing.UserResizingMask;
+			col2.HeaderCell.Alignment = NSTextAlignment.Center;
+			col2.MinWidth = 200;
+			_propViewController.PropTableView.AddColumn(col2);
+
+			_searchCondDs = new SearchConditionsTableViewDataSource();
+			BfConditionsTableView.DataSource = _searchCondDs;
+			_attrToReturnDs = new AttributeTableViewDataSource();
+			AttrToReturnTableView.DataSource = _attrToReturnDs;
+			_resultDs = new ResultOutlineDataSource();
+			SearchResultOutlineView.DataSource = _resultDs;
+			SetHeaderText("");
+
+			var col4 = SearchResultOutlineView.OutlineTableColumn;
+			if (col4 != null)
+				col4.DataCell = new NSBrowserCell();
+			SearchResultOutlineView.Delegate = new ResultOutlineDelegate(this);
+
+			ResultPageNoTextField.StringValue = _currPage.ToString();
+			PageSizeToolBarItem.Active = true;
+		}
+
+		void OnCloseSearchApplication(NSNotification obj)
+		{
+			NSNotificationCenter.DefaultCenter.RemoveObserver(ReloadResultOutlineViewNotificationObject);
+			NSNotificationCenter.DefaultCenter.RemoveObserver(ReloadResultTableViewNotificationObject);
+			NSNotificationCenter.DefaultCenter.RemoveObserver(CloseSearchNotificationObject);
+		}
+
+		void ReloadResultTableView(NSNotification obj)
+		{
+			RefreshPropTableViewBasedOnSelection(SearchResultOutlineView.SelectedRow);
+		}
+
+		void ReloadResultOutlineView(NSNotification obj)
+		{
+			var node = obj.Object as DirectoryNonExpandableNode;
+			if (node != null)
+			{
+				_resultList.Remove(node);
+				_resultDs.ResultList.Remove(node);
+				SearchResultOutlineView.ReloadData();
+			}
+		}
+
+		void SetHeaderText(string val)
+		{
+			SearchResultOutlineView.OutlineTableColumn.HeaderCell.Title = val;
+		}
+
+		partial void OnBfAddAction(NSObject sender)
+		{
+			if (!ValidateAdd())
+				return;
+			_searchCondDs.condList.Add(new FilterDTO(BfAttributeComboBox.SelectedValue.ToString(), (Condition)(int)BfConditionComboBox.SelectedIndex, BfValueTextField.StringValue));
+			BfConditionsTableView.ReloadData();
+		}
+
+		partial void OnSearchAction(NSObject sender)
+		{
+			InitPageSearch();
+			if (!ValidateSearch())
+				return;
+			SetToolBarState(true);
+			_resultDs.ResultList.Clear();
+			SearchResultOutlineView.ReloadData();
+			RefreshPropTableViewBasedOnSelection(-1);
+			GetPage();
+
+			_resultDs.ResultList.AddRange(_resultList.ToArray());
+			SearchResultOutlineView.ReloadData();
+			if (_resultList.Count > 0)
+				_currPage = 1;
+			else
+				SetHeaderText(VMDirConstants.STAT_SR_NO_MATCH);
+			ResultPageNoTextField.StringValue = _currPage.ToString();
+		}
+
+		private QueryDTO GetQuery()
+		{
+			QueryDTO qdto = null;
+			var lst = new HashSet<string>(_attrToReturnDs.attrList);
+			lst.Add(VMDirConstants.ATTR_OBJECT_CLASS);
+			lst.Add(VMDirConstants.ATTR_DN);
+			if (SearchQueryTabView.IndexOf(SearchQueryTabView.Selected) == 0)
+			{
+				qdto = new BuildQueryDTO(SearchBaseTextField.StringValue, (LdapScope)(int)SearchScopeComboBox.SelectedIndex,
+										 (LogicalOp)(int)BfOperatorComboBox.SelectedIndex,
+				                         _searchCondDs.condList, lst.ToArray(), 0, IntPtr.Zero, 0);
+
+			}
+			else if (SearchQueryTabView.IndexOf(SearchQueryTabView.Selected) == 1)
+			{
+				qdto = new TextQueryDTO(SearchBaseTextField.StringValue, (LdapScope)(int)SearchScopeComboBox.SelectedIndex, TfSearchFilterTextView.Value,
+				                        lst.ToArray(), 0, IntPtr.Zero, 0);
+			}
+			return qdto;
+		}
+
+		private void GetPage()
+		{
+			SetHeaderText(VMDirConstants.STAT_SR_FETCHING_PG);
+			//_qdto.TimeOut = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(Int32)));
+			//Marshal.WriteInt32(_qdto.TimeOut, VMDirConstants.SEARCH_TIMEOUT_IN_SEC);
+			try
+			{
+				_serverDTO.Connection.PagedSearch(_qdto, _pageSize, _cookie, _morePages,
+					delegate (ILdapMessage ldMsg, IntPtr ck, bool moreP, List<ILdapEntry> entries)
+					{
+						_cookie = ck;
+						_morePages = moreP;
+						_totalCount += entries.Count();
+						_pageNumber++;
+						foreach (var entry in entries)
+						{
+							var ocList = new List<string>(entry.getAttributeValues(VMDirConstants.ATTR_OBJECT_CLASS).Select(x => x.StringValue).ToArray());
+							var node = new DirectoryNonExpandableNode(entry.getDN(), ocList, _serverDTO);
+							node.NodeProperties = _serverDTO.Connection.GetEntryProperties(entry);
+							_resultList.Add(node);
+						}
+					});
+				_totalPage = _totalCount / _pageSize;
+				if (_totalCount % _pageSize > 0)
+					_totalPage++;
+
+				if (_morePages)
+				{
+					SetHeaderText(VMDirConstants.STAT_SR_MORE_PG);
+				}
+				else {
+					SetHeaderText(VMDirConstants.STAT_SR_NO_MORE_PG);
+				}
+			}
+			catch (Exception e)
+			{
+				UIErrorHelper.ShowError(e.Message);
+			}
+			finally
+			{
+				//Marshal.FreeHGlobal(_qdto.TimeOut);
+			}
+		}
+
+		partial void BFOnViewAction(NSObject sender)
+		{
+			var q = GetQuery();
+			if (q != null)
+				UIErrorHelper.ShowAlert(_qdto.GetFilterString(), "Query");
+		}
+
+		public new SearchWindow Window
+		{
+			get { return (SearchWindow)base.Window; }
+		}
+
+		private bool ValidateAdd()
+		{
+			if (BfAttributeComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+				return false;
+
+			}
+			if (BfConditionComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_COND);
+				return false;
+			}
+			if (string.IsNullOrWhiteSpace(BfValueTextField.StringValue))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_VAL);
+				return false;
+			}
+			return true;
+		}
+
+		private bool ValidateSearch()
+		{
+			if (string.IsNullOrWhiteSpace(this.SearchBaseTextField.StringValue))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_SEARCH_BASE);
+				return false;
+			}
+			if (SearchScopeComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_SEARCH_SCOPE);
+				return false;
+			}
+			if (BfOperatorComboBox.SelectedValue == null)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_OP);
+				return false;
+			}
+			if (SearchQueryTabView.IndexOf(SearchQueryTabView.Selected) == 0 && BfConditionsTableView.RowCount <= 0)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_COND_COUNT);
+				return false;
+			}
+			if (SearchQueryTabView.IndexOf(SearchQueryTabView.Selected) == 1 && string.IsNullOrWhiteSpace(TfSearchFilterTextView.Value))
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_TEXT_FILTER);
+				return false;
+			}
+			return true;
+		}
+
+		public void RefreshPropTableViewBasedOnSelection(nint row)
+		{
+			if (row >= (nint)0)
+			{
+				NSObject item = SearchResultOutlineView.ItemAtRow(row);
+				if (item is DirectoryNode)
+				{
+					DirectoryNode node = item as DirectoryNode;
+					_propViewController.PropTableView.DataSource = new PropertiesTableViewDataSource(node.Dn, node.ObjectClass.Last(), node.ServerDTO, node.NodeProperties);
+					_propViewController.ds = (PropertiesTableViewDataSource)_propViewController.PropTableView.DataSource;
+					_propViewController.PropTableView.Delegate = new PropertiesTableDelegate(this, (PropertiesTableViewDataSource)_propViewController.PropTableView.DataSource,_propViewController);
+				}
+			}
+			else
+			{
+				_propViewController.PropTableView.DataSource = null;
+			}
+			_propViewController.PropTableView.ReloadData();
+		}
+
+		private void RemoveTableColumns()
+		{
+			while (_propViewController.PropTableView.ColumnCount > 0)
+			{
+				_propViewController.PropTableView.RemoveColumn(_propViewController.PropTableView.TableColumns()[0]);
+			}
+		}
+
+		partial void OnNextResultButton(NSObject sender)
+		{
+			_currPage++;
+			if (_currPage > _totalPage && _morePages)
+				GetPage();
+			if (_currPage <= _totalPage && _currPage != 0)
+			{
+				_resultDs.ResultList.Clear();
+				for (int i = (_currPage - 1) * _pageSize; i < _currPage * _pageSize && i < _resultList.Count; i++)
+				{
+					_resultDs.ResultList.Add(_resultList[i]);
+				}
+				ResultPageNoTextField.StringValue = _currPage.ToString();
+				SearchResultOutlineView.ReloadData();
+			}
+			else
+				_currPage--;
+		}
+
+		partial void OnPrevResultButton(NSObject sender)
+		{
+			_currPage--;
+			if (_currPage >= 1)
+			{
+				_resultDs.ResultList.Clear();
+				for (int i = (_currPage - 1) * _pageSize; i < _currPage * _pageSize && i < _resultList.Count; i++)
+				{
+					_resultDs.ResultList.Add(_resultList[i]);
+				}
+				ResultPageNoTextField.StringValue = _currPage.ToString();
+				SearchResultOutlineView.ReloadData();
+			}
+			else
+				_currPage++;
+		}
+
+		partial void OnLoadQueryToolBarItem(NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				var open = NSOpenPanel.OpenPanel;
+				open.AllowedFileTypes = new string[] { "xml" };
+				open.Title = "Load Query";
+				nint result = open.RunModal();
+				if (result == (int)1)
+				{
+					string path = open.Url.Path;
+					try
+					{
+						_qdto = LoadQuryOfType(typeof(BuildQueryDTO), path) as BuildQueryDTO;
+					}
+					catch (Exception)
+					{
+						_qdto = LoadQuryOfType(typeof(TextQueryDTO), path) as TextQueryDTO;
+					}
+					BindData();
+					UIErrorHelper.ShowInformation(VMDirConstants.STAT_QUERY_LOAD_SUCC);
+				}
+			});
+		}
+
+		private object LoadQuryOfType(Type ty, string filename)
+		{
+			using (var ms = new MemoryStream())
+			{
+				var bytes = File.ReadAllBytes(filename);
+				ms.Write(bytes, 0, bytes.Length);
+				ms.Seek(0, SeekOrigin.Begin);
+
+				var xmlSerializer = new XmlSerializer(ty);
+				return xmlSerializer.Deserialize(ms);
+			}
+		}
+
+		private void BindData()
+		{
+			if (_qdto.GetType() == typeof(BuildQueryDTO))
+			{
+				var dto = _qdto as BuildQueryDTO;
+				SearchQueryTabView.SelectAt(0);
+				SearchBaseTextField.StringValue = dto.SearchBase;
+				SearchScopeComboBox.SelectItem((int)dto.SearchScope);
+				BfOperatorComboBox.SelectItem((int)dto.Operator);
+				BfAttributeComboBox.SelectItem(0);
+				BfConditionComboBox.SelectItem(0);
+
+				_searchCondDs.condList.Clear();
+				foreach (var item in dto.CondList)
+				{
+					_searchCondDs.condList.Add(new FilterDTO(item.Attribute, item.Condition, item.Value));
+				}
+				BfConditionsTableView.ReloadData();
+				_attrToReturnDs.attrList.Clear();
+				foreach (var item in dto.AttrToReturn)
+				{
+					_attrToReturnDs.attrList.Add(item);
+				}
+				AttrToReturnTableView.ReloadData();
+			}
+			else if (_qdto.GetType() == typeof(TextQueryDTO))
+			{
+				var dto = _qdto as TextQueryDTO;
+				SearchQueryTabView.SelectAt(1);
+				SearchBaseTextField.StringValue = dto.SearchBase;
+				SearchScopeComboBox.SelectItem((int)dto.SearchScope);
+				TfSearchFilterTextView.Value = dto.GetFilterString();
+				_attrToReturnDs.attrList.Clear();
+				foreach (var item in dto.AttrToReturn)
+				{
+					_attrToReturnDs.attrList.Add(item);
+				}
+				AttrToReturnTableView.ReloadData();
+			}
+		}
+
+		partial void OnStoreQueryToolBarItem(NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate ()
+			{
+				var data = GetQuery();
+				if (data == null)
+					return;
+
+				using (var ms = new MemoryStream())
+				{
+					var xmlSerializer = new XmlSerializer(data.GetType());
+					xmlSerializer.Serialize(ms, data);
+
+					var save = NSSavePanel.SavePanel;
+					save.AllowedFileTypes = new string[] { "xml" };
+					save.Title = "Store Query";
+					nint result = save.RunModal();
+					if (result == (int)1)
+					{
+						string path = save.Url.Path;
+						File.WriteAllBytes(path, ms.ToArray());
+						UIErrorHelper.ShowInformation(VMDirConstants.STAT_QUERY_STORE_SUCC);
+					}
+				}
+			});
+		}
+
+		partial void OnPageSizeToolBarItem(NSObject sender)
+		{
+			PageSizeController pswc = new PageSizeController(_pageSize);
+			NSApplication.SharedApplication.BeginSheet(pswc.Window, this.Window, () =>
+				{
+				});
+			try
+			{
+				nint result = NSApplication.SharedApplication.RunModalForWindow(pswc.Window);
+				if (result == (nint)VMIdentityConstants.DIALOGOK)
+				{
+					_pageSize = pswc.PageSize;
+					_totalPage = _totalCount / _pageSize;
+					if (_totalCount % _pageSize > 0)
+						_totalPage++;
+				}
+			}
+			finally
+			{
+				Window.EndSheet(pswc.Window);
+				pswc.Dispose();
+			}
+		}
+
+		partial void OnOperationalToolBarItem(NSObject sender)
+		{
+			if (_serverDTO.OperationalAttrFlag)
+				_serverDTO.OperationalAttrFlag = false;
+			else
+				_serverDTO.OperationalAttrFlag = true;
+			RefreshPropTableViewBasedOnSelection(SearchResultOutlineView.SelectedRow);
+		}
+
+		partial void OnOptionalToolBarItem(NSObject sender)
+		{
+			if (_serverDTO.OptionalAttrFlag)
+				_serverDTO.OptionalAttrFlag = false;
+			else
+				_serverDTO.OptionalAttrFlag = true;
+			RefreshPropTableViewBasedOnSelection(SearchResultOutlineView.SelectedRow);
+		}
+
+		partial void OnDelete(NSObject sender)
+		{
+			nint row = SearchResultOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNonExpandableNode node = SearchResultOutlineView.ItemAtRow(row) as DirectoryNonExpandableNode;
+				node.PerformDelete();
+			}
+		}
+
+		partial void OnRefresh(NSObject sender)
+		{
+			nint row = SearchResultOutlineView.SelectedRow;
+			if (isObjectSelected(row))
+			{
+				DirectoryNonExpandableNode node = SearchResultOutlineView.ItemAtRow(row) as DirectoryNonExpandableNode;
+				node.PerformRefreshNode();
+			}
+		}
+
+		partial void OnSearchBoxVisibilityToolBarItem(Foundation.NSObject sender)
+		{
+			SetSearchBoxVisibility();
+		}
+
+		private bool isObjectSelected(nint row)
+		{
+			if (row < (nint)0)
+			{
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+				return false;
+			}
+			else
+				return true;
+		}
+		private void SetSearchBoxVisibility()
+		{
+			if (_searchBoxFlag)
+			{
+				SearchQueryContainerView.RemoveFromSuperview();	
+				//SearchHorizontalSplitView.RemoveArrangedSubview(SearchQueryContainerView);
+				_searchBoxFlag = false;
+			}
+			else {
+				foreach (var item in SearchHorizontalSplitView.Subviews)
+					//SearchHorizontalSplitView.RemoveArrangedSubview(item);//supported 10.11 onward
+					item.RemoveFromSuperview();
+
+				var size = SearchHorizontalSplitView.Frame.Size;
+				SearchQueryContainerView.SetFrameSize(new CoreGraphics.CGSize(size.Width, 280));
+				//SearchHorizontalSplitView.AddArrangedSubview(SearchQueryContainerView);
+				SearchHorizontalSplitView.AddSubview(SearchQueryContainerView);
+				SearchResultContainerView.SetFrameSize(new CoreGraphics.CGSize(size.Width, size.Height - 280));
+				//SearchHorizontalSplitView.AddArrangedSubview(SearchResultContainerView);
+				SearchHorizontalSplitView.AddSubview(SearchResultContainerView);
+				_searchBoxFlag = true;
+			}
+		}
+
+		private void SetToolBarState(bool state)
+		{
+			OperationalAttrToolBarItem.Active = state;
+			OptionalToolBarItem.Active = state;
+			PageSizeToolBarItem.Active = state;
+			StoreQueryToolBarItem.Active = state;
+			LoadQueryToolBarItem.Active = state;
+			SearchBoxVisibilityToolBarItem.Active = state;
+			RefreshToolBarItem.Active = state;
+			DeleteToolBarItem.Active = state;
+			ExportToolBarItem.Active = state;
+		}
+
+		partial void OnBfRemoveTableEntry(Foundation.NSObject sender)
+		{
+			nint row = BfConditionsTableView.SelectedRow;
+			if (row >= (nint)0)
+			{
+				_searchCondDs.condList.RemoveAt((int)row);
+				BfConditionsTableView.ReloadData();
+			}
+		}
+		partial void OnBfRemoveAllTableEntries(NSObject sender)
+		{
+			_searchCondDs.condList.Clear();
+			BfConditionsTableView.ReloadData();
+		}
+		partial void OnBfCopyToTf(NSObject sender)
+		{
+			var query = GetQuery();
+			if (query != null)
+			{
+				this.TfSearchFilterTextView.Value = query.GetFilterString();
+				this.SearchQueryTabView.SelectAt(1);
+			}
+		}
+		partial void OnBfMultipleValFromFile(NSObject sender)
+		{
+			ConditionValuesFromFileController cvffwc = new ConditionValuesFromFileController(_attrList);
+			nint result = NSApplication.SharedApplication.RunModalForWindow(cvffwc.Window);
+			if (result == (nint)VMIdentityConstants.DIALOGOK)
+			{
+				foreach (var item in cvffwc.ValuesList)
+				{
+					_searchCondDs.condList.Add(new FilterDTO(cvffwc.Attribute,cvffwc.Condition,item));
+				}
+				BfConditionsTableView.ReloadData();
+			}
+		}
+		partial void OnAttrToReturnAdd(NSObject sender)
+		{
+			_attrToReturnDs.attrList.Add(AttrToReturnComboBox.SelectedValue.ToString());
+			AttrToReturnTableView.ReloadData();
+		}
+		partial void OnAttrToReturnRemove(NSObject sender)
+		{
+			nint row = AttrToReturnTableView.SelectedRow;
+			if (row >= (nint)0)
+			{
+				_attrToReturnDs.attrList.RemoveAt((int)row);
+				AttrToReturnTableView.ReloadData();
+			}
+		}
+		partial void OnAttrToReturnRemoveAll(NSObject sender)
+		{
+			_attrToReturnDs.attrList.Clear();
+			AttrToReturnTableView.ReloadData();
+		}
+		partial void OnExportToolBarItem(NSObject sender)
+		{
+			ExportSearchResultController esrwc = new ExportSearchResultController(_resultList,_returnedAttrList,_currPage,_pageSize);
+			NSApplication.SharedApplication.RunModalForWindow(esrwc.Window);
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModalWithCode(0);
+			NSNotificationCenter.DefaultCenter.PostNotificationName("CloseSearchApplication", this);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindowController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindowController.designer.cs
new file mode 100755
index 000000000..035ef3199
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/Search/SearchWindowController.designer.cs
@@ -0,0 +1,306 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("SearchWindowController")]
+	partial class SearchWindowController
+	{
+		[Outlet]
+		AppKit.NSComboBox AttrToReturnComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSTableView AttrToReturnTableView { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox BfAttributeComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox BfConditionComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSTableView BfConditionsTableView { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox BfOperatorComboBox { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField BfValueTextField { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem DeleteToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem ExportToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem LoadQueryToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem OperationalAttrToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem OptionalToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem PageSizeToolBarItem { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem RefreshToolBarItem { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField ResultPageNoTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSView ResultPropView { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField SearchBaseTextField { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem SearchBoxVisibilityToolBarItem { get; set; }
+
+		[Outlet]
+		AppKit.NSSplitView SearchHorizontalSplitView { get; set; }
+
+		[Outlet]
+		AppKit.NSView SearchQueryContainerView { get; set; }
+
+		[Outlet]
+		AppKit.NSTabView SearchQueryTabView { get; set; }
+
+		[Outlet]
+		AppKit.NSView SearchResultContainerView { get; set; }
+
+		[Outlet]
+		public AppKit.NSOutlineView SearchResultOutlineView { get; private set; }
+
+		[Outlet]
+		AppKit.NSComboBox SearchScopeComboBox { get; set; }
+
+		[Outlet]
+		VmIdentity.UI.Common.ActivatableToolBarItem StoreQueryToolBarItem { get; set; }
+
+		[Outlet]
+		AppKit.NSTextView TfSearchFilterTextView { get; set; }
+
+		[Action ("BFOnViewAction:")]
+		partial void BFOnViewAction (Foundation.NSObject sender);
+
+		[Action ("OnAttrToReturnAdd:")]
+		partial void OnAttrToReturnAdd (Foundation.NSObject sender);
+
+		[Action ("OnAttrToReturnRemove:")]
+		partial void OnAttrToReturnRemove (Foundation.NSObject sender);
+
+		[Action ("OnAttrToReturnRemoveAll:")]
+		partial void OnAttrToReturnRemoveAll (Foundation.NSObject sender);
+
+		[Action ("OnBfAddAction:")]
+		partial void OnBfAddAction (Foundation.NSObject sender);
+
+		[Action ("OnBfCopyToTf:")]
+		partial void OnBfCopyToTf (Foundation.NSObject sender);
+
+		[Action ("OnBfMultipleValFromFile:")]
+		partial void OnBfMultipleValFromFile (Foundation.NSObject sender);
+
+		[Action ("OnBfRemoveAllTableEntries:")]
+		partial void OnBfRemoveAllTableEntries (Foundation.NSObject sender);
+
+		[Action ("OnBfRemoveTableEntry:")]
+		partial void OnBfRemoveTableEntry (Foundation.NSObject sender);
+
+		[Action ("OnDelete:")]
+		partial void OnDelete (Foundation.NSObject sender);
+
+		[Action ("OnExportToolBarItem:")]
+		partial void OnExportToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnLoadQueryToolBarItem:")]
+		partial void OnLoadQueryToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnNextResultButton:")]
+		partial void OnNextResultButton (Foundation.NSObject sender);
+
+		[Action ("OnOperationalToolBarItem:")]
+		partial void OnOperationalToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnOptionalToolBarItem:")]
+		partial void OnOptionalToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnPageSizeToolBarItem:")]
+		partial void OnPageSizeToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnPrevResultButton:")]
+		partial void OnPrevResultButton (Foundation.NSObject sender);
+
+		[Action ("OnRefresh:")]
+		partial void OnRefresh (Foundation.NSObject sender);
+
+		[Action ("OnSearchAction:")]
+		partial void OnSearchAction (Foundation.NSObject sender);
+
+		[Action ("OnSearchBoxVisibilityToolBarItem:")]
+		partial void OnSearchBoxVisibilityToolBarItem (Foundation.NSObject sender);
+
+		[Action ("OnStoreQueryToolBarItem:")]
+		partial void OnStoreQueryToolBarItem (Foundation.NSObject sender);
+
+		[Action ("TFOnSearchAction:")]
+		partial void TFOnSearchAction (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (AttrToReturnComboBox != null) {
+				AttrToReturnComboBox.Dispose ();
+				AttrToReturnComboBox = null;
+			}
+
+			if (AttrToReturnTableView != null) {
+				AttrToReturnTableView.Dispose ();
+				AttrToReturnTableView = null;
+			}
+
+			if (BfAttributeComboBox != null) {
+				BfAttributeComboBox.Dispose ();
+				BfAttributeComboBox = null;
+			}
+
+			if (BfConditionComboBox != null) {
+				BfConditionComboBox.Dispose ();
+				BfConditionComboBox = null;
+			}
+
+			if (BfConditionsTableView != null) {
+				BfConditionsTableView.Dispose ();
+				BfConditionsTableView = null;
+			}
+
+			if (BfOperatorComboBox != null) {
+				BfOperatorComboBox.Dispose ();
+				BfOperatorComboBox = null;
+			}
+
+			if (BfValueTextField != null) {
+				BfValueTextField.Dispose ();
+				BfValueTextField = null;
+			}
+
+			if (DeleteToolBarItem != null) {
+				DeleteToolBarItem.Dispose ();
+				DeleteToolBarItem = null;
+			}
+
+			if (ExportToolBarItem != null) {
+				ExportToolBarItem.Dispose ();
+				ExportToolBarItem = null;
+			}
+
+			if (LoadQueryToolBarItem != null) {
+				LoadQueryToolBarItem.Dispose ();
+				LoadQueryToolBarItem = null;
+			}
+
+			if (OperationalAttrToolBarItem != null) {
+				OperationalAttrToolBarItem.Dispose ();
+				OperationalAttrToolBarItem = null;
+			}
+
+			if (OptionalToolBarItem != null) {
+				OptionalToolBarItem.Dispose ();
+				OptionalToolBarItem = null;
+			}
+
+			if (PageSizeToolBarItem != null) {
+				PageSizeToolBarItem.Dispose ();
+				PageSizeToolBarItem = null;
+			}
+
+			if (RefreshToolBarItem != null) {
+				RefreshToolBarItem.Dispose ();
+				RefreshToolBarItem = null;
+			}
+
+			if (ResultPageNoTextField != null) {
+				ResultPageNoTextField.Dispose ();
+				ResultPageNoTextField = null;
+			}
+
+			if (ResultPropView != null) {
+				ResultPropView.Dispose ();
+				ResultPropView = null;
+			}
+
+			if (SearchBaseTextField != null) {
+				SearchBaseTextField.Dispose ();
+				SearchBaseTextField = null;
+			}
+
+			if (SearchBoxVisibilityToolBarItem != null) {
+				SearchBoxVisibilityToolBarItem.Dispose ();
+				SearchBoxVisibilityToolBarItem = null;
+			}
+
+			if (SearchHorizontalSplitView != null) {
+				SearchHorizontalSplitView.Dispose ();
+				SearchHorizontalSplitView = null;
+			}
+
+			if (SearchQueryContainerView != null) {
+				SearchQueryContainerView.Dispose ();
+				SearchQueryContainerView = null;
+			}
+
+			if (SearchQueryTabView != null) {
+				SearchQueryTabView.Dispose ();
+				SearchQueryTabView = null;
+			}
+
+			if (SearchResultContainerView != null) {
+				SearchResultContainerView.Dispose ();
+				SearchResultContainerView = null;
+			}
+
+			if (SearchResultOutlineView != null) {
+				SearchResultOutlineView.Dispose ();
+				SearchResultOutlineView = null;
+			}
+
+			if (SearchScopeComboBox != null) {
+				SearchScopeComboBox.Dispose ();
+				SearchScopeComboBox = null;
+			}
+
+			if (StoreQueryToolBarItem != null) {
+				StoreQueryToolBarItem.Dispose ();
+				StoreQueryToolBarItem = null;
+			}
+
+			if (TfSearchFilterTextView != null) {
+				TfSearchFilterTextView.Dispose ();
+				TfSearchFilterTextView = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.cs
new file mode 100755
index 000000000..d78aeb244
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.cs
@@ -0,0 +1,45 @@
+/*

+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.

+ *

+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not

+ * use this file except in compliance with the License.  You may obtain a copy

+ * of the License at http://www.apache.org/licenses/LICENSE-2.0

+ *·

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an “AS IS” BASIS, without

+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the

+ * License for the specific language governing permissions and limitations

+ * under the License.

+ */
+
+using System;

+using Foundation;

+

+namespace LWRaftSnapIn.UI

+{
+	public partial class SelectObjectClassWindow : AppKit.NSWindow
+	{
+		#region Constructors

+
+		// Called when created from unmanaged code
+		public SelectObjectClassWindow(IntPtr handle) : base(handle)
+		{
+			Initialize();
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public SelectObjectClassWindow(NSCoder coder) : base(coder)
+		{
+			Initialize();
+		}
+
+		// Shared initialization code
+		void Initialize()
+		{
+		}
+
+		#endregion

+	}

+}

+

diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.designer.cs
new file mode 100755
index 000000000..160546c73
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.designer.cs
@@ -0,0 +1,71 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+
+
+
+namespace LWRaftSnapIn.UI
+
+{
+	[Register("SelectObjectClassWindowController")]
+	partial class SelectObjectClassWindowController
+	{
+		[Outlet]
+		AppKit.NSTableView AddObjectTableView { get; set; }
+
+		[Outlet]
+		AppKit.NSButton CancelButton { get; set; }
+
+		[Outlet]
+		AppKit.NSButton SelectButton { get; set; }
+
+		void ReleaseDesignerOutlets()
+		{
+			if (AddObjectTableView != null)
+			{
+				AddObjectTableView.Dispose();
+				AddObjectTableView = null;
+			}
+
+			if (SelectButton != null)
+			{
+				SelectButton.Dispose();
+				SelectButton = null;
+			}
+
+			if (CancelButton != null)
+			{
+				CancelButton.Dispose();
+				CancelButton = null;
+			}
+		}
+	}
+
+	[Register("SelectObjectClassWindow")]
+	partial class SelectObjectClassWindow
+	{
+		void ReleaseDesignerOutlets()
+		{
+		}
+	}
+
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.xib
new file mode 100755
index 000000000..3258b13f8
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindow.xib
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <development version="5000" identifier="xcode"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="SelectObjectClassWindowController">
+            <connections>
+                <outlet property="AddObjectTableView" destination="8" id="29"/>
+                <outlet property="CancelButton" destination="26" id="31"/>
+                <outlet property="SelectButton" destination="24" id="30"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Select Objectclass to add" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="SelectObjectClassWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="423" y="305" width="546" height="376"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="546" height="376"/>
+            <value key="maxSize" type="size" width="546" height="376"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="546" height="376"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="7">
+                        <rect key="frame" x="32" y="72" width="494" height="284"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <clipView key="contentView" id="30G-3W-f4T">
+                            <rect key="frame" x="1" y="17" width="492" height="266"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" alternatingRowBackgroundColors="YES" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" headerView="10" id="8">
+                                    <rect key="frame" x="0.0" y="0.0" width="526" height="19"/>
+                                    <autoresizingMask key="autoresizingMask"/>
+                                    <size key="intercellSpacing" width="3" height="2"/>
+                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    <tableViewGridLines key="gridStyleMask" vertical="YES"/>
+                                    <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                    <tableColumns>
+                                        <tableColumn identifier="Key" editable="NO" width="150" minWidth="40" maxWidth="1000" id="12">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Key">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" alignment="left" title="Text Cell" id="15">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="Value" editable="NO" width="370" minWidth="40" maxWidth="1000" id="13">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Value">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" alignment="left" title="Text Cell" id="14">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                    </tableColumns>
+                                </tableView>
+                            </subviews>
+                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </clipView>
+                        <scroller key="horizontalScroller" verticalHuggingPriority="750" horizontal="YES" id="9">
+                            <rect key="frame" x="1" y="119" width="223" height="15"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="11">
+                            <rect key="frame" x="224" y="17" width="15" height="102"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <tableHeaderView key="headerView" id="10">
+                            <rect key="frame" x="0.0" y="0.0" width="401" height="17"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </tableHeaderView>
+                    </scrollView>
+                    <button verticalHuggingPriority="750" id="26">
+                        <rect key="frame" x="365" y="29" width="83" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="27">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+Gw
+</string>
+                        </buttonCell>
+                    </button>
+                    <button verticalHuggingPriority="750" id="24">
+                        <rect key="frame" x="453" y="29" width="79" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Select" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="25">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                    </button>
+                </subviews>
+            </view>
+            <contentBorderThickness minY="22"/>
+            <connections>
+                <outlet property="delegate" destination="-2" id="28"/>
+            </connections>
+            <point key="canvasLocation" x="365" y="315"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindowController.cs
new file mode 100755
index 000000000..791d66c59
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObject/SelectObjectClassWindowController.cs
@@ -0,0 +1,129 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using AppKit;
+using Foundation;
+using VmIdentity.UI.Common.Utilities;
+using LWRaftSnapIn.DataSource;
+using VMDir.Common.Schema;
+using LWRaftSnapIn.Delegate;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SelectObjectClassWindowController : NSWindowController
+	{
+		private List<ObjectClassDTO> _list;
+		private ObjectClassDTO _selectedObject;
+		private List<KeyValuePair<string, string>> dataSourceList;
+
+		public ObjectClassDTO SelectedObject { get { return _selectedObject; } }
+
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public SelectObjectClassWindowController(IntPtr handle) : base(handle)
+		{
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public SelectObjectClassWindowController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public SelectObjectClassWindowController(SchemaManager mgr) : base("SelectObjectClassWindow")
+		{
+			BindList(mgr);
+		}
+
+		// Call to load from the XIB/NIB file
+		public SelectObjectClassWindowController() : base("SelectObjectClassWindow")
+		{
+		}
+
+		int SortObjectClassDTO(ObjectClassDTO lhs, ObjectClassDTO rhs)
+		{
+			return lhs.Name.CompareTo(rhs.Name);
+		}
+
+		void BindList(SchemaManager mgr)
+		{
+			var om = mgr.GetObjectClassManager();
+			_list = om.Data.Values.ToList();
+			_list.Sort(SortObjectClassDTO);
+			dataSourceList = new List<KeyValuePair<string, string>>();
+			foreach (var obj in _list)
+			{
+				dataSourceList.Add(new KeyValuePair<string, string>(obj.Name, obj.Description));
+			}
+		}
+
+		#endregion
+
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			this.AddObjectTableView.DataSource = new GenericTableViewDataSource(dataSourceList);
+
+			NSTableColumn col = this.AddObjectTableView.TableColumns()[0];
+			if (col != null)
+				col.DataCell = new NSBrowserCell();
+			this.AddObjectTableView.Delegate = new GenericTableDelegate();
+
+			this.SelectButton.Activated += OnClickSelectButton;
+			this.CancelButton.Activated += OnClickCancelButton;
+		}
+
+		public void OnClickSelectButton(object sender, EventArgs e)
+		{
+			nint row = AddObjectTableView.SelectedRow;
+			if (row >= (nint)0)
+			{
+				_selectedObject = _list[(int)row];
+				this.Close();
+				NSApplication.SharedApplication.StopModalWithCode(1);
+			}
+			else {
+				UIErrorHelper.ShowWarning(VMDirConstants.WRN_OC_SEL);
+			}
+		}
+
+		public void OnClickCancelButton(object sender, EventArgs e)
+		{
+			NSApplication.SharedApplication.StopModal();
+			this.Close();
+		}
+
+		[Export("windowWillClose:")]
+		public void WindowWillClose(NSNotification notification)
+		{
+			NSApplication.SharedApplication.StopModal();
+		}
+
+		//strongly typed window accessor
+		public new SelectObjectClassWindow Window
+		{
+			get
+			{
+				return (SelectObjectClassWindow)base.Window;
+			}
+		}
+	}
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.cs
new file mode 100755
index 000000000..97a9e8955
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class VmdirSplitView : AppKit.NSView
+	{
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public VmdirSplitView(IntPtr handle) : base(handle)
+		{
+			Initialize();
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public VmdirSplitView(NSCoder coder) : base(coder)
+		{
+			Initialize();
+		}
+
+		// Shared initialization code
+		void Initialize()
+		{
+		}
+
+		#endregion
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.designer.cs
new file mode 100755
index 000000000..0430e9eb1
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+	// Should subclass AppKit.NSView
+	[Foundation.Register("VmdirSplitView")]
+	public partial class VmdirSplitView
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.xib
new file mode 100755
index 000000000..598cff932
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitView.xib
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15F34" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="VmdirSplitViewController">
+            <connections>
+                <outlet property="VmdirOutlineColumn" destination="SWg-xr-xBS" id="ffX-lD-CWL"/>
+                <outlet property="VmdirOutlineView" destination="jKk-km-OON" id="4Kf-GZ-voe"/>
+                <outlet property="VmdirPropView" destination="se5-r1-hHq" id="eQL-b5-bhY"/>
+                <outlet property="view" destination="4" id="17"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <customView id="4" customClass="VmdirSplitView">
+            <rect key="frame" x="0.0" y="0.0" width="1016" height="678"/>
+            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+            <subviews>
+                <splitView dividerStyle="thin" vertical="YES" id="wcM-pK-HyT">
+                    <rect key="frame" x="0.0" y="0.0" width="1016" height="678"/>
+                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                    <subviews>
+                        <customView id="wkJ-Js-0yP">
+                            <rect key="frame" x="0.0" y="0.0" width="255" height="678"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                            <subviews>
+                                <scrollView autohidesScrollers="YES" horizontalLineScroll="17" horizontalPageScroll="10" verticalLineScroll="17" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="vui-46-dsg">
+                                    <rect key="frame" x="0.0" y="0.0" width="257" height="678"/>
+                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                    <clipView key="contentView" drawsBackground="NO" copiesOnScroll="NO" id="C4G-6y-rH9">
+                                        <rect key="frame" x="1" y="0.0" width="255" height="677"/>
+                                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                        <subviews>
+                                            <outlineView verticalHuggingPriority="750" allowsExpansionToolTips="YES" columnAutoresizingStyle="lastColumnOnly" selectionHighlightStyle="sourceList" multipleSelection="NO" autosaveColumns="NO" headerView="EQs-1P-fAG" indentationPerLevel="14" outlineTableColumn="SWg-xr-xBS" id="jKk-km-OON" customClass="VmdirOutlineView">
+                                                <rect key="frame" x="0.0" y="0.0" width="255" height="17"/>
+                                                <autoresizingMask key="autoresizingMask"/>
+                                                <size key="intercellSpacing" width="3" height="0.0"/>
+                                                <color key="backgroundColor" name="_sourceListBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                                <tableColumns>
+                                                    <tableColumn width="252" minWidth="40" maxWidth="1000" id="SWg-xr-xBS">
+                                                        <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left">
+                                                            <font key="font" metaFont="smallSystem"/>
+                                                            <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                                        </tableHeaderCell>
+                                                        <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" id="a3K-mT-WQD">
+                                                            <font key="font" metaFont="system"/>
+                                                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                                        </textFieldCell>
+                                                        <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                                    </tableColumn>
+                                                </tableColumns>
+                                                <connections>
+                                                    <action selector="OnClickAction:" target="-2" id="S1L-x1-2wG"/>
+                                                </connections>
+                                            </outlineView>
+                                        </subviews>
+                                        <nil key="backgroundColor"/>
+                                    </clipView>
+                                    <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="jjd-gb-TCF">
+                                        <rect key="frame" x="1" y="729" width="253" height="16"/>
+                                        <autoresizingMask key="autoresizingMask"/>
+                                    </scroller>
+                                    <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="tpl-YL-Sl1">
+                                        <rect key="frame" x="224" y="17" width="15" height="102"/>
+                                        <autoresizingMask key="autoresizingMask"/>
+                                    </scroller>
+                                    <tableHeaderView key="headerView" id="EQs-1P-fAG">
+                                        <rect key="frame" x="0.0" y="0.0" width="255" height="23"/>
+                                        <autoresizingMask key="autoresizingMask"/>
+                                    </tableHeaderView>
+                                </scrollView>
+                            </subviews>
+                        </customView>
+                        <customView id="se5-r1-hHq">
+                            <rect key="frame" x="256" y="0.0" width="760" height="678"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </customView>
+                    </subviews>
+                    <holdingPriorities>
+                        <real value="250"/>
+                        <real value="250"/>
+                    </holdingPriorities>
+                </splitView>
+            </subviews>
+            <point key="canvasLocation" x="437" y="406"/>
+        </customView>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitViewController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitViewController.cs
new file mode 100755
index 000000000..fdb43b947
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitViewController.cs
@@ -0,0 +1,73 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using VmIdentity.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class VmdirSplitViewController : AppKit.NSViewController
+	{
+		public PropertiesViewController propViewController { get; set; }
+		#region Constructors
+
+		// Called when created from unmanaged code
+		public VmdirSplitViewController(IntPtr handle) : base(handle)
+		{
+			Initialize();
+		}
+
+		// Called when created directly from a XIB file
+		[Export("initWithCoder:")]
+		public VmdirSplitViewController(NSCoder coder) : base(coder)
+		{
+			Initialize();
+		}
+
+		// Call to load from the XIB/NIB file
+		public VmdirSplitViewController() : base("VmdirSplitView", NSBundle.MainBundle)
+		{
+			Initialize();
+		}
+
+		// Shared initialization code
+		void Initialize()
+		{
+		}
+
+		#endregion
+
+		//strongly typed view accessor
+		public new VmdirSplitView View
+		{
+			get
+			{
+				return (VmdirSplitView)base.View;
+			}
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+			propViewController = new PropertiesViewController();
+			propViewController.PropTableView = new VMDirTableView();
+			VmdirPropView.AddSubview(propViewController.View);
+		}
+
+		partial void OnClickAction(NSObject sender)
+		{
+			UIErrorHelper.ShowWarning(VmdirOutlineView.SelectedTag.ToString());
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitViewController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitViewController.designer.cs
new file mode 100755
index 000000000..e0a266e15
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SplitViewMMC/VmdirSplitViewController.designer.cs
@@ -0,0 +1,51 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("VmdirSplitViewController")]
+	partial class VmdirSplitViewController
+	{
+		[Outlet]
+		public AppKit.NSOutlineView VmdirOutlineView { get; set; }
+
+		[Outlet]
+		public AppKit.NSView VmdirPropView { get; private set; }
+
+		[Action ("OnClickAction:")]
+		partial void OnClickAction (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (VmdirOutlineView != null) {
+				VmdirOutlineView.Dispose ();
+				VmdirOutlineView = null;
+			}
+
+			if (VmdirPropView != null) {
+				VmdirPropView.Dispose ();
+				VmdirPropView = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.cs
new file mode 100755
index 000000000..03e12ef3e
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.cs
@@ -0,0 +1,37 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SuperLoggingBrowserWindow : NSWindow
+	{
+		public SuperLoggingBrowserWindow (IntPtr handle) : base (handle)
+		{
+		}
+
+		[Export ("initWithCoder:")]
+		public SuperLoggingBrowserWindow (NSCoder coder) : base (coder)
+		{
+		}
+
+		public override void AwakeFromNib ()
+		{
+			base.AwakeFromNib ();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.designer.cs
new file mode 100755
index 000000000..07c21edb6
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    [global::Foundation.Register ("SuperLoggingBrowserWindow")]
+    public partial class SuperLoggingBrowserWindow
+    {
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.xib
new file mode 100755
index 000000000..fdbe25edf
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindow.xib
@@ -0,0 +1,337 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="SuperLoggingBrowserWindowController">
+            <connections>
+                <outlet property="BtnBufferSizeChange" destination="143" id="176"/>
+                <outlet property="BtnClear" destination="9" id="180"/>
+                <outlet property="BtnClose" destination="195" id="197"/>
+                <outlet property="BtnFilter" destination="147" id="179"/>
+                <outlet property="BtnOff" destination="164" id="174"/>
+                <outlet property="BtnRefresh" destination="129" id="183"/>
+                <outlet property="CbOperator" destination="201" id="203"/>
+                <outlet property="CboColumns" destination="149" id="177"/>
+                <outlet property="ChkAutoRefresh" destination="133" id="181"/>
+                <outlet property="Status" destination="145" id="172"/>
+                <outlet property="SuperLogsTableView" destination="125" id="184"/>
+                <outlet property="TxtBufferSize" destination="138" id="175"/>
+                <outlet property="TxtFilterValue" destination="198" id="200"/>
+                <outlet property="TxtRefreshInterval" destination="166" id="182"/>
+                <outlet property="window" destination="7" id="171"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application"/>
+        <window title="Super Logging Browser" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" visibleAtLaunch="NO" animationBehavior="default" id="7" customClass="SuperLoggingBrowserWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" resizable="YES"/>
+            <rect key="contentRect" x="292" y="174" width="795" height="570"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="779" height="528"/>
+            <value key="maxSize" type="size" width="779" height="528"/>
+            <view key="contentView" id="8">
+                <rect key="frame" x="0.0" y="0.0" width="795" height="570"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <scrollView autohidesScrollers="YES" horizontalLineScroll="19" horizontalPageScroll="10" verticalLineScroll="19" verticalPageScroll="10" usesPredominantAxisScrolling="NO" id="10">
+                        <rect key="frame" x="22" y="58" width="739" height="386"/>
+                        <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                        <clipView key="contentView" id="yvg-xr-Jgn">
+                            <rect key="frame" x="1" y="23" width="737" height="362"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <tableView verticalHuggingPriority="750" allowsExpansionToolTips="YES" alternatingRowBackgroundColors="YES" columnSelection="YES" multipleSelection="NO" autosaveColumns="NO" headerView="121" id="125">
+                                    <rect key="frame" x="0.0" y="0.0" width="737" height="362"/>
+                                    <autoresizingMask key="autoresizingMask"/>
+                                    <size key="intercellSpacing" width="3" height="2"/>
+                                    <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                    <color key="gridColor" name="gridColor" catalog="System" colorSpace="catalog"/>
+                                    <tableColumns>
+                                        <tableColumn identifier="ClientIP" width="101" minWidth="10" maxWidth="3.4028234663852886e+38" headerToolTip="Client IP" id="126">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Client IP">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="127">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="Port" width="58" minWidth="10" maxWidth="3.4028234663852886e+38" id="185">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Port">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="186">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="LoginDN" width="164" minWidth="10" maxWidth="3.4028234663852886e+38" id="187">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Login DN">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="188">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="Operation" width="88.5" minWidth="10" maxWidth="3.4028234663852886e+38" id="189">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Operation">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="190">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="ErrorCode" width="136.5" minWidth="10" maxWidth="3.4028234663852886e+38" id="191">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Status">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="192">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                        <tableColumn identifier="Duration" width="78.5" minWidth="10" maxWidth="3.4028234663852886e+38" id="193">
+                                            <tableHeaderCell key="headerCell" lineBreakMode="truncatingTail" borderStyle="border" alignment="left" title="Duration (ms)">
+                                                <font key="font" metaFont="smallSystem"/>
+                                                <color key="textColor" name="headerTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="headerColor" catalog="System" colorSpace="catalog"/>
+                                            </tableHeaderCell>
+                                            <textFieldCell key="dataCell" lineBreakMode="truncatingTail" selectable="YES" editable="YES" alignment="left" title="Text Cell" id="194">
+                                                <font key="font" metaFont="system"/>
+                                                <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                                <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                                            </textFieldCell>
+                                            <tableColumnResizingMask key="resizingMask" resizeWithTable="YES" userResizable="YES"/>
+                                        </tableColumn>
+                                    </tableColumns>
+                                </tableView>
+                            </subviews>
+                            <color key="backgroundColor" name="controlBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </clipView>
+                        <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="YES" id="123">
+                            <rect key="frame" x="1" y="369" width="737" height="16"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <scroller key="verticalScroller" hidden="YES" verticalHuggingPriority="750" horizontal="NO" id="122">
+                            <rect key="frame" x="224" y="17" width="15" height="102"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <tableHeaderView key="headerView" id="121">
+                            <rect key="frame" x="0.0" y="0.0" width="737" height="23"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </tableHeaderView>
+                    </scrollView>
+                    <button toolTip="Clears the super logging entries and filter" verticalHuggingPriority="750" id="9">
+                        <rect key="frame" x="692" y="447" width="73" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Clear" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="128">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+CA
+</string>
+                        </buttonCell>
+                    </button>
+                    <button toolTip="Filters the superlogging entries by the filter criteria" verticalHuggingPriority="750" id="147">
+                        <rect key="frame" x="624" y="446" width="77" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Filter" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="148">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent">X</string>
+                        </buttonCell>
+                    </button>
+                    <button toolTip="Refreshes the super logging entries" verticalHuggingPriority="750" id="129">
+                        <rect key="frame" x="677" y="24" width="88" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Refresh" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="130">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                            <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                        </buttonCell>
+                    </button>
+                    <button toolTip="Turns auto-refresh ON or OFF" id="133">
+                        <rect key="frame" x="18" y="32" width="134" height="18"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="check" title="Auto refresh every" bezelStyle="regularSquare" imagePosition="left" state="on" inset="2" id="134">
+                            <behavior key="behavior" changeContents="YES" doesNotDimImage="YES" lightByContents="YES"/>
+                            <font key="font" metaFont="system"/>
+                        </buttonCell>
+                    </button>
+                    <button toolTip="Turns the super logging OFF" verticalHuggingPriority="750" id="164">
+                        <rect key="frame" x="624" y="527" width="141" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Turn OFF" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="165">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+CA
+</string>
+                        </buttonCell>
+                    </button>
+                    <button toolTip="Changes the super logging server buffer size" verticalHuggingPriority="750" id="143">
+                        <rect key="frame" x="216" y="484" width="81" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Change" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="144">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent">X</string>
+                        </buttonCell>
+                    </button>
+                    <textField toolTip="Changes the buffer size for super logging" verticalHuggingPriority="750" id="138">
+                        <rect key="frame" x="140" y="490" width="74" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="buffer size" drawsBackground="YES" id="139">
+                            <numberFormatter key="formatter" formatterBehavior="default10_4" numberStyle="decimal" minimumIntegerDigits="1" maximumIntegerDigits="2000000000" maximumFractionDigits="3" id="140"/>
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField toolTip="Sets the auto refresh interval" verticalHuggingPriority="750" id="166">
+                        <rect key="frame" x="158" y="30" width="74" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="interval" drawsBackground="YES" id="167">
+                            <numberFormatter key="formatter" formatterBehavior="default10_4" numberStyle="decimal" minimumIntegerDigits="1" maximumIntegerDigits="2000000000" maximumFractionDigits="3" id="168"/>
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="141">
+                        <rect key="frame" x="18" y="493" width="116" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Server buffer size:" id="142">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="169">
+                        <rect key="frame" x="238" y="33" width="57" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="seconds" id="170">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="151">
+                        <rect key="frame" x="20" y="457" width="58" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Filter:" id="152">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <comboBox toolTip="Filters the super logging entries using this column" verticalHuggingPriority="750" id="149">
+                        <rect key="frame" x="60" y="451" width="203" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" placeholderString="column" drawsBackground="YES" completes="NO" numberOfVisibleItems="5" id="150">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                            <objectValues>
+                                <string>None</string>
+                                <string>Port</string>
+                                <string>Login DN</string>
+                                <string>Operation</string>
+                                <string>Status</string>
+                                <string>Duration</string>
+                                <string>Client IP</string>
+                                <string>String</string>
+                            </objectValues>
+                        </comboBoxCell>
+                    </comboBox>
+                    <comboBox toolTip="Operator for the filter" verticalHuggingPriority="750" id="201">
+                        <rect key="frame" x="264" y="450" width="150" height="26"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <comboBoxCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" sendsActionOnEndEditing="YES" borderStyle="bezel" placeholderString="operator" drawsBackground="YES" completes="NO" numberOfVisibleItems="5" id="202">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                            <objectValues>
+                                <string>starts with</string>
+                                <string>equals</string>
+                                <string>ends with</string>
+                                <string>greater than</string>
+                                <string>less than</string>
+                                <string>contains</string>
+                            </objectValues>
+                        </comboBoxCell>
+                    </comboBox>
+                    <button toolTip="Closes the super logging window" verticalHuggingPriority="750" id="195">
+                        <rect key="frame" x="596" y="24" width="88" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Close" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="196">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent">x</string>
+                            <modifierMask key="keyEquivalentModifierMask" command="YES"/>
+                        </buttonCell>
+                    </button>
+                    <textField toolTip="Filter value" verticalHuggingPriority="750" id="198">
+                        <rect key="frame" x="419" y="453" width="205" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" selectable="YES" editable="YES" sendsActionOnEndEditing="YES" state="on" borderStyle="bezel" placeholderString="filter value" drawsBackground="YES" id="199">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="textColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="4zQ-L4-R1h">
+                        <rect key="frame" x="624" y="483" width="141" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Clear entries" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="dCD-8C-fb1">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnClearEntries:" target="-2" id="JxO-8U-9xy"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="145">
+                        <rect key="frame" x="22" y="533" width="602" height="22"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" borderStyle="bezel" alignment="left" title="Settings status" drawsBackground="YES" id="146">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlHighlightColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <contentBorderThickness minY="22"/>
+            <point key="canvasLocation" x="429.5" y="374"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindowController.cs
new file mode 100755
index 000000000..f951fede4
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindowController.cs
@@ -0,0 +1,599 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Threading;
+using Foundation;
+using AppKit;
+using System.Text;
+using VMDir.Common.DTO;
+using VmDirInterop.SuperLogging;
+using VmDirInterop.SuperLogging.Interfaces;
+using VmIdentity.UI.Common.Utilities;
+using VmIdentity.UI.Common;
+using LWRaftSnapIn.DataSource;
+using VMDir.Common;
+using System.Linq;
+using VMDirInterop.LDAP;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SuperLoggingBrowserWindowController : NSWindowController
+	{
+		private VMDirServerDTO _serverDTO;
+		private bool _enabled = false;
+		private ISuperLoggingCookie _cookie = null;
+		private Dictionary<int, ISuperLogEntry> _viewCache = new Dictionary<int, ISuperLogEntry>();
+		private const int FETCH_WINDOW_SIZE = 25;
+		private const int INITIAL_LIST_SIZE = 25;
+		private const int INIT_BUFFER_SIZE = 10000;
+		private const string INIT_REFRESH_INTERVAL = "2";
+		private Timer timer;
+		private TimerState timerState;
+		private int pageSize;
+
+		private ISuperLoggingConnection SuperLog
+		{
+			get
+			{
+				return _serverDTO.Connection.GetSuperLoggingConnection();
+			}
+		}
+
+		public SuperLoggingBrowserWindowController (IntPtr handle) : base (handle)
+		{
+		}
+
+		[Export ("initWithCoder:")]
+		public SuperLoggingBrowserWindowController (NSCoder coder) : base (coder)
+		{
+		}
+
+		public SuperLoggingBrowserWindowController (VMDirServerDTO serverDTO) : base ("SuperLoggingBrowserWindow")
+		{
+			_serverDTO = serverDTO;
+		}
+
+		public override void AwakeFromNib ()
+		{
+			base.AwakeFromNib ();
+			InitUI();
+			BtnRefresh.Activated += btnRefresh_Click;
+			BtnOff.Activated += btnSuperLogOnOff_Click;
+			BtnFilter.Activated += btnFilter_Click;
+			BtnClear.Activated += btnClear_Click;
+			BtnBufferSizeChange.Activated += btnChangeBufferSize_Click;
+			ChkAutoRefresh.Activated += chkAutoRefresh_CheckedChanged;
+			CboColumns.Activated += CboColumns_Changed;
+			CbOperator.Activated += (object sender, EventArgs e) => 
+			{
+				EnableDisableFilter();
+			};
+			this.BtnClose.Activated += (object sender, EventArgs e) => {
+				this.Close ();
+				NSApplication.SharedApplication.StopModalWithCode (0);
+			};
+			TxtFilterValue.Changed += (object sender, EventArgs e) => {
+				EnableDisableFilter();
+			};
+			SuperLogsTableView.DoubleClick += SuperLog_DoubleClick;
+			SuperLogsTableView.Delegate = new TableDelegate (this);
+			ChangeAutoRefreshSettings ();
+			EnableDisableFilter();
+		}
+
+		void SuperLog_DoubleClick(object sender, EventArgs e)
+		{
+			var row = (int)SuperLogsTableView.SelectedRow;
+			if(row > -1 && _viewCache.ContainsKey(row))
+			{
+				var item = _viewCache [row];
+
+				if (item is SuperLogSearchEntry) {
+					var text = (item as SuperLogSearchEntry).ToString ();
+					UIHelper.ShowGenericWindowAsSheet (text, "Search Details", this.Window);
+				}
+			}
+		}
+
+		void CboColumns_Changed (object sender, EventArgs e)
+		{
+			var row = (int)CboColumns.SelectedIndex;
+			if (row >= 0) {
+				if (row == 0) {
+					CbOperator.SelectItem (0);
+					TxtFilterValue.StringValue = string.Empty;
+					CbOperator.Enabled = false;
+					TxtFilterValue.Enabled = false;
+				} else {
+					CbOperator.Enabled = true;
+					TxtFilterValue.Enabled = true;
+				}
+			}
+			EnableDisableFilter();
+		}
+
+		private void InitUI()
+		{
+			timerState = new TimerState ();
+			timer = new Timer (timerAutoRefresh_Tick, timerState, -1, -1);
+			timerState.timer = timer;
+			SetDefaults ();
+			UpdateStatus();
+		}
+
+		private void SetDefaults()
+		{
+			TxtBufferSize.IntValue = INIT_BUFFER_SIZE;
+			TxtRefreshInterval.StringValue = INIT_REFRESH_INTERVAL;
+			CboColumns.SelectItem (0);
+			CbOperator.Enabled = false;
+			TxtFilterValue.Enabled = false;
+		}
+		private void RefreshList(int startindex = 0)
+		{
+			UIErrorHelper.CheckedExec (delegate {
+				if(startindex == 0)
+				{
+					_viewCache.Clear ();
+					this.SuperLogsTableView.DataSource = new SuperLoggingTableViewDataSource (null);
+					this.SuperLogsTableView.ReloadData ();
+				}
+				if (_enabled) {
+					if (_cookie == null)
+						_cookie = new SuperLoggingCookie ();
+					FillCache (startindex, FETCH_WINDOW_SIZE);
+				}
+			});
+		}
+
+		private void UpdateStatus()
+		{
+			try {
+				_enabled = SuperLog.isEnabled ();
+				if (_enabled) {
+					uint nCapacity = SuperLog.getCapacity ();
+					Status.StringValue = string.Format (
+						"Superlogging is on with a buffer size of {0} entries",
+						nCapacity);
+					TxtBufferSize.IntValue = (int)nCapacity;
+					pageSize = TxtBufferSize.IntValue;
+				} else {
+					Status.StringValue = "Superlogging is turned off. Click the button to turn it on";
+				}
+				BtnBufferSizeChange.Enabled = TxtBufferSize.Enabled = _enabled;
+			} catch (Exception exc) {
+				if (ChkAutoRefresh.StringValue == "1") {
+					ChkAutoRefresh.StringValue = "0";
+					timer.Change (-1, -1);
+				}
+				_enabled = false;
+				Status.StringValue = "Superlogging is turned off. Click the button to turn it on";
+				BtnBufferSizeChange.Enabled = TxtBufferSize.Enabled = true;
+				UIErrorHelper.ShowAlert(exc.Message, "Operation could not complete successfully.");
+			}
+			BtnOff.Title = "Turn " + (_enabled ? "OFF" : "ON");
+		}
+		public new SuperLoggingBrowserWindow Window {
+			get { return (SuperLoggingBrowserWindow)base.Window; }
+		}
+
+		private void btnFilter_Click(object sender, EventArgs e)
+		{
+			UIErrorHelper.CheckedExec (delegate {
+				var row = (int)CboColumns.SelectedIndex;
+				var op = (int)CbOperator.SelectedIndex;
+				if (row > 0 && !string.IsNullOrEmpty (TxtFilterValue.StringValue) && op >= 0) {
+				
+					var entries = new List<SuperLogDto> ();
+					for (int startIndex = _viewCache.Keys.Count; startIndex >= 0; startIndex--) {
+						ISuperLogEntry item;
+						if (_viewCache.TryGetValue (startIndex, out item)) {
+							var endTime = item.getEndTime ();
+							var startTime = item.getStartTime ();
+							var errorCode = (int)item.getErrorCode ();
+							var errordesc = GetErrorDescription (errorCode);
+							var dto = new SuperLogDto {
+								Port = item.getServerPort ().ToString (),
+								LoginDN = item.getLoginDN (),
+								Operation = item.getOperation (),
+								ErrorCode = errordesc,
+								Duration = (endTime - startTime).ToString (),
+								DurationLong = (long)(endTime - startTime),
+								ClientIP = item.getClientIP (),
+								String = item.getString ()
+							};
+							entries.Add (dto);
+						}
+					}
+
+					var filtered = new List<SuperLogDto> ();
+					SuperLoggingColumn column; 
+					Operation oper; 
+
+					if (Enum.TryParse (row.ToString (), out column) && Enum.TryParse (op.ToString (), out oper)) {
+						switch (column) {
+						case SuperLoggingColumn.Port:
+							switch (oper) {
+							case Operation.StartsWith: 
+							case Operation.GreaterThan:
+								filtered = entries.Where (x => x.Port.StartsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Equals: 
+								filtered = entries.Where (x => x.Port == TxtFilterValue.StringValue).ToList ();
+								break;
+							case Operation.EndsWith: 
+							case Operation.LessThan:
+								filtered = entries.Where (x => x.Port.EndsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Contains:
+								filtered = entries.Where (x => x.Port.Contains (TxtFilterValue.StringValue)).ToList ();
+								break;
+							default:
+								break;
+							}
+							break;
+						case SuperLoggingColumn.LoginDN:
+							switch (oper) {
+							case Operation.StartsWith: 
+							case Operation.GreaterThan:
+								filtered = entries.Where (x => x.LoginDN.StartsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Equals: 
+								filtered = entries.Where (x => x.LoginDN == TxtFilterValue.StringValue).ToList ();
+								break;
+							case Operation.EndsWith: 
+							case Operation.LessThan:
+								filtered = entries.Where (x => x.LoginDN.EndsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Contains:
+								filtered = entries.Where (x => x.LoginDN.Contains (TxtFilterValue.StringValue)).ToList ();
+								break;
+							default:
+								break;
+							}
+							break;
+						case SuperLoggingColumn.Operation:
+							switch (oper) {
+							case Operation.StartsWith: 
+							case Operation.GreaterThan:
+								filtered = entries.Where (x => x.Operation.StartsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Equals: 
+								filtered = entries.Where (x => x.Operation == TxtFilterValue.StringValue).ToList ();
+								break;
+							case Operation.EndsWith: 
+							case Operation.LessThan:
+								filtered = entries.Where (x => x.Operation.EndsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Contains:
+								filtered = entries.Where (x => x.Operation.Contains (TxtFilterValue.StringValue)).ToList ();
+								break;
+							default:
+								break;
+							}
+							break;
+						case SuperLoggingColumn.ErrorCode:
+							switch (oper) {
+							case Operation.StartsWith: 
+							case Operation.GreaterThan:
+								filtered = entries.Where (x => x.ErrorCode.StartsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Equals:
+								filtered = entries.Where (x => x.ErrorCode == TxtFilterValue.StringValue).ToList ();
+								break;
+							case Operation.EndsWith: 
+							case Operation.LessThan:
+								filtered = entries.Where (x => x.ErrorCode.EndsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Contains:
+								filtered = entries.Where (x => x.ErrorCode.Contains (TxtFilterValue.StringValue)).ToList ();
+								break;
+							default:
+								break;
+							}
+							break;
+						case SuperLoggingColumn.Duration:
+							long value;
+							if (long.TryParse (TxtFilterValue.StringValue, out value)) {
+								switch (oper) {
+								case Operation.StartsWith:
+									filtered = entries.Where (x => x.Duration.StartsWith (TxtFilterValue.StringValue)).ToList ();
+									break;
+								case Operation.GreaterThan:
+									filtered = entries.Where (x => x.DurationLong > value).ToList ();
+									break;
+								case Operation.Equals:
+									filtered = entries.Where (x => x.DurationLong == value).ToList ();
+									break;
+								case Operation.EndsWith: 
+									filtered = entries.Where (x => x.Duration.EndsWith (TxtFilterValue.StringValue)).ToList ();
+									break;
+								case Operation.LessThan:
+									filtered = entries.Where (x => x.DurationLong < value).ToList ();
+									break;
+								case Operation.Contains:
+									filtered = entries.Where (x => x.Duration.Contains (TxtFilterValue.StringValue)).ToList ();
+									break;
+								default:
+									break;
+								}
+							} else
+								throw new Exception ("The filer value is not a valid duration");
+							break;
+						case SuperLoggingColumn.ClientIP:
+							switch (oper) {
+							case Operation.StartsWith: 
+							case Operation.GreaterThan:
+								filtered = entries.Where (x => x.ClientIP.StartsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Equals:
+								filtered = entries.Where (x => x.ClientIP == TxtFilterValue.StringValue).ToList ();
+								break;
+							case Operation.EndsWith: 
+							case Operation.LessThan:
+								filtered = entries.Where (x => x.ClientIP.EndsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Contains:
+								filtered = entries.Where (x => x.ClientIP.Contains (TxtFilterValue.StringValue)).ToList ();
+								break;
+							default:
+								break;
+							}
+							break;
+						case SuperLoggingColumn.String:
+							switch (oper) {
+							case Operation.StartsWith: 
+							case Operation.GreaterThan:
+								filtered = entries.Where (x => x.String.StartsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Equals:
+								filtered = entries.Where (x => x.String == TxtFilterValue.StringValue).ToList ();
+								break;
+							case Operation.EndsWith: 
+							case Operation.LessThan:
+								filtered = entries.Where (x => x.String.EndsWith (TxtFilterValue.StringValue)).ToList ();
+								break;
+							case Operation.Contains:
+								filtered = entries.Where (x => x.String.Contains (TxtFilterValue.StringValue)).ToList ();
+								break;
+							default:
+								break;
+							}
+							break;
+						}
+						this.SuperLogsTableView.DataSource = new SuperLoggingTableViewDataSource (filtered);
+						this.SuperLogsTableView.ReloadData ();
+					}
+				}
+			});
+		}
+
+		private void EnableDisableFilter()
+		{
+			var row = (int)CboColumns.SelectedIndex;
+			var op = (int)CbOperator.SelectedIndex;
+			BtnFilter.Enabled = (row > 0 && !string.IsNullOrEmpty (TxtFilterValue.StringValue) && op >= 0);
+		}
+
+		private void btnSuperLogOnOff_Click(object sender, EventArgs e)
+		{
+			try
+			{
+				if (SuperLog.isEnabled())
+					SuperLog.disable();
+				else
+					SuperLog.enable();
+				UpdateStatus();
+				RefreshList();
+			}
+			catch (Exception exp)
+			{
+				UIErrorHelper.ShowAlert(exp.ToString(),"Error");
+			}
+		}
+		private void btnClear_Click(object sender, EventArgs e)
+		{
+			CboColumns.SelectItem(0);
+			CbOperator.SelectItem(0);
+			TxtFilterValue.StringValue = string.Empty;
+			RefreshList();
+
+		}
+		partial void OnClearEntries(NSObject sender)
+		{
+			UIErrorHelper.CheckedExec(delegate
+			{
+				if (UIErrorHelper.ConfirmDeleteOperation("This will clear all the superlog entries at the server. Continue?"))
+				{
+					SuperLog.clear();
+					RefreshList();
+					TxtFilterValue.StringValue = string.Empty;
+					CboColumns.SelectItem(0);
+					CbOperator.SelectItem(0);
+				}
+			});
+		}
+
+		private void btnRefresh_Click(object sender, EventArgs e)
+		{
+			RefreshList();
+		}
+
+		static string GetErrorDescription (int errorCode)
+		{
+			var errordesc = "Success";
+			if (errorCode != 0) {
+				try {
+					errordesc = ErrorCheckerHelper.ErrorCodeToString(errorCode);
+				}
+				catch (Exception exc) {
+					errordesc = errorCode.ToString ();
+				}
+			}
+			return errordesc;
+		}
+
+		void FillCache(int itemIndex, int windowSize)
+		{
+			UIErrorHelper.CheckedExec(delegate
+				{
+					var list = SuperLog.getPagedEntries(_cookie, (uint)windowSize);
+					if (list != null)
+					{ 
+						int i = 0;
+						foreach (var dto in list.getEntries())
+						{
+							_viewCache[itemIndex + i++] = dto;
+						}
+					}
+					var entries = new List<SuperLogDto>();
+					for (int startIndex = _viewCache.Keys.Count-1, i=0 ; startIndex >= 0; startIndex--, i++) {
+						if(i> pageSize)
+						{
+							_viewCache.Remove(startIndex);
+						}
+						else
+						{
+							ISuperLogEntry item;
+							if (_viewCache.TryGetValue (startIndex, out item)) {
+								var endTime = item.getEndTime ();
+								var startTime = item.getStartTime ();
+								var errorCode = (int)item.getErrorCode ();
+								var errordesc = GetErrorDescription (errorCode);
+								var dto = new SuperLogDto {
+									Port = item.getServerPort ().ToString (),
+									LoginDN = item.getLoginDN (),
+									Operation = item.getOperation (),
+									ErrorCode = errordesc,
+									Duration = (endTime - startTime).ToString (),
+									DurationLong = (long)(endTime - startTime),
+									ClientIP = item.getClientIP (),
+									String = item.getString ()
+								};
+								entries.Add (dto);
+							}
+						}
+					}
+
+					this.SuperLogsTableView.DataSource = new SuperLoggingTableViewDataSource (entries);
+					this.SuperLogsTableView.ReloadData ();
+				});
+		}
+
+		private void btnChangeBufferSize_Click(object sender, EventArgs e)
+		{
+			UIErrorHelper.CheckedExec(delegate
+				{
+					var capacity = TxtBufferSize.IntValue;
+					var message = string.Format("Set superlog buffer size to {0}?", capacity);
+					ConfirmationDialogController cwc = new ConfirmationDialogController (message);
+					nint result = NSApplication.SharedApplication.RunModalForWindow (cwc.Window);
+					if (result == (nint)VMIdentityConstants.DIALOGOK) {
+						SuperLog.setCapacity(Convert.ToUInt32(capacity));
+						UpdateStatus();
+						pageSize = capacity;
+						RefreshList();
+					}
+				});
+		}
+
+		private void chkAutoRefresh_CheckedChanged(object sender, EventArgs e)
+		{
+			ChangeAutoRefreshSettings();
+		}
+
+		private void ChangeAutoRefreshSettings()
+		{
+			bool autoRefresh = ChkAutoRefresh.StringValue == "1";
+			if (autoRefresh) {
+				var interval = TxtRefreshInterval.IntValue * 1000;
+				timer.Change (interval, interval);
+			} else {
+				timer.Change (-1, -1);
+//				timer.Dispose ();
+//				timerState.timer.Dispose ();
+//				timerState.timer = null;
+//				timer = null;
+			}
+		}
+		private void TimerRefresh()
+		{
+			UpdateStatus ();
+			RefreshList (_viewCache.Count);
+			btnFilter_Click (this, EventArgs.Empty);
+		}
+		private void timerAutoRefresh_Tick(Object state)
+		{
+			InvokeOnMainThread (TimerRefresh);
+		}
+
+		private void txtAutoRefresh_ValueChanged(object sender, EventArgs e)
+		{
+			ChangeAutoRefreshSettings();
+		}
+
+		public class TableDelegate : NSTableViewDelegate
+		{
+			private SuperLoggingBrowserWindowController _controller;
+			public TableDelegate (SuperLoggingBrowserWindowController controller)
+			{
+				_controller = controller;
+			}
+
+			public override void WillDisplayCell (NSTableView tableView, NSObject cell,
+				NSTableColumn tableColumn, nint row)
+			{
+				UIErrorHelper.CheckedExec (delegate() {
+					NSTextFieldCell textCell = cell as NSTextFieldCell;
+					if (textCell != null) {
+						var collection = ((SuperLoggingTableViewDataSource)(_controller.SuperLogsTableView.DataSource)).Entries;
+						if (collection != null) {
+							var item = collection [(int)row];
+							textCell.TextColor = (item.ErrorCode != "Success")  ? NSColor.Red: NSColor.Black;
+						}
+					}
+				});
+			}
+		}
+	}
+
+	class TimerState {
+		public int counter = 0;
+		public Timer timer;
+	}
+
+	public enum SuperLoggingColumn
+	{
+		None = 0,
+		Port = 1,
+		LoginDN = 2,
+		Operation = 3,
+		ErrorCode = 4,
+		Duration = 5,
+		ClientIP = 6,
+		String = 7
+	}
+
+	public enum Operation
+	{
+		StartsWith = 0,
+		Equals = 1,
+		EndsWith = 2,
+		GreaterThan = 3,
+		LessThan = 4,
+		Contains = 5
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindowController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindowController.designer.cs
new file mode 100755
index 000000000..37195d766
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLog/SuperLoggingBrowserWindowController.designer.cs
@@ -0,0 +1,147 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("SuperLoggingBrowserWindowController")]
+	partial class SuperLoggingBrowserWindowController
+	{
+		[Outlet]
+		AppKit.NSButton BtnBufferSizeChange { get; set; }
+
+		[Outlet]
+		AppKit.NSButton BtnClear { get; set; }
+
+		[Outlet]
+		AppKit.NSButton BtnClose { get; set; }
+
+		[Outlet]
+		AppKit.NSButton BtnFilter { get; set; }
+
+		[Outlet]
+		AppKit.NSButton BtnOff { get; set; }
+
+		[Outlet]
+		AppKit.NSButton BtnRefresh { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox CboColumns { get; set; }
+
+		[Outlet]
+		AppKit.NSComboBox CbOperator { get; set; }
+
+		[Outlet]
+		AppKit.NSButton ChkAutoRefresh { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField Status { get; set; }
+
+		[Outlet]
+		AppKit.NSTableView SuperLogsTableView { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField TxtBufferSize { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField TxtFilterValue { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField TxtRefreshInterval { get; set; }
+
+		[Action ("OnClearEntries:")]
+		partial void OnClearEntries (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (BtnBufferSizeChange != null) {
+				BtnBufferSizeChange.Dispose ();
+				BtnBufferSizeChange = null;
+			}
+
+			if (BtnClear != null) {
+				BtnClear.Dispose ();
+				BtnClear = null;
+			}
+
+			if (BtnClose != null) {
+				BtnClose.Dispose ();
+				BtnClose = null;
+			}
+
+			if (BtnFilter != null) {
+				BtnFilter.Dispose ();
+				BtnFilter = null;
+			}
+
+			if (BtnOff != null) {
+				BtnOff.Dispose ();
+				BtnOff = null;
+			}
+
+			if (BtnRefresh != null) {
+				BtnRefresh.Dispose ();
+				BtnRefresh = null;
+			}
+
+			if (CboColumns != null) {
+				CboColumns.Dispose ();
+				CboColumns = null;
+			}
+
+			if (CbOperator != null) {
+				CbOperator.Dispose ();
+				CbOperator = null;
+			}
+
+			if (ChkAutoRefresh != null) {
+				ChkAutoRefresh.Dispose ();
+				ChkAutoRefresh = null;
+			}
+
+			if (Status != null) {
+				Status.Dispose ();
+				Status = null;
+			}
+
+			if (SuperLogsTableView != null) {
+				SuperLogsTableView.Dispose ();
+				SuperLogsTableView = null;
+			}
+
+			if (TxtBufferSize != null) {
+				TxtBufferSize.Dispose ();
+				TxtBufferSize = null;
+			}
+
+			if (TxtFilterValue != null) {
+				TxtFilterValue.Dispose ();
+				TxtFilterValue = null;
+			}
+
+			if (TxtRefreshInterval != null) {
+				TxtRefreshInterval.Dispose ();
+				TxtRefreshInterval = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.cs
new file mode 100755
index 000000000..6239f85c1
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SyntaxHelpWindow : NSWindow
+	{
+		public SyntaxHelpWindow(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public SyntaxHelpWindow(NSCoder coder) : base(coder)
+		{
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.designer.cs
new file mode 100755
index 000000000..18b03cba8
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+	[global::Foundation.Register("SyntaxHelpWindow")]
+	public partial class SyntaxHelpWindow
+	{
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.xib
new file mode 100755
index 000000000..ce1f7e1ea
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindow.xib
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="10117" systemVersion="15G31" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="10117"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="SyntaxHelpWindowController">
+            <connections>
+                <outlet property="ExampleTextView" destination="H3d-S5-A9R" id="9R5-uh-S3O"/>
+                <outlet property="MoreInfoTextField" destination="Wh6-Ty-Ws4" id="cOB-cX-enL"/>
+                <outlet property="NameTextField" destination="kTm-eH-PhF" id="d5l-Rq-Qld"/>
+                <outlet property="SyntaxTextField" destination="qNx-ER-Suk" id="bAT-yd-2dK"/>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Window" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" visibleAtLaunch="NO" animationBehavior="default" id="2" customClass="SyntaxHelpWindow">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES"/>
+            <rect key="contentRect" x="131" y="74" width="407" height="334"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1280" height="778"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="407" height="334"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <scrollView horizontalLineScroll="10" horizontalPageScroll="10" verticalLineScroll="10" verticalPageScroll="10" hasHorizontalScroller="NO" usesPredominantAxisScrolling="NO" id="9HC-xm-b46">
+                        <rect key="frame" x="28" y="116" width="347" height="113"/>
+                        <autoresizingMask key="autoresizingMask"/>
+                        <clipView key="contentView" id="rKr-rl-pkt">
+                            <rect key="frame" x="1" y="1" width="345" height="111"/>
+                            <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                            <subviews>
+                                <textView editable="NO" importsGraphics="NO" findStyle="panel" continuousSpellChecking="YES" allowsUndo="YES" usesRuler="YES" usesFontPanel="YES" verticallyResizable="YES" allowsNonContiguousLayout="YES" quoteSubstitution="YES" dashSubstitution="YES" spellingCorrection="YES" smartInsertDelete="YES" id="H3d-S5-A9R">
+                                    <rect key="frame" x="0.0" y="0.0" width="345" height="111"/>
+                                    <autoresizingMask key="autoresizingMask" widthSizable="YES" heightSizable="YES"/>
+                                    <color key="backgroundColor" white="1" alpha="1" colorSpace="calibratedWhite"/>
+                                    <size key="minSize" width="345" height="111"/>
+                                    <size key="maxSize" width="463" height="10000000"/>
+                                    <color key="insertionPointColor" name="controlTextColor" catalog="System" colorSpace="catalog"/>
+                                    <size key="minSize" width="345" height="111"/>
+                                    <size key="maxSize" width="463" height="10000000"/>
+                                </textView>
+                            </subviews>
+                            <color key="backgroundColor" white="1" alpha="1" colorSpace="calibratedWhite"/>
+                        </clipView>
+                        <scroller key="horizontalScroller" hidden="YES" verticalHuggingPriority="750" doubleValue="1" horizontal="YES" id="Cx5-H6-UV2">
+                            <rect key="frame" x="-100" y="-100" width="87" height="18"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                        <scroller key="verticalScroller" verticalHuggingPriority="750" doubleValue="1" horizontal="NO" id="TQd-vr-uky">
+                            <rect key="frame" x="330" y="1" width="16" height="111"/>
+                            <autoresizingMask key="autoresizingMask"/>
+                        </scroller>
+                    </scrollView>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="CPn-n1-Okc">
+                        <rect key="frame" x="26" y="292" width="44" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Name:" id="szW-Fg-XiF">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="7f0-Ez-iTI">
+                        <rect key="frame" x="26" y="263" width="49" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Syntax:" id="mKz-oW-OpE">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="kTm-eH-PhF">
+                        <rect key="frame" x="99" y="292" width="278" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Label" id="WcS-2u-CZI">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="qNx-ER-Suk">
+                        <rect key="frame" x="99" y="263" width="278" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Label" id="gyH-Bg-D59">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="NHM-1a-X82">
+                        <rect key="frame" x="26" y="89" width="66" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="More Info:" id="fCA-Xt-Hd5">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="6vl-SU-EBZ">
+                        <rect key="frame" x="26" y="232" width="66" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Examples:" id="lu2-j2-LyH">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" id="Wh6-Ty-Ws4">
+                        <rect key="frame" x="26" y="64" width="351" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Label" id="Rtl-PD-LKD">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="K86-IW-17P">
+                        <rect key="frame" x="299" y="19" width="82" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Cancel" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="a1l-IK-Smc">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnCancel:" target="-2" id="Knw-2e-Eec"/>
+                        </connections>
+                    </button>
+                </subviews>
+            </view>
+            <point key="canvasLocation" x="240.5" y="362"/>
+        </window>
+    </objects>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindowController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindowController.cs
new file mode 100755
index 000000000..e175cb8a2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindowController.cs
@@ -0,0 +1,80 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+using VMDir.Common.DTO;
+using System.Text;
+
+namespace LWRaftSnapIn.UI
+{
+	public partial class SyntaxHelpWindowController : NSWindowController
+	{
+		private AttributeHelpDTO helpDTO;
+
+		public SyntaxHelpWindowController(IntPtr handle) : base(handle)
+		{
+		}
+
+		[Export("initWithCoder:")]
+		public SyntaxHelpWindowController(NSCoder coder) : base(coder)
+		{
+		}
+
+		public SyntaxHelpWindowController(AttributeHelpDTO helpDTO) : base("SyntaxHelpWindow")
+		{
+			this.helpDTO = helpDTO;
+		}
+
+		public override void AwakeFromNib()
+		{
+			base.AwakeFromNib();
+
+			NameTextField.StringValue = string.Empty;
+			SyntaxTextField.StringValue = string.Empty;
+			ExampleTextView.Value = string.Empty;
+			MoreInfoTextField.StringValue = string.Empty;
+
+			if (helpDTO != null)
+			{
+				NameTextField.StringValue = helpDTO.Name;
+				SyntaxTextField.StringValue = helpDTO.Value;
+
+				StringBuilder sb = new StringBuilder();
+				if (helpDTO.ExampleList != null)
+				{
+					foreach (var str in helpDTO.ExampleList)
+						sb.Append(str + Environment.NewLine);
+					ExampleTextView.Value = sb.ToString();
+				}
+
+				if (!string.IsNullOrWhiteSpace(helpDTO.HelpLink))
+				{
+					MoreInfoTextField.StringValue = helpDTO.HelpLink;
+				}
+			}
+		}
+
+		public new SyntaxHelpWindow Window
+		{
+			get { return (SyntaxHelpWindow)base.Window; }
+		}
+		partial void OnCancel(NSObject sender)
+		{
+			this.Close();
+			NSApplication.SharedApplication.StopModalWithCode(0);
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindowController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindowController.designer.cs
new file mode 100755
index 000000000..91a1bc04b
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/SyntaxHelp/SyntaxHelpWindowController.designer.cs
@@ -0,0 +1,67 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("SyntaxHelpWindowController")]
+	partial class SyntaxHelpWindowController
+	{
+		[Outlet]
+		AppKit.NSTextView ExampleTextView { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField MoreInfoTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField NameTextField { get; set; }
+
+		[Outlet]
+		AppKit.NSTextField SyntaxTextField { get; set; }
+
+		[Action ("OnCancel:")]
+		partial void OnCancel (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+			if (ExampleTextView != null) {
+				ExampleTextView.Dispose ();
+				ExampleTextView = null;
+			}
+
+			if (NameTextField != null) {
+				NameTextField.Dispose ();
+				NameTextField = null;
+			}
+
+			if (SyntaxTextField != null) {
+				SyntaxTextField.Dispose ();
+				SyntaxTextField = null;
+			}
+
+			if (MoreInfoTextField != null) {
+				MoreInfoTextField.Dispose ();
+				MoreInfoTextField = null;
+			}
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/VMDirTableView.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/VMDirTableView.cs
new file mode 100755
index 000000000..7afb392a6
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/VMDirTableView.cs
@@ -0,0 +1,55 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using LWRaftSnapIn.DataSource;
+using LWRaftSnapIn.Nodes;
+using Foundation;
+using AppKit;
+using CoreGraphics;
+
+namespace LWRaftSnapIn.UI
+{
+    [Register ("CustomTableView")]
+    public class VMDirTableView : NSTableView
+    {
+        private nint _selectedRow;
+
+        [Export ("init")]
+        public VMDirTableView () : base ()
+        {
+        }
+
+        [Export ("initWithCoder:")]
+        public VMDirTableView (NSCoder coder) : base (coder)
+        {
+        }
+
+        public VMDirTableView (IntPtr handle) : base (handle)
+        {
+
+        }
+
+        //Handle right click event for the TableView
+        public override NSMenu MenuForEvent (NSEvent theEvent)
+        {
+            NSMenu menu = new NSMenu ();
+            NSMenu.PopUpContextMenu (menu, theEvent, theEvent.Window.ContentView);
+            return base.MenuForEvent (theEvent);
+        }
+
+
+    }
+}
+
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.cs
new file mode 100755
index 000000000..a19323bb2
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.cs
@@ -0,0 +1,37 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class WelcomeScreen : NSWindow
+    {
+        public WelcomeScreen (IntPtr handle) : base (handle)
+        {
+        }
+
+        [Export ("initWithCoder:")]
+        public WelcomeScreen (NSCoder coder) : base (coder)
+        {
+        }
+
+        public override void AwakeFromNib ()
+        {
+            base.AwakeFromNib ();
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.designer.cs
new file mode 100755
index 000000000..4e5682910
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.designer.cs
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    [global::Foundation.Register ("WelcomeScreen")]
+    public partial class WelcomeScreen
+    {
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.xib b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.xib
new file mode 100755
index 000000000..ebab867b6
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreen.xib
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document type="com.apple.InterfaceBuilder3.Cocoa.XIB" version="3.0" toolsVersion="12121" systemVersion="16D32" targetRuntime="MacOSX.Cocoa" propertyAccessControl="none">
+    <dependencies>
+        <deployment identifier="macosx"/>
+        <plugIn identifier="com.apple.InterfaceBuilder.CocoaPlugin" version="12121"/>
+        <capability name="documents saved in the Xcode 8 format" minToolsVersion="8.0"/>
+    </dependencies>
+    <objects>
+        <customObject id="-2" userLabel="File's Owner" customClass="WelcomeScreenController">
+            <connections>
+                <outlet property="window" destination="2" id="6"/>
+            </connections>
+        </customObject>
+        <customObject id="-1" userLabel="First Responder" customClass="FirstResponder"/>
+        <customObject id="-3" userLabel="Application" customClass="NSObject"/>
+        <window title="Welcome" allowsToolTipsWhenApplicationIsInactive="NO" autorecalculatesKeyViewLoop="NO" oneShot="NO" animationBehavior="default" id="2" customClass="WelcomeScreen">
+            <windowStyleMask key="styleMask" titled="YES" closable="YES" miniaturizable="YES" unifiedTitleAndToolbar="YES"/>
+            <rect key="contentRect" x="471" y="295" width="550" height="291"/>
+            <rect key="screenRect" x="0.0" y="0.0" width="1440" height="877"/>
+            <value key="minSize" type="size" width="559" height="330"/>
+            <value key="maxSize" type="size" width="559" height="330"/>
+            <view key="contentView" id="3">
+                <rect key="frame" x="0.0" y="0.0" width="550" height="291"/>
+                <autoresizingMask key="autoresizingMask"/>
+                <subviews>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="51">
+                        <rect key="frame" x="9" y="73" width="188" height="18"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" id="52">
+                            <font key="font" metaFont="system" size="15"/>
+                            <color key="textColor" name="controlDarkShadowColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="125">
+                        <rect key="frame" x="263" y="172" width="175" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Browse Photon Object Store" id="126">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="129">
+                        <rect key="frame" x="263" y="147" width="153" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Manage Photon Objects " id="130">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="y54-Yk-xp3">
+                        <rect key="frame" x="263" y="122" width="144" height="17"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" title="Search Photon Objects" id="EhS-am-5Tf">
+                            <font key="font" metaFont="system"/>
+                            <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="controlColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <imageView horizontalHuggingPriority="251" verticalHuggingPriority="251" id="131">
+                        <rect key="frame" x="232" y="169" width="25" height="20"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyDown" image="BulletBlackIcon" id="132"/>
+                    </imageView>
+                    <imageView horizontalHuggingPriority="251" verticalHuggingPriority="251" id="133">
+                        <rect key="frame" x="232" y="144" width="25" height="20"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyDown" image="BulletBlackIcon" id="134"/>
+                    </imageView>
+                    <imageView horizontalHuggingPriority="251" verticalHuggingPriority="251" id="ot0-9G-f09">
+                        <rect key="frame" x="232" y="120" width="25" height="20"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyDown" image="BulletBlackIcon" id="NRi-lm-3SG"/>
+                    </imageView>
+                    <imageView horizontalHuggingPriority="251" verticalHuggingPriority="251" id="49">
+                        <rect key="frame" x="31" y="82" width="178" height="170"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <imageCell key="cell" refusesFirstResponder="YES" alignment="left" imageScaling="proportionallyDown" image="lightwave" id="50"/>
+                    </imageView>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="157">
+                        <rect key="frame" x="78" y="215" width="441" height="53"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="center" title="Welcome to" allowsEditingTextAttributes="YES" id="158">
+                            <font key="font" size="25" name="HelveticaNeue"/>
+                            <color key="textColor" name="controlDarkShadowColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                    <button verticalHuggingPriority="750" id="zH8-8v-BI9">
+                        <rect key="frame" x="259" y="66" width="147" height="32"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <buttonCell key="cell" type="push" title="Connect" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="qYN-ws-ums">
+                            <behavior key="behavior" pushIn="YES" lightByBackground="YES" lightByGray="YES"/>
+                            <font key="font" metaFont="system"/>
+                            <string key="keyEquivalent" base64-UTF8="YES">
+DQ
+</string>
+                        </buttonCell>
+                        <connections>
+                            <action selector="OnConnect:" target="-2" id="wh8-TE-O0r"/>
+                        </connections>
+                    </button>
+                    <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" allowsCharacterPickerTouchBarItem="NO" id="47">
+                        <rect key="frame" x="202" y="182" width="320" height="53"/>
+                        <autoresizingMask key="autoresizingMask" flexibleMaxX="YES" flexibleMinY="YES"/>
+                        <textFieldCell key="cell" scrollable="YES" lineBreakMode="clipping" sendsActionOnEndEditing="YES" alignment="center" title="Lightwave Raft Browser." allowsEditingTextAttributes="YES" id="48">
+                            <font key="font" size="28" name="HelveticaNeue"/>
+                            <color key="textColor" name="controlDarkShadowColor" catalog="System" colorSpace="catalog"/>
+                            <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
+                        </textFieldCell>
+                    </textField>
+                </subviews>
+            </view>
+            <connections>
+                <outlet property="delegate" destination="113" id="159"/>
+            </connections>
+            <point key="canvasLocation" x="151" y="280"/>
+        </window>
+        <customObject id="113" customClass="WelcomeScreen"/>
+    </objects>
+    <resources>
+        <image name="BulletBlackIcon" width="32" height="32"/>
+        <image name="lightwave" width="475" height="438"/>
+    </resources>
+</document>
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreenController.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreenController.cs
new file mode 100755
index 000000000..5be9cd1cf
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreenController.cs
@@ -0,0 +1,60 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using Foundation;
+using AppKit;
+using System.Linq;
+using VMDir.Common.DTO;
+using System.Collections.Generic;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class WelcomeScreenController : NSWindowController
+    {
+        public WelcomeScreenController (IntPtr handle) : base (handle)
+        {
+        }
+
+        [Export ("initWithCoder:")]
+        public WelcomeScreenController (NSCoder coder) : base (coder)
+        {
+        }
+
+        public WelcomeScreenController () : base ("WelcomeScreen")
+        {
+        }
+
+        public override void AwakeFromNib ()
+        {
+            base.AwakeFromNib ();
+            //set window background color
+            this.Window.BackgroundColor = NSColor.FromSrgb (1, 1, (float)1, (float)1);
+        }
+
+		partial void OnConnect(Foundation.NSObject sender)
+		{
+			this.Close();
+            var servers = LWRaftSnapInEnvironment.Instance.LocalData.ServerList;
+			if (servers == null)
+				servers = new List<VMDirServerDTO>();
+			MainWindowController mainWindowController = new MainWindowController(servers);
+			mainWindowController.Window.MakeKeyAndOrderFront(this);
+		}
+
+        public new WelcomeScreen Window {
+            get { return (WelcomeScreen)base.Window; }
+        }
+    }
+}
diff --git a/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreenController.designer.cs b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreenController.designer.cs
new file mode 100755
index 000000000..f98ae77c3
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/LWRaftSnapIn/UI/WelcomeScreen/WelcomeScreenController.designer.cs
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// WARNING
+//
+// This file has been generated automatically by Xamarin Studio to store outlets and
+// actions made in the UI designer. If it is removed, they will be lost.
+// Manual changes to this file may not be handled correctly.
+//
+using Foundation;
+using System.CodeDom.Compiler;
+
+namespace LWRaftSnapIn.UI
+{
+	[Register ("WelcomeScreenController")]
+	partial class WelcomeScreenController
+	{
+		[Action ("OnConnect:")]
+		partial void OnConnect (Foundation.NSObject sender);
+		
+		void ReleaseDesignerOutlets ()
+		{
+		}
+	}
+}
diff --git a/tools/mac/LWRaftSnapIn/Lightwave Raft.sln b/tools/mac/LWRaftSnapIn/Lightwave Raft.sln
new file mode 100755
index 000000000..5d9a00b56
--- /dev/null
+++ b/tools/mac/LWRaftSnapIn/Lightwave Raft.sln	
@@ -0,0 +1,66 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2012
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Lightwave Raft", "LWRaftSnapIn\Lightwave Raft.csproj", "{84EAD6E2-414C-4753-A512-6FA7B00474C0}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMDir.Common", "..\..\common\VMDir.Common\VMDir.Common.csproj", "{76109B16-B0AE-47EB-8545-EB135EB92E2A}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VmIdentity.UI.Common", "..\VmIdentity.UI.Common\VmIdentity.UI.Common.csproj", "{35037B87-3B35-40FA-A9D3-7974DCDDABB5}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMIdentity.CommonUtils", "..\..\common\VMIdentity.CommonUtils\VMIdentity.CommonUtils.csproj", "{CD959E2E-5B9C-4329-B085-352844CFDCDD}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+		AppStore|Any CPU = AppStore|Any CPU
+		Debug|x64 = Debug|x64
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.AppStore|Any CPU.ActiveCfg = Release|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.AppStore|Any CPU.Build.0 = Release|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Debug|x64.Build.0 = Debug|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Release|x64.ActiveCfg = Release|Any CPU
+		{35037B87-3B35-40FA-A9D3-7974DCDDABB5}.Release|x64.Build.0 = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.AppStore|Any CPU.ActiveCfg = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.AppStore|Any CPU.Build.0 = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|x64.Build.0 = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|x64.ActiveCfg = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|x64.Build.0 = Release|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.AppStore|Any CPU.ActiveCfg = AppStore|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.AppStore|Any CPU.Build.0 = AppStore|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Debug|x64.Build.0 = Debug|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Release|Any CPU.Build.0 = Release|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Release|x64.ActiveCfg = Release|Any CPU
+		{84EAD6E2-414C-4753-A512-6FA7B00474C0}.Release|x64.Build.0 = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.AppStore|Any CPU.ActiveCfg = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.AppStore|Any CPU.Build.0 = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|x64.Build.0 = Debug|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|x64.ActiveCfg = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|x64.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(MonoDevelopProperties) = preSolution
+		version = 0.2
+		outputpath = ..\x64\Debug
+	EndGlobalSection
+EndGlobal
diff --git a/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/InfrastucturesGroupNode.cs b/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/InfrastucturesGroupNode.cs
index cd8ed4d2f..81a34f752 100755
--- a/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/InfrastucturesGroupNode.cs
+++ b/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/InfrastucturesGroupNode.cs
@@ -20,7 +20,7 @@ public class InfrastucturesGroupNode : ScopeNode, ISiteNameFetcher
 	{	
 		public InfrastucturesGroupNode ()
 		{
-			DisplayName = "Platform Services Controllers";
+			DisplayName = "Lightwave Domain Controllers";
 		}
 
 		public string GetSiteName()
diff --git a/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/ManagementsGroupNode.cs b/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/ManagementsGroupNode.cs
index 1910aa2a6..f6582af4e 100755
--- a/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/ManagementsGroupNode.cs
+++ b/tools/mac/VMPSCHighAvailabilitySnapIn/LightwavePSCHighAvailability/Nodes/ManagementsGroupNode.cs
@@ -20,7 +20,7 @@ public class ManagementsGroupNode : ScopeNode, ISiteNameFetcher
 	{
 		public ManagementsGroupNode ()
 		{
-			DisplayName = "vCenter Servers";
+			DisplayName = "Photon Controllers";
 		}
 
 		public string GetSiteName()
diff --git a/tools/mac/build.sh b/tools/mac/build.sh
index d0832ed68..e02cfb9e6 100755
--- a/tools/mac/build.sh
+++ b/tools/mac/build.sh
@@ -84,6 +84,7 @@ pwd
 
 buildSolution VMCertStoreSnapIn $BUILD_CONFIG
 buildSolution VMDirSnapIn $BUILD_CONFIG
+buildSolution LWRaftSnapIn $BUILD_CONFIG
 buildSolution VMPSCHighAvailabilitySnapIn $BUILD_CONFIG
 buildSolution VMRestSsoSnapIn $BUILD_CONFIG
 buildSolution VMCASnapIn $BUILD_CONFIG
diff --git a/tools/mac/buildproduct.sh b/tools/mac/buildproduct.sh
index e390d44fb..104ff03ea 100755
--- a/tools/mac/buildproduct.sh
+++ b/tools/mac/buildproduct.sh
@@ -48,6 +48,7 @@ makePkgWithScript() {
 makePkg $CONFIG 'Lightwave CA.app' 'LightwaveCA.pkg' 'com.vmware.LightwaveCA'
 makePkg $CONFIG 'Lightwave Certificate Store.app' 'LightwaveCertStore.pkg' 'com.vmware.LightwaveCertStore'
 makePkg $CONFIG 'Lightwave Directory.app' 'LightwaveDirectory.pkg' 'com.vmware.LightwaveDirectory'
+makePkg $CONFIG 'Lightwave Raft Browser.app' 'LightwaveRaftBrowser.pkg' 'com.vmware.LightwaveRaftBrowser'
 makePkg $CONFIG 'Lightwave PSC Site Management.app' 'LightwavePSCSiteManagement.pkg' 'com.vmware.LightwavePSCSiteManagement'
 makePkgWithScript $CONFIG 'Lightwave SSO.app' 'LightwaveSSO.pkg' 'com.vmware.LightwaveSSO' 'scripts'
 makePkg $CONFIG 'Lightwave Directory Schema.app' 'LightwaveDirectorySchema.pkg' 'com.vmware.LightwaveDirectorySchema'
@@ -57,6 +58,7 @@ productbuild --synthesize \
   --package "x64/$CONFIG/LightwaveCA.pkg"  \
   --package "x64/$CONFIG/LightwaveCertStore.pkg" \
   --package "x64/$CONFIG/LightwaveDirectory.pkg" \
+  --package "x64/$CONFIG/LightwaveRaftBrowser.pkg" \
   --package "x64/$CONFIG/LightwavePSCSiteManagement.pkg" \
   --package "x64/$CONFIG/LightwaveSSO.pkg" \
   --package "x64/$CONFIG/LightwaveDirectorySchema.pkg" \
diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/Program.cs b/tools/win/LWRaftSnapIn/LWRaft.Test/Program.cs
new file mode 100644
index 000000000..d15fb9b11
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/Program.cs
@@ -0,0 +1,233 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.DirectoryServices.Protocols;
+using System.Windows.Forms;
+using VMDirSnapIn;
+using VMDirSnapIn.DTO;
+using VMDirSnapIn.UI;
+using System.Collections;
+using System.Collections.Generic;
+using System.IO;
+using System.Text;
+using System.Linq;
+using VMDir.Common.Schema;
+using System.Xml;
+using VMDirSnapIn.Services;
+using VMDir.Common.DTO;
+
+namespace VMDir.Test
+{
+    static class Program
+    {
+        /// <summary>
+        /// The main entry point for the application.
+        /// </summary>
+        [STAThread]
+        static void Main()
+        {
+            DoLdap();
+        }
+
+        static void DoLdap()
+        {
+            var dto = ShowSelectComputerUI();
+            if (dto == null)
+                return;
+
+            dto.Connection = new VMDirConnection(dto.Server, dto.BindDN, dto.Password);
+            dto.Connection.CreateConnection();
+            var ocd = dto.Connection.SchemaManager.GetObjectClass("organization");
+            dto.Connection.SchemaManager.GetRequiredAttributes("vmIdentity-Group");
+            var cr = dto.Connection.SchemaManager.GetContentRule("organization");
+
+            string dn = "CN=a,CN=Users,DC=vsphere,DC=local";
+            var pp = new AttributeEditorPropertyPage(dn, dto);
+            //new SchemaBrowser(dto).ShowDialog();
+        }
+
+        static void CreateForm(string objectClass, VMDirServerDTO dto)
+        {
+            var frm = new CreateForm(objectClass, dto);
+            if (frm.ShowDialog() == DialogResult.Cancel)
+                return;
+
+            var attributes = frm.Attributes.Select(x => LdapTypesService.MakeAttribute(x)).ToArray();
+
+            var cnVal = frm.Attributes.First(x => x.Key == "cn").Value.Value;
+            string dn = string.Format("cn={0},{1}", cnVal, "dc=vsphere,dc=local");
+            dto.Connection.Add(dn, attributes);
+        }
+
+        static void ParseObjectClass(string attr)
+        {
+            var defs = new List<SchemaComponentDef>
+            {
+                new SchemaComponentDef{Name="NAME", Parser=SchemaValueParsers.SingleValueQuoted},
+                new SchemaComponentDef{Name="SUP", Parser=SchemaValueParsers.SingleValue},
+                new SchemaComponentDef{Name="STRUCTURAL", Parser=SchemaValueParsers.IsDefined},
+                new SchemaComponentDef{Name="MUST", Parser=SchemaValueParsers.MultipleValuesDollar},
+                new SchemaComponentDef{Name="MAY", Parser=SchemaValueParsers.MultipleValuesDollar},
+                new SchemaComponentDef{Name="AUXILIARY", Parser=SchemaValueParsers.IsDefined},
+            };
+            ShowDict(Parse(defs, attr));
+        }
+
+        static void ParseAttributeTypes(string attr)
+        {
+            var defs = new List<SchemaComponentDef>
+            {
+                new SchemaComponentDef{Name="NAME", Parser=SchemaValueParsers.SingleOrMultipleQuoted},
+                new SchemaComponentDef{Name="DESC", Parser=SchemaValueParsers.SingleQuotedString},
+                new SchemaComponentDef{Name="EQUALITY", Parser=SchemaValueParsers.SingleValue},
+                new SchemaComponentDef{Name="SUBSTR", Parser=SchemaValueParsers.SingleValue},
+                new SchemaComponentDef{Name="SYNTAX", Parser=SchemaValueParsers.SingleValue},
+            };
+            ShowDict(Parse(defs, attr));
+        }
+
+        static void ShowDict(Dictionary<string, object> dict)
+        {
+            foreach (var entry in dict)
+            {
+                string result = "";
+                var val = entry.Value;
+                if (val == null)
+                    result = "{NULL}";
+                else if (val is string)
+                    result = val.ToString();
+                else
+                    result = string.Join(",", (val as List<string>).ToArray());
+
+                Console.WriteLine(string.Format("{0}: {1}", entry.Key, result));
+            }
+        }
+
+        static Dictionary<string, object> Parse(List<SchemaComponentDef> defs, string attr)
+        {
+            var dict = new Dictionary<string, object>();
+
+            var bits = attr.Split(' ');
+            var trimmedBits = bits.Where(x => !string.IsNullOrEmpty(x)).ToList();
+            
+            var indices = new List<int>();
+            foreach (var entry in defs)
+            {
+                int index = trimmedBits.IndexOf(entry.Name);
+                entry.IndexRange.Start = index;
+                indices.Add(index);
+            }
+            indices.Add(trimmedBits.Count-1);
+            indices.Sort();
+
+            defs.ForEach(x=>x.IndexRange.End = indices[indices.IndexOf(x.IndexRange.Start) + 1]);
+            foreach (var entry in defs)
+            {
+                int start = entry.IndexRange.Start + 1;
+                int end = entry.IndexRange.End;
+                if (entry.Parser != null)
+                {
+                    if (start == 0)
+                        dict[entry.Name] = entry.Parser(null);
+                    else
+                        dict[entry.Name] = entry.Parser(trimmedBits.GetRange(start, end - start));
+                }
+/*
+                var result = new List<string>();
+                if (trimmedBits[start] == "(")
+                {
+                    ++start; --end;
+                    for (int i = start; i < end; ++i)
+                        result.Add(trimmedBits[i].Trim('\''));
+                }
+                else
+                {
+                    var arrayVals = trimmedBits.GetRange(start, end - start).ToArray();
+                    result.Add(string.Join(" ", arrayVals));
+                }
+                dict[entry.Name] = result;*/
+            }
+            return dict;
+        }
+
+        public static VMDirServerDTO ShowSelectComputerUI()
+        {
+            var ui = new frmConnectToServer();
+            //ui.txtDirectoryServer.Text = "192.168.2.9:11711";
+            //ui.txtDirectoryServer.Text = "10.118.72.132:11711";
+            if (ui.ShowDialog() == DialogResult.OK)
+                return ui.ServerDTO;
+            return null;
+        }
+
+        static void Test(VMDirConnection conn)
+        {
+            try
+            {
+                conn.CreateConnection();
+                var baseDN = "cn=aggregate,cn=schemacontext";
+
+                var sb = new StringBuilder();
+                var response = conn.Search(baseDN, "(objectClass=*)", null, SearchScope.Subtree);
+                foreach (SearchResultEntry entry in response.Entries)
+                {
+                    foreach (DictionaryEntry attrib in entry.Attributes)
+                    {
+                        sb.AppendFormat(">>>>>>>>>>>>>>>>>{0}<<<<<<<<<<<<<<<", attrib.Key).AppendLine();
+
+                        var val = attrib.Value as DirectoryAttribute;
+                        bool hasMultiple = val.Count > 1;
+                        if (!hasMultiple)
+                        {
+                            string valString = "";
+                            if (val.Count == 1)
+                                valString = val[0].ToString();
+                        }
+                        else
+                        {
+                            var values = new List<string>();
+                            int count = val.Count;
+                            for (int i = 0; i < count; ++i)
+                            {
+                                object o = val[i];
+                                string type = o.GetType().ToString();
+                                sb.AppendFormat("{0}: {1}", type, o.ToString()).AppendLine();
+                                values.Add(val[i].ToString());
+                            }
+                        }
+                    }
+                }
+                File.WriteAllText("c:\\temp\\dir2.txt", sb.ToString());
+            }
+            catch (Exception exp)
+            {
+                MessageBox.Show(exp.ToString());
+            }
+        }
+
+        static void Test2()
+        {
+            var attrTypes = new List<string>();
+            attrTypes.Add("( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch )");
+            attrTypes.Add("( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )");
+            var a = new AttributeTypeManager(attrTypes);
+
+            var objectClasses = new List<string>();
+            objectClasses.Add("( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ telephoneNumber $ seeAlso $ location $ roomNumber ) )");
+            var b = new ObjectClassManager(objectClasses);
+            //ParseObjectClass(attr);
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/AssemblyInfo.cs b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..59468ef78
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/AssemblyInfo.cs
@@ -0,0 +1,50 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System.Reflection;

+using System.Runtime.CompilerServices;

+using System.Runtime.InteropServices;

+

+// General Information about an assembly is controlled through the following 

+// set of attributes. Change these attribute values to modify the information

+// associated with an assembly.

+[assembly: AssemblyTitle("VMDir.Test")]

+[assembly: AssemblyDescription("")]

+[assembly: AssemblyConfiguration("")]

+[assembly: AssemblyCompany("Microsoft")]

+[assembly: AssemblyProduct("VMDir.Test")]

+[assembly: AssemblyCopyright("Copyright © Microsoft 2013")]

+[assembly: AssemblyTrademark("")]

+[assembly: AssemblyCulture("")]

+

+// Setting ComVisible to false makes the types in this assembly not visible 

+// to COM components.  If you need to access a type in this assembly from 

+// COM, set the ComVisible attribute to true on that type.

+[assembly: ComVisible(false)]

+

+// The following GUID is for the ID of the typelib if this project is exposed to COM

+[assembly: Guid("92a4aad9-dbe6-43ce-97d5-ff717ed55a33")]

+

+// Version information for an assembly consists of the following four values:

+//

+//      Major Version

+//      Minor Version 

+//      Build Number

+//      Revision

+//

+// You can specify all the values or you can default the Build and Revision Numbers 

+// by using the '*' as shown below:

+// [assembly: AssemblyVersion("1.0.*")]

+[assembly: AssemblyVersion("1.0.0.0")]

+[assembly: AssemblyFileVersion("1.0.0.0")]

diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Resources.Designer.cs b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Resources.Designer.cs
new file mode 100644
index 000000000..6bd1b30e4
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Resources.Designer.cs
@@ -0,0 +1,156 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+//------------------------------------------------------------------------------
+
+// <auto-generated>
+
+//     This code was generated by a tool.
+
+//     Runtime Version:2.0.50727.5420
+
+//
+
+//     Changes to this file may cause incorrect behavior and will be lost if
+
+//     the code is regenerated.
+
+// </auto-generated>
+
+//------------------------------------------------------------------------------
+
+
+
+namespace VMDir.Test.Properties
+
+{
+
+
+
+
+
+    /// <summary>
+
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+
+    /// </summary>
+
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+
+    // class via a tool like ResGen or Visual Studio.
+
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+
+    // with the /str option, or rebuild your VS project.
+
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "2.0.0.0")]
+
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+
+    internal class Resources
+
+    {
+
+
+
+        private static global::System.Resources.ResourceManager resourceMan;
+
+
+
+        private static global::System.Globalization.CultureInfo resourceCulture;
+
+
+
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+
+        internal Resources()
+
+        {
+
+        }
+
+
+
+        /// <summary>
+
+        ///   Returns the cached ResourceManager instance used by this class.
+
+        /// </summary>
+
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+
+        internal static global::System.Resources.ResourceManager ResourceManager
+
+        {
+
+            get
+
+            {
+
+                if ((resourceMan == null))
+
+                {
+
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("VMDir.Test.Properties.Resources", typeof(Resources).Assembly);
+
+                    resourceMan = temp;
+
+                }
+
+                return resourceMan;
+
+            }
+
+        }
+
+
+
+        /// <summary>
+
+        ///   Overrides the current thread's CurrentUICulture property for all
+
+        ///   resource lookups using this strongly typed resource class.
+
+        /// </summary>
+
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+
+        internal static global::System.Globalization.CultureInfo Culture
+
+        {
+
+            get
+
+            {
+
+                return resourceCulture;
+
+            }
+
+            set
+
+            {
+
+                resourceCulture = value;
+
+            }
+
+        }
+
+    }
+
+}
+
diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Resources.resx b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Resources.resx
new file mode 100644
index 000000000..40d99bf46
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Resources.resx
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="utf-8"?>

+<root>

+  <!-- 

+    Microsoft ResX Schema 

+    

+    Version 2.0

+    

+    The primary goals of this format is to allow a simple XML format 

+    that is mostly human readable. The generation and parsing of the 

+    various data types are done through the TypeConverter classes 

+    associated with the data types.

+    

+    Example:

+    

+    ... ado.net/XML headers & schema ...

+    <resheader name="resmimetype">text/microsoft-resx</resheader>

+    <resheader name="version">2.0</resheader>

+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>

+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>

+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>

+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>

+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">

+        <value>[base64 mime encoded serialized .NET Framework object]</value>

+    </data>

+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">

+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>

+        <comment>This is a comment</comment>

+    </data>

+                

+    There are any number of "resheader" rows that contain simple 

+    name/value pairs.

+    

+    Each data row contains a name, and value. The row also contains a 

+    type or mimetype. Type corresponds to a .NET class that support 

+    text/value conversion through the TypeConverter architecture. 

+    Classes that don't support this are serialized and stored with the 

+    mimetype set.

+    

+    The mimetype is used for serialized objects, and tells the 

+    ResXResourceReader how to depersist the object. This is currently not 

+    extensible. For a given mimetype the value must be set accordingly:

+    

+    Note - application/x-microsoft.net.object.binary.base64 is the format 

+    that the ResXResourceWriter will generate, however the reader can 

+    read any of the formats listed below.

+    

+    mimetype: application/x-microsoft.net.object.binary.base64

+    value   : The object must be serialized with 

+            : System.Serialization.Formatters.Binary.BinaryFormatter

+            : and then encoded with base64 encoding.

+    

+    mimetype: application/x-microsoft.net.object.soap.base64

+    value   : The object must be serialized with 

+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter

+            : and then encoded with base64 encoding.

+

+    mimetype: application/x-microsoft.net.object.bytearray.base64

+    value   : The object must be serialized into a byte array 

+            : using a System.ComponentModel.TypeConverter

+            : and then encoded with base64 encoding.

+    -->

+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">

+    <xsd:element name="root" msdata:IsDataSet="true">

+      <xsd:complexType>

+        <xsd:choice maxOccurs="unbounded">

+          <xsd:element name="metadata">

+            <xsd:complexType>

+              <xsd:sequence>

+                <xsd:element name="value" type="xsd:string" minOccurs="0" />

+              </xsd:sequence>

+              <xsd:attribute name="name" type="xsd:string" />

+              <xsd:attribute name="type" type="xsd:string" />

+              <xsd:attribute name="mimetype" type="xsd:string" />

+            </xsd:complexType>

+          </xsd:element>

+          <xsd:element name="assembly">

+            <xsd:complexType>

+              <xsd:attribute name="alias" type="xsd:string" />

+              <xsd:attribute name="name" type="xsd:string" />

+            </xsd:complexType>

+          </xsd:element>

+          <xsd:element name="data">

+            <xsd:complexType>

+              <xsd:sequence>

+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />

+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />

+              </xsd:sequence>

+              <xsd:attribute name="name" type="xsd:string" msdata:Ordinal="1" />

+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />

+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />

+            </xsd:complexType>

+          </xsd:element>

+          <xsd:element name="resheader">

+            <xsd:complexType>

+              <xsd:sequence>

+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />

+              </xsd:sequence>

+              <xsd:attribute name="name" type="xsd:string" use="required" />

+            </xsd:complexType>

+          </xsd:element>

+        </xsd:choice>

+      </xsd:complexType>

+    </xsd:element>

+  </xsd:schema>

+  <resheader name="resmimetype">

+    <value>text/microsoft-resx</value>

+  </resheader>

+  <resheader name="version">

+    <value>2.0</value>

+  </resheader>

+  <resheader name="reader">

+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>

+  </resheader>

+  <resheader name="writer">

+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>

+  </resheader>

+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Settings.Designer.cs b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Settings.Designer.cs
new file mode 100644
index 000000000..6e63f937d
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Settings.Designer.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+//------------------------------------------------------------------------------

+// <auto-generated>

+//     This code was generated by a tool.

+//     Runtime Version:2.0.50727.5420

+//

+//     Changes to this file may cause incorrect behavior and will be lost if

+//     the code is regenerated.

+// </auto-generated>

+//------------------------------------------------------------------------------

+

+namespace VMDir.Test.Properties

+{

+

+

+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]

+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "9.0.0.0")]

+    internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase

+    {

+

+        private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));

+

+        public static Settings Default

+        {

+            get

+            {

+                return defaultInstance;

+            }

+        }

+    }

+}

diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Settings.settings b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Settings.settings
new file mode 100644
index 000000000..559e9d712
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/Properties/Settings.settings
@@ -0,0 +1,7 @@
+<?xml version='1.0' encoding='utf-8'?>

+<SettingsFile xmlns="http://schemas.microsoft.com/VisualStudio/2004/01/settings" CurrentProfile="(Default)">

+  <Profiles>

+    <Profile Name="(Default)" />

+  </Profiles>

+  <Settings />

+</SettingsFile>

diff --git a/tools/win/LWRaftSnapIn/LWRaft.Test/VMDir.Test.csproj b/tools/win/LWRaftSnapIn/LWRaft.Test/VMDir.Test.csproj
new file mode 100644
index 000000000..a37605217
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaft.Test/VMDir.Test.csproj
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="3.5" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProductVersion>9.0.21022</ProductVersion>
+    <SchemaVersion>2.0</SchemaVersion>
+    <ProjectGuid>{0960148C-DFD1-44B9-978B-5A6942F6D11A}</ProjectGuid>
+    <OutputType>WinExe</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>VMDir.Test</RootNamespace>
+    <AssemblyName>VMDir.Test</AssemblyName>
+    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core">
+      <RequiredTargetFramework>3.5</RequiredTargetFramework>
+    </Reference>
+    <Reference Include="System.DirectoryServices" />
+    <Reference Include="System.DirectoryServices.Protocols" />
+    <Reference Include="System.Xml.Linq">
+      <RequiredTargetFramework>3.5</RequiredTargetFramework>
+    </Reference>
+    <Reference Include="System.Data.DataSetExtensions">
+      <RequiredTargetFramework>3.5</RequiredTargetFramework>
+    </Reference>
+    <Reference Include="System.Data" />
+    <Reference Include="System.Deployment" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Windows.Forms" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <EmbeddedResource Include="Properties\Resources.resx">
+      <Generator>ResXFileCodeGenerator</Generator>
+      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <Compile Include="Properties\Resources.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Resources.resx</DependentUpon>
+    </Compile>
+    <None Include="Properties\Settings.settings">
+      <Generator>SettingsSingleFileGenerator</Generator>
+      <LastGenOutput>Settings.Designer.cs</LastGenOutput>
+    </None>
+    <Compile Include="Properties\Settings.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DependentUpon>Settings.settings</DependentUpon>
+      <DesignTimeSharedInput>True</DesignTimeSharedInput>
+    </Compile>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\VMDir.Common\VMDir.Common.csproj">
+      <Project>{1DCFDC0B-57DA-4FC2-BF92-39E7D75AEB33}</Project>
+      <Name>VMDir.Common</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\VMDirSnapIn\VMDirSnapIn.csproj">
+      <Project>{8D367E3B-7D59-4EF4-B1F2-01EC99FDB9C5}</Project>
+      <Name>VMDirSnapIn</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn.sln b/tools/win/LWRaftSnapIn/LWRaftSnapIn.sln
new file mode 100644
index 000000000..269136b41
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn.sln
@@ -0,0 +1,57 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LWRaftSnapIn", "LWRaftSnapIn\LWRaftSnapIn.csproj", "{01C03043-27B8-4AED-8120-D228138B439A}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMDir.Common", "..\..\common\VMDir.Common\VMDir.Common.csproj", "{76109B16-B0AE-47EB-8545-EB135EB92E2A}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMIdentity.CommonUtils", "..\..\common\VMIdentity.CommonUtils\VMIdentity.CommonUtils.csproj", "{CD959E2E-5B9C-4329-B085-352844CFDCDD}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMwareMMCIDP.UI.Common", "..\VMwareMMCIDP.UI.Common\VMwareMMCIDP.UI.Common.csproj", "{474831AB-37DE-415C-B944-37E2D10D1E85}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{01C03043-27B8-4AED-8120-D228138B439A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{01C03043-27B8-4AED-8120-D228138B439A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{01C03043-27B8-4AED-8120-D228138B439A}.Debug|x64.ActiveCfg = Debug|x64
+		{01C03043-27B8-4AED-8120-D228138B439A}.Debug|x64.Build.0 = Debug|x64
+		{01C03043-27B8-4AED-8120-D228138B439A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{01C03043-27B8-4AED-8120-D228138B439A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{01C03043-27B8-4AED-8120-D228138B439A}.Release|x64.ActiveCfg = Release|x64
+		{01C03043-27B8-4AED-8120-D228138B439A}.Release|x64.Build.0 = Release|x64
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{76109B16-B0AE-47EB-8545-EB135EB92E2A}.Release|x64.ActiveCfg = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|x64.ActiveCfg = Debug|x64
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Debug|x64.Build.0 = Debug|x64
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|x64.ActiveCfg = Release|x64
+		{CD959E2E-5B9C-4329-B085-352844CFDCDD}.Release|x64.Build.0 = Release|x64
+		{474831AB-37DE-415C-B944-37E2D10D1E85}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{474831AB-37DE-415C-B944-37E2D10D1E85}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{474831AB-37DE-415C-B944-37E2D10D1E85}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{474831AB-37DE-415C-B944-37E2D10D1E85}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{474831AB-37DE-415C-B944-37E2D10D1E85}.Release|Any CPU.Build.0 = Release|Any CPU
+		{474831AB-37DE-415C-B944-37E2D10D1E85}.Release|x64.ActiveCfg = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(TestCaseManagementSettings) = postSolution
+		CategoryFile = VmDirInterop.vsmdi
+	EndGlobalSection
+EndGlobal
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/AddToGroup.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/AddToGroup.ico
new file mode 100644
index 000000000..51e47ed0d
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/AddToGroup.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Delete.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Delete.ico
new file mode 100644
index 000000000..ee3126be9
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Delete.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Directory.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Directory.ico
new file mode 100644
index 000000000..98b255d74
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Directory.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Export.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Export.ico
new file mode 100644
index 000000000..4ea6b9aa4
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Export.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Group.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Group.ico
new file mode 100644
index 000000000..9ee68b26a
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Group.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Login.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Login.ico
new file mode 100644
index 000000000..cc7645b0b
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Login.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/NextPage.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/NextPage.ico
new file mode 100644
index 000000000..4e9a574f7
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/NextPage.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Object.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Object.ico
new file mode 100644
index 000000000..53f4370e8
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Object.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Open.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Open.ico
new file mode 100644
index 000000000..259c2b36b
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Open.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/OperationalAttr.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/OperationalAttr.ico
new file mode 100644
index 000000000..3d01724ae
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/OperationalAttr.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/OptionalAttr.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/OptionalAttr.ico
new file mode 100644
index 000000000..02231e01b
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/OptionalAttr.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/PageSize.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/PageSize.ico
new file mode 100644
index 000000000..9874e07ec
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/PageSize.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Question.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Question.ico
new file mode 100644
index 000000000..2914e362c
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Question.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Refresh.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Refresh.ico
new file mode 100644
index 000000000..ee99fc4c3
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Refresh.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/ResetPassword.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/ResetPassword.ico
new file mode 100644
index 000000000..18ed43bec
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/ResetPassword.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Save.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Save.ico
new file mode 100644
index 000000000..727ee9625
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Save.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Search.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Search.ico
new file mode 100644
index 000000000..d65ae3e2b
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Search.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/SearchBoxCollapse.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/SearchBoxCollapse.ico
new file mode 100644
index 000000000..afcf762d4
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/SearchBoxCollapse.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Server.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Server.ico
new file mode 100644
index 000000000..2e1b7e3b9
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Server.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/ServerLog.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/ServerLog.ico
new file mode 100644
index 000000000..9ffd76ca0
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/ServerLog.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Toolbar.bmp b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Toolbar.bmp
new file mode 100644
index 000000000..5995c153f
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/Toolbar.bmp differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/User.ico b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/User.ico
new file mode 100644
index 000000000..4ffb75f2a
Binary files /dev/null and b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Images/User.ico differ
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftEnvironment.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftEnvironment.cs
new file mode 100644
index 000000000..10aba3950
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftEnvironment.cs
@@ -0,0 +1,136 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Persistence;
+using System.IO;
+using System.Reflection;
+using System.Xml.Serialization;
+using VMDir.Common.Schema;
+using LWRaftSnapIn.Utilities;
+using System.Drawing;
+using Microsoft.ManagementConsole;
+using VMIdentity.CommonUtils.Log;
+using VMwareMMCIDP.UI.Common.Utilities;
+using System.Windows.Forms;
+using VMDir.Common.VMDirUtilities;
+
+namespace LWRaftSnapIn
+{
+    public class LWRaftEnvironment
+    {
+        private static string DATA_FILE_NAME = "LWRaftData.xml";
+        public LocalData LocalData { get; set; }
+        string _applicationPath;
+        protected static LWRaftEnvironment _instance;
+        public SnapIn SnapIn { get; set; }
+        private ILogger _logger;
+        public List<Image> ImageLst = new List<Image>();
+
+        public Image GetToolbarImage()
+        {
+            return MiscUtilsService.GetResourceImage("LWRaftSnapIn.Images.Toolbar.bmp");
+        }
+
+        public string StoreFileName
+        {
+            get
+            {
+                return Path.Combine(ApplicationPath, DATA_FILE_NAME);
+            }
+        }
+
+        public string ApplicationPath
+        {
+            get
+            {
+                if (string.IsNullOrEmpty(_applicationPath))
+                    _applicationPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
+                return _applicationPath;
+            }
+        }
+
+        public static LWRaftEnvironment Instance
+        {
+            get
+            {
+                if (_instance == null)
+                    _instance = new LWRaftEnvironment();
+                return _instance;
+            }
+        }
+
+        public void LoadLocalData()
+        {
+            if (!File.Exists(StoreFileName))
+            {
+                LocalData = new LocalData();
+                return;
+            }
+
+            MiscUtilsService.CheckedExec(delegate
+           {
+               using (var ms = new MemoryStream())
+               {
+                   var bytes = File.ReadAllBytes(StoreFileName);
+                   ms.Write(bytes, 0, bytes.Length);
+                   ms.Seek(0, SeekOrigin.Begin);
+
+                   var xmlSerializer = new XmlSerializer(typeof(LocalData));
+                   LocalData = xmlSerializer.Deserialize(ms) as LocalData;
+               }
+           });
+        }
+
+        public void SaveLocalData()
+        {
+            MiscUtilsService.CheckedExec(delegate
+           {
+               using (var ms = new MemoryStream())
+               {
+                   var xmlSerializer = new XmlSerializer(typeof(LocalData));
+                   xmlSerializer.Serialize(ms, LWRaftEnvironment.Instance.LocalData);
+
+                   File.WriteAllBytes(StoreFileName, ms.ToArray());
+               }
+           });
+        }
+
+        public Icon GetIconResource(VMDirIconIndex indx)
+        {
+            object obj = Resource.ResourceManager.GetObject(indx.ToString(), Resource.Culture);
+            return (Icon)(obj);
+        }
+        public Image GetImageResource(VMDirIconIndex indx)
+        {
+            return GetIconResource(indx).ToBitmap();
+        }
+        public ILogger Logger
+        {
+            get
+            {
+                if (_logger == null)
+                {
+                    var logFolder = MMCUIConstants.GetLogFolder(Environment.UserName);
+                    var filePath = string.Format("{0}{1}", logFolder, MMCUIConstants.VMDIR_LOG_FILE);
+                    _logger = new FileLogger(filePath);
+                }
+                return _logger;
+            }
+        }
+    }
+}

diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftException.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftException.cs
new file mode 100644
index 000000000..aa93413b6
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftException.cs
@@ -0,0 +1,30 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace LWRaftSnapIn
+{
+    public class VMDirException : Exception
+    {
+        public UInt32 ErrorCode { get; set; }
+        public VMDirException(string function, UInt32 error)
+            : base(function)
+        {
+            ErrorCode = error;
+        }
+    }
+}

diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftImageIndex.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftImageIndex.cs
new file mode 100644
index 000000000..4a1529097
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftImageIndex.cs
@@ -0,0 +1,46 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace LWRaftSnapIn
+{
+    public enum VMDirIconIndex
+    {
+        Directory,
+        Group,
+        Login,
+        NextPage,
+        Object,
+        PageSize,
+        ResetPassword,
+        Search,
+        SearchBoxCollapse,
+        Server,
+        OperationalAttr,
+        User,
+        ServerLog,
+        Save,
+        Open,
+        OptionalAttr,
+        Delete,
+        Refresh,
+        AddToGroup,
+        Export,
+        Question
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapIn.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapIn.cs
new file mode 100644
index 000000000..3e9e04856
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapIn.cs
@@ -0,0 +1,83 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System.ComponentModel;
+using System.Security.Permissions;
+using System.Text;
+using System.Windows.Forms;
+using Microsoft.ManagementConsole;
+using LWRaftSnapIn.Utilities;
+using System.Drawing;
+using LWRaftSnapIn.UI;
+using VMwareMMCIDP.UI.Common.Utilities;
+using System.Threading;
+using System;
+using LWRaftSnapIn.ScopeNodes;
+using System.Collections.Generic;
+using System.Linq;
+
+[assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Unrestricted = true)]
+namespace LWRaftSnapIn
+{
+    [RunInstaller(true)]
+    public class InstallUtilSupport : SnapInInstaller
+    {
+
+        private void InitializeComponent()
+        {
+
+        }
+    }
+
+    //[SnapInSettings("{387738AF-C695-46f3-B178-9C9915364BD6}", DisplayName = "Directory Browser")]
+    //uncomment above line for local testing
+    public class LWRaftSnapIn : SnapIn
+    {
+        public LWRaftSnapIn()
+        {
+            LWRaftEnvironment.Instance.LoadLocalData();
+            InitConsole();
+        }
+
+        protected override void OnInitialize()
+        {
+            base.OnInitialize();
+
+            LWRaftEnvironment.Instance.SnapIn = this;
+            MMCDlgHelper.snapIn = this;
+
+            foreach (var item in Enum.GetValues(typeof(VMDirIconIndex)).Cast<VMDirIconIndex>())
+            {
+                LWRaftEnvironment.Instance.ImageLst.Add(LWRaftEnvironment.Instance.GetImageResource(item));
+            }
+        }
+
+        void AddViewDescription(ScopeNode node, MmcListViewDescription lvd)
+        {
+            node.ViewDescriptions.Add(lvd);
+            node.ViewDescriptions.DefaultIndex = 0;
+            this.RootNode.Children.Add(node);
+        }
+        void InitConsole()
+        {
+            this.SmallImages.AddStrip(LWRaftEnvironment.Instance.GetToolbarImage());
+            this.RootNode = new VMDirRootNode();
+        }
+        protected override void OnShutdown(AsyncStatus status)
+        {
+            // saves data to local xml file
+            LWRaftEnvironment.Instance.SaveLocalData();
+        }
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapIn.csproj b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapIn.csproj
new file mode 100644
index 000000000..b16d58c01
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/LWRaftSnapIn.csproj
@@ -0,0 +1,375 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{01C03043-27B8-4AED-8120-D228138B439A}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>LWRaftSnapIn</RootNamespace>
+    <AssemblyName>LWRaftSnapIn</AssemblyName>
+    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>..\..\x64\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>..\..\x64\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x64' ">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>bin\x64\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x64' ">
+    <OutputPath>bin\x64\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <ErrorReport>prompt</ErrorReport>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="microsoft.managementconsole, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Configuration.Install" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.DirectoryServices" />
+    <Reference Include="System.DirectoryServices.Protocols" />
+    <Reference Include="System.Drawing" />
+    <Reference Include="System.Windows.Forms" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+    <Reference Include="VmDirInterop, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\interop\lib64\VmDirInterop.dll</HintPath>
+    </Reference>
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Persistence\LocalData.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Resource.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DesignTime>True</DesignTime>
+      <DependentUpon>Resource.resx</DependentUpon>
+    </Compile>
+    <Compile Include="ScopeNodes\LWRaftRootNode.cs" />
+    <Compile Include="TreeNodes\BaseTreeNode.cs" />
+    <Compile Include="TreeNodes\DirectoryBaseNode.cs" />
+    <Compile Include="TreeNodes\DirectoryExpandableNode.cs" />
+    <Compile Include="TreeNodes\DirectoryNonExpandableNode.cs" />
+    <Compile Include="UI\AddGroup.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\AddGroup.Designer.cs">
+      <DependentUpon>AddGroup.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\AddToGroup.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\AddToGroup.Designer.cs">
+      <DependentUpon>AddToGroup.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\AddUser.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\AddUser.Designer.cs">
+      <DependentUpon>AddUser.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\AttrInfoForm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\AttrInfoForm.Designer.cs">
+      <DependentUpon>AttrInfoForm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\CheckUserPwdForm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\CheckUserPwdForm.Designer.cs">
+      <DependentUpon>CheckUserPwdForm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\ConditionsFromFile.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\ConditionsFromFile.Designer.cs">
+      <DependentUpon>ConditionsFromFile.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\ExportResult.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\ExportResult.Designer.cs">
+      <DependentUpon>ExportResult.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\PropertiesControl.cs">
+      <SubType>UserControl</SubType>
+    </Compile>
+    <Compile Include="UI\PropertiesControl.Designer.cs">
+      <DependentUpon>PropertiesControl.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\CreateForm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\CreateForm.Designer.cs">
+      <DependentUpon>CreateForm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\frmConnectToServer.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\frmConnectToServer.Designer.cs">
+      <DependentUpon>frmConnectToServer.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SearchArgs.cs" />
+    <Compile Include="UI\SearchForm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\SearchForm.Designer.cs">
+      <DependentUpon>SearchForm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SearchQueryControl.cs">
+      <SubType>UserControl</SubType>
+    </Compile>
+    <Compile Include="UI\SearchQueryControl.Designer.cs">
+      <DependentUpon>SearchQueryControl.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SelectObjectClass.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\SelectObjectClass.Designer.cs">
+      <DependentUpon>SelectObjectClass.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SetPageSizeForm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\SetPageSizeForm.Designer.cs">
+      <DependentUpon>SetPageSizeForm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SubmitModConfirm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\SubmitModConfirm.Designer.cs">
+      <DependentUpon>SubmitModConfirm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SubmitModStatus.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\SubmitModStatus.Designer.cs">
+      <DependentUpon>SubmitModStatus.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SuperLogBrowser.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\SuperLogBrowser.Designer.cs">
+      <DependentUpon>SuperLogBrowser.cs</DependentUpon>
+    </Compile>
+    <Compile Include="UI\SuperLogFilterHelper.cs" />
+    <Compile Include="UI\ResetUserPwdForm.cs">
+      <SubType>Form</SubType>
+    </Compile>
+    <Compile Include="UI\ResetUserPwdForm.Designer.cs">
+      <DependentUpon>ResetUserPwdForm.cs</DependentUpon>
+    </Compile>
+    <Compile Include="Utilities\LdapTypesService.cs" />
+    <Compile Include="Utilities\MiscUtilsService.cs" />
+    <Compile Include="Utilities\SearchListByKeyPress.cs" />
+    <Compile Include="TreeNodes\RootNode.cs" />
+    <Compile Include="TreeNodes\ServerNode.cs" />
+    <Compile Include="Views\ResultPaneControl.cs">
+      <SubType>UserControl</SubType>
+    </Compile>
+    <Compile Include="Views\ResultPaneControl.Designer.cs">
+      <DependentUpon>ResultPaneControl.cs</DependentUpon>
+    </Compile>
+    <Compile Include="Views\ResultPaneFormView.cs" />
+    <Compile Include="LWRaftEnvironment.cs" />
+    <Compile Include="LWRaftException.cs" />
+    <Compile Include="LWRaftImageIndex.cs" />
+    <Compile Include="LWRaftSnapIn.cs">
+      <SubType>Component</SubType>
+    </Compile>
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Images\Toolbar.bmp" />
+    <EmbeddedResource Include="Resource.resx">
+      <Generator>ResXFileCodeGenerator</Generator>
+      <LastGenOutput>Resource.Designer.cs</LastGenOutput>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\AddGroup.resx">
+      <DependentUpon>AddGroup.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\AddToGroup.resx">
+      <DependentUpon>AddToGroup.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\AddUser.resx">
+      <DependentUpon>AddUser.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\AttrInfoForm.resx">
+      <DependentUpon>AttrInfoForm.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\CheckUserPwdForm.resx">
+      <DependentUpon>CheckUserPwdForm.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\ConditionsFromFile.resx">
+      <DependentUpon>ConditionsFromFile.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\ExportResult.resx">
+      <DependentUpon>ExportResult.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\PropertiesControl.resx">
+      <DependentUpon>PropertiesControl.cs</DependentUpon>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\CreateForm.resx">
+      <DependentUpon>CreateForm.cs</DependentUpon>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\frmConnectToServer.resx">
+      <DependentUpon>frmConnectToServer.cs</DependentUpon>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\SearchForm.resx">
+      <DependentUpon>SearchForm.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\SearchQueryControl.resx">
+      <DependentUpon>SearchQueryControl.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\SelectObjectClass.resx">
+      <DependentUpon>SelectObjectClass.cs</DependentUpon>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\ResetUserPwdForm.resx">
+      <DependentUpon>ResetUserPwdForm.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\SetPageSizeForm.resx">
+      <DependentUpon>SetPageSizeForm.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\SubmitModConfirm.resx">
+      <DependentUpon>SubmitModConfirm.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="UI\SubmitModStatus.resx">
+      <DependentUpon>SubmitModStatus.cs</DependentUpon>
+    </EmbeddedResource>
+    <EmbeddedResource Include="Views\ResultPaneControl.resx">
+      <DependentUpon>ResultPaneControl.cs</DependentUpon>
+      <SubType>Designer</SubType>
+    </EmbeddedResource>
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="UI\SuperLogBrowser.resx">
+      <DependentUpon>SuperLogBrowser.cs</DependentUpon>
+    </EmbeddedResource>
+  </ItemGroup>
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\common\VMDir.Common\VMDir.Common.csproj">
+      <Project>{76109b16-b0ae-47eb-8545-eb135eb92e2a}</Project>
+      <Name>VMDir.Common</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\..\common\VMIdentity.CommonUtils\VMIdentity.CommonUtils.csproj">
+      <Project>{cd959e2e-5b9c-4329-b085-352844cfdcdd}</Project>
+      <Name>VMIdentity.CommonUtils</Name>
+    </ProjectReference>
+    <ProjectReference Include="..\..\VMwareMMCIDP.UI.Common\VMwareMMCIDP.UI.Common.csproj">
+      <Project>{474831ab-37de-415c-b944-37e2d10d1e85}</Project>
+      <Name>VMwareMMCIDP.UI.Common</Name>
+    </ProjectReference>
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Login.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Server.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\ServerLog.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Directory.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Group.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\NextPage.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Object.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\PageSize.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\ResetPassword.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Search.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\SearchBoxCollapse.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\ShowOperationalAttr.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\User.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Open.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Save.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\AddToGroup.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\delete.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\edit.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\refresh.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Export.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\OperationalAttr.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\OptionalAttr.ico" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="Images\Question.ico" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Persistence/LocalData.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Persistence/LocalData.cs
new file mode 100644
index 000000000..9c05d7e86
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Persistence/LocalData.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.Persistence
+{
+    public class LocalData
+    {
+        List<VMDirServerDTO> _servers = new List<VMDirServerDTO>();
+        public List<VMDirServerDTO> ServerList { get { return _servers; } set { _servers = value; } }
+        public LocalData()
+        {
+        }
+        public void AddServer(VMDirServerDTO dto)
+        {
+            ServerList.Add(dto);
+        }
+        public bool RemoveServer(string guid)
+        {
+            int index = ServerList.FindIndex(x => x.GUID == guid);
+            if (index > -1)
+                ServerList.RemoveAt(index);
+            return index > -1;
+        }
+        public VMDirServerDTO GetServerByGuid(string guid)
+        {
+            return ServerList.Find(x => x.GUID == guid);
+        }
+    }
+}

diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Properties/AssemblyInfo.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..b6b41812e
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Properties/AssemblyInfo.cs
@@ -0,0 +1,50 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("LWRaftSnapIn")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("VMware")]
+[assembly: AssemblyProduct("LWRaftSnapIn")]
+[assembly: AssemblyCopyright("Copyright © VMware 2013")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("3c2247ee-e7d6-48f4-8ac7-3af55351a53f")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.14")]
+[assembly: AssemblyFileVersion("1.0.0.14")]
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Resource.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Resource.Designer.cs
new file mode 100644
index 000000000..77344a7e9
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Resource.Designer.cs
@@ -0,0 +1,273 @@
+//------------------------------------------------------------------------------
+// <auto-generated>
+//     This code was generated by a tool.
+//     Runtime Version:4.0.30319.42000
+//
+//     Changes to this file may cause incorrect behavior and will be lost if
+//     the code is regenerated.
+// </auto-generated>
+//------------------------------------------------------------------------------
+
+namespace LWRaftSnapIn {
+    using System;
+    
+    
+    /// <summary>
+    ///   A strongly-typed resource class, for looking up localized strings, etc.
+    /// </summary>
+    // This class was auto-generated by the StronglyTypedResourceBuilder
+    // class via a tool like ResGen or Visual Studio.
+    // To add or remove a member, edit your .ResX file then rerun ResGen
+    // with the /str option, or rebuild your VS project.
+    [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
+    [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
+    [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
+    internal class Resource {
+        
+        private static global::System.Resources.ResourceManager resourceMan;
+        
+        private static global::System.Globalization.CultureInfo resourceCulture;
+        
+        [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
+        internal Resource() {
+        }
+        
+        /// <summary>
+        ///   Returns the cached ResourceManager instance used by this class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Resources.ResourceManager ResourceManager {
+            get {
+                if (object.ReferenceEquals(resourceMan, null)) {
+                    global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("LWRaftSnapIn.Resource", typeof(Resource).Assembly);
+                    resourceMan = temp;
+                }
+                return resourceMan;
+            }
+        }
+        
+        /// <summary>
+        ///   Overrides the current thread's CurrentUICulture property for all
+        ///   resource lookups using this strongly typed resource class.
+        /// </summary>
+        [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
+        internal static global::System.Globalization.CultureInfo Culture {
+            get {
+                return resourceCulture;
+            }
+            set {
+                resourceCulture = value;
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon AddToGroup {
+            get {
+                object obj = ResourceManager.GetObject("AddToGroup", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Delete {
+            get {
+                object obj = ResourceManager.GetObject("Delete", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Directory {
+            get {
+                object obj = ResourceManager.GetObject("Directory", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Export {
+            get {
+                object obj = ResourceManager.GetObject("Export", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Group {
+            get {
+                object obj = ResourceManager.GetObject("Group", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Login {
+            get {
+                object obj = ResourceManager.GetObject("Login", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon NextPage {
+            get {
+                object obj = ResourceManager.GetObject("NextPage", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Object {
+            get {
+                object obj = ResourceManager.GetObject("Object", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Open {
+            get {
+                object obj = ResourceManager.GetObject("Open", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon OperationalAttr {
+            get {
+                object obj = ResourceManager.GetObject("OperationalAttr", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon OptionalAttr {
+            get {
+                object obj = ResourceManager.GetObject("OptionalAttr", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon PageSize {
+            get {
+                object obj = ResourceManager.GetObject("PageSize", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Question {
+            get {
+                object obj = ResourceManager.GetObject("Question", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Refresh {
+            get {
+                object obj = ResourceManager.GetObject("Refresh", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon ResetPassword {
+            get {
+                object obj = ResourceManager.GetObject("ResetPassword", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Save {
+            get {
+                object obj = ResourceManager.GetObject("Save", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Search {
+            get {
+                object obj = ResourceManager.GetObject("Search", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon SearchBoxCollapse {
+            get {
+                object obj = ResourceManager.GetObject("SearchBoxCollapse", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon Server {
+            get {
+                object obj = ResourceManager.GetObject("Server", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon ServerLog {
+            get {
+                object obj = ResourceManager.GetObject("ServerLog", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+        
+        /// <summary>
+        ///   Looks up a localized resource of type System.Drawing.Icon similar to (Icon).
+        /// </summary>
+        internal static System.Drawing.Icon User {
+            get {
+                object obj = ResourceManager.GetObject("User", resourceCulture);
+                return ((System.Drawing.Icon)(obj));
+            }
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Resource.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Resource.resx
new file mode 100644
index 000000000..095296c05
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Resource.resx
@@ -0,0 +1,184 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <assembly alias="System.Windows.Forms" name="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
+  <data name="AddToGroup" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\AddToGroup.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Delete" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Delete.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Directory" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Directory.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Export" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Export.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Group" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Group.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Login" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Login.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="NextPage" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\NextPage.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Object" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Object.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Open" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Open.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="OperationalAttr" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\OperationalAttr.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="OptionalAttr" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\OptionalAttr.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="PageSize" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\PageSize.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Question" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Question.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Refresh" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Refresh.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="ResetPassword" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\ResetPassword.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Save" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Save.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Search" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Search.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="SearchBoxCollapse" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\SearchBoxCollapse.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="Server" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\Server.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="ServerLog" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\ServerLog.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+  <data name="User" type="System.Resources.ResXFileRef, System.Windows.Forms">
+    <value>Images\User.ico;System.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/ScopeNodes/LWRaftRootNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/ScopeNodes/LWRaftRootNode.cs
new file mode 100644
index 000000000..fe141eb12
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/ScopeNodes/LWRaftRootNode.cs
@@ -0,0 +1,42 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+using Microsoft.ManagementConsole;
+using LWRaftSnapIn.Views;
+using VMIdentity.CommonUtils;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.ScopeNodes
+{
+    public class VMDirRootNode : ScopeNode
+    {
+        public VMDirRootNode()
+        {
+            DisplayName = MMCMiscUtil.GetBrandConfig(CommonConstants.RAFT_ROOT);
+            AddViewDescription();
+        }
+        void AddViewDescription()
+        {
+            FormViewDescription fvd = new FormViewDescription();
+            fvd.DisplayName = "Users (FormView)";
+            fvd.ViewType = typeof(ResultPaneFormView);
+            fvd.ControlType = typeof(ResultPaneControl);
+
+            // Attach the view to the root node
+            this.ViewDescriptions.Add(fvd);
+            this.ViewDescriptions.DefaultIndex = 0;
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/BaseTreeNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/BaseTreeNode.cs
new file mode 100644
index 000000000..08c2f7546
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/BaseTreeNode.cs
@@ -0,0 +1,58 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System.Windows.Forms;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.UI;
+using LWRaftSnapIn.Views;
+
+namespace LWRaftSnapIn.TreeNodes
+{
+    public class BaseTreeNode : TreeNode
+    {
+        public VMDirServerDTO ServerDTO { get; protected set; }
+        public PropertiesControl PropertiesCtl { get; protected set; }
+        public BaseTreeNode(VMDirServerDTO serverDTO, PropertiesControl propertiesCtl)
+        {
+            ServerDTO = serverDTO;
+            PropertiesCtl = propertiesCtl;
+        }
+        public virtual void DoRefresh()
+        {
+        }
+        public virtual void DoBeforeExpand()
+        {
+        }
+        public virtual void DoExpand()
+        {
+        }
+        public virtual void DoAfterExpand()
+        {
+        }
+        public virtual void DoSelect()
+        {
+        }
+        public void AddDummyNode()
+        {
+            this.Nodes.Add(new TreeNode("") { Tag = null });
+        }
+        public void ClearDummyNode()
+        {
+            if (Nodes.Count == 1 && Nodes[0].Tag == null)
+            {
+                this.Nodes.Clear();
+            }
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryBaseNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryBaseNode.cs
new file mode 100644
index 000000000..cd2075025
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryBaseNode.cs
@@ -0,0 +1,155 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Threading;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDirInterop.Interfaces;
+using VMDirInterop.LDAP;
+using LWRaftSnapIn.Utilities;
+using LWRaftSnapIn.UI;
+using LWRaftSnapIn.Views;
+using VMIdentity.CommonUtils;
+using VMwareMMCIDP.UI.Common.Utilities;
+using System.Linq;
+using VmdirUtil = VMDir.Common.VMDirUtilities;
+
+namespace LWRaftSnapIn.TreeNodes
+{
+    public class DirectoryBaseNode : BaseTreeNode
+    {
+        public string Dn { get; private set; }
+        public string Cn { get; private set; }
+        public List<string> ObjectClass { get; private set; }
+
+        private Dictionary<string, VMDirAttributeDTO> _properties;
+
+        public Dictionary<string, VMDirAttributeDTO> NodeProperties
+        {
+            get
+            {
+                if (_properties == null)
+                    FillProperties();
+                return _properties;
+            }
+            set
+            {
+                _properties = value;
+            }
+        }
+
+        public DirectoryBaseNode(string dn, List<string> oc, VMDirServerDTO serverDTO, PropertiesControl propCtl)
+            : base(serverDTO, propCtl)
+        {
+            this.Dn = dn;
+            this.ObjectClass = oc;
+            Cn = VMDirServerDTO.DN2CN(dn);
+            ImageIndex = SelectedImageIndex = MiscUtilsService.GetImgIndx(ObjectClass);
+            this.Tag = "directory";
+        }
+
+        private void FillProperties()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                TextQueryDTO dto = new TextQueryDTO(Dn, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC, null, 0, IntPtr.Zero, 0);
+                ServerDTO.Connection.Search(dto,
+                    (l, e) =>
+                    {
+                        if (e.Count > 0)
+                            _properties = ServerDTO.Connection.GetEntryProperties(e[0]);
+                    });
+            });
+        }
+        public void RefreshProperties()
+        {
+            _properties.Clear();
+            FillProperties();
+            DoSelect();
+        }
+
+        public override void DoSelect()
+        {
+            PropertiesCtl.Visible = true;
+            var oc = string.Empty;
+            if (ObjectClass.Count > 0)
+                oc = ObjectClass[ObjectClass.Count - 1];
+            PropertiesCtl.Init(Dn, oc, ServerDTO, NodeProperties);
+        }
+        public void Delete()
+        {
+            ServerDTO.Connection.DeleteObject(Dn);
+        }
+
+        public void AddUserToGroup()
+        {
+            var frm = new AddToGroup(ServerDTO);
+            if (frm.ShowDialog() == DialogResult.OK)
+            {
+                MiscUtilsService.CheckedExec(delegate()
+                {
+                    string[] values = new string[2];
+                    values[1] = null;
+                    values[0] = Dn;
+                    LdapMod[] ldapVal = new LdapMod[1];
+                    ldapVal[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_MEMBER, values);
+                    ServerDTO.Connection.ModifyObject(frm.DNText, ldapVal);
+                    MMCDlgHelper.ShowInformation(VMDirConstants.STAT_MEMBER_ADD_SUCC);
+                    RefreshProperties();
+                });
+            }
+        }
+
+        public void ResetPassword()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                var frm = new ResetUserPwdForm(Dn);
+                if (frm.ShowDialog() == DialogResult.OK)
+                {
+                    LdapMod[] mod = new LdapMod[1];
+                    mod[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_REPLACE, VMDirConstants.ATTR_USER_PASSWORD, new string[] {
+                        frm.Password,
+                        null
+                    });
+                    ServerDTO.Connection.ModifyObject(frm.Dn, mod);
+                    MMCDlgHelper.ShowInformation(VMDirConstants.STAT_PWD_RESET_SUCC);
+                }
+            });
+        }
+
+        public void VerifyPassword()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                var frm = new CheckUserPwdForm(VmdirUtil.Utilities.GetAttrLastVal(NodeProperties, VMDirConstants.ATTR_KRB_UPN));
+                if (frm.ShowDialog() == DialogResult.OK)
+                {
+                    VMDirServerDTO ser = new VMDirServerDTO();
+                    ser.Server = ServerDTO.Server;
+                    ser.Password = frm.Password;
+                    ser.BindDN = frm.UPN;
+                    ser.Connection = new VmdirUtil.LdapConnectionService(ser.Server, ser.BindDN, ser.Password);
+                    if (ser.Connection.CheckCredentials())
+                        MMCDlgHelper.ShowInformation(CommonConstants.CORRECT_PWD);
+                    else
+                        MMCDlgHelper.ShowInformation(CommonConstants.INVALID_PWD);
+                }
+            });
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryExpandableNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryExpandableNode.cs
new file mode 100644
index 000000000..2ca4e395c
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryExpandableNode.cs
@@ -0,0 +1,223 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDirInterop.Interfaces;
+using VMDirInterop.LDAP;
+using LWRaftSnapIn.UI;
+using LWRaftSnapIn.Utilities;
+using VMIdentity.CommonUtils;
+using VMwareMMCIDP.UI.Common.Utilities;
+using VMDirUtil = VMDir.Common.VMDirUtilities;
+
+namespace LWRaftSnapIn.TreeNodes
+{
+    public class DirectoryExpandableNode : DirectoryBaseNode
+    {
+        private IntPtr _cookie;
+        private int _totalCount;
+        private bool _morePages;
+        private int _pageNumber;
+        private QueryDTO _qdto;
+        public DirectoryExpandableNode(string dn, List<string> oc, VMDirServerDTO serverDTO, PropertiesControl propCtl)
+            : base(dn, oc, serverDTO, propCtl)
+        {
+            this.Text = Cn + " ...";
+            AddDummyNode();
+            InitPageSearch();
+        }
+
+        public override void DoExpand()
+        {
+            if (Nodes.Count == 1 && Nodes[0].Tag == null)
+            {
+                this.Nodes.Clear();
+                InitPageSearch();
+                GetPage();
+                Expand();
+            }
+        }
+        public override void DoRefresh()
+        {
+            this.Nodes.Clear();
+            AddDummyNode();
+            DoExpand();
+            RefreshProperties();
+        }
+
+        public void Search()
+        {
+            Thread t = new Thread(DoSearch);
+            t.SetApartmentState(ApartmentState.STA);
+            t.Start();
+        }
+
+        private void DoSearch()
+        {
+            var frm = new SearchForm(Dn, ServerDTO);
+            var length = this.Dn.Length > 20 ? 20 : this.Dn.Length;
+            frm.Text = "Server: " + ServerDTO.Server + "           Search In: " + this.Dn.Substring(0, length) + "...";
+            Application.Run(frm);
+            frm.BringToFront();
+        }
+        protected void InitPageSearch()
+        {
+            _qdto = new TextQueryDTO(Dn, LdapScope.SCOPE_ONE_LEVEL, VMDirConstants.SEARCH_ALL_OC,
+       new string[] { VMDirConstants.ATTR_DN, VMDirConstants.ATTR_OBJECT_CLASS }, 0, IntPtr.Zero, 0);
+            _cookie = IntPtr.Zero;
+            _totalCount = 0;
+            _pageNumber = 1;
+            _morePages = true;
+        }
+        internal void GetNextPage()
+        {
+            if (_morePages)
+            {
+                GetPage();
+            }
+            else
+                MMCDlgHelper.ShowInformation(VMDirConstants.WRN_NO_MORE_PAGES);
+        }
+        private void GetPage()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                var _lst = new List<DirectoryExpandableNode>();
+                ServerDTO.Connection.PagedSearch(_qdto, ServerDTO.PageSize, _cookie, _morePages,
+                    delegate(ILdapMessage ldMsg, IntPtr ck, bool moreP, List<ILdapEntry> entries)
+                    {
+                        _cookie = ck;
+                        _morePages = moreP;
+                        _totalCount += entries.Count();
+                        _pageNumber++;
+                        foreach (var entry in entries)
+                        {
+                            var ocList = new List<string>(entry.getAttributeValues(VMDirConstants.ATTR_OBJECT_CLASS).Select(x=>x.StringValue).ToArray());
+                            _lst.Add(new DirectoryExpandableNode(entry.getDN(), ocList, ServerDTO, PropertiesCtl));
+                        }
+                    });
+                if (!_morePages)
+                    this.Text = Cn;
+                this.Nodes.AddRange(_lst.ToArray());
+            });
+        }
+
+        public void AddObject()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                var frmSelect = new SelectObjectClass(ServerDTO.Connection.SchemaManager);
+                if (frmSelect.ShowDialog() == DialogResult.OK)
+                {
+                    var frm = new CreateForm(frmSelect.SelectedObject, ServerDTO, Dn);
+                    if (frm.ShowDialog() == DialogResult.OK)
+                    {
+                        var attributes = frm.Attributes.Select(x => LdapTypesService.MakeAttribute(x)).ToArray();   
+                        string newdn = frm.Rdn+","+Dn;
+                        ServerDTO.Connection.AddObject(newdn, attributes);
+                        ClearDummyNode();
+                        var oc = VMDirUtil.Utilities.GetObjectClassList(ServerDTO, newdn, LdapScope.SCOPE_BASE);
+                        this.Nodes.Insert(0, new DirectoryExpandableNode(newdn, oc, ServerDTO, PropertiesCtl));
+                        MMCDlgHelper.ShowInformation(VMDirConstants.STAT_OBJ_ADD_SUCC);
+                    }
+                }
+            });
+        }
+        public void AddGroup()
+        {
+            GroupDTO dto = new GroupDTO();
+            var frm = new AddGroup(dto);
+            if (frm.ShowDialog() == DialogResult.OK)
+            {
+                MiscUtilsService.CheckedExec(delegate()
+                {
+                    LdapMod[] user = new LdapMod[4];
+                    user[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_CN, new string[] {
+						dto.cn,
+						null
+					});
+                    user[1] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_GROUPTYPE, new string[] {
+						dto.groupType.ToString (),
+						null
+					});
+                    user[2] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_SAM_ACCOUNT_NAME, new string[] {
+						dto.sAMAccountName,
+						null
+					});
+                    user[3] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_OBJECT_CLASS, new string[] {
+						dto.objectClass,
+						null
+					});
+                    string dn = string.Format("cn={0},{1}", dto.cn, Dn);
+                    ServerDTO.Connection.AddObject(dn, user);
+                    ClearDummyNode();
+                    var oc = VMDirUtil.Utilities.GetObjectClassList(ServerDTO,dn,LdapScope.SCOPE_BASE);
+                    this.Nodes.Insert(0,new DirectoryExpandableNode(dn, oc, ServerDTO, PropertiesCtl));
+                    MMCDlgHelper.ShowInformation(VMDirConstants.STAT_GRP_ADD_SUCC);
+                });
+            }
+        }
+
+        public void AddUser()
+        {
+            UserDTO userDTO = new UserDTO();
+            var frm = new AddUser(userDTO);
+            if (frm.ShowDialog() == DialogResult.OK)
+            {
+                MiscUtilsService.CheckedExec(delegate()
+                {
+                    LdapMod[] user = new LdapMod[6];
+                    user[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_GIVEN_NAME, new string[] {
+						userDTO.FirstName,
+						null
+					});
+                    user[1] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_SN, new string[] {
+						userDTO.LastName,
+						null
+					});
+                    user[2] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_CN, new string[] {
+						userDTO.Cn,
+						null
+					});
+                    user[3] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_KRB_UPN, new string[] {
+						userDTO.UPN,
+						null
+					});
+                    user[4] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_SAM_ACCOUNT_NAME, new string[] {
+						userDTO.SAMAccountName,
+						null
+					});
+                    user[5] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, VMDirConstants.ATTR_OBJECT_CLASS, new string[] {
+						VMDirConstants.USER_OC,
+						null
+					});
+                    string dn = string.Format("cn={0},{1}", userDTO.Cn, Dn);
+                    ServerDTO.Connection.AddObject(dn, user);
+                    ClearDummyNode();
+                    var oc = VMDirUtil.Utilities.GetObjectClassList(ServerDTO, dn, LdapScope.SCOPE_BASE);
+                    this.Nodes.Insert(0,new DirectoryExpandableNode(dn, oc, ServerDTO, PropertiesCtl));
+                    MMCDlgHelper.ShowInformation(VMDirConstants.STAT_USR_ADD_SUCC);
+                });
+            }
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryNonExpandableNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryNonExpandableNode.cs
new file mode 100644
index 000000000..b8cea8e59
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/DirectoryNonExpandableNode.cs
@@ -0,0 +1,39 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.UI;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.TreeNodes
+{
+    public class DirectoryNonExpandableNode : DirectoryBaseNode
+    {
+        public DirectoryNonExpandableNode(string dn, List<string> oc, VMDirServerDTO serverDTO, PropertiesControl propCtl)
+            : base(dn, oc, serverDTO, propCtl)
+        {
+            this.Text = dn;
+        }
+        public override void DoRefresh()
+        {
+            RefreshProperties();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/RootNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/RootNode.cs
new file mode 100644
index 000000000..aeb0b9787
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/RootNode.cs
@@ -0,0 +1,70 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+using VMDir.Common.DTO;
+using LWRaftSnapIn.UI;
+using LWRaftSnapIn.Utilities;
+using LWRaftSnapIn.Views;
+using VMIdentity.CommonUtils;
+using VMIdentity.CommonUtils.Log;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.TreeNodes
+{
+    class RootNode : BaseTreeNode
+    {
+        public RootNode(PropertiesControl control)
+            : base(null,control)
+        {
+            this.Text = MMCMiscUtil.GetBrandConfig(CommonConstants.RAFT_ROOT);
+            ImageIndex = SelectedImageIndex = (int)VMDirIconIndex.Directory;
+            this.Tag = "root";
+        }
+        public override void DoExpand()
+        {
+            if (Nodes.Count > 0)
+                return;
+            foreach (var dto in LWRaftEnvironment.Instance.LocalData.ServerList)
+            {
+                this.Nodes.Add(new ServerNode(dto, PropertiesCtl));
+            }
+            Expand();
+        }
+
+        public override void DoSelect()
+        {
+            if (PropertiesCtl==null)
+                LWRaftEnvironment.Instance.Logger.Log("PropertiesCtl is null", LogLevel.Error);
+            PropertiesCtl.SetEditState(false);
+            DoExpand();
+        }
+
+        public void AddNewServer()
+        {
+             MiscUtilsService.CheckedExec(delegate
+            {
+                var serverDTO = VMDirServerDTO.CreateInstance();
+                serverDTO.Server = "";
+                var node = new ServerNode(serverDTO, PropertiesCtl);
+                node.Login();
+                if (node.ServerDTO.IsLoggedIn)
+                {
+                    LWRaftEnvironment.Instance.LocalData.AddServer(serverDTO);
+                    this.Nodes.Add(node);
+                }
+            });
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/ServerNode.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/ServerNode.cs
new file mode 100644
index 000000000..6e40a8952
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/TreeNodes/ServerNode.cs
@@ -0,0 +1,217 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+using System;
+using System.Collections.Generic;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDir.Common.VMDirUtilities;
+using VMDirInterop.Interfaces;
+using VMDirInterop.LDAP;
+using LWRaftSnapIn.Utilities;
+using LWRaftSnapIn.UI;
+using LWRaftSnapIn.Views;
+using VMIdentity.CommonUtils;
+using VMwareMMCIDP.UI.Common.Utilities;
+namespace LWRaftSnapIn.TreeNodes
+{
+    public class ServerNode : BaseTreeNode
+    {
+        private Dictionary<string, VMDirAttributeDTO> _properties;
+
+        public Dictionary<string, VMDirAttributeDTO> ServerProperties
+        {
+            get
+            {
+                if (_properties == null)
+                    FillProperties();
+                return _properties;
+            }
+        }
+
+        private void FillProperties()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                TextQueryDTO dto = new TextQueryDTO(VMDirConstants.ATTR_VMW_DSEROOT_DN, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC, null, 0, IntPtr.Zero, 0);
+                ServerDTO.Connection.Search(dto,
+                    (l, e) =>
+                    {
+                        if(e.Count>0)
+                            _properties = ServerDTO.Connection.GetEntryProperties(e[0]);
+                    });
+            });
+        }
+        public void RefreshProperties()
+        {
+            _properties.Clear();
+            FillProperties();
+            DoSelect();
+        }
+
+        public ServerNode(VMDirServerDTO serverDTO, PropertiesControl control)
+            : base(serverDTO, control)
+        {
+            ImageIndex = SelectedImageIndex = (int)VMDirIconIndex.Server;
+            this.Text = serverDTO.Server;
+            this.Tag = "server";
+            /*if (serverDTO.IsLoggedIn)
+           {
+               Expand();
+               DoSelect();
+               DoRefresh();
+           } */
+        }
+
+        public override void DoSelect()
+        {
+            if (ServerDTO.IsLoggedIn)
+            {
+                PropertiesCtl.Init(VMDirConstants.ATTR_VMW_DSEROOT_DN, string.Empty, ServerDTO, ServerProperties);
+            }
+            else
+            {
+                PropertiesCtl.ClearView();
+                PropertiesCtl.SetEditState(false);
+            }
+        }
+        public override void DoRefresh()
+        {
+            this.Nodes.Clear();
+            this.Nodes.Add(new DirectoryExpandableNode(ServerDTO.BaseDN, new List<string>(), ServerDTO, PropertiesCtl));
+            Expand();
+            RefreshProperties();
+        }
+        internal void Login()
+        {
+            this.Nodes.Clear();
+            try
+            {
+                var frm = new frmConnectToServer(ServerDTO);
+                if (frm.ShowDialog() == DialogResult.OK)
+                {
+                    if (ServerDTO.Connection.CreateConnection() == 1)
+                    {
+                        this.Text = ServerDTO.Server;
+
+                        if (string.IsNullOrWhiteSpace(ServerDTO.BaseDN))
+                        {
+                            TextQueryDTO dto = new TextQueryDTO("", LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC,
+                                new string[] { VMDirConstants.ATTR_ROOT_DOMAIN_NAMING_CONTEXT }, 0, IntPtr.Zero, 0);
+                            try
+                            {
+                                ServerDTO.Connection.Search(dto,
+                                    delegate(ILdapMessage searchRequest, List<ILdapEntry> entries)
+                                    {
+                                        ServerDTO.BaseDN = GetRootDomainNamingContext(entries);
+                                    });
+                            }
+                            catch (Exception)
+                            {
+                                throw new Exception(VMDirConstants.ERR_DN_RETRIEVAL);
+                            }
+                        }
+                        else
+                        {
+                            TextQueryDTO dto = new TextQueryDTO(ServerDTO.BaseDN, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC,
+                                new string[] { VMDirConstants.ATTR_DN }, 0, IntPtr.Zero, 0);
+                            ServerDTO.Connection.Search(dto, null);
+                        }
+                        this.Nodes.Add(new DirectoryExpandableNode(ServerDTO.BaseDN, new List<string>(), ServerDTO, PropertiesCtl));
+                        ServerDTO.IsLoggedIn = true;
+                        Expand();
+                        DoSelect();
+                    }
+                    else
+                    {
+                        throw new Exception(CommonConstants.INVALID_CREDENTIAL);
+                    }
+                }
+            }
+            catch (Exception exp)
+            {
+                ServerDTO.Connection = null;
+                LWRaftEnvironment.Instance.Logger.LogException(exp);
+                MiscUtilsService.ShowError(exp);
+            }
+        }
+
+        private string GetRootDomainNamingContext(List<ILdapEntry> entries)
+        {
+            if (entries != null)
+            {
+                var value = entries[0].getAttributeValues(VMDirConstants.ATTR_ROOT_DOMAIN_NAMING_CONTEXT);
+                if (value != null && value.Count > 0)
+                    return value[0].StringValue;
+            }
+            return string.Empty;
+        }
+
+        public void Logout()
+        {
+            try
+            {
+                ServerDTO.Connection = new LdapConnectionService(ServerDTO.Server, ServerDTO.BindDN, ServerDTO.Password);
+                ServerDTO.Connection.CloseConnection();
+                ServerDTO.Connection = null;
+                ServerDTO.IsLoggedIn = false;
+                Nodes.Clear();
+                PropertiesCtl.ClearView();
+            }
+            catch (Exception exp)
+            {
+                MiscUtilsService.ShowError(exp);
+            }
+        }
+
+        public void RemoveServer()
+        {
+            if (MiscUtilsService.Confirm(CommonConstants.GetDeleteMsg("server", ServerDTO.Server)))
+            {
+                MiscUtilsService.CheckedExec(delegate()
+                {
+                    LWRaftEnvironment.Instance.LocalData.RemoveServer(ServerDTO.GUID);
+                    if (ServerDTO.Connection != null)
+                        ServerDTO.Connection.CloseConnection();
+                    var server=ServerDTO.Server;
+                    var parent = this.Parent as RootNode;
+                    if (parent != null)
+                    {
+                        parent.Nodes.Remove(this);
+                    }
+                    MMCDlgHelper.ShowInformation(VMDirConstants.STAT_SER_REM_SUCC+server);
+                });
+            }
+        }
+
+        internal void SuperLog()
+        {
+            var frm = new SuperLogBrowser(ServerDTO);
+            frm.ShowDialog();
+            frm.BringToFront();
+        }
+
+        internal void SetPageSize()
+        {
+            var frm = new SetPageSizeForm(ServerDTO.PageSize);
+            if (frm.ShowDialog() == DialogResult.OK)
+            {
+                ServerDTO.PageSize = frm.PageSize;
+                MMCDlgHelper.ShowInformation(VMDirConstants.STAT_PG_SZ_SUCC);
+            }
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.Designer.cs
new file mode 100644
index 000000000..a69e54804
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.Designer.cs
@@ -0,0 +1,136 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class AddGroup
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.submitButton = new System.Windows.Forms.Button();
+            this.cancelButton = new System.Windows.Forms.Button();
+            this.samAccNametextBox = new System.Windows.Forms.TextBox();
+            this.groupNameTextBox = new System.Windows.Forms.TextBox();
+            this.label2 = new System.Windows.Forms.Label();
+            this.label1 = new System.Windows.Forms.Label();
+            this.SuspendLayout();
+            // 
+            // submitButton
+            // 
+            this.submitButton.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.submitButton.Location = new System.Drawing.Point(198, 120);
+            this.submitButton.Name = "submitButton";
+            this.submitButton.Size = new System.Drawing.Size(75, 23);
+            this.submitButton.TabIndex = 11;
+            this.submitButton.Text = "Submit";
+            this.submitButton.UseVisualStyleBackColor = true;
+            this.submitButton.Click += new System.EventHandler(this.submitButton_Click);
+            // 
+            // cancelButton
+            // 
+            this.cancelButton.Location = new System.Drawing.Point(117, 120);
+            this.cancelButton.Name = "cancelButton";
+            this.cancelButton.Size = new System.Drawing.Size(75, 23);
+            this.cancelButton.TabIndex = 10;
+            this.cancelButton.Text = "Cancel";
+            this.cancelButton.UseVisualStyleBackColor = true;
+            this.cancelButton.Click += new System.EventHandler(this.cancelButton_Click);
+            // 
+            // samAccNametextBox
+            // 
+            this.samAccNametextBox.Location = new System.Drawing.Point(144, 63);
+            this.samAccNametextBox.Name = "samAccNametextBox";
+            this.samAccNametextBox.Size = new System.Drawing.Size(200, 20);
+            this.samAccNametextBox.TabIndex = 9;
+            // 
+            // groupNameTextBox
+            // 
+            this.groupNameTextBox.Location = new System.Drawing.Point(144, 26);
+            this.groupNameTextBox.Name = "groupNameTextBox";
+            this.groupNameTextBox.Size = new System.Drawing.Size(200, 20);
+            this.groupNameTextBox.TabIndex = 8;
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(23, 70);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(98, 13);
+            this.label2.TabIndex = 7;
+            this.label2.Text = "SAMAccountName";
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(23, 33);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(94, 13);
+            this.label1.TabIndex = 6;
+            this.label1.Text = "Group Name (CN):";
+            // 
+            // AddGroup
+            // 
+            this.AcceptButton = this.submitButton;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(381, 176);
+            this.Controls.Add(this.submitButton);
+            this.Controls.Add(this.cancelButton);
+            this.Controls.Add(this.samAccNametextBox);
+            this.Controls.Add(this.groupNameTextBox);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.label1);
+            this.Name = "AddGroup";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "AddGroup";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.Group);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Button submitButton;
+        private System.Windows.Forms.Button cancelButton;
+        private System.Windows.Forms.TextBox samAccNametextBox;
+        private System.Windows.Forms.TextBox groupNameTextBox;
+        private System.Windows.Forms.Label label2;
+        private System.Windows.Forms.Label label1;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.cs
new file mode 100644
index 000000000..a2f17fd43
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.cs
@@ -0,0 +1,74 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AddGroup : Form
+    {
+        private GroupDTO _dto;
+        public AddGroup(GroupDTO dto)
+        {
+            InitializeComponent();
+            _dto = dto;
+            _dto.groupType = VMDirConstants.GROUPTYPE_ACCOUNT;
+            _dto.objectClass = VMDirConstants.GROUP_OC;
+        }
+
+        private bool DoValidateControls()
+        {
+            string msg = string.Empty;
+
+            if (String.IsNullOrWhiteSpace(groupNameTextBox.Text))
+                msg = VMDirConstants.WRN_GRP_NAME_ENT;
+            else if (String.IsNullOrWhiteSpace(samAccNametextBox.Text))
+                msg = VMDirConstants.WRN_SAM_NAME_ENT;
+
+            if (!string.IsNullOrWhiteSpace(msg))
+            {
+                MMCDlgHelper.ShowWarning(msg);
+                return false;
+            }
+            return true;
+        }
+
+        private void submitButton_Click(object sender, EventArgs e)
+        {
+            if (!DoValidateControls())
+            {
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            _dto.cn = groupNameTextBox.Text;
+            _dto.sAMAccountName = samAccNametextBox.Text;
+            this.Close();
+        }
+
+        private void cancelButton_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddGroup.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.Designer.cs
new file mode 100644
index 000000000..27d74935d
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.Designer.cs
@@ -0,0 +1,139 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class AddToGroup
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.label1 = new System.Windows.Forms.Label();
+            this.cnTextBox = new System.Windows.Forms.TextBox();
+            this.findCnButton = new System.Windows.Forms.Button();
+            this.dnLabel = new System.Windows.Forms.Label();
+            this.submitButton = new System.Windows.Forms.Button();
+            this.cancelButton = new System.Windows.Forms.Button();
+            this.SuspendLayout();
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(31, 33);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(70, 13);
+            this.label1.TabIndex = 0;
+            this.label1.Text = "Group Name:";
+            // 
+            // cnTextBox
+            // 
+            this.cnTextBox.Location = new System.Drawing.Point(123, 26);
+            this.cnTextBox.Name = "cnTextBox";
+            this.cnTextBox.Size = new System.Drawing.Size(200, 20);
+            this.cnTextBox.TabIndex = 1;
+            // 
+            // findCnButton
+            // 
+            this.findCnButton.Location = new System.Drawing.Point(346, 23);
+            this.findCnButton.Name = "findCnButton";
+            this.findCnButton.Size = new System.Drawing.Size(75, 23);
+            this.findCnButton.TabIndex = 2;
+            this.findCnButton.Text = "Find CN";
+            this.findCnButton.UseVisualStyleBackColor = true;
+            this.findCnButton.Click += new System.EventHandler(this.findCnButton_Click);
+            // 
+            // dnLabel
+            // 
+            this.dnLabel.Location = new System.Drawing.Point(34, 64);
+            this.dnLabel.Name = "dnLabel";
+            this.dnLabel.Size = new System.Drawing.Size(387, 32);
+            this.dnLabel.TabIndex = 5;
+            this.dnLabel.Text = "dnlabel";
+            // 
+            // submitButton
+            // 
+            this.submitButton.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.submitButton.Location = new System.Drawing.Point(248, 111);
+            this.submitButton.Name = "submitButton";
+            this.submitButton.Size = new System.Drawing.Size(75, 23);
+            this.submitButton.TabIndex = 13;
+            this.submitButton.Text = "Submit";
+            this.submitButton.UseVisualStyleBackColor = true;
+            this.submitButton.Click += new System.EventHandler(this.submitButton_Click);
+            // 
+            // cancelButton
+            // 
+            this.cancelButton.Location = new System.Drawing.Point(167, 111);
+            this.cancelButton.Name = "cancelButton";
+            this.cancelButton.Size = new System.Drawing.Size(75, 23);
+            this.cancelButton.TabIndex = 12;
+            this.cancelButton.Text = "Cancel";
+            this.cancelButton.UseVisualStyleBackColor = true;
+            this.cancelButton.Click += new System.EventHandler(this.cancelButton_Click);
+            // 
+            // AddToGroup
+            // 
+            this.AcceptButton = this.submitButton;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(458, 162);
+            this.Controls.Add(this.submitButton);
+            this.Controls.Add(this.cancelButton);
+            this.Controls.Add(this.dnLabel);
+            this.Controls.Add(this.findCnButton);
+            this.Controls.Add(this.cnTextBox);
+            this.Controls.Add(this.label1);
+            this.Name = "AddToGroup";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "AddToGroup";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.AddToGroup);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.TextBox cnTextBox;
+        private System.Windows.Forms.Button findCnButton;
+        private System.Windows.Forms.Label dnLabel;
+        private System.Windows.Forms.Button submitButton;
+        private System.Windows.Forms.Button cancelButton;
+
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.cs
new file mode 100644
index 000000000..a29452a06
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.cs
@@ -0,0 +1,79 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Utilities;
+using VMwareMMCIDP.UI.Common.Utilities;
+using VmdirUtil = VMDir.Common.VMDirUtilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AddToGroup : Form
+    {
+        public String DNText { get; set; }
+        private VMDirServerDTO serverDTO;
+        public AddToGroup(VMDirServerDTO dto)
+        {
+            InitializeComponent();
+            serverDTO = dto;
+            dnLabel.Text = "";
+        }
+
+        private void submitButton_Click(object sender, EventArgs e)
+        {
+            if (string.IsNullOrWhiteSpace(DNText))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_GRP_NAME_SEL);
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            this.Close();
+        }
+
+        private void findCnButton_Click(object sender, EventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate()
+            {
+                if (!string.IsNullOrWhiteSpace(cnTextBox.Text))
+                {
+                    string[] dn = VmdirUtil.Utilities.SearchItemCN(serverDTO.BaseDN, "group", cnTextBox.Text, null, serverDTO);
+                    //if only single result is found
+                    if (dn.Length == 1)
+                    {
+                        dnLabel.Text = dn[0];
+                        DNText = dn[0];
+                    }
+                    else if (dn.Length <= 0)
+                        dnLabel.Text = "Search item not found in groups.";
+                    //else if dn.length>1 TODO - Display a separate window  listing all the multiple dn found  and let the user choose one.
+                }
+            });
+        }
+
+        private void cancelButton_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddToGroup.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.Designer.cs
new file mode 100644
index 000000000..85b80c47a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.Designer.cs
@@ -0,0 +1,202 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class AddUser
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.submitButton = new System.Windows.Forms.Button();
+            this.cancelButton = new System.Windows.Forms.Button();
+            this.firstNameTextBox = new System.Windows.Forms.TextBox();
+            this.label1 = new System.Windows.Forms.Label();
+            this.label2 = new System.Windows.Forms.Label();
+            this.label3 = new System.Windows.Forms.Label();
+            this.label4 = new System.Windows.Forms.Label();
+            this.label5 = new System.Windows.Forms.Label();
+            this.lastNameTextBox = new System.Windows.Forms.TextBox();
+            this.cnTextBox = new System.Windows.Forms.TextBox();
+            this.upnTextBox = new System.Windows.Forms.TextBox();
+            this.samAccNameTextBox = new System.Windows.Forms.TextBox();
+            this.SuspendLayout();
+            // 
+            // submitButton
+            // 
+            this.submitButton.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.submitButton.Location = new System.Drawing.Point(217, 244);
+            this.submitButton.Name = "submitButton";
+            this.submitButton.Size = new System.Drawing.Size(75, 23);
+            this.submitButton.TabIndex = 16;
+            this.submitButton.Text = "Submit";
+            this.submitButton.UseVisualStyleBackColor = true;
+            this.submitButton.Click += new System.EventHandler(this.submitButton_Click);
+            // 
+            // cancelButton
+            // 
+            this.cancelButton.Location = new System.Drawing.Point(136, 244);
+            this.cancelButton.Name = "cancelButton";
+            this.cancelButton.Size = new System.Drawing.Size(75, 23);
+            this.cancelButton.TabIndex = 15;
+            this.cancelButton.Text = "Cancel";
+            this.cancelButton.UseVisualStyleBackColor = true;
+            this.cancelButton.Click += new System.EventHandler(this.cancelButton_Click);
+            // 
+            // firstNameTextBox
+            // 
+            this.firstNameTextBox.Location = new System.Drawing.Point(168, 34);
+            this.firstNameTextBox.Name = "firstNameTextBox";
+            this.firstNameTextBox.Size = new System.Drawing.Size(200, 20);
+            this.firstNameTextBox.TabIndex = 14;
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(44, 41);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(60, 13);
+            this.label1.TabIndex = 17;
+            this.label1.Text = "First Name:";
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(44, 78);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(61, 13);
+            this.label2.TabIndex = 18;
+            this.label2.Text = "Last Name:";
+            // 
+            // label3
+            // 
+            this.label3.AutoSize = true;
+            this.label3.Location = new System.Drawing.Point(44, 114);
+            this.label3.Name = "label3";
+            this.label3.Size = new System.Drawing.Size(25, 13);
+            this.label3.TabIndex = 19;
+            this.label3.Text = "CN:";
+            // 
+            // label4
+            // 
+            this.label4.AutoSize = true;
+            this.label4.Location = new System.Drawing.Point(44, 147);
+            this.label4.Name = "label4";
+            this.label4.Size = new System.Drawing.Size(100, 13);
+            this.label4.TabIndex = 20;
+            this.label4.Text = "UserPrincipalName:";
+            // 
+            // label5
+            // 
+            this.label5.AutoSize = true;
+            this.label5.Location = new System.Drawing.Point(44, 185);
+            this.label5.Name = "label5";
+            this.label5.Size = new System.Drawing.Size(101, 13);
+            this.label5.TabIndex = 21;
+            this.label5.Text = "SAMAccountName:";
+            // 
+            // lastNameTextBox
+            // 
+            this.lastNameTextBox.Location = new System.Drawing.Point(168, 71);
+            this.lastNameTextBox.Name = "lastNameTextBox";
+            this.lastNameTextBox.Size = new System.Drawing.Size(200, 20);
+            this.lastNameTextBox.TabIndex = 22;
+            // 
+            // cnTextBox
+            // 
+            this.cnTextBox.Location = new System.Drawing.Point(168, 107);
+            this.cnTextBox.Name = "cnTextBox";
+            this.cnTextBox.Size = new System.Drawing.Size(200, 20);
+            this.cnTextBox.TabIndex = 23;
+            // 
+            // upnTextBox
+            // 
+            this.upnTextBox.Location = new System.Drawing.Point(168, 140);
+            this.upnTextBox.Name = "upnTextBox";
+            this.upnTextBox.Size = new System.Drawing.Size(200, 20);
+            this.upnTextBox.TabIndex = 24;
+            // 
+            // samAccNameTextBox
+            // 
+            this.samAccNameTextBox.Location = new System.Drawing.Point(168, 178);
+            this.samAccNameTextBox.Name = "samAccNameTextBox";
+            this.samAccNameTextBox.Size = new System.Drawing.Size(200, 20);
+            this.samAccNameTextBox.TabIndex = 25;
+            // 
+            // AddUser
+            // 
+            this.AcceptButton = this.submitButton;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(429, 291);
+            this.Controls.Add(this.samAccNameTextBox);
+            this.Controls.Add(this.upnTextBox);
+            this.Controls.Add(this.cnTextBox);
+            this.Controls.Add(this.lastNameTextBox);
+            this.Controls.Add(this.label5);
+            this.Controls.Add(this.label4);
+            this.Controls.Add(this.label3);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.label1);
+            this.Controls.Add(this.submitButton);
+            this.Controls.Add(this.cancelButton);
+            this.Controls.Add(this.firstNameTextBox);
+            this.Name = "AddUser";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "AddUser";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.User);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Button submitButton;
+        private System.Windows.Forms.Button cancelButton;
+        private System.Windows.Forms.TextBox firstNameTextBox;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Label label2;
+        private System.Windows.Forms.Label label3;
+        private System.Windows.Forms.Label label4;
+        private System.Windows.Forms.Label label5;
+        private System.Windows.Forms.TextBox lastNameTextBox;
+        private System.Windows.Forms.TextBox cnTextBox;
+        private System.Windows.Forms.TextBox upnTextBox;
+        private System.Windows.Forms.TextBox samAccNameTextBox;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.cs
new file mode 100644
index 000000000..d7afb8894
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.cs
@@ -0,0 +1,81 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AddUser : Form
+    {
+        UserDTO _dto;
+        public AddUser(UserDTO dto)
+        {
+            InitializeComponent();
+            _dto = dto;
+            _dto.objectClass = VMDirConstants.USER_OC;
+        }
+        private bool DoValidateControls()
+        {
+            string msg = string.Empty;
+
+            if (string.IsNullOrWhiteSpace(cnTextBox.Text))
+                msg = VMDirConstants.WRN_CN_ENT;
+            else if (string.IsNullOrWhiteSpace(firstNameTextBox.Text))
+                msg = VMDirConstants.WRN_FN_ENT;
+            else if (string.IsNullOrWhiteSpace(lastNameTextBox.Text))
+                msg = VMDirConstants.WRN_LN_ENT;
+            else if (string.IsNullOrWhiteSpace(samAccNameTextBox.Text))
+                msg = VMDirConstants.WRN_SAM_NAME_ENT;
+            else if (string.IsNullOrWhiteSpace(upnTextBox.Text))
+                msg = VMDirConstants.WRN_UPN_ENT;
+
+            if (!string.IsNullOrWhiteSpace(msg))
+            {
+                MMCDlgHelper.ShowWarning(msg);
+                return false;
+            }
+            return true;
+        }
+        private void submitButton_Click(object sender, EventArgs e)
+        {
+            if (!DoValidateControls())
+            {
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            _dto.Cn = firstNameTextBox.Text;
+            _dto.FirstName = firstNameTextBox.Text;
+            _dto.LastName = lastNameTextBox.Text;
+            _dto.SAMAccountName = samAccNameTextBox.Text;
+            _dto.UPN = upnTextBox.Text;
+            this.Close();
+        }
+
+        private void cancelButton_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AddUser.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.Designer.cs
new file mode 100644
index 000000000..8df10c8e4
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.Designer.cs
@@ -0,0 +1,148 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class AttrInfoForm
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.label1 = new System.Windows.Forms.Label();
+            this.textBoxEx = new System.Windows.Forms.TextBox();
+            this.label3 = new System.Windows.Forms.Label();
+            this.button1 = new System.Windows.Forms.Button();
+            this.linkLabel1 = new System.Windows.Forms.LinkLabel();
+            this.labelSyntax = new System.Windows.Forms.Label();
+            this.SuspendLayout();
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(19, 26);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(42, 13);
+            this.label1.TabIndex = 0;
+            this.label1.Text = "Syntax:";
+            // 
+            // textBoxEx
+            // 
+            this.textBoxEx.BackColor = System.Drawing.SystemColors.ControlLightLight;
+            this.textBoxEx.Location = new System.Drawing.Point(22, 69);
+            this.textBoxEx.Multiline = true;
+            this.textBoxEx.Name = "textBoxEx";
+            this.textBoxEx.ReadOnly = true;
+            this.textBoxEx.Size = new System.Drawing.Size(283, 88);
+            this.textBoxEx.TabIndex = 4;
+            // 
+            // label3
+            // 
+            this.label3.AutoSize = true;
+            this.label3.Location = new System.Drawing.Point(19, 53);
+            this.label3.Name = "label3";
+            this.label3.Size = new System.Drawing.Size(55, 13);
+            this.label3.TabIndex = 5;
+            this.label3.Text = "Examples:";
+            // 
+            // button1
+            // 
+            this.button1.DialogResult = System.Windows.Forms.DialogResult.Cancel;
+            this.button1.Location = new System.Drawing.Point(117, 190);
+            this.button1.Name = "button1";
+            this.button1.Size = new System.Drawing.Size(75, 23);
+            this.button1.TabIndex = 8;
+            this.button1.Text = "Close";
+            this.button1.UseVisualStyleBackColor = true;
+            this.button1.Click += new System.EventHandler(this.button1_Click);
+            // 
+            // linkLabel1
+            // 
+            this.linkLabel1.AutoSize = true;
+            this.linkLabel1.Location = new System.Drawing.Point(253, 170);
+            this.linkLabel1.Name = "linkLabel1";
+            this.linkLabel1.Size = new System.Drawing.Size(52, 13);
+            this.linkLabel1.TabIndex = 9;
+            this.linkLabel1.TabStop = true;
+            this.linkLabel1.Text = "More Info";
+            this.linkLabel1.LinkClicked += new System.Windows.Forms.LinkLabelLinkClickedEventHandler(this.linkLabel1_LinkClicked);
+            // 
+            // labelSyntax
+            // 
+            this.labelSyntax.AutoSize = true;
+            this.labelSyntax.Location = new System.Drawing.Point(68, 25);
+            this.labelSyntax.Name = "labelSyntax";
+            this.labelSyntax.Size = new System.Drawing.Size(0, 13);
+            this.labelSyntax.TabIndex = 10;
+            // 
+            // AttrInfoForm
+            // 
+            this.AcceptButton = this.button1;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.BackColor = System.Drawing.SystemColors.ControlLightLight;
+            this.CancelButton = this.button1;
+            this.ClientSize = new System.Drawing.Size(330, 231);
+            this.Controls.Add(this.labelSyntax);
+            this.Controls.Add(this.linkLabel1);
+            this.Controls.Add(this.button1);
+            this.Controls.Add(this.label3);
+            this.Controls.Add(this.textBoxEx);
+            this.Controls.Add(this.label1);
+            this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedToolWindow;
+            this.MaximizeBox = false;
+            this.MinimizeBox = false;
+            this.Name = "AttrInfoForm";
+            this.Opacity = 0.9D;
+            this.ShowIcon = false;
+            this.StartPosition = System.Windows.Forms.FormStartPosition.Manual;
+            this.Text = "Help";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.TextBox textBoxEx;
+        private System.Windows.Forms.Label label3;
+        private System.Windows.Forms.Button button1;
+        private System.Windows.Forms.LinkLabel linkLabel1;
+        private System.Windows.Forms.Label labelSyntax;
+
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.cs
new file mode 100644
index 000000000..61a7bad16
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.cs
@@ -0,0 +1,77 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Diagnostics;
+using System.Text;
+using System.Windows.Forms;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class AttrInfoForm : Form
+    {
+        AttributeHelpDTO helpDTO;
+        public AttrInfoForm(AttributeHelpDTO helpDTO)
+        {
+            this.helpDTO = helpDTO;
+            InitializeComponent();
+            BindUI();
+        }
+
+        private void BindUI()
+        {
+            this.labelSyntax.Text = string.Empty;
+            this.textBoxEx.Text = string.Empty;
+            linkLabel1.Enabled = false;
+            this.textBoxEx.Enabled = false;
+
+            if (helpDTO != null)
+            {
+                this.labelSyntax.Text = helpDTO.Value;
+                StringBuilder sb = new StringBuilder();
+                if (helpDTO.ExampleList != null)
+                {
+                    foreach (var str in helpDTO.ExampleList)
+                        sb.Append(str + Environment.NewLine);
+                    this.textBoxEx.Text = sb.ToString();
+                    this.textBoxEx.Enabled = true;
+                }
+                if (!string.IsNullOrWhiteSpace(helpDTO.HelpLink))
+                {
+                    LinkLabel.Link link = new LinkLabel.Link();
+                    link.LinkData = helpDTO.HelpLink;
+                    linkLabel1.Links.Clear();
+                    linkLabel1.Links.Add(link);
+                    linkLabel1.Enabled = true;
+                }
+            }
+        }
+
+        private void button1_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+
+        private void linkLabel1_LinkClicked(object sender, LinkLabelLinkClickedEventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                Process.Start(e.Link.LinkData as string);
+            });
+
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/AttrInfoForm.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.Designer.cs
new file mode 100644
index 000000000..4d1e8ee35
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.Designer.cs
@@ -0,0 +1,138 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class CheckUserPwdForm
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(CheckUserPwdForm));
+            this.buttonSubmit = new System.Windows.Forms.Button();
+            this.buttonCancel = new System.Windows.Forms.Button();
+            this.textBoxPwd = new System.Windows.Forms.TextBox();
+            this.label1 = new System.Windows.Forms.Label();
+            this.label2 = new System.Windows.Forms.Label();
+            this.textBoxUpn = new System.Windows.Forms.TextBox();
+            this.SuspendLayout();
+            // 
+            // buttonSubmit
+            // 
+            this.buttonSubmit.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.buttonSubmit.Location = new System.Drawing.Point(191, 114);
+            this.buttonSubmit.Name = "buttonSubmit";
+            this.buttonSubmit.Size = new System.Drawing.Size(75, 23);
+            this.buttonSubmit.TabIndex = 9;
+            this.buttonSubmit.Text = "Submit";
+            this.buttonSubmit.UseVisualStyleBackColor = true;
+            this.buttonSubmit.Click += new System.EventHandler(this.buttonSubmit_Click);
+            // 
+            // buttonCancel
+            // 
+            this.buttonCancel.Location = new System.Drawing.Point(93, 114);
+            this.buttonCancel.Name = "buttonCancel";
+            this.buttonCancel.Size = new System.Drawing.Size(75, 23);
+            this.buttonCancel.TabIndex = 8;
+            this.buttonCancel.Text = "Cancel";
+            this.buttonCancel.UseVisualStyleBackColor = true;
+            this.buttonCancel.Click += new System.EventHandler(this.buttonCancel_Click);
+            // 
+            // textBoxPwd
+            // 
+            this.textBoxPwd.Location = new System.Drawing.Point(101, 64);
+            this.textBoxPwd.Name = "textBoxPwd";
+            this.textBoxPwd.PasswordChar = '*';
+            this.textBoxPwd.Size = new System.Drawing.Size(200, 20);
+            this.textBoxPwd.TabIndex = 7;
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(20, 71);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(56, 13);
+            this.label1.TabIndex = 6;
+            this.label1.Text = "Password:";
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(20, 32);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(33, 13);
+            this.label2.TabIndex = 10;
+            this.label2.Text = "UPN:";
+            // 
+            // textBoxUpn
+            // 
+            this.textBoxUpn.Location = new System.Drawing.Point(101, 24);
+            this.textBoxUpn.Name = "textBoxUpn";
+            this.textBoxUpn.Size = new System.Drawing.Size(200, 20);
+            this.textBoxUpn.TabIndex = 11;
+            // 
+            // CheckUserPwdForm
+            // 
+            this.AcceptButton = this.buttonSubmit;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(346, 156);
+            this.Controls.Add(this.textBoxUpn);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.buttonSubmit);
+            this.Controls.Add(this.buttonCancel);
+            this.Controls.Add(this.textBoxPwd);
+            this.Controls.Add(this.label1);
+            this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
+            this.Name = "CheckUserPwdForm";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Verify User Password";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Button buttonSubmit;
+        private System.Windows.Forms.Button buttonCancel;
+        private System.Windows.Forms.TextBox textBoxPwd;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Label label2;
+        private System.Windows.Forms.TextBox textBoxUpn;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.cs
new file mode 100644
index 000000000..a91446a31
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.cs
@@ -0,0 +1,61 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMwareMMCIDP.UI.Common.Utilities;
+namespace LWRaftSnapIn.UI
+{
+    public partial class CheckUserPwdForm : Form
+    {
+        public string UPN;
+        public string Password;
+        public CheckUserPwdForm(string upn)
+        {
+            this.UPN = upn;
+            InitializeComponent();
+            this.textBoxUpn.Text = upn;
+        }
+        private bool validateInput()
+        {
+            if (string.IsNullOrWhiteSpace(this.textBoxUpn.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_UPN_ENT);
+                return false;
+            }
+            else if (string.IsNullOrWhiteSpace(this.textBoxPwd.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_PWD_ENT);
+                return false;
+            }
+            return true;
+
+        }
+        private void buttonSubmit_Click(object sender, EventArgs e)
+        {
+            if (!validateInput())
+            {
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            Password = this.textBoxPwd.Text;
+        }
+
+        private void buttonCancel_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.resx
new file mode 100644
index 000000000..0d3b43b37
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CheckUserPwdForm.resx
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ2mO8ydpjv4naY7+J2mO/idpjv4naY7+J2mO/idp
+        jv4naY7zAAAAAAAAAADscR6p62wY/+tpEv/rZg3/6mQK/ydpjv5JoLv/YMbb/3Tm9f905vX/dOb1/2HH
+        3P9Mpb//J2mO/gAAAAAAAAAA7HUl//iwZv/rbBj//9N7///PcP8oaY7/SaC7/2DG2/905vX/dOb1/3Tm
+        9f9hx9z/TKW//ydpjv4AAAAAAAAAAO15K///4aX/7HEe///Yi///1H//KGmO/0mgu/9gxtv/dOb1/3Tm
+        9f905vX/Ycfc/0ylv/8naY7+AAAAAAAAAADtfDD//+Ko/+x1Jf//2Y7//9WC/yhpjv9ts8n/gNHi/6Pv
+        +P+j7/j/o+/4/4HS4/9wt8z/J2mO/gAAAAAAAAAA7n4z///ouf//46z//96g///bkv8xa4r/KGmO/yhp
+        jv8oaY7/KGmO/ydpjv4naY7+J2mO/idpjvMAAAAAAAAAAO5/Nf//7cn//+m9///ksP//4KT//9+h/5mZ
+        mf/q6ur//9N6/+pkCv8AAAAA6urq/5mZmf8AAAAAAAAAAAAAAADugDeX+cSY///uzf//6sL//+a1///m
+        s/+ZmZn/8vLy//erW//rZg26AAAAAPLy8v+ZmZn/AAAAAAAAAAAAAAAA7oE3C+6AN8HufzX/7n4z/+18
+        MP/teSv/mZmZ/+rq6v/rbBiS62kSCQAAAADq6ur/mZmZ/wAAAAAAAAAAAAAAAAAAAAAAAAAA/+3JKu5/
+        Nf/ufjP/7Xww/5mZmf/X19f/AAAAAAAAAAAAAAAA19fX/5mZmf8AAAAAAAAAAAAAAAAAAAAAAAAAAO6B
+        N///4qr//9yT///bkf//1ID/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZmAAAAAAAAAAAAAAAAAAAAAAAAA
+        AADugTj//+Ww///enP//3pz//9uR/+18MP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAA7oE4///qv///5bD//+Ww///jqf/ufjP/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAO6BOP//6r///+Ww///lsP//46n/7n81/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAADugDfI//HU///tyf//7cn//+vE/+5/NtkAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAA//vzIu5/NabufzX/7n81/+5/NZz/9d8qAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAA/gAAAMAAAADAAAAAwAAAAMAAAADAAAAAwAkAAMAJAADgGQAA+DkAAPABAADwPwAA8D8AAPA/
+        AADwPwAA+H8AAA==
+</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.Designer.cs
new file mode 100644
index 000000000..9fc7bb46b
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.Designer.cs
@@ -0,0 +1,183 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class ConditionsFromFile
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.components = new System.ComponentModel.Container();
+            this.label5 = new System.Windows.Forms.Label();
+            this.comboBoxAttr = new System.Windows.Forms.ComboBox();
+            this.label4 = new System.Windows.Forms.Label();
+            this.comboBoxCond = new System.Windows.Forms.ComboBox();
+            this.buttonBrowse = new System.Windows.Forms.Button();
+            this.label1 = new System.Windows.Forms.Label();
+            this.textBox1 = new System.Windows.Forms.TextBox();
+            this.buttonApply = new System.Windows.Forms.Button();
+            this.toolTip1 = new System.Windows.Forms.ToolTip(this.components);
+            this.buttonCancel = new System.Windows.Forms.Button();
+            this.SuspendLayout();
+            // 
+            // label5
+            // 
+            this.label5.AutoSize = true;
+            this.label5.Location = new System.Drawing.Point(24, 73);
+            this.label5.Name = "label5";
+            this.label5.Size = new System.Drawing.Size(54, 13);
+            this.label5.TabIndex = 13;
+            this.label5.Text = "Condition:";
+            // 
+            // comboBoxAttr
+            // 
+            this.comboBoxAttr.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxAttr.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxAttr.FormattingEnabled = true;
+            this.comboBoxAttr.Location = new System.Drawing.Point(102, 25);
+            this.comboBoxAttr.Name = "comboBoxAttr";
+            this.comboBoxAttr.Size = new System.Drawing.Size(200, 21);
+            this.comboBoxAttr.TabIndex = 11;
+            // 
+            // label4
+            // 
+            this.label4.AutoSize = true;
+            this.label4.Location = new System.Drawing.Point(24, 33);
+            this.label4.Name = "label4";
+            this.label4.Size = new System.Drawing.Size(49, 13);
+            this.label4.TabIndex = 12;
+            this.label4.Text = "Attribute:";
+            // 
+            // comboBoxCond
+            // 
+            this.comboBoxCond.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxCond.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxCond.FormattingEnabled = true;
+            this.comboBoxCond.Location = new System.Drawing.Point(102, 65);
+            this.comboBoxCond.Name = "comboBoxCond";
+            this.comboBoxCond.Size = new System.Drawing.Size(200, 21);
+            this.comboBoxCond.TabIndex = 14;
+            // 
+            // buttonBrowse
+            // 
+            this.buttonBrowse.Location = new System.Drawing.Point(308, 104);
+            this.buttonBrowse.Name = "buttonBrowse";
+            this.buttonBrowse.Size = new System.Drawing.Size(27, 23);
+            this.buttonBrowse.TabIndex = 24;
+            this.buttonBrowse.Text = "...";
+            this.toolTip1.SetToolTip(this.buttonBrowse, "Add values from file containing one attribute per line");
+            this.buttonBrowse.UseVisualStyleBackColor = true;
+            this.buttonBrowse.Click += new System.EventHandler(this.buttonBrowse_Click);
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(24, 107);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(42, 13);
+            this.label1.TabIndex = 25;
+            this.label1.Text = "Values:";
+            // 
+            // textBox1
+            // 
+            this.textBox1.Location = new System.Drawing.Point(102, 104);
+            this.textBox1.Multiline = true;
+            this.textBox1.Name = "textBox1";
+            this.textBox1.Size = new System.Drawing.Size(200, 93);
+            this.textBox1.TabIndex = 26;
+            this.toolTip1.SetToolTip(this.textBox1, "Enter one value per line");
+            // 
+            // buttonApply
+            // 
+            this.buttonApply.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.buttonApply.Location = new System.Drawing.Point(181, 226);
+            this.buttonApply.Name = "buttonApply";
+            this.buttonApply.Size = new System.Drawing.Size(75, 23);
+            this.buttonApply.TabIndex = 27;
+            this.buttonApply.Text = "Apply";
+            this.buttonApply.UseVisualStyleBackColor = true;
+            this.buttonApply.Click += new System.EventHandler(this.buttonApply_Click);
+            // 
+            // buttonCancel
+            // 
+            this.buttonCancel.Location = new System.Drawing.Point(100, 226);
+            this.buttonCancel.Name = "buttonCancel";
+            this.buttonCancel.Size = new System.Drawing.Size(75, 23);
+            this.buttonCancel.TabIndex = 28;
+            this.buttonCancel.Text = "Cancel";
+            this.buttonCancel.UseVisualStyleBackColor = true;
+            this.buttonCancel.Click += new System.EventHandler(this.buttonCancel_Click);
+            // 
+            // ConditionsFromFile
+            // 
+            this.AcceptButton = this.buttonApply;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(373, 261);
+            this.Controls.Add(this.buttonCancel);
+            this.Controls.Add(this.buttonApply);
+            this.Controls.Add(this.textBox1);
+            this.Controls.Add(this.label1);
+            this.Controls.Add(this.buttonBrowse);
+            this.Controls.Add(this.label5);
+            this.Controls.Add(this.comboBoxAttr);
+            this.Controls.Add(this.label4);
+            this.Controls.Add(this.comboBoxCond);
+            this.Name = "ConditionsFromFile";
+            this.ShowIcon = false;
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Add Conditions From File";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Label label5;
+        private System.Windows.Forms.ComboBox comboBoxAttr;
+        private System.Windows.Forms.Label label4;
+        private System.Windows.Forms.ComboBox comboBoxCond;
+        private System.Windows.Forms.Button buttonBrowse;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.TextBox textBox1;
+        private System.Windows.Forms.Button buttonApply;
+        private System.Windows.Forms.ToolTip toolTip1;
+        private System.Windows.Forms.Button buttonCancel;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.cs
new file mode 100644
index 000000000..584d8887e
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.cs
@@ -0,0 +1,112 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Utilities;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class ConditionsFromFile : Form
+    {
+        private List<FilterDTO> _filters;
+        private List<string> _attrList;
+        public ConditionsFromFile(List<FilterDTO> filters, List<string> attrList)
+        {
+            _filters = filters;
+            _attrList = attrList;
+            InitializeComponent();
+            this.comboBoxAttr.Items.AddRange(_attrList.ToArray());
+            this.comboBoxCond.Items.AddRange(VMDirConstants.ConditionList);
+            this.comboBoxAttr.SelectedIndex = 0;
+            this.comboBoxCond.SelectedIndex = 0;
+        }
+
+        private void buttonBrowse_Click(object sender, EventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate()
+            {
+                var values = MMCMiscUtil.ReadAllFromFile("Select File", MMCUIConstants.TXT_FILTER);
+                this.textBox1.Text = values;
+            });
+        }
+
+        private void buttonApply_Click(object sender, EventArgs e)
+        {
+            if (!ValidateForm())
+            {
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            _filters.Clear();
+            var charArr=new char[] { '\r', '\n' };
+            foreach (var item in this.textBox1.Text.Split('\n'))
+            {
+                var val = item.Trim(charArr);
+                if(!string.IsNullOrWhiteSpace(val))
+                    _filters.Add(new FilterDTO(comboBoxAttr.SelectedItem.ToString(), (Condition) comboBoxCond.SelectedIndex, val));
+            }
+            this.Close();
+        }
+
+        private bool ValidateForm()
+        {
+            if (comboBoxAttr.SelectedItem == null)
+            {
+                if (comboBoxAttr.Items.Contains(comboBoxAttr.Text))
+                {
+                    comboBoxAttr.SelectedIndex = comboBoxAttr.Items.IndexOf(comboBoxAttr.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+                    return false;
+                }
+            }
+            if (comboBoxCond.SelectedItem == null)
+            {
+                if (comboBoxCond.Items.Contains(comboBoxCond.Text))
+                {
+                    comboBoxCond.SelectedIndex = comboBoxCond.Items.IndexOf(comboBoxCond.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_COND);
+                    return false;
+                }
+            }
+            if (string.IsNullOrWhiteSpace(this.textBox1.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_VAL);
+                return false;
+            }
+            return true;
+        }
+
+        private void buttonCancel_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.resx
new file mode 100644
index 000000000..65a871b69
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ConditionsFromFile.resx
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <metadata name="toolTip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>17, 17</value>
+  </metadata>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.Designer.cs
new file mode 100644
index 000000000..37eba1bb4
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.Designer.cs
@@ -0,0 +1,202 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+
+    partial class CreateForm
+    {
+
+        /// <summary>
+
+        /// Required designer variable.
+
+        /// </summary>
+
+        private System.ComponentModel.IContainer components = null;
+
+
+
+        /// <summary>
+
+        /// Clean up any resources being used.
+
+        /// </summary>
+
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+
+        protected override void Dispose(bool disposing)
+        {
+
+            if (disposing && (components != null))
+            {
+
+                components.Dispose();
+
+            }
+
+            base.Dispose(disposing);
+
+        }
+
+
+
+        #region Windows Form Designer generated code
+
+
+
+        /// <summary>
+
+        /// Required method for Designer support - do not modify
+
+        /// the contents of this method with the code editor.
+
+        /// </summary>
+
+        private void InitializeComponent()
+        {
+            this.btnCancel = new System.Windows.Forms.Button();
+            this.btnOK = new System.Windows.Forms.Button();
+            this.listViewProp = new System.Windows.Forms.ListView();
+            this.textBoxEdit = new System.Windows.Forms.MaskedTextBox();
+            this.textBoxParentDn = new System.Windows.Forms.TextBox();
+            this.textBoxRdn = new System.Windows.Forms.TextBox();
+            this.label1 = new System.Windows.Forms.Label();
+            this.label2 = new System.Windows.Forms.Label();
+            this.SuspendLayout();
+            // 
+            // btnCancel
+            // 
+            this.btnCancel.Anchor = System.Windows.Forms.AnchorStyles.Bottom;
+            this.btnCancel.DialogResult = System.Windows.Forms.DialogResult.Cancel;
+            this.btnCancel.Location = new System.Drawing.Point(201, 411);
+            this.btnCancel.Name = "btnCancel";
+            this.btnCancel.Size = new System.Drawing.Size(75, 23);
+            this.btnCancel.TabIndex = 2;
+            this.btnCancel.Text = "Cancel";
+            this.btnCancel.UseVisualStyleBackColor = true;
+            // 
+            // btnOK
+            // 
+            this.btnOK.Anchor = System.Windows.Forms.AnchorStyles.Bottom;
+            this.btnOK.Location = new System.Drawing.Point(119, 411);
+            this.btnOK.Name = "btnOK";
+            this.btnOK.Size = new System.Drawing.Size(75, 23);
+            this.btnOK.TabIndex = 3;
+            this.btnOK.Text = "Create";
+            this.btnOK.UseVisualStyleBackColor = true;
+            this.btnOK.Click += new System.EventHandler(this.btnOK_Click);
+            // 
+            // listViewProp
+            // 
+            this.listViewProp.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom) 
+            | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.listViewProp.FullRowSelect = true;
+            this.listViewProp.GridLines = true;
+            this.listViewProp.HideSelection = false;
+            this.listViewProp.Location = new System.Drawing.Point(12, 70);
+            this.listViewProp.Name = "listViewProp";
+            this.listViewProp.Size = new System.Drawing.Size(402, 330);
+            this.listViewProp.TabIndex = 4;
+            this.listViewProp.UseCompatibleStateImageBehavior = false;
+            this.listViewProp.View = System.Windows.Forms.View.Details;
+            this.listViewProp.DoubleClick += new System.EventHandler(this.listViewProp_DoubleClick);
+            // 
+            // textBoxEdit
+            // 
+            this.textBoxEdit.Location = new System.Drawing.Point(12, 414);
+            this.textBoxEdit.Name = "textBoxEdit";
+            this.textBoxEdit.Size = new System.Drawing.Size(36, 20);
+            this.textBoxEdit.TabIndex = 6;
+            this.textBoxEdit.Visible = false;
+            this.textBoxEdit.KeyPress += new System.Windows.Forms.KeyPressEventHandler(this.textBoxEdit_KeyPress);
+            this.textBoxEdit.LostFocus += new System.EventHandler(this.textBoxEdit_LostFocus);
+            // 
+            // textBoxParentDn
+            // 
+            this.textBoxParentDn.Enabled = false;
+            this.textBoxParentDn.Location = new System.Drawing.Point(75, 13);
+            this.textBoxParentDn.Name = "textBoxParentDn";
+            this.textBoxParentDn.Size = new System.Drawing.Size(339, 20);
+            this.textBoxParentDn.TabIndex = 7;
+            // 
+            // textBoxRdn
+            // 
+            this.textBoxRdn.Location = new System.Drawing.Point(77, 39);
+            this.textBoxRdn.Name = "textBoxRdn";
+            this.textBoxRdn.Size = new System.Drawing.Size(337, 20);
+            this.textBoxRdn.TabIndex = 8;
+            this.textBoxRdn.Text = "cn=";
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(9, 20);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(60, 13);
+            this.label1.TabIndex = 9;
+            this.label1.Text = "Parent DN:";
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(9, 46);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(62, 13);
+            this.label2.TabIndex = 10;
+            this.label2.Text = "Enter RDN:";
+            // 
+            // CreateForm
+            // 
+            this.AcceptButton = this.btnOK;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(426, 446);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.label1);
+            this.Controls.Add(this.textBoxRdn);
+            this.Controls.Add(this.textBoxParentDn);
+            this.Controls.Add(this.textBoxEdit);
+            this.Controls.Add(this.listViewProp);
+            this.Controls.Add(this.btnOK);
+            this.Controls.Add(this.btnCancel);
+            this.MaximizeBox = false;
+            this.MinimizeBox = false;
+            this.Name = "CreateForm";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "CreateForm";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.Object);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+
+
+        #endregion
+
+
+        private System.Windows.Forms.Button btnCancel;
+
+        private System.Windows.Forms.Button btnOK;
+        private System.Windows.Forms.ListView listViewProp;
+        private System.Windows.Forms.MaskedTextBox textBoxEdit;
+        private System.Windows.Forms.TextBox textBoxParentDn;
+        private System.Windows.Forms.TextBox textBoxRdn;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Label label2;
+
+    }
+
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.cs
new file mode 100644
index 000000000..407c7fc9a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.cs
@@ -0,0 +1,166 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Windows.Forms;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Utilities;
+using VMDir.Common.Schema;
+using LWRaftSnapIn.Utilities;
+using VMDir.Common.VMDirUtilities;
+using VMDirInterop.LDAP;
+using VMwareMMCIDP.UI.Common.Utilities;
+using VMDir.Common;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class CreateForm : Form
+    {
+        string _objectClass;
+        VMDirServerDTO _serverDTO;
+        Dictionary<string, VMDirAttributeDTO> _properties;
+        private string _parentDn;
+        public string Rdn;
+
+        public Dictionary<string, VMDirAttributeDTO> Attributes { get { return _properties; } }
+
+        public CreateForm(string objectClass, VMDirServerDTO serverDTO,string parentDn)
+        {
+            _objectClass = objectClass;
+            _serverDTO = serverDTO;
+            _parentDn = parentDn;
+
+            InitializeComponent();
+            ColumnHeader attrColumnHeader = new ColumnHeader();
+            attrColumnHeader.Text = "Attribute";
+            attrColumnHeader.Width = 200;
+            listViewProp.Columns.Add(attrColumnHeader);
+            ColumnHeader valColumnHeader = new ColumnHeader();
+            valColumnHeader.Text = "Value";
+            valColumnHeader.Width = 200;
+            listViewProp.Columns.Add(valColumnHeader);
+            Bind();
+        }
+
+        void Bind()
+        {
+            this.Text = "New " + _objectClass;
+            textBoxParentDn.Text = _parentDn;
+            MiscUtilsService.CheckedExec(delegate
+            { 
+            var requiredProps = _serverDTO.Connection.SchemaManager.GetRequiredAttributes(_objectClass);
+            _properties = new Dictionary<string, VMDirAttributeDTO>();
+            foreach (var prop in requiredProps)
+            {
+                VMDirAttributeDTO dto = new VMDirAttributeDTO(prop.Name, new List<LdapValue>(), prop);
+                _properties.Add(prop.Name, dto);
+            }
+            var oc = _properties[VMDirConstants.ATTR_OBJECT_CLASS];
+            LdapValue val = new LdapValue(_objectClass);
+            oc.Values = new List<LdapValue>() { val };
+            VMDir.Common.VMDirUtilities.Utilities.RemoveDontShowAttributes(_properties);
+
+            foreach (var item in _properties)
+            {
+                foreach (var values in item.Value.Values)
+                {
+                    ListViewItem lvi = new ListViewItem(new string[] { item.Key, values.StringValue });
+                    this.listViewProp.Items.Add(lvi);
+                }
+                if (item.Value.Values.Count == 0)
+                {
+                    ListViewItem lvi = new ListViewItem(new string[] { item.Key, string.Empty });
+                    this.listViewProp.Items.Add(lvi);
+                }
+            }
+            });
+        }
+
+        void listViewProp_DoubleClick(object sender, System.EventArgs e)
+        {
+            ListViewItem lvi = listViewProp.SelectedItems[0];
+            if (!string.Equals(lvi.SubItems[0].Text, VMDirConstants.ATTR_OBJECT_CLASS))
+            {
+                System.Windows.Forms.ListViewItem.ListViewSubItem lvsi = lvi.SubItems[1];
+                textBoxEdit.Bounds = new Rectangle(
+                    listViewProp.Bounds.Left + lvsi.Bounds.Left,
+                    listViewProp.Bounds.Top + lvsi.Bounds.Top,
+                    lvsi.Bounds.Width,
+                    lvsi.Bounds.Height);
+                var type = String.Empty;
+                textBoxEdit.Text = lvsi.Text;
+                textBoxEdit.Visible = true;
+                textBoxEdit.Focus();
+
+            }
+        }
+
+        void textBoxEdit_LostFocus(object sender, System.EventArgs e)
+        {
+            exitEditing();
+        }
+        void textBoxEdit_KeyPress(object sender, System.Windows.Forms.KeyPressEventArgs e)
+        {
+            if (e.KeyChar == (char)Keys.Enter)
+                exitEditing();
+        }
+
+        private void exitEditing()
+        {
+            ListViewItem lvi = listViewProp.SelectedItems[0];
+            System.Windows.Forms.ListViewItem.ListViewSubItem lvsi = lvi.SubItems[1];
+            lvsi.Text = textBoxEdit.Text;
+            textBoxEdit.Visible = false;
+            LdapValue val = new LdapValue(lvsi.Text);
+            _properties[lvi.SubItems[0].Text].Values = new List<LdapValue>() { val };
+        }
+        private void btnOK_Click(object sender, EventArgs e)
+        {
+            if (DoValidate())
+            {
+                Rdn = textBoxRdn.Text;
+                DialogResult = DialogResult.OK;
+                this.Close();
+            }
+        }
+
+        bool DoValidate()
+        {
+            if (string.IsNullOrWhiteSpace(textBoxParentDn.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_DN_ENT);
+                return false;
+            }
+            if (string.IsNullOrWhiteSpace(textBoxRdn.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RDN_ENT);
+                return false;
+            }
+            foreach (ListViewItem item in this.listViewProp.Items)
+            {
+                if (string.IsNullOrWhiteSpace(item.SubItems[1].Text))
+                {
+                    MMCDlgHelper.ShowWarning(item.SubItems[0].Text + " is required.");
+                    return false;
+                }
+            }
+            return true;
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.resx
new file mode 100644
index 000000000..c7e0d4bdf
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/CreateForm.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.Designer.cs
new file mode 100644
index 000000000..5d9f5dbaf
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.Designer.cs
@@ -0,0 +1,240 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class ExportResult
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.comboBoxFileFormat = new System.Windows.Forms.ComboBox();
+            this.comboBoxScope = new System.Windows.Forms.ComboBox();
+            this.label1 = new System.Windows.Forms.Label();
+            this.label2 = new System.Windows.Forms.Label();
+            this.buttonExport = new System.Windows.Forms.Button();
+            this.buttonCancel = new System.Windows.Forms.Button();
+            this.groupBox2 = new System.Windows.Forms.GroupBox();
+            this.comboBoxAttrToReturn = new System.Windows.Forms.ComboBox();
+            this.buttonAttrRemove = new System.Windows.Forms.Button();
+            this.listViewAttrToExport = new System.Windows.Forms.ListView();
+            this.Attribute = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.buttonAttrRemoveAll = new System.Windows.Forms.Button();
+            this.buttonAttrAdd = new System.Windows.Forms.Button();
+            this.checkBoxAttToExport = new System.Windows.Forms.CheckBox();
+            this.groupBox2.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // comboBoxFileFormat
+            // 
+            this.comboBoxFileFormat.FormattingEnabled = true;
+            this.comboBoxFileFormat.Location = new System.Drawing.Point(85, 34);
+            this.comboBoxFileFormat.Name = "comboBoxFileFormat";
+            this.comboBoxFileFormat.Size = new System.Drawing.Size(200, 21);
+            this.comboBoxFileFormat.TabIndex = 0;
+            // 
+            // comboBoxScope
+            // 
+            this.comboBoxScope.FormattingEnabled = true;
+            this.comboBoxScope.Location = new System.Drawing.Point(85, 74);
+            this.comboBoxScope.Name = "comboBoxScope";
+            this.comboBoxScope.Size = new System.Drawing.Size(200, 21);
+            this.comboBoxScope.TabIndex = 1;
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(25, 42);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(42, 13);
+            this.label1.TabIndex = 2;
+            this.label1.Text = "Format:";
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(25, 82);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(41, 13);
+            this.label2.TabIndex = 3;
+            this.label2.Text = "Scope:";
+            // 
+            // buttonExport
+            // 
+            this.buttonExport.Location = new System.Drawing.Point(228, 340);
+            this.buttonExport.Name = "buttonExport";
+            this.buttonExport.Size = new System.Drawing.Size(75, 23);
+            this.buttonExport.TabIndex = 4;
+            this.buttonExport.Text = "Export";
+            this.buttonExport.UseVisualStyleBackColor = true;
+            this.buttonExport.Click += new System.EventHandler(this.buttonExport_Click);
+            // 
+            // buttonCancel
+            // 
+            this.buttonCancel.Location = new System.Drawing.Point(147, 340);
+            this.buttonCancel.Name = "buttonCancel";
+            this.buttonCancel.Size = new System.Drawing.Size(75, 23);
+            this.buttonCancel.TabIndex = 5;
+            this.buttonCancel.Text = "Cancel";
+            this.buttonCancel.UseVisualStyleBackColor = true;
+            this.buttonCancel.Click += new System.EventHandler(this.buttonCancel_Click);
+            // 
+            // groupBox2
+            // 
+            this.groupBox2.Controls.Add(this.checkBoxAttToExport);
+            this.groupBox2.Controls.Add(this.comboBoxAttrToReturn);
+            this.groupBox2.Controls.Add(this.buttonAttrRemove);
+            this.groupBox2.Controls.Add(this.listViewAttrToExport);
+            this.groupBox2.Controls.Add(this.buttonAttrRemoveAll);
+            this.groupBox2.Controls.Add(this.buttonAttrAdd);
+            this.groupBox2.Location = new System.Drawing.Point(28, 116);
+            this.groupBox2.Name = "groupBox2";
+            this.groupBox2.Size = new System.Drawing.Size(390, 203);
+            this.groupBox2.TabIndex = 27;
+            this.groupBox2.TabStop = false;
+            this.groupBox2.Text = "Attributes To Export:";
+            // 
+            // comboBoxAttrToReturn
+            // 
+            this.comboBoxAttrToReturn.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxAttrToReturn.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxAttrToReturn.FormattingEnabled = true;
+            this.comboBoxAttrToReturn.Location = new System.Drawing.Point(24, 70);
+            this.comboBoxAttrToReturn.Name = "comboBoxAttrToReturn";
+            this.comboBoxAttrToReturn.Size = new System.Drawing.Size(251, 21);
+            this.comboBoxAttrToReturn.TabIndex = 9;
+            // 
+            // buttonAttrRemove
+            // 
+            this.buttonAttrRemove.Location = new System.Drawing.Point(295, 98);
+            this.buttonAttrRemove.Name = "buttonAttrRemove";
+            this.buttonAttrRemove.Size = new System.Drawing.Size(75, 23);
+            this.buttonAttrRemove.TabIndex = 12;
+            this.buttonAttrRemove.Text = "Remove";
+            this.buttonAttrRemove.UseVisualStyleBackColor = true;
+            this.buttonAttrRemove.Click += new System.EventHandler(this.buttonAttrRemove_Click);
+            // 
+            // listViewAttrToExport
+            // 
+            this.listViewAttrToExport.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.Attribute});
+            this.listViewAttrToExport.GridLines = true;
+            this.listViewAttrToExport.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.None;
+            this.listViewAttrToExport.Location = new System.Drawing.Point(24, 99);
+            this.listViewAttrToExport.Name = "listViewAttrToExport";
+            this.listViewAttrToExport.Size = new System.Drawing.Size(251, 88);
+            this.listViewAttrToExport.TabIndex = 11;
+            this.listViewAttrToExport.UseCompatibleStateImageBehavior = false;
+            this.listViewAttrToExport.View = System.Windows.Forms.View.Details;
+            // 
+            // Attribute
+            // 
+            this.Attribute.Width = 185;
+            // 
+            // buttonAttrRemoveAll
+            // 
+            this.buttonAttrRemoveAll.Location = new System.Drawing.Point(295, 128);
+            this.buttonAttrRemoveAll.Name = "buttonAttrRemoveAll";
+            this.buttonAttrRemoveAll.Size = new System.Drawing.Size(75, 23);
+            this.buttonAttrRemoveAll.TabIndex = 13;
+            this.buttonAttrRemoveAll.Text = "Remove All";
+            this.buttonAttrRemoveAll.UseVisualStyleBackColor = true;
+            this.buttonAttrRemoveAll.Click += new System.EventHandler(this.buttonAttrRemoveAll_Click);
+            // 
+            // buttonAttrAdd
+            // 
+            this.buttonAttrAdd.Location = new System.Drawing.Point(295, 68);
+            this.buttonAttrAdd.Name = "buttonAttrAdd";
+            this.buttonAttrAdd.Size = new System.Drawing.Size(75, 23);
+            this.buttonAttrAdd.TabIndex = 10;
+            this.buttonAttrAdd.Text = "Add";
+            this.buttonAttrAdd.UseVisualStyleBackColor = true;
+            this.buttonAttrAdd.Click += new System.EventHandler(this.buttonAttrAdd_Click);
+            // 
+            // checkBoxAttToExport
+            // 
+            this.checkBoxAttToExport.AutoSize = true;
+            this.checkBoxAttToExport.Location = new System.Drawing.Point(24, 38);
+            this.checkBoxAttToExport.Name = "checkBoxAttToExport";
+            this.checkBoxAttToExport.Size = new System.Drawing.Size(131, 17);
+            this.checkBoxAttToExport.TabIndex = 14;
+            this.checkBoxAttToExport.Text = "All Returned Attributes";
+            this.checkBoxAttToExport.UseVisualStyleBackColor = true;
+            this.checkBoxAttToExport.CheckedChanged += new System.EventHandler(this.checkBoxAttToExport_CheckedChanged);
+            // 
+            // ExportResult
+            // 
+            this.AcceptButton = this.buttonExport;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(460, 384);
+            this.Controls.Add(this.groupBox2);
+            this.Controls.Add(this.buttonCancel);
+            this.Controls.Add(this.buttonExport);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.label1);
+            this.Controls.Add(this.comboBoxScope);
+            this.Controls.Add(this.comboBoxFileFormat);
+            this.Name = "ExportResult";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Export Result";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.Export);
+            this.groupBox2.ResumeLayout(false);
+            this.groupBox2.PerformLayout();
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.ComboBox comboBoxFileFormat;
+        private System.Windows.Forms.ComboBox comboBoxScope;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Label label2;
+        private System.Windows.Forms.Button buttonExport;
+        private System.Windows.Forms.Button buttonCancel;
+        private System.Windows.Forms.GroupBox groupBox2;
+        private System.Windows.Forms.ComboBox comboBoxAttrToReturn;
+        private System.Windows.Forms.Button buttonAttrRemove;
+        private System.Windows.Forms.ListView listViewAttrToExport;
+        private System.Windows.Forms.ColumnHeader Attribute;
+        private System.Windows.Forms.Button buttonAttrRemoveAll;
+        private System.Windows.Forms.Button buttonAttrAdd;
+        private System.Windows.Forms.CheckBox checkBoxAttToExport;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.cs
new file mode 100644
index 000000000..20ce24cc4
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.cs
@@ -0,0 +1,204 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common;
+using LWRaftSnapIn.TreeNodes;
+using VMwareMMCIDP.UI.Common.Utilities;
+using LWRaftSnapIn.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class ExportResult : Form
+    {
+        private List<DirectoryNonExpandableNode> _result;
+        private List<string> _attrList;
+        private int _currPage;
+        private int _pageSize;
+        enum ExportScope{
+            CURR_PAGE=0,
+            FETCHED_PAGE
+        }
+        public ExportResult(List<DirectoryNonExpandableNode> result, List<string> attrList, int currPage, int pageSize)
+        {
+            this._result = result;
+            this._attrList = attrList;
+            this._currPage=currPage;
+            this._pageSize=pageSize;
+            InitializeComponent();
+        }
+
+        protected override void OnLoad(EventArgs e)
+        {
+            base.OnLoad(e);
+            this.comboBoxFileFormat.Items.Add("csv");
+            this.comboBoxScope.Items.Add("Current Result Page");
+            this.comboBoxScope.Items.Add("All Fetched Pages");
+            this.comboBoxFileFormat.SelectedIndex = 0;
+            this.comboBoxScope.SelectedIndex = 0;
+            this.checkBoxAttToExport.CheckState = CheckState.Checked;
+            this.comboBoxAttrToReturn.Items.AddRange(_attrList.ToArray());
+        }
+        private void buttonCancel_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+
+        private void buttonExport_Click(object sender, EventArgs e)
+        {
+            if (!ValidateForm())
+            {
+                return;
+            }
+            MiscUtilsService.CheckedExec(delegate()
+            {
+                StringBuilder sb = new StringBuilder();
+                var start = 0;
+                var end = _result.Count();
+                if (comboBoxScope.SelectedIndex == (int)ExportScope.CURR_PAGE)
+                {
+                    start = (_currPage - 1) * _pageSize;
+                    end = _currPage * _pageSize > _result.Count ? _result.Count : _currPage * _pageSize;
+                }
+                HashSet<string> attrToExport = new HashSet<string>();
+                if (checkBoxAttToExport.CheckState == CheckState.Checked)
+                {
+                    foreach (var item in _attrList)
+                    {
+                        attrToExport.Add(item);
+                    }
+                }
+                else
+                {
+                    foreach (ListViewItem item in listViewAttrToExport.Items)
+                    {
+                        attrToExport.Add(item.SubItems[0].Text);
+                    }
+                }
+
+                foreach (var item in attrToExport)
+                {
+                    sb.Append(item + ",");
+                }
+                sb.Append(Environment.NewLine);
+                for (var i = start; i < end; i++)
+                {
+                    foreach (var item in attrToExport)
+                    {
+                        sb.Append("\"");
+                        if (_result[i].NodeProperties.ContainsKey(item))
+                        {
+                            foreach (var val in _result[i].NodeProperties[item].Values)
+                                sb.Append(val.StringValue + " ");
+                        }
+                        sb.Append("\"");
+                        sb.Append(",");
+                    }
+                    sb.Append(Environment.NewLine);
+                }
+                if (MMCMiscUtil.SaveDataToFile(sb.ToString(), "Export Result", MMCUIConstants.CSV_FILTER))
+                {
+                    MMCDlgHelper.ShowInformation(VMDirConstants.STAT_RES_EXPO_SUCC);
+                }
+            });
+        }
+
+        private bool ValidateForm()
+        {
+            if (comboBoxFileFormat.SelectedItem == null)
+            {
+                if (comboBoxFileFormat.Items.Contains(comboBoxFileFormat.Text))
+                {
+                    comboBoxFileFormat.SelectedIndex = comboBoxFileFormat.Items.IndexOf(comboBoxFileFormat.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_FILE_FORMAT);
+                    return false;
+                }
+            }
+            if (comboBoxScope.SelectedItem == null)
+            {
+                if (comboBoxScope.Items.Contains(comboBoxScope.Text))
+                {
+                    comboBoxScope.SelectedIndex = comboBoxScope.Items.IndexOf(comboBoxScope.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_SCOPE);
+                    return false;
+                }
+            }
+            if (checkBoxAttToExport.CheckState == CheckState.Unchecked && listViewAttrToExport.Items.Count <= 0)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+                return false;
+            }
+            return true;
+        }
+
+        private void buttonAttrAdd_Click(object sender, EventArgs e)
+        {
+            var item = comboBoxAttrToReturn.SelectedItem;
+            var lvi = new ListViewItem(new string[] { item.ToString() });
+            listViewAttrToExport.Items.Add(lvi);
+            this.comboBoxAttrToReturn.SelectedIndex = 0;
+            this.comboBoxAttrToReturn.Items.Remove(item);
+        }
+
+        private void buttonAttrRemove_Click(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewAttrToExport.SelectedItems)
+            {
+                this.listViewAttrToExport.Items.Remove(item);
+                this.comboBoxAttrToReturn.Items.Add(item);
+            }
+        }
+
+        private void buttonAttrRemoveAll_Click(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewAttrToExport.Items)
+            {
+                this.comboBoxAttrToReturn.Items.Add(item);
+            }
+            this.listViewAttrToExport.Items.Clear();
+        }
+        void checkBoxAttToExport_CheckedChanged(object sender, System.EventArgs e)
+        {
+            if (this.checkBoxAttToExport.CheckState == CheckState.Checked)
+            {
+                comboBoxAttrToReturn.Enabled = false;
+                listViewAttrToExport.Enabled = false;
+                buttonAttrAdd.Enabled = false;
+                buttonAttrRemove.Enabled = false;
+                buttonAttrRemoveAll.Enabled = false;
+            }
+            else
+            {
+                comboBoxAttrToReturn.Enabled = true;
+                listViewAttrToExport.Enabled = true;
+                buttonAttrAdd.Enabled = true;
+                buttonAttrRemove.Enabled = true;
+                buttonAttrRemoveAll.Enabled = true;
+            }
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ExportResult.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.Designer.cs
new file mode 100644
index 000000000..aa7be849e
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.Designer.cs
@@ -0,0 +1,163 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class PropertiesControl
+    {
+        /// <summary> 
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary> 
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Component Designer generated code
+
+        /// <summary> 
+        /// Required method for Designer support - do not modify 
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.components = new System.ComponentModel.Container();
+            this.buttonSubmit = new System.Windows.Forms.Button();
+            this.buttonReset = new System.Windows.Forms.Button();
+            this.listViewProp = new System.Windows.Forms.ListView();
+            this.contextMenuStripProp = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.addAnotherToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+            this.textBoxEdit = new System.Windows.Forms.MaskedTextBox();
+            this.panel1 = new System.Windows.Forms.Panel();
+            this.contextMenuStripProp.SuspendLayout();
+            this.panel1.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // buttonSubmit
+            // 
+            this.buttonSubmit.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.buttonSubmit.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.buttonSubmit.Location = new System.Drawing.Point(167, 4);
+            this.buttonSubmit.Name = "buttonSubmit";
+            this.buttonSubmit.Size = new System.Drawing.Size(75, 23);
+            this.buttonSubmit.TabIndex = 1;
+            this.buttonSubmit.Text = "Submit";
+            this.buttonSubmit.UseVisualStyleBackColor = true;
+            this.buttonSubmit.Click += new System.EventHandler(this.buttonSubmit_Click);
+            // 
+            // buttonReset
+            // 
+            this.buttonReset.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.buttonReset.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.buttonReset.Location = new System.Drawing.Point(257, 4);
+            this.buttonReset.Name = "buttonReset";
+            this.buttonReset.Size = new System.Drawing.Size(75, 23);
+            this.buttonReset.TabIndex = 2;
+            this.buttonReset.Text = "Reset";
+            this.buttonReset.UseVisualStyleBackColor = true;
+            this.buttonReset.Click += new System.EventHandler(this.buttonReset_Click);
+            // 
+            // listViewProp
+            // 
+            this.listViewProp.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom) 
+            | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.listViewProp.ContextMenuStrip = this.contextMenuStripProp;
+            this.listViewProp.FullRowSelect = true;
+            this.listViewProp.GridLines = true;
+            this.listViewProp.HideSelection = false;
+            this.listViewProp.Location = new System.Drawing.Point(0, 0);
+            this.listViewProp.Name = "listViewProp";
+            this.listViewProp.Size = new System.Drawing.Size(480, 446);
+            this.listViewProp.TabIndex = 4;
+            this.listViewProp.UseCompatibleStateImageBehavior = false;
+            this.listViewProp.View = System.Windows.Forms.View.Details;
+            this.listViewProp.DoubleClick += new System.EventHandler(this.listViewProp_DoubleClick);
+            // 
+            // contextMenuStripProp
+            // 
+            this.contextMenuStripProp.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.addAnotherToolStripMenuItem});
+            this.contextMenuStripProp.Name = "contextMenuStripProp";
+            this.contextMenuStripProp.Size = new System.Drawing.Size(143, 26);
+            this.contextMenuStripProp.Opening += new System.ComponentModel.CancelEventHandler(this.contextMenuStripProp_Opening);
+            // 
+            // addAnotherToolStripMenuItem
+            // 
+            this.addAnotherToolStripMenuItem.Name = "addAnotherToolStripMenuItem";
+            this.addAnotherToolStripMenuItem.Size = new System.Drawing.Size(142, 22);
+            this.addAnotherToolStripMenuItem.Text = "Add Another";
+            this.addAnotherToolStripMenuItem.Click += new System.EventHandler(this.addAnotherToolStripMenuItem_Click);
+            // 
+            // textBoxEdit
+            // 
+            this.textBoxEdit.Anchor = System.Windows.Forms.AnchorStyles.None;
+            this.textBoxEdit.Location = new System.Drawing.Point(23, 426);
+            this.textBoxEdit.Name = "textBoxEdit";
+            this.textBoxEdit.Size = new System.Drawing.Size(36, 20);
+            this.textBoxEdit.TabIndex = 5;
+            this.textBoxEdit.Visible = false;
+            this.textBoxEdit.KeyPress += new System.Windows.Forms.KeyPressEventHandler(this.textBoxEdit_KeyPress);
+            this.textBoxEdit.LostFocus += new System.EventHandler(this.textBoxEdit_LostFocus);
+            // 
+            // panel1
+            // 
+            this.panel1.BorderStyle = System.Windows.Forms.BorderStyle.Fixed3D;
+            this.panel1.Controls.Add(this.buttonReset);
+            this.panel1.Controls.Add(this.buttonSubmit);
+            this.panel1.Dock = System.Windows.Forms.DockStyle.Bottom;
+            this.panel1.Location = new System.Drawing.Point(0, 452);
+            this.panel1.Name = "panel1";
+            this.panel1.Size = new System.Drawing.Size(480, 35);
+            this.panel1.TabIndex = 6;
+            // 
+            // PropertiesControl
+            // 
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Inherit;
+            this.AutoScroll = true;
+            this.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.Controls.Add(this.panel1);
+            this.Controls.Add(this.textBoxEdit);
+            this.Controls.Add(this.listViewProp);
+            this.DoubleBuffered = true;
+            this.Name = "PropertiesControl";
+            this.Size = new System.Drawing.Size(480, 487);
+            this.contextMenuStripProp.ResumeLayout(false);
+            this.panel1.ResumeLayout(false);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Button buttonSubmit;
+        private System.Windows.Forms.Button buttonReset;
+        private System.Windows.Forms.ListView listViewProp;
+        private System.Windows.Forms.ContextMenuStrip contextMenuStripProp;
+        private System.Windows.Forms.ToolStripMenuItem addAnotherToolStripMenuItem;
+        private System.Windows.Forms.MaskedTextBox textBoxEdit;
+        private System.Windows.Forms.Panel panel1;
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.cs
new file mode 100644
index 000000000..1cf95f06d
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.cs
@@ -0,0 +1,453 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+using System.Collections.Generic;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDir.Common.Schema;
+using LWRaftSnapIn.Utilities;
+using VMwareMMCIDP.UI.Common.Utilities;
+using System.Linq;
+using System;
+using VMDirInterop.LDAP;
+using System.Drawing;
+using System.ComponentModel;
+using VMIdentity.CommonUtils;
+using VmdirUtil = VMDir.Common.VMDirUtilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class PropertiesControl : UserControl
+    {
+        private Dictionary<string, VMDirAttributeDTO> _properties;
+        private List<AttributeDTO> _currAttrDTOList;
+        private List<AttributeDTO> _optAttrDTOList;
+        private List<AttributeDTO> _oprAttrDTOList;
+        private HashSet<string> _modData;
+        private List<AttributeTypeDTO> _mayAttrTyDTOList;
+        private string _objectClass = string.Empty;
+        private string _dn = string.Empty;
+        private VMDirServerDTO _serverDTO;
+        private string oldVal = string.Empty;
+        enum GroupTag
+        {
+            OPERATIONAL_ATT=0,
+            CURRENT_ATTR,
+            OPTIONAL_ATT
+        }
+
+        public PropertiesControl()
+        {
+            InitializeComponent();
+            MMCMiscUtil.SetDoubleBuffered(this.listViewProp);
+            this.Dock = DockStyle.Fill;
+
+            ColumnHeader attrColumnHeader = new ColumnHeader();
+            attrColumnHeader.Text = "Attribute";
+            attrColumnHeader.Width = 400;
+            listViewProp.Columns.Add(attrColumnHeader);
+            ColumnHeader valColumnHeader = new ColumnHeader();
+            valColumnHeader.Text = "Value";
+            valColumnHeader.Width = 400;
+            listViewProp.Columns.Add(valColumnHeader);
+            ColumnHeader typColumnHeader = new ColumnHeader();
+            typColumnHeader.Text = "Syntax";
+            typColumnHeader.Width = 400;
+            listViewProp.Columns.Add(typColumnHeader);
+
+            _properties = new Dictionary<string, VMDirAttributeDTO>();
+            _currAttrDTOList = new List<AttributeDTO>();
+            _optAttrDTOList = new List<AttributeDTO>();
+            _oprAttrDTOList = new List<AttributeDTO>();
+            _mayAttrTyDTOList = new List<AttributeTypeDTO>();
+            _modData = new HashSet<string>();
+            SetEditState(false);
+        }
+        internal void Init(string dn, string oc, VMDirServerDTO serverDTO, Dictionary<string, VMDirAttributeDTO> properties)
+        {
+            if (serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            _properties = properties;
+            _objectClass = oc;
+            _dn = dn;
+            _serverDTO = serverDTO;
+            ClearData();
+            ClearContext();
+            GetData();
+            FillListView();
+            SetEditState(false);
+        }
+
+        public void ClearData()
+        {
+            _currAttrDTOList.Clear();
+            _oprAttrDTOList.Clear();
+            _optAttrDTOList.Clear();
+            _modData.Clear();
+        }
+        public void ClearContext()
+        {
+            this.listViewProp.Items.Clear();
+            this.listViewProp.Groups.Clear();
+            SetEditState(false);
+        }
+        public void GetData()
+        {
+            _currAttrDTOList = VmdirUtil.Utilities.ConvertToAttributeDTOList(_properties);
+
+            if (getGroup(GroupTag.OPTIONAL_ATT) != null)
+                GetOptionalAttribute();
+            if (getGroup(GroupTag.OPERATIONAL_ATT) != null)
+                GetOperationalAttribute();
+        }
+
+        private void GetOptionalAttribute()
+        {
+            MiscUtilsService.CheckedExec(delegate
+                 {
+                     if (string.IsNullOrWhiteSpace(_objectClass))
+                         _objectClass = VmdirUtil.Utilities.GetAttrLastVal(_properties, VMDirConstants.ATTR_OBJECT_CLASS);
+                         _mayAttrTyDTOList.Clear();
+                         _mayAttrTyDTOList = _serverDTO.Connection.SchemaManager.GetOptionalAttributes(_objectClass);
+                         _optAttrDTOList.Clear();
+                         foreach (var item in _mayAttrTyDTOList)
+                             if (item != null)
+                                 _optAttrDTOList.Add(new AttributeDTO(item.Name, string.Empty, item));
+                     foreach (var item in _currAttrDTOList)
+                     {
+                         if (item.AttrSyntaxDTO.SingleValue)
+                             _optAttrDTOList.RemoveAll(x => x.Name.Equals(item.Name));
+                     }
+                     _optAttrDTOList.Sort((x, y) => string.Compare(x.Name, y.Name, StringComparison.InvariantCultureIgnoreCase));
+                 });
+        }
+
+        private void GetOperationalAttribute()
+        {
+            TextQueryDTO dto = new TextQueryDTO(_dn, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC,
+                new string[] { "+" }, 0, IntPtr.Zero, 0);
+            var operationalProperties = new Dictionary<string, VMDirAttributeDTO>();
+            _serverDTO.Connection.Search(dto, (l, e) =>
+            {
+                if (e.Count > 0)
+                    operationalProperties = _serverDTO.Connection.GetEntryProperties(e[0]);
+            });
+            _oprAttrDTOList = VmdirUtil.Utilities.ConvertToAttributeDTOList(operationalProperties);
+        }
+        public void FillListView()
+        {
+            var clvg = new ListViewGroup("Current Attributes") { Tag = GroupTag.CURRENT_ATTR };          
+            listViewProp.Groups.Add(clvg);
+            var lviList = new List<ListViewItem>();
+            foreach (var item in _currAttrDTOList)
+            {
+                var val = item.Value;
+                if (string.Equals(item.AttrSyntaxDTO.Type, "Generalized Time"))
+                    val = VmdirUtil.Utilities.ConvertGeneralizedTimeIntoReadableFormat(item.Value);
+                lviList.Add(new ListViewItem(new string[] { item.Name, val, item.AttrSyntaxDTO.Type }) { Tag = clvg.Tag, Group = clvg, BackColor = Color.WhiteSmoke });
+            }
+            listViewProp.Items.AddRange(lviList.ToArray());
+
+            if(_serverDTO.OptionalAttrFlag)
+                ShowOptionalAttribute();
+            else
+                HideAttribute(GroupTag.OPTIONAL_ATT);
+
+            if (_serverDTO.OperationalAttrFlag)
+                ShowOperationalAttribute();
+            else
+                HideAttribute(GroupTag.OPERATIONAL_ATT);
+        }
+
+        private void ShowOptionalAttribute()
+        {
+            if (_serverDTO == null || _serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            MiscUtilsService.CheckedExec(delegate
+            {
+                if (_optAttrDTOList.Count <= 0)
+                    GetOptionalAttribute();
+                var optlvg = new ListViewGroup("Optional Attributes") { Tag = GroupTag.OPTIONAL_ATT };
+                listViewProp.Groups.Add(optlvg);
+
+                var lviList = new List<ListViewItem>();
+                foreach (var item in _optAttrDTOList)
+                {
+                    lviList.Add(new ListViewItem(new string[] { item.Name, item.Value, item.AttrSyntaxDTO.Type }) { Tag = optlvg.Tag, Group = optlvg, BackColor = Color.WhiteSmoke });
+                }
+                listViewProp.Items.AddRange(lviList.ToArray());
+            });
+        }
+
+        private void HideAttribute(GroupTag grpTag)
+        {
+            foreach (ListViewGroup grp in listViewProp.Groups)
+            {
+                if ((GroupTag)grp.Tag == grpTag)
+                {
+                    while (grp.Items.Count > 0)
+                    {
+                        listViewProp.Items.Remove(grp.Items[0]);
+                    }
+                    listViewProp.Groups.Remove(grp);
+                    break;
+                }
+            }
+        }
+
+        private void ShowOperationalAttribute()
+        {
+            if (_serverDTO == null || _serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            MiscUtilsService.CheckedExec(delegate
+            {
+                if (_oprAttrDTOList.Count <= 0)
+                    GetOperationalAttribute();
+                var oprlvg = new ListViewGroup("Operational Attributes") { Tag = GroupTag.OPERATIONAL_ATT };
+                this.listViewProp.Groups.Insert(0, oprlvg);
+
+                var lviList = new List<ListViewItem>();
+                foreach (var item in _oprAttrDTOList)
+                {
+                    var val = item.Value;
+                    if (string.Equals(item.AttrSyntaxDTO.Type, "Generalized Time"))
+                        val = VmdirUtil.Utilities.ConvertGeneralizedTimeIntoReadableFormat(item.Value);
+                    lviList.Add(new ListViewItem(new string[] { item.Name, val, item.AttrSyntaxDTO.Type }) { Tag = oprlvg.Tag, Group = oprlvg, BackColor = Color.WhiteSmoke });
+                }
+                listViewProp.Items.AddRange(lviList.ToArray());
+            });
+        }
+        public void RefreshPropertiesView()
+        {
+            ClearData();
+            _properties.Clear();
+            ClearContext();
+            MiscUtilsService.CheckedExec(delegate
+            {
+                TextQueryDTO dto = new TextQueryDTO(_dn, LdapScope.SCOPE_BASE, VMDirConstants.SEARCH_ALL_OC, null, 0, IntPtr.Zero, 0);
+                _serverDTO.Connection.Search(dto,
+                    (l, e) =>
+                    {
+                        if (e.Count > 0)
+                            _properties = _serverDTO.Connection.GetEntryProperties(e[0]);
+                    });
+            });
+            GetData();
+            FillListView();
+        }
+
+        private ListViewGroup getGroup(GroupTag groupTag)
+        {
+            foreach (ListViewGroup lvg in listViewProp.Groups)
+                if ((GroupTag)lvg.Tag == groupTag)
+                    return lvg;
+            return null;
+        }
+
+        private void contextMenuStripProp_Opening(object sender, CancelEventArgs e)
+        {
+            if (this.listViewProp.SelectedIndices.Count != 1)
+            {
+                e.Cancel = true;
+            }
+            else
+            {
+                var key = this.listViewProp.SelectedItems[0].Text;
+                if (_serverDTO.Connection.SchemaManager.isSingleValue(key))
+                    e.Cancel = true;
+            }
+        }
+
+        private void addAnotherToolStripMenuItem_Click(object sender, EventArgs e)
+        {
+            listViewProp.ListViewItemSorter = new ListViewColumnSorter();
+
+            ListViewItem lvi = this.listViewProp.SelectedItems[0];
+            var key = lvi.SubItems[0].Text;
+            var type = lvi.SubItems[2].Text;
+            var index = this.listViewProp.SelectedIndices[0] + 1;
+            var tag = this.listViewProp.SelectedItems[0].Group.Tag;
+            ListViewItem newLvi = new ListViewItem(new string[] { key, string.Empty, type }) { Tag = tag, Group = getGroup((GroupTag)tag), BackColor = Color.WhiteSmoke };
+            listViewProp.Items.Insert(index, newLvi);
+            listViewProp.ListViewItemSorter = null;
+        }
+
+        void listViewProp_DoubleClick(object sender, System.EventArgs e)
+        {
+            ListViewItem lvi = listViewProp.SelectedItems[0];
+
+            var pt = listViewProp.PointToClient(Control.MousePosition);
+            var pt2 = listViewProp.PointToScreen(listViewProp.Bounds.Location);
+            var top = lvi.SubItems[2].Bounds.Top;
+            var bottom = lvi.SubItems[2].Bounds.Bottom;
+            var left = lvi.SubItems[2].Bounds.Left;
+            var right = lvi.SubItems[2].Bounds.Right;
+            if (pt.X >= left && pt.X <= right && pt.Y >= top && pt.Y <= bottom)
+            {
+                var type = _serverDTO.Connection.SchemaManager.GetAttributeType(lvi.SubItems[0].Text);
+                AttributeHelpDTO attrHelp = null;
+                if (type.AttributeSyntax != null)
+                    VmdirUtil.VMDirCommonEnvironment.Instance.AttrHelpDict.TryGetValue(type.AttributeSyntax, out attrHelp);
+
+                var frm = new AttrInfoForm(attrHelp);
+                frm.Text = type.AttributeSyntax;
+                var maxHt = Screen.PrimaryScreen.Bounds.Height;
+                var maxWd = Screen.PrimaryScreen.Bounds.Width;
+                var x = pt2.X + left;
+                var y = pt2.Y + top;
+                if (y + frm.Height > maxHt)
+                    y = y - frm.Height;
+                if (x + frm.Width > maxWd)
+                    x = x - frm.Width;
+                frm.Location = new Point(x, y);
+                frm.ShowDialog();
+            }
+
+            else
+            {
+                System.Windows.Forms.ListViewItem.ListViewSubItem lvsi = lvi.SubItems[1];
+                textBoxEdit.Bounds = new Rectangle(
+                    listViewProp.Bounds.Left + lvsi.Bounds.Left,
+                    listViewProp.Bounds.Top + lvsi.Bounds.Top,
+                    lvsi.Bounds.Width,
+                    lvsi.Bounds.Height);
+                textBoxEdit.Text = lvsi.Text;
+                oldVal = lvsi.Text;
+                textBoxEdit.Visible = true;
+                textBoxEdit.Focus();
+            }
+        }
+
+        void textBoxEdit_LostFocus(object sender, System.EventArgs e)
+        {
+            exitEditing();
+        }
+        void textBoxEdit_KeyPress(object sender, System.Windows.Forms.KeyPressEventArgs e)
+        {
+            if (e.KeyChar == (char)Keys.Enter)
+                exitEditing();
+        }
+
+        private void exitEditing()
+        {
+            ListViewItem lvi = listViewProp.SelectedItems[0];
+            System.Windows.Forms.ListViewItem.ListViewSubItem lvsi = lvi.SubItems[1];
+            lvsi.Text = textBoxEdit.Text;
+            if (!string.Equals(oldVal, lvsi.Text)) 
+            {
+                _modData.Add(lvi.SubItems[0].Text);
+                lvi.BackColor = Color.LightYellow;
+                SetEditState(true);
+            }
+            oldVal = string.Empty;
+            textBoxEdit.Visible = false;
+
+        }
+
+        private void buttonSubmit_Click(object sender, EventArgs e)
+        {
+            if (_serverDTO==null || _serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            MiscUtilsService.CheckedExec(delegate
+            {
+                if (_modData.Count > 0)
+                {
+                    var finalMods = new Dictionary<string, List<string>>();
+                    foreach (ListViewItem item in listViewProp.Items)
+                    {
+                        var key = item.SubItems[0].Text;
+                        var val = item.SubItems[1].Text;
+                        if (_modData.Contains(key))
+                        {
+                            if (finalMods.ContainsKey(key))
+                            {
+                                finalMods[key].Add(val);
+                            }
+                            else
+                            {
+                                finalMods.Add(key, new List<string>() { val });
+                            }
+                        }
+                    }
+                    var frm = new SubmitModConfirm(finalMods);
+                    if (frm.ShowDialog() != DialogResult.OK)
+                        return;
+
+                    //LdapMod[] attrMods = new LdapMod[finalMods.Count];
+                    List<AttributeModStatus> modificationStatus = new List<AttributeModStatus>();
+                    int i = 0;
+                    foreach (var m in finalMods)
+                    {
+                        LdapMod[] ldapVal = new LdapMod[1];
+                        var values = m.Value.Where(x => !string.IsNullOrWhiteSpace(x)).ToArray();
+                        Array.Resize(ref values, values.Count() + 1);
+                        ldapVal[0] = new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_REPLACE, m.Key, values);
+                        try
+                        {
+                            _serverDTO.Connection.ModifyObject(_dn, ldapVal);
+                            modificationStatus.Add(new AttributeModStatus(m.Key,true,"Success"));
+                        }
+                        catch(Exception exp){
+                            modificationStatus.Add(new AttributeModStatus(m.Key, false, exp.Message));
+                        }
+                        i++;
+                    }
+                    var frm2 = new SubmitModStatus(modificationStatus);
+                    frm2.ShowDialog();
+                    RefreshPropertiesView();
+                }
+            });
+        }
+
+        private void buttonReset_Click(object sender, EventArgs e)
+        {
+            if (_serverDTO == null || _serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            ClearContext();
+            _modData.Clear();
+            FillListView();
+            SetEditState(false);
+        }
+
+        public void SetEditState(bool state)
+        {
+            this.buttonSubmit.Visible = state;
+            this.buttonReset.Visible = state;
+        }
+        public void ClearView()
+        {
+            _properties = null;
+            _mayAttrTyDTOList.Clear();
+            ClearData();
+            ClearContext();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.resx
new file mode 100644
index 000000000..35b92e8d8
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/PropertiesControl.resx
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <metadata name="contextMenuStripProp.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>17, 17</value>
+  </metadata>
+  <metadata name="$this.TrayHeight" type="System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
+    <value>41</value>
+  </metadata>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.Designer.cs
new file mode 100644
index 000000000..d13a5000f
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.Designer.cs
@@ -0,0 +1,161 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class ResetUserPwdForm
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(ResetUserPwdForm));
+            this.label1 = new System.Windows.Forms.Label();
+            this.label2 = new System.Windows.Forms.Label();
+            this.textBox1 = new System.Windows.Forms.TextBox();
+            this.textBox2 = new System.Windows.Forms.TextBox();
+            this.buttonCancel = new System.Windows.Forms.Button();
+            this.buttonSubmit = new System.Windows.Forms.Button();
+            this.label3 = new System.Windows.Forms.Label();
+            this.textBoxDn = new System.Windows.Forms.TextBox();
+            this.SuspendLayout();
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(22, 80);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(106, 13);
+            this.label1.TabIndex = 0;
+            this.label1.Text = "New User Password:";
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(22, 119);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(119, 13);
+            this.label2.TabIndex = 1;
+            this.label2.Text = "Confirm New Password:";
+            // 
+            // textBox1
+            // 
+            this.textBox1.Location = new System.Drawing.Point(150, 73);
+            this.textBox1.Name = "textBox1";
+            this.textBox1.PasswordChar = '*';
+            this.textBox1.Size = new System.Drawing.Size(200, 20);
+            this.textBox1.TabIndex = 2;
+            // 
+            // textBox2
+            // 
+            this.textBox2.Location = new System.Drawing.Point(150, 112);
+            this.textBox2.Name = "textBox2";
+            this.textBox2.PasswordChar = '*';
+            this.textBox2.Size = new System.Drawing.Size(200, 20);
+            this.textBox2.TabIndex = 3;
+            // 
+            // buttonCancel
+            // 
+            this.buttonCancel.Location = new System.Drawing.Point(96, 167);
+            this.buttonCancel.Name = "buttonCancel";
+            this.buttonCancel.Size = new System.Drawing.Size(75, 23);
+            this.buttonCancel.TabIndex = 4;
+            this.buttonCancel.Text = "Cancel";
+            this.buttonCancel.UseVisualStyleBackColor = true;
+            this.buttonCancel.Click += new System.EventHandler(this.buttonCancel_Click);
+            // 
+            // buttonSubmit
+            // 
+            this.buttonSubmit.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.buttonSubmit.Location = new System.Drawing.Point(194, 167);
+            this.buttonSubmit.Name = "buttonSubmit";
+            this.buttonSubmit.Size = new System.Drawing.Size(75, 23);
+            this.buttonSubmit.TabIndex = 5;
+            this.buttonSubmit.Text = "Submit";
+            this.buttonSubmit.UseVisualStyleBackColor = true;
+            this.buttonSubmit.Click += new System.EventHandler(this.buttonSubmit_Click);
+            // 
+            // label3
+            // 
+            this.label3.AutoSize = true;
+            this.label3.Location = new System.Drawing.Point(22, 36);
+            this.label3.Name = "label3";
+            this.label3.Size = new System.Drawing.Size(26, 13);
+            this.label3.TabIndex = 6;
+            this.label3.Text = "DN:";
+            // 
+            // textBoxDn
+            // 
+            this.textBoxDn.Location = new System.Drawing.Point(150, 29);
+            this.textBoxDn.Name = "textBoxDn";
+            this.textBoxDn.Size = new System.Drawing.Size(200, 20);
+            this.textBoxDn.TabIndex = 7;
+            // 
+            // ResetUserPwdForm
+            // 
+            this.AcceptButton = this.buttonSubmit;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(373, 212);
+            this.Controls.Add(this.textBoxDn);
+            this.Controls.Add(this.label3);
+            this.Controls.Add(this.buttonSubmit);
+            this.Controls.Add(this.buttonCancel);
+            this.Controls.Add(this.textBox2);
+            this.Controls.Add(this.textBox1);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.label1);
+            this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
+            this.Name = "ResetUserPwdForm";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Reset User Password";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Label label2;
+        private System.Windows.Forms.TextBox textBox1;
+        private System.Windows.Forms.TextBox textBox2;
+        private System.Windows.Forms.Button buttonCancel;
+        private System.Windows.Forms.Button buttonSubmit;
+        private System.Windows.Forms.Label label3;
+        private System.Windows.Forms.TextBox textBoxDn;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.cs
new file mode 100644
index 000000000..fe1d31a7b
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.cs
@@ -0,0 +1,72 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class ResetUserPwdForm : Form
+    {
+        public string Password;
+        public string Dn;
+        public ResetUserPwdForm(string dn)
+        {
+            this.Dn = dn;
+            InitializeComponent();
+            this.textBoxDn.Text = dn;
+        }
+
+        private void buttonCancel_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+
+        private void buttonSubmit_Click(object sender, EventArgs e)
+        {
+            if (!validateInput())
+            {
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            Password = this.textBox1.Text;
+        }
+
+        private bool validateInput()
+        {
+            string msg = string.Empty;
+            if (string.IsNullOrWhiteSpace(this.textBoxDn.Text))
+            {
+                msg = VMDirConstants.WRN_DN_ENT;
+            }
+            else if (string.IsNullOrWhiteSpace(this.textBox1.Text))
+            {
+                msg = VMDirConstants.WRN_NEW_PWD_ENT;
+            }
+            else if (!string.Equals(this.textBox1.Text, this.textBox2.Text))
+            {
+                msg = VMDirConstants.WRN_PWD_NO_MATCH;
+            }
+            if (!string.IsNullOrWhiteSpace(msg))
+            {
+                MMCDlgHelper.ShowWarning(msg);
+                return false;
+            }
+            return true;
+
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.resx
new file mode 100644
index 000000000..2b3d8d302
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/ResetUserPwdForm.resx
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAA
+        AABfIwAxXhEAamAmAWZhIwBmXxoAZlosBGZdQBJmXT0TZl09EmZcPhJmXT0QZlo8EGZUPBNhW0ATXykX
+        BVEAAAAh724U//GNOP/saQv/7W8S/+p4Gf/qoU//8sR4//C4ZP/xu2j/8Lpn//G7af/wumj/7bxp/vLD
+        cf/HkEjPIhMATO9+LPH48K386X0e/OuQMvzpxGP89d+z/Pvq0Pz31Zn8+NSQ/PfRjPz537H8+eG3/ffQ
+        i/372Zr7775u/11AEVfueCX0+Oih/+qAIf/tkTT/68Bc//DKkv//9ev/++K9//PQkv/0yXn/9tej//jq
+        2f722qz7+dWS/9ynW+F7PgMl7nkl9Pzspf/uji7/7pQ4//bJaP/Om0f/ppV0/9PJvv//68v/89CW//XL
+        gP7437X9+ufE/+Gva9+vYBJNAAAAAO57J/H95qH/9sNi/vrCYf/ovGT/kYhz/46Rlv97enb/zsW4///3
+        3P712qr99tKE/tOaTNajYxcmAAAAAJtkKwHtdh/+/eap//vaiP3/02791rBi/pqgrf7V1NL+oKCf/np6
+        e/+7pIH//NGI/uOOO/9qLQs/AAAAALBvLgEAAAAA6VcHgfKcT//96rH//d2V//jYjf+qoor/t73D/8PB
+        v/+mpaj+en12/cNwJv7GSAClAAAACEUAABD/xzQEAAAAAAAAAADpWwBw62oQ2ulpEdjuaAzi1l4R/Yxo
+        V/y+x8v+ysjG/rO3uv6CdnL4JyEenSAiIZQOGhpyAAAALwAAAA4AAAAAAAAAAOhBAAnmKgAc3UwAtulj
+        DPveZBH3o3RX/sTM0/7V1NT+ubu8/rS1tv+zs7P/eHd37Dw8PJ4QEBBGAAAAAOtmCQQAAAAA62ULmfGm
+        Uv/otFL967RS/+OfRP+meVn+vMDE/9/d3f6pqan/tbW1/9PT0/9/f3/+IiIiZgAAAADqYwcDAAAAAOto
+        Dtf21Ij878Ri++7FZv75zGf+xF0V/qautPyxr67+Tk5OvkRERJ2ZmZn/l5eX/yIiIkcAAAAA62QIAgAA
+        AADqZw3H+ct8/vjHZfz3yGr+/chh/8JhHP+vt7z/yMXE+1tbW+JOTk5nVVVVoHR0dJIEBAQEAAAAAOpj
+        BwMAAAAA62gO0/zemP3+zW37/cpn/f/dg/7UYBDtho6S3+Hg4P+7u7r/Wlpa2YGBgRUAAAAAAAAAAAAA
+        AADrZwsCAAAAAOphBpvynlH///Cv///wp//0n0//5GsU03FeUTFbW1qlj4+O/3d3d9WGhoYOkJCQBAAA
+        AAAAAAAAAAAAAAAAAADoSwAP6l8CmO5+K/Ttfyvz6mgNvNpxIDcAAAAAAAAABAAAACavr68gAAAAAAAA
+        AAAAAAAA//8AAAABAAAAAQAAAAEAAAADAAAABwAAAA8AAAAPAADABwAA8AEAAOABAADgAQAA4AkAAOAH
+        AADgRwAA8P8AAA==
+</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchArgs.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchArgs.cs
new file mode 100644
index 000000000..39c9050ed
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchArgs.cs
@@ -0,0 +1,28 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using VMDir.Common.DTO;
+namespace LWRaftSnapIn.UI
+{
+    public class SearchArgs : EventArgs
+    {
+        public QueryDTO Qdto { get; private set; }
+
+        public SearchArgs(QueryDTO qdto)
+        {
+            this.Qdto = qdto;
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.Designer.cs
new file mode 100644
index 000000000..ceb2b70b0
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.Designer.cs
@@ -0,0 +1,606 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class SearchForm
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.components = new System.ComponentModel.Container();
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(SearchForm));
+            this.toolStrip1 = new System.Windows.Forms.ToolStrip();
+            this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
+            this.openToolStripButton = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator();
+            this.saveToolStripButton = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator();
+            this.toolStripButtonShowHide = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator6 = new System.Windows.Forms.ToolStripSeparator();
+            this.toolStripButtonSetPage = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
+            this.toolStripButtonShowHideOperAttr = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
+            this.toolStripButtonShowHideOptionalAttr = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator7 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbRefresh = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator8 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbDelete = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator9 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbAddToGroup = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator12 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbResetPassword = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator11 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbVerifyPassword = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator13 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbExportResult = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator10 = new System.Windows.Forms.ToolStripSeparator();
+            this.tableLayoutPanel1 = new System.Windows.Forms.TableLayoutPanel();
+            this.searchQueryControl1 = new UI.SearchQueryControl();
+            this.tableLayoutPanel2 = new System.Windows.Forms.TableLayoutPanel();
+            this.panel1 = new System.Windows.Forms.Panel();
+            this.panel3 = new System.Windows.Forms.Panel();
+            this.resultStatusLabel = new System.Windows.Forms.Label();
+            this.resultTreeView = new System.Windows.Forms.TreeView();
+            this.panel2 = new System.Windows.Forms.Panel();
+            this.label1 = new System.Windows.Forms.Label();
+            this.PrevButton = new System.Windows.Forms.Button();
+            this.NextButton = new System.Windows.Forms.Button();
+            this.currPageTextBox = new System.Windows.Forms.TextBox();
+            this.propertiesControl1 = new UI.PropertiesControl();
+            this.cmuResultTreeView = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.tsmiAddToGroup = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiResetUserPassword = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiVerifyUserPassword = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiDelete = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiRefresh = new System.Windows.Forms.ToolStripMenuItem();
+            this.toolStrip1.SuspendLayout();
+            this.tableLayoutPanel1.SuspendLayout();
+            this.tableLayoutPanel2.SuspendLayout();
+            this.panel1.SuspendLayout();
+            this.panel3.SuspendLayout();
+            this.panel2.SuspendLayout();
+            this.cmuResultTreeView.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // toolStrip1
+            // 
+            this.toolStrip1.AutoSize = false;
+            this.toolStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.toolStripSeparator1,
+            this.openToolStripButton,
+            this.toolStripSeparator2,
+            this.saveToolStripButton,
+            this.toolStripSeparator3,
+            this.toolStripButtonShowHide,
+            this.toolStripSeparator6,
+            this.toolStripButtonSetPage,
+            this.toolStripSeparator4,
+            this.toolStripButtonShowHideOperAttr,
+            this.toolStripSeparator5,
+            this.toolStripButtonShowHideOptionalAttr,
+            this.toolStripSeparator7,
+            this.tsbRefresh,
+            this.toolStripSeparator8,
+            this.tsbDelete,
+            this.toolStripSeparator9,
+            this.tsbAddToGroup,
+            this.toolStripSeparator12,
+            this.tsbResetPassword,
+            this.toolStripSeparator11,
+            this.tsbVerifyPassword,
+            this.toolStripSeparator13,
+            this.tsbExportResult,
+            this.toolStripSeparator10});
+            this.toolStrip1.Location = new System.Drawing.Point(0, 0);
+            this.toolStrip1.Name = "toolStrip1";
+            this.toolStrip1.Padding = new System.Windows.Forms.Padding(0);
+            this.toolStrip1.Size = new System.Drawing.Size(1024, 30);
+            this.toolStrip1.TabIndex = 11;
+            this.toolStrip1.Text = "toolStrip1";
+            // 
+            // toolStripSeparator1
+            // 
+            this.toolStripSeparator1.Name = "toolStripSeparator1";
+            this.toolStripSeparator1.Size = new System.Drawing.Size(6, 30);
+            // 
+            // openToolStripButton
+            // 
+            this.openToolStripButton.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.openToolStripButton.Image = ((System.Drawing.Image)(resources.GetObject("openToolStripButton.Image")));
+            this.openToolStripButton.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.openToolStripButton.Name = "openToolStripButton";
+            this.openToolStripButton.Size = new System.Drawing.Size(23, 27);
+            this.openToolStripButton.Tag = "all";
+            this.openToolStripButton.Text = "&Open";
+            this.openToolStripButton.Click += new System.EventHandler(this.openToolStripButton_Click);
+            // 
+            // toolStripSeparator2
+            // 
+            this.toolStripSeparator2.Name = "toolStripSeparator2";
+            this.toolStripSeparator2.Size = new System.Drawing.Size(6, 30);
+            // 
+            // saveToolStripButton
+            // 
+            this.saveToolStripButton.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.saveToolStripButton.Image = ((System.Drawing.Image)(resources.GetObject("saveToolStripButton.Image")));
+            this.saveToolStripButton.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.saveToolStripButton.Name = "saveToolStripButton";
+            this.saveToolStripButton.Size = new System.Drawing.Size(23, 27);
+            this.saveToolStripButton.Tag = "all";
+            this.saveToolStripButton.Text = "&Save";
+            this.saveToolStripButton.Click += new System.EventHandler(this.saveToolStripButton_Click);
+            // 
+            // toolStripSeparator3
+            // 
+            this.toolStripSeparator3.Name = "toolStripSeparator3";
+            this.toolStripSeparator3.Size = new System.Drawing.Size(6, 30);
+            // 
+            // toolStripButtonShowHide
+            // 
+            this.toolStripButtonShowHide.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.toolStripButtonShowHide.Image = LWRaftEnvironment.Instance.GetImageResource(VMDirIconIndex.SearchBoxCollapse);
+            this.toolStripButtonShowHide.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.toolStripButtonShowHide.Name = "toolStripButtonShowHide";
+            this.toolStripButtonShowHide.Size = new System.Drawing.Size(23, 27);
+            this.toolStripButtonShowHide.Tag = "all";
+            this.toolStripButtonShowHide.Text = "Hide/Show Search Box";
+            this.toolStripButtonShowHide.Click += new System.EventHandler(this.toolStripButtonShowHide_Click);
+            // 
+            // toolStripSeparator6
+            // 
+            this.toolStripSeparator6.Name = "toolStripSeparator6";
+            this.toolStripSeparator6.Size = new System.Drawing.Size(6, 30);
+            // 
+            // toolStripButtonSetPage
+            // 
+            this.toolStripButtonSetPage.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.toolStripButtonSetPage.Image = LWRaftEnvironment.Instance.GetImageResource(VMDirIconIndex.PageSize);
+            this.toolStripButtonSetPage.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.toolStripButtonSetPage.Name = "toolStripButtonSetPage";
+            this.toolStripButtonSetPage.Size = new System.Drawing.Size(23, 27);
+            this.toolStripButtonSetPage.Tag = "all";
+            this.toolStripButtonSetPage.Text = "Set Page Size";
+            this.toolStripButtonSetPage.Click += new System.EventHandler(this.toolStripButtonSetPage_Click);
+            // 
+            // toolStripSeparator4
+            // 
+            this.toolStripSeparator4.Name = "toolStripSeparator4";
+            this.toolStripSeparator4.Size = new System.Drawing.Size(6, 30);
+            // 
+            // toolStripButtonShowHideOperAttr
+            // 
+            this.toolStripButtonShowHideOperAttr.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.toolStripButtonShowHideOperAttr.Image = LWRaftEnvironment.Instance.GetImageResource(VMDirIconIndex.OperationalAttr);
+            this.toolStripButtonShowHideOperAttr.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.toolStripButtonShowHideOperAttr.Name = "toolStripButtonShowHideOperAttr";
+            this.toolStripButtonShowHideOperAttr.Size = new System.Drawing.Size(23, 27);
+            this.toolStripButtonShowHideOperAttr.Tag = "directory";
+            this.toolStripButtonShowHideOperAttr.Text = "Show/Hide Operational Attributes";
+            this.toolStripButtonShowHideOperAttr.Click += new System.EventHandler(this.toolStripButtonShowHideOperAttr_Click);
+            // 
+            // toolStripSeparator5
+            // 
+            this.toolStripSeparator5.Name = "toolStripSeparator5";
+            this.toolStripSeparator5.Size = new System.Drawing.Size(6, 30);
+            // 
+            // toolStripButtonShowHideOptionalAttr
+            // 
+            this.toolStripButtonShowHideOptionalAttr.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.toolStripButtonShowHideOptionalAttr.Image = LWRaftEnvironment.Instance.GetImageResource(VMDirIconIndex.OptionalAttr);
+            this.toolStripButtonShowHideOptionalAttr.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.toolStripButtonShowHideOptionalAttr.Name = "toolStripButtonShowHideOptionalAttr";
+            this.toolStripButtonShowHideOptionalAttr.Size = new System.Drawing.Size(23, 27);
+            this.toolStripButtonShowHideOptionalAttr.Tag = "directory";
+            this.toolStripButtonShowHideOptionalAttr.Text = "Show/Hide Optional Attribute";
+            this.toolStripButtonShowHideOptionalAttr.Click += new System.EventHandler(this.toolStripButtonShowHideOptionalAttr_Click);
+            // 
+            // toolStripSeparator7
+            // 
+            this.toolStripSeparator7.Name = "toolStripSeparator7";
+            this.toolStripSeparator7.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbRefresh
+            // 
+            this.tsbRefresh.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbRefresh.Image = ((System.Drawing.Image)(resources.GetObject("tsbRefresh.Image")));
+            this.tsbRefresh.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbRefresh.Name = "tsbRefresh";
+            this.tsbRefresh.Size = new System.Drawing.Size(23, 27);
+            this.tsbRefresh.Tag = "directory";
+            this.tsbRefresh.Text = "Refresh";
+            this.tsbRefresh.Click += new System.EventHandler(this.tsbRefresh_Click);
+            // 
+            // toolStripSeparator8
+            // 
+            this.toolStripSeparator8.Name = "toolStripSeparator8";
+            this.toolStripSeparator8.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbDelete
+            // 
+            this.tsbDelete.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbDelete.Image = ((System.Drawing.Image)(resources.GetObject("tsbDelete.Image")));
+            this.tsbDelete.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbDelete.Name = "tsbDelete";
+            this.tsbDelete.Size = new System.Drawing.Size(23, 27);
+            this.tsbDelete.Tag = "directory";
+            this.tsbDelete.Text = "Delete";
+            this.tsbDelete.Click += new System.EventHandler(this.tsbDelete_Click);
+            // 
+            // toolStripSeparator9
+            // 
+            this.toolStripSeparator9.Name = "toolStripSeparator9";
+            this.toolStripSeparator9.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbAddToGroup
+            // 
+            this.tsbAddToGroup.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbAddToGroup.Image = ((System.Drawing.Image)(resources.GetObject("tsbAddToGroup.Image")));
+            this.tsbAddToGroup.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbAddToGroup.Name = "tsbAddToGroup";
+            this.tsbAddToGroup.Size = new System.Drawing.Size(23, 27);
+            this.tsbAddToGroup.Tag = "directory";
+            this.tsbAddToGroup.Text = "Add To Group";
+            this.tsbAddToGroup.Click += new System.EventHandler(this.tsbAddToGroup_Click);
+            // 
+            // toolStripSeparator12
+            // 
+            this.toolStripSeparator12.Name = "toolStripSeparator12";
+            this.toolStripSeparator12.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbResetPassword
+            // 
+            this.tsbResetPassword.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbResetPassword.Image = ((System.Drawing.Image)(resources.GetObject("tsbResetPassword.Image")));
+            this.tsbResetPassword.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbResetPassword.Name = "tsbResetPassword";
+            this.tsbResetPassword.Size = new System.Drawing.Size(23, 27);
+            this.tsbResetPassword.Tag = "user";
+            this.tsbResetPassword.Text = "Reset User Password";
+            this.tsbResetPassword.Click += new System.EventHandler(this.tsbResetPassword_Click);
+            // 
+            // toolStripSeparator11
+            // 
+            this.toolStripSeparator11.Name = "toolStripSeparator11";
+            this.toolStripSeparator11.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbVerifyPassword
+            // 
+            this.tsbVerifyPassword.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbVerifyPassword.Image = ((System.Drawing.Image)(resources.GetObject("tsbVerifyPassword.Image")));
+            this.tsbVerifyPassword.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbVerifyPassword.Name = "tsbVerifyPassword";
+            this.tsbVerifyPassword.Size = new System.Drawing.Size(23, 27);
+            this.tsbVerifyPassword.Tag = "user";
+            this.tsbVerifyPassword.Text = "Verify User Password";
+            this.tsbVerifyPassword.Click += new System.EventHandler(this.tsbVerifyPassword_Click);
+            // 
+            // toolStripSeparator13
+            // 
+            this.toolStripSeparator13.Name = "toolStripSeparator13";
+            this.toolStripSeparator13.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbExportResult
+            // 
+            this.tsbExportResult.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbExportResult.Image = LWRaftEnvironment.Instance.GetImageResource(VMDirIconIndex.Export);
+            this.tsbExportResult.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbExportResult.Name = "tsbExportResult";
+            this.tsbExportResult.Size = new System.Drawing.Size(23, 27);
+            this.tsbExportResult.Tag = "directory";
+            this.tsbExportResult.Text = "Export Result";
+            this.tsbExportResult.Click += new System.EventHandler(this.tsbExportResult_Click);
+            // 
+            // toolStripSeparator10
+            // 
+            this.toolStripSeparator10.Name = "toolStripSeparator10";
+            this.toolStripSeparator10.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tableLayoutPanel1
+            // 
+            this.tableLayoutPanel1.AutoSize = true;
+            this.tableLayoutPanel1.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.tableLayoutPanel1.ColumnCount = 1;
+            this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle());
+            this.tableLayoutPanel1.Controls.Add(this.searchQueryControl1, 0, 0);
+            this.tableLayoutPanel1.Controls.Add(this.tableLayoutPanel2, 0, 1);
+            this.tableLayoutPanel1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.tableLayoutPanel1.Location = new System.Drawing.Point(0, 30);
+            this.tableLayoutPanel1.Name = "tableLayoutPanel1";
+            this.tableLayoutPanel1.RowCount = 2;
+            this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle());
+            this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle());
+            this.tableLayoutPanel1.Size = new System.Drawing.Size(1024, 636);
+            this.tableLayoutPanel1.TabIndex = 12;
+            // 
+            // searchQueryControl1
+            // 
+            this.searchQueryControl1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.searchQueryControl1.Location = new System.Drawing.Point(3, 3);
+            this.searchQueryControl1.Name = "searchQueryControl1";
+            this.searchQueryControl1.Size = new System.Drawing.Size(1018, 300);
+            this.searchQueryControl1.TabIndex = 0;
+            this.searchQueryControl1.Load += new System.EventHandler(this.searchQueryControl1_Load);
+            // 
+            // tableLayoutPanel2
+            // 
+            this.tableLayoutPanel2.ColumnCount = 2;
+            this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 25F));
+            this.tableLayoutPanel2.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 75F));
+            this.tableLayoutPanel2.Controls.Add(this.panel1, 0, 0);
+            this.tableLayoutPanel2.Controls.Add(this.propertiesControl1, 1, 0);
+            this.tableLayoutPanel2.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.tableLayoutPanel2.Location = new System.Drawing.Point(3, 309);
+            this.tableLayoutPanel2.Name = "tableLayoutPanel2";
+            this.tableLayoutPanel2.RowCount = 1;
+            this.tableLayoutPanel2.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 100F));
+            this.tableLayoutPanel2.Size = new System.Drawing.Size(1018, 324);
+            this.tableLayoutPanel2.TabIndex = 1;
+            // 
+            // panel1
+            // 
+            this.panel1.Controls.Add(this.panel3);
+            this.panel1.Controls.Add(this.resultTreeView);
+            this.panel1.Controls.Add(this.panel2);
+            this.panel1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.panel1.Location = new System.Drawing.Point(3, 3);
+            this.panel1.Name = "panel1";
+            this.panel1.Size = new System.Drawing.Size(248, 318);
+            this.panel1.TabIndex = 0;
+            // 
+            // panel3
+            // 
+            this.panel3.BackColor = System.Drawing.SystemColors.ControlLightLight;
+            this.panel3.Controls.Add(this.resultStatusLabel);
+            this.panel3.Dock = System.Windows.Forms.DockStyle.Top;
+            this.panel3.Location = new System.Drawing.Point(0, 0);
+            this.panel3.Name = "panel3";
+            this.panel3.Size = new System.Drawing.Size(248, 20);
+            this.panel3.TabIndex = 3;
+            // 
+            // resultStatusLabel
+            // 
+            this.resultStatusLabel.AutoSize = true;
+            this.resultStatusLabel.Location = new System.Drawing.Point(22, 4);
+            this.resultStatusLabel.Name = "resultStatusLabel";
+            this.resultStatusLabel.Size = new System.Drawing.Size(35, 13);
+            this.resultStatusLabel.TabIndex = 0;
+            this.resultStatusLabel.Text = "label2";
+            // 
+            // resultTreeView
+            // 
+            this.resultTreeView.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom) 
+            | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.resultTreeView.Location = new System.Drawing.Point(0, 20);
+            this.resultTreeView.Name = "resultTreeView";
+            this.resultTreeView.ShowLines = false;
+            this.resultTreeView.Size = new System.Drawing.Size(248, 260);
+            this.resultTreeView.TabIndex = 2;
+            this.resultTreeView.AfterSelect += new System.Windows.Forms.TreeViewEventHandler(this.resultTreeView_AfterSelect);
+            this.resultTreeView.MouseUp += new System.Windows.Forms.MouseEventHandler(this.resultTreeView_MouseUp);
+            // 
+            // panel2
+            // 
+            this.panel2.BorderStyle = System.Windows.Forms.BorderStyle.Fixed3D;
+            this.panel2.Controls.Add(this.label1);
+            this.panel2.Controls.Add(this.PrevButton);
+            this.panel2.Controls.Add(this.NextButton);
+            this.panel2.Controls.Add(this.currPageTextBox);
+            this.panel2.Dock = System.Windows.Forms.DockStyle.Bottom;
+            this.panel2.Location = new System.Drawing.Point(0, 283);
+            this.panel2.Name = "panel2";
+            this.panel2.Size = new System.Drawing.Size(248, 35);
+            this.panel2.TabIndex = 1;
+            // 
+            // label1
+            // 
+            this.label1.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(56, 7);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(32, 13);
+            this.label1.TabIndex = 7;
+            this.label1.Text = "Page";
+            // 
+            // PrevButton
+            // 
+            this.PrevButton.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.PrevButton.Location = new System.Drawing.Point(10, 2);
+            this.PrevButton.Name = "PrevButton";
+            this.PrevButton.Size = new System.Drawing.Size(40, 23);
+            this.PrevButton.TabIndex = 6;
+            this.PrevButton.Text = "<";
+            this.PrevButton.UseVisualStyleBackColor = true;
+            this.PrevButton.Click += new System.EventHandler(this.PrevButton_Click);
+            // 
+            // NextButton
+            // 
+            this.NextButton.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.NextButton.Location = new System.Drawing.Point(192, 2);
+            this.NextButton.Name = "NextButton";
+            this.NextButton.Size = new System.Drawing.Size(40, 23);
+            this.NextButton.TabIndex = 5;
+            this.NextButton.Text = ">";
+            this.NextButton.UseVisualStyleBackColor = true;
+            this.NextButton.Click += new System.EventHandler(this.NextButton_Click);
+            // 
+            // currPageTextBox
+            // 
+            this.currPageTextBox.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.currPageTextBox.Location = new System.Drawing.Point(92, 4);
+            this.currPageTextBox.Name = "currPageTextBox";
+            this.currPageTextBox.Size = new System.Drawing.Size(80, 20);
+            this.currPageTextBox.TabIndex = 4;
+            this.currPageTextBox.Enabled = false;
+            // 
+            // propertiesControl1
+            // 
+            this.propertiesControl1.AutoScroll = true;
+            this.propertiesControl1.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.propertiesControl1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.propertiesControl1.Location = new System.Drawing.Point(257, 3);
+            this.propertiesControl1.Name = "propertiesControl1";
+            this.propertiesControl1.Size = new System.Drawing.Size(758, 318);
+            this.propertiesControl1.TabIndex = 1;
+            // 
+            // cmuResultTreeView
+            // 
+            this.cmuResultTreeView.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.tsmiAddToGroup,
+            this.tsmiResetUserPassword,
+            this.tsmiVerifyUserPassword,
+            this.tsmiDelete,
+            this.tsmiRefresh});
+            this.cmuResultTreeView.Name = "cmuResultTreeView";
+            this.cmuResultTreeView.Size = new System.Drawing.Size(184, 136);
+            // 
+            // tsmiAddToGroup
+            // 
+            this.tsmiAddToGroup.Name = "tsmiAddToGroup";
+            this.tsmiAddToGroup.Size = new System.Drawing.Size(183, 22);
+            this.tsmiAddToGroup.Text = "Add To Group";
+            this.tsmiAddToGroup.Click += new System.EventHandler(this.tsmiAddToGroup_Click);
+            // 
+            // tsmiResetUserPassword
+            // 
+            this.tsmiResetUserPassword.Name = "tsmiResetUserPassword";
+            this.tsmiResetUserPassword.Size = new System.Drawing.Size(183, 22);
+            this.tsmiResetUserPassword.Text = "Reset User Password";
+            this.tsmiResetUserPassword.Click += new System.EventHandler(this.tsmiResetUserPassword_Click);
+            // 
+            // tsmiVerifyUserPassword
+            // 
+            this.tsmiVerifyUserPassword.Name = "tsmiVerifyUserPassword";
+            this.tsmiVerifyUserPassword.Size = new System.Drawing.Size(183, 22);
+            this.tsmiVerifyUserPassword.Text = "Verify User Password";
+            this.tsmiVerifyUserPassword.Click += new System.EventHandler(this.tsmiVerifyUserPassword_Click);
+            // 
+            // tsmiDelete
+            // 
+            this.tsmiDelete.Name = "tsmiDelete";
+            this.tsmiDelete.Size = new System.Drawing.Size(183, 22);
+            this.tsmiDelete.Tag = "all";
+            this.tsmiDelete.Text = "Delete";
+            this.tsmiDelete.Click += new System.EventHandler(this.tsmiDelete_Click);
+            // 
+            // tsmiRefresh
+            // 
+            this.tsmiRefresh.Name = "tsmiRefresh";
+            this.tsmiRefresh.Size = new System.Drawing.Size(183, 22);
+            this.tsmiRefresh.Tag = "all";
+            this.tsmiRefresh.Text = "Refresh";
+            this.tsmiRefresh.Click += new System.EventHandler(this.tsmiRefresh_Click);
+            // 
+            // SearchForm
+            // 
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.AutoSize = true;
+            this.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.ClientSize = new System.Drawing.Size(1024, 666);
+            this.Controls.Add(this.tableLayoutPanel1);
+            this.Controls.Add(this.toolStrip1);
+            this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
+            this.Name = "SearchForm";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "SearchForm";
+            this.toolStrip1.ResumeLayout(false);
+            this.toolStrip1.PerformLayout();
+            this.tableLayoutPanel1.ResumeLayout(false);
+            this.tableLayoutPanel2.ResumeLayout(false);
+            this.panel1.ResumeLayout(false);
+            this.panel3.ResumeLayout(false);
+            this.panel3.PerformLayout();
+            this.panel2.ResumeLayout(false);
+            this.panel2.PerformLayout();
+            this.cmuResultTreeView.ResumeLayout(false);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.ToolStrip toolStrip1;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator1;
+        private System.Windows.Forms.ToolStripButton openToolStripButton;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator2;
+        private System.Windows.Forms.ToolStripButton saveToolStripButton;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator3;
+        private System.Windows.Forms.TableLayoutPanel tableLayoutPanel1;
+        private UI.SearchQueryControl searchQueryControl1;
+        private UI.PropertiesControl propertiesControl1;
+        private System.Windows.Forms.ToolStripButton toolStripButtonShowHide;
+        private System.Windows.Forms.ToolStripButton toolStripButtonShowHideOperAttr;
+        private System.Windows.Forms.ToolStripButton toolStripButtonSetPage;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator6;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator4;
+        private System.Windows.Forms.TableLayoutPanel tableLayoutPanel2;
+        private System.Windows.Forms.Panel panel1;
+        private System.Windows.Forms.Panel panel2;
+        private System.Windows.Forms.TreeView resultTreeView;
+        private System.Windows.Forms.Panel panel3;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Button PrevButton;
+        private System.Windows.Forms.Button NextButton;
+        private System.Windows.Forms.TextBox currPageTextBox;
+        private System.Windows.Forms.Label resultStatusLabel;
+        private System.Windows.Forms.ContextMenuStrip cmuResultTreeView;
+        private System.Windows.Forms.ToolStripMenuItem tsmiAddToGroup;
+        private System.Windows.Forms.ToolStripMenuItem tsmiResetUserPassword;
+        private System.Windows.Forms.ToolStripMenuItem tsmiVerifyUserPassword;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator5;
+        private System.Windows.Forms.ToolStripButton toolStripButtonShowHideOptionalAttr;
+        private System.Windows.Forms.ToolStripMenuItem tsmiDelete;
+        private System.Windows.Forms.ToolStripButton tsbRefresh;
+        private System.Windows.Forms.ToolStripButton tsbDelete;
+        private System.Windows.Forms.ToolStripButton tsbAddToGroup;
+        private System.Windows.Forms.ToolStripButton tsbResetPassword;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator7;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator8;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator9;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator12;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator11;
+        private System.Windows.Forms.ToolStripButton tsbVerifyPassword;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator13;
+        private System.Windows.Forms.ToolStripButton tsbExportResult;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator10;
+        private System.Windows.Forms.ToolStripMenuItem tsmiRefresh;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.cs
new file mode 100644
index 000000000..40c1a104f
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.cs
@@ -0,0 +1,431 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+using System;
+using System.Collections.Generic;
+using System.Windows.Forms;
+using VMDir.Common.DTO;
+using VMDirInterop.Interfaces;
+using LWRaftSnapIn.Utilities;
+using LWRaftSnapIn.TreeNodes;
+using VMwareMMCIDP.UI.Common.Utilities;
+using System.Linq;
+using VMIdentity.CommonUtils;
+using VMDir.Common;
+using System.Drawing;
+using System.Threading.Tasks;
+using System.Runtime.InteropServices;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class SearchForm : Form
+    {
+        private string _searchBase;
+        private VMDirServerDTO _serverDTO;
+        private int _pageSize;
+        private IntPtr _cookie = IntPtr.Zero;
+        private int _totalCount = 0;
+        private int _pageNumber = 1;
+        private bool _morePages = false;
+        private QueryDTO _qdto;
+        private List<DirectoryNonExpandableNode> _result;
+        private int _currPage { get; set; }
+        private int _totalPage { get; set; }
+
+        private List<string> _returnedAttr;
+
+        private delegate void DelegateWithNode(TreeView tv, TreeNode[] childNames);
+        private delegate void DelegateSelectNode(TreeView tv, int index);
+
+        public SearchForm(string searchBase, VMDirServerDTO serverDTO)
+        {
+            InitializeComponent();
+            _searchBase = searchBase;
+            _serverDTO = serverDTO;
+            _pageSize = VMDirConstants.DEFAULT_PAGE_SIZE;
+            _result = new List<DirectoryNonExpandableNode>();
+            resultStatusLabel.Text = "";
+            tableLayoutPanel2.Visible = false;
+            _returnedAttr = new List<string>();
+        }
+        private void searchQueryControl1_Load(object sender, EventArgs e)
+        {
+            this.searchQueryControl1.SearchButtonClicked += searchQueryControl1_SearchButtonClicked;
+            this.searchQueryControl1.BindUI(_searchBase, _serverDTO);
+        }
+
+        protected override void OnLoad(EventArgs e)
+        {
+            base.OnLoad(e);
+            foreach (ToolStripItem item in toolStrip1.Items)
+            {
+                if (Convert.ToString(item.Tag) != "all")
+                    item.Enabled = false;
+            }
+        }
+        void InitPageSearch(QueryDTO q)
+        {
+            _qdto = q;
+            _cookie = IntPtr.Zero;
+            _totalCount = 0;
+            _pageNumber = 1;
+            _morePages = false;
+            _result.Clear();
+            resultTreeView.Nodes.Clear();
+            resultStatusLabel.Text = "";
+            _returnedAttr.Clear();
+            _returnedAttr.AddRange(q.AttrToReturn);
+        }
+
+        private async Task GetPage()
+        {
+            resultStatusLabel.Text = VMDirConstants.STAT_SR_FETCHING_PG;
+            IntPtr _timeout = Marshal.AllocCoTaskMem(sizeof(int));
+            Marshal.WriteInt32(_timeout, VMDirConstants.SEARCH_TIMEOUT_IN_SEC);
+            try
+            {
+                _qdto.TimeOut = _timeout;
+                _serverDTO.Connection.PagedSearch(_qdto, _pageSize, _cookie, _morePages,
+                    delegate(ILdapMessage ldMsg, IntPtr ck, bool moreP, List<ILdapEntry> entries)
+                    {
+                        _cookie = ck;
+                        _morePages = moreP;
+                        _totalCount += entries.Count();
+                        _pageNumber++;
+                        foreach (var entry in entries)
+                        {
+                            var ocList = new List<string>(entry.getAttributeValues(VMDirConstants.ATTR_OBJECT_CLASS).Select(x=>x.StringValue).ToArray());
+                            var node = new DirectoryNonExpandableNode(entry.getDN(), ocList, _serverDTO, this.propertiesControl1);
+                            node.NodeProperties = _serverDTO.Connection.GetEntryProperties(entry);
+                            _result.Add(node);
+                        }
+                    });
+
+                _totalPage = _totalCount / _pageSize;
+                if (_totalCount % _pageSize > 0)
+                    _totalPage++;
+
+                if (_morePages)
+                {
+                    resultStatusLabel.Text = VMDirConstants.STAT_SR_MORE_PG;
+                }
+                else
+                {
+                    resultStatusLabel.Text = VMDirConstants.STAT_SR_NO_MORE_PG;
+                }
+            }
+            catch (Exception e)
+            {
+                resultStatusLabel.Text = VMDirConstants.STAT_SR_FAILED_PG;
+                LWRaftEnvironment.Instance.Logger.LogException(e);
+                MiscUtilsService.ShowError(e);
+            }
+            finally
+            {
+                Marshal.FreeCoTaskMem(_timeout);
+            }
+        }
+        private async void searchQueryControl1_SearchButtonClicked(object sender, SearchArgs args)
+        {
+            if (_serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            if (args.Qdto == null)
+                return;
+            
+            tableLayoutPanel2.Visible = true;
+            tsbExportResult.Enabled = true;
+            InitPageSearch(args.Qdto);
+            propertiesControl1.ClearView();
+            propertiesControl1.SetEditState(false);
+            this.Text = "Server: " + _serverDTO.Server + "           Search In: " + args.Qdto.SearchBase;
+            await GetPage();
+            if (_result.Count > 0)
+            {
+                resultTreeView.Nodes.AddRange(_result.ToArray());
+                _currPage = 1;
+            }
+            else
+            {
+                resultStatusLabel.Text = VMDirConstants.STAT_SR_NO_MATCH;
+            }
+
+            currPageTextBox.Text = _currPage.ToString();
+        }
+
+        private void saveToolStripButton_Click(object sender, EventArgs e)
+        {
+            this.searchQueryControl1.StoreQuery();
+        }
+
+        private void openToolStripButton_Click(object sender, EventArgs e)
+        {
+            this.searchQueryControl1.LoadQuery();
+        }
+
+        private void toolStripButtonShowHide_Click(object sender, EventArgs e)
+        {
+            if (this.searchQueryControl1.Visible && this.tableLayoutPanel2.Visible)
+                this.searchQueryControl1.Visible = false;
+            else
+                this.searchQueryControl1.Visible = true;
+        }
+        private void toolStripButtonShowHideOperAttr_Click(object sender, EventArgs e)
+        {
+            var node = this.resultTreeView.SelectedNode as DirectoryNonExpandableNode;
+            if (node != null)
+            {
+                if (node.ServerDTO.OperationalAttrFlag)
+                    node.ServerDTO.OperationalAttrFlag = false;
+                else
+                    node.ServerDTO.OperationalAttrFlag = true;
+                node.DoSelect();
+            }
+            else
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+            }
+        }
+
+        private void toolStripButtonSetPage_Click(object sender, EventArgs e)
+        {
+            var frm = new SetPageSizeForm(_pageSize);
+            if (frm.ShowDialog() == DialogResult.OK)
+                _pageSize = frm.PageSize;
+        }
+
+        private void toolStripButtonFetchNextPage_Click(object sender, EventArgs e)
+        {
+            if (_serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            if (_morePages)
+                GetPage();
+            else
+                MMCDlgHelper.ShowInformation(VMDirConstants.WRN_NO_MORE_PAGES);
+        }
+
+        void resultTreeView_AfterSelect(object sender, System.Windows.Forms.TreeViewEventArgs e)
+        {
+            var node = e.Node as DirectoryNonExpandableNode;
+            if (node != null)
+                node.DoSelect();
+            SetToolBarOptions(e);
+        }
+        private void SetToolBarOptions(TreeViewEventArgs e)
+        {
+            foreach (ToolStripItem item in toolStrip1.Items)
+            {
+                item.Enabled = false;
+                if (Convert.ToString(item.Tag) == "all")
+                    item.Enabled = true;
+            }
+
+            var n2 = e.Node as DirectoryNonExpandableNode;
+            if (n2 != null && n2.ServerDTO.IsLoggedIn)
+            {
+                foreach (ToolStripItem item in toolStrip1.Items)
+                {
+                    if (Convert.ToString(item.Tag) == "directory")
+                        item.Enabled = true;
+                    else if (Convert.ToString(item.Tag) == "user" && n2.ObjectClass.Contains(VMDirConstants.USER_OC))
+                        item.Enabled = true;
+                }
+            }
+        }
+        private void PrevButton_Click(object sender, EventArgs e)
+        {
+            _currPage--;
+            if (_currPage >= 1)
+            {
+                resultTreeView.Nodes.Clear();
+                var lst = new List<DirectoryNonExpandableNode>();
+                for (int i = (_currPage - 1) * _pageSize; i < _currPage * _pageSize && i < _result.Count; i++)
+                {
+                    lst.Add(_result[i]);
+                }
+                resultTreeView.Nodes.AddRange(lst.ToArray());
+                currPageTextBox.Text = _currPage.ToString();
+            }
+            else
+            {
+                _currPage++;
+            }
+        }
+
+        private void NextButton_Click(object sender, EventArgs e)
+        {
+            _currPage++;
+            if (_currPage > _totalPage && _morePages)
+                GetPage();
+            if (_currPage <= _totalPage && _currPage != 0)
+            {
+                resultTreeView.Nodes.Clear();
+                var lst = new List<DirectoryNonExpandableNode>();
+                for (int i = (_currPage - 1) * _pageSize; i < _currPage * _pageSize && i < _result.Count; i++)
+                {
+                    lst.Add(_result[i]);
+                }
+                resultTreeView.Nodes.AddRange(lst.ToArray());
+                currPageTextBox.Text = _currPage.ToString();
+            }
+            else
+            {
+                _currPage--;
+            }
+        }
+        void resultTreeView_MouseUp(object sender, System.Windows.Forms.MouseEventArgs e)
+        {
+            if (e.Button == MouseButtons.Right)
+            {
+                Point p = new Point(e.X, e.Y);
+                DirectoryNonExpandableNode node = resultTreeView.GetNodeAt(p) as DirectoryNonExpandableNode;
+                if (node != null)
+                {
+                    resultTreeView.SelectedNode = node;
+                    cmuResultTreeView.Items.Clear();
+                    cmuResultTreeView.Items.Add(tsmiAddToGroup);
+                    cmuResultTreeView.Items.Add(tsmiDelete);
+                    cmuResultTreeView.Items.Add(tsmiRefresh);
+                    if (node.ObjectClass.Contains(VMDirConstants.USER_OC))
+                    {
+                        cmuResultTreeView.Items.Add(tsmiResetUserPassword);
+                        cmuResultTreeView.Items.Add(tsmiVerifyUserPassword);
+                    }
+                    cmuResultTreeView.Show(resultTreeView, p);
+                }
+            }
+        }
+
+        private void DoActionOnDirectoryNonExpandableNode(Action<DirectoryNonExpandableNode> action)
+        {
+            var node = this.resultTreeView.SelectedNode as DirectoryNonExpandableNode;
+            if (node == null || action == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+                return;
+            }
+            if (node.ServerDTO == null || node.ServerDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            action(node);
+        }
+
+        private void tsmiAddToGroup_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.AddUserToGroup(); });
+        }
+        private void tsmiResetUserPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.ResetPassword(); });
+        }
+        private void tsmiVerifyUserPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.VerifyPassword(); });
+        }
+
+        private void toolStripButtonShowHideOptionalAttr_Click(object sender, EventArgs e)
+        {
+            var node = this.resultTreeView.SelectedNode as DirectoryNonExpandableNode;
+            if (node != null)
+            {
+                if (node.ServerDTO.OptionalAttrFlag)
+                    node.ServerDTO.OptionalAttrFlag = false;
+                else
+                    node.ServerDTO.OptionalAttrFlag = true;
+                node.DoSelect();
+            }
+            else
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+            }
+        }
+
+        private void performDelete(DirectoryNonExpandableNode node)
+        {
+            MiscUtilsService.CheckedExec(delegate()
+            {
+                if (!MMCDlgHelper.ShowQuestion(string.Format(CommonConstants.CONFIRM_DELETE, "object", Text)))
+                    return;
+                node.Delete();
+                this.resultTreeView.Nodes.Remove(node);
+                if (_result != null)
+                {
+                    _result.Remove(node);
+                }
+            });
+        } 
+        private void tsmiDelete_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { performDelete(node); });
+        }
+
+        private void tsbRefresh_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.RefreshProperties(); });
+        }
+
+        private void tsbDelete_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { performDelete(node); });
+        }
+        private void tsbAddToGroup_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.AddUserToGroup(); });
+        }
+        private void tsbResetPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.ResetPassword(); });
+        }
+        private void tsbVerifyPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.VerifyPassword(); });
+        }
+        private void tsbExportResult_Click(object sender, EventArgs e)
+        {
+            if (_serverDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            MiscUtilsService.CheckedExec(delegate
+            {
+                if (_result != null && _result.Count > 0)
+                {
+                    var attrTypes = _serverDTO.Connection.SchemaManager.GetAttributeTypeManager();
+                    var attrList = attrTypes.Data.Select(x => x.Key).ToList();
+                    var frm = new ExportResult(_result, _returnedAttr, _currPage, _pageSize);
+                    frm.ShowDialog();
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning("There is no result to export.");
+                }
+            });
+        }
+
+        private void tsmiRefresh_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryNonExpandableNode(delegate(DirectoryNonExpandableNode node) { node.RefreshProperties(); });
+        }
+
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.resx
new file mode 100644
index 000000000..66055a5da
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchForm.resx
@@ -0,0 +1,377 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>132, 17</value>
+  </metadata>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="openToolStripButton.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJHSURBVDhPxZBdSNNhFMb/F110ZZEVhVBgeeHNICiiuggp
+        olAUyyxI0oSaH1QYC3N+tKnp5ubm1JUua5uuqdNKMwr7kApFItTUkWZqVhSVYmao5Nevvy7UoYR3HXh4
+        4XCe33nOKyy3lAY7l9RWMo0O/raWXxEyo5spVYTNvOGyfIRPfW+ptOkXqaPl6T83hcRmExSdgzAz3NVm
+        YWyoYla/B+1M9JtxWLPpaH22JORIjI6gKAMB0jyEimIdo4OlbuaprwVMOOMovammpDADc34qppwUrmnl
+        5Kni3aFlFg2j3y1z5mnRTJccnNIltQhwq0jFry+mOXNtpWZWDx1Z1NhV3C3JwGFOw25SYjVe5oYhiUKd
+        HKMmwQUrMWUw/CF3NnZvvYKqUh1TvUroS3fXe7HXkwidMngTS2t5KLbregSzMY2f3Wr4qKW6LJvGR1rX
+        0MLor8OhKYTJBn/GHvvxrliCTBrsOqXIoOBHh5K+hmSq7FqmexTQHuUytkaKxuNMNgYyVneA4Qd7GKjc
+        hjLaRzxH7gIU6JIZaEvgtk1D8wsxSWecCDgNzWFMvwxm/PkhRmr3Mli1nW9lvjRdWc0Jf+/5jzRmyWmv
+        S+GOLQu6U6BFjPvqKOP1AYw88WOoZif9DgmfLVtxaj1RSLdwNvrkPCA3M54KqxrnvRia9MKcGrUrqFOt
+        5H7qKsqT1mGO9+Lqhc2ELdw+U/r0i+gVZ8hMiCDx3DHORwZyKnQ/hw/uYt9uCTskPvh6e7Fp41rWr/Fg
+        g6eHO+A/lyD8ARfG3mk9fv1YAAAAAElFTkSuQmCC
+</value>
+  </data>
+  <data name="saveToolStripButton.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIySURBVDhPrZLfS5NRGMfff6H7boIuuq2pMZyL1eAt11CW
+        DcOKsB9vpFmaLtNExco0av6CbIVLJ61Wk3BSkT/AFCkRZSpZmrmiJQ41xSaCwdfznL15XEUX0Reem5f3
+        8znnec4j/Zc8fxYGla91CS3eRTx0z6OpMYS7jmnU1X6B/VYA18snUVoyjsKCt8jLHcH5c36ouCQR2NUJ
+        1Nas4G9ZXlmFKbULh1Kf8lJxSfI+WeCCyopv6q+/h+DQ/DJ2WV5Ao1FgPegRAveDOS4oLfmq/h6dn/DH
+        4AJizD4UXJrCAUuzEDgbZrjgou2DiohshIcnQtgme5GTPYbkJKcQ1N8OckHW2REVi+RXuM8fxGaDG4oy
+        ALPZIQQ11Z+5QDk1oKJ/hjv7P2FTfCMOH3mFxMQ6IbhROYWOdrCnBI4dfwPr0V4+bRoY9UzXppMjcDdS
+        rC8hy3YhuFI2gTYf2A4Aza4f7N2/o/zaLB8qDYx6zszwr8P7k1thNFYIweXCMXgeAfedq2xxwjClZUeV
+        Jd2GtDNFETiJwfs8MBjKhMCWN8pgoLoqzE8miH1GjE7G4PsZjE7OQsm9ij2mFg7rdrug1xcJAa2l4w7W
+        r00Cgk/n38S7wBwC04u4UGxHrMHF4CbEJtyDLj5fCDIzhljfSxzeavRgyw4Zj9t64GvvQ0d3P3pfD2Kv
+        2QqNvgFxDN6urYdWmyMElJMnevh60obRktA701PRtGlg1DOdSkXwzrisaMG/RZLWAE60OMW5fNhvAAAA
+        AElFTkSuQmCC
+</value>
+  </data>
+  <data name="toolStripButtonShowHide.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIVSURBVDhPpZPrT1JhHMef/6lXtXrR8nWZrNAY6GKFdRYo
+        lwY2WmuoG4s1ZrpcsUINPRgB0cWs5rK1LpIEGHZBLWnh1HU5XOV4+HaOnEGH2dbqs31efLfv+Z1nz28P
+        OdjhoVovTnHH7FMQPNrzCK22B1CeuweF9Q5azgQht/ghM46jSU9Xbewcw37dKE0sA0+z+EcaO8ZAqL6X
+        YqywmGawsp7HOlMEk2ORLbLIsyw2NjfFRo0mPT9A2z8jxgpfVjNY/VHA90wJDd17kC+xKPAfl8plsVFD
+        ZvSC6C7PirFCei2HNaaA9hE12twtUF5qRonjth1wyHQTpHMwIsYK6W8MtAENtP7jcM7Yobouh8xxAAV2
+        Q2zUOGz2geivxsRYwf7MBvWtIzDcPYn+sAOG2xT29ewG5WoXGzXkXQEQo2tOjFKUXhkGI04o3DIkvm7f
+        EVb8/wNM197C8FxTVfdEjROTKnRPW3H24WmYQtqte9jbuws7rTskKqwhELP7HSZWghLvp4MIpXwILHnh
+        X6BBz4/AE3djKOKSqDo/AWIZ/oD5YqzOOBKFKBL5KOZybxDPRhDLvEb0Z1him22SH3AjieXyosTP5YWq
+        n7jkH1X3Pgbp8iSRwtJfuQz+B78pPD5ywZfMpvhQr1Coz/VqHNPYes628VlOOImgZfgjzEPvIVyusCFh
+        zforUWgHwjjV96oq5XzBP+dR+hewilaXSCkJywAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="toolStripButtonSetPage.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJLSURBVDhPrVLLjhJBFB0TXRmXxoUfZFz4B8adKxeauHal
+        CxMXbkkmMUZMJoYBERjkaYM8ZHhDP6AbBAYamsfQEGB6BqjyervT2jHD7DzJya3q1Dl16t7e+29IJBLv
+        arUax7JsoWyiVCqVc7lcOZvNltPpdDmZTBZSqRRnt9s/mDILlUql0+/3odfr/aUsy6B/GwwGoCiKsZ7N
+        ZhCJRAamzEKhUGA5jiPdbnetV9wTTEAwCEHzP3XTbDZJKBSqmzILeFjQbxAEgeBTAPeAAqhWq4DPMio+
+        gaqqCuFwuGHKLOA7BT02iokoioZYF2Iag/oa+0Dn8/nVBnoCFBNJkowbdSHP83oqo2YyGbpYLK42GI1G
+        gGLDoFKpQqXKGkKO4zEBBz/QYLVa7TZAd2EymRgGrVYLqwiK3IEhdv/ibAHb8yV02i2qaRpgEy8b4H8g
+        6KPSDVR1Cn1lDB/9eVDGU/gS42H/8zFwtQbdbjcQDAZ3G4zHY+yBRJaLGdiP8nDvuQPq7SHwrRE8exuA
+        1+8ZCgifz3fZIB6PC5PTU5C7bRLP1eDxKyc8fHkEsWIbThQVXux/hyLXoISQ3QkYhuGazZ8UJ7HJFlnq
+        ijD0wdNP9BuTp4/eeOn9JwfUdSxup9Mp/RoIiKbMQiwWa69WS5jhnDXtDINS2KzX8IsSOL/YwHypwXyh
+        fweIRqOyKbNgs9kOcDyS1+utu93uzqHTKbtcLsXhcAw9Hk/f7/efBPBmFEt49tCU/Qs0v4blOvIm8jby
+        rsk7yFvIG+YZE3t7vwEgkz9ZbRw45gAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="toolStripButtonShowHideOperAttr.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAIzSURBVDhPpZBNTxNRGIVr4gq6Nv4E4qrRHyARY9y5M4YN
+        CcSFrnTpqoCm4EdaUfQXuDAGgyFQaIGIxpgGDZO2gOkHGlunM1IQW6kwc2fmeM+dKWDizpuczLnnfc6b
+        mwkF59jpW5O9PUPJ62cHk9e65VcpGii4c0aGLDt+VZ6+R0tPlz59x0ql4avalGp/j/hgTpadoB7qGJ9e
+        224KIYo7Yq/SEDZVbQpb3/VF387JkGWHXS4Ix2dyut6yvaxpuWubllfYcVH66aB3/K0SPTPOyJBlh10u
+        6BybytZMy0PesJx83cH6tot83UL38KwSvZ85iiHLDrtcEE4kNUPfA3Kbwv22D9QsoCrvF0fSSvTMOCND
+        lh121YL4jGaYNrAo35lIF/HkdRmPF4u4EEsr0TPjjAxZdg4WxCY1owFgNLnqnhh4hlM3X6LrxgTOx1JK
+        9Mw4I0OWncMFrzSjKp+XWv/h3p8r4OFCCYn5wsEL6JlxRoYsO38tKDWBD4ZwN3aBzy2g/OvwH9Az44wM
+        2aMLOkfkHy02PWQqlpPRHSwbLjK6hXO3Z5Xo/cxRDFl22FUL7kzl9NUt23v31XLfV21v2fDw0XRweeyN
+        Ej0zzsiQZae9IDw0nd0qN4TImGJ/pSaElK0Zws6avuiZcUaGLDvshqLA8UvDEy+ea3UsfGlhrtxCauP3
+        P8UZGbLssMsXyNNxsuvKYPTM1QeJSN9oPNJ/Lx4ZuJuI9AdSXmZyRoYsO0H5f04o9AeQUJXdgrrJzgAA
+        AABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="toolStripButtonShowHideOptionalAttr.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAM/SURBVDhPbZNbTxMJFMcnxvjgfgEf/ADGxJgoUoFKDRuM
+        F7KigAmt1k5pERCtLS1QehkKvdFOC3SYC51pS2fobQR8ENf9BO76oD7tw34AEuNuspts1ATTc5xiDd7+
+        z/P/ze+cOUOc7hk+1nrD39t+K+7T27P/6CxsQm+Ok5ftMb7LsnCKoKgDxBfp7u7+STcY6uskk793DPE7
+        hN5CP9PbuL91lpW/pmIiOsOF3StjzJtxDwUWR+ilwUQdbRR7eoYPt/e5L3SZ51SLJ/VvZFHEX5z5OqGz
+        Cq/MXhGNzjTM0zw82X6M8UwBPN4gjrnn37aS/HybMdqjs2Ufmdzsf3FGRj5fRVGuYb9nrU6cMAmnrjr4
+        F+GlPA4HVqFQeohcroKeGQod3jAaXZkPl0bZ//1LKrL5GlJpGfy0DFKxASjU9+Y6aWLOD7qFnbl0Hkep
+        LESXCzCpASYDMZxPi3A3yEKKK4I/IYFYrOB6dQNziroPaCyqxSJwpD+HgWQB+lxifcLbAEQxvJiDexQH
+        qvoQSxUVw0wJphbWQMiXP43wOWdt2eSAW0R3RARXpAA3HVFw+yPQANynWGBFBX1xETJiGUq1R7iuwfYN
+        tLTbBDrMlNETFsAX5WA8kAGTYwEiewYsVKoqKtUtTLAKeGOrwEnr3xhYBTrO13BjcwvHKAFmEzwM+Xjt
+        7fweYFmswYOoAglmDUoVbRxtD18Z7AG4Kj79dRtpTob+kVkNIsClkeX6sG8FcsoGrpW3MCPVwBuXgMnK
+        OPCdQRPASmW0j3vw6lAAzhlDdbNnCbJFFSciOZilJVBKNayq3xqQXDLGVvC3p9vYWJRrehZtd9140eiE
+        n81z9VA6D7JWlJRNnKbLmoHSAGCzThAdpuht43TuHZPXVEsbODnHwB1vCoIxFjpvRerWyUUIpXLg1z4z
+        LZTRFZXhvJ39s1n/dOu6mymyc0R6bqXk3aVsBSXtaDKrCtqm0hCmedSOCWeSRbz2QNhpIzOZzn7niWZ9
+        P2cGEkfOmFdGu0aEP8ZCxd1AQkSrl4VgSobrE9LrjtsJVt97/7TBYDjYrPw4rdpf2EKuBs/ZhZ12u/C+
+        jVzebBlcMBwfoA41H9FCEB8BX0YGDunpQ+gAAAAASUVORK5CYII=
+</value>
+  </data>
+  <data name="tsbRefresh.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANYSURBVDhPY0AH8vb1HC75yzUDqzc6+VVvsLPKXa7M4DGR
+        HSoNBf8ZQ0NXMUM5CBBctcGkYeHJ5TO3Xn80f/fNj3O23/gwYf3lu1Xzjq+ObtoZop40hxekzjpjhYVV
+        xnJbsCYYCKzdZDpl4+VbO849+7/t7NP/m089+b/p9NP/608++b/yyMP/M7Zf/1E2+9gGn+r14VmTDp4J
+        bdgWD9UKBMZprDXzjy+bte36/8Kph/4ld+6+XDLj6JKOFWf3z9h2/d2i/ff+T99x53/Lqsv/qhae+VG3
+        5Py/6NadMVDdDAwueavk8qccvBvZsuuXc/H6Mxrhs9RA4uKu3dwBtZssc6Ycml27+NyHmmWX/pctuvi/
+        cuG5fzFtO6LBmkHAMmOFjl/V5iOp/Ufm+VVtyWNgqGeCSoGBvH+/QHrf/m31yy/9L15w/n/VonP/Ytt3
+        RUGlGRgMk5bIO+avS0qdeFrZKW+jOFCIiSE0lJmhHmiQfT1LcN3m8rpFZ7/VAp0O0ly76NyfqOYd4RDd
+        QGCctlQkrW/f5Oq5x5dWzjm+DEivim7dPlMvZZGiRchKTpeitX4gP8cDnQ2yOaxhS7pd5gpTqHYGBov0
+        ldLdqy/cnbvn7v85QDxl09Ufyd17ihkYgK5AAsuOvxB///6/gGHSQhOT1EXBUGGIAV1AA2buuvt/9u67
+        /1uWn3vhX7XeF+R8qBIw6N10N3j/xZcJ/jVbJ1pkr8yACjMwmOUululaBXTB3nv/Z+y8879nw43/BbNP
+        vYts273YOW9psE7EBD274i1BDcsuH69acPqCV92O1za5az2g2kFhMFOuc+X5e40LTz6uXXTmbfH88/8z
+        Z575nz799P/EiUd+RnTsexXUuv9rVPeh/8Edh/67VW45rBfYLQbVzsBoHFSvEdu8eY+xX1Govnd+amj9
+        2hPJk478SJl66n/ilFP/4yad/B814cT/kK7D/12rtlzX9m/0BerjAWKwFxllrZKklN2LHYBsJSDWZeeX
+        c9J2yyxxypq+wrti1XGvqg0XXEpWHTRPmtovbR4OUicBxKB8AQ9kUMIB5ThBIJYCYkUgVgFiTVYuAX1W
+        AQV9NjYRUOqUBGKQGi4gxsyNQMAIxCBngQwDKeKGYhAbJMYKxEiplIEBAD4pdvr4u/BIAAAAAElFTkSu
+        QmCC
+</value>
+  </data>
+  <data name="tsbDelete.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANqSURBVDhPVZNfTFN3FMfvg22c7IElDnygAoKU+QAv4JPG
+        +AeeYC+iDYokTQPjYVFDOyVL9MW6dFRqGNsqiIoInVBbcA7nwLZQKTC4Bez/P/f2tuW25c942+J86Xe/
+        eyVmnOQk9+H3Od9zvudc6v/hGx2VRozGmoBe/8Sj1cZXb978d6Wj451breboq1cfkzxFt7ZKdp7vDtZk
+        yg/39Bj8Ot22X69HsK8X4aFBBAcewWPoAq1WY16l2ppXKjudSuXnO9iHEOBQd7fF19mZZcwj4ANeZNJJ
+        ZDZSSK/z4Nc4cMuLeNvTjdnm5qxToRhxNDbuF2HQtERUvqMHN/kKfMiPuHsRPBdFmhRIkQJJNgxmaR4x
+        jxvegQeYaWjIOurqvnecOLGHivT31/p0uq0oUd7YTCP43AprSQmmVUqiHAPPc5j5qgWWQ8V4OzKMxBqL
+        pdu3YDtzZuN1be1JKmAwPBHUeb8H63+tI0UAe9MFmPbuxUqfEZ7hx/jl0xxMnW8Ax4YQT8URmnXA/mU9
+        Jo8ff0B5tVoueL/v48yZrTSYhVlYD5fCUlQEq7wMlpJDCDltBCZeJBmwTBBv2lrxsro6Sq3euPEubBr6
+        aFgqs4bUZgp0z10MS6UYlkiw2NWJBFEW4FgiCpbk3LfX8Vtl5d+UsOfg4AAx7APMZ5Lgyffq4EOY9u0T
+        i9A//yCqi3A8Aoak67oGL8rL/6HcGg3nvWsQVyXC62uILs1hvLICZpkMz4rJGF+UI+iaRox0wMTDiER8
+        sF+6iF9LDjMU3d4+SGvU4Nx/inCCi8AmmJiTA7r3J7jvG0knn2CqqRHRqB8M6cJr+x0TR49irLj4IbV8
+        7VqNcGHCkSTJBtzGH/E0NxeOFhVipBjLBjF1QYGnn+Viqf8eImwAM5e/xnhh4abl4MFTFN3bK1lQqbpc
+        zZfEIwm8fgXPmBlR34rYsmBYaHkBy2YTPFMTmNfdxnO5HFaZ7I6DovaI1+hqa8t7o1A8mz57Nkt/p0V4
+        bkZUFmDBMGFmn/0POK8Q5bKyrLWgwDxy4MDu/8HV1JQ3XV9vsJ0+vW2rr4OztQWujm8wq2mH/WIjJqqr
+        MFZYuG0pKOiy5Ofn7WC7w3funJScZ83ksWNDL6uqEhMVFe9fyOXvx0tLE2NFRUMWmaxm9MgR6c5zEhT1
+        H3ZdepdgVNV7AAAAAElFTkSuQmCC
+</value>
+  </data>
+  <data name="tsbAddToGroup.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJRSURBVDhPrZJLSNRRFMb/m7SiFrWpTa2KZIJevtq2bxlB
+        GPRANMnI8RGUkWNQUFFiCyXRjWQxKjmmgpVGWpbjc16aOaPO/LMxnNGBVhbSr3PvpAypuw583HsPfN85
+        9zvH+G/hCwYt6UUeFNIE/ZNBy0pevVMVCj30/s2viYxiL93jJm0ekxa3iXqv5Lsk/1JyL1whjlo9Or8m
+        Mku8NLlM6gZN7J4wx8tjGpm2GG3jYWoHTKqcIQ5ddW8soMgPP5qaOPYDBhahLwrpZTHu94Ww9YSw5Ls2
+        FnjiNLnzIS7wLgKtYWichdRbMWy9IQreBNl3aXR9AYcvaFEiGiKgyLUzUBmAIzcXdWVFLuv6x8S0EveB
+        VaIgQ53y78avcbJtDA5eX9TkPdnD7Do3xI6sQbadGUrRApnF3up7jgCd3rj7DSMCV1i3rSor8tPRWWo+
+        TfPo/RTlbwOcrPSx5bTzdVxAKnbI6JplApW9s9qwRPL+kgX2WhfYnR8l3zGDtdNPboef5FP9cS9Uy3ap
+        WjdkcrZ2nqq+XwyL+z1iYvscPDehegqympdIKZ0ju81PlmOSpFUBWZQambHeNqnsXIDueWj5BvVBeCzk
+        uxNwwwdbsyN0/K5YNiaMZX2qSBeByw0BjsmaqrZffYcmGV3dNFT44fZnuOaBK6NocqKAvqcWuu2KfFg2
+        TP35mbSs/vzgC5TJBIrc8cq5w6CIa5AYyrCc1p/asFJpucAFeSOw+WKEE/VL63eQGHutUbsi78yLsj0n
+        qisrcrIg6UKETecj7YkChmEYfwCpBC6AnpT9dAAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbResetPassword.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOrSURBVDhPVZALTFNXHMaPe7gtYCmkLtG4rcDAJVMXkyUj
+        gYhLmrFk3RodG6GPdFW4tJioo6Tj4VbNJCFTcTTyGiiWiVqca0wpEEBAqBa2CdUCUghRQLAPKLS9lcq9
+        9/x3W9iyfcmXLycnvy/fOeh/EnhjNsldtTt/8JLvly4Ftijd3fxjjo82bl9hnWw0Gvnrx/9KCy+FY7PC
+        VX/gkh+MKwDXWIsaSeAdeWr/UlawN1siaa44fx40Gs2YVqvlsA4XbugreDkcnFy3vXYyxKjur1GH771g
+        tA4Kc6W2Jd2ZHx8/eTIDnV1dIBaLHWVlZVsj3L/aWBBFuK0nrEGcayXpfEsAKwYZ2KHoh+52I1juDlIS
+        iWRWJBLlZWZmXlar1ToW2VjxzwKl89HpUT8tt3go4o4b5w0G8VZZH279vYluuXETC4XCHoFAcLGurg5q
+        amqAz+dnRHh2QaQpKtdVd/CqD75ofcocbPWAoHEOsoubsKWvGxyOKWwwGMBsNoPdbgf2D3BiYiIR4SNK
+        mX0D7Z7bgT6bbouWz1MxOZOrWYWNeGSwD9tsD3BHuxm3mVvBZDKBWl24mJqaeonD4XyyDkucx7n5nkmu
+        yjkRneudjRU/ZLKU5bR1oBP3W+7hNpMRF2i0obf4SRf5CfwL27dvKWCpD1hz0Gtfu06JGvxwy81A1TQD
+        5yZC8FNTCwzcbofeOwNwRd+EC4o1TPLxXow+tTSz0OsIpXPTe9efjd7RuLBhgYHy8VUmf4RiDv32EBsa
+        qvEwO7u+oQGXlpTAqStdcPp+CKdWzEH0LlV6BESwKRI7v/P69GzBoV4/VvSvQU63E9TllVBdWQGaklLo
+        uDsMEwEKt4z7mJPDfiystY3zcvTJEThcklDsJZsXadhT4YWUC15QDj2HjPphKKy6Cj1DdvjTA1BtC4DW
+        6sPmKZKxPFuDIzdmHnO/MX4e6Ugo8pJ6ZwjiT7rhw8olkPZ5QPfHCniCALdnKdCxcPEQCb8+eg5jCyS+
+        PumndGMvILt5YgbtO5GEdpUs+24ukvTb38/Te84+ow9b5mnTlI+2LazSVaMB+uwoSZc/CNC3poJ0+3SQ
+        OfNXgPnFsUod7VmG2P2yLMQ7ugwp53wQpVqEuGNLsK3IDSK9G4osfsjpWAFllw/yOldAxaYynB0u/O2A
+        HzJ+to4gXrwQoXdlexFXlo+S5ARKVBBom5x4dbeYiP1YSvDSpERs2PukRAybMWliIi4tUxG3XyLf/OZ7
+        BxBC8X8DFpAn6JwiguoAAAAASUVORK5CYII=
+</value>
+  </data>
+  <data name="tsbVerifyPassword.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAGwSURBVDhPlVHdK0NhHD63vm5cuZALSzQl8jH/gvIfuKFs
+        tVBbceEjO1xutTIXrFwQk+FitSSkRfJRJF/NImZjOGcOJuFmj/d3zmkZ07annovf+/6e5/d7n5f7jZcP
+        lNZbpFlGEOss0kQwFteq1+nBRLunr8Dek8ItEWgYkALqdXo0DknwCYDnTqE7DHkT9To9UhnUDmZpQMKJ
+        K4UjF0D1wFPmBjpmMB8CRi8VMX8KOJ3OVORVSTJ2o3EtvZnWpsnU7Pf7kzagms7VUkGV7T5Px0c3foor
+        exUDQRBQ1Ck6is2hHOql+o+BjpfGxre+cCABmyzEpQjgZaTGWCyGloUP5OuFVeql+o8BTaZ/X39k6d8C
+        M0Fg6loxoIl9J0BuuyCLUm5Aa688AIvs2yZZ+g4WoLWjBnZjRRKtxvJ4gnrNmyrnOHrzHEu/rCcKewAY
+        PoMs2PN2IXTE4/N5OsHw8RD2l02ymSrnOArMdQOUmKOwnQMW9n1ksDbZhIvtVrxHuhO83GmDz9WcbECT
+        DZ5PShv97L2mwywNSsyim8SFRhEFBlEOjBoyNkgFComa/qVe8/YNmkvZEGuMCakAAAAASUVORK5CYII=
+</value>
+  </data>
+  <data name="tsbExportResult.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAXkSURBVFhHpVdrbJNlFDaK/iP6w2FMFM2CGoTBbjDI2Lqt
+        xc0h4A+VBIxcjKiIEBB0DNl9gIKiJkiGZKJQdunald1h0XgZosOoGHSD3drdel237tZt3fZ4ztuvZZ0b
+        68qTPDnf+57znvO8t+9r7yHMKSouLlNrtSjSaKDyiWph1cXFKCgq0nIOTsQ2Oq28LDajCtHplaBnhyyl
+        JCds+9EHJf+UmMuJ/IXJZIIyP09Dee7jXCtTL0H5pxnVjT1Q/m5AmvYGFNmXITtUvI/893LByQjgmTOa
+        W3Ro0elnJMcxzimVwhoMBuQVFnxPuR5ZvFt5acuZWpz8sQUl/1hRVtcF9V8mbDr5M6KTNccohoV6YR4v
+        J0Onb4W+tQ2tbe3Tkv0cxzifl4fu7h7xbOjshEpV2Er5ggNCXtgauuvste25tbh4w4qcX9qhuW7G2o+/
+        Q+DqV+e5yt6GRwAnb2vvmJEcx1CSgKHhYVitXaJtpJUoUhW0Uc4FxIiVyWrjkfJ6ZFfr8GVNBz4qq0PU
+        QU0J+dxnRsAjoI1m2NHROSM5jsECGCzCvRIWOhNVZWoj5X1i0Ybkg9tOX0V5vQ27tQ2oqu8SB5N8c0Vl
+        CSRALQa3dxrQaTDOyPYOg4ivvXZNbAMLYfutdCaqSjWgvI8+nbhj/caTV1D4dxe2FdxC0Q0bZOkV7HtY
+        VJYwT6V2CeDkBqNpRnKcva9XjJkKlSVqIYA4P4au5Fe/GfHahTqcqTVBliYEeJ0DjwBObjSZfaJLCJGt
+        JIrJqCABYfsKzsvoXRB5qBSfXzHidVWTsNyOzaiEPL28nGqLs+ARYKLEZrPFL/JYk9Es8rCA5SlVUP47
+        iG+u2/H1HzZsVuuF5XZ+3SDkWZd4JcRZ8AgwWyywWK1+k8czyi6KLXg+MqUCqTV27Kw0Y2eFUdg0akvb
+        EE4Ub0iPAIvVBmuX/+TxDG2xEBBKjJKlViD9VweSfuoTNiatkn1RxMeIDxBvC7B1dcNmuwvSeIaGXu1S
+        AWZUTNplnL4JKn75f8UZHgHdth5xn/1hT7cd9h7XzbioLeVCfNK5iBAhz7w6ZXGGR0CP3T5r2nt70d8/
+        gGGHE2PDIg2qy39wC2C4RQRJ1qs4wyOAk82GvX19GBhwYHwEOJi3F0H75yP0QCBWHFpIn+Ngum5hiMt0
+        M9TzrMiKQEJ2ZBnV9r6GfX39PrO/bwCOQZqyk4pf2INT1SfQaLqJFnMT9NYWtHbp0Nal9yL36a3N4plF
+        UG3va8hL6SsHaeZjPPP890TxW4Y6JOW9SzNfiliapTwrnIqEC8uzjqUViMkMwarUxUJEXGY4CwjwEjAw
+        OOgzHUOuDQ/a/zgVr8eB/J2IzgiiIkshPxyGNccise4TmbAKasdmh4h+eXaYWCFJgDgnHgEOh8NnjgzT
+        9AlLP3gSTaYGxB1ZItpuxB5egsTjEcJOhOJoCPQWEpAxhYChoSGf6RyhzScEk4BmUyPWfhaB+OPBos+N
+        yKxA6cmF+OMhIk5v0U0tYHjYSRzxiaPOMTGGV6DZ1ISXT8mw4VQsEk+Eif7J4H72c9y0AkZHR+F0On3i
+        +Ni4GLP0fZeATWfisCU3ARtyZFB8ulD43OA297Of46YVMDY2JkT4QrjqSwIasfmsAlvOxuOlnBUuxyRw
+        P/s5TmeefAakn2SM8fFxn+gGb0GjsQGbz8VhY+4qqdcFxRcLpCcX2M9xLWa6hhMF8J8SfxGSFIhGQwO2
+        KuVSjzdeyY2QnlzguGZTM70lJwjQaLV9/OeEV4K3wxeqi7WoLK3Gsg+fEiuwQ52At1UJ2F64Gm8UKMgq
+        RPudojV4SxWPNwufE22O4zMzUcBDxBBiHFE+SyasTHlWCNhVkog9Jeuwp3S9F/eWvni7TX6OYwETt+B+
+        Iovgxmz5TExGKL3ZdCIpL23LHch+jmuleOlbwDnuCgGxSctqFFnLxZLy189lp6PLz8XjkpfX8HhXGv/B
+        X7NFRBlxqi2ajhzP47z+oPgD/p5zEp7J5O25Ezmext0z5z/2v15bK0u5FQAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <metadata name="cmuResultTreeView.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>237, 17</value>
+  </metadata>
+  <metadata name="$this.TrayHeight" type="System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
+    <value>45</value>
+  </metadata>
+  <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAQAQAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAuHQXAP+sIQCxbxYAq2wVFKtrFXGoaRW2tXIW1eGNHNXejBy21YYbcdSFGhTbihsA/8QpAN6M
+        HAAAAAAAuXQXAL94FwCxbxYAs3EWbbBvFvSsbBX/pmgU/55jE/+2chb/4Y0c/9yKG//ZiBv024kbbdeH
+        GwDkjx0A34wcAL14FwCwbxYAs3EWlbJwFv+sbBX/pmgU/6FlFP+bYRP/jVgR/6xsFv/ijhv/24ka/9qJ
+        HP/XhxuV1ocbAOKOHQCycBYAs3EWarJwFv+rbBX/pmgU/6BlFP+bYRP/ll4S/5FbEv+AUA7/nl4G/9yF
+        D//biRn/3Ioc/9iIG2rZiRsArm0WELJwFvysbBX/pWgU/6BlFP+bYhP/k1kL/45WC/+LVg//dTwA/7in
+        j//34MH/2YMP/9qIGf/cihz80YMaELFvFnKsbBX/pWgU/6FmFf+YXQ3/jE8A/5ZjHv+QXhr/dDsA/7ui
+        gP//////7smW/9iBDf/aiRr/24oc/96LHHKycBa8o2YU/6BlFP+YXQ3/kVgL/9rHr//28+3/9PDq/+Ta
+        zP//////7MCG/9V5AP/aiRr/24oc/9qJG//aiRu82Ygb169uFv+TXBL/i04A/97Nt//o4NT/jF0h/4pe
+        JP/k39f//ezT/9R3AP/aiRr/24oc/9uKHP/ZiBv/2okb2NyKG9fcixv/nmAM/49hIf/8+vn/jF0c/3ZC
+        AP91QAD/h1wi//r07P/djyT/2YYV/9uKHP/bihz/2Ygb/9qJG9jaiRu83osc/9mFE/+jbib/8fT3/4dZ
+        Gf93QwD/dkIA/4ZaH//8+vj/3pAn/9mFFP/bihz/24oc/9qJG//aiRu83oscctqJG//fjBz/0nsF/+3Z
+        vf/a1c3/g1Yb/4RXHv/a19P/+N64/9Z+Bf/aihz/24oc/9uKHP/bihz/3oscctGDGhDcihz82Ykb/9yH
+        Ff/ahhX/+N24//r17v/69e7/+Nu0/9iEE//Zhhb/24oc/9uKHP/aiRv/3Ioc/NGDGhDZiRsA2IgbatuK
+        G//bih3/2oYV/9d/CP/glC3/35Ms/9d/B//ahhX/24od/9uKHP/aiRv/24ob/9iIG2rZiRsA4o4dANaH
+        GwDXhxuV2okb/9qJG//bihz/2YUU/9mGFP/bihz/24oc/9uKHP/aiRv/2okb/9eHG5XWhxsA4o4dAN+M
+        HADkjx0A14cbANuJG23ZiRv02okb/9qJG//bihz/24oc/9qJG//aiRv/2Ykb9NuJG23XhxsA5I8dAN+M
+        HAAAAAAA3owcAP/EKQDbihsA1IUaFNaGG3Hcihu224kb1NuJG9Tcihu21oYbcdSFGhTbihsA/8QpAN6M
+        HAAAAAAA+B8AAOAHAADAAwAAgAEAAIABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAQAAgAEAAMAD
+        AADgBwAA+B8AAA==
+</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.Designer.cs
new file mode 100644
index 000000000..0ef8ab02e
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.Designer.cs
@@ -0,0 +1,571 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System.Windows.Forms;
+namespace LWRaftSnapIn.UI
+{
+    partial class SearchQueryControl
+    {
+        /// <summary> 
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary> 
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Component Designer generated code
+
+        /// <summary> 
+        /// Required method for Designer support - do not modify 
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.components = new System.ComponentModel.Container();
+            this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.removeToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+            this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
+            this.buttonSearch = new System.Windows.Forms.Button();
+            this.contextMenuStrip2 = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.toolTip1 = new System.Windows.Forms.ToolTip(this.components);
+            this.buttonAttrRemove = new System.Windows.Forms.Button();
+            this.buttonAttrRemoveAll = new System.Windows.Forms.Button();
+            this.buttonAttrAdd = new System.Windows.Forms.Button();
+            this.buttonFromFile = new System.Windows.Forms.Button();
+            this.buttonCopyFilter = new System.Windows.Forms.Button();
+            this.buttonCondRemove = new System.Windows.Forms.Button();
+            this.buttonCondRemoveAll = new System.Windows.Forms.Button();
+            this.buttonCondAdd = new System.Windows.Forms.Button();
+            this.panel1 = new System.Windows.Forms.Panel();
+            this.groupBox1 = new System.Windows.Forms.GroupBox();
+            this.groupBox2 = new System.Windows.Forms.GroupBox();
+            this.comboBoxAttrToReturn = new System.Windows.Forms.ComboBox();
+            this.listViewAttrToReturn = new System.Windows.Forms.ListView();
+            this.Attribute = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.label2 = new System.Windows.Forms.Label();
+            this.label3 = new System.Windows.Forms.Label();
+            this.textBoxBase = new System.Windows.Forms.TextBox();
+            this.comboBoxScope = new System.Windows.Forms.ComboBox();
+            this.tabControl1 = new System.Windows.Forms.TabControl();
+            this.buildFilterPage = new System.Windows.Forms.TabPage();
+            this.groupBox3 = new System.Windows.Forms.GroupBox();
+            this.comboBoxLogicalOp = new System.Windows.Forms.ComboBox();
+            this.label6 = new System.Windows.Forms.Label();
+            this.textBoxVal = new System.Windows.Forms.TextBox();
+            this.label5 = new System.Windows.Forms.Label();
+            this.comboBoxAttr = new System.Windows.Forms.ComboBox();
+            this.label4 = new System.Windows.Forms.Label();
+            this.comboBoxCond = new System.Windows.Forms.ComboBox();
+            this.listViewConditions = new System.Windows.Forms.ListView();
+            this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader3 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader4 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.textFilterPage = new System.Windows.Forms.TabPage();
+            this.groupBox5 = new System.Windows.Forms.GroupBox();
+            this.textBoxFilterString = new System.Windows.Forms.TextBox();
+            this.contextMenuStrip1.SuspendLayout();
+            this.contextMenuStrip2.SuspendLayout();
+            this.panel1.SuspendLayout();
+            this.groupBox1.SuspendLayout();
+            this.groupBox2.SuspendLayout();
+            this.tabControl1.SuspendLayout();
+            this.buildFilterPage.SuspendLayout();
+            this.groupBox3.SuspendLayout();
+            this.textFilterPage.SuspendLayout();
+            this.groupBox5.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // contextMenuStrip1
+            // 
+            this.contextMenuStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.removeToolStripMenuItem});
+            this.contextMenuStrip1.Name = "contextMenuStrip1";
+            this.contextMenuStrip1.Size = new System.Drawing.Size(118, 26);
+            this.contextMenuStrip1.Opening += new System.ComponentModel.CancelEventHandler(this.contextMenuStrip1_Opening_1);
+            // 
+            // removeToolStripMenuItem
+            // 
+            this.removeToolStripMenuItem.Name = "removeToolStripMenuItem";
+            this.removeToolStripMenuItem.Size = new System.Drawing.Size(117, 22);
+            this.removeToolStripMenuItem.Text = "Remove";
+            this.removeToolStripMenuItem.Click += new System.EventHandler(this.removeToolStripMenuItem_Click_1);
+            // 
+            // toolStripMenuItem1
+            // 
+            this.toolStripMenuItem1.Name = "toolStripMenuItem1";
+            this.toolStripMenuItem1.Size = new System.Drawing.Size(152, 22);
+            this.toolStripMenuItem1.Text = "Remove";
+            this.toolStripMenuItem1.Click += new System.EventHandler(this.toolStripMenuItem1_Click);
+            // 
+            // buttonSearch
+            // 
+            this.buttonSearch.Location = new System.Drawing.Point(455, 270);
+            this.buttonSearch.Name = "buttonSearch";
+            this.buttonSearch.Size = new System.Drawing.Size(75, 23);
+            this.buttonSearch.TabIndex = 8;
+            this.buttonSearch.Text = "Search";
+            this.buttonSearch.UseVisualStyleBackColor = true;
+            this.buttonSearch.Click += new System.EventHandler(this.buttonSearch_Click);
+            // 
+            // contextMenuStrip2
+            // 
+            this.contextMenuStrip2.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.toolStripMenuItem1});
+            this.contextMenuStrip2.Name = "contextMenuStrip1";
+            this.contextMenuStrip2.Size = new System.Drawing.Size(118, 26);
+            this.contextMenuStrip2.Opening += new System.ComponentModel.CancelEventHandler(this.contextMenuStrip2_Opening);
+            // 
+            // buttonAttrRemove
+            // 
+            this.buttonAttrRemove.Location = new System.Drawing.Point(203, 57);
+            this.buttonAttrRemove.Name = "buttonAttrRemove";
+            this.buttonAttrRemove.Size = new System.Drawing.Size(75, 23);
+            this.buttonAttrRemove.TabIndex = 12;
+            this.buttonAttrRemove.Text = "Remove";
+            this.toolTip1.SetToolTip(this.buttonAttrRemove, "Remove attribute from table");
+            this.buttonAttrRemove.UseVisualStyleBackColor = true;
+            this.buttonAttrRemove.Click += new System.EventHandler(this.buttonAttrRemove_Click);
+            // 
+            // buttonAttrRemoveAll
+            // 
+            this.buttonAttrRemoveAll.Location = new System.Drawing.Point(203, 87);
+            this.buttonAttrRemoveAll.Name = "buttonAttrRemoveAll";
+            this.buttonAttrRemoveAll.Size = new System.Drawing.Size(75, 23);
+            this.buttonAttrRemoveAll.TabIndex = 13;
+            this.buttonAttrRemoveAll.Text = "Remove All";
+            this.toolTip1.SetToolTip(this.buttonAttrRemoveAll, "Remove all attribute from table");
+            this.buttonAttrRemoveAll.UseVisualStyleBackColor = true;
+            this.buttonAttrRemoveAll.Click += new System.EventHandler(this.buttonAttrRemoveAll_Click);
+            // 
+            // buttonAttrAdd
+            // 
+            this.buttonAttrAdd.Location = new System.Drawing.Point(203, 27);
+            this.buttonAttrAdd.Name = "buttonAttrAdd";
+            this.buttonAttrAdd.Size = new System.Drawing.Size(75, 23);
+            this.buttonAttrAdd.TabIndex = 10;
+            this.buttonAttrAdd.Text = "Add";
+            this.toolTip1.SetToolTip(this.buttonAttrAdd, "Add attribute");
+            this.buttonAttrAdd.UseVisualStyleBackColor = true;
+            this.buttonAttrAdd.Click += new System.EventHandler(this.buttonAttrAdd_Click);
+            // 
+            // buttonFromFile
+            // 
+            this.buttonFromFile.Location = new System.Drawing.Point(596, 153);
+            this.buttonFromFile.Name = "buttonFromFile";
+            this.buttonFromFile.Size = new System.Drawing.Size(75, 23);
+            this.buttonFromFile.TabIndex = 18;
+            this.buttonFromFile.Text = "From File";
+            this.toolTip1.SetToolTip(this.buttonFromFile, "Add conditions from file.");
+            this.buttonFromFile.UseVisualStyleBackColor = true;
+            this.buttonFromFile.Click += new System.EventHandler(this.buttonFromFile_Click);
+            // 
+            // buttonCopyFilter
+            // 
+            this.buttonCopyFilter.Location = new System.Drawing.Point(595, 123);
+            this.buttonCopyFilter.Name = "buttonCopyFilter";
+            this.buttonCopyFilter.Size = new System.Drawing.Size(75, 23);
+            this.buttonCopyFilter.TabIndex = 17;
+            this.buttonCopyFilter.Text = "Copy To TextFilter";
+            this.toolTip1.SetToolTip(this.buttonCopyFilter, "Copy filter to TextFilter");
+            this.buttonCopyFilter.UseVisualStyleBackColor = true;
+            this.buttonCopyFilter.Click += new System.EventHandler(this.buttonCopyFilter_Click);
+            // 
+            // buttonCondRemove
+            // 
+            this.buttonCondRemove.Location = new System.Drawing.Point(595, 65);
+            this.buttonCondRemove.Name = "buttonCondRemove";
+            this.buttonCondRemove.Size = new System.Drawing.Size(75, 23);
+            this.buttonCondRemove.TabIndex = 15;
+            this.buttonCondRemove.Text = "Remove";
+            this.toolTip1.SetToolTip(this.buttonCondRemove, "Remove selected condition from table");
+            this.buttonCondRemove.UseVisualStyleBackColor = true;
+            this.buttonCondRemove.Click += new System.EventHandler(this.buttonCondRemove_Click);
+            // 
+            // buttonCondRemoveAll
+            // 
+            this.buttonCondRemoveAll.Location = new System.Drawing.Point(595, 94);
+            this.buttonCondRemoveAll.Name = "buttonCondRemoveAll";
+            this.buttonCondRemoveAll.Size = new System.Drawing.Size(75, 23);
+            this.buttonCondRemoveAll.TabIndex = 16;
+            this.buttonCondRemoveAll.Text = "Remove All";
+            this.toolTip1.SetToolTip(this.buttonCondRemoveAll, "Remove all conditions from table");
+            this.buttonCondRemoveAll.UseVisualStyleBackColor = true;
+            this.buttonCondRemoveAll.Click += new System.EventHandler(this.buttonCondRemoveAll_Click);
+            // 
+            // buttonCondAdd
+            // 
+            this.buttonCondAdd.Location = new System.Drawing.Point(595, 37);
+            this.buttonCondAdd.Name = "buttonCondAdd";
+            this.buttonCondAdd.Size = new System.Drawing.Size(75, 23);
+            this.buttonCondAdd.TabIndex = 6;
+            this.buttonCondAdd.Text = "Add";
+            this.toolTip1.SetToolTip(this.buttonCondAdd, "Add condition");
+            this.buttonCondAdd.UseVisualStyleBackColor = true;
+            this.buttonCondAdd.Click += new System.EventHandler(this.buttonCondAdd_Click);
+            // 
+            // panel1
+            // 
+            this.panel1.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)));
+            this.panel1.Controls.Add(this.groupBox1);
+            this.panel1.Controls.Add(this.buttonSearch);
+            this.panel1.Controls.Add(this.tabControl1);
+            this.panel1.Location = new System.Drawing.Point(3, 3);
+            this.panel1.Name = "panel1";
+            this.panel1.Size = new System.Drawing.Size(1020, 300);
+            this.panel1.TabIndex = 22;
+            // 
+            // groupBox1
+            // 
+            this.groupBox1.BackColor = System.Drawing.Color.WhiteSmoke;
+            this.groupBox1.Controls.Add(this.groupBox2);
+            this.groupBox1.Controls.Add(this.label2);
+            this.groupBox1.Controls.Add(this.label3);
+            this.groupBox1.Controls.Add(this.textBoxBase);
+            this.groupBox1.Controls.Add(this.comboBoxScope);
+            this.groupBox1.Location = new System.Drawing.Point(3, 2);
+            this.groupBox1.Name = "groupBox1";
+            this.groupBox1.Size = new System.Drawing.Size(315, 265);
+            this.groupBox1.TabIndex = 23;
+            this.groupBox1.TabStop = false;
+            // 
+            // groupBox2
+            // 
+            this.groupBox2.Controls.Add(this.comboBoxAttrToReturn);
+            this.groupBox2.Controls.Add(this.buttonAttrRemove);
+            this.groupBox2.Controls.Add(this.listViewAttrToReturn);
+            this.groupBox2.Controls.Add(this.buttonAttrRemoveAll);
+            this.groupBox2.Controls.Add(this.buttonAttrAdd);
+            this.groupBox2.Location = new System.Drawing.Point(6, 102);
+            this.groupBox2.Name = "groupBox2";
+            this.groupBox2.Size = new System.Drawing.Size(303, 156);
+            this.groupBox2.TabIndex = 26;
+            this.groupBox2.TabStop = false;
+            this.groupBox2.Text = "Attributes To Return:";
+            // 
+            // comboBoxAttrToReturn
+            // 
+            this.comboBoxAttrToReturn.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxAttrToReturn.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxAttrToReturn.FormattingEnabled = true;
+            this.comboBoxAttrToReturn.Location = new System.Drawing.Point(6, 29);
+            this.comboBoxAttrToReturn.Name = "comboBoxAttrToReturn";
+            this.comboBoxAttrToReturn.Size = new System.Drawing.Size(191, 21);
+            this.comboBoxAttrToReturn.TabIndex = 9;
+            // 
+            // listViewAttrToReturn
+            // 
+            this.listViewAttrToReturn.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.Attribute});
+            this.listViewAttrToReturn.ContextMenuStrip = this.contextMenuStrip2;
+            this.listViewAttrToReturn.GridLines = true;
+            this.listViewAttrToReturn.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.None;
+            this.listViewAttrToReturn.Location = new System.Drawing.Point(6, 58);
+            this.listViewAttrToReturn.Name = "listViewAttrToReturn";
+            this.listViewAttrToReturn.Size = new System.Drawing.Size(191, 88);
+            this.listViewAttrToReturn.TabIndex = 11;
+            this.listViewAttrToReturn.UseCompatibleStateImageBehavior = false;
+            this.listViewAttrToReturn.View = System.Windows.Forms.View.Details;
+            // 
+            // Attribute
+            // 
+            this.Attribute.Width = 185;
+            // 
+            // label2
+            // 
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(11, 27);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(70, 13);
+            this.label2.TabIndex = 2;
+            this.label2.Text = "Search From:";
+            // 
+            // label3
+            // 
+            this.label3.AutoSize = true;
+            this.label3.Location = new System.Drawing.Point(11, 62);
+            this.label3.Name = "label3";
+            this.label3.Size = new System.Drawing.Size(78, 13);
+            this.label3.TabIndex = 4;
+            this.label3.Text = "Search Scope:";
+            // 
+            // textBoxBase
+            // 
+            this.textBoxBase.Location = new System.Drawing.Point(91, 20);
+            this.textBoxBase.Name = "textBoxBase";
+            this.textBoxBase.Size = new System.Drawing.Size(193, 20);
+            this.textBoxBase.TabIndex = 1;
+            // 
+            // comboBoxScope
+            // 
+            this.comboBoxScope.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxScope.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxScope.FormattingEnabled = true;
+            this.comboBoxScope.Location = new System.Drawing.Point(92, 54);
+            this.comboBoxScope.Name = "comboBoxScope";
+            this.comboBoxScope.Size = new System.Drawing.Size(192, 21);
+            this.comboBoxScope.TabIndex = 2;
+            // 
+            // tabControl1
+            // 
+            this.tabControl1.Controls.Add(this.buildFilterPage);
+            this.tabControl1.Controls.Add(this.textFilterPage);
+            this.tabControl1.Location = new System.Drawing.Point(324, 8);
+            this.tabControl1.Multiline = true;
+            this.tabControl1.Name = "tabControl1";
+            this.tabControl1.SelectedIndex = 0;
+            this.tabControl1.Size = new System.Drawing.Size(693, 259);
+            this.tabControl1.TabIndex = 22;
+            // 
+            // buildFilterPage
+            // 
+            this.buildFilterPage.Controls.Add(this.groupBox3);
+            this.buildFilterPage.Location = new System.Drawing.Point(4, 22);
+            this.buildFilterPage.Name = "buildFilterPage";
+            this.buildFilterPage.Padding = new System.Windows.Forms.Padding(3);
+            this.buildFilterPage.Size = new System.Drawing.Size(685, 233);
+            this.buildFilterPage.TabIndex = 0;
+            this.buildFilterPage.Text = "Build Filter";
+            this.buildFilterPage.UseVisualStyleBackColor = true;
+            // 
+            // groupBox3
+            // 
+            this.groupBox3.BackColor = System.Drawing.Color.WhiteSmoke;
+            this.groupBox3.Controls.Add(this.buttonFromFile);
+            this.groupBox3.Controls.Add(this.comboBoxLogicalOp);
+            this.groupBox3.Controls.Add(this.buttonCopyFilter);
+            this.groupBox3.Controls.Add(this.buttonCondRemove);
+            this.groupBox3.Controls.Add(this.label6);
+            this.groupBox3.Controls.Add(this.buttonCondRemoveAll);
+            this.groupBox3.Controls.Add(this.textBoxVal);
+            this.groupBox3.Controls.Add(this.label5);
+            this.groupBox3.Controls.Add(this.comboBoxAttr);
+            this.groupBox3.Controls.Add(this.label4);
+            this.groupBox3.Controls.Add(this.comboBoxCond);
+            this.groupBox3.Controls.Add(this.buttonCondAdd);
+            this.groupBox3.Controls.Add(this.listViewConditions);
+            this.groupBox3.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.groupBox3.Location = new System.Drawing.Point(3, 3);
+            this.groupBox3.Name = "groupBox3";
+            this.groupBox3.Size = new System.Drawing.Size(679, 227);
+            this.groupBox3.TabIndex = 20;
+            this.groupBox3.TabStop = false;
+            // 
+            // comboBoxLogicalOp
+            // 
+            this.comboBoxLogicalOp.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxLogicalOp.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxLogicalOp.FormattingEnabled = true;
+            this.comboBoxLogicalOp.Location = new System.Drawing.Point(12, 200);
+            this.comboBoxLogicalOp.Name = "comboBoxLogicalOp";
+            this.comboBoxLogicalOp.Size = new System.Drawing.Size(58, 21);
+            this.comboBoxLogicalOp.TabIndex = 7;
+            // 
+            // label6
+            // 
+            this.label6.AutoSize = true;
+            this.label6.Location = new System.Drawing.Point(379, 20);
+            this.label6.Name = "label6";
+            this.label6.Size = new System.Drawing.Size(37, 13);
+            this.label6.TabIndex = 11;
+            this.label6.Text = "Value:";
+            // 
+            // textBoxVal
+            // 
+            this.textBoxVal.Location = new System.Drawing.Point(382, 37);
+            this.textBoxVal.Name = "textBoxVal";
+            this.textBoxVal.Size = new System.Drawing.Size(200, 20);
+            this.textBoxVal.TabIndex = 5;
+            // 
+            // label5
+            // 
+            this.label5.AutoSize = true;
+            this.label5.Location = new System.Drawing.Point(194, 19);
+            this.label5.Name = "label5";
+            this.label5.Size = new System.Drawing.Size(54, 13);
+            this.label5.TabIndex = 10;
+            this.label5.Text = "Condition:";
+            // 
+            // comboBoxAttr
+            // 
+            this.comboBoxAttr.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxAttr.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxAttr.FormattingEnabled = true;
+            this.comboBoxAttr.Location = new System.Drawing.Point(12, 37);
+            this.comboBoxAttr.Name = "comboBoxAttr";
+            this.comboBoxAttr.Size = new System.Drawing.Size(180, 21);
+            this.comboBoxAttr.TabIndex = 3;
+            // 
+            // label4
+            // 
+            this.label4.AutoSize = true;
+            this.label4.Location = new System.Drawing.Point(9, 19);
+            this.label4.Name = "label4";
+            this.label4.Size = new System.Drawing.Size(49, 13);
+            this.label4.TabIndex = 9;
+            this.label4.Text = "Attribute:";
+            // 
+            // comboBoxCond
+            // 
+            this.comboBoxCond.AutoCompleteMode = System.Windows.Forms.AutoCompleteMode.SuggestAppend;
+            this.comboBoxCond.AutoCompleteSource = System.Windows.Forms.AutoCompleteSource.ListItems;
+            this.comboBoxCond.FormattingEnabled = true;
+            this.comboBoxCond.Location = new System.Drawing.Point(196, 37);
+            this.comboBoxCond.Name = "comboBoxCond";
+            this.comboBoxCond.Size = new System.Drawing.Size(180, 21);
+            this.comboBoxCond.TabIndex = 4;
+            // 
+            // listViewConditions
+            // 
+            this.listViewConditions.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.columnHeader2,
+            this.columnHeader3,
+            this.columnHeader4});
+            this.listViewConditions.ContextMenuStrip = this.contextMenuStrip1;
+            this.listViewConditions.FullRowSelect = true;
+            this.listViewConditions.GridLines = true;
+            this.listViewConditions.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.None;
+            this.listViewConditions.HideSelection = false;
+            this.listViewConditions.HoverSelection = true;
+            this.listViewConditions.Location = new System.Drawing.Point(12, 65);
+            this.listViewConditions.Name = "listViewConditions";
+            this.listViewConditions.Size = new System.Drawing.Size(570, 129);
+            this.listViewConditions.TabIndex = 14;
+            this.listViewConditions.UseCompatibleStateImageBehavior = false;
+            this.listViewConditions.View = System.Windows.Forms.View.Details;
+            // 
+            // columnHeader2
+            // 
+            this.columnHeader2.Text = "Attribute";
+            this.columnHeader2.Width = 181;
+            // 
+            // columnHeader3
+            // 
+            this.columnHeader3.Text = "Condition";
+            this.columnHeader3.Width = 179;
+            // 
+            // columnHeader4
+            // 
+            this.columnHeader4.Text = "Value";
+            this.columnHeader4.Width = 205;
+            // 
+            // textFilterPage
+            // 
+            this.textFilterPage.Controls.Add(this.groupBox5);
+            this.textFilterPage.Location = new System.Drawing.Point(4, 22);
+            this.textFilterPage.Name = "textFilterPage";
+            this.textFilterPage.Padding = new System.Windows.Forms.Padding(3);
+            this.textFilterPage.Size = new System.Drawing.Size(685, 233);
+            this.textFilterPage.TabIndex = 1;
+            this.textFilterPage.Text = "TextFilter";
+            this.textFilterPage.UseVisualStyleBackColor = true;
+            // 
+            // groupBox5
+            // 
+            this.groupBox5.BackColor = System.Drawing.Color.WhiteSmoke;
+            this.groupBox5.Controls.Add(this.textBoxFilterString);
+            this.groupBox5.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.groupBox5.Location = new System.Drawing.Point(3, 3);
+            this.groupBox5.Name = "groupBox5";
+            this.groupBox5.Size = new System.Drawing.Size(679, 227);
+            this.groupBox5.TabIndex = 25;
+            this.groupBox5.TabStop = false;
+            // 
+            // textBoxFilterString
+            // 
+            this.textBoxFilterString.Location = new System.Drawing.Point(6, 11);
+            this.textBoxFilterString.Multiline = true;
+            this.textBoxFilterString.Name = "textBoxFilterString";
+            this.textBoxFilterString.Size = new System.Drawing.Size(667, 210);
+            this.textBoxFilterString.TabIndex = 18;
+            // 
+            // SearchQueryControl
+            // 
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.Controls.Add(this.panel1);
+            this.Name = "SearchQueryControl";
+            this.Size = new System.Drawing.Size(1020, 300);
+            this.contextMenuStrip1.ResumeLayout(false);
+            this.contextMenuStrip2.ResumeLayout(false);
+            this.panel1.ResumeLayout(false);
+            this.groupBox1.ResumeLayout(false);
+            this.groupBox1.PerformLayout();
+            this.groupBox2.ResumeLayout(false);
+            this.tabControl1.ResumeLayout(false);
+            this.buildFilterPage.ResumeLayout(false);
+            this.groupBox3.ResumeLayout(false);
+            this.groupBox3.PerformLayout();
+            this.textFilterPage.ResumeLayout(false);
+            this.groupBox5.ResumeLayout(false);
+            this.groupBox5.PerformLayout();
+            this.ResumeLayout(false);
+
+        }
+
+        #endregion
+
+        private ContextMenuStrip contextMenuStrip1;
+        private ToolStripMenuItem removeToolStripMenuItem;
+        private ToolStripMenuItem toolStripMenuItem1;
+        private ToolTip toolTip1;
+        private Button buttonSearch;
+        private ContextMenuStrip contextMenuStrip2;
+        private Panel panel1;
+        private GroupBox groupBox1;
+        private GroupBox groupBox2;
+        private ComboBox comboBoxAttrToReturn;
+        private Button buttonAttrRemove;
+        private ListView listViewAttrToReturn;
+        private ColumnHeader Attribute;
+        private Button buttonAttrRemoveAll;
+        private Button buttonAttrAdd;
+        private Label label2;
+        private Label label3;
+        private TextBox textBoxBase;
+        private ComboBox comboBoxScope;
+        private TabControl tabControl1;
+        private TabPage buildFilterPage;
+        private GroupBox groupBox3;
+        private Button buttonFromFile;
+        private ComboBox comboBoxLogicalOp;
+        private Button buttonCopyFilter;
+        private Button buttonCondRemove;
+        private Label label6;
+        private Button buttonCondRemoveAll;
+        private TextBox textBoxVal;
+        private Label label5;
+        private ComboBox comboBoxAttr;
+        private Label label4;
+        private ComboBox comboBoxCond;
+        private Button buttonCondAdd;
+        private ListView listViewConditions;
+        private ColumnHeader columnHeader2;
+        private ColumnHeader columnHeader3;
+        private ColumnHeader columnHeader4;
+        private TabPage textFilterPage;
+        private GroupBox groupBox5;
+        private TextBox textBoxFilterString;
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.cs
new file mode 100644
index 000000000..4777d13b7
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.cs
@@ -0,0 +1,407 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Windows.Forms;
+using System.Xml.Serialization;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDirInterop.LDAP;
+using LWRaftSnapIn.Utilities;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class SearchQueryControl : UserControl
+    {
+        private string searchBase;
+        private List<string> attrList;
+        private VMDirServerDTO serverDTO;
+        public delegate void SearchClicktHandler(object myObject, SearchArgs args);
+        public event SearchClicktHandler SearchButtonClicked;
+
+        QueryDTO qdto;
+        public SearchQueryControl()
+        {
+            InitializeComponent();
+        }
+        private void ClearUI()
+        {
+            this.comboBoxAttr.Items.Clear();
+            this.comboBoxCond.Items.Clear();
+            this.comboBoxScope.Items.Clear();
+            this.comboBoxLogicalOp.Items.Clear();
+        }
+        public void BindUI(string searchBase, VMDirServerDTO serverDTO)
+        {
+            this.searchBase = searchBase;
+            this.serverDTO = serverDTO;
+            var attrTypes = serverDTO.Connection.SchemaManager.GetAttributeTypeManager();
+            attrList=attrTypes.Data.Select(x => x.Key).ToList();
+
+            ClearUI();
+            this.textBoxBase.Text = searchBase;
+            this.comboBoxAttr.Items.AddRange(attrList.ToArray());
+            this.comboBoxAttrToReturn.Items.AddRange(attrList.ToArray());
+            this.comboBoxAttrToReturn.SelectedIndex = 0;
+            this.comboBoxAttr.SelectedIndex = 0;
+            this.comboBoxCond.Items.AddRange(VMDirConstants.ConditionList);
+            this.comboBoxCond.SelectedIndex = 0;
+            this.comboBoxScope.Items.AddRange(VMDirConstants.ScopeList);
+            this.comboBoxScope.SelectedIndex = 2;
+            this.comboBoxLogicalOp.Items.AddRange(VMDirConstants.OperatorList);
+            this.comboBoxLogicalOp.SelectedIndex = 0;
+        }
+
+        private bool ValidateAdd()
+        {
+            if (comboBoxAttr.SelectedItem == null)
+            {
+                if (comboBoxAttr.Items.Contains(comboBoxAttr.Text))
+                {
+                    comboBoxAttr.SelectedIndex = comboBoxAttr.Items.IndexOf(comboBoxAttr.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+                    return false;
+                }
+            }
+            if (comboBoxCond.SelectedItem == null)
+            {
+                if (comboBoxCond.Items.Contains(comboBoxCond.Text))
+                {
+                    comboBoxCond.SelectedIndex = comboBoxCond.Items.IndexOf(comboBoxCond.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_COND);
+                    return false;
+                }
+            }
+            if (string.IsNullOrWhiteSpace(this.textBoxVal.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_VAL);
+                return false;
+            }
+            return true;
+        }
+        private bool ValidateReturnAttrAdd()
+        {
+            if (comboBoxAttrToReturn.SelectedItem == null)
+            {
+                if (comboBoxAttrToReturn.Items.Contains(comboBoxAttrToReturn.Text))
+                {
+                    comboBoxAttrToReturn.SelectedIndex = comboBoxAttrToReturn.Items.IndexOf(comboBoxAttrToReturn.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_ATTR);
+                    return false;
+                }
+            }
+            return true;
+        }
+
+        private bool ValidateSearch()
+        {
+            if (string.IsNullOrWhiteSpace(this.textBoxBase.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_SEARCH_BASE);
+                return false;
+            }
+            if (comboBoxScope.SelectedItem == null)
+            {
+                if (comboBoxScope.Items.Contains(comboBoxScope.Text))
+                {
+                    comboBoxScope.SelectedIndex = comboBoxScope.Items.IndexOf(comboBoxScope.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_SEARCH_SCOPE);
+                    return false;
+                }
+            }
+            if (comboBoxLogicalOp.SelectedItem == null)
+            {
+                if (comboBoxLogicalOp.Items.Contains(comboBoxLogicalOp.Text))
+                {
+                    comboBoxLogicalOp.SelectedIndex = comboBoxLogicalOp.Items.IndexOf(comboBoxLogicalOp.Text);
+                }
+                else
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_VAL);
+                    return false;
+                }
+            }
+            if (this.tabControl1.SelectedIndex == 0 && listViewConditions.Items.Count <= 0)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_COND_COUNT);
+                return false;
+            }
+            if (this.tabControl1.SelectedIndex == 1 && string.IsNullOrWhiteSpace(textBoxFilterString.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_TEXT_FILTER);
+                return false;
+            }
+            return true;
+        }
+
+        private List<FilterDTO> GetFiltersList()
+        {
+            List<FilterDTO> filters = new List<FilterDTO>();
+            foreach (ListViewItem item in listViewConditions.Items)
+            {
+                var index = comboBoxCond.Items.IndexOf(item.SubItems[1].Text);
+                FilterDTO fdto = new FilterDTO(item.SubItems[0].Text, (Condition)index, item.SubItems[2].Text);
+                filters.Add(fdto);
+            }
+            return filters;
+        }
+
+        private QueryDTO GetQuery()
+        {
+            QueryDTO qdto = null;
+            var lst = new HashSet<string>();
+            foreach(ListViewItem item in listViewAttrToReturn.Items)
+                lst.Add(item.SubItems[0].Text);
+            lst.Add(VMDirConstants.ATTR_OBJECT_CLASS);
+            lst.Add(VMDirConstants.ATTR_DN);
+
+            if (this.tabControl1.SelectedIndex == 0)
+            {
+                qdto = new BuildQueryDTO(textBoxBase.Text, (LdapScope)comboBoxScope.SelectedIndex, (LogicalOp)comboBoxLogicalOp.SelectedIndex,
+                    GetFiltersList(), lst.ToArray(), 0, IntPtr.Zero, 0);
+            }
+            else if (this.tabControl1.SelectedIndex == 1)
+            {
+                qdto = new TextQueryDTO(textBoxBase.Text, (LdapScope)comboBoxScope.SelectedIndex, this.textBoxFilterString.Text,
+                    lst.ToArray(), 0, IntPtr.Zero, 0);
+            }
+            return qdto;
+        }
+
+        private void contextMenuStrip1_Opening_1(object sender, CancelEventArgs e)
+        {
+            if (this.listViewConditions.SelectedIndices.Count == 0)
+                e.Cancel = true;
+        }
+
+        private void removeToolStripMenuItem_Click_1(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewConditions.SelectedItems)
+            {
+                this.listViewConditions.Items.Remove(item);
+            }
+        }
+
+        public void StoreQuery()
+        {
+            MiscUtilsService.CheckedExec(delegate
+           {
+               if (!ValidateSearch())
+                   return;
+               var qdto = GetQuery();
+               if (qdto == null)
+                   return;
+               MMCMiscUtil.SaveObjectToFile(qdto, "Store Query", MMCUIConstants.XML_FILTER);
+           });
+        }
+        public void LoadQuery()
+        {
+            MiscUtilsService.CheckedExec(delegate
+           {
+               using (var sfd = new OpenFileDialog())
+               {
+                   sfd.Title = "Load Query";
+                   sfd.Filter = MMCUIConstants.XML_FILTER;
+                   if (sfd.ShowDialog() == DialogResult.OK)
+                   {
+                       try
+                       {
+                           qdto = LoadQuryOfType(typeof(BuildQueryDTO), sfd.FileName) as BuildQueryDTO;
+
+                       }
+                       catch (Exception )
+                       {
+                           qdto = LoadQuryOfType(typeof(TextQueryDTO), sfd.FileName) as TextQueryDTO;
+                       }
+                       BindData();
+                   }
+               }
+           });
+        }
+        private object LoadQuryOfType(Type ty, string filename)
+        {
+            using (var ms = new MemoryStream())
+            {
+                var bytes = File.ReadAllBytes(filename);
+                ms.Write(bytes, 0, bytes.Length);
+                ms.Seek(0, SeekOrigin.Begin);
+
+                var xmlSerializer = new XmlSerializer(ty);
+                return xmlSerializer.Deserialize(ms);
+            }
+        }
+        private void BindData()
+        {
+            if (qdto.GetType() == typeof(BuildQueryDTO))
+            {
+                var dto = qdto as BuildQueryDTO;
+                this.tabControl1.SelectedIndex = 0;
+                this.textBoxBase.Text = dto.SearchBase;
+                this.comboBoxScope.SelectedIndex = (int)dto.SearchScope;
+                this.comboBoxLogicalOp.SelectedIndex = (int)dto.Operator;
+                this.listViewConditions.Items.Clear();
+                foreach (var item in dto.CondList)
+                {
+                    ListViewItem lvi = new ListViewItem(item.Attribute);
+                    var cond = this.comboBoxCond.Items[(int)item.Condition].ToString();
+                    lvi.SubItems.Add(cond);
+                    lvi.SubItems.Add(item.Value);
+                    this.listViewConditions.Items.Add(lvi);
+                }
+                foreach (var item in dto.AttrToReturn)
+                {
+                    var lvi = new ListViewItem(new string[] { item });
+                    listViewAttrToReturn.Items.Add(lvi);
+                    this.comboBoxAttrToReturn.SelectedIndex = 0;
+                    this.comboBoxAttrToReturn.Items.Remove(item);
+                }
+            }
+            else if (qdto.GetType() == typeof(TextQueryDTO))
+            {
+                var dto = qdto as TextQueryDTO;
+                this.tabControl1.SelectedIndex = 1;
+                this.textBoxBase.Text = dto.SearchBase;
+                this.comboBoxScope.SelectedIndex = (int)dto.SearchScope;
+                this.textBoxFilterString.Text = dto.GetFilterString();
+                foreach (var item in dto.AttrToReturn)
+                {
+                    var lvi = new ListViewItem(new string[] { item });
+                    listViewAttrToReturn.Items.Add(lvi);
+                    this.comboBoxAttrToReturn.SelectedIndex = 0;
+                    this.comboBoxAttrToReturn.Items.Remove(item);
+                }
+            }
+        }
+
+        private void buttonAttrAdd_Click(object sender, EventArgs e)
+        {
+            if (ValidateReturnAttrAdd())
+            {
+                var item = comboBoxAttrToReturn.SelectedItem;
+                var lvi = new ListViewItem(new string[] { item.ToString() });
+                listViewAttrToReturn.Items.Add(lvi);
+                this.comboBoxAttrToReturn.SelectedIndex = 0;
+                this.comboBoxAttrToReturn.Items.Remove(item);
+            }
+        }
+
+        private void buttonAttrRemove_Click(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewAttrToReturn.SelectedItems)
+            {
+                this.listViewAttrToReturn.Items.Remove(item);
+                this.comboBoxAttrToReturn.Items.Add(item);
+            }
+        }
+
+        private void buttonAttrRemoveAll_Click(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewAttrToReturn.Items)
+            {
+                this.comboBoxAttrToReturn.Items.Add(item);
+            }
+            this.listViewAttrToReturn.Items.Clear();
+        }
+
+        private void buttonCondAdd_Click(object sender, EventArgs e)
+        {
+            if (!ValidateAdd())
+                return;
+            var lvi = new ListViewItem(new string[] { comboBoxAttr.SelectedItem.ToString(), comboBoxCond.SelectedItem.ToString(), textBoxVal.Text });
+            listViewConditions.Items.Add(lvi);
+        }
+
+        private void buttonCondRemove_Click(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewConditions.SelectedItems)
+            {
+                this.listViewConditions.Items.Remove(item);
+            }
+        }
+
+        private void buttonCondRemoveAll_Click(object sender, EventArgs e)
+        {
+            this.listViewConditions.Items.Clear();
+        }
+
+        private void buttonCopyFilter_Click(object sender, EventArgs e)
+        {
+            var query = GetQuery();
+            if (query != null)
+            {
+                textBoxFilterString.Text=query.GetFilterString();
+                tabControl1.SelectedIndex = 1;
+            }
+        }
+
+        private void buttonFromFile_Click(object sender, EventArgs e)
+        {
+            List<FilterDTO> filters = new List<FilterDTO>();
+            var frm = new ConditionsFromFile(filters, attrList);
+            if (frm.ShowDialog() == DialogResult.OK)
+            {
+                foreach (var item in filters)
+                {
+                    var lvi = new ListViewItem(new string[] { item.Attribute,VMDirConstants.ConditionList[(int)item.Condition], item.Value });
+                    listViewConditions.Items.Add(lvi);
+                }
+            }
+        }
+
+        private void buttonSearch_Click(object sender, EventArgs e)
+        {
+            if (!ValidateSearch())
+                return;
+
+            qdto = GetQuery();
+            if (SearchButtonClicked != null)
+            {
+                SearchArgs args = new SearchArgs(qdto);
+                SearchButtonClicked(new object(), args);
+            }
+        }
+
+        private void contextMenuStrip2_Opening(object sender, CancelEventArgs e)
+        {
+            if (this.listViewAttrToReturn.SelectedIndices.Count == 0)
+                e.Cancel = true;
+        }
+
+        private void toolStripMenuItem1_Click(object sender, EventArgs e)
+        {
+            foreach (ListViewItem item in this.listViewAttrToReturn.SelectedItems)
+            {
+                this.listViewAttrToReturn.Items.Remove(item);
+            }
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.resx
new file mode 100644
index 000000000..51d50996e
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SearchQueryControl.resx
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <metadata name="contextMenuStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>17, 17</value>
+  </metadata>
+  <metadata name="contextMenuStrip2.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>269, 17</value>
+  </metadata>
+  <metadata name="toolTip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>424, 17</value>
+  </metadata>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.Designer.cs
new file mode 100644
index 000000000..88ad394cc
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.Designer.cs
@@ -0,0 +1,158 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
namespace LWRaftSnapIn.UI

+{

+    partial class SelectObjectClass

+    {

+        /// <summary>

+        /// Required designer variable.

+        /// </summary>

+        private System.ComponentModel.IContainer components = null;

+

+        /// <summary>

+        /// Clean up any resources being used.

+        /// </summary>

+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>

+        protected override void Dispose(bool disposing)

+        {

+            if (disposing && (components != null))

+            {

+                components.Dispose();

+            }

+            base.Dispose(disposing);

+        }

+

+        #region Windows Form Designer generated code

+

+        /// <summary>

+        /// Required method for Designer support - do not modify

+        /// the contents of this method with the code editor.

+        /// </summary>

+        private void InitializeComponent()

+        {
+            this.btnCancel = new System.Windows.Forms.Button();
+            this.btnOK = new System.Windows.Forms.Button();
+            this.lstObjectClasses = new System.Windows.Forms.ListView();
+            this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.textBoxSearch = new System.Windows.Forms.TextBox();
+            this.buttonClear = new System.Windows.Forms.Button();
+            this.label1 = new System.Windows.Forms.Label();
+            this.SuspendLayout();
+            // 
+            // btnCancel
+            // 
+            this.btnCancel.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnCancel.DialogResult = System.Windows.Forms.DialogResult.Cancel;
+            this.btnCancel.Location = new System.Drawing.Point(377, 410);
+            this.btnCancel.Name = "btnCancel";
+            this.btnCancel.Size = new System.Drawing.Size(75, 23);
+            this.btnCancel.TabIndex = 3;
+            this.btnCancel.Text = "Cancel";
+            this.btnCancel.UseVisualStyleBackColor = true;
+            // 
+            // btnOK
+            // 
+            this.btnOK.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnOK.Location = new System.Drawing.Point(271, 410);
+            this.btnOK.Name = "btnOK";
+            this.btnOK.Size = new System.Drawing.Size(75, 23);
+            this.btnOK.TabIndex = 2;
+            this.btnOK.Text = "Select";
+            this.btnOK.UseVisualStyleBackColor = true;
+            this.btnOK.Click += new System.EventHandler(this.btnOK_Click);
+            // 
+            // lstObjectClasses
+            // 
+            this.lstObjectClasses.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.columnHeader1,
+            this.columnHeader2});
+            this.lstObjectClasses.FullRowSelect = true;
+            this.lstObjectClasses.Location = new System.Drawing.Point(13, 41);
+            this.lstObjectClasses.MultiSelect = false;
+            this.lstObjectClasses.Name = "lstObjectClasses";
+            this.lstObjectClasses.Size = new System.Drawing.Size(439, 353);
+            this.lstObjectClasses.TabIndex = 4;
+            this.lstObjectClasses.UseCompatibleStateImageBehavior = false;
+            this.lstObjectClasses.View = System.Windows.Forms.View.Details;
+            // 
+            // columnHeader1
+            // 
+            this.columnHeader1.Text = "Objectclass";
+            this.columnHeader1.Width = 224;
+            // 
+            // columnHeader2
+            // 
+            this.columnHeader2.Text = "Description";
+            this.columnHeader2.Width = 184;
+            // 
+            // textBoxSearch
+            // 
+            this.textBoxSearch.Location = new System.Drawing.Point(60, 13);
+            this.textBoxSearch.Name = "textBoxSearch";
+            this.textBoxSearch.Size = new System.Drawing.Size(218, 20);
+            this.textBoxSearch.TabIndex = 5;
+            this.textBoxSearch.TextChanged += new System.EventHandler(this.textBoxSearch_TextChanged);
+            // 
+            // buttonClear
+            // 
+            this.buttonClear.Location = new System.Drawing.Point(284, 13);
+            this.buttonClear.Name = "buttonClear";
+            this.buttonClear.Size = new System.Drawing.Size(44, 20);
+            this.buttonClear.TabIndex = 6;
+            this.buttonClear.Text = "Clear";
+            this.buttonClear.UseVisualStyleBackColor = true;
+            this.buttonClear.Click += new System.EventHandler(this.buttonClear_Click);
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(10, 20);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(44, 13);
+            this.label1.TabIndex = 7;
+            this.label1.Text = "Search:";
+            // 
+            // SelectObjectClass
+            // 
+            this.AcceptButton = this.btnOK;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(464, 445);
+            this.Controls.Add(this.label1);
+            this.Controls.Add(this.buttonClear);
+            this.Controls.Add(this.textBoxSearch);
+            this.Controls.Add(this.lstObjectClasses);
+            this.Controls.Add(this.btnCancel);
+            this.Controls.Add(this.btnOK);
+            this.Name = "SelectObjectClass";
+            this.ShowIcon = false;
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Select objectclass to add";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }

+

+        #endregion

+

+        private System.Windows.Forms.Button btnCancel;

+        private System.Windows.Forms.Button btnOK;

+        private System.Windows.Forms.ListView lstObjectClasses;

+        private System.Windows.Forms.ColumnHeader columnHeader1;

+        private System.Windows.Forms.ColumnHeader columnHeader2;
+        private System.Windows.Forms.TextBox textBoxSearch;
+        private System.Windows.Forms.Button buttonClear;
+        private System.Windows.Forms.Label label1;

+    }

+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.cs
new file mode 100644
index 000000000..3b192c16b
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.cs
@@ -0,0 +1,96 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Windows.Forms;
+using VMDir.Common.Schema;
+using LWRaftSnapIn.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+
+    public partial class SelectObjectClass : Form
+    {
+        List<ObjectClassDTO> _list;
+        string _selectedObject;
+        public string SelectedObject { get { return _selectedObject; } }
+        private List<ListViewItem> _lviList;
+        public SelectObjectClass(SchemaManager mgr)
+        {
+            InitializeComponent();
+            _lviList = new List<ListViewItem>();
+            BindList(mgr);
+        }
+
+        int SortObjectClassDTO(ObjectClassDTO lhs, ObjectClassDTO rhs)
+        {
+            return lhs.Name.CompareTo(rhs.Name);
+        }
+
+        void BindList(SchemaManager mgr)
+        {
+            var om = mgr.GetObjectClassManager();
+            //Todo - list all classes now. Later fix to only list structural object classes after introducing specific fields in Schema classes.
+            _list = om.Data.Values.ToList();
+            _list.Sort(SortObjectClassDTO);
+            ResetList();
+        }
+        private void ResetList()
+        {
+            lstObjectClasses.Items.Clear();
+            _lviList.Clear();
+            foreach (var item in _list)
+            {
+               ListViewItem lvi= new ListViewItem(new string[] { item.Name, item.Description });
+               _lviList.Add(lvi);
+            }
+            lstObjectClasses.Items.AddRange(_lviList.ToArray());
+        }
+        private void btnOK_Click(object sender, EventArgs e)
+        {
+            if (lstObjectClasses.SelectedIndices.Count == 1)
+            {
+                _selectedObject = lstObjectClasses.SelectedItems[0].SubItems[0].Text;
+                DialogResult = DialogResult.OK;
+                this.Close();
+            }
+        }
+        void textBoxSearch_TextChanged(object sender, System.EventArgs e)
+        {
+            if(string.IsNullOrWhiteSpace(textBoxSearch.Text))
+                ResetList();
+            else
+            {
+                lstObjectClasses.Items.Clear();
+                _lviList.Clear();
+                foreach (var item in _list)
+                {
+                    if (item.Name.StartsWith(textBoxSearch.Text,StringComparison.OrdinalIgnoreCase))
+                    {
+                        ListViewItem lvi = new ListViewItem(new string[] { item.Name, item.Description });
+                        _lviList.Add(lvi);
+                    }
+                }
+                lstObjectClasses.Items.AddRange(_lviList.ToArray());
+            }
+        }
+
+        private void buttonClear_Click(object sender, EventArgs e)
+        {
+            textBoxSearch.Text = string.Empty;
+            ResetList();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.resx
new file mode 100644
index 000000000..c7e0d4bdf
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SelectObjectClass.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.Designer.cs
new file mode 100644
index 000000000..af5d2109a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.Designer.cs
@@ -0,0 +1,115 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class SetPageSizeForm
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(SetPageSizeForm));
+            this.buttonSubmit = new System.Windows.Forms.Button();
+            this.buttonCancel = new System.Windows.Forms.Button();
+            this.label1 = new System.Windows.Forms.Label();
+            this.textBoxPageSize = new System.Windows.Forms.TextBox();
+            this.SuspendLayout();
+            // 
+            // buttonSubmit
+            // 
+            this.buttonSubmit.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.buttonSubmit.Location = new System.Drawing.Point(144, 78);
+            this.buttonSubmit.Name = "buttonSubmit";
+            this.buttonSubmit.Size = new System.Drawing.Size(75, 23);
+            this.buttonSubmit.TabIndex = 14;
+            this.buttonSubmit.Text = "Apply";
+            this.buttonSubmit.UseVisualStyleBackColor = true;
+            this.buttonSubmit.Click += new System.EventHandler(this.buttonSubmit_Click);
+            // 
+            // buttonCancel
+            // 
+            this.buttonCancel.Location = new System.Drawing.Point(63, 78);
+            this.buttonCancel.Name = "buttonCancel";
+            this.buttonCancel.Size = new System.Drawing.Size(75, 23);
+            this.buttonCancel.TabIndex = 13;
+            this.buttonCancel.Text = "Cancel";
+            this.buttonCancel.UseVisualStyleBackColor = true;
+            this.buttonCancel.Click += new System.EventHandler(this.buttonCancel_Click);
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(33, 33);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(58, 13);
+            this.label1.TabIndex = 11;
+            this.label1.Text = "Page Size:";
+            // 
+            // textBoxPageSize
+            // 
+            this.textBoxPageSize.Location = new System.Drawing.Point(98, 26);
+            this.textBoxPageSize.Name = "textBoxPageSize";
+            this.textBoxPageSize.Size = new System.Drawing.Size(150, 20);
+            this.textBoxPageSize.TabIndex = 15;
+            // 
+            // SetPageSizeForm
+            // 
+            this.AcceptButton = this.buttonSubmit;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(288, 130);
+            this.Controls.Add(this.textBoxPageSize);
+            this.Controls.Add(this.buttonSubmit);
+            this.Controls.Add(this.buttonCancel);
+            this.Controls.Add(this.label1);
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.PageSize); 
+            this.Name = "SetPageSizeForm";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Set Page Size";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Button buttonSubmit;
+        private System.Windows.Forms.Button buttonCancel;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.TextBox textBoxPageSize;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.cs
new file mode 100644
index 000000000..8bb3b1ef6
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.cs
@@ -0,0 +1,79 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Linq;
+using System.Windows.Forms;
+using VMDir.Common;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class SetPageSizeForm : Form
+    {
+        public int PageSize;
+        public SetPageSizeForm(int pageSize)
+        {
+            this.PageSize = pageSize;
+            InitializeComponent();
+            this.textBoxPageSize.Text = pageSize.ToString();
+        }
+
+        private void buttonSubmit_Click(object sender, EventArgs e)
+        {
+            if (!ValidateInput())
+            {
+                this.DialogResult = DialogResult.None;
+                return;
+            }
+            PageSize = int.Parse(textBoxPageSize.Text);
+
+            this.Close();
+        }
+
+        private bool ValidateInput()
+        {
+            if (string.IsNullOrWhiteSpace(textBoxPageSize.Text))
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_PAGE_SIZE);
+                return false;
+            }
+            try
+            {
+                var pagesize = int.Parse(textBoxPageSize.Text);
+                if (pagesize <= 0)
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_PAGE_SIZE_MINVAL);
+                    return false;
+                }
+                if (pagesize > VMDirConstants.DEFAULT_PAGE_SIZE * 10)
+                {
+                    MMCDlgHelper.ShowWarning(VMDirConstants.WRN_PAGE_SIZE_MAXVAL);
+                    return false;
+                }
+            }
+            catch (Exception)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_INT_VAL);
+                return false;
+            }
+            return true;
+        }
+
+        private void buttonCancel_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.resx
new file mode 100644
index 000000000..a5f672967
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SetPageSizeForm.resx
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAD///8BAAAABAAAAAsAAAAVAAAAGwAAABsAAAAXAAAADQAAAAX///8BAAAAAAAA
+        AAAAAAAAAAAAAAAAAACZmZmnu7u72rW1tdiysrLgra2s5K6urueurq7osrKy5ba3uOG5ubrZv7+/2piY
+        mKwAAAAAAAAAAAAAAAAAAAAAwMDA3/P09P/w8O//9fb2//3////5+fr//P3+//r49//28/D/9fLw////
+        //+9vb3kAAAAAAAAAAAAAAAAAAAAAL+/v9Ts6+v96+zt+uLd2f3OvK79qX5c/dvKvv2zi239p3pY/dnJ
+        vfv8/Pz9uLi32QAAAAAAAAAAAAAAAAAAAADBwcHW7Ozr/+7x8/zXy8H/rYRl/7WDXP/fzsD/7ufh/8Kb
+        ff/q4939/Pz8/7m5udsAAAAAAAAAAAAAAAAAAAAAw8PD1urq6v/p6Oj87/Lz/8y1o/+rc0f/6N/Y/+ne
+        1f+4j3D/wKCI/f////+4t7bbAAAAAAAAAAAAAAAAAAAAAMTExNbn5+f/6enp/O3u7v/q5+X/zLak/+3q
+        5//VwLH/ya+b/+rm4/36+/v/ubm52wAAAAAAAAAAAAAAAAAAAADIyMjW6+vr/+np6fze3t7/2dra/+Dk
+        5//n5+j/8vX4//P3+//t7u/99vb2/7q6utsAAAAAAAAAAAAAAAAAAAAAysrK1unp6f/p6en82tra/9LR
+        0f/T0tH/1dXV/9XU1P/U09P/19fW/fT09P+7u7vbAAAAAAAAAAAAAAAAAAAAAMvLy9bl5eX/6Ojo/Nra
+        2v/S0tL/1NTU/9XV1f/W1tb/1dXV/9fX1/3y8vL/vLy82wAAAAAAAAAAAAAAAAAAAADNzc3W4+Pj/+bm
+        5vzZ2dn/0dHR/9PT0//U1NT/1NTU/9PT0//V1dX98PDw/7y8vNsAAAAAAAAAAAAAAAAAAAAAz8/P1uXl
+        5f/l5eX819fX/8/Pz//R0dH/0tLS/9PT0//S0tL/09PT/e7u7v+8vLzbAAAAAAAAAAAAAAAAAAAAANDQ
+        0NPj4+P84uLi+dXV1fzNzc38z8/P/NDQ0PzR0dH80NDQ/NHR0frr6+v8u7u72AAAAAAAAAAAAAAAAAAA
+        AADU1NTg5eXl/+Pj4//j4+P/4+Pj/+Tk5P/l5eX/5ubm/+fn5//l5eX/7+/v/76+vuYAAAAAAAAAAAAA
+        AAAAAAAAw8PDntfX19TV1dXN09PT0NHR0dDPz8/Qzc3N0MrKytDIyMjQxMTEzcXFxdSjo6OiAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAA//8AAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAD
+        AADAAwAA//8AAA==
+</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.Designer.cs
new file mode 100644
index 000000000..af4ada8bb
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.Designer.cs
@@ -0,0 +1,129 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class SubmitModConfirm
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.label1 = new System.Windows.Forms.Label();
+            this.buttonYes = new System.Windows.Forms.Button();
+            this.buttonNo = new System.Windows.Forms.Button();
+            this.listView1 = new System.Windows.Forms.ListView();
+            this.Attributes = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.SuspendLayout();
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+            this.label1.Location = new System.Drawing.Point(25, 35);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(289, 15);
+            this.label1.TabIndex = 0;
+            this.label1.Text = "Are you sure you want to modify following attributes?";
+            // 
+            // buttonYes
+            // 
+            this.buttonYes.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.buttonYes.Location = new System.Drawing.Point(173, 180);
+            this.buttonYes.Name = "buttonYes";
+            this.buttonYes.Size = new System.Drawing.Size(75, 23);
+            this.buttonYes.TabIndex = 1;
+            this.buttonYes.Text = "Yes";
+            this.buttonYes.UseVisualStyleBackColor = true;
+            this.buttonYes.Click += new System.EventHandler(this.buttonYes_Click);
+            // 
+            // buttonNo
+            // 
+            this.buttonNo.Location = new System.Drawing.Point(84, 181);
+            this.buttonNo.Name = "buttonNo";
+            this.buttonNo.Size = new System.Drawing.Size(75, 23);
+            this.buttonNo.TabIndex = 2;
+            this.buttonNo.Text = "No";
+            this.buttonNo.UseVisualStyleBackColor = true;
+            this.buttonNo.Click += new System.EventHandler(this.buttonNo_Click);
+            // 
+            // listView1
+            // 
+            this.listView1.BackColor = System.Drawing.SystemColors.Control;
+            this.listView1.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.Attributes});
+            this.listView1.GridLines = true;
+            this.listView1.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.None;
+            this.listView1.Location = new System.Drawing.Point(28, 68);
+            this.listView1.Name = "listView1";
+            this.listView1.Size = new System.Drawing.Size(286, 88);
+            this.listView1.TabIndex = 3;
+            this.listView1.UseCompatibleStateImageBehavior = false;
+            this.listView1.View = System.Windows.Forms.View.Details;
+            // 
+            // Attributes
+            // 
+            this.Attributes.Text = "Attributes";
+            this.Attributes.Width = 270;
+            // 
+            // SubmitModConfirm
+            // 
+            this.AcceptButton = this.buttonYes;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(351, 223);
+            this.Controls.Add(this.listView1);
+            this.Controls.Add(this.buttonNo);
+            this.Controls.Add(this.buttonYes);
+            this.Controls.Add(this.label1);
+            this.Name = "SubmitModConfirm";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Confirm";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.Question);
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.Button buttonYes;
+        private System.Windows.Forms.Button buttonNo;
+        private System.Windows.Forms.ListView listView1;
+        private System.Windows.Forms.ColumnHeader Attributes;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.cs
new file mode 100644
index 000000000..8e4ddad4f
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.cs
@@ -0,0 +1,53 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class SubmitModConfirm : Form
+    {
+        private Dictionary<string, List<string>> _modifications;
+        public SubmitModConfirm(Dictionary<string, List<string>> modifications)
+        {
+            _modifications = modifications;
+            InitializeComponent();
+        }
+        protected override void OnLoad(EventArgs e)
+        {
+            base.OnLoad(e);
+            foreach (var item in _modifications)
+            {
+                ListViewItem lvi = new ListViewItem(item.Key);
+                this.listView1.Items.Add(lvi);
+            }
+        }
+        private void buttonYes_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+
+        private void buttonNo_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModConfirm.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.Designer.cs
new file mode 100644
index 000000000..44fb2bed3
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.Designer.cs
@@ -0,0 +1,124 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+namespace LWRaftSnapIn.UI
+{
+    partial class SubmitModStatus
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.listView1 = new System.Windows.Forms.ListView();
+            this.Attributes = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.Status = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.buttonOk = new System.Windows.Forms.Button();
+            this.label1 = new System.Windows.Forms.Label();
+            this.SuspendLayout();
+            // 
+            // listView1
+            // 
+            this.listView1.BackColor = System.Drawing.SystemColors.Window;
+            this.listView1.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.Attributes,
+            this.Status});
+            this.listView1.GridLines = true;
+            this.listView1.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable;
+            this.listView1.Location = new System.Drawing.Point(31, 78);
+            this.listView1.Name = "listView1";
+            this.listView1.Size = new System.Drawing.Size(506, 109);
+            this.listView1.TabIndex = 6;
+            this.listView1.UseCompatibleStateImageBehavior = false;
+            this.listView1.View = System.Windows.Forms.View.Details;
+            // 
+            // Attributes
+            // 
+            this.Attributes.Text = "Attributes";
+            this.Attributes.Width = 150;
+            // 
+            // Status
+            // 
+            this.Status.Text = "Status";
+            this.Status.Width = 300;
+            // 
+            // buttonOk
+            // 
+            this.buttonOk.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.buttonOk.Location = new System.Drawing.Point(242, 210);
+            this.buttonOk.Name = "buttonOk";
+            this.buttonOk.Size = new System.Drawing.Size(75, 23);
+            this.buttonOk.TabIndex = 5;
+            this.buttonOk.Text = "OK";
+            this.buttonOk.UseVisualStyleBackColor = true;
+            this.buttonOk.Click += new System.EventHandler(this.buttonOk_Click);
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Font = new System.Drawing.Font("Microsoft Sans Serif", 9F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
+            this.label1.Location = new System.Drawing.Point(28, 45);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(287, 15);
+            this.label1.TabIndex = 4;
+            this.label1.Text = "Following attributes were submitted for modification";
+            // 
+            // SubmitModStatus
+            // 
+            this.AcceptButton = this.buttonOk;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(567, 261);
+            this.Controls.Add(this.listView1);
+            this.Controls.Add(this.buttonOk);
+            this.Controls.Add(this.label1);
+            this.Name = "SubmitModStatus";
+            this.ShowIcon = false;
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Modification Status";
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.ListView listView1;
+        private System.Windows.Forms.ColumnHeader Attributes;
+        private System.Windows.Forms.Button buttonOk;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.ColumnHeader Status;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.cs
new file mode 100644
index 000000000..a8fed8a67
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.cs
@@ -0,0 +1,58 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.ComponentModel;
+using System.Data;
+using System.Drawing;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Windows.Forms;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class SubmitModStatus : Form
+    {
+        private List<AttributeModStatus> _modificationStatus;
+
+        public SubmitModStatus(List<AttributeModStatus> modificationStatus)
+        {
+            // TODO: Complete member initialization
+            this._modificationStatus = modificationStatus;
+            InitializeComponent();
+        }
+        protected override void OnLoad(EventArgs e)
+        {
+            base.OnLoad(e);
+
+            foreach (var item in _modificationStatus)
+            {
+                ListViewItem lvi = new ListViewItem(new string[] { item.AttributeName, item.ErrorMsg });
+                lvi.ForeColor = Color.White;
+                if(item.ModStatus)
+                    lvi.BackColor=Color.Green;
+                else
+                    lvi.BackColor=Color.Red;
+                this.listView1.Items.Add(lvi);
+            }
+        }
+
+        private void buttonOk_Click(object sender, EventArgs e)
+        {
+            this.Close();
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.resx
new file mode 100644
index 000000000..29dcb1b3a
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SubmitModStatus.resx
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.Designer.cs
new file mode 100644
index 000000000..dbe87f320
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.Designer.cs
@@ -0,0 +1,394 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+{
+    partial class SuperLogBrowser
+    {
+        /// <summary>
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary>
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Windows Form Designer generated code
+
+        /// <summary>
+        /// Required method for Designer support - do not modify
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.components = new System.ComponentModel.Container();
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(SuperLogBrowser));
+            this.lblSuperLogStatus = new System.Windows.Forms.Label();
+            this.lvLogInfo = new System.Windows.Forms.ListView();
+            this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader6 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader7 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader5 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.columnHeader3 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
+            this.btnSuperLogOnOff = new System.Windows.Forms.Button();
+            this.btnClearEntries = new System.Windows.Forms.Button();
+            this.btnRefresh = new System.Windows.Forms.Button();
+            this.groupBox1 = new System.Windows.Forms.GroupBox();
+            this.btnClear = new System.Windows.Forms.Button();
+            this.btnFilter = new System.Windows.Forms.Button();
+            this.txtFilter = new System.Windows.Forms.TextBox();
+            this.cbFilterCriteria = new System.Windows.Forms.ComboBox();
+            this.cbFilterColumn = new System.Windows.Forms.ComboBox();
+            this.btnChangeBufferSize = new System.Windows.Forms.Button();
+            this.label1 = new System.Windows.Forms.Label();
+            this.txtBufferSize = new System.Windows.Forms.NumericUpDown();
+            this.txtAutoRefresh = new System.Windows.Forms.NumericUpDown();
+            this.chkAutoRefresh = new System.Windows.Forms.CheckBox();
+            this.label2 = new System.Windows.Forms.Label();
+            this.timerAutoRefresh = new System.Windows.Forms.Timer(this.components);
+            this.groupBox1.SuspendLayout();
+            ((System.ComponentModel.ISupportInitialize)(this.txtBufferSize)).BeginInit();
+            ((System.ComponentModel.ISupportInitialize)(this.txtAutoRefresh)).BeginInit();
+            this.SuspendLayout();
+            // 
+            // lblSuperLogStatus
+            // 
+            this.lblSuperLogStatus.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.lblSuperLogStatus.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle;
+            this.lblSuperLogStatus.Location = new System.Drawing.Point(6, 16);
+            this.lblSuperLogStatus.Name = "lblSuperLogStatus";
+            this.lblSuperLogStatus.Size = new System.Drawing.Size(620, 25);
+            this.lblSuperLogStatus.TabIndex = 0;
+            // 
+            // lvLogInfo
+            // 
+            this.lvLogInfo.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom) 
+            | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.lvLogInfo.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
+            this.columnHeader1,
+            this.columnHeader2,
+            this.columnHeader6,
+            this.columnHeader7,
+            this.columnHeader5,
+            this.columnHeader3});
+            this.lvLogInfo.FullRowSelect = true;
+            this.lvLogInfo.Location = new System.Drawing.Point(13, 143);
+            this.lvLogInfo.MultiSelect = false;
+            this.lvLogInfo.Name = "lvLogInfo";
+            this.lvLogInfo.Size = new System.Drawing.Size(765, 326);
+            this.lvLogInfo.TabIndex = 1;
+            this.lvLogInfo.UseCompatibleStateImageBehavior = false;
+            this.lvLogInfo.View = System.Windows.Forms.View.Details;
+            this.lvLogInfo.VirtualMode = true;
+            this.lvLogInfo.RetrieveVirtualItem += new System.Windows.Forms.RetrieveVirtualItemEventHandler(this.lvLogInfo_RetrieveVirtualItem);
+            this.lvLogInfo.MouseDoubleClick += new System.Windows.Forms.MouseEventHandler(this.lvLogInfo_MouseDoubleClick);
+            // 
+            // columnHeader1
+            // 
+            this.columnHeader1.Text = "Client IP";
+            this.columnHeader1.Width = 92;
+            // 
+            // columnHeader2
+            // 
+            this.columnHeader2.Text = "Port";
+            this.columnHeader2.Width = 51;
+            // 
+            // columnHeader6
+            // 
+            this.columnHeader6.Text = "Login DN";
+            this.columnHeader6.Width = 280;
+            // 
+            // columnHeader7
+            // 
+            this.columnHeader7.Text = "Operation";
+            this.columnHeader7.Width = 88;
+            // 
+            // columnHeader5
+            // 
+            this.columnHeader5.Text = "Error Code";
+            this.columnHeader5.Width = 62;
+            // 
+            // columnHeader3
+            // 
+            this.columnHeader3.Text = "Duration";
+            this.columnHeader3.Width = 87;
+            // 
+            // btnSuperLogOnOff
+            // 
+            this.btnSuperLogOnOff.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnSuperLogOnOff.Location = new System.Drawing.Point(632, 16);
+            this.btnSuperLogOnOff.Name = "btnSuperLogOnOff";
+            this.btnSuperLogOnOff.Size = new System.Drawing.Size(127, 23);
+            this.btnSuperLogOnOff.TabIndex = 1;
+            this.btnSuperLogOnOff.Text = "Turn superlogging on";
+            this.btnSuperLogOnOff.UseVisualStyleBackColor = true;
+            this.btnSuperLogOnOff.Click += new System.EventHandler(this.btnSuperLogOnOff_Click);
+            // 
+            // btnClearEntries
+            // 
+            this.btnClearEntries.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnClearEntries.Location = new System.Drawing.Point(632, 53);
+            this.btnClearEntries.Name = "btnClearEntries";
+            this.btnClearEntries.Size = new System.Drawing.Size(127, 23);
+            this.btnClearEntries.TabIndex = 5;
+            this.btnClearEntries.Text = "Clear entries";
+            this.btnClearEntries.UseVisualStyleBackColor = true;
+            this.btnClearEntries.Click += new System.EventHandler(this.btnClearEntries_Click);
+            // 
+            // btnRefresh
+            // 
+            this.btnRefresh.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnRefresh.Location = new System.Drawing.Point(681, 475);
+            this.btnRefresh.Name = "btnRefresh";
+            this.btnRefresh.Size = new System.Drawing.Size(97, 23);
+            this.btnRefresh.TabIndex = 5;
+            this.btnRefresh.Text = "Refresh";
+            this.btnRefresh.UseVisualStyleBackColor = true;
+            this.btnRefresh.Click += new System.EventHandler(this.btnRefresh_Click);
+            // 
+            // groupBox1
+            // 
+            this.groupBox1.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.groupBox1.Controls.Add(this.btnClear);
+            this.groupBox1.Controls.Add(this.btnFilter);
+            this.groupBox1.Controls.Add(this.txtFilter);
+            this.groupBox1.Controls.Add(this.cbFilterCriteria);
+            this.groupBox1.Controls.Add(this.cbFilterColumn);
+            this.groupBox1.Controls.Add(this.btnChangeBufferSize);
+            this.groupBox1.Controls.Add(this.label1);
+            this.groupBox1.Controls.Add(this.txtBufferSize);
+            this.groupBox1.Controls.Add(this.lblSuperLogStatus);
+            this.groupBox1.Controls.Add(this.btnSuperLogOnOff);
+            this.groupBox1.Controls.Add(this.btnClearEntries);
+            this.groupBox1.Location = new System.Drawing.Point(13, 12);
+            this.groupBox1.Name = "groupBox1";
+            this.groupBox1.Size = new System.Drawing.Size(765, 125);
+            this.groupBox1.TabIndex = 0;
+            this.groupBox1.TabStop = false;
+            this.groupBox1.Text = "Superlogging controls";
+            // 
+            // btnClear
+            // 
+            this.btnClear.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnClear.Location = new System.Drawing.Point(699, 92);
+            this.btnClear.Name = "btnClear";
+            this.btnClear.Size = new System.Drawing.Size(60, 23);
+            this.btnClear.TabIndex = 10;
+            this.btnClear.Text = "Clear";
+            this.btnClear.UseVisualStyleBackColor = true;
+            this.btnClear.Click += new System.EventHandler(this.btnClear_Click);
+            // 
+            // btnFilter
+            // 
+            this.btnFilter.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnFilter.Location = new System.Drawing.Point(632, 92);
+            this.btnFilter.Name = "btnFilter";
+            this.btnFilter.Size = new System.Drawing.Size(61, 23);
+            this.btnFilter.TabIndex = 9;
+            this.btnFilter.Text = "Filter";
+            this.btnFilter.UseVisualStyleBackColor = true;
+            this.btnFilter.Click += new System.EventHandler(this.btnFilter_Click);
+            // 
+            // txtFilter
+            // 
+            this.txtFilter.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Left) 
+            | System.Windows.Forms.AnchorStyles.Right)));
+            this.txtFilter.Location = new System.Drawing.Point(357, 95);
+            this.txtFilter.Name = "txtFilter";
+            this.txtFilter.Size = new System.Drawing.Size(269, 20);
+            this.txtFilter.TabIndex = 8;
+            // 
+            // cbFilterCriteria
+            // 
+            this.cbFilterCriteria.FormattingEnabled = true;
+            this.cbFilterCriteria.Location = new System.Drawing.Point(206, 94);
+            this.cbFilterCriteria.Name = "cbFilterCriteria";
+            this.cbFilterCriteria.Size = new System.Drawing.Size(145, 21);
+            this.cbFilterCriteria.TabIndex = 7;
+            // 
+            // cbFilterColumn
+            // 
+            this.cbFilterColumn.FormattingEnabled = true;
+            this.cbFilterColumn.Items.AddRange(new object[] {
+            "Client IP",
+            "Port",
+            "Login DN",
+            "Operation",
+            "Error Code",
+            "Duration"});
+            this.cbFilterColumn.Location = new System.Drawing.Point(12, 94);
+            this.cbFilterColumn.Name = "cbFilterColumn";
+            this.cbFilterColumn.Size = new System.Drawing.Size(182, 21);
+            this.cbFilterColumn.TabIndex = 6;
+            this.cbFilterColumn.SelectedIndexChanged += new System.EventHandler(this.cbFilterColumn_SelectedIndexChanged);
+            // 
+            // btnChangeBufferSize
+            // 
+            this.btnChangeBufferSize.Location = new System.Drawing.Point(206, 50);
+            this.btnChangeBufferSize.Name = "btnChangeBufferSize";
+            this.btnChangeBufferSize.Size = new System.Drawing.Size(145, 23);
+            this.btnChangeBufferSize.TabIndex = 4;
+            this.btnChangeBufferSize.Text = "Change server buffer size";
+            this.btnChangeBufferSize.UseVisualStyleBackColor = true;
+            this.btnChangeBufferSize.Click += new System.EventHandler(this.btnChangeBufferSize_Click);
+            // 
+            // label1
+            // 
+            this.label1.AutoSize = true;
+            this.label1.Location = new System.Drawing.Point(9, 55);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(92, 13);
+            this.label1.TabIndex = 2;
+            this.label1.Text = "Server buffer size:";
+            this.label1.TextAlign = System.Drawing.ContentAlignment.MiddleLeft;
+            // 
+            // txtBufferSize
+            // 
+            this.txtBufferSize.Location = new System.Drawing.Point(107, 53);
+            this.txtBufferSize.Maximum = new decimal(new int[] {
+            100000,
+            0,
+            0,
+            0});
+            this.txtBufferSize.Minimum = new decimal(new int[] {
+            10,
+            0,
+            0,
+            0});
+            this.txtBufferSize.Name = "txtBufferSize";
+            this.txtBufferSize.Size = new System.Drawing.Size(87, 20);
+            this.txtBufferSize.TabIndex = 3;
+            this.txtBufferSize.Value = new decimal(new int[] {
+            10000,
+            0,
+            0,
+            0});
+            // 
+            // txtAutoRefresh
+            // 
+            this.txtAutoRefresh.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)));
+            this.txtAutoRefresh.Location = new System.Drawing.Point(134, 481);
+            this.txtAutoRefresh.Maximum = new decimal(new int[] {
+            60,
+            0,
+            0,
+            0});
+            this.txtAutoRefresh.Minimum = new decimal(new int[] {
+            1,
+            0,
+            0,
+            0});
+            this.txtAutoRefresh.Name = "txtAutoRefresh";
+            this.txtAutoRefresh.Size = new System.Drawing.Size(67, 20);
+            this.txtAutoRefresh.TabIndex = 3;
+            this.txtAutoRefresh.Value = new decimal(new int[] {
+            2,
+            0,
+            0,
+            0});
+            this.txtAutoRefresh.ValueChanged += new System.EventHandler(this.txtAutoRefresh_ValueChanged);
+            // 
+            // chkAutoRefresh
+            // 
+            this.chkAutoRefresh.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)));
+            this.chkAutoRefresh.AutoSize = true;
+            this.chkAutoRefresh.Location = new System.Drawing.Point(13, 481);
+            this.chkAutoRefresh.Name = "chkAutoRefresh";
+            this.chkAutoRefresh.Size = new System.Drawing.Size(115, 17);
+            this.chkAutoRefresh.TabIndex = 2;
+            this.chkAutoRefresh.Text = "Auto refresh every ";
+            this.chkAutoRefresh.UseVisualStyleBackColor = true;
+            this.chkAutoRefresh.CheckedChanged += new System.EventHandler(this.chkAutoRefresh_CheckedChanged);
+            // 
+            // label2
+            // 
+            this.label2.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left)));
+            this.label2.AutoSize = true;
+            this.label2.Location = new System.Drawing.Point(207, 485);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(47, 13);
+            this.label2.TabIndex = 4;
+            this.label2.Text = "seconds";
+            this.label2.TextAlign = System.Drawing.ContentAlignment.MiddleLeft;
+            // 
+            // timerAutoRefresh
+            // 
+            this.timerAutoRefresh.Interval = 2000;
+            this.timerAutoRefresh.Tick += new System.EventHandler(this.timerAutoRefresh_Tick);
+            // 
+            // SuperLogBrowser
+            // 
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(790, 510);
+            this.Controls.Add(this.label2);
+            this.Controls.Add(this.chkAutoRefresh);
+            this.Controls.Add(this.txtAutoRefresh);
+            this.Controls.Add(this.groupBox1);
+            this.Controls.Add(this.btnRefresh);
+            this.Controls.Add(this.lvLogInfo);
+            this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
+            this.Name = "SuperLogBrowser";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Superlogging browser";
+            this.groupBox1.ResumeLayout(false);
+            this.groupBox1.PerformLayout();
+            ((System.ComponentModel.ISupportInitialize)(this.txtBufferSize)).EndInit();
+            ((System.ComponentModel.ISupportInitialize)(this.txtAutoRefresh)).EndInit();
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+        #endregion
+
+        private System.Windows.Forms.Label lblSuperLogStatus;
+        private System.Windows.Forms.ListView lvLogInfo;
+        private System.Windows.Forms.Button btnSuperLogOnOff;
+        private System.Windows.Forms.Button btnClearEntries;
+        private System.Windows.Forms.Button btnRefresh;
+        private System.Windows.Forms.ColumnHeader columnHeader1;
+        private System.Windows.Forms.ColumnHeader columnHeader2;
+        private System.Windows.Forms.ColumnHeader columnHeader6;
+        private System.Windows.Forms.ColumnHeader columnHeader7;
+        private System.Windows.Forms.ColumnHeader columnHeader5;
+        private System.Windows.Forms.ColumnHeader columnHeader3;
+        private System.Windows.Forms.GroupBox groupBox1;
+        private System.Windows.Forms.Button btnChangeBufferSize;
+        private System.Windows.Forms.Label label1;
+        private System.Windows.Forms.NumericUpDown txtBufferSize;
+        private System.Windows.Forms.NumericUpDown txtAutoRefresh;
+        private System.Windows.Forms.CheckBox chkAutoRefresh;
+        private System.Windows.Forms.Label label2;
+        private System.Windows.Forms.Timer timerAutoRefresh;
+        private System.Windows.Forms.ComboBox cbFilterColumn;
+        private System.Windows.Forms.Button btnFilter;
+        private System.Windows.Forms.TextBox txtFilter;
+        private System.Windows.Forms.ComboBox cbFilterCriteria;
+        private System.Windows.Forms.Button btnClear;
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.cs
new file mode 100644
index 000000000..b89076e16
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.cs
@@ -0,0 +1,324 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Windows.Forms;
+using VmDirInterop.SuperLogging;
+using VmDirInterop.SuperLogging.Interfaces;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Utilities;
+
+namespace LWRaftSnapIn.UI
+{
+    public enum FilterColumn
+    {
+        None=-1,
+        ClientIP,
+        ClientPort,
+        LoginDN,
+        Operation,
+        ErrorCode,
+        Duration
+    }
+
+    public enum NumericFilterOperation
+    {
+        None=-1,
+        GTE,
+        LTE,
+        EQ
+    }
+
+    public enum StringFilterOperation
+    {
+        None=-1,
+        Equals,
+        BeginsWith,
+        EndsWith,
+        Contains
+    }
+
+    public partial class SuperLogBrowser : Form
+    {
+        VMDirServerDTO _serverDTO;
+        bool _enabled = false;
+        ISuperLoggingCookie _cookie = null;
+        Dictionary<int, ISuperLogEntry> _viewCache = new Dictionary<int, ISuperLogEntry>();
+        const int FETCH_WINDOW_SIZE = 25;
+        const int INITIAL_LIST_SIZE = 25;
+        SuperLogFilterHelper _filterHelper = new SuperLogFilterHelper();
+        public Dictionary<int, ISuperLogEntry> ViewCache
+        {
+            get
+            {
+                if (_filterHelper.IsEnabled())
+                    return _filterHelper.ViewCache;
+                else
+                    return _viewCache;
+            }
+        }
+
+        ISuperLoggingConnection SuperLog
+        {
+            get
+            {
+                return _serverDTO.Connection.GetSuperLoggingConnection();
+            }
+        }
+
+        public SuperLogBrowser(VMDirServerDTO dto)
+        {
+            _serverDTO = dto;
+            InitializeComponent();
+
+            InitUI();
+        }
+
+        private void InitUI()
+        {
+            UpdateStatus();
+            RefreshList();
+        }
+
+        private void RefreshList()
+        {
+            _viewCache.Clear();
+            _filterHelper.ViewCache.Clear();
+            lvLogInfo.VirtualListSize = 0;
+            if (_enabled)
+            {
+                _cookie = new SuperLoggingCookie();
+                FillCache(0);
+            }
+        }
+
+        private void UpdateStatus()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                _enabled = SuperLog.isEnabled();
+                btnSuperLogOnOff.Text = _enabled ?
+                    "Turn superlogging off" : "Turn superlogging on";
+                if (_enabled)
+                {
+                    uint nCapacity = SuperLog.getCapacity();
+                    lblSuperLogStatus.Text = string.Format(
+                        "Superlogging is on with a buffer size of {0} entries",
+                        SuperLog.getCapacity());
+                    txtBufferSize.Value = nCapacity;
+                }
+                else
+                {
+                    lblSuperLogStatus.Text = "Superlogging is turned off. Click the button to turn it on";
+                }
+                btnChangeBufferSize.Enabled = txtBufferSize.Enabled = _enabled;
+            });
+        }
+
+        private void btnSuperLogOnOff_Click(object sender, EventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate
+           {
+               if (SuperLog.isEnabled())
+                   SuperLog.disable();
+               else
+                   SuperLog.enable();
+               UpdateStatus();
+           });
+        }
+
+        private void btnClearEntries_Click(object sender, EventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                if (MessageBox.Show(
+                    "This will clear all the superlog entries at the server. Continue?",
+                    "Clear Entries?", MessageBoxButtons.YesNo)
+                    == DialogResult.Yes)
+                {
+                    SuperLog.clear();
+                    RefreshList();
+                }
+            });
+        }
+
+        private void btnRefresh_Click(object sender, EventArgs e)
+        {
+            RefreshList();
+        }
+
+        void FillCache(int itemIndex)
+        {
+            if (_viewCache.ContainsKey(itemIndex))
+                return;
+
+            MiscUtilsService.CheckedExec(delegate
+            {
+                var list = SuperLog.getPagedEntries(_cookie, FETCH_WINDOW_SIZE);
+                if (list != null)
+                {
+                    int i = 0;
+                    int count = list.getCount();
+                    foreach (var dto in list.getEntries())
+                    {
+                        _viewCache[itemIndex + i++] = dto;
+                    }
+
+                    if (_filterHelper.IsEnabled())
+                    {
+                        _filterHelper.Filter(_viewCache);
+                        lvLogInfo.VirtualListSize = ViewCache.Count;
+                    }
+                    else
+                    {
+                        if (count < FETCH_WINDOW_SIZE)
+                            lvLogInfo.VirtualListSize = itemIndex + count;
+                        else
+                            lvLogInfo.VirtualListSize = itemIndex + count + FETCH_WINDOW_SIZE;
+                    }
+                }
+            });
+        }
+
+        private void lvLogInfo_RetrieveVirtualItem(object sender, RetrieveVirtualItemEventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate
+           {
+               if (_cookie != null)
+               {
+                   FillCache(e.ItemIndex);
+
+                   if (ViewCache.ContainsKey(e.ItemIndex))
+                   {
+                       var dto = ViewCache[e.ItemIndex];
+                       e.Item = new ListViewItem(dto.getClientIP());
+                       e.Item.SubItems.Add(dto.getClientPort().ToString());
+                       e.Item.SubItems.Add(dto.getLoginDN());
+                       e.Item.SubItems.Add(dto.getOperation());
+                       e.Item.SubItems.Add(dto.getErrorCode().ToString());
+
+                       var span = dto.getEndTime() - dto.getStartTime();
+                       e.Item.SubItems.Add(string.Format("{0} ms", span));
+                   }
+               }
+           });
+        }
+
+        private void btnChangeBufferSize_Click(object sender, EventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                var capacity = txtBufferSize.Value;
+                if (MessageBox.Show(
+                    string.Format("Set superlog buffer size to {0}?", capacity),
+                    "Change buffer size?", MessageBoxButtons.YesNo)
+                    == DialogResult.Yes)
+                {
+                    SuperLog.setCapacity(Convert.ToUInt32(capacity));
+                    UpdateStatus();
+                    RefreshList();
+                }
+            });
+        }
+
+        private void chkAutoRefresh_CheckedChanged(object sender, EventArgs e)
+        {
+            ChangeAutoRefreshSettings();
+        }
+
+        private void ChangeAutoRefreshSettings()
+        {
+            bool autoRefresh = chkAutoRefresh.Checked;
+            if (autoRefresh)
+            {
+                timerAutoRefresh.Interval = (int)txtAutoRefresh.Value * 1000;
+                timerAutoRefresh.Enabled = true;
+            }
+            else
+                timerAutoRefresh.Enabled = false;
+        }
+
+        private void timerAutoRefresh_Tick(object sender, EventArgs e)
+        {
+            timerAutoRefresh.Enabled = false;
+            RefreshList();
+            timerAutoRefresh.Enabled = true;
+        }
+
+        private void txtAutoRefresh_ValueChanged(object sender, EventArgs e)
+        {
+            ChangeAutoRefreshSettings();
+        }
+
+        private void btnFilter_Click(object sender, EventArgs e)
+        {
+            ApplyFilter();
+        }
+
+        void ApplyFilter()
+        {
+            MiscUtilsService.CheckedExec(delegate
+            {
+                _filterHelper.FilterColumn = (FilterColumn)cbFilterColumn.SelectedIndex;
+                _filterHelper.SetFilterOperation(cbFilterCriteria.SelectedIndex);
+                _filterHelper.FilterText = txtFilter.Text;
+
+                if (_filterHelper.Filter(_viewCache))
+                {
+                    lvLogInfo.VirtualListSize = _filterHelper.ViewCache.Count;
+                }
+                lvLogInfo.Invalidate();
+            });
+        }
+
+        private void cbFilterColumn_SelectedIndexChanged(object sender, EventArgs e)
+        {
+            cbFilterCriteria.SelectedIndex = -1;
+            cbFilterCriteria.Items.Clear();
+
+            if (cbFilterColumn.Text == "Duration")
+            {
+                cbFilterCriteria.Items.Add(">=");
+                cbFilterCriteria.Items.Add("<=");
+                cbFilterCriteria.Items.Add("==");
+            }
+            else
+            {
+                cbFilterCriteria.Items.Add("equals");
+                cbFilterCriteria.Items.Add("begins with");
+                cbFilterCriteria.Items.Add("ends with");
+                cbFilterCriteria.Items.Add("contains");
+            }
+        }
+
+        private void btnClear_Click(object sender, EventArgs e)
+        {
+            cbFilterColumn.SelectedIndex = -1;
+            cbFilterCriteria.SelectedIndex = -1;
+            txtFilter.Text = "";
+            ApplyFilter();
+            RefreshList();
+        }
+
+        private void lvLogInfo_MouseDoubleClick(object sender, MouseEventArgs e)
+        {
+            var indices = lvLogInfo.SelectedIndices;
+            if (indices == null || indices.Count == 0)
+                return;
+            var entry = _viewCache[indices[0]];
+            if(entry != null)
+                MessageBox.Show(entry.ToString());
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.resx
new file mode 100644
index 000000000..d690bb7a8
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogBrowser.resx
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <metadata name="timerAutoRefresh.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>17, 17</value>
+  </metadata>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAABMLAAATCwAAAAAAAAAA
+        AAAAAAAABgUFAK6RfVWqjnpVp4t3VaSIdFWghXFVnYJuVZp/a1WXe2hVk3hlVZB1YlWNcl9ViW9cVQAA
+        AAAAAAAAAAAAABQRDgDl2dD///v2///69P//+fL///fv///27P//9On///Pl///x4v//793//+zZ/9jC
+        rf8AAAAAAAAAAAAAAAAUEQ8A5tvT///8+f/48u3/+PHr//jw6f/37ub/9u3j//fs4f/469//+Orb//3t
+        3v/axrT/AAAAAAAAAAAAAAAAFREPAOjd1f///fv/8Orl//Dp4//k2tH/0rec/8uuj//Pv6//49jO//Dj
+        2P/67uH/28m5/wAAAAAAAAAAAAAAABUSDwDp39j///79//Dr5v/hzLj/25lU/+KXSv/fkkL/04Y4/8KY
+        bv/f1s3/+vDm/9zMv/8AAAAAAAAAAAAAAAAVEhAA6uHZ/////v/t5uD/5aZl/+ylXP/vvYn/9da4/9+S
+        Qv/YiTn/x6yR//bv5//ez8P/AAAAAAAAAAAAAAAAFhMQAOzi2///////6dK7//SxbP/wrGX/88OT//fa
+        vv/jmEv/35JC/8iWYv/y7Ob/39LH/wAAAAAAAAAAAAAAABYTEQDt49z//////+vTuv/5uXb/9bJt//bI
+        mf/43cH/6J9T/+OYS//NmWT/8+7q/+DUy/8AAAAAAAAAAAAAAAAXExEA7uTd///////v49j/97l4//m5
+        dv/2voP/9cib/+ylXP/nnlL/1LGO//j18v/h187/AAAAAAAAAAAAAAAAFxQRAO/l3v//////8Ozp/+/N
+        q//6vHv/+8iS//nQp//wq2T/3KRp/+ji2//6+PX/49jR/wAAAAAAAAAAAAAAABcUEQDv5d7///////Ds
+        6f/w7On/79rF/+3Clv/pvIz/58en/+zm4P/w7Oj/+vj3/+Ta0v8AAAAAAAAAAAAAAAAXFBEA7+Xe////
+        ///w7On/8Ozp//Ds6f/w7On/8Ozp//Ds6f/Wzcf/2M/I/9/X0f/Sw7f0AAAAAAAAAAAAAAAAFxQRAO/l
+        3v//////+Pb0//j29P/49vT/+Pb0//j29P/49vT/3tbQ///59f/s4NftvaOPQAAAAAAAAAAAAAAAABcU
+        EQDv5d7//////////////////////////////////fz8/+Hb1//r4NjmwKSQMgAAAAAAAAAAAAAAAAAA
+        AAAXFBEA7+Xe//////////////////////////////////Tz8f/bzcPdxqiSJQAAAAAAAAAAAAAAAAAA
+        AAAAAAAADw0LAN/LvKrn2M2q59jNqufYzarn2M2q59jNqufYzari0cSlza+ZGwAAAAAAAAAAAAAAAAAA
+        AAAAAAAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMADAADAAwAAwAMAAMAH
+        AADADwAAwB8AAA==
+</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogFilterHelper.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogFilterHelper.cs
new file mode 100644
index 000000000..9bd468e24
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/SuperLogFilterHelper.cs
@@ -0,0 +1,131 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using VmDirInterop.SuperLogging.Interfaces;
+
+namespace LWRaftSnapIn.UI
+{
+    public class SuperLogFilterHelper
+    {
+        Dictionary<int, ISuperLogEntry> _viewCache
+            = new Dictionary<int, ISuperLogEntry>();
+
+        Dictionary<FilterColumn, Func<ISuperLogEntry, object>> _valDict
+            = new Dictionary<FilterColumn, Func<ISuperLogEntry, object>>
+        {
+            {FilterColumn.ClientIP,     x=>x.getClientIP()},
+            {FilterColumn.ClientPort,   x=>x.getClientPort()},
+            {FilterColumn.LoginDN,      x=>x.getLoginDN()},
+            {FilterColumn.Operation,    x=>x.getOperation()},
+            {FilterColumn.ErrorCode,    x=>x.getErrorCode()},
+            {FilterColumn.Duration,     x=>x.getEndTime() - x.getStartTime()},
+        };
+
+        Dictionary<NumericFilterOperation, Func<UInt64, UInt64, bool>> _numopDict
+            = new Dictionary<NumericFilterOperation, Func<UInt64, UInt64, bool>>
+        {
+            {NumericFilterOperation.EQ, (x, y) => x == y},
+            {NumericFilterOperation.GTE, (x, y) => x >= y},
+            {NumericFilterOperation.LTE, (x, y) => x <= y},
+        };
+
+        Dictionary<StringFilterOperation, Func<string, string, bool>> _strOpDict
+            = new Dictionary<StringFilterOperation, Func<string, string, bool>>
+        {
+            {StringFilterOperation.BeginsWith, (x, y) => x.StartsWith(y)},
+            {StringFilterOperation.Contains, (x, y) => x.Contains(y)},
+            {StringFilterOperation.EndsWith, (x, y) => x.EndsWith(y)},
+            {StringFilterOperation.Equals, (x, y) => x.Equals(y)}
+        };
+
+        public Dictionary<int, ISuperLogEntry> ViewCache
+        {
+            get { return _viewCache; }
+        }
+        public FilterColumn FilterColumn { get; set; }
+        public NumericFilterOperation NumericFilter { get; set; }
+        public StringFilterOperation StringFilter { get; set; }
+        public string FilterText { get; set; }
+
+
+        public bool IsNumericFilter()
+        {
+            return FilterColumn == FilterColumn.Duration;
+        }
+
+        public void SetFilterOperation(int operation)
+        {
+            if (IsNumericFilter())
+                NumericFilter = (NumericFilterOperation)operation;
+            else
+                StringFilter = (StringFilterOperation)operation;
+        }
+
+        public bool IsEnabled()
+        {
+            if (IsNumericFilter())
+            {
+                return FilterColumn != FilterColumn.None
+                    && NumericFilter != NumericFilterOperation.None
+                    && !string.IsNullOrEmpty(FilterText);
+            }
+            else
+            {
+                return FilterColumn != FilterColumn.None
+                    && StringFilter != StringFilterOperation.None
+                    && !string.IsNullOrEmpty(FilterText);
+            }
+        }
+
+        public bool Check(ISuperLogEntry entry)
+        {
+            var columnVal = _valDict[FilterColumn](entry);
+            if (IsNumericFilter())
+            {
+                if (_numopDict.ContainsKey(NumericFilter))
+                {
+                    var filterVal = Convert.ToUInt64(FilterText);
+                    return _numopDict[NumericFilter]((UInt64)columnVal, filterVal);
+                }
+            }
+            else
+            {
+                if (_strOpDict.ContainsKey(StringFilter))
+                {
+                    return _strOpDict[StringFilter](columnVal.ToString(), FilterText);
+                }
+            }
+            return false;
+        }
+
+        public bool Filter(Dictionary<int, ISuperLogEntry> viewCache)
+        {
+            _viewCache.Clear();
+
+            if (!IsEnabled())
+                return false;
+
+            int i = 0;
+            foreach (var entry in viewCache)
+            {
+                if (Check(entry.Value))
+                {
+                    _viewCache[i++] = entry.Value;
+                }
+            }
+            return true;
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.Designer.cs
new file mode 100644
index 000000000..e890f97e7
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.Designer.cs
@@ -0,0 +1,246 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+namespace LWRaftSnapIn.UI
+
+{
+
+    partial class frmConnectToServer
+
+    {
+
+        /// <summary>
+
+        /// Required designer variable.
+
+        /// </summary>
+
+        private System.ComponentModel.IContainer components = null;
+
+
+
+        /// <summary>
+
+        /// Clean up any resources being used.
+
+        /// </summary>
+
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+
+        protected override void Dispose(bool disposing)
+
+        {
+
+            if (disposing && (components != null))
+
+            {
+
+                components.Dispose();
+
+            }
+
+            base.Dispose(disposing);
+
+        }
+
+
+
+        #region Windows Form Designer generated code
+
+
+
+        /// <summary>
+
+        /// Required method for Designer support - do not modify
+
+        /// the contents of this method with the code editor.
+
+        /// </summary>
+
+        private void InitializeComponent()
+
+        {
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(frmConnectToServer));
+            this.btnOK = new System.Windows.Forms.Button();
+            this.btnCancel = new System.Windows.Forms.Button();
+            this.label1 = new System.Windows.Forms.Label();
+            this.txtDirectoryServer = new System.Windows.Forms.TextBox();
+            this.txtBaseDN = new System.Windows.Forms.TextBox();
+            this.label4 = new System.Windows.Forms.Label();
+            this.groupBox1 = new System.Windows.Forms.GroupBox();
+            this.txtBindUPN = new System.Windows.Forms.TextBox();
+            this.txtPassword = new System.Windows.Forms.TextBox();
+            this.label3 = new System.Windows.Forms.Label();
+            this.label2 = new System.Windows.Forms.Label();
+            this.groupBox1.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // btnOK
+            // 
+            this.btnOK.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnOK.DialogResult = System.Windows.Forms.DialogResult.OK;
+            this.btnOK.Location = new System.Drawing.Point(97, 236);
+            this.btnOK.Name = "btnOK";
+            this.btnOK.Size = new System.Drawing.Size(75, 23);
+            this.btnOK.TabIndex = 5;
+            this.btnOK.Text = "OK";
+            this.btnOK.UseVisualStyleBackColor = true;
+            this.btnOK.Click += new System.EventHandler(this.btnOK_Click);
+            // 
+            // btnCancel
+            // 
+            this.btnCancel.Anchor = ((System.Windows.Forms.AnchorStyles)((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Right)));
+            this.btnCancel.DialogResult = System.Windows.Forms.DialogResult.Cancel;
+            this.btnCancel.Location = new System.Drawing.Point(227, 236);
+            this.btnCancel.Name = "btnCancel";
+            this.btnCancel.Size = new System.Drawing.Size(75, 23);
+            this.btnCancel.TabIndex = 6;
+            this.btnCancel.Text = "Cancel";
+            this.btnCancel.UseVisualStyleBackColor = true;
+            // 
+            // label1
+            // 
+            this.label1.Location = new System.Drawing.Point(26, 35);
+            this.label1.Name = "label1";
+            this.label1.Size = new System.Drawing.Size(100, 23);
+            this.label1.TabIndex = 0;
+            this.label1.Text = "Lightwave Raft Server:";
+            this.label1.TextAlign = System.Drawing.ContentAlignment.MiddleLeft;
+            // 
+            // txtDirectoryServer
+            // 
+            this.txtDirectoryServer.Location = new System.Drawing.Point(134, 36);
+            this.txtDirectoryServer.Name = "txtDirectoryServer";
+            this.txtDirectoryServer.Size = new System.Drawing.Size(196, 20);
+            this.txtDirectoryServer.TabIndex = 1;
+            // 
+            // txtBaseDN
+            // 
+            this.txtBaseDN.Location = new System.Drawing.Point(134, 73);
+            this.txtBaseDN.Name = "txtBaseDN";
+            this.txtBaseDN.Size = new System.Drawing.Size(196, 20);
+            this.txtBaseDN.TabIndex = 3;
+            // 
+            // label4
+            // 
+            this.label4.Location = new System.Drawing.Point(26, 73);
+            this.label4.Name = "label4";
+            this.label4.Size = new System.Drawing.Size(100, 23);
+            this.label4.TabIndex = 2;
+            this.label4.Text = "Base DN:";
+            this.label4.TextAlign = System.Drawing.ContentAlignment.MiddleLeft;
+            // 
+            // groupBox1
+            // 
+            this.groupBox1.Controls.Add(this.txtBindUPN);
+            this.groupBox1.Controls.Add(this.txtPassword);
+            this.groupBox1.Controls.Add(this.label3);
+            this.groupBox1.Controls.Add(this.label2);
+            this.groupBox1.Location = new System.Drawing.Point(29, 114);
+            this.groupBox1.Name = "groupBox1";
+            this.groupBox1.Size = new System.Drawing.Size(301, 100);
+            this.groupBox1.TabIndex = 4;
+            this.groupBox1.TabStop = false;
+            this.groupBox1.Text = "Credentials";
+            // 
+            // txtBindUPN
+            // 
+            this.txtBindUPN.Location = new System.Drawing.Point(105, 22);
+            this.txtBindUPN.Name = "txtBindUPN";
+            this.txtBindUPN.Size = new System.Drawing.Size(189, 20);
+            this.txtBindUPN.TabIndex = 1;
+            // 
+            // txtPassword
+            // 
+            this.txtPassword.Location = new System.Drawing.Point(105, 51);
+            this.txtPassword.Name = "txtPassword";
+            this.txtPassword.PasswordChar = '*';
+            this.txtPassword.Size = new System.Drawing.Size(189, 20);
+            this.txtPassword.TabIndex = 3;
+            // 
+            // label3
+            // 
+            this.label3.Location = new System.Drawing.Point(6, 50);
+            this.label3.Name = "label3";
+            this.label3.Size = new System.Drawing.Size(92, 23);
+            this.label3.TabIndex = 2;
+            this.label3.Text = "Password:";
+            this.label3.TextAlign = System.Drawing.ContentAlignment.MiddleLeft;
+            // 
+            // label2
+            // 
+            this.label2.Location = new System.Drawing.Point(6, 20);
+            this.label2.Name = "label2";
+            this.label2.Size = new System.Drawing.Size(92, 23);
+            this.label2.TabIndex = 0;
+            this.label2.Text = "Bind UPN:";
+            this.label2.TextAlign = System.Drawing.ContentAlignment.MiddleLeft;
+            // 
+            // frmConnectToServer
+            // 
+            this.AcceptButton = this.btnOK;
+            this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
+            this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
+            this.ClientSize = new System.Drawing.Size(358, 271);
+            this.Controls.Add(this.groupBox1);
+            this.Controls.Add(this.label4);
+            this.Controls.Add(this.txtBaseDN);
+            this.Controls.Add(this.txtDirectoryServer);
+            this.Controls.Add(this.label1);
+            this.Controls.Add(this.btnCancel);
+            this.Controls.Add(this.btnOK);
+            this.MaximizeBox = false;
+            this.MinimizeBox = false;
+            this.Name = "frmConnectToServer";
+            this.StartPosition = System.Windows.Forms.FormStartPosition.CenterParent;
+            this.Text = "Connect to:";
+            this.Icon = LWRaftEnvironment.Instance.GetIconResource(VMDirIconIndex.Login);
+            this.Load += new System.EventHandler(this.frmConnectToServer_Load);
+            this.groupBox1.ResumeLayout(false);
+            this.groupBox1.PerformLayout();
+            this.ResumeLayout(false);
+            this.PerformLayout();
+
+        }
+
+
+
+        #endregion
+
+
+
+        private System.Windows.Forms.Button btnOK;
+
+        private System.Windows.Forms.Button btnCancel;
+
+        private System.Windows.Forms.Label label1;
+
+        private System.Windows.Forms.TextBox txtBaseDN;
+
+        private System.Windows.Forms.Label label4;
+
+        private System.Windows.Forms.GroupBox groupBox1;
+
+        private System.Windows.Forms.TextBox txtBindUPN;
+
+        private System.Windows.Forms.TextBox txtPassword;
+
+        private System.Windows.Forms.Label label3;
+
+        private System.Windows.Forms.Label label2;
+
+        public System.Windows.Forms.TextBox txtDirectoryServer;
+
+    }
+
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.cs
new file mode 100644
index 000000000..db802fcdd
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.cs
@@ -0,0 +1,108 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Windows.Forms;
+using VMDir.Common.DTO;
+using LWRaftSnapIn.Utilities;
+using VMDir.Common.VMDirUtilities;
+using VMwareMMCIDP.UI.Common.Utilities;
+using VMIdentity.CommonUtils;
+using System.Text;
+
+namespace LWRaftSnapIn.UI
+{
+    public partial class frmConnectToServer : Form
+    {
+        VMDirServerDTO _dto = null;
+
+        public VMDirServerDTO ServerDTO { get { return _dto; } }
+
+        public frmConnectToServer()
+        {
+            InitializeComponent();
+        }
+
+        public frmConnectToServer(VMDirServerDTO dto)
+            : this()
+        {
+            _dto = dto;
+            txtDirectoryServer.Text = dto.Server;
+            var tenant = MMCMiscUtil.GetBrandConfig(CommonConstants.TENANT);
+
+            if (string.IsNullOrWhiteSpace(dto.BindDN))
+            {
+                txtBindUPN.Text = "Administrator@" + tenant;
+            }
+            else
+            {
+                txtBindUPN.Text = dto.BindDN;
+            }
+            if (string.IsNullOrWhiteSpace(dto.BaseDN))
+            {
+                txtBaseDN.Text = CommonConstants.GetDNFormat(tenant);
+            }
+            else{
+                txtBaseDN.Text = dto.BaseDN;
+            }
+        }
+
+        private void btnOK_Click(object sender, EventArgs e)
+        {
+            MiscUtilsService.CheckedExec(delegate
+           {
+               if (!ValidateForm())
+               {
+                   this.DialogResult = DialogResult.None;
+                   return;
+               }
+
+               if (_dto == null)
+                   _dto = VMDirServerDTO.CreateInstance();
+
+               _dto.Server = (txtDirectoryServer.Text).Trim();
+               _dto.BaseDN = (txtBaseDN.Text).Trim();
+               _dto.BindDN = (txtBindUPN.Text).Trim();
+               _dto.Password = txtPassword.Text;
+
+               _dto.Connection = new LdapConnectionService(_dto.Server, _dto.BindDN, _dto.Password);
+
+               this.Close();
+           });
+        }
+
+        private bool ValidateForm()
+        {
+            string msg = null;
+            if (string.IsNullOrWhiteSpace(txtDirectoryServer.Text))
+                msg = MMCUIConstants.SERVER_ENT;
+            else if (string.IsNullOrWhiteSpace(txtBindUPN.Text))
+                msg = MMCUIConstants.UPN_ENT;
+            else if (string.IsNullOrWhiteSpace(txtPassword.Text))
+                msg = MMCUIConstants.PASSWORD_ENT;
+
+            if (msg != null)
+            {
+                MMCDlgHelper.ShowWarning(msg);
+                return false;
+            }
+            return true;
+        }
+
+        private void frmConnectToServer_Load(object sender, EventArgs e)
+        {
+            if (!String.IsNullOrEmpty(txtDirectoryServer.Text))
+                this.txtDirectoryServer.Enabled = false;
+        }
+    }
+}
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.resx
new file mode 100644
index 000000000..f7b30dec8
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/UI/frmConnectToServer.resx
@@ -0,0 +1,377 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        AAABAAMAEBAAAAEAIABoBAAANgAAACAgAAABACAAqBAAAJ4EAAAwMAAAAQAgAKglAABGFQAAKAAAABAA
+        AAAgAAAAAQAgAAAAAAAABAAAEgsAABILAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAnaY7zJ2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAJ2mO/kmgu/9gxtv/dOb1/3Tm9f905vX/Ycfc/0ylv/8naY7+1IJPGshrPcrBXDLzvFIq/7xT
+        Kv+8Uir/vFIq/yhpjv9JoLv/YMbb/3Tm9f905vX/dOb1/2HH3P9Mpb//J2mO/sJVKuG9TCP/1HNA/+KI
+        UP/ql1r/759h/+6dX/8oaY7/SaC7/2DG2/905vX/dOb1/3Tm9f9hx9z/TKW//ydpjv63ORH/4msw/+x3
+        N//sdzf/7Hc3/+x3N//sdzf/KGmO/22zyf+A0eL/o+/4/6Pv+P+j7/j/gdLj/3C3zP8naY7+uT4U/++F
+        P//yiUL/8olC//KJQv/yiUL/8olC/zFriv8oaY7/KGmO/yhpjv8oaY7/J2mO/idpjv4naY7+J2mO88BP
+        H/PXcjX/+adW//mnVv/5p1b/+adW//mnVv/5p1b/mZmZ/+rq6v/SajD/wU8g8wAAAADq6ur/mZmZ/wAA
+        AADPbzuKvE4k/+aYWP/5unH/+bpx//m6cf/5unH/+bpx/5mZmf/y8vL/vE4j/89vO4oAAAAA8vLy/5mZ
+        mf8AAAAAAAAAAMpvQby9VSz/znZG/8JfNP+8Uir/vFIq/8JfNP+ZmZn/6urq/8pvQbwAAAAAAAAAAOrq
+        6v+ZmZn/AAAAAAAAAAAAAAAA0HZDqrxPJf/RdUH/7KZl/+ukZP/Obz3/mZmZ/9fX1//q6ur/8vLy/+rq
+        6v/X19f/mZmZ/wAAAAAAAAAAAAAAAMFSI/PRbTX/+a5g//qwYf/6sGH/+rBh/7SCZv+ZmZn/mZmZ/5mZ
+        mf+ZmZn/mZmZ/5mZmYAAAAAAAAAAAAAAAAC6RBj/7Y9G//acTv/2nE7/9pxO//acTv/mhUD/u0QY/wAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuTwT/+h4N//wgj3/8II9//CCPf/wgj3/4nAy/7k9
+        E/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALw/FvPMUiL/7Ho8/+17PP/tezz/7Xs8/8lP
+        IP+9QBfzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNZzd2ukgg/9FuPP/qmFv/6JRZ/85p
+        Of+7SSH/zWc3dgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANB6SnbBXDLzvFIq/7xS
+        Kv/BXDLz0HpKdgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+AAAA/gAAAAAAAAAAAAAAAAAAAAAA
+        AAAACQAAAAkAAIAZAADAAQAAwAEAAMA/AADAPwAAwD8AAMA/AADgfwAAKAAAACAAAABAAAAAAQAgAAAA
+        AAAAEAAAEgsAABILAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAJ2mO8ydpjvMnaY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idp
+        jv4naY7+J2mO/idpjv4naY7+J2mO/idpjvMnaY7zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnaY7zJ2mO8ydpjv4naY7+J2mO/idpjv4naY7+J2mO/idp
+        jv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO8ydpjvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdpjv4naY7+SaC7/0mgu/9gxtv/YMbb/3Tm
+        9f905vX/dOb1/3Tm9f905vX/dOb1/2HH3P9hx9z/TKW//0ylv/8naY7+J2mO/gAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ2mO/idpjv5JoLv/SaC7/2DG
+        2/9gxtv/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/Ycfc/2HH3P9Mpb//TKW//ydpjv4naY7+1IJPGtSC
+        TxrIaz3KyGs9ysFcMvPBXDLzvFIq/7xSKv+8Uyr/vFMq/7xSKv+8Uir/vFIq/7xSKv8oaY7/KGmO/0mg
+        u/9JoLv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f9hx9z/Ycfc/0ylv/9Mpb//J2mO/idp
+        jv7Ugk8a1IJPGshrPcrIaz3KwVwy88FcMvO8Uir/vFIq/7xTKv+8Uyr/vFIq/7xSKv+8Uir/vFIq/yhp
+        jv8oaY7/SaC7/0mgu/9gxtv/YMbb/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/2HH3P9hx9z/TKW//0yl
+        v/8naY7+J2mO/sJVKuHCVSrhvUwj/71MI//Uc0D/1HNA/+KIUP/iiFD/6pda/+qXWv/vn2H/759h/+6d
+        X//unV//KGmO/yhpjv9JoLv/SaC7/2DG2/9gxtv/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/Ycfc/2HH
+        3P9Mpb//TKW//ydpjv4naY7+wlUq4cJVKuG9TCP/vUwj/9RzQP/Uc0D/4ohQ/+KIUP/ql1r/6pda/++f
+        Yf/vn2H/7p1f/+6dX/8oaY7/KGmO/0mgu/9JoLv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm
+        9f9hx9z/Ycfc/0ylv/9Mpb//J2mO/idpjv63ORH/tzkR/+JrMP/iazD/7Hc3/+x3N//sdzf/7Hc3/+x3
+        N//sdzf/7Hc3/+x3N//sdzf/7Hc3/yhpjv8oaY7/bbPJ/22zyf+A0eL/gNHi/6Pv+P+j7/j/o+/4/6Pv
+        +P+j7/j/o+/4/4HS4/+B0uP/cLfM/3C3zP8naY7+J2mO/rc5Ef+3ORH/4msw/+JrMP/sdzf/7Hc3/+x3
+        N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N//sdzf/KGmO/yhpjv9ts8n/bbPJ/4DR4v+A0eL/o+/4/6Pv
+        +P+j7/j/o+/4/6Pv+P+j7/j/gdLj/4HS4/9wt8z/cLfM/ydpjv4naY7+uT4U/7k+FP/vhT//74U///KJ
+        Qv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv8xa4r/MWuK/yhpjv8oaY7/KGmO/yhp
+        jv8oaY7/KGmO/yhpjv8oaY7/J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO8ydpjvO5PhT/uT4U/++F
+        P//vhT//8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC/zFriv8xa4r/KGmO/yhp
+        jv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO88BP
+        H/PATx/z13I1/9dyNf/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mn
+        Vv+ZmZn/mZmZ/+rq6v/q6ur/0mow/9JqMP/BTyDzwU8g8wAAAAAAAAAA6urq/+rq6v+ZmZn/mZmZ/wAA
+        AAAAAAAAwE8f88BPH/PXcjX/13I1//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mn
+        Vv/5p1b/+adW/5mZmf+ZmZn/6urq/+rq6v/SajD/0mow/8FPIPPBTyDzAAAAAAAAAADq6ur/6urq/5mZ
+        mf+ZmZn/AAAAAAAAAADPbzuKz287irxOJP+8TiT/5phY/+aYWP/5unH/+bpx//m6cf/5unH/+bpx//m6
+        cf/5unH/+bpx//m6cf/5unH/mZmZ/5mZmf/y8vL/8vLy/7xOI/+8TiP/z287is9vO4oAAAAAAAAAAPLy
+        8v/y8vL/mZmZ/5mZmf8AAAAAAAAAAM9vO4rPbzuKvE4k/7xOJP/mmFj/5phY//m6cf/5unH/+bpx//m6
+        cf/5unH/+bpx//m6cf/5unH/+bpx//m6cf+ZmZn/mZmZ//Ly8v/y8vL/vE4j/7xOI//PbzuKz287igAA
+        AAAAAAAA8vLy//Ly8v+ZmZn/mZmZ/wAAAAAAAAAAAAAAAAAAAADKb0G8ym9BvL1VLP+9VSz/znZG/852
+        Rv/CXzT/wl80/7xSKv+8Uir/vFIq/7xSKv/CXzT/wl80/5mZmf+ZmZn/6urq/+rq6v/Kb0G8ym9BvAAA
+        AAAAAAAAAAAAAAAAAADq6ur/6urq/5mZmf+ZmZn/AAAAAAAAAAAAAAAAAAAAAMpvQbzKb0G8vVUs/71V
+        LP/Odkb/znZG/8JfNP/CXzT/vFIq/7xSKv+8Uir/vFIq/8JfNP/CXzT/mZmZ/5mZmf/q6ur/6urq/8pv
+        QbzKb0G8AAAAAAAAAAAAAAAAAAAAAOrq6v/q6ur/mZmZ/5mZmf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AADQdkOq0HZDqrxPJf+8TyX/0XVB/9F1Qf/spmX/7KZl/+ukZP/rpGT/zm89/85vPf+ZmZn/mZmZ/9fX
+        1//X19f/6urq/+rq6v/y8vL/8vLy/+rq6v/q6ur/19fX/9fX1/+ZmZn/mZmZ/wAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAANB2Q6rQdkOqvE8l/7xPJf/RdUH/0XVB/+ymZf/spmX/66Rk/+ukZP/Obz3/zm89/5mZ
+        mf+ZmZn/19fX/9fX1//q6ur/6urq//Ly8v/y8vL/6urq/+rq6v/X19f/19fX/5mZmf+ZmZn/AAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAwVIj88FSI/PRbTX/0W01//muYP/5rmD/+rBh//qwYf/6sGH/+rBh//qw
+        Yf/6sGH/tIJm/7SCZv+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZgJmZ
+        mYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBUiPzwVIj89FtNf/RbTX/+a5g//muYP/6sGH/+rBh//qw
+        Yf/6sGH/+rBh//qwYf+0gmb/tIJm/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZ
+        mf+ZmZmAmZmZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpEGP+6RBj/7Y9G/+2PRv/2nE7/9pxO//ac
+        Tv/2nE7/9pxO//acTv/2nE7/9pxO/+aFQP/mhUD/u0QY/7tEGP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAukQY/7pEGP/tj0b/7Y9G//ac
+        Tv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/2nE7/5oVA/+aFQP+7RBj/u0QY/wAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5PBP/uTwT/+h4
+        N//oeDf/8II9//CCPf/wgj3/8II9//CCPf/wgj3/8II9//CCPf/icDL/4nAy/7k9E/+5PRP/AAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALk8
+        E/+5PBP/6Hg3/+h4N//wgj3/8II9//CCPf/wgj3/8II9//CCPf/wgj3/8II9/+JwMv/icDL/uT0T/7k9
+        E/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAvD8W87w/FvPMUiL/zFIi/+x6PP/sejz/7Xs8/+17PP/tezz/7Xs8/+17PP/tezz/yU8g/8lP
+        IP+9QBfzvUAX8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAC8PxbzvD8W88xSIv/MUiL/7Ho8/+x6PP/tezz/7Xs8/+17PP/tezz/7Xs8/+17
+        PP/JTyD/yU8g/71AF/O9QBfzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAM1nN3bNZzd2ukgg/7pIIP/Rbjz/0W48/+qYW//qmFv/6JRZ/+iU
+        Wf/OaTn/zmk5/7tJIf+7SSH/zWc3ds1nN3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzWc3ds1nN3a6SCD/ukgg/9FuPP/Rbjz/6phb/+qY
+        W//olFn/6JRZ/85pOf/OaTn/u0kh/7tJIf/NZzd2zWc3dgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANB6SnbQekp2wVwy88Fc
+        MvO8Uir/vFIq/7xSKv+8Uir/wVwy88FcMvPQekp20HpKdgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0HpKdtB6
+        SnbBXDLzwVwy87xSKv+8Uir/vFIq/7xSKv/BXDLzwVwy89B6SnbQekp2AAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//AAA//wAAP/8AAD//AAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDAAAAwwAAAMMAAADDwAADw8AAA8PwAAAD8AAAA/AA
+        AAPwAAAD8AAP//AAD//wAA//8AAP//AAD//wAA//8AAP//AAD//8AD///AA//ygAAAAwAAAAYAAAAAEA
+        IAAAAAAAACQAABILAAASCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnaY7zJ2mO8ydp
+        jvMnaY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idp
+        jv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO8ydpjvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAnaY7zJ2mO8ydpjvMnaY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idp
+        jv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO8ydpjvMAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAnaY7zJ2mO8ydpjvMnaY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idp
+        jv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO8ydp
+        jvMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnaY7+J2mO/idpjv5JoLv/SaC7/0mgu/9gxtv/YMbb/2DG
+        2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0yl
+        v/8naY7+J2mO/idpjv4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnaY7+J2mO/idpjv5JoLv/SaC7/0mg
+        u/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH
+        3P9Mpb//TKW//0ylv/8naY7+J2mO/idpjv4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnaY7+J2mO/idp
+        jv5JoLv/SaC7/0mgu/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm
+        9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0ylv/8naY7+J2mO/idpjv7Ugk8a1IJPGtSCTxrIaz3KyGs9yshr
+        PcrBXDLzwVwy88FcMvO8Uir/vFIq/7xSKv+8Uyr/vFMq/7xTKv+8Uir/vFIq/7xSKv+8Uir/vFIq/7xS
+        Kv8oaY7/KGmO/yhpjv9JoLv/SaC7/0mgu/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm
+        9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0ylv/8naY7+J2mO/idpjv7Ugk8a1IJPGtSC
+        TxrIaz3KyGs9yshrPcrBXDLzwVwy88FcMvO8Uir/vFIq/7xSKv+8Uyr/vFMq/7xTKv+8Uir/vFIq/7xS
+        Kv+8Uir/vFIq/7xSKv8oaY7/KGmO/yhpjv9JoLv/SaC7/0mgu/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm
+        9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0ylv/8naY7+J2mO/idp
+        jv7Ugk8a1IJPGtSCTxrIaz3KyGs9yshrPcrBXDLzwVwy88FcMvO8Uir/vFIq/7xSKv+8Uyr/vFMq/7xT
+        Kv+8Uir/vFIq/7xSKv+8Uir/vFIq/7xSKv8oaY7/KGmO/yhpjv9JoLv/SaC7/0mgu/9gxtv/YMbb/2DG
+        2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0yl
+        v/8naY7+J2mO/idpjv7CVSrhwlUq4cJVKuG9TCP/vUwj/71MI//Uc0D/1HNA/9RzQP/iiFD/4ohQ/+KI
+        UP/ql1r/6pda/+qXWv/vn2H/759h/++fYf/unV//7p1f/+6dX/8oaY7/KGmO/yhpjv9JoLv/SaC7/0mg
+        u/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH
+        3P9Mpb//TKW//0ylv/8naY7+J2mO/idpjv7CVSrhwlUq4cJVKuG9TCP/vUwj/71MI//Uc0D/1HNA/9Rz
+        QP/iiFD/4ohQ/+KIUP/ql1r/6pda/+qXWv/vn2H/759h/++fYf/unV//7p1f/+6dX/8oaY7/KGmO/yhp
+        jv9JoLv/SaC7/0mgu/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm9f905vX/dOb1/3Tm
+        9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0ylv/8naY7+J2mO/idpjv7CVSrhwlUq4cJVKuG9TCP/vUwj/71M
+        I//Uc0D/1HNA/9RzQP/iiFD/4ohQ/+KIUP/ql1r/6pda/+qXWv/vn2H/759h/++fYf/unV//7p1f/+6d
+        X/8oaY7/KGmO/yhpjv9JoLv/SaC7/0mgu/9gxtv/YMbb/2DG2/905vX/dOb1/3Tm9f905vX/dOb1/3Tm
+        9f905vX/dOb1/3Tm9f9hx9z/Ycfc/2HH3P9Mpb//TKW//0ylv/8naY7+J2mO/idpjv63ORH/tzkR/7c5
+        Ef/iazD/4msw/+JrMP/sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3
+        N//sdzf/7Hc3/+x3N/8oaY7/KGmO/yhpjv9ts8n/bbPJ/22zyf+A0eL/gNHi/4DR4v+j7/j/o+/4/6Pv
+        +P+j7/j/o+/4/6Pv+P+j7/j/o+/4/6Pv+P+B0uP/gdLj/4HS4/9wt8z/cLfM/3C3zP8naY7+J2mO/idp
+        jv63ORH/tzkR/7c5Ef/iazD/4msw/+JrMP/sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3
+        N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N/8oaY7/KGmO/yhpjv9ts8n/bbPJ/22zyf+A0eL/gNHi/4DR
+        4v+j7/j/o+/4/6Pv+P+j7/j/o+/4/6Pv+P+j7/j/o+/4/6Pv+P+B0uP/gdLj/4HS4/9wt8z/cLfM/3C3
+        zP8naY7+J2mO/idpjv63ORH/tzkR/7c5Ef/iazD/4msw/+JrMP/sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3
+        N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N//sdzf/7Hc3/+x3N/8oaY7/KGmO/yhpjv9ts8n/bbPJ/22z
+        yf+A0eL/gNHi/4DR4v+j7/j/o+/4/6Pv+P+j7/j/o+/4/6Pv+P+j7/j/o+/4/6Pv+P+B0uP/gdLj/4HS
+        4/9wt8z/cLfM/3C3zP8naY7+J2mO/idpjv65PhT/uT4U/7k+FP/vhT//74U//++FP//yiUL/8olC//KJ
+        Qv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv8xa4r/MWuK/zFr
+        iv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8naY7+J2mO/idp
+        jv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO8ydpjvO5PhT/uT4U/7k+FP/vhT//74U//++F
+        P//yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJ
+        Qv8xa4r/MWuK/zFriv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhp
+        jv8naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO8ydpjvO5PhT/uT4U/7k+
+        FP/vhT//74U//++FP//yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJQv/yiUL/8olC//KJ
+        Qv/yiUL/8olC//KJQv8xa4r/MWuK/zFriv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhpjv8oaY7/KGmO/yhp
+        jv8oaY7/KGmO/yhpjv8naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7+J2mO/idpjv4naY7zJ2mO8ydp
+        jvPATx/zwE8f88BPH/PXcjX/13I1/9dyNf/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mn
+        Vv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv+ZmZn/mZmZ/5mZmf/q6ur/6urq/+rq
+        6v/SajD/0mow/9JqMP/BTyDzwU8g88FPIPMAAAAAAAAAAAAAAADq6ur/6urq/+rq6v+ZmZn/mZmZ/5mZ
+        mf8AAAAAAAAAAAAAAADATx/zwE8f88BPH/PXcjX/13I1/9dyNf/5p1b/+adW//mnVv/5p1b/+adW//mn
+        Vv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv+ZmZn/mZmZ/5mZ
+        mf/q6ur/6urq/+rq6v/SajD/0mow/9JqMP/BTyDzwU8g88FPIPMAAAAAAAAAAAAAAADq6ur/6urq/+rq
+        6v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAADATx/zwE8f88BPH/PXcjX/13I1/9dyNf/5p1b/+adW//mn
+        Vv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mnVv/5p1b/+adW//mn
+        Vv+ZmZn/mZmZ/5mZmf/q6ur/6urq/+rq6v/SajD/0mow/9JqMP/BTyDzwU8g88FPIPMAAAAAAAAAAAAA
+        AADq6ur/6urq/+rq6v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAADPbzuKz287is9vO4q8TiT/vE4k/7xO
+        JP/mmFj/5phY/+aYWP/5unH/+bpx//m6cf/5unH/+bpx//m6cf/5unH/+bpx//m6cf/5unH/+bpx//m6
+        cf/5unH/+bpx//m6cf+ZmZn/mZmZ/5mZmf/y8vL/8vLy//Ly8v+8TiP/vE4j/7xOI//PbzuKz287is9v
+        O4oAAAAAAAAAAAAAAADy8vL/8vLy//Ly8v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAADPbzuKz287is9v
+        O4q8TiT/vE4k/7xOJP/mmFj/5phY/+aYWP/5unH/+bpx//m6cf/5unH/+bpx//m6cf/5unH/+bpx//m6
+        cf/5unH/+bpx//m6cf/5unH/+bpx//m6cf+ZmZn/mZmZ/5mZmf/y8vL/8vLy//Ly8v+8TiP/vE4j/7xO
+        I//PbzuKz287is9vO4oAAAAAAAAAAAAAAADy8vL/8vLy//Ly8v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAA
+        AADPbzuKz287is9vO4q8TiT/vE4k/7xOJP/mmFj/5phY/+aYWP/5unH/+bpx//m6cf/5unH/+bpx//m6
+        cf/5unH/+bpx//m6cf/5unH/+bpx//m6cf/5unH/+bpx//m6cf+ZmZn/mZmZ/5mZmf/y8vL/8vLy//Ly
+        8v+8TiP/vE4j/7xOI//PbzuKz287is9vO4oAAAAAAAAAAAAAAADy8vL/8vLy//Ly8v+ZmZn/mZmZ/5mZ
+        mf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKb0G8ym9BvMpvQby9VSz/vVUs/71VLP/Odkb/znZG/852
+        Rv/CXzT/wl80/8JfNP+8Uir/vFIq/7xSKv+8Uir/vFIq/7xSKv/CXzT/wl80/8JfNP+ZmZn/mZmZ/5mZ
+        mf/q6ur/6urq/+rq6v/Kb0G8ym9BvMpvQbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq6ur/6urq/+rq
+        6v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKb0G8ym9BvMpvQby9VSz/vVUs/71V
+        LP/Odkb/znZG/852Rv/CXzT/wl80/8JfNP+8Uir/vFIq/7xSKv+8Uir/vFIq/7xSKv/CXzT/wl80/8Jf
+        NP+ZmZn/mZmZ/5mZmf/q6ur/6urq/+rq6v/Kb0G8ym9BvMpvQbwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AADq6ur/6urq/+rq6v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADKb0G8ym9BvMpv
+        Qby9VSz/vVUs/71VLP/Odkb/znZG/852Rv/CXzT/wl80/8JfNP+8Uir/vFIq/7xSKv+8Uir/vFIq/7xS
+        Kv/CXzT/wl80/8JfNP+ZmZn/mZmZ/5mZmf/q6ur/6urq/+rq6v/Kb0G8ym9BvMpvQbwAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAADq6ur/6urq/+rq6v+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAADQdkOq0HZDqtB2Q6q8TyX/vE8l/7xPJf/RdUH/0XVB/9F1Qf/spmX/7KZl/+ym
+        Zf/rpGT/66Rk/+ukZP/Obz3/zm89/85vPf+ZmZn/mZmZ/5mZmf/X19f/19fX/9fX1//q6ur/6urq/+rq
+        6v/y8vL/8vLy//Ly8v/q6ur/6urq/+rq6v/X19f/19fX/9fX1/+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQdkOq0HZDqtB2Q6q8TyX/vE8l/7xPJf/RdUH/0XVB/9F1
+        Qf/spmX/7KZl/+ymZf/rpGT/66Rk/+ukZP/Obz3/zm89/85vPf+ZmZn/mZmZ/5mZmf/X19f/19fX/9fX
+        1//q6ur/6urq/+rq6v/y8vL/8vLy//Ly8v/q6ur/6urq/+rq6v/X19f/19fX/9fX1/+ZmZn/mZmZ/5mZ
+        mf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQdkOq0HZDqtB2Q6q8TyX/vE8l/7xP
+        Jf/RdUH/0XVB/9F1Qf/spmX/7KZl/+ymZf/rpGT/66Rk/+ukZP/Obz3/zm89/85vPf+ZmZn/mZmZ/5mZ
+        mf/X19f/19fX/9fX1//q6ur/6urq/+rq6v/y8vL/8vLy//Ly8v/q6ur/6urq/+rq6v/X19f/19fX/9fX
+        1/+ZmZn/mZmZ/5mZmf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBUiPzwVIj88FS
+        I/PRbTX/0W01/9FtNf/5rmD/+a5g//muYP/6sGH/+rBh//qwYf/6sGH/+rBh//qwYf/6sGH/+rBh//qw
+        Yf+0gmb/tIJm/7SCZv+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZ
+        mf+ZmZn/mZmZ/5mZmf+ZmZmAmZmZgJmZmYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AADBUiPzwVIj88FSI/PRbTX/0W01/9FtNf/5rmD/+a5g//muYP/6sGH/+rBh//qwYf/6sGH/+rBh//qw
+        Yf/6sGH/+rBh//qwYf+0gmb/tIJm/7SCZv+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZ
+        mf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZmAmZmZgJmZmYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAADBUiPzwVIj88FSI/PRbTX/0W01/9FtNf/5rmD/+a5g//muYP/6sGH/+rBh//qw
+        Yf/6sGH/+rBh//qwYf/6sGH/+rBh//qwYf+0gmb/tIJm/7SCZv+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZ
+        mf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZn/mZmZ/5mZmf+ZmZmAmZmZgJmZmYAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6RBj/ukQY/7pEGP/tj0b/7Y9G/+2PRv/2nE7/9pxO//ac
+        Tv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/mhUD/5oVA/+aFQP+7RBj/u0QY/7tE
+        GP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6RBj/ukQY/7pEGP/tj0b/7Y9G/+2P
+        Rv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/mhUD/5oVA/+aF
+        QP+7RBj/u0QY/7tEGP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6RBj/ukQY/7pE
+        GP/tj0b/7Y9G/+2PRv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/2nE7/9pxO//acTv/2nE7/9pxO//ac
+        Tv/mhUD/5oVA/+aFQP+7RBj/u0QY/7tEGP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAC5PBP/uTwT/7k8E//oeDf/6Hg3/+h4N//wgj3/8II9//CCPf/wgj3/8II9//CCPf/wgj3/8II9//CC
+        Pf/wgj3/8II9//CCPf/icDL/4nAy/+JwMv+5PRP/uT0T/7k9E/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAC5PBP/uTwT/7k8E//oeDf/6Hg3/+h4N//wgj3/8II9//CCPf/wgj3/8II9//CC
+        Pf/wgj3/8II9//CCPf/wgj3/8II9//CCPf/icDL/4nAy/+JwMv+5PRP/uT0T/7k9E/8AAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC5PBP/uTwT/7k8E//oeDf/6Hg3/+h4N//wgj3/8II9//CC
+        Pf/wgj3/8II9//CCPf/wgj3/8II9//CCPf/wgj3/8II9//CCPf/icDL/4nAy/+JwMv+5PRP/uT0T/7k9
+        E/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8PxbzvD8W87w/FvPMUiL/zFIi/8xS
+        Iv/sejz/7Ho8/+x6PP/tezz/7Xs8/+17PP/tezz/7Xs8/+17PP/tezz/7Xs8/+17PP/JTyD/yU8g/8lP
+        IP+9QBfzvUAX871AF/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8PxbzvD8W87w/
+        FvPMUiL/zFIi/8xSIv/sejz/7Ho8/+x6PP/tezz/7Xs8/+17PP/tezz/7Xs8/+17PP/tezz/7Xs8/+17
+        PP/JTyD/yU8g/8lPIP+9QBfzvUAX871AF/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAC8PxbzvD8W87w/FvPMUiL/zFIi/8xSIv/sejz/7Ho8/+x6PP/tezz/7Xs8/+17PP/tezz/7Xs8/+17
+        PP/tezz/7Xs8/+17PP/JTyD/yU8g/8lPIP+9QBfzvUAX871AF/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAADNZzd2zWc3ds1nN3a6SCD/ukgg/7pIIP/Rbjz/0W48/9FuPP/qmFv/6phb/+qY
+        W//olFn/6JRZ/+iUWf/OaTn/zmk5/85pOf+7SSH/u0kh/7tJIf/NZzd2zWc3ds1nN3YAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNZzd2zWc3ds1nN3a6SCD/ukgg/7pIIP/Rbjz/0W48/9Fu
+        PP/qmFv/6phb/+qYW//olFn/6JRZ/+iUWf/OaTn/zmk5/85pOf+7SSH/u0kh/7tJIf/NZzd2zWc3ds1n
+        N3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNZzd2zWc3ds1nN3a6SCD/ukgg/7pI
+        IP/Rbjz/0W48/9FuPP/qmFv/6phb/+qYW//olFn/6JRZ/+iUWf/OaTn/zmk5/85pOf+7SSH/u0kh/7tJ
+        If/NZzd2zWc3ds1nN3YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AADQekp20HpKdtB6SnbBXDLzwVwy88FcMvO8Uir/vFIq/7xSKv+8Uir/vFIq/7xSKv/BXDLzwVwy88Fc
+        MvPQekp20HpKdtB6SnYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAADQekp20HpKdtB6SnbBXDLzwVwy88FcMvO8Uir/vFIq/7xSKv+8Uir/vFIq/7xS
+        Kv/BXDLzwVwy88FcMvPQekp20HpKdtB6SnYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQekp20HpKdtB6SnbBXDLzwVwy88FcMvO8Uir/vFIq/7xS
+        Kv+8Uir/vFIq/7xSKv/BXDLzwVwy88FcMvPQekp20HpKdtB6SnYAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAD///gAAAAAAP//+AAAAAAA///4AAAAAAD///gAAAAAAP//+AAAAAAA///4AAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgcAAAAAAAAOBwAAAAAAAA4HAAAAAAAADgcAAAAA
+        AAAOBwAAAAAAAA4HAADgAAAAfgcAAOAAAAB+BwAA4AAAAH4HAAD8AAAAAAcAAPwAAAAABwAA/AAAAAAH
+        AAD8AAAAAAcAAPwAAAAABwAA/AAAAAAHAAD8AAAD//8AAPwAAAP//wAA/AAAA///AAD8AAAD//8AAPwA
+        AAP//wAA/AAAA///AAD8AAAD//8AAPwAAAP//wAA/AAAA///AAD8AAAD//8AAPwAAAP//wAA/AAAA///
+        AAD/gAAf//8AAP+AAB///wAA/4AAH///AAA=
+</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/LdapTypesService.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/LdapTypesService.cs
new file mode 100644
index 000000000..bba6f3953
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/LdapTypesService.cs
@@ -0,0 +1,44 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Globalization;
+using VMDir.Common.Schema;
+using LWRaftSnapIn.Utilities;
+using VMDirInterop.LDAP;
+using VMDir.Common.VMDirUtilities;
+using VMDir.Common.DTO;
+
+namespace LWRaftSnapIn.Utilities
+{
+    public static class LdapTypesService
+    {
+        public static int AttributeTypeSort(AttributeTypeDTO lhs, AttributeTypeDTO rhs)
+        {
+            return lhs.Name.CompareTo(rhs.Name);
+        }
+        //move to common
+        public static LdapMod MakeAttribute(KeyValuePair<string, VMDirAttributeDTO> entry)
+        {
+            List<LdapValue> entryVal = entry.Value.Values;
+            List<string> vals = new List<string>() { null };
+            if (entryVal != null)
+            {
+                vals = entryVal.ConvertAll(x => x.StringValue);
+                vals.Add(null);
+            }
+            return new LdapMod((int)LdapMod.mod_ops.LDAP_MOD_ADD, entry.Key, vals.ToArray());
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/MiscUtilsService.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/MiscUtilsService.cs
new file mode 100644
index 000000000..b6d8a814f
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/MiscUtilsService.cs
@@ -0,0 +1,130 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Windows.Forms;
+using System.Reflection;
+using System.Drawing;
+using System.IO;
+using System.Xml.Serialization;
+using System.DirectoryServices.Protocols;
+using Microsoft.ManagementConsole.Advanced;
+using VMDir.Common.VMDirUtilities;
+using VMDirInterop.LDAP;
+using VMDir.Common;
+using VMDir.Common.DTO;
+using VMDir.Common.Schema;
+using VMDirInterop.Interfaces;
+
+namespace LWRaftSnapIn.Utilities
+{
+    public static class MiscUtilsService
+    {
+        public static void CheckedExec(System.Action fn)
+        {
+            try
+            {
+                fn();
+            }
+            catch (Exception exp)
+            {
+                LWRaftEnvironment.Instance.Logger.LogException(exp);
+                ShowError(exp);
+            }
+        }
+
+        public static Image GetResourceImage(string name)
+        {
+            using (var stream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name))
+            {
+                return new Bitmap(stream);
+            }
+        }
+
+        public static string GetResourceXML(string name)
+        {
+            using (Stream stream = Assembly.GetExecutingAssembly().GetManifestResourceStream(name))
+            {
+                using (StreamReader reader = new StreamReader(stream))
+                {
+                    return reader.ReadToEnd();
+                }
+            }
+        }
+
+        public static DialogResult ShowError(Exception exp)
+        {
+            string error = exp.Message;
+            var vmdirExp = exp as VMDirException;
+            if (vmdirExp != null)
+                error = string.Format("{0}, Error Code: {1}", error, vmdirExp.ErrorCode);
+            else if (exp is DirectoryOperationException)
+                error = (exp as DirectoryOperationException).Response.ErrorMessage;
+            return ShowError(error);
+        }
+
+        public static DialogResult ShowError(string error)
+        {
+            return MessageBox.Show(error);
+        }
+
+        public static DialogResult ShowError(string text, string caption, MessageBoxButtons btn)
+        {
+            return MessageBox.Show(text, caption, btn);
+        }
+
+        public static T GetDTOFromXML<T>(string xml)
+        {
+            using (var ms = new MemoryStream())
+            {
+                var bytes = Encoding.UTF8.GetBytes(xml);
+                ms.Write(bytes, 0, bytes.Length);
+                ms.Seek(0, SeekOrigin.Begin);
+
+                var serializer = new XmlSerializer(typeof(T));
+                return (T)serializer.Deserialize(ms);
+            }
+        }
+
+        public static bool Confirm(string message)
+        {
+            var msgParams = new MessageBoxParameters
+            {
+                Buttons = MessageBoxButtons.YesNo,
+                Icon = MessageBoxIcon.Question,
+                Text = message
+            };
+
+            return LWRaftEnvironment.Instance.SnapIn.Console.ShowDialog(msgParams) == DialogResult.Yes;
+        }
+
+        public static string GetObjectClass(ILdapEntry entry)
+        {
+            var values = entry.getAttributeValues(VMDirConstants.ATTR_OBJECT_CLASS);
+            return values[(values.Count() - 1)].StringValue;
+        }
+
+        internal static int GetImgIndx(List<string> objectClass)
+        {
+            if (objectClass.Contains(VMDirConstants.USER_OC))
+                return (int)VMDirIconIndex.User;
+            else if (objectClass.Contains(VMDirConstants.GROUP_OC))
+                return (int)VMDirIconIndex.Group;
+            else
+                return (int)VMDirIconIndex.Object;
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/SearchListByKeyPress.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/SearchListByKeyPress.cs
new file mode 100644
index 000000000..a805e31d7
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Utilities/SearchListByKeyPress.cs
@@ -0,0 +1,100 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Windows.Forms;
+
+namespace LWRaftSnapIn.Utilities
+{
+    public class SearchListByKeyPress
+    {
+        public static void findAndSelect(ListView listView, char key)
+        {
+            char keyPressed = Char.ToLower(key);
+
+            if (keyPressed < 'a' || keyPressed > 'z')                                //key press should be an alphabhat.
+            {
+                return;
+            }
+            if (listView.Items.Count == 0)                                           //special case when there is no item in the ListView.
+            {
+                return;
+            }
+            if (listView.Items.Count == 1)                                           //special case when there is only one item in the ListView.
+            {
+                if (listView.Items[0].Text[0] == keyPressed)
+                {
+                    listView.Items[0].Selected = true;
+                }
+                else
+                {
+                    return;
+                }
+            }
+
+            var currentIndex = -1;
+            if (listView.SelectedIndices.Count != 0)
+            {
+                currentIndex = listView.SelectedIndices[0];
+            }
+
+            var searchIndex = searchIndexByChar(listView, keyPressed, currentIndex); //search the next element which start with the char key pressed.
+
+            if (searchIndex != -1 && currentIndex != searchIndex)
+            {
+                if (currentIndex != -1)
+                {
+                    listView.Items[currentIndex].Selected = false;
+                }
+                listView.Items[searchIndex].Selected = true;
+                listView.EnsureVisible(searchIndex);
+            }
+
+        }
+
+        private static int searchIndexByChar(ListView listView, char keyPressed, int currentIndex)
+        {
+            int count = listView.Items.Count;
+            int searchIndex = currentIndex + 1;
+
+            if (searchIndex < count && listView.Items[searchIndex].Text[0] <= keyPressed)
+            {
+                while (searchIndex < count)
+                {
+                    if (listView.Items[searchIndex].Text[0] == keyPressed)
+                        return searchIndex;
+                    else if (listView.Items[searchIndex].Text[0] > keyPressed)
+                        break;
+                    searchIndex++;
+                }
+            }
+            else
+            {
+                searchIndex = currentIndex;
+                while (searchIndex >= 0)
+                {
+                    if (listView.Items[searchIndex].Text[0] == keyPressed && ( (searchIndex-1) < 0 || listView.Items[searchIndex - 1].Text[0] != keyPressed))
+                        return searchIndex;
+                    else if (listView.Items[searchIndex].Text[0] < keyPressed)
+                        break;
+                    searchIndex--;
+                }
+            }
+            return -1;
+        }
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.Designer.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.Designer.cs
new file mode 100644
index 000000000..be5254e1f
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.Designer.cs
@@ -0,0 +1,696 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using LWRaftSnapIn.UI;
+namespace LWRaftSnapIn.Views
+{
+    partial class ResultPaneControl
+    {
+        /// <summary> 
+        /// Required designer variable.
+        /// </summary>
+        private System.ComponentModel.IContainer components = null;
+
+        /// <summary> 
+        /// Clean up any resources being used.
+        /// </summary>
+        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
+        protected override void Dispose(bool disposing)
+        {
+            if (disposing && (components != null))
+            {
+                components.Dispose();
+            }
+            base.Dispose(disposing);
+        }
+
+        #region Component Designer generated code
+
+        /// <summary> 
+        /// Required method for Designer support - do not modify 
+        /// the contents of this method with the code editor.
+        /// </summary>
+        private void InitializeComponent()
+        {
+            this.components = new System.ComponentModel.Container();
+            System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(ResultPaneControl));
+            this.tableLayoutPanel1 = new System.Windows.Forms.TableLayoutPanel();
+            this.toolStrip1 = new System.Windows.Forms.ToolStrip();
+            this.toolStripSeparator5 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbSetPageSize = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator1 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbFetchNext = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator15 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbShowHideOperationalAttr = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbShowOptionalAttr = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbRefresh = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator6 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbSearch = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator7 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbSuperLog = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator8 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbDelete = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator14 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbAddObject = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator9 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbAddUser = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator10 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbAddGroup = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator11 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbAddToGroup = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator12 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbResetPassword = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator13 = new System.Windows.Forms.ToolStripSeparator();
+            this.tsbVerifyPassword = new System.Windows.Forms.ToolStripButton();
+            this.treeViewExplore = new System.Windows.Forms.TreeView();
+            this.imageList1 = new System.Windows.Forms.ImageList(this.components);
+            this.propertiesControl1 = new UI.PropertiesControl();
+            this.toolStripButtonResetPwd = new System.Windows.Forms.ToolStripButton();
+            this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator();
+            this.toolStripButtonCheckPwd = new System.Windows.Forms.ToolStripButton();
+            this.tsmiSuperlog = new System.Windows.Forms.ToolStripMenuItem();
+            this.cmsServerNode = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.tsmiLogin = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiLogout = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiRemove = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiServerRefresh = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiSetPageSize = new System.Windows.Forms.ToolStripMenuItem();
+            this.cmsDirectoryNode = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.tsmiSearch = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiFetchNextPage = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiAdd = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiNewObject = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiNewUser = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiNewGroup = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiAddToGroup = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiPasswordManagement = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiResetUserPassword = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiVerifyUserPassword = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiRefreshDirectory = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiDelete = new System.Windows.Forms.ToolStripMenuItem();
+            this.tsmiAddNewServer = new System.Windows.Forms.ToolStripMenuItem();
+            this.cmsRootNode = new System.Windows.Forms.ContextMenuStrip(this.components);
+            this.tableLayoutPanel1.SuspendLayout();
+            this.toolStrip1.SuspendLayout();
+            this.cmsServerNode.SuspendLayout();
+            this.cmsDirectoryNode.SuspendLayout();
+            this.cmsRootNode.SuspendLayout();
+            this.SuspendLayout();
+            // 
+            // tableLayoutPanel1
+            // 
+            this.tableLayoutPanel1.ColumnCount = 2;
+            this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 25F));
+            this.tableLayoutPanel1.ColumnStyles.Add(new System.Windows.Forms.ColumnStyle(System.Windows.Forms.SizeType.Percent, 75F));
+            this.tableLayoutPanel1.Controls.Add(this.toolStrip1, 0, 0);
+            this.tableLayoutPanel1.Controls.Add(this.treeViewExplore, 0, 1);
+            this.tableLayoutPanel1.Controls.Add(this.propertiesControl1, 1, 1);
+            this.tableLayoutPanel1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.tableLayoutPanel1.Location = new System.Drawing.Point(0, 0);
+            this.tableLayoutPanel1.Name = "tableLayoutPanel1";
+            this.tableLayoutPanel1.RowCount = 2;
+            this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Absolute, 30F));
+            this.tableLayoutPanel1.RowStyles.Add(new System.Windows.Forms.RowStyle(System.Windows.Forms.SizeType.Percent, 100F));
+            this.tableLayoutPanel1.Size = new System.Drawing.Size(600, 600);
+            this.tableLayoutPanel1.TabIndex = 6;
+            // 
+            // toolStrip1
+            // 
+            this.toolStrip1.BackgroundImageLayout = System.Windows.Forms.ImageLayout.None;
+            this.tableLayoutPanel1.SetColumnSpan(this.toolStrip1, 2);
+            this.toolStrip1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.toolStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.toolStripSeparator5,
+            this.tsbSetPageSize,
+            this.toolStripSeparator1,
+            this.tsbFetchNext,
+            this.toolStripSeparator15,
+            this.tsbShowHideOperationalAttr,
+            this.toolStripSeparator3,
+            this.tsbShowOptionalAttr,
+            this.toolStripSeparator4,
+            this.tsbRefresh,
+            this.toolStripSeparator6,
+            this.tsbSearch,
+            this.toolStripSeparator7,
+            this.tsbSuperLog,
+            this.toolStripSeparator8,
+            this.tsbDelete,
+            this.toolStripSeparator14,
+            this.tsbAddObject,
+            this.toolStripSeparator9,
+            this.tsbAddUser,
+            this.toolStripSeparator10,
+            this.tsbAddGroup,
+            this.toolStripSeparator11,
+            this.tsbAddToGroup,
+            this.toolStripSeparator12,
+            this.tsbResetPassword,
+            this.toolStripSeparator13,
+            this.tsbVerifyPassword});
+            this.toolStrip1.Location = new System.Drawing.Point(0, 0);
+            this.toolStrip1.Name = "toolStrip1";
+            this.toolStrip1.Size = new System.Drawing.Size(600, 30);
+            this.toolStrip1.TabIndex = 9;
+            this.toolStrip1.Text = "toolStrip1";
+            // 
+            // toolStripSeparator5
+            // 
+            this.toolStripSeparator5.Name = "toolStripSeparator5";
+            this.toolStripSeparator5.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbSetPageSize
+            // 
+            this.tsbSetPageSize.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbSetPageSize.Image = ((System.Drawing.Image)(resources.GetObject("tsbSetPageSize.Image")));
+            this.tsbSetPageSize.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbSetPageSize.Name = "tsbSetPageSize";
+            this.tsbSetPageSize.Size = new System.Drawing.Size(23, 27);
+            this.tsbSetPageSize.Tag = "all";
+            this.tsbSetPageSize.Text = "Set Page Size";
+            this.tsbSetPageSize.Click += new System.EventHandler(this.tsbSetPageSize_Click);
+            // 
+            // toolStripSeparator1
+            // 
+            this.toolStripSeparator1.Name = "toolStripSeparator1";
+            this.toolStripSeparator1.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbFetchNext
+            // 
+            this.tsbFetchNext.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbFetchNext.Image = ((System.Drawing.Image)(resources.GetObject("tsbFetchNext.Image")));
+            this.tsbFetchNext.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbFetchNext.Name = "tsbFetchNext";
+            this.tsbFetchNext.Size = new System.Drawing.Size(23, 27);
+            this.tsbFetchNext.Tag = "directory";
+            this.tsbFetchNext.Text = "Fetch Next Page";
+            this.tsbFetchNext.Click += new System.EventHandler(this.tsbFetchNext_Click);
+            // 
+            // toolStripSeparator15
+            // 
+            this.toolStripSeparator15.Name = "toolStripSeparator15";
+            this.toolStripSeparator15.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbShowHideOperationalAttr
+            // 
+            this.tsbShowHideOperationalAttr.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbShowHideOperationalAttr.Image = ((System.Drawing.Image)(resources.GetObject("tsbShowHideOperationalAttr.Image")));
+            this.tsbShowHideOperationalAttr.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbShowHideOperationalAttr.Name = "tsbShowHideOperationalAttr";
+            this.tsbShowHideOperationalAttr.Size = new System.Drawing.Size(23, 27);
+            this.tsbShowHideOperationalAttr.Tag = "all";
+            this.tsbShowHideOperationalAttr.Text = "Show/Hide Operational Attributes";
+            this.tsbShowHideOperationalAttr.Click += new System.EventHandler(this.tsbShowHideOperationalAttr_Click);
+            // 
+            // toolStripSeparator3
+            // 
+            this.toolStripSeparator3.Name = "toolStripSeparator3";
+            this.toolStripSeparator3.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbShowOptionalAttr
+            // 
+            this.tsbShowOptionalAttr.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbShowOptionalAttr.Image = ((System.Drawing.Image)(resources.GetObject("tsbShowOptionalAttr.Image")));
+            this.tsbShowOptionalAttr.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbShowOptionalAttr.Name = "tsbShowOptionalAttr";
+            this.tsbShowOptionalAttr.Size = new System.Drawing.Size(23, 27);
+            this.tsbShowOptionalAttr.Tag = "all";
+            this.tsbShowOptionalAttr.Text = "Show/Hide Optional Attribute";
+            this.tsbShowOptionalAttr.Click += new System.EventHandler(this.tsbShowOptionalAttr_Click);
+            // 
+            // toolStripSeparator4
+            // 
+            this.toolStripSeparator4.Name = "toolStripSeparator4";
+            this.toolStripSeparator4.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbRefresh
+            // 
+            this.tsbRefresh.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbRefresh.Image = ((System.Drawing.Image)(resources.GetObject("tsbRefresh.Image")));
+            this.tsbRefresh.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbRefresh.Name = "tsbRefresh";
+            this.tsbRefresh.Size = new System.Drawing.Size(23, 27);
+            this.tsbRefresh.Tag = "directory";
+            this.tsbRefresh.Text = "Refresh";
+            this.tsbRefresh.Click += new System.EventHandler(this.tsbRefresh_Click);
+            // 
+            // toolStripSeparator6
+            // 
+            this.toolStripSeparator6.Name = "toolStripSeparator6";
+            this.toolStripSeparator6.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbSearch
+            // 
+            this.tsbSearch.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbSearch.Image = ((System.Drawing.Image)(resources.GetObject("tsbSearch.Image")));
+            this.tsbSearch.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbSearch.Name = "tsbSearch";
+            this.tsbSearch.Size = new System.Drawing.Size(23, 27);
+            this.tsbSearch.Tag = "directory";
+            this.tsbSearch.Text = "Search";
+            this.tsbSearch.Click += new System.EventHandler(this.tsbSearch_Click);
+            // 
+            // toolStripSeparator7
+            // 
+            this.toolStripSeparator7.Name = "toolStripSeparator7";
+            this.toolStripSeparator7.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbSuperLog
+            // 
+            this.tsbSuperLog.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbSuperLog.Image = ((System.Drawing.Image)(resources.GetObject("tsbSuperLog.Image")));
+            this.tsbSuperLog.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbSuperLog.Name = "tsbSuperLog";
+            this.tsbSuperLog.Size = new System.Drawing.Size(23, 27);
+            this.tsbSuperLog.Tag = "all";
+            this.tsbSuperLog.Text = "Superlog";
+            this.tsbSuperLog.Click += new System.EventHandler(this.tsbSuperLog_Click);
+            // 
+            // toolStripSeparator8
+            // 
+            this.toolStripSeparator8.Name = "toolStripSeparator8";
+            this.toolStripSeparator8.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbDelete
+            // 
+            this.tsbDelete.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbDelete.Image = ((System.Drawing.Image)(resources.GetObject("tsbDelete.Image")));
+            this.tsbDelete.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbDelete.Name = "tsbDelete";
+            this.tsbDelete.Size = new System.Drawing.Size(23, 27);
+            this.tsbDelete.Tag = "directory";
+            this.tsbDelete.Text = "Delete";
+            this.tsbDelete.Click += new System.EventHandler(this.tsbDelete_Click);
+            // 
+            // toolStripSeparator14
+            // 
+            this.toolStripSeparator14.Name = "toolStripSeparator14";
+            this.toolStripSeparator14.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbAddObject
+            // 
+            this.tsbAddObject.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbAddObject.Image = ((System.Drawing.Image)(resources.GetObject("tsbAddObject.Image")));
+            this.tsbAddObject.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbAddObject.Name = "tsbAddObject";
+            this.tsbAddObject.Size = new System.Drawing.Size(23, 27);
+            this.tsbAddObject.Tag = "directory";
+            this.tsbAddObject.Text = "Add New Object";
+            this.tsbAddObject.Click += new System.EventHandler(this.tsbAddObject_Click);
+            // 
+            // toolStripSeparator9
+            // 
+            this.toolStripSeparator9.Name = "toolStripSeparator9";
+            this.toolStripSeparator9.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbAddUser
+            // 
+            this.tsbAddUser.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbAddUser.Image = ((System.Drawing.Image)(resources.GetObject("tsbAddUser.Image")));
+            this.tsbAddUser.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbAddUser.Name = "tsbAddUser";
+            this.tsbAddUser.Size = new System.Drawing.Size(23, 27);
+            this.tsbAddUser.Tag = "directory";
+            this.tsbAddUser.Text = "Add New User";
+            this.tsbAddUser.Click += new System.EventHandler(this.tsbAddUser_Click);
+            // 
+            // toolStripSeparator10
+            // 
+            this.toolStripSeparator10.Name = "toolStripSeparator10";
+            this.toolStripSeparator10.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbAddGroup
+            // 
+            this.tsbAddGroup.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbAddGroup.Image = ((System.Drawing.Image)(resources.GetObject("tsbAddGroup.Image")));
+            this.tsbAddGroup.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbAddGroup.Name = "tsbAddGroup";
+            this.tsbAddGroup.Size = new System.Drawing.Size(23, 27);
+            this.tsbAddGroup.Tag = "directory";
+            this.tsbAddGroup.Text = "Add New Group";
+            this.tsbAddGroup.Click += new System.EventHandler(this.tsbAddGroup_Click);
+            // 
+            // toolStripSeparator11
+            // 
+            this.toolStripSeparator11.Name = "toolStripSeparator11";
+            this.toolStripSeparator11.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbAddToGroup
+            // 
+            this.tsbAddToGroup.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbAddToGroup.Image = ((System.Drawing.Image)(resources.GetObject("tsbAddToGroup.Image")));
+            this.tsbAddToGroup.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbAddToGroup.Name = "tsbAddToGroup";
+            this.tsbAddToGroup.Size = new System.Drawing.Size(23, 27);
+            this.tsbAddToGroup.Tag = "directory";
+            this.tsbAddToGroup.Text = "Add To Group";
+            this.tsbAddToGroup.Click += new System.EventHandler(this.tsbAddToGroup_Click);
+            // 
+            // toolStripSeparator12
+            // 
+            this.toolStripSeparator12.Name = "toolStripSeparator12";
+            this.toolStripSeparator12.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbResetPassword
+            // 
+            this.tsbResetPassword.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbResetPassword.Image = ((System.Drawing.Image)(resources.GetObject("tsbResetPassword.Image")));
+            this.tsbResetPassword.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbResetPassword.Name = "tsbResetPassword";
+            this.tsbResetPassword.Size = new System.Drawing.Size(23, 27);
+            this.tsbResetPassword.Tag = "user";
+            this.tsbResetPassword.Text = "Reset User Password";
+            this.tsbResetPassword.Click += new System.EventHandler(this.tsbResetPassword_Click);
+            // 
+            // toolStripSeparator13
+            // 
+            this.toolStripSeparator13.Name = "toolStripSeparator13";
+            this.toolStripSeparator13.Size = new System.Drawing.Size(6, 30);
+            // 
+            // tsbVerifyPassword
+            // 
+            this.tsbVerifyPassword.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.tsbVerifyPassword.Image = ((System.Drawing.Image)(resources.GetObject("tsbVerifyPassword.Image")));
+            this.tsbVerifyPassword.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.tsbVerifyPassword.Name = "tsbVerifyPassword";
+            this.tsbVerifyPassword.Size = new System.Drawing.Size(23, 27);
+            this.tsbVerifyPassword.Tag = "user";
+            this.tsbVerifyPassword.Text = "Verify User Password";
+            this.tsbVerifyPassword.Click += new System.EventHandler(this.tsbVerifyPassword_Click);
+            // 
+            // treeViewExplore
+            // 
+            this.treeViewExplore.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.treeViewExplore.ImageIndex = 0;
+            this.treeViewExplore.ImageList = this.imageList1;
+            this.treeViewExplore.Location = new System.Drawing.Point(3, 33);
+            this.treeViewExplore.Name = "treeViewExplore";
+            this.treeViewExplore.SelectedImageIndex = 0;
+            this.treeViewExplore.ShowLines = false;
+            this.treeViewExplore.Size = new System.Drawing.Size(144, 564);
+            this.treeViewExplore.TabIndex = 8;
+            this.treeViewExplore.AfterExpand += new System.Windows.Forms.TreeViewEventHandler(this.treeViewExplore_AfterExpand);
+            this.treeViewExplore.AfterSelect += new System.Windows.Forms.TreeViewEventHandler(this.treeViewExplore_AfterSelect);
+            this.treeViewExplore.MouseUp += new System.Windows.Forms.MouseEventHandler(this.treeViewExplore_MouseUp);
+            // 
+            // imageList1
+            // 
+            this.imageList1.ColorDepth = System.Windows.Forms.ColorDepth.Depth8Bit;
+            this.imageList1.ImageSize = new System.Drawing.Size(16, 16);
+            this.imageList1.TransparentColor = System.Drawing.Color.Transparent;
+            // 
+            // propertiesControl1
+            // 
+            this.propertiesControl1.AutoScroll = true;
+            this.propertiesControl1.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.propertiesControl1.Dock = System.Windows.Forms.DockStyle.Fill;
+            this.propertiesControl1.Location = new System.Drawing.Point(153, 33);
+            this.propertiesControl1.Name = "propertiesControl1";
+            this.propertiesControl1.Size = new System.Drawing.Size(444, 564);
+            this.propertiesControl1.TabIndex = 9;
+            // 
+            // toolStripButtonResetPwd
+            // 
+            this.toolStripButtonResetPwd.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.toolStripButtonResetPwd.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.toolStripButtonResetPwd.Name = "toolStripButtonResetPwd";
+            this.toolStripButtonResetPwd.Size = new System.Drawing.Size(23, 17);
+            this.toolStripButtonResetPwd.Text = "Reset User Password";
+            // 
+            // toolStripSeparator2
+            // 
+            this.toolStripSeparator2.Name = "toolStripSeparator2";
+            this.toolStripSeparator2.Size = new System.Drawing.Size(6, 20);
+            // 
+            // toolStripButtonCheckPwd
+            // 
+            this.toolStripButtonCheckPwd.DisplayStyle = System.Windows.Forms.ToolStripItemDisplayStyle.Image;
+            this.toolStripButtonCheckPwd.ImageTransparentColor = System.Drawing.Color.Magenta;
+            this.toolStripButtonCheckPwd.Name = "toolStripButtonCheckPwd";
+            this.toolStripButtonCheckPwd.Size = new System.Drawing.Size(23, 17);
+            this.toolStripButtonCheckPwd.Text = "Verify User Password";
+            // 
+            // tsmiSuperlog
+            // 
+            this.tsmiSuperlog.Name = "tsmiSuperlog";
+            this.tsmiSuperlog.Size = new System.Drawing.Size(142, 22);
+            this.tsmiSuperlog.Text = "Superlog";
+            this.tsmiSuperlog.Click += new System.EventHandler(this.tsmiSuperlog_Click);
+            // 
+            // cmsServerNode
+            // 
+            this.cmsServerNode.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.tsmiLogin,
+            this.tsmiLogout,
+            this.tsmiRemove,
+            this.tsmiServerRefresh,
+            this.tsmiSetPageSize,
+            this.tsmiSuperlog});
+            this.cmsServerNode.Name = "cmsServerNode";
+            this.cmsServerNode.Size = new System.Drawing.Size(143, 136);
+            // 
+            // tsmiLogin
+            // 
+            this.tsmiLogin.Name = "tsmiLogin";
+            this.tsmiLogin.Size = new System.Drawing.Size(142, 22);
+            this.tsmiLogin.Text = "Login";
+            this.tsmiLogin.Click += new System.EventHandler(this.tsmiLogin_Click);
+            // 
+            // tsmiLogout
+            // 
+            this.tsmiLogout.Name = "tsmiLogout";
+            this.tsmiLogout.Size = new System.Drawing.Size(142, 22);
+            this.tsmiLogout.Text = "Logout";
+            this.tsmiLogout.Click += new System.EventHandler(this.tsmiLogout_Click);
+            // 
+            // tsmiRemove
+            // 
+            this.tsmiRemove.Name = "tsmiRemove";
+            this.tsmiRemove.Size = new System.Drawing.Size(142, 22);
+            this.tsmiRemove.Text = "Remove";
+            this.tsmiRemove.Click += new System.EventHandler(this.tsmiRemove_Click);
+            // 
+            // tsmiServerRefresh
+            // 
+            this.tsmiServerRefresh.Name = "tsmiServerRefresh";
+            this.tsmiServerRefresh.Size = new System.Drawing.Size(142, 22);
+            this.tsmiServerRefresh.Text = "Refresh";
+            this.tsmiServerRefresh.Click += new System.EventHandler(this.tsmiServerRefresh_Click);
+            // 
+            // tsmiSetPageSize
+            // 
+            this.tsmiSetPageSize.Name = "tsmiSetPageSize";
+            this.tsmiSetPageSize.Size = new System.Drawing.Size(142, 22);
+            this.tsmiSetPageSize.Text = "Set Page Size";
+            this.tsmiSetPageSize.Click += new System.EventHandler(this.tsmiSetPageSize_Click);
+            // 
+            // cmsDirectoryNode
+            // 
+            this.cmsDirectoryNode.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.tsmiSearch,
+            this.tsmiFetchNextPage,
+            this.tsmiAdd,
+            this.tsmiPasswordManagement,
+            this.tsmiRefreshDirectory,
+            this.tsmiDelete});
+            this.cmsDirectoryNode.Name = "cmsDirectoryNode";
+            this.cmsDirectoryNode.Size = new System.Drawing.Size(199, 136);
+            // 
+            // tsmiSearch
+            // 
+            this.tsmiSearch.Name = "tsmiSearch";
+            this.tsmiSearch.Size = new System.Drawing.Size(198, 22);
+            this.tsmiSearch.Text = "Search";
+            this.tsmiSearch.Click += new System.EventHandler(this.tsmiSearch_Click);
+            // 
+            // tsmiFetchNextPage
+            // 
+            this.tsmiFetchNextPage.Name = "tsmiFetchNextPage";
+            this.tsmiFetchNextPage.Size = new System.Drawing.Size(198, 22);
+            this.tsmiFetchNextPage.Text = "Fetch Next Page";
+            this.tsmiFetchNextPage.Click += new System.EventHandler(this.tsmiFetchNextPage_Click);
+            // 
+            // tsmiAdd
+            // 
+            this.tsmiAdd.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.tsmiNewObject,
+            this.tsmiNewUser,
+            this.tsmiNewGroup,
+            this.tsmiAddToGroup});
+            this.tsmiAdd.Name = "tsmiAdd";
+            this.tsmiAdd.Size = new System.Drawing.Size(198, 22);
+            this.tsmiAdd.Text = "Add";
+            // 
+            // tsmiNewObject
+            // 
+            this.tsmiNewObject.Name = "tsmiNewObject";
+            this.tsmiNewObject.Size = new System.Drawing.Size(149, 22);
+            this.tsmiNewObject.Text = "New Object";
+            this.tsmiNewObject.Click += new System.EventHandler(this.tsmiNewObject_Click);
+            // 
+            // tsmiNewUser
+            // 
+            this.tsmiNewUser.Name = "tsmiNewUser";
+            this.tsmiNewUser.Size = new System.Drawing.Size(149, 22);
+            this.tsmiNewUser.Text = "New User";
+            this.tsmiNewUser.Click += new System.EventHandler(this.tsmiNewUser_Click);
+            // 
+            // tsmiNewGroup
+            // 
+            this.tsmiNewGroup.Name = "tsmiNewGroup";
+            this.tsmiNewGroup.Size = new System.Drawing.Size(149, 22);
+            this.tsmiNewGroup.Text = "New Group";
+            this.tsmiNewGroup.Click += new System.EventHandler(this.tsmiNewGroup_Click);
+            // 
+            // tsmiAddToGroup
+            // 
+            this.tsmiAddToGroup.Name = "tsmiAddToGroup";
+            this.tsmiAddToGroup.Size = new System.Drawing.Size(149, 22);
+            this.tsmiAddToGroup.Text = "Add To Group";
+            this.tsmiAddToGroup.Click += new System.EventHandler(this.tsmiAddToGroup_Click);
+            // 
+            // tsmiPasswordManagement
+            // 
+            this.tsmiPasswordManagement.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.tsmiResetUserPassword,
+            this.tsmiVerifyUserPassword});
+            this.tsmiPasswordManagement.Name = "tsmiPasswordManagement";
+            this.tsmiPasswordManagement.Size = new System.Drawing.Size(198, 22);
+            this.tsmiPasswordManagement.Text = "Password Management";
+            // 
+            // tsmiResetUserPassword
+            // 
+            this.tsmiResetUserPassword.Name = "tsmiResetUserPassword";
+            this.tsmiResetUserPassword.Size = new System.Drawing.Size(183, 22);
+            this.tsmiResetUserPassword.Text = "Reset User Password";
+            this.tsmiResetUserPassword.Click += new System.EventHandler(this.tsmiResetUserPassword_Click);
+            // 
+            // tsmiVerifyUserPassword
+            // 
+            this.tsmiVerifyUserPassword.Name = "tsmiVerifyUserPassword";
+            this.tsmiVerifyUserPassword.Size = new System.Drawing.Size(183, 22);
+            this.tsmiVerifyUserPassword.Text = "Verify User Password";
+            this.tsmiVerifyUserPassword.Click += new System.EventHandler(this.tsmiVerifyUserPassword_Click);
+            // 
+            // tsmiRefreshDirectory
+            // 
+            this.tsmiRefreshDirectory.Name = "tsmiRefreshDirectory";
+            this.tsmiRefreshDirectory.Size = new System.Drawing.Size(198, 22);
+            this.tsmiRefreshDirectory.Text = "Refresh";
+            this.tsmiRefreshDirectory.Click += new System.EventHandler(this.tsmiRefreshDirectory_Click);
+            // 
+            // tsmiDelete
+            // 
+            this.tsmiDelete.Name = "tsmiDelete";
+            this.tsmiDelete.Size = new System.Drawing.Size(198, 22);
+            this.tsmiDelete.Text = "Delete";
+            this.tsmiDelete.Click += new System.EventHandler(this.tsmiDelete_Click);
+            // 
+            // tsmiAddNewServer
+            // 
+            this.tsmiAddNewServer.Name = "tsmiAddNewServer";
+            this.tsmiAddNewServer.Size = new System.Drawing.Size(158, 22);
+            this.tsmiAddNewServer.Text = "Add New Server";
+            this.tsmiAddNewServer.Click += new System.EventHandler(this.tsmiAddNewServer_Click);
+            // 
+            // cmsRootNode
+            // 
+            this.cmsRootNode.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
+            this.tsmiAddNewServer});
+            this.cmsRootNode.Name = "cmsRootNode";
+            this.cmsRootNode.Size = new System.Drawing.Size(159, 48);
+            // 
+            // ResultPaneControl
+            // 
+            this.AutoScroll = true;
+            this.AutoSizeMode = System.Windows.Forms.AutoSizeMode.GrowAndShrink;
+            this.Controls.Add(this.tableLayoutPanel1);
+            this.Name = "ResultPaneControl";
+            this.Size = new System.Drawing.Size(600, 600);
+            this.tableLayoutPanel1.ResumeLayout(false);
+            this.tableLayoutPanel1.PerformLayout();
+            this.toolStrip1.ResumeLayout(false);
+            this.toolStrip1.PerformLayout();
+            this.cmsServerNode.ResumeLayout(false);
+            this.cmsDirectoryNode.ResumeLayout(false);
+            this.cmsRootNode.ResumeLayout(false);
+            this.ResumeLayout(false);
+
+        }
+
+
+        #endregion
+
+        private System.Windows.Forms.TableLayoutPanel tableLayoutPanel1;
+        private System.Windows.Forms.TreeView treeViewExplore;
+        public UI.PropertiesControl propertiesControl1;
+        private System.Windows.Forms.ImageList imageList1;
+        private System.Windows.Forms.ToolStrip toolStrip1;
+        private System.Windows.Forms.ToolStripButton tsbShowHideOperationalAttr;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator1;
+        private System.Windows.Forms.ToolStripButton toolStripButtonResetPwd;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator2;
+        private System.Windows.Forms.ToolStripButton toolStripButtonCheckPwd;
+        private System.Windows.Forms.ToolStripButton tsbSetPageSize;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator3;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator5;
+        private System.Windows.Forms.ToolStripMenuItem tsmiSuperlog;
+        private System.Windows.Forms.ContextMenuStrip cmsServerNode;
+        private System.Windows.Forms.ToolStripMenuItem tsmiLogout;
+        private System.Windows.Forms.ToolStripMenuItem tsmiLogin;
+        private System.Windows.Forms.ToolStripMenuItem tsmiRemove;
+        private System.Windows.Forms.ToolStripMenuItem tsmiServerRefresh;
+        private System.Windows.Forms.ToolStripMenuItem tsmiSetPageSize;
+        private System.Windows.Forms.ContextMenuStrip cmsDirectoryNode;
+        private System.Windows.Forms.ToolStripMenuItem tsmiRefreshDirectory;
+        private System.Windows.Forms.ToolStripMenuItem tsmiDelete;
+        private System.Windows.Forms.ToolStripMenuItem tsmiSearch;
+        private System.Windows.Forms.ToolStripMenuItem tsmiFetchNextPage;
+        private System.Windows.Forms.ToolStripMenuItem tsmiAdd;
+        private System.Windows.Forms.ToolStripMenuItem tsmiNewObject;
+        private System.Windows.Forms.ToolStripMenuItem tsmiNewUser;
+        private System.Windows.Forms.ToolStripMenuItem tsmiNewGroup;
+        private System.Windows.Forms.ToolStripMenuItem tsmiPasswordManagement;
+        private System.Windows.Forms.ToolStripMenuItem tsmiResetUserPassword;
+        private System.Windows.Forms.ToolStripMenuItem tsmiVerifyUserPassword;
+        private System.Windows.Forms.ToolStripMenuItem tsmiAddNewServer;
+        private System.Windows.Forms.ContextMenuStrip cmsRootNode;
+        private System.Windows.Forms.ToolStripMenuItem tsmiAddToGroup;
+        private System.Windows.Forms.ToolStripButton tsbShowOptionalAttr;
+        private System.Windows.Forms.ToolStripButton tsbDelete;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator4;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator6;
+        private System.Windows.Forms.ToolStripButton tsbRefresh;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator7;
+        private System.Windows.Forms.ToolStripButton tsbSearch;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator8;
+        private System.Windows.Forms.ToolStripButton tsbAddObject;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator9;
+        private System.Windows.Forms.ToolStripButton tsbAddUser;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator10;
+        private System.Windows.Forms.ToolStripButton tsbAddGroup;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator11;
+        private System.Windows.Forms.ToolStripButton tsbAddToGroup;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator12;
+        private System.Windows.Forms.ToolStripButton tsbResetPassword;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator13;
+        private System.Windows.Forms.ToolStripButton tsbVerifyPassword;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator14;
+        private System.Windows.Forms.ToolStripButton tsbFetchNext;
+        private System.Windows.Forms.ToolStripSeparator toolStripSeparator15;
+        private System.Windows.Forms.ToolStripButton tsbSuperLog;
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.cs
new file mode 100644
index 000000000..7dbd9fa28
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.cs
@@ -0,0 +1,378 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using Microsoft.ManagementConsole;
+using System;
+using System.ComponentModel;
+using System.Drawing;
+using System.Linq;
+using System.Threading;
+using System.Windows.Forms;
+using VMDir.Common;
+using LWRaftSnapIn.TreeNodes;
+using LWRaftSnapIn.Utilities;
+using VMIdentity.CommonUtils;
+using VMIdentity.CommonUtils.Log;
+using VMwareMMCIDP.UI.Common.Utilities;
+
+namespace LWRaftSnapIn.Views
+{
+    public partial class ResultPaneControl : UserControl, IFormViewControl
+    {
+        ResultPaneFormView resultPaneFormView = null;
+        public ResultPaneControl()
+        {
+            InitializeComponent();
+            this.imageList1.Images.AddRange(LWRaftEnvironment.Instance.ImageLst.ToArray());
+            this.Dock = DockStyle.Fill;
+        }
+
+        void IFormViewControl.Initialize(FormView parentResultPaneFormView)
+        {
+            resultPaneFormView = (ResultPaneFormView)parentResultPaneFormView;
+        }
+
+        public void AddDirRootNode()
+        {
+            var node = new RootNode(this.propertiesControl1);
+            this.treeViewExplore.Nodes.Add(node);
+            this.treeViewExplore.SelectedNode = node;
+        }
+
+        private void treeViewExplore_AfterSelect(object sender, TreeViewEventArgs e)
+        {
+            var node = e.Node as BaseTreeNode;
+            //LWRaftEnvironment.Instance.Logger.Log(node.Text+" selected",LogLevel.Info);
+            if (node != null)
+                node.DoSelect();
+            SetToolBarOptions(e);
+        }
+
+        private void SetToolBarOptions(TreeViewEventArgs e)
+        {
+            foreach(ToolStripItem item in toolStrip1.Items)
+            {
+                item.Enabled=false;
+                if (Convert.ToString(item.Tag) == "all")
+                    item.Enabled = true;
+            }
+
+             var n1 = e.Node as ServerNode;
+             if (n1 != null && n1.ServerDTO.IsLoggedIn)
+             {
+                 foreach (ToolStripItem item in toolStrip1.Items)
+                 {
+                     if (Convert.ToString(item.Tag) == "server")
+                         item.Enabled = true;
+                 }
+             }
+             var n2 = e.Node as DirectoryExpandableNode;
+             if (n2 != null && n2.ServerDTO.IsLoggedIn)
+             {
+                 foreach (ToolStripItem item in toolStrip1.Items)
+                 {
+                     if (Convert.ToString(item.Tag) == "directory")
+                         item.Enabled = true;
+                     else if (Convert.ToString(item.Tag) == "user" && n2.ObjectClass.Contains(VMDirConstants.USER_OC))
+                         item.Enabled = true;
+                 }
+             }
+        }
+
+        private void treeViewExplore_AfterExpand(object sender, TreeViewEventArgs e)
+        {
+            var node = e.Node as BaseTreeNode;
+            //LWRaftEnvironment.Instance.Logger.Log(node.Text + " expanded", LogLevel.Info);
+            if (node != null)
+                node.DoExpand();
+        }
+
+        void treeViewExplore_MouseUp(object sender, System.Windows.Forms.MouseEventArgs e)
+        {
+            if (e.Button == MouseButtons.Right)
+            {
+                Point p = new Point(e.X, e.Y);
+                TreeNode node = treeViewExplore.GetNodeAt(p);
+                if (node != null)
+                {
+                    treeViewExplore.SelectedNode = node;
+                    switch (Convert.ToString(node.Tag))
+                    {
+                        case "root":
+                            cmsRootNode.Show(treeViewExplore, p);
+                            break;
+                        case "server":
+                            var sn = treeViewExplore.GetNodeAt(p) as ServerNode;
+                            if (sn != null)
+                            {
+                                cmsServerNode.Items.Clear();
+                                if (sn.ServerDTO.IsLoggedIn)
+                                {
+                                    cmsServerNode.Items.Add(tsmiLogout);
+                                }
+                                else
+                                {
+                                    cmsServerNode.Items.Add(tsmiLogin);
+                                }
+                                cmsServerNode.Items.Add(tsmiRemove);
+                                cmsServerNode.Items.Add(tsmiServerRefresh);
+                                cmsServerNode.Items.Add(tsmiSuperlog);
+                                cmsServerNode.Show(treeViewExplore, p);
+                            }
+                            break;
+                        case "directory":
+                            var dn = treeViewExplore.GetNodeAt(p) as DirectoryExpandableNode;
+                            if (dn != null)
+                            {
+                                cmsDirectoryNode.Items.Clear();
+                                cmsDirectoryNode.Items.Add(tsmiSearch);
+                                cmsDirectoryNode.Items.Add(tsmiFetchNextPage);
+                                cmsDirectoryNode.Items.Add(tsmiAdd);
+                                if (dn.ObjectClass.Contains(VMDirConstants.USER_OC))
+                                {
+                                    cmsDirectoryNode.Items.Add(tsmiPasswordManagement);
+                                }
+                                cmsDirectoryNode.Items.Add(tsmiRefreshDirectory);
+                                cmsDirectoryNode.Items.Add(tsmiDelete);
+                                cmsDirectoryNode.Show(treeViewExplore, p);
+                            }
+                            break;
+                    }
+                }
+            }
+        }
+
+        private void DoActionOnDirectoryExpandableNode(Action<DirectoryExpandableNode> action)
+        {
+            var node = this.treeViewExplore.SelectedNode as DirectoryExpandableNode;
+            if(node==null || action==null)
+            {
+                 MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+                return;
+            }
+            if (node.ServerDTO == null || node.ServerDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            action(node);
+        }
+        private void DoActionOnServerNode(Action<ServerNode> action)
+        {
+            var node = this.treeViewExplore.SelectedNode as ServerNode;
+            if (node == null || action == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+                return;
+            }
+            if (node.ServerDTO == null || node.ServerDTO.Connection == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_RELOGIN);
+                return;
+            }
+            action(node);
+        }
+        private void DoActionOnServerNodeWithoutConnCheck(Action<ServerNode> action)
+        {
+            var node = this.treeViewExplore.SelectedNode as ServerNode;
+            if (node == null || action == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+                return;
+            }
+            action(node);
+        }
+        private void DoActionOnRootNode(Action<RootNode> action)
+        {
+            var node = this.treeViewExplore.SelectedNode as RootNode;
+            if (node == null || action == null)
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+                return;
+            }
+            action(node);
+        }
+
+        private void tsmiSuperlog_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNode(delegate(ServerNode node) { node.SuperLog(); });
+        }
+        private void tsmiAddNewServer_Click(object sender, EventArgs e)
+        {
+            DoActionOnRootNode(delegate(RootNode node) { node.AddNewServer(); });
+        }
+        private void tsmiRootRefresh_Click(object sender, EventArgs e)
+        {
+            DoActionOnRootNode(delegate(RootNode node) { node.DoRefresh(); });
+        }
+        private void tsmiLogin_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNodeWithoutConnCheck(delegate(ServerNode node) { node.Login();});
+        }
+        private void tsmiLogout_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNode(delegate(ServerNode node) { node.Logout(); });
+        }
+        private void tsmiRemove_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNodeWithoutConnCheck(delegate(ServerNode node) { node.RemoveServer(); });
+        }
+        private void tsmiServerRefresh_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNode(delegate(ServerNode node) { node.DoRefresh(); });
+        }
+        private void tsmiSetPageSize_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNodeWithoutConnCheck(delegate(ServerNode node) { node.SetPageSize(); });
+        }
+        private void tsmiSearch_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.Search(); });
+        }
+        private void tsmiFetchNextPage_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.GetNextPage(); });
+        }
+        private void tsmiNewObject_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddObject(); });
+        }
+        private void tsmiNewUser_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddUser(); });
+        }
+        private void tsmiNewGroup_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddGroup(); });
+        }
+        private void tsmiAddToGroup_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddUserToGroup(); });
+        }
+        private void tsmiResetUserPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.ResetPassword(); });
+        }
+        private void tsmiVerifyUserPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.VerifyPassword(); });
+        }
+        private void tsmiRefreshDirectory_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.DoRefresh(); });
+        }
+        private void tsmiDelete_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) {performDelete(node);});
+        }
+
+        private void tsbShowHideOperationalAttr_Click(object sender, EventArgs e)
+        {
+            var node = this.treeViewExplore.SelectedNode as BaseTreeNode;
+            if (node != null && node.ServerDTO!=null)
+            {
+                if (node.ServerDTO.OperationalAttrFlag)
+                    node.ServerDTO.OperationalAttrFlag = false;
+                else
+                    node.ServerDTO.OperationalAttrFlag = true;
+                node.DoSelect();
+            }
+            else
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+            }
+        }
+        private void tsbShowOptionalAttr_Click(object sender, EventArgs e)
+        {
+            var node = this.treeViewExplore.SelectedNode as BaseTreeNode;
+            if (node != null && node.ServerDTO != null)
+            {
+                if (node.ServerDTO.OptionalAttrFlag)
+                    node.ServerDTO.OptionalAttrFlag = false;
+                else
+                    node.ServerDTO.OptionalAttrFlag = true;
+                node.DoSelect();
+            }
+            else
+            {
+                MMCDlgHelper.ShowWarning(VMDirConstants.WRN_OBJ_NODE_SEL);
+            }
+        }
+
+        private void performDelete(DirectoryExpandableNode node)
+        {
+            MiscUtilsService.CheckedExec(delegate()
+            {
+                if (!MMCDlgHelper.ShowQuestion(string.Format(CommonConstants.CONFIRM_DELETE, "object", Text)))
+                    return;
+                node.Delete();
+                var parent = node.Parent;
+                if (parent != null)
+                {
+                    parent.Nodes.Remove(node);
+                }
+            });
+        }
+
+        private void tsbSetPageSize_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNodeWithoutConnCheck(delegate(ServerNode node) { node.SetPageSize(); });
+        }
+        private void tsbFetchNext_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.GetNextPage(); });
+        }
+        private void tsbRefresh_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.DoRefresh(); });
+        }
+        private void tsbSearch_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node){node.Search();});
+        }
+        private void tsbSuperLog_Click(object sender, EventArgs e)
+        {
+            DoActionOnServerNode(delegate(ServerNode node) { node.SuperLog(); });
+        }
+        private void tsbDelete_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { performDelete(node); });
+        }
+        private void tsbAddObject_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddObject(); });
+        }
+        private void tsbAddUser_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddUser(); });
+        }
+        private void tsbAddGroup_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddGroup(); });
+        }
+        private void tsbAddToGroup_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.AddUserToGroup(); });
+        }
+        private void tsbResetPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.ResetPassword(); });
+        }
+        private void tsbVerifyPassword_Click(object sender, EventArgs e)
+        {
+            DoActionOnDirectoryExpandableNode(delegate(DirectoryExpandableNode node) { node.VerifyPassword(); });
+        }
+
+    }
+}
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.resx b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.resx
new file mode 100644
index 000000000..c80bc5ad9
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneControl.resx
@@ -0,0 +1,389 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <metadata name="toolStrip1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>590, 14</value>
+  </metadata>
+  <assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
+  <data name="tsbSetPageSize.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAMmSURBVDhPZZNNSCN3GMbn3puCqVMo6KkUL4WCeOhFUHqx
+        J1k8rCf3JghCKditle5GlqzsKg200BVKuzZoQZu1adUkGPOh+bAh6sZ1XY3JfMeMZuImM47R/J/+Y7OV
+        4AsPzzDM+5tn5v++zLuKRqONTqeTnZ+fb3Y4HOz0tIO1T0+zdrudtdls7NiYjf3aam0eHBxkFxYWGmtt
+        /9Xc3FzD5uamuLe3Z1CVXu0mjVfJpJF8uW283E4Y24m4kYj/Y8Si4VIkEjHoi8Th4eGGWjvDTE1NWXZ2
+        dkxBEMBzHN6keeymBLxOS3idkbHPyXjDK9in1/l8HsFg0Gxvb7fU2hlmYmKiaWtrq5jOZIjEpys/Bw7J
+        V84D8q3rkIy6UtRT5P6fKWJdOqyIcpYE/GvFjo6Oplo7w4yPj1soQBdECYrIkecbadx3HeHhchoPljP/
+        y+Y+Iln1FBSg1yWoAuLxuM7xAo4lgfwWzmD07wzG3RysK9y1P6T+2JMmuVPtNmBkZMQSi8V0QRChKiJx
+        RHh88w7g5q/1gOqxhyMn2hn8a2t6W1vbDWBoaOgakM0e4yQrkRkKGHFlMLbMYXSJp061wuMRBWhnRQrw
+        1QMGBgYs9Hj0XE6FmpXJYkLEpE/Asw0J++IJtIKGlJxHSlKJrhvw+Xx6S0tLPSAUCumyLENRFKKqOVwW
+        TxE5OMZ3KyJe7Ki4Oi/ibUEjpmneBvT19VkCgQBNkIMkK6SkncC7e4wPn6Tx8eQB3n+0D3tIQVkvkPOL
+        i9uAnp6ea0B1SERJIRU9j7uOFD6fCmMpfoR7cyl8+kMKZ4UCuby6whr9iXWArq6uJnqzSBMQXhArF0WN
+        fPnrOpgvJshd6y+48yxBPvvpCMbbfMU0L0j12dbW1ptB6uzsrCYwDcOApmk410uXklood1sXy+/d+b78
+        yWSyHJXMMiFlAlrVUa5L0Nvb2zAzMyPSbzNWV1dL1BEK+OH1uPGjw4VFjx+xjQACweBlOBw26PKJ3d3d
+        N8tUrf7+/kav1/uB3+9vphpwOhcnZ2dnnyz98fvTv14sPHV7V8fW19c/oqfFejye2jozzL+lW4I9hs9W
+        cgAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbFetchNext.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAMRSURBVDhPZZO7T9tQFMb9B3SoQCLFG3RhYOiCECsSbGwg
+        sbOjLlQKlNICURuQIio6dEBioAQhCoISFciLPKCEPEgIhPAKSWzHduzEIQk2EOCe3oRQRLnSp3Mtn+/n
+        T9fnEg9re3u7cnFxkZyfn6/W6/XkxISeHJ+YIMfHx0mtVksODGjJ3t7h6p6eHnJycvJl2Xa/ZmdnKzwe
+        DxMOhxWsi4PQvnKwv6/s7+0qe7t+ZdfvU/w+r+J2bV3gDylzc3NHHR0dL8p2ghgbG1MFg8ErmqaBisfh
+        OEpBKELDYTQBhzEWjuIsHFMcHOG9JEngcDiuGxoaXpXtBDE6OloVCATy0VgMJajo3aTjFL1bPEEfDKeo
+        3xDBNYL6liNoaOX0lmF55LDb8k1NTVVlO0FoNBoVBsg0kwCOiaOpP1HoM5zB0GoUBldj/6Q1niFeTAMG
+        yI2Njaqy/R7g8/nkOEVDMkGj6a0Y9P+OgcYYh+G1eKkO4TpiiiIhnXkOUKvVKrfbLdM0AyLHIL2LgvcP
+        ACOFRcMgriOmOEplsmC32eT6+vpHQHd3dwnA80lI8Qn0AwPUBhx7jYJPWMU6gPXZGENSNo8B608BXV1d
+        KpfLJQuCCCLPol9+BsZsNHzFcoQ5iNA8HFJYMRadZ7OwbrU+B2xsbMgsywLHcSglCiClBEiJIsjZNGTS
+        IqQE/CzwKJfLgcVikWtqah4BnZ2dKvxvcQKhBCjWJM+DxCfgpyUIFMWUQAmWKwGs/ydoa2srAYpDUmy6
+        zKXh+2oI3owG4fWXEDTpAuDYOYG0mETn59kS4EmClpaWKpvNlhdFEeFZuJPPRfhm2EX1Gi+QH3egUetB
+        zp1jEJPcXVqSkNlsztfW1j4OUnNzs8put1/JsgyZjISyuVzhUpYLOYEtzKx4ChzLFdDtVSGVllDh+hqK
+        vU8StLe3V+ALwjidTgW/vMFpigcFJrMZnHYrjmwBi9VaNN7gw1bw5WNaW1sryvb7ZTKZKvE0kl6vtw43
+        vl1aWtbNzMzopqamdQsLCzoMHdjc3KzDALLYe+8iiL97tIvCbP5owwAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbShowHideOperationalAttr.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANNSURBVDhPhZNZTBNRFEDr8mfUGHeNfhhjYgSNiibG7QsC
+        EhOVxC3GuHyoUcGYVFSQUVarFLBYpCKWKpSlrSDuSlug2um0pduUobTGbiYGxRiBKEzbd30zRaL+eJM3
+        k/cy98y5N+8KDla/KzxaQ2YaXK5ZijfM7FeOT9MEOABgEn5Owu8p3J4Lozu0PKXCKC5QU9u4PUHAZEGi
+        mIbkKhoOKNz+U3LzwNVmczC/1X6EzxgPg+v9+ouPPY2pUtvIlgo7JEk8Eu58O6GfKkgs9wzVkAPsiUch
+        2HeHAqW+H07LqY+yduscaQe5er/cWr2htCeaIbPDQ52XFaoYdl6Jr4Qnt2C7hDLmh8T4FWodI9FsJRVr
+        7PJGd942Q8p9X3ijuGf0mNwFtR396LHJH3luCY+dbeqDxaJ+0YTB6vK+n5XGQag0f0fCejNSaPshp8US
+        2yRxQ46Khte2ENv4NoAUnR9Quyk4ltXMwOLr3ht/AW5jgJQDKK1Q19GHctQO2FHTGyPUNNKQIajv/oAa
+        DAHAADarGRvc8P0DIL+C1DKEhA0WUOiwgcoOqbJeyFPT0GYKAZfMA6j/AC5gAw6Qq3JA6l0GCI0b2qgw
+        KN+OA0whNrMJlyDy3uQAfBMTyxlcwm9A3CAXl5D2B4BLru/2wxMqOHZe5YGFIl8+D+ANyhi+ib9LqNN6
+        eECqLA5oxSVwBg8xQEMGIntlNki46dARzwdnEHrgAJ5hiXEQVVLfY9lKC3qg9+IexA3yJgz8oCKD8MIa
+        RklFBkgs6IoihKbzFqvELpAYBiIK5wh7Rk4i6RMnutJiQ3EDGv81iBq6/ehcozO2v9rMrsjTo6WXdT+F
+        GkZ/rd17UrDrlu3p5qpeyGoLguhNMHa+3hoVNtlRmqwX5apo9MwSjj01+dkNJe9AcFYHCy50wPxs7eii
+        i1pYU9hdwVscKuzKSKmktFvuMHBcHQCZ6XMk/a6bLWp1sVWvfbC7xgn4Vn4r0lDqpGLD8LIrnZGh0dGV
+        jk/xwZuIzNLO5IP37GSajIa1YidsLe+BdKnlyxGpqbT0Jb2E++ZwnTOwq9o6hKd0Jp/EBUEQk+PjG49H
+        5vd71hUbytIkxsuXimrnjh9zIz4VrwW4gQvjYy4Q/ALE0HarRNDylQAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbShowOptionalAttr.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOASURBVDhPbZN7TFtVHMfv5iPqfxpnTJaoUf9xZEyjZnHL
+        jHSyGESJzmZGOyEmgPuHYCAEBG1L6XMtbVnLZIBAoXa0rNC13ZC+bh8yKn2nY30wTZgsLsaQ6HTZLfd8
+        bVltovGbnJzc5Py++Zzv/R5qY2Pj4WvrG/vbp0KvHBI4+D3jgT2nhh2PqhdWD1JlAdhVXLvLnxSXb37w
+        nUFX49GBSy2Ueiln+nRm7TeO0h9/XRFAjYL+hSNZyvQar0Bpi1onJnwPleeoyObmI0Jr4rPDYs/amwoa
+        VXwPqCr5Cl5TRvAcPwjp5XXmcvYPfDB8BSPfZQsicwRtZ9wfji4uPyZ3pOS1Svp6vToEsTUFE53ZrhLQ
+        v1Nd0+nWE+NJ9M0mmbqzCbJ8g2HHQz9tD19KE7ElVtjHd90+ogrdeFcTgmw+BYU1Xmg+FyyoFhKkut//
+        1w7aUXXsFG8iVeiciW9/ZMiQc748OeO8Cp09Tj43xcGR0/jamWSazvrZ3m8jZMqbY6d9eVQJ6TvUyy2R
+        B0ome3s8oyfHYug4n2beUIZgcF8jWnsC3RfSpEEbYCfdGYy5skRmTaJJTxPtxSSqRYE7FMX33U/x+btf
+        6LZLXxSHSIcpdZc3GkWLIYkxZwydc2k0aIPQO1M4qafx5fkoprx5YvDm7hFQXPN9JYLH22wKoSOLJlOO
+        aZ+Jg1fMhav1QeLMoH4wgGlvFhOePCTWBBp1PqL5F0HZoMeWxw+bd5n6kRT6LClwR2LgfRPDcW0AQ/YU
+        PtbREFpi/yEoGzzRblN0zWcRvUWYEfpHvCSiIZpP43lRGG+r/JjZIcihfy6+k8GQ/R+CyhUWZN0LWXb5
+        5jaj964T+YUojmgTOCANgzu8Ao0tgU/0fgjNUTLpybGTnizZJ6BvVwie7LyoaTdfRWaL/KnzXmel5lUi
+        taySY+rv8cxAMUxjjBjpPBGYY6S12AN1sQ/7+30o/oB7HT8h8dW/KvZsNRuTmFy5Cd1SlukyBFmJY408
+        +5Wf1GrCpG08UOgzhdkuYwQ1qiBqRe7Z0mxF73c4nub0LaoOy+itRkMK06u3MET/zDSo3IzBlWZbx8Lg
+        nA6gbtC/3DyweLw8VtGu8k61yVxP8dQuZZ2a/rVGGcQBgRtvKX3kPR09J7L4D5WP/Z9QNOHuhFpSj3Z2
+        zzHZYm/1F/bB05ZA5XmXxC+Wj6Io6m9cK0QbGQQrKAAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbRefresh.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANYSURBVDhPY0AH8vb1HC75yzUDqzc6+VVvsLPKXa7M4DGR
+        HSoNBf8ZQ0NXMUM5CBBctcGkYeHJ5TO3Xn80f/fNj3O23/gwYf3lu1Xzjq+ObtoZop40hxekzjpjhYVV
+        xnJbsCYYCKzdZDpl4+VbO849+7/t7NP/m089+b/p9NP/608++b/yyMP/M7Zf/1E2+9gGn+r14VmTDp4J
+        bdgWD9UKBMZprDXzjy+bte36/8Kph/4ld+6+XDLj6JKOFWf3z9h2/d2i/ff+T99x53/Lqsv/qhae+VG3
+        5Py/6NadMVDdDAwueavk8qccvBvZsuuXc/H6Mxrhs9RA4uKu3dwBtZssc6Ycml27+NyHmmWX/pctuvi/
+        cuG5fzFtO6LBmkHAMmOFjl/V5iOp/Ufm+VVtyWNgqGeCSoGBvH+/QHrf/m31yy/9L15w/n/VonP/Ytt3
+        RUGlGRgMk5bIO+avS0qdeFrZKW+jOFCIiSE0lJmhHmiQfT1LcN3m8rpFZ7/VAp0O0ly76NyfqOYd4RDd
+        QGCctlQkrW/f5Oq5x5dWzjm+DEivim7dPlMvZZGiRchKTpeitX4gP8cDnQ2yOaxhS7pd5gpTqHYGBov0
+        ldLdqy/cnbvn7v85QDxl09Ufyd17ihkYgK5AAsuOvxB///6/gGHSQhOT1EXBUGGIAV1AA2buuvt/9u67
+        /1uWn3vhX7XeF+R8qBIw6N10N3j/xZcJ/jVbJ1pkr8yACjMwmOUululaBXTB3nv/Z+y8879nw43/BbNP
+        vYts273YOW9psE7EBD274i1BDcsuH69acPqCV92O1za5az2g2kFhMFOuc+X5e40LTz6uXXTmbfH88/8z
+        Z575nz799P/EiUd+RnTsexXUuv9rVPeh/8Edh/67VW45rBfYLQbVzsBoHFSvEdu8eY+xX1Govnd+amj9
+        2hPJk478SJl66n/ilFP/4yad/B814cT/kK7D/12rtlzX9m/0BerjAWKwFxllrZKklN2LHYBsJSDWZeeX
+        c9J2yyxxypq+wrti1XGvqg0XXEpWHTRPmtovbR4OUicBxKB8AQ9kUMIB5ThBIJYCYkUgVgFiTVYuAX1W
+        AQV9NjYRUOqUBGKQGi4gxsyNQMAIxCBngQwDKeKGYhAbJMYKxEiplIEBAD4pdvr4u/BIAAAAAElFTkSu
+        QmCC
+</value>
+  </data>
+  <data name="tsbSearch.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAKNSURBVDhPfZPvS1NRGMfPGyswm7l7L2x3KobUm/oL6kXU
+        ++qVaenIJCnxxzYyiSANddt18xemBIJkYgUGK5MlZFCvIkiC3NzufqnhiwiVopVLjG/PufPOKdIXHu49
+        5zzfz33Oc89hu2VqDQty57zdrET9ZiUSSEfUz+f42lba3rJ0RRtkt5qUlQh40FgLfczXeM5W+k7JrtBg
+        tlHoVCE41QxkB4hyt2xpmZVwnUwJhRSiM4IDrSGcuL+I4wML2E/vfI6vZSD05B7NXNz6Kd+iRDdlRYXo
+        imnJ0/EU1n5taDEVTcHYEYaUVY1WJXm4lxV2xR3ahHcBOXc+4426itkgfaWsHUUXOzAXImAihZy782Te
+        7gsP7mWyOzJj8SRgpD0fbRzDevIHTBUusLMtYGduofiSE6mNTRzrS2h9ya6Ce5msREOyJ4aDV0ZQUt2L
+        P5RsqfJqZna6GUcqXVhJbqC0N07bywK4VQ4IUwVqSGr0oaByAOycB69mEwgsfkUJQUqtXQgtLGNu5S9Y
+        S4Aal/VrdYBoezEj1I5BuPYQeVUPkFveD9/7CFZ//sa370l8jCyDy/l2Bex2MAPJbEFqeu4Q659BuD4O
+        sXZUg7DzXhTVDMFs7QM7eRNtj15rkKEPa8i7F85AtCYamnz5km1yU4fwSoxXh5FbMYDcsh4Yyjxgp5rR
+        +2Qa7xbXYWhXYXITQP+NXKJ9so4gEOsnCPI4DakeRoF1CAWX+3HoQhv2WUdg6IzBpPAexLYPki7J9nIw
+        DeGVcMioBjlc3g2J5uSeL2QiM9/77qOsS7RNNYiNvqQOMdaMQHL4YeleouMbI+N/LpMuU+24INRN2MUb
+        T/2ifSoody8FLd44XefAHteZsX9qHQHmCLmB5wAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbSuperLog.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJOSURBVDhPfdLbT9NgGAZw/g+v/Qe80jvjpd6pvdPEKJiQ
+        oCQkmCVLSIxGAxGYkAwWiVzgxDjA4CEyQQhM3RTGDuDWrdu6rqw7tWt3aruN+djUEdROn+S9ab7nly9f
+        366jrH6jX3rJTMf55GfsU298J9pHOyeRFvGvlCpVbHqpuMXuPtk+bsz/gMPDFsIUAzJR4MbmNk+1K3/m
+        CKjKasfxhxKo1YFwIi+Mz62ebdeOcwTkeKnjuL0heHwkAmEa71zBart2nL+Bz1ER1i0Bj9ZymHdnkOR4
+        ZLXvitpAMHqAdu04vwMOrwjzWgMTnibm/XV0OyT0PouBSmVR04AAyRqB+EFRB0hWhMmp4I6zjnvrMp54
+        arhi53HxaQZjy/so11TshhkjEGMFHfiwV9DLt17XYPPI2IyruDSbxYVpFt02L/LFCrb3k0aASvE6sBrM
+        oW+5ip4FCZOuCtajil4+N0HjutUDji/DHaSNQITJ44cGJDkBPc/T+rWHP4pYCdX08plhEo8X3MiIMly+
+        hBEg6RxamsAVJKzsMLhso3B+KqWXTz/Yw+3pLXhDNDipgY2dmBH4Hs+i2QLSeQlsTkJA+1Uz74MYX9rG
+        qw0fdrWXJ1kJTLEB51fKCOxRHOqHgFBWUSipyEkquKICVpDB8AroggoqryIhtPD2S9QI+CNpyE1tlRtA
+        WVtZUQF4WduLqnarCpAqAXFtVSLaWy9ukUZgyLJEmEcdhGnkBTH40E4M3J8l+u/OEH1DNqLXbCVumiaJ
+        G4MW4trAKHG1f4T41erq+gkP0XfPXSg7HQAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbDelete.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANqSURBVDhPVZNfTFN3FMfvg22c7IElDnygAoKU+QAv4JPG
+        +AeeYC+iDYokTQPjYVFDOyVL9MW6dFRqGNsqiIoInVBbcA7nwLZQKTC4Bez/P/f2tuW25c942+J86Xe/
+        eyVmnOQk9+H3Od9zvudc6v/hGx2VRozGmoBe/8Sj1cZXb978d6Wj451breboq1cfkzxFt7ZKdp7vDtZk
+        yg/39Bj8Ot22X69HsK8X4aFBBAcewWPoAq1WY16l2ppXKjudSuXnO9iHEOBQd7fF19mZZcwj4ANeZNJJ
+        ZDZSSK/z4Nc4cMuLeNvTjdnm5qxToRhxNDbuF2HQtERUvqMHN/kKfMiPuHsRPBdFmhRIkQJJNgxmaR4x
+        jxvegQeYaWjIOurqvnecOLGHivT31/p0uq0oUd7YTCP43AprSQmmVUqiHAPPc5j5qgWWQ8V4OzKMxBqL
+        pdu3YDtzZuN1be1JKmAwPBHUeb8H63+tI0UAe9MFmPbuxUqfEZ7hx/jl0xxMnW8Ax4YQT8URmnXA/mU9
+        Jo8ff0B5tVoueL/v48yZrTSYhVlYD5fCUlQEq7wMlpJDCDltBCZeJBmwTBBv2lrxsro6Sq3euPEubBr6
+        aFgqs4bUZgp0z10MS6UYlkiw2NWJBFEW4FgiCpbk3LfX8Vtl5d+UsOfg4AAx7APMZ5Lgyffq4EOY9u0T
+        i9A//yCqi3A8Aoak67oGL8rL/6HcGg3nvWsQVyXC62uILs1hvLICZpkMz4rJGF+UI+iaRox0wMTDiER8
+        sF+6iF9LDjMU3d4+SGvU4Nx/inCCi8AmmJiTA7r3J7jvG0knn2CqqRHRqB8M6cJr+x0TR49irLj4IbV8
+        7VqNcGHCkSTJBtzGH/E0NxeOFhVipBjLBjF1QYGnn+Viqf8eImwAM5e/xnhh4abl4MFTFN3bK1lQqbpc
+        zZfEIwm8fgXPmBlR34rYsmBYaHkBy2YTPFMTmNfdxnO5HFaZ7I6DovaI1+hqa8t7o1A8mz57Nkt/p0V4
+        bkZUFmDBMGFmn/0POK8Q5bKyrLWgwDxy4MDu/8HV1JQ3XV9vsJ0+vW2rr4OztQWujm8wq2mH/WIjJqqr
+        MFZYuG0pKOiy5Ofn7WC7w3funJScZ83ksWNDL6uqEhMVFe9fyOXvx0tLE2NFRUMWmaxm9MgR6c5zEhT1
+        H3ZdepdgVNV7AAAAAElFTkSuQmCC
+</value>
+  </data>
+  <data name="tsbAddObject.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAHwSURBVDhPrZPbS1RRFIcPBP0HRUQEPgXFZCBhviVTYYqg
+        kgZhkIhJA4ahiSUjivcuMGEDOeGDircpKYNOhGhmxGg3CWRgVETHmTkIEpmMpWmfs45nvDO+tODHYp+1
+        fx9r77WP8t/DcecyYRmflMWlFfq/BtbXEUOMmqbpgCltnuL6IQ6ca2L/mados8G9IWIMBNYAx9OdpFYO
+        8+Ddby7kNFHZ+G1vQMlJBZEA6jtHOHvjBeakQnJr3nI0qZXllX+RIWL0Gx38nF8k+nw5D/uDPHYtYbr2
+        hu73k5EBmzuQ9fWqATLqvmP7sECuY5yEPHUnILPLTVhi9PkD64BhzyyHk52he/jFvd459p12MOad2wqJ
+        afhCpyeIZDFO+zYAEnFZL7E0jlHb84NEq4vbjwa3AZ58xjUDkncDNL8e5VS2SoU6Q/Ezrz7WhT9/NyDH
+        TFcQRdsGdKN3eitANoupsH2C0m4fsRl2BGqUFeVEtcorN0gW49Q2gIS0HW95jjmxgLRbbcixjFKog7sd
+        NLtAsg7w+ncA5OJM5jIK2jyhTkY5eLEVuWC9GHWzAXsPSBbj5C4ACRlhSsVH8lvcmIv6kBHrhSNZ97Gp
+        IDkSQB5R1CUnsRZVH+dVa9/ankPpVsISY1h6cVPIM47J7KLE/sn4sRRlFe7ik/SxwWnMAAAAAElFTkSu
+        QmCC
+</value>
+  </data>
+  <data name="tsbAddUser.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAGMSURBVDhPrVG7L4NxFO3izWIySAeJpRKReNTo/7AgVCSE
+        EhKUlsHShLSGGjpoQqMYmmAgESEdKvGMerSEqlf1a79gKUuPe/t9Fq0+Eic50+93zrn3XEUyvEVRUa8X
+        7UQw6/Si1f8RU8nP6UEit+cd2I9IdAlAw5jolZ/To3FCxE4IcD5JdDwgPon8nB7JDGrHszRgofVWouka
+        qNFFMjdQk8FyAJi9kcQGD1A1nIWBOxxT8c48Niez2OTL4ArVxpcitSG8+1tcORiGUhtGWbdgLtcGCuTv
+        iVAbRMuc6wuHIrBHJW48A2tE+z1goXWaV6Io7ghtyd8Twcl89+1Xav8RWPADtjvATOKpS2DkDChsD/3d
+        BY+9GQRW6Wzz1L6ZCpzxAZMXwNAp0HME5LelMOCdl6h93nnaS8JzQE8XGDiRkjsPgLxUBlzYIu3LhRmv
+        JLGOxu4nA05mg9zWFAacrHF+ctsYJWHfMdBL/EluskVTGyi1goPFpV0CSjRCfGxOZjELmTktwXX5+39A
+        ofgGO9ZnzUUgOS4AAAAASUVORK5CYII=
+</value>
+  </data>
+  <data name="tsbAddGroup.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJWSURBVDhPrZJLSJRxFMXdqBW1qE1tclUkE/Ty1bZ9uyIK
+        gx6IJhk5PoIycgwKLCpsoSS6kSxGJcdUsNJIy3R8zksrZ9SZLxvDGR1oZW1+3f//UxMfuy4cPr4L55z7
+        P/fG/bfyBYOWtEIPCqmC/omgZbmv/lMUCjz0LPXXVXqRl65xg1aPQbPbQP0v9zul/1p6r1whjlo9ur+u
+        Moq9NLoMagcN7J4wx8tiGhm2GK3jYWoGDCqdIQ5dd28uoMiPPhuaOPYLBhagNwpppTEe9IawdYew5Lk2
+        F3jmNLj3yRT4EIGWMDTMQMqdGLaeEPnvguy7MrqxgMMXtCgRDRFQ5JppqAjAkdsL2lmRSzvXhJha7D6w
+        QhSkq6+8u+G7SbaNwcGbC5q8N2uY3ReG2Jk5yPZzQ8laIKPIW1XuCNDhNdOvHxG4wnps5azIz0dnqO6b
+        4vHHScreBzhZ4WPrGedbU0Ac22V1TbKBip4ZHdhq8v7ieZKs8+zJi5LnmMba4Sen3U/i6X4zCzWyXVxr
+        hwzO18xR2fuHYUm/W0Jsm4WXBlRNQmbTIskls2S1+sl0TJCwIiCHUi071tcmzs556JqD5h9QF4SnQr7/
+        FW75YFtWRDufbZ4g/tSSQJoIXK0PcEzOVI395ic0yupqp+CJH+5+gRseuDYKWy5HtHN6ufefQEqB267I
+        h+XC1JtfyMjqzQ+/QalsoNBtOucMQ6IIKKKJvjYtsLpUYNktv3VgJTJyvgtyR0znE3WLJFyKbHxEy5Vk
+        jdoVeVdulB3ZUe2syMpZkeMvRta4xsX9BaG9Eh9voUC2AAAAAElFTkSuQmCC
+</value>
+  </data>
+  <data name="tsbAddToGroup.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAJRSURBVDhPrZJLSNRRFMb/m7SiFrWpTa2KZIJevtq2bxlB
+        GPRANMnI8RGUkWNQUFFiCyXRjWQxKjmmgpVGWpbjc16aOaPO/LMxnNGBVhbSr3PvpAypuw583HsPfN85
+        9zvH+G/hCwYt6UUeFNIE/ZNBy0pevVMVCj30/s2viYxiL93jJm0ekxa3iXqv5Lsk/1JyL1whjlo9Or8m
+        Mku8NLlM6gZN7J4wx8tjGpm2GG3jYWoHTKqcIQ5ddW8soMgPP5qaOPYDBhahLwrpZTHu94Ww9YSw5Ls2
+        FnjiNLnzIS7wLgKtYWichdRbMWy9IQreBNl3aXR9AYcvaFEiGiKgyLUzUBmAIzcXdWVFLuv6x8S0EveB
+        VaIgQ53y78avcbJtDA5eX9TkPdnD7Do3xI6sQbadGUrRApnF3up7jgCd3rj7DSMCV1i3rSor8tPRWWo+
+        TfPo/RTlbwOcrPSx5bTzdVxAKnbI6JplApW9s9qwRPL+kgX2WhfYnR8l3zGDtdNPboef5FP9cS9Uy3ap
+        WjdkcrZ2nqq+XwyL+z1iYvscPDehegqympdIKZ0ju81PlmOSpFUBWZQambHeNqnsXIDueWj5BvVBeCzk
+        uxNwwwdbsyN0/K5YNiaMZX2qSBeByw0BjsmaqrZffYcmGV3dNFT44fZnuOaBK6NocqKAvqcWuu2KfFg2
+        TP35mbSs/vzgC5TJBIrc8cq5w6CIa5AYyrCc1p/asFJpucAFeSOw+WKEE/VL63eQGHutUbsi78yLsj0n
+        qisrcrIg6UKETecj7YkChmEYfwCpBC6AnpT9dAAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbResetPassword.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOqSURBVDhPVZALTFtVHMbPnG4zsFJIZ7JlarGCGjd1iYkk
+        kDGTRkysqZsooQ9ZJ1wKmG0Ca3jNDiPLgq6TZhvgpLMOMDBZQ6ADoWMDyqAYGdBOXmsYYEYftFD6Anrv
+        +Xt7QaNf8uXLycnvy3cO+p/47qhtGfaa175y+14/6/LuljsM3FNT72zdPk07XqfTcTeP/5USngrHDpn9
+        2lHNKuhWAH6hLbzuA07eX+aPpfmH0sXiBtWlS6BQKB4qlUoW7XDhlj6B7eFgEQ5zzaMNKu8PMpQ1FKLK
+        ZyjM/mzcpf7um9nHj+egq7sbRCLRVEVFxR6G+1dbCyIIx2CZKYizBgNk7n0/lg1RsF/WB4YOHRgHhkJi
+        sXheKBRmp6am/lRQUKCmka0V/yyQ2yfOW3zkcaMrRPQv4ezhIN4j7cPtt+rJX1t0WCAQ9PD5/Lra2lqo
+        rq4GLpebwvD0AqYpIstee6zRAx+1P6GOtTuBf30B0ovrsfGeAWZmrLipqQn0ej2YzWag/wDzeDyC4Rkl
+        zD+LDi7sRx9Yb0fKFkNRmY+CaYVaPDbch8fHzbjrtw58W98ObW1tcOaMYikxMVHDYrHe24TFttPsXOc0
+        O8c2GUm456MlFipNXkmaBgzYeH8Id+pbcb7i3Nrz3Lg67kvcy/v27c6nqTdps9DOT+3lwh9XodVBwRUr
+        BRcn16Dy52bov9MBd3v7ofFGPS4sLaLiT/di9L6xgYZ2IZTMTr67+Wz0osKJm55QcGFynfpijKJO3LLg
+        m5oaPErPrtNocGlJCZTXd8P5Bxs4UbUAkQdykhkQwTYmXil2e7R0wYleH5b1bUCmwQYFF6rgapUKFCWl
+        0DkwAtN+CjdPeqmvR31YUDP2JydTG8/A4RJesdvXsETCGyo3JFx2g9wUgJRrI1B4pRF6TGb43QlwddQL
+        SpMX660Byri4AXktc7Ps47oPmQ5ekdunta1B7DkHvF3lAsk9J6iHV8DpB7gzHwI1DRebfHBjIgATtgBu
+        nvaF1A/XIb1heg4dLotDB8qWPS3uAPnC2UXyLZWd/Ny4SLZZveSobZ2stvhJlSVAVo75yVZrkOyYDVLf
+        jvipH6bWQyd7liH6iDQNcU4uQ8JFD0TkLEHMKRfsLXKAUOuAIuMqZHaugLzbA9ldK5BDpzycXU78Zf8q
+        pHw/+ABxYgUIvSw9hNjSXBSXQSCejEB7M4hnDoqI6HclBCdJQkSHfVhCRNEZlSQiYpJSZTFHxBk7nnv1
+        KEIo9m9LQikMEMrbwwAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <data name="tsbVerifyPassword.Image" type="System.Drawing.Bitmap, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+    <value>
+        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8
+        YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAGvSURBVDhPlVHdK0NhHD63vm5cudAu1CJK5GP+BeU/cEMx
+        LZQVFz535tK0wgUrFxOT4UJJQlq02IqEaWT5mO9z5mBL5maP93fOaRnT5qnn4ve+v+f5/d7n5X7i9QMF
+        VSZplhHESpM0eRWOFavXqcFEHt8b4H1W6BaB6n7pTL1OjRqzBJcALN0pdN5A3kS9To1kBhUD/zQg4eSF
+        wpFzoKzvOX0DHTOYDwJjAUXM+wCbzZaMvCpJhCcUK6Y309o0mZr9fn/CBlTTuVoqKLU8ZOn40NZ3cUm3
+        YiAIAvLaxNF8YzCDeqn+ZaDjpfEJ9yf2JWCbhbhyDywzUmM4HEb9wgeym4V16qX6lwFNpn/ffGLp3wIz
+        V8DUpWJAE3uOgcwmQRYl3YDWXnsEFtm32Vn6oyzAodZyWA1FCRw2FMbibNFGVDnH0ZvnWPrarhCsZ8Dg
+        CWSBd7kdwUMe0ZfpOG+OzNhb7ZDNVDnHUWCOa0BjDMFyCpjY95HBhr0W5zsNeL/vjDOw2wiXoy7RgCbr
+        l6KUNnrZezsO/mmgMYpOEucaROToRTkwakjbIBkoJGr6ky3ayBe1hNlBNEIlLwAAAABJRU5ErkJggg==
+</value>
+  </data>
+  <metadata name="imageList1.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>475, 15</value>
+  </metadata>
+  <metadata name="cmsServerNode.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>145, 15</value>
+  </metadata>
+  <metadata name="cmsDirectoryNode.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>295, 14</value>
+  </metadata>
+  <metadata name="cmsRootNode.TrayLocation" type="System.Drawing.Point, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a">
+    <value>17, 17</value>
+  </metadata>
+  <metadata name="$this.TrayHeight" type="System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
+    <value>37</value>
+  </metadata>
+</root>
\ No newline at end of file
diff --git a/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneFormView.cs b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneFormView.cs
new file mode 100644
index 000000000..4c18b59c3
--- /dev/null
+++ b/tools/win/LWRaftSnapIn/LWRaftSnapIn/Views/ResultPaneFormView.cs
@@ -0,0 +1,35 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using Microsoft.ManagementConsole;
+using System.Windows.Forms;
+
+namespace LWRaftSnapIn.Views
+{
+    public class ResultPaneFormView : FormView
+    {
+        private ResultPaneControl paneControl = null;
+        public ResultPaneFormView()
+        {
+        }
+        protected override void OnInitialize(AsyncStatus status)
+        {
+            base.OnInitialize(status);
+            paneControl = (ResultPaneControl)this.Control;
+            paneControl.AddDirRootNode();
+        }
+
+    }
+
+}
\ No newline at end of file
diff --git a/tools/win/README.md b/tools/win/README.md
index 3fd55ac00..25a7703c5 100755
--- a/tools/win/README.md
+++ b/tools/win/README.md
@@ -69,60 +69,74 @@ The source code is developed and tested against following environment:
   - .NET framework 3.5 may also require in case of community edition
 * Wix v3.8 (stable)
 
+## Download and Install GIT
+
+Inorder to checkout source code (from github), Install git client from https://git-scm.com/
+
+## Checkout Source code
 
-## Source code
 ```
 git clone https://github.com/vmware/lightwave.git
-windows source files are under lightwave/tools/win
 ```
+The source code for windows tools are under lightwave/tools/win
+
+## Download and Install .NET Framework
+
+1. Download .NET from https://www.microsoft.com/en-in/download/details.aspx?id=30653
+2. Confirm installation by following steps at https://msdn.microsoft.com/en-in/library/hh925568(v=vs.110).aspx#net_b
+
+ Note : .NET Framework 3.5+ is recommended
 
+## Download, Install and Configure WIX
 
+1. Download WIX binary from http://wixtoolset.org/
+   (Downloaded file : wix38-binaries.zip from http://wixtoolset.org/releases/v3.8/stable)
+2. Extract wix38-binaries.zip (Downloaded from above step #1)
+3. Configure environmental variable 'WIXPATH' set to value <downloaded_wix_38_path>/wix38-binaries
+
+ Note : WIX 38 is recommended and ensured working.
+
+## Download and Copy Pre-requisites for Build
+
+1. Download pre-requisite binaries from https://vmware.bintray.com/lightwave_ui/v1.0/rc/for_developers/win/
+2. Copy the above downloaded pre-requisites to lightwave/tools/interop/client_msi folder. [Please create folder structure if doesn't exist]
 
 ## Build
 
-The code can be build either using the build script or manually using Visual Studio.
+We can build the LIGHTWAVE UI tools via two methods :
 
-###Pre-requisite client binaries
-Download client pre-built binaries (from the link below) and copy them to tools/interop/client_msi folder (create if it does not exists) to satisfy dependencies before attempting to build.:
+1. via CLI (Command Line Interface)
+2. via Visual Studio IDE (Integrated Dev Environment)
 
-https://vmware.bintray.com/lightwave_ui/v1.0/rc/for_developers/win/
+### via CLI
 
-####Using build script
-```
-Perform following steps to build the Lightwave UI installer for windows using the build script:
-
-* Download and install .net framework 4.5 (in case it is not present on your machine) from https://www.microsoft.com/en-in/download/details.aspx?id=30653. To confirm whether .net framework 4.5 is installed in your machine please use  this link https://msdn.microsoft.com/en-in/library/hh925568(v=vs.110).aspx#net_b .
-* Download and install git client from https://git-scm.com/
-* Open git bash shell and run the command: git clone https://github.com/vmware/lightwave.git
-* Download wix38-binaries.zip from http://wixtoolset.org/. Do not download any wix installer binaries.
-* Right click wix38-binaries.zip and open properties panel and click unblock button present at bottom.
-* Now, extract wix38-binaries.zip binaries.
-* Create WIXPATH environment variable with value <path to folder where wix binaries are extracted>\wix38-binaries
-* Go to lightwave windows folder using command prompt: cd lightwave\tools\win
-* Run the windows build script: build-lw-win-ui.cmd
+The process of building via CLI uses a pre-existing script(build-lw-win-ui.cmd) in source code.
 
 ```
- 
-This will generate following three files in tools\win\x64\Debug and tools\win\x64\Release folders.
-
-1) VMIdentityTools_Installer.msi - contains only Lightwave MMC tools and requires pre-requisite client libraries to be already installed on machine. 
+1. cd lightwave/tools/win [Navigate to windows tools folder]
+2. build-lw-win-ui.cmd [Invoke build command]
+```
 
-2) VMIdentityTools_Prerequisite.exe - does not contains Lightwave MMC tools and used to install pre-requisite client libraries on machine
+If the above command succeeds, It should generate the following files:
 
-3) VMIdentityTools_Standalone.exe - contains both pre-requisite libs + Lightwave MMC tools
+* VMIdentityTools_Installer.msi - Contain Lightwave-MMC tools + Pre-requisite client libraries
+* VMIdentityTools_Prerequisite.exe - Contain only Pre-requisite client libraries
+* VMIdentityTools_Standalone.exe - Contain Lightwave-MMC + Pre-requisite client libraries
 
-You can find installer log in win\logs folder.
+#### Troubleshooting/Common Issues:
+The installer logs can be found at lightwave\tools\win\logs folder.
 
-If you get any wix related errors e.g. light.exe error, then delete all obj folders from wininstaller projects and run script again.
+WIX related errors :
+On wix related errors e.g. light.exe error, then delete all obj folders from wininstaller projects and run script again.
 
-####Using Visual Studio
+### via Visual Studio
 
 To build the tools indiviudally using Visual Studio, you need to build the pre-requisite interops first.
 
 If you have opened the .sln file for a tool, you would need to close it before you perform these steps.
 Perform the following steps before you open the solution for a tool.
 
-There are 3 pre-requisite interop projects that you need to build. 
+There are 3 pre-requisite interop projects that you need to build.
 
 These are placed at:
 
@@ -178,19 +192,16 @@ The assembly files will be created under tools\win\x64\Debug foler by default.
 * Now, build wininstaller solution present at lightwave\tools\win\wininstaller.
 This will generate three installers as mentioned before in the tools\win\x64\Debug folder by default, which can be used to install on other machines. 
 
-
-
-
 ## Known Issues
 
 ```
 *Installer
 	1. Only administrator users are allowed to install tools.
 
-* Lightwave REST SSO Tool : 
+* Lightwave REST SSO Tool :
 	1. Tool doesn't work with the latest super-main (TSL enabled) vSphere builds.
 
-* Lightwave PSC Site Management Tool :  
+* Lightwave PSC Site Management Tool :
 	1. Tool does not support partial topology load.
 	2. Tool does not show PSC status as UNKNOWN when Heartbeat API throws error.
 
@@ -206,11 +217,16 @@ I. PSC Site Management UI tool does not login to the MXN topology once a topolog
 
 Edit the hosts file on all the nodes of the topology and the machine running UI tool as follows:
  <IP>	<FQDN> 	<HOSTNAME>
-	 
+
 example:
 190.160.1.2	contoso.vmware.com	photon-contoso
 
 Add entry for all the nodes in the hosts file
 
 For linux, hosts file is located under: /etc/hosts
-For windows, hosts file is located under: C:\Windows\System32\drivers\etc\hosts
\ No newline at end of file
+For windows, hosts file is located under: C:\Windows\System32\drivers\etc\hosts
+
+Modify DNS Server Settings
+
+Open Network and Preferences (In Control Panel) → Network Icon→Network Settings→Change Adapter Options→Right click on Ethernet→Properties→Double click IPv4→Add the IP of Lightwave Instance.
+Make sure you add secondary DNS server too (8.8.8.8 or 8.8.4.4 i.e google public DNS) to reach other www
diff --git a/tools/win/VMDirSchemaSnapIn/VMDirSchemaSnapIn/UI/SchemaMetadataComparisionWindow.cs b/tools/win/VMDirSchemaSnapIn/VMDirSchemaSnapIn/UI/SchemaMetadataComparisionWindow.cs
index a41987789..fc35116b9 100755
--- a/tools/win/VMDirSchemaSnapIn/VMDirSchemaSnapIn/UI/SchemaMetadataComparisionWindow.cs
+++ b/tools/win/VMDirSchemaSnapIn/VMDirSchemaSnapIn/UI/SchemaMetadataComparisionWindow.cs
@@ -1,255 +1,503 @@
-/*

- * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.

- *

- * Licensed under the Apache License, Version 2.0 (the “License”); you may not

- * use this file except in compliance with the License.  You may obtain a copy

- * of the License at http://www.apache.org/licenses/LICENSE-2.0

- *

- * Unless required by applicable law or agreed to in writing, software

- * distributed under the License is distributed on an “AS IS” BASIS, without

- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the

- * License for the specific language governing permissions and limitations

- * under the License.

- */

-

-using System;

-using System.Collections.Generic;

-using System.ComponentModel;

-using System.Data;

-using System.Drawing;

-using System.Linq;

-using System.Text;

-using System.Threading.Tasks;

-using System.Windows.Forms;

-using VmDirInterop.Schema;

-using VmDirInterop.Schema.Definitions;

-using VmDirInterop.Schema.Diffs;

-using VmDirInterop.Schema.Entries;

-using VmDirInterop.Schema.Metadata;

+/*
+
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+
+ *
+
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+
+ * use this file except in compliance with the License.  You may obtain a copy
+
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+
+ *
+
+ * Unless required by applicable law or agreed to in writing, software
+
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+
+ * License for the specific language governing permissions and limitations
+
+ * under the License.
+
+ */
+
+
+
+using System;
+
+using System.Collections.Generic;
+
+using System.ComponentModel;
+
+using System.Data;
+
+using System.Drawing;
+
+using System.Linq;
+
+using System.Text;
+
+using System.Threading.Tasks;
+
+using System.Windows.Forms;
+
+using VmDirInterop.Schema;
+
+using VmDirInterop.Schema.Definitions;
+
+using VmDirInterop.Schema.Diffs;
+
+using VmDirInterop.Schema.Entries;
+
+using VmDirInterop.Schema.Metadata;
+
 using VMDirSchemaEditorSnapIn.Nodes;
-using VMwareMMCIDP.UI.Common.Utilities;

-

-namespace VMDirSchemaSnapIn.UI

-{

-    public partial class SchemaMetadataComparisionWindow : Form

-    {

-        IDictionary<string, SchemaDefinitionDiff> attrTypediff;

-        IDictionary<String, SchemaMetadataDiff> schemaDiff;

-        List<KeyValuePair<string, string>> ObjectClassDiff = new List<KeyValuePair<string, string>>();

-        List<KeyValuePair<string, string>> AttrDiff = new List<KeyValuePair<string, string>>();

-        List<KeyValuePair<string, string>> MetaDataDiff = new List<KeyValuePair<string, string>>();

-

-        public VMDirSchemaServerNode ServerNode { get; set; }

-

-        public string CurrentNode { get; set; }

-

-        public SchemaMetadataComparisionWindow(VMDirSchemaServerNode serverNode)

-        {

-            this.ServerNode = serverNode;

-            InitializeComponent();

-        }

-

-        private void ParseAttrType()

-        {

-            int row = (int)this.NodesList.SelectedIndex;

-            AttrDiff.Clear();

-            if (row >= 0)

-            {

-                KeyValuePair<String, SchemaDefinitionDiff> p = attrTypediff.ElementAt(row);

-                {

-                    CurrentNode = p.Key;

-                    SchemaDefinitionDiff diff = p.Value;

-

-                    if (diff != null)

-                    {

-                        foreach (VmDirInterop.Schema.Utils.Tuple<AttributeType, AttributeType> t in diff.GetAttributeTypeDiff())

-                        {

-                            string baseAttr = (t.item1 != null) ? t.item1.ToString() : VMDirSchemaConstants.MISSING_ATTRIBUTETYPE;

-                            string currentAttr = (t.item2 != null) ? t.item2.ToString() : VMDirSchemaConstants.MISSING_ATTRIBUTETYPE;

-                            AttrDiff.Add(new KeyValuePair<string, string>(baseAttr, currentAttr));

-                        }

-                    }

-                    else

-                        throw new Exception(VMDirSchemaConstants.NO_DATA_FOUND);

-                }

-            }

-        }

-

-        private void ParseObjectClass()

-        {

-            int row = (int)this.NodesList.SelectedIndex;

-            ObjectClassDiff.Clear();

-            if (row >= 0)

-            {

-

-                KeyValuePair<String, SchemaDefinitionDiff> p = attrTypediff.ElementAt(row);

-                {

-                    CurrentNode = p.Key;

-                    SchemaDefinitionDiff diff = p.Value;

-

-                    if (diff != null)

-                    {

-                        foreach (VmDirInterop.Schema.Utils.Tuple<ObjectClass, ObjectClass> t in diff.GetObjectClassDiff())

-                        {

-                            string baseObject = (t.item1 != null) ? t.item1.ToString() : VMDirSchemaConstants.MISING_OBJECTCLASS;

-                            string currentObject = (t.item2 != null) ? t.item2.ToString() : VMDirSchemaConstants.MISING_OBJECTCLASS;

-                            ObjectClassDiff.Add(new KeyValuePair<string, string>(baseObject, currentObject));

-                        }

-                    }

-                    else

-                        throw new Exception(VMDirSchemaConstants.NO_DATA_FOUND);

-                }

-            }

-        }

-

-        private void ParseMetaData()

-        {

-            int row = (int)this.NodesList.SelectedIndex;

-            MetaDataDiff.Clear();

-            if (row >= 0)

-            {

-                KeyValuePair<String, SchemaMetadataDiff> p = schemaDiff.ElementAt(row);

-                {

-                    CurrentNode = p.Key;

-                    SchemaMetadataDiff diff = p.Value;

-                    if (diff != null)

-                    {

-                        foreach (VmDirInterop.Schema.Utils.Tuple<SchemaEntry, SchemaEntry> t in diff.GetAttributeTypeDiff())

-                        {

-                            listSchemaMetadataDiffBreakdown(t.item1, t.item2);

-                        }

-                        foreach (VmDirInterop.Schema.Utils.Tuple<SchemaEntry, SchemaEntry> t in diff.GetObjectClassDiff())

-                        {

-                            listSchemaMetadataDiffBreakdown(t.item1, t.item2);

-                        }

-                    }

-                    else

-                        throw new Exception(VMDirSchemaConstants.NO_DATA_FOUND);

-                }

-            }

-        }

-

-

-        private void listSchemaMetadataDiffBreakdown(SchemaEntry e1, SchemaEntry e2)

-        {

-            SchemaComparableList<AttributeMetadata> mdList1 = null;

-            SchemaComparableList<AttributeMetadata> mdList2 = null;

-            if (e1 != null && e2 != null)

-            {

-

-                mdList1 = e1.GetMetadataList();

-                mdList2 = e2.GetMetadataList();

-

-                VmDirInterop.Schema.Utils.TupleList<AttributeMetadata, AttributeMetadata> diff = mdList1.GetDiff(mdList2);

-

-                foreach (VmDirInterop.Schema.Utils.Tuple<AttributeMetadata, AttributeMetadata> t in diff)

-                {

-                    //baseMetaData

-                    string baseData = (t.item1 != null) ? e1.defName + " : " + t.item1.ToString() : VMDirSchemaConstants.MISING_METADATA;

-                    string currentData = (t.item2 != null) ? e1.defName + " : " + t.item2.ToString() : VMDirSchemaConstants.MISING_METADATA;

-                    MetaDataDiff.Add(new KeyValuePair<string, string>(baseData, currentData));

-                }

-            }

-            else if (e1 != null)

-            {

-                mdList1 = e1.GetMetadataList();

-                foreach (AttributeMetadata md in mdList1)

-                {

-                    string baseData = e1.defName + " : " + md;

-                    string currentData = VMDirSchemaConstants.MISING_METADATA;

-                    MetaDataDiff.Add(new KeyValuePair<string, string>(baseData, currentData));

-                }

-            }

-            else

-            {

-                mdList2 = e2.GetMetadataList();

-                foreach (AttributeMetadata md in mdList2)

-                {

-                    string currentData = e1.defName + " : " + md;

-                    string baseData = VMDirSchemaConstants.MISING_METADATA;

-                    MetaDataDiff.Add(new KeyValuePair<string, string>(baseData, currentData));

-                }

-            }

-        }

-

-        public void ViewDiffButtonClicked(object sender, EventArgs e)

+using VMwareMMCIDP.UI.Common.Utilities;
+
+
+
+namespace VMDirSchemaSnapIn.UI
+
+{
+
+    public partial class SchemaMetadataComparisionWindow : Form
+
+    {
+
+        IDictionary<string, SchemaDefinitionDiff> attrTypediff;
+
+        IDictionary<String, SchemaMetadataDiff> schemaDiff;
+
+        List<KeyValuePair<string, string>> ObjectClassDiff = new List<KeyValuePair<string, string>>();
+
+        List<KeyValuePair<string, string>> AttrDiff = new List<KeyValuePair<string, string>>();
+
+        List<KeyValuePair<string, string>> MetaDataDiff = new List<KeyValuePair<string, string>>();
+
+
+
+        public VMDirSchemaServerNode ServerNode { get; set; }
+
+
+
+        public string CurrentNode { get; set; }
+
+
+
+        public SchemaMetadataComparisionWindow(VMDirSchemaServerNode serverNode)
+
         {
 
+            this.ServerNode = serverNode;
+
+            InitializeComponent();
+
+        }
+
+
 
+        private void ParseAttrType()
+
+        {
+
+            int row = (int)this.NodesList.SelectedIndex;
+
+            AttrDiff.Clear();
+
+            if (row >= 0)
+
+            {
+
+                KeyValuePair<String, SchemaDefinitionDiff> p = attrTypediff.ElementAt(row);
+
+                {
+
+                    CurrentNode = p.Key;
+
+                    SchemaDefinitionDiff diff = p.Value;
+
+
+
+                    if (diff != null)
 
-            UIErrorHelper.CheckedExecNonModal(delegate()

-            {

-                Button button = sender as Button;

-                if (button.Text == VMDirSchemaConstants.DIFF_ATTRIBUTETYPE)

-                {

-                    ParseAttrType();

-                    if (AttrDiff == null || AttrDiff.Count == 0)

-                    {

-                        MMCDlgHelper.ShowInformation("No Diff Found");

-                    }

-                    else

-                    {

-                        var frm = new ViewDiffWindow(this.ServerNode.ServerDTO.Server, this.CurrentNode, MetaDataDiff);

-                        frm.ShowDialog();

-                       

-                    }

-                }

-                else if (button.Text == VMDirSchemaConstants.DIFF_OBJECTCLASS)

-                {

-                    ParseObjectClass();

-                    if (ObjectClassDiff == null || ObjectClassDiff.Count == 0)

                     {
 
-                        MMCDlgHelper.ShowInformation("No Diff Found");

-                    }

-                    else

-                    {

-                        var frm = new ViewDiffWindow(this.ServerNode.ServerDTO.Server, this.CurrentNode, MetaDataDiff);

-                        frm.ShowDialog();

-                    }

-                }

-                else

-                {

-                    ParseMetaData();

-                    if (MetaDataDiff == null || MetaDataDiff.Count == 0)

-                    {

-                        MMCDlgHelper.ShowInformation("No Diff Found");

-                    }

-                    else

-                    {

-                        var frm = new ViewDiffWindow(this.ServerNode.ServerDTO.Server, this.CurrentNode, MetaDataDiff);

-                        frm.ShowDialog();

-                    }

-                }

-

-            });

-        }

-

-        private void CompareButton_Click(object sender, EventArgs e)

-        {

-            try

-            {

-                if (this.MetaDataButton.Checked == true)

-                {

-                    ViewAttributeTypeDiffButton.Visible = true;

-                    ViewObjectClassDiffButton.Visible = false;

-                    ViewAttributeTypeDiffButton.Text = VMDirSchemaConstants.DIFF_METADATA;

-                    schemaDiff = ServerNode.ServerDTO.Connection.SchemaConnection.GetAllSchemaMetadataDiffs();

-                    NodesList.DataSource = attrTypediff.Keys.ToList();

-                }

-                else if (this.SchemaButton.Checked == true)

-                {

-                    ViewAttributeTypeDiffButton.Visible = true;

-                    ViewObjectClassDiffButton.Visible = true;

-                    ViewAttributeTypeDiffButton.Text = VMDirSchemaConstants.DIFF_ATTRIBUTETYPE;

-                    attrTypediff = ServerNode.ServerDTO.Connection.SchemaConnection.GetAllSchemaDefinitionDiffs();

-                    NodesList.DataSource = attrTypediff.Keys.ToList();

-                }

-            }

-            catch (Exception ex)

-            {

-                MMCDlgHelper.ShowError(ex.Message);

-            }

-        }

-    }

-}

+                        foreach (Tuple<AttributeType, AttributeType> t in diff.GetAttributeTypeDiff())
+
+                        {
+
+                            string baseAttr = (t.Item1 != null) ? t.Item1.ToString() : VMDirSchemaConstants.MISSING_ATTRIBUTETYPE;
+
+                            string currentAttr = (t.Item2 != null) ? t.Item2.ToString() : VMDirSchemaConstants.MISSING_ATTRIBUTETYPE;
+
+                            AttrDiff.Add(new KeyValuePair<string, string>(baseAttr, currentAttr));
+
+                        }
+
+                    }
+
+                    else
+
+                        throw new Exception(VMDirSchemaConstants.NO_DATA_FOUND);
+
+                }
+
+            }
+
+        }
+
+
+
+        private void ParseObjectClass()
+
+        {
+
+            int row = (int)this.NodesList.SelectedIndex;
+
+            ObjectClassDiff.Clear();
+
+            if (row >= 0)
+
+            {
+
+
+
+                KeyValuePair<String, SchemaDefinitionDiff> p = attrTypediff.ElementAt(row);
+
+                {
+
+                    CurrentNode = p.Key;
+
+                    SchemaDefinitionDiff diff = p.Value;
+
+
+
+                    if (diff != null)
+
+                    {
+
+                        foreach (Tuple<ObjectClass, ObjectClass> t in diff.GetObjectClassDiff())
+
+                        {
+
+                            string baseObject = (t.Item1 != null) ? t.Item1.ToString() : VMDirSchemaConstants.MISING_OBJECTCLASS;
+
+                            string currentObject = (t.Item2 != null) ? t.Item2.ToString() : VMDirSchemaConstants.MISING_OBJECTCLASS;
+
+                            ObjectClassDiff.Add(new KeyValuePair<string, string>(baseObject, currentObject));
+
+                        }
+
+                    }
+
+                    else
+
+                        throw new Exception(VMDirSchemaConstants.NO_DATA_FOUND);
+
+                }
+
+            }
+
+        }
+
+
+
+        private void ParseMetaData()
+
+        {
+
+            int row = (int)this.NodesList.SelectedIndex;
+
+            MetaDataDiff.Clear();
+
+            if (row >= 0)
+
+            {
+
+                KeyValuePair<String, SchemaMetadataDiff> p = schemaDiff.ElementAt(row);
+
+                {
+
+                    CurrentNode = p.Key;
+
+                    SchemaMetadataDiff diff = p.Value;
+
+                    if (diff != null)
+
+                    {
+
+                        foreach (Tuple<SchemaEntry, SchemaEntry> t in diff.GetAttributeTypeDiff())
+
+                        {
+
+                            listSchemaMetadataDiffBreakdown(t.Item1, t.Item2);
+
+                        }
+
+                        foreach (Tuple<SchemaEntry, SchemaEntry> t in diff.GetObjectClassDiff())
+
+                        {
+
+                            listSchemaMetadataDiffBreakdown(t.Item1, t.Item2);
+
+                        }
+
+                    }
+
+                    else
+
+                        throw new Exception(VMDirSchemaConstants.NO_DATA_FOUND);
+
+                }
+
+            }
+
+        }
+
+
+
+
+
+        private void listSchemaMetadataDiffBreakdown(SchemaEntry e1, SchemaEntry e2)
+
+        {
+
+            SchemaComparableList<AttributeMetadata> mdList1 = null;
+
+            SchemaComparableList<AttributeMetadata> mdList2 = null;
+
+            if (e1 != null && e2 != null)
+
+            {
+
+
+
+                mdList1 = e1.GetMetadataList();
+
+                mdList2 = e2.GetMetadataList();
+
+
+
+                VmDirInterop.Schema.Utils.TupleList<AttributeMetadata, AttributeMetadata> diff = mdList1.GetDiff(mdList2);
+
+
+
+                foreach (Tuple<AttributeMetadata, AttributeMetadata> t in diff)
+
+                {
+
+                    //baseMetaData
+
+                    string baseData = (t.Item1 != null) ? e1.defName + " : " + t.Item1.ToString() : VMDirSchemaConstants.MISING_METADATA;
+
+                    string currentData = (t.Item2 != null) ? e1.defName + " : " + t.Item2.ToString() : VMDirSchemaConstants.MISING_METADATA;
+
+                    MetaDataDiff.Add(new KeyValuePair<string, string>(baseData, currentData));
+
+                }
+
+            }
+
+            else if (e1 != null)
+
+            {
+
+                mdList1 = e1.GetMetadataList();
+
+                foreach (AttributeMetadata md in mdList1)
+
+                {
+
+                    string baseData = e1.defName + " : " + md;
+
+                    string currentData = VMDirSchemaConstants.MISING_METADATA;
+
+                    MetaDataDiff.Add(new KeyValuePair<string, string>(baseData, currentData));
+
+                }
+
+            }
+
+            else
+
+            {
+
+                mdList2 = e2.GetMetadataList();
+
+                foreach (AttributeMetadata md in mdList2)
+
+                {
+
+                    string currentData = e1.defName + " : " + md;
+
+                    string baseData = VMDirSchemaConstants.MISING_METADATA;
+
+                    MetaDataDiff.Add(new KeyValuePair<string, string>(baseData, currentData));
+
+                }
+
+            }
+
+        }
+
+
+
+        public void ViewDiffButtonClicked(object sender, EventArgs e)
+
+        {
+
+
+
+            UIErrorHelper.CheckedExecNonModal(delegate()
+
+            {
+
+                Button button = sender as Button;
+
+                if (button.Text == VMDirSchemaConstants.DIFF_ATTRIBUTETYPE)
+
+                {
+
+                    ParseAttrType();
+
+                    if (AttrDiff == null || AttrDiff.Count == 0)
+
+                    {
+
+                        MMCDlgHelper.ShowInformation("No Diff Found");
+
+                    }
+
+                    else
+
+                    {
+
+                        var frm = new ViewDiffWindow(this.ServerNode.ServerDTO.Server, this.CurrentNode, MetaDataDiff);
+
+                        frm.ShowDialog();
+
+                       
+
+                    }
+
+                }
+
+                else if (button.Text == VMDirSchemaConstants.DIFF_OBJECTCLASS)
+
+                {
+
+                    ParseObjectClass();
+
+                    if (ObjectClassDiff == null || ObjectClassDiff.Count == 0)
+
+                    {
+
+                        MMCDlgHelper.ShowInformation("No Diff Found");
+
+                    }
+
+                    else
+
+                    {
+
+                        var frm = new ViewDiffWindow(this.ServerNode.ServerDTO.Server, this.CurrentNode, MetaDataDiff);
+
+                        frm.ShowDialog();
+
+                    }
+
+                }
+
+                else
+
+                {
+
+                    ParseMetaData();
+
+                    if (MetaDataDiff == null || MetaDataDiff.Count == 0)
+
+                    {
+
+                        MMCDlgHelper.ShowInformation("No Diff Found");
+
+                    }
+
+                    else
+
+                    {
+
+                        var frm = new ViewDiffWindow(this.ServerNode.ServerDTO.Server, this.CurrentNode, MetaDataDiff);
+
+                        frm.ShowDialog();
+
+                    }
+
+                }
+
+
+
+            });
+
+        }
+
+
+
+        private void CompareButton_Click(object sender, EventArgs e)
+
+        {
+
+            try
+
+            {
+
+                if (this.MetaDataButton.Checked == true)
+
+                {
+
+                    ViewAttributeTypeDiffButton.Visible = true;
+
+                    ViewObjectClassDiffButton.Visible = false;
+
+                    ViewAttributeTypeDiffButton.Text = VMDirSchemaConstants.DIFF_METADATA;
+
+                    schemaDiff = ServerNode.ServerDTO.Connection.SchemaConnection.GetAllSchemaMetadataDiffs();
+
+                    NodesList.DataSource = attrTypediff.Keys.ToList();
+
+                }
+
+                else if (this.SchemaButton.Checked == true)
+
+                {
+
+                    ViewAttributeTypeDiffButton.Visible = true;
+
+                    ViewObjectClassDiffButton.Visible = true;
+
+                    ViewAttributeTypeDiffButton.Text = VMDirSchemaConstants.DIFF_ATTRIBUTETYPE;
+
+                    attrTypediff = ServerNode.ServerDTO.Connection.SchemaConnection.GetAllSchemaDefinitionDiffs();
+
+                    NodesList.DataSource = attrTypediff.Keys.ToList();
+
+                }
+
+            }
+
+            catch (Exception ex)
+
+            {
+
+                MMCDlgHelper.ShowError(ex.Message);
+
+            }
+
+        }
+
+    }
+
+}
+
diff --git a/tools/win/build-lw-win-ui.cmd b/tools/win/build-lw-win-ui.cmd
index f48181951..f47041eb6 100755
--- a/tools/win/build-lw-win-ui.cmd
+++ b/tools/win/build-lw-win-ui.cmd
@@ -1,153 +1,155 @@
-@echo on
-set LOGDIR="logs"
-set LOG=%LOGDIR%\win_build.log
-set DEBUGLOG=%LOGDIR%\debug_build.log
-set RELEASELOG=%LOGDIR%\release_build.log
-set INTEROPDIR=..\interop\lib64
-
-set MS_BUILD4="%windir%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
-(echo MS_BUILD4=%MS_BUILD4%)>>%LOG%
-echo replace VMIdentity.CommonUtils.dll.config content with Brand_lw.config
-copy /Y ..\common\VMIdentity.CommonUtils\Brand_lw.config ..\common\VMIdentity.CommonUtils\VMIdentity.CommonUtils.dll.config
-
-
-if NOT EXIST %LOGDIR% (
-  mkdir %LOGDIR%
-)
-
-(echo =======================================================================================)>>%LOG%
-CALL :cleanup
-
-CALL :buildAllInterops ALL Release
-
-CALL :copyinterops ALL Release
-
-
-(echo =======================================================================================)>>%LOG%
-(echo starting windows build ...)>>%LOG%
-CALL :buildWithMSBUILD4 VMCertStoreSnapIn\VMCertStoreSnapIn.sln Debug
-CALL :buildWithMSBUILD4 VMDirSnapIn\VMDirSnapIn.sln Debug
-CALL :buildWithMSBUILD4 VMDirSchemaSnapIn\VMDirSchemaSnapIn.sln Debug
-CALL :buildWithMSBUILD4 VMCASnapIn\VMCASnapIn.sln Debug
-CALL :buildWithMSBUILD4 VMRestSsoAdminSnapIn\RestSsoAdminSnapIn.sln Debug
-CALL :buildWithMSBUILD4 VMPscHighAvailabilitySnapIn\VMPscHighAvailabilitySnapIn.sln Debug
-CALL :buildWithMSBUILD4 wininstaller\wininstaller.sln Debug
-
-echo ------------ Release ---------------
-echo Build Release x64
-
-
-CALL :buildWithMSBUILD4 VMCertStoreSnapIn\VMCertStoreSnapIn.sln Release
-CALL :buildWithMSBUILD4 VMDirSnapIn\VMDirSnapIn.sln Release
-CALL :buildWithMSBUILD4 VMDirSchemaSnapIn\VMDirSchemaSnapIn.sln Release
-CALL :buildWithMSBUILD4 VMCASnapIn\VMCASnapIn.sln Release
-CALL :buildWithMSBUILD4 VMRestSsoAdminSnapIn\RestSsoAdminSnapIn.sln Release
-CALL :buildWithMSBUILD4 VMPscHighAvailabilitySnapIn\VMPscHighAvailabilitySnapIn.sln Release
-CALL :buildWithMSBUILD4 wininstaller\wininstaller.sln Release
-
-goto end
-
-
-REM build all interop solutions in a particular config
-:buildAllInterops
-    set result = false
-    if %1% == ALL set result=true
-    if %1% == VMPSCHighAvailabilitySnapIn set result=true
-
-    if %result% == true (
-        REM build - psc vmdir
-        CALL :buildWithMSBUILD4 ..\..\vmdir\dotnet\VMDIR.Client\VMDIR.Client.csproj %2
-        REM build - psc vmafd
-        CALL :buildWithMSBUILD4 ..\..\vmafd\dotnet\VMAFD.Client\VMAFD.Client.csproj %2
-    )
-    
-    set result = false
-    if %1% == ALL set result=true
-    if %1% == VMDirSnapIn set result=true
-
-    if %result% == true (
-        REM build - vmdir
-        CALL :buildWithMSBUILD4 ..\..\vmdir\interop\csharp\VmDirInterop\VmDirInterop.sln %2
-    )
-    exit /b
-
-REM copy interops to the lib folder
-:copyinterops
-    
-    if NOT EXIST %INTEROPDIR% (
-        mkdir %INTEROPDIR%
-        )
-
-    echo 'move interops to lib64 folder started ..'
-    
-    set result=false
-    if %1% == ALL set result=true
-    if %1% == VMPSCHighAvailabilitySnapIn set result=true
-
-    if %result% == true (
-        echo 'move pscha'
-        copy /Y ..\..\vmdir\dotnet\VMDIR.Client\bin\%2\* %INTEROPDIR%\
-        copy /Y ..\..\vmafd\dotnet\VMAFD.Client\bin\%2\* %INTEROPDIR%\
-    )
-
-    set result=false
-    if %1% == ALL set result=true
-    if %1% == VMDirSnapIn set result=true
-
-    if %result% == true (
-        echo 'move vmdir'
-        copy /Y ..\..\vmdir\interop\csharp\VmDirInterop\VmDirInterop\bin\%2\* %INTEROPDIR%\
-    
-    )
-
-    echo 'interops moved successfully to lib64 folder'
-    
-    exit /b
-
-REM build solutions in a particular config
-:buildWithMSBUILD4
-  if %2 == Debug (
-    %MS_BUILD4% %1 /t:Rebuild /p:Configuration=Debug /l:FileLogger,Microsoft.Build.Engine;logfile=%DEBUGLOG%
-    if errorlevel 1 (
-      (echo VS 2012 %1 Debug FAILED)>>%DEBUGLOG%
-      echo VS 2012 %1 Debug FAILED
-      goto error
-    )
-  )
-  if %2 == Release (
-    %MS_BUILD4% %1 /t:Rebuild /p:Configuration=Release /l:FileLogger,Microsoft.Build.Engine;logfile=%RELEASELOG%
-      if errorlevel 1 (
-        (echo VS 2012 %1 Release FAILED)>>%RELEASELOG%
-        echo VS 2012 %1 Release FAILED
-        goto error
-      )
-    )
-  exit /b
-
-REM cleanup the interop lib directory
-:cleanup
-    if exist %INTEROPDIR% (
-        rm -rf %INTEROPDIR%\*
-    )
-    exit /b
-
-:error
-
-(echo !!!!!!!!!!Build FAILED!!!!!!!!!! [Log: "%LOG%"])>>%LOG%
-echo !!!!!!!!!!Build FAILED!!!!!!!!!! [Log: "%LOG%"]
-if not %BUILDLOG_DIR% == "" (
-    copy %LOGDIR%\*.log %BUILDLOG_DIR:/=\%
-)
-popd
-exit /b 1
-
-:end
-
-(echo !!!!!!!!!!Build succeeded!!!!!!!!!!)>>%LOG%
-echo !!!!!!!!!!Build succeeded!!!!!!!!!!
-if not "%BUILDLOG_DIR%" == "" (
-    copy %LOGDIR%\*.log %BUILDLOG_DIR:/=\%
-)
-
-popd
-exit /b 0
+@echo on
+set LOGDIR="logs"
+set LOG=%LOGDIR%\win_build.log
+set DEBUGLOG=%LOGDIR%\debug_build.log
+set RELEASELOG=%LOGDIR%\release_build.log
+set INTEROPDIR=..\interop\lib64
+
+set MS_BUILD4="%windir%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
+(echo MS_BUILD4=%MS_BUILD4%)>>%LOG%
+echo replace VMIdentity.CommonUtils.dll.config content with Brand_lw.config
+copy /Y ..\common\VMIdentity.CommonUtils\Brand_lw.config ..\common\VMIdentity.CommonUtils\VMIdentity.CommonUtils.dll.config
+
+
+if NOT EXIST %LOGDIR% (
+  mkdir %LOGDIR%
+)
+
+(echo =======================================================================================)>>%LOG%
+CALL :cleanup
+
+CALL :buildAllInterops ALL Release
+
+CALL :copyinterops ALL Release
+
+
+(echo =======================================================================================)>>%LOG%
+(echo starting windows build ...)>>%LOG%
+CALL :buildWithMSBUILD4 VMCertStoreSnapIn\VMCertStoreSnapIn.sln Debug
+CALL :buildWithMSBUILD4 VMDirSnapIn\VMDirSnapIn.sln Debug
+CALL :buildWithMSBUILD4 VMDirSchemaSnapIn\VMDirSchemaSnapIn.sln Debug
+CALL :buildWithMSBUILD4 VMCASnapIn\VMCASnapIn.sln Debug
+CALL :buildWithMSBUILD4 VMRestSsoAdminSnapIn\RestSsoAdminSnapIn.sln Debug
+CALL :buildWithMSBUILD4 VMPscHighAvailabilitySnapIn\VMPscHighAvailabilitySnapIn.sln Debug
+CALL :buildWithMSBUILD4 LWRaftSnapIn\LWRaftSnapIn.sln Debug
+CALL :buildWithMSBUILD4 wininstaller\wininstaller.sln Debug
+
+echo ------------ Release ---------------
+echo Build Release x64
+
+
+CALL :buildWithMSBUILD4 VMCertStoreSnapIn\VMCertStoreSnapIn.sln Release
+CALL :buildWithMSBUILD4 VMDirSnapIn\VMDirSnapIn.sln Release
+CALL :buildWithMSBUILD4 VMDirSchemaSnapIn\VMDirSchemaSnapIn.sln Release
+CALL :buildWithMSBUILD4 VMCASnapIn\VMCASnapIn.sln Release
+CALL :buildWithMSBUILD4 VMRestSsoAdminSnapIn\RestSsoAdminSnapIn.sln Release
+CALL :buildWithMSBUILD4 VMPscHighAvailabilitySnapIn\VMPscHighAvailabilitySnapIn.sln Release
+CALL :buildWithMSBUILD4 LWRaftSnapIn\LWRaftSnapIn.sln Release
+CALL :buildWithMSBUILD4 wininstaller\wininstaller.sln Release
+
+goto end
+
+
+REM build all interop solutions in a particular config
+:buildAllInterops
+    set result = false
+    if %1% == ALL set result=true
+    if %1% == VMPSCHighAvailabilitySnapIn set result=true
+
+    if %result% == true (
+        REM build - psc vmdir
+        CALL :buildWithMSBUILD4 ..\..\vmdir\dotnet\VMDIR.Client\VMDIR.Client.csproj %2
+        REM build - psc vmafd
+        CALL :buildWithMSBUILD4 ..\..\vmafd\dotnet\VMAFD.Client\VMAFD.Client.csproj %2
+    )
+    
+    set result = false
+    if %1% == ALL set result=true
+    if %1% == VMDirSnapIn set result=true
+
+    if %result% == true (
+        REM build - vmdir
+        CALL :buildWithMSBUILD4 ..\..\vmdir\interop\csharp\VmDirInterop\VmDirInterop.sln %2
+    )
+    exit /b
+
+REM copy interops to the lib folder
+:copyinterops
+    
+    if NOT EXIST %INTEROPDIR% (
+        mkdir %INTEROPDIR%
+        )
+
+    echo 'move interops to lib64 folder started ..'
+    
+    set result=false
+    if %1% == ALL set result=true
+    if %1% == VMPSCHighAvailabilitySnapIn set result=true
+
+    if %result% == true (
+        echo 'move pscha'
+        copy /Y ..\..\vmdir\dotnet\VMDIR.Client\bin\%2\* %INTEROPDIR%\
+        copy /Y ..\..\vmafd\dotnet\VMAFD.Client\bin\%2\* %INTEROPDIR%\
+    )
+
+    set result=false
+    if %1% == ALL set result=true
+    if %1% == VMDirSnapIn set result=true
+
+    if %result% == true (
+        echo 'move vmdir'
+        copy /Y ..\..\vmdir\interop\csharp\VmDirInterop\VmDirInterop\bin\%2\* %INTEROPDIR%\
+    
+    )
+
+    echo 'interops moved successfully to lib64 folder'
+    
+    exit /b
+
+REM build solutions in a particular config
+:buildWithMSBUILD4
+  if %2 == Debug (
+    %MS_BUILD4% %1 /t:Rebuild /p:Configuration=Debug /l:FileLogger,Microsoft.Build.Engine;logfile=%DEBUGLOG%
+    if errorlevel 1 (
+      (echo VS 2012 %1 Debug FAILED)>>%DEBUGLOG%
+      echo VS 2012 %1 Debug FAILED
+      goto error
+    )
+  )
+  if %2 == Release (
+    %MS_BUILD4% %1 /t:Rebuild /p:Configuration=Release /l:FileLogger,Microsoft.Build.Engine;logfile=%RELEASELOG%
+      if errorlevel 1 (
+        (echo VS 2012 %1 Release FAILED)>>%RELEASELOG%
+        echo VS 2012 %1 Release FAILED
+        goto error
+      )
+    )
+  exit /b
+
+REM cleanup the interop lib directory
+:cleanup
+    if exist %INTEROPDIR% (
+        rm -rf %INTEROPDIR%\*
+    )
+    exit /b
+
+:error
+
+(echo !!!!!!!!!!Build FAILED!!!!!!!!!! [Log: "%LOG%"])>>%LOG%
+echo !!!!!!!!!!Build FAILED!!!!!!!!!! [Log: "%LOG%"]
+if not %BUILDLOG_DIR% == "" (
+    copy %LOGDIR%\*.log %BUILDLOG_DIR:/=\%
+)
+popd
+exit /b 1
+
+:end
+
+(echo !!!!!!!!!!Build succeeded!!!!!!!!!!)>>%LOG%
+echo !!!!!!!!!!Build succeeded!!!!!!!!!!
+if not "%BUILDLOG_DIR%" == "" (
+    copy %LOGDIR%\*.log %BUILDLOG_DIR:/=\%
+)
+
+popd
+exit /b 0
diff --git a/tools/win/wininstaller/VMIdentityTools_Installer/Definitions.wxi b/tools/win/wininstaller/VMIdentityTools_Installer/Definitions.wxi
index 016ba3f3d..b66648719 100755
--- a/tools/win/wininstaller/VMIdentityTools_Installer/Definitions.wxi
+++ b/tools/win/wininstaller/VMIdentityTools_Installer/Definitions.wxi
@@ -1,28 +1,29 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Include>
-	<!-- TODO: Put your code here. -->
-  <?define Product="Lightwave Tools" ?>
-  <?define Manufacturer="VMware, Inc." ?>
-  <?define MajorVersion="1" ?>
-  <?define MinorVersion="0" ?>
-  <?define BuildVersion="5" ?>
-  <?define Revision="0" ?>
-  <?define VersionNumber="$(var.MajorVersion).$(var.MinorVersion).$(var.BuildVersion).$(var.Revision)" ?>
-  <?define UpgradeCode="{53548109-AB39-491D-B7B6-7217955AD17C}" ?>
-  <?define System32="C:\Windows\System32" ?>
-  <?define VMIDPOutDir=$(sys.SOURCEFILEDIR)..\..\$(var.Platform)\$(var.Configuration) ?>
-  <?define Resources="resources" ?>
-  <?define KerberosDllPath=[ProgramFiles64Folder]MIT\Kerberos\bin ?>
-  <?define ToolsMSIPath="..\..\x64" ?>
-  <?define MSIPath="..\..\..\interop\client_msi" ?>
-  <?define LegacySSO_desc="Administer users, groups, tenant policies, certificates and Open LDAP, AD and IDP integrations." ?>
-  <?define RestSSO_desc="Administer users, groups, tenant policies, certificates, relying party, OIDC and Open LDAP, AD and IDP integrations." ?>
-  <?define CA_desc="Manage certificate creations, issuance, expiring certificates, KeyPair/CSRs generations." ?>
-  <?define CertStore_desc="Manage certificate store, private keys and secret keys." ?>
-  <?define DirSchema_desc="Manage directory schema, federation and compare replication metadata." ?>
-  <?define Dir_desc=" Directory objects search and management." ?>
-  <?define DNS_desc="Administer zones, DNS records and configure forwarders." ?>
-  <?define PSCHA_desc="Manage site affinity for management node, monitor health of infrastructure node, global view of HA topology etc." ?>
-  <?define ResourcesForOtherProject="../VMIdentityTools_Installer/resources" ?>
-  <?define PrerequisiteUpgradeCode="{140CE8D6-D0C8-47AF-8D26-295BEC000BCA}" ?>
-</Include>
+<?xml version="1.0" encoding="utf-8"?>
+<Include>
+	<!-- TODO: Put your code here. -->
+  <?define Product="Lightwave Tools" ?>
+  <?define Manufacturer="VMware, Inc." ?>
+  <?define MajorVersion="1" ?>
+  <?define MinorVersion="0" ?>
+  <?define BuildVersion="5" ?>
+  <?define Revision="0" ?>
+  <?define VersionNumber="$(var.MajorVersion).$(var.MinorVersion).$(var.BuildVersion).$(var.Revision)" ?>
+  <?define UpgradeCode="{53548109-AB39-491D-B7B6-7217955AD17C}" ?>
+  <?define System32="C:\Windows\System32" ?>
+  <?define VMIDPOutDir=$(sys.SOURCEFILEDIR)..\..\$(var.Platform)\$(var.Configuration) ?>
+  <?define Resources="resources" ?>
+  <?define KerberosDllPath=[ProgramFiles64Folder]MIT\Kerberos\bin ?>
+  <?define ToolsMSIPath="..\..\x64" ?>
+  <?define MSIPath="..\..\..\interop\client_msi" ?>
+  <?define LegacySSO_desc="Administer users, groups, tenant policies, certificates and Open LDAP, AD and IDP integrations." ?>
+  <?define RestSSO_desc="Administer users, groups, tenant policies, certificates, relying party, OIDC and Open LDAP, AD and IDP integrations." ?>
+  <?define CA_desc="Manage certificate creations, issuance, expiring certificates, KeyPair/CSRs generations." ?>
+  <?define CertStore_desc="Manage certificate store, private keys and secret keys." ?>
+  <?define DirSchema_desc="Manage directory schema, federation and compare replication metadata." ?>
+  <?define Dir_desc=" Directory objects search and management." ?>
+  <?define LWRaft_desc=" Lightwave RAFT Browser" ?>
+  <?define DNS_desc="Administer zones, DNS records and configure forwarders." ?>
+  <?define PSCHA_desc="Manage site affinity for management node, monitor health of infrastructure node, global view of HA topology etc." ?>
+  <?define ResourcesForOtherProject="../VMIdentityTools_Installer/resources" ?>
+  <?define PrerequisiteUpgradeCode="{140CE8D6-D0C8-47AF-8D26-295BEC000BCA}" ?>
+</Include>
diff --git a/tools/win/wininstaller/VMIdentityTools_Installer/LWRaft.wxs b/tools/win/wininstaller/VMIdentityTools_Installer/LWRaft.wxs
new file mode 100644
index 000000000..bcd1f128b
--- /dev/null
+++ b/tools/win/wininstaller/VMIdentityTools_Installer/LWRaft.wxs
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
+  <?include Definitions.wxi ?>
+	<Fragment>
+		<!-- TODO: Put your code here. -->
+    <ComponentGroup Id="LWRaft_comp_group" Directory="APPLICATIONFOLDER">
+      <Component Id="lwraft_msc_comp" Guid="{66B66CC8-0C90-48DE-A322-F1D85436FBEA}" Win64="yes">
+        <File Id="lwraft_msc_file"
+              Name="Lightwave Raft.msc"
+              KeyPath="yes"
+              DiskId="1"
+              Source="$(var.Resources)/Lightwave Raft.msc" />
+      </Component>
+      <Component Id="LWRaftSnapIn_Dll_Comp" Guid="{556D2BD6-813E-4AFA-9981-65C704CD2E35}" Win64="yes">
+        <File Id="LWRaftSnapIn_Dll_File"
+              Name="LWRaftSnapIn.dll"
+              KeyPath="yes"
+              Assembly=".net"
+              AssemblyManifest="LWRaftSnapIn_Dll_File"
+              AssemblyApplication="LWRaftSnapIn_Dll_File"
+              DiskId="1"
+              Source="$(var.VMIDPOutDir)\LWRaftSnapIn.dll" />
+      </Component>
+    </ComponentGroup>
+
+
+    <ComponentGroup Id="LWRaft_reg_comp_group" Directory="TARGETDIR">
+      <Component Id="Reg_LWRaft_Comp" Guid="{6F7DFA1F-8FB3-4270-AE67-BF0B362995A3}" Win64="yes">
+        <RegistryKey Id="Reg_LWRaft_Key"
+                     Action="createAndRemoveOnUninstall"
+                     Key="Software\Microsoft\MMC\SnapIns\FX:{D2DFC4BB-70D6-43D1-9C94-19C053A29059}"
+                     Root="HKLM">
+          <RegistryKey Key="Standalone"
+                       Action="createAndRemoveOnUninstall" />
+          <RegistryKey Key="NodeTypes"
+                       Action="createAndRemoveOnUninstall" />
+          <RegistryValue Name="RuntimeVersion"
+                         Value="v2.0.50727"
+                         Type="string" />
+          <RegistryValue Name="UseCustomHelp"
+                         Value="0"
+                         Type="integer" />
+          <RegistryValue Name="ModuleName"
+                         Value="LWRaftSnapIn.dll"
+                         Type="string"
+                         KeyPath="yes"/>
+          <RegistryValue Name="NameString"
+                         Value="LWRaft Browser"
+                         Type="string" />
+          <RegistryValue Name="ApplicationBase"
+                         Value="[APPLICATIONFOLDER]"
+                         Type="expandable" />
+          <RegistryValue Name="About"
+                         Value="{00000000-0000-0000-0000-000000000000}"
+                         Type="string" />
+          <RegistryValue Name="Description"
+                         Value="$(var.LWRaft_desc)"
+                         Type="string"  />
+          <RegistryValue Name="FxVersion"
+                         Value="3.0.0.0"
+                         Type="string" />
+          <RegistryValue Name="Type"
+                         Value="LWRaftSnapIn.LWRaftSnapIn, LWRaftSnapIn, Version=$(var.VersionNumber), Culture=neutral, PublicKeyToken=null"
+                         Type="string" />
+          <RegistryValue Name="AssemblyName"
+                         Value="LWRaft"
+                         Type="string" />
+          <RegistryValue Name="Version"
+                         Value="$(var.VersionNumber)"
+                         Type="string" />
+        </RegistryKey>
+      </Component>
+    </ComponentGroup>
+
+	</Fragment>
+</Wix>
\ No newline at end of file
diff --git a/tools/win/wininstaller/VMIdentityTools_Installer/Product.wxs b/tools/win/wininstaller/VMIdentityTools_Installer/Product.wxs
index dff7049c4..c0a25438d 100755
--- a/tools/win/wininstaller/VMIdentityTools_Installer/Product.wxs
+++ b/tools/win/wininstaller/VMIdentityTools_Installer/Product.wxs
@@ -1,131 +1,139 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
-     xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
-  <?include Definitions.wxi ?>
-  <Product Id="*"
-           Name="$(var.Product)"
-           Language="1033"
-           Version="$(var.VersionNumber)"
-           Manufacturer="$(var.Manufacturer)"
-           UpgradeCode="$(var.UpgradeCode)">
-
-    <Package InstallerVersion="301"
-             Compressed="yes"
-             InstallScope="perMachine"
-             Manufacturer="$(var.Manufacturer)"
-             Description="Installs $(var.Product) $(var.VersionNumber)"
-             Keywords="Installer,MSI"
-             Comments="(c) 2015 VMware Company"
-             Platform="x64" />
-
-    <MediaTemplate EmbedCab="yes" />
-    
-    <MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed."
-                  Schedule="afterInstallValidate"
-                  AllowDowngrades="no"
-                  AllowSameVersionUpgrades="yes"/>
-
-    <PropertyRef Id="LaunchConditionsFile" />
-    
-    <!--Directory structure-->
-    <Directory Id="TARGETDIR"
-               Name="SourceDir">
-      <Directory Id="ProgramFiles64Folder">
-        <Directory Id="VMwareRoot"
-                   Name="$(var.Manufacturer)" >
-          <Directory Id="APPLICATIONFOLDER"
-                     Name="$(var.Product)" >         
-          </Directory>
-        </Directory>
-        <Directory Id="ProgramMenuFolder">
-          <Directory Id="ApplicationProgramsFolder"
-                     Name="$(var.Product)" />
-        </Directory>
-      </Directory>
-    </Directory>
-
-    <!--shortcuts component group-->
-    <ComponentGroup Id="ApplicationShortcut" Directory="ApplicationProgramsFolder">
-      <Component Id="CMP_VMCertShortcut" Guid="{77F95B9A-EF6E-42B1-8D2B-307842D000A6}" Win64="yes">
-        <Shortcut Id="VMRestSingleSignOnAdminShortcut"
-                  Name="Lightwave SSO"
-                  Description="MMC Console for Lightwave SSO"
-                  Target="[APPLICATIONFOLDER]Lightwave SSO.msc"
-                  WorkingDirectory="TARGETDIR"/>
-        <Shortcut Id="VMDirSchemaShortcut"
-                  Name="Lightwave Directory Schema"
-                  Description="MMC console for Lightwave Directory Schema Browser"
-                  Target="[APPLICATIONFOLDER]Lightwave Directory Schema.msc"
-                  WorkingDirectory="TARGETDIR"/>
-        <Shortcut Id="VMCAShortcut"
-                  Name="Lightwave CA"
-                  Description="MMC console for Lightwave CA"
-                  Target="[APPLICATIONFOLDER]Lightwave CA.msc"
-                  WorkingDirectory="TARGETDIR"/>
-        <Shortcut Id="VMDirShortcut"
-                  Name="Lightwave Directory"
-                  Description="MMC console for Lightwave Directory"
-                  Target="[APPLICATIONFOLDER]Lightwave Directory.msc"
-                  WorkingDirectory="TARGETDIR"/>
-        <Shortcut Id="VMPSCHAShortcut"
-                  Name="Lightwave PSC Site Management"
-                  Description="MMC console to monitor the health of PSC sites and nodes."
-                  Target="[APPLICATIONFOLDER]Lightwave PSC Site Management.msc"
-                  WorkingDirectory="TARGETDIR"/>
-        <Shortcut Id="VMCertStoreShortcut"
-                  Name="Lightwave Certificate Store"
-                  Description="MMC console for Lightwave Certificate Store"
-                  Target="[APPLICATIONFOLDER]Lightwave Certificate Store.msc"
-                  WorkingDirectory="TARGETDIR"/>
-        <RemoveFile Id="XML" Name="*.xml" On="both" Directory="APPLICATIONFOLDER"/>
-        <RemoveFolder Id="ApplicationProgramsFolder" On="uninstall"/>
-        <RegistryValue Root="HKCU" Key="Software\VMware\$(var.Product)" Name="$(var.Product)" Type="integer" Value="1" KeyPath="yes"/>
-      </Component>
-    </ComponentGroup>
-
-    <!--Features-->
-    <Feature Id="ProductFeature"
-             Title="Main Product"
-             Level="1">
-      <ComponentGroupRef Id="ApplicationShortcut"/>
-      <ComponentGroupRef Id="VM_common_comp_group"/>
-      <ComponentRef Id="VM_Mmc_Exe_Config_File_Copy_Comp"/>
-
-      <ComponentGroupRef Id="VMCert_comp_group"/>
-      <ComponentGroupRef Id="VMCert_reg_comp_group"/>
-
-      <ComponentGroupRef Id="VMCA_comp_group"/>
-      <ComponentGroupRef Id="VMCA_reg_comp_group"/>
-
-      <ComponentGroupRef Id="VMDir_comp_group"/>
-      <ComponentGroupRef Id="VMDir_reg_comp_group"/>
-      
-      <ComponentGroupRef Id="VMDirSchema_comp_group"/>
-      <ComponentGroupRef Id="VMDirSchema_reg_comp_group"/>
-
-      <ComponentGroupRef Id="RestSSO_comp_group"/>
-      <ComponentGroupRef Id="RestSSO_reg_comp_group"/>
-      
-      <ComponentGroupRef Id="VMPscHighAvailability_comp_group"/>
-      <ComponentGroupRef Id="VMPscHighAvailability_reg_comp_group"/>
-
-    </Feature>
-
-    <util:CloseApplication 
-      CloseMessage="yes"
-      Description="Please close all MMC Snapins before proceeding." 
-      RebootPrompt="no"
-      PromptToContinue="yes" 
-      Target="mmc.exe"/>
-
-
-    <UIRef Id="WixUI_Minimal" />
-    <WixVariable Id="WixUILicenseRtf" Value="$(var.Resources)/LicenseAgreement.rtf" />
-    <WixVariable Id="WixUIBannerBmp" Value="$(var.Resources)/banner.bmp" />
-    <WixVariable Id="WixUIDialogBmp" Value="$(var.Resources)/dialog.bmp" />
-    <Icon Id="add_remove_programs_icon" SourceFile="$(var.Resources)/SetupIcon.ico" />
-    <Property Id="ARPPRODUCTICON" Value="add_remove_programs_icon" />
-    <Property Id="MSIRESTARTMANAGERCONTROL" Value="Disable"/>
-
-  </Product>
+<?xml version="1.0" encoding="UTF-8"?>
+<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
+     xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
+  <?include Definitions.wxi ?>
+  <Product Id="*"
+           Name="$(var.Product)"
+           Language="1033"
+           Version="$(var.VersionNumber)"
+           Manufacturer="$(var.Manufacturer)"
+           UpgradeCode="$(var.UpgradeCode)">
+
+    <Package InstallerVersion="301"
+             Compressed="yes"
+             InstallScope="perMachine"
+             Manufacturer="$(var.Manufacturer)"
+             Description="Installs $(var.Product) $(var.VersionNumber)"
+             Keywords="Installer,MSI"
+             Comments="(c) 2015 VMware Company"
+             Platform="x64" />
+
+    <MediaTemplate EmbedCab="yes" />
+    
+    <MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed."
+                  Schedule="afterInstallValidate"
+                  AllowDowngrades="no"
+                  AllowSameVersionUpgrades="yes"/>
+
+    <PropertyRef Id="LaunchConditionsFile" />
+    
+    <!--Directory structure-->
+    <Directory Id="TARGETDIR"
+               Name="SourceDir">
+      <Directory Id="ProgramFiles64Folder">
+        <Directory Id="VMwareRoot"
+                   Name="$(var.Manufacturer)" >
+          <Directory Id="APPLICATIONFOLDER"
+                     Name="$(var.Product)" >         
+          </Directory>
+        </Directory>
+        <Directory Id="ProgramMenuFolder">
+          <Directory Id="ApplicationProgramsFolder"
+                     Name="$(var.Product)" />
+        </Directory>
+      </Directory>
+    </Directory>
+
+    <!--shortcuts component group-->
+    <ComponentGroup Id="ApplicationShortcut" Directory="ApplicationProgramsFolder">
+      <Component Id="CMP_VMCertShortcut" Guid="{77F95B9A-EF6E-42B1-8D2B-307842D000A6}" Win64="yes">
+        <Shortcut Id="VMRestSingleSignOnAdminShortcut"
+                  Name="Lightwave SSO"
+                  Description="MMC Console for Lightwave SSO"
+                  Target="[APPLICATIONFOLDER]Lightwave SSO.msc"
+                  WorkingDirectory="TARGETDIR"/>
+        <Shortcut Id="VMDirSchemaShortcut"
+                  Name="Lightwave Directory Schema"
+                  Description="MMC console for Lightwave Directory Schema Browser"
+                  Target="[APPLICATIONFOLDER]Lightwave Directory Schema.msc"
+                  WorkingDirectory="TARGETDIR"/>
+        <Shortcut Id="VMCAShortcut"
+                  Name="Lightwave CA"
+                  Description="MMC console for Lightwave CA"
+                  Target="[APPLICATIONFOLDER]Lightwave CA.msc"
+                  WorkingDirectory="TARGETDIR"/>
+        <Shortcut Id="VMDirShortcut"
+                  Name="Lightwave Directory"
+                  Description="MMC console for Lightwave Directory"
+                  Target="[APPLICATIONFOLDER]Lightwave Directory.msc"
+                  WorkingDirectory="TARGETDIR"/>
+	<Shortcut Id="LWRaftShortcut"
+                  Name="Lightwave RAFT Browser"
+                  Description="MMC console for Lightwave RAFT Browser"
+                  Target="[APPLICATIONFOLDER]Lightwave Raft.msc"
+                  WorkingDirectory="TARGETDIR"/>
+        <Shortcut Id="VMPSCHAShortcut"
+                  Name="Lightwave PSC Site Management"
+                  Description="MMC console to monitor the health of PSC sites and nodes."
+                  Target="[APPLICATIONFOLDER]Lightwave PSC Site Management.msc"
+                  WorkingDirectory="TARGETDIR"/>
+        <Shortcut Id="VMCertStoreShortcut"
+                  Name="Lightwave Certificate Store"
+                  Description="MMC console for Lightwave Certificate Store"
+                  Target="[APPLICATIONFOLDER]Lightwave Certificate Store.msc"
+                  WorkingDirectory="TARGETDIR"/>
+        <RemoveFile Id="XML" Name="*.xml" On="both" Directory="APPLICATIONFOLDER"/>
+        <RemoveFolder Id="ApplicationProgramsFolder" On="uninstall"/>
+        <RegistryValue Root="HKCU" Key="Software\VMware\$(var.Product)" Name="$(var.Product)" Type="integer" Value="1" KeyPath="yes"/>
+      </Component>
+    </ComponentGroup>
+
+    <!--Features-->
+    <Feature Id="ProductFeature"
+             Title="Main Product"
+             Level="1">
+      <ComponentGroupRef Id="ApplicationShortcut"/>
+      <ComponentGroupRef Id="VM_common_comp_group"/>
+      <ComponentRef Id="VM_Mmc_Exe_Config_File_Copy_Comp"/>
+
+      <ComponentGroupRef Id="VMCert_comp_group"/>
+      <ComponentGroupRef Id="VMCert_reg_comp_group"/>
+
+      <ComponentGroupRef Id="VMCA_comp_group"/>
+      <ComponentGroupRef Id="VMCA_reg_comp_group"/>
+
+      <ComponentGroupRef Id="VMDir_comp_group"/>
+      <ComponentGroupRef Id="VMDir_reg_comp_group"/>
+      
+      <ComponentGroupRef Id="VMDirSchema_comp_group"/>
+      <ComponentGroupRef Id="VMDirSchema_reg_comp_group"/>
+
+      <ComponentGroupRef Id="RestSSO_comp_group"/>
+      <ComponentGroupRef Id="RestSSO_reg_comp_group"/>
+      
+      <ComponentGroupRef Id="VMPscHighAvailability_comp_group"/>
+      <ComponentGroupRef Id="VMPscHighAvailability_reg_comp_group"/>
+
+      <ComponentGroupRef Id="LWRaft_comp_group"/>
+      <ComponentGroupRef Id="LWRaft_reg_comp_group"/>
+
+    </Feature>
+
+    <util:CloseApplication 
+      CloseMessage="yes"
+      Description="Please close all MMC Snapins before proceeding." 
+      RebootPrompt="no"
+      PromptToContinue="yes" 
+      Target="mmc.exe"/>
+
+
+    <UIRef Id="WixUI_Minimal" />
+    <WixVariable Id="WixUILicenseRtf" Value="$(var.Resources)/LicenseAgreement.rtf" />
+    <WixVariable Id="WixUIBannerBmp" Value="$(var.Resources)/banner.bmp" />
+    <WixVariable Id="WixUIDialogBmp" Value="$(var.Resources)/dialog.bmp" />
+    <Icon Id="add_remove_programs_icon" SourceFile="$(var.Resources)/SetupIcon.ico" />
+    <Property Id="ARPPRODUCTICON" Value="add_remove_programs_icon" />
+    <Property Id="MSIRESTARTMANAGERCONTROL" Value="Disable"/>
+
+  </Product>
 </Wix>
\ No newline at end of file
diff --git a/tools/win/wininstaller/VMIdentityTools_Installer/VMIdentityTools_Installer.wixproj b/tools/win/wininstaller/VMIdentityTools_Installer/VMIdentityTools_Installer.wixproj
index d943594f2..b096df8e7 100755
--- a/tools/win/wininstaller/VMIdentityTools_Installer/VMIdentityTools_Installer.wixproj
+++ b/tools/win/wininstaller/VMIdentityTools_Installer/VMIdentityTools_Installer.wixproj
@@ -1,68 +1,69 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <PropertyGroup>
-    <WixToolPath>$(WIXPATH)\</WixToolPath>
-    <WixTargetsPath>$(WixToolPath)Wix.targets</WixTargetsPath>
-    <WixTasksPath>$(WixToolPath)wixtasks.dll</WixTasksPath>
-  </PropertyGroup>
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">x64</Platform>
-    <ProductVersion>3.8</ProductVersion>
-    <ProjectGuid>be213597-654b-436c-a8d4-413b724e7a08</ProjectGuid>
-    <SchemaVersion>2.0</SchemaVersion>
-    <OutputName>LightwaveTools_Installer</OutputName>
-    <OutputType>Package</OutputType>
-    <WixTargetsPath Condition=" '$(WixTargetsPath)' == '' AND '$(MSBuildExtensionsPath32)' != '' ">$(MSBuildExtensionsPath32)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath>
-    <WixTargetsPath Condition=" '$(WixTargetsPath)' == '' ">$(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath>
-    <Name>VMIdentityTools_Installer</Name>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x64' ">
-    <DefineConstants>Debug</DefineConstants>
-    <OutputPath>..\..\$(Platform)\$(Configuration)\</OutputPath>
-    <IntermediateOutputPath>obj\$(Platform)\$(Configuration)\</IntermediateOutputPath>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x64' ">
-    <OutputPath>..\..\$(Platform)\$(Configuration)\</OutputPath>
-    <IntermediateOutputPath>obj\$(Platform)\$(Configuration)\</IntermediateOutputPath>
-  </PropertyGroup>
-  <ItemGroup>
-    <Compile Include="Common.wxs" />
-    <Compile Include="LaunchConditions.wxs" />
-    <Compile Include="Product.wxs" />
-    <Compile Include="RestSSO.wxs" />
-    <Compile Include="SSO.wxs" />
-    <Compile Include="VMCA.wxs" />
-    <Compile Include="VMDirSchema.wxs" />
-    <Compile Include="VMDNS.wxs" />
-    <Compile Include="VMCertStore.wxs" />
-    <Compile Include="VMDir.wxs" />
-    <Compile Include="VMPSCHA.wxs" />
-  </ItemGroup>
-  <ItemGroup>
-    <WixExtension Include="WixUtilExtension">
-      <HintPath>$(WixToolPath)\WixUtilExtension.dll</HintPath>
-      <Name>WixUtilExtension</Name>
-    </WixExtension>
-    <WixExtension Include="WixUIExtension">
-      <HintPath>$(WixToolPath)WixUIExtension.dll</HintPath>
-      <Name>WixUIExtension</Name>
-    </WixExtension>
-    <WixExtension Include="WixNetFxExtension">
-      <HintPath>$(WixToolPath)WixNetFxExtension.dll</HintPath>
-      <Name>WixNetFxExtension</Name>
-    </WixExtension>
-  </ItemGroup>
-  <ItemGroup>
-    <Content Include="Definitions.wxi" />
-  </ItemGroup>
-  <Import Project="$(WixTargetsPath)" />
-  <!--
-	To modify your build process, add your task inside one of the targets below and uncomment it.
-	Other similar extension points exist, see Wix.targets.
-	<Target Name="BeforeBuild">
-	</Target>
-	<Target Name="AfterBuild">
-	</Target>
-	-->
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup>
+    <WixToolPath>$(WIXPATH)\</WixToolPath>
+    <WixTargetsPath>$(WixToolPath)Wix.targets</WixTargetsPath>
+    <WixTasksPath>$(WixToolPath)wixtasks.dll</WixTasksPath>
+  </PropertyGroup>
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">x64</Platform>
+    <ProductVersion>3.8</ProductVersion>
+    <ProjectGuid>be213597-654b-436c-a8d4-413b724e7a08</ProjectGuid>
+    <SchemaVersion>2.0</SchemaVersion>
+    <OutputName>LightwaveTools_Installer</OutputName>
+    <OutputType>Package</OutputType>
+    <WixTargetsPath Condition=" '$(WixTargetsPath)' == '' AND '$(MSBuildExtensionsPath32)' != '' ">$(MSBuildExtensionsPath32)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath>
+    <WixTargetsPath Condition=" '$(WixTargetsPath)' == '' ">$(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets</WixTargetsPath>
+    <Name>VMIdentityTools_Installer</Name>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|x64' ">
+    <DefineConstants>Debug</DefineConstants>
+    <OutputPath>..\..\$(Platform)\$(Configuration)\</OutputPath>
+    <IntermediateOutputPath>obj\$(Platform)\$(Configuration)\</IntermediateOutputPath>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|x64' ">
+    <OutputPath>..\..\$(Platform)\$(Configuration)\</OutputPath>
+    <IntermediateOutputPath>obj\$(Platform)\$(Configuration)\</IntermediateOutputPath>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="Common.wxs" />
+    <Compile Include="LaunchConditions.wxs" />
+    <Compile Include="Product.wxs" />
+    <Compile Include="RestSSO.wxs" />
+    <Compile Include="SSO.wxs" />
+    <Compile Include="VMCA.wxs" />
+    <Compile Include="VMDirSchema.wxs" />
+    <Compile Include="VMDNS.wxs" />
+    <Compile Include="VMCertStore.wxs" />
+    <Compile Include="VMDir.wxs" />
+    <Compile Include="VMPSCHA.wxs" />
+    <Compile Include="LWRaft.wxs"/>
+  </ItemGroup>
+  <ItemGroup>
+    <WixExtension Include="WixUtilExtension">
+      <HintPath>$(WixToolPath)\WixUtilExtension.dll</HintPath>
+      <Name>WixUtilExtension</Name>
+    </WixExtension>
+    <WixExtension Include="WixUIExtension">
+      <HintPath>$(WixToolPath)WixUIExtension.dll</HintPath>
+      <Name>WixUIExtension</Name>
+    </WixExtension>
+    <WixExtension Include="WixNetFxExtension">
+      <HintPath>$(WixToolPath)WixNetFxExtension.dll</HintPath>
+      <Name>WixNetFxExtension</Name>
+    </WixExtension>
+  </ItemGroup>
+  <ItemGroup>
+    <Content Include="Definitions.wxi" />
+  </ItemGroup>
+  <Import Project="$(WixTargetsPath)" />
+  <!--
+	To modify your build process, add your task inside one of the targets below and uncomment it.
+	Other similar extension points exist, see Wix.targets.
+	<Target Name="BeforeBuild">
+	</Target>
+	<Target Name="AfterBuild">
+	</Target>
+	-->
 </Project>
\ No newline at end of file
diff --git a/tools/win/wininstaller/VMIdentityTools_Installer/resources/Lightwave Raft.msc b/tools/win/wininstaller/VMIdentityTools_Installer/resources/Lightwave Raft.msc
new file mode 100644
index 000000000..61da65ad8
--- /dev/null
+++ b/tools/win/wininstaller/VMIdentityTools_Installer/resources/Lightwave Raft.msc	
@@ -0,0 +1,1552 @@
+<?xml version="1.0"?><MMC_ConsoleFile ConsoleVersion="3.0" ProgramMode="User">
+  <ConsoleFileID>{DCB60EA4-AE47-49F8-8AD1-626A3CDE8BD1}</ConsoleFileID>
+  <FrameState ShowStatusBar="true">
+    <WindowPlacement ShowCommand="SW_SHOWNORMAL">
+      <Point Name="MinPosition" X="-1" Y="-1"/>
+      <Point Name="MaxPosition" X="-1" Y="-1"/>
+      <Rectangle Name="NormalPosition" Top="78" Bottom="603" Left="78" Right="1103"/>
+    </WindowPlacement>
+  </FrameState>
+  <Views>
+    <View ID="1" ScopePaneWidth="206" ActionsPaneWidth="-1">
+      <BookMark Name="RootNode" NodeID="2"/>
+      <BookMark Name="SelectedNode" NodeID="2"/>
+      <WindowPlacement WPF_RESTORETOMAXIMIZED="true" ShowCommand="SW_SHOWMAXIMIZED">
+        <Point Name="MinPosition" X="-1" Y="-1"/>
+        <Point Name="MaxPosition" X="-8" Y="-31"/>
+        <Rectangle Name="NormalPosition" Top="0" Bottom="280" Left="0" Right="840"/>
+      </WindowPlacement>
+      <ViewOptions ViewMode="Report" NoStdMenus="true" NoStdButtons="true" DescriptionBarVisible="false" DefaultColumn0Width="200" DefaultColumn1Width="0"/>
+    </View>
+  </Views>
+  <VisualAttributes>
+    <String Name="ApplicationTitle" ID="1"/>
+    <Icon Index="0" File="C:\Users\ssamrit\Desktop\msc_icon\vmdir.ico">
+      <Image Name="Large" BinaryRefIndex="0"/>
+      <Image Name="Small" BinaryRefIndex="1"/>
+      <Image Name="Large48x" BinaryRefIndex="2"/>
+    </Icon>
+  </VisualAttributes>
+  <Favorites>
+    <Favorite TYPE="Group">
+      <String Name="Name" ID="2"/>
+      <Favorites/>
+    </Favorite>
+  </Favorites>
+  <ScopeTree>
+    <SnapinCache>
+      <Snapin CLSID="FX:{4262730d-8b69-4581-8e39-264225ba302b}" AllExtensionsEnabled="false">
+        <Extensions/>
+      </Snapin>
+      <Snapin CLSID="{C96401CC-0E17-11D3-885B-00C04F72C717}" AllExtensionsEnabled="true"/>
+    </SnapinCache>
+    <Nodes>
+      <Node ID="1" ImageIdx="0" CLSID="{C96401CC-0E17-11D3-885B-00C04F72C717}" Preload="false">
+        <Nodes>
+          <Node ID="2" ImageIdx="0" CLSID="FX:{4262730d-8b69-4581-8e39-264225ba302b}" Preload="true">
+            <Nodes/>
+            <String Name="Name" ID="3"/>
+            <ComponentDatas>
+              <ComponentData>
+                <GUID Name="Snapin">FX:{4262730d-8b69-4581-8e39-264225ba302b}</GUID>
+                <Stream BinaryRefIndex="3"/>
+              </ComponentData>
+            </ComponentDatas>
+            <Components>
+              <Component ViewID="1">
+                <GUID Name="Snapin">FX:{4262730d-8b69-4581-8e39-264225ba302b}</GUID>
+                <Stream BinaryRefIndex="4"/>
+              </Component>
+            </Components>
+          </Node>
+        </Nodes>
+        <String Name="Name" ID="4"/>
+        <Bitmaps>
+          <BinaryData Name="Small" BinaryRefIndex="5"/>
+          <BinaryData Name="Large" BinaryRefIndex="6"/>
+        </Bitmaps>
+        <ComponentDatas>
+          <ComponentData>
+            <GUID Name="Snapin">{C96401CC-0E17-11D3-885B-00C04F72C717}</GUID>
+            <Stream BinaryRefIndex="7"/>
+          </ComponentData>
+        </ComponentDatas>
+        <Components/>
+      </Node>
+    </Nodes>
+  </ScopeTree>
+  <ConsoleTaskpads/>
+  <ViewSettingsCache>
+    <TargetView ViewID="1" NodeTypeGUID="{00000000-0000-0000-0000-000000000000}"/>
+    <ViewSettings Flag_TaskPadID="true" Age="2">
+      <GUID>{00000000-0000-0000-0000-000000000000}</GUID>
+    </ViewSettings>
+    <TargetView ViewID="1" NodeTypeGUID="{82C37899-7808-11D1-A190-0000F875B132}"/>
+    <ViewSettings Flag_TaskPadID="true" Age="1">
+      <GUID>{00000000-0000-0000-0000-000000000000}</GUID>
+    </ViewSettings>
+    <TargetView ViewID="1" NodeTypeGUID="{C96401CE-0E17-11D3-885B-00C04F72C717}"/>
+    <ViewSettings Flag_TaskPadID="true" Age="3">
+      <GUID>{00000000-0000-0000-0000-000000000000}</GUID>
+    </ViewSettings>
+  </ViewSettingsCache>
+  <ColumnSettingsCache/>
+  <StringTables>
+    <IdentifierPool AbsoluteMin="1" AbsoluteMax="65535" NextAvailable="5"/>
+    <StringTable>
+      <GUID>{71E5B33E-1064-11D2-808F-0000F875A9CE}</GUID>
+      <Strings>
+        <String ID="1" Refs="1">Lightwave Raft</String>
+        <String ID="2" Refs="1">Favorites</String>
+        <String ID="3" Refs="1">Lightwave Raft Servers</String>
+        <String ID="4" Refs="2">Console Root</String>
+      </Strings>
+    </StringTable>
+  </StringTables>
+  <BinaryStorage>
+    <Binary Name="CONSOLE_FILE_ICON_LARGE">
+SUwBAQEABAAEACAAIAD/////IQD//////////0JNNgAAAAAAAAA2AAAAKAAAAIAAAAAgAAAAAQAg
+AAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AAAAAwAAAAcAAAAHAAAACQAAAAkAAAAHAAAABQAAAANsZGGJcGtnjXBrZ41wa2eNcGtnjXBrZ41w
+a2eNcGtnjXBrZ41wa2eNcGtnjXBrZ41wa2eNcGtnjWtkYIsAAAALAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAAAAC1lVU6ltaGT9cmxo/3JsaP9y
+bGj/cmxo/3JsaP9ybGj/cmxo/3JsaP9ybGj/cmxo/+/p5f///v7///7+///+/v///v7///7+///+
+/v///v7///7+///+/v///v7///7+///+/v///v7/7+nl/wAAAA8AAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBoJeQ/ZKFfP+Uh37/dmxk/3Zr
+ZP92a2T/dmtk/3ZrZP92a2T/dmxk/3ZsZf92a2T/7ujl//7+/f/+/v3//v79//7+/f/+/v3//v79
+//7+/f/+/v3//v79//7+/f/+/v3//v79//7+/f/u6eX/AAAADwAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQGimJH/lYh+/4N5cf81MTD/NTEw
+/zUxMP81MTD/NTEw/zUxMP81MTD/NTEw/zQxL//u6OT//v39//79/f/+/f3//v39//79/f/+/f3/
+/v39//79/f/+/f3//v39//79/f/+/f3//v39/+7o5f8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAaOZkf+WiX//jIJ6/z49Pf8+PT3/
+Pj09/z49Pf8+PT3/Pj09/z49Pf8+PT3/PTw8/+7o5P/+/fz/s7Lx/9fW9v/x6+f/7ujk//Dq5f/v
+6uX/8ezo/+/p5f/w6+f/7ujj//j28//+/fz/7ujk/wAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBo5mS/5eLgf+Xi4P/bWVg/21lX/9t
+ZV//bWVg/21lYP9tZWD/bWVg/21mYP9tZWD/7efj//38+//5+Pr//Pv7//38+//9/Pv//fz7//38
++//9/Pv//fz7//38+//9/Pv//fz7//38+//t5+P/AAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQGkmpP/mYyC/4Z8df83NDP/NzQz/zc0
+M/83NDP/NzQz/zc0M/83NDP/NzQz/zYzMv/t5+P//fz6/+7u+P/39vr//fz6//38+v/9/Pr//fz6
+//38+v/9/Pr//fz6//38+v/9/Pr//fz6/+3n4/8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAaWblP+ajYT/k4iA/1NPTf9ST03/Uk9N
+/1JPTf9TUE7/VFFP/1RRT/9VUlD/VVJQ/+3n4v/9+/r/vLvx/9vZ9f/q4tz/7Obg/+3n4v/y7ur/
+7OXg/+7n4v/t5uH/9vPw//37+v/9+/r/7efi/wAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBppyV/5uOhv+fkon/oJSL/6KWjf+lmZD/
+qJyU/6ufmP+uo5v/saaf/7Sqov+2rKX/7ebi//z7+f/8+/n//Pv5//z7+f/8+/n//Pv5//z7+f/8
++/n//Pv5//z7+f/8+/n//Pv5//z7+f/t5uL/AAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQGqoJr/pJiQ/6qelv+topr/sKWe/7Opov+2
+rKX/ua+p/7yzrP+/trD/wbm0/8O8tv/t5uH//Pr4/7e38P/Y1/T/7efh/+zm4f/u6OP/7Obh//Dr
+5v/s5eD/7uji/+ni3P/6+fb//Pr4/+3m4f8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAbKqpP+yqKL/uK6o/7uyrP++ta//wbiz/8nD
+vP/NycL/0MvF/83Gwv/PycX/0cvH/+3m4f/8+vj/8e/2//j29//8+vj//Pr4//z6+P/8+vj//Pr4
+//z6+P/8+vj//Pr4//z6+P/8+vj/7ebh/wAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBurOu/7+4sv/Gvrn/ycK9/8zFwP/OyMP/tLGq
+/727tP+ysKn/z8vG/93Z1v/f29n/7OXg//v59//08vb/+ff2//v59//7+ff/+/n3//v59//7+ff/
++/n3//v59//7+ff/+/n3//v59//s5eD/AAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQHCvLj/zcfD/9TOyv/X0c7/2tXS/9vX1P+em5X/
+09HK/7GvqP/Hw8D/5uLg/+Th3//s5d//+/n2/7Oy7f/W1PH/6eHa/+rj3P/q493/8u3o/+ri3P/r
+5N7/6+Te//Tw7P/7+fb/+/n2/+zl3/8AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAcvGw//b19T/4d7b/+Tg3v/l4t//5eLg/8C8uP+T
+j4n/op2Y/+Lf3P/j4N3/4d7b/+zk3//7+PX/+/j1//v49f/7+PX/+/j1//v49f/7+PX/+/j1//v4
+9f/49vP/9vPx//bz8f/z8O7/3dbR/wEBARMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAABAQEBAQEBAQEBAQEBAQEB0MzJ/+He3P/l4d//5OHf/+Tg3v/j4N3/49/d/9bU
+zf/X09D/4d3b/+Hd2v/f29j/6+Tf//r49f+9vO7/2tjx/+jg2f/q4tv/6uLc//Hs5//p4dv/6+Pd
+/9TNyP/Oy8n/1dTT/9va2P/Kv7rtCAcHEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQHPysj/39vZ/+Le3P/i3tz/4d3b/+Hd2v/g3Nr/xcG8
+/9nU0v/f2tf/3trX/9zY1f/r5N7/+vf0/+jm8v/y8PP/+vf0//r39P/69/T/+vf0//r39P/69/T/
+4N7b//7+/v/9/Pv/5N7Z+TgzME8BAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAQEBAQEBAQEBAQEBAQEBAc3Jxv+Rjoz/CQkJ/wAAAP8AAAD/AAAA/wAAAP8AAAD/
+AAAA/wAAAP8AAAD/AAAA/+vj3f/69/P/+vfz//r38//69/P/+vfz//r38//69/P/+vfz//r38//h
+39z/+/r5/+Lc3PtPSEVpAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAABAQEBAQEBAQEBAQEBAQEBzMfE/zg3Nv8XEQ//DwsJ/w8LCf8VDw3/GxQR/yIYFf8i
+GBX/IhgV/yIYFf8bFBH/6uPd//n28//59vP/+fbz//n28//59vP/+fbz//n28//59vP/+Pby/9/d
+2v/f0sz3SUM/YQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAEBAQEBAQEBAQEBAQEBAQHLxsP/NTQz/yIYFf8MCQf/DAkH/xkSD/8lGxb/MiQe/zIk
+Hv8yJB7/MiQe/zEjHf/f1Mz/6uLc/+ri3P/q49z/6uPc/+rj3P/q49z/6uPc/+rj3P/p4dv/v7Wu
+6TItKkUBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAQEBAQEBAQEBAQEBAQEBAc3HxP82NTT/FhAO/x4WE/8eFhP/HhYT/x4WE/8eFhP/HhYT
+/x4WE/8eFhP/HhYT/x4WE/8OCgn/bWpp/2RhX4EAAAADAAAAAwAAAAMAAAADAAAAAwAAAAMBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAABAQEBAQEBAQEBAQEBAQEBzsnF/zc1NP8iGBX/MiQe/zIkHv8yJB7/MiQe/zIkHv8yJB7/
+MiQe/zIkHv8yJB7/MiQe/xUPDf9vbGr/ZGFffwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAEBAQEBAQEBAQEBAQEBAQHQysf/NzY1/w0KCf8SDQz/Eg0M/xINDP8SDQz/Eg0M/xINDP8S
+DQz/Eg0M/xINDP8SDQz/CQYG/3Bta/9kYV9/AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAQEBAQEBAQEBAQEBAQEBAdLLyP84Njb/IhgV/zIkHv8yJB7/MiQe/zIkHv8yJB7/MiQe/zIk
+Hv8yJB7/KB0Y/wwJB/8VDw3/cm5s/2RhX38BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAABAQEBAQEBAQEBAQEBAQEB083J/zk3Nv8iGBX/MiQe/zIkHv8yJB7/MiQe/zIkHv8yJB7/MiQe
+/zIkHv8yJB7/MiQe/xUPDf9zb23/ZWJgfwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAEBAQEBAQEBAQEBAQEBAQHVzsv/OTg3/xYQDv8eFhP/HhYT/x4WE/8eFhP/HhYT/x4WE/8eFhP/
+HhYT/x4WE/8eFhP/DgoJ/3Rwb/9lYmB/AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AQEBAQEBAQEBAQEBAQEBAdfQzP86ODf/IhgV/zIkHv8yJB7/MiQe/zIkHv8yJB7/MiQe/zIkHv8y
+JB7/Kx8a/xkSD/8VDw3/dXJw/2ViYH8BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
+AQEBAQEBAQEBAQEBAQEB2NHN/zs5OP8gFxT/LiEc/y4hHP8uIRz/LiEc/y4hHP8uIRz/LiEc/y4h
+HP8uIRz/LiEc/xQPDf93c3H/ZmJgfwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB
+AQEBAQEBAQEBAQEBAQHZ0s7/SUZE/yQaFv8lGxb/JRsW/yUbFv8lGxb/JRsW/yQZFf8fFBD/HhMP
+/x4TD/8eEw//FQ0K/4F+ff9mY2F/AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEB
+AQEBAQEBAQEBAQEBAcPAv/O/uLX/TklH/0dCP/9HQj//SEJA/0hCQP9IQ0H/SENB/0dDQf9GQT//
+RkJA/0ZCQP9ZV1f/3d3c/1hWVHUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEB
+AQEBAQEBAQEBAQEBTUlFecS9uf/HwLz/x8C8/8fAvP/HwL3/x8G9/8fBvf/Hwb3/x8G9/8fBvv/H
+wb7/x8K+/8fBvv+VjYnTCAgIDwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEB
+AQEBAQEBAQEBAQEDAwMFfXNtzZ2SjP+dkoz/nZKM/52SjP+dkoz/nZKM/52SjP+dkoz/nZKM/52S
+jP+dkoz/m5CJ+x8dGzUBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEB
+AQEBAQEBAQEBAQEBAQEMCwoVJSEfQSUiH0ElIh9BJSIfQSUiH0ElIh9BJSIfQSUiH0ElIh9BJSIf
+QSUiH0EWFBMnAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCTT4AAAAA
+AAAAPgAAACgAAACAAAAAIAAAAAEAAQAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////AAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+    </Binary>
+    <Binary Name="CONSOLE_FILE_ICON_SMALL">
+SUwBAQEABAAEABAAEAD/////IQD//////////0JNNgAAAAAAAAA2AAAAKAAAAEAAAAAQAAAAAQAg
+AAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEAAAADNDEwazk2NH85NjSBOTY0gzk2NIM5NjSB
+sq6rxbayssW2srLFtrKyxbayssW2srLFtrKyxVdUUmkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEB
+AQEBAZqPh/9wZ2H/VU5K/1VOSv9VTkr/VU5K//bz8f/+/f3//v39//79/f/+/f3//v39//79/f94
+dHOHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQGdkYn/dGxm/1VRTv9VUU7/VVFO/1VRTv/1
+8u//39/3//bz8P/28/D/9vPx//bz8P/8+/n/d3RyhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEB
+AQEBn5SL/2liXf9EQUD/RUJA/0VCQf9GQ0H/9fHu/9/e9v/08Oz/9vPw//Xx7v/39PH//fv6/3d0
+cocAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAaSZkf+lmZH/qp+X/7Cmnv+2rKb/u7Os//Tw
+7f/i4fX/9PHt//Tx7f/18e7/8/Ds//v6+P93c3GHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEB
+AQG3r6r/wLiy/8a/uf/Cvrf/yMO9/9fSz//07+z/9fT2//v59//7+ff/+/n3//v59//7+ff/d3Nx
+hwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBzcjE/9zX1P/g3Nn/sa6o/7+7t//k4N7/8+7q
+/9/d8v/y7ej/9PDs//Lu6f/z7+v/9/Xy/3JvbIcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEB
+AdjU0f/j4N3/4t/c/9jU0P/c2NX/39rX//Lu6f/c2vH/8ezn//Pv6v/y7ej/4N3a/9/c2v1DQD1V
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQGYlZP/DAkI/wkGBf8PCwn/EQwK/w8LCf/y7ej/
++fbz//n28//59vP/+fbz/+He2/1fW1hxAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEB
+gX17/xgSD/8YEg//JRsW/ygdGP8oHRj/fXVx/6mknd92cm+BdnJvgXVxboE9OTdNAQEBAQEBAQEA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAYN/ff8cFRL/IhgV/yIYFf8iGBX/IhgV/xgSD/9q
+Z2S/AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQGF
+gX//Kh4Z/zIkHv8yJB7/MiQe/y8iHP8aExD/amdmvwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBiIOB/yIYFf8oHRj/KB0Y/ygdGP8mHBf/FhAO/21q
+Z78BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQEBAQEBAY2I
+hv8mGxf/Kh4Z/yoeGf8oHBf/JhoV/x0UEP9wbWy/AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAQEBAQEBAQGnoJvbiYOA/4eBfv+Hgn//h4J//4aBf/+Lh4X/dHJw
+lQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBIiAe
+OV9ZVZ9fWVWfX1lVn19ZVZ9fWVWfXVZSmQkICA8BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAABCTT4AAAAAAAAAPgAAACgAAABAAAAAEAAAAAEAAQAAAAAAgAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+    </Binary>
+    <Binary Name="CONSOLE_FILE_ICON_LARGE48x">
+SUwBAQEABAAEADAAMAD/////IQD//////////0JNNgAAAAAAAAA2AAAAKAAAAMAAAAAwAAAAAQAg
+AAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAAAAAzArJ0swKydTMCsnUzArJ1MwKydTMCsnUzArJ1MwKydTMCsnUzArJ1MwKydTMCsnUzAr
+J1MwKydTMCsnUzArJ1MwKydTMCsnUzArJ1MwKydTMCsnUzArJ1MXFRMxAAAABQAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEB
+AQEBAQEBAQEBAQEAAAADAAAABQsKChs+OzlrT0tJf09LSX9PS0l/T0xKgU9MSYNPTEmFT0tJh09L
+SYlQTEqLTkxJi05MSYtOS0mJUExKiU9MSodPSkmDT0pJg+LY0v/39PL/9/Ty//f08v/39PL/9/Ty
+//f08v/39PL/9/Ty//f08v/39PL/9/Ty//f08v/39PL/9/Ty//f08v/39PL/9/Ty//f08v/39PL/
+9/Ty//f08v9nX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEAAAAHAAAAEWZjYLlsZ2T9XFdT
+/11XU/9dV1P/XVdT/11XU/9dV1P/XVdT/11XU/9dV1P/XVdT/11XU/9dV1P/XVdT/11XU/9dV1P/
+XFZT/+fe2f///v3//v79//7+/f///v3//v79//7+/f///v3//v79//7+/f///v3//v79//7+/f//
+/v3//v79//7+/f///v3//v79//7+/f///v3//v79//7+/f9oYFuPAAAABwAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAaOdm/uPg3r/kYV8/5OHff+WioH/l4uC/5eLgv+Xi4L/l4uC/5eLgv+X
+i4L/l4uC/5eLgv+Xi4P/mIyD/5iMg/+YjIP/l4uC/+be2f/+/v7//f39//39/f/+/v7//f39//39
+/f/+/v7//f39//39/f/+/v7//f39//39/f/+/v7//f39//39/f/+/v7//f39//39/f/+/v7//f39
+//39/f9oYFuPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAauinP+RhHv/lYh+/5qN
+g/9ZUk3/OjUy/zo1Mv86NTL/OjUy/zo1Mv86NTL/OjUy/zo1Mv86NTL/OjUy/zo1Mv87NTL/OjUy
+/+be2P/+/v3//f39//39/f/+/v3//f39//39/f/+/v3//f39//39/f/+/v3//f39//39/f/+/v3/
+/f39//39/f/+/v3//f39//39/f/+/v3//f39//39/f9oYFuPAAAABwAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAauinP+RhXv/lYl//5uPhf89OTb/Liop/y4qKf8uKin/Liop/y4qKf8uKin/
+Liop/y4qKf8uKin/Liop/y4qKf8uKin/LSoo/+bd2P/9/fz//f38//39/P/9/fz//f38//39/P/9
+/fz//f38//39/P/9/fz//f38//39/P/9/fz//f38//39/P/9/fz//f38//39/P/9/fz//f38//39
+/P9oX1uPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaujnP+Shnz/l4qA/5yQhv9R
+T03/REND/0RDQ/9EQ0P/REND/0RDQ/9EQ0P/REND/0RDQ/9EQ0P/REND/0RDQ/9EQ0P/REJC/+bd
+2P/+/fz//fz7/+fm+P+VlO3//Pv7//Tv7P/x7Oj/7efi/+/p5f/v6eT/7+nl//Pu6//t5+L/7ebh
+/+7p5P/t5uL/7ujk//Xx7v/+/fz//fz7//38+/9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAayjnf+Th33/mIuB/5uOhf+BenT/bWdj/21nY/9tZ2P/bWhj/21oY/9uaGT/bmhk
+/25oZP9uaGT/bmhk/25oZP9uaGT/bWhj/+bd2P/9/fz//f38/+Xk+P+MjOz//Pv7//Hs6f/39fP/
+9vPw//bz8P/29PH/9/Ty//n39f/39PH/9vPw//j18//39fL/9/Ty//r49//9/fz//f38//38/P9o
+X1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAayknf+UiH7/mIuC/52Qh/9qYl3/
+TkhE/05IRP9OSET/TkhE/05IRP9OSET/TkhE/05IRP9OSET/T0hE/09IRP9PSEX/TkhE/+Xd1//8
+/Pv//Pz7//z8+//8/Pv//Pz7//z8+//8/Pv//Pz7//z8+//8/Pv//Pz7//z8+//8/Pv//Pz7//z8
++//8/Pv//Pz7//z8+//8/Pv//Pz7//z8+/9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAa2knv+ViX//mYyD/5+Sif89ODb/LSko/y0pKP8tKSj/LSko/y0pKP8tKSj/LSko/y0p
+KP8tKSj/LSko/y0pKP8tKSj/LSko/+Xd1//9/Pv//Pv6//z7+v/9/Pv//Pv6//z7+v/9/Pv//Pv6
+//z7+v/9/Pv//Pv6//z7+v/9/Pv//Pv6//z7+v/9/Pv//Pv6//z7+v/9/Pv//Pv6//z7+v9oX1qP
+AAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAa2knv+WiYD/mo2E/6CTiv9KR0X/Ozo5
+/zs6Of87Ojn/Ozo5/zs6Of87Ojn/Ozo5/zs6Of87Ojn/Ozo5/zs6Of87Ojn/Ozk5/+Xd1//9/Pr/
+/fz6/9zb9f9qauf/+/r5/+vl3//m3tf/59/Y/+rk3v/r5d//7efi/+ni3P/o4Nr/59/Y/+jg2f/p
+4tz//fz6//z8+v/9/Pr//fz6//z8+v9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAa2lnv+XioH/m46F/5+Sif98dXH/ZWBe/2VgXf9lYF7/ZWFe/2VhXv9mYV7/ZmJf/2djYP9n
+ZGH/aGRi/2llYv9pZmP/aWZj/+Xc1//8+/n//Pv5/+7t+P+2tfD//Pr5//Pu6//39PH/+vf1//j1
+8//7+ff/+/n3//r39v/59vT/+fb0//j18//39PH//Pv5//z7+f/8+/n//Pv5//z7+f9oX1qPAAAA
+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAa6ln/+Yi4L/nI+G/56Rh/+ekYj/n5KJ/6CT
+iv+hlYz/o5eO/6WZkf+nm5P/qZ6W/6ugmP+topr/r6Sd/7Gnn/+zqaL/s6mj/+Xc1v/8+/n/+/r5
+//v6+f/8+/n/+/r5//v6+f/8+/n/+/r5//v6+f/8+/n/+/r5//v6+f/8+/n/+/r5//v6+f/8+/n/
++/r5//v6+f/8+/n/+/r5//v6+f9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+Aa6moP+ajYX/n5KK/6KWjf+lmJD/ppuS/6idlf+qn5f/rKGa/66jnP+wpp7/sqih/7Sqo/+2rKb/
+uK+o/7qxq/+8s63/vLSu/+Xc1v/8+vn//Pv5//r5+P/y8ff//Pv5//z7+f/8+vn//Pv5//z7+f/8
++vn//Pv5//z7+f/8+vn//Pv5//z7+f/8+vn//Pv5//z7+f/8+vn//Pv5//z7+f9oX1qPAAAABwAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAbGpo/+hlo7/qJyU/6ugmf+uo5v/sKWe/7GnoP+z
+qqP/tayl/7eup/+5sKr/u7Ks/721r/+/t7H/wbmz/8O7tv/Fvbj/xb65/+Xc1v/7+vj/+/r4/9LR
+8/9JSOL/+ff3/+Xd1f/i2ND/6OHa/+Xd1f/l3NX/59/Z/+vk3v/j2tL/6ODZ/+bd1v/i2ND/49rS
+//n39P/7+vj/+/r4//v6+P9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAbWu
+qP+qoJn/saeg/7WrpP+3rqf/ubCp/7uyrP+9tK7/v7ax/8K6tP/PycP/2tbO/9POx//Kw77/y8S/
+/83Gwv/PycT/z8nF/+Xc1f/8+vj/+/n3//j29//g3vT/+/n3//v59//8+vj/+/n3//v59//8+vj/
++/n3//v59//8+vj/+/n3//v59//8+vj/+/n3//v59//8+vj/+/n3//v59/9oX1qPAAAABwAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAbmyrf+zqqT/urKs/761sP/AuLL/wrq1/8S8t//Gv7r/
+yMG8/8vHwP+7ubL/rq2m/7m3sP/PysT/1M7K/9bQzf/Y08//2NPQ/+Xc1f/7+vf/+/r3//v69//7
++vf/+/r3//v69//7+vf/+/r3//v69//7+vf/+/r3//v69//7+vf/+/r3//v69//7+vf/+/r3//v6
+9//7+vf/+/r3//v69/9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAb22sf+8
+tK//w7y3/8fAu//Kw77/y8XA/83Hw//PycX/0MrG/6+spf+3ta7/y8nB/7m3sf+wrab/19PQ/9/b
+2P/h3dv/4d3b/+Tb1f/6+ff/+/n2//n39v/o5/T/+/n2//v59v/6+ff/+/n2//v59v/6+ff/+/n2
+//v59v/6+ff/+/n2//v59v/6+ff/+/n2//v59v/6+ff/+/n2//v59v9oX1qPAAAABwAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAcG6tv/Fv7v/zcbC/9HLx//Tzcn/1c/M/9fSzv/Z1NH/2NTQ
+/5eTjP/Fw7z/3NrS/8bFvv+bmJL/2tbU/+bj4f/m4+H/4+De/+Tb1P/7+fb/+vj2/9DO8f9DQuD/
++Pb2/+PZ0v/e08n/4dfP/+Xb1P/n39j/7OXf/+Xc1f/i2dH/39XM/+HXz//j2NH/+vj2//r49v/7
++fb/+vj2//r49v9oX1qPAAAABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcS/u//OycX/
+1dHN/9rV0v/c2NX/3trX/+Dc2v/i3tz/5ODe/6Gdl/+Xk43/urex/5eUjv+bl5H/5ODe/+Xh3//k
+4d7/4t7c/+Tb1P/6+fb/+/n2//n39f/u7PT/+/n2//v59v/6+fb/+/n2//v59v/6+fb/+/n2//v5
+9v/6+fb/+/n2//v59v/6+fb/+/n2//v59v/6+fb/+vj1//r49f9nXlmPAAAABwAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAcjDv//X09D/39vY/+Pf3f/l4d//5eLg/+bj4f/m4uD/5eLg/9/b
+2f+ppKD/iYR//6WgnP/c2Nb/49/d/+Pf3f/j39z/4Nza/+Ta1P/6+PX/+/j1//v49f/6+PX/+/j1
+//v49f/6+PX/+/j1//v49f/6+PX/+/j1//v49f/6+PX/+/j1//j18//08e//9PHv//Pw7v/y7+3/
+7evo/+He3P9jW1aVAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcvGw//d2tj/4+De
+/+Xi4P/l4uD/5eHf/+Th3//k4d7/5ODe/+Pg3f/d2db/2dfQ/9rX0//i3tz/4d7b/+Hd2//h3dr/
+39vY/+Ta1P/6+PX/+ff0/+7s8/++ve7/+ff0//Xy7v/v6eT/7unj//Pv6v/y7ej/8+/q//Dr5v/w
+6+b/7+rk/+Tf2v/Cvrr/xMPA/8XDwf/Ix8X/0M/M/+Hc2P9zamSbAAAABwAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAcvGw//c2Nb/4d7b/+Pg3v/j4N3/49/d/+Pf3f/i39z/4t7c/+Le2//K
+xsL/v7u0/8O+uv/g3Nn/4NzZ/9/b2f/f29j/3djW/+Ta0//69/T/+vj0/9fV8P9fXuP/+Pb0/+fe
+1v/o4Nn/7Obf/+vj3f/u6OL/8u3o/+7o4f/r5N3/6eLb/93W0P/X09D/9fT0//j4+P/6+fn/8u/s
+/7mrpN8ZFhUrAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcrFwv/a1tT/4Nza/+Le
+2//i3tv/4d3b/+Hd2v/h3dr/4NzZ/+Dc2f/f2tj/0s3K/9/a1//f2tf/3trX/97Z1v/e2db/29bU
+/+Ta0//59/P/+ffz//n38//59/P/+ffz//n38//59/P/+ffz//n38//59/P/+ffz//n38//59/P/
++ffz/+fl4v/n5uX//v7+//39/f/18u//1MXA8zEsKEsAAAADAQEBAQAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAcnEwf/Y1NL/lZOR/xUVFP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/
+AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/+PZ0v/69/P/+vfz//r38//69/P/+vfz//r38//6
+9/P/+vfz//r38//69/P/+vfz//r38//69/P/+vfz/+Ph3v/t7Oz//fz8//Tx7v/MycPvQz05YQAA
+AAMBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcnEwP/Fwr//FRUV/wICAf8E
+AwP/BAMD/wQDA/8EAwP/BAMD/wQDA/8EAwP/BAMD/wQDA/8EAwP/BAMD/wQDA/8EAwP/BAMC/+PZ
+0v/59/L/+ffz//n38//59/L/+ffz//n38//59/L/+ffz//n38//59/L/+ffz//n38//59/L/+fby
+/93b2P/w7u3/8u7r/8zAv+1IQj1lAQEBBQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAcjDv/+6trT/AAAA/xkSEP8bFBH/FxAO/xcQDv8bFBH/Eg0L/yAXFP8uIRz/LiEc
+/y4hHP8uIRz/LiEc/y4hHP8uIRz/IBcT/+PZ0v/59vP/+Pbz//n28//59vP/+Pbz//n28//59vP/
++Pbz//n28//59vP/+Pbz//n28//59vP/+Pby/9nW0//r5uL/y7+57Tk0MFMBAQEFAQEBAQEBAQEB
+AQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcjCv/+5tbL/AAAA/xoTEP8ZEg//
+Eg0L/xINC/8ZEg//DAgH/x8WEv8yJB7/MSQe/zIjHv8yJB7/MSQe/zIjHv8yJB7/MSMd/+PZ0f/5
+9vL/+PXy//j28v/59vL/+PXy//j28v/59vL/+PXy//j28v/59vL/+PXy//j28v/59vL/9vPv/9bQ
+y/+vo5nXJyIgOwAAAAMBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAcjDv/+7trP/AAAA/xkSEP8jGRX/IBcT/yAXE/8jGRX/HRUR/yYcF/8wIh3/MCId/zAi
+Hf8wIh3/MCId/zAiHf8wIh3/MCId/3pqYv98bWb/amFb/4F4cv/Sx8D/enBroWZeWYFmXlmBZl5Z
+gWZeWYFmXlmBZl5ZgWZeWYFmXlmBZl1YgV5UT3sWExIhAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcnDwP+8uLX/AAAA/w4KCf8WEA7/FhAO
+/xYQDv8WEA7/FhAO/xYQDv8WEA7/FhAO/xYQDv8WEA7/FhAO/xYQDv8WEA7/FhAO/xYQDv8WEA7/
+BQQD/zc1Nf/a1dL/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAcrEwP++ubb/AAAA/xoTEP8yJB7/MiQe/zIjHv8yJB7/MSQe/zIjHv8yJB7/MSQe/zIjHv8y
+JB7/MSQe/zIjHv8yJB7/MSQe/zIkHv8wIh3/CQYG/zc2Nf/b1tP/KigmQQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAcvFwf+/urj/AAAA/xUPDf8mHBf/JhwX/yYc
+F/8mHBf/JhwX/yYcF/8mHBf/JhwX/yYcF/8mHBf/JhwX/yYcF/8mHBf/JhwX/yYcF/8lGxf/BwUF
+/zg2Nf/c19T/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AcvFwv/Bu7n/AAAA/wgGBf8NCgn/DQoJ/w0KCf8NCgn/DQoJ/w0KCf8NCgn/DQoJ/w0KCf8NCgn/
+DQoJ/w0KCf8NCgn/DQoJ/w0KCf8NCgn/AwIC/zg3Nv/e2NX/KigmQQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAczGw//Cvbr/AAAA/xoTEP8yJB7/MiQe/zIjHv8y
+JB7/MSQe/zIjHv8yJB7/MSQe/zIjHv8yJB7/MSQe/zIjHv8yJB7/HxYS/wAAAP8XEA7/CQYG/zk3
+Nv/f2db/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAc3H
+w//Evrv/AAAA/xoTEP8xJB7/MSQe/zIkHv8xJB7/MiQe/zIkHv8xJB7/MiQe/zIkHv8xJB7/MiQe
+/zIkHv8xJB7/LyIc/ysfGv8tIBv/CQYG/zk3N//g2tf/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAc3HxP/GwL3/AAAA/xoTEP8yJB7/MiQe/zIjHv8yJB7/
+MiMe/zIjHv8yJB7/MiMe/zIjHv8yJB7/MiMe/zIjHv8yJB7/MiMe/zIkHv8wIh3/CQYG/zo4N//h
+29j/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAc7IxP/H
+wb7/AAAA/xINC/8gFxT/IBcU/yAXFP8gFxT/IBcU/yAXFP8gFxT/IBcU/yAXFP8gFxT/IBcU/yAX
+FP8gFxT/IBcU/yAXFP8fFxP/BgUE/zo4N//j3Nn/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAc/Jxf/Iwr//AAAA/xUPDf8mHBj/JhwY/yYcGP8mHBj/JhwY
+/yYcGP8mHBj/JhwY/yYcGP8mHBj/JhwY/yYcGP8mHBj/HRUS/w0KCf8ZEhD/BwUF/zo5OP/k3dr/
+KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAdDJxv/KxMH/
+AAAA/xoTEP8yJB7/MiQd/zIjHf8xIx3/MiMd/zIjHf8xIx3/MiMd/zIjHf8xIx3/MiMd/zIjHf8x
+Ix3/LSAb/yUaFv8qHhn/CQYG/zs5OP/l3tv/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAdHKxv/MxcL/AAAA/xoTEP8yJB7/MiQe/zIkHv8yJB7/MiQe/zIk
+Hv8yJB7/MiQe/zIkHv8yJB7/MiQe/zIkHv8yJB7/MiQe/zIkHv8wIh3/CQYG/zs5OP/m39z/Kigm
+QQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAdHKx//NxsP/AgEB
+/xENC/8ZExD/GRMQ/xkTEP8ZExD/GRMQ/xkTEP8ZExD/GRMQ/xkSEP8YEQ//GBEP/xgRD/8YEQ//
+GBEP/xgRD/8YEQ//CAUE/zw6Of/n4d7/KigmQQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAdHKx//Uzcr/FxQT/zAjHf8yJB7/MiQd/zIjHf8xIx3/MiMd/zIjHf8x
+Ix3/MiMd/zEjHf8tHxn/KRoU/ygZE/8oGRP/KRkT/ykZE/8oGRP/FQ0K/1FQT//m4uH/KigmQQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAca6uPXo4N3/ioaD/xsX
+Ff8SDQv/Eg0L/xINC/8SDQv/Eg0L/xINC/8SDQv/Eg0L/xINC/8SDQv/EQwJ/w8JB/8PCQf/DwkH
+/w8JB/8PCgj/KCcn/8nIyP/c3Nz7KCYkPwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAXl0cbXa1ND/493Z/8/Jxv/Iw8D/ycPA/8nDwP/Jw8H/ycTB/8nEwv/JxcL/
+ycXD/8nFxP/JxsT/ysfF/8rHxv/KyMf/ysjH/8rJyP/Lysn/29nZ/+Ph4P+gm5nVDQwMFwEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBARYUEyOZkIfrurOu/7uzr/+7
+s6//u7Ov/7qzrv+6s6//urOv/7qzrv+6s6//urOv/7qzrv+6s6//urOv/7qzrv+6s6//urOv/7uz
+rv+6s67/urOv/52Oju8dGxoxAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQE5NTFhoJWP/aSalf+kmpX/pJqV/6Salf+kmpX/pJqV/6Salf+kmpX/pJqV
+/6Salf+kmpX/pJqV/6Salf+kmpX/pJqV/6Salf+kmpX/opeR/0I9OXEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEEBAMHVk9JmXpya996cmvf
+enJr33pya996cmvfenJr33pya996cmvfenJr33pya996cmvfenJr33pya996cmvfenJr33pya998
+cWrdW1NMoQQEAwcBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB
+AQEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAEJNPgAAAAAAAAA+AAAAKAAAAMAAAAAwAAAAAQABAAAAAACABAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+    </Binary>
+    <Binary>
+
+    </Binary>
+    <Binary>
+AAAAAAMAAAAbTGlnaHR3YXZlIERpcmVjdG9yeSBTZXJ2ZXJzAAAAAAANdnNwaGVyZS5sb2NhbA12
+c3BoZXJlLmxvY2FsAAAAAAR0ZXN0BHRlc3QAAAAA
+    </Binary>
+    <Binary>
+SUwBAQIABAAYABAAEAD/////IRD//////////0JNNgAAAAAAAAA2AAAAKAAAAEAAAAAQAAAAAQAg
+AAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGajvf9mo73/ZqO9/2ajvf9mo73/Y6C6/2Cctv9c
+mLH/V5Os/1KOpv9NiKD/SIOb/0R/lv9Be5L/AAAAAAAAAABmo73/ZqO9/2ajvf9mo73/ZqO9/2Og
+uv9gnLb/XJix/1eTrP9Sjqb/TYig/0iDm/9Ef5b/QXuS/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB6
+ssr/j+L5/4LQ8f+C0PH/gtDx/4PR8v+D0fL/g9Hy/4LQ8f+C0PH/gdDw/4HQ8P+C0PD/XJm1/wAA
+AAAAAAAAerLK/4/i+f+C0PH/gtDx/4LQ8f+D0fL/g9Hy/4PR8v+C0PH/gtDx/4HQ8P+B0PD/gtDw
+/1yZtf8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7TM/5Pl+v+D0vP/g9Lz/4PR8v+E0/T/hdP0/4TT
+9P+E0fL/g9Hy/4PR8v+D0fL/g9Ly/2Cduv8AAAAAAAAAAHu0zP+T5fr/g9Lz/4PS8/+D0fL/hNP0
+/4XT9P+E0/T/hNHy/4PR8v+D0fL/g9Hy/4PS8v9gnbr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHy2
+z/+Z6Pv/hdX2/4bV9/+F1Pb/htX3/4fW+P+G1vj/htT1/4XT9f+E0/X/hNT1/4XV9P9gnbr/AAAA
+AAAAAAB8ts//mej7/4XV9v+G1ff/hdT2/4bV9/+H1vj/htb4/4bU9f+F0/X/hNP1/4TU9f+F1fT/
+YJ26/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+udL/nur8/4fZ+v+H2fr/h9j5/4jZ+v+J2vv/idn8
+/4bY+f+H1/j/h9f4/4bX+P+H1/X/YJ26/wAAAAAAAAAAfrnS/57q/P+H2fr/h9n6/4fY+f+I2fr/
+idr7/4nZ/P+G2Pn/h9f4/4fX+P+G1/j/h9f1/2Cduv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL3V
+/6Tu/v+J3f7/itz+/4rc/f+J2/3/itz9/4vc/f+J2vv/iNr7/4ja+v+I2fr/h9j1/2Cduv8AAAAA
+AAAAAIC91f+k7v7/id3+/4rc/v+K3P3/idv9/4rc/f+L3P3/idr7/4ja+/+I2vr/iNn6/4fY9f9g
+nbr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAILA2P+q8P7/jOD//4zf//+M4P//jeD//43g//+N4P//
+jN/+/4ve/v+L3v3/i979/4jZ9P9gnbr/AAAAAAAAAACCwNj/qvD+/4zg//+M3///jOD//43g//+N
+4P//jeD//4zf/v+L3v7/i979/4ve/f+I2fT/YJ26/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEw9v/
+r/H//47i//+O4v//juL//4/k//+O4///juL//47j//+O4v//juL//4zg//+I2fP/YJ26/wAAAAAA
+AAAAhMPb/6/x//+O4v//juL//47i//+P5P//juP//47i//+O4///juL//47i//+M4P//iNnz/2Cd
+uv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhsfe/7Py//+Q5f//kOT//5Dl//+T6f//k+n//67w//+u
+8P//rvD//67w//+u8P//rvD//2Cduv8AAAAAAAAAAIbH3v+z8v//kOX//5Dk//+Q5f//k+n//5Pp
+//+u8P//rvD//67w//+u8P//rvD//67w//9gnbr/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIfJ4f+2
+8///keX//5Hl//+S6P//k+n//7bz//9XlK//YJ26/2yqxP9sqsT/bKrE/2yqxP95utT/AAAAAAAA
+AACHyeH/tvP//5Hl//+R5f//kuj//5Pp//+28///V5Sv/2Cduv9sqsT/bKrE/2yqxP9sqsT/ebrU
+/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB7wNr/id73/7bz//+28///tvP//7bz//9gnbr/g9Dw/4PQ
+8P+D0PD/g9Dw/4PQ8P+D0PD/ebrU/wAAAAAAAAAAe8Da/4ne9/+28///tvP//7bz//+28///YJ26
+/4PQ8P+D0PD/g9Dw/4PQ8P+D0PD/g9Dw/3m61P8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGC46Rmqq
+xP9qqsT/aqrE/2qqxP9qqsT/db7e/5zZ8f////////////+tev/OoUf/nNnx/3m61P8AAAAAAAAA
+ABguOkZqqsT/aqrE/2qqxP9qqsT/aqrE/3W+3v+c2fH/////////////rXr/zqFH/5zZ8f95utT/
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZjeHlot9v/aLfb
+/2i32/9ot9v/aLfb/2e12v8rUGFiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2Y3h5
+aLfb/2i32/9ot9v/aLfb/2i32/9ntdr/K1BhYgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAABCTT4AAAAAAAAAPgAAACgAAABAAAAAEAAAAAEAAQAAAAAAgAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AA==
+    </Binary>
+    <Binary>
+SUwBAQEABAAYACAAIAD/////IRD//////////0JNNgAAAAAAAAA2AAAAKAAAAIAAAAAgAAAAAQAg
+AAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAAAAAAAAAAA
+AAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAALAAAADwAAAA8AAAAPAAAADwAA
+AA8AAAAPAAAADwAAAA8AAAAPAAAADwEBARADBAUVBAcIFwMEBRUBAgIRAAAADwAAAA8AAAAPAAAA
+DwAAAA8AAAAPAAAADwAAAA8AAAAPAAAADwAAAA8AAAALAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQICDQQHCCcEBgcwBAYHMAQHCDEEBwgxBAcI
+MQQHCDEEBwgxBAcIMQQHCDEHCw02CQ8SOggOEDgGCQs0BAcIMgQGBzADBgcwAgUHMAIFBzADBQYw
+BgsNNgMFBjEDBQYwAwUGMAMFBjADBQYwAgQFLwAAACAAAAALAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABkobv/ZKC6/2Ofuf9hnrj/YJ22/1+btf9emrP/
+XJiy/1uXsP9Zla7/WJSs/1aSq/9UkKn/U46n/1GNpf9Qi6P/Tomh/0yHoP9Lhp7/SYSc/0iDmv9F
+gJf/RH6W/0N9lP9BfJP/QHuS/0B6kf8/eZD/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC71P+P4fj/gMzt/4DM7f+AzO3/gMzt/4DN7f+A
+ze3/gM3t/4DN7f+AzO3/gMzt/4DN7f+Aze3/f8vs/3/L7P9+y+v/fsvr/37K6v9+yun/fsno/3zI
+6P98x+f/fMbm/3zG5v98xub/f8rr/1yZtf8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgr/Y/47h+f+Aze7/gM3t/4DN7f+Aze3/gM7t/4DO
+7f+Bzu7/gc7v/4HO7/+Bzu//gc7u/4HO7v+Bze7/gc3u/4DM7f+AzO3/f8zs/3/M6/9/y+r/fsrp
+/33J6P99yOj/fcjo/33I6P+Ay+z/YJ26/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEw93/j+H5/4HO7/+Bzu//gM7v/4DO7/+Azu7/gM7u
+/4HO7/+Czu//gs7v/4LO7/+Czu//gs7v/4LO7/+Czu//gc7u/4HN7v+AzO3/gMzt/4DM7f9+yuv/
+fsrr/37K6v9+yen/fcno/4DM7P9gnbr/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbH4v+P4vn/gc/v/4HP7/+Bz+//gc/v/4LO7/+Czu//
+gs/v/4LP7/+C0PD/gtDw/4LP8P+Cz/D/gs7v/4LO7/+Bzu//gc7v/4HO7v+Bzu7/gc7u/4DM7v+A
+zOz/f8zr/3/L6/9/y+v/gc7t/2Cduv8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiMvm/5Hk+f+C0PH/gtDw/4LQ8f+C0PH/g9Dx/4PQ8f+D
+0PH/g9Dx/4PP8f+Dz/H/g8/w/4PP8P+Dz/D/g8/w/4LP8P+Cz/D/gs/w/4LP8P+Cz+//gc7u/4DN
+7v+Aze3/gM3t/4DN7f+C0O3/YJ26/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACJzun/k+T5/4LQ8f+C0PH/gtDx/4LQ8f+D0fL/g9Hy/4PR
+8v+D0fL/hNHy/4TR8v+C0PH/gtDx/4LQ8f+C0PH/gtDx/4LQ8f+B0PD/gdDw/4LQ8f+B0PD/gc/v
+/4HO7/+Bzu//gc7u/4TR7f9gnbr/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAIrR6/+W5fv/gtDx/4LQ8f+C0fL/gtLz/4PS9P+E0vP/hNLz
+/4TS8/+D0vP/g9Lz/4PR8v+D0fL/g9Dx/4PQ8f+C0PH/gtDx/4LQ8f+C0PH/gtHx/4LQ8f+C0PL/
+gtDx/4LQ8f+Cz/H/hNPv/2Cduv8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAi9Pu/5nn+/+D0vP/g9Hy/4PS8/+D0vP/hNP0/4TT9f+F1PX/
+hdT1/4TT9P+E0/T/hNL0/4TS9P+E0vP/hNLz/4TS8/+E0vP/hNLz/4TS8/+E0vL/g9Lz/4LR8v+C
+0PH/gtDx/4LR8v+G1O//YJ26/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAACL0+7/nOr8/4TT9f+E0/X/hNP0/4TT9P+F1PX/htX2/4bV9v+G
+1fb/hdX2/4XV9v+F1fb/hdT1/4XT9P+E0vT/hNLz/4TS8/+E0vP/hNLz/4XT9P+E0/T/hNP0/4TS
+8/+E0vP/hNLz/4bW8P9gnbr/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAIvT7v+e6vz/htb3/4XU9/+F1Pf/htT3/4bW+P+G1/n/h9f5/4fX
++f+H1vj/h9b4/4fV9/+H1fb/htX2/4bV9v+F1Pb/hdT2/4TV9v+E1fb/hNT1/4XU9f+F0/T/hNP0
+/4TT9P+E0/T/h9fw/2Cduv8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAi9Pu/6Ls/f+H1/j/h9f4/4fX+P+H1/j/iNj5/4jZ+v+I2fr/iNn6
+/4jZ+/+I2fv/h9j6/4fY+f+G1/j/htf4/4bW+P+G1vj/htb4/4bW+P+H1/j/htf4/4fW9/+G1fb/
+htX2/4bV9v+H1/D/YJ26/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAACL0+7/pO7+/4fY+f+H2fn/h9n5/4fZ+f+I2fv/idr8/4na/P+J2vz/
+idr8/4na/P+I2fv/iNn6/4fY+f+H2Pn/h9f4/4fX+P+H1/j/h9f4/4fX+f+I2Pr/h9j5/4fY+f+H
+1/j/h9b3/4fX8P9gnbr/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAIvT7v+q8P7/idv8/4na/P+I2/z/iNv8/4jb/P+I2vv/itv8/4rb/P+L
+2v3/i9r9/4rb/P+J2/z/iNr7/4jZ+v+I2fr/iNn6/4fZ+v+H2Pr/h9j5/4na+/+I2vv/h9n6/4jZ
++v+I2fr/h9fw/2Cduv8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAi9Pu/7Dy/v+L3f//i93//4vc/v+L3P7/i9z9/4vc/f+K3f7/it3+/4ve
+/v+M3v7/jN39/4zc/f+K2/z/idv8/4nb/P+J2/z/idv7/4nb+/+J2/z/idz9/4nc/f+K2/3/itv9
+/4rb/f+H1/D/YJ26/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAACL0+7/ufX+/4vf//+L3///jN///4zf//+M3///jOD//4zf/v+M3/7/jN/+
+/4zf/v+M3/7/jN/+/4ze/v+L3f7/it39/4rd/f+L3f3/i939/4ve/f+L3v3/i979/4ve/v+L3v7/
+i93+/4fX8P9gnbr/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAIvT7v+/9v//jeH//43h//+N4P//jeD//43h//+N4f//juL//47i//+O4v//
+juL//47i//+N4v//jOD//4zf//+M3/7/jN/+/4zf/v+M3/7/jN/+/43f/v+N3/7/jOD+/4zg/v+M
+3///h9fw/2Cduv8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAi9Pu/8X4//+O4f//juH//4/i//+P4///j+P//4/j//+N4v//jeL//47i//+O
+4v//juP//47j//+O4v//juL//47h//+N4f//jOD//4zg//+M3///jd///43g//+N4f//jeH//43h
+//+H1/D/YJ26/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAACL0+7/yfn//4/j//+P5P//kOX//5Dl//+P5f//j+X//4/k//+P4///juP//47i
+//+P4///j+P//4/k//+P4///j+P//4/j//+O4///juL//43h//+N4f//juH//4/i//+P4///j+T/
+/4fX8P9gnbr/AAAAKgAAAA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAIvT7v/M+v//keX//5Hm//+R5///kef//5Hn//+R5///kef//5Hn//+Q5f//kOP/
+/4/i//+P4v//j+P//4/l//+99v//u/X//7bz//+s8P//qO7//6ju//+o7v//qO7//6ju//+o7v//
+Y6nG/3m61P8AAAAqAAAADgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAdb7e/877//+Q5v//kej//5Lo//+S6P//kej//5Ho//+S5///kuf//5Ln//+Q5f//
+j+P//4/i//+P4///tvP//4HL5v9NiaP/UIyn/1OQqv9XlK//YZ+5/2elv/9sqsT/bq3H/26tx/90
+weL/ebrU/wAAACoAAAAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAACL0+7/db7e/7z2//+89f//u/X//7r1//+49P//t/T//7fz//+28///tvP//7bz//+2
+8///tvP//7bz//9st9f/YJ26/26yz/90weL/dMHi/3TB4v90weL/dMHi/3TB4v90weL/dMHi/3TB
+4v95utT/AAAAJQAAAAsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAADdWYnx/0+//aqrE/2qqxP9qqsT/aqrE/2qqxP9qqsT/aqrE/2qqxP9qqsT/aqrE/2qq
+xP9qqsT/aqrE/2qqxP9uss//dMHi/3TH6v/f7PH/3+zx/9/s8f/f7PH/3a2L/8uaef90x+r/dMfq
+/3m61P8AAAAZAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAADdWYnx2v9//dr/f/3W+3v92v93/dr/d/3e/3f93wN7/ecLf/3vD4f99xuL/gMjl
+/4LK5/+Ezen/iNDr/4jQ6/+I0Ov/nNnx////////////////////////rXr/3Z1z/5zZ8f9/vNf/
+Ijg/XwAAAA0AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAGS75P+c2fH/nNnx/5zZ8f+c2fH/nNnx/5zZ8f+c2fH/nNnx/3+81/8A
+AAAWAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAJDxGVWS75P9ot9v/aLfb/2i32/9ot9v/aLfb/2m64f9ku+T/JDxGXAAA
+AAYAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCTT4AAAAA
+AAAAPgAAACgAAACAAAAAIAAAAAEAAQAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA////AAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAA==
+    </Binary>
+    <Binary>
+AQAAABQAAAAAAAAABAAAAP////8=
+    </Binary>
+  </BinaryStorage>
+</MMC_ConsoleFile>
\ No newline at end of file
diff --git a/vmafd/Makefile.am b/vmafd/Makefile.am
index 5ca4f5f4e..a7173bca5 100644
--- a/vmafd/Makefile.am
+++ b/vmafd/Makefile.am
@@ -3,6 +3,7 @@ ACLOCAL_AMFLAGS = -I m4
 SUBDIRS = \
     include \
     common  \
+    vmnetevent  \
     vmafcfg \
     vmevent \
     client  \
diff --git a/vmafd/build/Makefile.bootstrap b/vmafd/build/Makefile.bootstrap
deleted file mode 100644
index 07e74e0b7..000000000
--- a/vmafd/build/Makefile.bootstrap
+++ /dev/null
@@ -1,120 +0,0 @@
-SRCROOT := ../../
-MAKEROOT=$(SRCROOT)/support/make
-include $(MAKEROOT)/makedefs.mk
-
-MKDIR=/bin/mkdir
-RM=/bin/rm
-CP=/bin/cp
-LN=/bin/ln
-RPMBUILD=/usr/bin/rpmbuild
-
-RPMBUILD_ROOT=$(CURDIR)/rpmbuild
-RPMBUILD_BUILD=$(RPMBUILD_ROOT)/BUILD
-RPMBUILD_SPECS=$(RPMBUILD_ROOT)/SPECS
-RPMBUILD_RPMS=$(RPMBUILD_ROOT)/RPMS
-RPMBUILD_SOURCES=$(RPMBUILD_ROOT)/SOURCES
-RPMBUILD_SRPMS=$(RPMBUILD_ROOT)/SRPMS
-RPMBUILD_TMP=$(RPMBUILD_ROOT)/tmp
-
-RPMBUILD_DIRS= \
-    $(RPMBUILD_BUILD) \
-    $(RPMBUILD_SPECS) \
-    $(RPMBUILD_RPMS)  \
-    $(RPMBUILD_SOURCES) \
-    $(RPMBUILD_SRPMS) \
-    $(RPMBUILD_TMP)
-
-SRCROOT=..
-
-CLEAN_OBJECTS = \
-    authentication-framework \
-    client \
-    common \
-    config \
-    config.log \
-    config.status \
-    include \
-    interop \
-    libtool \
-    rpmbuild \
-    server \
-    test \
-    depends \
-    domainjoin \
-    jdepends \
-    tools \
-    vmafcfg \
-    vmauthsvc \
-    vmevent \
-    $(SRCROOT)/aclocal.m4 \
-    $(SRCROOT)/ar-lib \
-    $(SRCROOT)/autom4te.cache \
-    $(SRCROOT)/compile \
-    $(SRCROOT)/config.guess \
-    $(SRCROOT)/config.sub \
-    $(SRCROOT)/configure \
-    $(SRCROOT)/depcomp \
-    $(SRCROOT)/include/config.h.in* \
-    $(SRCROOT)/install-sh \
-    $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
-
-PKG_SPEC=vmware-afd.spec
-
-.PHONY: all package
-
-all: package
-
-package: $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
-	cd $(RPMBUILD_ROOT) && \
-	$(RPMBUILD) \
-              -ba \
-              --define "_topdir $(RPMBUILD_ROOT)" \
-              --define "_prefix /opt/vmware" \
-              --define "_bindir /opt/vmware/bin" \
-              --define "_sbindir /opt/vmware/sbin" \
-              --define "_lib64dir /opt/vmware/lib64" \
-              --define "_datadir /opt/vmware/share" \
-              --define "_includedir /opt/vmware/include" \
-              --define "_likewise_open_prefix /opt/likewise" \
-              --define "_vmdir_prefix /opt/vmware" \
-              --define "_vmdns_prefix /opt/vmware" \
-              --define "_javahome $(JAVA_HOME)" \
-              --define "_anthome $(ANT_HOME)" \
-              --define "_mavendir $(MAVEN_HOME)" \
-              --define "_version $(VMAFD_MAJOR_VER).$(VMAFD_MINOR_VER).$(VMAFD_RELEASE_VER)" \
-              --define "_patch $(VMAFD_PATCH_VER)" \
-              --buildroot $(RPMBUILD_ROOT)/BUILDROOT \
-              SPECS/$(PKG_SPEC)
-
-$(RPMBUILD_SPECS)/$(PKG_SPEC) : $(CURDIR)/package/rpm/$(PKG_SPEC) | $(RPMBUILD_SPECS)
-	@$(CP) -f $< $@
-
-$(RPMBUILD_BUILD): $(realpath $(SRCROOT)) | $(RPMBUILD_ROOT)
-	@$(LN) -s $< $@
-
-$(RPMBUILD_SPECS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_RPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SOURCES):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_SRPMS):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_TMP):
-	@$(MKDIR) -p $@
-
-$(RPMBUILD_ROOT):
-	@$(MKDIR) -p $@
-
-clean:
-	@if [ -f Makefile ]; then \
-		$(MAKE) distclean; \
-	fi
-	@$(RM) -rf $(CLEAN_OBJECTS)
-	@$(RM) -f `find .. -name Makefile.in`
-
diff --git a/vmafd/build/ant/defaults.xml b/vmafd/build/ant/defaults.xml
index 1c65910a0..6376d9b4b 100644
--- a/vmafd/build/ant/defaults.xml
+++ b/vmafd/build/ant/defaults.xml
@@ -67,7 +67,7 @@
    <!-- - - - - - build directories - - - - - -->
 
    <!-- map from GoBuild-style (all uppercase) to local style names -->
-   <property name="BUILD_ROOT" location="../../build/${PRODUCT_NAME}" />
+   <property name="BUILD_ROOT" location="${build_dir}/${PRODUCT_NAME}" />
    <property name="buildRoot" location="${BUILD_ROOT}" />
 
    <property name="PUBLISH_DIR" location="${buildRoot}/publish" />
diff --git a/vmafd/build/ant/libraries.xml b/vmafd/build/ant/libraries.xml
index cdc2f2d8a..320647202 100644
--- a/vmafd/build/ant/libraries.xml
+++ b/vmafd/build/ant/libraries.xml
@@ -5,22 +5,22 @@
    <!-- - - - - - Ant Task Libraries - - - - - -->
 
    <property name="libs.ant-contrib-home"
-             location="/var/opt/ant-contrib" />
+             location="${ant.home}" />
 
-   <fileset id="jar-set.apache-commons-lang" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.apache-commons-lang" dir="${build_dir}/depends">
         <include name="commons-lang-2.5.jar"/>
    </fileset>
 
-   <fileset id="jar-set.apache-commons-logging" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.apache-commons-logging" dir="${build_dir}/depends">
         <include name="commons-logging-1.1.1.jar"/>
    </fileset>
 
-   <fileset id="jar-set.jna" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.jna" dir="${build_dir}/depends">
         <include name="jna.jar"/>
         <include name="platform.jar"/>
    </fileset>
 
-   <fileset id="jar-set.junit" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.junit" dir="${build_dir}/depends">
       <include name="junit-4.4.jar" />
    </fileset>
 
diff --git a/vmafd/build/package/rpm/vmware-afd.spec b/vmafd/build/package/rpm/vmware-afd.spec
deleted file mode 100644
index ed1b36f21..000000000
--- a/vmafd/build/package/rpm/vmware-afd.spec
+++ /dev/null
@@ -1,281 +0,0 @@
-Name:    vmware-afd
-Summary: Authentication Framework Service
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10, vmware-directory-client = %{_version}, vmware-afd-client = %{version}, vmware-dns-client = %{version}
-BuildRequires:  coreutils >= 8.22, openssl-devel >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open-devel >= 6.2.10, vmware-directory-client-devel = %{version}, sqlite-autoconf, python2-devel >= 2.7.8, openjdk >= 1.8.0.112, apache-ant >= 1.9.4, ant-contrib >= 1.0b3, vmware-dns-client-devel = %{version}, apache-maven >= 3.3.9, boost = 1.60.0
-
-%define _dbdir %_localstatedir/lib/vmware/vmafd
-%define _vecsdir %{_dbdir}/vecs
-%define _crlsdir %{_dbdir}/crl
-%define _jarsdir  %{_prefix}/jars
-%define _logdir /var/log/lightwave
-%define _logconfdir /etc/syslog-ng/lightwave.conf.d
-%define _pymodulesdir /opt/vmware/site-packages/identity
-
-%if 0%{?_javahome:1} == 0
-%define _javahome %{_javahome}
-%endif
-
-%define _jreextdir %{_javahome}/jre/lib/ext
-
-%if 0%{?_likewise_open_prefix:1} == 0
-%define _likewise_open_prefix /opt/likewise
-%endif
-
-%define _likewise_open_bindir %{_likewise_open_prefix}/bin
-%define _likewise_open_sbindir %{_likewise_open_prefix}/sbin
-
-%if 0%{?_vmdir_prefix:1} == 0
-%define _vmdir_prefix /opt/vmware
-%endif
-
-%if 0%{?_vmdns_prefix:1} == 0
-%define _vmdns_prefix /opt/vmware
-%endif
-
-%description
-VMware Authentication Framework
-
-%package client
-Summary: VMware Authentication Framework Client
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10, vmware-directory-client >= %{version}
-%description client
-Client libraries to communicate with VMware Authentication Framework Service
-
-%package client-devel
-Summary: VMware Authentication Framework Client Development Library
-Requires: vmware-afd-client = %{version}
-%description client-devel
-Development Libraries to communicate with VMware Authentication Framework Service
-
-%package client-python
-Summary: VMware Authentication Framework Python Files
-Requires: vmware-afd-client, boost = 1.60.0
-%description client-python
-Python files included in vmafd
-
-%build
-
-export CFLAGS="-Wall -Werror -Wno-pointer-sign -Wno-unused-but-set-variable -Wno-address"
-cd build
-autoreconf -mif .. &&
-../configure --prefix=%{_prefix} \
-            --libdir=%{_lib64dir} \
-            --localstatedir=/var/lib/vmware/vmafd \
-            --with-vmdir=%{_vmdir_prefix} \
-            --with-vmdns=%{_vmdns_prefix} \
-            --with-likewise=%{_likewise_open_prefix} \
-            --with-ssl=/usr \
-            --with-sqlite=/usr \
-            --with-python=/usr \
-            --with-jdk=%{_javahome} \
-            --with-ant=%{_anthome} \
-            --with-maven=%{_mavendir} \
-            --with-boost=/usr \
-            --enable-krb5-default=yes
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=%{buildroot}
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl start lwsmd
-        fi
-    fi
-
-%post
-
-    /sbin/ldconfig
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/mkdir -m 700 -p %{_dbdir}
-    /bin/mkdir -m 700 -p %{_vecsdir}
-    /bin/mkdir -m 700 -p %{_crlsdir}
-
-    /bin/mkdir -m 755 -p %{_logdir}
-    /bin/mkdir -m 755 -p %{_logconfdir}
-    if [ -a %{_logconfdir}/vmafdd-syslog-ng.conf ]; then
-        /bin/rm %{_logconfdir}/vmafdd-syslog-ng.conf
-    fi
-    /bin/ln -s %{_datadir}/config/vmafdd-syslog-ng.conf %{_logconfdir}/vmafdd-syslog-ng.conf
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmafd.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmafd.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmafd.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmafd.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            %{_likewise_open_bindir}/lwsm info vmafd > /dev/null 2>&1
-            if [ $? -eq 0 ]; then
-                echo "Stopping the AFD Service..."
-                %{_likewise_open_bindir}/lwsm stop vmafd
-                echo "Removing service configuration..."
-                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmafd'
-                echo "Restarting service control manager..."
-                /bin/systemctl restart lwsmd
-                sleep 2
-                echo "Autostart services..."
-                %{_likewise_open_bindir}/lwsm autostart
-            fi
-            ;;
-    esac
-
-%postun
-
-    /sbin/ldconfig
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            echo "Existing VECS files kept under [%{_dbdir}]"
-            ;;
-    esac
-
-%files
-%defattr(-,root,root)
-%{_sbindir}/*
-%{_datadir}/config/vmafd.reg
-%{_datadir}/config/vmafdd-syslog-ng.conf
-
-%files client
-%defattr(-,root,root)
-%{_bindir}/cdc-cli
-%{_bindir}/dir-cli
-%{_bindir}/domainjoin
-%{_bindir}/vdcpromo
-%{_bindir}/vecs-cli
-%{_bindir}/vmafd-cli
-%{_bindir}/sl-cli
-%{_bindir}/lw-support-bundle.sh
-%{_sysconfdir}/vmware/java/vmware-override-java.security
-%{_datadir}/config/java.security.linux
-%{_lib64dir}/libvecsjni.so*
-%{_lib64dir}/libcdcjni.so*
-%{_lib64dir}/libheartbeatjni.so*
-%{_jreextdir}/vmware-endpoint-certificate-store.jar
-%{_jreextdir}/client-domain-controller-cache.jar
-%{_jreextdir}/afd-heartbeat-service.jar
-%{_jarsdir}/*.jar
-%{_lib64dir}/libvmafcfgapi.so*
-%{_lib64dir}/libvmafdclient.so*
-%{_lib64dir}/libvmeventclient.so*
-
-%files client-python 
-%defattr(-,root,root)
-%{_pymodulesdir}/vmafd.*
-%{_pymodulesdir}/*.py
-
-%files client-devel
-%defattr(-,root,root)
-%{_includedir}/vmafd.h
-%{_includedir}/vmafdtypes.h
-%{_includedir}/vmafdclient.h
-%{_includedir}/vecsclient.h
-%{_includedir}/cdcclient.h
-%{_includedir}/vmsuperlogging.h
-%{_lib64dir}/libcdcjni.a
-%{_lib64dir}/libcdcjni.la
-%{_lib64dir}/libvecsjni.a
-%{_lib64dir}/libvecsjni.la
-%{_lib64dir}/libheartbeatjni.a
-%{_lib64dir}/libheartbeatjni.la
-%{_lib64dir}/libvmafdclient.a
-%{_lib64dir}/libvmafdclient.la
-%{_lib64dir}/libvmafcfgapi.a
-%{_lib64dir}/libvmafcfgapi.la
-%{_lib64dir}/libvmeventclient.a
-%{_lib64dir}/libvmeventclient.la
-
-%exclude %{_lib64dir}/libvecsdb.a
-%exclude %{_lib64dir}/libvecsdb.la
-
-%clean
-
-rm -rf $RPM_BUILD_ROOT
-
-# %doc ChangeLog README COPYING
-
-%changelog
-
diff --git a/vmafd/client/Makefile.am b/vmafd/client/Makefile.am
index 696f6c5ee..78214bc40 100644
--- a/vmafd/client/Makefile.am
+++ b/vmafd/client/Makefile.am
@@ -1,11 +1,11 @@
 
 lib_LTLIBRARIES = libvmafdclient.la
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmafd/idl
 
 libvmafdclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -27,7 +27,7 @@ libvmafdclient_la_SOURCES = \
     vecslocalclient.c
 
 libvmafdclient_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+    @top_builddir@/vmafd/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWBASE_LIBS@ \
     @GSSAPI_LIBS@ \
@@ -49,7 +49,7 @@ BUILT_SOURCES = vmafd_h.h \
                 vmafdsuperlog_h.h
 
 vmafd_h.h vmafd_cstub.c: $(idl_srcdir)/vmafd.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmafd_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmafd_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/vmafd/include/public $<
 
 vmafdsuperlog_h.h vmafdsuperlog_cstub.c: $(idl_srcdir)/vmafdsuperlog.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmafdsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmafdsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/vmafd/include/public $<
diff --git a/vmafd/client/afdlocalclient.c b/vmafd/client/afdlocalclient.c
index 4d3b5ce98..d853131ca 100755
--- a/vmafd/client/afdlocalclient.c
+++ b/vmafd/client/afdlocalclient.c
@@ -1116,11 +1116,13 @@ VmAfdLocalJoinVmDir(
 
 DWORD
 VmAfdLocalJoinVmDir2(
+    PCWSTR           pwszServerName,
     PCWSTR           pwszDomainName,
     PCWSTR           pwszUserName,
     PCWSTR           pwszPassword,
     PCWSTR           pwszMachineName,
     PCWSTR           pwszOrgUnit,
+    PCWSTR           pwszSite,
     VMAFD_JOIN_FLAGS dwFlags
     )
 {
@@ -1135,11 +1137,13 @@ VmAfdLocalJoinVmDir2(
     noOfArgsIn = sizeof (input_spec) / sizeof (input_spec[0]);
     noOfArgsOut = sizeof (output_spec) / sizeof (output_spec[0]);
 
+    input_spec[idx++].data.pWString = (PWSTR) pwszServerName;
     input_spec[idx++].data.pWString = (PWSTR) pwszDomainName;
     input_spec[idx++].data.pWString = (PWSTR) pwszUserName;
     input_spec[idx++].data.pWString = (PWSTR) pwszPassword;
     input_spec[idx++].data.pWString = (PWSTR) pwszMachineName;
     input_spec[idx++].data.pWString = (PWSTR) pwszOrgUnit;
+    input_spec[idx++].data.pWString = (PWSTR) pwszSite;
     input_spec[idx++].data.pUint32  = (PDWORD)&dwFlags;
 
     dwError = VecsLocalIPCRequest(
diff --git a/vmafd/client/client.c b/vmafd/client/client.c
index c286b0bf6..498941eb1 100755
--- a/vmafd/client/client.c
+++ b/vmafd/client/client.c
@@ -2857,11 +2857,13 @@ VmAfdJoinVmDir2W(
     }
 
     dwError = VmAfdLocalJoinVmDir2(
+                      NULL,
                       pwszDomainName,
                       pwszUserName,
                       pwszPassword,
                       pwszMachineName,
                       pwszOrgUnit,
+                      NULL,
                       dwFlags);
     BAIL_ON_VMAFD_ERROR(dwError);
 
@@ -2876,6 +2878,142 @@ VmAfdJoinVmDir2W(
     goto cleanup;
 }
 
+DWORD
+VmAfdJoinVmDirWithSiteA(
+    PCSTR            pszServerName,  /* IN     OPTIONAL */
+    PCSTR            pszDomainName,  /* IN              */
+    PCSTR            pszUserName,    /* IN              */
+    PCSTR            pszPassword,    /* IN              */
+    PCSTR            pszMachineName, /* IN     OPTIONAL */
+    PCSTR            pszOrgUnit,     /* IN     OPTIONAL */
+    PCSTR            pszSiteName,    /* IN     OPTIONAL */
+    VMAFD_JOIN_FLAGS dwFlags         /* IN              */
+    )
+{
+    DWORD dwError = 0;
+    PWSTR pwszServerName = NULL;
+    PWSTR pwszDomainName = NULL;
+    PWSTR pwszUserName = NULL;
+    PWSTR pwszPassword = NULL;
+    PWSTR pwszMachineName = NULL;
+    PWSTR pwszOrgUnit = NULL;
+    PWSTR pwszSiteName = NULL;
+
+    if (IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        IsNullOrEmptyString(pszDomainName))
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    if (pszServerName)
+    {
+        dwError = VmAfdAllocateStringWFromA(pszServerName, &pwszServerName);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    dwError = VmAfdAllocateStringWFromA(pszUserName, &pwszUserName);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfdAllocateStringWFromA(pszPassword, &pwszPassword);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    if (pszMachineName)
+    {
+        dwError = VmAfdAllocateStringWFromA(pszMachineName, &pwszMachineName);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    dwError = VmAfdAllocateStringWFromA(pszDomainName, &pwszDomainName);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    if (pszOrgUnit)
+    {
+        dwError = VmAfdAllocateStringWFromA(pszOrgUnit, &pwszOrgUnit);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    if (pszSiteName)
+    {
+        dwError = VmAfdAllocateStringWFromA(pszSiteName, &pwszSiteName);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    dwError = VmAfdJoinVmDirWithSiteW(
+                  pwszServerName,
+                  pwszDomainName,
+                  pwszUserName,
+                  pwszPassword,
+                  pwszMachineName,
+                  pwszOrgUnit,
+                  pwszSiteName,
+                  dwFlags);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+cleanup:
+
+    VMAFD_SAFE_FREE_MEMORY(pwszServerName);
+    VMAFD_SAFE_FREE_MEMORY(pwszDomainName);
+    VMAFD_SAFE_FREE_MEMORY(pwszUserName);
+    VMAFD_SAFE_FREE_MEMORY(pwszPassword);
+    VMAFD_SAFE_FREE_MEMORY(pwszMachineName);
+    VMAFD_SAFE_FREE_MEMORY(pwszOrgUnit);
+    VMAFD_SAFE_FREE_MEMORY(pwszSiteName);
+
+    return dwError;
+
+error:
+
+    VmAfdLog(VMAFD_DEBUG_ANY, "VmAfdJoinVmDirWithSiteA failed. Error(%u)", dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmAfdJoinVmDirWithSiteW(
+    PCWSTR           pwszServerName,  /* IN   OPTIONAL */
+    PCWSTR           pwszDomainName,  /* IN            */
+    PCWSTR           pwszUserName,    /* IN            */
+    PCWSTR           pwszPassword,    /* IN            */
+    PCWSTR           pwszMachineName, /* IN   OPTIONAL */
+    PCWSTR           pwszOrgUnit,     /* IN   OPTIONAL */
+    PCWSTR           pwszSiteName,    /* IN   OPTIONAL */
+    VMAFD_JOIN_FLAGS dwFlags          /* IN            */
+    )
+{
+    DWORD dwError = 0;
+
+    if (IsNullOrEmptyString(pwszUserName) ||
+            IsNullOrEmptyString(pwszPassword) ||
+            IsNullOrEmptyString(pwszDomainName))
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    dwError = VmAfdLocalJoinVmDir2(
+                      pwszServerName,
+                      pwszDomainName,
+                      pwszUserName,
+                      pwszPassword,
+                      pwszMachineName,
+                      pwszOrgUnit,
+                      pwszSiteName,
+                      dwFlags);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    VmAfdLog(VMAFD_DEBUG_ANY, "VmAfdJoinVmDirWithSiteW failed. Error(%u)", dwError);
+
+    goto cleanup;
+}
+
 DWORD
 VmAfdLeaveVmDirA(
     PCSTR pszServerName,    /* IN              */
diff --git a/vmafd/client/prototypes.h b/vmafd/client/prototypes.h
index 17291eeff..026e4e553 100755
--- a/vmafd/client/prototypes.h
+++ b/vmafd/client/prototypes.h
@@ -293,11 +293,13 @@ VmAfdLocalJoinVmDir(
 
 DWORD
 VmAfdLocalJoinVmDir2(
+    PCWSTR           pwszServerName,
     PCWSTR           pwszDomainName,
     PCWSTR           pwszUserName,
     PCWSTR           pwszPassword,
     PCWSTR           pwszMachineName,
     PCWSTR           pwszOrgUnit,
+    PCWSTR           pwszSite,
     VMAFD_JOIN_FLAGS dwFlags
     );
 
diff --git a/vmafd/common/Makefile.am b/vmafd/common/Makefile.am
index 5b268ab94..cffbe4d49 100755
--- a/vmafd/common/Makefile.am
+++ b/vmafd/common/Makefile.am
@@ -29,10 +29,11 @@ libcommon_la_SOURCES = \
     utils.c
 
 libcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -Wno-error=deprecated-declarations \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
-    @VMDIR_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libcommon_la_LDFLAGS = \
diff --git a/vmafd/common/defines.h b/vmafd/common/defines.h
index 289587659..3be5d6526 100755
--- a/vmafd/common/defines.h
+++ b/vmafd/common/defines.h
@@ -32,11 +32,11 @@
 #define VMAFD_FQDN_SEPARATOR '.'
 #define VMAFD_IPC_SIZE_T UINT64
 
-#define VMDNS_DEFAULT_REFRESH_INTERVAL  3600
-#define VMDNS_DEFAULT_RETRY_INTERVAL    600
-#define VMDNS_DEFAULT_EXPIRE            86400
-#define VMDNS_DEFAULT_TTL               3600
-#define VMDNS_DEFAULT_LDAP_PORT         389
+#define VMAFD_DEFAULT_REFRESH_INTERVAL  3600
+#define VMAFD_DEFAULT_RETRY_INTERVAL    600
+#define VMAFD_DEFAULT_EXPIRE            86400
+#define VMAFD_DEFAULT_TTL               3600
+#define VMAFD_DEFAULT_LDAP_PORT         389
 
 #ifndef _WIN32
 #define SOCKET_FILE_PATH "/var/run/vmafd_socket"
diff --git a/vmafd/config/Makefile.am b/vmafd/config/Makefile.am
index 7515262c3..5e0cdcfa3 100644
--- a/vmafd/config/Makefile.am
+++ b/vmafd/config/Makefile.am
@@ -1,6 +1,7 @@
 vmafdconf_DATA = vmafd.reg \
                  vmafdd-syslog-ng.conf \
-		 java.security.linux
+		 java.security.linux \
+                 vmafd-telegraf.conf
 
 javaetc_DATA = vmware-override-java.security
 
diff --git a/vmafd/config/vmafd-telegraf.conf b/vmafd/config/vmafd-telegraf.conf
new file mode 100644
index 000000000..8a895bfac
--- /dev/null
+++ b/vmafd/config/vmafd-telegraf.conf
@@ -0,0 +1,3 @@
+[[inputs.procstat]]
+  exe="vmafdd"
+  prefix="vmafd"
diff --git a/vmafd/config/vmafd.reg.in b/vmafd/config/vmafd.reg.in
index 438e0220b..c187121b3 100644
--- a/vmafd/config/vmafd.reg.in
+++ b/vmafd/config/vmafd.reg.in
@@ -64,7 +64,7 @@
     doc     = "Enable or Disable DCE/RPC Server"
 }
 "LegacyModeHA" = {
-    default = dword:00000000
+    default = dword:00000001
     doc     = "Enable or Disable Legacy Mode for HA"
 }
 "EnableDnsUpdates" = {
@@ -75,4 +75,7 @@
     default = dword:0000000A
     doc     = "Set the heartbeat interval frequency"
 }
-
+"CAPath" = {
+    default = "/etc/ssl/certs"
+    doc     = "CA Certs Path"
+}
diff --git a/vmafd/configure.ac b/vmafd/configure.ac
deleted file mode 100644
index 18d466534..000000000
--- a/vmafd/configure.ac
+++ /dev/null
@@ -1,697 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([vmafd], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-AC_PROG_CXX
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-
-    linux*:x86_64)
-	;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-# vmdir-provider notify only build
-
-AC_ARG_ENABLE([notify-vmdir-provider],
-    [AC_HELP_STRING([--enable-notify-vmdir-provider], [enable vmdir provider notification (default: no)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AC_DEFINE_UNQUOTED(NOTIFY_VMDIR_PROVIDER, "1", [Notify VMDir Provider of Join/Leave])
-        fi
-    ])
-
-# SQLITE components
-
-AC_ARG_WITH([sqlite],
-    [AC_HELP_STRING([--with-sqlite=<dir>], [use SQLITE binaries rooted at prefix <dir> ])],
-    [
-        SQLITE_BASE_PATH="$withval"
-        SQLITE_INCLUDES="-I$withval/include"
-        SQLITE_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([sqlite-includes],
-    [AC_HELP_STRING([--with-sqlite-includes=<dir>], [use SQLITE headers located in prefix <dir> ])],
-    [
-        SQLITE_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([sqlite-libs],
-    [AC_HELP_STRING([--with-sqlite-libs=<dir>], [use SQLITE libraries located in prefix <dir> ])],
-    [
-        SQLITE_LDFLAGS="-L$withval"
-    ])
-echo $(SQLITE_BASE_PATH)
-AC_SUBST(SQLITE_BASE_PATH)
-AC_SUBST(SQLITE_INCLUDES)
-AC_SUBST(SQLITE_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $SQLITE_INCLUDES"
-AC_CHECK_HEADERS(sqlite3.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# BOOST components
-
-AC_ARG_WITH([boost],
-    [AC_HELP_STRING([--with-boost=<dir>], [use BOOST binaries rooted at prefix <dir> ])],
-    [
-        BOOST_BASE_PATH="$withval"
-        BOOST_INCLUDES="-I$withval/include"
-        BOOST_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([boost-includes],
-    [AC_HELP_STRING([--with-boost-includes=<dir>], [use BOOST headers located in prefix <dir> ])],
-    [
-        BOOST_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([boost-libs],
-    [AC_HELP_STRING([--with-boost-libs=<dir>], [use BOOST libraries located in prefix <dir> ])],
-    [
-        BOOST_LDFLAGS="-L$withval"
-    ])
-
-AC_ARG_WITH([boost-python-lib],
-    [AC_HELP_STRING([--with-boost-python-lib=<dir>], [use BOOST Python library extension ])],
-    [
-        BOOST_PYTHON_EXT="$withval"
-        BOOST_PYTHON_LDFLAGS="$BOOST_BASE_PATH/lib/libboost_python-$BOOST_PYTHON_EXT.a"
-    ])
-
-
-AC_SUBST(BOOST_BASE_PATH)
-AC_SUBST(BOOST_INCLUDES)
-AC_SUBST(BOOST_LDFLAGS)
-AC_SUBST(BOOST_PYTHON_EXT)
-AC_SUBST(BOOST_PYTHON_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $BOOST_INCLUDES"
-AC_LANG_PUSH([C++])
-AC_CHECK_HEADERS(boost/asio.hpp)
-AC_LANG_POP([C++])
-CPPFLAGS="$saved_CPPFLAGS"
-
-# Python components
-
-AC_ARG_WITH([python],
-    [AC_HELP_STRING([--with-python=<dir>], [use Python binaries rooted at prefix <dir> ])],
-    [
-        PYTHON_BASE_PATH="$withval"
-        PYTHON_INCLUDES="-I$withval/include/python2.7"
-        PYTHON_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([python-includes],
-    [AC_HELP_STRING([--with-python-includes=<dir>], [use Python headers located in prefix <dir> ])],
-    [
-        PYTHON_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([python-libs],
-    [AC_HELP_STRING([--with-python-libs=<dir>], [use Python libraries located in prefix <dir> ])],
-    [
-        PYTHON_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(PYTHON_BASE_PATH)
-AC_SUBST(PYTHON_INCLUDES)
-AC_SUBST(PYTHON_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES"
-AC_CHECK_HEADERS(python.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-
-
-
-
-# openssl component
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-# Maven component
-
-AC_ARG_WITH([maven],
-    [AC_HELP_STRING([--with-maven=<dir>], [use Apache Maven  binaries rooted at prefix <dir> ])],
-    [
-        MAVEN_HOME="$withval"
-    ])
-
-AC_SUBST(MAVEN_HOME)
-
-# Java
-
-AC_ARG_WITH([jdk],
-    [AC_HELP_STRING([--with-jdk=<dir>], [use jdk binaries rooted at prefix <dir> ])],
-    [
-        JAVA_HOME="$withval"
-        JDK_INCLUDES="-I$withval/include -I$withval/include/linux"
-        JDK_LDFLAGS="-L$withval/lib"
-        TOOLS_CLASSPATH=$JAVA_HOME/lib/tools.jar
-    ])
-
-AC_ARG_WITH([jdk-includes],
-    [AC_HELP_STRING([--with-jdk-includes=<dir>], [use java headers located in prefix <dir> ])],
-    [
-        JDK_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([jdk-libs],
-    [AC_HELP_STRING([--with-jdk-libs=<dir>], [use java libraries located in prefix <dir> ])],
-    [
-        JDK_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(JAVA_HOME)
-AC_SUBST(JDK_INCLUDES)
-AC_SUBST(JDK_LDFLAGS)
-AC_SUBST(TOOLS_CLASSPATH)
-
-JDK_PATH=$JAVA_HOME/bin
-AC_SUBST(JDK_PATH)
-
-JAVA=$JAVA_HOME/bin/java
-AC_SUBST(JAVA)
-
-JRE_EXT=$JAVA_HOME/jre/lib/ext
-AC_SUBST(JRE_EXT)
-
-AC_PATH_PROG([JAVAH], [javah], [no], [$PATH:$JDK_PATH])
-
-if test x"$JAVAH" = x"no"; then
-    AC_MSG_ERROR([JAVAH compiler not found])
-fi
-
-# ESX Platform
- 
-DCERPC_DEPENDENCY="lsass dcerpc"
-AC_SUBST(DCERPC_DEPENDENCY)
-AC_ARG_ENABLE([esx],
-    [AC_HELP_STRING([--enable-esx], [enable acl check on modify (default: enabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AC_DEFINE_UNQUOTED(PLATFORM_VMWARE_ESX, "1", [ Built to run on VMware ESXi ])
-            DCERPC_DEPENDENCY="lsass"
-        else
-            DCERPC_DEPENDENCY="lsass dcerpc"
-        fi
-    ])
-
-# Ant component
-
-AC_ARG_WITH([ant],
-    [AC_HELP_STRING([--with-ant=<dir>], [use Ant binaries rooted at prefix <dir> ])],
-    [
-        ANT_HOME="$withval"
-        ANT_CLASSPATH=$ANT_HOME/lib/ant.jar:$ANT_HOME/lib/ant-launcher.jar
-    ])
-
-AC_PATH_PROG([ANT], [ant], [no], [$PATH:$JAVA_HOME/bin:$ANT_HOME/bin])
-
-if test x"$ANT" = x"no"; then
-    AC_MSG_ERROR([ANT compiler not found])
-fi
-
-AC_SUBST(ANT_HOME)
-AC_SUBST(ANT_CLASSPATH)
-
-# Likewise components
-
-KRB5_DEFAULT_ENABLED="no"
-AC_ARG_ENABLE([krb5-default],
-    [AC_HELP_STRING([--enable-krb5-default], [enable default krb5.conf/krb5.keytab (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AC_DEFINE_UNQUOTED(USE_DEFAULT_KRB5_PATHS, "1", [ Use /etc/krb5.conf /etc/krb5.keytab ])
-            KRB5_DEFAULT_ENABLED="yes"
-        fi
-    ])
-
-LIKEWISE_LIB_PATH="/opt/likewise/lib64"
-AC_SUBST(LIKEWISE_LIB_PATH)
-LIKEWISE_LIBDIR="/opt/likewise/lib64"
-AC_SUBST(LIKEWISE_LIBDIR)
-AC_ARG_WITH([likewise-libdir],
-    [AC_HELP_STRING([--with-likewise-libdir=<dir>], [use LIKEWISE libraries (at install) in this location])],
-    [
-        LIKEWISE_LIBDIR="$withval"
-    ])
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/likewise/lib64 -Wl,-rpath-link,/opt/likewise/lib64"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval"
-    ])
-
-AC_ARG_WITH([likewise-rpath],
-    [AC_HELP_STRING([--with-likewise-rpath=<dir>], [use likewise libraries located at <dir> at runtime])],
-    [
-        LW_LDFLAGS="-L$LW_BASE_PATH/lib64 -Wl,-rpath,$withval -Wl,-rpath-link,$LW_BASE_PATH/lib64"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$LW_BASE_PATH/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_ARG_WITH([dcerpc],
-    [AC_HELP_STRING([--with-dcerpc=<dir>], [use DCERPC binaries rooted at prefix <dir> ])],
-    [
-        DCERPC_PATH="$withval/bin"
-        DCERPC_INCLUDES="-I$withval/include"
-        DCERPC_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([dcerpc-includes],
-    [AC_HELP_STRING([--with-dcerpc-includes=<dir>], [use DCERPC headers located in prefix <dir> ])],
-    [
-        DCERPC_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([dcerpc-libs],
-    [AC_HELP_STRING([--with-dcerpc-libs=<dir>], [use DCERPC libraries located in prefix <dir> ])],
-    [
-        DCERPC_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES $OPENSSL_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h lwrpcrt/lwrpcrt.h dce/rpc.h)
-AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h openssl/x509.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# VMDIR component
-
-AC_ARG_WITH([vmdir],
-    [AC_HELP_STRING([--with-vmdir=<dir>], [use VMDIR binaries rooted at prefix <dir> ])],
-    [
-        VMDIR_BASE_PATH="$withval"
-        VMDIR_INCLUDES="-I$withval/include"
-        VMDIR_LDFLAGS="-L$VMDIR_BASE_PATH/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,$VMDIR_BASE_PATH/lib64"
-    ])
-
-AC_ARG_WITH([vmdir-includes],
-    [AC_HELP_STRING([--with-vmdir-includes=<dir>], [use VMDIR headers located in prefix <dir> ])],
-    [
-        VMDIR_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([vmdir-libs],
-    [AC_HELP_STRING([--with-vmdir-libs=<dir>], [use VMDIR libraries located in prefix <dir> ])],
-    [
-        VMDIR_LDFLAGS="-L$withval"
-    ])
-
-AC_ARG_WITH([vmdir-rpath],
-    [AC_HELP_STRING([--with-vmdir-rpath=<dir>], [use VMDIR runtime libraries located at <dir> ])],
-    [
-        VMDIR_LDFLAGS="-L$VMDIR_BASE_PATH/lib64 -Wl,-rpath,$withval -Wl,-rpath-link,$VMDIR_BASE_PATH/lib64"
-    ])
-
-AC_SUBST(VMDIR_BASE_PATH)
-AC_SUBST(VMDIR_INCLUDES)
-AC_SUBST(VMDIR_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMDIR_INCLUDES $DCERPC_INCLUDES"
-AC_CHECK_HEADERS(vmdirclient.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# VMDNS component
-
-AC_ARG_WITH([vmdns],
-    [AC_HELP_STRING([--with-vmdns=<dir>], [use VMDNS binaries rooted at prefix <dir> ])],
-    [
-        VMDNS_BASE_PATH="$withval"
-        VMDNS_INCLUDES="-I$withval/include"
-        VMDNS_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/usr/lib/vmware-vmdns/lib64 -Wl,-rpath-link,/usr/lib/vmware-vmdns/lib64"
-    ])
-
-AC_ARG_WITH([vmdns-includes],
-    [AC_HELP_STRING([--with-vmdns-includes=<dir>], [use VMDNS headers located in prefix <dir> ])],
-    [
-        VMDNS_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([vmdns-libs],
-    [AC_HELP_STRING([--with-vmdns-libs=<dir>], [use VMDNS libraries located in prefix <dir> ])],
-    [
-        VMDNS_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(VMDNS_BASE_PATH)
-AC_SUBST(VMDNS_INCLUDES)
-AC_SUBST(VMDNS_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMDNS_INCLUDES $DCERPC_INCLUDES"
-AC_CHECK_HEADERS(vmdns.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h sys/stat.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h sys/un.h dirent.h termios.h term.h)
-AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
-AC_CHECK_HEADERS(limits.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([uuid],[uuid_copy], [UUID_LIBS="-luuid"], [], [$LW_LDFLAGS -luuid])
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB(
-    [ldap_r],
-    [ldap_initialize],
-    [LDAP_LIBS="-lldap_r -llber -lsasl2"],
-    [],
-    [$LW_LDFLAGS -llber -lsasl2 $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-AC_CHECK_LIB(
-    [lwadvapi],
-    [LwAllocateMemory],
-    [LWADVAPI_LIBS="-llwadvapi -llwadvapi_nothr"],
-    [],
-    [$LW_LDFLAGS $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    $UUID_LIBS $LDAP_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwadvapi_nothr])
-AC_CHECK_LIB(
-    [lwsm],
-    [LwSmStartService],
-    [LWSM_LIBS="-llwsm -llwsmcommon"],
-    [],
-    [$LW_LDFLAGS $LWMSG_LIBS $LWADVAPI_LIBS $LWBASE_LIBS $GSSAPI_LIBS $UUID_LIBS $LDAP_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwsmcommon]
-    )
-
-AC_CHECK_LIB(
-    [domainjoin],
-    [DJJoinDomain],
-    [DOMAINJOIN_LIBS="-ldomainjoin -lcentutils -leventlog -leventlogutils -llsaclient -llsacommon -llwnetclientapi -llwnetcommon -llwsm -llwsmcommon"],
-    [],
-    [$LW_LDFLAGS -ldomainjoin -lcentutils -leventlog -leventlogutils -llsaclient -llsacommon -llwnetclientapi -llwnetcommon -llwsm -llwsmcommon $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS -llwadvapi_nothr])
-AC_CHECK_LIB(
-    [vmdirclient],
-    [VmDirSetupHostInstance],
-    [VMDIR_LIBS="-lvmdirclient"],
-    [],
-    [$VMDIR_LDFLAGS -lvmdirclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [vmdnsclient],
-    [VmDnsOpenServerA],
-    [VMDNS_LIBS="-lvmdnsclient"],
-    [],
-    [$VMDNS_LDFLAGS -lvmdnsclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-
-
-AC_CHECK_LIB([shadow], [getspnam], [SHADOW_LIBS="-lshadow"])
-AC_CHECK_LIB([crypt], [crypt_r], [CRYPT_LIBS="-lcrypt"])
-AC_LANG_PUSH([C++])
-AC_CHECK_LIB(
-        [boost_unit_test_framework],
-        [main],
-        [BOOST_LIBS="-lboost_thread -lboost_system -lboost_filesystem -lboost_program_options"],
-        [],
-        [$BOOST_LDFLAGS])
-AC_LANG_POP([C++])
-
-AC_CHECK_LIB([sqlite3], [sqlite3_open], [SQLITE_LIBS="-lsqlite3"], [], [$SQLITE_LDFLAGS $DL_LIBS $PTHREAD_LIBS])
-AC_CHECK_LIB([python2.7 ],  [PyArg_Parse], [PYTHON_LIBS="-lpython2.7"], [], [$PYTHON_LDFLAGS])
-
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(DOMAINJOIN_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(SHADOW_LIBS)
-AC_SUBST(CRYPT_LIBS)
-AC_SUBST(BOOST_LIBS)
-AC_SUBST(PYTHON_LIBS)
-AC_SUBST(SQLITE_LIBS)
-AC_SUBST(LWADVAPI_LIBS)
-AC_SUBST(LWSM_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(VMDIR_LIBS)
-AC_SUBST(VMDNS_LIBS)
-
-AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-if test x"$IDL" = x"no"; then
-    AC_MSG_ERROR([DCERPC IDL compiler not found])
-fi
-
-AS_AC_EXPAND(VMAFD_BIN_DIR, $prefix)
-AC_SUBST(VMAFD_BIN_DIR)
-
-AS_AC_EXPAND(VMAFD_SBIN_DIR, ["${sbindir}"])
-AC_SUBST(VMAFD_SBIN_DIR)
-
-if test x"$localstatedir" = x"/var"; then
-    vmafddbdir="$localstatedir/lib/afd"
-else
-    vmafddbdir="$localstatedir"
-fi
-AC_SUBST(vmafddbdir)
-AS_AC_EXPAND(VMAFD_DB_DIR, $vmafddbdir)
-AC_DEFINE_UNQUOTED(VMAFD_DB_DIR, "$VMAFD_DB_DIR", [Database directory])
-
-vmafdconfdir="$datadir/config"
-AC_SUBST(vmafdconfdir)
-AS_AC_EXPAND(VMAFD_CONFIG_DIR, $vmafdconfdir)
-AC_SUBST(VMAFD_CONFIG_DIR)
-AC_DEFINE_UNQUOTED(VMAFD_CONFIG_DIR, "$VMAFD_CONFIG_DIR", [Config afd])
-
-if test x"$KRB5_DEFAULT_ENABLED" = x"yes"; then
-VMAFD_KEYTAB_CONFIG_DIR="/etc"
-VMAFD_KRB5CONF_FILENAME="krb5.conf"
-VMAFD_KRB5CONF_FILEPATH="/etc/${VMAFD_KRB5CONF_FILENAME}"
-else
-VMAFD_KEYTAB_CONFIG_DIR="$VMAFD_CONFIG_DIR"
-VMAFD_KRB5CONF_FILENAME="krb5.lotus.conf"
-VMAFD_KRB5CONF_FILEPATH="/etc/${VMAFD_KRB5CONF_FILENAME}"
-fi
-AC_DEFINE_UNQUOTED(VMAFD_KEYTAB_CONFIG_DIR, "$VMAFD_KEYTAB_CONFIG_DIR", [Config afd])
-AC_SUBST(VMAFD_KEYTAB_CONFIG_DIR)
-AC_SUBST(VMAFD_KRB5CONF_FILENAME)
-AC_SUBST(VMAFD_KRB5CONF_FILEPATH)
-
-databasedir=$localstatedir
-AC_SUBST(databasedir)
-AS_AC_EXPAND(VMAFD_DB_DIR, $databasedir)
-AC_DEFINE_UNQUOTED(VMAFD_DB_DIR, "$VMAFD_DB_DIR", [DB path for vmafd])
-
-initddir=$sysconfdir/init.d
-AC_SUBST(initddir)
-
-pymodulesdir=$prefix/site-packages/identity
-AC_SUBST(pymodulesdir)
-
-javaetcdir=/etc/vmware/java
-AC_SUBST(javaetcdir)
-
-vmafdjarsdir="$prefix/jars"
-AC_SUBST(vmafdjarsdir)
-
-jreextdir=$JRE_EXT
-AC_SUBST(jreextdir)
-
-AC_CONFIG_FILES([Makefile
-                 include/Makefile
-                 include/public/Makefile
-                 config/Makefile
-                 config/vmafd.reg
-                 common/Makefile
-                 vmafcfg/Makefile
-                 vmafcfg/api/Makefile
-                 vmafcfg/posix/Makefile
-                 vmevent/Makefile
-                 vmevent/common/Makefile
-                 vmevent/db/Makefile
-                 vmevent/server/Makefile
-                 vmevent/client/Makefile
-                 vmevent/test/Makefile
-                 server/Makefile
-                 server/db/Makefile
-                 server/vmafd/Makefile
-                 server/vmafd/vmafd-server-defines.h
-                 client/Makefile
-                 jdepends/Makefile
-                 tools/Makefile
-                 tools/dir-cli/Makefile
-                 tools/cdc-cli/Makefile
-                 tools/cli/Makefile
-                 tools/domainjoin/Makefile
-                 tools/vdcpromo/Makefile
-                 tools/vecs-cli/Makefile
-                 tools/sl-cli/Makefile
-                 interop/Makefile
-                 interop/cdcjni/Makefile
-                 interop/heartbeatjni/Makefile
-                 interop/java/Makefile
-                 interop/jni/Makefile
-                 interop/python/Makefile
-		         test/Makefile
-                ])
-AC_OUTPUT
-
diff --git a/vmafd/include/public/vmafdclient.h b/vmafd/include/public/vmafdclient.h
index 10cb91584..adfb8a872 100755
--- a/vmafd/include/public/vmafdclient.h
+++ b/vmafd/include/public/vmafdclient.h
@@ -409,6 +409,30 @@ VmAfdJoinVmDir2W(
     VMAFD_JOIN_FLAGS dwFlags          /* IN            */
     );
 
+DWORD
+VmAfdJoinVmDirWithSiteA(
+    PCSTR            pszServerName,  /* IN     OPTIONAL */
+    PCSTR            pszDomainName,  /* IN              */
+    PCSTR            pszUserName,    /* IN              */
+    PCSTR            pszPassword,    /* IN              */
+    PCSTR            pszMachineName, /* IN     OPTIONAL */
+    PCSTR            pszOrgUnit,     /* IN     OPTIONAL */
+    PCSTR            pszSiteName,    /* IN     OPTIONAL */
+    VMAFD_JOIN_FLAGS dwFlags         /* IN              */
+    );
+
+DWORD
+VmAfdJoinVmDirWithSiteW(
+    PCWSTR           pwszServerName,  /* IN   OPTIONAL */
+    PCWSTR           pwszDomainName,  /* IN            */
+    PCWSTR           pwszUserName,    /* IN            */
+    PCWSTR           pwszPassword,    /* IN            */
+    PCWSTR           pwszMachineName, /* IN   OPTIONAL */
+    PCWSTR           pwszOrgUnit,     /* IN   OPTIONAL */
+    PCWSTR           pwszSiteName,    /* IN   OPTIONAL */
+    VMAFD_JOIN_FLAGS dwFlags          /* IN            */
+    );
+
 DWORD
 VmAfdLeaveVmDirA(
     PCSTR pszServerName,    /* IN     OPTIONAL */
diff --git a/vmafd/include/type_spec.h b/vmafd/include/type_spec.h
index 6b4c596b1..9c902037d 100755
--- a/vmafd/include/type_spec.h
+++ b/vmafd/include/type_spec.h
@@ -889,6 +889,11 @@ typedef struct _VMW_TYPE_SPEC_
 
 #define JOIN_VMDIR_2_INPUT_PARAMS \
 {\
+    {\
+        "Server Name",\
+        VMW_IPC_TYPE_WSTRING,\
+        {NULL}\
+    },\
     {\
         "Domain Name",\
         VMW_IPC_TYPE_WSTRING,\
@@ -914,6 +919,11 @@ typedef struct _VMW_TYPE_SPEC_
         VMW_IPC_TYPE_WSTRING,\
         {NULL}\
     },\
+    {\
+        "Site Name",\
+        VMW_IPC_TYPE_WSTRING,\
+        {NULL}\
+    },\
     { \
         "Join Flags",\
         VMW_IPC_TYPE_UINT32,\
diff --git a/vmafd/include/vmafddefines.h b/vmafd/include/vmafddefines.h
index ad40d3680..d8a67e119 100755
--- a/vmafd/include/vmafddefines.h
+++ b/vmafd/include/vmafddefines.h
@@ -429,7 +429,7 @@ typedef struct _VMAFD_CRED_CONTEXT_W
 #define VMAFD_REG_VALUE_SITE          "Site"
 #define VMAFD_REG_VALUE_LAST_PING     "LastPing"
 #define VMAFD_REG_VALUE_PING_TIME     "PingTime"
-#define VMAFD_REG_KEY_ENABLE_DNS      "EnableDnsUpdates"
+#define VMAFD_REG_KEY_ENABLE_DDNS      "EnableDnsUpdates"
 #define VMAFD_REG_KEY_HEARTBEAT       "HeartbeatInterval"
 
 //domainJoinFlag
diff --git a/vmafd/include/vmnetevent.h b/vmafd/include/vmnetevent.h
new file mode 100644
index 000000000..fd9a63b27
--- /dev/null
+++ b/vmafd/include/vmnetevent.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _VMNETEVENT_H_
+#define _VMNETEVENT_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct __VMNETEVENT_HANDLE* PVMNETEVENT_HANDLE;
+
+#ifndef _PFN_VMNETEVENT_CALLBACK
+#define _PFN_VMNETEVENT_CALLBACK 1
+typedef DWORD (*PFN_VMNETEVENT_CALLBACK) (VOID);
+#endif
+
+typedef enum
+{
+    VMNET_EVENT_TYPE_UNDEFINED = 0,
+    VMNET_EVENT_TYPE_IPCHANGE,
+    VMNET_EVENT_TYPE_MAX
+} VMNET_EVENT_TYPE, *PVMNETEVENT_TYPE;
+
+DWORD
+VmNetEventRegister(
+    VMNET_EVENT_TYPE vmEventType,
+    PFN_VMNETEVENT_CALLBACK pfnCallBack,
+    PVMNETEVENT_HANDLE* ppEventHandle
+    );
+
+VOID
+VmNetEventUnregister(
+    PVMNETEVENT_HANDLE pEventHandle
+    );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _VMNETEVENT_H_ */
diff --git a/vmafd/interop/cdcjni/Makefile.am b/vmafd/interop/cdcjni/Makefile.am
index 01ea59ca5..a1ef3c966 100644
--- a/vmafd/interop/cdcjni/Makefile.am
+++ b/vmafd/interop/cdcjni/Makefile.am
@@ -1,13 +1,13 @@
 
 CLASSNAME = com.vmware.identity.cdc.CdcAdapter
-JARDIR=$(top_builddir)/authentication-framework/packages
+JARDIR=$(top_builddir)/vmafd/authentication-framework/packages
 JAR=$(JARDIR)/client-domain-controller-cache.jar
 
 lib_LTLIBRARIES = libcdcjni.la
 
 libcdcjni_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
     @JDK_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -16,7 +16,7 @@ libcdcjni_la_SOURCES = \
 		cdcjni.c
 
 libcdcjni_la_LIBADD = \
-    @top_builddir@/client/libvmafdclient.la
+    @top_builddir@/vmafd/client/libvmafdclient.la
 
 libcdcjni_la_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
@@ -32,4 +32,4 @@ cdcjni.h:
 	$(JAVAH) -o $@ -classpath $(JAR) $(CLASSNAME)
 
 jreext_DATA= \
-    @top_builddir@/authentication-framework/packages/client-domain-controller-cache.jar
+    @top_builddir@/vmafd/authentication-framework/packages/client-domain-controller-cache.jar
diff --git a/vmafd/interop/heartbeatjni/Makefile.am b/vmafd/interop/heartbeatjni/Makefile.am
index d332e5570..b486b1ba2 100644
--- a/vmafd/interop/heartbeatjni/Makefile.am
+++ b/vmafd/interop/heartbeatjni/Makefile.am
@@ -1,13 +1,13 @@
 
 CLASSNAME = com.vmware.identity.heartbeat.VmAfdHeartbeatAdapter
-JARDIR=$(top_builddir)/authentication-framework/packages
+JARDIR=$(top_builddir)/vmafd/authentication-framework/packages
 JAR=$(JARDIR)/afd-heartbeat-service.jar
 
 lib_LTLIBRARIES = libheartbeatjni.la
 
 libheartbeatjni_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
     @JDK_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -16,7 +16,7 @@ libheartbeatjni_la_SOURCES = \
 		heartbeatjni.c
 
 libheartbeatjni_la_LIBADD = \
-    @top_builddir@/client/libvmafdclient.la
+    @top_builddir@/vmafd/client/libvmafdclient.la
 
 libheartbeatjni_la_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
@@ -32,4 +32,4 @@ heartbeatjni.h:
 	$(JAVAH) -o $@ -classpath $(JAR) $(CLASSNAME)
 
 jreext_DATA= \
-    @top_builddir@/authentication-framework/packages/afd-heartbeat-service.jar
\ No newline at end of file
+    @top_builddir@/vmafd/authentication-framework/packages/afd-heartbeat-service.jar
diff --git a/vmafd/interop/java/Makefile.am b/vmafd/interop/java/Makefile.am
index 9e0694ff3..61e73f31e 100644
--- a/vmafd/interop/java/Makefile.am
+++ b/vmafd/interop/java/Makefile.am
@@ -2,8 +2,8 @@
 CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
 
 vmafdjars_DATA= \
-    @top_builddir@/authentication-framework/packages/authentication-framework.jar
+    @top_builddir@/vmafd/authentication-framework/packages/authentication-framework.jar
 
-@top_builddir@/authentication-framework/packages/authentication-framework.jar :
+@top_builddir@/vmafd/authentication-framework/packages/authentication-framework.jar :
 	@echo "Building Jar"
-	cd @top_srcdir@/interop/java && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -DBUILD_NUMBER="0" -Dfile.encoding="UTF8" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
+	cd @top_srcdir@/vmafd/interop/java && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Dlibs.ant-contrib-home="@abs_top_builddir@/vmafd/depends" -DBUILD_NUMBER="0" -Dbuild_dir="@abs_top_builddir@"/vmafd -Dfile.encoding="UTF8" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/vmafd/interop/java/build.xml b/vmafd/interop/java/build.xml
index a04cebace..0570f5227 100644
--- a/vmafd/interop/java/build.xml
+++ b/vmafd/interop/java/build.xml
@@ -4,12 +4,13 @@
 -->
 <project name="vmaf-dist" default="build" basedir=".">
    <property name="MAINSRCROOT" value="${basedir}/../.." />
-   <property name="buildRoot" location="${MAINSRCROOT}/build" />
+   <property file="${MAINSRCROOT}/interop/java/product.properties" />
+   <import file="${MAINSRCROOT}/build/ant/presets.xml" />
+   <import file="${MAINSRCROOT}/build/ant/libraries.xml" />
+   <property name="buildRoot" location="${build_dir}/${PRODUCT_NAME}" />
    <property name="PKGBASE" location="${buildRoot}/packages" />
    <property name="GROUP_BASE" value="com.vmware.identity" />
    <property name="AFD_VERSION" value="1.0" />
-   <import file="${MAINSRCROOT}/build/ant/presets.xml" />
-   <import file="${MAINSRCROOT}/build/ant/libraries.xml" />
 
    <target name="module.af-client" >
       <make-module dir="vmaf" />
diff --git a/vmafd/interop/java/cdc/build.xml b/vmafd/interop/java/cdc/build.xml
index fefcd441b..52e776c3e 100644
--- a/vmafd/interop/java/cdc/build.xml
+++ b/vmafd/interop/java/cdc/build.xml
@@ -13,12 +13,11 @@
    <property name="client-domain-controller-cache.vendor"
              value="VMWare, Inc." />
 
-   <property file="../product.properties" />
    <property name="MAINSRCROOT" value="${basedir}/../../.."/>
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}"/>
-
+   <property file="${MAINSRCROOT}/interop/java/product.properties" />
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}"/>
 
    <path id="classpath.main">
    </path>
diff --git a/vmafd/interop/java/cdc/pom.xml b/vmafd/interop/java/cdc/pom.xml
index 0941e3257..ed71b2fa3 100644
--- a/vmafd/interop/java/cdc/pom.xml
+++ b/vmafd/interop/java/cdc/pom.xml
@@ -2,7 +2,7 @@
 <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <modelVersion>4.0.0</modelVersion>
-  <groupId>com.vmware.identity</groupId>
+  <groupId>com.vmware.vmafd</groupId>
   <artifactId>client-domain-controller-cache</artifactId>
   <version>1.2.0-SNAPSHOT</version>
 </project>
diff --git a/vmafd/interop/java/heartbeat/build.xml b/vmafd/interop/java/heartbeat/build.xml
index a55b52924..d955cfd81 100644
--- a/vmafd/interop/java/heartbeat/build.xml
+++ b/vmafd/interop/java/heartbeat/build.xml
@@ -13,12 +13,11 @@
    <property name="afd-heartbeat-service.vendor"
              value="VMWare, Inc." />
 
-   <property file="../product.properties" />
    <property name="MAINSRCROOT" value="${basedir}/../../.."/>
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}"/>
-
+   <property file="${MAINSRCROOT}/interop/java/product.properties" />
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}"/>
 
    <path id="classpath.main">
    </path>
diff --git a/vmafd/interop/java/vks/build.xml b/vmafd/interop/java/vks/build.xml
index d8d069fcc..54590421f 100644
--- a/vmafd/interop/java/vks/build.xml
+++ b/vmafd/interop/java/vks/build.xml
@@ -13,12 +13,11 @@
    <property name="vmware-endpoint-certificate-store.vendor"
              value="VMWare, Inc." />
 
-   <property file="../product.properties" />
    <property name="MAINSRCROOT" value="${basedir}/../../.."/>
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}"/>
-
+   <property file="${MAINSRCROOT}/interop/java/product.properties" />
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}"/>
 
    <path id="classpath.main">
    </path>
diff --git a/vmafd/interop/java/vks/pom.xml b/vmafd/interop/java/vks/pom.xml
index 082d33767..333617248 100644
--- a/vmafd/interop/java/vks/pom.xml
+++ b/vmafd/interop/java/vks/pom.xml
@@ -2,7 +2,7 @@
 <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <modelVersion>4.0.0</modelVersion>
-  <groupId>com.vmware.identity</groupId>
+  <groupId>com.vmware.vmafd</groupId>
   <artifactId>vmware-endpoint-certificate-store</artifactId>
   <version>1.2.0-SNAPSHOT</version>
 </project>
diff --git a/vmafd/interop/java/vmaf/build.xml b/vmafd/interop/java/vmaf/build.xml
index aa7ee3e99..382dfe9ae 100644
--- a/vmafd/interop/java/vmaf/build.xml
+++ b/vmafd/interop/java/vmaf/build.xml
@@ -13,19 +13,18 @@
    <property name="vmware-authentication-framework.vendor"
              value="VMWare, Inc." />
 
-   <property file="../product.properties" />
    <property name="MAINSRCROOT" value="${basedir}/../../.."/>
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}"/>
-
+   <property file="${MAINSRCROOT}/interop/java/product.properties" />
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}"/>
 
    <path id="classpath.main">
 
       <fileset refid="jar-set.jna" />
       <fileset refid="jar-set.apache-commons-logging" />
       <fileset refid="jar-set.apache-commons-lang" />
-     
+
    </path>
 
    <import file="${MAINSRCROOT}/build/ant/buildcycle-template.xml" />
diff --git a/vmafd/interop/jni/Makefile.am b/vmafd/interop/jni/Makefile.am
index d568a6bb1..3a25cdd32 100644
--- a/vmafd/interop/jni/Makefile.am
+++ b/vmafd/interop/jni/Makefile.am
@@ -1,13 +1,12 @@
-
 CLASSNAME = com.vmware.identity.vecs.VecsAdapter
-JARDIR=$(top_builddir)/authentication-framework/packages
+JARDIR=$(top_builddir)/vmafd/authentication-framework/packages
 JAR=$(JARDIR)/vmware-endpoint-certificate-store.jar
 
 lib_LTLIBRARIES = libvecsjni.la
 
 libvecsjni_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
     @JDK_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -16,7 +15,7 @@ libvecsjni_la_SOURCES = \
     vecsjni.c
 
 libvecsjni_la_LIBADD = \
-    @top_builddir@/client/libvmafdclient.la
+    @top_builddir@/vmafd/client/libvmafdclient.la
 
 libvecsjni_la_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
@@ -32,5 +31,4 @@ vecsjni.h:
 	$(JAVAH) -o $@ -classpath $(JAR) $(CLASSNAME)
     
 jreext_DATA= \
-    @top_builddir@/authentication-framework/packages/vmware-endpoint-certificate-store.jar    
-
+    @top_builddir@/vmafd/authentication-framework/packages/vmware-endpoint-certificate-store.jar
diff --git a/vmafd/interop/python/Makefile.am b/vmafd/interop/python/Makefile.am
index 3b4c17709..6fd00dbb2 100644
--- a/vmafd/interop/python/Makefile.am
+++ b/vmafd/interop/python/Makefile.am
@@ -10,19 +10,18 @@ vmafd_la_SOURCES = \
     afdclient.cpp
 
 vmafd_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/common \
-    -I$(top_srcdir)/interop/python \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/common \
+    -I$(top_srcdir)/vmafd/interop/python \
     @BOOST_INCLUDES@ \
     @LW_INCLUDES@ \
-    @VMDIR_INCLUDES@ \
     @PYTHON_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmafd_la_LIBADD = \
     @BOOST_PYTHON_LDFLAGS@ \
-    $(top_builddir)/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
     @DL_LIBS@  \
     @PTHREAD_LIBS@ \
     @GSSAPI_LIBS@ \
diff --git a/vmafd/jdepends/Makefile.am b/vmafd/jdepends/Makefile.am
index abde67426..672ca99f9 100644
--- a/vmafd/jdepends/Makefile.am
+++ b/vmafd/jdepends/Makefile.am
@@ -1,7 +1,5 @@
-
 CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
 
-install-exec-local:
+all-local:
 	@echo "Downloading dependencies for Vmware Authentication Framework"
-	cd @top_srcdir@/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
-
+	cd @top_srcdir@/vmafd/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Dlibs.ant-contrib-home="@abs_top_builddir@/vmafd/depends" -Dbuild_dir="@abs_top_builddir@/vmafd" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/vmafd/jdepends/build.xml b/vmafd/jdepends/build.xml
index f239fffb2..36995b67c 100644
--- a/vmafd/jdepends/build.xml
+++ b/vmafd/jdepends/build.xml
@@ -5,9 +5,9 @@
 <project name="vmware-vmafd-depends" default="build" basedir=".">
 
    <property name="MAINSRCROOT" value="${basedir}/.." />
-   <property file="../product.properties" />
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}" />
-   <property name="depends" value="${MAINSRCROOT}/build/depends" />
+   <property file="${MAINSRCROOT}/interop/java/product.properties" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}" />
+   <property name="depends" value="${build_dir}/depends" />
 
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
@@ -29,6 +29,7 @@
 
           <!-- TEST DEPENDENCIES -->
            <url url="http://central.maven.org/maven2/org/powermock/powermock-easymock-release-full/1.6.2/powermock-easymock-release-full-1.6.2-full.jar" />
+           <url url="http://central.maven.org/maven2/ant-contrib/ant-contrib/1.0b3/ant-contrib-1.0b3.jar" />
 
          </resources>
      </copy>
diff --git a/vmafd/m4/README b/vmafd/m4/README
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vmafd/m4/as-ac-expand.m4 b/vmafd/m4/as-ac-expand.m4
deleted file mode 100644
index 8bd95a85c..000000000
--- a/vmafd/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/vmafd/m4/libtool.m4 b/vmafd/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/vmafd/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/vmafd/m4/ltoptions.m4 b/vmafd/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/vmafd/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/vmafd/m4/ltsugar.m4 b/vmafd/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/vmafd/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/vmafd/m4/ltversion.m4 b/vmafd/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/vmafd/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/vmafd/m4/lt~obsolete.m4 b/vmafd/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/vmafd/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/vmafd/server/db/Makefile.am b/vmafd/server/db/Makefile.am
index 471ec350b..0f3e470ae 100644
--- a/vmafd/server/db/Makefile.am
+++ b/vmafd/server/db/Makefile.am
@@ -3,36 +3,34 @@ lib_LTLIBRARIES = libvecsdb.la
 
 libvecsdb_la_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/server/include \
     @SQLITE_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libvecsdb_la_SOURCES = \
-    cdcdbutil.c   \
-		authdbutil.c   \
-    database.c     \
-    dbcontext.c    \
-    globals.c      \
-    libmain.c		\
-    regdbutil.c  \
-	vecsdbutil.c
+    cdcdbutil.c \
+    authdbutil.c \
+    database.c \
+    dbcontext.c \
+    globals.c \
+    libmain.c \
+    regdbutil.c \
+    vecsdbutil.c
 
 libvecsdb_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+    @top_builddir@/vmafd/common/libcommon.la \
     @SQLITE_LIBS@ \
     @LWBASE_LIBS@ \
     @PTHREAD_LIBS@ \
     @LDAP_LIBS@ \
     @LBER_LIBS@
 
-
 libvecsdb_la_LDFLAGS = \
     -DLDAP_DEPRECATED \
     @SQLITE_LDFLAGS@ \
     @LW_LDFLAGS@ \
     -static \
     @LDAP_LDFLAGS@
-
diff --git a/vmafd/server/include/afddb.h b/vmafd/server/include/afddb.h
new file mode 100644
index 000000000..852c46364
--- /dev/null
+++ b/vmafd/server/include/afddb.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2017 VMware Inc.  All rights Reserved.
+ */
+
+/*
+ * Module Name: VMware Authentication Framework Daemon
+ *
+ * Filename: afddb.h
+ *
+ * Abstract:
+ *
+ * VMware Certificate Service Database
+ *
+ */
+
+
+#ifndef _AFDDB_H__
+#define _AFDDB_H__
+
+#include "regdb.h"
+#include "authdb.h"
+#include "cdcdb.h"
+#include "vecsdb.h"
+
+#endif
diff --git a/vmafd/server/vmafd/Makefile.am b/vmafd/server/vmafd/Makefile.am
index 663727e3a..9792f2de1 100755
--- a/vmafd/server/vmafd/Makefile.am
+++ b/vmafd/server/vmafd/Makefile.am
@@ -1,6 +1,6 @@
 sbin_PROGRAMS = vmafdd
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmafd/idl
 
 vmafdd_SOURCES = \
     ad.c          \
@@ -15,7 +15,6 @@ vmafdd_SOURCES = \
     cdcupdate.c \
     dcfinder.c    \
     ddns.c	\
-    ddnspackets.c \
     dns.c         \
     globals.c     \
     heartbeat.c     \
@@ -49,23 +48,24 @@ vmafdd_SOURCES = \
 
 vmafdd_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    @VMDIR_INCLUDES@ \
-    @VMDNS_INCLUDES@ \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/server/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdns/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmafdd_LDADD = \
-    $(top_builddir)/server/db/libvecsdb.la \
-    $(top_builddir)/vmafcfg/api/libvmafcfgapi.la \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/vmevent/server/libvmeventserver.la \
-    $(top_builddir)/common/libcommon.la \
-    @VMDIR_LIBS@ \
-    @VMDNS_LIBS@ \
+    $(top_builddir)/vmafd/server/db/libvecsdb.la \
+    $(top_builddir)/vmafd/vmafcfg/api/libvmafcfgapi.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/vmevent/server/libvmeventserver.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmafd/vmnetevent/libvmnetevent.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdns/client/libvmdnsclient.la \
     @DCERPC_LIBS@ \
     @SCHANNEL_LIBS@ \
     @DOMAINJOIN_LIBS@ \
@@ -81,8 +81,6 @@ vmafdd_LDADD = \
     @PTHREAD_LIBS@
 
 vmafdd_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
-    @VMDNS_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
 
@@ -98,10 +96,10 @@ CLEANFILES = \
 BUILT_SOURCES = vmafd_h.h vmafd60_h.h vmafdsuperlog_h.h
 
 vmafd_h.h vmafd_sstub.c: $(idl_srcdir)/vmafd.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmafd_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmafd_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/vmafd/include/public $<
 
 vmafd60_h.h vmafd60_sstub.c: $(idl_srcdir)/vmafd60.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmafd60_h.h -sstub_pref Srv60_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmafd60_h.h -sstub_pref Srv60_ -I$(idl_srcdir) -I$(top_srcdir)/vmafd/include/public $<
 
 vmafdsuperlog_h.h vmafdsuperlog_cstub.c: $(idl_srcdir)/vmafdsuperlog.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmafdsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmafdsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/vmafd/include/public $<
diff --git a/vmafd/server/vmafd/ddns.c b/vmafd/server/vmafd/ddns.c
index 8bae0a4e8..e33fa6c02 100755
--- a/vmafd/server/vmafd/ddns.c
+++ b/vmafd/server/vmafd/ddns.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2017 VMware, Inc. All rights reserved.
  *
  * Module   : ddns.c
  *
@@ -8,9 +8,6 @@
  */
 #include "includes.h"
 
-#ifndef _WIN32
-typedef struct sockaddr_nl nl_addr;
-#endif
 
 static
 DWORD
@@ -21,29 +18,19 @@ VmDdnsGetMachineInfo(
     PVMDNS_SERVER_CONTEXT *ppServerContext
     );
 
-#ifndef _WIN32
-static
-PVOID
-VmDdnsUpdateWorker(
-    PVOID pData
-    );
-#endif
-
 static
 DWORD
-VmDdnsUpdate(
-    PDDNS_CONTEXT pDdnsContext
-    );
-
-static
-DWORD
-VmDdnsDelete(
-    PDDNS_CONTEXT pDdnsContext
+VmDdnsRpcDelete(
+    PVMDNS_SERVER_CONTEXT pServerContext,
+    PSTR pszZone,
+    PSTR pszName
     );
 
 static
 DWORD
 VmDdnsRpcUpdate(
+    VMDNS_IP4_ADDRESS SourceIp4,
+    VMDNS_IP6_ADDRESS SourceIp6,
     PSTR pszZone,
     PSTR pszHostname,
     PSTR pszName,
@@ -52,264 +39,61 @@ VmDdnsRpcUpdate(
 
 static
 DWORD
-VmDdnsProtocolUpdate(
-    PSTR pszDomain,
-    PSTR pszHostname,
-    PSTR pszMachineName,
-    PVMDNS_SERVER_CONTEXT pServerContext,
-    PDDNS_CONTEXT pDdnsContext,
-    DWORD dwFlag
+VmAfdDDNSUpdateDNS(
+    VMDNS_IP4_ADDRESS SourceIp4,
+    VMDNS_IP6_ADDRESS SourceIp6
     );
 
-static
 DWORD
-VmDdnsRpcDelete(
-    PVMDNS_SERVER_CONTEXT pServerContext,
-    PSTR pszZone,
-    PSTR pszName
-    );
-
-VOID
-VmDdnsShutdown(
-    PDDNS_CONTEXT pDdnsContext
+VmAfdUpdateIP(
     );
 
 DWORD
-VmDdnsInitThread(
-    PDDNS_CONTEXT *ppDdnsContext
+VmAfdDDNSInit(
+    PVMNETEVENT_HANDLE* ppHandle
     )
 {
     DWORD dwError = 0;
-    DWORD netLinkFd = 0;
-    DWORD enableDns = 0;
-    VMAFD_DOMAIN_STATE domainState = VMAFD_DOMAIN_STATE_NONE;
-    PDDNS_CONTEXT pDdnsContext = NULL;
+    PVMNETEVENT_HANDLE pHandle = NULL;
 
-    if(!ppDdnsContext)
+    if (!ppHandle)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
-    dwError = VmAfSrvGetDomainState(&domainState);
-
-    if(domainState != VMAFD_DOMAIN_STATE_CLIENT || dwError)
-    {
-        VmAfdLog(VMAFD_DEBUG_ANY, "DDNS Client not started. Domain State invalid");
-        return 0;
-    }
-
-    dwError = VmAfdAllocateMemory(
-                        sizeof(DDNS_CONTEXT),
-                        (PVOID *)&pDdnsContext
-                        );
+    dwError = VmAfdUpdateIP();
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    dwError = VmAfdRegGetInteger(
-                      VMAFD_REG_KEY_ENABLE_DNS,
-                      &enableDns
-                      );
-    if(dwError)
-    {
-        enableDns = 0;
-        dwError = 0;
-    }
-    pDdnsContext->bIsEnabledDnsUpdates = enableDns;
-
-    dwError = pthread_mutex_init(&pDdnsContext->ddnsMutex, NULL);
-    if(dwError)
-    {
-  #ifndef _WIN32
-        dwError = LwErrnoToWin32Error(dwError);
-  #endif
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-  #ifndef _WIN32
-    dwError = pipe(pDdnsContext->pipeFd);
-    if(dwError < 0)
-    {
-
-        dwError = LwErrnoToWin32Error(errno);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-    netLinkFd = socket(
-                AF_NETLINK,
-                SOCK_RAW,
-                NETLINK_ROUTE);
-    if(netLinkFd < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-  #endif
-    pDdnsContext->netLinkFd = netLinkFd;
-    pDdnsContext->idSeed = VMDDNS_ID_SEED;
-
-    //first update
-    dwError = VmDdnsUpdate(pDdnsContext);
-    if(dwError)
-    {
-        VmAfdLog(VMAFD_DEBUG_DEBUG, "First update failed!");
-    }
-
-  #ifndef _WIN32
-    dwError = pthread_create(
-                  &pDdnsContext->thread,
-                  NULL,
-                  &VmDdnsUpdateWorker,
-                  (PVOID)pDdnsContext
-                  );
-    if(dwError)
-    {
-        dwError = LwErrnoToWin32Error(dwError);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-  #endif
+    dwError = VmNetEventRegister(
+                          VMNET_EVENT_TYPE_IPCHANGE,
+                          VmAfdUpdateIP,
+                          &pHandle
+                          );
+    BAIL_ON_VMAFD_ERROR(dwError);
 
-    VmAfdLog(VMAFD_DEBUG_ANY, "Started DDNS client Thread successfully");
-    *ppDdnsContext = pDdnsContext;
+    *ppHandle = pHandle;
 
 cleanup:
 
     return dwError;
-
 error:
-    if(pDdnsContext)
-    {
-        VmDdnsShutdown(pDdnsContext);
-    }
-    if(ppDdnsContext)
-    {
-        *ppDdnsContext = NULL;
-    }
-    goto cleanup;
-}
-
-VOID
-VmDdnsShutdown(
-    PDDNS_CONTEXT pDdnsContext
-    )
-{
-    DWORD dwError = 0;
-    char notifyDdns = 0;
 
-    VmAfdLog(VMAFD_DEBUG_ANY, "Shutting down DDNS Client service");
-
-    if(!pDdnsContext)
+    if (ppHandle)
     {
-        VmAfdLog(VMAFD_DEBUG_ERROR, "Context invalid! Shutdown failed!");
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMAFD_ERROR(dwError);
+        *ppHandle = NULL;
     }
-
-  #ifndef _WIN32
-    dwError = write(pDdnsContext->pipeFd[1], (PVOID *)&notifyDdns, sizeof(notifyDdns));
-    if(dwError < 0)
+    if (pHandle)
     {
-        dwError = LwErrnoToWin32Error(errno);
-        VmAfdLog(
-            VMAFD_DEBUG_ERROR,
-            "Write socket failed: %d",
-            dwError
-            );
+        VmNetEventUnregister(pHandle);
     }
-  #endif
-
-    dwError = pthread_join(pDdnsContext->thread, NULL);
-    if(dwError)
-    {
-  #ifndef _WIN32
-        dwError = LwErrnoToWin32Error(dwError);
-  #endif
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "DDNS join failed. Error [%d]",
-            dwError
-            );
-    }
-
-  #ifndef _WIN32
-    dwError = close(pDdnsContext->pipeFd[0]);
-    if(dwError < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "Pipe close failed. Error [%d]",
-            dwError
-            );
-    }
-
-    dwError = close(pDdnsContext->pipeFd[1]);
-    if(dwError < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "Pipe[1] close failed. Error [%d]",
-            dwError
-            );
-    }
-
-    dwError = close(pDdnsContext->netLinkFd);
-    if(dwError < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "Netlink close failed. Error [%d]",
-            dwError
-            );
-    }
-  #endif
-
-    dwError = pthread_mutex_destroy(&pDdnsContext->ddnsMutex);
-    if(dwError)
-    {
-      #ifndef _WIN32
-        dwError = LwErrnoToWin32Error(dwError);
-      #endif
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "Pthread mutex failed. Error [%d]",
-            dwError
-            );
-    }
-cleanup:
-
-    VMAFD_SAFE_FREE_MEMORY(pDdnsContext);
-    return;
-
-error:
-
     goto cleanup;
 }
 
-VOID
-VmDdnsExit(
-    PDDNS_CONTEXT pDdnsContext
-)
-{
-    DWORD dwError = 0;
-
-    if(pDdnsContext)
-    {
-        dwError = VmDdnsDelete(pDdnsContext);
-        if(dwError)
-        {
-            VmAfdLog(VMAFD_DEBUG_ANY, "Ddns delete failed");
-        }
-        VmDdnsShutdown(pDdnsContext);
-    }
-}
-
 DWORD
-VmDdnsGetSourceIp(
-      VMDNS_IP4_ADDRESS** ppSourceIp4,
-      VMDNS_IP6_ADDRESS** ppSourceIp6
+VmAfdDetectSourceIP(
+      VMDNS_IP4_ADDRESS* pSourceIp4,
+      VMDNS_IP6_ADDRESS* pSourceIp6
       )
 {
     DWORD dwError = 0;
@@ -320,8 +104,8 @@ VmDdnsGetSourceIp(
     struct addrinfo *serverAddr = NULL;
     char message = '1';
     char recvBuff[VMDNS_IP6_ADDRESS_SIZE] = {0};
-    VMDNS_IP6_ADDRESS* pSourceIp6 = NULL;
-    VMDNS_IP4_ADDRESS* pSourceIp4 = NULL;
+    VMDNS_IP6_ADDRESS SourceIp6 = {0};
+    VMDNS_IP4_ADDRESS SourceIp4 = 0;
     struct timeval recvTimeOut = {0};
     PSTR pDCName = NULL;
     PWSTR pwDCName = NULL;
@@ -399,14 +183,8 @@ VmDdnsGetSourceIp(
 
     if(recvLen == VMDNS_IP4_ADDRESS_SIZE)
     {
-        dwError = VmAfdAllocateMemory(
-                          VMDNS_IP4_ADDRESS_SIZE,
-                          (PVOID *)&pSourceIp4
-                          );
-        BAIL_ON_VMAFD_ERROR(dwError);
-
         dwError = VmAfdCopyMemory(
-                        pSourceIp4,
+                        &SourceIp4,
                         VMDNS_IP4_ADDRESS_SIZE,
                         recvBuff,
                         recvLen
@@ -415,149 +193,70 @@ VmDdnsGetSourceIp(
     }
     else
     {
-        dwError = VmAfdAllocateMemory(
-                          VMDNS_IP6_ADDRESS_SIZE,
-                          (PVOID *)&pSourceIp6
-                          );
-        BAIL_ON_VMAFD_ERROR(dwError);
-
         dwError = VmAfdCopyMemory(
-                        pSourceIp6,
+                        &SourceIp6,
                         VMDNS_IP6_ADDRESS_SIZE,
                         recvBuff,
                         recvLen
                         );
         BAIL_ON_VMAFD_ERROR(dwError);
     }
-    *ppSourceIp6 = pSourceIp6;
-    *ppSourceIp4 = pSourceIp4;
+    *pSourceIp6 = SourceIp6;
+    *pSourceIp4 = SourceIp4;
 
 cleanup:
     VMAFD_SAFE_FREE_MEMORY(serverAddr);
     return dwError;
 
 error:
-    VMAFD_SAFE_FREE_MEMORY(pSourceIp4);
-    VMAFD_SAFE_FREE_MEMORY(pSourceIp6);
-    if(ppSourceIp4)
-    {
-        *ppSourceIp4 = NULL;
-    }
-    if(ppSourceIp6)
+    if(pSourceIp4)
     {
-        *ppSourceIp6 = NULL;
+        *pSourceIp4 = 0;
     }
     goto cleanup;
 }
 
-// Only for LINUX
-#ifndef _WIN32
-static
-PVOID
-VmDdnsUpdateWorker(
-    PVOID pdata
+
+DWORD
+VmAfdUpdateIP(
     )
 {
-    DWORD len = 0;
-    DWORD maxFd = 0;
     DWORD dwError = 0;
-    char buffer[VMDDNS_BUFFER_SIZE] = {0};
-    PDDNS_CONTEXT pDdnsContext = (PDDNS_CONTEXT)pdata;
-    nl_addr *bindAddr = NULL;
-    struct nlmsghdr *nh = NULL;
-    fd_set readFs;
-
-    dwError = VmAfdAllocateMemory(
-                      sizeof(nl_addr),
-                      (PVOID *)&bindAddr
-                      );
-    BAIL_ON_VMAFD_ERROR(dwError);
+    VMDNS_IP6_ADDRESS IP6 = {0};
+    VMDNS_IP4_ADDRESS IP4 = 0;
 
-    bindAddr->nl_family = AF_NETLINK;
-    bindAddr->nl_pad = 0;
-    bindAddr->nl_pid = getpid();
-    bindAddr->nl_groups = RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_IFADDR;
-
-    //bind to the IFADDR API
-    dwError = bind(
-                pDdnsContext->netLinkFd,
-                (struct sockaddr*)bindAddr,
-                sizeof(nl_addr)
-                );
-    if (dwError < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-    nh = (struct nlmsghdr *)buffer;
-    maxFd = (pDdnsContext->netLinkFd > pDdnsContext->pipeFd[0]) ?
-            pDdnsContext->netLinkFd
-            : pDdnsContext->pipeFd[0];
-    while(1)
-    {
-        FD_ZERO(&readFs);
-        FD_SET(pDdnsContext->netLinkFd, &readFs);
-        FD_SET(pDdnsContext->pipeFd[0], &readFs);
-        dwError = select(maxFd + 1, &readFs, NULL, NULL, NULL);
-        if (dwError < 0)
-        {
-             dwError = LwErrnoToWin32Error(errno);
-             VmAfdLog(VMAFD_DEBUG_ANY, "Select failed. Error[%d]", dwError);
-             continue;
-        }
-
-        if(FD_ISSET(pDdnsContext->netLinkFd, &readFs))
-        {
-            len = recv(pDdnsContext->netLinkFd, nh, 4096, 0);
-            if(len < 0)
-            {
-                dwError = LwErrnoToWin32Error(errno);
-                VmAfdLog(VMAFD_DEBUG_ANY, "Reciev failed. Error[%d]", dwError);
-                continue;
-            }
+    dwError = VmAfdDetectSourceIP(
+                              &IP4,
+                              &IP6
+                              );
+    BAIL_ON_VMAFD_ERROR(dwError);
 
-            for(; (NLMSG_OK (nh, len)) && (nh->nlmsg_type != NLMSG_DONE); nh = NLMSG_NEXT(nh, len))
-            {
-                if (nh->nlmsg_type != RTM_NEWADDR)
-                {
-                    continue; /* some other kind of message */
-                }
-                // Update detected
-                dwError = VmDdnsUpdate(pDdnsContext);
-                if(dwError)
-                {
-                    VmAfdLog(VMAFD_DEBUG_ANY, "DDNS Update failed");
-                }
-            }
-            memset(buffer, 0, VMDDNS_BUFFER_SIZE);
-        }
-        else if(FD_ISSET(pDdnsContext->pipeFd[0], &readFs))
-        {
-            VmAfdLog(
-                VMAFD_DEBUG_ANY,
-                "Recieved Terminate. DDNS Client exiting.");
-            break;
-        }
-        else
-        {
-            VmAfdLog(
-                VMAFD_DEBUG_ANY,
-                "Invalid file descriptor set.");
-        }
-    }
+    dwError = VmAfdDDNSUpdateDNS(
+                          IP4,
+                          IP6
+                          );
+    BAIL_ON_VMAFD_ERROR(dwError);
 
 cleanup:
 
-    VMAFD_SAFE_FREE_MEMORY(bindAddr);
-    VmAfdLog(VMAFD_DEBUG_ANY, "DDNS Update Worker exiting. Error[%d]", dwError);
-    return NULL;
+    return dwError;
 
 error:
-
     goto cleanup;
 }
-#endif
+
+
+
+VOID
+VmAfdDDNSShutDown(
+    PVMNETEVENT_HANDLE pHandle
+    )
+{
+    if (pHandle)
+    {
+        VmNetEventUnregister(pHandle);
+    }
+}
 
 static
 DWORD
@@ -652,25 +351,21 @@ VmDdnsGetMachineInfo(
     goto cleanup;
 }
 
+
+
 static
 DWORD
-VmDdnsUpdate(
-    PDDNS_CONTEXT pDdnsContext
+VmAfdDDNSUpdateDNS(
+    VMDNS_IP4_ADDRESS SourceIp4,
+    VMDNS_IP6_ADDRESS SourceIp6
     )
 {
     DWORD dwError = 0;
-    BOOL mutexIsLocked = FALSE;
     PSTR pszDomain = NULL;
     PSTR pszHostname = NULL;
     PSTR pszMachineName = NULL;
     PVMDNS_SERVER_CONTEXT pServerContext = NULL;
 
-    if(!pDdnsContext)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
     dwError = VmDdnsGetMachineInfo(
                       &pszDomain,
                       &pszHostname,
@@ -679,34 +374,18 @@ VmDdnsUpdate(
                       );
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    VMAFD_LOCK_MUTEX(mutexIsLocked, &pDdnsContext->ddnsMutex);
-
-    if(pDdnsContext->bIsEnabledDnsUpdates)
-    {
-        dwError = VmDdnsProtocolUpdate(
-                            pszDomain,
-                            pszHostname,
-                            pszMachineName,
-                            pServerContext,
-                            pDdnsContext,
-                            VMDDNS_UPDATE_PACKET
-                            );
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-    else
-    {
-        dwError = VmDdnsRpcUpdate(
-                          pszDomain,
-                          pszHostname,
-                          pszMachineName,
-                          pServerContext
-                          );
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
+    dwError = VmDdnsRpcUpdate(
+                      SourceIp4,
+                      SourceIp6,
+                      pszDomain,
+                      pszHostname,
+                      pszMachineName,
+                      pServerContext
+                      );
+    BAIL_ON_VMAFD_ERROR(dwError);
 
 cleanup:
 
-    VMAFD_UNLOCK_MUTEX(mutexIsLocked, &pDdnsContext->ddnsMutex);
     if(pServerContext)
     {
         VmDnsCloseServer(pServerContext);
@@ -722,218 +401,12 @@ VmDdnsUpdate(
 
 }
 
-static
-DWORD
-VmDdnsDelete(
-    PDDNS_CONTEXT pDdnsContext
-    )
-{
-    DWORD dwError = 0;
-    BOOL mutexIsLocked = FALSE;
-    PSTR pszDomain = NULL;
-    PSTR pszHostname = NULL;
-    PSTR pszMachineName = NULL;
-    PVMDNS_SERVER_CONTEXT pServerContext = NULL;
-
-    if(!pDdnsContext)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-    dwError = VmDdnsGetMachineInfo(
-                      &pszDomain,
-                      &pszHostname,
-                      &pszMachineName,
-                      &pServerContext
-                      );
-    BAIL_ON_VMAFD_ERROR(dwError);
-
-    VMAFD_LOCK_MUTEX(mutexIsLocked, &pDdnsContext->ddnsMutex);
-
-    if(pDdnsContext->bIsEnabledDnsUpdates)
-    {
-        dwError = VmDdnsProtocolUpdate(
-                            pszDomain,
-                            pszHostname,
-                            pszMachineName,
-                            pServerContext,
-                            pDdnsContext,
-                            VMDDNS_DELETE_PACKET
-                            );
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-    else
-    {
-        dwError = VmDdnsRpcDelete(
-                        pServerContext,
-                        pszDomain,
-                        pszMachineName
-                        );
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-cleanup:
-
-    VMAFD_UNLOCK_MUTEX(mutexIsLocked, &pDdnsContext->ddnsMutex);
-    VMAFD_SAFE_FREE_STRINGA(pszDomain);
-    VMAFD_SAFE_FREE_STRINGA(pszHostname);
-    VMAFD_SAFE_FREE_STRINGA(pszMachineName);
-    if(pServerContext)
-    {
-        VmDnsCloseServer(pServerContext);
-    }
-    return dwError;
-
-error:
-
-    goto cleanup;
-
-}
-
-static
-DWORD
-VmDdnsProtocolUpdate(
-    PSTR pszDomain,
-    PSTR pszHostname,
-    PSTR pszMachineName,
-    PVMDNS_SERVER_CONTEXT pServerContext,
-    PDDNS_CONTEXT pDdnsContext,
-    DWORD dwFlag
-    )
-{
-    DWORD dwError = 0;
-    DWORD udpSocket = 0;
-    DWORD packetSize = 0;
-    DWORD socketLen = 0;
-    PSTR pDnsPacket = NULL;
-    PSTR pDCName = NULL;
-    PWSTR pwDCName = NULL;
-    PDDNS_UPDATE_HEADER pHeader = NULL;
-    PSTR pDnsPort = VMDNS_SERVER_PORT;
-    struct timeval recvTimeOut = {0};
-    struct addrinfo *serverAddr = NULL;
-    struct addrinfo hints = {0};
-
-    if(!pszDomain || !pszMachineName || !pszHostname || !pServerContext || !pDdnsContext)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-    dwError = VmAfSrvGetDCName(&pwDCName);
-    BAIL_ON_VMAFD_ERROR(dwError);
-
-    dwError = VmAfdAllocateStringAFromW(pwDCName, &pDCName);
-    BAIL_ON_VMAFD_ERROR(dwError);
-
-    hints.ai_family = AF_INET;
-    hints.ai_socktype = SOCK_DGRAM;
-    dwError = getaddrinfo(
-                    pDCName,
-                    pDnsPort,
-                    &hints,
-                    &serverAddr
-                    );
-    if(dwError < 0)
-    {
-  #ifndef _WIN32
-        dwError = LwErrnoToWin32Error(errno);
-  #endif
-    }
-    BAIL_ON_VMAFD_ERROR(dwError);
-
-    udpSocket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-    recvTimeOut.tv_sec = VMDDNS_RECV_TIMEOUT;
-    recvTimeOut.tv_usec = 0;
-
-    dwError = setsockopt(
-                    udpSocket,
-                    SOL_SOCKET,
-                    SO_RCVTIMEO,
-                    (PSTR)&recvTimeOut,
-                    sizeof(struct timeval)
-                    );
-    if(dwError < 0)
-    {
-      #ifndef _WIN32
-        dwError = LwErrnoToWin32Error(errno);
-      #endif
-        VmAfdLog(VMAFD_DEBUG_ANY, "Setsockopt failed!");
-    }
-
-    dwError = VmDdnsUpdateMakePacket(
-                        pszDomain,
-                        pszHostname,
-                        pszMachineName,
-                        &pDnsPacket,
-                        &packetSize,
-                        pDdnsContext->idSeed++,
-                        dwFlag
-                        );
-    BAIL_ON_VMAFD_ERROR(dwError);
-
-  #ifndef _WIN32
-    dwError = sendto(
-                  udpSocket,
-                  (PCVOID *)pDnsPacket,
-                  packetSize,
-                  0,
-                  serverAddr->ai_addr,
-                  serverAddr->ai_addrlen
-                  );
-    if(dwError < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-    VMAFD_SAFE_FREE_STRINGA(pDnsPacket);
-
-    dwError = recvfrom(
-                  udpSocket,
-                  (PCVOID *)pDnsPacket,
-                  packetSize,
-                  0,
-                  (struct sockaddr *)&serverAddr->ai_addr,
-                  &socketLen
-                  );
-    if(dwError < 0)
-    {
-        dwError = LwErrnoToWin32Error(errno);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-  #endif
-
-    pHeader = (PDDNS_UPDATE_HEADER)pDnsPacket;
-    dwError = pHeader->headerCodes & 0xFF00;
-    if(dwError)
-    {
-        VmAfdLog(VMAFD_DEBUG_ERROR,
-            "DNS Update Failed: %d",
-            dwError);
-    }
-    BAIL_ON_VMAFD_ERROR(dwError);
-
-    VmAfdLog(VMAFD_DEBUG_ANY, "Response recieved: %d", dwError);
-
-cleanup:
-
-    VMAFD_SAFE_FREE_MEMORY(serverAddr);
-    VMAFD_SAFE_FREE_STRINGA(pDCName);
-    VMAFD_SAFE_FREE_STRINGA(pDnsPacket);
-    VMAFD_SAFE_FREE_STRINGW(pwDCName);
-    close(udpSocket);
-    return dwError;
-
-error:
-
-    goto cleanup;
-}
 
 static
 DWORD
 VmDdnsRpcUpdate(
+    VMDNS_IP4_ADDRESS SourceIp4,
+    VMDNS_IP6_ADDRESS SourceIp6,
     PSTR pszZone,
     PSTR pszHostname,
     PSTR pszName,
@@ -941,8 +414,6 @@ VmDdnsRpcUpdate(
     )
 {
     DWORD dwError = 0;
-    VMDNS_IP4_ADDRESS* pV4Address = NULL;
-    VMDNS_IP6_ADDRESS* pV6Address = NULL;
     VMDNS_RECORD record = {0};
 
     if(!pszZone || pszHostname || pszName || pServerContext)
@@ -960,24 +431,18 @@ VmDdnsRpcUpdate(
 
     //Add updated records
 
-    dwError = VmDdnsGetSourceIp(
-                    &pV4Address,
-                    &pV6Address
-                    );
-    BAIL_ON_VMAFD_ERROR(dwError);
-
     record.iClass = VMDNS_CLASS_IN;
     record.pszName = pszName;
     record.dwType = VMDNS_RR_TYPE_A;
     record.dwTtl = 3600;
 
-    if(pV4Address)
+    if(SourceIp4)
     {
-        record.Data.A.IpAddress = (DWORD)*pV4Address;
+        record.Data.A.IpAddress = SourceIp4;
     }
     else
     {
-        record.Data.AAAA.Ip6Address = pV6Address[0];
+        record.Data.AAAA.Ip6Address = SourceIp6;
     }
 
     dwError = VmDnsAddRecordA(
@@ -994,8 +459,6 @@ VmDdnsRpcUpdate(
 
 cleanup:
 
-    VMAFD_SAFE_FREE_MEMORY(pV4Address);
-    VMAFD_SAFE_FREE_MEMORY(pV6Address);
     return dwError;
 
 error:
@@ -1110,3 +573,5 @@ VmDdnsRpcDelete(
 
     goto cleanup;
 }
+
+
diff --git a/vmafd/server/vmafd/defines.h b/vmafd/server/vmafd/defines.h
index e97e971b6..73da38485 100755
--- a/vmafd/server/vmafd/defines.h
+++ b/vmafd/server/vmafd/defines.h
@@ -29,6 +29,14 @@
 #define VMAFD_MAX_LOG_SIZE    1000
 #define VMAFD_OPEN_FILES_MAX  16384
 
+#define VMAFD_DEFAULT_REFRESH_INTERVAL  3600
+#define VMAFD_DEFAULT_RETRY_INTERVAL    600
+#define VMAFD_DEFAULT_EXPIRE            86400
+#define VMAFD_DEFAULT_TTL               3600
+
+#define VMAFD_ZONE_TYPE_FORWARD 0
+#define VMAFD_ZONE_TYPE_REVERSE 1
+
 #ifndef _WIN32
 
 #define VMAFD_OPTION_LOGGING_LEVEL 'l'
@@ -276,6 +284,7 @@ if (bLocked) \
 #define VMDDNS_DELETE_PACKET      0
 #define VMDNS_SERVER_PORT         "53"
 #define VMDNS_SOURCEIP_UDP_PORT   "2020"
+#define VMDNS_RETRY_INTERVAL      5000
 
 #define VMDIR_HEARTBEAT_ENTRY_W \
 {'V','M','w','a','r','e',' ','D','i','r','e','c','t','o','r','y','-','S','e','r','v','i','c','e',0}
@@ -301,9 +310,7 @@ if (bLocked) \
       VMDIR_HEARTBEAT_ENTRY_W,\
       VMCA_HEARTBEAT_ENTRY_W,\
       WEBSSO_ENTRY_W, \
-      LOOKUP_SERVICE_ENTRY_W, \
-      STS_HEARTBEAT_ENTRY_W, \
-      LICENSING_ENTRY_W \
+      STS_HEARTBEAT_ENTRY_W \
 }
 
 #define VMAFD_HEARTBEAT_ENTRY_PORTS \
@@ -311,9 +318,7 @@ if (bLocked) \
       VMDIR_HEARTBEAT_ENTRY_PORT,\
       VMCA_HEARTBEAT_ENTRY_PORT, \
       WEBSSO_ENTRY_PORT, \
-      LOOKUP_SERVICE_ENTRY_PORT, \
-      STS_HEARTBEAT_ENTRY_PORT, \
-       LICENSING_ENTRY_PORT \
+      STS_HEARTBEAT_ENTRY_PORT \
 }
 
 
@@ -334,19 +339,9 @@ if (bLocked) \
       WEBSSO_ENTRY_PORT,\
       0\
   },\
-  {\
-      LOOKUP_SERVICE_ENTRY_W,\
-      LOOKUP_SERVICE_ENTRY_PORT, \
-      0\
-  },\
   {\
       STS_HEARTBEAT_ENTRY_W,\
       STS_HEARTBEAT_ENTRY_PORT,\
       0\
-  },\
-  {\
-      LICENSING_ENTRY_W,\
-      LICENSING_ENTRY_PORT, \
-      0\
-  },\
+  }\
 }
diff --git a/vmafd/server/vmafd/dns.c b/vmafd/server/vmafd/dns.c
index 5398bc27f..17dbe0f59 100644
--- a/vmafd/server/vmafd/dns.c
+++ b/vmafd/server/vmafd/dns.c
@@ -32,10 +32,9 @@ VmAfSrvGetLotusServerName(
 
 static
 DWORD
-VmAfdAppendDomain(
-    PCSTR   pszServerName,
-    PCSTR   pszDomainName,
-    PSTR*   pszServerFQDN
+VmAfdReverseZoneInitialize(
+    PVMDNS_SERVER_CONTEXT pServerContext,
+    PVMDNS_INIT_INFO pInitInfo
     );
 
 DWORD
@@ -105,59 +104,45 @@ VmAfSrvConfigureDNSA(
     PVMDNS_IP6_ADDRESS      pV6Addresses = NULL;
     DWORD                   numV6Address = 0;
     VMDNS_INIT_INFO         initInfo = {0};
-    CHAR                    szDomainFQDN[260] = {0};
-    PSTR                    pszServerFQDN = NULL;
+    CHAR                    szDomainFQDN[257] = {0};
+    DWORD                   dwStrLen = 0;
 
-    if (IsNullOrEmptyString(pszDomainName) || strlen(pszDomainName) > 255)
+    if (IsNullOrEmptyString(pszDomainName) || strlen(pszDomainName) > 254)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
     dwError = VmAfSrvGetIPAddressesWrap(
-                  &pV4Addresses,
-                  &numV4Address,
-                  &pV6Addresses,
-                  &numV6Address);
+                          &pV4Addresses,
+                          &numV4Address,
+                          &pV6Addresses,
+                          &numV6Address);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfSrvGetLotusServerName(
-                    pszServerName,
-                    &pszCanonicalServerName);
-
+                            pszServerName,
+                            &pszCanonicalServerName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    dwError = VmAfdStringCpyA(szDomainFQDN, 260, pszDomainName);
+    dwError = VmAfdStringCpyA(
+                    szDomainFQDN,
+                    255,
+                    pszDomainName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    if (szDomainFQDN[strlen(szDomainFQDN) - 1] != '.')
+    dwStrLen = strlen(szDomainFQDN);
+    if (szDomainFQDN[dwStrLen - 1] != '.')
     {
-        szDomainFQDN[strlen(szDomainFQDN)] = '.';
-        szDomainFQDN[strlen(szDomainFQDN)+1] = 0;
+        szDomainFQDN[dwStrLen] = '.';
+        szDomainFQDN[dwStrLen + 1] = 0;
     }
 
-    if (!VmAfdCheckIfIPV4AddressA(pszServerName) &&
-        !VmAfdCheckIfIPV6AddressA(pszServerName))
-    {
-        dwError = VmAfdAppendDomain(pszServerName, pszDomainName, &pszServerFQDN);
-        BAIL_ON_VMAFD_ERROR(dwError);
-
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "%s Server name for dns initialize: %s",
-            __FUNCTION__,
-           pszCanonicalServerName);
-    }
-    else
-    {
-       VmAfdAllocateStringPrintf(
-                        &pszServerFQDN,"%s",pszServerName);
-    }
     initInfo.IpV4Addrs.Addrs = pV4Addresses;
     initInfo.IpV4Addrs.dwCount = numV4Address;
     initInfo.IpV6Addrs.Addrs = pV6Addresses;
     initInfo.IpV6Addrs.dwCount = numV6Address;
-    initInfo.pszDcSrvName = pszServerFQDN;
+    initInfo.pszDcSrvName = pszCanonicalServerName;
     initInfo.pszDomain = szDomainFQDN;
     initInfo.wPort = VMDNS_DEFAULT_LDAP_PORT;
 
@@ -172,11 +157,21 @@ VmAfSrvConfigureDNSA(
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmDnsInitializeA(pServerContext, &initInfo);
-    VmAfdLog( VMAFD_DEBUG_ERROR, "%s DnsInitialize : Error:%d,ServerName : %s", __FUNCTION__,dwError,pszServerFQDN);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfdReverseZoneInitialize(pServerContext, &initInfo);
     BAIL_ON_VMAFD_ERROR(dwError);
 
 cleanup:
 
+    VmAfdLog(
+        VMAFD_DEBUG_ERROR,
+        "%s DnsInitialize : Error : %d, ServerName : %s, Domain : %s",
+        __FUNCTION__,
+        dwError,
+        pszCanonicalServerName,
+        szDomainFQDN);
+
     if (pServerContext)
     {
         VmDnsCloseServer(pServerContext);
@@ -191,8 +186,122 @@ VmAfSrvConfigureDNSA(
 
     VmAfdLog(
         VMAFD_DEBUG_ANY,
-        "Failed to initialize DNS. Error(%u)",
-        dwError);
+        "Failed to initialize DNS! Error : %u, ServerName : %s",
+        dwError,
+        pszCanonicalServerName);
+
+    goto cleanup;
+}
+
+DWORD
+VmAfdReverseZoneInitialize(
+    PVMDNS_SERVER_CONTEXT pServerContext,
+    PVMDNS_INIT_INFO pInitInfo
+    )
+{
+    DWORD dwError=0;
+    VMDNS_ZONE_INFO revzoneInfo = {
+            .pszName                = "in-addr.arpa.",
+            .pszPrimaryDnsSrvName   = pInitInfo->pszDcSrvName,
+            .pszRName               = "",
+            .serial                 = 0,
+            .refreshInterval        = VMAFD_DEFAULT_REFRESH_INTERVAL,
+            .retryInterval          = VMAFD_DEFAULT_RETRY_INTERVAL,
+            .expire                 = VMAFD_DEFAULT_EXPIRE,
+            .minimum                = VMAFD_DEFAULT_TTL,
+            .dwZoneType             = VMAFD_ZONE_TYPE_REVERSE
+    };
+
+    VMDNS_ZONE_INFO revzoneInfo6 = {
+            .pszName                = "ip6.arpa.",
+            .pszPrimaryDnsSrvName   = pInitInfo->pszDcSrvName,
+            .pszRName               = "",
+            .serial                 = 0,
+            .refreshInterval        = VMAFD_DEFAULT_REFRESH_INTERVAL,
+            .retryInterval          = VMAFD_DEFAULT_RETRY_INTERVAL,
+            .expire                 = VMAFD_DEFAULT_EXPIRE,
+            .minimum                = VMAFD_DEFAULT_TTL,
+            .dwZoneType             = VMAFD_ZONE_TYPE_REVERSE
+    };
+
+    VMDNS_RECORD revRecord =
+            {
+                    .pszName = NULL,
+                    .dwType = VMDNS_RR_TYPE_PTR,
+                    .iClass = VMDNS_CLASS_IN,
+                    .dwTtl = VMAFD_DEFAULT_TTL,
+                    .Data.PTR.pNameHost = pInitInfo->pszDcSrvName
+            };
+
+    VMDNS_RECORD revRecord6 =
+            {
+                    .pszName = NULL,
+                    .dwType = VMDNS_RR_TYPE_PTR,
+                    .iClass = VMDNS_CLASS_IN,
+                    .dwTtl = VMAFD_DEFAULT_TTL,
+                    .Data.PTR.pNameHost = pInitInfo->pszDcSrvName
+            };
+
+    VMDNS_IP4_ADDRESS ip4 = 0;
+    CHAR  szAddr[INET_ADDRSTRLEN] = {0};
+
+    dwError = VmDnsCreateZoneA(pServerContext, &revzoneInfo);
+    dwError = (dwError == ERROR_ALREADY_EXISTS) ? ERROR_SUCCESS : dwError;
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmDnsCreateZoneA(pServerContext, &revzoneInfo6);
+    dwError = (dwError == ERROR_ALREADY_EXISTS) ? ERROR_SUCCESS : dwError;
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    ip4 = htonl(pInitInfo->IpV4Addrs.Addrs[0]);
+    if(!(inet_ntop(AF_INET, &ip4, szAddr, sizeof(szAddr))))
+    {
+        VmAfdLog(VMAFD_DEBUG_DEBUG,"Error converting Ip address to text format");
+        dwError = ERROR_BAD_FORMAT;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    dwError = VmAfdGeneratePtrNameFromIp(
+                    szAddr,
+                    &revRecord.pszName);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmDnsAddRecordA(
+                    pServerContext,
+                    "in-addr.arpa.",
+                    &revRecord);
+    dwError = (dwError == ERROR_ALREADY_EXISTS) ? ERROR_SUCCESS : dwError;
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    if (pInitInfo->IpV6Addrs.dwCount != 0)
+    {
+        CHAR szAddr6[INET6_ADDRSTRLEN] = {0};
+        if (!(inet_ntop(AF_INET6, &(pInitInfo->IpV6Addrs.Addrs[0].IP6Byte), szAddr6, sizeof(szAddr6))))
+        {
+            VmAfdLog(VMAFD_DEBUG_DEBUG,"Error converting Ip address to text format");
+            dwError = ERROR_BAD_FORMAT;
+            BAIL_ON_VMAFD_ERROR(dwError);
+        }
+
+        dwError = VmAfdGeneratePtrNameFromIp(
+                            szAddr6,
+                            &revRecord6.pszName);
+        BAIL_ON_VMAFD_ERROR(dwError);
+
+        dwError = VmDnsAddRecordA(
+                        pServerContext,
+                        "ip6.arpa.",
+                        &revRecord6);
+        dwError = (dwError == ERROR_ALREADY_EXISTS) ? ERROR_SUCCESS : dwError;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+cleanup:
+    VMAFD_SAFE_FREE_STRINGA(revRecord.pszName);
+    VMAFD_SAFE_FREE_STRINGA(revRecord6.pszName);
+    return dwError;
+
+error:
     goto cleanup;
 }
 
@@ -211,30 +320,30 @@ VmAfSrvUnconfigureDNSW(
     PSTR pszPassword = NULL;
 
     dwError = VmAfdAllocateStringAFromW(
-                  pwszServerName,
-                  &pszServerName);
+                        pwszServerName,
+                        &pszServerName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfdAllocateStringAFromW(
-                  pwszDomainName,
-                  &pszDomainName);
+                        pwszDomainName,
+                        &pszDomainName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfdAllocateStringAFromW(
-                  pwszUserName,
-                  &pszUserName);
+                        pwszUserName,
+                        &pszUserName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfdAllocateStringAFromW(
-                  pwszPassword,
-                  &pszPassword);
+                        pwszPassword,
+                        &pszPassword);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfSrvUnconfigureDNSA(
-                  pszServerName,
-                  pszDomainName,
-                  pszUserName,
-                  pszPassword);
+                        pszServerName,
+                        pszDomainName,
+                        pszUserName,
+                        pszPassword);
     BAIL_ON_VMAFD_ERROR(dwError);
 
 error:
@@ -263,25 +372,40 @@ VmAfSrvUnconfigureDNSA(
     PVMDNS_IP6_ADDRESS      pV6Addresses = NULL;
     DWORD                   numV6Address = 0;
     VMDNS_INIT_INFO         initInfo = {0};
+    CHAR                    szDomainFQDN[257] = {0};
+    DWORD                   dwStrLen = 0;
 
     dwError = VmAfSrvGetIPAddressesWrap(
-                  &pV4Addresses,
-                  &numV4Address,
-                  &pV6Addresses,
-                  &numV6Address);
+                            &pV4Addresses,
+                            &numV4Address,
+                            &pV6Addresses,
+                            &numV6Address);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfSrvGetLotusServerName(
-                    pszServerName,
-                    &pszCanonicalServerName);
+                        pszServerName,
+                        &pszCanonicalServerName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
+    dwError = VmAfdStringCpyA(
+                    szDomainFQDN,
+                    255,
+                    pszDomainName);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwStrLen = strlen(szDomainFQDN);
+    if (szDomainFQDN[dwStrLen - 1] != '.')
+    {
+        szDomainFQDN[dwStrLen] = '.';
+        szDomainFQDN[dwStrLen + 1] = 0;
+    }
+
     initInfo.IpV4Addrs.Addrs = pV4Addresses;
     initInfo.IpV4Addrs.dwCount = numV4Address;
     initInfo.IpV6Addrs.Addrs = pV6Addresses;
     initInfo.IpV6Addrs.dwCount = numV6Address;
     initInfo.pszDcSrvName = pszCanonicalServerName;
-    initInfo.pszDomain = (PSTR)pszDomainName;
+    initInfo.pszDomain = szDomainFQDN;
     initInfo.wPort = VMDNS_DEFAULT_LDAP_PORT;
 
     dwError = VmDnsOpenServerA(
@@ -299,6 +423,13 @@ VmAfSrvUnconfigureDNSA(
 
 cleanup:
 
+    VmAfdLog(
+        VMAFD_DEBUG_ERROR,
+        "%s DnsUninitialize : Error : %d, ServerName : %s, Domain : %s",
+        __FUNCTION__,
+        dwError,
+        pszCanonicalServerName,
+        szDomainFQDN);
     if (pServerContext)
     {
         VmDnsCloseServer(pServerContext);
@@ -313,8 +444,10 @@ VmAfSrvUnconfigureDNSA(
 
     VmAfdLog(
         VMAFD_DEBUG_ANY,
-        "Failed to Uninitialize DNS. Error(%u)",
-        dwError);
+        "Failed to uninitialize DNS! Error : %u, ServerName : %s",
+        dwError,
+        pszCanonicalServerName);
+
     goto cleanup;
 }
 
@@ -332,7 +465,11 @@ VmAfSrvGetIPAddressesWrap(
     PVMDNS_IP6_ADDRESS      pV6Addresses = NULL;
     DWORD                   numV6Address = 0;
 
-    dwError = VmAfSrvGetIPAddresses(NULL, &numV4Address, NULL, &numV6Address);
+    dwError = VmAfSrvGetIPAddresses(
+                        NULL,
+                        &numV4Address,
+                        NULL,
+                        &numV6Address);
     if (dwError == ERROR_INSUFFICIENT_BUFFER)
     {
         dwError = ERROR_SUCCESS;
@@ -342,26 +479,26 @@ VmAfSrvGetIPAddressesWrap(
     if (numV4Address)
     {
         dwError = VmAfdAllocateMemory(
-                        sizeof(VMDNS_IP4_ADDRESS)*numV4Address,
-                        (PVOID*)&pV4Addresses);
+                            sizeof(VMDNS_IP4_ADDRESS)*numV4Address,
+                            (PVOID*)&pV4Addresses);
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
     if (numV6Address)
     {
         dwError = VmAfdAllocateMemory(
-                        sizeof(VMDNS_IP6_ADDRESS)*numV6Address,
-                        (PVOID*)&pV6Addresses);
+                            sizeof(VMDNS_IP6_ADDRESS)*numV6Address,
+                            (PVOID*)&pV6Addresses);
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
     if (pV4Addresses || pV6Addresses)
     {
         dwError = VmAfSrvGetIPAddresses(
-                    pV4Addresses,
-                    &numV4Address,
-                    pV6Addresses,
-                    &numV6Address);
+                            pV4Addresses,
+                            &numV4Address,
+                            pV6Addresses,
+                            &numV6Address);
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
@@ -521,6 +658,7 @@ VmAfSrvGetIPAddresses(
     }
 
 cleanup:
+
     if (addrList)
     {
 #ifndef _WIN32
@@ -529,9 +667,11 @@ VmAfSrvGetIPAddresses(
         freeaddrinfo(addrList);
 #endif
     }
+
     return dwError;
 
 error:
+
     goto cleanup;
 }
 
@@ -568,7 +708,9 @@ VmAfSrvGetLotusServerName(
 
     if ( VmAfdStringCompareA( pszServerName, "localhost", FALSE ) != 0 )
     {   // caller provides preferred Lotus Server Name or IP
-        dwError = VmAfdAllocateStringA( pszServerName, &pszHostnameCanon );
+        dwError = VmAfdAllocateStringA(
+                            pszServerName,
+                            &pszHostnameCanon);
         BAIL_ON_VMAFD_ERROR(dwError);
     }
     else
@@ -579,18 +721,19 @@ VmAfSrvGetLotusServerName(
         dwError = VmAfdAllocateStringAFromW(
                          pwszPNID,
                          &pszHostnameCanon);
+        BAIL_ON_VMAFD_ERROR(dwError);
     }
-
     BAIL_ON_VMAFD_EMPTY_STRING(pszHostnameCanon, dwError);
 
+
     if (!VmAfdCheckIfIPV4AddressA(pszHostnameCanon) &&
         !VmAfdCheckIfIPV6AddressA(pszHostnameCanon) &&
         pszHostnameCanon[VmAfdStringLenA(pszHostnameCanon) - 1] != '.')
     {
         dwError = VmAfdAllocateStringPrintf(
-                    &pszFQDN,
-                    "%s.",
-                    pszHostnameCanon);
+                            &pszFQDN,
+                            "%s.",
+                            pszHostnameCanon);
         BAIL_ON_VMAFD_ERROR(dwError);
     }
     else
@@ -604,84 +747,20 @@ VmAfSrvGetLotusServerName(
     VmAfdLog(VMAFD_DEBUG_DEBUG, "Lotus server name: (%s)", *ppOutServerName);
 
 cleanup:
+
     VMAFD_SAFE_FREE_MEMORY(pszHostnameCanon);
     return dwError;
 
 error:
-    VMAFD_SAFE_FREE_MEMORY(pszFQDN);
-    VmAfdLog(VMAFD_DEBUG_DEBUG, "%s failed (%s). Error(%u)",
-                    __FUNCTION__, pszServerName, dwError);
-    goto cleanup;
-}
-
 
-static
-DWORD
-VmAfdAppendDomain(
-    PCSTR   pszServerName,
-    PCSTR   pszDomainName,
-    PSTR*   ppszServerFQDN
-    )
-{
-
-    DWORD dwError = 0;
-    PSTR  pszServerFQDN = NULL;
-    DWORD dwServerStrLen = 0;
-    DWORD dwDomainStrLen = 0;
-    DWORD dwCursor = 0 ;
-
-    if (!pszServerName || !pszDomainName)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-    dwServerStrLen = strlen (pszServerName);
-    dwDomainStrLen = strlen (pszDomainName);
-
-
-    if (dwDomainStrLen  > dwServerStrLen)
-    {
-        VmAfdAllocateStringPrintf(
-                        &pszServerFQDN,"%s.%s.",pszServerName,pszDomainName);
-    }
-    else
-    {
-       dwCursor = dwServerStrLen - dwDomainStrLen;
-       if (VmAfdStringCompareA(
-                  &pszServerName[dwCursor],
-                  pszDomainName,
-                  FALSE) != 0)
-       {
-            if (pszServerName[dwServerStrLen - 1] != '.')
-            {
-                VmAfdAllocateStringPrintf(
-                          &pszServerFQDN,
-                          "%s.%s.",
-                          pszServerName,
-                          pszDomainName);
-            }
-            else
-            {
-                VmAfdAllocateStringPrintf(
-                          &pszServerFQDN,
-                          "%s%s.",
-                          pszServerName,
-                          pszDomainName);
-            }
-       }
-       else
-       {
-           VmAfdAllocateStringPrintf(
-                          &pszServerFQDN,
-                          "%s.",
-                          pszServerName);
-       }
-    }
-    *ppszServerFQDN = pszServerFQDN;
-cleanup:
-    return dwError;
+    VMAFD_SAFE_FREE_MEMORY(pszFQDN);
+    VmAfdLog(
+        VMAFD_DEBUG_DEBUG,
+        "%s failed (%s). Error(%u)",
+        __FUNCTION__,
+        pszServerName,
+        dwError);
 
-error:
     goto cleanup;
-
 }
+
diff --git a/vmafd/server/vmafd/includes.h b/vmafd/server/vmafd/includes.h
index 27742206d..fcaaef82d 100755
--- a/vmafd/server/vmafd/includes.h
+++ b/vmafd/server/vmafd/includes.h
@@ -61,19 +61,17 @@
 #include <vmafdcommon.h>
 #include <vmsuperlogging.h>
 #include <vmafcfg.h>
-#include <vecsdb.h>
-#include <cdcdb.h>
 #include <securitystructs.h>
+#include <vmdns.h>
+#include <afddb.h>
 #include <vecsauth.h>
-#include <authdb.h>
-#include <regdb.h>
 #include <vmeventrpc.h>
+#include <vmnetevent.h>
 #include <wchar.h>
 #include <vmdns.h>
 #include <vmafdclient.h>
 #include <vmdirclient.h>
 #include <vmdirerrors.h>
-#include <vmdns.h>
 #include <dirent.h>
 #include <vecs_error.h>
 #include <linux/limits.h>
@@ -118,11 +116,8 @@
 #include <vmafcfg.h>
 #include <vmeventrpc.h>
 #include <securitystructs.h>
-#include <vecsdb.h>
-#include <cdcdb.h>
+#include <afddb.h>
 #include <vecsauth.h>
-#include <authdb.h>
-#include <regdb.h>
 #include <vmafdclient.h>
 #include <vmdirclient.h>
 #include <vmdirerrors.h>
diff --git a/vmafd/server/vmafd/init.c b/vmafd/server/vmafd/init.c
index 14225a022..185252aeb 100755
--- a/vmafd/server/vmafd/init.c
+++ b/vmafd/server/vmafd/init.c
@@ -128,6 +128,12 @@ VmAfdInit(
     dwError = VmAfdSuperLoggingInit(&(gVmafdGlobals.pLogger));
     BAIL_ON_VMAFD_ERROR (dwError);
 
+    if (gVmafdGlobals.bEnableDDNS)
+    {
+        dwError = VmAfdDDNSInit(&gVmafdGlobals.pDdnsHandle);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
 error:
 
     return dwError;
diff --git a/vmafd/server/vmafd/ipclocalapi.c b/vmafd/server/vmafd/ipclocalapi.c
index 0729dde13..8f137c104 100755
--- a/vmafd/server/vmafd/ipclocalapi.c
+++ b/vmafd/server/vmafd/ipclocalapi.c
@@ -4293,11 +4293,13 @@ VmAfdIpcJoinVmDir2(
     PBYTE pResponse = NULL;
     DWORD dwResponseSize = 0;
 
+    PWSTR pwszServerName = NULL;
     PWSTR pwszUserName = NULL;
     PWSTR pwszPassword = NULL;
     PWSTR pwszMachineName = NULL;
     PWSTR pwszDomainName = NULL;
     PWSTR pwszOrgUnit = NULL;
+    PWSTR pwszSite = NULL;
     VMAFD_JOIN_FLAGS dwFlags = 0;
     int idx = 0;
 
@@ -4328,11 +4330,13 @@ VmAfdIpcJoinVmDir2(
                         );
     BAIL_ON_VMAFD_ERROR (dwError);
 
+    pwszServerName  = input_spec[idx++].data.pWString;
     pwszDomainName  = input_spec[idx++].data.pWString;
     pwszUserName    = input_spec[idx++].data.pWString;
     pwszPassword    = input_spec[idx++].data.pWString;
     pwszMachineName = input_spec[idx++].data.pWString;
     pwszOrgUnit     = input_spec[idx++].data.pWString;
+    pwszSite        = input_spec[idx++].data.pWString;
     dwFlags         = *input_spec[idx++].data.pUint32;
 
     if (IsNullOrEmptyString(pwszUserName) ||
@@ -4351,11 +4355,13 @@ VmAfdIpcJoinVmDir2(
     }
 
     uResult = VmAfSrvJoinVmDir2(
+                      pwszServerName,
                       pwszDomainName,
                       pwszUserName,
                       pwszPassword,
                       pwszMachineName,
                       pwszOrgUnit,
+                      pwszSite,
                       dwFlags);
     LOG_URESULT_ERROR(uResult);
 
@@ -5471,14 +5477,7 @@ VmAfdIpcTriggerRootCertsRefresh(
         BAIL_ON_VMAFD_ERROR (dwError);
     }
 
-    if (!gVmafdGlobals.pCertUpdateThr)
-    {
-        uResult = ERROR_INVALID_STATE;
-    }
-    else
-    {
-        uResult = VmAfdRootFetchTask(TRUE);
-    }
+    uResult = VmAfdRootFetchTask(TRUE);
     LOG_URESULT_ERROR(uResult);
 
     // Allocate a buffer, marshall the response
diff --git a/vmafd/server/vmafd/prototypes.h b/vmafd/server/vmafd/prototypes.h
index f751872b4..7fc13ecba 100755
--- a/vmafd/server/vmafd/prototypes.h
+++ b/vmafd/server/vmafd/prototypes.h
@@ -177,11 +177,13 @@ VmAfSrvJoinVmDir(
 
 DWORD
 VmAfSrvJoinVmDir2(
+    PWSTR            pwszServerName,     /* IN     OPTIONAL */
     PWSTR            pwszDomainName,     /* IN              */
     PWSTR            pwszUserName,       /* IN              */
     PWSTR            pwszPassword,       /* IN              */
     PWSTR            pwszMachineName,    /* IN     OPTIONAL */
     PWSTR            pwszOrgUnit,        /* IN     OPTIONAL */
+    PWSTR            pwszSiteName,       /* IN     OPTIONAL */
     VMAFD_JOIN_FLAGS dwFlags             /* IN              */
     );
 
@@ -647,6 +649,12 @@ VmAfdCheckDomainFunctionalLevel(
     int nMinMinor
     );
 
+DWORD
+VmAfdGeneratePtrNameFromIp(
+        PCSTR pszIPAddress,
+        PSTR* ppszPtrName
+    );
+
 /* krbconfig.c */
 
 DWORD
@@ -2297,27 +2305,28 @@ VmAfdRpcFreeHeartbeatStatus(
 
 //ddns.c
 
-DWORD
-VmDdnsInitThread(
-        PDDNS_CONTEXT* ppDdnsContext
-        );
 
-VOID
-VmDdnsShutdown(
-        PDDNS_CONTEXT pDdnsContext
-        );
+DWORD
+VmAfdDDNSInit(
+    PVMNETEVENT_HANDLE* ppHandle
+    );
 
 VOID
-VmDdnsExit(
-          PDDNS_CONTEXT pDdnsContext
-          );
+VmAfdDDNSShutDown(
+    PVMNETEVENT_HANDLE pHandle
+    );
 
 DWORD
-VmDdnsGetSourceIp(
-        VMDNS_IP4_ADDRESS** ppSourceIp4,
-        VMDNS_IP6_ADDRESS** ppSourceIp6
+VmAfdDetectSourceIp(
+        VMDNS_IP4_ADDRESS* pSourceIp4,
+        VMDNS_IP6_ADDRESS* pSourceIp6
         );
 
+DWORD
+VmAfdUpdateIP(
+    );
+
+
 DWORD
 VmDdnsUpdateMakePacket(
           PSTR pszZone,
diff --git a/vmafd/server/vmafd/regconfig.c b/vmafd/server/vmafd/regconfig.c
index 421c74998..71d2c34ed 100644
--- a/vmafd/server/vmafd/regconfig.c
+++ b/vmafd/server/vmafd/regconfig.c
@@ -115,6 +115,14 @@ VmAfdSrvUpdateConfig(
         {
             pGlobals->bEnableRPC = pEntry->cfgValue.dwValue?TRUE:FALSE;
         }
+        else if (!VmAfdStringCompareA(
+                pEntry->pszName,
+                VMAFD_REG_KEY_ENABLE_DDNS,
+                TRUE))
+        {
+            pGlobals->bEnableDDNS = pEntry->cfgValue.dwValue?TRUE:FALSE;
+        }
+
     }
 
 #ifdef USE_DEFAULT_KRB5_PATHS
diff --git a/vmafd/server/vmafd/rootfetch.c b/vmafd/server/vmafd/rootfetch.c
index 4129c1a11..15422d76a 100755
--- a/vmafd/server/vmafd/rootfetch.c
+++ b/vmafd/server/vmafd/rootfetch.c
@@ -269,7 +269,7 @@ VmAfdRootFetchTask(
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VecsSrvFlushSSLCertFromDB(bLogOnDuplicate);
-    BAIL_ON_VMAFD_ERROR(dwError);
+    BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
 
     VMAFD_UNLOCK_MUTEX(bIsLocked, &gVmafdGlobals.pCertUpdateMutex);
 
diff --git a/vmafd/server/vmafd/rpc.c b/vmafd/server/vmafd/rpc.c
index 6dcfed29f..1901a33ed 100644
--- a/vmafd/server/vmafd/rpc.c
+++ b/vmafd/server/vmafd/rpc.c
@@ -619,7 +619,10 @@ VmAfdRpcEpRegister(
     )
 {
     DWORD dwError = 0;
-
+#if 1
+    /* Do not register with dcerpc; all services use fixed endpoints */
+    return dwError;
+#else
     DCETHREAD_TRY
     {
        rpc_ep_register(
@@ -643,6 +646,7 @@ VmAfdRpcEpRegister(
     DCETHREAD_ENDTRY;
 
     return dwError;
+#endif
 }
 
 DWORD
diff --git a/vmafd/server/vmafd/rpcserv.c b/vmafd/server/vmafd/rpcserv.c
index 348c2d795..4714aefdc 100755
--- a/vmafd/server/vmafd/rpcserv.c
+++ b/vmafd/server/vmafd/rpcserv.c
@@ -901,12 +901,6 @@ Srv_VmAfdRpcTriggerRootCertsRefresh(
     dwError = VmAfdRpcServerCheckAccess(hBinding, dwRpcFlags);
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    if (!gVmafdGlobals.pCertUpdateThr)
-    {
-        dwError = ERROR_INVALID_STATE;
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
     dwError = VmAfdRootFetchTask(TRUE);
     BAIL_ON_VMAFD_ERROR(dwError);
 
diff --git a/vmafd/server/vmafd/shutdown.c b/vmafd/server/vmafd/shutdown.c
index 7ddf4d8e7..c2ecc0a1e 100755
--- a/vmafd/server/vmafd/shutdown.c
+++ b/vmafd/server/vmafd/shutdown.c
@@ -66,7 +66,14 @@ VmAfdServerShutdown(
         gVmafdGlobals.pCdcContext= NULL;
     }
 
+    if (gVmafdGlobals.bEnableDDNS && gVmafdGlobals.pDdnsHandle)
+    {
+        VmAfdDDNSShutDown(gVmafdGlobals.pDdnsHandle);
+        gVmafdGlobals.pDdnsHandle = NULL;
+    }
+
 #if 0
+
 //TODO: Comment out DDNS client code for now
     if (gVmafdGlobals.pDdnsContext)
     {
diff --git a/vmafd/server/vmafd/structs.h b/vmafd/server/vmafd/structs.h
index 643e810af..71e51d86c 100755
--- a/vmafd/server/vmafd/structs.h
+++ b/vmafd/server/vmafd/structs.h
@@ -245,7 +245,9 @@ typedef struct _VMAFD_GLOBALS
     PVMAFD_THREAD                   pPassRefreshThr;
     PCDC_CONTEXT                    pCdcContext;
 
-    PDDNS_CONTEXT                   pDdnsContext;
+
+    BOOLEAN                         bEnableDDNS;
+    PVMNETEVENT_HANDLE              pDdnsHandle;
     PSOURCE_IP_CONTEXT              pSourceIpContext;
 
     // following fields are protected by mutex
diff --git a/vmafd/server/vmafd/superlogging.c b/vmafd/server/vmafd/superlogging.c
index 680eb4b9d..4b6aeadb6 100755
--- a/vmafd/server/vmafd/superlogging.c
+++ b/vmafd/server/vmafd/superlogging.c
@@ -532,7 +532,7 @@ VmAfdAddCDCSuperLogEntry(
     if (!VmAfdIsSuperLoggingEnabled(pLogger))
     {
         dwError = ERROR_NOT_READY;
-        BAIL_ON_VMAFD_ERROR(dwError);
+        BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
     }
 
     if(!pDCEntry)
diff --git a/vmafd/server/vmafd/utils.c b/vmafd/server/vmafd/utils.c
index 8127b8f60..e1f2c26c5 100755
--- a/vmafd/server/vmafd/utils.c
+++ b/vmafd/server/vmafd/utils.c
@@ -17,6 +17,11 @@
 #include "includes.h"
 #include "cdcclient.h"
 
+#define PTR_NAME_SUFFIX_IP4 ".in-addr.arpa"
+#define PTR_NAME_SUFFIX_IP6 ".ip6.arpa"
+#define LOW_HEX(byte) ((byte) & 0xF)
+#define HIGH_HEX(byte) (((byte) & 0xF0) >> 4)
+
 VOID
 VmAfdSrvSetStatus(
     VMAFD_STATUS state
@@ -66,7 +71,7 @@ VmAfdGetMachineInfo(
     if (domainState == VMAFD_DOMAIN_STATE_NONE)
     {
         dwError = ERROR_NOT_JOINED;
-        BAIL_ON_VMAFD_ERROR(dwError);
+        BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
     }
 
     dwError = VmAfSrvGetMachineAccountInfo(
@@ -571,3 +576,97 @@ VmAfdCheckDomainFunctionalLevel(
 
     goto cleanup;
 }
+
+DWORD
+VmAfdGeneratePtrNameFromIp(
+        PCSTR pszIPAddress,
+        PSTR* ppszPtrName
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwAddr = 0;
+    PSTR pszPtrName = NULL;
+    BYTE* pByte = NULL;
+    DWORD ret = 0;
+    int af = AF_INET;
+    unsigned char buf[sizeof(struct in6_addr)];
+
+    BAIL_ON_VMAFD_EMPTY_STRING(pszIPAddress, dwError);
+    BAIL_ON_VMAFD_INVALID_POINTER(ppszPtrName, dwError);
+
+    if (VmAfdStringChrA(pszIPAddress, ':'))
+    {
+        af = AF_INET6;
+    }
+
+    ret = inet_pton(af, pszIPAddress, buf);
+    if (ret <= 0)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    if (af == AF_INET)
+    {
+        dwAddr = ((struct in_addr*)buf)->s_addr;
+
+        // See RFC 1035 for name format
+        // In short, record name is octets in reverse order appened with "in-addr.arpa".
+        // Example: 11.1.193.128.in-addr.arpa
+        dwError = VmAfdAllocateStringPrintf(
+                    &pszPtrName,
+                    "%d.%d.%d.%d%s.",
+                    (dwAddr & 0xFF000000) >> 24,
+                    (dwAddr & 0xFF0000) >> 16,
+                    (dwAddr & 0xFF00) >> 8,
+                    (dwAddr & 0xFF),
+                    PTR_NAME_SUFFIX_IP4
+                    );
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+    else
+    {
+#ifdef _WIN32
+        pByte = ((struct in6_addr*)buf)->u.Byte;
+#else
+        pByte = ((struct in6_addr*)buf)->s6_addr;
+#endif
+        // See RFC 1886 for ipv6 ptr name format
+        // In short, record name is address presented in nibbles separated by dots,
+        // in reverse order appened with "ip6.arpa".
+        // Example: 4.1.2.2.0.3.e.f.f.f.6.5.0.5.2.0.7.9.0.0.8.1.1.0.0.1.0.0.0.0.c.f.ip6.arpa
+        dwError = VmAfdAllocateStringPrintf(
+                    &pszPtrName,
+                    "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
+                    "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x"
+                    "%s.",
+                    LOW_HEX(pByte[15]), HIGH_HEX(pByte[15]),
+                    LOW_HEX(pByte[14]), HIGH_HEX(pByte[14]),
+                    LOW_HEX(pByte[13]), HIGH_HEX(pByte[13]),
+                    LOW_HEX(pByte[12]), HIGH_HEX(pByte[12]),
+                    LOW_HEX(pByte[11]), HIGH_HEX(pByte[11]),
+                    LOW_HEX(pByte[10]), HIGH_HEX(pByte[10]),
+                    LOW_HEX(pByte[9]),  HIGH_HEX(pByte[9]),
+                    LOW_HEX(pByte[8]),  HIGH_HEX(pByte[8]),
+                    LOW_HEX(pByte[7]),  HIGH_HEX(pByte[7]),
+                    LOW_HEX(pByte[6]),  HIGH_HEX(pByte[6]),
+                    LOW_HEX(pByte[5]),  HIGH_HEX(pByte[5]),
+                    LOW_HEX(pByte[4]),  HIGH_HEX(pByte[4]),
+                    LOW_HEX(pByte[3]),  HIGH_HEX(pByte[3]),
+                    LOW_HEX(pByte[2]),  HIGH_HEX(pByte[2]),
+                    LOW_HEX(pByte[1]),  HIGH_HEX(pByte[1]),
+                    LOW_HEX(pByte[0]),  HIGH_HEX(pByte[0]),
+                    PTR_NAME_SUFFIX_IP6
+                    );
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    *ppszPtrName = pszPtrName;
+
+cleanup:
+    return dwError;
+
+error:
+    VMAFD_SAFE_FREE_STRINGA(pszPtrName);
+    goto cleanup;
+}
diff --git a/vmafd/server/vmafd/vecsserviceapi.c b/vmafd/server/vmafd/vecsserviceapi.c
index 4f8949c9b..2f5dc133d 100755
--- a/vmafd/server/vmafd/vecsserviceapi.c
+++ b/vmafd/server/vmafd/vecsserviceapi.c
@@ -1244,7 +1244,7 @@ VecsSrvFlushMachineSslCertificate(
     }
 
     dwError = VecsSrvWriteCertStringToDisk(pszCert, pszSslCertPath, bLogOnError, 0644);
-    BAIL_ON_VMAFD_ERROR(dwError);
+    BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
 
     dwError = VmAfdAllocateStringPrintf(
                         &pszSslKeyPath,
@@ -1607,7 +1607,7 @@ VecsSrvFlushSSLCertFromDB(
                                         pwszSSLKey,
                                         bLogOnError
                                         );
-    BAIL_ON_VMAFD_ERROR(dwError);
+    BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
 
 
 cleanup:
diff --git a/vmafd/server/vmafd/vmdir.c b/vmafd/server/vmafd/vmdir.c
index 5976a00f3..e1064aca0 100755
--- a/vmafd/server/vmafd/vmdir.c
+++ b/vmafd/server/vmafd/vmdir.c
@@ -42,6 +42,14 @@ VmAfSrvDirOpenConnection(
     PVMDIR_CONNECTION*ppConnection
     );
 
+static
+DWORD
+VmAfSrvDeleteDNSRecordsIfFound(
+    PVMDNS_SERVER_CONTEXT   pServerContext,
+    PCSTR                   pszDnsZone,
+    PVMDNS_RECORD           pDnsRecord
+    );
+
 static
 DWORD
 VmAfSrvSetDNSRecords(
@@ -52,6 +60,16 @@ VmAfSrvSetDNSRecords(
     PCSTR pszMachineName
     );
 
+static
+DWORD
+VmAfSrvUnsetDNSRecords(
+    PCSTR pszDCAddress,
+    PCSTR pszDomain,
+    PCSTR pszUserName,
+    PCSTR pszPassword,
+    PCSTR pszMachineName
+    );
+
 static
 DWORD
 _CreateKrbConfig(
@@ -207,6 +225,7 @@ VmAfSrvPromoteVmDir(
     )
 {
     DWORD dwError = 0;
+    DWORD dwDNSRetry = 0;
     PSTR pszLotusServerName = NULL;
     PSTR pszDomainName = NULL;
     PSTR pszUserName = NULL;
@@ -291,6 +310,41 @@ VmAfSrvPromoteVmDir(
                           pszPassword,
                           pszSiteName);
         BAIL_ON_VMAFD_ERROR(dwError);
+
+        dwError = VmAfSrvGetPNID(&pwszPNID);
+        BAIL_ON_VMAFD_ERROR(dwError);
+
+        dwDNSRetry = 0;
+
+        do
+        {
+            dwError = VmAfSrvConfigureDNSW(
+                              pwszPNID,
+                              pwszDomainName,
+                              pwszUserName,
+                              pwszPassword);
+
+            if (dwError == ERROR_INVALID_STATE && dwDNSRetry++ < 3)
+            {
+                VmAfdSleep(VMDNS_RETRY_INTERVAL);
+            }
+            else
+            {
+                break;
+            }
+        }
+        while (TRUE);
+
+        if (dwError)
+        {
+            VmAfdLog(
+                VMAFD_DEBUG_ANY,
+                "%s failed to initialize dns. Error(%u)",
+                __FUNCTION__,
+                dwError);
+        }
+        BAIL_ON_VMAFD_ERROR(dwError);
+
     }
     else
     {
@@ -338,12 +392,36 @@ VmAfSrvPromoteVmDir(
                           &pszCanonicalHostName);
         BAIL_ON_VMAFD_ERROR(dwError);
 
-        dwError = VmAfSrvSetDNSRecords(
-                          pszPartnerHostName,
-                          pszDomainName,
-                          pszUserName,
-                          pszPassword,
-                          pszCanonicalHostName);
+        dwDNSRetry = 0;
+
+        do
+        {
+            dwError = VmAfSrvSetDNSRecords(
+                              pszPartnerHostName,
+                              pszDomainName,
+                              pszUserName,
+                              pszPassword,
+                              pszCanonicalHostName);
+
+            if (dwError == ERROR_INVALID_STATE && dwDNSRetry++ < 3)
+            {
+                VmAfdSleep(VMDNS_RETRY_INTERVAL);
+            }
+            else
+            {
+                break;
+            }
+        }
+        while (TRUE);
+
+        if (dwError)
+        {
+            VmAfdLog(
+                VMAFD_DEBUG_ANY,
+                "%s failed to initialize dns. Error(%u)",
+                __FUNCTION__,
+                dwError);
+        }
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
@@ -376,35 +454,12 @@ VmAfSrvPromoteVmDir(
     BAIL_ON_VMAFD_ERROR(dwError);
 #endif
 
-    dwError = VmAfSrvGetPNID(&pwszPNID);
-    BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfdRegSetString(VMAFD_CONFIG_PARAMETER_KEY_PATH,
                            VMAFD_REG_KEY_DC_NAME,
                            pwszLotusServerName);
     BAIL_ON_VMAFD_ERROR_NO_LOG(dwError);
 
-    dwError = VmAfSrvConfigureDNSW(
-                      pwszPNID,
-                      pwszDomainName,
-                      pwszUserName,
-                      pwszPassword);
-    if (dwError)
-    {
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "%s failed to initialize dns. Error(%u)",
-            __FUNCTION__,
-            dwError);
-        dwError = 0;
-    }
-    else
-    {
-        VmAfdLog(
-            VMAFD_DEBUG_ANY,
-            "%s successfully initialized dns.",
-            __FUNCTION__);
-    }
 
 #if 0
     dwError = VmAfdInitSourceIpThread(&gVmafdGlobals.pSourceIpContext);
@@ -494,7 +549,6 @@ VmAfSrvDemoteVmDir(
                         pwszDomainName,
                         pwszUserName,
                         pwszPassword);
-
     if (dwError)
     {
         VmAfdLog(
@@ -512,6 +566,11 @@ VmAfSrvDemoteVmDir(
             __FUNCTION__);
     }
 
+#if !defined(_WIN32) && defined(NOTIFY_VMDIR_PROVIDER)
+    dwError = VmAfSrvSignalVmdirProvider();
+    BAIL_ON_VMAFD_ERROR(dwError);
+#endif
+
     dwError = VmDirDemote(pszUserName, pszPassword);
     BAIL_ON_VMAFD_ERROR(dwError);
 
@@ -523,13 +582,6 @@ VmAfSrvDemoteVmDir(
     gVmafdGlobals.pSourceIpContext = NULL;
 #endif
 
-#if !defined(_WIN32) && defined(NOTIFY_VMDIR_PROVIDER)
-    dwError = VmAfSrvSignalVmdirProvider();
-    BAIL_ON_VMAFD_ERROR(dwError);
-#endif
-
-    /* TODO: remove KrbConfig entries */
-
     if (gVmafdGlobals.pCertUpdateThr)
     {
         VmAfdShutdownCertificateThread(gVmafdGlobals.pCertUpdateThr);
@@ -772,11 +824,13 @@ VmAfSrvJoinVmDir(
 
 DWORD
 VmAfSrvJoinVmDir2(
+    PWSTR            pwszServerName,     /* IN            */
     PWSTR            pwszDomainName,     /* IN            */
     PWSTR            pwszUserName,       /* IN            */
     PWSTR            pwszPassword,       /* IN            */
     PWSTR            pwszMachineName,    /* IN   OPTIONAL */
     PWSTR            pwszOrgUnit,        /* IN   OPTIONAL */
+    PWSTR            pwszSiteName,       /* IN            */
     VMAFD_JOIN_FLAGS dwFlags             /* IN            */
     )
 {
@@ -791,8 +845,9 @@ VmAfSrvJoinVmDir2(
     PSTR pszCanonicalHostName = NULL;
     PSTR pszDCHostname = NULL;
     PSTR pszDCAddress = NULL;
+    PSTR pszDC = NULL;
     PWSTR pwszDCHostname = NULL;
-    PWSTR pwszSiteName = NULL;
+    PWSTR pwszSite = NULL;
     VMAFD_DOMAIN_STATE domainState = VMAFD_DOMAIN_STATE_NONE;
     DWORD dwDirJoinFlags = 0;
 
@@ -856,13 +911,25 @@ VmAfSrvJoinVmDir2(
     dwError = VmAfdAllocateStringAFromW(pwszPassword, &pszPassword);
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    dwError = VmAfdGetDomainController(
-                    pszDomainName,
-                    pszUserName,
-                    pszPassword,
-                    &pszDCHostname,
-                    &pszDCAddress);
-    BAIL_ON_VMAFD_ERROR(dwError);
+    if (pwszServerName)
+    {
+        dwError = VmAfdAllocateStringAFromW(pwszServerName, &pszDCHostname);
+        BAIL_ON_VMAFD_ERROR(dwError);
+
+        pszDC = pszDCHostname;
+    }
+    else
+    {
+        dwError = VmAfdGetDomainController(
+                        pszDomainName,
+                        pszUserName,
+                        pszPassword,
+                        &pszDCHostname,
+                        &pszDCAddress);
+        BAIL_ON_VMAFD_ERROR(dwError);
+
+        pszDC = pszDCAddress;
+    }
 
     if (pwszMachineName)
     {
@@ -923,17 +990,22 @@ VmAfSrvJoinVmDir2(
     dwError = VmAfdAllocateStringWFromA(pszDCHostname, &pwszDCHostname);
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    dwError = VmAfSrvGetSiteNameForDC(pwszDCHostname, &pwszSiteName);
-    BAIL_ON_VMAFD_ERROR(dwError);
-
     dwError = VmAfSrvSetDCName(pwszDCHostname);
     BAIL_ON_VMAFD_ERROR(dwError);
 
+    if (!pwszSiteName)
+    {
+        dwError = VmAfSrvGetSiteNameForDC(pwszDCHostname, &pwszSite);
+        BAIL_ON_VMAFD_ERROR(dwError);
+
+        pwszSiteName = pwszSite;
+    }
+
     dwError = VmAfSrvSetSiteName(pwszSiteName);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfSrvSetDNSRecords(
-                      pszDCAddress,
+                      pszDC,
                       pszDomainName,
                       pszUserName,
                       pszPassword,
@@ -1001,7 +1073,7 @@ VmAfSrvJoinVmDir2(
     VMAFD_SAFE_FREE_STRINGA(pszMachineName);
     VMAFD_SAFE_FREE_STRINGA(pszOrgUnit);
     VMAFD_SAFE_FREE_STRINGA(pszDefaultRealm);
-    VMAFD_SAFE_FREE_MEMORY(pwszSiteName);
+    VMAFD_SAFE_FREE_MEMORY(pwszSite);
     VMAFD_SAFE_FREE_MEMORY(pszHostname);
     VMAFD_SAFE_FREE_MEMORY(pszCanonicalHostName);
     VMAFD_SAFE_FREE_MEMORY(pszDCAddress);
@@ -1019,7 +1091,7 @@ VmAfSrvJoinVmDir2(
     if (dwError == VMDIR_ERROR_SERVER_DOWN)
     {
         VmAfdLog(VMAFD_DEBUG_ERROR, "Failed to reach domain controller at [%s]",
-                 VMAFD_SAFE_STRING(pszDCAddress));
+                 VMAFD_SAFE_STRING(pszDC));
 
         dwError = ERROR_HOST_DOWN;
     }
@@ -1072,6 +1144,9 @@ VmAfSrvLeaveVmDir(
     PSTR pszServerName = NULL;
     PSTR pszUserName = NULL;
     PSTR pszPassword = NULL;
+    PSTR pszDomainName = NULL;
+    PSTR pszHostName = NULL;
+    PSTR pszHostNameFQDN = NULL;
     PWSTR pwszServerName = NULL;
     PWSTR pwszMachineAccount = NULL;
     PWSTR pwszMachinePassword = NULL;
@@ -1119,7 +1194,6 @@ VmAfSrvLeaveVmDir(
         dwError = VmAfdAllocateStringAFromW(pwszMachinePassword, &pszPassword);
         BAIL_ON_VMAFD_ERROR(dwError);
     }
-
     else
     {
         dwError = VmAfdAllocateStringAFromW(pwszUserName, &pszUserName);
@@ -1129,6 +1203,30 @@ VmAfSrvLeaveVmDir(
         BAIL_ON_VMAFD_ERROR(dwError);
     }
 
+    dwError = VmAfSrvGetDomainNameA(&pszDomainName);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfdGetHostName(&pszHostName);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfdGetCanonicalHostName(
+                            pszHostName,
+                            &pszHostNameFQDN);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfSrvUnsetDNSRecords(
+                        pszServerName,
+                        pszDomainName,
+                        pszUserName,
+                        pszPassword,
+                        pszHostNameFQDN);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+#if !defined(_WIN32) && defined(NOTIFY_VMDIR_PROVIDER)
+    dwError = VmAfSrvSignalVmdirProvider();
+    BAIL_ON_VMAFD_ERROR(dwError);
+#endif
+
     // Machine credentials will be used if the user name or password are NULL.
 
     dwError = VmDirClientLeave(
@@ -1136,7 +1234,6 @@ VmAfSrvLeaveVmDir(
                     pszUserName,
                     pszPassword
                     );
-
     if (dwError)
     {
         VmAfdLog(VMAFD_DEBUG_TRACE, "VmDirClientLeave failed. Error [%d].", dwError);
@@ -1155,11 +1252,6 @@ VmAfSrvLeaveVmDir(
     dwError = VmAfSrvSetDomainState(VMAFD_DOMAIN_STATE_NONE);
     BAIL_ON_VMAFD_ERROR(dwError);
 
-#if !defined(_WIN32) && defined(NOTIFY_VMDIR_PROVIDER)
-    dwError = VmAfSrvSignalVmdirProvider();
-    BAIL_ON_VMAFD_ERROR(dwError);
-#endif
-
     /*
      * TODO: remove krb5.conf entries, machine account, etc.
      */
@@ -1202,6 +1294,9 @@ VmAfSrvLeaveVmDir(
     VMAFD_SAFE_FREE_MEMORY(pwszMachinePassword);
     VMAFD_SAFE_FREE_STRINGA(pszUserName);
     VMAFD_SAFE_FREE_STRINGA(pszPassword);
+    VMAFD_SAFE_FREE_STRINGA(pszDomainName);
+    VMAFD_SAFE_FREE_STRINGA(pszHostName);
+    VMAFD_SAFE_FREE_STRINGA(pszHostNameFQDN);
 
     return dwError;
 
@@ -1773,7 +1868,7 @@ VmAfSrvDirOpenConnection(
     PCWSTR pwszDomain,
     PCWSTR pwszAccount,
     PCWSTR pwszPassword,
-    PVMDIR_CONNECTION*ppConnection
+    PVMDIR_CONNECTION *ppConnection
     )
 {
     DWORD dwError = 0;
@@ -1842,6 +1937,78 @@ VmAfSrvDirOpenConnection(
     goto cleanup;
 }
 
+static
+DWORD
+VmAfSrvDeleteDNSRecordsIfFound(
+    PVMDNS_SERVER_CONTEXT   pServerContext,
+    PCSTR                   pszDnsZone,
+    PVMDNS_RECORD           pDnsRecord
+    )
+{
+    DWORD dwError = ERROR_SUCCESS;
+    DWORD i = 0;
+    PVMDNS_RECORD_ARRAY pDnsRecordArray = NULL;
+
+    BAIL_ON_VMAFD_INVALID_POINTER(pServerContext, dwError);
+    BAIL_ON_VMAFD_INVALID_POINTER(pszDnsZone, dwError);
+    BAIL_ON_VMAFD_INVALID_POINTER(pDnsRecord, dwError);
+
+    dwError = VmDnsQueryRecordsA(
+                    pServerContext,
+                    (PSTR)pszDnsZone,
+                    pDnsRecord->pszName,
+                    pDnsRecord->dwType,
+                    0,
+                    &pDnsRecordArray);
+    if (dwError != ERROR_SUCCESS && dwError != ERROR_NOT_FOUND)
+    {
+        VmAfdLog(VMAFD_DEBUG_ERROR,
+                 "%s: failed to query DNS records (%u),%s, %s",
+                 __FUNCTION__,
+                 dwError,
+                 pszDnsZone,
+                 pDnsRecord->pszName);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    if (dwError == ERROR_SUCCESS)
+    {
+        for (i = 0; i < pDnsRecordArray->dwCount; i++)
+        {
+            dwError = VmDnsDeleteRecordA(
+                            pServerContext,
+                            (PSTR)pszDnsZone,
+                            &pDnsRecordArray->Records[i]);
+            if (dwError)
+            {
+                VmAfdLog(VMAFD_DEBUG_ANY,
+                         "%s: failed to delete DNS record for %s (%u)",
+                         __FUNCTION__,
+                         pDnsRecordArray->Records[i].pszName,
+                         dwError);
+            }
+            BAIL_ON_VMAFD_ERROR(dwError);
+        }
+    }
+    else
+    {
+        dwError = ERROR_SUCCESS;
+    }
+
+
+cleanup:
+
+    if (pDnsRecordArray)
+    {
+        VmDnsFreeRecordArray(pDnsRecordArray);
+    }
+
+    return dwError;
+
+error:
+
+    goto cleanup;
+}
 
 static
 DWORD
@@ -1850,7 +2017,8 @@ VmAfSrvSetDNSRecords(
     PCSTR pszDomain,
     PCSTR pszUserName,
     PCSTR pszPassword,
-    PCSTR pszMachineName)
+    PCSTR pszMachineName
+    )
 {
     DWORD dwError = 0;
     DWORD dwFlags = 0;
@@ -1860,7 +2028,6 @@ VmAfSrvSetDNSRecords(
     VMDNS_IP6_ADDRESS* pV6Addresses = NULL;
     DWORD dwNumV6Address = 0;
     size_t i = 0;
-    PVMDNS_RECORD_ARRAY pRecordArray = NULL;
     PSTR pszName = NULL;
     VMDNS_RECORD record = {0};
     CHAR szZone[255] = {0};
@@ -1880,41 +2047,52 @@ VmAfSrvSetDNSRecords(
                     dwFlags,
                     NULL,
                     &pServerContext);
-
     if (dwError)
     {
         VmAfdLog(VMAFD_DEBUG_ERROR,
                  "%s: failed to connect to DNS server %s (%u)",
-                 __FUNCTION__, pszDCAddress, dwError);
+                 __FUNCTION__,
+                 pszDCAddress,
+                 dwError);
     }
     BAIL_ON_VMAFD_ERROR(dwError);
 
-    dwError = VmAfdStringCpyA(szZone,255,pszDomain);
+    dwError = VmAfdStringCpyA(
+                    szZone,
+                    255,
+                    pszDomain);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwDomainNameStrLen = strlen(szZone);
 
-    if (szZone[dwDomainNameStrLen -1 ] != '.')
+    if (szZone[dwDomainNameStrLen - 1 ] != '.')
     {
         szZone[dwDomainNameStrLen] = '.';
-        szZone[dwDomainNameStrLen +1] = 0;
+        szZone[dwDomainNameStrLen + 1] = 0;
     }
 
-    dwError = VmAfdAppendDomain(pszMachineName, pszDomain, &pszName);
-    VmAfdLog(VMAFD_DEBUG_ERROR, "%s: DNS name %s (%u)",
-                 __FUNCTION__, pszName, dwError);
+    dwError = VmAfdAppendDomain(
+                    pszMachineName,
+                    pszDomain,
+                    &pszName);
+    VmAfdLog(VMAFD_DEBUG_ERROR,
+             "%s: DNS name %s (%u)",
+             __FUNCTION__,
+             pszName,
+             dwError);
     BAIL_ON_VMAFD_ERROR(dwError);
 
     dwError = VmAfSrvGetIPAddressesWrap(
-                    &pV4Addresses,
-                    &dwNumV4Address,
-                    &pV6Addresses,
-                    &dwNumV6Address);
+                        &pV4Addresses,
+                        &dwNumV4Address,
+                        &pV6Addresses,
+                        &dwNumV6Address);
     if (dwError)
     {
         VmAfdLog(VMAFD_DEBUG_ERROR,
                  "%s: failed to get interface addresses (%u)",
-                 __FUNCTION__, dwError);
+                 __FUNCTION__,
+                 dwError);
     }
     BAIL_ON_VMAFD_ERROR(dwError);
 
@@ -1922,42 +2100,13 @@ VmAfSrvSetDNSRecords(
     record.pszName = pszName;
     record.dwType = VMDNS_RR_TYPE_A;
     record.dwTtl = 3600;
+    record.Data.A.IpAddress = pV4Addresses[0];
 
-    dwError = VmDnsQueryRecordsA(
-                    pServerContext,
-                    szZone,
-                    pszName,
-                    VMDNS_RR_TYPE_A,
-                    0,
-                    &pRecordArray);
-    if (dwError != 0 && dwError != ERROR_NOT_FOUND)
-    {
-        VmAfdLog(VMAFD_DEBUG_ERROR,
-                 "%s: failed to query DNS records (%u),%s, %s",
-                 __FUNCTION__, dwError, szZone,pszName);
-        BAIL_ON_VMAFD_ERROR(dwError);
-    }
-
-    if (dwError == 0)
-    {
-        record.Data.A.IpAddress = pV4Addresses[0];
-
-        /* delete existing A records for this hostname */
-        for (i = 0; i < pRecordArray->dwCount; i++)
-        {
-            dwError = VmDnsDeleteRecordA(
+    dwError = VmAfSrvDeleteDNSRecordsIfFound(
                             pServerContext,
                             szZone,
-                            &pRecordArray->Records[i]);
-            if (dwError)
-            {
-                VmAfdLog(VMAFD_DEBUG_ANY,
-                         "%s: failed to delete DNS record for %s (%u)",
-                         __FUNCTION__, pRecordArray->Records[i].pszName, dwError);
-            }
-            BAIL_ON_VMAFD_ERROR(dwError);
-        }
-    }
+                            &record);
+    BAIL_ON_VMAFD_ERROR(dwError);
 
     /* add A records for this hostname */
     for (i = 0; i < dwNumV4Address; i++)
@@ -1972,16 +2121,133 @@ VmAfSrvSetDNSRecords(
         {
             VmAfdLog(VMAFD_DEBUG_ANY,
                      "%s: failed to add DNS A record for %s (%u)",
-                     __FUNCTION__, record.pszName, dwError);
+                     __FUNCTION__,
+                     record.pszName,
+                     dwError);
         }
     }
 
 cleanup:
 
-    if (pRecordArray)
+    VMAFD_SAFE_FREE_MEMORY(pV4Addresses);
+    VMAFD_SAFE_FREE_MEMORY(pV6Addresses);
+
+    if (pServerContext)
     {
-        VmDnsFreeRecordArray(pRecordArray);
+        VmDnsCloseServer(pServerContext);
     }
+
+    return dwError;
+
+error:
+
+    VmAfdLog(VMAFD_DEBUG_ANY,
+             "%s failed. Error(%u)",
+             __FUNCTION__,
+             dwError);
+
+    goto cleanup;
+}
+
+static
+DWORD
+VmAfSrvUnsetDNSRecords(
+    PCSTR pszDCAddress,
+    PCSTR pszDomain,
+    PCSTR pszUserName,
+    PCSTR pszPassword,
+    PCSTR pszMachineName
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwFlags = 0;
+    PVMDNS_SERVER_CONTEXT pServerContext = NULL;
+    VMDNS_IP4_ADDRESS* pV4Addresses = NULL;
+    DWORD dwNumV4Address = 0;
+    VMDNS_IP6_ADDRESS* pV6Addresses = NULL;
+    DWORD dwNumV6Address = 0;
+    PSTR pszName = NULL;
+    VMDNS_RECORD record = {0};
+    CHAR szZone[255] = {0};
+    DWORD dwDomainNameStrLen = 0;
+
+    if (VmAfdCheckIfIPV4AddressA(pszMachineName) ||
+        VmAfdCheckIfIPV6AddressA(pszMachineName))
+    {
+       return dwError;
+    }
+
+    dwError = VmDnsOpenServerA(
+                    pszDCAddress,
+                    pszUserName,
+                    pszDomain,
+                    pszPassword,
+                    dwFlags,
+                    NULL,
+                    &pServerContext);
+    if (dwError)
+    {
+        VmAfdLog(VMAFD_DEBUG_ERROR,
+                 "%s: failed to connect to DNS server %s (%u)",
+                 __FUNCTION__,
+                 pszDCAddress,
+                 dwError);
+    }
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfdStringCpyA(
+                    szZone,
+                    255,
+                    pszDomain);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwDomainNameStrLen = strlen(szZone);
+
+    if (szZone[dwDomainNameStrLen - 1 ] != '.')
+    {
+        szZone[dwDomainNameStrLen] = '.';
+        szZone[dwDomainNameStrLen + 1] = 0;
+    }
+
+    dwError = VmAfdAppendDomain(
+                    pszMachineName,
+                    pszDomain,
+                    &pszName);
+    VmAfdLog(VMAFD_DEBUG_ERROR,
+             "%s: DNS name %s (%u)",
+             __FUNCTION__,
+             pszName,
+             dwError);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    dwError = VmAfSrvGetIPAddressesWrap(
+                        &pV4Addresses,
+                        &dwNumV4Address,
+                        &pV6Addresses,
+                        &dwNumV6Address);
+    if (dwError)
+    {
+        VmAfdLog(VMAFD_DEBUG_ERROR,
+                 "%s: failed to get interface addresses (%u)",
+                 __FUNCTION__,
+                 dwError);
+    }
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    record.iClass = VMDNS_CLASS_IN;
+    record.pszName = pszName;
+    record.dwType = VMDNS_RR_TYPE_A;
+    record.dwTtl = 3600;
+    record.Data.A.IpAddress = pV4Addresses[0];
+
+    dwError = VmAfSrvDeleteDNSRecordsIfFound(
+                            pServerContext,
+                            szZone,
+                            &record);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+cleanup:
+
     VMAFD_SAFE_FREE_MEMORY(pV4Addresses);
     VMAFD_SAFE_FREE_MEMORY(pV6Addresses);
 
@@ -1994,8 +2260,10 @@ VmAfSrvSetDNSRecords(
 
 error:
 
-    VmAfdLog(VMAFD_DEBUG_ANY, "%s failed. Error(%u)",
-             __FUNCTION__, dwError);
+    VmAfdLog(VMAFD_DEBUG_ANY,
+             "%s failed. Error(%u)",
+             __FUNCTION__,
+             dwError);
 
     goto cleanup;
 }
diff --git a/vmafd/test/Makefile.am b/vmafd/test/Makefile.am
index 9d6034760..26c01c8a8 100644
--- a/vmafd/test/Makefile.am
+++ b/vmafd/test/Makefile.am
@@ -4,15 +4,15 @@ vecs_dlopen_SOURCES = \
 	testdl.c
 
 vecs_dlopen_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/test \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/test \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vecs_dlopen_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
     @DL_LIBS@  \
     @PTHREAD_LIBS@ \
     @GSSAPI_LIBS@ \
@@ -36,9 +36,9 @@ vecs_test_SOURCES = \
     vecstest.cpp
 
 vecs_test_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/test \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/test \
     @BOOST_INCLUDES@ \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
@@ -47,8 +47,8 @@ vecs_test_LDADD = \
     ${GOBUILD_BOOST1470_LIN64_GCC412_ROOT}/lib/libboost_unit_test_framework-gcc41-mt-1_47.a \
     ${GOBUILD_BOOST1470_LIN64_GCC412_ROOT}/lib/libboost_chrono-gcc41-mt-1_47.a \
     ${GOBUILD_BOOST1470_LIN64_GCC412_ROOT}/lib/libboost_thread-gcc41-mt-1_47.a  \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
     @BOOST_LIBS@  \
     @DL_LIBS@  \
     @PTHREAD_LIBS@ \
@@ -70,4 +70,3 @@ vecs_test_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@ \
     -ggdb
-
diff --git a/vmafd/tools/cdc-cli/Makefile.am b/vmafd/tools/cdc-cli/Makefile.am
index 3a3391395..83b35df3d 100644
--- a/vmafd/tools/cdc-cli/Makefile.am
+++ b/vmafd/tools/cdc-cli/Makefile.am
@@ -5,14 +5,14 @@ cdc_cli_SOURCES = \
     main.c
 
 cdc_cli_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 cdc_cli_LDADD = \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -26,4 +26,3 @@ cdc_cli_LDADD = \
 cdc_cli_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
-
diff --git a/vmafd/tools/cli/Makefile.am b/vmafd/tools/cli/Makefile.am
index 774ecb500..f127d67ae 100755
--- a/vmafd/tools/cli/Makefile.am
+++ b/vmafd/tools/cli/Makefile.am
@@ -6,17 +6,17 @@ vmafd_cli_SOURCES = \
     utils.c
 
 vmafd_cli_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@ \
-    @VMDIR_INCLUDES@
+    @OPENSSL_INCLUDES@
 
 vmafd_cli_LDADD = \
-    $(top_builddir)/vmafcfg/api/libvmafcfgapi.la \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @VMDIR_LIBS@ \
+    $(top_builddir)/vmafd/vmafcfg/api/libvmafcfgapi.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -29,7 +29,5 @@ vmafd_cli_LDADD = \
     @PTHREAD_LIBS@
 
 vmafd_cli_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
-
diff --git a/vmafd/tools/cli/cli.c b/vmafd/tools/cli/cli.c
index ca8fb74bc..0a35541c9 100755
--- a/vmafd/tools/cli/cli.c
+++ b/vmafd/tools/cli/cli.c
@@ -190,6 +190,12 @@ VmAfdCliGetDCList(
     PVM_AFD_CLI_CONTEXT pContext
     );
 
+static
+DWORD
+VmAfdCliCreateComputerAccount(
+    PVM_AFD_CLI_CONTEXT pContext
+    );
+
 static
 DWORD
 VmAfdCliRefreshSiteName(
@@ -394,6 +400,11 @@ VmAfdCliExecute(
             dwError = VmAfdCliGetDCList(pContext);
             break;
 
+        case VM_AFD_ACTION_CREATE_COMPUTER_ACCOUNT:
+
+            dwError = VmAfdCliCreateComputerAccount(pContext);
+            break;
+
         case VM_AFD_ACTION_ADD_PASSWORD_ENTRY:
         case VM_AFD_ACTION_GET_MACHINE_ACCOUNT_INFO:
         case VM_AFD_ACTION_SET_MACHINE_ACCOUNT_INFO:
@@ -1091,6 +1102,42 @@ VmAfdCliGetDCName(
     goto cleanup;
 }
 
+static
+DWORD
+VmAfdCliCreateComputerAccount(
+    PVM_AFD_CLI_CONTEXT pContext
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszOutPassword = NULL;
+
+    if (!pContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    dwError = VmAfdCreateComputerAccountA(
+                    pContext->pszUserName,
+                    pContext->pszPassword,
+                    pContext->pszMachineName,
+                    pContext->pszOrgUnit,
+                    &pszOutPassword);
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    printf("password: %s\n", pszOutPassword);
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    printf("%s failed: %d\n", __FUNCTION__, dwError);
+
+    goto cleanup;
+}
+
 static
 DWORD
 VmAfdCliSetDCName(
diff --git a/vmafd/tools/cli/main.c b/vmafd/tools/cli/main.c
index 2a4f96e49..6e815ab18 100755
--- a/vmafd/tools/cli/main.c
+++ b/vmafd/tools/cli/main.c
@@ -299,6 +299,14 @@ ParseArgsGetDCList(
     PVM_AFD_CLI_CONTEXT pContext
     );
 
+static
+DWORD
+ParseArgsCreateComputerAccount(
+    int                 argc,
+    char*               argv[],
+    PVM_AFD_CLI_CONTEXT pContext
+    );
+
 static
 void
 ShowUsage(
@@ -823,7 +831,16 @@ ParseArgs(
                         dwArgsLeft,
                         dwArgsLeft > 0 ? &argv[iArg] : NULL,
                         pContext);
-                        }
+    }
+    else if (!strcmp(pszArg, "create-computer-account"))
+    {
+        pContext->action = VM_AFD_ACTION_CREATE_COMPUTER_ACCOUNT;
+
+        dwError = ParseArgsCreateComputerAccount(
+                        dwArgsLeft,
+                        dwArgsLeft > 0 ? &argv[iArg] : NULL,
+                        pContext);
+    }
     else
     {
         dwError = ERROR_LOCAL_OPTION_UNKNOWN;
@@ -3627,6 +3644,165 @@ ParseArgsGetDCList(
     return dwError;
 }
 
+static
+DWORD
+ParseArgsCreateComputerAccount(
+    int                 argc,
+    char*               argv[],
+    PVM_AFD_CLI_CONTEXT pContext
+    )
+{
+    DWORD dwError = 0;
+    typedef enum
+    {
+        PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN = 0,
+        PARSE_MODE_CREATE_COMPUTER_ACCOUNT_SERVER_NAME,
+        PARSE_MODE_CREATE_COMPUTER_ACCOUNT_USER_NAME,
+        PARSE_MODE_CREATE_COMPUTER_ACCOUNT_PASSWORD,
+        PARSE_MODE_CREATE_COMPUTER_ACCOUNT_MACHINE_NAME,
+        PARSE_MODE_CREATE_COMPUTER_ACCOUNT_ORG_UNIT,
+    } PARSE_MODE_CREATE_COMPUTER_ACCOUNT;
+    PARSE_MODE_CREATE_COMPUTER_ACCOUNT parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN;
+    DWORD iArg = 0;
+
+    if (!argc)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    for (iArg = 0; iArg < argc; iArg++)
+    {
+        PSTR pszArg = argv[iArg];
+
+        switch (parseMode)
+        {
+            case PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN:
+                if (!strcmp(pszArg, "--server-name"))
+                {
+                    parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_SERVER_NAME;
+                }
+                else if (!strcmp(pszArg, "--user-name"))
+                {
+                    parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_USER_NAME;
+                }
+                else if (!strcmp(pszArg, "--password"))
+                {
+                    parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_PASSWORD;
+                }
+                else if (!strcmp(pszArg, "--machine-name"))
+                {
+                    parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_MACHINE_NAME;
+                }
+                else if (!strcmp(pszArg, "--org-unit"))
+                {
+                    parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_ORG_UNIT;
+                }
+                else
+                {
+                    dwError = ERROR_LOCAL_OPTION_UNKNOWN;
+                    BAIL_ON_VMAFD_ERROR(dwError);
+                }
+                break;
+
+            case PARSE_MODE_CREATE_COMPUTER_ACCOUNT_SERVER_NAME:
+
+                if (pContext->pszServerName)
+                {
+                    dwError = ERROR_LOCAL_OPTION_INVALID;
+                    BAIL_ON_VMAFD_ERROR(dwError);
+                }
+
+                dwError = VmAfdAllocateStringA(pszArg, &pContext->pszServerName);
+                BAIL_ON_VMAFD_ERROR(dwError);
+
+                parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN;
+
+                break;
+
+            case PARSE_MODE_CREATE_COMPUTER_ACCOUNT_MACHINE_NAME:
+
+                if (pContext->pszMachineName)
+                {
+                    dwError = ERROR_LOCAL_OPTION_INVALID;
+                    BAIL_ON_VMAFD_ERROR(dwError);
+                }
+
+                dwError = VmAfdAllocateStringA(pszArg, &pContext->pszMachineName);
+                BAIL_ON_VMAFD_ERROR(dwError);
+
+                parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN;
+
+                break;
+
+            case PARSE_MODE_CREATE_COMPUTER_ACCOUNT_USER_NAME:
+
+                if (pContext->pszUserName)
+                {
+                    dwError = ERROR_LOCAL_OPTION_INVALID;
+                    BAIL_ON_VMAFD_ERROR(dwError);
+                }
+
+                dwError = VmAfdAllocateStringA(pszArg, &pContext->pszUserName);
+                BAIL_ON_VMAFD_ERROR(dwError);
+
+                parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN;
+
+                break;
+
+            case PARSE_MODE_CREATE_COMPUTER_ACCOUNT_PASSWORD:
+
+                if (pContext->pszPassword)
+                {
+                    dwError = ERROR_LOCAL_OPTION_INVALID;
+                    BAIL_ON_VMAFD_ERROR(dwError);
+                }
+
+                dwError = VmAfdAllocateStringA(pszArg, &pContext->pszPassword);
+                BAIL_ON_VMAFD_ERROR(dwError);
+
+                parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN;
+
+                break;
+
+            case PARSE_MODE_CREATE_COMPUTER_ACCOUNT_ORG_UNIT:
+
+                if (pContext->pszOrgUnit)
+                {
+                    dwError = ERROR_LOCAL_OPTION_INVALID;
+                    BAIL_ON_VMAFD_ERROR(dwError);
+                }
+
+                dwError = VmAfdAllocateStringA(pszArg, &pContext->pszOrgUnit);
+                BAIL_ON_VMAFD_ERROR(dwError);
+
+                parseMode = PARSE_MODE_CREATE_COMPUTER_ACCOUNT_OPEN;
+
+                break;
+
+            default:
+
+                dwError = ERROR_INTERNAL_ERROR;
+                BAIL_ON_VMAFD_ERROR(dwError);
+
+                break;
+        }
+    }
+
+    if (!pContext->pszServerName ||
+        !pContext->pszUserName ||
+        !pContext->pszPassword ||
+        !pContext->pszMachineName ||
+        !pContext->pszOrgUnit)
+    {
+        dwError = ERROR_LOCAL_OPTION_INVALID;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+error:
+
+    return dwError;
+}
 
 static
 DWORD
@@ -3775,5 +3951,6 @@ ShowUsage(
         "\tleave-ad --server-name <server name> --user-name <user-name> --password <password> --domain-name <domain name>\n"
         "\tquery-ad --server-name <server name>\n"
         "\tget-dc-list --domain-name <domain name> --server-name <server name>\n"
+        "\tcreate-computer-account --server-name <server name> --user-name <user name> --password <password> --machine-name <machine name> --org-unit <org unit>\n"
         "\thelp\n");
 }
diff --git a/vmafd/tools/cli/structs.h b/vmafd/tools/cli/structs.h
index 55b9a4edf..ecba3d0b5 100755
--- a/vmafd/tools/cli/structs.h
+++ b/vmafd/tools/cli/structs.h
@@ -52,6 +52,7 @@ typedef enum
     VM_AFD_ACTION_GET_HEARTBEAT_STATUS,
     VM_AFD_ACTION_REFRESH_SITE_NAME,
     VM_AFD_ACTION_GET_DC_LIST,
+    VM_AFD_ACTION_CREATE_COMPUTER_ACCOUNT,
     VM_AFD_ACTION_CHANGE_PNID
 } VM_AFD_ACTION, *PVM_AFD_ACTION;
 
diff --git a/vmafd/tools/dir-cli/Makefile.am b/vmafd/tools/dir-cli/Makefile.am
index 3b4d4316b..d6ba49f53 100755
--- a/vmafd/tools/dir-cli/Makefile.am
+++ b/vmafd/tools/dir-cli/Makefile.am
@@ -8,17 +8,17 @@ dir_cli_SOURCES = \
 
 dir_cli_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    @VMDIR_INCLUDES@ \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 dir_cli_LDADD = \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/vmafcfg/api/libvmafcfgapi.la \
-    @VMDIR_LIBS@ \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmafd/vmafcfg/api/libvmafcfgapi.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -32,7 +32,5 @@ dir_cli_LDADD = \
     @PTHREAD_LIBS@
 
 dir_cli_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
- 
diff --git a/vmafd/tools/domainjoin/Makefile.am b/vmafd/tools/domainjoin/Makefile.am
index e81301cd2..d4b13e0fe 100644
--- a/vmafd/tools/domainjoin/Makefile.am
+++ b/vmafd/tools/domainjoin/Makefile.am
@@ -9,16 +9,16 @@ domainjoin_SOURCES = \
 
 domainjoin_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    @VMDIR_INCLUDES@ \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
  
 domainjoin_LDADD = \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @VMDIR_LIBS@ \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @LWSM_LIBS@ \
     @LWADVAPI_LIBS@ \
     @DCERPC_LIBS@ \
@@ -34,7 +34,5 @@ domainjoin_LDADD = \
     @PTHREAD_LIBS@
 
 domainjoin_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
- 
diff --git a/vmafd/tools/sl-cli/Makefile.am b/vmafd/tools/sl-cli/Makefile.am
index 33a95ca63..e04691a69 100755
--- a/vmafd/tools/sl-cli/Makefile.am
+++ b/vmafd/tools/sl-cli/Makefile.am
@@ -7,16 +7,16 @@ sl_cli_SOURCES = \
 
 sl_cli_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    @VMDIR_INCLUDES@ \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 sl_cli_LDADD = \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/common/libcommon.la \
-    @VMDIR_LIBS@ \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -30,6 +30,5 @@ sl_cli_LDADD = \
     @PTHREAD_LIBS@
 
 sl_cli_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmafd/tools/vdcpromo/Makefile.am b/vmafd/tools/vdcpromo/Makefile.am
index bb95983c8..f417f7679 100644
--- a/vmafd/tools/vdcpromo/Makefile.am
+++ b/vmafd/tools/vdcpromo/Makefile.am
@@ -5,16 +5,16 @@ vdcpromo_SOURCES = \
     main.c
 
 vdcpromo_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@ \
-    @VMDIR_INCLUDES@
+    @OPENSSL_INCLUDES@
 
 vdcpromo_LDADD = \
-    $(top_builddir)/vmafcfg/api/libvmafcfgapi.la \
-    $(top_builddir)/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/vmafcfg/api/libvmafcfgapi.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
diff --git a/vmafd/tools/vecs-cli/Makefile.am b/vmafd/tools/vecs-cli/Makefile.am
index 1b0a224d0..a23aba9e2 100644
--- a/vmafd/tools/vecs-cli/Makefile.am
+++ b/vmafd/tools/vecs-cli/Makefile.am
@@ -6,14 +6,14 @@ vecs_cli_SOURCES = \
     utils.c
     
 vecs_cli_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
     
 vecs_cli_LDADD = \
-    $(top_builddir)/client/libvmafdclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmafd/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -28,4 +28,3 @@ vecs_cli_LDADD = \
 vecs_cli_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
-
diff --git a/vmafd/vmafcfg/api/Makefile.am b/vmafd/vmafcfg/api/Makefile.am
index 580748aed..43f04506b 100644
--- a/vmafd/vmafcfg/api/Makefile.am
+++ b/vmafd/vmafcfg/api/Makefile.am
@@ -5,14 +5,14 @@
 lib_LTLIBRARIES = libvmafcfgapi.la
 
 libvmafcfgapi_la_SOURCES = \
-    config.c  \
+    config.c \
     globals.c \
     libmain.c
 
 libvmafcfgapi_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/vmafcfg/include \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/vmafcfg/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
@@ -20,6 +20,5 @@ libvmafcfgapi_la_LDFLAGS = \
     @LW_LDFLAGS@
 
 libvmafcfgapi_la_LIBADD = \
-    $(top_builddir)/vmafcfg/posix/libvmafposixcfg.la \
+    $(top_builddir)/vmafd/vmafcfg/posix/libvmafposixcfg.la \
     @LWBASE_LIBS@
-
diff --git a/vmafd/vmafcfg/posix/Makefile.am b/vmafd/vmafcfg/posix/Makefile.am
index 821def444..0bc8a5f38 100644
--- a/vmafd/vmafcfg/posix/Makefile.am
+++ b/vmafd/vmafcfg/posix/Makefile.am
@@ -5,14 +5,14 @@
 noinst_LTLIBRARIES = libvmafposixcfg.la
 
 libvmafposixcfg_la_SOURCES = \
-    config.c   \
-    globals.c  \
+    config.c \
+    globals.c \
     libmain.c
 
 libvmafposixcfg_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/vmafcfg/include \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmafd/vmafcfg/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/vmafd/vmevent/client/Makefile.am b/vmafd/vmevent/client/Makefile.am
index 671c0c344..8ae612ab8 100644
--- a/vmafd/vmevent/client/Makefile.am
+++ b/vmafd/vmevent/client/Makefile.am
@@ -1,11 +1,11 @@
 
 lib_LTLIBRARIES = libvmeventclient.la
 
-idl_srcdir=$(top_srcdir)/vmevent/idl
+idl_srcdir=$(top_srcdir)/vmafd/vmevent/idl
 
 libvmeventclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/vmevent/include \
-    -I$(top_srcdir)/vmevent/include/public \
+    -I$(top_srcdir)/vmafd/vmevent/include \
+    -I$(top_srcdir)/vmafd/vmevent/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -15,7 +15,7 @@ libvmeventclient_la_SOURCES = \
     vmevent_cstub.c
 
 libvmeventclient_la_LIBADD = \
-    @top_builddir@/vmevent/common/libvmeventcommon.la \
+    @top_builddir@/vmafd/vmevent/common/libvmeventcommon.la \
     @DCERPC_LIBS@ \
     @LWBASE_LIBS@ \
     @PTHREAD_LIBS@
@@ -32,6 +32,6 @@ CLEANFILES = \
 BUILT_SOURCES = vmevent_h.h
 
 vmevent_h.h vmevent_cstub.c: $(idl_srcdir)/vmevent.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmevent_h.h -I$(idl_srcdir) -I$(top_srcdir)/vmevent/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmevent_h.h -I$(idl_srcdir) -I$(top_srcdir)/vmafd/vmevent/include/public $<
 
 
diff --git a/vmafd/vmevent/common/Makefile.am b/vmafd/vmevent/common/Makefile.am
index b037d83f4..96791c83b 100644
--- a/vmafd/vmevent/common/Makefile.am
+++ b/vmafd/vmevent/common/Makefile.am
@@ -17,8 +17,8 @@ libvmeventcommon_la_SOURCES = \
     utils.c
 
 libvmeventcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/vmevent/include \
-    -I$(top_srcdir)/vmevent/include/public \
+    -I$(top_srcdir)/vmafd/vmevent/include \
+    -I$(top_srcdir)/vmafd/vmevent/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/vmafd/vmevent/db/Makefile.am b/vmafd/vmevent/db/Makefile.am
index da3afe1e4..584f43cba 100644
--- a/vmafd/vmevent/db/Makefile.am
+++ b/vmafd/vmevent/db/Makefile.am
@@ -2,8 +2,8 @@
 noinst_LTLIBRARIES = libvmeventdb.la
 
 libvmeventdb_la_CPPFLAGS = \
-    -I$(top_srcdir)/vmevent/include \
-    -I$(top_srcdir)/vmevent/include/public \
+    -I$(top_srcdir)/vmafd/vmevent/include \
+    -I$(top_srcdir)/vmafd/vmevent/include/public \
     @SQLITE_INCLUDES@ \
     @LW_INCLUDES@  \
     @OPENSSL_INCLUDES@
@@ -17,7 +17,7 @@ libvmeventdb_la_SOURCES = \
     package.c
 
 libvmeventdb_la_LIBADD = \
-    $(top_builddir)/vmevent/common/libvmeventcommon.la \
+    $(top_builddir)/vmafd/vmevent/common/libvmeventcommon.la \
     @SQLITE_LIBS@ \
     @LWBASE_LIBS@ \
     @LWRSUTILS_LIBS@ \
diff --git a/vmafd/vmevent/server/Makefile.am b/vmafd/vmevent/server/Makefile.am
index ffe41e9a4..2f77b2a0f 100644
--- a/vmafd/vmevent/server/Makefile.am
+++ b/vmafd/vmevent/server/Makefile.am
@@ -1,10 +1,10 @@
 noinst_LTLIBRARIES = libvmeventserver.la
 
-idl_srcdir=$(top_srcdir)/vmevent/idl
+idl_srcdir=$(top_srcdir)/vmafd/vmevent/idl
 
 libvmeventserver_la_CPPFLAGS = \
-    -I$(top_srcdir)/vmevent/include \
-    -I$(top_srcdir)/vmevent/include/public \
+    -I$(top_srcdir)/vmafd/vmevent/include \
+    -I$(top_srcdir)/vmafd/vmevent/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -24,8 +24,8 @@ libvmeventserver_la_SOURCES = \
     vmevent_sstub.c
 
 libvmeventserver_la_LIBADD = \
-    @top_builddir@/vmevent/common/libvmeventcommon.la \
-    @top_builddir@/vmevent/db/libvmeventdb.la \
+    @top_builddir@/vmafd/vmevent/common/libvmeventcommon.la \
+    @top_builddir@/vmafd/vmevent/db/libvmeventdb.la \
     @DCERPC_LIBS@ \
     @LWBASE_LIBS@ \
     @PTHREAD_LIBS@
@@ -43,6 +43,6 @@ CLEANFILES = \
 BUILT_SOURCES = vmevent_h.h
 
 vmevent_h.h vmevent_sstub.c: $(idl_srcdir)/vmevent.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmevent_h.h -I$(idl_srcdir) -I$(top_srcdir)/vmevent/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmevent_h.h -I$(idl_srcdir) -I$(top_srcdir)/vmafd/vmevent/include/public $<
 
 
diff --git a/vmafd/vmevent/server/rpc.c b/vmafd/vmevent/server/rpc.c
index b139ad05d..bad155e01 100644
--- a/vmafd/vmevent/server/rpc.c
+++ b/vmafd/vmevent/server/rpc.c
@@ -209,7 +209,10 @@ EventLogEpRegister(
       rpc_binding_vector_p_t pServerBinding)
 {
     DWORD dwError = 0;
-
+#if 1
+    /* Do not register with dcerpc; all services use fixed endpoints */
+    return dwError;
+#else
     DCETHREAD_TRY
     {
        rpc_ep_register(
@@ -233,6 +236,7 @@ EventLogEpRegister(
     DCETHREAD_ENDTRY;
 
     return dwError;
+#endif
 }
 
 static
diff --git a/vmafd/vmevent/test/Makefile.am b/vmafd/vmevent/test/Makefile.am
index 6b31cc217..83abd9ffe 100644
--- a/vmafd/vmevent/test/Makefile.am
+++ b/vmafd/vmevent/test/Makefile.am
@@ -1,9 +1,9 @@
 noinst_PROGRAMS = vmevent_test
 
 vmevent_test_CPPFLAGS = \
-    -I$(top_srcdir)/vmevent/include \
-    -I$(top_srcdir)/vmevent/include/public \
-    -I$(top_builddir)/vmevent/client \
+    -I$(top_srcdir)/vmafd/vmevent/include \
+    -I$(top_srcdir)/vmafd/vmevent/include/public \
+    -I$(top_builddir)/vmafd/vmevent/client \
     @SQLITE_INCLUDES@ \
     @LW_INCLUDES@  \
     @OPENSSL_INCLUDES@
@@ -12,8 +12,8 @@ vmevent_test_SOURCES = \
 	testsrv.c
 
 vmevent_test_LDADD = \
-    $(top_builddir)/vmevent/db/libvmeventdb.la \
-    $(top_builddir)/vmevent/client/libvmeventclient.la \
+    $(top_builddir)/vmafd/vmevent/db/libvmeventdb.la \
+    $(top_builddir)/vmafd/vmevent/client/libvmeventclient.la \
     @DCERPC_LIBS@ \
     @DL_LIBS@  \
     @PTHREAD_LIBS@ \
diff --git a/vmafd/vmnetevent/Makefile.am b/vmafd/vmnetevent/Makefile.am
new file mode 100644
index 000000000..f7c90558a
--- /dev/null
+++ b/vmafd/vmnetevent/Makefile.am
@@ -0,0 +1,24 @@
+#
+# Copyright (c) 2017 VMware Inc.  All rights Reserved.
+# Module Name: common Makefile
+# Abstract: VMware Authentication Framework Service.
+# Created on: Jun 1, 2017
+# Author: Aishu Raghavan (araghavan@vmware.com)
+#
+
+noinst_LTLIBRARIES = libvmnetevent.la
+
+libvmnetevent_la_SOURCES = \
+    connection.c \
+    globals.c \
+    linux_api.c \
+    vmnetevent.c
+
+libvmnetevent_la_CPPFLAGS = \
+    -Wno-error=deprecated-declarations \
+    -I$(top_srcdir)/vmafd/include \
+    -I$(top_srcdir)/vmafd/include/public \
+    @LW_INCLUDES@
+
+libvmnetevent_la_LDFLAGS = \
+    -static
diff --git a/vmafd/vmnetevent/connection.c b/vmafd/vmnetevent/connection.c
new file mode 100644
index 000000000..b716cc15c
--- /dev/null
+++ b/vmafd/vmnetevent/connection.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+#include "includes.h"
+
+DWORD
+VmNetEventOpenConnection(
+    VMNET_EVENT_TYPE eventType,
+    PVMNETEVENT_FD pEventFD
+    )
+{
+    DWORD dwError = 0;
+
+    if (!pEventFD)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMNETEVENT_ERROR(dwError);
+    }
+
+    dwError = gVmNetEventPackage.pfnOpenConnection(eventType, pEventFD);
+    BAIL_ON_VMNETEVENT_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+error:
+
+    goto cleanup;
+}
+
+DWORD
+VmNetEventWaitOnEvent(
+    VMNETEVENT_FD EventFd,
+    PFN_VMNETEVENT_CALLBACK pfnCallBack,
+    pthread_t* pEventThread
+    )
+{
+  DWORD dwError = 0;
+
+  if (!pEventThread)
+  {
+      dwError = ERROR_INVALID_PARAMETER;
+      BAIL_ON_VMNETEVENT_ERROR(dwError);
+  }
+
+  dwError = gVmNetEventPackage.pfnWaitEvent(EventFd, pfnCallBack, pEventThread);
+  BAIL_ON_VMNETEVENT_ERROR(dwError);
+
+cleanup:
+
+  return dwError;
+error:
+
+  goto cleanup;
+}
+
+VOID
+VmNetEventCloseConnection(
+    VMNETEVENT_FD EventFd
+    )
+{
+        gVmNetEventPackage.pfnCloseConnection(EventFd);
+}
diff --git a/vmafd/vmnetevent/defines.h b/vmafd/vmnetevent/defines.h
new file mode 100644
index 000000000..1fb83e804
--- /dev/null
+++ b/vmafd/vmnetevent/defines.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#define VMDDNS_BUFFER_SIZE        8*1024
+#ifndef _WIN32
+#define VmNet_SF_INIT( fieldName, fieldValue ) fieldName = fieldValue
+#else
+#define VmNet_SF_INIT( fieldName, fieldValue ) fieldValue
+#endif
+#define BAIL_ON_VMNETEVENT_ERROR(dwError) \
+        if (dwError) \
+           goto error;
+
+#ifdef WIN32
+#define inet_pton(x, y, z) InetPtonA(x, y, z)
+#endif
diff --git a/vmafd/vmnetevent/externs.h b/vmafd/vmnetevent/externs.h
new file mode 100644
index 000000000..ae770d70b
--- /dev/null
+++ b/vmafd/vmnetevent/externs.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+extern VMNET_EVENT_VTABLE gVmNetEventPackage;
diff --git a/vmafd/vmnetevent/globals.c b/vmafd/vmnetevent/globals.c
new file mode 100644
index 000000000..512aa46fe
--- /dev/null
+++ b/vmafd/vmnetevent/globals.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+#include "includes.h"
+
+VMNET_EVENT_VTABLE gVmNetEventPackage = {
+  VmNet_SF_INIT(.pfnOpenConnection, &VmLinuxOpenConnection),
+  VmNet_SF_INIT(.pfnWaitEvent, &VmLinuxWaitOnEvent),
+  VmNet_SF_INIT(.pfnCloseConnection, &VmLinuxCloseConnection)
+};
+
diff --git a/vmafd/vmnetevent/includes.h b/vmafd/vmnetevent/includes.h
new file mode 100644
index 000000000..340fb4999
--- /dev/null
+++ b/vmafd/vmnetevent/includes.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <config.h>
+#include <vmafdsys.h>
+#include <net/if.h>
+#include <ifaddrs.h>
+#include <arpa/inet.h>
+#include <openssl/pem.h>
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <sys/socket.h>
+#include <fcntl.h>
+#include <pwd.h>
+#include <grp.h>
+#include <vmafd.h>
+#include <vmafdtypes.h>
+#include <vmafddefines.h>
+#include <vmafderrorcode.h>
+#include <vecs_error.h>
+#include <vmafdcommon.h>
+#include <djapi.h>
+#include <lwnet.h>
+#include <lwnet-utils.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <unistd.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include "defines.h"
+#include "structs.h"
+#include "externs.h"
+#include <vmnetevent.h>
+#include "prototypes.h"
diff --git a/vmafd/vmnetevent/linux_api.c b/vmafd/vmnetevent/linux_api.c
new file mode 100644
index 000000000..0f5966402
--- /dev/null
+++ b/vmafd/vmnetevent/linux_api.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+#include "includes.h"
+
+#ifndef _WIN32
+typedef struct sockaddr_nl nl_addr;
+#endif
+
+static
+PVOID
+VmLinuxWaitOnEventWorker(
+    PVOID pData
+    );
+
+DWORD
+VmLinuxOpenConnection(
+    DWORD dwEventType,
+    PVMNETEVENT_FD pFD
+    )
+{
+    DWORD dwError = 0;
+    int netLinkFd = -1;
+
+    if (!pFD)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMNETEVENT_ERROR(dwError);
+    }
+
+    netLinkFd = socket(
+                AF_NETLINK,
+                SOCK_RAW,
+                NETLINK_ROUTE);
+    if(netLinkFd < 0)
+    {
+        dwError = LwErrnoToWin32Error(errno);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    pFD->dwNetlinkFD = netLinkFd;
+
+cleanup:
+
+    return dwError;
+error:
+
+    if (pFD)
+    {
+        pFD->dwNetlinkFD = -1;
+    }
+    if (netLinkFd>=0)
+    {
+        close(netLinkFd);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmLinuxWaitOnEvent(
+    VMNETEVENT_FD FD,
+    PFN_VMNETEVENT_CALLBACK pCallback,
+    pthread_t* pEventThread
+    )
+{
+    DWORD dwError = 0;
+    PVMNETEVENT_DATA pData = NULL;
+    pthread_t eventWorkerThread;
+
+    if (!pEventThread)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMNETEVENT_ERROR(dwError);
+    }
+
+    dwError = VmAfdAllocateMemory(
+                            sizeof(VMNETEVENT_DATA),
+                            (PVOID*)&pData
+                            );
+    BAIL_ON_VMNETEVENT_ERROR(dwError);
+
+    pData->eventFd = FD;
+    pData->pfnCallBack = pCallback;
+
+    dwError = pthread_create(
+                        &eventWorkerThread,
+                        NULL,
+                        VmLinuxWaitOnEventWorker,
+                        (PVOID)pData
+                        );
+    if (dwError)
+    {
+        dwError = LwErrnoToWin32Error(dwError);
+        BAIL_ON_VMNETEVENT_ERROR(dwError);
+    }
+
+    *pEventThread = eventWorkerThread;
+
+cleanup:
+
+    return dwError;
+error:
+    goto cleanup;
+}
+
+VOID
+VmLinuxCloseConnection(
+    VMNETEVENT_FD FD
+    )
+{
+	if (FD.dwNetlinkFD >=0)
+        {
+            close(FD.dwNetlinkFD);
+        }
+}
+
+static
+PVOID
+VmLinuxWaitOnEventWorker(
+    PVOID pData
+    )
+{
+    DWORD dwError = 0;
+    int iError = 0;
+    DWORD len = 0;
+    char buffer[VMDDNS_BUFFER_SIZE] = {0};
+    nl_addr *bindAddr = NULL;
+    struct nlmsghdr *nh = NULL;
+    PVMNETEVENT_DATA pEventData = NULL;
+
+    if (!pData)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    pEventData = (PVMNETEVENT_DATA)pData;
+
+    if (pEventData->eventFd.dwNetlinkFD < 0)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMNETEVENT_ERROR(dwError);
+    }
+
+    dwError = VmAfdAllocateMemory(
+                      sizeof(nl_addr),
+                      (PVOID *)&bindAddr
+                      );
+    BAIL_ON_VMAFD_ERROR(dwError);
+
+    bindAddr->nl_family = AF_NETLINK;
+    bindAddr->nl_pad = 0;
+    bindAddr->nl_pid = getpid();
+    bindAddr->nl_groups = RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_IFADDR;
+
+    //bind to the IFADDR API
+    iError = bind(
+                pEventData->eventFd.dwNetlinkFD,
+                (struct sockaddr*)bindAddr,
+                sizeof(nl_addr)
+                );
+    if (iError < 0)
+    {
+        dwError = LwErrnoToWin32Error(errno);
+        BAIL_ON_VMAFD_ERROR(dwError);
+    }
+
+    nh = (struct nlmsghdr *)buffer;
+
+    while(1)
+    {
+        len = recv(pEventData->eventFd.dwNetlinkFD, nh, 4096, 0);
+        if(len < 0)
+        {
+            dwError = LwErrnoToWin32Error(errno);
+            VmAfdLog(VMAFD_DEBUG_ANY, "Recieve failed. Error[%d]", dwError);
+            continue;
+        }
+
+        else if (len == 0)
+        {
+            break;
+        }
+
+        for(; (NLMSG_OK (nh, len)) && (nh->nlmsg_type != NLMSG_DONE); nh = NLMSG_NEXT(nh, len))
+        {
+            if (nh->nlmsg_type != RTM_NEWADDR)
+            {
+                continue; /* some other kind of message */
+            }
+
+            if (pEventData->pfnCallBack)
+            {
+                dwError = pEventData->pfnCallBack();
+                if (dwError)
+                {
+                    VmAfdLog(VMAFD_DEBUG_ANY, "Callback failed");
+                }
+            }
+            memset(buffer, 0, VMDDNS_BUFFER_SIZE);
+        }
+    }
+
+cleanup:
+
+    VMAFD_SAFE_FREE_MEMORY(pEventData);
+    VMAFD_SAFE_FREE_MEMORY(bindAddr);
+    VmAfdLog(VMAFD_DEBUG_ANY, "VmLinuxWaitOnEventWorker exiting. Error[%d]", dwError);
+    return NULL;
+
+error:
+
+    goto cleanup;
+}
diff --git a/vmafd/vmnetevent/prototypes.h b/vmafd/vmnetevent/prototypes.h
new file mode 100644
index 000000000..3e9a0d111
--- /dev/null
+++ b/vmafd/vmnetevent/prototypes.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+#pragma once
+
+
+DWORD
+VmNetEventOpenConnection(
+    VMNET_EVENT_TYPE eventType,
+    PVMNETEVENT_FD pEventFD
+    );
+
+DWORD
+VmNetEventWaitOnEvent(
+    VMNETEVENT_FD EventFd,
+    PFN_VMNETEVENT_CALLBACK pfnCallBack,
+    pthread_t* pEventThread
+    );
+
+VOID
+VmNetEventCloseConnection(
+    VMNETEVENT_FD FD
+    );
+
+/*linux_api.c*/
+
+DWORD
+VmLinuxOpenConnection(
+    DWORD dwEventType,
+    PVMNETEVENT_FD pFD
+    );
+
+DWORD
+VmLinuxWaitOnEvent(
+    VMNETEVENT_FD FD,
+    PFN_VMNETEVENT_CALLBACK pCallback,
+    pthread_t* pEventThread
+    );
+
+VOID
+VmLinuxCloseConnection(
+    VMNETEVENT_FD FD
+    );
+
diff --git a/vmafd/vmnetevent/structs.h b/vmafd/vmnetevent/structs.h
new file mode 100644
index 000000000..05e7b641b
--- /dev/null
+++ b/vmafd/vmnetevent/structs.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+typedef struct __VMNET_EVENT_FD
+{
+    DWORD dwNetlinkFD;
+} VMNETEVENT_FD, *PVMNETEVENT_FD;
+
+#ifndef _PFN_VMNETEVENT_CALLBACK
+#define _PFN_VMNETEVENT_CALLBACK 1
+typedef DWORD (*PFN_VMNETEVENT_CALLBACK) (VOID);
+#endif
+typedef struct __VMNETEVENT_DATA
+{
+    VMNETEVENT_FD eventFd;
+    PFN_VMNETEVENT_CALLBACK pfnCallBack;
+}VMNETEVENT_DATA, *PVMNETEVENT_DATA;
+
+typedef struct __VMNETEVENT_HANDLE
+{
+     pthread_t eventThread;
+     pthread_t* peventThread;
+     VMNETEVENT_FD  fd;
+     DWORD dwRefCount;
+} VMNETEVENT_HANDLE;
+
+
+typedef DWORD (*PFN_VMNETEVENT_OPEN_CONNECTION) (DWORD dwEventType, PVMNETEVENT_FD pFD);
+typedef DWORD (*PFN_VMNETEVENT_WAIT_EVENT) (VMNETEVENT_FD EventFd, PFN_VMNETEVENT_CALLBACK pfnCallback, pthread_t* pEventThread);
+typedef VOID (*PFN_VMNETEVET_CLOSE_CONNECTION) (VMNETEVENT_FD FD);
+
+typedef struct _VMNET_EVENT_VTABLE
+{
+    PFN_VMNETEVENT_OPEN_CONNECTION pfnOpenConnection;
+    PFN_VMNETEVENT_WAIT_EVENT pfnWaitEvent;
+    PFN_VMNETEVET_CLOSE_CONNECTION pfnCloseConnection;
+} VMNET_EVENT_VTABLE, *PVMNET_EVENT_TABLE;
+
diff --git a/vmafd/vmnetevent/vmnetevent.c b/vmafd/vmnetevent/vmnetevent.c
new file mode 100644
index 000000000..0fd4bafe7
--- /dev/null
+++ b/vmafd/vmnetevent/vmnetevent.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+VOID
+VmNetEventFreeEventHandle(
+    PVMNETEVENT_HANDLE pEventHandle
+    );
+
+static
+VOID
+VmNetEventReleaseEventHandle(
+    PVMNETEVENT_HANDLE pEventHandle
+    );
+
+DWORD
+VmNetEventRegister(
+    VMNET_EVENT_TYPE vmEventType,
+    PFN_VMNETEVENT_CALLBACK pfnCallBack,
+    PVMNETEVENT_HANDLE* ppEventHandle
+    )
+{
+    DWORD dwError = 0;
+
+    PVMNETEVENT_HANDLE pEventHandle = NULL;
+
+    if (!ppEventHandle)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMNETEVENT_ERROR(dwError);
+    }
+
+    dwError = VmAfdAllocateMemory(
+                          sizeof(VMNETEVENT_HANDLE),
+                          (PVOID*)&pEventHandle
+                          );
+    BAIL_ON_VMNETEVENT_ERROR(dwError);
+
+
+    dwError = VmNetEventOpenConnection(
+                          vmEventType,
+                          &pEventHandle->fd
+                          );
+    BAIL_ON_VMNETEVENT_ERROR(dwError);
+
+    dwError = VmNetEventWaitOnEvent(
+                          pEventHandle->fd,
+                          pfnCallBack,
+                          &pEventHandle->eventThread
+                          );
+    BAIL_ON_VMNETEVENT_ERROR(dwError);
+
+    pEventHandle->dwRefCount = 1;
+    pEventHandle->peventThread = &pEventHandle->eventThread;
+
+    *ppEventHandle = pEventHandle;
+
+cleanup:
+
+    return dwError;
+error:
+
+    if (ppEventHandle)
+    {
+        *ppEventHandle = NULL;
+    }
+    if (pEventHandle)
+    {
+        VmNetEventReleaseEventHandle(pEventHandle);
+    }
+    goto cleanup;
+}
+
+VOID
+VmNetEventUnregister(
+    PVMNETEVENT_HANDLE pEventHandle
+    )
+{
+    if (pEventHandle)
+    {
+        VmNetEventReleaseEventHandle(pEventHandle);
+    }
+}
+
+static
+VOID
+VmNetEventFreeEventHandle(
+    PVMNETEVENT_HANDLE pEventHandle
+    )
+{
+    if (pEventHandle)
+    {
+        VmNetEventCloseConnection(pEventHandle->fd);
+        //Join thread
+    }
+    VMAFD_SAFE_FREE_MEMORY(pEventHandle);
+}
+
+static
+VOID
+VmNetEventReleaseEventHandle(
+    PVMNETEVENT_HANDLE pEventHandle
+    )
+{
+    if (pEventHandle)
+    {
+        if (InterlockedDecrement(&pEventHandle->dwRefCount) == 0)
+        {
+            VmNetEventFreeEventHandle(pEventHandle);
+        }
+    }
+}
+
diff --git a/vmca/build/Makefile.bootstrap b/vmca/build/Makefile.bootstrap
index 3cc0264a6..3cc6742e2 100644
--- a/vmca/build/Makefile.bootstrap
+++ b/vmca/build/Makefile.bootstrap
@@ -56,7 +56,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/include/config.h.in* \
     $(SRCROOT)/install-sh \
     $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
+    $(SRCROOT)/missing \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=vmware-ca.spec
 
diff --git a/vmca/build/ant/defaults.xml b/vmca/build/ant/defaults.xml
index 1c65910a0..6376d9b4b 100644
--- a/vmca/build/ant/defaults.xml
+++ b/vmca/build/ant/defaults.xml
@@ -67,7 +67,7 @@
    <!-- - - - - - build directories - - - - - -->
 
    <!-- map from GoBuild-style (all uppercase) to local style names -->
-   <property name="BUILD_ROOT" location="../../build/${PRODUCT_NAME}" />
+   <property name="BUILD_ROOT" location="${build_dir}/${PRODUCT_NAME}" />
    <property name="buildRoot" location="${BUILD_ROOT}" />
 
    <property name="PUBLISH_DIR" location="${buildRoot}/publish" />
diff --git a/vmca/build/ant/libraries.xml b/vmca/build/ant/libraries.xml
index 25b87202e..678088997 100644
--- a/vmca/build/ant/libraries.xml
+++ b/vmca/build/ant/libraries.xml
@@ -5,18 +5,18 @@
    <!-- - - - - - Ant Task Libraries - - - - - -->
 
    <property name="libs.ant-contrib-home"
-             location="/var/opt/ant-contrib" />
+             location="${ant.home}" />
 
-   <fileset id="jar-set.jna" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.jna" dir="${build_dir}/depends">
         <include name="jna.jar"/>
         <include name="platform.jar"/>
    </fileset>
 
-   <fileset id="jar-set.commons-codec" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.commons-codec" dir="${build_dir}/depends">
         <include name="commons-codec-1.4.jar" />
    </fileset>
 
-   <fileset id="jar-set.junit" dir="${MAINSRCROOT}/build/depends">
+   <fileset id="jar-set.junit" dir="${build_dir}/depends">
       <include name="junit-4.4.jar" />
    </fileset>
 
diff --git a/vmca/build/package/rpm/vmware-ca.spec b/vmca/build/package/rpm/vmware-ca.spec
deleted file mode 100644
index 9b02d6282..000000000
--- a/vmca/build/package/rpm/vmware-ca.spec
+++ /dev/null
@@ -1,232 +0,0 @@
-Name:    vmware-ca
-Summary: VMware Certificate Authority Service
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10, vmware-directory-client = %{version}, vmware-afd-client = %{version}, boost = 1.60.0
-BuildRequires:  boost-devel = 1.60.0, coreutils >= 8.22, openssl-devel >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open-devel >= 6.2.10, vmware-directory-client-devel = %{version}, vmware-afd-client-devel = %{version}, sqlite-autoconf, boost = 1.60.0
-
-%define _dbdir %_localstatedir/lib/vmware/vmca
-%define _jarsdir %{_prefix}/jars
-%define _logdir /var/log/lightwave
-%define _logconfdir /etc/syslog-ng/lightwave.conf.d
-
-%if 0%{?_likewise_open_prefix:1} == 0
-%define _likewise_open_prefix /opt/likewise
-%endif
-
-%define _likewise_open_bindir %{_likewise_open_prefix}/bin
-%define _likewise_open_sbindir %{_likewise_open_prefix}/sbin
-
-%if 0%{?_javahome:1} == 0
-%define _javahome %{_javahome}
-%endif
-
-%if 0%{?_vmdir_prefix:1} == 0
-%define _vmdir_prefix /opt/vmware
-%endif
-
-%if 0%{?_vmafd_prefix:1} == 0
-%define _vmafd_prefix /opt/vmware
-%endif
-
-%description
-VMware Certificate Authority
-
-%package client
-Summary: VMware Certificate Authority Client
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10, vmware-directory-client >= %{version}, vmware-afd-client >= %{version}
-%description client
-Client libraries to communicate with VMware Certificate Authority
-
-%package client-devel
-Summary: VMware Certificate Authority Client Development Library
-Requires: vmware-ca-client = %{version}
-%description client-devel
-Development Libraries to communicate with VMware Certificate Authority Service
-
-%build
-
-export CFLAGS="-Wno-pointer-sign -Wno-unused-but-set-variable -Wno-implicit-function-declaration"
-cd build
-autoreconf -mif .. &&
-../configure --prefix=%{_prefix}  \
-            --libdir=%{_lib64dir} \
-            --localstatedir=/var/lib/vmware/vmca \
-            --with-java=%{_javahome} \
-            --with-ant=%{_anthome} \
-            --with-likewise=%{_likewise_open_prefix} \
-            --with-afd=%{_vmafd_prefix} \
-            --with-ssl=/usr \
-            --with-boost=/usr \
-            --with-oidc=/opt/vmware \
-            --with-ssocommon=/opt/vmware \
-            --with-trident=/usr \
-            --with-jansson=/usr
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=%{buildroot}
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl start lwsmd
-        fi
-    fi
-
-%post
-
-    /sbin/ldconfig
-
-    /bin/mkdir -m 700 -p %{_dbdir}
-
-    /bin/mkdir -m 755 -p %{_logdir}
-    /bin/mkdir -m 755 -p %{_logconfdir}
-    if [ -a %{_logconfdir}/vmcad-syslog-ng.conf ]; then
-        /bin/rm %{_logconfdir}/vmcad-syslog-ng.conf
-    fi
-    /bin/ln -s %{_datadir}/config/vmcad-syslog-ng.conf %{_logconfdir}/vmcad-syslog-ng.conf
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmca.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmca.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmca.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmca.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            %{_likewise_open_bindir}/lwsm info vmca > /dev/null 2>&1
-            if [ $? -eq 0 ]; then
-                echo "Stopping the Certificate Authority Service..."
-                %{_likewise_open_bindir}/lwsm stop vmca
-                echo "Removing service configuration..."
-                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmca'
-                echo "Restarting service control manager..."
-                /bin/systemctl restart lwsmd
-                sleep 2
-                echo "Autostart services..."
-                %{_likewise_open_bindir}/lwsm autostart
-            fi
-            ;;
-    esac
-
-%postun
-
-    /sbin/ldconfig
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            /bin/rm -rf %{_dbdir}
-            ;;
-    esac
-
-%files
-%defattr(-,root,root)
-%{_sbindir}/*
-%{_datadir}/config/vmca.reg
-%{_datadir}/config/vmcad-syslog-ng.conf
-
-%files client
-%defattr(-,root,root)
-%{_bindir}/certool
-%{_datadir}/config/certool.cfg
-%{_lib64dir}/libvmcaclient.so
-%{_lib64dir}/libvmcaclient.so.0
-%{_lib64dir}/libvmcaclient.so.0.0.0
-%{_jarsdir}/*.jar
-
-%files client-devel
-%defattr(-,root,root)
-%{_includedir}/vmca.h
-%{_includedir}/vmcatypes.h
-%{_lib64dir}/libvmcaclient.a
-%{_lib64dir}/libvmcaclient.la
-
-%clean
-
-rm -rf $RPM_BUILD_ROOT
-
-# %doc ChangeLog README COPYING
-
-%changelog
-
diff --git a/vmca/certool/Makefile.am b/vmca/certool/Makefile.am
index 2f7fe5b68..0d10a8107 100644
--- a/vmca/certool/Makefile.am
+++ b/vmca/certool/Makefile.am
@@ -6,21 +6,20 @@ certool_SOURCES = \
     utility.cpp
 
 certool_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/idl \
-    -I$(top_srcdir)/common \
-    -I$(top_srcdir)/certool \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmca/idl \
+    -I$(top_srcdir)/vmca/common \
+    -I$(top_srcdir)/vmca/certool \
+    -I$(top_srcdir)/vmafd/include/public \
     @BOOST_INCLUDES@ \
     @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@ \
-    @VMAFD_INCLUDES@
-
+    @OPENSSL_INCLUDES@
 
 certool_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmcaclient.la \
-    @VMAFD_LIBS@ \
+    $(top_builddir)/vmca/common/libcommon.la \
+    $(top_builddir)/vmca/client/libvmcaclient.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
     @DL_LIBS@  \
     @BOOST_LIBS@ \
     @PTHREAD_LIBS@ \
@@ -40,11 +39,5 @@ certool_LDADD = \
 
 certool_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
-    @VMAFD_LDFLAGS@ \
     @BOOST_LDFLAGS@ \
     @LW_LDFLAGS@
-
-
-
-
-
diff --git a/vmca/client/Makefile b/vmca/client/Makefile
deleted file mode 100644
index 77bf5e103..000000000
--- a/vmca/client/Makefile
+++ /dev/null
@@ -1,6 +0,0 @@
-CC=gcc
-CFLAGS=-I. -I../include -I /usr/include -I /opt/likewise/include -I ../idl
-DEPS = hellomake.h
-
-%.o: %.c 
-	$(CC) -c -o $@ $< $(CFLAGS)
diff --git a/vmca/client/Makefile.am b/vmca/client/Makefile.am
index df0ce4084..82123b93d 100644
--- a/vmca/client/Makefile.am
+++ b/vmca/client/Makefile.am
@@ -1,11 +1,11 @@
 
 lib_LTLIBRARIES = libvmcaclient.la
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmca/idl
 
 libvmcaclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -18,14 +18,13 @@ libvmcaclient_la_SOURCES = \
     vmcaclient.c
 
 libvmcaclient_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+    @top_builddir@/vmca/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWBASE_LIBS@ \
     @GSSAPI_LIBS@ \
     @PTHREAD_LIBS@ 
 
 libvmcaclient_la_LDFLAGS = \
-    @VMAFD_LDFLAGS@ \
     @DCERPC_LDFLAGS@ \
     @LW_LDFLAGS@ \
     @OPENSSL_LDFLAGS@
@@ -39,5 +38,3 @@ BUILT_SOURCES = vmca_h.h
 
 vmca_h.h vmca_cstub.c: $(idl_srcdir)/vmca.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmca_h.h -I$(idl_srcdir) $<
-
-
diff --git a/vmca/common/Makefile b/vmca/common/Makefile
deleted file mode 100644
index 1ddbb305f..000000000
--- a/vmca/common/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# ThinAppManagement VMCA Service Makefile
-#
-
-GOBUILD_AUTO_COMPONENTS = 1
-GOBUILD_TARGET ?= XXXXXXXXXXXXxTalk_to_sriramXXXXXXXXXXXXXX
-
-SRCROOT=../..
-MAKEROOT=$(SRCROOT)/../support/make
-include $(MAKEROOT)/makedefs.mk
-
-LIBNAME = common
-
-DEPPROJECTS = ../idl
-PROJINC = VMCAService
-
-CXXFILES =
-
-CFILES = \
-	fsutils.c \
-	logging.c \
-	globals.c \
-	memory.c  \
-	certutils.c \
-	pkcs_csr.c
-
-LOCALHEADERS = 
-
-DISTINCPREFIX = VMCAService
-DISTINC = 
-
-GBDEPS = VMWARE_LIKEWISE_LINUX_X64
-
-CFLAGS += -I../include
-
-include $(MAKEROOT)/makeimpl.mk
-
diff --git a/vmca/common/Makefile.am b/vmca/common/Makefile.am
index 601743824..800cd6866 100644
--- a/vmca/common/Makefile.am
+++ b/vmca/common/Makefile.am
@@ -22,21 +22,18 @@ libcommon_la_SOURCES = \
 
 libcommon_la_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
     @LW_INCLUDES@ \
-    @VMAFD_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libcommon_la_LIBADD = \
     @LDAP_LIBS@ \
     @LBER_LIBS@ \
-    @VMAFD_LIBS@ \
     @LWREG_LIBS@ \
     @LWRSUTILS_LIBS@
 
 libcommon_la_LDFLAGS = \
     -DLDAP_DEPRECATED \
     -static \
-    @VMAFD_LDFLAGS@ \
     @OPENSSL_LDFLAGS@
diff --git a/vmca/common/defines.h b/vmca/common/defines.h
index 1e813e289..840a517ff 100644
--- a/vmca/common/defines.h
+++ b/vmca/common/defines.h
@@ -66,15 +66,5 @@ typedef enum
 #define CA_CONTAINER_NAME   "Certificate-Authorities"
 
 #define MAX_CN_LENGTH 64
-#define VMCA_MIN_CERT_PRIV_KEY_LENGTH        2048
-
-#define VMCA_TIME_SECS_PER_MINUTE           ( 60)
-#define VMCA_TIME_SECS_PER_HOUR             ( 60 * VMCA_TIME_SECS_PER_MINUTE)
-#define VMCA_TIME_SECS_PER_DAY              ( 24 * VMCA_TIME_SECS_PER_HOUR)
-#define VMCA_TIME_SECS_PER_WEEK             (  7 * VMCA_TIME_SECS_PER_DAY)
-#define VMCA_TIME_SECS_PER_YEAR             (366 * VMCA_TIME_SECS_PER_DAY)
-
-#define VMCA_VALIDITY_SYNC_BACK_DATE        (VMCA_TIME_SECS_PER_WEEK * 2)
-#define VMCA_MAX_CERT_DURATION              (VMCA_TIME_SECS_PER_YEAR * 10)
 
 #endif //__VMCA_COMMON_DEFINES_H__
diff --git a/vmca/common/includes.h b/vmca/common/includes.h
index 5bf72dd08..1286c1280 100644
--- a/vmca/common/includes.h
+++ b/vmca/common/includes.h
@@ -28,9 +28,6 @@
 #include <reg/lwreg.h>
 #include <reg/regutil.h>
 
-#include <vmafdclient.h>
-#include <vmafdtypes.h>
-
 #else
 
 #pragma once
@@ -58,9 +55,6 @@
 
 #include "banned.h"
 
-#include <vmafdclient.h>
-#include <vmafdtypes.h>
-
 #endif
 
 
diff --git a/vmca/common/pkcs_openssl.c b/vmca/common/pkcs_openssl.c
index 003e0082a..63547bd57 100644
--- a/vmca/common/pkcs_openssl.c
+++ b/vmca/common/pkcs_openssl.c
@@ -1662,80 +1662,6 @@ VMCASetCSRSubjectKeyIdentifier(
     return dwError;
 }
 
-static DWORD
-VMCASetCSRAuthorityInfoAccess(
-    STACK_OF(X509_EXTENSION) *pStack,
-    X509 *pCert,
-    X509 *pIssuer
-    )
-{
-    DWORD dwError = 0;
-    X509V3_CTX ctx;
-    X509_EXTENSION *pExtension = NULL;
-    PSTR pszIPAddress = NULL;
-    PSTR pszAIAString = NULL;
-
-    X509V3_set_ctx_nodb(&ctx);
-    X509V3_set_ctx(&ctx, pIssuer, pCert, NULL, NULL, 0);
-
-    dwError = VmAfdGetPNIDA(NULL, &pszIPAddress);
-    BAIL_ON_ERROR(dwError);
-
-    dwError = VMCAAllocateStringPrintfA(
-                                &pszAIAString,
-                                "caIssuers;URI:https://%s/afd/vecs/ssl",
-                                pszIPAddress);
-    BAIL_ON_ERROR(dwError);
-
-    pExtension = X509V3_EXT_conf_nid(
-                                NULL,
-                                &ctx,
-                                NID_info_access,
-                                (char*)pszAIAString);
-    if (pExtension == NULL)
-    {
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_ERROR(dwError);
-    }
-
-    sk_X509_EXTENSION_push(pStack, pExtension);
-error:
-    VMCA_SAFE_FREE_MEMORY(pszIPAddress);
-    VMCA_SAFE_FREE_MEMORY(pszAIAString);
-    return dwError;
-}
-
-static DWORD
-VMCASetAuthorityKeyIdentifier(
-    STACK_OF(X509_EXTENSION) *pStack,
-    X509 *pCert,
-    X509 *pIssuer
-    )
-{
-    DWORD dwError = 0;
-    X509V3_CTX ctx;
-    X509_EXTENSION *pExtension = NULL;
-
-    X509V3_set_ctx_nodb(&ctx);
-    X509V3_set_ctx(&ctx, pIssuer, pCert, NULL, NULL, 0);
-
-    pExtension = X509V3_EXT_conf_nid(
-                                NULL,
-                                &ctx,
-                                NID_authority_key_identifier,
-                                "keyid");
-    if (pExtension == NULL)
-    {
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_ERROR(dwError);
-    }
-
-    sk_X509_EXTENSION_push(pStack, pExtension);
-error:
-    return dwError;
-}
-
-
 DWORD
 VMCAAddExtension(
     STACK_OF(X509_EXTENSION) *pStack,
@@ -2631,52 +2557,6 @@ VMCAVerifyExtensions(
     return 0;
 }
 
-DWORD
-VMCACopyExtensions(
-    X509 *pCertificate,
-    X509 *pCACertificate,
-    X509_REQ *pRequest
-    )
-{
-    DWORD dwError = 0;
-    STACK_OF(X509_EXTENSION) *pStack  = NULL;
-    X509_EXTENSION *pExtension = NULL;
-    int extCount = 0;
-    int Counter = 0;
-
-    pStack = X509_REQ_get_extensions(pRequest);
-    if(pStack == NULL) {
-        goto error; // nothing to do here, just get out
-    }
-
-    // Copy AuthorityKeyId from CA certificate
-    dwError = VMCASetAuthorityKeyIdentifier(pStack, pCertificate, pCACertificate);
-    BAIL_ON_ERROR(dwError);
-
-    dwError = VMCASetCSRAuthorityInfoAccess(pStack, pCertificate, pCACertificate);
-    BAIL_ON_ERROR(dwError);
-
-    extCount = sk_X509_EXTENSION_num(pStack);
-    for(Counter = 0; Counter < extCount; Counter ++)
-    {
-        pExtension = sk_X509_EXTENSION_value(pStack, Counter);
-
-        // TODO : Clean up the Extensions, and have
-        // Policy on duplicate extension ext.
-        // We should probably log all this information before
-        // returning the certificate too.
-
-        dwError = X509_add_ext(pCertificate, pExtension, -1);
-        BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_EXT_ERR);
-    }
-
-error:
-    if(pStack) {
-        sk_X509_EXTENSION_pop_free(pStack, X509_EXTENSION_free);
-    }
-    return dwError;
-}
-
 DWORD
 VMCAVerifyCertificateName(
     X509* pCert
@@ -2820,267 +2700,6 @@ VMCAVerifySubjectAltNames(
 }
 
 
-
-DWORD
-VMCASignedRequestPrivate(
-    PVMCA_X509_CA pCA,
-    PSTR pszPKCS10Request,
-    PSTR *ppszCertificate,
-    time_t tmNotBefore,
-    time_t tmNotAfter
-)
-// VMCASignedRequestPrivate takes and CSR and signs the request
-//
-//Arguments :
-//      pCA : The CA class that can sign the request
-//      pszPKCS19Request : The Request that needs to be signed
-//      ppszCertificate : Points to a PEM encoded Signed Cert
-//      tmNotBefore : A Valid Time String that indicates when the Certificate is Valid From
-//      tmNotAfter : The End of certificates validity
-// Returns :
-//  Error Code
-{
-
-    DWORD dwError = 0;
-    X509_REQ *pRequest = NULL;
-    EVP_PKEY *pPublicKey = NULL;
-    X509 *pCertificate = NULL;
-    X509_NAME *pSubjName = NULL;
-    X509_NAME *pCAName = NULL;
-    PSTR pszStartTime = NULL;
-    PSTR pszEndTime = NULL;
-    PSTR pTempCertString = NULL;
-    PSTR pTempCertChainString = NULL;
-    const EVP_MD *digest = EVP_sha256();
-    ASN1_INTEGER *aiSerial = NULL;
-    time_t tmNow = 0;
-
-    if  ( (pCA == NULL) ||
-          ( pszPKCS10Request == NULL ) ||
-          (ppszCertificate == NULL)) {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    dwError = VMCAPEMToCSR(pszPKCS10Request, &pRequest);
-    BAIL_ON_ERROR(dwError);
-
-    if ((pPublicKey = X509_REQ_get_pubkey(pRequest)) == NULL )
-    {
-        VMCA_LOG_INFO("VMCASignedRequestPrivate: CSR does not have a public key");
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-    //
-    // Verify the Public Key is good and the signature is
-    // indeed for that key.
-    //
-    if (pPublicKey->type != EVP_PKEY_RSA ||
-        BN_num_bits(pPublicKey->pkey.rsa->n) < VMCA_MIN_CERT_PRIV_KEY_LENGTH)
-    {
-        VMCA_LOG_INFO("VMCASignedRequestPrivate: Key length not supported");
-        dwError = VMCA_ERROR_INVALID_KEY_LENGTH;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    time(&tmNow);
-    if (tmNotBefore < (tmNow - VMCA_VALIDITY_SYNC_BACK_DATE))
-    {
-        VMCA_LOG_INFO("VMCASignedRequestPrivate: Invalid start date");
-        dwError = VMCA_INVALID_TIME_SPECIFIED;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    if ((tmNotAfter - tmNotBefore) > VMCA_MAX_CERT_DURATION)      // 10. year
-    {
-        VMCA_LOG_INFO("VMCASignedRequestPrivate: Invalid validity period requested");
-        dwError = VMCA_INVALID_TIME_SPECIFIED;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    dwError = X509_REQ_verify(pRequest, pPublicKey);
-    BAIL_ON_SSL_ERROR(dwError, VMCA_INVALID_CSR_FIELD);
-
-    pSubjName = X509_REQ_get_subject_name(pRequest);
-    if( pSubjName == NULL)
-    {
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    if ( X509_NAME_entry_count(pSubjName) == 0 )
-    {
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    pCertificate = X509_new();
-    if(pCertificate == NULL) {
-        dwError = VMCA_OUT_MEMORY_ERR;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    // VMCA Supports only X509V3 only
-    dwError = X509_set_version(pCertificate, 2);
-    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
-
-    aiSerial = ASN1_INTEGER_new();
-    if (aiSerial == NULL) {
-        dwError = VMCA_OUT_MEMORY_ERR;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    VMCAGenerateX509Serial(aiSerial);
-    X509_set_serialNumber(pCertificate,aiSerial);
-
-    dwError = X509_set_subject_name(pCertificate, pSubjName);
-    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
-
-    pCAName = X509_get_subject_name(pCA->pCertificate);
-    if ( pCAName == NULL) {
-        dwError = VMCA_CERT_IO_FAILURE;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    dwError = X509_set_issuer_name(pCertificate, pCAName);
-    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
-
-    dwError = X509_set_pubkey(pCertificate, pPublicKey);
-    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
-
-    if (X509_cmp_time(X509_get_notBefore(pCA->pCertificate), &tmNotBefore) >= 0)
-    {
-        VMCA_LOG_INFO("VMCASignedRequestPrivate: Invalid validity period requested");
-        dwError = VMCA_SSL_SET_START_TIME;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    if (!ASN1_TIME_set(X509_get_notBefore(pCertificate), tmNotBefore)){
-        dwError = 0;
-        BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SET_START_TIME);
-    }
-
-    // If the request is beyond CA cert validity use CA cert validity
-    if (X509_cmp_time(X509_get_notAfter(pCA->pCertificate), &tmNotAfter) <= 0)
-    {
-        VMCA_LOG_INFO("VMCASignedRequestPrivate: Using CA certs not after field");
-        if(!ASN1_TIME_set_string(X509_get_notAfter(pCertificate),
-                                 X509_get_notAfter(pCA->pCertificate)->data))
-        {
-            dwError = 0;
-            BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SET_END_TIME);
-        }
-    }
-    else
-    {
-        if(!ASN1_TIME_set(X509_get_notAfter(pCertificate), tmNotAfter))
-        {
-            dwError = 0;
-            BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SET_END_TIME);
-        }
-    }
-
-    dwError = VMCACopyExtensions(pCertificate, pCA->pCertificate, pRequest);
-    BAIL_ON_ERROR(dwError);
-
-    if (X509_check_ca(pCertificate))
-    {
-        VMCA_LOG_INFO("Request for a CA certificate is not allowed");
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    if (((pCertificate->ex_flags & EXFLAG_KUSAGE) &&
-         (pCertificate->ex_kusage & KU_KEY_CERT_SIGN)))
-    {
-        VMCA_LOG_INFO("Request for a certificate signing cert is not allowed");
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    if (((pCertificate->ex_flags & EXFLAG_KUSAGE) &&
-         (pCertificate->ex_kusage & KU_CRL_SIGN)))
-    {
-        VMCA_LOG_INFO("Request for a CRL signing cert is not allowed");
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    if (((pCertificate->ex_flags & EXFLAG_KUSAGE) &&
-         (pCertificate->ex_kusage & KU_DATA_ENCIPHERMENT)))
-    {
-        VMCA_LOG_INFO("Request for a cert with data encryption key usage is not allowed");
-        dwError = VMCA_INVALID_CSR_FIELD;
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    dwError = VMCAVerifyCertificateName(pCertificate);
-    BAIL_ON_VMCA_ERROR(dwError);
-
-    dwError = VMCAVerifySubjectAltNames(pCertificate);
-    BAIL_ON_VMCA_ERROR(dwError);
-
-    dwError = X509_sign (pCertificate, pCA->pKey, digest);
-    BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SIGN_FAIL);
-
-    dwError = VMCACertToPEM(pCertificate, &pTempCertString);
-    BAIL_ON_VMCA_ERROR(dwError);
-
-    if (!VMCAIsSelfSignedCert(pCA->pCertificate))
-    {
-        dwError = VMCAAllocateStringPrintfA(
-                                            &pTempCertChainString,
-                                            "%s\n%s",
-                                            pTempCertString,
-                                            pCA->pszCertificate
-                                           );
-        BAIL_ON_VMCA_ERROR(dwError);
-    }
-
-    *ppszCertificate = pTempCertChainString?pTempCertChainString:pTempCertString;
-cleanup:
-
-    if(pPublicKey != NULL) {
-        EVP_PKEY_free(pPublicKey);
-    }
-
-    if (pRequest != NULL) {
-        X509_REQ_free(pRequest);
-    }
-
-    if( pszStartTime != NULL) {
-        VMCAFreeStringA(pszStartTime);
-    }
-
-    if(pszEndTime != NULL) {
-        VMCAFreeStringA(pszEndTime);
-    }
-
-    if(pCertificate != NULL) {
-        X509_free(pCertificate);
-    }
-    if(aiSerial != NULL){
-        ASN1_INTEGER_free(aiSerial);
-    }
-    if (pTempCertChainString)
-    {
-        VMCA_SAFE_FREE_STRINGA (pTempCertString);
-    }
-
-    return dwError;
-error :
-    if (ppszCertificate)
-    {
-        *ppszCertificate = NULL;
-    }
-    if(pTempCertString != NULL){
-        VMCAFreeStringA(pTempCertString);
-        pTempCertString = NULL;
-    }
-    VMCA_SAFE_FREE_MEMORY (pTempCertChainString);
-    goto cleanup;
-}
-
 DWORD
 VMCAWIntegerToASN1Integer (
                             PWSTR pwszInteger,
diff --git a/vmca/config/Makefile.am b/vmca/config/Makefile.am
index e113fe349..11a7e28e0 100644
--- a/vmca/config/Makefile.am
+++ b/vmca/config/Makefile.am
@@ -1,5 +1,5 @@
 vmcaconf_DATA = \
     vmca.reg  \
     vmcad-syslog-ng.conf \
-    certool.cfg
-
+    certool.cfg \
+    vmca-telegraf.conf
diff --git a/vmca/config/vmca-telegraf.conf b/vmca/config/vmca-telegraf.conf
new file mode 100644
index 000000000..ebc739450
--- /dev/null
+++ b/vmca/config/vmca-telegraf.conf
@@ -0,0 +1,3 @@
+[[inputs.procstat]]
+  exe="vmcad"
+  prefix="vmca"
diff --git a/vmca/configure.ac b/vmca/configure.ac
deleted file mode 100644
index 42a44a9fe..000000000
--- a/vmca/configure.ac
+++ /dev/null
@@ -1,665 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([vmca], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-#AC_PROG_CC
-AC_PROG_CXX(g++)
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-
-    linux*:x86_64)
-	;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-CXXFLAGS="$CXXFLAGS -frtti"
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC "
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CXXFLAGS)
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DVMCA_DEBUG"
-        fi
-    ])
-
-
-AC_ARG_ENABLE([gcov],
-    [AC_HELP_STRING([--enable-gcov], [enable code coverage (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0 -fprofile-arcs -ftestcoverage"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DVMCA_DEBUG"
-        fi
-    ])
-
-ENABLE_PYTHON=false
-AC_ARG_ENABLE([python],
-    [AC_HELP_STRING([--enable-python], [enable python module (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            ENABLE_PYTHON=true
-        fi
-    ])
-AM_CONDITIONAL(ENABLE_PYTHON, [$ENABLE_PYTHON])
-
-# Java component
-
-AC_ARG_WITH([java],
-    [AC_HELP_STRING([--with-java=<dir>], [use Java binaries rooted at prefix <dir> ])],
-    [
-        JAVA_HOME="$withval"
-        JAVA=$JAVA_HOME/bin/java
-        TOOLS_CLASSPATH=$JAVA_HOME/lib/tools.jar
-    ])
-
-AC_PATH_PROG([JAVAC], [javac], [no], [$PATH:$JAVA_HOME/bin])
-
-if test x"$JAVAC" = x"no"; then
-    AC_MSG_ERROR([JAVAC compiler not found])
-fi
-
-AC_SUBST(JAVA_HOME)
-AC_SUBST(JAVA)
-AC_SUBST(TOOLS_CLASSPATH)
-
-# Ant component
-
-AC_ARG_WITH([ant],
-    [AC_HELP_STRING([--with-ant=<dir>], [use Ant binaries rooted at prefix <dir> ])],
-    [
-        ANT_HOME="$withval"
-        ANT_CLASSPATH=$ANT_HOME/lib/ant.jar:$ANT_HOME/lib/ant-launcher.jar
-    ])
-
-AC_PATH_PROG([ANT], [ant], [no], [$PATH:$JAVA_HOME/bin:$ANT_HOME/bin])
-
-if test x"$ANT" = x"no"; then
-    AC_MSG_ERROR([ANT compiler not found])
-fi
-
-AC_SUBST(ANT_HOME)
-AC_SUBST(ANT_CLASSPATH)
-
-# openssl component
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-# vmafd component
-
-AC_ARG_WITH([afd],
-    [AC_HELP_STRING([--with-afd=<dir>], [use afd-server binaries rooted at prefix <dir> ])],
-    [
-        VMAFD_BASE_PATH="$withval"
-        VMAFD_INCLUDES="-I$withval/include"
-        VMAFD_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,$withval/lib64"
-    ])
-
-AC_ARG_WITH([afd-includes],
-    [AC_HELP_STRING([--with-afd-includes=<dir>], [use afd-server headers located in prefix <dir> ])],
-    [
-        VMAFD_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([afd-libs],
-    [AC_HELP_STRING([--with-afd-libs=<dir>], [use afd-server libraries located in prefix <dir> ])],
-    [
-        VMAFD_LDFLAGS="-L$withval"
-    ])
-
-AC_ARG_WITH([afd-rpath],
-    [AC_HELP_STRING([--with-afd-rpath=<dir>], [use afd-server libraries located at <dir> at runtime])],
-    [
-        VMAFD_LDFLAGS="-L$VMAFD_BASE_PATH/lib64 -Wl,-rpath,$withval -Wl,-rpath-link,$VMAFD_BASE_PATH/lib64"
-    ])
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMAFD_INCLUDES $DCERPC_INCLUDES"
-AC_CHECK_HEADERS(vmafdclient.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-VMAFD_LIBS="-lvmafdclient"
-AC_SUBST(VMAFD_BASE_PATH)
-AC_SUBST(VMAFD_INCLUDES)
-AC_SUBST(VMAFD_LDFLAGS)
-
-# OIDC
-
-OIDC_DEFAULT_PATH=/opt/vmware/lib64
-SSOCOMMON_LDFLAGS=$OIDC_DEFAULT_PATH
-AC_ARG_WITH([ssocommon],
-    [AC_HELP_STRING([--with-ssocommon=<dir>], [use ssocommon binaries rooted at prefix <dir> ])],
-    [
-        SSOCOMMON_BASE_PATH="$withval"
-        SSOCOMMON_INCLUDES="-I$withval/include"
-        SSOCOMMON_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-SSOCOMMON_LIBS="-lssocommon"
-AC_SUBST(SSOCOMMON_BASE_PATH)
-AC_SUBST(SSOCOMMON_INCLUDES)
-AC_SUBST(SSOCOMMON_LDFLAGS)
-
-OIDC_LDFLAGS=$OIDC_DEFAULT_PATH
-AC_ARG_WITH([oidc],
-    [AC_HELP_STRING([--with-oidc=<dir>], [use oidc binaries rooted at prefix <dir> ])],
-    [
-        OIDC_BASE_PATH="$withval"
-        OIDC_INCLUDES="-I$withval/include"
-        OIDC_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-OIDC_LIBS="-loidc"
-AC_CHECK_HEADERS(oidc.h)
-AC_CHECK_HEADERS(oidc_types.h)
-AC_CHECK_HEADERS(common_types.h)
-AC_SUBST(OIDC_BASE_PATH)
-AC_SUBST(OIDC_INCLUDES)
-AC_SUBST(OIDC_LDFLAGS)
-
-
-# Trident
-
-AC_ARG_WITH([trident],
-    [AC_HELP_STRING([--with-trident=<dir>], [use trident-server binaries rooted at prefix <dir> ])],
-    [
-        TRIDENT_BASE_PATH="$withval"
-        TRIDENT_INCLUDES="-I$withval/include/vmware-rest"
-        TRIDENT_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-TRIDENT_LIBS="-lrestengine"
-AC_CHECK_HEADERS(vmrest.h)
-AC_SUBST(TRIDENT_BASE_PATH)
-AC_SUBST(TRIDENT_INCLUDES)
-AC_SUBST(TRIDENT_LDFLAGS)
-
-# Jansson
-
-AC_ARG_WITH([jansson],
-    [AC_HELP_STRING([--with-jansson=<dir>], [use jansson binaries rooted at prefix <dir> ])],
-    [
-        JANSSON_BASE_PATH="$withval"
-        JANSSON_INCLUDES="-I$withval/include"
-        JANSSON_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-JANSSON_LIBS="-ljansson"
-AC_CHECK_HEADERS(jansson.h)
-AC_SUBST(JANSSON_BASE_PATH)
-AC_SUBST(JANSSON_INCLUDES)
-AC_SUBST(JANSSON_LDFLAGS)
-
-
-
-# Likewise components
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/likewise/lib64 -Wl,-rpath-link,/opt/likewise/lib64"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$LW_BASE_PATH/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_ARG_WITH([dcerpc],
-    [AC_HELP_STRING([--with-dcerpc=<dir>], [use DCERPC binaries rooted at prefix <dir> ])],
-    [
-        DCERPC_PATH="$withval/bin"
-        DCERPC_INCLUDES="-I$withval/include"
-        DCERPC_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([dcerpc-includes],
-    [AC_HELP_STRING([--with-dcerpc-includes=<dir>], [use DCERPC headers located in prefix <dir> ])],
-    [
-        DCERPC_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([dcerpc-libs],
-    [AC_HELP_STRING([--with-dcerpc-libs=<dir>], [use DCERPC libraries located in prefix <dir> ])],
-    [
-        DCERPC_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES $OPENSSL_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h)
-AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# POPT components
-
-AC_ARG_WITH([popt],
-    [AC_HELP_STRING([--with-popt=<dir>], [use POPT binaries rooted at prefix <dir> ])],
-    [
-        POPT_BASE_PATH="$withval"
-        POPT_INCLUDES="-I$withval/include"
-        POPT_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([popt-includes],
-    [AC_HELP_STRING([--with-popt-includes=<dir>], [use POPT headers located in prefix <dir> ])],
-    [
-        POPT_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([popt-libs],
-    [AC_HELP_STRING([--with-popt-libs=<dir>], [use POPT libraries located in prefix <dir> ])],
-    [
-        POPT_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(POPT_BASE_PATH)
-AC_SUBST(POPT_INCLUDES)
-AC_SUBST(POPT_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $POPT_INCLUDES"
-AC_CHECK_HEADERS(popt.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# SQLITE components
-
-AC_ARG_WITH([sqlite],
-    [AC_HELP_STRING([--with-sqlite=<dir>], [use SQLITE binaries rooted at prefix <dir> ])],
-    [
-        SQLITE_BASE_PATH="$withval"
-        SQLITE_INCLUDES="-I$withval/include"
-        SQLITE_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([sqlite-includes],
-    [AC_HELP_STRING([--with-sqlite-includes=<dir>], [use SQLITE headers located in prefix <dir> ])],
-    [
-        SQLITE_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([sqlite-libs],
-    [AC_HELP_STRING([--with-sqlite-libs=<dir>], [use SQLITE libraries located in prefix <dir> ])],
-    [
-        SQLITE_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(SQLITE_BASE_PATH)
-AC_SUBST(SQLITE_INCLUDES)
-AC_SUBST(SQLITE_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $SQLITE_INCLUDES"
-AC_CHECK_HEADERS(sqlite3.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# BOOST components
-
-AC_ARG_WITH([boost],
-    [AC_HELP_STRING([--with-boost=<dir>], [use BOOST binaries rooted at prefix <dir> ])],
-    [
-        BOOST_BASE_PATH="$withval"
-        BOOST_INCLUDES="-I$withval/include"
-        BOOST_LIB_PATH="$withval/lib"
-        BOOST_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([boost-includes],
-    [AC_HELP_STRING([--with-boost-includes=<dir>], [use BOOST headers located in prefix <dir> ])],
-    [
-        BOOST_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([boost-libs],
-    [AC_HELP_STRING([--with-boost-libs=<dir>], [use BOOST libraries located in prefix <dir> ])],
-    [
-        BOOST_LIB_PATH="$withval"
-        BOOST_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(BOOST_BASE_PATH)
-AC_SUBST(BOOST_INCLUDES)
-AC_SUBST(BOOST_LIB_PATH)
-AC_SUBST(BOOST_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $BOOST_INCLUDES"
-AC_LANG_PUSH([C++])
-AC_CHECK_HEADERS(boost/asio.hpp)
-AC_LANG_POP([C++])
-CPPFLAGS="$saved_CPPFLAGS"
-
-# Python components
-
-AC_ARG_WITH([python],
-    [AC_HELP_STRING([--with-python=<dir>], [use Python binaries rooted at prefix <dir> ])],
-    [
-        PYTHON_BASE_PATH="$withval"
-        PYTHON_INCLUDES="-I$withval/include/python2.7"
-        PYTHON_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([python-includes],
-    [AC_HELP_STRING([--with-python-includes=<dir>], [use Python headers located in prefix <dir> ])],
-    [
-        PYTHON_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([python-libs],
-    [AC_HELP_STRING([--with-python-libs=<dir>], [use Python libraries located in prefix <dir> ])],
-    [
-        PYTHON_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(PYTHON_BASE_PATH)
-AC_SUBST(PYTHON_INCLUDES)
-AC_SUBST(PYTHON_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $PYTHON_INCLUDES"
-AC_CHECK_HEADERS(python.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h termios.h term.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([popt], [poptGetArg], [POPT_LIBS="-lpopt"], [], [$POPT_LDFLAGS])
-
-AC_LANG_PUSH([C++])
-echo $BOOST_BASE_PATH
-echo $BOOST_LDFLAGS
-
-AC_CHECK_LIB(
-        [boost_unit_test_framework-gcc41-mt-1_55],
-        [main],
-        [BOOST_LIBS="-lboost_system-gcc41-mt-s-1_55 -lboost_filesystem-gcc41-mt-s-1_55 -lboost_program_options-gcc41-mt-s-1_55"],
-        [],
-        [$BOOST_LDFLAGS])
-
-AC_CHECK_LIB(
-        [boost_unit_test_framework-xgcc42-mt-1_55],
-        [main],
-        [BOOST_LIBS="-lboost_system-xgcc42-mt-s-1_55 -lboost_filesystem-xgcc42-mt-s-1_55 -lboost_program_options-xgcc42-mt-s-1_55"],
-        [],
-        [$BOOST_LDFLAGS])
-
-AC_CHECK_LIB(
-        [boost_unit_test_framework],
-        [main],
-        [BOOST_LIBS="-lboost_thread -lboost_system -lboost_filesystem -lboost_program_options"],
-        [],
-        [$BOOST_LDFLAGS])
-AC_LANG_POP([C++])
-
-AC_CHECK_LIB([sqlite3], [sqlite3_open], [SQLITE_LIBS="-lsqlite3"], [], [$SQLITE_LDFLAGS $DL_LIBS $PTHREAD_LIBS])
-AC_CHECK_LIB([python2.7 ],  [PyArg_Parse], [PYTHON_LIBS="-lpython2.7"], [], [$PYTHON_LDFLAGS])
-
-AC_LANG_PUSH([C++])
-saved_LIBS="$LIBS"
-LOG4CPP_LIBS="-llog4cpp"
-AC_LANG_PUSH([C++])
-saved_LIBS="$LIBS"
-LOG4CPP_LIBS="-static -llog4cpp"
-
-
-
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB(
-    [uuid],
-    [uuid_generate],
-    [UUID_LIBS="-luuid"],
-    [],
-    [$LW_LDFLAGS])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [ssl],
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $OPENSSL_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-AC_CHECK_LIB(
-              [lber],
-              [ber_scanf],
-              [LBER_LIBS="-llber"],
-              [],
-              [$LW_LDFLAGS -llber])
-
-#AC_CHECK_LIB(
-#              [gssapi_krb5],
-#              [gss_accept_sec_context],
-#              [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-#              [],
-#              [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-
-AC_CHECK_LIB(
-              [ldap_r],
-              [ldap_add_ext],
-              [LDAP_LIBS="-lldap_r -llber -lsasl2"],
-              [],
-              [$LW_LDFLAGS -llber -lsasl2 $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-
-
-
-AC_SUBST(BOOST_LIBS)
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(POPT_LIBS)
-AC_SUBST(SQLITE_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(LBER_LIBS)
-AC_SUBST(PYTHON_LIBS)
-AC_SUBST(VMAFD_LIBS)
-AC_SUBST(TRIDENT_LIBS)
-AC_SUBST(JANSSON_LIBS)
-AC_SUBST(OIDC_LIBS)
-AC_SUBST(SSOCOMMON_LIBS)
-
-
-AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-AS_AC_EXPAND(VMCA_BIN_DIR, $prefix)
-AC_SUBST(VMCA_BIN_DIR)
-
-AS_AC_EXPAND(VMCA_SBIN_DIR, ["${sbindir}"])
-AC_SUBST(VMCA_SBIN_DIR)
-
-if test x"$localstatedir" = x"/var"; then
-    vmcadbdir="$localstatedir/lib/vmca"
-else
-    vmcadbdir="$localstatedir"
-fi
-AC_SUBST(vmcadbdir)
-AS_AC_EXPAND(VMCA_DB_DIR, $vmcadbdir)
-AC_SUBST(VMCA_DB_DIR)
-AC_DEFINE_UNQUOTED(VMCA_DB_DIR, "$VMCA_DB_DIR", [Database directory])
-
-if test x"$IDL" = x"no"; then
-    AC_MSG_ERROR([DCERPC IDL compiler not found])
-fi
-
-AS_AC_EXPAND(VMCA_INSTALL_DIR, $prefix)
-AC_DEFINE_UNQUOTED(VMCA_INSTALL_DIR, "$VMCA_INSTALL_DIR", [Install folder])
-
-vmcaconfdir="$datadir/config"
-AC_SUBST(vmcaconfdir)
-
-AS_AC_EXPAND(VMCA_CONFIG_DIR, $vmcaconfdir)
-AC_SUBST(VMCA_CONFIG_DIR)
-
-AC_DEFINE_UNQUOTED(VMCA_CONFIG_DIR, "$VMCA_CONFIG_DIR", [Config directory])
-
-vmcatoolsdir=$prefix/bin
-AC_SUBST(vmcatoolsdir)
-
-vmcapyutilsdir=$prefix/site-packages/cis
-AC_SUBST(vmcapyutilsdir)
-
-vmcajarsdir="$prefix/jars"
-AC_SUBST(vmcajarsdir)
-
-AC_CONFIG_FILES([Makefile
-                 include/Makefile
-                 include/public/Makefile
-                 config/Makefile
-                 config/vmca.reg
-                 common/Makefile
-                 service/Makefile
-                 client/Makefile
-                 vmcadb/Makefile
-                 certool/Makefile
-                 test/Makefile
-                 python/Makefile
-                 jdepends/Makefile
-                 java/Makefile
-                ])
-AC_OUTPUT
-
diff --git a/vmca/include/vmcacommon.h b/vmca/include/vmcacommon.h
index d5ca6fb98..1a7cd92e6 100644
--- a/vmca/include/vmcacommon.h
+++ b/vmca/include/vmcacommon.h
@@ -283,8 +283,8 @@ extern VMCA_LOG_LEVEL VMCALogGetLevel();
 #define IsNullOrEmptyString(str) (!(str) || !*(str))
 #endif
 
-#ifndef VMCA_SAFE_LOG_STRING
-#define VMCA_SAFE_LOG_STRING(str) ((str) ? (str) : "")
+#ifndef VMCA_SAFE_STRING
+#define VMCA_SAFE_STRING(str) ((str) ? (str) : "")
 #endif
 
 #define VMCA_REG_KEY_VMCADBPATH              "DbPath"
@@ -1001,14 +1001,6 @@ VMCAVerifyExtensions(
     STACK_OF(X509_EXTENSION) *pExtension
 );
 
-DWORD
-VMCACopyExtensions(
-    X509 *pCertificate,
-    X509 *pCACertificate,
-    X509_REQ *pRequest
-);
-
-
 DWORD
 VMCAVerifyCertificateName(
     X509 *pCertificate
@@ -1020,15 +1012,6 @@ VMCAVerifySubjectAltNames(
 );
 
 
-DWORD
-VMCASignedRequestPrivate(
-    PVMCA_X509_CA pCA,
-    PSTR pszPKCS10Request,
-    PSTR *ppszCertificate,
-    time_t tmNotBefore,
-    time_t tmNotAfter
-);
-
 DWORD
 VMCAWIntegerToASN1Integer(
                             PWSTR pwszInteger,
diff --git a/vmca/java/Makefile.am b/vmca/java/Makefile.am
index 7723777ec..029423a4b 100644
--- a/vmca/java/Makefile.am
+++ b/vmca/java/Makefile.am
@@ -2,9 +2,8 @@
 CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
 
 vmcajars_DATA = \
-    @top_builddir@/packages/vmware-vmca-client.jar
+    @top_builddir@/vmca/certificate-authority/packages/vmware-vmca-client.jar
 
-@top_builddir@/packages/vmware-vmca-client.jar :
+@top_builddir@/vmca/certificate-authority/packages/vmware-vmca-client.jar :
 	@echo "Building Jar : vmware-vmca-client.jar"
-	cd @top_srcdir@/java && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -DBUILD_NUMBER="0" -Dfile.encoding="UTF8" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
-
+	cd @top_srcdir@/vmca/java && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Dlibs.ant-contrib-home="@abs_top_builddir@/vmca/depends" -DBUILD_NUMBER="0" -Dbuild_dir="@abs_top_builddir@"/vmca -Dfile.encoding="UTF8" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/vmca/java/build.xml b/vmca/java/build.xml
index d7dea2e4b..bb608dd5f 100644
--- a/vmca/java/build.xml
+++ b/vmca/java/build.xml
@@ -4,19 +4,18 @@
 -->
 <project name="vmware-vmca-client" default="build" basedir=".">
 
-           <property name="target-sets" value="main" />
-   
-   	   <property file="../product.properties" />
- 	   <property name="MAINSRCROOT" value="${basedir}/.." />
-   	   <property name="buildRoot" location="${MAINSRCROOT}/build" />
- 
-           <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
+  <property name="target-sets" value="main" />
 
-	  <path id="classpath.main">
-             <fileset refid="jar-set.jna" />
-             <fileset refid="jar-set.commons-codec" />          
-	 </path>
+  <property name="MAINSRCROOT" value="${basedir}/.." />
+  <property file="${MAINSRCROOT}/java/product.properties" />
+  <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
+  <property name="buildRoot" location="${build_dir}/${PRODUCT_NAME}" />
 
-          <import file="${MAINSRCROOT}/build/ant/buildcycle-template.xml" />
+  <path id="classpath.main">
+    <fileset refid="jar-set.jna" />
+    <fileset refid="jar-set.commons-codec" />
+  </path>
+
+  <import file="${MAINSRCROOT}/build/ant/buildcycle-template.xml" />
 
 </project>
diff --git a/vmca/java/product.properties b/vmca/java/product.properties
index 530743daa..b5c9477c7 100644
--- a/vmca/java/product.properties
+++ b/vmca/java/product.properties
@@ -1,2 +1 @@
 PRODUCT_NAME=certificate-authority
-
diff --git a/vmca/jdepends/Makefile.am b/vmca/jdepends/Makefile.am
index 701233105..8c054e25e 100644
--- a/vmca/jdepends/Makefile.am
+++ b/vmca/jdepends/Makefile.am
@@ -1,7 +1,5 @@
-
 CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
 
-install-exec-local:
+all-local:
 	@echo "Building Dependencies"
-	cd @top_srcdir@/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
-
+	cd @top_srcdir@/vmca/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Dbuild_dir="@abs_top_builddir@/vmca" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/vmca/jdepends/build.xml b/vmca/jdepends/build.xml
index fc1dcb381..3f3129438 100644
--- a/vmca/jdepends/build.xml
+++ b/vmca/jdepends/build.xml
@@ -5,9 +5,9 @@
 <project name="vmware-vmca-depends" default="build" basedir=".">
 
    <property name="MAINSRCROOT" value="${basedir}/.." />
-   <property file="../product.properties" />
-   <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}" />
-   <property name="depends" value="${MAINSRCROOT}/build/depends" />
+   <property file="${MAINSRCROOT}/java/product.properties" />
+   <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}" />
+   <property name="depends" value="${build_dir}/depends" />
 
    <import file="${MAINSRCROOT}/build/ant/presets.xml" />
    <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
@@ -28,6 +28,7 @@
 
           <!-- TEST DEPENDENCIES -->
            <url url="http://central.maven.org/maven2/org/powermock/powermock-easymock-release-full/1.6.2/powermock-easymock-release-full-1.6.2-full.jar" />
+           <url url="http://central.maven.org/maven2/ant-contrib/ant-contrib/1.0b3/ant-contrib-1.0b3.jar" />
 
          </resources>
      </copy>
diff --git a/vmca/m4/README b/vmca/m4/README
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vmca/m4/as-ac-expand.m4 b/vmca/m4/as-ac-expand.m4
deleted file mode 100644
index 8bd95a85c..000000000
--- a/vmca/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/vmca/m4/libtool.m4 b/vmca/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/vmca/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/vmca/m4/ltoptions.m4 b/vmca/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/vmca/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/vmca/m4/ltsugar.m4 b/vmca/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/vmca/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/vmca/m4/ltversion.m4 b/vmca/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/vmca/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/vmca/m4/lt~obsolete.m4 b/vmca/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/vmca/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/vmca/python/Makefile.am b/vmca/python/Makefile.am
index 34d0db5b7..48fc6522e 100644
--- a/vmca/python/Makefile.am
+++ b/vmca/python/Makefile.am
@@ -4,21 +4,20 @@ vmca_la_SOURCES = \
     vmca-python.cpp  \
     certclient.cpp
 
-    
-
 vmca_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/common \
-    -I$(top_srcdir)/python \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmca/common \
+    -I$(top_srcdir)/vmca/python \
     @BOOST_INCLUDES@ \
     @LW_INCLUDES@ \
     @PYTHON_INCLUDES@    
 
 vmca_la_LIBADD = \
     @BOOST_LIB_PATH@/libboost_python-gcc41-mt-1_55.a\
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmcaclient.la \
+    $(top_builddir)/vmca/common/libcommon.la \
+    $(top_builddir)/vmca/client/libvmcaclient.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
     @DL_LIBS@  \
     @PTHREAD_LIBS@ \
     @GSSAPI_LIBS@ \
@@ -34,16 +33,9 @@ vmca_la_LIBADD = \
     @UUID_LIBS@ \
     @LDAP_LIBS@ \
     @LBER_LIBS@ 
-    
  
 vmca_la_LDFLAGS = \
-    @VMAFD_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@  \
     @PYTHON_LDFLAGS@ \
     -module 
-    
-    
-
-
-
diff --git a/vmca/service/Makefile.am b/vmca/service/Makefile.am
index 4a086ec5e..a29baaa1e 100644
--- a/vmca/service/Makefile.am
+++ b/vmca/service/Makefile.am
@@ -1,39 +1,57 @@
 sbin_PROGRAMS = vmcad
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmca/idl
 
-vmcad_SOURCES =         \
-    auth.c              \
-    dirsync.c           \
-    entrypoints.c       \
-    errormap.c          \
-    globals.c           \
-    init.c              \
-    main.c              \
-    rpc.c               \
-    rpcmemory.c         \
-    rpcserv.c           \
-    service.c           \
-    signal.c            \
-    state.c             \
-    thread.c            \
-    utils.c             \
-    vmcaservice.c       \
+vmcad_SOURCES = \
+    auth.c \
+    dirsync.c \
+    entrypoints.c \
+    errormap.c \
+    globals.c \
+    init.c \
+    main.c \
+    rpc.c \
+    rpcmemory.c \
+    rpcserv.c \
+    service.c \
+    signal.c \
+    state.c \
+    thread.c \
+    utils.c \
+    vmcaservice.c \
     vmca_sstub.c
 
-vmcad_CPPFLAGS =                    \
-    -I$(top_srcdir)/include         \
-    -I$(top_srcdir)/include/public  \
-    @DCERPC_INCLUDES@               \
-    @LW_INCLUDES@                   \
-    @POPT_INCLUDES@                 \
-    @OPENSSL_INCLUDES@              \
-    @VMAFD_INCLUDES@
+if REST_ENABLED
+
+vmcad_SOURCES += \
+    oidcutil.c \
+    restauth.c \
+    restnegauth.c \
+    restutil.c \
+    vmcaHTTPCallBack.c \
+    vmcaHTTPHandlers.c
+
+endif
+
+vmcad_CPPFLAGS = \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmafd/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public \
+    @DCERPC_INCLUDES@ \
+    @LW_INCLUDES@ \
+    @POPT_INCLUDES@ \
+    @OPENSSL_INCLUDES@ \
+    @JANSSON_INCLUDES@ \
+    @CRESTENGINE_INCLUDES@
 
 vmcad_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/vmcadb/libvmcadb.la \
-    @VMAFD_LIBS@ \
+    $(top_builddir)/vmca/common/libcommon.la \
+    $(top_builddir)/vmca/vmcadb/libvmcadb.la \
+    $(top_builddir)/vmafd/client/libvmafdclient.la \
+    $(top_builddir)/vmidentity/ssoclients/common/src/libssocommon.la \
+    $(top_builddir)/vmidentity/ssoclients/oidc/src/libssooidc.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -46,13 +64,16 @@ vmcad_LDADD = \
     @LDAP_LIBS@ \
     @POPT_LIBS@ \
     @UUID_LIBS@ \
-    @PTHREAD_LIBS@
+    @PTHREAD_LIBS@ \
+    @JANSSON_LIBS@ \
+    @CRESTENGINE_LIBS@
 
 vmcad_LDFLAGS = \
-    @VMAFD_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@ \
-    @POPT_LDFLAGS@
+    @POPT_LDFLAGS@ \
+    @JANSSON_LDFLAGS@ \
+    @CRESTENGINE_LDFLAGS@
 
 CLEANFILES = \
     vmca_h.h \
@@ -63,4 +84,3 @@ BUILT_SOURCES = vmca_h.h
 
 vmca_h.h vmca_sstub.c: $(idl_srcdir)/vmca.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmca_h.h -I$(idl_srcdir) $<
-
diff --git a/vmca/service/defines.h b/vmca/service/defines.h
index cbd2ec661..2916ff4e9 100644
--- a/vmca/service/defines.h
+++ b/vmca/service/defines.h
@@ -222,14 +222,14 @@ typedef DWORD VMCA_FUNC_LEVEL;
         dwerror = ERROR_INVALID_PARAMETER;      \
     }
 
-// REST ENGINE CONFIG VALUES
-// TRIDENT
+// C REST ENGINE CONFIG VALUES
 #define VMCARESTSSLCERT "/root/mycert.pem"
 #define VMCARESTSSLKEY "/root/mycert.pem"
-#define VMCARESTPORT "81"
+#define VMCARESTPORT "81p"  // TODO remove p
 #define VMCARESTDEBUGLOGFILE "/tmp/restServer.log"
 #define VMCARESTCLIENTCNT "5"
 #define VMCARESTWORKERTHCNT "5"
+#define VMCARESTMAXPAYLOADLENGTH 4096
 
 //VMCA HTTP ENDPOINT URI VALUES
 #define VMCA_CRL_URI "vmca/crl"
@@ -270,6 +270,15 @@ typedef DWORD VMCA_FUNC_LEVEL;
 #define VMCA_TIME_LAG_OFFSET_CERTIFICATE (5*60)
 #define VMCA_MIN_CA_CERT_PRIV_KEY_LENGTH (2048)
 
+#define VMCA_TIME_SECS_PER_MINUTE           ( 60)
+#define VMCA_TIME_SECS_PER_HOUR             ( 60 * VMCA_TIME_SECS_PER_MINUTE)
+#define VMCA_TIME_SECS_PER_DAY              ( 24 * VMCA_TIME_SECS_PER_HOUR)
+#define VMCA_TIME_SECS_PER_WEEK             (  7 * VMCA_TIME_SECS_PER_DAY)
+#define VMCA_TIME_SECS_PER_YEAR             (366 * VMCA_TIME_SECS_PER_DAY)
+
+#define VMCA_VALIDITY_SYNC_BACK_DATE        (VMCA_TIME_SECS_PER_WEEK * 2)
+#define VMCA_MAX_CERT_DURATION              (VMCA_TIME_SECS_PER_YEAR * 10)
+
 #define VMCA_LOCK_MUTEX_EXCLUSIVE(pmutex, bLocked) \
 if (! (bLocked) ) \
 { \
diff --git a/vmca/service/externs.h b/vmca/service/externs.h
index 012cd59dd..d53e78800 100644
--- a/vmca/service/externs.h
+++ b/vmca/service/externs.h
@@ -31,7 +31,9 @@ extern "C" {
 
 extern VMCA_SERVER_GLOBALS gVMCAServerGlobals;
 
-#if 0
+#ifdef REST_ENABLED
+
+extern PVMREST_HANDLE gpVMCARESTHandle;
 
 extern VMCA_ACCESS_TOKEN_METHODS gVMCAAccessTokenMethods[];
 
@@ -39,10 +41,14 @@ extern VMCA_ACCESS_TOKEN_METHODS gVMCAAccessTokenMethods[];
 
 extern uint32_t
 VMCAHandleHttpRequest(
-        PREST_REQUEST pRequest,
-        PREST_RESPONSE* ppResponse,
-        uint32_t paramsCount);
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    );
+
 #endif
+
 #endif
 
 #ifdef __cplusplus
diff --git a/vmca/service/globals.c b/vmca/service/globals.c
index 653fa96e0..f1ed4a537 100644
--- a/vmca/service/globals.c
+++ b/vmca/service/globals.c
@@ -30,10 +30,14 @@ VMCA_SERVER_GLOBALS gVMCAServerGlobals =
     VMCA_SF_INIT(.gpEventLog, NULL)
 };
 
-#if 0
+#ifdef REST_ENABLED
+
+PVMREST_HANDLE gpVMCARESTHandle = NULL;
+
 VMCA_ACCESS_TOKEN_METHODS gVMCAAccessTokenMethods[] =
 {
     {VMCA_AUTHORIZATION_TYPE_BEARER_TOKEN, VMCAVerifyOIDC, VMCAFreeOIDC},
     {VMCA_AUTHORIZATION_TOKEN_TYPE_KRB, VMCARESTVerifyKrbAuth, VMCARESTFreeKrb}
 };
+
 #endif
diff --git a/vmca/service/includes.h b/vmca/service/includes.h
index 5aa33a819..611074de4 100644
--- a/vmca/service/includes.h
+++ b/vmca/service/includes.h
@@ -21,6 +21,7 @@ extern "C" {
 
 #ifndef _WIN32
 
+#include <config.h>
 #include <vmcasys.h>
 #include <vmafdclient.h>
 #include <vmafdtypes.h>
@@ -52,12 +53,14 @@ extern "C" {
 //#include <vmcasrvutils.h>
 #include <vmcadb.h>
 
-#if 0
+#ifdef REST_ENABLED
+
 #include <vmrest.h>
 #include <jansson.h>
-#include <common_types.h>
+#include <ssotypes.h>
 #include <oidc_types.h>
 #include <oidc.h>
+
 #endif
 
 #include "defines.h"
diff --git a/vmca/service/init.c b/vmca/service/init.c
index 0e78f543a..a34af490a 100644
--- a/vmca/service/init.c
+++ b/vmca/service/init.c
@@ -56,6 +56,11 @@ VMCAInitialize(
     // Don't bail on Error , this just sets up the current state
     dwError = VMCASrvInitCA();
 
+#ifdef REST_ENABLED
+    dwError = OidcClientGlobalInit();
+    BAIL_ON_VMCA_ERROR(dwError);
+#endif
+
     dwError = VMCASrvDirSyncInit();
     BAIL_ON_VMCA_ERROR(dwError);
 
@@ -77,6 +82,9 @@ VMCAShutdown(
     VMCASrvDirSyncShutdown();
     VMCATerminateLogging();
     VMCASrvCleanupGlobalState();
+#ifdef REST_ENABLED
+    OidcClientGlobalCleanup();
+#endif
     VMCACommonShutdown();
 }
 
@@ -96,8 +104,8 @@ InitializeDatabase(
     BAIL_ON_VMCA_ERROR(dwError);
 
     VMCA_LOG_INFO(
-    	"Initializing database: [%s]",
-    	VMCA_SAFE_LOG_STRING(pszCertDBPath));
+            "Initializing database: [%s]",
+            VMCA_SAFE_STRING(pszCertDBPath));
 
     dwError = VmcaDbInitialize(pszCertDBPath);
     BAIL_ON_VMCA_ERROR(dwError);
diff --git a/vmca/service/main.c b/vmca/service/main.c
index 2d6e525f6..904714963 100644
--- a/vmca/service/main.c
+++ b/vmca/service/main.c
@@ -62,7 +62,7 @@ VMCAParseArgs(
     return dwError;
 }
 
-#if 0
+#ifdef REST_ENABLED
 
 REST_PROCESSOR sVmcaHttpHandlers =
 {
@@ -94,39 +94,46 @@ VMCAHttpServiceStartup()
     pConfig->pClientCount = VMCARESTCLIENTCNT;
     pConfig->pMaxWorkerThread = VMCARESTWORKERTHCNT;
 
-    dwError = VmRESTInit(pConfig, NULL);
+    dwError = VmRESTInit(pConfig, NULL, &gpVMCARESTHandle);
     BAIL_ON_VMREST_ERROR(dwError);
 
     dwError = VmRESTRegisterHandler(
-                "/vmca/certificates",
-                pHandlers,
-                NULL
-                );
+            gpVMCARESTHandle,
+            "/vmca/certificates",
+            pHandlers,
+            NULL);
     BAIL_ON_VMREST_ERROR(dwError);
 
     dwError = VmRESTRegisterHandler(
-                "/vmca/root",
-                pHandlers,
-                NULL
-                );
+            gpVMCARESTHandle,
+            "/vmca/root",
+            pHandlers,
+            NULL);
     BAIL_ON_VMREST_ERROR(dwError);
 
     dwError = VmRESTRegisterHandler(
-                "/vmca/crl",
-                pHandlers,
-                NULL
-                );
+            gpVMCARESTHandle,
+            "/vmca/crl",
+            pHandlers,
+            NULL);
     BAIL_ON_VMREST_ERROR(dwError);
 
     dwError = VmRESTRegisterHandler(
-                "/vmca",
-                pHandlers,
-                NULL
-                );
+            gpVMCARESTHandle,
+            "/vmca",
+            pHandlers,
+            NULL);
     BAIL_ON_VMREST_ERROR(dwError);
 
-    dwError = VmRESTStart();
-    BAIL_ON_VMREST_ERROR(dwError);
+    dwError = VmRESTStart(gpVMCARESTHandle);
+    if (dwError)
+    {
+        // soft fail - will not listen on REST port.
+        VMCA_LOG_WARNING(
+                "VmRESTStart failed with error %d, not going to listen on REST port",
+                dwError);
+        dwError = 0;
+    }
 
 cleanup:
 
@@ -141,8 +148,11 @@ VMCAHttpServiceStartup()
 void
 VMCAHttpServiceShutdown()
 {
-    VmRESTStop();
-    VmRESTShutdown();
+    if (gpVMCARESTHandle)
+    {
+        VmRESTStop(gpVMCARESTHandle);
+        VmRESTShutdown(gpVMCARESTHandle);
+    }
 }
 #endif
 
@@ -186,13 +196,15 @@ main(
     BAIL_ON_VMCA_ERROR(dwError);
 
     VMCA_LOG_INFO("VM Certificate Service started.");
-#if 0
+
+#ifdef REST_ENABLED
 #ifndef _WIN32
     dwError = VMCAHttpServiceStartup();
     BAIL_ON_VMCA_ERROR(dwError);
     VMCA_LOG_INFO("VM Certificate ReST Protocol started.");
 #endif
 #endif
+
     PrintCurrentState();
 
     // interact with likewise service manager (start/stop control)
@@ -227,7 +239,7 @@ main(
 cleanup:
 
     VMCAShutdown();
-#if 0
+#ifdef REST_ENABLED
 #ifndef _WIN32
     VMCAHttpServiceShutdown();
 #endif
diff --git a/vmca/service/oidcutil.c b/vmca/service/oidcutil.c
index f22f83a60..67fbc2f59 100644
--- a/vmca/service/oidcutil.c
+++ b/vmca/service/oidcutil.c
@@ -47,9 +47,6 @@ VMCAVerifyOIDC(
         BAIL_ON_VMCA_ERROR(dwError);
     }
 
-    dwError = OidcClientGlobalInit();
-    BAIL_ON_VMCA_ERROR(dwError);
-
     dwError = VMCAGetTenantSigningCert(&pszSigningCertificatePEM);
     BAIL_ON_VMCA_ERROR(dwError);
 
@@ -94,11 +91,12 @@ VMCAGetTenantSigningCert(
     PSTR* ppszSigningCertPEM
     )
 {
-    DWORD dwError = 0;
+    DWORD   dwError = 0;
     POIDC_SERVER_METADATA pMetadata = NULL;
-    PCSTR pszServer = "localhost";
-    int nPortNumber = 443;
-    PSTR pszTenant = NULL;
+    PCSTR   pszServer = "localhost";
+    int     nPortNumber = 443;
+    PSTR    pszTenant = NULL;
+    PCSTR   pszSigningCertPEM = NULL;
 
     if (!ppszSigningCertPEM)
     {
@@ -112,10 +110,12 @@ VMCAGetTenantSigningCert(
                                 &pMetadata,
                                 pszServer,
                                 nPortNumber,
-                                pszTenant);
+                                pszTenant,
+                                NULL /* pszTlsCAPath: NULL means skip TLS validation, pass LIGHTWAVE_TLS_CA_PATH to turn on */);
     BAIL_ON_VMCA_ERROR(dwError);
 
-    *ppszSigningCertPEM = pMetadata->pszSigningCertificatePEM;
+    pszSigningCertPEM = OidcServerMetadataGetSigningCertificatePEM(pMetadata);
+    *ppszSigningCertPEM = (PSTR)pszSigningCertPEM;
 
 cleanup:
     return dwError;
diff --git a/vmca/service/prototypes.h b/vmca/service/prototypes.h
index e30ee5f52..349dda2f4 100644
--- a/vmca/service/prototypes.h
+++ b/vmca/service/prototypes.h
@@ -595,8 +595,25 @@ VMCAStopHeartbeat(
     PVMAFD_HB_HANDLE pHandle
     );
 
+DWORD
+VMCACopyExtensions(
+    X509 *pCertificate,
+    X509 *pCACertificate,
+    X509_REQ *pRequest
+    );
+
+DWORD
+VMCASignedRequestPrivate(
+    PVMCA_X509_CA pCA,
+    PSTR pszPKCS10Request,
+    PSTR *ppszCertificate,
+    time_t tmNotBefore,
+    time_t tmNotAfter
+    );
+
+#ifdef REST_ENABLED
+
 //vmcaHTTPCallback.c
-#if 0
 #ifndef _WIN32
 DWORD
 VMCARESTGetCRL(
@@ -695,7 +712,6 @@ VMCAFreeOIDC(
     PVMCA_ACCESS_TOKEN pAccessToken
     );
 
-
 #endif
 
 //restbasicauth.c
@@ -730,6 +746,7 @@ VOID
 VMCARESTFreeKrb(
     PVMCA_ACCESS_TOKEN pAccessToken
     );
+
 #endif
 
 #ifdef __cplusplus
diff --git a/vmca/service/state.c b/vmca/service/state.c
index 65567a756..d95630338 100644
--- a/vmca/service/state.c
+++ b/vmca/service/state.c
@@ -197,5 +197,3 @@ VMCASrvCleanupGlobalState(
     VMCA_UNLOCK_MUTEX(bLocked, &gVMCAServerGlobals.mutex);
 }
 
-
-
diff --git a/vmca/service/structs.h b/vmca/service/structs.h
index 88a91b184..9336385c9 100644
--- a/vmca/service/structs.h
+++ b/vmca/service/structs.h
@@ -110,6 +110,8 @@ typedef struct _VMCA_SERVER_GLOBALS
 
 } VMCA_SERVER_GLOBALS, *PVMCA_SERVER_GLOBALS;
 
+#ifdef REST_ENABLED
+
 typedef enum
 {
     VMCA_AUTHORIZATION_TYPE_UNDEFINED = 0,
@@ -117,7 +119,7 @@ typedef enum
     VMCA_AUTHORIZATION_TOKEN_TYPE_KRB,
     VMCA_AUTHORIZATION_TOKEN_TYPE_MAX
 } VMCA_AUTHORIZATION_TYPE;
-#if 0
+
 typedef struct _VMCA_AUTHORIZATION_PARAM
 {
     PSTR pszAuthorizationToken;
@@ -161,17 +163,11 @@ _VMCA_HTTP_REQ_OBJ {
     PSTR                            pszConnection;
     PSTR                            pszTransferEncoding;
     PSTR                            pszContentLength;
-    PSTR*                           pszPayload;
+    PSTR                            pszPayload;
     FILE*                           debugFile;
-    JSON_KEY_VALUE*                 params;
     PVMCA_ACCESS_TOKEN              pAccessToken;
 } VMCA_HTTP_REQ_OBJ, *PVMCA_HTTP_REQ_OBJ;
 
-typedef struct OIDC_SERVER_METADATA
-{
-    PSTRING pszTokenEndpointUrl;
-    PSTRING pszSigningCertificatePEM;
-} OIDC_SERVER_METADATA;
 #endif
 
 #ifdef _WIN32
diff --git a/vmca/service/utils.c b/vmca/service/utils.c
index ee29bc780..4eb74a87f 100644
--- a/vmca/service/utils.c
+++ b/vmca/service/utils.c
@@ -91,3 +91,392 @@ VMCAStopHeartbeat(
     }
 }
 
+static DWORD
+VMCASetCSRAuthorityInfoAccess(
+    STACK_OF(X509_EXTENSION) *pStack,
+    X509 *pCert,
+    X509 *pIssuer
+    )
+{
+    DWORD dwError = 0;
+    X509V3_CTX ctx;
+    X509_EXTENSION *pExtension = NULL;
+    PSTR pszIPAddress = NULL;
+    PSTR pszAIAString = NULL;
+
+    X509V3_set_ctx_nodb(&ctx);
+    X509V3_set_ctx(&ctx, pIssuer, pCert, NULL, NULL, 0);
+
+    dwError = VmAfdGetPNIDA(NULL, &pszIPAddress);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    dwError = VMCAAllocateStringPrintfA(
+                                &pszAIAString,
+                                "caIssuers;URI:https://%s/afd/vecs/ssl",
+                                pszIPAddress);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    pExtension = X509V3_EXT_conf_nid(
+                                NULL,
+                                &ctx,
+                                NID_info_access,
+                                (char*)pszAIAString);
+    if (pExtension == NULL)
+    {
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    sk_X509_EXTENSION_push(pStack, pExtension);
+error:
+    VMCA_SAFE_FREE_MEMORY(pszIPAddress);
+    VMCA_SAFE_FREE_MEMORY(pszAIAString);
+    return dwError;
+}
+
+static DWORD
+VMCASetAuthorityKeyIdentifier(
+    STACK_OF(X509_EXTENSION) *pStack,
+    X509 *pCert,
+    X509 *pIssuer
+    )
+{
+    DWORD dwError = 0;
+    X509V3_CTX ctx;
+    X509_EXTENSION *pExtension = NULL;
+
+    X509V3_set_ctx_nodb(&ctx);
+    X509V3_set_ctx(&ctx, pIssuer, pCert, NULL, NULL, 0);
+
+    pExtension = X509V3_EXT_conf_nid(
+                                NULL,
+                                &ctx,
+                                NID_authority_key_identifier,
+                                "keyid");
+    if (pExtension == NULL)
+    {
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    sk_X509_EXTENSION_push(pStack, pExtension);
+error:
+    return dwError;
+}
+
+DWORD
+VMCACopyExtensions(
+    X509 *pCertificate,
+    X509 *pCACertificate,
+    X509_REQ *pRequest
+    )
+{
+    DWORD dwError = 0;
+    STACK_OF(X509_EXTENSION) *pStack  = NULL;
+    X509_EXTENSION *pExtension = NULL;
+    int extCount = 0;
+    int Counter = 0;
+
+    pStack = X509_REQ_get_extensions(pRequest);
+    if(pStack == NULL) {
+        goto error; // nothing to do here, just get out
+    }
+
+    // Copy AuthorityKeyId from CA certificate
+    dwError = VMCASetAuthorityKeyIdentifier(pStack, pCertificate, pCACertificate);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    dwError = VMCASetCSRAuthorityInfoAccess(pStack, pCertificate, pCACertificate);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    extCount = sk_X509_EXTENSION_num(pStack);
+    for(Counter = 0; Counter < extCount; Counter ++)
+    {
+        pExtension = sk_X509_EXTENSION_value(pStack, Counter);
+
+        // TODO : Clean up the Extensions, and have
+        // Policy on duplicate extension ext.
+        // We should probably log all this information before
+        // returning the certificate too.
+
+        dwError = X509_add_ext(pCertificate, pExtension, -1);
+        BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_EXT_ERR);
+    }
+
+error:
+    if(pStack) {
+        sk_X509_EXTENSION_pop_free(pStack, X509_EXTENSION_free);
+    }
+    return dwError;
+}
+
+DWORD
+VMCASignedRequestPrivate(
+    PVMCA_X509_CA pCA,
+    PSTR pszPKCS10Request,
+    PSTR *ppszCertificate,
+    time_t tmNotBefore,
+    time_t tmNotAfter
+)
+// VMCASignedRequestPrivate takes and CSR and signs the request
+//
+//Arguments :
+//      pCA : The CA class that can sign the request
+//      pszPKCS19Request : The Request that needs to be signed
+//      ppszCertificate : Points to a PEM encoded Signed Cert
+//      tmNotBefore : A Valid Time String that indicates when the Certificate is Valid From
+//      tmNotAfter : The End of certificates validity
+// Returns :
+//  Error Code
+{
+    DWORD dwError = 0;
+    X509_REQ *pRequest = NULL;
+    EVP_PKEY *pPublicKey = NULL;
+    X509 *pCertificate = NULL;
+    X509_NAME *pSubjName = NULL;
+    X509_NAME *pCAName = NULL;
+    PSTR pszStartTime = NULL;
+    PSTR pszEndTime = NULL;
+    PSTR pTempCertString = NULL;
+    PSTR pTempCertChainString = NULL;
+    const EVP_MD *digest = EVP_sha256();
+    ASN1_INTEGER *aiSerial = NULL;
+    time_t tmNow = 0;
+
+    if  ( (pCA == NULL) ||
+          ( pszPKCS10Request == NULL ) ||
+          (ppszCertificate == NULL)) {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    dwError = VMCAPEMToCSR(pszPKCS10Request, &pRequest);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    if ((pPublicKey = X509_REQ_get_pubkey(pRequest)) == NULL )
+    {
+        VMCA_LOG_INFO("VMCASignedRequestPrivate: CSR does not have a public key");
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+    //
+    // Verify the Public Key is good and the signature is
+    // indeed for that key.
+    //
+    if (pPublicKey->type != EVP_PKEY_RSA ||
+        BN_num_bits(pPublicKey->pkey.rsa->n) < VMCA_MIN_CA_CERT_PRIV_KEY_LENGTH)
+    {
+        VMCA_LOG_INFO("VMCASignedRequestPrivate: Key length not supported");
+        dwError = VMCA_ERROR_INVALID_KEY_LENGTH;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    time(&tmNow);
+    if (tmNotBefore < (tmNow - VMCA_VALIDITY_SYNC_BACK_DATE))
+    {
+        VMCA_LOG_INFO("VMCASignedRequestPrivate: Invalid start date");
+        dwError = VMCA_INVALID_TIME_SPECIFIED;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if ((tmNotAfter - tmNotBefore) > VMCA_MAX_CERT_DURATION)      // 10. year
+    {
+        VMCA_LOG_INFO("VMCASignedRequestPrivate: Invalid validity period requested");
+        dwError = VMCA_INVALID_TIME_SPECIFIED;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    dwError = X509_REQ_verify(pRequest, pPublicKey);
+    BAIL_ON_SSL_ERROR(dwError, VMCA_INVALID_CSR_FIELD);
+
+    pSubjName = X509_REQ_get_subject_name(pRequest);
+    if( pSubjName == NULL)
+    {
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if ( X509_NAME_entry_count(pSubjName) == 0 )
+    {
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    pCertificate = X509_new();
+    if(pCertificate == NULL) {
+        dwError = VMCA_OUT_MEMORY_ERR;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    // VMCA Supports only X509V3 only
+    dwError = X509_set_version(pCertificate, 2);
+    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
+
+    aiSerial = ASN1_INTEGER_new();
+    if (aiSerial == NULL) {
+        dwError = VMCA_OUT_MEMORY_ERR;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    VMCAGenerateX509Serial(aiSerial);
+    X509_set_serialNumber(pCertificate,aiSerial);
+
+    dwError = X509_set_subject_name(pCertificate, pSubjName);
+    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
+
+    pCAName = X509_get_subject_name(pCA->pCertificate);
+    if ( pCAName == NULL) {
+        dwError = VMCA_CERT_IO_FAILURE;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    dwError = X509_set_issuer_name(pCertificate, pCAName);
+    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
+
+    dwError = X509_set_pubkey(pCertificate, pPublicKey);
+    BAIL_ON_SSL_ERROR(dwError, VMCA_CERT_IO_FAILURE);
+
+    if (X509_cmp_time(X509_get_notBefore(pCA->pCertificate), &tmNotBefore) >= 0)
+    {
+        VMCA_LOG_INFO("VMCASignedRequestPrivate: Invalid validity period requested");
+        dwError = VMCA_SSL_SET_START_TIME;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if (!ASN1_TIME_set(X509_get_notBefore(pCertificate), tmNotBefore)){
+        dwError = 0;
+        BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SET_START_TIME);
+    }
+
+    // If the request is beyond CA cert validity use CA cert validity
+    if (X509_cmp_time(X509_get_notAfter(pCA->pCertificate), &tmNotAfter) <= 0)
+    {
+        VMCA_LOG_INFO("VMCASignedRequestPrivate: Using CA certs not after field");
+        if(!ASN1_TIME_set_string(X509_get_notAfter(pCertificate),
+                                 X509_get_notAfter(pCA->pCertificate)->data))
+        {
+            dwError = 0;
+            BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SET_END_TIME);
+        }
+    }
+    else
+    {
+        if(!ASN1_TIME_set(X509_get_notAfter(pCertificate), tmNotAfter))
+        {
+            dwError = 0;
+            BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SET_END_TIME);
+        }
+    }
+
+    dwError = VMCACopyExtensions(pCertificate, pCA->pCertificate, pRequest);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    if (X509_check_ca(pCertificate))
+    {
+        VMCA_LOG_INFO("Request for a CA certificate is not allowed");
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if (((pCertificate->ex_flags & EXFLAG_KUSAGE) &&
+         (pCertificate->ex_kusage & KU_KEY_CERT_SIGN)))
+    {
+        VMCA_LOG_INFO("Request for a certificate signing cert is not allowed");
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if (((pCertificate->ex_flags & EXFLAG_KUSAGE) &&
+         (pCertificate->ex_kusage & KU_CRL_SIGN)))
+    {
+        VMCA_LOG_INFO("Request for a CRL signing cert is not allowed");
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if (((pCertificate->ex_flags & EXFLAG_KUSAGE) &&
+         (pCertificate->ex_kusage & KU_DATA_ENCIPHERMENT)))
+    {
+        VMCA_LOG_INFO("Request for a cert with data encryption key usage is not allowed");
+        dwError = VMCA_INVALID_CSR_FIELD;
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    dwError = VMCAVerifyCertificateName(pCertificate);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    dwError = VMCAVerifySubjectAltNames(pCertificate);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    dwError = X509_sign (pCertificate, pCA->pKey, digest);
+    BAIL_ON_SSL_ERROR(dwError, VMCA_SSL_SIGN_FAIL);
+
+    dwError = VMCACertToPEM(pCertificate, &pTempCertString);
+    BAIL_ON_VMCA_ERROR(dwError);
+
+    if (!VMCAIsSelfSignedCert(pCA->pCertificate))
+    {
+        dwError = VMCAAllocateStringPrintfA(
+                                            &pTempCertChainString,
+                                            "%s\n%s",
+                                            pTempCertString,
+                                            pCA->pszCertificate
+                                           );
+        BAIL_ON_VMCA_ERROR(dwError);
+    }
+
+    if (pTempCertChainString)
+    {
+        *ppszCertificate = pTempCertChainString;
+        pTempCertChainString = NULL;
+    }
+    else
+    {
+        *ppszCertificate = pTempCertString;
+        pTempCertString = NULL;
+    }
+
+cleanup:
+
+    if (pPublicKey != NULL)
+    {
+        EVP_PKEY_free(pPublicKey);
+    }
+
+    if (pRequest != NULL)
+    {
+        X509_REQ_free(pRequest);
+    }
+
+    if (pszStartTime != NULL)
+    {
+        VMCAFreeStringA(pszStartTime);
+    }
+
+    if (pszEndTime != NULL)
+    {
+        VMCAFreeStringA(pszEndTime);
+    }
+
+    if (pCertificate != NULL)
+    {
+        X509_free(pCertificate);
+    }
+
+    if (aiSerial != NULL)
+    {
+        ASN1_INTEGER_free(aiSerial);
+    }
+
+    VMCA_SAFE_FREE_MEMORY(pTempCertChainString);
+    VMCA_SAFE_FREE_STRINGA(pTempCertString);
+
+    return dwError;
+
+error:
+    if (ppszCertificate)
+    {
+        *ppszCertificate = NULL;
+    }
+    goto cleanup;
+}
diff --git a/vmca/service/vmcaHTTPCallBack.c b/vmca/service/vmcaHTTPCallBack.c
index f886afd98..ff3d04e15 100644
--- a/vmca/service/vmcaHTTPCallBack.c
+++ b/vmca/service/vmcaHTTPCallBack.c
@@ -633,7 +633,7 @@ VMCARESTAddRootCertificate(
     json_t *pJsonOverWrite = NULL;
 
 
-    dwError = VMCAConvertStringInputToJSON(*request.pszPayload, &pRoot);
+    dwError = VMCAConvertStringInputToJSON(request.pszPayload, &pRoot);
     BAIL_ON_VMREST_ERROR(dwError);
     pJsonCert = json_object_get(pRoot, VMCA_ADD_ROOT_PARAM_KEY_CERT);
     pJsonPriv = json_object_get(pRoot, VMCA_ADD_ROOT_PARAM_KEY_PRIVKEY);
@@ -778,7 +778,7 @@ VMCARESTGetSignedCertificate(
     json_t *pJsonDuration = NULL;
 
 
-    dwError = VMCAConvertStringInputToJSON(*request.pszPayload, &pRoot);
+    dwError = VMCAConvertStringInputToJSON(request.pszPayload, &pRoot);
     BAIL_ON_VMREST_ERROR(dwError);
 
     pJsonCSR = json_object_get(pRoot, VMCA_GET_SIGNED_CERT_PARAM_KEY_CSR);
@@ -846,7 +846,7 @@ VMCARESTRevokeCertificate(
     json_t *pRoot = NULL;
     json_t *pJsonCert = NULL;
 
-    dwError = VMCAConvertStringInputToJSON(*request.pszPayload, &pRoot);
+    dwError = VMCAConvertStringInputToJSON(request.pszPayload, &pRoot);
     BAIL_ON_VMCA_ERROR(dwError);
 
     pJsonCert = json_object_get(pRoot, VMCA_REVOKE_CERT_PARAM_KEY_CERT);
diff --git a/vmca/service/vmcaHTTPHandlers.c b/vmca/service/vmcaHTTPHandlers.c
index d9f82cf30..6f966c54b 100644
--- a/vmca/service/vmcaHTTPHandlers.c
+++ b/vmca/service/vmcaHTTPHandlers.c
@@ -18,51 +18,50 @@
 
 DWORD
 VMCARESTGetPayload(
-    PREST_REQUEST pRESTRequest,
-    VMCA_HTTP_REQ_OBJ* pVMCARequest
+    PVMREST_HANDLE      pRESTHandle,
+    PREST_REQUEST       pRESTRequest,
+    VMCA_HTTP_REQ_OBJ*  pVMCARequest
     )
 {
-    DWORD dwError = 0;
-    int buffersize = 4096;
-    int currentsize = 1;
-    char buffer[buffersize];
-    DWORD dwDoneWithPayload = 0;
-
-    HANDLE_NULL_PARAM(pVMCARequest, dwError);
-    BAIL_ON_VMCA_ERROR(dwError);
+    DWORD   dwError = 0;
+    DWORD   bytesRead = 0;
+    size_t  len = 0;
+    PSTR    pszPayload = NULL;
 
-    memset(buffer, '\0', buffersize);
-
-    while(dwDoneWithPayload != 1)
+    do
     {
-        dwError = VmRESTGetHttpPayload(
-                                pRESTRequest,
-                                buffer,
-                                &dwDoneWithPayload
-                                );
-        BAIL_ON_VMREST_ERROR(dwError);
-        if (strlen(buffer) > 0)
+        if (bytesRead || !pszPayload)
         {
-            currentsize += strlen(buffer);
             dwError = VMCAReallocateMemory(
-                                    (PVOID) *pVMCARequest->pszPayload,
-                                    (PVOID*) pVMCARequest->pszPayload,
-                                    currentsize
-                                    );
-            BAIL_ON_VMREST_ERROR(dwError);
-            strcat(*pVMCARequest->pszPayload, buffer);
+                    (PVOID)pszPayload,
+                    (PVOID*)&pszPayload,
+                    len + VMCARESTMAXPAYLOADLENGTH + 1);    // +1 for NULL char
+            BAIL_ON_VMCA_ERROR(dwError);
         }
-        memset(buffer, '\0', buffersize);
+
+        bytesRead = 0;
+        dwError = VmRESTGetData(
+                pRESTHandle,
+                pRESTRequest,
+                pszPayload + len,
+                &bytesRead);
+
+        len += bytesRead;
     }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMCA_ERROR(dwError);
 
-cleanup:
+    pszPayload[len] = 0;
+
+    pVMCARequest->pszPayload = pszPayload;
+    pszPayload = NULL;
 
+cleanup:
+    VMCA_SAFE_FREE_MEMORY(pszPayload);
     return dwError;
 
 error:
-
     goto cleanup;
-
 }
 
 DWORD
@@ -522,68 +521,50 @@ VMCARESTSetResponseHeaders(
 
 DWORD
 VMCARESTSetResponsePayload(
+    PVMREST_HANDLE  pRESTHandle,
     PREST_RESPONSE* ppResponse,
-    PSTR pszResponsePayload
+    PSTR            pszRespPayload
     )
 {
-    DWORD dwError = 0;
-    DWORD temp = 0;
-    int nBuffersize = 4096;
-    int nSizeSent = 0;
-    int nSizeRemaining = 0;
-    int nToSend = 0;
-
-    dwError = VmRESTSetHttpHeader(
-                            ppResponse,
-                            "Transfer-Encoding",
-                            "chunked"
-                            );
-    BAIL_ON_VMREST_ERROR(dwError);
+    DWORD   dwError = 0;
+    DWORD   bytesWritten = 0;
+    PSTR    pszPyldLen = NULL;
+    size_t  pyldLen = 0;
+    size_t  sentLen = 0;
 
-    if (strlen(pszResponsePayload) < nBuffersize)
-    {
-        dwError = VmRESTSetHttpPayload(
-                                ppResponse,
-                                pszResponsePayload,
-                                strlen(pszResponsePayload),
-                                &temp
-                                );
-        BAIL_ON_VMREST_ERROR(dwError);
-    } else
-    {
-        nSizeRemaining = strlen(pszResponsePayload);
-        while (nSizeRemaining > 0)
-        {
-            nSizeSent = strlen(pszResponsePayload) - nSizeRemaining;
-            nToSend = (nSizeRemaining < nBuffersize) ? nSizeRemaining : nBuffersize;
-            dwError = VmRESTSetHttpPayload(
-                                    ppResponse,
-                                    pszResponsePayload + nSizeSent,
-                                    nToSend,
-                                    &temp
-                                    );
-            BAIL_ON_VMREST_ERROR(dwError);
-            nSizeRemaining -= nToSend;
-        }
+    pyldLen = VMCAStringLenA(VMCA_SAFE_STRING(pszRespPayload));
 
-    }
-    dwError = VmRESTSetHttpPayload(
-                            ppResponse,
-                            "\n\n",
-                            2,
-                            &temp
-                            );
+    dwError = VMCAAllocateStringPrintfA(&pszPyldLen, "%ld", pyldLen);
     BAIL_ON_VMREST_ERROR(dwError);
-    dwError = VmRESTSetHttpPayload(ppResponse, "0",0, &temp );
+
+    dwError = VmRESTSetDataLength(
+            ppResponse,
+            pyldLen > VMCARESTMAXPAYLOADLENGTH ? NULL : pszPyldLen);
     BAIL_ON_VMREST_ERROR(dwError);
 
+    do
+    {
+        size_t chunkLen = pyldLen > VMCARESTMAXPAYLOADLENGTH ?
+                VMCARESTMAXPAYLOADLENGTH : pyldLen;
+
+        dwError = VmRESTSetData(
+                pRESTHandle,
+                ppResponse,
+                VMCA_SAFE_STRING(pszRespPayload) + sentLen,
+                chunkLen,
+                &bytesWritten);
+
+        sentLen += bytesWritten;
+        pyldLen -= bytesWritten;
+    }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMREST_ERROR(dwError);
 
 cleanup:
-
+    VMCA_SAFE_FREE_MEMORY(pszPyldLen);
     return dwError;
 
 error:
-
     goto cleanup;
 }
 
@@ -596,9 +577,10 @@ Content-Length: 20
 
 uint32_t
 VMCARESTRequestNegotiateAuth(
-    PREST_REQUEST pRequest,
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
     PREST_RESPONSE* ppResponse,
-    const char* pszToken
+    const char*     pszToken
     )
 {
     uint32_t dwError = 0;
@@ -611,16 +593,17 @@ VMCARESTRequestNegotiateAuth(
     dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
     dwError = VmRESTSetHttpHeader(ppResponse, "Content-Length", "0");
     dwError = VmRESTSetHttpHeader(ppResponse, "WWW-Authenticate", (char *)pszNegotiate);
-    dwError = VmRESTSetHttpPayload(ppResponse,"", 0, &temp );
+    dwError = VmRESTSetData(pRESTHandle, ppResponse, "", 0, &temp);
     dwError = EACCES;
     return dwError;
 }
 
 DWORD
 VMCAHandleHttpRequest(
-    PREST_REQUEST pRESTRequest,
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
     PREST_RESPONSE* ppResponse,
-    uint32_t paramsCount
+    uint32_t        paramsCount
     )
 {
     DWORD dwError = 0;
@@ -628,20 +611,14 @@ VMCAHandleHttpRequest(
     PSTR pszResponsePayload = NULL;
     VMCA_HTTP_REQ_OBJ* pVMCARequest = NULL;
 
-    dwError = VMCARESTParseHttpHeader(pRESTRequest, &pVMCARequest);
+    dwError = VMCARESTParseHttpHeader(pRequest, &pVMCARequest);
     BAIL_ON_VMREST_ERROR(dwError);
 
-    dwError = VMCAAllocateMemory(
-                            sizeof(char*),
-                            (PVOID*) &pVMCARequest->pszPayload
-                            );
-    BAIL_ON_VMREST_ERROR(dwError);
-
-    dwError = VMCARESTGetPayload(pRESTRequest, pVMCARequest);
+    dwError = VMCARESTGetPayload(pRESTHandle, pRequest, pVMCARequest);
     BAIL_ON_VMREST_ERROR(dwError);
 
     dwError = VMCARESTExecuteHttpURI(
-                                pRESTRequest,
+                                pRequest,
                                 pVMCARequest,
                                 &pszStatusCode,
                                 &pszResponsePayload
@@ -651,7 +628,8 @@ VMCAHandleHttpRequest(
     dwError = VMCARESTSetResponseHeaders(ppResponse, pszStatusCode);
     BAIL_ON_VMREST_ERROR(dwError);
 
-    dwError = VMCARESTSetResponsePayload(ppResponse, pszResponsePayload);
+    dwError = VMCARESTSetResponsePayload(
+            pRESTHandle, ppResponse, pszResponsePayload);
     BAIL_ON_VMREST_ERROR(dwError);
 
 cleanup:
@@ -668,7 +646,8 @@ VMCAHandleHttpRequest(
 error:
     if (dwError == EACCES)
     {
-        dwError = VMCARESTRequestNegotiateAuth(pRESTRequest, ppResponse, NULL);
+        dwError = VMCARESTRequestNegotiateAuth(
+                pRESTHandle, pRequest, ppResponse, NULL);
     }
 
     goto cleanup;
diff --git a/vmca/test/Makefile.am b/vmca/test/Makefile.am
index 092956168..6316afc6a 100644
--- a/vmca/test/Makefile.am
+++ b/vmca/test/Makefile.am
@@ -13,11 +13,11 @@ vmca_test_SOURCES = \
     API_test.cpp
 
 vmca_test_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/idl \
-    -I$(top_srcdir)/common \
-    -I$(top_srcdir)/test \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
+    -I$(top_srcdir)/vmca/idl \
+    -I$(top_srcdir)/vmca/common \
+    -I$(top_srcdir)/vmca/test \
     @BOOST_INCLUDES@ \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
@@ -25,8 +25,8 @@ vmca_test_CPPFLAGS = \
 vmca_test_LDADD = \
     ${GOBUILD_BOOST1470_LIN64_GCC412_ROOT}/lib/libboost_unit_test_framework-gcc41-mt-1_47.a \
     ${GOBUILD_BOOST1470_LIN64_GCC412_ROOT}/lib/libboost_chrono-gcc41-mt-1_47.a \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmcaclient.la \
+    $(top_builddir)/vmca/common/libcommon.la \
+    $(top_builddir)/vmca/client/libvmcaclient.la \
     @BOOST_LIBS@  \
     @DL_LIBS@  \
     @PTHREAD_LIBS@ \
@@ -49,8 +49,3 @@ vmca_test_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@ \
     -ggdb 
-
-
-
-
-
diff --git a/vmca/vmcadb/Makefile.am b/vmca/vmcadb/Makefile.am
index f66ccf2fa..1d842b289 100644
--- a/vmca/vmcadb/Makefile.am
+++ b/vmca/vmcadb/Makefile.am
@@ -3,8 +3,8 @@ noinst_LTLIBRARIES = libvmcadb.la
 
 libvmcadb_la_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmca/include \
+    -I$(top_srcdir)/vmca/include/public \
     @SQLITE_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -18,7 +18,7 @@ libvmcadb_la_SOURCES = \
     libmain.c
 
 libvmcadb_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+    @top_builddir@/vmca/common/libcommon.la \
     @SQLITE_LIBS@ \
     @LWBASE_LIBS@ \
     @PTHREAD_LIBS@ \
@@ -33,5 +33,3 @@ libvmcadb_la_LDFLAGS = \
     -static \
     @LDAP_LDFLAGAS@ \
     @OPENSSL_LDFLAGS@
-    
-
diff --git a/vmca/vmcadb/certificate.c b/vmca/vmcadb/certificate.c
index fdf2b5795..cad71eda5 100644
--- a/vmca/vmcadb/certificate.c
+++ b/vmca/vmcadb/certificate.c
@@ -726,7 +726,7 @@ VmcaDbQueryAllCertificates(
 static
 PCSTR VMCAGetDbEnumQuery(DWORD dwStatus)
 {
-    PCSTR szQuery;
+    PCSTR szQuery = NULL;
     if (dwStatus == VMCA_DB_CERTIFICATE_STATUS_ALL)
     {
         szQuery=
diff --git a/vmdir/Makefile.am b/vmdir/Makefile.am
index 94e496071..77b5f47c8 100644
--- a/vmdir/Makefile.am
+++ b/vmdir/Makefile.am
@@ -11,7 +11,6 @@ SUBDIRS = \
 if ENABLE_SERVER
 
 SUBDIRS += \
-   kdccommon \
     server \
     tools \
     config \
diff --git a/vmdir/build/Makefile.bootstrap b/vmdir/build/Makefile.bootstrap
index 8c1677c89..afe4e986c 100644
--- a/vmdir/build/Makefile.bootstrap
+++ b/vmdir/build/Makefile.bootstrap
@@ -50,7 +50,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/include/config.h.in* \
     $(SRCROOT)/install-sh \
     $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
+    $(SRCROOT)/missing \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=vmware-directory.spec
 
diff --git a/vmdir/build/package/rpm/vmware-directory.spec b/vmdir/build/package/rpm/vmware-directory.spec
deleted file mode 100644
index 0fe96fa9a..000000000
--- a/vmdir/build/package/rpm/vmware-directory.spec
+++ /dev/null
@@ -1,466 +0,0 @@
-Name:    vmware-directory
-Summary: Directory Service
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.11, vmware-directory-client = %{version}
-BuildRequires:  coreutils >= 8.22, openssl-devel >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open-devel >= 6.2.11, vmware-event-devel >= %{_vmevent_ver}
-
-%if 0%{?_sasl_prefix:1} == 0
-%define _sasl_prefix /usr
-%endif
-
-%if 0%{?_krb5_prefix:1} == 0
-%define _krb5_prefix /usr
-%endif
-
-%if 0%{?_likewise_open_prefix:1} == 0
-%define _likewise_open_prefix /opt/likewise
-%endif
-
-%define _likewise_open_bindir %{_likewise_open_prefix}/bin
-%define _likewise_open_sbindir %{_likewise_open_prefix}/sbin
-
-%if 0%{?_vmevent_prefix:1} == 0
-%define _vmevent_prefix /opt/vmware
-%endif
-
-%if 0%{?_trident_prefix:1} == 0
-%define _trident_prefix /opt/vmware
-%endif
-
-%if 0%{?_jansson_prefix:1} == 0
-%define _jansson_prefix /usr
-%endif
-
-%if 0%{?_copenapi_prefix:1} == 0
-%define _copenapi_prefix /usr
-%endif
-
-%if 0%{?_oidc_prefix:1} == 0
-%define _oidc_prefix /opt/vmware
-%endif
-
-%if 0%{?_ssocommon_prefix:1} == 0
-%define _ssocommon_prefix /opt/vmware
-%endif
-
-%define _dbdir %{_localstatedir}/lib/vmware/vmdir
-%define _sasl2dir %{_sasl_prefix}/lib64/sasl2
-%define _krb5_lib_dir %{_krb5_prefix}/lib64
-%define _krb5_gss_conf_dir /etc/gss
-%define _logconfdir /etc/syslog-ng/lightwave.conf.d
-
-%description
-VMware Directory Service
-
-%package client
-Summary: VMware Directory Client
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10
-%description client
-Client libraries to communicate with Directory Service
-
-%package client-devel
-Summary: VMware Directory Client Development Library
-Requires: vmware-directory-client = %{version}
-%description client-devel
-Development Libraries to communicate with Directory Service
-
-%build
-export CFLAGS="-Wall -Werror -Wno-unused-but-set-variable -Wno-pointer-sign -Wimplicit-function-declaration -Wno-address -Wno-enum-compare"
-cd build
-autoreconf -mif ..
-../configure \
-    --prefix=%{_prefix} \
-    --libdir=%{_lib64dir} \
-    --localstatedir=%{_localstatedir}/lib/vmware/vmdir \
-    --with-likewise=%{_likewise_open_prefix} \
-    --with-ssl=/usr \
-    --with-sasl=%{_sasl_prefix} \
-    --with-datastore=mdb \
-    --with-vmevent=%{_vmevent_prefix} \
-    --with-trident=%{_trident_prefix} \
-    --with-jansson=%{_jansson_prefix} \
-    --with-copenapi=%{_copenapi_prefix} \
-    --with-oidc=%{_oidc_prefix} \
-    --with-ssocommon=%{_ssocommon_prefix} \
-    --enable-server=yes \
-    --with-logdir=%{_logdir} \
-    --with-version=%{_version} \
-    --enable-lightwave-build=yes
-
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=$RPM_BUILD_ROOT
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl start lwsmd
-        fi
-    fi
-
-%pre client
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl start lwsmd
-        fi
-    fi
-
-%post
-
-    /sbin/ldconfig
-
-    /bin/mkdir -m 700 -p %{_dbdir}
-
-    if [ -a %{_sasl2dir}/vmdird.conf ]; then
-        /bin/rm %{_sasl2dir}/vmdird.conf
-    fi
-
-    # add vmdird.conf to sasl2 directory
-    /bin/ln -s %{_datadir}/config/saslvmdird.conf %{_sasl2dir}/vmdird.conf
-
-    /bin/mkdir -m 755 -p %{_logconfdir}
-    if [ -a %{_logconfdir}/vmdird-syslog-ng.conf ]; then
-        /bin/rm %{_logconfdir}/vmdird-syslog-ng.conf
-    fi
-    /bin/ln -s %{_datadir}/config/vmdird-syslog-ng.conf %{_logconfdir}/vmdird-syslog-ng.conf
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-                sleep 2
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;         
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdir.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-                sleep 2
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%post client
-    /bin/mkdir -m 755 -p %{_logdir}
-
-    # add libgssapi_srp.so to GSSAPI plugin directory
-    if [ ! -h %{_krb5_lib_dir}/gss/libgssapi_srp.so ]; then
-        /bin/ln -s %{_lib64dir}/libgssapi_srp.so %{_krb5_lib_dir}/gss/libgssapi_srp.so
-    fi
-
-    # Add GSSAPI SRP plugin configuration to GSS mech file
-    if [ -f %{_krb5_gss_conf_dir}/mech ]; then
-        if [ `grep -c  "1.2.840.113554.1.2.10" %{_krb5_gss_conf_dir}/mech` -lt 1 ]; then
-            echo "srp  1.2.840.113554.1.2.10 libgssapi_srp.so" >> %{_krb5_gss_conf_dir}/mech
-        fi
-    fi
-
-    # Restore commented out NTLM mech oid if found
-    if [ `grep -c  "#ntlm " %{_krb5_gss_conf_dir}/mech` -ge 1 ]; then
-        /bin/mv %{_krb5_gss_conf_dir}/mech %{_krb5_gss_conf_dir}/mech-$$
-        /bin/cat %{_krb5_gss_conf_dir}/mech-$$ | sed 's|^#ntlm|ntlm|' > %{_krb5_gss_conf_dir}/mech
-        if [ -s %{_krb5_gss_conf_dir}/mech ]; then
-            /bin/rm %{_krb5_gss_conf_dir}/mech-$$
-        fi
-    fi
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir-client.reg
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir-client.reg
-                if [ $started_lwregd = true ]; then
-                    kill `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;         
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdir-client.reg
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdir-client.reg
-                if [ $started_lwregd = true ]; then
-                    kill `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            %{_likewise_open_bindir}/lwsm info vmdir > /dev/null 2>&1
-            if [ $? -eq 0 ]; then
-                %{_likewise_open_bindir}/lwsm stop vmdir
-                %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmdir'
-                /bin/systemctl restart lwsmd
-                %{_likewise_open_bindir}/lwsm autostart
-            fi
-
-            ;;
-    esac
-
-%preun client
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            # Cleanup GSSAPI SRP symlink
-            if [ -h %{_krb5_lib_dir}/gss/libgssapi_srp.so ]; then
-                /bin/rm -f %{_krb5_lib_dir}/gss/libgssapi_srp.so
-            fi
-
-            # Remove GSSAPI SRP Plugin configuration from GSS mech file
-            if [ -f %{_krb5_gss_conf_dir}/mech ]; then
-                if [ `grep -c "1.2.840.113554.1.2.10" %{_krb5_gss_conf_dir}/mech` -gt 0 ]; then
-                    /bin/cat %{_krb5_gss_conf_dir}/mech | sed '/1.2.840.113554.1.2.10/d' > "/tmp/mech-$$"
-                    if [ -s /tmp/mech-$$ ]; then
-                        /bin/mv "/tmp/mech-$$" %{_krb5_gss_conf_dir}/mech
-                    fi
-                fi
-            fi
-
-            ;;
-    esac
-
-%postun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    /sbin/ldconfig
-
-    if [ -a %{_sasl2dir}/vmdird.conf ]; then
-        /bin/rm %{_sasl2dir}/vmdird.conf
-    fi
-
-    if [ "$1" = "0" ]; then
-        echo "Existing database files kept at [%{_dbdir}]."
-    fi
-
-%postun client
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-#    case "$1" in
-#        0)
-#            %{_likewise_open_bindir}/lwregshell delete_tree 'HKEY_THIS_MACHINE\Services\vmdir'
-#            ;;
-#    esac
-
-%files
-%defattr(-,root,root)
-%{_sbindir}/*
-%{_bindir}/vdcadmintool
-%{_bindir}/vdcbackup
-%{_bindir}/vdcleavefed
-%{_bindir}/vdcpass
-%{_bindir}/vdcrepadmin
-%{_bindir}/vdcsetupldu
-%{_bindir}/vdcsrp
-%{_bindir}/unix_srp
-%{_bindir}/vdcupgrade
-%{_bindir}/vmkdc_admin
-%{_bindir}/vdcmetric
-%{_bindir}/vdcschema
-%{_bindir}/vmdir_upgrade.sh
-%{_bindir}/vdcresetMachineActCred
-%{_lib64dir}/libkrb5crypto.so*
-%{_lib64dir}/sasl2/libsaslvmdirdb.so*
-%{_lib64dir}/libvmkdcserv.so*
-%{_datadir}/config/saslvmdird.conf
-%{_datadir}/config/vmdir.reg
-%{_datadir}/config/vmdirschema.ldif
-%{_datadir}/config/vmdird-syslog-ng.conf
-%{_datadir}/config/vmdir-rest.json
-
-%files client
-%defattr(-,root,root)
-%{_bindir}/vdcaclmgr
-%{_datadir}/config/vmdir-client.reg
-%{_lib64dir}/libvmdirclient.so*
-%{_lib64dir}/libcsrp.so*
-%{_lib64dir}/libgssapi_ntlm.so*
-%{_lib64dir}/libgssapi_srp.so*
-%{_lib64dir}/libgssapi_unix.so*
-
-%files client-devel
-%defattr(-,root,root)
-%{_includedir}/vmdir.h
-%{_includedir}/vmdirauth.h
-%{_includedir}/vmdirclient.h
-%{_includedir}/vmdirerrors.h
-%{_includedir}/vmdirtypes.h
-%{_lib64dir}/libvmdirclient.a
-%{_lib64dir}/libvmdirclient.la
-%{_lib64dir}/libcsrp.a
-%{_lib64dir}/libcsrp.la
-%{_lib64dir}/libgssapi_ntlm.a
-%{_lib64dir}/libgssapi_ntlm.la
-%{_lib64dir}/libgssapi_srp.a
-%{_lib64dir}/libgssapi_srp.la
-%{_lib64dir}/libgssapi_unix.a
-%{_lib64dir}/libgssapi_unix.la
-
-%exclude %{_bindir}/vdcpromo
-%exclude %{_bindir}/vmdirclienttest
-%exclude %{_lib64dir}/libcommonunittests.a
-%exclude %{_lib64dir}/libcommonunittests.la
-%exclude %{_lib64dir}/libcommonunittests.so
-%exclude %{_lib64dir}/libcommonunittests.so.0
-%exclude %{_lib64dir}/libcommonunittests.so.0.0.0
-%exclude %{_lib64dir}/libmisctests.a
-%exclude %{_lib64dir}/libmisctests.la
-%exclude %{_lib64dir}/libmisctests.so
-%exclude %{_lib64dir}/libmisctests.so.0
-%exclude %{_lib64dir}/libmisctests.so.0.0.0
-%exclude %{_lib64dir}/libmultitenancytests.a
-%exclude %{_lib64dir}/libmultitenancytests.la
-%exclude %{_lib64dir}/libmultitenancytests.so
-%exclude %{_lib64dir}/libmultitenancytests.so.0
-%exclude %{_lib64dir}/libmultitenancytests.so.0.0.0
-%exclude %{_lib64dir}/libpasswordapistests.a
-%exclude %{_lib64dir}/libpasswordapistests.la
-%exclude %{_lib64dir}/libpasswordapistests.so
-%exclude %{_lib64dir}/libpasswordapistests.so.0
-%exclude %{_lib64dir}/libpasswordapistests.so.0.0.0
-%exclude %{_lib64dir}/libsearchtests.a
-%exclude %{_lib64dir}/libsearchtests.la
-%exclude %{_lib64dir}/libsearchtests.so
-%exclude %{_lib64dir}/libsearchtests.so.0
-%exclude %{_lib64dir}/libsearchtests.so.0.0.0
-%exclude %{_lib64dir}/libsecuritydescriptortests.a
-%exclude %{_lib64dir}/libsecuritydescriptortests.la
-%exclude %{_lib64dir}/libsecuritydescriptortests.so
-%exclude %{_lib64dir}/libsecuritydescriptortests.so.0
-%exclude %{_lib64dir}/libsecuritydescriptortests.so.0.0.0
-
-%exclude %{_lib64dir}/libkrb5crypto.a
-%exclude %{_lib64dir}/libkrb5crypto.la
-%exclude %{_lib64dir}/sasl2/libsaslvmdirdb.a
-%exclude %{_lib64dir}/sasl2/libsaslvmdirdb.la
-%exclude %{_lib64dir}/libvmkdcserv.a
-%exclude %{_lib64dir}/libvmkdcserv.la
-
-# %doc ChangeLog README COPYING
-
-%changelog
-
diff --git a/vmdir/client/Makefile.am b/vmdir/client/Makefile.am
index 6cc7d54e2..9513feee7 100644
--- a/vmdir/client/Makefile.am
+++ b/vmdir/client/Makefile.am
@@ -1,10 +1,10 @@
 lib_LTLIBRARIES = libvmdirclient.la
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmdir/idl
 
 libvmdirclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
@@ -18,6 +18,7 @@ libvmdirclient_la_SOURCES = \
     ldaputil.c \
     libmain.c \
     pnid.c \
+    redundancy.c\
     registry.c \
     repadmin.c \
     replication.c \
@@ -35,7 +36,7 @@ libvmdirclient_la_SOURCES = \
     vmdirsuperlog_cstub.c
 
 libvmdirclient_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+    @top_builddir@/vmdir/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -51,7 +52,7 @@ libvmdirclient_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libvmdirclient_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/client/libvmdirclient.exp \
+    -export-symbols @top_srcdir@/vmdir/client/libvmdirclient.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
@@ -88,4 +89,4 @@ srp_verifier_h.h srp_verifier_cstub.c: $(idl_srcdir)/srp_verifier.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header srp_verifier_h.h -sstub_pref Srv_ -I$(idl_srcdir) $<
 
 vmdirsuperlog_h.h vmdirsuperlog_cstub.c: $(idl_srcdir)/vmdirsuperlog.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/vmdir/include/public $<
diff --git a/vmdir/client/client.c b/vmdir/client/client.c
old mode 100644
new mode 100755
index aadd0e5a5..549051aaf
--- a/vmdir/client/client.c
+++ b/vmdir/client/client.c
@@ -154,7 +154,7 @@ VmDirRefreshActPassword(
                                  pszActPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN( pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN( pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf( &pszPolicyDN,
@@ -684,7 +684,7 @@ VmDirSetupHostInstanceEx(
 
     if (!IsNullOrEmptyString(pszPartnerHostName))
     {
-        dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+        dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         if ( VmDirIsIPV6AddrFormat( pszPartnerHostName ) )
@@ -770,6 +770,12 @@ VmDirSetupHostInstance(
     PSTR    pszLotusServerNameCanon = NULL;
     int     err = 0;
     int     i = 0;
+    PVM_DIR_CONNECTION pIPCConnection = NULL;
+
+    if (VmDirOpenClientConnection(&pIPCConnection) != 0)
+    {   // VMDIR is not listen on IPC port
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+    }
 
     // Generate an initial DC account password and store it in the registry.
 
@@ -835,6 +841,7 @@ VmDirSetupHostInstance(
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY( pszLotusServerNameCanon );
+    VmDirCloseClientConnection(pIPCConnection);
     return dwError;
 
 error:
@@ -906,6 +913,7 @@ VmDirJoin(
     DWORD   dwHighWatermark = 0;
     LDAP*   pLd = NULL;
     PVMDIR_REPL_STATE pReplState = NULL;
+    PVM_DIR_CONNECTION pIPCConnection = NULL;
 
     if (IsNullOrEmptyString(pszUserName) ||
         IsNullOrEmptyString(pszPassword) ||
@@ -915,6 +923,11 @@ VmDirJoin(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    if (VmDirOpenClientConnection(&pIPCConnection) != 0)
+    {   // VMDIR is not listen on IPC port
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+    }
+
     // Determine the name of lotus server
     dwError = VmDirGetLotusServerName( pszLotusServerName ? pszLotusServerName : "localhost",
                                        &pszLotusServerNameCanon );
@@ -1056,6 +1069,7 @@ VmDirJoin(
         ldap_unbind_ext_s(pLd, NULL, NULL);
     }
     VmDirFreeReplicationStateInternal(pReplState);
+    VmDirCloseClientConnection(pIPCConnection);
     return dwError;
 
 error:
@@ -2504,13 +2518,9 @@ VmDirGetReplicationPartners(
     DWORD*              pdwNumReplPartner    // output
 )
 {
-    DWORD       dwError                 = 0;
-    DWORD       i                       = 0;
+    DWORD   dwError = 0;
+    LDAP*   pLd     = NULL;
     PSTR        pszDomain               = NULL;
-    LDAP*       pLd                     = NULL;
-    DWORD       dwInfoCount             = 0;
-    PREPLICATION_INFO pReplicationInfo  = NULL;
-    PVMDIR_REPL_PARTNER_INFO pReplPartnerInfo = NULL;
     PSTR        pszServerName = NULL;
 
     // parameter check
@@ -2545,11 +2555,60 @@ VmDirGetReplicationPartners(
                             pszPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirGetReplicationPartnersByPLd(
+                        pszServerName,
+                        pszDomain,
+                        pLd,
+                        ppReplPartnerInfo,
+                        pdwNumReplPartner);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+    VMDIR_SAFE_FREE_MEMORY(pszServerName);
+    VmDirLdapUnbind(&pLd);
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "VmDirGetReplicationPartners failed, Error[%d]\n",
+            dwError
+            );
+    goto cleanup;
+}
+DWORD
+VmDirGetReplicationPartnersByPLd(
+    PCSTR               pszServerName,
+    PCSTR               pszDomainName,
+    LDAP*               pLd,
+    PVMDIR_REPL_PARTNER_INFO*  ppReplPartnerInfo,   // output
+    DWORD*              pdwNumReplPartner    // output
+)
+{
+    DWORD       dwError                 = 0;
+    DWORD       i                       = 0;
+    DWORD       dwInfoCount             = 0;
+    PREPLICATION_INFO pReplicationInfo  = NULL;
+    PVMDIR_REPL_PARTNER_INFO pReplPartnerInfo = NULL;
+
+    // parameter check
+    if (
+            IsNullOrEmptyString (pszServerName) ||
+            IsNullOrEmptyString (pszDomainName) ||
+            pLd                 == NULL         ||
+            pdwNumReplPartner   == NULL         ||
+            ppReplPartnerInfo   == NULL
+       )
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
     //get replication agreement info for replication LDUs
     dwError = VmDirGetReplicationInfo(
                             pLd,
                             pszServerName,
-                            pszDomain,
+                            pszDomainName,
                             &pReplicationInfo,
                             &dwInfoCount);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -2581,22 +2640,14 @@ VmDirGetReplicationPartners(
     *ppReplPartnerInfo = pReplPartnerInfo;
 
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomain);
-    VMDIR_SAFE_FREE_MEMORY(pszServerName);
     VMDIR_SAFE_FREE_MEMORY(pReplicationInfo);
 
-    // unbind
-    if (pLd)
-    {
-        ldap_unbind_ext_s(pLd, NULL, NULL);
-    }
-
     return dwError;
 
 error:
     VMDIR_LOG_ERROR(
             VMDIR_LOG_MASK_ALL,
-            "VmDirGetReplicationPartners failed, Error[%d]\n",
+            "VmDirGetReplicationPartnersByPLd failed, Error[%d]\n",
             dwError
             );
 
@@ -4650,6 +4701,62 @@ _VmDirFindAllReplPartnerHost(
     goto cleanup;
 }
 
+DWORD
+VmDirFindAllReplPartnerHostByPLd(
+    PCSTR   pszServerName,
+    PCSTR   pszDomainName,
+    LDAP*   pLd,
+    PSTR**  pppszPartnerHost,
+    DWORD*  pdwSize
+    )
+{
+    DWORD   dwError = 0;
+    PSTR*   ppszPartnerHost = NULL;
+    DWORD   dwNumReplPartner=0;
+    DWORD   dwCnt=0;
+
+    PVMDIR_REPL_PARTNER_INFO    pReplPartnerInfo = NULL;
+
+    dwError = VmDirGetReplicationPartnersByPLd(
+                                pszServerName,
+                                pszDomainName,
+                                pLd,
+                                &pReplPartnerInfo,
+                                &dwNumReplPartner);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (dwNumReplPartner > 0)
+    {
+        dwError = VmDirAllocateMemory(dwNumReplPartner * sizeof(PSTR), (PVOID)&ppszPartnerHost);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (dwCnt=0; dwCnt < dwNumReplPartner; dwCnt++)
+        {
+            dwError = VmDirReplURIToHostname(pReplPartnerInfo[dwCnt].pszURI, &(ppszPartnerHost[dwCnt]));
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *pppszPartnerHost = ppszPartnerHost;
+    *pdwSize = dwNumReplPartner;
+    ppszPartnerHost = NULL;
+
+cleanup:
+    for (dwCnt=0; dwCnt < dwNumReplPartner; dwCnt++)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo[dwCnt].pszURI);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pReplPartnerInfo);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s failed (%u)", __FUNCTION__, dwError);
+    VmDirFreeStringArray(ppszPartnerHost, dwNumReplPartner);
+
+    goto cleanup;
+}
+
 /*
  *  Delete all replication agreements that has pszHost as partner
  */
@@ -5963,3 +6070,259 @@ VmDirUrgentReplicationResponse(
 {
    return VMDIR_ERROR_DEPRECATED_FUNCTION;
 }
+
+/*
+ * API Exposed for HA Topology Management
+ */
+
+DWORD
+VmDirGetCurrentTopologyAtSite(
+    PCSTR                           pszUserName,
+    PCSTR                           pszPassword,
+    PCSTR                           pszHostName,
+    PCSTR                           pszSiteName,
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    )
+{
+    DWORD   dwError = 0;
+
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology = NULL;
+
+    if (IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        IsNullOrEmptyString(pszHostName) ||
+        IsNullOrEmptyString(pszSiteName) ||
+        !ppCurTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s", __FUNCTION__);
+    VMDIR_LOG_DEBUG( VMDIR_LOG_MASK_ALL, "SiteName is %s",pszSiteName);
+
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+    // printf( "SiteName is %s \n", pszSiteName); // For Debugging till final check-in
+
+    dwError = VmDirGetIntraSiteTopology(
+                        pszUserName,
+                        pszPassword,
+                        pszHostName,
+                        pszSiteName,
+                        bConsiderOfflineNodes,
+                        &pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppCurTopology = pTopology;
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirFreeHATopologyData(pTopology);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirGetCurrentGlobalTopology(
+    PCSTR                           pszUserName,
+    PCSTR                           pszPassword,
+    PCSTR                           pszHostName,
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    )
+{
+    DWORD   dwError = 0;
+
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology = NULL;
+
+    if (IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        IsNullOrEmptyString(pszHostName) ||
+        !ppCurTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s", __FUNCTION__);
+
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+
+    dwError = VmDirGetInterSiteTopology(
+                        pszUserName,
+                        pszPassword,
+                        pszHostName,
+                        bConsiderOfflineNodes,
+                        &pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppCurTopology = pTopology;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirFreeHATopologyData(pTopology);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirGetProposedTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppNewTopology // Output
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology = NULL;
+
+    if (!pCurTopology ||
+        !ppNewTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s", __FUNCTION__);
+
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+
+    dwError = VmDirGetNewTopology(
+                    pCurTopology,
+                    &pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppNewTopology = pTopology;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirFreeHATopologyData(pTopology);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirGetChangesInTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES* ppTopologyChanges //Output
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_HA_TOPOLOGY_CHANGES  pChanges = NULL;
+
+    if (!pCurTopology ||
+        !pNewTopology ||
+        !ppTopologyChanges)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s", __FUNCTION__);
+
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+
+    dwError = VmDirGetTopologyChanges(
+                    pCurTopology,
+                    pNewTopology,
+                    &pChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppTopologyChanges = pChanges;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirFreeHATopologyChanges(pChanges);
+
+    goto cleanup;
+
+}
+
+DWORD
+VmDirApplyTopologyChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pTopologyChanges)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s", __FUNCTION__);
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+
+    dwError = VmDirModifyLinks(pTopologyChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+
+    goto cleanup;
+}
+
+VOID
+VmDirFreeHATopologyData(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology
+    )
+{
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+    VmDirFreeHATopology(pTopology);
+}
+
+VOID
+VmDirFreeHAServerInfo(
+    PVMDIR_HA_SERVER_INFO   pServer
+    )
+{
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+    VmDirFreeHAServer(pServer);
+}
+
+VOID
+VmDirFreeHATopologyChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges
+    )
+{
+    // printf( "\n%s\n", __FUNCTION__); // For Debugging till final check-in
+    VmDirFreeHAChanges(pTopologyChanges);
+}
+
+/*
+ * APIs for HA Topology Management ends here
+ */
diff --git a/vmdir/client/defines.h b/vmdir/client/defines.h
index 7a53b3cab..222538782 100644
--- a/vmdir/client/defines.h
+++ b/vmdir/client/defines.h
@@ -318,6 +318,10 @@ the buffer size will always be adequate.
         "Vdcpromo error"}, \
     {VMDIR_ERROR_BACKEND_PARENT_NOTFOUND, \
         "Backend parent notfound"}, \
+    {VMDIR_ERROR_INVALID_ACE, \
+        "Invalid ACE"}, \
+    {VMDIR_ERROR_ACE_NOT_FOUND, \
+        "ACE not found"}, \
 };
 
 #define VMDIR_RPC_ERROR_TABLE_INITIALIZER \
diff --git a/vmdir/client/ldaputil.c b/vmdir/client/ldaputil.c
index 83c81836d..046dec76b 100644
--- a/vmdir/client/ldaputil.c
+++ b/vmdir/client/ldaputil.c
@@ -127,7 +127,7 @@ VmDirAddCMSiteNode(
     LDAPMod*    attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
     PSTR        pszDomainDN = NULL;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszDN,
@@ -192,7 +192,7 @@ VmDirAddLduNode(
                                             pszLduGUID);
     valsDisname[0] = pszDisName;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszDN,
@@ -242,7 +242,7 @@ VmDirIsSolutionUser(
                             );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirGetLocalLduGuid(pszLduGuid);
@@ -856,6 +856,103 @@ VmDirGetSiteNameInternal(
     goto cleanup;
 }
 
+DWORD
+VmDirGetSiteList(
+    LDAP*               pLd,
+    PCSTR               pszDomainName,
+    PVMDIR_STRING_LIST* ppSiteList
+    )
+{
+    DWORD               dwError = 0;
+    PCSTR               pszAttrCN = ATTR_CN;
+    PCSTR               ppszAttrs[] = { pszAttrCN, NULL };
+    PSTR                pszSite = NULL;
+    LDAPMessage*        pResult = NULL;
+    LDAPMessage*        pEntry = NULL;
+    PSTR                pszBaseDN = NULL;
+    PSTR                pszDomainDN = NULL;
+    PVMDIR_STRING_LIST  pSiteList = NULL;
+    struct berval**     ppValues = NULL;
+
+    if (!pLd || !pszDomainName || !ppSiteList)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirStringListInitialize( &pSiteList, 16);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                    &pszBaseDN, "cn=Sites,cn=Configuration,%s",
+                    pszDomainDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                    pLd,
+                    pszBaseDN,
+                    LDAP_SCOPE_ONELEVEL,
+                    NULL,
+                    (PSTR*)ppszAttrs,
+                    FALSE, /* get values also */
+                    NULL,  /* server controls */
+                    NULL,  /* client controls */
+                    NULL,  /* timeout         */
+                    0,     /* size limit      */
+                    &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for ( pEntry = ldap_first_entry(pLd, pResult);
+          pEntry;
+          pEntry = ldap_next_entry(pLd, pEntry))
+    {
+        if (ppValues)
+        {
+            ldap_value_free_len(ppValues);
+        }
+
+        ppValues = ldap_get_values_len(pLd, pEntry, pszAttrCN);
+
+        if (ppValues && ldap_count_values_len(ppValues) == 1)
+        {
+            dwError = VmDirAllocateStringA(ppValues[0]->bv_val, &pszSite);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirStringListAdd(pSiteList, pszSite);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            pszSite = NULL;
+        }
+        else
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_STATE);
+        }
+    }
+
+    *ppSiteList = pSiteList;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszSite);
+    VMDIR_SAFE_FREE_MEMORY(pszBaseDN);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
+    if (ppValues)
+    {
+        ldap_value_free_len(ppValues);
+    }
+
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pSiteList);
+    goto cleanup;
+}
+
 DWORD
 VmDirGetSiteDN(
     PCSTR pszDomain,
@@ -875,7 +972,7 @@ VmDirGetSiteDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -969,7 +1066,7 @@ VmDirGetReplicationInfo(
     PSTR                pszEntryDN = NULL;
     PSTR                pszHostMatch = NULL;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszSearchBaseDN,
@@ -1078,7 +1175,7 @@ VmDirGetAllRAToHost(
     dwError = VmDirGetDomainName( "localhost", &pszDomain );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszSiteDN,
@@ -1218,7 +1315,7 @@ VmDirCreateCMSubtree(
     PSTR    pszDomainDN = NULL;
     LDAP* pLd = (LDAP *) pvLd;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
 
     //create "ComponentManager"
     dwError = VmDirAllocateStringPrintf(&pszDN,
@@ -1319,15 +1416,84 @@ VmDirLdapSetupRemoteHostRA(
     PCSTR pszReplHostName,
     DWORD dwHighWatermark
     )
+{
+    DWORD       dwError = 0;
+    LDAP*       pLocalLd = NULL;
+    LDAP*       pPartnerLd = NULL;
+
+    if (IsNullOrEmptyString(pszDomainName) ||
+        IsNullOrEmptyString(pszHostName) ||
+        IsNullOrEmptyString(pszUsername) ||
+        pszPassword == NULL ||
+        IsNullOrEmptyString(pszReplHostName))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirConnectLDAPServer(
+                            &pLocalLd,
+                            pszHostName,
+                            pszDomainName,
+                            pszUsername,
+                            pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (dwHighWatermark == 0)
+    {
+        dwError = VmDirConnectLDAPServer(
+                            &pPartnerLd,
+                            pszReplHostName,
+                            pszDomainName,
+                            pszUsername,
+                            pszPassword);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirLdapSetupRemoteHostRAByPLd(
+                    pszDomainName,
+                    pszHostName,
+                    pszReplHostName,
+                    dwHighWatermark,
+                    pLocalLd,
+                    pPartnerLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+cleanup:
+   VmDirLdapUnbind(&pLocalLd);
+   VmDirLdapUnbind(&pPartnerLd);
+
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapSetupRemoteHostRA failed with error (%u)", dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDirLdapSetupRemoteHostRAByPLd(
+    PCSTR pszDomainName,
+    PCSTR pszHostName,
+    PCSTR pszReplHostName,
+    DWORD dwHighWatermark,
+    LDAP* pLocalLd,
+    LDAP* pPartnerLd
+    )
 {
     DWORD       dwError = 0;
     PSTR        pszReplURI = NULL;
     PSTR        pszReplHostNameDN = NULL;
     PSTR        pszReplAgrDN = NULL;
     PSTR        pszLastLocalUsn = NULL;
-    LDAP*       pLd = NULL;
     PSTR        pszDomainDN = NULL;
 
+    if (IsNullOrEmptyString(pszDomainName) ||
+        IsNullOrEmptyString(pszHostName) ||
+        pLocalLd == NULL ||
+        IsNullOrEmptyString(pszReplHostName))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
     if ( VmDirIsIPV6AddrFormat( pszReplHostName ) )
     {
         dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://[%s]", VMDIR_LDAP_PROTOCOL, pszReplHostName);
@@ -1338,18 +1504,10 @@ VmDirLdapSetupRemoteHostRA(
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirConnectLDAPServer(
-                            &pLd,
-                            pszHostName,
-                            pszDomainName,
-                            pszUsername,
-                            pszPassword);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapCreateReplHostNameDN(&pszReplHostNameDN, pLd, pszHostName);
+    dwError = VmDirLdapCreateReplHostNameDN(&pszReplHostNameDN, pLocalLd, pszHostName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -1389,13 +1547,11 @@ VmDirLdapSetupRemoteHostRA(
 
         if (dwHighWatermark == 0)
         {
-            dwError = VmDirLdapGetHighWatermark(
-                                        pLd,
+            dwError = VmDirLdapGetHighWatermarkByPLd(
+                                        pLocalLd,
+                                        pPartnerLd,
                                         pszHostName,
                                         pszReplHostName,
-                                        pszDomainName,
-                                        pszUsername,
-                                        pszPassword,
                                         &lastLocalUsn);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
@@ -1417,7 +1573,7 @@ VmDirLdapSetupRemoteHostRA(
         replUSN.mod_values = modv_usn;
 
         // and the ldap_add_ext_s is a synchronous call
-        dwError = ldap_add_ext_s(pLd, pszReplAgrDN, &pReplAgrObjAttrs[0], NULL, NULL);
+        dwError = ldap_add_ext_s(pLocalLd, pszReplAgrDN, &pReplAgrObjAttrs[0], NULL, NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -1428,12 +1584,10 @@ VmDirLdapSetupRemoteHostRA(
     VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
     VMDIR_SAFE_FREE_MEMORY(pszLastLocalUsn);
 
-    VmDirLdapUnbind(&pLd);
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapSetupRemoteHostRA failed with error (%u)", dwError);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapSetupRemoteHostRAByPLd failed with error (%u)", dwError);
     goto cleanup;
 }
 
@@ -1448,15 +1602,69 @@ VmDirLdapRemoveRemoteHostRA(
     PCSTR pszPassword,
     PCSTR pszReplHostName
     )
+{
+    DWORD       dwError = 0;
+    LDAP*       pLd = NULL;
+
+    if (IsNullOrEmptyString(pszDomainName) ||
+        IsNullOrEmptyString(pszHostName) ||
+        IsNullOrEmptyString(pszUsername) ||
+        pszPassword == NULL ||
+        IsNullOrEmptyString(pszReplHostName))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirConnectLDAPServer(
+                            &pLd,
+                            pszHostName,
+                            pszDomainName,
+                            pszUsername,
+                            pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLdapRemoveRemoteHostRAByPLd(
+                                pszDomainName,
+                                pszHostName,
+                                pszReplHostName,
+                                pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirLdapUnbind(&pLd);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapRemoveRemoteHostRA failed with error (%u)", dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDirLdapRemoveRemoteHostRAByPLd(
+    PCSTR pszDomainName,
+    PCSTR pszHostName,
+    PCSTR pszReplHostName,
+    LDAP* pHostLd
+    )
 {
     DWORD       dwError = 0;
     PSTR        pszReplURI = NULL;
     PSTR        pszReplHostNameDN = NULL;
     PSTR        pszReplAgrDN = NULL;
 
-    LDAP*       pLd = NULL;
     PSTR        pszDomainDN = NULL;
 
+    if (IsNullOrEmptyString(pszDomainName) ||
+        IsNullOrEmptyString(pszHostName) ||
+        IsNullOrEmptyString(pszReplHostName) ||
+        !pHostLd)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
     if ( VmDirIsIPV6AddrFormat( pszReplHostName ) )
     {
         dwError = VmDirAllocateStringPrintf( &pszReplURI, "%s://[%s]", VMDIR_LDAP_PROTOCOL, pszReplHostName);
@@ -1467,18 +1675,10 @@ VmDirLdapRemoveRemoteHostRA(
     }
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirConnectLDAPServer(
-                            &pLd,
-                            pszHostName,
-                            pszDomainName,
-                            pszUsername,
-                            pszPassword);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapCreateReplHostNameDN(&pszReplHostNameDN, pLd, pszHostName);
+    dwError = VmDirLdapCreateReplHostNameDN(&pszReplHostNameDN, pHostLd, pszHostName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -1491,7 +1691,7 @@ VmDirLdapRemoveRemoteHostRA(
 
     // the ldap_delete_ext_s is a synchronous call
     dwError = ldap_delete_ext_s(
-                    pLd,
+                    pHostLd,
                     pszReplAgrDN,
                     NULL,
                     NULL
@@ -1504,12 +1704,10 @@ VmDirLdapRemoveRemoteHostRA(
     VMDIR_SAFE_FREE_MEMORY(pszReplAgrDN);
     VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
 
-    VmDirLdapUnbind(&pLd);
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapRemoveRemoteHostRA failed with error (%u)", dwError);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapRemoveRemoteHostRAByPld failed with error (%u)", dwError);
     goto cleanup;
 }
 
@@ -1649,7 +1847,7 @@ VmDirLdapSetupDCAccountOnPartner(
     modUserPrincipalName.mod_type = ATTR_KRB_UPN;
     modUserPrincipalName.mod_values = modv_upn;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf( &pszDCDN, "%s=%s,%s=%s,%s", ATTR_CN, pszLowerCaseDCHostName,
@@ -1835,6 +2033,7 @@ VmDirLdapSetupComputerAccount(
     BOOLEAN     bAcctExists = FALSE;
     PSTR        pszSRPUPN = NULL;
     PSTR        pszExtendedOU = (PSTR)pszComputerOU;
+    PSTR        pszOUPrefix = ATTR_OU "=";
 
     char* modv_oc[] = {OC_PERSON, OC_ORGANIZATIONAL_PERSON, OC_USER, OC_COMPUTER, OC_TOP, NULL};
     char* modv_cn[] = {(PSTR)pszComputerHostName, NULL};
@@ -1926,7 +2125,7 @@ VmDirLdapSetupComputerAccount(
     modUserPrincipalName.mod_type = ATTR_KRB_UPN;
     modUserPrincipalName.mod_values = modv_upn;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (VmDirStringCompareA(pszComputerOU, VMDIR_COMPUTERS_RDN_VAL, FALSE) != 0)
@@ -1940,15 +2139,30 @@ VmDirLdapSetupComputerAccount(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateStringPrintf(
-                    &pszComputerDN,
-                    "%s=%s,%s=%s,%s",
-                    ATTR_CN,
-                    pszLowerCaseComputerHostName,
-                    ATTR_OU,
-                    pszExtendedOU,
-                    pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (VmDirStringNCompareA(pszExtendedOU, pszOUPrefix,
+                             VmDirStringLenA(pszOUPrefix), FALSE) != 0)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                        &pszComputerDN,
+                        "%s=%s,%s=%s,%s",
+                        ATTR_CN,
+                        pszLowerCaseComputerHostName,
+                        ATTR_OU,
+                        pszExtendedOU,
+                        pszDomainDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf(
+                        &pszComputerDN,
+                        "%s=%s,%s,%s",
+                        ATTR_CN,
+                        pszLowerCaseComputerHostName,
+                        pszExtendedOU,
+                        pszDomainDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     if ( VmDirStringCompareA( pszHostName, pszComputerHostName, FALSE ) != 0 )
     {   // BUGBUG, does not consider simple vs fqdn name scenario.
@@ -2010,9 +2224,11 @@ VmDirLdapSetupComputerAccount(
 
     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "Computer account (%s) created (recycle %s)", pszComputerDN, bAcctExists ? "T":"F");
 
+#ifndef LIGHTWAVE_BUILD
     // add Computer Account into DCClients group
     dwError = _VmDirLdapSetupAccountMembership( pLd, pszDomainDN, VMDIR_DCCLIENT_GROUP_NAME, pszComputerDN );
     BAIL_ON_VMDIR_ERROR(dwError);
+#endif
 
     if (bStoreInRegistry)
     {
@@ -2230,7 +2446,7 @@ VmDirLdapSetupServiceAccount(
     modUserPrincipalName.mod_type = ATTR_KRB_UPN;
     modUserPrincipalName.mod_values = modv_upn;
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf( &pszMSADN, "%s=%s,%s=%s,%s", ATTR_CN, pszUPN,
@@ -2881,7 +3097,7 @@ VmDirLdapDeleteDCAccount(
     dwError = VmDirAllocASCIIUpperToLower( pszDCHostName, &pszLowerCaseDCHostName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf( &pszDCDN, "%s=%s,%s=%s,%s", ATTR_CN, pszLowerCaseDCHostName,
@@ -2958,7 +3174,7 @@ VmDirLdapDeleteServiceAccount(
     dwError = VmDirAllocateStringPrintf( &pszUPN, "%s/%s@%s", pszServiceName, pszLowerCaseDCHostName, pszUpperCaseDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf( &pszMSADN, "%s=%s,%s=%s,%s", ATTR_CN, pszUPN,
@@ -3182,7 +3398,7 @@ VmDirGetDCContainerDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -3778,7 +3994,7 @@ VmDirSetDomainFuncLvlInternal(
     mods[1] = NULL;
 
     // Get the DomainDN
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomainName,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -3839,7 +4055,7 @@ VmDirGetAllDCInternal(
     dwError = VmDirStringListInitialize( &pStrList, 16);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
@@ -4053,7 +4269,7 @@ VmDirGetObjectAttribute(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszSearchBase,
@@ -4148,6 +4364,7 @@ VmDirLdapCreateComputerOUContainer(
                           {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}
                       };
     LDAPMod*    attrs[] = {&mod[0], &mod[1], NULL};
+    PSTR        pszOUPrefix = ATTR_OU "=";
 
     if (!pLd || !pszDomainName || !pszOUContainer)
     {
@@ -4159,20 +4376,35 @@ VmDirLdapCreateComputerOUContainer(
         goto cleanup;  // default container
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // create user specified OU container under default OU=computers container.
-    dwError = VmDirAllocateStringPrintf(
-                &pszOuDN,
-                "%s=%s,%s=%s,%s",
-                ATTR_OU,
-                pszOUContainer,
-                ATTR_OU,
-                VMDIR_COMPUTERS_RDN_VAL,
-                pszDomainDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
 
+    // create user specified OU container under default OU=computers container.
+    if (VmDirStringNCompareA(pszOUContainer, pszOUPrefix,
+                             VmDirStringLenA(pszOUPrefix), FALSE) != 0)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszOuDN,
+                    "%s=%s,%s=%s,%s",
+                    ATTR_OU,
+                    pszOUContainer,
+                    ATTR_OU,
+                    VMDIR_COMPUTERS_RDN_VAL,
+                    pszDomainDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszOuDN,
+                    "%s,%s=%s,%s",
+                    pszOUContainer,
+                    ATTR_OU,
+                    VMDIR_COMPUTERS_RDN_VAL,
+                    pszDomainDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     if ( VmDirIfDNExist(pLd, pszOuDN) )
     {
diff --git a/vmdir/client/libvmdirclient.exp b/vmdir/client/libvmdirclient.exp
index ee034836f..360801108 100644
--- a/vmdir/client/libvmdirclient.exp
+++ b/vmdir/client/libvmdirclient.exp
@@ -48,6 +48,7 @@ VmDirGetLogLevelH
 VmDirSetLogMask
 VmDirSetLogMaskH
 VmDirGetLogMaskH
+VmDirLocalGetSRPSecret
 VmDirSetSRPSecret
 VmDirGetSiteGuid
 VmDirConnectionOpen
@@ -104,3 +105,11 @@ VmDirChangePNID
 VmDirCreateTenant
 VmDirDeleteTenant
 VmDirEnumerateTenants
+VmDirGetCurrentTopologyAtSite
+VmDirGetCurrentGlobalTopology
+VmDirGetProposedTopology
+VmDirGetChangesInTopology
+VmDirApplyTopologyChanges
+VmDirFreeHATopologyData
+VmDirFreeHAServerInfo
+VmDirFreeHATopologyChanges
diff --git a/vmdir/client/pnid.c b/vmdir/client/pnid.c
index a28603d8c..33ae29a3c 100644
--- a/vmdir/client/pnid.c
+++ b/vmdir/client/pnid.c
@@ -124,7 +124,7 @@ VmDirChangePNID(
     dwError = VmDirAllocASCIILowerToUpper(pszDomain, &pszUpperCaseDomain);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
diff --git a/vmdir/client/prototypes.h b/vmdir/client/prototypes.h
index e7ccc1a86..7686bdcb5 100644
--- a/vmdir/client/prototypes.h
+++ b/vmdir/client/prototypes.h
@@ -21,7 +21,7 @@
 #define VMDIR_STOP_SERVICE "/opt/likewise/bin/lwsm stop vmdir"
 #define VMDIR_START_SERVICE "/opt/likewise/bin/lwsm start vmdir"
 // in embedded VCHA, snapshot database live under vmware-vmdir/
-#define VMDIR_CLEANUP_DATA "rm -rf /storage/db/vmware-vmdir/*"
+#define VMDIR_CLEANUP_DATA "mv /var/lib/vmware/vmdir/data.mdb /var/lib/vmware/vmdir/data.mdb.bak"
 
 #define VMKDC_STOP_SERVICE "/opt/likewise/bin/lwsm stop vmkdc"
 #define VMKDC_START_SERVICE "/opt/likewise/bin/lwsm start vmkdc"
@@ -608,6 +608,13 @@ VmDirLocalGeneratePassword(
     VMDIR_DATA_CONTAINER* pPasswdContainer
 );
 
+DWORD
+VmDirLocalGetSRPSecret(
+    PCSTR       pszUPN,
+    PBYTE*      ppSecretBlob,
+    DWORD*      pSize
+);
+
 DWORD
 VmDirLocalSetSRPSecret(
     PCWSTR      pwszUPN,
@@ -734,3 +741,124 @@ VmDirUpdateKeytabFile(
     PCSTR pszPassword,
     BOOLEAN bIsServer
     );
+
+/*
+ * HA Topolgy Management APIs
+ */
+
+DWORD
+VmDirGetIntraSiteTopology(
+    PCSTR   pszUserName,
+    PCSTR   pszPassword,
+    PCSTR   pszHostName,
+    PCSTR   pszSiteName,
+    BOOLEAN bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    );
+
+DWORD
+VmDirGetInterSiteTopology(
+    PCSTR   pszUserName,
+    PCSTR   pszPassword,
+    PCSTR   pszHostName,
+    BOOLEAN bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    );
+
+DWORD
+VmDirGetNewTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppNewTopology // Output
+    );
+
+DWORD
+VmDirGetTopologyChanges(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES* ppTopologyChanges //Output
+    );
+
+DWORD
+VmDirModifyLinks(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges
+    );
+
+VOID
+VmDirFreeHATopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology
+    );
+
+VOID
+VmDirFreeHAServer(
+    PVMDIR_HA_SERVER_INFO   pServer
+    );
+
+VOID
+VmDirFreeHAChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pChanges
+    );
+/*
+ * HA Topology Management APIs end here
+ */
+
+DWORD
+VmDirLdapRemoveRemoteHostRAByPLd(
+    PCSTR pszDomainName,
+    PCSTR pszHostName,
+    PCSTR pszReplHostName,
+    LDAP* pHostLd
+    );
+
+DWORD
+VmDirLdapSetupRemoteHostRAByPLd(
+    PCSTR pszDomainName,
+    PCSTR pszHostName,
+    PCSTR pszReplHostName,
+    DWORD dwHighWatermark,
+    LDAP* pLocalLd,
+    LDAP* pPartnerLd
+    );
+
+DWORD
+VmDirLdapGetHighWatermarkByPLd(
+    LDAP*      pLocalLd,
+    LDAP*      pPartnerLd,
+    PCSTR      pszLocalHost,
+    PCSTR      pszPartnerHost,
+    USN*       pLastLocalUsn
+    );
+
+DWORD
+VmDirGetReplicationPartnersByPLd(
+    PCSTR               pszServerName,
+    PCSTR               pszDomainName,
+    LDAP*               pLd,
+    PVMDIR_REPL_PARTNER_INFO*  ppReplPartnerInfo,   // output
+    DWORD*              pdwNumReplPartner    // output
+);
+
+DWORD
+VmDirFindAllReplPartnerHostByPLd(
+    PCSTR    pszServerName,
+    PCSTR    pszDomainName,
+    LDAP*    pLd,
+    PSTR**   pppszPartnerHost,
+    DWORD*   pdwSize
+    );
+
+DWORD
+VmDirGetServersInfoOnSite(
+    LDAP*                   pLd,
+    PCSTR                   pszSiteName,
+    PCSTR                   pszHost,
+    PCSTR                   pszDomain,
+    PINTERNAL_SERVER_INFO*  ppInternalServerInfo,
+    DWORD*                  pdwInfoCount
+    );
+
+DWORD
+VmDirGetSiteList(
+    LDAP*               pLd,
+    PCSTR               pszDomainName,
+    PVMDIR_STRING_LIST* ppSiteList
+    );
diff --git a/vmdir/client/redundancy.c b/vmdir/client/redundancy.c
new file mode 100644
index 000000000..27c30e596
--- /dev/null
+++ b/vmdir/client/redundancy.c
@@ -0,0 +1,2570 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+_VmDirGetServersOnSite(
+    PCSTR               pszHostName,
+    PCSTR               pszUserName,
+    PCSTR               pszPassword,
+    PCSTR               pszSiteName,
+    PVMDIR_SERVER_INFO* ppServerInfo,   // output
+    DWORD*              pdwNumServer    // output
+);
+
+static
+DWORD
+_VmDirGetListFromServerInfo(
+    PVMDIR_SERVER_INFO  pServerInfo,
+    DWORD               dwServerInfoCount,
+    PVMDIR_STRING_LIST* ppList
+    );
+
+static
+DWORD
+_VmDirGetHAServerFromStringList(
+    PVMDIR_STRING_LIST      pAllServerList,
+    PCSTR                   pszUserName,
+    PCSTR                   pszPassword,
+    PVMDIR_HA_SERVER_INFO** pppList,
+    PDWORD                  pdwListCount,
+    PDWORD                  pdwOnlineCount,
+    PDWORD                  pdwOfflineCount,
+    BOOLEAN                 bFillPartners
+    );
+
+static
+DWORD
+_VmDirFillPartnersInList(
+    PVMDIR_HA_SERVER_INFO*  ppList,
+    DWORD                   dwCount
+    );
+
+static
+DWORD
+_VmDirFillInterSitePartners(
+    PVMDIR_HA_SERVER_INFO*  ppList,
+    DWORD                   dwCount,
+    PDWORD                  pdwInterSiteCnt
+    );
+
+static
+DWORD
+_VmDirFillIntraTopology(
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_SERVER_INFO*          ppServerList,
+    DWORD                           dwListCount,
+    DWORD                           dwOnlineCount,
+    DWORD                           dwOfflineCount,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppTopology
+    );
+
+static
+VOID
+_VmDirFreeHAServerList(
+    PVMDIR_HA_SERVER_INFO*  ppList,
+    DWORD                   dwCount
+    );
+
+static
+DWORD
+_VmDirCreateTopologyStructure(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology,
+    PDWORD**                        pppdwCostMatrix,
+    PDWORD*                         ppFinalResult
+    );
+
+static
+DWORD
+_VmDirFindFinalTopology(
+    DWORD   dwNodeCount,
+    PDWORD* ppdwCostMatrix,
+    PDWORD  pdwFinalResult, // Output
+    PDWORD  pdwCost // Output
+    );
+
+static
+DWORD
+_VmDirFindNNA(
+    DWORD   dwNodeCount,
+    PDWORD* ppdwCostMatrix,
+    PDWORD  pdwFinalResult, // Output
+    PDWORD  pdwCost // Output
+    );
+
+static
+DWORD
+_VmDirCreateNewTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology,
+    PDWORD                          pFinalResult,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppNewTopology
+    );
+
+static
+VOID
+_VmDirFreeTopologyStructure(
+    PDWORD* ppdwCostMatrix,
+    PDWORD  pFinalResult,
+    DWORD   dwCount
+    );
+
+static
+DWORD
+_VmDirCreateInternalChanges(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES      pChanges
+    );
+
+static
+DWORD
+_VmDirFindDifferenceInReplLinks(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES      pChanges
+    );
+
+static
+DWORD
+_VmDirCreateTopologyChanges(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES*     ppChanges
+    );
+
+static
+DWORD
+_VmDirFillInterTopology(
+    PVMDIR_HA_SERVER_INFO*          ppServerList,
+    DWORD                           dwListCount,
+    PVMDIR_HA_SERVER_INFO**         pppInterSiteServerList,
+    DWORD                           dwInterSiteServerListCnt,
+    DWORD                           dwOnlineCount,
+    DWORD                           dwOfflineCount,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppTopology
+    );
+
+static
+DWORD
+_VmDirGetInterSiteServerList(
+    PVMDIR_STRING_LIST      pSiteList,
+    PVMDIR_HA_SERVER_INFO*  ppHAServerList,
+    DWORD                   dwHAListCount,
+    DWORD                   dwInterSiteCount,
+    BOOLEAN                 bConsiderOfflineNodes,
+    PVMDIR_HA_SERVER_INFO** pppInterSiteList,
+    PDWORD                  pdwInterSiteListCnt
+    );
+
+static
+VOID
+_FreeSiteHashMap(
+    PLW_HASHMAP_PAIR    pPair,
+    PVOID               pUnused
+    );
+
+static
+DWORD
+_VmDirFinalizeList(
+    PVMDIR_HA_SERVER_INFO*  ppServerList,
+    DWORD                   dwServerCnt,
+    DWORD                   dwSiteCnt,
+    PDWORD*                 ppMatrix,
+    BOOLEAN                 bConsiderOfflineNodes,
+    PVMDIR_HA_SERVER_INFO** pppFinalList
+    );
+
+static
+DWORD
+_VmDirCreateServerListBySite(
+    PVMDIR_HA_SERVER_INFO*  ppServerList,
+    DWORD                   dwServerCnt,
+    DWORD                   dwSiteCnt,
+    PLW_HASHMAP             pHashmap,
+    PDWORD**                pppMatrix // Output
+    );
+
+static
+DWORD
+_VmDirGenerateSiteHashMap(
+    PVMDIR_STRING_LIST  pSiteList,
+    PLW_HASHMAP*        ppHashMap
+    );
+
+DWORD
+VmDirGetIntraSiteTopology(
+    PCSTR                           pszUserName,
+    PCSTR                           pszPassword,
+    PCSTR                           pszHostName,
+    PCSTR                           pszSiteName,
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    )
+{
+    DWORD                           dwError = 0;
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology = NULL;
+    PVMDIR_STRING_LIST              pAllServerList = NULL;
+    PVMDIR_SERVER_INFO              pServerInfo = NULL;
+    DWORD                           dwServerInfoCount = 0;
+    PVMDIR_HA_SERVER_INFO*          ppHAServerList = NULL;
+    DWORD                           dwHAListCount = 0;
+    DWORD                           dwHAOnlineCount = 0;
+    DWORD                           dwHAOfflineCount = 0;
+    DWORD                           dwCnt = 0;
+
+    if (IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        IsNullOrEmptyString(pszHostName) ||
+        IsNullOrEmptyString(pszSiteName) ||
+        !ppCurTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirGetServersOnSite(
+                    pszHostName,
+                    pszUserName,
+                    pszPassword,
+                    pszSiteName,
+                    &pServerInfo,
+                    &dwServerInfoCount
+                    );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirGetListFromServerInfo(
+                    pServerInfo,
+                    dwServerInfoCount,
+                    &pAllServerList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirGetHAServerFromStringList(
+                    pAllServerList,
+                    pszUserName,
+                    pszPassword,
+                    &ppHAServerList,
+                    &dwHAListCount,
+                    &dwHAOnlineCount,
+                    &dwHAOfflineCount,
+                    1);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    /*
+     * In this call servers formed in ppHAServerList are transferred to
+     * pTopology Servers i.e. servers in ppHAServerList and pTopology are same
+     * and can be referenced from one - another. That's the reason, there is
+     * difference in way of freeing memory of ppHAServerList in case of normal
+     * flow and error condition.
+     */
+    dwError = _VmDirFillIntraTopology(
+                    bConsiderOfflineNodes,
+                    ppHAServerList,
+                    dwHAListCount,
+                    dwHAOnlineCount,
+                    dwHAOfflineCount,
+                    &pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppCurTopology = pTopology;
+
+cleanup:
+    VmDirStringListFree(pAllServerList);
+
+    if (pServerInfo)
+    {
+        for (dwCnt=0; dwCnt<dwServerInfoCount; dwCnt++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(pServerInfo[dwCnt].pszServerDN);
+        }
+    }
+    VMDIR_SAFE_FREE_MEMORY(pServerInfo);
+    if (ppHAServerList)
+    {
+        VMDIR_SAFE_FREE_MEMORY(ppHAServerList);
+    }
+
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    _VmDirFreeHAServerList(
+                ppHAServerList,
+                dwHAListCount);
+    ppHAServerList = NULL;
+    VmDirFreeHATopologyData(pTopology);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirGetInterSiteTopology(
+    PCSTR                           pszUserName,
+    PCSTR                           pszPassword,
+    PCSTR                           pszHostName,
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    )
+{
+    DWORD                           dwError             = 0;
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology           = NULL;
+    PVMDIR_STRING_LIST              pAllServerList      = NULL;
+    PVMDIR_STRING_LIST              pSiteList           = NULL;
+    PVMDIR_SERVER_INFO              pServerInfo         = NULL;
+    DWORD                           dwServerInfoCount   = 0;
+    PVMDIR_HA_SERVER_INFO*          ppHAServerList      = NULL;
+    DWORD                           dwHAListCount       = 0;
+    DWORD                           dwHAOnlineCount     = 0;
+    DWORD                           dwHAOfflineCount    = 0;
+    DWORD                           dwCnt               = 0;
+    LDAP*                           pLd                 = NULL;
+    PSTR                            pszDomain           = NULL;
+    PSTR                            pszServerName       = NULL;
+    PVMDIR_HA_SERVER_INFO*          ppInterSiteList     = NULL;
+    DWORD                           dwInterSiteListCnt  = 0;
+    DWORD                           dwInterSiteCount    = 0;
+
+    if (IsNullOrEmptyString(pszUserName) ||
+        IsNullOrEmptyString(pszPassword) ||
+        IsNullOrEmptyString(pszHostName) ||
+        !ppCurTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirGetServerName( pszHostName, &pszServerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // get domain name
+    dwError = VmDirGetDomainName(
+                    pszServerName,
+                    &pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirConnectLDAPServer(
+                    &pLd,
+                    pszServerName,
+                    pszDomain,
+                    pszUserName,
+                    pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetSiteList(
+                    pLd,
+                    pszDomain,
+                    &pSiteList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetServers(
+                    pszHostName,
+                    pszUserName,
+                    pszPassword,
+                    &pServerInfo,
+                    &dwServerInfoCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirGetListFromServerInfo(
+                    pServerInfo,
+                    dwServerInfoCount,
+                    &pAllServerList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirGetHAServerFromStringList(
+                    pAllServerList,
+                    pszUserName,
+                    pszPassword,
+                    &ppHAServerList,
+                    &dwHAListCount,
+                    &dwHAOnlineCount,
+                    &dwHAOfflineCount,
+                    0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirFillInterSitePartners(
+                    ppHAServerList,
+                    dwHAListCount,
+                    &dwInterSiteCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // ppInterSiteList will have pointers to the servers in ppHAServerList
+    dwError = _VmDirGetInterSiteServerList(
+                    pSiteList,
+                    ppHAServerList,
+                    dwHAListCount,
+                    dwInterSiteCount,
+                    bConsiderOfflineNodes,
+                    &ppInterSiteList,
+                    &dwInterSiteListCnt);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    /*
+     * In this call servers formed in ppHAServerList are transferred to
+     * pTopology Servers i.e. servers in ppHAServerList and pTopology are same
+     * and can be referenced from one - another. That's the reason, there is
+     * difference in way of freeing memory of ppHAServerList in case of normal
+     * flow and error condition.
+     * In addition to this, ppInterSiteList is transferred to pTopology->ppConsiderList.
+     * After transfer ppInterSiteList will be NULL.
+     */
+    dwError = _VmDirFillInterTopology(
+                    ppHAServerList,
+                    dwHAListCount,
+                    &ppInterSiteList,
+                    dwInterSiteListCnt,
+                    dwHAOnlineCount,
+                    dwHAOfflineCount,
+                    &pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppCurTopology = pTopology;
+
+cleanup:
+    VmDirStringListFree(pAllServerList);
+    VmDirStringListFree(pSiteList);
+
+    VMDIR_SAFE_FREE_MEMORY(pszServerName);
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+    VmDirLdapUnbind(&pLd);
+
+    if (pServerInfo)
+    {
+        for (dwCnt=0; dwCnt<dwServerInfoCount; dwCnt++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(pServerInfo[dwCnt].pszServerDN);
+        }
+    }
+    VMDIR_SAFE_FREE_MEMORY(pServerInfo);
+    if (ppHAServerList)
+    {
+        VMDIR_SAFE_FREE_MEMORY(ppHAServerList);
+    }
+    VMDIR_SAFE_FREE_MEMORY(ppInterSiteList);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    _VmDirFreeHAServerList(
+                ppHAServerList,
+                dwHAListCount);
+    ppHAServerList = NULL;
+    VmDirFreeHATopologyData(pTopology);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirGetNewTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppNewTopology // Output
+    )
+{
+    DWORD                           dwError         = 0;
+    PDWORD*                         ppdwCostMatrix  = NULL;
+    PDWORD                          pFinalArray     = NULL;
+    DWORD                           dwCost          = 0;
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology    = NULL;
+
+    if (!pTopology ||
+        !ppNewTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (pTopology->dwConsiderListCnt < 2)
+    {
+        printf("\n\nThe Number of Servers to be considered are not sufficient for creating Redundant Topology!!\n\n");
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirCreateTopologyStructure(pTopology,
+                                            &ppdwCostMatrix,
+                                            &pFinalArray);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirFindFinalTopology(pTopology->dwConsiderListCnt,
+                                      ppdwCostMatrix,
+                                      pFinalArray,
+                                      &dwCost);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirCreateNewTopology(pTopology,
+                                      pFinalArray,
+                                      &pNewTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppNewTopology = pNewTopology;
+cleanup:
+    _VmDirFreeTopologyStructure(ppdwCostMatrix,
+                                pFinalArray,
+                                pTopology->dwConsiderListCnt);
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirFreeHATopologyData(pNewTopology);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirGetTopologyChanges(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES* ppTopologyChanges //Output
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = _VmDirCreateTopologyChanges(pCurTopology, pNewTopology, ppTopologyChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+
+    goto cleanup;
+}
+
+DWORD
+VmDirModifyLinks(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i       = 0;
+    DWORD   j       = 0;
+
+    if (!pTopologyChanges)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (!pTopologyChanges->dwAddListCnt || !pTopologyChanges->ppAddLinkList)
+    {
+        printf("\n\tNo Links are Added\n");
+    }
+    else
+    {
+        for (i=0; i<pTopologyChanges->dwAddListCnt; i++)
+        {
+            if (pTopologyChanges->ppAddLinkList[i])
+            {
+                if (pTopologyChanges->ppAddLinkList[i]->dwPartnerCnt)
+                {
+                    for (j=0; j<pTopologyChanges->ppAddLinkList[i]->dwPartnerCnt; j++)
+                    {
+                        if (pTopologyChanges->ppAddLinkList[i]->ppPartnerList[j])
+                        {
+                            dwError = VmDirLdapSetupRemoteHostRAByPLd(
+                                            pTopologyChanges->ppAddLinkList[i]->pConnection->pszDomain,
+                                            pTopologyChanges->ppAddLinkList[i]->pszHostName,
+                                            pTopologyChanges->ppAddLinkList[i]->ppPartnerList[j]->pszHostName,
+                                            0,
+                                            pTopologyChanges->ppAddLinkList[i]->pConnection->pLd,
+                                            pTopologyChanges->ppAddLinkList[i]->ppPartnerList[j]->pConnection->pLd);
+                            BAIL_ON_VMDIR_ERROR(dwError);
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    if (!pTopologyChanges->dwDelListCnt || !pTopologyChanges->ppDelLinkList)
+    {
+        printf("\n\tNo Links are Deleted\n");
+    }
+    else
+    {
+        for (i=0; i<pTopologyChanges->dwDelListCnt; i++)
+        {
+            if (pTopologyChanges->ppDelLinkList[i])
+            {
+                if (pTopologyChanges->ppDelLinkList[i]->dwPartnerCnt)
+                {
+                    for (j=0; j<pTopologyChanges->ppDelLinkList[i]->dwPartnerCnt; j++)
+                    {
+                        if (pTopologyChanges->ppDelLinkList[i]->ppPartnerList[j])
+                        {
+                            dwError = VmDirLdapRemoveRemoteHostRAByPLd(
+                                            pTopologyChanges->ppDelLinkList[i]->pConnection->pszDomain,
+                                            pTopologyChanges->ppDelLinkList[i]->pszHostName,
+                                            pTopologyChanges->ppDelLinkList[i]->ppPartnerList[j]->pszHostName,
+                                            pTopologyChanges->ppDelLinkList[i]->pConnection->pLd);
+                            BAIL_ON_VMDIR_ERROR(dwError);
+                        }
+                    }
+                }
+            }
+        }
+    }
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+
+    goto cleanup;
+}
+
+VOID
+VmDirFreeHATopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology
+    )
+{
+    if (pTopology)
+    {
+        _VmDirFreeHAServerList(
+                        pTopology->ppOnlineList,
+                        pTopology->dwOnlineListCnt);
+        _VmDirFreeHAServerList(
+                        pTopology->ppOfflineList,
+                        pTopology->dwOfflineListCnt);
+        VMDIR_SAFE_FREE_MEMORY(pTopology->ppConsiderList);// Not Freeing the List Contents
+                                                          // as they would be freed by either of above 2
+        VMDIR_SAFE_FREE_MEMORY(pTopology);
+    }
+}
+
+VOID
+VmDirFreeHAServer(
+    PVMDIR_HA_SERVER_INFO   pServer
+    )
+{
+    if (pServer)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pServer->pszHostName);
+
+        VMDIR_SAFE_FREE_MEMORY(pServer->pszServerName);
+
+        VMDIR_SAFE_FREE_MEMORY(pServer->pszSiteName);
+
+        VmDirConnectionClose(pServer->pConnection);
+
+        VMDIR_SAFE_FREE_MEMORY(pServer->ppPartnerList);
+
+        VMDIR_SAFE_FREE_MEMORY(pServer);
+    }
+
+}
+
+VOID
+VmDirFreeHAChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pChanges
+    )
+{
+    DWORD   i = 0;
+
+    if (pChanges)
+    {
+        if (pChanges->ppAddLinkList)
+        {
+            _VmDirFreeHAServerList(
+                    pChanges->ppAddLinkList,
+                    pChanges->dwAddListCnt);
+        }
+        if (pChanges->ppDelLinkList)
+        {
+            for (i=0; i<pChanges->dwDelListCnt; i++)
+            {
+                if (pChanges->ppDelLinkList[i] &&
+                    pChanges->ppDelLinkList[i]->pConnection)
+                {
+                    /*
+                     * In function _VmDirCreateInternalChanges,
+                     * the pConnection of DelLinkList[i] is assigned
+                     * from pConnection of AddLinkList[i] i.e. new
+                     * Connection was not created for DelLinkList[i].
+                     * As that connection close would be taken care in
+                     * deletion of AddLinkList, connection of DelLinkList
+                     * is set to NULL
+                     */
+                    pChanges->ppDelLinkList[i]->pConnection = NULL;
+                }
+            }
+            _VmDirFreeHAServerList(
+                    pChanges->ppDelLinkList,
+                    pChanges->dwDelListCnt);
+        }
+        VMDIR_SAFE_FREE_MEMORY(pChanges);
+    }
+}
+
+DWORD
+_VmDirGetServersOnSite(
+    PCSTR               pszHostName,
+    PCSTR               pszUserName,
+    PCSTR               pszPassword,
+    PCSTR               pszSiteName,
+    PVMDIR_SERVER_INFO* ppServerInfo,   // output
+    DWORD*              pdwNumServer    // output
+)
+{
+    DWORD       dwError                   = 0;
+    DWORD       i                         = 0;
+    PSTR        pszDomain                 = NULL;
+    LDAP*       pLd                       = NULL;
+    DWORD       dwInfoCount               = 0;
+    PSTR        pszServerName             = NULL;
+    char        bufUPN[VMDIR_MAX_UPN_LEN] = {0};
+
+    PINTERNAL_SERVER_INFO   pInternalServerInfo = NULL;
+    PVMDIR_SERVER_INFO      pServerInfo         = NULL;
+
+    // parameter check
+    if (IsNullOrEmptyString (pszHostName) ||
+        IsNullOrEmptyString (pszUserName) ||
+        IsNullOrEmptyString (pszSiteName) ||
+        pszPassword == NULL ||
+        pdwNumServer == NULL)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirGetServerName( pszHostName, &pszServerName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // get domain name
+    dwError = VmDirGetDomainName(
+                    pszServerName,
+                    &pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringPrintFA( bufUPN, sizeof(bufUPN)-1,  "%s@%s", pszUserName, pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSafeLDAPBind( &pLd,
+                                 pszServerName,
+                                 bufUPN,
+                                 pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //get all vmdir servers in the site.
+    dwError = VmDirGetServersInfoOnSite(
+                            pLd,
+                            pszSiteName,
+                            pszServerName,
+                            pszDomain,
+                            &pInternalServerInfo,
+                            &dwInfoCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (ppServerInfo)
+    {
+        dwError = VmDirAllocateMemory(
+                dwInfoCount*sizeof(VMDIR_SERVER_INFO),
+                (PVOID*)&pServerInfo);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for ( i=0; i<dwInfoCount; i++)
+        {
+            dwError = VmDirAllocateStringA(
+                    pInternalServerInfo[i].pszServerDN,
+                    &(pServerInfo[i].pszServerDN));
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *ppServerInfo = pServerInfo;
+    *pdwNumServer = dwInfoCount;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pInternalServerInfo);
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+    VMDIR_SAFE_FREE_MEMORY(pszServerName);
+
+    // unbind
+    if (pLd)
+    {
+        ldap_unbind_ext_s(pLd, NULL, NULL);
+    }
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "_VmDirGetServersOnSite failed. Error[%d]\n",
+            dwError
+            );
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirGetListFromServerInfo(
+    PVMDIR_SERVER_INFO  pServerInfo,
+    DWORD               dwServerInfoCount,
+    PVMDIR_STRING_LIST* ppList
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwCnt   = 0;
+    PSTR  pszName = NULL;
+    PVMDIR_STRING_LIST  pList = NULL;
+
+    if (!pServerInfo || !ppList)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirStringListInitialize(&pList, 16);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwCnt=0; dwCnt<dwServerInfoCount; dwCnt++)
+    {
+        // Getting Hostname of Domain Controllers
+        dwError = VmDirDnLastRDNToCn(pServerInfo[dwCnt].pszServerDN,
+                                    &pszName);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirStringListAdd(pList, pszName);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszName = NULL;
+    }
+
+    *ppList = pList;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed. Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirStringListFree(pList);
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirGetHAServerFromStringList(
+    PVMDIR_STRING_LIST      pAllServerList,
+    PCSTR                   pszUserName,
+    PCSTR                   pszPassword,
+    PVMDIR_HA_SERVER_INFO** pppList,
+    PDWORD                  pdwListCount,
+    PDWORD                  pdwOnlineCount,
+    PDWORD                  pdwOfflineCount,
+    BOOLEAN                 bFillPartners
+    )
+{
+    DWORD   dwError        = 0;
+    DWORD   dwCnt          = 0;
+    DWORD   dwOnlineCount  = 0;
+    DWORD   dwOfflineCount = 0;
+    DWORD   dwListCount    = 0;
+
+    PSTR    pszHost     = NULL;
+    PSTR    pszServer   = NULL;
+    PSTR    pszSite     = NULL;
+    PSTR    pszDomain   = NULL;
+    PSTR    pszHostName = NULL;
+
+    PVMDIR_CONNECTION       pCon   = NULL;
+    PVMDIR_HA_SERVER_INFO*  ppList = NULL;
+    PVMDIR_HA_SERVER_INFO   pServer = NULL;
+
+    BOOLEAN bIsNodeOffline = 0;
+
+    if (!pAllServerList ||
+        !pppList ||
+        !pdwListCount ||
+        !pdwOnlineCount ||
+        !pdwOfflineCount ||
+        !pAllServerList->dwCount)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(
+                    sizeof(PVMDIR_HA_SERVER_INFO)*pAllServerList->dwCount,
+                    (PVOID*)&ppList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwCnt=0; dwCnt<pAllServerList->dwCount; dwCnt++)
+    {
+        pszHost         = NULL;
+        pszServer       = NULL;
+        pszSite         = NULL;
+        pCon            = NULL;
+        pServer         = NULL;
+        bIsNodeOffline  = 0;
+
+        VMDIR_SAFE_FREE_MEMORY(pszHostName);
+        VMDIR_SAFE_FREE_MEMORY(pszDomain);
+
+        dwError = VmDirAllocateStringA( pAllServerList->pStringList[dwCnt], &pszHostName );
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirGetDomainName( pszHostName, &pszDomain );
+        if (dwError == VMDIR_ERROR_SERVER_DOWN ||
+            dwError == VMDIR_ERROR_CANNOT_CONNECT_VMDIR ||
+            dwError == VMDIR_ERROR_TIMELIMIT_EXCEEDED)
+        {
+            dwError = 0; // Handling Offline Node Scenario
+            bIsNodeOffline = 1;
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAllocateStringA( pszHostName, &pszHost );
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // Commented Code below because apparently it seems hostname and server name are same
+        // For Offline node this is creating the issue as we will set it to NULL in case of error.
+
+        // dwError = VmDirGetServerName( pszHostName, &pszServer);
+        // VMDIR_HANDLE_OFFLINE_ERROR(dwError, pszServer);
+
+        // The hostname is formed by converting ServerDN to CN and thus it has to be FQDN.
+        // It is obtained from the API:VmDirGetServersInfoOnSite.
+        dwError = VmDirAllocateStringA(pszHostName, &pszServer);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (!bIsNodeOffline)
+        {
+            dwError = VmDirConnectionOpenByHost(
+                            pszHostName,
+                            pszDomain,
+                            pszUserName,
+                            pszPassword,
+                            &pCon);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwOnlineCount += 1;
+            dwError = VmDirGetSiteName(pCon, &pszSite);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else
+        {
+            pCon = NULL;
+            dwOfflineCount += 1;
+            pszSite = NULL;
+        }
+
+        dwError = VmDirAllocateMemory(sizeof(VMDIR_HA_SERVER_INFO), (PVOID*)&pServer);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pServer->pszHostName    = pszHost;
+        pServer->pszServerName  = pszServer;
+        pServer->pConnection    = pCon;
+        pServer->pszSiteName    = pszSite;
+        pServer->ppPartnerList  = NULL;
+        pServer->dwIdx = -1;
+        ppList[dwCnt] = pServer;
+        dwListCount += 1;
+    }
+
+    if (bFillPartners)
+    {
+        dwError = _VmDirFillPartnersInList(ppList, dwListCount);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *pppList         = ppList;
+    *pdwOnlineCount  = dwOnlineCount;
+    *pdwOfflineCount = dwOfflineCount;
+    *pdwListCount    = pAllServerList->dwCount;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszDomain);
+    VMDIR_SAFE_FREE_MEMORY(pszHostName);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed. Error[%d]",
+        __FUNCTION__,
+        dwError
+        );
+    VMDIR_SAFE_FREE_MEMORY(pszHost);
+    VMDIR_SAFE_FREE_MEMORY(pszServer);
+    VMDIR_SAFE_FREE_MEMORY(pszSite);
+    VmDirConnectionClose(pCon);
+    _VmDirFreeHAServerList(ppList, dwListCount);
+    goto cleanup;
+
+}
+
+static
+DWORD
+_VmDirFillPartnersInList(
+    PVMDIR_HA_SERVER_INFO*  ppList,
+    DWORD                   dwCount
+    )
+{
+    DWORD       dwError      = 0;
+    DWORD       dwPartnerCnt = 0;
+    PSTR*       ppszPartners = NULL;
+    DWORD       dwCnt        = 0;
+    DWORD       i            = 0;
+    DWORD       j            = 0;
+    DWORD       k            = 0;
+    PBOOLEAN    pbFound      = NULL;
+    LONG        lCompareRes  = 0;
+
+    if (!ppList || !dwCount)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    for (dwCnt = 0; dwCnt < dwCount; dwCnt++)
+    {
+        VmDirFreeStringArray(ppszPartners, dwPartnerCnt);
+        dwPartnerCnt = 0;
+        ppszPartners = NULL;
+
+        if (ppList[dwCnt]->pConnection)
+        {
+            dwError = VmDirFindAllReplPartnerHostByPLd(
+                                ppList[dwCnt]->pszServerName,
+                                ppList[dwCnt]->pConnection->pszDomain,
+                                ppList[dwCnt]->pConnection->pLd,
+                                &ppszPartners,
+                                &dwPartnerCnt);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            if (dwPartnerCnt)
+            {
+                dwError = VmDirAllocateMemory(sizeof(BOOLEAN)*dwPartnerCnt, (PVOID*)&pbFound);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwPartnerCnt, (PVOID*)&(ppList[dwCnt]->ppPartnerList));
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                k = 0;
+
+                for (i=0; i<dwCount; i++)
+                {
+                    for (j=0; j<dwPartnerCnt; j++)
+                    {
+                        if (!pbFound[j])
+                        {
+                            lCompareRes = VmDirStringCompareA(ppList[i]->pszHostName,
+                                                              ppszPartners[j],
+                                                              0);
+                            if(!lCompareRes)
+                            {
+                                ppList[dwCnt]->ppPartnerList[k] = ppList[i];
+                                k++;
+                                pbFound[j] = 1;
+                                break;
+                            }
+                        }
+                    }
+                }
+                VMDIR_SAFE_FREE_MEMORY(pbFound);
+                ppList[dwCnt]->dwPartnerCnt = k;
+            }
+            else
+            {
+                ppList[dwCnt]->ppPartnerList = NULL;
+                ppList[dwCnt]->dwPartnerCnt  = 0;
+            }
+        }
+        else
+        {
+            ppList[dwCnt]->ppPartnerList = NULL;
+            ppList[dwCnt]->dwPartnerCnt  = 0;
+        }
+    }
+
+cleanup:
+    VmDirFreeStringArray(ppszPartners, dwPartnerCnt);
+    VMDIR_SAFE_FREE_MEMORY(pbFound);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed. Error[%d]\n",
+        __FUNCTION__,
+        dwError
+        );
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirFillInterSitePartners(
+    PVMDIR_HA_SERVER_INFO*  ppList,
+    DWORD                   dwCount,
+    PDWORD                  pdwInterSiteCnt
+    )
+{
+    DWORD       dwError         = 0;
+    DWORD       dwPartnerCnt    = 0;
+    PSTR*       ppszPartners    = NULL;
+    DWORD       dwCnt           = 0;
+    DWORD       i               = 0;
+    DWORD       j               = 0;
+    DWORD       k               = 0;
+    PBOOLEAN    pbFound         = NULL;
+    LONG        lCompareRes     = 0;
+    DWORD       dwInterSiteCnt  = 0;
+
+    if (!ppList || !dwCount)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    for (dwCnt = 0; dwCnt < dwCount; dwCnt++)
+    {
+        VmDirFreeStringArray(ppszPartners, dwPartnerCnt);
+        dwPartnerCnt = 0;
+        ppszPartners = NULL;
+
+        if (ppList[dwCnt]->pConnection)
+        {
+            dwError = VmDirFindAllReplPartnerHostByPLd(
+                                ppList[dwCnt]->pszServerName,
+                                ppList[dwCnt]->pConnection->pszDomain,
+                                ppList[dwCnt]->pConnection->pLd,
+                                &ppszPartners,
+                                &dwPartnerCnt);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            if (dwPartnerCnt)
+            {
+                dwError = VmDirAllocateMemory(sizeof(BOOLEAN)*dwPartnerCnt, (PVOID*)&pbFound);
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwPartnerCnt, (PVOID*)&(ppList[dwCnt]->ppPartnerList));
+                BAIL_ON_VMDIR_ERROR(dwError);
+
+                k = 0;
+
+                for (i=0; i<dwCount; i++)
+                {
+                    for (j=0; j<dwPartnerCnt; j++)
+                    {
+                        if (!pbFound[j])
+                        {
+                            lCompareRes = VmDirStringCompareA(
+                                                ppList[i]->pszHostName,
+                                                ppszPartners[j],
+                                                0);
+                            if(!lCompareRes)
+                            {
+                                if (ppList[i]->pszSiteName)
+                                {
+                                    lCompareRes = VmDirStringCompareA(
+                                                        ppList[i]->pszSiteName,
+                                                        ppList[dwCnt]->pszSiteName,
+                                                        0);
+                                    if (lCompareRes)
+                                    {
+                                        ppList[dwCnt]->ppPartnerList[k] = ppList[i];
+                                        k++;
+                                    }
+                                }
+                                pbFound[j] = 1;
+                                break;
+                            }
+                        }
+                    }
+                }
+                VMDIR_SAFE_FREE_MEMORY(pbFound);
+                ppList[dwCnt]->dwPartnerCnt = k;
+
+                if (k == 0)
+                {
+                    VMDIR_SAFE_FREE_MEMORY(ppList[dwCnt]->ppPartnerList);
+                    ppList[dwCnt]->ppPartnerList = NULL;
+                }
+                else
+                {
+                    dwInterSiteCnt++;
+                }
+            }
+            else
+            {
+                ppList[dwCnt]->ppPartnerList = NULL;
+                ppList[dwCnt]->dwPartnerCnt  = 0;
+            }
+        }
+        else
+        {
+            ppList[dwCnt]->ppPartnerList = NULL;
+            ppList[dwCnt]->dwPartnerCnt  = 0;
+        }
+    }
+
+    *pdwInterSiteCnt = dwInterSiteCnt;
+
+cleanup:
+    VmDirFreeStringArray(ppszPartners, dwPartnerCnt);
+    VMDIR_SAFE_FREE_MEMORY(pbFound);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed. Error[%d]\n",
+        __FUNCTION__,
+        dwError
+        );
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirFreeHAServerList(
+    PVMDIR_HA_SERVER_INFO*  ppList,
+    DWORD                   dwCount
+    )
+{
+    DWORD   dwCnt = 0;
+
+    if (ppList)
+    {
+        for (dwCnt = 0; dwCnt < dwCount; dwCnt++)
+        {
+            if (ppList[dwCnt])
+            {
+                VmDirFreeHAServer(ppList[dwCnt]);
+            }
+        }
+        VMDIR_SAFE_FREE_MEMORY(ppList);
+    }
+}
+
+static
+DWORD
+_VmDirFillIntraTopology(
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_SERVER_INFO*          ppServerList,
+    DWORD                           dwListCount,
+    DWORD                           dwOnlineCount,
+    DWORD                           dwOfflineCount,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppTopology
+    )
+{
+
+    DWORD   dwError         = 0;
+    DWORD   dwConsiderCnt   = 0;
+    DWORD   dwCnt           = 0;
+    DWORD   dwPosOn         = 0;
+    DWORD   dwPosOff        = 0;
+    DWORD   dwPosCon        = 0;
+    BOOLEAN bOffline        = bConsiderOfflineNodes;
+
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology = NULL;
+
+    if (!ppServerList || !ppTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_HA_REPLICATION_TOPOLOGY), (PVOID*)&pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (dwOnlineCount)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwOnlineCount, (PVOID*)&(pTopology->ppOnlineList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pTopology->ppOnlineList = NULL;
+        pTopology->dwOnlineListCnt = 0;
+    }
+
+    if (dwOfflineCount)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwOfflineCount, (PVOID*)&(pTopology->ppOfflineList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pTopology->ppOfflineList = NULL;
+        pTopology->dwOfflineListCnt = 0;
+    }
+
+    if (bOffline)
+    {
+        dwConsiderCnt = dwListCount;
+    }
+    else
+    {
+        dwConsiderCnt = dwOnlineCount;
+    }
+
+    if (dwConsiderCnt)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwConsiderCnt, (PVOID*)&(pTopology->ppConsiderList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pTopology->ppConsiderList = NULL;
+        pTopology->dwConsiderListCnt = 0;
+    }
+
+    dwPosOn = dwPosOff = dwPosCon = 0;
+
+    for (dwCnt=0; dwCnt < dwListCount; dwCnt++)
+    {
+        if (ppServerList[dwCnt])
+        {
+            if (ppServerList[dwCnt]->pConnection)
+            {
+                if (pTopology->ppOnlineList)
+                {
+                    pTopology->ppOnlineList[dwPosOn] = ppServerList[dwCnt];
+                    dwPosOn++;
+                }
+                if (pTopology->ppConsiderList)
+                {
+                    pTopology->ppConsiderList[dwPosCon] = ppServerList[dwCnt];
+                    pTopology->ppConsiderList[dwPosCon]->dwIdx = dwPosCon;
+                    dwPosCon++;
+                }
+            }
+            else
+            {
+                if (pTopology->ppOfflineList)
+                {
+                    pTopology->ppOfflineList[dwPosOff] = ppServerList[dwCnt];
+                    dwPosOff++;
+                }
+                if (bOffline && pTopology->ppConsiderList)
+                {
+                    pTopology->ppConsiderList[dwPosCon] = ppServerList[dwCnt];
+                    pTopology->ppConsiderList[dwPosCon]->dwIdx = dwPosCon;
+                    dwPosCon++;
+                }
+            }
+        }
+    }
+
+    pTopology->dwConsiderListCnt = dwPosCon;
+    pTopology->dwOnlineListCnt   = dwPosOn;
+    pTopology->dwOfflineListCnt  = dwPosOff;
+
+    *ppTopology = pTopology;
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed. Error[%d]",
+        __FUNCTION__,
+        dwError
+        );
+    VmDirFreeHATopology(pTopology);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirCreateTopologyStructure(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology,
+    PDWORD**                        pppdwCostMatrix,
+    PDWORD*                         ppFinalResult
+    )
+{
+    DWORD   dwError = 0;
+    PDWORD* ppdwCostMatrix          = NULL;
+    PDWORD  pdwFinalResult          = NULL;// list that will mantain the ring
+                                           // start - node - node - end
+    PVMDIR_HA_SERVER_INFO* ppList   = NULL;
+    DWORD   dwCnt                   = 0;
+    DWORD   dwCount                 = 0;
+    DWORD   i                       = 0;
+    DWORD   j                       = 0;
+    DWORD   src                     = 0;
+    DWORD   tgt                     = 0;
+    DWORD   dwMinStartIdx           = 0;
+    DWORD   dwMinStartCount         = 1999999999;
+    DWORD   dw1WayReplCost          = 200;
+    DWORD   dwNoNewReplCost         = 50;
+    DWORD   dwOfflineNoNewReplCost  = 0; // Reason Offline Node has zero cost
+                                        // if edge exist and make algorithm use this
+                                        // instead of Online node one
+
+    if (!pTopology ||
+        !pppdwCostMatrix ||
+        !ppFinalResult ||
+        !pTopology->ppConsiderList ||
+        !pTopology->dwConsiderListCnt)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    ppList  = pTopology->ppConsiderList;
+    dwCount = pTopology->dwConsiderListCnt;
+
+    dwError = VmDirAllocateMemory(sizeof(PDWORD)*dwCount, (PVOID*)&ppdwCostMatrix);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i=0; i<dwCount; i++)
+    {
+        dwError = VmDirAllocateMemory(sizeof(DWORD)*dwCount, (PVOID*)&ppdwCostMatrix[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    for (i=0; i<dwCount; i++)
+    {
+        for (j=0; j<dwCount; j++)
+        {
+            ppdwCostMatrix[i][j] = ppdwCostMatrix[j][i] = dw1WayReplCost;
+        }
+    }
+
+    for (i=0; i<dwCount; i++)
+    {
+        if (ppList[i])
+        {
+            src = ppList[i]->dwIdx;
+            dwCnt = ppList[i]->dwPartnerCnt;
+            if (dwCnt)
+            {
+                if (dwCnt < dwMinStartCount)
+                {
+                    dwMinStartIdx   = i;
+                    dwMinStartCount = dwCnt;
+                }
+                for(j=0; j<dwCnt; j++)
+                {
+                    if (ppList[i]->ppPartnerList[j] && ppList[i]->ppPartnerList[j]->dwIdx != (DWORD)-1)
+                    {
+                        tgt = ppList[i]->ppPartnerList[j]->dwIdx;
+                        if (ppList[i]->pConnection)
+                        {
+                            ppdwCostMatrix[src][tgt] = dwNoNewReplCost;
+                        }
+                        else
+                        {
+                            ppdwCostMatrix[src][tgt] = dwOfflineNoNewReplCost;
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(DWORD)*(dwCount+1), (PVOID*)&pdwFinalResult); // +1 because of ring
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pdwFinalResult[0]       = dwMinStartIdx; // start point
+    pdwFinalResult[dwCount] = dwMinStartIdx; // end point
+
+    *pppdwCostMatrix = ppdwCostMatrix;
+    *ppFinalResult   = pdwFinalResult;
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    if(ppdwCostMatrix)
+    {
+        for (i=0; i<dwCount; i++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(ppdwCostMatrix[i]);
+        }
+        VMDIR_SAFE_FREE_MEMORY(ppdwCostMatrix);
+    }
+    if (pdwFinalResult)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pdwFinalResult);
+    }
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirFindFinalTopology(
+    DWORD   dwNodeCount,
+    PDWORD* ppdwCostMatrix,
+    PDWORD  pdwFinalResult, // Output
+    PDWORD  pdwCost // Output
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!ppdwCostMatrix || !pdwFinalResult || !pdwCost)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirFindNNA(dwNodeCount, ppdwCostMatrix, pdwFinalResult, pdwCost);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirFindNNA(
+    DWORD   dwNodeCount,
+    PDWORD* ppdwCostMatrix,
+    PDWORD  pdwFinalResult, // Output
+    PDWORD  pdwCost // Output
+    )
+{
+    DWORD       dwError = 0;
+    DWORD       i       = 0;
+    PBOOLEAN    pMark   = NULL;
+    DWORD       dwMarkCnt   = 1;
+    DWORD       dwMinIdx    = 0;
+    DWORD       dwMinCost   = 1999999999;
+    DWORD       dwTmpCost   = 1999999999;
+    DWORD       dwSrc       = 0;
+
+    if (!ppdwCostMatrix || !pdwFinalResult || !pdwCost || !dwNodeCount)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(BOOLEAN)*dwNodeCount,(PVOID*)&pMark);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i=0; i<dwNodeCount; i++)
+    {
+        pMark[i] = 0;
+    }
+
+    dwSrc = pdwFinalResult[0];
+    pMark[dwSrc] = 1;
+
+    *pdwCost = 0;
+
+    while(dwMarkCnt != dwNodeCount)
+    {
+        dwMinIdx  = -1;
+        dwMinCost = 1999999999;
+        for(i=0; i<dwNodeCount; i++)
+        {
+            if (!pMark[i])
+            {
+                dwTmpCost = ppdwCostMatrix[dwSrc][i] + ppdwCostMatrix[i][dwSrc];
+                if (dwTmpCost < dwMinCost)
+                {
+                    dwMinCost = dwTmpCost;
+                    dwMinIdx  = i;
+                }
+            }
+        }
+        if (dwMinIdx == -1)
+        {
+            dwError = VMDIR_ERROR_INVALID_RESULT;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        pMark[dwMinIdx] = 1;
+        pdwFinalResult[dwMarkCnt++] = dwMinIdx;
+        dwSrc = dwMinIdx;
+        *pdwCost += dwMinCost;
+    }
+    *pdwCost +=  (ppdwCostMatrix[pdwFinalResult[dwNodeCount-1]][pdwFinalResult[dwNodeCount]]);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pMark);
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirCopyHAServer(
+    PVMDIR_HA_SERVER_INFO   pSrcServer,
+    DWORD                   dwPartnerCnt,
+    PVMDIR_HA_SERVER_INFO*  ppDestServer
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i       = 0;
+
+    PVMDIR_HA_SERVER_INFO   pServer = NULL;
+
+    if (!pSrcServer || !ppDestServer)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_HA_SERVER_INFO), (PVOID*)&pServer);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(pSrcServer->pszHostName, &(pServer->pszHostName));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(pSrcServer->pszServerName, &(pServer->pszServerName));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pSrcServer->pszSiteName)
+    {
+        dwError = VmDirAllocateStringA(pSrcServer->pszSiteName, &(pServer->pszSiteName));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pServer->pszSiteName = NULL;
+    }
+
+    pServer->pConnection = pSrcServer->pConnection;
+    pSrcServer->pConnection = NULL;
+
+    if (dwPartnerCnt)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwPartnerCnt,(PVOID*)&(pServer->ppPartnerList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pServer->dwPartnerCnt = dwPartnerCnt;
+        for (i=0; i<dwPartnerCnt; i++)
+        {
+            pServer->ppPartnerList[i] = NULL;
+        }
+    }
+    else
+    {
+        pServer->ppPartnerList  = NULL;
+        pServer->dwPartnerCnt   = 0;
+    }
+
+    pServer->dwIdx = pSrcServer->dwIdx;
+
+    *ppDestServer = pServer;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    if (pServer)
+    {
+        VmDirFreeHAServerInfo(pServer);
+    }
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirCreateNewTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology,
+    PDWORD                          pFinalResult,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppNewTopology
+    )
+{
+    DWORD   dwError         = 0;
+    DWORD   i               = 0;
+    DWORD   j               = 0;
+    DWORD   k               = 0;
+    DWORD   dwCount         = 0;
+    DWORD   dwOnlineCnt     = 0;
+    DWORD   dwOfflineCnt    = 0;
+
+    PVMDIR_HA_REPLICATION_TOPOLOGY pNewTopology = NULL;
+
+    if (!pTopology ||
+        !pFinalResult ||
+        !ppNewTopology ||
+        !pTopology->ppConsiderList ||
+        !pTopology->dwConsiderListCnt)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwCount = pTopology->dwConsiderListCnt;
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_HA_REPLICATION_TOPOLOGY), (PVOID*)&pNewTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwCount, (PVOID*)&(pNewTopology->ppConsiderList));
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pNewTopology->dwConsiderListCnt = dwCount;
+
+    for (i=0; i<dwCount; i++)
+    {
+        dwError = _VmDirCopyHAServer(pTopology->ppConsiderList[i], 2, &(pNewTopology->ppConsiderList[i])); // 2 because ring topology has 2 partners
+        BAIL_ON_VMDIR_ERROR(dwError);
+        if (pNewTopology->ppConsiderList[i]->pConnection)
+        {
+            dwOnlineCnt += 1;
+        }
+        else
+        {
+            dwOfflineCnt += 1;
+        }
+    }
+    if (dwOnlineCnt)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwOnlineCnt, (PVOID*)&(pNewTopology->ppOnlineList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pNewTopology->dwOnlineListCnt = dwOnlineCnt;
+    }
+
+    if (dwOfflineCnt)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwOfflineCnt, (PVOID*)&(pNewTopology->ppOfflineList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pNewTopology->dwOfflineListCnt = dwOfflineCnt;
+    }
+
+    // Setting Partner List for start node
+    (pNewTopology->ppConsiderList[pFinalResult[0]])->ppPartnerList[0] = pNewTopology->ppConsiderList[pFinalResult[1]]; // second node in ring
+    (pNewTopology->ppConsiderList[pFinalResult[0]])->ppPartnerList[1] = pNewTopology->ppConsiderList[pFinalResult[dwCount-1]]; // second last node in ring, last node is itself
+    if ((pNewTopology->ppConsiderList[pFinalResult[0]])->ppPartnerList[0] == (pNewTopology->ppConsiderList[pFinalResult[0]])->ppPartnerList[1])
+    {
+        (pNewTopology->ppConsiderList[pFinalResult[0]])->ppPartnerList[1] = NULL;
+        (pNewTopology->ppConsiderList[pFinalResult[0]])->dwPartnerCnt = 1;
+    }
+
+    for (i=1; i<dwCount; i++)
+    {
+         j = pFinalResult[i-1];
+         k = pFinalResult[i+1];
+         (pNewTopology->ppConsiderList[pFinalResult[i]])->ppPartnerList[0] = pNewTopology->ppConsiderList[j];
+         (pNewTopology->ppConsiderList[pFinalResult[i]])->ppPartnerList[1] = pNewTopology->ppConsiderList[k];
+         if ((pNewTopology->ppConsiderList[pFinalResult[i]])->ppPartnerList[0] == (pNewTopology->ppConsiderList[pFinalResult[i]])->ppPartnerList[1])
+         {
+            (pNewTopology->ppConsiderList[pFinalResult[i]])->ppPartnerList[1] = NULL;
+            (pNewTopology->ppConsiderList[pFinalResult[i]])->dwPartnerCnt = 1;
+         }
+    }
+
+    j = 0;
+    k = 0;
+
+    for (i=0; i<dwCount; i++)
+    {
+        if(pNewTopology->ppConsiderList[i]->pConnection)
+        {
+            pNewTopology->ppOnlineList[j] = pNewTopology->ppConsiderList[i];
+            j++;
+        }
+        else
+        {
+            pNewTopology->ppOfflineList[k] = pNewTopology->ppConsiderList[i];
+            k++;
+        }
+    }
+
+    *ppNewTopology = pNewTopology;
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    if (pNewTopology)
+    {
+        if (pNewTopology->ppConsiderList)
+        {
+            _VmDirFreeHAServerList(pNewTopology->ppConsiderList, pNewTopology->dwConsiderListCnt);
+        }
+
+        if (pNewTopology->ppOnlineList)
+        {
+            VMDIR_SAFE_FREE_MEMORY(pNewTopology->ppOnlineList);
+        }
+
+        if (pNewTopology->ppOfflineList)
+        {
+            VMDIR_SAFE_FREE_MEMORY(pNewTopology->ppOfflineList);
+        }
+
+        VMDIR_SAFE_FREE_MEMORY(pNewTopology);
+
+    }
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirFreeTopologyStructure(
+    PDWORD* ppdwCostMatrix,
+    PDWORD  pFinalResult,
+    DWORD   dwCount
+    )
+{
+    DWORD   i = 0;
+
+    if (ppdwCostMatrix)
+    {
+        for (i=0; i<dwCount; i++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(ppdwCostMatrix[i]);
+        }
+        VMDIR_SAFE_FREE_MEMORY(ppdwCostMatrix);
+    }
+    if (pFinalResult)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pFinalResult);
+    }
+}
+
+static
+DWORD
+_VmDirCreateTopologyChanges(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES*     ppChanges
+    )
+{
+    DWORD   dwError = 0;
+
+    PVMDIR_HA_TOPOLOGY_CHANGES  pChanges = NULL;
+
+    if (!pCurTopology || !pNewTopology || !ppChanges ||
+        !pCurTopology->ppConsiderList ||
+        !pNewTopology->ppConsiderList ||
+        !pCurTopology->dwConsiderListCnt ||
+        !pNewTopology->dwConsiderListCnt)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_HA_TOPOLOGY_CHANGES), (PVOID*)&pChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirCreateInternalChanges(pCurTopology, pNewTopology, pChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirFindDifferenceInReplLinks(pCurTopology, pNewTopology, pChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppChanges = pChanges;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    VmDirFreeHATopologyChanges(pChanges);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirCreateInternalChanges(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES      pChanges
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+    DWORD   i       = 0;
+
+    if (!pCurTopology || !pNewTopology || !pChanges ||
+        !pCurTopology->ppConsiderList ||
+        !pNewTopology->ppConsiderList ||
+        !pCurTopology->dwConsiderListCnt ||
+        !pNewTopology->dwConsiderListCnt ||
+        pCurTopology->dwConsiderListCnt != pNewTopology->dwConsiderListCnt)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwCount = pNewTopology->dwConsiderListCnt;
+
+    dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwCount,(PVOID*)&pChanges->ppAddLinkList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwCount,(PVOID*)&pChanges->ppDelLinkList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pChanges->dwAddListCnt = dwCount;
+    pChanges->dwDelListCnt = dwCount;
+
+    for (i=0; i<dwCount; i++)
+    {
+        pChanges->ppAddLinkList[i] = NULL;
+        pChanges->ppDelLinkList[i] = NULL;
+
+        dwError = _VmDirCopyHAServer(pNewTopology->ppConsiderList[i], 2, &(pChanges->ppAddLinkList[i])); // Because ring topology 2 partners can be added
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = _VmDirCopyHAServer(pCurTopology->ppConsiderList[i],
+                                     pCurTopology->ppConsiderList[i]->dwPartnerCnt,
+                                     &(pChanges->ppDelLinkList[i])); // Maximum Number of its partner needs to be removed
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // The one pConnection allocated is shared by DelLinkList and AddLinkList i.e. they point to same location.
+        // Thus during free time only one of them should be freed and other should be set to Null.
+        pChanges->ppDelLinkList[i]->pConnection = pChanges->ppAddLinkList[i]->pConnection;
+
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, Error[%d]\n",
+            __FUNCTION__,
+            dwError
+            );
+    if (pChanges && pNewTopology)
+    {
+        if (pChanges->ppAddLinkList)
+        {
+            for (i=0; i<dwCount; i++)
+            {
+                if (pChanges->ppAddLinkList[i])
+                {
+                    pNewTopology->ppConsiderList[i]->pConnection = pChanges->ppAddLinkList[i]->pConnection;
+                    pChanges->ppAddLinkList[i]->pConnection = NULL;
+                }
+                if (pChanges->ppDelLinkList && pChanges->ppDelLinkList[i])
+                {
+                    pChanges->ppDelLinkList[i]->pConnection = NULL;
+                }
+            }
+        }
+    }
+
+    if (pChanges->ppAddLinkList)
+    {
+        _VmDirFreeHAServerList(pChanges->ppAddLinkList, pChanges->dwAddListCnt);
+        pChanges->ppAddLinkList = NULL;
+    }
+    if (pChanges->ppDelLinkList)
+    {
+        _VmDirFreeHAServerList(pChanges->ppDelLinkList, pChanges->dwDelListCnt);
+        pChanges->ppDelLinkList = NULL;
+    }
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirFindDifferenceInReplLinks(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES      pChanges
+    )
+{
+    DWORD       dwError     = 0;
+    DWORD       i           = 0;
+    DWORD       j           = 0;
+    DWORD       k           = 0;
+    DWORD       dwCnt       = 0;
+    DWORD       dwCount     = 0;
+    DWORD       dwPosDel    = 0;
+    DWORD       dwPosAdd    = 0;
+    BOOLEAN     pMark[2]    = {0};
+    BOOLEAN     bStatus     = 0;
+    BOOLEAN     bCompareRes = 0;
+
+    if (!pCurTopology ||
+        !pNewTopology ||
+        !pChanges     ||
+        !pChanges->dwAddListCnt ||
+        pCurTopology->dwConsiderListCnt != pNewTopology->dwConsiderListCnt ||
+        pChanges->dwAddListCnt != pChanges->dwDelListCnt ||
+        pChanges->dwAddListCnt != pNewTopology->dwConsiderListCnt)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwCount = pNewTopology->dwConsiderListCnt;
+
+    for (i=0; i<dwCount; i++)
+    {
+        pMark[0] = 0;
+        pMark[1] = 0;
+        dwPosAdd = 0;
+        dwPosDel = 0;
+        dwCnt = pNewTopology->ppConsiderList[i]->dwPartnerCnt;
+
+        for (j=0; j<pCurTopology->ppConsiderList[i]->dwPartnerCnt; j++)
+        {
+            if (dwCnt)
+            {
+                bStatus = 1;
+                for (k=0; k<dwCnt; k++)
+                {
+                    if (!pMark[k])
+                    {
+                        bCompareRes = ( pCurTopology->ppConsiderList[i]->ppPartnerList[j]->dwIdx ==
+                                        pNewTopology->ppConsiderList[i]->ppPartnerList[k]->dwIdx);
+                        if (bCompareRes)
+                        {
+                            pMark[k] = 1;
+                            bStatus  = 0;
+                        }
+                    }
+                }
+                if (bStatus)
+                {
+                    if ((pCurTopology->ppConsiderList[i]->ppPartnerList[j]->dwIdx != (DWORD)-1) &&
+                        pChanges->ppDelLinkList[pCurTopology->ppConsiderList[i]->ppPartnerList[j]->dwIdx]->pConnection)
+                    {
+                        pChanges->ppDelLinkList[i]->ppPartnerList[dwPosDel] = pChanges->ppDelLinkList[pCurTopology->ppConsiderList[i]->ppPartnerList[j]->dwIdx];
+                        dwPosDel++;
+                    }
+                    else
+                    {
+                        printf("\nIgnoring Link Creation/Deletion with Offline/Non-Considered Node: %s\n\n",pCurTopology->ppConsiderList[i]->ppPartnerList[j]->pszHostName);
+                    }
+                }
+            }
+        }
+        for (k=0; k<dwCnt; k++)
+        {
+            if (!pMark[k])
+            {
+                if (pNewTopology->ppConsiderList[i]->ppPartnerList[k]->dwIdx != (DWORD)-1 &&
+                    pChanges->ppAddLinkList[pNewTopology->ppConsiderList[i]->ppPartnerList[k]->dwIdx]->pConnection)
+                {
+                    pChanges->ppAddLinkList[i]->ppPartnerList[dwPosAdd] = pChanges->ppAddLinkList[pNewTopology->ppConsiderList[i]->ppPartnerList[k]->dwIdx];
+                    dwPosAdd++;
+                }
+                else
+                {
+                    printf("\nIgnoring Link Creation/Deletion with Offline/Non-Considered Node: %s\n\n",pNewTopology->ppConsiderList[i]->ppPartnerList[k]->pszHostName);
+                }
+            }
+        }
+        if (dwPosAdd < 2)
+        {
+            pChanges->ppAddLinkList[i]->dwPartnerCnt = dwPosAdd;
+        }
+        if (dwPosDel < pCurTopology->ppConsiderList[i]->dwPartnerCnt)
+        {
+            pChanges->ppDelLinkList[i]->dwPartnerCnt = dwPosDel;
+        }
+    }
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed, Error[%d]\n",
+        __FUNCTION__,
+        dwError
+    );
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirFillInterTopology(
+    PVMDIR_HA_SERVER_INFO*          ppServerList,
+    DWORD                           dwListCount,
+    PVMDIR_HA_SERVER_INFO**         pppInterSiteServerList,
+    DWORD                           dwInterSiteListCnt,
+    DWORD                           dwOnlineCount,
+    DWORD                           dwOfflineCount,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppTopology
+    )
+{
+    DWORD   dwError         = 0;
+    DWORD   dwCnt           = 0;
+    DWORD   dwPosOn         = 0;
+    DWORD   dwPosOff        = 0;
+
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology           = NULL;
+
+    if (!ppServerList || !ppTopology)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_HA_REPLICATION_TOPOLOGY), (PVOID*)&pTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pTopology->ppConsiderList    = NULL;
+    pTopology->dwConsiderListCnt = 0;
+
+    if (dwOnlineCount)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwOnlineCount, (PVOID*)&(pTopology->ppOnlineList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pTopology->ppOnlineList = NULL;
+        pTopology->dwOnlineListCnt = 0;
+    }
+
+    if (dwOfflineCount)
+    {
+        dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwOfflineCount, (PVOID*)&(pTopology->ppOfflineList));
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        pTopology->ppOfflineList = NULL;
+        pTopology->dwOfflineListCnt = 0;
+    }
+
+    dwPosOn = dwPosOff = 0;
+
+    for (dwCnt=0; dwCnt < dwListCount; dwCnt++)
+    {
+        if (ppServerList[dwCnt])
+        {
+            if (ppServerList[dwCnt]->pConnection)
+            {
+                if (pTopology->ppOnlineList)
+                {
+                    pTopology->ppOnlineList[dwPosOn] = ppServerList[dwCnt];
+                    dwPosOn++;
+                }
+                else
+                {
+                    BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+                }
+            }
+            else
+            {
+                if (pTopology->ppOfflineList)
+                {
+                    pTopology->ppOfflineList[dwPosOff] = ppServerList[dwCnt];
+                    dwPosOff++;
+                }
+                else
+                {
+                    BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_STATE);
+                }
+            }
+        }
+    }
+
+    pTopology->dwOnlineListCnt   = dwPosOn;
+    pTopology->dwOfflineListCnt  = dwPosOff;
+
+    pTopology->ppConsiderList    = *pppInterSiteServerList;
+    pTopology->dwConsiderListCnt = dwInterSiteListCnt;
+
+    *pppInterSiteServerList = NULL;
+
+    *ppTopology = pTopology;
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed, Error[%d]\n",
+        __FUNCTION__,
+        dwError
+    );
+    // Need to NULL contents of pTopology->ppOnlineList &
+    // pTopology->ppOfflineList to prevent double deletion
+    // in case of error condition. No need free them as
+    // they will be taken care in VmDirFreeHATopology
+    if (dwPosOn && pTopology->ppOnlineList)
+    {
+        for (dwCnt=0; dwCnt<dwPosOn; dwCnt++)
+        {
+            pTopology->ppOnlineList[dwCnt] = NULL;
+        }
+    }
+    if (dwPosOff && pTopology->ppOfflineList)
+    {
+        for (dwCnt=0; dwCnt<dwPosOff; dwCnt++)
+        {
+            pTopology->ppOfflineList[dwCnt] = NULL;
+        }
+    }
+    VmDirFreeHATopology(pTopology);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirGetInterSiteServerList(
+    PVMDIR_STRING_LIST      pSiteList,
+    PVMDIR_HA_SERVER_INFO*  ppHAServerList,
+    DWORD                   dwHAListCount,
+    DWORD                   dwInterSiteCount,
+    BOOLEAN                 bConsiderOfflineNodes,
+    PVMDIR_HA_SERVER_INFO** pppInterSiteList,
+    PDWORD                  pdwInterSiteListCnt
+    )
+{
+    DWORD                   dwError = 0;
+    DWORD                   i       = 0;
+    PLW_HASHMAP             pHashMap = NULL;
+    PDWORD*                 ppServerMatrixBySite = NULL;
+    PVMDIR_HA_SERVER_INFO*  ppInterSiteList = NULL;
+
+    if (!pSiteList ||
+        !pSiteList->dwCount ||
+        !ppHAServerList ||
+        !dwHAListCount ||
+        !pppInterSiteList ||
+        !pdwInterSiteListCnt)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = _VmDirGenerateSiteHashMap(pSiteList, &pHashMap);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirCreateServerListBySite(
+                    ppHAServerList,
+                    dwHAListCount,
+                    pSiteList->dwCount,
+                    pHashMap,
+                    &ppServerMatrixBySite);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirFinalizeList(
+                    ppHAServerList,
+                    dwHAListCount,
+                    pSiteList->dwCount,
+                    ppServerMatrixBySite,
+                    bConsiderOfflineNodes,
+                    &ppInterSiteList
+                    );
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pppInterSiteList    = ppInterSiteList;
+    *pdwInterSiteListCnt = pSiteList->dwCount;
+
+cleanup:
+    if (pHashMap)
+    {
+        LwRtlHashMapClear(pHashMap, _FreeSiteHashMap, NULL);
+        LwRtlFreeHashMap(&pHashMap);
+    }
+    for (i=0; i<pSiteList->dwCount; i++)
+    {
+        VMDIR_SAFE_FREE_MEMORY(ppServerMatrixBySite[i]);
+    }
+    VMDIR_SAFE_FREE_MEMORY(ppServerMatrixBySite);
+
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed, Error[%d]\n",
+        __FUNCTION__,
+        dwError
+    );
+    VMDIR_SAFE_FREE_MEMORY(ppInterSiteList);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirGenerateSiteHashMap(
+    PVMDIR_STRING_LIST  pSiteList,
+    PLW_HASHMAP*        ppHashMap
+    )
+{
+    DWORD       dwError     = 0;
+    DWORD       i           = -1;
+    PSTR        pszSite     = NULL;
+    PDWORD*     ppdwValues  = NULL;
+    PLW_HASHMAP pHashMap    = NULL;
+
+    if (!pSiteList ||
+        !ppHashMap ||
+        !pSiteList->dwCount)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(PDWORD)*pSiteList->dwCount, (PVOID*)&ppdwValues);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = LwRtlCreateHashMap(
+                    &pHashMap,
+                    LwRtlHashDigestPstrCaseless,
+                    LwRtlHashEqualPstrCaseless,
+                    NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i=0; i<pSiteList->dwCount; i++)
+    {
+        pszSite = NULL;
+
+        dwError = VmDirAllocateMemory(sizeof(DWORD),(PVOID*)&(ppdwValues[i]));
+        BAIL_ON_VMDIR_ERROR(dwError);
+        *ppdwValues[i] = i;
+
+        dwError = VmDirAllocateStringA(pSiteList->pStringList[i], &pszSite);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = LwRtlHashMapInsert(
+                        pHashMap,
+                        (PVOID)pszSite,
+                        (PVOID)ppdwValues[i],
+                        NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppHashMap = pHashMap;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(ppdwValues);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed, Error[%d]\n",
+        __FUNCTION__,
+        dwError
+    );
+    LwRtlHashMapClear(pHashMap, _FreeSiteHashMap, NULL);
+    LwRtlFreeHashMap(&pHashMap);
+    VMDIR_SAFE_FREE_MEMORY(pszSite);
+    // This if is required to prevent memory leak of DWORD in case of
+    // error condition.
+    if (ppdwValues && i != (DWORD)-1 && ppdwValues[i])
+    {
+        VMDIR_SAFE_FREE_MEMORY(ppdwValues[i]);
+    }
+    goto cleanup;
+}
+
+static
+VOID
+_FreeSiteHashMap(
+    PLW_HASHMAP_PAIR    pPair,
+    PVOID               pUnused
+    )
+{
+    VMDIR_SAFE_FREE_MEMORY(pPair->pKey);
+    VMDIR_SAFE_FREE_MEMORY(pPair->pValue);
+}
+
+static
+DWORD
+_VmDirCreateServerListBySite(
+    PVMDIR_HA_SERVER_INFO*  ppServerList,
+    DWORD                   dwServerCnt,
+    DWORD                   dwSiteCnt,
+    PLW_HASHMAP             pHashMap,
+    PDWORD**                pppMatrix // Output
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i       = 0;
+    PDWORD  pValue  = NULL;
+    PDWORD* ppMatrix = NULL;
+
+    if (!ppServerList ||
+        !dwServerCnt ||
+        !dwSiteCnt ||
+        !pHashMap ||
+        !pppMatrix)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(PDWORD)*dwSiteCnt, (PVOID*)&ppMatrix);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i=0; i<dwSiteCnt; i++)
+    {
+        dwError = VmDirAllocateMemory(sizeof(DWORD)*(dwServerCnt+1), (PVOID*)&ppMatrix[i]); // +1 inorder to save count in the matrix itself
+        BAIL_ON_VMDIR_ERROR(dwError);
+        ppMatrix[i][0] = 0; // Intializing column 0 saved for count to Zero.
+    }
+
+    for (i=0; i<dwServerCnt; i++)
+    {
+        if (ppServerList[i] && ppServerList[i]->pszSiteName)
+        {
+            dwError = LwRtlHashMapFindKey(pHashMap, (PVOID*)&pValue, ppServerList[i]->pszSiteName);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            ppMatrix[*pValue][0] += 1;
+            ppMatrix[*pValue][ppMatrix[*pValue][0]] = i;
+        }
+    }
+
+    *pppMatrix = ppMatrix;
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed, Error[%d]\n",
+        __FUNCTION__,
+        dwError
+    );
+    if (ppMatrix)
+    {
+        for ( i=0; i<dwSiteCnt; i++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(ppMatrix[i]);
+        }
+        VMDIR_SAFE_FREE_MEMORY(ppMatrix);
+    }
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirFinalizeList(
+    PVMDIR_HA_SERVER_INFO*  ppServerList,
+    DWORD                   dwServerCnt,
+    DWORD                   dwSiteCnt,
+    PDWORD*                 ppMatrix,
+    BOOLEAN                 bConsiderOfflineNodes,
+    PVMDIR_HA_SERVER_INFO** pppFinalList
+    )
+{
+    DWORD                   dwError         = 0;
+    DWORD                   i               = 0;
+    DWORD                   j               = 0;
+    DWORD                   dwMaxPartner    = 0;
+    DWORD                   dwSelectIdx     = -1;
+    DWORD                   dwMaxOnline     = 0;
+    DWORD                   dwOnlineIdx     = -1;
+    DWORD                   dwServerPos     = 0;
+    PVMDIR_HA_SERVER_INFO*  ppFinalList      = NULL;
+
+    if (!ppServerList ||
+        !dwServerCnt ||
+        !dwSiteCnt ||
+        !ppMatrix ||
+        !pppFinalList)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(PVMDIR_HA_SERVER_INFO)*dwSiteCnt, (PVOID*)&ppFinalList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i=0; i<dwSiteCnt; i++)
+    {
+        if (ppMatrix[i] && ppMatrix[i][0])
+        {
+            dwMaxPartner = 0;
+            dwSelectIdx  = -1;
+            dwMaxOnline  = 0;
+            dwOnlineIdx  = -1;
+            for (j=1; j<=ppMatrix[i][0]; j++)
+            {
+                dwServerPos = ppMatrix[i][j];
+                if (ppServerList[dwServerPos])
+                {
+                   if (dwMaxOnline <= ppServerList[dwServerPos]->dwPartnerCnt)
+                   {
+                       if (dwMaxPartner < ppServerList[dwServerPos]->dwPartnerCnt)
+                       {
+                            dwMaxPartner = ppServerList[dwServerPos]->dwPartnerCnt;
+                            dwSelectIdx  = dwServerPos;
+                       }
+
+                       if (ppServerList[dwServerPos]->pConnection)
+                       {
+                           dwMaxOnline = ppServerList[dwServerPos]->dwPartnerCnt;
+                           dwOnlineIdx = dwServerPos;
+                       }
+                   }
+                }
+            }
+            if (!bConsiderOfflineNodes)
+            {
+                dwMaxPartner = dwMaxOnline;
+                dwSelectIdx  = dwOnlineIdx;
+            }
+
+            if (dwSelectIdx != (DWORD)-1)
+            {
+                ppFinalList[i] = ppServerList[dwSelectIdx];
+                ppServerList[dwSelectIdx]->dwIdx = i;
+            }else
+            {
+                printf("\n\nA Complete Site is down. Please Fix it or Bring one node from that Site to run this tool\n\n");
+                dwError = VMDIR_ERROR_INVALID_RESULT;
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+        }else
+        {
+            printf("\n\nA Complete Site is down. Please Fix it or Bring one node from that Site to run this tool\n\n");
+            dwError = VMDIR_ERROR_INVALID_RESULT;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *pppFinalList = ppFinalList;
+
+cleanup:
+    return dwError;
+error:
+    VMDIR_LOG_ERROR(
+        VMDIR_LOG_MASK_ALL,
+        "%s failed, Error[%d]\n",
+        __FUNCTION__,
+        dwError
+    );
+    VMDIR_SAFE_FREE_MEMORY(ppFinalList);
+    goto cleanup;
+}
diff --git a/vmdir/client/repadmin.c b/vmdir/client/repadmin.c
index d1c8156da..2d10197e3 100644
--- a/vmdir/client/repadmin.c
+++ b/vmdir/client/repadmin.c
@@ -32,17 +32,6 @@ _VmDirIsHostAPartner(
     PSTR *ppszPartnerRaDn
     );
 
-static
-DWORD
-VmDirGetServersInfoOnSite(
-    LDAP* pLd,
-    PCSTR pszSiteName,
-    PCSTR pszHost,
-    PCSTR pszDomain,
-    PINTERNAL_SERVER_INFO* ppInternalServerInfo,
-    DWORD* pdwInfoCount
-    );
-
 /*
  * Get all vmdir server info from pLd
  */
@@ -474,8 +463,55 @@ VmDirLdapGetHighWatermark(
     )
 {
     DWORD   dwError = 0;
-    USN     partnerVisibleUSN = 0;
     LDAP    *pPartnerLd = NULL;
+
+    if (pLocalLd == NULL || pLastLocalUsn == NULL || IsNullOrEmptyString(pszPartnerHost) ||
+        IsNullOrEmptyString(pszDomainName) || IsNullOrEmptyString(pszUsername) ||
+        IsNullOrEmptyString(pszPassword) || IsNullOrEmptyString(pszLocalHost))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    // Get partner's replication state to discover its latest USN.
+    dwError = VmDirConnectLDAPServer(
+                        &pPartnerLd,
+                        pszPartnerHost,
+                        pszDomainName,
+                        pszUsername,
+                        pszPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLdapGetHighWatermarkByPLd(
+                                pLocalLd,
+                                pPartnerLd,
+                                pszLocalHost,
+                                pszPartnerHost,
+                                pLastLocalUsn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirLdapUnbind( &pPartnerLd );
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s failed with error (%u)",
+                    __FUNCTION__, dwError);
+    goto cleanup;
+
+}
+
+DWORD
+VmDirLdapGetHighWatermarkByPLd(
+    LDAP*      pLocalLd,
+    LDAP*      pPartnerLd,
+    PCSTR      pszLocalHost,
+    PCSTR      pszPartnerHost,
+    USN*       pLastLocalUsn
+    )
+{
+    DWORD   dwError = 0;
+    USN     partnerVisibleUSN = 0;
     PVMDIR_REPL_STATE pPartnerReplState = NULL;
     PVMDIR_REPL_STATE pLocalReplState = NULL;
     PCSTR   pszUSNChanged = ATTR_USN_CHANGED;
@@ -497,22 +533,12 @@ VmDirLdapGetHighWatermark(
     PVMDIR_METADATA pMetadata = NULL;
 
     if (pLocalLd == NULL || pLastLocalUsn == NULL || IsNullOrEmptyString(pszPartnerHost) ||
-        IsNullOrEmptyString(pszDomainName) || IsNullOrEmptyString(pszUsername) ||
-        IsNullOrEmptyString(pszPassword) || IsNullOrEmptyString(pszLocalHost))
+        pPartnerLd == NULL || IsNullOrEmptyString(pszLocalHost))
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    // Get partner's replication state to discover its latest USN.
-    dwError = VmDirConnectLDAPServer(
-                        &pPartnerLd,
-                        pszPartnerHost,
-                        pszDomainName,
-                        pszUsername,
-                        pszPassword);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirGetReplicationStateInternal(pPartnerLd, &pPartnerReplState);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -620,7 +646,7 @@ VmDirLdapGetHighWatermark(
                                     *pLastLocalUsn = (DWORD)VMDIR_MAX(consumableUsn - HIGHWATER_USN_REPL_BUFFER, 0);
 
                                     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-                                                    "VmDirLdapGetHighWatermark Host (%s), Partner (%s), Setting high watermark to (%u)",
+                                                    "VmDirLdapGetHighWatermarkByPLd Host (%s), Partner (%s), Setting high watermark to (%u)",
                                                     pszLocalHost,
                                                     pszPartnerHost,
                                                     *pLastLocalUsn);
@@ -643,7 +669,7 @@ VmDirLdapGetHighWatermark(
     *pLastLocalUsn = 0;
 
     VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL,
-                       "VmDirLdapGetHighWatermark Host (%s), Partner (%s), High watermark not found, setting to (%u)",
+                       "VmDirLdapGetHighWatermarkByPLd Host (%s), Partner (%s), High watermark not found, setting to (%u)",
                        pszLocalHost,
                        pszPartnerHost,
                        *pLastLocalUsn);
@@ -651,7 +677,6 @@ VmDirLdapGetHighWatermark(
 cleanup:
     VMDIR_SAFE_FREE_STRINGA( pszFilter );
     VmDirFreeMetadata( pMetadata );
-    VmDirLdapUnbind( &pPartnerLd );
     if (ppUSNValues)
     {
         ldap_value_free_len(ppUSNValues);
@@ -708,30 +733,30 @@ _VmDirIsClassReplicable(
  * Provide a site name to get
  * all vmdir server info from pLd.
  */
-static
 DWORD
 VmDirGetServersInfoOnSite(
-    LDAP* pLd,
-    PCSTR pszSiteName,
-    PCSTR pszHost,
-    PCSTR pszDomain,
-    PINTERNAL_SERVER_INFO* ppInternalServerInfo,
-    DWORD* pdwInfoCount
+    LDAP*                   pLd,
+    PCSTR                   pszSiteName,
+    PCSTR                   pszHost,
+    PCSTR                   pszDomain,
+    PINTERNAL_SERVER_INFO*  ppInternalServerInfo,
+    DWORD*                  pdwInfoCount
     )
 {
-    DWORD               dwError = 0;
-    PSTR                pszSearchBaseDN = NULL;
-    LDAPMessage*        pMessages = NULL;
-    LDAPMessage*        pMessage = NULL;
+    DWORD           dwError         = 0;
+    PSTR            pszSearchBaseDN = NULL;
+    LDAPMessage*    pMessages       = NULL;
+    LDAPMessage*    pMessage        = NULL;
+    int             i               = 0;
+    DWORD           dwInfoCount     = 0;
+    PSTR            pszDomainDN     = NULL;
+    PSTR            pszServerDN     = NULL;
+    int             searchLevel     = LDAP_SCOPE_ONELEVEL;
+    PSTR            pFilter         = NULL;
+
     PINTERNAL_SERVER_INFO   pInternalServerInfo = NULL;
-    int                 i = 0;
-    DWORD               dwInfoCount = 0;
-    PSTR                pszDomainDN = NULL;
-    PSTR                pszServerDN = NULL;
-    int                 searchLevel = LDAP_SCOPE_ONELEVEL;
-    PSTR                pFilter = NULL;
-
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (pszSiteName == NULL)
diff --git a/vmdir/client/replication.c b/vmdir/client/replication.c
index 0ed8f03d6..02c33cc09 100644
--- a/vmdir/client/replication.c
+++ b/vmdir/client/replication.c
@@ -418,7 +418,7 @@ _VmDirReplicationEntriesExist(
     )
 {
     DWORD       dwError=0;
-    LDAP*       pLd                     = NULL;
+    LDAP*       pLd = NULL;
     PSTR        pszFilter = NULL;
     LDAPControl *srvCtrls[2] = {NULL, NULL};
     LDAPControl syncReqCtrl = {0};
@@ -427,37 +427,43 @@ _VmDirReplicationEntriesExist(
 
     // bind to server
     dwError = VmDirConnectLDAPServer(
-                            &pLd,
-                            pszServerName,
-                            pszDomain,
-                            pszUserName,
-                            pszPassword);
+            &pLd,
+            pszServerName,
+            pszDomain,
+            pszUserName,
+            pszPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
-                &pszFilter, "%s>=%ld",
-                ATTR_USN_CHANGED,
-                pCookie->lastLocalUsnProcessed + 1);
+            &pszFilter,
+            "%s>=%ld",
+            ATTR_USN_CHANGED,
+            pCookie->lastLocalUsnProcessed + 1);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateSyncRequestControl(pCookie->pszInvocationId, pCookie->lastLocalUsnProcessed, pCookie->pszUtdVector, &syncReqCtrl);
+    dwError = VmDirCreateSyncRequestControl(
+            pCookie->pszInvocationId,
+            pCookie->lastLocalUsnProcessed,
+            pCookie->pszUtdVector,
+            FALSE,
+            &syncReqCtrl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     srvCtrls[0] = &syncReqCtrl;
     srvCtrls[1] = NULL;
 
     dwError = ldap_search_ext_s(
-                pLd,
-                "",
-                LDAP_SCOPE_SUBTREE,
-                pszFilter,
-                NULL,
-                FALSE, /* get values      */
-                srvCtrls,  /* server controls */
-                NULL,  /* client controls */
-                NULL,  /* timeout         */
-                1,     /* size limit      */
-                &pResult);
+            pLd,
+            "",
+            LDAP_SCOPE_SUBTREE,
+            pszFilter,
+            NULL,
+            FALSE, /* get values      */
+            srvCtrls,  /* server controls */
+            NULL,  /* client controls */
+            NULL,  /* timeout         */
+            1,     /* size limit      */
+            &pResult);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (ldap_count_entries(pLd, pResult))
@@ -550,32 +556,35 @@ _VmDirQueryUsn(
     BerValue    bvLastLocalUsnProcessed = {0};
 
     dwError = VmDirAllocateStringPrintf(
-                &pszFilter, "%s>=%ld",
-                ATTR_USN_CHANGED,
-                startUsn);
+            &pszFilter,
+            "%s>=%ld",
+            ATTR_USN_CHANGED,
+            startUsn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateSyncRequestControl(
-                pCookie->pszInvocationId,
-                pCookie->lastLocalUsnProcessed,
-                pCookie->pszUtdVector, &syncReqCtrl);
+            pCookie->pszInvocationId,
+            pCookie->lastLocalUsnProcessed,
+            pCookie->pszUtdVector,
+            FALSE,
+            &syncReqCtrl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     srvCtrls[0] = &syncReqCtrl;
     srvCtrls[1] = NULL;
 
     dwError = ldap_search_ext_s(
-                pLd,
-                "",
-                LDAP_SCOPE_SUBTREE,
-                pszFilter,
-                NULL,
-                FALSE, /* get values      */
-                srvCtrls,  /* server controls */
-                NULL,  /* client controls */
-                NULL,  /* timeout         */
-                LDAP_USN_QUERY_LIMIT,     /* size limit */
-                &pResult);
+            pLd,
+            "",
+            LDAP_SCOPE_SUBTREE,
+            pszFilter,
+            NULL,
+            FALSE, /* get values      */
+            srvCtrls,  /* server controls */
+            NULL,  /* client controls */
+            NULL,  /* timeout         */
+            LDAP_USN_QUERY_LIMIT,     /* size limit */
+            &pResult);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwCount = ldap_count_entries(pLd, pResult);
@@ -585,14 +594,15 @@ _VmDirQueryUsn(
         goto cleanup;
     }
 
-    dwError = (DWORD)ldap_parse_result(pLd, pResult, &errCode,
-                NULL, NULL, NULL, &searchResCtrls, 0);
+    dwError = (DWORD)ldap_parse_result(
+            pLd, pResult, &errCode, NULL, NULL, NULL, &searchResCtrls, 0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (searchResCtrls[0] == NULL)
     {
-        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-            "_VmDirQueryUsn: ldap_parse_result returned empty ctrl.");
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "_VmDirQueryUsn: ldap_parse_result returned empty ctrl");
         dwError = LDAP_OPERATIONS_ERROR;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
@@ -1121,7 +1131,7 @@ _VmDirQueryReplStateUSN(
     LDAPMessage *pResult = NULL;
     LDAPMessage *pEntry = NULL;
 
-    dwError = VmDirAllocateStringPrintf(&pszFilter, "usnchanged>=%u",
+    dwError = VmDirAllocateStringPrintf(&pszFilter, "usnchanged>=%" PRId64,
                                             VMDIR_MAX( currentUSN-MAX_REPL_STATE_USN_SEARCH, 0));
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/vmdir/client/vmdirlocalclient.c b/vmdir/client/vmdirlocalclient.c
index f1fb63a26..bb7549734 100644
--- a/vmdir/client/vmdirlocalclient.c
+++ b/vmdir/client/vmdirlocalclient.c
@@ -458,6 +458,71 @@ VmDirLocalGeneratePassword(
     goto cleanup;
 }
 
+DWORD
+VmDirLocalGetSRPSecret(
+    PCSTR       pszUPN,
+    PBYTE*      ppSecretBlob,
+    DWORD*      pSize
+    )
+{
+    DWORD dwError = 0;
+    UINT32 apiType = VMDIR_IPC_GET_SRP_SECRET;
+    DWORD noOfArgsIn = 0;
+    DWORD noOfArgsOut = 0;
+    DWORD dwBlobSize = 0;
+    VMDIR_IPC_DATA_CONTAINER *pContainer = NULL;
+    VMW_TYPE_SPEC input_spec[] = GET_SRP_SECRET_INPUT_PARAMS;
+    VMW_TYPE_SPEC output_spec[] = GET_SRP_SECRET_OUTPUT_PARAMS;
+
+    noOfArgsIn = sizeof (input_spec) / sizeof (input_spec[0]);
+    noOfArgsOut = sizeof (output_spec) / sizeof (output_spec[0]);
+
+    if (IsNullOrEmptyString(pszUPN) ||
+        !ppSecretBlob || !pSize)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR (dwError);
+    }
+
+    input_spec[0].data.pString = (PSTR) pszUPN;
+
+    dwError = VmDirLocalIPCRequest(
+                    apiType,
+                    noOfArgsIn,
+                    noOfArgsOut,
+                    input_spec,
+                    output_spec);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = *(output_spec[0].data.pUint32);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwBlobSize = *(output_spec[1].data.pUint32);
+
+    dwError = VmDirUnMarshalContainer(
+                             dwBlobSize,
+                             output_spec[2].data.pByte,
+                             &pContainer);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    *ppSecretBlob = (PBYTE)pContainer->data;
+    *pSize = pContainer->dwCount;
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(pContainer);
+
+    VmDirFreeTypeSpecContent(output_spec, noOfArgsOut);
+    return dwError;
+
+error:
+
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirLocalGetSRPSecret failed (%u)",
+                     dwError );
+
+    goto cleanup;
+}
+
 DWORD
 VmDirLocalSetSRPSecret(
     PCWSTR      pwszUPN,
diff --git a/vmdir/client/win/libvmdirclient.def b/vmdir/client/win/libvmdirclient.def
index fb93df954..547271d74 100644
--- a/vmdir/client/win/libvmdirclient.def
+++ b/vmdir/client/win/libvmdirclient.def
@@ -106,3 +106,11 @@ EXPORTS
     VmDirUrgentReplicationRequest
     VmDirUrgentReplicationResponse
     VmDirChangePNID
+    VmDirGetCurrentTopologyAtSite
+    VmDirGetCurrentGlobalTopology
+    VmDirGetProposedTopology
+    VmDirGetChangesInTopology
+    VmDirApplyTopologyChanges
+    VmDirFreeHATopologyData
+    VmDirFreeHAServerInfo
+    VmDirFreeHATopologyChanges
diff --git a/vmdir/common/Makefile.am b/vmdir/common/Makefile.am
index 85d1ffd38..792be5c29 100644
--- a/vmdir/common/Makefile.am
+++ b/vmdir/common/Makefile.am
@@ -56,11 +56,12 @@ libcommon_la_SOURCES = \
     schema/legacy/legacyutil.c
 
 libcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
+    -DOPENSSL_NO_KRB5 \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
diff --git a/vmdir/common/defines.h b/vmdir/common/defines.h
index 03505756d..3472c8980 100644
--- a/vmdir/common/defines.h
+++ b/vmdir/common/defines.h
@@ -26,7 +26,8 @@
 }
 
 #ifndef _WIN32
-#define SOCKET_FILE_PATH "/var/run/vmdir_socket"
+#define SOCKET_FILE_PATH "/var/run/vmdir_socket"   /* vmdir IPC UDS socket */
+#define SOCKET_FILE_PATH_POST "/tmp/vmdir_socket"  /* raft server IPC UDS socket */
 #define EVERYONE_UID -1
 #endif
 #if defined _WIN32
diff --git a/vmdir/common/krbutil.c b/vmdir/common/krbutil.c
index 216bb7e91..0d422a42b 100644
--- a/vmdir/common/krbutil.c
+++ b/vmdir/common/krbutil.c
@@ -199,7 +199,7 @@ VmDirKeyTabRead(
     int entrySize;
     int princSize;
     int princType;
-    int nameCompCnt;
+    int nameCompCnt = 0;
     int kvno;
     int keyType;
     int keyLength;
diff --git a/vmdir/common/ldapbind.c b/vmdir/common/ldapbind.c
index c676b02be..0ee860f37 100644
--- a/vmdir/common/ldapbind.c
+++ b/vmdir/common/ldapbind.c
@@ -471,15 +471,16 @@ _VmDirSASLGSSAPIInteraction(
 
 int
 VmDirCreateSyncRequestControl(
-    PCSTR pszInvocationId,
-    USN lastLocalUsnProcessed,
-    PCSTR pszUtdVector,
-    LDAPControl *           syncReqCtrl
+    PCSTR           pszInvocationId,
+    USN             lastLocalUsnProcessed,
+    PCSTR           pszUtdVector,
+    BOOLEAN         bFirstPage,
+    LDAPControl*    syncReqCtrl
     )
 {
-    int                 retVal = LDAP_SUCCESS;
-    BerElement *        ber = NULL;
-    PSTR                pszLastLocalUsnProcessed = NULL;
+    int retVal = LDAP_SUCCESS;
+    BerElement* ber = NULL;
+    PSTR    pszLastLocalUsnProcessed = NULL;
 
     if (syncReqCtrl == NULL)
     {
@@ -499,14 +500,15 @@ VmDirCreateSyncRequestControl(
         BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
     }
 
-    if ( ber_printf( ber, "{i{sss}}", LDAP_SYNC_REFRESH_ONLY,
-                    pszInvocationId,
-                    pszLastLocalUsnProcessed,
-                    pszUtdVector ) == -1)
+    if (ber_printf(ber, "{i{sss}b}", LDAP_SYNC_REFRESH_ONLY,
+                   pszInvocationId,
+                   pszLastLocalUsnProcessed,
+                   pszUtdVector,
+                   bFirstPage) == -1)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirCreateSyncRequestControl: ber_printf failed." );
         retVal = LDAP_OPERATIONS_ERROR;
-        BAIL_ON_SIMPLE_LDAP_ERROR( retVal );
+        BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
     }
 
     memset( syncReqCtrl, 0, sizeof( LDAPControl ));
diff --git a/vmdir/common/networkutiluniximpl.c b/vmdir/common/networkutiluniximpl.c
index 218a34467..9d286751d 100644
--- a/vmdir/common/networkutiluniximpl.c
+++ b/vmdir/common/networkutiluniximpl.c
@@ -112,7 +112,19 @@ VmDirOpenClientConnectionImpl(
 	}
 	memset (&address, 0, sizeof(struct sockaddr_un));
 	address.sun_family = AF_UNIX;
-	snprintf (address.sun_path, sizeof(SOCKET_FILE_PATH), SOCKET_FILE_PATH);
+        if (getenv("VMDIR_ENV_OVERRIDE_AFD_DOMAIN_STATE"))
+        {
+            /*
+             * Use the lwraft (postd) UDS socket when env override is set.
+             * This environment variable is synonymous with "raft protocol"
+             * is in use, so bind to the raft server socket.
+             */
+	    snprintf (address.sun_path, sizeof(SOCKET_FILE_PATH), SOCKET_FILE_PATH_POST);
+        }
+        else
+        {
+	    snprintf (address.sun_path, sizeof(SOCKET_FILE_PATH), SOCKET_FILE_PATH);
+        }
 
 	if (connect(socket_fd, (struct sockaddr *) &address, sizeof(struct sockaddr_un)) <0)
     {
diff --git a/vmdir/common/parsearguments.c b/vmdir/common/parsearguments.c
index 16a6ad955..c4d0edffe 100644
--- a/vmdir/common/parsearguments.c
+++ b/vmdir/common/parsearguments.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -11,6 +11,7 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
+
 #include "includes.h"
 
 BOOLEAN
diff --git a/vmdir/common/schema/compat.c b/vmdir/common/schema/compat.c
index bdf82d0d4..72dd2f06c 100644
--- a/vmdir/common/schema/compat.c
+++ b/vmdir/common/schema/compat.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -14,20 +14,6 @@
 
 #include "includes.h"
 
-// both NULL || both have same string
-#define VMDIR_TWO_STRING_COMPATIBLE( pszNewString, pszOldString )                                               \
-    ( ( !pszNewString && !pszOldString )  ||                                                                    \
-      ( ( pszNewString && pszOldString ) && (VmDirStringCompareA( pszNewString, pszOldString, FALSE) == 0) )    \
-    )
-
-// e.g. single value tag from TRUE to FALSE
-#define VMDIR_TWO_BOOL_COMPATILBE_T2F( bONE, bTWO )     \
-    ( (bTWO == bONE) || ( bTWO == TRUE && bONE == FALSE ) )
-
-// e.g. obsolete tag from FALSE to TRUE
-#define VMDIR_TWO_BOOL_COMPATILBE_F2T( bONE, bTWO )     \
-    ( (bONE == bTWO) || ( bONE == TRUE && bTWO == FALSE ) )
-
 DWORD
 VmDirLdapAtAreCompat(
     PVDIR_LDAP_ATTRIBUTE_TYPE   pPrevAt,
@@ -42,18 +28,58 @@ VmDirLdapAtAreCompat(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (!VMDIR_TWO_STRING_COMPATIBLE(
-            pNewAt->pszName, pPrevAt->pszName) ||
-        !VMDIR_TWO_STRING_COMPATIBLE(
-            pNewAt->pszSyntaxOid, pPrevAt->pszSyntaxOid) ||
-        !VMDIR_TWO_BOOL_COMPATILBE_T2F(
-            pNewAt->bSingleValue, pPrevAt->bSingleValue) ||
-        pNewAt->bNoUserMod != pPrevAt->bNoUserMod ||
-        (pPrevAt->usage && pNewAt->usage != pPrevAt->usage))
+    if (VmDirStringCompareA(pPrevAt->pszName, pNewAt->pszName, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change attribute type name (current: %s, new: %s).",
+                __FUNCTION__,
+                pPrevAt->pszName,
+                pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirStringCompareA(pPrevAt->pszSyntaxOid, pNewAt->pszSyntaxOid, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change attribute type syntax (current: %s, new: %s) (name: %s).",
+                __FUNCTION__,
+                pPrevAt->pszSyntaxOid,
+                pNewAt->pszSyntaxOid,
+                pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!pPrevAt->bSingleValue && pNewAt->bSingleValue)
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot convert multi-value attribute type to single-value (name: %s).",
+                __FUNCTION__, pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pPrevAt->bNoUserMod != pNewAt->bNoUserMod)
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change attribute type user mod permission (current: %s, new: %s) (name: %s).",
+                __FUNCTION__,
+                pPrevAt->bNoUserMod ? "TRUE" : "FALSE",
+                pNewAt->bNoUserMod ? "TRUE" : "FALSE",
+                pNewAt->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pPrevAt->usage && pPrevAt->usage != pNewAt->usage)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                "%s: cannot accept backward incompatible defn (%s).",
-                __FUNCTION__, pPrevAt->pszName);
+                "%s: cannot change attribute type usage (current: %d, new: %d) (%s).",
+                __FUNCTION__,
+                pPrevAt->usage,
+                pNewAt->usage,
+                pNewAt->pszName);
         dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
@@ -69,6 +95,8 @@ VmDirLdapOcAreCompat(
     )
 {
     DWORD   dwError = 0;
+    PSTR*   ppszRemovedMust = NULL;
+    PSTR*   ppszMinimumMay = NULL;
 
     if (!pPrevOc || !pNewOc)
     {
@@ -76,24 +104,83 @@ VmDirLdapOcAreCompat(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (!VMDIR_TWO_STRING_COMPATIBLE(
-            pNewOc->pszName, pPrevOc->pszName) ||
-        !VMDIR_TWO_STRING_COMPATIBLE(
-            pNewOc->pszSup, pPrevOc->pszSup) ||
-        !VmDirIsStrArrayIdentical(
-            pNewOc->ppszMust, pPrevOc->ppszMust) ||
-        !VmDirIsStrArraySuperSet(
-            pNewOc->ppszMay, pPrevOc->ppszMay) ||
-        pNewOc->type != pPrevOc->type)
+    if (VmDirStringCompareA(pPrevOc->pszName, pNewOc->pszName, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change object class name (current: %s, new: %s).",
+                __FUNCTION__,
+                pPrevOc->pszName,
+                pNewOc->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirStringCompareA(pPrevOc->pszSup, pNewOc->pszSup, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change object class sup (current: %s, new: %s) (name: %s).",
+                __FUNCTION__,
+                pPrevOc->pszSup,
+                pNewOc->pszSup,
+                pNewOc->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pPrevOc->type != pNewOc->type)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                "%s: cannot accept backward incompatible defn (%s).",
+                "%s: cannot change object class type (current: %d, new: %d) (name: %s).",
+                __FUNCTION__,
+                pPrevOc->type,
+                pNewOc->type,
+                pNewOc->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirIsStrArrayIdentical(pNewOc->ppszMust, pPrevOc->ppszMust))
+    {
+        if (!VmDirIsStrArraySuperSet(pNewOc->ppszMay, pPrevOc->ppszMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove maycontain attribute types (name: %s).",
+                    __FUNCTION__, pPrevOc->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else if (VmDirIsStrArraySuperSet(pPrevOc->ppszMust, pNewOc->ppszMust))
+    {
+        dwError = VmDirGetStrArrayDiffs(
+                pNewOc->ppszMust, pPrevOc->ppszMust, &ppszRemovedMust, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirMergeStrArray(
+                pPrevOc->ppszMay, ppszRemovedMust, &ppszMinimumMay);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (!VmDirIsStrArraySuperSet(pNewOc->ppszMay, ppszMinimumMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove must contain attribute types (name: %s).",
+                    __FUNCTION__, pPrevOc->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot add must contain attribute types (name: %s).",
                 __FUNCTION__, pPrevOc->pszName);
         dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
 error:
+    VmDirFreeStrArray(ppszRemovedMust);
+    VmDirFreeStrArray(ppszMinimumMay);
     return dwError;
 }
 
@@ -104,6 +191,8 @@ VmDirLdapCrAreCompat(
     )
 {
     DWORD   dwError = 0;
+    PSTR*   ppszRemovedMust = NULL;
+    PSTR*   ppszMinimumMay = NULL;
 
     if (!pPrevCr || !pNewCr)
     {
@@ -111,24 +200,68 @@ VmDirLdapCrAreCompat(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (!VMDIR_TWO_STRING_COMPATIBLE(
-            pNewCr->pszName, pPrevCr->pszName) ||
-        !VmDirIsStrArrayIdentical(
-            pNewCr->ppszMust, pPrevCr->ppszMust) ||
-        !VmDirIsStrArraySuperSet(
-            pNewCr->ppszMay, pPrevCr->ppszMay) ||
-        !VmDirIsStrArraySuperSet(
-            pNewCr->ppszAux, pPrevCr->ppszAux))
+    if (VmDirStringCompareA(pPrevCr->pszName, pNewCr->pszName, FALSE))
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot change content rule name (current: %s, new: %s).",
+                __FUNCTION__,
+                pPrevCr->pszName,
+                pNewCr->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (!VmDirIsStrArraySuperSet(pNewCr->ppszAux, pPrevCr->ppszAux))
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                "%s: cannot accept backward incompatible defn (%s).",
+                "%s: cannot remove auxiliary class(es) (name: %s).",
                 __FUNCTION__, pPrevCr->pszName);
         dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
         BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirIsStrArrayIdentical(pNewCr->ppszMust, pPrevCr->ppszMust))
+    {
+        if (!VmDirIsStrArraySuperSet(pNewCr->ppszMay, pPrevCr->ppszMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove maycontain attribute (name: %s).",
+                    __FUNCTION__, pPrevCr->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else if (VmDirIsStrArraySuperSet(pPrevCr->ppszMust, pNewCr->ppszMust))
+    {
+        dwError = VmDirGetStrArrayDiffs(
+                pNewCr->ppszMust, pPrevCr->ppszMust, &ppszRemovedMust, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirMergeStrArray(
+                pPrevCr->ppszMay, ppszRemovedMust, &ppszMinimumMay);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (!VmDirIsStrArraySuperSet(pNewCr->ppszMay, ppszMinimumMay))
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                    "%s: cannot remove must contain attribute (name: %s).",
+                    __FUNCTION__, pPrevCr->pszName);
+            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+                "%s: cannot add must contain attribute (name: %s).",
+                __FUNCTION__, pPrevCr->pszName);
+        dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
 
 error:
+    VmDirFreeStrArray(ppszRemovedMust);
+    VmDirFreeStrArray(ppszMinimumMay);
     return dwError;
 }
 
diff --git a/vmdir/common/schema/diff.c b/vmdir/common/schema/diff.c
index e6a8d314a..8744fdb67 100644
--- a/vmdir/common/schema/diff.c
+++ b/vmdir/common/schema/diff.c
@@ -303,6 +303,7 @@ VmDirLdapOcGetDiff(
 {
     DWORD   dwError = 0;
     PSTR*   ppszNewMay = NULL;
+    PSTR*   ppszRemovedMust = NULL;
     PVDIR_LDAP_SCHEMA_OBJECT_DIFF   pOcDiff = NULL;
 
     static PSTR ppszClassType[3] = { "1", "2", "3" };
@@ -376,13 +377,25 @@ VmDirLdapOcGetDiff(
                 &ppszNewMay, NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirGetStrArrayDiffs(
+                pOldOc->ppszMust, pNewOc->ppszMust,
+                NULL, &ppszRemovedMust);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         if (ppszNewMay)
         {
             dwError = _LdapSchemaObjectDiffAddMod(pOcDiff, MOD_OP_ADD,
                     ATTR_SYSTEMMAYCONTAIN,
                     NULL, ppszNewMay);
             BAIL_ON_VMDIR_ERROR(dwError);
-            VmDirFreeStrArray(ppszNewMay);
+        }
+
+        if (ppszRemovedMust)
+        {
+            dwError = _LdapSchemaObjectDiffAddMod(pOcDiff, MOD_OP_DELETE,
+                    ATTR_SYSTEMMUSTCONTAIN,
+                    NULL, ppszRemovedMust);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
 
         if (pNewOc->pszDesc)
@@ -414,10 +427,11 @@ VmDirLdapOcGetDiff(
     *ppOcDiff = pOcDiff;
 
 cleanup:
+    VmDirFreeStrArray(ppszNewMay);
+    VmDirFreeStrArray(ppszRemovedMust);
     return dwError;
 
 error:
-    VmDirFreeStrArray(ppszNewMay);
     VmDirFreeLdapSchemaObjectDiff(pOcDiff);
     goto cleanup;
 
@@ -434,6 +448,7 @@ VmDirLdapCrGetDiff(
     DWORD   dwError = 0;
     PSTR*   ppszNewMay = NULL;
     PSTR*   ppszNewAux = NULL;
+    PSTR*   ppszRemovedMust = NULL;
     PVDIR_LDAP_SCHEMA_OBJECT_DIFF   pCrDiff = NULL;
 
     if (!pNewCr || !ppCrDiff)
@@ -492,13 +507,17 @@ VmDirLdapCrGetDiff(
                 &ppszNewAux, NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
 
+        dwError = VmDirGetStrArrayDiffs(
+                pOldCr->ppszMust, pNewCr->ppszMust,
+                NULL, &ppszRemovedMust);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         if (ppszNewMay)
         {
             dwError = _LdapSchemaObjectDiffAddMod(pCrDiff, MOD_OP_ADD,
                     ATTR_MAYCONTAIN,
                     NULL, ppszNewMay);
             BAIL_ON_VMDIR_ERROR(dwError);
-            VmDirFreeStrArray(ppszNewMay);
         }
 
         if (ppszNewAux)
@@ -507,7 +526,14 @@ VmDirLdapCrGetDiff(
                     ATTR_AUXILIARY_CLASS,
                     NULL, ppszNewAux);
             BAIL_ON_VMDIR_ERROR(dwError);
-            VmDirFreeStrArray(ppszNewAux);
+        }
+
+        if (ppszRemovedMust)
+        {
+            dwError = _LdapSchemaObjectDiffAddMod(pCrDiff, MOD_OP_DELETE,
+                    ATTR_MUSTCONTAIN,
+                    NULL, ppszRemovedMust);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
@@ -520,11 +546,12 @@ VmDirLdapCrGetDiff(
     *ppCrDiff = pCrDiff;
 
 cleanup:
+    VmDirFreeStrArray(ppszNewMay);
+    VmDirFreeStrArray(ppszNewAux);
+    VmDirFreeStrArray(ppszRemovedMust);
     return dwError;
 
 error:
-    VmDirFreeStrArray(ppszNewMay);
-    VmDirFreeStrArray(ppszNewAux);
     VmDirFreeLdapSchemaObjectDiff(pOcDiff ? NULL : pCrDiff);
     goto cleanup;
 }
@@ -684,18 +711,9 @@ _GetAllContentRuleDiffs(
 
         if (pCrDiff && !pOcDiff)
         {
-            if (pOldCr)
-            {
-                dwError = VmDirLinkedListInsertTail(
-                        pSchemaDiff->classToModify, pCrDiff, NULL);
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-            else
-            {
-                dwError = VmDirLinkedListInsertTail(
-                        pSchemaDiff->classToAdd, pCrDiff, NULL);
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
+            dwError = VmDirLinkedListInsertTail(
+                    pSchemaDiff->classToModify, pCrDiff, NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
diff --git a/vmdir/common/schema/file.c b/vmdir/common/schema/file.c
index ef20a89b7..9d53e8976 100644
--- a/vmdir/common/schema/file.c
+++ b/vmdir/common/schema/file.c
@@ -59,17 +59,21 @@ _VmDirReadOneDefFromFile(
         }
         else
         {
-            VmdDirNormalizeString(pDescBuf);
-            dwError = VmDirAllocateStringA(pDescBuf, &pOut);
-            BAIL_ON_VMDIR_ERROR(dwError);
-
-            dwError = VmDirStringListAdd(pStrList, pOut);
-            BAIL_ON_VMDIR_ERROR(dwError);
-            pOut = NULL;
             break;
         }
     }
 
+    if (pDescBuf[0] != '\0')
+    {
+        VmdDirNormalizeString(pDescBuf);
+        dwError = VmDirAllocateStringA(pDescBuf, &pOut);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirStringListAdd(pStrList, pOut);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pOut = NULL;
+    }
+
 cleanup:
     return dwError;
 
diff --git a/vmdir/common/schema/load.c b/vmdir/common/schema/load.c
index 818665d6c..7e2da2e38 100644
--- a/vmdir/common/schema/load.c
+++ b/vmdir/common/schema/load.c
@@ -24,6 +24,20 @@ VmDirLdapSchemaLoadStrLists(
 {
     DWORD   dwError = 0;
     DWORD   i = 0, j = 0;
+    BOOLEAN bEmpty = FALSE;
+
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pOldAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pNewAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE*  pNewAtList = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pMergedAt = NULL;
+
+    PVDIR_LDAP_OBJECT_CLASS pOldOc = NULL;
+    PVDIR_LDAP_OBJECT_CLASS pNewOc = NULL;
+    PVDIR_LDAP_OBJECT_CLASS pMergedOc = NULL;
+
+    PVDIR_LDAP_CONTENT_RULE pOldCr = NULL;
+    PVDIR_LDAP_CONTENT_RULE pNewCr = NULL;
+    PVDIR_LDAP_CONTENT_RULE pMergedCr = NULL;
 
     if (!pSchema || !pAtStrList || !pOcStrList || !pCrStrList)
     {
@@ -31,52 +45,96 @@ VmDirLdapSchemaLoadStrLists(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    bEmpty = VmDirLdapSchemaIsEmpty(pSchema);
+
     for (i = 0; i < pAtStrList->dwCount; i++)
     {
-        PVDIR_LDAP_ATTRIBUTE_TYPE   pAt = NULL;
-        PVDIR_LDAP_ATTRIBUTE_TYPE*  pAtList = NULL;
-
-        dwError = VmDirLdapAtParseStr(pAtStrList->pStringList[i], &pAt);
+        dwError = VmDirLdapAtParseStr(pAtStrList->pStringList[i], &pNewAt);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapAtResolveAliases(pAt, &pAtList);
+        // inherit sup syntax if available (PR 1868307)
+        if (!bEmpty)
+        {
+            (VOID)VmDirLdapAtResolveSup(pSchema, pNewAt);
+            // cast VOID because this might not succeed
+            // if sup isn't already added in pSchema
+        }
+
+        dwError = VmDirLdapAtResolveAliases(pNewAt, &pNewAtList);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        VmDirFreeLdapAt(pAt);
+        VmDirFreeLdapAt(pNewAt);
+        pNewAt = NULL;
 
-        for (j = 0; pAtList && pAtList[j]; j++)
+        for (j = 0; pNewAtList && pNewAtList[j]; j++)
         {
-            dwError = VmDirLdapSchemaAddAt(pSchema, pAtList[j]);
+            pOldAt = NULL;
+            LwRtlHashMapFindKey(pSchema->attributeTypes,
+                    (PVOID*)&pOldAt, pNewAtList[j]->pszName);
+
+            dwError = VmDirLdapAtMerge(pOldAt, pNewAtList[j], &pMergedAt);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            VmDirFreeLdapAt(pNewAtList[j]);
+            pNewAtList[j] = NULL;
+
+            dwError = VmDirLdapSchemaAddAt(pSchema, pMergedAt);
             BAIL_ON_VMDIR_ERROR(dwError);
+            pMergedAt = NULL;
         }
-        VMDIR_SAFE_FREE_MEMORY(pAtList);
+        VMDIR_SAFE_FREE_MEMORY(pNewAtList);
     }
 
     for (i = 0; i < pOcStrList->dwCount; i++)
     {
-        PVDIR_LDAP_OBJECT_CLASS pOc = NULL;
+        dwError = VmDirLdapOcParseStr(pOcStrList->pStringList[i], &pNewOc);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapOcParseStr(pOcStrList->pStringList[i], &pOc);
+        // class sup defaults to 'top' (PR 1853569)
+        dwError = VmDirLdapOcResolveSup(pSchema, pNewOc);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapSchemaAddOc(pSchema, pOc);
+        pOldOc = NULL;
+        LwRtlHashMapFindKey(pSchema->objectClasses,
+                (PVOID*)&pOldOc, pNewOc->pszName);
+
+        dwError = VmDirLdapOcMerge(pOldOc, pNewOc, &pMergedOc);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        VmDirFreeLdapOc(pNewOc);
+        pNewOc = NULL;
+
+        dwError = VmDirLdapSchemaAddOc(pSchema, pMergedOc);
         BAIL_ON_VMDIR_ERROR(dwError);
+        pMergedOc = NULL;
     }
 
     for (i = 0; i < pCrStrList->dwCount; i++)
     {
-        PVDIR_LDAP_CONTENT_RULE pCr = NULL;
+        dwError = VmDirLdapCrParseStr(pCrStrList->pStringList[i], &pNewCr);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapCrParseStr(pCrStrList->pStringList[i], &pCr);
+        pOldCr = NULL;
+        LwRtlHashMapFindKey(pSchema->contentRules,
+                (PVOID*)&pOldCr, pNewCr->pszName);
+
+        dwError = VmDirLdapCrMerge(pOldCr, pNewCr, &pMergedCr);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirLdapSchemaAddCr(pSchema, pCr);
+        VmDirFreeLdapCr(pNewCr);
+        pNewCr = NULL;
+
+        dwError = VmDirLdapSchemaAddCr(pSchema, pMergedCr);
         BAIL_ON_VMDIR_ERROR(dwError);
+        pMergedCr = NULL;
     }
 
     dwError = VmDirLdapSchemaResolveAndVerifyAll(pSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirLdapSchemaRemoveNoopData(pSchema);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 cleanup:
     return dwError;
 
@@ -84,6 +142,17 @@ VmDirLdapSchemaLoadStrLists(
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d)", __FUNCTION__, dwError );
 
+    for (; pNewAtList && pNewAtList[j]; j++)
+    {
+        VmDirFreeLdapAt(pNewAtList[j]);
+    }
+    VMDIR_SAFE_FREE_MEMORY(pNewAtList);
+    VmDirFreeLdapAt(pMergedAt);
+    VmDirFreeLdapOc(pMergedOc);
+    VmDirFreeLdapCr(pMergedCr);
+    VmDirFreeLdapAt(pNewAt);
+    VmDirFreeLdapOc(pNewOc);
+    VmDirFreeLdapCr(pNewCr);
     goto cleanup;
 }
 
diff --git a/vmdir/common/schema/merge.c b/vmdir/common/schema/merge.c
index 5dac8e837..9086bbcf0 100644
--- a/vmdir/common/schema/merge.c
+++ b/vmdir/common/schema/merge.c
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
  *
  * Licensed under the Apache License, Version 2.0 (the “License”); you may not
  * use this file except in compliance with the License.  You may obtain a copy
@@ -43,56 +43,9 @@ VmDirLdapAtMerge(
     }
     else if (pOldAt)
     {
-        if (VmDirStringCompareA(pOldAt->pszName, pNewAt->pszName, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: name mismatch (%s) (%s).",
-                    __FUNCTION__, pOldAt->pszName, pNewAt->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (VmDirStringCompareA(
-                pOldAt->pszSyntaxOid, pNewAt->pszSyntaxOid, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s syntaxOid mismatch (%s) (%s).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->pszSyntaxOid, pNewAt->pszSyntaxOid);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldAt->usage != pNewAt->usage)
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s usage mismatch (%s) (%s).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->usage, pNewAt->usage);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldAt->bNoUserMod != pNewAt->bNoUserMod)
-        {
-            VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-                    "%s: %s noUserMod mismatch (%d) (%d).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->bNoUserMod, pNewAt->bNoUserMod);
-        }
-
-        if (pOldAt->bSingleValue != pNewAt->bSingleValue)
-        {
-            VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-                    "%s: %s singleValue mismatch (%d) (%d).",
-                    __FUNCTION__, pOldAt->pszName,
-                    pOldAt->bSingleValue, pNewAt->bSingleValue);
-
-            pMergedAt->bSingleValue = FALSE;
-            pMergedAt->pSource->at_single_value = 0;
-        }
-
-        if (pOldAt->pszDesc && !pNewAt->pszDesc)
+        // keep old description if there isn't new description
+        if (IsNullOrEmptyString(pNewAt->pszDesc) &&
+            !IsNullOrEmptyString(pOldAt->pszDesc))
         {
             dwError = VmDirAllocateStringA(
                     pOldAt->pszDesc, &pMergedAt->pszDesc);
@@ -102,12 +55,14 @@ VmDirLdapAtMerge(
             pMergedAt->pSource->at_desc = pMergedAt->pszDesc;
         }
 
+        // combine old and new search flags
         if (pOldAt->dwSearchFlags != pNewAt->dwSearchFlags)
         {
             pMergedAt->dwSearchFlags =
                     pOldAt->dwSearchFlags | pNewAt->dwSearchFlags;
         }
 
+        // combine old and new uniqueness scopes
         VmDirFreeStrArray(pMergedAt->ppszUniqueScopes);
         dwError = VmDirMergeStrArray(
                 pOldAt->ppszUniqueScopes,
@@ -202,45 +157,9 @@ VmDirLdapOcMerge(
     }
     else if (pOldOc)
     {
-        if (VmDirStringCompareA(pOldOc->pszName, pNewOc->pszName, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: name mismatch (%s) (%s).",
-                    __FUNCTION__, pOldOc->pszName, pNewOc->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (VmDirStringCompareA(pOldOc->pszSup, pNewOc->pszSup, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s sup mismatch (%s) (%s).",
-                    __FUNCTION__, pOldOc->pszName,
-                    pOldOc->pszSup, pNewOc->pszSup);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldOc->type != pNewOc->type)
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s type mismatch (%d) (%d).",
-                    __FUNCTION__, pOldOc->pszName,
-                    pOldOc->type, pNewOc->type);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (!VmDirIsStrArrayIdentical(pOldOc->ppszMust, pNewOc->ppszMust))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s must attribute list mismatch.",
-                    __FUNCTION__, pOldOc->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (pOldOc->pszDesc && !pNewOc->pszDesc)
+        // keep old description if there isn't new description
+        if (IsNullOrEmptyString(pNewOc->pszDesc) &&
+            !IsNullOrEmptyString(pOldOc->pszDesc))
         {
             dwError = VmDirAllocateStringA(
                     pOldOc->pszDesc, &pMergedOc->pszDesc);
@@ -250,6 +169,7 @@ VmDirLdapOcMerge(
             pMergedOc->pSource->oc_desc = pMergedOc->pszDesc;
         }
 
+        // merged may = old may + new may
         VmDirFreeStrArray(pMergedOc->ppszMay);
         dwError = VmDirMergeStrArray(
                 pOldOc->ppszMay, pNewOc->ppszMay, &pMergedOc->ppszMay);
@@ -298,24 +218,7 @@ VmDirLdapCrMerge(
     }
     else if (pOldCr)
     {
-        if (VmDirStringCompareA(pOldCr->pszName, pNewCr->pszName, FALSE))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: name mismatch (%s) (%s).",
-                    __FUNCTION__, pOldCr->pszName, pNewCr->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        if (!VmDirIsStrArrayIdentical(pOldCr->ppszMust, pNewCr->ppszMust))
-        {
-            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                    "%s: %s must attribute list mismatch.",
-                    __FUNCTION__, pOldCr->pszName);
-            dwError = VMDIR_ERROR_SCHEMA_NOT_COMPATIBLE;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
+        // merged may = old may + new may
         VmDirFreeStrArray(pMergedCr->ppszMay);
         dwError = VmDirMergeStrArray(
                 pOldCr->ppszMay, pNewCr->ppszMay, &pMergedCr->ppszMay);
@@ -324,6 +227,7 @@ VmDirLdapCrMerge(
         // for free later
         pMergedCr->pSource->cr_at_oids_may = pMergedCr->ppszMay;
 
+        // merged aux = old aux + new aux
         VmDirFreeStrArray(pMergedCr->ppszAux);
         dwError = VmDirMergeStrArray(
                 pOldCr->ppszAux, pNewCr->ppszAux, &pMergedCr->ppszAux);
@@ -356,9 +260,9 @@ VmDirLdapSchemaMerge(
     LW_HASHMAP_ITER crIter = LW_HASHMAP_ITER_INIT;
     LW_HASHMAP_PAIR pair = {NULL, NULL};
 
-    PVDIR_LDAP_ATTRIBUTE_TYPE pOldAt = NULL;
-    PVDIR_LDAP_ATTRIBUTE_TYPE pNewAt = NULL;
-    PVDIR_LDAP_ATTRIBUTE_TYPE pMergedAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pOldAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pNewAt = NULL;
+    PVDIR_LDAP_ATTRIBUTE_TYPE   pMergedAt = NULL;
 
     PVDIR_LDAP_OBJECT_CLASS pOldOc = NULL;
     PVDIR_LDAP_OBJECT_CLASS pNewOc = NULL;
diff --git a/vmdir/common/schema/schema.c b/vmdir/common/schema/schema.c
index 0fad2dea0..9726967ba 100644
--- a/vmdir/common/schema/schema.c
+++ b/vmdir/common/schema/schema.c
@@ -383,6 +383,28 @@ _FreeDefMapPair(
     }
 }
 
+BOOLEAN
+VmDirLdapSchemaIsEmpty(
+    PVDIR_LDAP_SCHEMA   pSchema
+    )
+{
+    BOOLEAN bEmpty = TRUE;
+
+    if (pSchema)
+    {
+        if (LwRtlHashMapGetCount(pSchema->attributeTypes) ||
+            LwRtlHashMapGetCount(pSchema->objectClasses) ||
+            LwRtlHashMapGetCount(pSchema->contentRules) ||
+            LwRtlHashMapGetCount(pSchema->structureRules) ||
+            LwRtlHashMapGetCount(pSchema->nameForms))
+        {
+            bEmpty = FALSE;
+        }
+    }
+
+    return bEmpty;
+}
+
 VOID
 VmDirFreeLdapSchema(
     PVDIR_LDAP_SCHEMA   pSchema
diff --git a/vmdir/common/string.c b/vmdir/common/string.c
index 6906066b4..7dca61fc6 100644
--- a/vmdir/common/string.c
+++ b/vmdir/common/string.c
@@ -535,6 +535,99 @@ VmDirStringNPrintFA(
     return dwError;
 }
 
+DWORD
+VmDirStringReplaceAll(
+    PCSTR   pszSrc,
+    PCSTR   pszPatn,
+    PCSTR   pszRplc,
+    PSTR*   ppszDst
+    )
+{
+    DWORD   dwError = 0;
+    size_t  patnlen = 0;
+    size_t  rplclen = 0;
+    size_t  toklen = 0;
+    size_t  curlen = 0;
+    PSTR    pszCur = NULL;
+    PSTR    pszNxt = NULL;
+    PSTR    pszDst = NULL;
+
+    if (IsNullOrEmptyString(pszSrc) ||
+        IsNullOrEmptyString(pszPatn) ||
+        IsNullOrEmptyString(pszRplc) ||
+        !ppszDst)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    patnlen = VmDirStringLenA(pszPatn);
+    rplclen = VmDirStringLenA(pszRplc);
+    pszCur = (PSTR)pszSrc;
+
+    while (pszCur)
+    {
+        pszNxt = VmDirStringStrA(pszCur, pszPatn);
+
+        if (pszNxt)
+        {
+            toklen = pszNxt - pszCur;
+            pszNxt += patnlen;
+
+            dwError = VmDirReallocateMemoryWithInit(
+                    (PVOID)pszDst,
+                    (PVOID*)&pszDst,
+                    curlen + toklen + rplclen + 1,
+                    curlen);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirStringNCpyA(
+                    pszDst + curlen, toklen + 1, pszCur, toklen);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            curlen += toklen;
+
+            dwError = VmDirStringNCpyA(
+                    pszDst + curlen, rplclen + 1, pszRplc, rplclen);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            curlen += rplclen;
+        }
+        else
+        {
+            toklen = VmDirStringLenA(pszCur);
+
+            dwError = VmDirReallocateMemoryWithInit(
+                    (PVOID)pszDst,
+                    (PVOID*)&pszDst,
+                    curlen + toklen + 1,
+                    curlen);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirStringNCpyA(
+                    pszDst + curlen, toklen + 1, pszCur, toklen);
+            BAIL_ON_VMDIR_ERROR(dwError);
+            curlen += toklen;
+        }
+
+        pszCur = pszNxt;
+    }
+
+    *ppszDst = pszDst;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszDst);
+    goto cleanup;
+}
+
+/*
+ *  does NOT return empty string token.
+ *  say pszStr = "(A;;RP;;;MYSID)" and pszDelimiter = ";"
+ *  return pList->pStringList[0] = "(A"
+ *         pList->pStringList[1] = "RP"
+ *         pList->pStringList[2] = "MYSID)"
+ */
 DWORD
 VmDirStringToTokenList(
     PCSTR pszStr,
@@ -583,5 +676,70 @@ VmDirStringToTokenList(
     goto cleanup;
 }
 
+/*
+ *  return empty string token.
+ *  say pszStr = "(A;;RP;;;MYSID)" and pszDelimiter = ";"
+ *  return pList->pStringList[0] = "(A"
+ *         pList->pStringList[1] = ""
+ *         pList->pStringList[2] = "RP"
+ *         pList->pStringList[3] = ""
+ *         pList->pStringList[4] = ""
+ *         pList->pStringList[5] = "MYSID)"
+ */
+DWORD
+VmDirStringToTokenListExt(
+    PCSTR pszStr,
+    PCSTR pszDelimiter,
+    PVMDIR_STRING_LIST *ppStrList
+    )
+{
+    DWORD       dwError = 0;
+    PSTR        pszToken = NULL;
+    PSTR        pszLocal = NULL;
+    PSTR        pszHead = NULL;
+    SIZE_T      dwSize = 0;
+    PVMDIR_STRING_LIST  pList = NULL;
+
+    if ( IsNullOrEmptyString(pszStr) || IsNullOrEmptyString(pszDelimiter) || ppStrList == NULL )
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwSize = VmDirStringLenA(pszDelimiter);
+
+    dwError = VmDirStringListInitialize(&pList, 10);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // make a local copy
+    dwError = VmDirAllocateStringA(
+                pszStr,
+                &pszLocal);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszHead = pszLocal;
+    while ((pszToken = strstr(pszHead, pszDelimiter)) != NULL)
+    {
+        *pszToken = '\0';
+        dwError = VmDirStringListAddStrClone (pszHead, pList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszHead = pszToken + dwSize;
+    }
+
+    dwError = VmDirStringListAddStrClone (pszHead, pList);
+
+    *ppStrList = pList;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLocal);
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pList);
+    goto cleanup;
+}
+
 #endif //#ifndef _WIN32
 
diff --git a/vmdir/common/threading.c b/vmdir/common/threading.c
index 416e547ab..ded2faa64 100644
--- a/vmdir/common/threading.c
+++ b/vmdir/common/threading.c
@@ -20,7 +20,7 @@
 DWORD
 VmDirAllocateMutex(
     PVMDIR_MUTEX* ppMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDIR_MUTEX pVmDirMutex = NULL;
@@ -50,7 +50,7 @@ VmDirAllocateMutex(
 DWORD
 VmDirInitializeMutexContent(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -75,7 +75,7 @@ VmDirInitializeMutexContent(
 VOID
 VmDirFreeMutex(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     VmDirFreeMutexContent(pMutex);
     VMDIR_SAFE_FREE_MEMORY( pMutex );
@@ -84,7 +84,7 @@ VmDirFreeMutex(
 VOID
 VmDirFreeMutexContent(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     if ( ( pMutex != NULL ) &&  ( pMutex->bInitialized != FALSE ) )
     {
@@ -97,7 +97,7 @@ VmDirFreeMutexContent(
 DWORD
 VmDirLockMutex(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -122,7 +122,7 @@ VmDirLockMutex(
 DWORD
 VmDirUnLockMutex(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -147,7 +147,7 @@ VmDirUnLockMutex(
 BOOLEAN
 VmDirIsMutexInitialized(
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     return ( pMutex != NULL ) &&
            ( pMutex->bInitialized != FALSE );
@@ -337,7 +337,7 @@ VmDirIsRWLockInitialized(
 DWORD
 VmDirAllocateCondition(
     PVMDIR_COND* ppCondition
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDIR_COND pVmDirCond = NULL;
@@ -367,7 +367,7 @@ VmDirAllocateCondition(
 DWORD
 VmDirInitializeConditionContent(
     PVMDIR_COND pCondition
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -391,7 +391,7 @@ VmDirInitializeConditionContent(
 VOID
 VmDirFreeCondition(
     PVMDIR_COND pCondition
-)
+    )
 {
     VmDirFreeConditionContent( pCondition );
     VMDIR_SAFE_FREE_MEMORY( pCondition );
@@ -400,7 +400,7 @@ VmDirFreeCondition(
 VOID
 VmDirFreeConditionContent(
     PVMDIR_COND pCondition
-)
+    )
 {
     if ( ( pCondition != NULL ) &&  ( pCondition->bInitialized != FALSE ) )
     {
@@ -413,7 +413,7 @@ DWORD
 VmDirConditionWait(
     PVMDIR_COND pCondition,
     PVMDIR_MUTEX pMutex
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -446,7 +446,7 @@ VmDirConditionTimedWait(
     PVMDIR_COND pCondition,
     PVMDIR_MUTEX pMutex,
     DWORD dwMilliseconds
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     struct timespec ts = {0};
@@ -485,7 +485,7 @@ VmDirConditionTimedWait(
 DWORD
 VmDirConditionSignal(
     PVMDIR_COND pCondition
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
 
@@ -531,8 +531,8 @@ VmDirConditionBroadcast(
 static
 PVOID
 ThreadFunction(
-  PVOID pArgs
-)
+    PVOID pArgs
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDIR_START_ROUTINE pThreadStart = NULL;
@@ -575,10 +575,10 @@ ThreadFunction(
 DWORD
 VmDirCreateThread(
     PVMDIR_THREAD pThread,
-    BOOLEAN bDetached,
+    BOOLEAN bJoinThr,
     VmDirStartRoutine* pStartRoutine,
     PVOID pArgs
-)
+    )
 {
     DWORD                       dwError = ERROR_SUCCESS;
     PVMDIR_THREAD_START_INFO    pThreadStartInfo = NULL;
@@ -586,13 +586,13 @@ VmDirCreateThread(
     BOOLEAN                     bThreadAttrInited = FALSE;
     int                         iRetryCnt = 0;
 
-    if ( ( pThread == NULL ) || ( pStartRoutine == NULL ) )
+    if (!pThread || !pStartRoutine)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if( bDetached != FALSE )
+    if (!bJoinThr)
     {
         pthread_attr_init(&thrAttr);
         bThreadAttrInited = TRUE;
@@ -612,11 +612,11 @@ VmDirCreateThread(
     {
         dwError = pthread_create(
                         pThread,
-                        ((bDetached == FALSE) ? NULL : &thrAttr),
+                        (bJoinThr ? NULL : &thrAttr),
                         ThreadFunction,
                         pThreadStartInfo
                         );
-        if ( dwError == EAGAIN )    // no resources, retry after 1 second pause
+        if (dwError == EAGAIN)  // no resources, retry after 1 second pause
         {
             iRetryCnt++ ;
             VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "pthread_create EAGAIN, retry (%d)", iRetryCnt );
@@ -626,7 +626,7 @@ VmDirCreateThread(
         {
             iRetryCnt = VMDIR_MAX_EAGAIN_RETRY;
         }
-    } while ( iRetryCnt < VMDIR_MAX_EAGAIN_RETRY );
+    } while (iRetryCnt < VMDIR_MAX_EAGAIN_RETRY);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // we started successfully -> pThreadStartInfo is now owned by
@@ -634,14 +634,11 @@ VmDirCreateThread(
     pThreadStartInfo = NULL;
 
 error:
-
-    if(bThreadAttrInited != FALSE)
+    if (bThreadAttrInited)
     {
         pthread_attr_destroy(&thrAttr);
     }
-
-    VMDIR_SAFE_FREE_MEMORY( pThreadStartInfo );
-
+    VMDIR_SAFE_FREE_MEMORY(pThreadStartInfo);
     return dwError;
 }
 
@@ -649,7 +646,7 @@ DWORD
 VmDirThreadJoin(
     PVMDIR_THREAD pThread,
     PDWORD pRetVal
-)
+    )
 {
     DWORD dwError = ERROR_SUCCESS;
     union
@@ -686,13 +683,197 @@ VmDirThreadJoin(
 VOID
 VmDirFreeVmDirThread(
     PVMDIR_THREAD pThread
-)
+    )
 {
-    if ( pThread != NULL )
+    if (pThread)
     {
         // on linux nothing to free really
         memset(pThread, 0, sizeof(*pThread));
     }
 }
 
+/*
+ * If the old policy is a realtime one (RR or FIFO), then increase priority
+ * by iDelta, otherwise (e.g. old policy is SCHED_NORMAL), set the new policy
+ * to RR and set priority to minimum.
+ *
+ * Assume that all operational threads have the same schedule policy/priority
+ * initially so that this function would put the calling thread ahead of
+ * operational threads.
+ *
+ * Pitfall: the priority upgrade has no effect on Windows 2008 server with
+ * process under NORMAL_PRIORITY_CLASS, and has slight effect with
+ * IDLE_PRIORITY_CLASS. If appears that Windows wakes up threads (for those
+ * waiting for a mutex in NORMAL_PRIORITY_CLASS) in a FIFO way regardless of
+ * their priorities. Therefore, there is no implementation of this function
+ * for Windows.
+ */
+VOID
+VmDirRaiseThreadPriority(
+    int iDelta
+    )
+{
+#ifdef _WIN32
+    return;
+#else
+    int retVal = 0;
+    int old_sch_policy = 0;
+    int new_sch_policy = 0;
+    int max_sched_pri = 0;
+    struct sched_param  old_sch_param = {0};
+    struct sched_param  new_sch_param = {0};
+    PSTR    pszLocalErrorMsg = NULL;
+
+    retVal=pthread_getschedparam(pthread_self(), &old_sch_policy, &old_sch_param);
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+            "%s: pthread_getschedparam failed", __FUNCTION__);
+
+    if (old_sch_policy == SCHED_FIFO || old_sch_policy == SCHED_RR)
+    {
+        // Thread is already in a realtime policy, though the current
+        // vmdird wouldn't be setup at this policy
+        max_sched_pri = sched_get_priority_max(old_sch_policy);
+        if (max_sched_pri < 0)
+        {
+            retVal = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+                    "%s: sched_get_priority_max failed on policy %d",
+                    __FUNCTION__, old_sch_policy);
+
+        }
+
+        new_sch_policy = old_sch_policy;
+        new_sch_param.sched_priority = old_sch_param.sched_priority + iDelta;
+        if (new_sch_param.sched_priority > max_sched_pri)
+        {
+            new_sch_param.sched_priority = max_sched_pri;
+        }
+    }
+    else
+    {
+        // Thread is in a non-realtime policy, put it on the lowest RR
+        // priority which would be schedule ahead of operational threads
+        // with SCHED_OTHER
+        new_sch_policy = SCHED_RR;
+        new_sch_param.sched_priority = sched_get_priority_min(new_sch_policy);
+        if (new_sch_param.sched_priority < 0)
+        {
+            retVal = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+                    "%s: sched_get_priority_min failed sch_policy=%d",
+                    __FUNCTION__, new_sch_policy);
+        }
+    }
+
+    retVal = pthread_setschedparam(pthread_self(), new_sch_policy, &new_sch_param);
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+            "%s: setschedparam failed: errno=%d old_sch_policy=%d old_sch_priority=%d new_sch_policy=%d new_sch_priority=%d",
+            __FUNCTION__, errno, old_sch_policy, old_sch_param.sched_priority, new_sch_policy, new_sch_param.sched_priority);
+
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+            "%s: old_sch_policy=%d old_sch_priority=%d new_sch_policy=%d new_sch_priority=%d",
+            __FUNCTION__, old_sch_policy, old_sch_param.sched_priority, new_sch_policy, new_sch_param.sched_priority);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
+    return;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s", VDIR_SAFE_STRING(pszLocalErrorMsg));
+    goto cleanup;
+#endif
+}
+
+/*
+ * If the old policy is a realtime one (RR or FIFO), then set the new policy
+ * to OTHER and set priority to maximum, otherwise (e.g. old policy is
+ * SCHED_NORMAL), decrease priority by iDelta.
+ *
+ * Assume that all operational threads have the same schedule policy/priority
+ * initially so that this function would put the calling thread behind
+ * operational threads.
+ *
+ * Pitfall: the priority upgrade has no effect on Windows 2008 server with
+ * process under NORMAL_PRIORITY_CLASS, and has slight effect with
+ * IDLE_PRIORITY_CLASS. If appears that Windows wakes up threads (for those
+ * waiting for a mutex in NORMAL_PRIORITY_CLASS) in a FIFO way regardless of
+ * their priorities. Therefore, there is no implementation of this function
+ * for Windows.
+ */
+VOID
+VmDirDropThreadPriority(
+    int iDelta
+    )
+{
+#ifdef _WIN32
+    return;
+#else
+    int retVal = 0;
+    int old_sch_policy = 0;
+    int new_sch_policy = 0;
+    int min_sched_pri = 0;
+    struct sched_param  old_sch_param = {0};
+    struct sched_param  new_sch_param = {0};
+    PSTR    pszLocalErrorMsg = NULL;
+
+    retVal=pthread_getschedparam(pthread_self(), &old_sch_policy, &old_sch_param);
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+            "%s: pthread_getschedparam failed", __FUNCTION__);
+
+    if (old_sch_policy == SCHED_FIFO || old_sch_policy == SCHED_RR)
+    {
+        // Thread is in a realtime policy, though the current vmdird
+        // wouldn't be setup at this policy. Put it on the highest
+        // OTHER priority which would be schedule behind operational
+        // threads with SCHED_RR/SCHED_FIFO
+        new_sch_policy = SCHED_OTHER;
+        new_sch_param.sched_priority = sched_get_priority_max(new_sch_policy);
+        if (new_sch_param.sched_priority < 0)
+        {
+            retVal = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+                    "%s: sched_get_priority_min failed sch_policy=%d",
+                    __FUNCTION__, new_sch_policy);
+        }
+    }
+    else
+    {
+        // Thread is in a non-realtime policy, lower its priority by iDelta
+        min_sched_pri = sched_get_priority_min(old_sch_policy);
+        if (min_sched_pri < 0)
+        {
+            retVal = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+                    "%s: sched_get_priority_max failed on policy %d",
+                    __FUNCTION__, old_sch_policy);
+
+        }
+
+        new_sch_policy = old_sch_policy;
+        new_sch_param.sched_priority = old_sch_param.sched_priority - iDelta;
+        if (new_sch_param.sched_priority < min_sched_pri)
+        {
+            new_sch_param.sched_priority = min_sched_pri;
+        }
+    }
+
+    retVal = pthread_setschedparam(pthread_self(), new_sch_policy, &new_sch_param);
+    BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrorMsg,
+            "%s: setschedparam failed: errno=%d old_sch_policy=%d old_sch_priority=%d new_sch_policy=%d new_sch_priority=%d",
+            __FUNCTION__, errno, old_sch_policy, old_sch_param.sched_priority, new_sch_policy, new_sch_param.sched_priority);
+
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
+            "%s: old_sch_policy=%d old_sch_priority=%d new_sch_policy=%d new_sch_priority=%d",
+            __FUNCTION__, old_sch_policy, old_sch_param.sched_priority, new_sch_policy, new_sch_param.sched_priority);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
+    return;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s", VDIR_SAFE_STRING(pszLocalErrorMsg));
+    goto cleanup;
+#endif
+}
+
 #endif
diff --git a/vmdir/common/util.c b/vmdir/common/util.c
index 3ac9b3fd9..7a9b6fbf8 100644
--- a/vmdir/common/util.c
+++ b/vmdir/common/util.c
@@ -22,12 +22,38 @@ _VmDirIsIPV4AddrFormat(
     PCSTR   pszAddr
     );
 
+/*
+ * convert string to USN
+ */
+DWORD
+VmDirStringToUSN(
+    PCSTR   pszUSNStr,
+    USN*    poutUSN
+    )
+{
+    DWORD   dwError = 0;
+    PSTR pszEnd = NULL;
+
+    if (!pszUSNStr || !poutUSN)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    *poutUSN = VmDirStringToLA(pszUSNStr, &pszEnd, 10);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
 /*
  * Assumptions: tenant dn starts with "dc="
  */
 PCSTR
 VmDirSearchDomainDN(
-    PCSTR pszNormObjectDN
+    PCSTR   pszNormObjectDN
     )
 {
     PSTR pszDomainDn = VmDirStringCaseStrA(pszNormObjectDN, "dc=");
@@ -42,8 +68,9 @@ VmDirSearchDomainDN(
 
 DWORD
 VmDirDomainDNToName(
-    PCSTR pszDomainDN,
-    PSTR* ppszDomainName)
+    PCSTR   pszDomainDN,
+    PSTR*   ppszDomainName
+    )
 {
     DWORD   dwError = 0;
     PSTR    pszDomainName = NULL;
@@ -94,14 +121,14 @@ VmDirDomainDNToName(
 }
 
 DWORD
-VmDirSrvCreateDomainDN(
-    PCSTR pszFQDomainName,
-    PSTR* ppszDomainDN
+VmDirDomainNameToDN(
+    PCSTR   pszDomainName,
+    PSTR*   ppszDomainDN
     )
 {
     DWORD   dwError = 0;
     PSTR    pszDomainDN = NULL;
-    int     fqDomainNameLen = (int) VmDirStringLenA(pszFQDomainName);
+    int     fqDomainNameLen = (int) VmDirStringLenA(pszDomainName);
     int     domainDNBufLen = 0;
     PSTR    pszTmpFQDomainName = NULL;
     int     numDomainComps = 1;
@@ -116,7 +143,7 @@ VmDirSrvCreateDomainDN(
     dwError = VmDirAllocateMemory( fqDomainNameLen + 1 /* \0 */, (PVOID *) &pszTmpFQDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirStringCpyA( pszTmpFQDomainName, fqDomainNameLen + 1, pszFQDomainName );
+    dwError = VmDirStringCpyA( pszTmpFQDomainName, fqDomainNameLen + 1, pszDomainName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Count number of domain components
@@ -3633,7 +3660,7 @@ VmDirGetDomainFuncLvlInternal(
     }
 
     // Get the domain DN from the domain name.
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomain,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -3713,7 +3740,7 @@ VmDirGetServerAccountDN(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSrvCreateDomainDN(pszDomain, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomain, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
diff --git a/vmdir/common/win/logging.c b/vmdir/common/win/logging.c
index dad4ad3ba..1a8200ef5 100644
--- a/vmdir/common/win/logging.c
+++ b/vmdir/common/win/logging.c
@@ -264,7 +264,7 @@ VmDirLogInternalInitialize(
             BAIL_ON_VMDIR_LOG_ERROR(dwError);
 
             dwError = VmDirCreateThread(_gpVmDirLogCtx->pThread,
-                            FALSE,
+                            TRUE,
                             _VmDirLogThread,
                             NULL);
             BAIL_ON_VMDIR_LOG_ERROR(dwError);
diff --git a/vmdir/config/Makefile.am b/vmdir/config/Makefile.am
index a34aabadb..fa5386979 100644
--- a/vmdir/config/Makefile.am
+++ b/vmdir/config/Makefile.am
@@ -4,6 +4,7 @@ vmdirconf_DATA = \
     vmdir-client.reg \
     vmdird-syslog-ng.conf \
     saslvmdird.conf \
-    vmdir-rest.json
+    vmdir-rest.json \
+    vmdir-telegraf.conf
 
 bin_SCRIPTS = vmdir_upgrade.sh
diff --git a/vmdir/config/vmdir-rest.json b/vmdir/config/vmdir-rest.json
index 3a9a27322..9f2b754f3 100644
--- a/vmdir/config/vmdir-rest.json
+++ b/vmdir/config/vmdir-rest.json
@@ -2,20 +2,26 @@
     "swagger": "2.0",
     "info": {
         "title": "Lightwave VmDir API",
-        "version": "1.0.0"
+        "version": "1.3.0"
     },
     "schemes": [
-        "http"
+        "http",
+        "https"
     ],
-    "host": "IPADDRESS_MARKER:7477",
+    "host": "IPADDRESS_MARKER",
     "basePath": "/v1",
     "produces": [
-        "application/json"
+        "application/json",
+        "text/plain"
     ],
     "tags": [
         {
             "name": "ldap",
             "description": "LDAP(Lightweight Directory Access Protocol) protocol implemented in RESTful interface"
+        },
+        {
+            "name": "metrics",
+            "description": "Metrics module for publishing metrics data"
         }
     ],
     "paths": {
@@ -168,6 +174,26 @@
                     "ldap"
                 ]
             }
+        },
+        "/vmdir/metrics": {
+            "get": {
+                "summary": "Get metrics data",
+                "description": "Get metrics data in Prometheus format",
+                "produces": [
+                    "text/plain"
+                ],
+                "responses": {
+                    "200": {
+                        "description": "Metrics Response",
+                        "schema": {
+                            "$ref": "#/definitions/MetricsResponse"
+                        }
+                    }
+                },
+                "tags": [
+                    "metrics"
+                ]
+            }
         }
     },
     "definitions": {
@@ -246,6 +272,11 @@
                     }
                 }
             }
+        },
+        "MetricsResponse": {
+            "type": "object",
+            "properties": {
+            }
         }
     }
-}
\ No newline at end of file
+}
diff --git a/vmdir/config/vmdir-telegraf.conf b/vmdir/config/vmdir-telegraf.conf
new file mode 100644
index 000000000..c8b9bf9ea
--- /dev/null
+++ b/vmdir/config/vmdir-telegraf.conf
@@ -0,0 +1,6 @@
+[[inputs.procstat]]
+  exe="vmdird"
+  prefix="vmdir"
+
+[[inputs.prometheus]]
+  urls = ["http://localhost:7477/v1/vmdir/metrics"]
diff --git a/vmdir/config/vmdirschema.ldif b/vmdir/config/vmdirschema.ldif
index 3e6e7e8c2..162b8cd5c 100644
--- a/vmdir/config/vmdirschema.ldif
+++ b/vmdir/config/vmdirschema.ldif
@@ -15341,7 +15341,9 @@ dITContentRules:  (
         $ securityPrincipal
         $ samDomainBase
         $ posixGroup
-        $ shadowAccount ) MAY (creationTime
+        $ shadowAccount
+        )
+    MAY ( creationTime
         $ forceLogoff
         $ lockoutDuration
         $ lockOutObservationWindow
@@ -16601,7 +16603,7 @@ dITContentRules:  (
         $ vmwDNSConfig
         $ dcObject
         )
-    MAY (cACertificate
+    MAY ( cACertificate
         $ builtinCreationTime
         $ builtinModifiedCount
         $ creationTime
diff --git a/vmdir/configure.ac b/vmdir/configure.ac
deleted file mode 100644
index 89d2845d6..000000000
--- a/vmdir/configure.ac
+++ /dev/null
@@ -1,717 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([vmdir], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-        PLATFORM_LIB_PREFIX=lib64
-        ;;
-    darwin*:x86_64)
-        PLATFORM_LIB_PREFIX=lib
-        ;;
-    linux*:aarch64)
-        PLATFORM_LIB_PREFIX=lib
-        ;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-ADDACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([addacl],
-    [AC_HELP_STRING([--enable-addacl], [enable acl check on add (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            ADDACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$ADDACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(ADDACL_CHECK_DISABLED, "1", [ Disable ACL checks on add ])
-fi
-
-MODACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([modacl],
-    [AC_HELP_STRING([--enable-modacl], [enable acl check on modify (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            MODACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$MODACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(MODACL_CHECK_DISABLED, "1", [ Disable ACL checks on modify ])
-fi
-
-DELACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([delacl],
-    [AC_HELP_STRING([--enable-delacl], [enable acl check on delete (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            DELACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$DELACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(DELACL_CHECK_DISABLED, "1", [ Disable ACL checks on delete ])
-fi
-
-SEAACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([seaacl],
-    [AC_HELP_STRING([--enable-seaacl], [enable acl check on search (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            SEAACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$SEAACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(SEAACL_CHECK_DISABLED, "1", [ Disable ACL checks on search ])
-fi
-
-# datastore flag
-
-AC_ARG_WITH([datastore],
-    [AC_HELP_STRING([--with-datastore=<datastore>], [use backend datatore <datastore> ])],
-    [
-        VMDIRD_DATASTORE="$withval"
-    ])
-
-ENABLE_LIGHTWAVE_BUILD=no
-AC_ARG_ENABLE([lightwave-build],
-    [AC_HELP_STRING([--enable-lightwave-build], [enable lightwave build(default: no)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AC_DEFINE_UNQUOTED(LIGHTWAVE_BUILD, 1, [ enable lightwave specific build ])
-        fi
-    ])
-
-
-# client only build
-
-ENABLE_SERVER=false
-AC_ARG_ENABLE([server],
-    [AC_HELP_STRING([--enable-server], [enable full build(default: no)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            ENABLE_SERVER=true
-        fi
-    ])
-
-AM_CONDITIONAL(ENABLE_SERVER, [$ENABLE_SERVER])
-
-# openssl component
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib64
-    ;;
-    darwin*:x86_64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
-    ;;
-    linux*:aarch64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$OPEN_SSL_DEFAULT_PATH"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-# zlib component
-
-AC_ARG_WITH([zlib],
-    [AC_HELP_STRING([--with-zlib=<dir>], [use zlib binaries rooted at prefix <dir> ])],
-    [
-        ZLIB_BASE_PATH="$withval"
-        ZLIB_INCLUDES="-I$withval/include"
-        ZLIB_LDFLAGS="-L$withval/lib -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([zlib-includes],
-    [AC_HELP_STRING([--with-zlib-includes=<dir>], [use ZLIB headers located in prefix <dir> ])],
-    [
-        ZLIB_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([zlib-libs],
-    [AC_HELP_STRING([--with-zlib-libs=<dir>], [use ZLIB libraries located in prefix <dir> ])],
-    [
-        ZLIB_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(ZLIB_BASE_PATH)
-AC_SUBST(ZLIB_INCLUDES)
-AC_SUBST(ZLIB_LDFLAGS)
-
-# bzip component
-
-AC_ARG_WITH([bzip],
-    [AC_HELP_STRING([--with-bzip=<dir>], [use BZIP binaries rooted at prefix <dir> ])],
-    [
-        BZIP_BASE_PATH="$withval"
-        BZIP_INCLUDES="-I$withval/include"
-        BZIP_LDFLAGS="-L$withval/lib -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([bzip-includes],
-    [AC_HELP_STRING([--with-bzip-includes=<dir>], [use BZIP headers located in prefix <dir> ])],
-    [
-        BZIP_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([bzip-libs],
-    [AC_HELP_STRING([--with-bzip-libs=<dir>], [use BZIP libraries located in prefix <dir> ])],
-    [
-        BZIP_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(BZIP_BASE_PATH)
-AC_SUBST(BZIP_INCLUDES)
-AC_SUBST(BZIP_LDFLAGS)
-
-# vmevent component
-
-AC_ARG_WITH([vmevent],
-    [AC_HELP_STRING([--with-vmevent=<dir>], [use event-server binaries rooted at prefix <dir> ])],
-    [
-        VMEVENT_INCLUDES="-I$withval/include"
-    ])
-
-AC_CHECK_HEADERS(vmevent.h)
-AC_SUBST(VMEVENT_INCLUDES)
-
-# Cyrus SASL
-
-AC_ARG_WITH([sasl],
-    [AC_HELP_STRING([--with-sasl=<dir>], [use SASL binaries rooted at prefix <dir> ])],
-    [
-        SASL_BASE_PATH="$withval"
-        SASL_INCLUDES="-I$withval/include"
-        SASL_LIBPATH="$withval/lib64"
-        SASL_LDFLAGS="-L$withval/lib64"
-        SASL_PLUGINSPATH="$withval/lib64/sasl2"
-    ])
-
-AC_ARG_WITH([sasl-includes],
-    [AC_HELP_STRING([--with-sasl-includes=<dir>], [use SASL headers located in prefix <dir> ])],
-    [
-        SASL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([sasl-libs],
-    [AC_HELP_STRING([--with-sasl-libs=<dir>], [use SASL libraries located in prefix <dir> ])],
-    [
-        SASL_LIBPATH="$withval/lib64"
-        SASL_LDFLAGS="-L$withval"
-    ])
-
-AC_ARG_WITH([sasl-plugins],
-    [AC_HELP_STRING([--with-sasl-plugins=<dir>], [assume SASL plugins at runtime are located in <dir> ])],
-    [
-        SASL_PLUGINSPATH="$withval"
-    ])
-
-AC_SUBST(SASL_BASE_PATH)
-AC_SUBST(SASL_INCLUDES)
-AC_SUBST(SASL_LDFLAGS)
-
-AC_DEFINE_UNQUOTED(VMDIR_CONFIG_SASL2_LIB_PATH, "$SASL_PLUGINSPATH", [SASL2 Library path])
-
-# Trident
-
-AC_ARG_WITH([trident],
-    [AC_HELP_STRING([--with-trident=<dir>], [use trident-server binaries rooted at prefix <dir> ])],
-    [
-        TRIDENT_BASE_PATH="$withval"
-        TRIDENT_INCLUDES="-I$withval/include"
-        TRIDENT_LDFLAGS="-L$withval/lib64"
-    ])
-
-TRIDENT_LIBS="-lrestengine"
-AC_CHECK_HEADERS(vmrest.h)
-AC_SUBST(TRIDENT_BASE_PATH)
-AC_SUBST(TRIDENT_INCLUDES)
-AC_SUBST(TRIDENT_LDFLAGS)
-
-# Jansson
-
-AC_ARG_WITH([jansson],
-    [AC_HELP_STRING([--with-jansson=<dir>], [use jansson binaries rooted at prefix <dir> ])],
-    [
-        JANSSON_BASE_PATH="$withval"
-        JANSSON_INCLUDES="-I$withval/include"
-        JANSSON_LDFLAGS="-L$withval/lib"
-    ])
-
-JANSSON_LIBS="-ljansson"
-AC_CHECK_HEADERS(jansson.h)
-AC_SUBST(JANSSON_BASE_PATH)
-AC_SUBST(JANSSON_INCLUDES)
-AC_SUBST(JANSSON_LDFLAGS)
-
-# Copenapi
-
-AC_ARG_WITH([copenapi],
-    [AC_HELP_STRING([--with-copenapi=<dir>], [use copenapi binaries rooted at prefix <dir> ])],
-    [
-        COPENAPI_BASE_PATH="$withval"
-        COPENAPI_INCLUDES="-I$withval/include"
-        COPENAPI_LDFLAGS="-L$withval/lib"
-    ])
-
-COPENAPI_LIBS="-lcopenapi"
-AC_CHECK_HEADERS(copenapi/copenapi.h)
-AC_SUBST(COPENAPI_BASE_PATH)
-AC_SUBST(COPENAPI_INCLUDES)
-AC_SUBST(COPENAPI_LDFLAGS)
-
-# OIDC
-
-AC_ARG_WITH([ssocommon],
-    [AC_HELP_STRING([--with-ssocommon=<dir>], [use ssocommon binaries rooted at prefix <dir> ])],
-    [
-        SSOCOMMON_BASE_PATH="$withval"
-        SSOCOMMON_INCLUDES="-I$withval/include"
-        SSOCOMMON_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-SSOCOMMON_LIBS="-lssocommon"
-AC_SUBST(SSOCOMMON_BASE_PATH)
-AC_SUBST(SSOCOMMON_INCLUDES)
-AC_SUBST(SSOCOMMON_LDFLAGS)
-
-AC_ARG_WITH([oidc],
-    [AC_HELP_STRING([--with-oidc=<dir>], [use oidc binaries rooted at prefix <dir> ])],
-    [
-        OIDC_BASE_PATH="$withval"
-        OIDC_INCLUDES="-I$withval/include"
-        OIDC_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-OIDC_LIBS="-lssooidc"
-AC_CHECK_HEADERS(oidc.h)
-AC_CHECK_HEADERS(oidc_types.h)
-AC_CHECK_HEADERS(common_types.h)
-AC_SUBST(OIDC_BASE_PATH)
-AC_SUBST(OIDC_INCLUDES)
-AC_SUBST(OIDC_LDFLAGS)
-
-# Likewise components
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib64
-    ;;
-    darwin*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    linux*:aarch64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-LW_RPATH=$LIKEWISE_DEFAULT_PATH
-AC_ARG_WITH([likewise-rpath],
-    [AC_HELP_STRING([--with-likewise-rpath=<dir>], [use likewise libraries located at <dir> at runtime])],
-    [
-        LW_RPATH="$withval"
-    ])
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval/$PLATFORM_LIB_PREFIX"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$LW_BASE_PATH/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_ARG_WITH([dcerpc],
-    [AC_HELP_STRING([--with-dcerpc=<dir>], [use DCERPC binaries rooted at prefix <dir> ])],
-    [
-        DCERPC_PATH="$withval/bin"
-        DCERPC_INCLUDES="-I$withval/include"
-        DCERPC_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([dcerpc-includes],
-    [AC_HELP_STRING([--with-dcerpc-includes=<dir>], [use DCERPC headers located in prefix <dir> ])],
-    [
-        DCERPC_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([dcerpc-libs],
-    [AC_HELP_STRING([--with-dcerpc-libs=<dir>], [use DCERPC libraries located in prefix <dir> ])],
-    [
-        DCERPC_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-AC_ARG_ENABLE([pac],
-     AS_HELP_STRING([--disable-pac], [Disable Kerberos PAC]))
-AM_CONDITIONAL([VMDIR_ENABLE_PAC], [test "x$enable_pac" != "xno"]])
-if test x"$enable_pac" != x"no"
-then
-AC_DEFINE_UNQUOTED(VMDIR_ENABLE_PAC, 1, [ Enable PAC ])
-fi
-
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h limits.h)
-AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h)
-AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
-AC_CHECK_HEADERS(termios.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([z],[inflate],[ZLIB_LIBS="-lz"],[],[$ZLIB_LDFLAGS])
-AC_CHECK_LIB([bz2],[BZ2_bzdopen],[BZIP_LIBS="-lbz2"],[],[$BZIP_LDFLAGS])
-AC_CHECK_LIB([uuid],[uuid_copy], [UUID_LIBS="-luuid"], [], [$LW_LDFLAGS -luuid])
-AC_CHECK_LIB(
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB([lber], [ber_scanf], [LBER_LIBS="-llber"], [], [$LW_LDFLAGS -llber])
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB([sasl2], [sasl_server_init], [SASL_LIBS="-lsasl2"], [], [$SASL_LDFLAGS])
-AC_CHECK_LIB([ldap_r], [ldap_initialize], [LDAP_LIBS="-lldap_r -llber"], [], [$LW_LDFLAGS -llber $SASL_LDFLAGS $SASL_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwadvapi],
-    [LwFreeMemory],
-    [LWADVAPI_LIBS="-llwadvapi -llwadvapi_nothr"],
-    [],
-    [$LW_LDFLAGS -llwadvapi_nothr $LWBASE_LIBS $LDAP_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $OPENSSL_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-
-AC_CHECK_LIB([shadow], [getspnam], [SHADOW_LIBS="-lshadow"])
-
-# Use -lxcrypt on SLES11, which contains advanced hash algorithms
-AC_CHECK_LIB([xcrypt], [crypt_r], [CRYPT_LIBS="-L/usr/lib64 -lxcrypt $DL_LIBS"], [CRYPT_LIBS="no"], [-L/usr/lib64 $DL_LIBS])
-if test x"$CRYPT_LIBS" = x"no"; then
-  AC_CHECK_LIB([crypt], [crypt_r], [CRYPT_LIBS="-lcrypt"],[CRYPT_LIBS=""])
-fi
-
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(MDB_LIBS)
-AC_SUBST(ZLIB_LIBS)
-AC_SUBST(BZIP_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(LWADVAPI_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(LBER_LIBS)
-AC_SUBST(SHADOW_LIBS)
-AC_SUBST(CRYPT_LIBS)
-AC_SUBST(SASL_LIBS)
-AC_SUBST(TRIDENT_LIBS)
-AC_SUBST(JANSSON_LIBS)
-AC_SUBST(COPENAPI_LIBS)
-AC_SUBST(SSOCOMMON_LIBS)
-AC_SUBST(OIDC_LIBS)
-
-AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-if test x"$localstatedir" = x"/var"; then
-    vmdirdbdir="$localstatedir/lib/vmware/vmdir"
-else
-    vmdirdbdir="$localstatedir"
-fi
-AC_SUBST(vmdirdbdir)
-AS_AC_EXPAND(VMDIR_DB_DIR, $vmdirdbdir)
-AC_DEFINE_UNQUOTED(VMDIR_DB_DIR, "$VMDIR_DB_DIR", [Database directory])
-
-if test x"$IDL" = x"no"; then
-    AC_MSG_ERROR([DCERPC IDL compiler not found])
-fi
-
-AS_AC_EXPAND(VMDIR_SBIN, ["${sbindir}"])
-VMDIR_SBIN_DIR=$VMDIR_SBIN
-AC_SUBST(VMDIR_SBIN_DIR)
-
-vmdirlibdir=$prefix/lib64
-AC_SUBST(vmdirlibdir)
-AS_AC_EXPAND(VMDIR_LIB_DIR, $vmdirlibdir)
-AC_DEFINE_UNQUOTED(VMDIR_LIB_DIR, "$VMDIR_LIB_DIR", [Lib directory])
-
-vmdirsasldir=$vmdirlibdir/sasl2
-AC_SUBST(vmdirsasldir)
-
-vmdirlogdir=/var/log/vmware/vmdir/
-AC_ARG_WITH([logdir],
-   [AC_HELP_STRING([--with-logdir], [set the logging directory for vmdir])],
-   [
-        vmdirlogdir="$withval"
-   ])
-AC_SUBST(vmdirlogdir)
-AS_AC_EXPAND(VMDIR_LOG_DIR, $vmdirlogdir)
-AC_DEFINE_UNQUOTED(VMDIR_LOG_DIR, "$VMDIR_LOG_DIR", [Log directory])
-
-vmdir_version=1.0
-AC_ARG_WITH([version],
-    [AC_HELP_STRING([--with-version], [set the version (default: 1.0)])],
-    [
-        vmdir_version="$withval"
-    ])
-AC_SUBST(vmdir_version)
-AS_AC_EXPAND(VDIR_PSC_VERSION, $vmdir_version)
-AC_DEFINE_UNQUOTED(VDIR_PSC_VERSION, "$VDIR_PSC_VERSION", [PSC version])
-
-vmdirconfdir="$datadir/config"
-AC_SUBST(vmdirconfdir)
-AS_AC_EXPAND(VMDIR_CONFIG_DIR, $vmdirconfdir)
-AC_DEFINE_UNQUOTED(VMDIR_CONFIG_DIR, "$VMDIR_CONFIG_DIR", [Config directory])
-
-AS_AC_EXPAND(VMDIR_PREFIX, ["${prefix}"])
-VMDIR_PREFIX_DIR=$VMDIR_PREFIX
-AC_SUBST(VMDIR_PREFIX_DIR)
-
-AC_CONFIG_FILES([Makefile
-                 include/Makefile
-                 include/public/Makefile
-                 config/Makefile
-                 kdccommon/Makefile
-                 common/Makefile
-                 server/Makefile
-                 server/kdcsrvcommon/Makefile
-                 server/kdckrb5/Makefile
-                 server/kdctools/Makefile
-                 server/vmkdc_mit_tools/Makefile
-                 server/vmkdc/Makefile
-                 server/common/Makefile
-                 server/backend/Makefile
-                 server/mdb-store/Makefile
-                 server/indexcfg/Makefile
-                 server/middle-layer/Makefile
-                 server/schema/Makefile
-                 server/acl/Makefile
-                 server/ldap-head/Makefile
-                 server/replication/Makefile
-                 server/saslvmdirdb/Makefile
-                 server/vmdir/Makefile
-                 client/Makefile
-                 config/vmdir.reg
-                 testing/Makefile
-                 testing/query/Makefile
-                 testing/kerberos/Makefile
-                 testing/test_lib/Makefile
-                 testing/test_runner/Makefile
-                 testing/integration_tests/Makefile
-                 testing/integration_tests/acls/Makefile
-                 testing/integration_tests/misc/Makefile
-                 testing/integration_tests/multitenancy/Makefile
-                 testing/integration_tests/passwordapis/Makefile
-                 testing/integration_tests/search/Makefile
-                 testing/unittests/Makefile
-                 testing/unittests/libcommon/Makefile
-                 tools/Makefile
-                 tools/vdcaclmgr/Makefile
-                 tools/vdcadmintool/Makefile
-                 tools/vdcpromo/Makefile
-                 tools/vdcpass/Makefile
-                 tools/vdcrepadmin/Makefile
-                 tools/vdcsetupldu/Makefile
-                 tools/vdcbackup/Makefile
-                 tools/vmkdc_admin/Makefile
-                 tools/vdcsrp/Makefile
-                 tools/vdcupgrade/Makefile
-                 tools/vdcleavefed/Makefile
-                 tools/vdcresetMachineActCred/Makefile
-                 tools/vdcmetric/Makefile
-                 tools/vdcschema/Makefile
-                 tools/test/Makefile
-                 tools/test/circularbuffer/Makefile
-                 tools/test/dequetest/Makefile
-                 tools/test/parseargs/Makefile
-                 tools/test/registry/Makefile
-                 tools/test/string/Makefile
-                 tools/test/vmdirclienttest/Makefile
-                 thirdparty/Makefile
-                 thirdparty/openldap/Makefile
-                 thirdparty/openldap/libraries/Makefile
-                 thirdparty/openldap/libraries/mdb/Makefile
-                 thirdparty/heimdal/Makefile
-                 thirdparty/heimdal/asn1/Makefile
-                 thirdparty/heimdal/krb5-crypto/Makefile
-                 thirdparty/heimdal/ntlm/Makefile
-                 gssapi-plugins/Makefile
-                 gssapi-plugins/ntlm/Makefile
-                 gssapi-plugins/srp/Makefile
-                 gssapi-plugins/unix/Makefile
-                 thirdparty/csrp/Makefile
-                ])
-AC_OUTPUT
diff --git a/vmdir/gssapi-plugins/ntlm/Makefile.am b/vmdir/gssapi-plugins/ntlm/Makefile.am
index b4f3b0276..094715505 100644
--- a/vmdir/gssapi-plugins/ntlm/Makefile.am
+++ b/vmdir/gssapi-plugins/ntlm/Makefile.am
@@ -3,10 +3,10 @@ lib_LTLIBRARIES = libgssapi_ntlm.la
 libgssapi_ntlm_la_CPPFLAGS = \
    -D_MIT_KRB5_1_11 \
    -D_MIT_KRB5_1_12 \
-   -I$(top_srcdir)/gssapi-plugins/ntlm \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
+   -I$(top_srcdir)/vmdir/gssapi-plugins/ntlm \
+   -I$(top_srcdir)/vmdir/include \
+   -I$(top_srcdir)/vmdir/include/public \
+   -I$(top_srcdir)/vmdir/thirdparty \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -25,8 +25,8 @@ libgssapi_ntlm_la_SOURCES = \
     ntlm_util.c
 
 libgssapi_ntlm_la_LIBADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/thirdparty/csrp/libcsrp.la \
     @DCERPC_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@ \
diff --git a/vmdir/gssapi-plugins/ntlm/gssapi_ntlm.h b/vmdir/gssapi-plugins/ntlm/gssapi_ntlm.h
index 2021e6fae..ca37b9987 100644
--- a/vmdir/gssapi-plugins/ntlm/gssapi_ntlm.h
+++ b/vmdir/gssapi-plugins/ntlm/gssapi_ntlm.h
@@ -43,13 +43,6 @@ extern "C" {
 
 /* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
 
-/* 2.1.1. Kerberos Principal Name Form: */
-GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-
 /* 2.1.2. Host-Based Service Name Form */
 #define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
 /* This name form shall be represented by the Object Identifier {iso(1)
diff --git a/vmdir/gssapi-plugins/ntlm/ntlm_mech.c b/vmdir/gssapi-plugins/ntlm/ntlm_mech.c
index 2dc6ce161..441c18b60 100644
--- a/vmdir/gssapi-plugins/ntlm/ntlm_mech.c
+++ b/vmdir/gssapi-plugins/ntlm/ntlm_mech.c
@@ -426,8 +426,8 @@ ntlm_gss_inquire_context(
 				locally_initiated,
 				opened);
 
-    if (mech_type)
-        *mech_type = context_handle->mech_type;
+	if (mech_type)
+		*mech_type = context_handle->mech_type;
 
 	return (ret);
 }
diff --git a/vmdir/gssapi-plugins/srp/Makefile.am b/vmdir/gssapi-plugins/srp/Makefile.am
index a0eee4250..0daf1e74d 100644
--- a/vmdir/gssapi-plugins/srp/Makefile.am
+++ b/vmdir/gssapi-plugins/srp/Makefile.am
@@ -4,12 +4,12 @@ libgssapi_srp_la_CPPFLAGS = \
    -D_MIT_KRB5_1_11 \
    -D_MIT_KRB5_1_12 \
    -I. \
-   -I$(top_srcdir)/gssapi-plugins/srp \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir) \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-   -I$(top_builddir)/client \
+   -I$(top_srcdir)/vmdir/gssapi-plugins/srp \
+   -I$(top_srcdir)/vmdir/include \
+   -I$(top_srcdir)/vmdir \
+   -I$(top_srcdir)/vmdir/include/public \
+   -I$(top_srcdir)/vmdir/thirdparty \
+   -I$(top_builddir)/vmdir/client \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -32,9 +32,9 @@ libgssapi_srp_la_SOURCES = \
         srprpc.c
 
 libgssapi_srp_la_LIBADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    $(top_builddir)/client/libvmdirclient_la-srp_verifier_cstub.lo \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmdir/client/libvmdirclient_la-srp_verifier_cstub.lo \
     @DCERPC_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@ \
diff --git a/vmdir/gssapi-plugins/srp/gssapiP_srp.h b/vmdir/gssapi-plugins/srp/gssapiP_srp.h
index c7246ce94..60c513f2e 100644
--- a/vmdir/gssapi-plugins/srp/gssapiP_srp.h
+++ b/vmdir/gssapi-plugins/srp/gssapiP_srp.h
@@ -160,6 +160,7 @@ typedef struct {
         unsigned char     *srp_session_key;
         int               srp_session_key_len;
         void              *hServer;
+        int               bUseCSRP;      /* Call CSRP library directly */
 } srp_gss_ctx_id_rec, *srp_gss_ctx_id_t;
 
 
diff --git a/vmdir/gssapi-plugins/srp/gssapi_srp.h b/vmdir/gssapi-plugins/srp/gssapi_srp.h
index 83099c744..12f621828 100644
--- a/vmdir/gssapi-plugins/srp/gssapi_srp.h
+++ b/vmdir/gssapi-plugins/srp/gssapi_srp.h
@@ -43,13 +43,6 @@ extern "C" {
 
 /* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
 
-/* 2.1.1. Kerberos Principal Name Form: */
-GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-
 /* 2.1.2. Host-Based Service Name Form */
 #define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
 /* This name form shall be represented by the Object Identifier {iso(1)
diff --git a/vmdir/gssapi-plugins/srp/srp_accept_sec_ctx.c b/vmdir/gssapi-plugins/srp/srp_accept_sec_ctx.c
index c3277a15e..58de5a8ca 100644
--- a/vmdir/gssapi-plugins/srp/srp_accept_sec_ctx.c
+++ b/vmdir/gssapi-plugins/srp/srp_accept_sec_ctx.c
@@ -180,6 +180,7 @@ srp_gss_validate_oid_header(
 static
 OM_uint32
 _srp_gss_auth_create_machine_acct_binding(
+    int *bUseLocalIpc,
     OM_uint32 *minor_status,
     PVMDIR_SERVER_CONTEXT *hRetServer)
 {
@@ -209,15 +210,15 @@ _srp_gss_auth_create_machine_acct_binding(
     if (pEnv)
     {
         domainState = atoi(pEnv);
-    } else
+    } 
+    else
     {
         /* Determine if this system is a management node */
         dwError = srp_reg_get_domain_state(hRegistry, &domainState);
         if (dwError)
         {
-            maj = GSS_S_FAILURE;
-            min = dwError;
-            goto error;
+            /* Assume infra node if registry lookup fails */
+            domainState = 1;
         }
     }
 
@@ -254,7 +255,12 @@ _srp_gss_auth_create_machine_acct_binding(
             goto error;
         }
     }
-
+    else if (domainState == 1)
+    {
+        /* Do not create a binding handle when on an infra node; use IPC */
+        *bUseLocalIpc = 1;
+        goto error;
+    }
 
     /*
      * This will create a remote binding handle when credentials are
@@ -299,6 +305,140 @@ _srp_gss_auth_create_machine_acct_binding(
     return maj;
 }
 
+typedef struct _srp_secret_blob_data
+{
+    char *blob;
+    int blob_len;
+
+    /* All pointers below here are aliases into "blob" */
+    char *mda;
+    int mda_len;
+    char *v;
+    int v_len;
+    char *salt;
+    int salt_len;
+} srp_secret_blob_data, *srp_p_secret_blob_data;
+
+
+static long _get_srp_secret_decoded(
+    char *username,
+    srp_p_secret_blob_data srp_data)
+{
+    long sts = 0;
+    char *srp_secret = NULL;
+    char *srp_secret_str = NULL;
+    unsigned int srp_secret_str_len = 0;
+    unsigned int srp_secret_len_max = 0;
+    unsigned int srp_secret_len = 0;
+    uint32_t srp_decode_buf_len = 0;
+    uint16_t srp_decode_mda_len = 0;
+    uint16_t srp_decode_v_len = 0;
+    uint8_t srp_decode_salt_len = 0;
+    char *srp_decode_ptr = NULL;
+    char *srp_mda = NULL;
+    char *srp_v = NULL;
+    char *srp_salt = NULL;
+
+    /*
+     * This is the implementation of the RPC VmDirGetSRPSecret.
+     * The public interface VmDirGetSRPSecret() is no longer needed
+     * by this implementation
+     */
+    sts = VmDirLocalGetSRPSecret(
+              username,
+              (unsigned char **) &srp_secret_str,
+              &srp_secret_str_len);
+    if (sts)
+    {
+        goto error;
+    }
+
+    srp_secret = calloc(srp_secret_str_len, sizeof(char));
+    if (!srp_secret)
+    {
+        sts = rpc_s_no_memory;
+        goto error;
+    }
+    srp_secret_len_max = srp_secret_str_len;
+    sts = sasl_decode64(srp_secret_str,
+                        srp_secret_str_len,
+                        srp_secret,
+                        srp_secret_len_max,
+                        &srp_secret_len);
+    if (sts != SASL_OK)
+    {
+        sts = rpc_s_coding_error;
+        goto error;
+    }
+
+    /*
+     * Encoding of data blob (from common/srp.c):
+     * calculate buffer size
+     * mda: Message Digest Algorithm
+     * v: SRP private "hash" value * salt: random salt generated at "hash" creation time
+     *
+     * 0. 4 byte length
+     * 1. utf8(mda) : 2 bytes + string
+     * 2. mpi(v)    : 2 bytes + verifier
+     * 3. os(salt)  : 1 bytes + salt
+     */
+    srp_decode_ptr = srp_secret;
+    memcpy(&srp_decode_buf_len, srp_decode_ptr, sizeof(uint32_t));
+    srp_decode_ptr += sizeof(uint32_t);
+    srp_decode_buf_len = ntohl(srp_decode_buf_len);
+
+    memcpy(&srp_decode_mda_len, srp_decode_ptr, sizeof(uint16_t));
+    srp_decode_ptr += sizeof(uint16_t);
+    srp_decode_mda_len = ntohs(srp_decode_mda_len);
+    srp_mda = srp_decode_ptr;
+    srp_decode_ptr += srp_decode_mda_len;
+
+    memcpy(&srp_decode_v_len, srp_decode_ptr, sizeof(uint16_t));
+    srp_decode_ptr += sizeof(uint16_t);
+    srp_decode_v_len = ntohs(srp_decode_v_len);
+    srp_v = srp_decode_ptr;
+    srp_decode_ptr += srp_decode_v_len;
+
+    memcpy(&srp_decode_salt_len, srp_decode_ptr, sizeof(uint8_t));
+    srp_decode_ptr += sizeof(uint8_t);
+    srp_salt = srp_decode_ptr;
+
+
+    /* blob is the buffer, the rest are aliased pointers */
+    srp_data->blob = srp_secret;
+    srp_data->blob_len = srp_decode_buf_len;
+    srp_data->mda = srp_mda;
+    srp_data->mda_len = srp_decode_mda_len;
+    srp_data->v = srp_v;
+    srp_data->v_len = srp_decode_v_len;
+    srp_data->salt = srp_salt;
+    srp_data->salt_len = srp_decode_salt_len;
+
+error:
+    if (sts)
+    {
+        if (srp_secret)
+        {
+            free(srp_secret);
+        }
+    }
+    if (srp_secret_str)
+    {
+        free(srp_secret_str);
+    }
+
+    return sts;
+}
+
+static void _free_srp_secret_decoded(
+    srp_p_secret_blob_data srp_data)
+{
+    if (srp_data && srp_data->blob)
+    {
+        free(srp_data->blob);
+    }
+}
+
 static
 OM_uint32
 _srp_gss_auth_init(
@@ -344,6 +484,8 @@ _srp_gss_auth_init(
     ber_int_t gss_srp_version_min = 0;
     PVMDIR_SERVER_CONTEXT hServer = NULL;
     srp_verifier_handle_t hSrp = NULL; /* aliased / cast to "ver" variable */
+    srp_secret_blob_data srp_data = {0};
+    int bUseCSRP = 0; /* Use CRP library directly */
 
     ber_ctx.bv_val = (void *) input_token->value;
     ber_ctx.bv_len = input_token->length;
@@ -364,12 +506,14 @@ _srp_gss_auth_init(
                        &ber_state, &gss_srp_version_maj, &gss_srp_version_min);
     if (berror == -1)
     {
+        srp_debug_printf("_srp_gss_auth_init() ber_scanf(t{ii): failed berror=%d\n", berror);
         maj = GSS_S_FAILURE;
         goto error;
     }
     berror = ber_scanf(ber, "OO}", &ber_upn, &ber_bytes_A);
     if (berror == -1)
     {
+        srp_debug_printf("_srp_gss_auth_init() ber_scanf(OO): failed berror=%d\n", berror);
         maj = GSS_S_FAILURE;
         goto error;
     }
@@ -397,6 +541,7 @@ _srp_gss_auth_init(
                           &srp_context_handle->gss_upn_name);
     if (maj)
     {
+        srp_debug_printf("_srp_gss_auth_init() gss_import_name failed maj=%d\n", maj);
         goto error;
     }
 
@@ -406,11 +551,12 @@ _srp_gss_auth_init(
                            &disp_name_OID);
     if (maj)
     {
+        srp_debug_printf("_srp_gss_auth_init() gss_display_name failed maj=%d\n", maj);
         goto error;
     }
 
     disp_name = &disp_name_buf;
-    srp_debug_printf("srp_gss_accept_sec_context: UPN name=%.*s\n",
+    srp_debug_printf("_srp_gss_auth_init() srp_gss_accept_sec_context: UPN name=%.*s\n",
                      (int) disp_name_buf.length, (char *) disp_name_buf.value);
 
     srp_upn_name = calloc(disp_name_buf.length + 1, sizeof(char));
@@ -428,36 +574,84 @@ _srp_gss_auth_init(
 
 
     maj = _srp_gss_auth_create_machine_acct_binding(
+              &bUseCSRP,
               &min,
               &hServer);
     if (maj)
     {
+        srp_debug_printf("_srp_gss_auth_init() _srp_gss_auth_create_machine_acct_binding failed maj=%d\n", maj);
         maj = GSS_S_FAILURE;
         goto error;
     }
 
-    sts = cli_rpc_srp_verifier_new(
-            hServer ? hServer->hBinding : NULL,
-            hash_alg,
-            ng_type,
-            srp_upn_name,
-            ber_bytes_A->bv_val, (int) ber_bytes_A->bv_len,
-            &srp_bytes_B, &srp_bytes_B_len,
-            &srp_salt, &srp_decode_salt_len,
-            &srp_mda, &srp_decode_mda_len,
-            NULL, NULL, /* n_hex, g_hex */
-            &hSrp);
-    if (sts)
+    if (!bUseCSRP)
+    {
+        sts = cli_rpc_srp_verifier_new(
+                hServer ? hServer->hBinding : NULL,
+                hash_alg,
+                ng_type,
+                srp_upn_name,
+                ber_bytes_A->bv_val, (int) ber_bytes_A->bv_len,
+                &srp_bytes_B, &srp_bytes_B_len,
+                &srp_salt, &srp_decode_salt_len,
+                &srp_mda, &srp_decode_mda_len,
+                NULL, NULL, /* n_hex, g_hex */
+                &hSrp);
+        if (sts)
+        {
+            srp_debug_printf("_srp_gss_auth_init() cli_rpc_srp_verifier_new: failed sts=%d\n", sts);
+            maj = GSS_S_FAILURE;
+            min = sts;
+            goto error;
+        }
+        ver = (struct SRPVerifier *) hSrp, hSrp = NULL;
+    }
+    else
     {
-        maj = GSS_S_FAILURE;
-        min = sts;
-        goto error;
+        sts = _get_srp_secret_decoded(
+                  srp_upn_name,
+                  &srp_data);
+        if (sts)
+        {
+            srp_debug_printf("_srp_gss_auth_init() _get_srp_secret_decoded: failed sts=%d\n", sts);
+            maj = GSS_S_FAILURE;
+            min = sts;
+            goto error;
+        }
+
+        /* Call SRP library implementation directly */
+        ver =  srp_verifier_new(hash_alg, 
+                                ng_type,
+                                srp_upn_name,
+
+                                /* SRP Salt value */
+                                srp_data.salt, srp_data.salt_len,
+
+                                /* SRP "V" verifier secret */
+                                srp_data.v, srp_data.v_len,
+
+                                /* SRP bytes_A */
+                                ber_bytes_A->bv_val, (int) ber_bytes_A->bv_len,
+
+                                /* SRP bytes B */
+                                &srp_bytes_B, &srp_bytes_B_len,
+
+                                /* SRP n_hex / g_hex */
+                                NULL, NULL);
+        if (!ver)
+        {
+            srp_debug_printf("_srp_gss_auth_init() srp_verifier_new: failed sts=%d\n", sts);
+            maj = GSS_S_FAILURE;
+            goto error;
+        }
+        srp_salt = srp_data.salt;
+        srp_decode_salt_len = srp_data.salt_len;
+
     }
-    ver = (struct SRPVerifier *) hSrp, hSrp = NULL;
 
     if (!srp_bytes_B)
     {
-        srp_debug_printf("srp_verifier_new: failed!\n");
+        srp_debug_printf("_srp_gss_auth_init() srp_verifier_new: failed!\n");
         maj = GSS_S_FAILURE;
         goto error;
     }
@@ -496,6 +690,7 @@ _srp_gss_auth_init(
                  &ber_B);
     if (berror == -1)
     {
+        srp_debug_printf("_srp_gss_auth_init() ber_printf: failed berror=%d\n", berror);
         maj = GSS_S_FAILURE;
         goto error;
     }
@@ -503,6 +698,7 @@ _srp_gss_auth_init(
     berror = ber_flatten(ber_resp, &flatten);
     if (berror == -1)
     {
+        srp_debug_printf("_srp_gss_auth_init() ber_flatten: failed berror=%d\n", berror);
         maj = GSS_S_FAILURE;
         goto error;
     }
@@ -516,16 +712,24 @@ _srp_gss_auth_init(
     output_token->length = flatten->bv_len;
     memcpy(output_token->value, flatten->bv_val, flatten->bv_len);
 
-    sts = cli_rpc_srp_verifier_get_session_key(
-        hServer ? hServer->hBinding : NULL,
-        ver,
-        &srp_session_key,
-        &srp_session_key_len);
-    if (sts)
+    if (bUseCSRP)
     {
-        min = sts;
-        maj = GSS_S_FAILURE;
-        goto error;
+        srp_session_key = srp_verifier_get_session_key(ver, &srp_session_key_len);
+    }
+    else
+    {
+        sts = cli_rpc_srp_verifier_get_session_key(
+            hServer ? hServer->hBinding : NULL,
+            ver,
+            &srp_session_key,
+            &srp_session_key_len);
+        if (sts)
+        {
+            min = sts;
+            maj = GSS_S_FAILURE;
+            goto error;
+        }
+
     }
 
     if (srp_session_key && srp_session_key_len > 0)
@@ -554,6 +758,7 @@ _srp_gss_auth_init(
     /* Return the SRP session key in the context handle */
     srp_context_handle->srp_session_key_len = srp_session_key_len;
     srp_context_handle->srp_session_key = ret_srp_session_key, ret_srp_session_key = NULL;
+    srp_context_handle->bUseCSRP = bUseCSRP;
 
     srp_print_hex(srp_session_key, srp_session_key_len,
                   "_srp_gss_auth_init(accept_sec_ctx) got session key");
@@ -561,9 +766,16 @@ _srp_gss_auth_init(
 error:
     if (ver)
     {
-        cli_rpc_srp_verifier_delete(
-            hServer ? hServer->hBinding : NULL,
-            (void **) &ver);
+        if (bUseCSRP)
+        {
+            srp_verifier_delete(ver);
+        }
+        else
+        {
+            cli_rpc_srp_verifier_delete(
+                hServer ? hServer->hBinding : NULL,
+                (void **) &ver);
+        }
     }
     VmDirCloseServer(hServer);
     if (srp_upn_name)
@@ -586,11 +798,11 @@ _srp_gss_auth_init(
     {
         gss_release_buffer(&min_tmp, disp_name);
     }
-    if (srp_bytes_B)
+    if (!bUseCSRP && srp_bytes_B)
     {
         free((void *) srp_bytes_B);
     }
-    if (srp_salt)
+    if (!bUseCSRP && srp_salt)
     {
         free((void *) srp_salt);
     }
@@ -598,10 +810,14 @@ _srp_gss_auth_init(
     {
         free((void *) srp_mda);
     }
-    if (srp_session_key)
+    if (!bUseCSRP && srp_session_key)
     {
         free((void *) srp_session_key);
     }
+    if (bUseCSRP)
+    {
+        _free_srp_secret_decoded(&srp_data);
+    }
     if (ret_srp_session_key)
     {
         free((void *) ret_srp_session_key);
@@ -677,12 +893,26 @@ _srp_gss_validate_client(
     srp_print_hex(ber_srp_bytes_M->bv_val, (int) ber_srp_bytes_M->bv_len,
                   "_srp_gss_validate_client(accept_sec_ctx) received bytes_M");
 
-    hServer = srp_context_handle->hServer;
-    min = cli_rpc_srp_verifier_verify_session(
-              hServer->hBinding,
-              srp_context_handle->srp_ver,
-              ber_srp_bytes_M->bv_val, (int) ber_srp_bytes_M->bv_len,
-              &bytes_HAMK, &bytes_HAMK_len);
+    if (srp_context_handle->bUseCSRP)
+    {
+        srp_verifier_verify_session(
+            srp_context_handle->srp_ver,
+            ber_srp_bytes_M->bv_val,
+            &bytes_HAMK);
+        if (!bytes_HAMK)
+        {
+            min = rpc_s_auth_mut_fail;
+        }
+    }
+    else
+    {
+        hServer = srp_context_handle->hServer;
+        min = cli_rpc_srp_verifier_verify_session(
+                  hServer->hBinding,
+                  srp_context_handle->srp_ver,
+                  ber_srp_bytes_M->bv_val, (int) ber_srp_bytes_M->bv_len,
+                  &bytes_HAMK, &bytes_HAMK_len);
+    }
     if (min || !bytes_HAMK)
     {
         /*
@@ -710,22 +940,30 @@ _srp_gss_validate_client(
     }
     if (min == 0)
     {
-        /*
-         * Generate HAMK response. When min is an error code,
-         * an empty HAMK response (zero length) is created.
-         */
-        min = cli_rpc_srp_verifier_get_session_key_length(
-                  hServer->hBinding,
-                  srp_context_handle->srp_ver,
-                  (long *) &ber_HAMK.bv_len);
-        if (min)
+        if (srp_context_handle->bUseCSRP)
         {
-            maj = GSS_S_FAILURE;
-            goto error;
+            bytes_HAMK_len = srp_verifier_get_session_key_length(srp_context_handle->srp_ver);
+        }
+        else
+        {
+            /*
+             * Generate HAMK response. When min is an error code,
+             * an empty HAMK response (zero length) is created.
+             */
+            min = cli_rpc_srp_verifier_get_session_key_length(
+                      hServer->hBinding,
+                      srp_context_handle->srp_ver,
+                      (long *) &ber_HAMK.bv_len);
+            if (min)
+            {
+                maj = GSS_S_FAILURE;
+                goto error;
+            }
         }
     }
 
     ber_HAMK.bv_val = (void *) bytes_HAMK;
+    ber_HAMK.bv_len = bytes_HAMK_len;
     berror = ber_printf(ber_resp, "t{O}",
                   (int) SRP_AUTH_SERVER_VALIDATE,
                   &ber_HAMK);
@@ -762,7 +1000,7 @@ _srp_gss_validate_client(
     {
         ber_bvfree(ber_srp_bytes_M);
     }
-    if (bytes_HAMK)
+    if (!srp_context_handle->bUseCSRP && bytes_HAMK)
     {
         free((void *) bytes_HAMK);
     }
@@ -1070,13 +1308,20 @@ srp_gss_accept_sec_context(
             goto error;
         }
 
-        /* Clean up SRP server-side memory, then close the server context */
-        cli_rpc_srp_verifier_delete(
-            hServer->hBinding,
-            (void **) &srp_context_handle->srp_ver);
-
-        VmDirCloseServer(hServer);
-        srp_context_handle->hServer = NULL;
+        if (srp_context_handle->bUseCSRP)
+        {
+            srp_verifier_delete(srp_context_handle->srp_ver);
+        }
+        else
+        {
+            /* Clean up SRP server-side memory, then close the server context */
+            cli_rpc_srp_verifier_delete(
+                hServer->hBinding,
+                (void **) &srp_context_handle->srp_ver);
+    
+            VmDirCloseServer(hServer);
+            srp_context_handle->hServer = NULL;
+        }
     }
 
 error:
diff --git a/vmdir/gssapi-plugins/srp/srp_mech.c b/vmdir/gssapi-plugins/srp/srp_mech.c
index d568bc6de..79b190c6f 100644
--- a/vmdir/gssapi-plugins/srp/srp_mech.c
+++ b/vmdir/gssapi-plugins/srp/srp_mech.c
@@ -402,8 +402,8 @@ srp_gss_inquire_context(
 {
 	OM_uint32 ret = GSS_S_COMPLETE;
 
-    if (mech_type)
-        *mech_type = context_handle->mech_type;
+	if (mech_type)
+		*mech_type = context_handle->mech_type;
 
 	return (ret);
 }
diff --git a/vmdir/gssapi-plugins/unix/Makefile.am b/vmdir/gssapi-plugins/unix/Makefile.am
index a4721937a..a70c2405a 100644
--- a/vmdir/gssapi-plugins/unix/Makefile.am
+++ b/vmdir/gssapi-plugins/unix/Makefile.am
@@ -4,16 +4,16 @@ unix_srp_SOURCES = \
     unix_srp.c
 
 unix_srp_CPPFLAGS = \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir) \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-   -I$(top_builddir)/client \
+   -I$(top_srcdir)/vmdir/include \
+   -I$(top_srcdir)/vmdir \
+   -I$(top_srcdir)/vmdir/include/public \
+   -I$(top_srcdir)/vmdir/thirdparty \
+   -I$(top_builddir)/vmdir/client \
     @OPENSSL_INCLUDES@
 
 unix_srp_LDADD = \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmdir/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmdir/thirdparty/csrp/libcsrp.la \
     @CRYPT_LIBS@ \
     @OPENSSL_LDFLAGS@ \
     @CRYPTO_LIBS@
@@ -24,12 +24,12 @@ libgssapi_unix_la_CPPFLAGS = \
    -D_MIT_KRB5_1_11 \
    -D_MIT_KRB5_1_12 \
    -I. \
-   -I$(top_srcdir)/gssapi-plugins/srp \
-   -I$(top_srcdir)/include \
-   -I$(top_srcdir) \
-   -I$(top_srcdir)/include/public \
-   -I$(top_srcdir)/thirdparty \
-   -I$(top_builddir)/client \
+   -I$(top_srcdir)/vmdir/gssapi-plugins/srp \
+   -I$(top_srcdir)/vmdir/include \
+   -I$(top_srcdir)/vmdir \
+   -I$(top_srcdir)/vmdir/include/public \
+   -I$(top_srcdir)/vmdir/thirdparty \
+   -I$(top_builddir)/vmdir/client \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -52,9 +52,9 @@ libgssapi_unix_la_SOURCES = \
         unix_crypt.c
 
 libgssapi_unix_la_LIBADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
-    $(top_builddir)/client/libvmdirclient_la-srp_verifier_cstub.lo \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmdir/client/libvmdirclient_la-srp_verifier_cstub.lo \
     @DCERPC_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@ \
diff --git a/vmdir/gssapi-plugins/unix/gssapi_unix.h b/vmdir/gssapi-plugins/unix/gssapi_unix.h
index 8bfc49249..3f963b273 100644
--- a/vmdir/gssapi-plugins/unix/gssapi_unix.h
+++ b/vmdir/gssapi-plugins/unix/gssapi_unix.h
@@ -63,13 +63,6 @@ extern "C" {
 
 /* Reserved static storage for GSS_oids.  See rfc 1964 for more details. */
 
-/* 2.1.1. Kerberos Principal Name Form: */
-GSS_DLLIMP extern const gss_OID_desc * const GSS_KRB5_NT_PRINCIPAL_NAME;
-/* This name form shall be represented by the Object Identifier {iso(1)
- * member-body(2) United States(840) mit(113554) infosys(1) gssapi(2)
- * krb5(2) krb5_name(1)}.  The recommended symbolic name for this type
- * is "GSS_KRB5_NT_PRINCIPAL_NAME". */
-
 /* 2.1.2. Host-Based Service Name Form */
 #define GSS_KRB5_NT_HOSTBASED_SERVICE_NAME GSS_C_NT_HOSTBASED_SERVICE
 /* This name form shall be represented by the Object Identifier {iso(1)
diff --git a/vmdir/gssapi-plugins/unix/unix_crypt.c b/vmdir/gssapi-plugins/unix/unix_crypt.c
index 176e03195..7a5d6f9c3 100644
--- a/vmdir/gssapi-plugins/unix/unix_crypt.c
+++ b/vmdir/gssapi-plugins/unix/unix_crypt.c
@@ -176,6 +176,12 @@ int get_sp_salt(const char *username,
         sp = strrchr(salt, '$');
         salt_len = sp - salt + 1;
     }
+    if(salt_len == 0)//locked user, user with nologin etc
+    {
+        st = -1;
+        errno = EPERM;
+        goto error;
+    }
     salt[salt_len] = '\0';
     *ret_salt = salt;
     *ret_encpwd = encpwd;
diff --git a/vmdir/gssapi-plugins/unix/unix_mech.c b/vmdir/gssapi-plugins/unix/unix_mech.c
index ea46fcf6d..5bfc61318 100644
--- a/vmdir/gssapi-plugins/unix/unix_mech.c
+++ b/vmdir/gssapi-plugins/unix/unix_mech.c
@@ -447,8 +447,8 @@ srp_gss_inquire_context(
 {
 	OM_uint32 ret = GSS_S_COMPLETE;
 
-    if (mech_type)
-        *mech_type = context_handle->mech_type;
+	if (mech_type)
+		*mech_type = context_handle->mech_type;
 
 	return (ret);
 }
diff --git a/vmdir/include/public/vmdir.h b/vmdir/include/public/vmdir.h
index d551bd7b1..4b0c61d26 100644
--- a/vmdir/include/public/vmdir.h
+++ b/vmdir/include/public/vmdir.h
@@ -45,8 +45,18 @@ extern "C" {
 #define DEFAULT_LDAPS_PORT_NUM          636
 #define DEFAULT_LDAPS_PORT_STR          "636"
 
-#define DEFAULT_REST_PORT_NUM           7477
-#define DEFAULT_REST_PORT_STR           "7477"
+#define DEFAULT_HTTP_PORT_NUM           7477
+#define DEFAULT_HTTP_PORT_STR          "7477p"
+
+#define DEFAULT_HTTPS_PORT_NUM           7478
+ /*
+  * SSL logic is present in both c-rest-engine (for https) and vmdir (for ldaps)
+  * during shutdown ssl related metrics are freed by c-rest-engine while SASL bind is
+  * being performed by replication thread.
+  * Temporarily disable HTTPS end point by default, until ssl init logic is fixed in c-rest-engine
+  */
+//#define DEFAULT_HTTPS_PORT_STR          "7478"
+#define DEFAULT_HTTPS_PORT_STR          ""
 
 #define LEGACY_DEFAULT_LDAP_PORT_NUM       11711
 #define LEGACY_DEFAULT_LDAP_PORT_STR       "11711"
@@ -67,6 +77,7 @@ extern "C" {
 #define SERVER_STATUS_DN                        "cn=serverstatus"
 #define REPLICATION_STATUS_DN                   "cn=replicationstatus"
 #define SCHEMA_REPL_STATUS_DN                   "cn=schemareplstatus"
+#define INTEGRITY_CHECK_STATUS_DN               "cn=integritycheckstatus"
 
 #define VMDIR_DOMAIN_CONTROLLERS_RDN_VAL        "Domain Controllers"
 #define VMDIR_COMPUTERS_RDN_VAL                 "Computers"
@@ -373,6 +384,7 @@ extern "C" {
 #define OC_VMW_SERVICEPRINCIPAL          "vmwServicePrincipal"
 
 #define OC_VMW_CONTAINER                 "vmwContainer"
+#define OC_VMW_CERTIFICATION_AUTHORITY   "vmwCertificationAuthority"
 
 #define OC_CONTAINER                     "container"
 #define OC_SERVER_STATUS                 "vmwDirServerStatus"
@@ -406,6 +418,9 @@ extern "C" {
 #define CM_OBJECTCLASS_SITE             "vmwCisSite"
 #define CM_OBJECTCLASS_LDU              "vmwCisLdu"
 
+// cn=integritycheck sudo entry
+#define INTEGRITY_CHECK_STATUS_CN       "IntegrityCheckStatus"
+
 // cn=replicationstatus sudo entry
 #define REPLICATION_STATUS_CN           "ReplicationStatus"
 #define REPL_STATUS_SERVER_NAME         "Server Name: "
@@ -467,6 +482,9 @@ extern "C" {
 #define VDIR_LDAP_CONTROL_SHOW_MASTER_KEY         "9999.9990.9900.9000.1" //shouldn't be published
 // #define LDAP_CONTROL_SYNC       LDAP_SYNC_OID ".1" defined in ldap.h
 
+// vmw OID for Integrity Check Control Search
+#define LDAP_CONTROL_DIGEST_SEARCH                "1.3.6.1.4.1.6876.40.10.2"
+
 // Logging stuff
 #define MAX_LOG_MESSAGE_LEN    4096
 
diff --git a/vmdir/include/public/vmdirclient.h b/vmdir/include/public/vmdirclient.h
index f0ade2dba..eda362b2c 100644
--- a/vmdir/include/public/vmdirclient.h
+++ b/vmdir/include/public/vmdirclient.h
@@ -36,6 +36,63 @@ extern "C" {
 #define VMDIR_MAX_UPN_LEN                   512
 #define VMDIR_CLIENT_JOIN_FLAGS_PREJOINED   0x00000001
 
+/*
+ * API exposed for HA Topology Management
+ */
+DWORD
+VmDirGetCurrentTopologyAtSite(
+    PCSTR                           pszUserName,
+    PCSTR                           pszPassword,
+    PCSTR                           pszHostName,
+    PCSTR                           pszSiteName,
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    );
+
+DWORD
+VmDirGetCurrentGlobalTopology(
+    PCSTR                           pszUserName,
+    PCSTR                           pszPassword,
+    PCSTR                           pszHostName,
+    BOOLEAN                         bConsiderOfflineNodes,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppCurTopology // Output
+    );
+
+DWORD
+VmDirGetProposedTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY* ppNewTopology // Output
+    );
+
+DWORD
+VmDirGetChangesInTopology(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology,
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology,
+    PVMDIR_HA_TOPOLOGY_CHANGES*     ppTopologyChanges //Output
+    );
+
+DWORD
+VmDirApplyTopologyChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges
+    );
+
+VOID
+VmDirFreeHATopologyData(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology
+    );
+
+VOID
+VmDirFreeHAServerInfo(
+    PVMDIR_HA_SERVER_INFO   pServer
+    );
+
+VOID
+VmDirFreeHATopologyChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges
+    );
+/*
+ * API for HA Topology Management end here
+ */
 DWORD
 VmDirConnectionOpen(
     PCSTR pszLdapURI,
@@ -315,6 +372,13 @@ VmDirGetKrbUPNKey(
     DWORD*      pSize
     );
 
+DWORD
+VmDirLocalGetSRPSecret(
+    PCSTR       pszUPN,
+    PBYTE*      ppSecretBlob,
+    DWORD*      pSize
+);
+
 DWORD
 VmDirSetSRPSecret(
     PCSTR       pszUPN,
diff --git a/vmdir/include/public/vmdirerrors.h b/vmdir/include/public/vmdirerrors.h
index d78e2b3f2..056e09377 100644
--- a/vmdir/include/public/vmdirerrors.h
+++ b/vmdir/include/public/vmdirerrors.h
@@ -30,10 +30,11 @@
 
 #define VMDIR_ERROR_BASE            9000
 
-#define VMDIR_SYSTEM_ERROR_BASE     0
-#define VMDIR_GENERIC_ERROR_BASE    100
-#define VMDIR_SCHEMA_ERROR_BASE     600
-#define VMDIR_BACKEND_ERROR_BASE    700
+#define VMDIR_SYSTEM_ERROR_BASE           0
+#define VMDIR_GENERIC_ERROR_BASE          100
+#define VMDIR_CUSTOMIZED_LDAP_ERROR_BASE  300
+#define VMDIR_SCHEMA_ERROR_BASE           600
+#define VMDIR_BACKEND_ERROR_BASE          700
 
 #define VMDIR_SUCCESS   0
 
@@ -55,6 +56,8 @@
 #define VMDIR_ERROR_CANNOT_LOAD_LIBRARY               (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 7 )      // 9007
 #define VMDIR_ERROR_INVALID_STATE                     (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 8 )      // 9008
 #define VMDIR_ERROR_DEPRECATED_FUNCTION               (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 9 )      // 9009
+#define VMDIR_ERROR_FILE_OPEN                         (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 10 )     // 9010
+#define VMDIR_ERROR_FILE_READ                         (VMDIR_ERROR_BASE + VMDIR_SYSTEM_ERROR_BASE + 11 )     // 9011
 
 // generic error 9100~9599
 #define IS_VMDIR_GENERIC_ERROR_SPACE(n) \
@@ -93,6 +96,9 @@
 #define VMDIR_ERROR_INCOMPLETE_MAX_DFL                (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 30)      // 9130
 #define VMDIR_ERROR_RESTORE_ERROR                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 31)      // 9131
 #define VMDIR_ERROR_AUTH_BAD_DATA                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 32)      // 9132
+#define VMDIR_ERROR_AFD_UNAVAILABLE                   (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 33)      // 9133
+#define VMDIR_ERROR_OIDC_UNAVAILABLE                  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 34)      // 9134
+#define VMDIR_ERROR_ALREADY_PROMOTED                  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 33)      // 9135
 
 // SID/ACL 9200 ~9229
 #define VMDIR_ERROR_RID_LIMIT_EXCEEDED                (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 100 )    // 9200
@@ -103,6 +109,9 @@
 #define VMDIR_ERROR_TOKEN_IN_USE                      (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 105 )    // 9205
 #define VMDIR_ERROR_NO_MYSELF                         (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 106 )    // 9206
 #define VMDIR_ERROR_INSUFFICIENT_ACCESS               (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 107)     // 9207
+#define VMDIR_ERROR_ACL_VIOLATION                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 108)     // 9208
+#define VMDIR_ERROR_INVALID_ACE                       (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 109)     // 9209
+#define VMDIR_ERROR_ACE_NOT_FOUND                     (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 110)     // 9210
 
 // user account management 9230 ~ 9269
 #define VMDIR_ERROR_PASSWORD_TOO_LONG                 (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 130 )    // 9230
@@ -127,6 +136,16 @@
 #define VMDIR_ERROR_VDCREPADMIN_GENERAL               (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 173 )    // 9273
 #define VMDIR_ERROR_VDCREPADMIN_TOO_FEW_REPLICATION_PARTNERS  (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 174 )    // 9274
 #define VMDIR_ERROR_RESTORE_PARTNERS_UNAVAILABLE      (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 175 )    // 9275
+#define VMDIR_ERROR_OPTION_UNKNOWN                    (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 176 )    // 9276
+#define VMDIR_ERROR_OPTION_INVALID                    (VMDIR_ERROR_BASE + VMDIR_GENERIC_ERROR_BASE + 177 )    // 9277
+
+//////////////////////////////////////////////////////////////////////////////////////////////////
+// customized LDAP return code (range 9300 - 9399)
+//////////////////////////////////////////////////////////////////////////////////////////////////
+#define IS_CUSTOMIZED_VMDIR_LDAP_ERROR_SPACE(n) \
+    VMDIR_RANGE((n),(VMDIR_ERROR_BASE + VMDIR_CUSTOMIZED_LDAP_ERROR_BASE) , (VMDIR_ERROR_BASE + VMDIR_CUSTOMIZED_LDAP_ERROR_BASE + 99) )
+
+#define VMDIR_LDAP_ERROR_PRE_CONDITION                (VMDIR_ERROR_BASE + VMDIR_CUSTOMIZED_LDAP_ERROR_BASE + 0) // 9300
 
 //////////////////////////////////////////////////////////////////////////////////////////////////
 // schema error (range 9600 - 9699)
diff --git a/vmdir/include/public/vmdirtypes.h b/vmdir/include/public/vmdirtypes.h
old mode 100644
new mode 100755
index 32c23f948..7eda506db
--- a/vmdir/include/public/vmdirtypes.h
+++ b/vmdir/include/public/vmdirtypes.h
@@ -138,6 +138,40 @@ typedef struct _VMDIR_CONNECTION* PVMDIR_CONNECTION;
 
 typedef struct _VMDIR_SERVER_CONTEXT VMDIR_SERVER_CONTEXT, *PVMDIR_SERVER_CONTEXT;
 
+/*
+ * Structure required for HA topology Management
+ */
+typedef struct _VMDIR_HA_SERVER_INFO
+{
+    PSTR                            pszHostName;
+    PSTR                            pszServerName;
+    PSTR                            pszSiteName;
+    PVMDIR_CONNECTION               pConnection;
+    struct _VMDIR_HA_SERVER_INFO**  ppPartnerList;
+    DWORD                           dwPartnerCnt;
+    DWORD                           dwIdx;
+} VMDIR_HA_SERVER_INFO, *PVMDIR_HA_SERVER_INFO;
+
+typedef struct _VMDIR_HA_REPLICATION_TOPOLOGY
+{
+    PVMDIR_HA_SERVER_INFO*  ppConsiderList;
+    DWORD                   dwConsiderListCnt;
+    PVMDIR_HA_SERVER_INFO*  ppOnlineList;
+    DWORD                   dwOnlineListCnt;
+    PVMDIR_HA_SERVER_INFO*  ppOfflineList;
+    DWORD                   dwOfflineListCnt;
+} VMDIR_HA_REPLICATION_TOPOLOGY, *PVMDIR_HA_REPLICATION_TOPOLOGY;
+
+typedef struct _VMDIR_HA_TOPOLOGY_CHANGES
+{
+    PVMDIR_HA_SERVER_INFO*  ppAddLinkList;
+    DWORD                   dwAddListCnt;
+    PVMDIR_HA_SERVER_INFO*  ppDelLinkList;
+    DWORD                   dwDelListCnt;
+} VMDIR_HA_TOPOLOGY_CHANGES, *PVMDIR_HA_TOPOLOGY_CHANGES;
+/*
+ * Structure for HA topology Management end here
+ */
 
 typedef enum
 {
diff --git a/vmdir/include/type_spec.h b/vmdir/include/type_spec.h
index 5dbeaa2af..8067a1604 100644
--- a/vmdir/include/type_spec.h
+++ b/vmdir/include/type_spec.h
@@ -248,7 +248,7 @@ typedef struct _VMW_TYPE_SPEC_
 {\
     {\
         "UPN",\
-        VMW_IPC_TYPE_WSTRING,\
+        VMW_IPC_TYPE_STRING,\
         {NULL}\
     },\
 }
diff --git a/vmdir/include/vmdircommon.h b/vmdir/include/vmdircommon.h
index 2f0591c8d..dd2bd1c4b 100644
--- a/vmdir/include/vmdircommon.h
+++ b/vmdir/include/vmdircommon.h
@@ -544,6 +544,14 @@ VmDirStringNPrintFA(
     ...
 );
 
+DWORD
+VmDirStringReplaceAll(
+    PCSTR   pszSrc,
+    PCSTR   pszPatn,
+    PCSTR   pszRplc,
+    PSTR*   ppszDst
+    );
+
 VOID
 VmdDirNormalizeString(
     PSTR    pszString
@@ -629,18 +637,19 @@ VmDirLogGetMask(
 
 PCSTR
 VmDirSearchDomainDN(
-    PCSTR pszNormObjectDN
+    PCSTR   pszNormObjectDN
     );
 
 DWORD
 VmDirDomainDNToName(
-    PCSTR pszDomainDN,
-    PSTR* ppszDomainName);
+    PCSTR   pszDomainDN,
+    PSTR*   ppszDomainName
+    );
 
 DWORD
-VmDirSrvCreateDomainDN(
-    PCSTR pszFQDomainName,
-    PSTR* ppszDomainDN
+VmDirDomainNameToDN(
+    PCSTR   pszDomainName,
+    PSTR*   ppszDomainDN
     );
 
 DWORD
@@ -650,6 +659,12 @@ VmDirConnectLDAPServerWithMachineAccount(
     LDAP** ppLd
     );
 
+DWORD
+VmDirStringToUSN(
+    PCSTR   pszUSNStr,
+    USN*    poutUSN
+    );
+
 DWORD
 VmDirGetDomainFuncLvlInternal(
     LDAP*  pLd,
@@ -921,7 +936,8 @@ typedef enum
 #define VMDIR_REG_KEY_LDAPS_LISTEN_PORTS      "LdapsListenPorts"
 #define VMDIR_REG_KEY_LDAP_CONNECT_PORTS      "LdapConnectPorts"
 #define VMDIR_REG_KEY_LDAPS_CONNECT_PORTS     "LdapsConnectPorts"
-#define VMDIR_REG_KEY_REST_LISTEN_PORT        "RestListenPort"
+#define VMDIR_REG_KEY_HTTP_LISTEN_PORT        "RestListenHTTPPort"
+#define VMDIR_REG_KEY_HTTPS_LISTEN_PORT       "RestListenHTTPSPort"
 #define VMDIR_REG_KEY_LDAP_RECV_TIMEOUT_SEC   "LdapRecvTimeoutSec"
 #define VMDIR_REG_KEY_ALLOW_ADMIN_LOCKOUT     "AllowAdminLockout"
 #define VMDIR_REG_KEY_MAX_OP_THREADS          "MaxLdapOpThrs"
@@ -1152,21 +1168,31 @@ VmDirConditionBroadcast2003(
 DWORD
 VmDirCreateThread(
     PVMDIR_THREAD pThread,
-    BOOLEAN bDetached,
+    BOOLEAN bJoinThr,
     PVMDIR_START_ROUTINE pStartRoutine,
     PVOID pArgs
-);
+    );
 
 DWORD
 VmDirThreadJoin(
     PVMDIR_THREAD pThread,
     PDWORD pRetVal
-);
+    );
 
 VOID
 VmDirFreeVmDirThread(
     PVMDIR_THREAD pThread
-);
+    );
+
+VOID
+VmDirRaiseThreadPriority(
+    int iDelta
+    );
+
+VOID
+VmDirDropThreadPriority(
+    int iDelta
+    );
 
 DWORD
 VmDirAllocateSyncCounter(
@@ -1654,10 +1680,11 @@ VmDirAnonymousLDAPBind(
 
 int
 VmDirCreateSyncRequestControl(
-    PCSTR pszInvocationId,
-    USN lastLocalUsnProcessed,
-    PCSTR pszUtdVector,
-    LDAPControl *syncReqCtrl
+    PCSTR           pszInvocationId,
+    USN             lastLocalUsnProcessed,
+    PCSTR           pszUtdVector,
+    BOOLEAN         bFirstPage,
+    LDAPControl*    syncReqCtrl
     );
 
 VOID
@@ -2211,6 +2238,13 @@ VmDirStringToTokenList(
     PVMDIR_STRING_LIST *ppStrList
     );
 
+DWORD
+VmDirStringToTokenListExt(
+    PCSTR pszStr,
+    PCSTR pszDelimiter,
+    PVMDIR_STRING_LIST *ppStrList
+    );
+
 DWORD
 VmDirUTDVectorToStruct(
     PCSTR   pszStr,
diff --git a/vmdir/include/vmdircommon_schema.h b/vmdir/include/vmdircommon_schema.h
index fa6aed9e8..eaab07842 100644
--- a/vmdir/include/vmdircommon_schema.h
+++ b/vmdir/include/vmdircommon_schema.h
@@ -445,6 +445,11 @@ VmDirLdapSchemaRemoveNoopData(
     PVDIR_LDAP_SCHEMA   pSchema
     );
 
+BOOLEAN
+VmDirLdapSchemaIsEmpty(
+    PVDIR_LDAP_SCHEMA   pSchema
+    );
+
 VOID
 VmDirFreeLdapSchema(
     PVDIR_LDAP_SCHEMA   pSchema
diff --git a/vmdir/include/vmdirdefines.h b/vmdir/include/vmdirdefines.h
index c97af06d0..49a46a747 100644
--- a/vmdir/include/vmdirdefines.h
+++ b/vmdir/include/vmdirdefines.h
@@ -36,7 +36,6 @@ extern "C" {
 #define VMDIR_PCSTR_UNKNOWN "unknown"
 
 #ifdef _WIN32
-    #define HAVE_LMDB_H
     #define PCVOID const PVOID
     #define ssize_t SSIZE_T
 
@@ -543,6 +542,14 @@ extern "C" {
                                    Mask, "[file: %s][line: %d] " Format,\
                                    __FILE__, __LINE__, ##__VA_ARGS__ )
 
+#define VMDIR_SAFE_LDAP_UNBIND(pLd)                 \
+    do {                                            \
+        if ((pLd)) {                                \
+            ldap_unbind_ext_s( pLd, NULL, NULL);    \
+            (pLd) = NULL;                           \
+        }                                           \
+    } while(0)
+
 // if VDIR_CONNECTION has bind info in VDIR_ACCESS_INFO, use it; otherwise,
 // this is an internal operation and hence uses default administrator DN
 #define VMDIR_CURRENT_AUTHENTICATED_DN( pAccessInfo )       \
@@ -732,7 +739,7 @@ if ( VMDIR_ASCII_UPPER(c) )             \
 #define VMDIR_IPC_INITIALIZE_HOST      0
 #define VMDIR_IPC_INITIALIZE_TENANT    1
 #define VMDIR_IPC_FORCE_RESET_PASSWORD 2
-//#define VMDIR_IPC_GET_SRP_SECRET       3
+#define VMDIR_IPC_GET_SRP_SECRET       3
 #define VMDIR_IPC_SET_SRP_SECRET       4
 #define VMDIR_IPC_GENERATE_PASSWORD    5
 #define VMDIR_IPC_GET_SERVER_STATE     6
diff --git a/vmdir/include/vmdirtesting.h b/vmdir/include/vmdirtesting.h
index 9af98f2cf..1c3df5901 100644
--- a/vmdir/include/vmdirtesting.h
+++ b/vmdir/include/vmdirtesting.h
@@ -34,6 +34,11 @@ typedef struct _VMDIR_TEST_STATE
     //
     LDAP *pLdAnonymous;
 
+    //
+    // Customizable connection to the server.
+    //
+    LDAP *pLdCustom;
+
     //
     // The test runner's cleanup callback. We'll call this when an assertion
     // fails and we're going to exit() the process.
@@ -41,6 +46,7 @@ typedef struct _VMDIR_TEST_STATE
     PTEST_CLEANUP_CALLBACK  pfnCleanupCallback;
 
     PCSTR pszServerName;        // The server name
+    PCSTR pszUserUPN;           // UserUPN to connect with.
     PCSTR pszUserName;          // Username to connect with.
     PCSTR pszPassword;          // Password to connect with.
     PCSTR pszDomain;            // The domain to use (e.g., vsphere.local)
@@ -120,9 +126,11 @@ VmDirTestGetAttributeValue(
 
 DWORD
 VmDirTestGetObjectList(
-    LDAP *pLd,
-    PCSTR pszDn,
-    PVMDIR_STRING_LIST *ppObjectList /* OPTIONAL */
+    LDAP*               pLd,
+    PCSTR               pszDn,
+    PCSTR               pszFilter,      /* OPTIONAL */
+    PCSTR               pszAttr,        /* OPTIONAL */
+    PVMDIR_STRING_LIST* ppObjectList    /* OPTIONAL */
     );
 
 VOID
@@ -183,7 +191,14 @@ VmDirTestGetInternalUserDn(
 DWORD
 VmDirTestCreateContainer(
     PVMDIR_TEST_STATE pState,
-    PCSTR pszName
+    PCSTR pszName,
+    PCSTR pszAcl /* OPTIONAL */
+    );
+
+DWORD
+VmDirTestDeleteContainer(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
     );
 
 DWORD
@@ -195,19 +210,37 @@ VmDirTestCreateUser(
     );
 
 DWORD
-VmDirTestAddUserToGroup(
-    PVMDIR_TEST_STATE pState,
+VmDirTestAddUserToGroupByDn(
+    LDAP *pLd,
     PCSTR pszUserDn,
     PCSTR pszGroupDn
     );
 
 DWORD
-VmDirTestRemoveUserFromGroup(
-    PVMDIR_TEST_STATE pState,
+VmDirTestAddUserToGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    );
+
+DWORD
+VmDirTestRemoveUserFromGroupByDn(
+    LDAP *pLd,
     PCSTR pszUserDn,
     PCSTR pszGroupDn
     );
 
+DWORD
+VmDirTestRemoveUserFromGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    );
+
 DWORD
 VmDirTestDeleteUserEx(
     PVMDIR_TEST_STATE pState,
@@ -261,6 +294,51 @@ VmDirTestConnectionFromUser(
     LDAP **ppLd
     );
 
+DWORD
+VmDirTestCreateGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroupName,
+    PCSTR pszAcl /* OPTIONAL */
+    );
+
+DWORD
+VmDirTestDeleteGroupEx(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroup,
+    BOOLEAN bUseLimitedAccount
+    );
+
+DWORD
+VmDirTestDeleteGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszUserName
+    );
+
+DWORD
+VmDirTestGetGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupName,
+    PCSTR pszContainer, // optional
+    PSTR *ppszGroupSid
+    );
+
+DWORD
+VmDirTestListUsersGroups(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PVMDIR_STRING_LIST *ppvsGroups /* OUT */
+    );
+
+DWORD
+VmDirTestListGroupMembers(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PVMDIR_STRING_LIST *ppvsMembers/* OUT */
+    );
+
 DWORD
 VmDirTestCreateClass(
     PVMDIR_TEST_STATE pState,
@@ -276,7 +354,20 @@ VmDirTestCreateObject(
     );
 
 DWORD
-VmDirTestDeleteContainer(
+VmDirTestCreateObjectByDNPrefix(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszDNPrefix,
+    PCSTR               pszClassName
+    );
+
+DWORD
+VmDirTestDeleteObjectByDNPrefix(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszDNPrefix
+    );
+
+DWORD
+VmDirTestDeleteContainerByDn(
     LDAP *pLd,
     PCSTR pszContainerDn
     );
@@ -286,6 +377,26 @@ VmDirTestGetGuid(
     PSTR *ppszGuid
     );
 
+DWORD
+VmDirTestCreateSimpleUser(
+    LDAP *pLd,
+    PCSTR pszCN,
+    PCSTR pszUserDN
+    );
+
+DWORD
+VmDirTestCreateSimpgleContainer(
+    LDAP *pLd,
+    PCSTR pszCN,
+    PCSTR pszContainerDN
+    );
+
+BOOLEAN
+VmDirTestCanReadSingleEntry(
+    LDAP* pLd,
+    PCSTR pszBaseDn
+    );
+
 #define TestAssertEquals(a, b) if (a != b) { VmDirTestReportAssertionFailureDwordOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
 #define TestAssertNotEquals(a, b) if (a == b) { VmDirTestReportAssertionFailureDwordOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
 
@@ -295,5 +406,8 @@ VmDirTestGetGuid(
 #define TestAssertStrEquals(a, b) if (strcmp(a, b) != 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
 #define TestAssertStrNotEquals(a, b) if (strcmp(a, b) == 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
 
+#define TestAssertStrIEquals(a, b) if (VmDirStringCompare(a, b, TRUE) != 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, TRUE, __FILE__, __FUNCTION__, __LINE__, pState); }
+#define TestAssertStrINotEquals(a, b) if (VmDirStringCompare(a, b, TRUE) == 0) { VmDirTestReportAssertionFailureStringOperands(#a, #b, a, b, FALSE, __FILE__, __FUNCTION__, __LINE__, pState); }
+
 #define TestAssert(expr) if (!(expr)) { VmDirTestReportAssertionFailure(#expr, "", __FILE__, __FUNCTION__, __LINE__, pState); }
 #define TestAssertMsg(expr, msg) if (!(expr)) { VmDirTestReportAssertionFailure(#expr, msg, __FILE__, __FUNCTION__, __LINE__, pState); }
diff --git a/vmdir/include/vmkdcdefines.h b/vmdir/include/vmkdcdefines.h
index 19226e289..4694c6ad1 100644
--- a/vmdir/include/vmkdcdefines.h
+++ b/vmdir/include/vmkdcdefines.h
@@ -35,7 +35,6 @@ extern "C" {
 
 #ifdef _WIN32
 
-#define HAVE_MDB_H
 #define PSECURITY_DESCRIPTOR_ABSOLUTE PSECURITY_DESCRIPTOR
 #define PSECURITY_DESCRIPTOR_RELATIVE PSECURITY_DESCRIPTOR
 #define BOOLEAN BOOL
diff --git a/vmdir/interop/csharp/VmDirInterop/VmDirInterop/Schema/SchemaConnection.cs b/vmdir/interop/csharp/VmDirInterop/VmDirInterop/Schema/SchemaConnection.cs
index a34c67812..c64911dd0 100644
--- a/vmdir/interop/csharp/VmDirInterop/VmDirInterop/Schema/SchemaConnection.cs
+++ b/vmdir/interop/csharp/VmDirInterop/VmDirInterop/Schema/SchemaConnection.cs
@@ -1,259 +1,257 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *·
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-using System;
-using System.Collections;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading;
-using VMDirInterop;
-using VMDirInterop.LDAP;
-using VMDirInterop.Interfaces;
-using VmDirInterop.Schema.Constants;
-using VmDirInterop.Schema.Definitions;
-using VmDirInterop.Schema.Diffs;
-using VmDirInterop.Schema.Entries;
-using VmDirInterop.Schema.Exceptions;
-using VmDirInterop.Schema.Interfaces;
-using VmDirInterop.Schema.Metadata;
-using VmDirInterop.Schema.Utils;
-using System.Xml;
-
-namespace VmDirInterop.Schema
-{
-    public class SchemaConnection : ISchemaConnection
-    {
-        private IEntryFetcherFactory entryFetcherFactory;
-        private IEntryFetcher baseEntryFetcher;
-        private IDictionary<String, IEntryFetcher> entryFetchers;
-        private String baseServerName;
-
-        public SchemaConnection(String baseHost, String upn, String passwd)
-            : this(new EntryFetcherFactory(), baseHost, upn, passwd)
-        {
-        }
-
-        public SchemaConnection(IEntryFetcherFactory entryFetcherFactory, String baseHost, String upn, String passwd)
-        {
-            this.entryFetcherFactory = entryFetcherFactory;
-            baseEntryFetcher = entryFetcherFactory.CreateEntryFetcher(baseHost, upn, passwd);
-            if (baseEntryFetcher == null)
-            {
-                throw new SchemaConnectionException("Base server is not reachable");
-            }
-
-            entryFetchers = new Dictionary<String, IEntryFetcher>();
-
-            DseRootEntry dseRootEntry = baseEntryFetcher.GetDseRootEntry();
-            ServerEntry serverEntry = baseEntryFetcher.GetServerEntry(dseRootEntry.serverDn);
-            baseServerName = serverEntry.serverName;
-
-            RefreshSchemaConnection(upn, passwd);
-        }
-
-        public String GetBaseServerName()
-        {
-            return baseServerName;
-        }
-
-        public IDictionary<String, Boolean> GetAllServerStatus()
-        {
-            IDictionary<String, Boolean> reachable = new Dictionary<String, Boolean>();
-            foreach (KeyValuePair<String, IEntryFetcher> p in entryFetchers)
-            {
-                reachable.Add(p.Key, p.Value != null);
-            }
-            return reachable;
-        }
-
-        public IDictionary<String, SchemaDefinitionDiff> GetAllSchemaDefinitionDiffs()
-        {
-            IDictionary<String, SchemaDefinitionDiff> diffs =
-                new Dictionary<String, SchemaDefinitionDiff>();
-
-            SubSchemaSubEntry baseSubSchema = baseEntryFetcher.GetSubSchemaSubEntry();
-            foreach (KeyValuePair<String, IEntryFetcher> p in entryFetchers)
-            {
-                String serverName = p.Key;
-                IEntryFetcher fetcher = p.Value;
-                SchemaDefinitionDiff diff = null;
-                if (fetcher != null)
-                {
-                    SubSchemaSubEntry otherSubSchema = fetcher.GetSubSchemaSubEntry();
-                    diff = new SchemaDefinitionDiff(baseSubSchema, otherSubSchema);
-                }
-                diffs.Add(serverName, diff);
-            }
-            return diffs;
-        }
-
-        public IDictionary<String, SchemaMetadataDiff> GetAllSchemaMetadataDiffs()
-        {
-            IDictionary<String, SchemaMetadataDiff> diffs
-                = new Dictionary<String, SchemaMetadataDiff>();
-
-            SchemaComparableList<SchemaEntry> baseAtEntries =
-                baseEntryFetcher.GetAttributeSchemaEntries();
-            SchemaComparableList<SchemaEntry> baseOcEntries =
-                baseEntryFetcher.GetClassSchemaEntries();
-
-            foreach (KeyValuePair<String, IEntryFetcher> p in entryFetchers)
-            {
-                String serverName = p.Key;
-                IEntryFetcher fetcher = p.Value;
-                SchemaMetadataDiff diff = null;
-                if (fetcher != null)
-                {
-                    SchemaComparableList<SchemaEntry> otherAtEntries =
-                        fetcher.GetAttributeSchemaEntries();
-                    SchemaComparableList<SchemaEntry> otherOcEntries =
-                        fetcher.GetClassSchemaEntries();
-
-                    diff = new SchemaMetadataDiff(
-                        baseAtEntries, baseOcEntries, otherAtEntries, otherOcEntries);
-                }
-                diffs.Add(serverName, diff);
-            }
-            return diffs;
-        }
-
-        public void RefreshSchemaConnection(String upn, String passwd)
-        {
-            IList<ServerEntry> serverEntries = baseEntryFetcher.GetServerEntries();
-            entryFetchers.Clear();
-
-            Mutex mutex = new Mutex();
-            Parallel.ForEach(serverEntries, (e) =>
-            {
-                if (String.Compare(baseServerName, e.serverName) != 0)
-                {
-                    IEntryFetcher entryFetcher =
-                        entryFetcherFactory.CreateEntryFetcher(
-                        e.serverName, upn, passwd);
-
-                    mutex.WaitOne();
-                    entryFetchers.Add(e.serverName, entryFetcher);
-                    mutex.ReleaseMutex();
-                }
-            });
-        }
-
-        public void ExportToXML(String filepath)
-        {
-            using (XmlTextWriter writer = new XmlTextWriter(filepath, null))
-            {
-                writer.Formatting = Formatting.Indented;
-                writer.WriteStartDocument();
-                writer.WriteStartElement("Node");
-
-                // host name
-                writer.WriteElementString("HostName", baseServerName);
-
-                // host status
-                writer.WriteElementString("Status", "1");
-
-                // dse root
-                DseRootEntry dseRootEntry = baseEntryFetcher.GetDseRootEntry();
-                writer.WriteStartElement("DseRootEntry");
-                writer.WriteElementString("Domain", dseRootEntry.domain);
-                writer.WriteElementString("ServerDn", dseRootEntry.serverDn);
-                writer.WriteEndElement();
-
-                // list of server nodes
-                IList<ServerEntry> serverEntries = baseEntryFetcher.GetServerEntries();
-                writer.WriteStartElement("ServerEntries");
-                foreach (ServerEntry e in serverEntries)
-                {
-                    writer.WriteStartElement("ServerEntry");
-                    writer.WriteElementString("DN", e.dn);
-                    writer.WriteElementString("ServerName", e.serverName);
-                    writer.WriteEndElement();
-                }
-                writer.WriteEndElement();
-
-                // subschema subentry
-                SubSchemaSubEntry baseSubSchema = baseEntryFetcher.GetSubSchemaSubEntry();
-                writer.WriteStartElement("SubSchemaSubEntry");
-                writer.WriteStartElement("AttributeTypes");
-                foreach (AttributeType at in baseSubSchema.GetAttributeTypeList())
-                {
-                    writer.WriteElementString("AttributeType", at.ToString());
-                }
-                writer.WriteEndElement();
-                writer.WriteStartElement("ObjectClasses");
-                foreach (ObjectClass oc in baseSubSchema.GetObjectClassList())
-                {
-                    writer.WriteElementString("ObjectClass", oc.ToString());
-                }
-                writer.WriteEndElement();
-                writer.WriteEndElement();
-
-                // list of attribute schema entries
-                SchemaComparableList<SchemaEntry> baseAtEntries =
-                baseEntryFetcher.GetAttributeSchemaEntries();
-                SchemaComparableList<SchemaEntry> baseOcEntries =
-                    baseEntryFetcher.GetClassSchemaEntries();
-                writer.WriteStartElement("SchemaEntries");
-                writer.WriteStartElement("AttributeSchemaEntries");
-                foreach (SchemaEntry ae in baseAtEntries)
-                {
-                    writer.WriteStartElement("AttributeSchemaEntry");
-                    writer.WriteElementString("Name", ae.defName);
-                    writer.WriteStartElement("AttributeMetadata");
-                    foreach (AttributeMetadata m in ae.GetMetadataList())
-                    {
-                        writer.WriteElementString("Value", m.raw);
-                    }
-                    writer.WriteEndElement();
-                    writer.WriteEndElement();
-                }
-                writer.WriteEndElement();
-
-                // list of class schema entries
-                writer.WriteStartElement("ClassSchemaEntries");
-                foreach (SchemaEntry ce in baseOcEntries)
-                {
-                    writer.WriteStartElement("ClassSchemaEntry");
-                    writer.WriteElementString("Name", ce.defName);
-                    writer.WriteStartElement("AttributeMetadata");
-                    foreach (AttributeMetadata m in ce.GetMetadataList())
-                    {
-                        writer.WriteElementString("Value", m.raw);
-                    }
-                    writer.WriteEndElement();
-                    writer.WriteEndElement();
-                }
-                writer.WriteEndElement();
-                writer.WriteEndElement();
-
-                // end node
-                writer.WriteEndElement();
-                writer.WriteEndDocument();
-            }
-        }
-    }
-
-    struct timeval
-    {
-        long tv_sec;
-        long tv_usec;
-
-        public timeval(long sec, long usec)
-        {
-            tv_sec = sec;
-            tv_usec = usec;
-        }
-    }
-}
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *·
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading;
+using VMDirInterop;
+using VMDirInterop.LDAP;
+using VMDirInterop.Interfaces;
+using VmDirInterop.Schema.Constants;
+using VmDirInterop.Schema.Definitions;
+using VmDirInterop.Schema.Diffs;
+using VmDirInterop.Schema.Entries;
+using VmDirInterop.Schema.Exceptions;
+using VmDirInterop.Schema.Interfaces;
+using VmDirInterop.Schema.Metadata;
+using VmDirInterop.Schema.Utils;
+using System.Xml;
+
+namespace VmDirInterop.Schema
+{
+    public class SchemaConnection : ISchemaConnection
+    {
+        private IEntryFetcherFactory entryFetcherFactory;
+        private IEntryFetcher baseEntryFetcher;
+        private IDictionary<String, IEntryFetcher> entryFetchers;
+        private String baseServerName;
+
+        public SchemaConnection(String baseHost, String upn, String passwd)
+            : this(new EntryFetcherFactory(), baseHost, upn, passwd)
+        {
+        }
+
+        public SchemaConnection(IEntryFetcherFactory entryFetcherFactory, String baseHost, String upn, String passwd)
+        {
+            this.entryFetcherFactory = entryFetcherFactory;
+            baseEntryFetcher = entryFetcherFactory.CreateEntryFetcher(baseHost, upn, passwd);
+            if (baseEntryFetcher == null)
+            {
+                throw new SchemaConnectionException("Base server is not reachable");
+            }
+
+            entryFetchers = new Dictionary<String, IEntryFetcher>();
+           // DseRootEntry dseRootEntry = baseEntryFetcher.GetDseRootEntry();
+           // ServerEntry serverEntry = baseEntryFetcher.GetServerEntry(dseRootEntry.serverDn);
+           //baseServerName = serverEntry.serverName;
+           // RefreshSchemaConnection(upn, passwd);
+        }
+
+        public String GetBaseServerName()
+        {
+            return baseServerName;
+        }
+
+        public IDictionary<String, Boolean> GetAllServerStatus()
+        {
+            IDictionary<String, Boolean> reachable = new Dictionary<String, Boolean>();
+            foreach (KeyValuePair<String, IEntryFetcher> p in entryFetchers)
+            {
+                reachable.Add(p.Key, p.Value != null);
+            }
+            return reachable;
+        }
+
+        public IDictionary<String, SchemaDefinitionDiff> GetAllSchemaDefinitionDiffs()
+        {
+            IDictionary<String, SchemaDefinitionDiff> diffs =
+                new Dictionary<String, SchemaDefinitionDiff>();
+
+            SubSchemaSubEntry baseSubSchema = baseEntryFetcher.GetSubSchemaSubEntry();
+            foreach (KeyValuePair<String, IEntryFetcher> p in entryFetchers)
+            {
+                String serverName = p.Key;
+                IEntryFetcher fetcher = p.Value;
+                SchemaDefinitionDiff diff = null;
+                if (fetcher != null)
+                {
+                    SubSchemaSubEntry otherSubSchema = fetcher.GetSubSchemaSubEntry();
+                    diff = new SchemaDefinitionDiff(baseSubSchema, otherSubSchema);
+                }
+                diffs.Add(serverName, diff);
+            }
+            return diffs;
+        }
+
+        public IDictionary<String, SchemaMetadataDiff> GetAllSchemaMetadataDiffs()
+        {
+            IDictionary<String, SchemaMetadataDiff> diffs
+                = new Dictionary<String, SchemaMetadataDiff>();
+
+            SchemaComparableList<SchemaEntry> baseAtEntries =
+                baseEntryFetcher.GetAttributeSchemaEntries();
+            SchemaComparableList<SchemaEntry> baseOcEntries =
+                baseEntryFetcher.GetClassSchemaEntries();
+
+            foreach (KeyValuePair<String, IEntryFetcher> p in entryFetchers)
+            {
+                String serverName = p.Key;
+                IEntryFetcher fetcher = p.Value;
+                SchemaMetadataDiff diff = null;
+                if (fetcher != null)
+                {
+                    SchemaComparableList<SchemaEntry> otherAtEntries =
+                        fetcher.GetAttributeSchemaEntries();
+                    SchemaComparableList<SchemaEntry> otherOcEntries =
+                        fetcher.GetClassSchemaEntries();
+
+                    diff = new SchemaMetadataDiff(
+                        baseAtEntries, baseOcEntries, otherAtEntries, otherOcEntries);
+                }
+                diffs.Add(serverName, diff);
+            }
+            return diffs;
+        }
+
+        public void RefreshSchemaConnection(String upn, String passwd)
+        {
+            IList<ServerEntry> serverEntries = baseEntryFetcher.GetServerEntries();
+            entryFetchers.Clear();
+
+            Mutex mutex = new Mutex();
+            Parallel.ForEach(serverEntries, (e) =>
+            {
+                if (String.Compare(baseServerName, e.serverName) != 0)
+                {
+                    IEntryFetcher entryFetcher =
+                        entryFetcherFactory.CreateEntryFetcher(
+                        e.serverName, upn, passwd);
+
+                    mutex.WaitOne();
+                    entryFetchers.Add(e.serverName, entryFetcher);
+                    mutex.ReleaseMutex();
+                }
+            });
+        }
+
+        public void ExportToXML(String filepath)
+        {
+            using (XmlTextWriter writer = new XmlTextWriter(filepath, null))
+            {
+                writer.Formatting = Formatting.Indented;
+                writer.WriteStartDocument();
+                writer.WriteStartElement("Node");
+
+                // host name
+                writer.WriteElementString("HostName", baseServerName);
+
+                // host status
+                writer.WriteElementString("Status", "1");
+
+                // dse root
+                DseRootEntry dseRootEntry = baseEntryFetcher.GetDseRootEntry();
+                writer.WriteStartElement("DseRootEntry");
+                writer.WriteElementString("Domain", dseRootEntry.domain);
+                writer.WriteElementString("ServerDn", dseRootEntry.serverDn);
+                writer.WriteEndElement();
+
+                // list of server nodes
+                IList<ServerEntry> serverEntries = baseEntryFetcher.GetServerEntries();
+                writer.WriteStartElement("ServerEntries");
+                foreach (ServerEntry e in serverEntries)
+                {
+                    writer.WriteStartElement("ServerEntry");
+                    writer.WriteElementString("DN", e.dn);
+                    writer.WriteElementString("ServerName", e.serverName);
+                    writer.WriteEndElement();
+                }
+                writer.WriteEndElement();
+
+                // subschema subentry
+                SubSchemaSubEntry baseSubSchema = baseEntryFetcher.GetSubSchemaSubEntry();
+                writer.WriteStartElement("SubSchemaSubEntry");
+                writer.WriteStartElement("AttributeTypes");
+                foreach (AttributeType at in baseSubSchema.GetAttributeTypeList())
+                {
+                    writer.WriteElementString("AttributeType", at.ToString());
+                }
+                writer.WriteEndElement();
+                writer.WriteStartElement("ObjectClasses");
+                foreach (ObjectClass oc in baseSubSchema.GetObjectClassList())
+                {
+                    writer.WriteElementString("ObjectClass", oc.ToString());
+                }
+                writer.WriteEndElement();
+                writer.WriteEndElement();
+
+                // list of attribute schema entries
+                SchemaComparableList<SchemaEntry> baseAtEntries =
+                baseEntryFetcher.GetAttributeSchemaEntries();
+                SchemaComparableList<SchemaEntry> baseOcEntries =
+                    baseEntryFetcher.GetClassSchemaEntries();
+                writer.WriteStartElement("SchemaEntries");
+                writer.WriteStartElement("AttributeSchemaEntries");
+                foreach (SchemaEntry ae in baseAtEntries)
+                {
+                    writer.WriteStartElement("AttributeSchemaEntry");
+                    writer.WriteElementString("Name", ae.defName);
+                    writer.WriteStartElement("AttributeMetadata");
+                    foreach (AttributeMetadata m in ae.GetMetadataList())
+                    {
+                        writer.WriteElementString("Value", m.raw);
+                    }
+                    writer.WriteEndElement();
+                    writer.WriteEndElement();
+                }
+                writer.WriteEndElement();
+
+                // list of class schema entries
+                writer.WriteStartElement("ClassSchemaEntries");
+                foreach (SchemaEntry ce in baseOcEntries)
+                {
+                    writer.WriteStartElement("ClassSchemaEntry");
+                    writer.WriteElementString("Name", ce.defName);
+                    writer.WriteStartElement("AttributeMetadata");
+                    foreach (AttributeMetadata m in ce.GetMetadataList())
+                    {
+                        writer.WriteElementString("Value", m.raw);
+                    }
+                    writer.WriteEndElement();
+                    writer.WriteEndElement();
+                }
+                writer.WriteEndElement();
+                writer.WriteEndElement();
+
+                // end node
+                writer.WriteEndElement();
+                writer.WriteEndDocument();
+            }
+        }
+    }
+
+    struct timeval
+    {
+        long tv_sec;
+        long tv_usec;
+
+        public timeval(long sec, long usec)
+        {
+            tv_sec = sec;
+            tv_usec = usec;
+        }
+    }
+}
diff --git a/vmdir/kdccommon/Makefile.am b/vmdir/kdccommon/Makefile.am
index 48db2c76c..d39a8abab 100644
--- a/vmdir/kdccommon/Makefile.am
+++ b/vmdir/kdccommon/Makefile.am
@@ -15,8 +15,8 @@ libkdccommon_la_SOURCES = \
     security-sd.c
 
 libkdccommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/vmdir/m4/README b/vmdir/m4/README
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vmdir/m4/as-ac-expand.m4 b/vmdir/m4/as-ac-expand.m4
deleted file mode 100644
index 8bd95a85c..000000000
--- a/vmdir/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/vmdir/m4/libtool.m4 b/vmdir/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/vmdir/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/vmdir/m4/ltoptions.m4 b/vmdir/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/vmdir/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/vmdir/m4/ltsugar.m4 b/vmdir/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/vmdir/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/vmdir/m4/ltversion.m4 b/vmdir/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/vmdir/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/vmdir/m4/lt~obsolete.m4 b/vmdir/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/vmdir/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/vmdir/server/Makefile.am b/vmdir/server/Makefile.am
index 2fccce648..f15847bfc 100644
--- a/vmdir/server/Makefile.am
+++ b/vmdir/server/Makefile.am
@@ -18,6 +18,7 @@ SUBDIRS = \
     $(STOREDIRS) \
     indexcfg \
     ldap-head \
+    rest-head \
     middle-layer \
     replication \
     saslvmdirdb \
diff --git a/vmdir/server/acl/Makefile.am b/vmdir/server/acl/Makefile.am
index fd275df9e..7bfaf46b8 100644
--- a/vmdir/server/acl/Makefile.am
+++ b/vmdir/server/acl/Makefile.am
@@ -14,15 +14,15 @@ libvmacl_la_SOURCES = \
     token.c
 
 libvmacl_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libvmacl_la_LDFLAGS = \
     -static
-
diff --git a/vmdir/server/acl/acl.c b/vmdir/server/acl/acl.c
index 7c1d5d51d..1fe2e7037 100644
--- a/vmdir/server/acl/acl.c
+++ b/vmdir/server/acl/acl.c
@@ -18,34 +18,33 @@ static
 DWORD
 VmDirBuildDefaultDaclForEntry(
     ACCESS_MASK amAccess,
-    PSID    pOwnerSid,
-    PCSTR   pszAdminsGroupSid,
-    PCSTR   pszDomainAdminsGroupSid,
-    PCSTR   pszDomainClientsGroupSid,
-    PCSTR   pszUsersGroupSid,
-    BOOLEAN bAnonymousRead,
-    BOOLEAN bServicesDacl,
-    BOOLEAN bTenantDomain,
-    PACL *  ppDacl
+    PSID        pOwnerSid,
+    PCSTR       pszAdminsGroupSid,
+    PCSTR       pszDomainAdminsGroupSid,
+    BOOLEAN     bAnonymousRead,
+    BOOLEAN     bAuthenticatedRead,
+    BOOLEAN     bServicesDacl,
+    BOOLEAN     bTenantDomain,
+    PACL*       ppDacl
     );
 
 static
 DWORD
 VmDirSrvAccessCheckSelf(
-    PCSTR        pszNormBindedDn,
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs,
-    ACCESS_MASK accessDesired,
-    ACCESS_MASK *psamGranted
+    PCSTR                           pszNormBindedDn,
+    PVDIR_ENTRY                     pEntry,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK*                    psamGranted
     );
 
 static
 DWORD
 VmDirSrvAccessCheckEntry(
-    PACCESS_TOKEN   pToken,
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs,
-    ACCESS_MASK     accessDesired,
-    ACCESS_MASK *   psamGranted
+    PACCESS_TOKEN                   pToken,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK *                   psamGranted
     );
 
 static
@@ -101,38 +100,39 @@ _VmDirLoadSecurityDescriptorForEntry(
 }
 
 static
-DWORD
+VOID
 _VmDirLogFailedAccessCheck(
-    PVDIR_ACCESS_INFO pAccessInfo,
-    PVDIR_ENTRY pEntry,
-    ACCESS_MASK accessDesired
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    ACCESS_MASK         accessDesired,
+    DWORD               dwAccessError
     )
 {
     PSTR pszAclString = NULL;
     DWORD dwError = 0;
 
-   dwError = LwNtStatusToWin32Error(RtlAllocateSddlCStringFromSecurityDescriptor(
-                                        &pszAclString,
-                                        pEntry->pAclCtx->pSecurityDescriptor,
-                                        SDDL_REVISION_1,
-                                        OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION));
-    BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = LwNtStatusToWin32Error(
+            RtlAllocateSddlCStringFromSecurityDescriptor(
+                    &pszAclString,
+                    pEntry->pAclCtx->pSecurityDescriptor,
+                    SDDL_REVISION_1,
+                    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION));
+
+    // Make sure we still log even if the SD translation fails for some reason.
+    pszAclString = dwError ? NULL : pszAclString;
 
     VMDIR_LOG_WARNING(
-        VMDIR_LOG_MASK_ALL,
-        "Caller (%s/%s) failed to get 0x%x permission to %s. Legacy mode is %s. Object's SD: %s",
-        pAccessInfo->pszNormBindedDn,
-        pAccessInfo->pszBindedObjectSid,
-        accessDesired,
-        BERVAL_NORM_VAL(pEntry->dn),
-        bLegacySecurityDescriptorsNeeded ? "on" : "off",
-        pszAclString);
+            VMDIR_LOG_MASK_ALL,
+            "Caller (%s/%s) failed to get 0x%x permission to %s (dwError = %d). Legacy mode is %s. Object's SD: %s",
+            pAccessInfo->pszNormBindedDn,
+            pAccessInfo->pszBindedObjectSid,
+            accessDesired,
+            BERVAL_NORM_VAL(pEntry->dn),
+            dwAccessError,
+            bLegacySecurityDescriptorsNeeded ? "on" : "off",
+            VDIR_SAFE_STRING(pszAclString));
 
-cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszAclString);
-    return dwError;
-error:
-    goto cleanup;
 }
 
 DWORD
@@ -143,11 +143,10 @@ VmDirSrvAccessCheck(
     ACCESS_MASK         accessDesired
     )
 {
-    DWORD       dwError = 0;
+    DWORD   dwError = 0;
+    BOOLEAN bIsMember = FALSE;
     ACCESS_MASK samGranted = 0;
     PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs = NULL;
-    PVDIR_ENTRY pTargetEntry = pEntry;
-    BOOLEAN bIsMember = FALSE;
 
     assert(pOperation);
     assert(accessDesired != 0);
@@ -179,27 +178,17 @@ VmDirSrvAccessCheck(
         }
     }
 
-    //
-    // If the caller is checking for VMDIR_RIGHT_DS_DELETE_CHILD then pEntry
-    // is the child object (the one we actually want to delete). However, we
-    // need to check the ACL on the parent, so we re-assign pEntry here.
-    // This is only necessary due to the 6.5-compat shim which needs the actual
-    // pEntry that's being deleted so we can block certain objects from being
-    // deleted.
-    //
-    if (accessDesired == VMDIR_RIGHT_DS_DELETE_CHILD)
-    {
-        pEntry = pEntry->pParentEntry;
-    }
-
     dwError = _VmDirLoadSecurityDescriptorForEntry(pEntry, &pSecDescAbs);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (VmDirIsLegacySecurityDescriptor())
     {
-        dwError = VmDirLegacyAccessCheck(pOperation, pAccessInfo, pTargetEntry, accessDesired);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        goto cleanup; // Access Allowed
+        dwError = VmDirLegacyAccessCheck(pOperation, pAccessInfo, pEntry, accessDesired);
+        if (!dwError)
+        {
+            goto cleanup; // Access Allowed
+        }
+        // otherwise, continue to SELF check below
     }
     else
     {
@@ -242,7 +231,6 @@ VmDirSrvAccessCheck(
 
 cleanup:
     VmDirFreeAbsoluteSecurityDescriptor(&pSecDescAbs);
-
     return dwError;
 
 error:
@@ -256,25 +244,35 @@ VmDirSrvAccessCheck(
     //
     if (accessDesired != VMDIR_RIGHT_DS_DELETE_OBJECT)
     {
-        _VmDirLogFailedAccessCheck(pAccessInfo, pEntry, accessDesired);
+        _VmDirLogFailedAccessCheck(pAccessInfo, pEntry, accessDesired, dwError);
     }
+
+    //
+    // We only want to return this error value (this routine is logically
+    // basically boolean; no caller cares if the access check fails due to
+    // some internal machination). This allows callers to react accordingly
+    // (this is mostly useful in the case of old data with invalid security
+    // descriptors that can cause a search to fail [whereas, with this code,
+    // we'll keep searching and just ignore the data with a bad SD]).
+    //
+    dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
     goto cleanup;
 }
 
 static
 DWORD
 VmDirSrvAccessCheckSelf(
-    PCSTR           pszNormBindedDn,
-    PVDIR_ENTRY     pEntry,
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs,
-    ACCESS_MASK     accessDesired,
-    ACCESS_MASK *   psamGranted
+    PCSTR                           pszNormBindedDn,
+    PVDIR_ENTRY                     pEntry,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK*                    psamGranted
     )
 {
     DWORD           dwError = ERROR_SUCCESS;
     PACCESS_TOKEN   pWellKnownToken = NULL;
 
-    if (pszNormBindedDn == NULL)
+    if (IsNullOrEmptyString(pszNormBindedDn))
     {
         BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INSUFFICIENT_ACCESS);
     }
@@ -316,10 +314,10 @@ VmDirSrvAccessCheckSelf(
 static
 DWORD
 VmDirSrvAccessCheckEntry(
-    PACCESS_TOKEN   pToken,
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs,
-    ACCESS_MASK     accessDesired,
-    ACCESS_MASK *   psamGranted
+    PACCESS_TOKEN                   pToken,
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs,
+    ACCESS_MASK                     accessDesired,
+    ACCESS_MASK *                   psamGranted
     )
 {
     DWORD dwError = ERROR_SUCCESS;
@@ -344,18 +342,16 @@ VmDirSrvAccessCheckEntry(
 
 cleanup:
     *psamGranted = AccessMask;
-
     return dwError;
 
 error:
     AccessMask = 0;
-
     goto cleanup;
 }
 
 VOID
 VmDirFreeAbsoluteSecurityDescriptor(
-    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecDesc
+    PSECURITY_DESCRIPTOR_ABSOLUTE*  ppSecDesc
     )
 {
     PSID                            pOwner = NULL;
@@ -388,26 +384,25 @@ VmDirFreeAbsoluteSecurityDescriptor(
 
 DWORD
 VmDirSrvCreateSecurityDescriptor(
-    ACCESS_MASK amAccess,
-    PCSTR pszDomainAdminDn,
-    PCSTR pszAdminsGroupSid,
-    PCSTR pszDomainAdminsGroupSid,
-    PCSTR pszDomainClientsGroupSid,
-    PCSTR pszUsersGroupSid,
-    BOOLEAN bProtectedDacl,
-    BOOLEAN bAnonymousRead,
-    BOOLEAN bServicesDacl,
-    BOOLEAN bTenantDomain,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    ACCESS_MASK                 amAccess,
+    PCSTR                       pszDomainAdminDn,
+    PCSTR                       pszAdminsGroupSid,
+    PCSTR                       pszDomainAdminsGroupSid,
+    BOOLEAN                     bProtectedDacl,
+    BOOLEAN                     bAnonymousRead,
+    BOOLEAN                     bAuthenticatedRead,
+    BOOLEAN                     bServicesDacl,
+    BOOLEAN                     bTenantDomain,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     )
 {
-    DWORD                           dwError = ERROR_SUCCESS;
+    DWORD   dwError = ERROR_SUCCESS;
+    PACL    pDacl = NULL;
+    PSID    pOwnerSid = NULL;
+    PSID    pGroupSid = NULL;
+    ULONG   ulSecDescLen = 0;
     PSECURITY_DESCRIPTOR_ABSOLUTE   pSecDescAbs = NULL;
-    PACL                            pDacl = NULL;
-    PSID                            pOwnerSid = NULL;
-    PSID                            pGroupSid = NULL;
     PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRel = NULL;
-    ULONG                           ulSecDescLen = 0;
 
     // Owner: Administrators
     // Get administrator's PSID
@@ -420,83 +415,68 @@ VmDirSrvCreateSecurityDescriptor(
     if (bProtectedDacl)
     {
         dwError = LwNtStatusToWin32Error(
-                    RtlSetSecurityDescriptorControl(
+                RtlSetSecurityDescriptorControl(
                         pSecDescAbs,
                         SE_DACL_PROTECTED,
                         SE_DACL_PROTECTED));
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirSetOwnerSecurityDescriptor(
-                 pSecDescAbs,
-                 pOwnerSid,
-                 FALSE);
+    dwError = VmDirSetOwnerSecurityDescriptor(pSecDescAbs, pOwnerSid, FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // BUILD-IN Group Administrators
     dwError = VmDirAllocateSidFromCString(pszAdminsGroupSid, &pGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSetGroupSecurityDescriptor(
-                 pSecDescAbs,
-                 pGroupSid,
-                 FALSE);
+    dwError = VmDirSetGroupSecurityDescriptor(pSecDescAbs, pGroupSid, FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
     pGroupSid = NULL;
 
     // DACL
-    dwError = VmDirBuildDefaultDaclForEntry(amAccess,
-                                            pOwnerSid,
-                                            pszAdminsGroupSid,
-                                            pszDomainAdminsGroupSid,
-                                            pszDomainClientsGroupSid,
-                                            pszUsersGroupSid,
-                                            bAnonymousRead,
-                                            bServicesDacl,
-                                            bTenantDomain,
-                                            &pDacl);
+    dwError = VmDirBuildDefaultDaclForEntry(
+            amAccess,
+            pOwnerSid,
+            pszAdminsGroupSid,
+            pszDomainAdminsGroupSid,
+            bAnonymousRead,
+            bAuthenticatedRead,
+            bServicesDacl,
+            bTenantDomain,
+            &pDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
     pOwnerSid = NULL;
 
-    dwError = VmDirSetDaclSecurityDescriptor(pSecDescAbs,
-                                             TRUE,
-                                             pDacl,
-                                             FALSE);
+    dwError = VmDirSetDaclSecurityDescriptor(pSecDescAbs, TRUE, pDacl, FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
     pDacl = NULL;
 
-    dwError = VmDirAbsoluteToSelfRelativeSD(pSecDescAbs,
-                                            NULL,
-                                            &ulSecDescLen);
-    if (dwError == ERROR_INSUFFICIENT_BUFFER)
-    {
-        dwError = VmDirAllocateMemory(ulSecDescLen, (PVOID*)&pSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = VmDirAbsoluteToSelfRelativeSD(pSecDescAbs, NULL, &ulSecDescLen);
+    BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
 
-        dwError = VmDirAbsoluteToSelfRelativeSD(pSecDescAbs,
-                                                pSecDescRel,
-                                                &ulSecDescLen);
-    }
+    dwError = VmDirAllocateMemory(ulSecDescLen, (PVOID*)&pSecDescRel);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAbsoluteToSelfRelativeSD(
+            pSecDescAbs, pSecDescRel, &ulSecDescLen);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     pSecDesc->pSecDesc = pSecDescRel;
     pSecDesc->ulSecDesc = ulSecDescLen;
-    pSecDesc->SecInfo = OWNER_SECURITY_INFORMATION |
-                        GROUP_SECURITY_INFORMATION |
-                        DACL_SECURITY_INFORMATION;
+    pSecDesc->SecInfo =
+            OWNER_SECURITY_INFORMATION |
+            GROUP_SECURITY_INFORMATION |
+            DACL_SECURITY_INFORMATION;
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pDacl);
     VMDIR_SAFE_FREE_MEMORY(pOwnerSid);
     VMDIR_SAFE_FREE_MEMORY(pGroupSid);
-
     VmDirFreeAbsoluteSecurityDescriptor(&pSecDescAbs);
-
     return dwError;
 
 error:
     VMDIR_SAFE_FREE_MEMORY(pSecDescRel);
-
     goto cleanup;
 }
 
@@ -559,7 +539,7 @@ VmDirGetObjectSidFromEntry(
 
 VOID
 VmDirAclCtxContentFree(
-    PVDIR_ACL_CTX pAclCtx
+    PVDIR_ACL_CTX   pAclCtx
     )
 {
     if (pAclCtx)
@@ -572,29 +552,31 @@ static
 DWORD
 VmDirBuildDefaultDaclForEntry(
     ACCESS_MASK amAccess,
-    PSID    pOwnerSid, // system Administrator SID, at least in our context
-    PCSTR   pszAdminsGroupSid,
-    PCSTR   pszDomainAdminsGroupSid,
-    PCSTR   pszDomainClientsGroupSid,
-    PCSTR   pszUsersGroupSid,
-    BOOLEAN bAnonymousRead,
-    BOOLEAN bServicesDacl,
-    BOOLEAN bTenantDomain,
-    PACL *  ppDacl
+    PSID        pOwnerSid, // system Administrator SID, at least in our context
+    PCSTR       pszAdminsGroupSid,
+    PCSTR       pszDomainAdminsGroupSid,
+    BOOLEAN     bAnonymousRead,
+    BOOLEAN     bAuthenticatedRead,
+    BOOLEAN     bServicesDacl,
+    BOOLEAN     bTenantDomain,
+    PACL *      ppDacl
     )
 {
     DWORD   dwError = ERROR_SUCCESS;
     DWORD   dwSizeDacl = 0;
     PSID    pBuiltInAdmins = NULL;
     PSID    pDomainAdmins = NULL;
-    PSID    pDomainClients = NULL;
     PSID    pSelfSid = NULL;
     PSID    pAnonymousSid = NULL;
-    PSID    pUsersGroupSid = NULL;
+    PSID    pAuthenticatedUsersSid = NULL;
     PSID    pPrimaryDomainAdminSid = NULL;
     DWORD   dwSidCount = 0;
     PACL    pDacl = NULL;
 
+    // if permission is granted to anonymous users, then
+    // grant the permission to authenticated users, too
+    bAuthenticatedRead |= bAnonymousRead;
+
     assert(pOwnerSid);
     dwSidCount++;
 
@@ -604,11 +586,16 @@ VmDirBuildDefaultDaclForEntry(
 
     if (bAnonymousRead)
     {
-        dwError = VmDirAllocateSidFromCString(VMDIR_ANONYMOUS_LOGON_SID, &pAnonymousSid);
+        dwError = VmDirAllocateSidFromCString(
+                VMDIR_ANONYMOUS_LOGON_SID, &pAnonymousSid);
         BAIL_ON_VMDIR_ERROR(dwError);
         dwSidCount++;
+    }
 
-        dwError = VmDirAllocateSidFromCString(pszUsersGroupSid, &pUsersGroupSid);
+    if (bAuthenticatedRead)
+    {
+        dwError = VmDirAllocateSidFromCString(
+                VMDIR_AUTHENTICATED_USER_SID, &pAuthenticatedUsersSid);
         BAIL_ON_VMDIR_ERROR(dwError);
         dwSidCount++;
     }
@@ -616,35 +603,32 @@ VmDirBuildDefaultDaclForEntry(
     if (bTenantDomain)
     {
         dwError = VmDirGetObjectSidFromDn(
-                    gVmdirServerGlobals.bvDefaultAdminDN.lberbv.bv_val,
-                    &pPrimaryDomainAdminSid);
+                gVmdirServerGlobals.bvDefaultAdminDN.lberbv.bv_val,
+                &pPrimaryDomainAdminSid);
         BAIL_ON_VMDIR_ERROR(dwError);
         dwSidCount++;
     }
 
-    dwError = VmDirAllocateSidFromCString(pszAdminsGroupSid, &pBuiltInAdmins);
+    dwError = VmDirAllocateSidFromCString(
+            pszAdminsGroupSid, &pBuiltInAdmins);
     BAIL_ON_VMDIR_ERROR(dwError);
     dwSidCount++;
 
-    dwError = VmDirAllocateSidFromCString(pszDomainAdminsGroupSid, &pDomainAdmins);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    dwSidCount++;
-
-    dwError = VmDirAllocateSidFromCString(pszDomainClientsGroupSid, &pDomainClients);
+    dwError = VmDirAllocateSidFromCString(
+            pszDomainAdminsGroupSid, &pDomainAdmins);
     BAIL_ON_VMDIR_ERROR(dwError);
     dwSidCount++;
 
     dwSizeDacl = ACL_HEADER_SIZE +
-        dwSidCount * sizeof(ACCESS_ALLOWED_ACE) +
-        VmDirLengthSid(pOwnerSid) +
-        VmDirLengthSid(pSelfSid) +
-        (bAnonymousRead ? VmDirLengthSid(pAnonymousSid) : 0) +
-        (bAnonymousRead ? VmDirLengthSid(pUsersGroupSid) : 0) +
-        (bTenantDomain ? VmDirLengthSid(pPrimaryDomainAdminSid) : 0) +
-        VmDirLengthSid(pBuiltInAdmins) +
-        VmDirLengthSid(pDomainAdmins) +
-        VmDirLengthSid(pDomainClients) -
-        dwSidCount * sizeof(ULONG);
+            dwSidCount * sizeof(ACCESS_ALLOWED_ACE) +
+            VmDirLengthSid(pOwnerSid) +
+            VmDirLengthSid(pSelfSid) +
+            (bAnonymousRead ? VmDirLengthSid(pAnonymousSid) : 0) +
+            (bAuthenticatedRead ? VmDirLengthSid(pAuthenticatedUsersSid) : 0) +
+            (bTenantDomain ? VmDirLengthSid(pPrimaryDomainAdminSid) : 0) +
+            VmDirLengthSid(pBuiltInAdmins) +
+            VmDirLengthSid(pDomainAdmins) -
+            dwSidCount * sizeof(ULONG);
 
     dwError = VmDirAllocateMemory(dwSizeDacl, (PVOID*)&pDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -652,67 +636,68 @@ VmDirBuildDefaultDaclForEntry(
     dwError = VmDirCreateAcl(pDacl, dwSizeDacl, ACL_REVISION);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                         amAccess,
-                                         pOwnerSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                         amAccess,
-                                         pBuiltInAdmins);
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            amAccess,
+            pOwnerSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                         amAccess,
-                                         pDomainAdmins);
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            amAccess,
+            pBuiltInAdmins);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                         VMDIR_RIGHT_DS_READ_PROP |
-                                            (bServicesDacl ? VMDIR_DCCLIENTS_FULL_ACCESS : 0),
-                                         pDomainClients);
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            amAccess,
+            pDomainAdmins);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                         ACL_REVISION,
-                                         OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                         VMDIR_RIGHT_DS_READ_PROP |
-                                         VMDIR_RIGHT_DS_WRITE_PROP,
-                                         pSelfSid);
+    dwError = VmDirAddAccessAllowedAceEx(
+            pDacl,
+            ACL_REVISION,
+            OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+            VMDIR_RIGHT_DS_READ_PROP | VMDIR_RIGHT_DS_WRITE_PROP,
+            pSelfSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (bAnonymousRead)
     {
-        dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                             ACL_REVISION,
-                                             OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                             VMDIR_RIGHT_DS_READ_PROP,
-                                             pAnonymousSid);
+        dwError = VmDirAddAccessAllowedAceEx(
+                pDacl,
+                ACL_REVISION,
+                OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+                VMDIR_RIGHT_DS_READ_PROP,
+                pAnonymousSid);
         BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-        dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                             ACL_REVISION,
-                                             OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
-                                             VMDIR_RIGHT_DS_READ_PROP,
-                                             pUsersGroupSid);
+    if (bAuthenticatedRead)
+    {
+        dwError = VmDirAddAccessAllowedAceEx(
+                pDacl,
+                ACL_REVISION,
+                OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
+                VMDIR_RIGHT_DS_READ_PROP,
+                pAuthenticatedUsersSid);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     if (bTenantDomain)
     {
-        dwError = VmDirAddAccessAllowedAceEx(pDacl,
-                                             ACL_REVISION,
-                                             0,
-                                             VMDIR_RIGHT_DS_READ_PROP | VMDIR_ENTRY_READ_ACL,
-                                             pPrimaryDomainAdminSid);
+        dwError = VmDirAddAccessAllowedAceEx(
+                pDacl,
+                ACL_REVISION,
+                0,
+                VMDIR_RIGHT_DS_READ_PROP | VMDIR_ENTRY_READ_ACL,
+                pPrimaryDomainAdminSid);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -721,17 +706,14 @@ VmDirBuildDefaultDaclForEntry(
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pSelfSid);
     VMDIR_SAFE_FREE_MEMORY(pAnonymousSid);
-    VMDIR_SAFE_FREE_MEMORY(pUsersGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pAuthenticatedUsersSid);
     VMDIR_SAFE_FREE_MEMORY(pDomainAdmins);
-    VMDIR_SAFE_FREE_MEMORY(pDomainClients);
     VMDIR_SAFE_FREE_MEMORY(pBuiltInAdmins);
     VMDIR_SAFE_FREE_MEMORY(pPrimaryDomainAdminSid);
-
     return dwError;
 
 error:
     VMDIR_SAFE_FREE_MEMORY(pDacl);
-
     goto cleanup;
 }
 
@@ -739,9 +721,9 @@ VmDirBuildDefaultDaclForEntry(
 // Copy existing ACEs from a src DACL to a destination DACL.
 //
 DWORD
-_VmDirCopyAces(
-    PACL pSrcDacl,
-    PACL pDestDacl
+VmDirCopyAces(
+    PACL    pSrcDacl,
+    PACL    pDestDacl
     )
 {
     DWORD dwError = 0;
@@ -792,158 +774,46 @@ _VmDirCopyAces(
 
 cleanup:
     return dwError;
+
 error:
     goto cleanup;
 }
 
+//
+// Merge existing ACEs from pDaclA and pDaclB
+//
 DWORD
-VmDirAddAceToSecurityDescriptor(
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc,
-    PCSTR pszDomainAdminDn,
-    ACCESS_MASK amAccess
+VmDirMergeAces(
+    PACL    pDaclA,
+    PACL    pDaclB,
+    PACL*   ppMergedDacl
     )
 {
-    PSID pPrimaryDomainAdminSid = NULL;
-    PSID pOwnerSid = NULL;
-    PSID pGroupSid = NULL;
-    DWORD dwError = 0;
-    PACL pDacl = NULL;
-    PACL pSacl = NULL;
-    PACL pNewDacl = NULL;
-    PSECURITY_DESCRIPTOR_ABSOLUTE pSecDescAbs = NULL;
-    PSECURITY_DESCRIPTOR_ABSOLUTE pNewSecDescAbs = NULL;
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel = NULL;
-    ULONG ulDaclLength = 0;
-    ULONG ulSaclLength = 0;
-    ULONG ulOwnerLength = 0;
-    ULONG ulGroupLength = 0;
-    ULONG ulLength = 0;
-
-    dwError = VmDirSelfRelativeToAbsoluteSD(
-                pSecDesc,
-                NULL,
-                &ulLength,
-                NULL,
-                &ulDaclLength,
-                NULL,
-                &ulSaclLength,
-                NULL,
-                &ulOwnerLength,
-                NULL,
-                &ulGroupLength);
-    if (dwError != ERROR_INSUFFICIENT_BUFFER)
-    {
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(ulLength, (PVOID*)&pSecDescAbs);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateMemory(ulDaclLength, (PVOID*)&pDacl);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    //
-    // We don't use the SACL by default so this will usually be zero.
-    //
-    if (ulSaclLength != 0)
-    {
-        dwError = VmDirAllocateMemory(ulSaclLength, (PVOID*)&pSacl);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    DWORD   dwError = 0;
+    ULONG   ulMergedDacl = 0;
+    PACL    pMergedDacl = NULL;
 
-    dwError = VmDirAllocateMemory(ulOwnerLength, (PVOID*)&pOwnerSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    ulMergedDacl = RtlGetAclSize(pDaclA) + RtlGetAclSize(pDaclB);
 
-    dwError = VmDirAllocateMemory(ulGroupLength, (PVOID*)&pGroupSid);
+    dwError = VmDirAllocateMemory(ulMergedDacl, (PVOID*)&pMergedDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSelfRelativeToAbsoluteSD(
-                pSecDesc,
-                pSecDescAbs,
-                &ulLength,
-                pDacl,
-                &ulDaclLength,
-                pSacl,
-                &ulSaclLength,
-                pOwnerSid,
-                &ulOwnerLength,
-                pGroupSid,
-                &ulGroupLength);
+    dwError = VmDirCreateAcl(pMergedDacl, ulMergedDacl, ACL_REVISION);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateSecurityDescriptorAbsolute(&pNewSecDescAbs);
+    dwError = VmDirCopyAces(pDaclA, pMergedDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGetObjectSidFromDn(pszDomainAdminDn, &pPrimaryDomainAdminSid);
+    dwError = VmDirCopyAces(pDaclB, pMergedDacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    ulDaclLength += sizeof(ACCESS_ALLOWED_ACE) + VmDirLengthSid(pPrimaryDomainAdminSid);
-    dwError = VmDirAllocateMemory(ulDaclLength, (PVOID*)&pNewDacl);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    *ppMergedDacl = pMergedDacl;
 
-    dwError = VmDirCreateAcl(pNewDacl, ulDaclLength, ACL_REVISION);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = _VmDirCopyAces(pDacl, pNewDacl);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAddAccessAllowedAceEx(pNewDacl,
-                                         ACL_REVISION,
-                                         0,
-                                         amAccess,
-                                         pPrimaryDomainAdminSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSetOwnerSecurityDescriptor(pNewSecDescAbs, pOwnerSid, FALSE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    pOwnerSid = NULL;
-
-    dwError = VmDirSetGroupSecurityDescriptor(pNewSecDescAbs, pGroupSid, FALSE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    pGroupSid = NULL;
-
-    dwError = VmDirSetDaclSecurityDescriptor(pNewSecDescAbs,
-                                             TRUE,
-                                             pNewDacl,
-                                             FALSE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    pNewDacl = NULL;
-
-    ulLength = 0;
-    dwError = VmDirAbsoluteToSelfRelativeSD(pNewSecDescAbs,
-                                            NULL,
-                                            &ulLength);
-    if (dwError == ERROR_INSUFFICIENT_BUFFER)
-    {
-        dwError = VmDirAllocateMemory(ulLength, (PVOID*)&pSecDescRel);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        dwError = VmDirAbsoluteToSelfRelativeSD(pNewSecDescAbs,
-                                                pSecDescRel,
-                                                &ulLength);
-    }
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSetSecurityDescriptorForEntry(pEntry,
-                                                 OWNER_SECURITY_INFORMATION |
-                                                    GROUP_SECURITY_INFORMATION |
-                                                    DACL_SECURITY_INFORMATION,
-                                                 pSecDescRel,
-                                                 ulLength);
-    BAIL_ON_VMDIR_ERROR(dwError);
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pOwnerSid);
-    VMDIR_SAFE_FREE_MEMORY(pGroupSid);
-    VMDIR_SAFE_FREE_MEMORY(pPrimaryDomainAdminSid);
-    VMDIR_SAFE_FREE_MEMORY(pDacl);
-    VMDIR_SAFE_FREE_MEMORY(pSacl);
-    VMDIR_SAFE_FREE_MEMORY(pNewDacl);
-    VMDIR_SAFE_FREE_MEMORY(pSecDescRel);
-    VMDIR_SAFE_FREE_MEMORY(pSecDescAbs);
-    VmDirFreeAbsoluteSecurityDescriptor(&pNewSecDescAbs);
     return dwError;
+
 error:
+    VMDIR_SAFE_FREE_MEMORY(pMergedDacl);
     goto cleanup;
 }
 
@@ -1030,7 +900,7 @@ VmDirSrvAccessCheckIsAdminRole(
  * (i.e.: resulted by doing a successful bind in an operation) */
 BOOLEAN
 VmDirIsFailedAccessInfo(
-    PVDIR_ACCESS_INFO pAccessInfo
+    PVDIR_ACCESS_INFO   pAccessInfo
     )
 {
 
diff --git a/vmdir/server/acl/legacy_checks.c b/vmdir/server/acl/legacy_checks.c
index e63462c8d..d76bae0dc 100644
--- a/vmdir/server/acl/legacy_checks.c
+++ b/vmdir/server/acl/legacy_checks.c
@@ -22,6 +22,20 @@
 // checks manually (e.g., preventing people from deleting the admin account).
 //
 
+static
+BOOLEAN
+_VmDirIsSpecialAllowedSearchEntry(
+    PVDIR_ENTRY pSrEntry
+    )
+{
+    // everyone can read
+    // DSE_ROOT_DN and PERSISTED_DSE_ROOT_DN, SCHEMA_NAMING_CONTEXT_DN, SUB_SCHEMA_SUB_ENTRY_DN
+    return (!VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, DSE_ROOT_DN, FALSE)
+         || !VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, PERSISTED_DSE_ROOT_DN, FALSE)
+         || !VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, SCHEMA_NAMING_CONTEXT_DN, FALSE)
+         || !VmDirStringCompareA(pSrEntry->dn.lberbv.bv_val, SUB_SCHEMA_SUB_ENTRY_DN, FALSE));
+}
+
 static
 BOOLEAN
 _VmDirIsProtectedEntry(
@@ -267,6 +281,7 @@ _VmDirIsSchemaEntry(
 //     to anything under "cn=services,dc=<domain>"
 // (3) Anything under cn=schemacontext shouldn't be deletable.
 // (4) Built-in/internal objects shouldn't be deletable.
+// (5) Special entries such as DSE Root can read by everyone.
 DWORD
 VmDirLegacyAccessCheck(
     PVDIR_OPERATION pOperation,
@@ -275,13 +290,9 @@ VmDirLegacyAccessCheck(
     ACCESS_MASK accessDesired
     )
 {
-    DWORD dwError = 0;
-
-    if (_VmDirAllowOperationBasedOnGroupMembership(pOperation, pAccessInfo, accessDesired))
-    {
-        goto cleanup;
-    }
+    DWORD dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
 
+    // Protect important entries from deletion, even for system administrators
     if (accessDesired == VMDIR_RIGHT_DS_DELETE_CHILD)
     {
         if (_VmDirIsInternalEntry(pEntry) ||
@@ -292,6 +303,18 @@ VmDirLegacyAccessCheck(
         }
     }
 
+    if (_VmDirAllowOperationBasedOnGroupMembership(pOperation, pAccessInfo, accessDesired))
+    {
+       dwError = 0; // grant access based on legacy group based ACL
+       goto cleanup;
+    }
+
+    if (accessDesired == VMDIR_RIGHT_DS_READ_PROP && _VmDirIsSpecialAllowedSearchEntry(pEntry))
+    {
+       dwError = 0; // grant read access to special entries to everyone, include anonymous user.
+       goto cleanup;
+    }
+
 cleanup:
     return dwError;
 error:
diff --git a/vmdir/server/acl/objectsid.c b/vmdir/server/acl/objectsid.c
index 59d329903..0500bef1e 100644
--- a/vmdir/server/acl/objectsid.c
+++ b/vmdir/server/acl/objectsid.c
@@ -125,10 +125,14 @@ VmDirAdvanceDomainRID(
 
                 if ( dwRidSeq < dwOrgRidSeq )
                 {
-                    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s, Domain [%s] RID rollover to value (%u)",
-                                     __FUNCTION__, entryArray.pEntry[iIdx].dn.lberbv_val , dwRidSeq );
-                    dwError = ERROR_INVALID_STATE;
-                    BAIL_ON_VMDIR_ERROR(dwError);
+                    VMDIR_LOG_ERROR(
+                            VMDIR_LOG_MASK_ALL,
+                            "%s, Domain [%s] RID rollover to value (%u)",
+                            __FUNCTION__,
+                            entryArray.pEntry[iIdx].dn.lberbv_val ,
+                            dwRidSeq);
+
+                    BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_STATE);
                 }
 
                 dwError = VmDirStringNPrintFA( buf9, sizeof(buf9), sizeof(buf9)-1, "%u", dwRidSeq );
@@ -142,19 +146,29 @@ VmDirAdvanceDomainRID(
                                                               &bvRID);
                 BAIL_ON_VMDIR_ERROR(dwError);
 
-                VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: Domain [%s] RID advanced from (%u) to (%u)",
-                                __FUNCTION__, entryArray.pEntry[iIdx].dn.lberbv_val, dwOrgRidSeq, dwRidSeq );
+                VMDIR_LOG_INFO(
+                        VMDIR_LOG_MASK_ALL,
+                        "%s: Domain [%s] RID advanced from (%u) to (%u)",
+                        __FUNCTION__,
+                        entryArray.pEntry[iIdx].dn.lberbv_val,
+                        dwOrgRidSeq,
+                        dwRidSeq);
             }
         }
     }
 
 cleanup:
     VmDirFreeEntryArrayContent(&entryArray);
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s: advance (%u) failed error (%u)", __FUNCTION__, dwCnt, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s: advance (%u) failed error (%u)",
+            __FUNCTION__,
+            dwCnt,
+            dwError);
+
     goto cleanup;
 }
 
@@ -187,11 +201,10 @@ VmDirGenerateObjectSid(
         if (IsNullOrEmptyString(pszDomainDn))
         {
             // special object for instance
-            // SUB_SCHEMA_SUB_ENTRY_DN, CFG_ROOT_DN, CFG_INDEX_ENTRY_DN, CFG_MANAGER_ENTRY_DN
+            // SUB_SCHEMA_SUB_ENTRY_DN, CFG_ROOT_DN, CFG_MANAGER_ENTRY_DN
             // Do nothing
             // and object cannot find an existing domain object
-            dwError = ERROR_NO_OBJECT_SID_GEN;
-            BAIL_ON_VMDIR_ERROR(dwError);
+            BAIL_WITH_VMDIR_ERROR(dwError, ERROR_NO_OBJECT_SID_GEN);
         }
     }
     else
@@ -313,15 +326,13 @@ VmDirIsDomainObjectWithEntry(
 
     if (!pEntry)
     {
-        dwError = ERROR_INVALID_ENTRY;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_ENTRY);
     }
 
     pAttr = VmDirEntryFindAttribute(ATTR_OBJECT_CLASS, pEntry);
     if (!pAttr)
     {
-        dwError = ERROR_INVALID_ENTRY;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_ENTRY);
     }
 
     for (; iCnt < pAttr->numVals; iCnt++)
@@ -346,13 +357,13 @@ VmDirIsDomainObjectWithEntry(
 
 PCSTR
 VmDirFindDomainDN(
-    PCSTR pszObjectDN
+    PCSTR   pszObjectDN
     )
 {
-    PSTR                        pszCurrDn = (PSTR)pszObjectDN;
-    BOOLEAN                     bInLock = FALSE;
+    DWORD   dwError = 0;
+    BOOLEAN bInLock = FALSE;
+    PSTR    pszCurrDn = (PSTR)pszObjectDN;
     PVDIR_DOMAIN_SID_GEN_STATE  pSidGenState = NULL;
-    DWORD                       dwError = 0;
 
     VMDIR_LOCK_MUTEX(bInLock, gSidGenState.mutex);
 
@@ -367,12 +378,9 @@ VmDirFindDomainDN(
         }
 
         pszCurrDn = VmDirStringChrA(pszCurrDn, RDN_SEPARATOR_CHAR);
-
-        if (!IsNullOrEmptyString(pszCurrDn)) pszCurrDn++;
+        pszCurrDn = pszCurrDn ? pszCurrDn + 1 : NULL;
     }
 
-
-
 cleanup:
     VMDIR_UNLOCK_MUTEX(bInLock, gSidGenState.mutex);
     return pszCurrDn;
@@ -382,6 +390,40 @@ VmDirFindDomainDN(
     goto cleanup;
 }
 
+PCSTR
+VmDirFindDomainSid(
+    PCSTR   pszObjectDN
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bInLock = FALSE;
+    PSTR    pszCurrDn = (PSTR)pszObjectDN;
+    PVDIR_DOMAIN_SID_GEN_STATE  pSidGenState = NULL;
+
+    VMDIR_LOCK_MUTEX(bInLock, gSidGenState.mutex);
+
+    while (!IsNullOrEmptyString(pszCurrDn))
+    {
+        dwError = VmDirGetSidGenStateIfDomain_inlock( pszCurrDn, NULL, &pSidGenState );
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (pSidGenState)
+        {
+            break;
+        }
+
+        pszCurrDn = VmDirStringChrA(pszCurrDn, RDN_SEPARATOR_CHAR);
+        pszCurrDn = pszCurrDn ? pszCurrDn + 1 : NULL;
+    }
+
+cleanup:
+    VMDIR_UNLOCK_MUTEX(bInLock, gSidGenState.mutex);
+    return pSidGenState ? pSidGenState->pszDomainSid : NULL;
+
+error:
+    goto cleanup;
+}
+
 VOID
 VmDirFreeOrgState(
     PVOID pOrgStat
@@ -437,43 +479,48 @@ VmDirInternalRemoveOrgConfig(
  * This API uses global cache, so not backend operations*/
 DWORD
 VmDirGenerateWellknownSid(
-    PCSTR pszDomainDN,
-    DWORD dwWellKnowRid,
-    PSTR* ppszWellKnownSid
+    PCSTR   pszDomainDN,
+    DWORD   dwWellKnowRid,
+    PSTR*   ppszWellKnownSid
     )
 {
-    DWORD                       dwError = 0;
-    BOOLEAN                     bInLock = FALSE;
+    DWORD   dwError = 0;
+    PSTR    pszDomainSid = NULL;
+    PSTR    pszWellKnownSid = NULL;
+    BOOLEAN bInLock = FALSE;
     // Do not free ref
     PVDIR_DOMAIN_SID_GEN_STATE  pSidGenState = NULL;
-    PSTR                        pszWellKnownSid = NULL;
 
     VMDIR_LOCK_MUTEX(bInLock, gSidGenState.mutex);
 
-    // pSidGenState refers to the state found in gSidGenState
-    dwError = VmDirGetSidGenStateIfDomain_inlock(pszDomainDN, NULL, &pSidGenState);
-    BAIL_ON_VMDIR_ERROR(dwError);
-    assert(pSidGenState!=NULL);
+    if (IsNullOrEmptyString(pszDomainDN))
+    {
+        // use null SID template if domain is not specified
+        pszDomainSid = VMDIR_NULL_SID_TEMPLATE;
+    }
+    else
+    {
+        // pSidGenState refers to the state found in gSidGenState
+        dwError = VmDirGetSidGenStateIfDomain_inlock(
+                pszDomainDN, NULL, &pSidGenState);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        assert(pSidGenState!=NULL);
+
+        pszDomainSid = pSidGenState->pszDomainSid;
+    }
 
     dwError = VmDirAllocateStringPrintf(
-                    &pszWellKnownSid,
-                    "%s-%u",
-                    pSidGenState->pszDomainSid,
-                    dwWellKnowRid
-                    );
+            &pszWellKnownSid, "%s-%u", pszDomainSid, dwWellKnowRid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszWellKnownSid = pszWellKnownSid;
 
 cleanup:
     VMDIR_UNLOCK_MUTEX(bInLock, gSidGenState.mutex);
-
     return dwError;
 
 error:
     VMDIR_SAFE_FREE_MEMORY(pszWellKnownSid);
-    *ppszWellKnownSid = NULL;
-
     goto cleanup;
 }
 
@@ -548,8 +595,11 @@ VmDirGetSidGenStateIfDomain_inlock(
         if ((pObjSidAttr = VmDirEntryFindAttribute(ATTR_OBJECT_SID, pEntry)) == NULL)
         {
             dwError = VMDIR_ERROR_INVALID_ENTRY;
-            BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, (pszLocalErrorMsg),
-                "VmDirGetSidGenStateIfDomain_inlock(): Domain object (%s), ATTR_OBJECT_SID not found", pszObjectDN );
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                    dwError,
+                    pszLocalErrorMsg,
+                    "VmDirGetSidGenStateIfDomain_inlock(): Domain object (%s), ATTR_OBJECT_SID not found",
+                    pszObjectDN);
         }
 
         if ((pRidSeqAttr = VmDirEntryFindAttribute(VDIR_ATTRIBUTE_SEQUENCE_RID, pEntry)) != NULL)
@@ -581,10 +631,11 @@ VmDirGetSidGenStateIfDomain_inlock(
     dwError = _VmDirSynchronizeRidSequence( pOrgState );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL,
-                    "Init Sid cache (%s) RID (%u)",
-                    pOrgState->pszDomainDn,
-                    pOrgState->dwDomainRidSeqence);
+    VMDIR_LOG_INFO(
+            VMDIR_LOG_MASK_ALL,
+            "Init Sid cache (%s) RID (%u)",
+            pOrgState->pszDomainDn,
+            pOrgState->dwDomainRidSeqence);
 
     LwRtlHashTableResizeAndInsert(gSidGenState.pHashtable, &pOrgState->Node, NULL);
 
@@ -603,9 +654,13 @@ VmDirGetSidGenStateIfDomain_inlock(
     VmDirFreeOrgState(pOrgState);
     pOrgState = NULL;
 
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirGetSidGenStateIfDomain_inlock() failed. Error code = %d, objectDN = %s, "
-                     "local error message = %s", dwError, VDIR_SAFE_STRING(pszObjectDN),
-                     VDIR_SAFE_STRING(pszLocalErrorMsg) );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "VmDirGetSidGenStateIfDomain_inlock() failed. Error code = %d, objectDN = %s, "
+            "local error message = %s",
+            dwError,
+            VDIR_SAFE_STRING(pszObjectDN),
+            VDIR_SAFE_STRING(pszLocalErrorMsg));
 
     goto cleanup;
 }
@@ -749,8 +804,7 @@ VmDirGenerateObjectRid(
     // Check to see whether current Rid hits the MAX
     if (dwRid+1 > MAX_RID_SEQUENCE)
     {
-        dwError = ERROR_RID_LIMIT_EXCEEDED;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_RID_LIMIT_EXCEEDED);
     }
 
     dwRid++;
@@ -848,15 +902,15 @@ _VmDirSynchronizeRidSequence(
     pDomainSidState->dwDomainRidSeqence = dwCnt;
 
 cleanup:
-
     VmDirFreeEntryArrayContent(&entryArray);
     VMDIR_SAFE_FREE_MEMORY(pszObjectSid);
-
     return dwError;
 
 error:
-
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirSynchronizeRidSequence failed (%d)", dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "_VmDirSynchronizeRidSequence failed (%d)",
+            dwError);
 
     goto cleanup;
 }
diff --git a/vmdir/server/acl/prototypes.h b/vmdir/server/acl/prototypes.h
index b28bffec0..2fc38ceb7 100644
--- a/vmdir/server/acl/prototypes.h
+++ b/vmdir/server/acl/prototypes.h
@@ -44,7 +44,6 @@ VmDirSyncRIDSeqToDB(
     );
 
 // acl.c
-
 DWORD
 VmDirGetObjectSidFromDn(
     PCSTR pszObjectDn,
@@ -52,27 +51,16 @@ VmDirGetObjectSidFromDn(
     );
 
 DWORD
-VmDirSrvCreateAccessTokenWithDn(
-    PCSTR pszObjectDn,
-    PACCESS_TOKEN* ppToken
-    );
-
-DWORD
-VmDirCreateAccessToken(
-    PACCESS_TOKEN*          AccessToken,
-    PTOKEN_USER             User,
-    PTOKEN_GROUPS           Groups,
-    PTOKEN_PRIVILEGES       Privileges,
-    PTOKEN_OWNER            Owner,
-    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
-    PTOKEN_DEFAULT_DACL     DefaultDacl
+VmDirCopyAces(
+    PACL    pSrcDacl,
+    PACL    pDestDacl
     );
 
 DWORD
-VmDirIsBindDnMemberOfSystemDomainAdmins(
-    PVDIR_BACKEND_CTX   pBECtx,
-    PVDIR_ACCESS_INFO   pAccessInfo,
-    PBOOLEAN            pbIsMemberOfAdmins
+VmDirMergeAces(
+    PACL    pDaclA,
+    PACL    pDaclB,
+    PACL*   ppMergedDacl
     );
 
 // legacy_checks.c
@@ -90,23 +78,37 @@ VmDirIsLegacySecurityDescriptor(
     );
 
 // security.c
-
 DWORD
 VmDirSetSecurityDescriptorForEntry(
+    PVDIR_ENTRY                     pEntry,
+    SECURITY_INFORMATION            SecurityInformation,
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRel,
+    ULONG                           ulSecDescRel
+    );
+
+DWORD
+VmDirAppendSecurityDescriptorForEntry(
+    PVDIR_ENTRY                     pEntry,
+    SECURITY_INFORMATION            securityInformation,
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRel,
+    ULONG                           ulSecDescRel,
+    BOOLEAN                         bReplaceOwnerAndGroup
+    );
+
+DWORD
+VmDirAppendAllowAceForEntry(
     PVDIR_ENTRY pEntry,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel,
-    ULONG ulSecDescRel
+    PCSTR       pszTrusteeDN,
+    ACCESS_MASK accessMask
     );
 
 DWORD
 VmDirSecurityAclSelfRelativeToAbsoluteSD(
-    PSECURITY_DESCRIPTOR_ABSOLUTE *ppAbsolute,
-    PSECURITY_DESCRIPTOR_RELATIVE pRelative
+    PSECURITY_DESCRIPTOR_ABSOLUTE*  ppAbsolute,
+    PSECURITY_DESCRIPTOR_RELATIVE   pRelative
     );
 
 // objectSid.c
-
 void
 VmDirFindDomainRidSequenceWithDN(
     PCSTR pszDomainDN,
@@ -120,12 +122,37 @@ VmDirGetSidGenStateIfDomain_inlock(
     PVDIR_DOMAIN_SID_GEN_STATE* ppDomainState
     );
 
+PCSTR
+VmDirFindDomainSid(
+    PCSTR   pszObjectDN
+    );
+
 // ridsyncthr.c
 DWORD
 VmDirInitRidSynchThr(
     PVDIR_THREAD_INFO* ppThrInfo
     );
 
+// token.c
+DWORD
+VmDirCreateAccessToken(
+    PACCESS_TOKEN*          AccessToken,
+    PTOKEN_USER             User,
+    PTOKEN_GROUPS           Groups,
+    PTOKEN_PRIVILEGES       Privileges,
+    PTOKEN_OWNER            Owner,
+    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
+    PTOKEN_DEFAULT_DACL     DefaultDacl
+    );
+
+// TODO:
+// this is temporary to avoid build error
+// remove once likewise-open is updated
+USHORT
+RtlGetAclSize(
+    IN PACL Acl
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/vmdir/server/acl/ridsyncthr.c b/vmdir/server/acl/ridsyncthr.c
index bd9905514..962f4a3ef 100644
--- a/vmdir/server/acl/ridsyncthr.c
+++ b/vmdir/server/acl/ridsyncthr.c
@@ -35,7 +35,7 @@ VmDirInitRidSynchThr(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirRidSyncThr,
                 pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/vmdir/server/acl/sdcalc.c b/vmdir/server/acl/sdcalc.c
index 9b0986e80..c298d794e 100644
--- a/vmdir/server/acl/sdcalc.c
+++ b/vmdir/server/acl/sdcalc.c
@@ -68,40 +68,47 @@ _VmDirSrvCreateAccessTokenForAdmin(
     PSTR pszBuiltinUsersGroupSid = NULL;
 
     dwError = _VmDirGenerateWellKnownBinarySid(
-                VMDIR_DOMAIN_USER_RID_ADMIN,
-                &user.User.Sid);
+            VMDIR_DOMAIN_USER_RID_ADMIN,
+            &user.User.Sid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     owner.Owner = user.User.Sid;
 
-    dwError = VmDirAllocateMemory(sizeof(TOKEN_GROUPS) + sizeof(SID_AND_ATTRIBUTES),
-                                  (PVOID*)&pGroups);
+    dwError = VmDirAllocateMemory(
+            sizeof(TOKEN_GROUPS) + sizeof(SID_AND_ATTRIBUTES),
+            (PVOID*)&pGroups);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     pGroups->GroupCount = 1;
 
     dwError = _VmDirGenerateWellKnownBinarySid(
-                VMDIR_DOMAIN_ALIAS_RID_ADMINS,
-                &pGroups->Groups[0].Sid);
+            VMDIR_DOMAIN_ALIAS_RID_ADMINS,
+            &pGroups->Groups[0].Sid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // SJ-TBD: should be set on the basis of status of the group??
     pGroups->Groups[0].Attributes = SE_GROUP_ENABLED;
 
-    dwError = VmDirGenerateWellknownSid(gVmdirServerGlobals.systemDomainDN.lberbv.bv_val, VMDIR_DOMAIN_ALIAS_RID_USERS, &pszBuiltinUsersGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            gVmdirServerGlobals.systemDomainDN.lberbv.bv_val,
+            VMDIR_DOMAIN_ALIAS_RID_USERS,
+            &pszBuiltinUsersGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Primary groups should be built-in\Users not admins
-    dwError = VmDirAllocateSidFromCString(pszBuiltinUsersGroupSid, &primaryGroup.PrimaryGroup);
+    dwError = VmDirAllocateSidFromCString(
+            pszBuiltinUsersGroupSid,
+            &primaryGroup.PrimaryGroup);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateAccessToken(&pToken,
-                                     &user,
-                                     pGroups,
-                                     &privileges,
-                                     &owner,
-                                     &primaryGroup,
-                                     &dacl);
+    dwError = VmDirCreateAccessToken(
+            &pToken,
+            &user,
+            pGroups,
+            &privileges,
+            &owner,
+            &primaryGroup,
+            &dacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppToken = pToken;
@@ -224,30 +231,40 @@ _VmDirGetSecurityDescriptorAttribute(
 static
 DWORD
 _VmDirGetSchemaDefaultSecurityDescriptor(
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE *ppSecDesc,
-    PULONG pulLength
+    PVDIR_ENTRY                     pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE   pParentSecDesc,
+    PSECURITY_DESCRIPTOR_RELATIVE*  ppSecDesc,
+    PULONG                          pulLength
     )
 {
-    DWORD dwError = 0;
+    DWORD   dwError = 0;
+    BOOLEAN bTmp = FALSE;
+    ULONG   ulLength = 0;
+    PCSTR   pszDomainSid = NULL;
+    PSTR    pszClassDn = NULL;
+    PSTR    pszDacl = NULL;
+    PSTR    pszOwnerSid = NULL;
+    PSTR    pszGroupSid = NULL;
+    PSTR    pszSecDesc = NULL;
+    PSID    pParentOwnerSid = NULL;
+    PSID    pParentGroupSid = NULL;
+    PVDIR_SCHEMA_OC_DESC    pOCDesc = NULL;
+    PVDIR_ENTRY     pOCEntry = NULL;
     PVDIR_ATTRIBUTE pAttr = NULL;
-    PVDIR_SCHEMA_OC_DESC pOCDesc = NULL;
-    PVDIR_ENTRY pOCEntry = NULL;
-    PSTR pszClassDn = NULL;
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
-    ULONG ulLength = 0;
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pParentSecDescAbs = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDesc = NULL;
 
     dwError = VmDirSchemaGetEntryStructureOCDesc(pEntry, &pOCDesc);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(
-                &pszClassDn,
-                "cn=%s,cn=schemacontext",
-                pOCDesc->pszName);
-    BAIL_ON_VMDIR_ERROR(dwError)
+            &pszClassDn,
+            "cn=%s,cn=schemacontext",
+            pOCDesc->pszName);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSimpleDNToEntry(pszClassDn, &pOCEntry);
-    if (dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND);
+    if (dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND)
     {
         //
         // This is being called for the class object itself, so there's
@@ -260,20 +277,95 @@ _VmDirGetSchemaDefaultSecurityDescriptor(
     pAttr = VmDirFindAttrByName(pOCEntry, ATTR_DEFAULT_SECURITY_DESCRIPTOR);
     if (pAttr)
     {
+        pszDomainSid = VmDirFindDomainSid(pEntry->dn.lberbv.bv_val);
+        if (IsNullOrEmptyString(pszDomainSid))
+        {
+            // special object such as schema, config, etc
+            // no need to fill in domain SID template
+            dwError = VmDirAllocateStringA(
+                    pAttr->vals[0].lberbv.bv_val,
+                    &pszDacl);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else
+        {
+            dwError = VmDirStringReplaceAll(
+                    pAttr->vals[0].lberbv.bv_val,
+                    VMDIR_NULL_SID_TEMPLATE,
+                    pszDomainSid,
+                    &pszDacl);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        if (pParentSecDesc)
+        {
+            // take parent's owner and group
+            dwError = VmDirSecurityAclSelfRelativeToAbsoluteSD(
+                    &pParentSecDescAbs, pParentSecDesc);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirGetOwnerSecurityDescriptor(
+                    pParentSecDescAbs, &pParentOwnerSid, &bTmp);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirGetGroupSecurityDescriptor(
+                    pParentSecDescAbs, &pParentGroupSid, &bTmp);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirAllocateCStringFromSid(
+                    &pszOwnerSid, pParentOwnerSid);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirAllocateCStringFromSid(
+                    &pszGroupSid, pParentGroupSid);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else
+        {
+            // use system domain administrator as default owner
+            // and system domain builtin admins group as default group
+            dwError = VmDirGenerateWellknownSid(
+                    gVmdirServerGlobals.systemDomainDN.lberbv.bv_val,
+                    VMDIR_DOMAIN_USER_RID_ADMIN,
+                    &pszOwnerSid);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirGenerateWellknownSid(
+                    gVmdirServerGlobals.systemDomainDN.lberbv.bv_val,
+                    VMDIR_DOMAIN_ALIAS_RID_ADMINS,
+                    &pszGroupSid);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        dwError = VmDirAllocateStringPrintf(
+                &pszSecDesc,
+                "O:%sG:%s%s",
+                pszOwnerSid,
+                pszGroupSid,
+                pszDacl);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         dwError = LwNtStatusToWin32Error(
-                    RtlAllocateSecurityDescriptorFromSddlCString(
+                RtlAllocateSecurityDescriptorFromSddlCString(
                         &pSecDesc,
                         &ulLength,
-                        pAttr->vals[0].lberbv.bv_val,
+                        pszSecDesc,
                         SDDL_REVISION_1));
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     *ppSecDesc = pSecDesc;
+
 cleanup:
+    VmDirFreeAbsoluteSecurityDescriptor(&pParentSecDescAbs);
     VMDIR_SAFE_FREE_STRINGA(pszClassDn);
+    VMDIR_SAFE_FREE_STRINGA(pszDacl);
+    VMDIR_SAFE_FREE_STRINGA(pszOwnerSid);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupSid);
+    VMDIR_SAFE_FREE_STRINGA(pszSecDesc);
     VmDirFreeEntry(pOCEntry);
     return dwError;
+
 error:
     goto cleanup;
 }
@@ -312,14 +404,20 @@ _VmDirLogSecurityDescriptor(
     PSTR pszAclString = NULL;
     DWORD dwError = 0;
 
-    dwError = LwNtStatusToWin32Error(RtlAllocateSddlCStringFromSecurityDescriptor(
-                                        &pszAclString,
-                                        pSecDesc,
-                                        SDDL_REVISION_1,
-                                        OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION));
+    dwError = LwNtStatusToWin32Error(
+            RtlAllocateSddlCStringFromSecurityDescriptor(
+                    &pszAclString,
+                    pSecDesc,
+                    SDDL_REVISION_1,
+                    OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION));
     if (dwError == 0)
     {
-        VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "Calculated SD %s for entry %s\n", pszAclString, pEntry->dn.lberbv.bv_val);
+        VMDIR_LOG_VERBOSE(
+                VMDIR_LOG_MASK_ALL,
+                "Calculated SD %s for entry %s",
+                pszAclString,
+                pEntry->dn.lberbv.bv_val);
+
         VMDIR_SAFE_FREE_STRINGA(pszAclString);
     }
 }
@@ -329,80 +427,105 @@ _VmDirLogSecurityDescriptor(
  * or ATTR_OBJECT_SECURITY_DESCRIPTOR attribute) then we'll use that. If one
  * isn't specified, then we'll use the defaultSecurityDescriptor from the
  * object's class's schema. If that doesn't exist then we'd normally use the SD
- * from the creator's access token (this is what AD does) but that will always
- * be NULL in our system (for now).
+ * from the creator's access token (this is what AD does).
  *
  * Whatever DACL we get from the step above we then combine with any
  * inheritable ACEs from the parent.
  */
 DWORD
 VmDirComputeObjectSecurityDescriptor(
-    PVDIR_ACCESS_INFO pAccessInfo,
-    PVDIR_ENTRY      pEntry,
-    PVDIR_ENTRY      pParentEntry
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ENTRY         pParentEntry
     )
 {
-    DWORD           dwError = 0;
+    DWORD   dwError = 0;
+    ULONG   ulLength = 0;
+    BOOLEAN bInternalEntry = FALSE;
+    PACCESS_TOKEN   pAccessToken = NULL;
+    PACCESS_TOKEN   pAdminAccessToken = NULL;
     PVDIR_ATTRIBUTE pObjectSdAttr = NULL;
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
-    PSECURITY_DESCRIPTOR_RELATIVE pParentSecDesc = NULL;
-    PSECURITY_DESCRIPTOR_RELATIVE pComputedSecDesc = NULL;
-    ULONG ulLength = 0;
-    PACCESS_TOKEN pAccessToken = NULL;
-    SECURITY_INFORMATION SecInfoAll = (OWNER_SECURITY_INFORMATION |
-                                       GROUP_SECURITY_INFORMATION |
-                                       DACL_SECURITY_INFORMATION |
-                                       SACL_SECURITY_INFORMATION);
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDesc = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pParentSecDesc = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pComputedSecDesc = NULL;
 
-    dwError = _VmDirGetSecurityDescriptorAttribute(pEntry, &pSecDesc, &ulLength);
+    SECURITY_INFORMATION    SecInfoAll =
+            OWNER_SECURITY_INFORMATION |
+            GROUP_SECURITY_INFORMATION |
+            DACL_SECURITY_INFORMATION |
+            SACL_SECURITY_INFORMATION;
+
+    // get access token
+    pAccessToken = pAccessInfo ? pAccessInfo->pAccessToken : NULL;
+
+    // if not provided, this entry is being internally created
+    bInternalEntry = pAccessToken ? FALSE : TRUE;
+
+    // get user provided SD
+    dwError = _VmDirGetSecurityDescriptorAttribute(
+            pEntry, &pSecDesc, &ulLength);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (pSecDesc == NULL)
+    // get parent entry SD if parent exists
+    if (pParentEntry)
     {
-        dwError = _VmDirGetSchemaDefaultSecurityDescriptor(
-                    pEntry,
-                    &pSecDesc,
-                    &ulLength);
+        dwError = VmDirGetSecurityDescriptorForEntry(
+                pParentEntry, SecInfoAll, &pParentSecDesc, &ulLength);
+
+        // parent entry may not have SD if it's also internally created
+        if (bInternalEntry && dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
+        {
+            dwError = 0;
+        }
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (pParentEntry)
+    // get class default SD if user didn't provide SD
+    if (!pSecDesc)
     {
-        dwError = VmDirGetSecurityDescriptorForEntry(
-                    pParentEntry,
-                    SecInfoAll,
-                    &pParentSecDesc,
-                    &ulLength);
+        dwError = _VmDirGetSchemaDefaultSecurityDescriptor(
+                pEntry, pParentSecDesc, &pSecDesc, &ulLength);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    if (pParentSecDesc == NULL && pSecDesc == NULL)
+    // check if it doens't have SD to set
+    if (!pParentSecDesc && !pSecDesc)
     {
-        //
-        // This particular error code is handled specially. We might want to
-        // change this to return success.
-        //
+        // if internal entry, log warning and exit gracefully
+        if (bInternalEntry)
+        {
+            VMDIR_LOG_WARNING(
+                    LDAP_DEBUG_ACL,
+                    "%s: entry (%s) has no SD to set ",
+                    __FUNCTION__,
+                    VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val));
+
+            goto cleanup;
+        }
+
+        // otherwise, return appropriate error code
         BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_NO_SECURITY_DESCRIPTOR);
     }
 
-    if (pAccessInfo->pAccessToken == NULL)
+    // use admin access token for internal entry
+    if (bInternalEntry)
     {
-        dwError = _VmDirSrvCreateAccessTokenForAdmin(&pAccessToken);
+        dwError = _VmDirSrvCreateAccessTokenForAdmin(&pAdminAccessToken);
         BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        pAccessToken = pAccessInfo->pAccessToken;
+
+        pAccessToken = pAdminAccessToken;
     }
 
-    if (pParentSecDesc != NULL && VmDirIsLegacySecurityDescriptor())
+    // handle legacy SD
+    if (VmDirIsLegacySecurityDescriptor())
     {
-        if (pSecDesc == NULL)
+        if (pParentSecDesc && !pSecDesc)
         {
             dwError = VmDirAllocateMemory(ulLength, (PVOID*)&pComputedSecDesc);
             BAIL_ON_VMDIR_ERROR(dwError);
 
-            dwError = VmDirCopyMemory(pComputedSecDesc, ulLength, pParentSecDesc, ulLength);
+            dwError = VmDirCopyMemory(
+                    pComputedSecDesc, ulLength, pParentSecDesc, ulLength);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else
@@ -411,95 +534,71 @@ VmDirComputeObjectSecurityDescriptor(
             pSecDesc = NULL;
         }
     }
+    // handle regular SD
     else
     {
-        dwError = LwNtStatusToWin32Error( RtlCreatePrivateObjectSecurityEx(
-                                            pParentSecDesc,
-                                            pSecDesc,
-                                            &pComputedSecDesc,
-                                            &ulLength,
-                                            NULL,
-                                            _VmDirIsContainer(pEntry),
-                                            SEF_DACL_AUTO_INHERIT | SEF_DEFAULT_OWNER_FROM_PARENT | SEF_DEFAULT_GROUP_FROM_PARENT,
-                                            pAccessToken,
-                                            &gVmDirEntryGenericMapping));
+        dwError = LwNtStatusToWin32Error(
+                RtlCreatePrivateObjectSecurityEx(
+                        pParentSecDesc,
+                        pSecDesc,
+                        &pComputedSecDesc,
+                        &ulLength,
+                        NULL,
+                        _VmDirIsContainer(pEntry),
+                        SEF_DACL_AUTO_INHERIT | SEF_DEFAULT_OWNER_FROM_PARENT | SEF_DEFAULT_GROUP_FROM_PARENT,
+                        pAccessToken,
+                        &gVmDirEntryGenericMapping));
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    // log final SD
     _VmDirLogSecurityDescriptor(pEntry, pComputedSecDesc);
 
+    // add the final SD to the entry
     dwError = VmDirAttributeAllocate(
-                    ATTR_OBJECT_SECURITY_DESCRIPTOR,
-                    1,
-                    pEntry->pSchemaCtx,
-                    &pObjectSdAttr);
+            ATTR_OBJECT_SECURITY_DESCRIPTOR,
+            1,
+            pEntry->pSchemaCtx,
+            &pObjectSdAttr);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     pObjectSdAttr->vals[0].lberbv.bv_val = (PSTR)pComputedSecDesc;
     pObjectSdAttr->vals[0].lberbv.bv_len = ulLength;
+    pObjectSdAttr->vals[0].bOwnBvVal = TRUE;
     pComputedSecDesc = NULL;
 
-    //
-    // Add a terminating NULL as some code assumes that these values are
-    // NULL-terminated, even though this value isn't a string.
-    //
+    // add a terminating NULL as some code assumes that these values are
+    // NULL-terminated, even though this value isn't a string
     dwError = VmDirReallocateMemoryWithInit(
-                    (PVOID)pObjectSdAttr->vals[0].lberbv.bv_val,
-                    (PVOID *)(&pObjectSdAttr->vals[0].lberbv.bv_val),
-                    pObjectSdAttr->vals[0].lberbv.bv_len+1,
-                    pObjectSdAttr->vals[0].lberbv.bv_len);
+            (PVOID)pObjectSdAttr->vals[0].lberbv.bv_val,
+            (PVOID *)(&pObjectSdAttr->vals[0].lberbv.bv_val),
+            pObjectSdAttr->vals[0].lberbv.bv_len+1,
+            pObjectSdAttr->vals[0].lberbv.bv_len);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pObjectSdAttr->vals[0].bOwnBvVal = TRUE;
-
     dwError = VmDirEntryAddAttribute(pEntry, pObjectSdAttr);
     BAIL_ON_VMDIR_ERROR(dwError);
     pObjectSdAttr = NULL;
 
-    dwError = VmDirGenerateAttrMetaData(pEntry,
-                                        ATTR_OBJECT_SECURITY_DESCRIPTOR);
+    dwError = VmDirGenerateAttrMetaData(
+            pEntry, ATTR_OBJECT_SECURITY_DESCRIPTOR);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    if (pComputedSecDesc != NULL)
-    {
-        LwRtlMemoryFree(pComputedSecDesc);
-    }
+    VmDirReleaseAccessToken(&pAdminAccessToken);
+    VMDIR_SAFE_FREE_MEMORY(pComputedSecDesc);
     VMDIR_SAFE_FREE_MEMORY(pParentSecDesc);
     VMDIR_SAFE_FREE_MEMORY(pSecDesc);
-
-    if (pAccessToken != pAccessInfo->pAccessToken)
-    {
-        VmDirReleaseAccessToken(&pAccessToken);
-    }
-
+    VmDirFreeAttribute(pObjectSdAttr);
     return dwError;
 
 error:
-    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
-    {
-        // Some initial objects created during startup/vdcpromo do not have SD. Their SD is setup after cn=Administrator,...
-        // object is created
-        VMDIR_LOG_WARNING( LDAP_DEBUG_ACL, "VmDirComputeObjectSecurityDescriptor failed for (%s), error code (%d)",
-                           VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val), dwError );
-    }
-    else
-    {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirComputeObjectSecurityDescriptor failed for (%s), error code (%d)",
-                         VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val), dwError );
-    }
-
-    if (pObjectSdAttr)
-    {
-        VmDirFreeAttribute(pObjectSdAttr);
-    }
-
-    // ignore if cannot find a SD from parentEntry (during instance set up
-    // parent does not have SD, until an admin can be created to generate SD
-    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
-    {
-        dwError = 0;
-    }
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed for (%s), error code (%d)",
+            __FUNCTION__,
+            VDIR_SAFE_STRING(pEntry->dn.lberbv.bv_val),
+            dwError);
 
     goto cleanup;
 }
diff --git a/vmdir/server/acl/security.c b/vmdir/server/acl/security.c
index bd1d19cf1..991e180de 100644
--- a/vmdir/server/acl/security.c
+++ b/vmdir/server/acl/security.c
@@ -36,10 +36,10 @@ VmDirInternalUpdateObjectSD(
 
 DWORD
 VmDirGetSecurityDescriptorForEntry(
-    PVDIR_ENTRY pEntry,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE* ppSecDesc,
-    PULONG pulSecDescLength
+    PVDIR_ENTRY                     pEntry,
+    SECURITY_INFORMATION            SecurityInformation,
+    PSECURITY_DESCRIPTOR_RELATIVE*  ppSecDesc,
+    PULONG                          pulSecDescLength
     )
 {
     DWORD dwError = ERROR_SUCCESS;
@@ -135,8 +135,8 @@ VmDirGetSecurityDescriptorForEntry(
 
 DWORD
 VmDirSetSecurityDescriptorForDn(
-    PCSTR pszObjectDn,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     )
 {
     DWORD dwError = ERROR_SUCCESS;
@@ -145,18 +145,24 @@ VmDirSetSecurityDescriptorForDn(
     dwError = VmDirSimpleDNToEntry(pszObjectDn, &pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSetSecurityDescriptorForEntry(pEntry,
-                                                 pSecDesc->SecInfo,
-                                                 pSecDesc->pSecDesc,
-                                                 pSecDesc->ulSecDesc);
+    dwError = VmDirSetSecurityDescriptorForEntry(
+            pEntry,
+            pSecDesc->SecInfo,
+            pSecDesc->pSecDesc,
+            pSecDesc->ulSecDesc);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     VmDirFreeEntry(pEntry);
-
     return dwError;
 
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -166,8 +172,8 @@ VmDirSetSecurityDescriptorForDn(
 //
 DWORD
 VmDirSetRecursiveSecurityDescriptorForDn(
-    PCSTR pszObjectDn,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     )
 {
     DWORD dwError = 0;
@@ -201,138 +207,544 @@ VmDirSetRecursiveSecurityDescriptorForDn(
     dwError = pBE->pfnBEConfigureFsync(TRUE);
     VmDirFreeEntryArrayContent(&entryArray);
     return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
-// This function is only used internally to add SD for a given entry during
-// instance bootstrap
-// normal SD should be set up during object 'ADD' or modified during object 'MOD'
-// with correct permissions granted
+// This function is only used internally to reset SD for a given entry
+// during instance bootstrap
+//
+// normal SD should be set up during object 'ADD' or modified during
+// object 'MOD' with correct permissions granted
 DWORD
 VmDirSetSecurityDescriptorForEntry(
-    PVDIR_ENTRY pEntry,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel,
-    ULONG ulSecDescRel
+    PVDIR_ENTRY                     pEntry,
+    SECURITY_INFORMATION            securityInformation,
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRel,
+    ULONG                           ulSecDescRel
     )
 {
-    DWORD dwError = VMDIR_ERROR_INSUFFICIENT_ACCESS;
-    PSECURITY_DESCRIPTOR_RELATIVE pNewSecDescRel = NULL;
-    ULONG ulNewSecDescLen = 0;
-    // Do not free
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet = NULL;
-    ULONG ulSecDescToSetLen = 0;
-    PVDIR_ATTRIBUTE pObjectSdExist = NULL;
+    DWORD   dwError = 0;
+    ULONG   ulCurSecDescRel = 0;
+    ULONG   ulTmpSecDescRel = 0;
+    ULONG   ulNewSecDescRel = 0;
+    PVDIR_ATTRIBUTE pCurSDAttr = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pCurSecDescRel = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pTmpSecDescRel = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pNewSecDescRel = NULL;
+
+    if (!pEntry || !securityInformation)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (!VmDirValidRelativeSecurityDescriptor(
+            pSecDescRel, ulSecDescRel, securityInformation))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_SECURITY_DESCR);
+    }
 
+    // Entry's SD is not cached yet
+    pCurSDAttr = VmDirEntryFindAttribute(
+            ATTR_OBJECT_SECURITY_DESCRIPTOR, pEntry);
 
-    /* Sanity checks */
-    if (SecurityInformation == 0)
+    if (pCurSDAttr)
     {
-        dwError = ERROR_INVALID_PARAMETER;
+        pCurSecDescRel = (PSECURITY_DESCRIPTOR_RELATIVE)pCurSDAttr->vals[0].lberbv.bv_val;
+        ulCurSecDescRel = (ULONG)pCurSDAttr->vals[0].lberbv.bv_len;
+
+        ulTmpSecDescRel = ulCurSecDescRel + ulSecDescRel;
+
+        dwError = VmDirAllocateMemory(
+                ulTmpSecDescRel + 1, (PVOID*)&pTmpSecDescRel);
         BAIL_ON_VMDIR_ERROR(dwError);
+
+        // note: this is going to replace existing SD
+        dwError = VmDirSetSecurityDescriptorInfo(
+                securityInformation,
+                pSecDescRel,
+                pCurSecDescRel,
+                pTmpSecDescRel,
+                &ulTmpSecDescRel,
+                &gVmDirEntryGenericMapping);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pNewSecDescRel = pTmpSecDescRel;
+        ulNewSecDescRel = ulTmpSecDescRel;
     }
+    else
+    {
+        pNewSecDescRel = pSecDescRel;
+        ulNewSecDescRel = ulSecDescRel;
+    }
+
+    // Modify entry's SD
+    dwError = VmDirInternalUpdateObjectSD(
+            pEntry,
+            pCurSDAttr ? TRUE : FALSE,
+            pNewSecDescRel,
+            ulNewSecDescRel);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (!VmDirValidRelativeSecurityDescriptor(pSecDescRel, ulSecDescRel, SecurityInformation))
+    // Update pEntry SD cache
+    dwError = VmDirEntryCacheSecurityDescriptor(
+            pEntry, pNewSecDescRel, ulNewSecDescRel);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pTmpSecDescRel);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirAppendSecurityDescriptorForDn(
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc,
+    BOOLEAN                     bReplaceOwnerAndGroup
+    )
+{
+    DWORD dwError = ERROR_SUCCESS;
+    PVDIR_ENTRY pEntry = NULL;
+
+    dwError = VmDirSimpleDNToEntry(pszObjectDn, &pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAppendSecurityDescriptorForEntry(
+            pEntry,
+            pSecDesc->SecInfo,
+            pSecDesc->pSecDesc,
+            pSecDesc->ulSecDesc,
+            bReplaceOwnerAndGroup);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeEntry(pEntry);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+// This function is only used internally to extend SD for a given entry
+// during instance bootstrap
+DWORD
+VmDirAppendSecurityDescriptorForEntry(
+    PVDIR_ENTRY                     pEntry,
+    SECURITY_INFORMATION            securityInformation,
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRel,
+    ULONG                           ulSecDescRel,
+    BOOLEAN                         bReplaceOwnerAndGroup
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bTmp = FALSE;
+    ULONG   ulTmpSecDescRel = 0;
+    PACL    pInDacl = NULL;
+    PACL    pCurDacl = NULL;
+    PSID    pOwnerSid = NULL;
+    PSID    pGroupSid = NULL;
+    PACL    pNewDacl = NULL;
+    PSID    pNewOwnerSid = NULL;
+    PSID    pNewGroupSid = NULL;
+    ULONG   ulNewSecDescRel = 0;
+    PVDIR_ATTRIBUTE pCurSDAttr = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pInSecDescAbs = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pCurSecDescRel = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pCurSecDescAbs = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pTmpSecDescRel = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pNewSecDescRel = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pNewSecDescAbs = NULL;
+
+    if (!pEntry || !securityInformation)
     {
-        dwError = ERROR_INVALID_SECURITY_DESCR;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (!VmDirValidRelativeSecurityDescriptor(
+            pSecDescRel, ulSecDescRel, securityInformation))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, ERROR_INVALID_SECURITY_DESCR);
     }
 
     // Entry's SD is not cached yet
-    pObjectSdExist = VmDirEntryFindAttribute(
-                                     ATTR_OBJECT_SECURITY_DESCRIPTOR,
-                                     pEntry);
+    pCurSDAttr = VmDirEntryFindAttribute(
+            ATTR_OBJECT_SECURITY_DESCRIPTOR, pEntry);
 
-    if (pObjectSdExist)
+    if (pCurSDAttr)
     {
-        if (
-             ( pObjectSdExist->vals[0].lberbv.bv_len < 0 )
-             ||
-             (pObjectSdExist->vals[0].lberbv.bv_len > ULONG_MAX)
-           )
+        pCurSecDescRel = (PSECURITY_DESCRIPTOR_RELATIVE)pCurSDAttr->vals[0].lberbv.bv_val;
+
+        // convert input relative SD to absolute SD
+        dwError = VmDirSecurityAclSelfRelativeToAbsoluteSD(
+                &pInSecDescAbs, pSecDescRel);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirGetDaclSecurityDescriptor(
+                pInSecDescAbs, &bTmp, &pInDacl, &bTmp);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // convert current relative SD to absolute SD
+        dwError = VmDirSecurityAclSelfRelativeToAbsoluteSD(
+                &pCurSecDescAbs, pCurSecDescRel);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirGetDaclSecurityDescriptor(
+                pCurSecDescAbs, &bTmp, &pCurDacl, &bTmp);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // construct new absolute SD
+        dwError = VmDirCreateSecurityDescriptorAbsolute(&pNewSecDescAbs);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (bReplaceOwnerAndGroup)
         {
-            dwError = ERROR_INVALID_SECURITY_DESCR;
+            dwError = VmDirGetOwnerSecurityDescriptor(
+                    pInSecDescAbs, &pOwnerSid, &bTmp);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = VmDirGetGroupSecurityDescriptor(
+                    pInSecDescAbs, &pGroupSid, &bTmp);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
+        else
+        {
+            dwError = VmDirGetOwnerSecurityDescriptor(
+                    pCurSecDescAbs, &pOwnerSid, &bTmp);
+            BAIL_ON_VMDIR_ERROR(dwError);
 
-        ulNewSecDescLen = (ULONG)pObjectSdExist->vals[0].lberbv.bv_len + ulSecDescRel;
+            dwError = VmDirGetGroupSecurityDescriptor(
+                    pCurSecDescAbs, &pGroupSid, &bTmp);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
 
-        dwError = VmDirAllocateMemory(ulNewSecDescLen+1, (PVOID*)&pNewSecDescRel);
+        dwError = RtlDuplicateSid(&pNewOwnerSid, pOwnerSid);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirSetSecurityDescriptorInfo(
-                      SecurityInformation,
-                      pSecDescRel,
-                      (PSECURITY_DESCRIPTOR_RELATIVE)pObjectSdExist->vals[0].lberbv.bv_val,
-                      pNewSecDescRel,
-                      &ulNewSecDescLen,
-                      &gVmDirEntryGenericMapping);
+        dwError = RtlDuplicateSid(&pNewGroupSid, pGroupSid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirMergeAces(pCurDacl, pInDacl, &pNewDacl);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirSetOwnerSecurityDescriptor(
+                pNewSecDescAbs, pNewOwnerSid, FALSE);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pNewOwnerSid = NULL;
+
+        dwError = VmDirSetGroupSecurityDescriptor(
+                pNewSecDescAbs, pNewGroupSid, FALSE);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pNewGroupSid = NULL;
+
+        dwError = VmDirSetDaclSecurityDescriptor(
+                pNewSecDescAbs, TRUE, pNewDacl, FALSE);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pNewDacl = NULL;
+
+        // convert new absolute SD to relative SD
+        dwError = VmDirAbsoluteToSelfRelativeSD(
+                pNewSecDescAbs, NULL, &ulTmpSecDescRel);
+        BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
+
+        dwError = VmDirAllocateMemory(
+                ulTmpSecDescRel, (PVOID*)&pTmpSecDescRel);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAbsoluteToSelfRelativeSD(
+                pNewSecDescAbs, pTmpSecDescRel, &ulTmpSecDescRel);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        pSecDescRelToSet = pNewSecDescRel;
-        ulSecDescToSetLen = ulNewSecDescLen;
+        pNewSecDescRel = pTmpSecDescRel;
+        ulNewSecDescRel = ulTmpSecDescRel;
     }
     else
     {
-        pSecDescRelToSet = pSecDescRel;
-        ulSecDescToSetLen = ulSecDescRel;
+        pNewSecDescRel = pSecDescRel;
+        ulNewSecDescRel = ulSecDescRel;
     }
 
     // Modify entry's SD
-    dwError = VmDirInternalUpdateObjectSD(pEntry,
-                                          pObjectSdExist?TRUE:FALSE,
-                                          pSecDescRelToSet,
-                                          ulSecDescToSetLen);
+    dwError = VmDirInternalUpdateObjectSD(
+            pEntry,
+            pCurSDAttr ? TRUE : FALSE,
+            pNewSecDescRel,
+            ulNewSecDescRel);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Update pEntry SD cache
-    dwError = VmDirEntryCacheSecurityDescriptor(pEntry, pSecDescRelToSet, ulSecDescToSetLen);
+    dwError = VmDirEntryCacheSecurityDescriptor(
+            pEntry, pNewSecDescRel, ulNewSecDescRel);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+cleanup:
+    VmDirFreeAbsoluteSecurityDescriptor(&pNewSecDescAbs);
+    VmDirFreeAbsoluteSecurityDescriptor(&pCurSecDescAbs);
+    VmDirFreeAbsoluteSecurityDescriptor(&pInSecDescAbs);
+    VMDIR_SAFE_FREE_MEMORY(pTmpSecDescRel);
+    VMDIR_SAFE_FREE_MEMORY(pNewOwnerSid);
+    VMDIR_SAFE_FREE_MEMORY(pNewGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pNewDacl);
+    return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+DWORD
+VmDirAppendAllowAceForDn(
+    PCSTR       pszObjectDn,
+    PCSTR       pszTrusteeDN,
+    ACCESS_MASK accessMask
+    )
+{
+    DWORD dwError = ERROR_SUCCESS;
+    PVDIR_ENTRY pEntry = NULL;
+
+    dwError = VmDirSimpleDNToEntry(pszObjectDn, &pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAppendAllowAceForEntry(pEntry, pszTrusteeDN, accessMask);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeEntry(pEntry);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+// This function is only used internally to extend SD for a given entry
+// during instance bootstrap
+DWORD
+VmDirAppendAllowAceForEntry(
+    PVDIR_ENTRY pEntry,
+    PCSTR       pszTrusteeDN,
+    ACCESS_MASK accessMask
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bTmp = FALSE;
+    ULONG   ulTmpLen = 0;
+    ULONG   ulNewDaclLen = 0;
+    ULONG   ulNewSecDescLen = 0;
+    PSID    pTrusteeSid = NULL;
+    PACL    pCurDacl = NULL;
+    PACL    pNewDacl = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pCurSecDescRel = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pNewSecDescAbs = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pNewSecDescRel = NULL;
+
+    SECURITY_INFORMATION    SecInfoAll =
+            OWNER_SECURITY_INFORMATION |
+            GROUP_SECURITY_INFORMATION |
+            DACL_SECURITY_INFORMATION |
+            SACL_SECURITY_INFORMATION;
+
+    if (!pEntry || IsNullOrEmptyString(pszTrusteeDN))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // get trustee SID
+    dwError = VmDirGetObjectSidFromDn(pszTrusteeDN, &pTrusteeSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // get current SD and DACL
+    dwError = VmDirGetSecurityDescriptorForEntry(
+            pEntry, SecInfoAll, &pCurSecDescRel, &ulTmpLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSecurityAclSelfRelativeToAbsoluteSD(
+            &pNewSecDescAbs, pCurSecDescRel);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetDaclSecurityDescriptor(
+            pNewSecDescAbs, &bTmp, &pCurDacl, &bTmp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // build new DACL and replace old DACL
+    ulNewDaclLen = RtlGetAclSize(pCurDacl) +
+            sizeof(ACCESS_ALLOWED_ACE) + VmDirLengthSid(pTrusteeSid);
+
+    dwError = VmDirAllocateMemory(ulNewDaclLen, (PVOID*)&pNewDacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCreateAcl(pNewDacl, ulNewDaclLen, ACL_REVISION);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCopyAces(pCurDacl, pNewDacl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAddAccessAllowedAceEx(
+            pNewDacl, ACL_REVISION, 0, accessMask, pTrusteeSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetDaclSecurityDescriptor(
+            pNewSecDescAbs, TRUE, pNewDacl, FALSE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pCurDacl);
+    pNewDacl = NULL;
+
+    // convert new absolute SD to relative SD
+    dwError = VmDirAbsoluteToSelfRelativeSD(
+            pNewSecDescAbs, NULL, &ulNewSecDescLen);
+    BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
+
+    dwError = VmDirAllocateMemory(
+            ulNewSecDescLen, (PVOID*)&pNewSecDescRel);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAbsoluteToSelfRelativeSD(
+            pNewSecDescAbs, pNewSecDescRel, &ulNewSecDescLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // modify entry's SD
+    dwError = VmDirInternalUpdateObjectSD(
+            pEntry, TRUE, pNewSecDescRel, ulNewSecDescLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
+    // update pEntry SD cache
+    dwError = VmDirEntryCacheSecurityDescriptor(
+            pEntry, pNewSecDescRel, ulNewSecDescLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeAbsoluteSecurityDescriptor(&pNewSecDescAbs);
     VMDIR_SAFE_FREE_MEMORY(pNewSecDescRel);
+    VMDIR_SAFE_FREE_MEMORY(pCurSecDescRel);
+    VMDIR_SAFE_FREE_MEMORY(pTrusteeSid);
+    VMDIR_SAFE_FREE_MEMORY(pNewDacl);
+    return dwError;
 
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirSetDefaultSecurityDescriptorForClass(
+    PCSTR   pszClassName,
+    PCSTR   pszDacl
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszClassDN = NULL;
+    VDIR_BERVALUE   berval = VDIR_BERVALUE_INIT;
+    VDIR_OPERATION  ldapOp = {0};
+
+    if (IsNullOrEmptyString(pszClassName) || IsNullOrEmptyString(pszDacl))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszClassDN, "cn=%s,cn=schemacontext", pszClassName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInitStackOperation(
+            &ldapOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_MODIFY, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ldapOp.pBEIF = VmDirBackendSelect(NULL);
+    ldapOp.reqDn.lberbv_val = pszClassDN;
+    ldapOp.reqDn.lberbv_len = VmDirStringLenA(pszClassDN);
+    ldapOp.request.modifyReq.dn.lberbv_val = ldapOp.reqDn.lberbv_val;
+    ldapOp.request.modifyReq.dn.lberbv_len = ldapOp.reqDn.lberbv_len;
+
+    dwError = VmDirStringToBervalContent(pszDacl, &berval);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirOperationAddModReq(
+            &ldapOp, MOD_OP_ADD, ATTR_DEFAULT_SECURITY_DESCRIPTOR, &berval, 1);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInternalModifyEntry(&ldapOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszClassDN);
+    VmDirFreeOperationContent(&ldapOp);
+    VmDirFreeBervalContent(&berval);
     return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed for (%s), error code (%d)",
+            __FUNCTION__,
+            VDIR_SAFE_STRING(pszClassName),
+            dwError);
+
+    goto cleanup;
 }
 
 DWORD
 VmDirSecurityAclSelfRelativeToAbsoluteSD(
-    PSECURITY_DESCRIPTOR_ABSOLUTE *ppAbsolute,
-    PSECURITY_DESCRIPTOR_RELATIVE pRelative
+    PSECURITY_DESCRIPTOR_ABSOLUTE*  ppAbsolute,
+    PSECURITY_DESCRIPTOR_RELATIVE   pRelative
     )
 {
-    DWORD dwError = ERROR_SUCCESS;
-    PSECURITY_DESCRIPTOR_ABSOLUTE pAbsolute = NULL;
-    PSID pOwnerSid = NULL;
-    PSID pGroupSid = NULL;
-    PACL pDacl = NULL;
-    PACL pSacl = NULL;
-    ULONG ulSecDescAbsSize = 0;
-    ULONG ulOwnerSize = 0;
-    ULONG ulGroupSize = 0;
-    ULONG ulDaclSize = 0;
-    ULONG ulSaclSize = 0;
+    DWORD   dwError = ERROR_SUCCESS;
+    ULONG   ulSecDescAbsSize = 0;
+    ULONG   ulOwnerSize = 0;
+    ULONG   ulGroupSize = 0;
+    ULONG   ulDaclSize = 0;
+    ULONG   ulSaclSize = 0;
+    PSID    pOwnerSid = NULL;
+    PSID    pGroupSid = NULL;
+    PACL    pDacl = NULL;
+    PACL    pSacl = NULL;
+    PSECURITY_DESCRIPTOR_ABSOLUTE   pAbsolute = NULL;
 
     /* Get the necessary sizes */
-
     dwError = VmDirSelfRelativeToAbsoluteSD(
-                 pRelative,
-                 pAbsolute,
-                 &ulSecDescAbsSize,
-                 pDacl,
-                 &ulDaclSize,
-                 pSacl,
-                 &ulSaclSize,
-                 pOwnerSid,
-                 &ulOwnerSize,
-                 pGroupSid,
-                 &ulGroupSize);
-    if (dwError != ERROR_INSUFFICIENT_BUFFER)
-    {
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+            pRelative,
+            pAbsolute, &ulSecDescAbsSize,
+            pDacl, &ulDaclSize,
+            pSacl, &ulSaclSize,
+            pOwnerSid, &ulOwnerSize,
+            pGroupSid, &ulGroupSize);
+    BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
 
     dwError = VmDirCreateSecurityDescriptorAbsolute(&pAbsolute);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -362,17 +774,12 @@ VmDirSecurityAclSelfRelativeToAbsoluteSD(
     }
 
     dwError = VmDirSelfRelativeToAbsoluteSD(
-                 pRelative,
-                 pAbsolute,
-                 &ulSecDescAbsSize,
-                 pDacl,
-                 &ulDaclSize,
-                 pSacl,
-                 &ulSaclSize,
-                 pOwnerSid,
-                 &ulOwnerSize,
-                 pGroupSid,
-                 &ulGroupSize);
+            pRelative,
+            pAbsolute, &ulSecDescAbsSize,
+            pDacl, &ulDaclSize,
+            pSacl, &ulSaclSize,
+            pOwnerSid, &ulOwnerSize,
+            pGroupSid, &ulGroupSize);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppAbsolute = pAbsolute;
@@ -386,7 +793,46 @@ VmDirSecurityAclSelfRelativeToAbsoluteSD(
     VMDIR_SAFE_FREE_MEMORY(pDacl);
     VMDIR_SAFE_FREE_MEMORY(pSacl);
     VMDIR_SAFE_FREE_MEMORY(pAbsolute);
+    goto cleanup;
+}
 
+DWORD
+VmDirEntryCacheSecurityDescriptor(
+    PVDIR_ENTRY pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
+    ULONG ulSecDescToSetLen
+    )
+{
+    DWORD dwError = ERROR_SUCCESS;
+
+    if (!pEntry->pAclCtx)
+    {
+        dwError = VmDirAllocateMemory(sizeof(*pEntry->pAclCtx), (PVOID*)&pEntry->pAclCtx);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        VmDirAclCtxContentFree(pEntry->pAclCtx);
+    }
+
+    dwError = VmDirAllocateMemory(ulSecDescToSetLen, (PVOID*)&pEntry->pAclCtx->pSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCopyMemory(
+            pEntry->pAclCtx->pSecurityDescriptor,
+            ulSecDescToSetLen,
+            pSecDescRelToSet,
+            ulSecDescToSetLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry->pAclCtx->ulSecDescLength = ulSecDescToSetLen;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDirAclCtxContentFree(pEntry->pAclCtx);
+    VMDIR_SAFE_FREE_MEMORY(pEntry->pAclCtx);
     goto cleanup;
 }
 
@@ -511,42 +957,3 @@ VmDirInternalUpdateObjectSD(
 error:
     goto cleanup;
 }
-
-DWORD
-VmDirEntryCacheSecurityDescriptor(
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
-    ULONG ulSecDescToSetLen
-    )
-{
-    DWORD dwError = ERROR_SUCCESS;
-
-    if (!pEntry->pAclCtx)
-    {
-        dwError = VmDirAllocateMemory(sizeof(*pEntry->pAclCtx), (PVOID*)&pEntry->pAclCtx);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        VmDirAclCtxContentFree(pEntry->pAclCtx);
-    }
-
-    dwError = VmDirAllocateMemory(ulSecDescToSetLen, (PVOID*)&pEntry->pAclCtx->pSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCopyMemory(
-                pEntry->pAclCtx->pSecurityDescriptor,
-                ulSecDescToSetLen,
-                pSecDescRelToSet,
-                ulSecDescToSetLen);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pEntry->pAclCtx->ulSecDescLength = ulSecDescToSetLen;
-
-cleanup:
-    return dwError;
-error:
-    VmDirAclCtxContentFree(pEntry->pAclCtx);
-    VMDIR_SAFE_FREE_MEMORY(pEntry->pAclCtx);
-    goto cleanup;
-}
diff --git a/vmdir/server/acl/token.c b/vmdir/server/acl/token.c
index 1481ff722..7a528f391 100644
--- a/vmdir/server/acl/token.c
+++ b/vmdir/server/acl/token.c
@@ -16,71 +16,30 @@
 
 #include "includes.h"
 
-DWORD
-VmDirCreateAccessToken(
-    PACCESS_TOKEN*          AccessToken,
-    PTOKEN_USER             User,
-    PTOKEN_GROUPS           Groups,
-    PTOKEN_PRIVILEGES       Privileges,
-    PTOKEN_OWNER            Owner,
-    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
-    PTOKEN_DEFAULT_DACL     DefaultDacl
-    );
-
 static
 DWORD
 _VmDirBuildTokenGroups(
     PVDIR_ENTRY     pEntry,
     PCSTR           pszBuiltinUsersGroupSid,
-    PTOKEN_GROUPS * ppTokenGroups
+    PCSTR           pszDomainClientsGroupSid,
+    PTOKEN_GROUPS*  ppTokenGroups
     );
 
-// Create access token for the bind
-DWORD
-VmDirSrvCreateAccessTokenWithDn(
-    PCSTR           pszObjectDn,
-    PACCESS_TOKEN*  ppToken
-    )
-{
-    DWORD           dwError = ERROR_SUCCESS;
-    PVDIR_ENTRY     pEntry = NULL;
-    PACCESS_TOKEN   pToken = NULL;
-
-    dwError = VmDirSimpleDNToEntry(pszObjectDn, &pEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateAccessTokenWithEntry(pEntry, &pToken, NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppToken = pToken;
-
-cleanup:
-
-    if (pEntry)
-    {
-        VmDirFreeEntry(pEntry);
-    }
-
-    return dwError;
-
-error:
-    if (pToken)
-    {
-        VmDirReleaseAccessToken(&pToken);
-    }
-
-    goto cleanup;
-}
+static
+VOID
+_VmDirFreeTokenGroups(
+    PTOKEN_GROUPS   pGroups
+    );
 
 DWORD
 VmDirSrvCreateAccessTokenWithEntry(
     PVDIR_ENTRY     pEntry,
     PACCESS_TOKEN*  ppToken,
-    PSTR *          ppszObjectSid /* Optional */
+    PSTR*           ppszObjectSid
     )
 {
     DWORD               dwError = ERROR_SUCCESS;
-    PACCESS_TOKEN       pToken = *ppToken;
+    PACCESS_TOKEN       pToken = NULL;
     TOKEN_USER          user = {{0}};
     TOKEN_OWNER         owner = {0};
     PTOKEN_GROUPS       pGroups = {0};
@@ -88,9 +47,17 @@ VmDirSrvCreateAccessTokenWithEntry(
     TOKEN_PRIMARY_GROUP primaryGroup = {0};
     TOKEN_DEFAULT_DACL  dacl = {0};
     PSTR                pszObjectSid = NULL;
-    PSTR                pszBuildinUsersGroupSid = NULL;
+    PSTR                pszBuiltinUsersGroupSid = NULL;
+    PSTR                pszDomainClientsGroupSid = NULL;
     PCSTR               pszDomainDn = NULL;
-    unsigned int        i = 0;
+
+    if (!pEntry || !ppToken || !ppszObjectSid)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pToken = *ppToken;
 
     if (pToken)
     {
@@ -98,7 +65,8 @@ VmDirSrvCreateAccessTokenWithEntry(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGetObjectSidFromEntry(pEntry, &pszObjectSid, &user.User.Sid);
+    dwError = VmDirGetObjectSidFromEntry(
+            pEntry, &pszObjectSid, &user.User.Sid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     owner.Owner = user.User.Sid;
@@ -110,235 +78,278 @@ VmDirSrvCreateAccessTokenWithEntry(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDn, VMDIR_DOMAIN_ALIAS_RID_USERS, &pszBuildinUsersGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDn,
+            VMDIR_DOMAIN_ALIAS_RID_USERS,
+            &pszBuiltinUsersGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDn,
+            VMDIR_DOMAIN_CLIENTS_RID,
+            &pszDomainClientsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // The primary group should be built-in\Users for all users.
+    dwError = VmDirAllocateSidFromCString(
+            pszBuiltinUsersGroupSid, &primaryGroup.PrimaryGroup);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirBuildTokenGroups(
+            pEntry,
+            pszBuiltinUsersGroupSid,
+            pszDomainClientsGroupSid,
+            &pGroups);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // Primary groups should be built-in\Users not admins
-    dwError = VmDirAllocateSidFromCString(pszBuildinUsersGroupSid, &primaryGroup.PrimaryGroup);
+    dwError = VmDirCreateAccessToken(
+            &pToken,
+            &user,
+            pGroups,
+            &privileges,
+            &owner,
+            &primaryGroup,
+            &dacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirBuildTokenGroups(pEntry, pszBuildinUsersGroupSid, &pGroups);
+    *ppszObjectSid = pszObjectSid;
+    *ppToken = pToken;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
+    VMDIR_SAFE_FREE_MEMORY(primaryGroup.PrimaryGroup);
+    VMDIR_SAFE_FREE_MEMORY(pszBuiltinUsersGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainClientsGroupSid);
+    _VmDirFreeTokenGroups(pGroups);
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszObjectSid);
+    VmDirReleaseAccessToken(&pToken);
+    goto cleanup;
+}
+
+DWORD
+VmDirSrvCreateAccessTokenForWellKnowObject(
+    PACCESS_TOKEN*  ppToken,
+    PCSTR           pszWellknownObjectSid
+    )
+{
+    DWORD               dwError = ERROR_SUCCESS;
+    PACCESS_TOKEN       pToken = NULL;
+    TOKEN_USER          user = {{0}};
+    TOKEN_OWNER         owner = {0};
+    TOKEN_GROUPS        groups = {0};
+    TOKEN_PRIVILEGES    privileges = {0};
+    TOKEN_PRIMARY_GROUP primaryGroup = {0};
+    TOKEN_DEFAULT_DACL  dacl = {0};
+
+    dwError = VmDirAllocateSidFromCString(pszWellknownObjectSid, &user.User.Sid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateAccessToken(&pToken,
                                      &user,
-                                     pGroups,
+                                     &groups,
                                      &privileges,
                                      &owner,
                                      &primaryGroup,
                                      &dacl);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (ppszObjectSid)
-    {
-        *ppszObjectSid = pszObjectSid;
-        pszObjectSid = NULL;
-    }
     *ppToken = pToken;
 
 cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszObjectSid);
     VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
-    VMDIR_SAFE_FREE_MEMORY(primaryGroup.PrimaryGroup);
-    VMDIR_SAFE_FREE_MEMORY(pszBuildinUsersGroupSid);
-    if (pGroups)
-    {
-        for (i = 0; i < pGroups->GroupCount; i++)
-        {
-            VMDIR_SAFE_FREE_MEMORY(pGroups->Groups[i].Sid);
-        }
-        VmDirFreeMemory(pGroups);
-    }
 
     return dwError;
 
 error:
-    *ppToken = NULL; // TODO
+    *ppToken = NULL;
+
+    if (pToken)
+    {
+        VmDirReleaseAccessToken(&pToken);
+    }
 
-    VmDirReleaseAccessToken(&pToken);
     goto cleanup;
 }
 
+DWORD
+VmDirCreateAccessToken(
+    PACCESS_TOKEN*          AccessToken,
+    PTOKEN_USER             User,
+    PTOKEN_GROUPS           Groups,
+    PTOKEN_PRIVILEGES       Privileges,
+    PTOKEN_OWNER            Owner,
+    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
+    PTOKEN_DEFAULT_DACL     DefaultDacl
+    )
+{
+    return LwNtStatusToWin32Error(
+            RtlCreateAccessToken(
+                    AccessToken,
+                    User,
+                    Groups,
+                    Privileges,
+                    Owner,
+                    PrimaryGroup,
+                    DefaultDacl,
+                    NULL));
+}
 
 //
-// Builds up a list of all the groups this user is a member of. Note that all
-// known/authenticated users belong to the "Users" group (and the rest are
-// dictated by the "memberOf" attribute).
+// Builds up a list of all the groups this user is a member of. All users
+// (anyone who doesn't login anonymously) automatically are members of their
+// domain's "Users" group and the global "Authenticated Users" group. All other
+// memberships are explicit (dictated by the "memberOf" attribute).
 //
 static
 DWORD
 _VmDirBuildTokenGroups(
     PVDIR_ENTRY     pEntry,
     PCSTR           pszBuiltinUsersGroupSid,
-    PTOKEN_GROUPS * ppTokenGroups)
+    PCSTR           pszDomainClientsGroupSid,
+    PTOKEN_GROUPS*  ppTokenGroups
+    )
 {
-    DWORD               dwError = ERROR_SUCCESS;
-    PVDIR_ATTRIBUTE     pMemberOfAttr = NULL;
-    unsigned int        i = 0;
-    PVDIR_ENTRY         pGroupEntry = NULL;
-    VDIR_OPERATION      searchOp = {0};
-    BOOLEAN             bHasTxn = FALSE;
-    PTOKEN_GROUPS       pLocalTokenGroups = NULL;
-    DWORD               dwGroupCount = 0;
-
-    if ( pEntry == NULL || ppTokenGroups == NULL )
+    DWORD   dwError = ERROR_SUCCESS;
+    DWORD   dwAllDefaultGroupCount = 0;
+    DWORD   dwComputerDefaultGroupCount = 0;
+    DWORD   dwEntryGroupCount = 0;
+    DWORD   dwTotalGroupCount = 0;
+    DWORD   i = 0, j = 0;
+    BOOLEAN bHasTxn = FALSE;
+    BOOLEAN bIsComputer = FALSE;
+    VDIR_OPERATION  searchOp = {0};
+    PVDIR_ATTRIBUTE pMemberOfAttr = NULL;
+    PVDIR_ENTRY     pGroupEntry = NULL;
+    PTOKEN_GROUPS   pTokenGroups = NULL;
+    PCSTR   ppszAllDefaultGroups[] = {pszBuiltinUsersGroupSid, VMDIR_AUTHENTICATED_USER_SID};
+    PCSTR   ppszComputerDefaultGroups[] = {pszDomainClientsGroupSid};
+
+    if (!pEntry || !ppTokenGroups || IsNullOrEmptyString(pszBuiltinUsersGroupSid))
     {
         dwError =  VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirInitStackOperation( &searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, NULL );
+    dwError = VmDirInitStackOperation(
+            &searchOp, VDIR_OPERATION_TYPE_INTERNAL, LDAP_REQ_SEARCH, NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     searchOp.pBEIF = VmDirBackendSelect(NULL);
 
-    // start txn
-    dwError = searchOp.pBEIF->pfnBETxnBegin( searchOp.pBECtx, VDIR_BACKEND_TXN_READ );
+    // begin txn
+    dwError = searchOp.pBEIF->pfnBETxnBegin(searchOp.pBECtx, VDIR_BACKEND_TXN_READ);
     BAIL_ON_VMDIR_ERROR(dwError);
-
     bHasTxn = TRUE;
 
-    dwError = VmDirBuildMemberOfAttribute( &searchOp, pEntry, &pMemberOfAttr );
+    dwError = VmDirBuildMemberOfAttribute(&searchOp, pEntry, &pMemberOfAttr);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (pMemberOfAttr != NULL)
-    {
-        dwGroupCount = pMemberOfAttr->numVals + 1;
-    }
-    else
-    {
-        dwGroupCount = 1;
-    }
-
-    // SJ-TBD: Do we need to align the address??
-    dwError = VmDirAllocateMemory( sizeof(TOKEN_GROUPS) +
-                                   (sizeof(SID_AND_ATTRIBUTES) * dwGroupCount),
-                                   (PVOID*)&pLocalTokenGroups );
+    // commit txn
+    dwError = searchOp.pBEIF->pfnBETxnCommit(searchOp.pBECtx);
     BAIL_ON_VMDIR_ERROR(dwError);
+    bHasTxn = FALSE;
 
-    dwError = VmDirAllocateSidFromCString(
-                pszBuiltinUsersGroupSid,
-                &pLocalTokenGroups->Groups[0].Sid);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    bIsComputer = VmDirEntryIsObjectclass(pEntry, OC_COMPUTER);
+
+    dwAllDefaultGroupCount = VMDIR_ARRAY_SIZE(ppszAllDefaultGroups);
+    dwComputerDefaultGroupCount = VMDIR_ARRAY_SIZE(ppszComputerDefaultGroups);
+    dwComputerDefaultGroupCount = bIsComputer ? dwComputerDefaultGroupCount : 0;
+    dwEntryGroupCount = pMemberOfAttr ? pMemberOfAttr->numVals : 0;
 
-    // SJ-TBD: should be set on the basis of status of the group??
-    pLocalTokenGroups->Groups[0].Attributes = SE_GROUP_ENABLED;
+    dwTotalGroupCount =
+            dwAllDefaultGroupCount +
+            dwComputerDefaultGroupCount +
+            dwEntryGroupCount;
 
-    pLocalTokenGroups->GroupCount = dwGroupCount;
+    dwError = VmDirAllocateMemory(
+            sizeof(TOKEN_GROUPS) +
+            (sizeof(SID_AND_ATTRIBUTES) * dwTotalGroupCount),
+            (PVOID*)&pTokenGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pTokenGroups->GroupCount = dwTotalGroupCount;
 
-    if (pMemberOfAttr)
+    for (i = 0; i < dwAllDefaultGroupCount; i++, j++)
     {
-        for (i = 0; i < pMemberOfAttr->numVals; i++)
-        {
-            if ((dwError = VmDirSimpleDNToEntry(pMemberOfAttr->vals[i].lberbv.bv_val, &pGroupEntry)) != 0)
-            {
-                // may be deleted in the meanwhile
+        dwError = VmDirAllocateSidFromCString(
+                ppszAllDefaultGroups[i],
+                &pTokenGroups->Groups[j].Sid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pTokenGroups->Groups[j].Attributes = SE_GROUP_ENABLED;
+    }
 
-                VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL,
-                                   "_VmDirBuildTokenGroups() memmberOf entry (%s) not found, error code (%d)",
-                                   pMemberOfAttr->vals[i].lberbv.bv_val, dwError );
-                continue;
-            }
+    for (i = 0; i < dwComputerDefaultGroupCount; i++, j++)
+    {
+        dwError = VmDirAllocateSidFromCString(
+                ppszComputerDefaultGroups[i],
+                &pTokenGroups->Groups[j].Sid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pTokenGroups->Groups[j].Attributes = SE_GROUP_ENABLED;
+    }
 
-            dwError = VmDirGetObjectSidFromEntry(pGroupEntry, NULL, &pLocalTokenGroups->Groups[i + 1].Sid);
-            BAIL_ON_VMDIR_ERROR(dwError);
+    for (i = 0; i < dwEntryGroupCount; i++, j++)
+    {
+        dwError = VmDirSimpleDNToEntry(
+                pMemberOfAttr->vals[i].lberbv.bv_val, &pGroupEntry);
+        if (dwError)
+        {
+            // may be deleted in the meanwhile
+            VMDIR_LOG_WARNING(
+                    VMDIR_LOG_MASK_ALL,
+                    "_VmDirBuildTokenGroups() memmberOf entry (%s) not found, error code (%d)",
+                    pMemberOfAttr->vals[i].lberbv.bv_val,
+                    dwError);
+            continue;
+        }
 
-            // SJ-TBD: should be set on the basis of status of the group??
-            pLocalTokenGroups->Groups[i + 1].Attributes = SE_GROUP_ENABLED;
+        dwError = VmDirGetObjectSidFromEntry(
+                pGroupEntry, NULL, &pTokenGroups->Groups[j].Sid);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pTokenGroups->Groups[j].Attributes = SE_GROUP_ENABLED;
 
-            VmDirFreeEntry(pGroupEntry);
-            pGroupEntry = NULL;
-        }
+        VmDirFreeEntry(pGroupEntry);
+        pGroupEntry = NULL;
     }
 
-    *ppTokenGroups = pLocalTokenGroups;
+    *ppTokenGroups = pTokenGroups;
 
 cleanup:
     VmDirFreeAttribute(pMemberOfAttr);
-    if (pGroupEntry)
-    {
-        VmDirFreeEntry(pGroupEntry);
-    }
-    if (bHasTxn)
-    {
-        searchOp.pBEIF->pfnBETxnCommit( searchOp.pBECtx);
-    }
+    VmDirFreeEntry(pGroupEntry);
     VmDirFreeOperationContent(&searchOp);
-
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirBuildTokenGroups() failed, entry DN (%s), error code (%d)",
-                     pEntry ? pEntry->dn.lberbv.bv_val : "NULL", dwError );
-
-    VMDIR_SAFE_FREE_MEMORY(pLocalTokenGroups);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "_VmDirBuildTokenGroups() failed, entry DN (%s), error code (%d)",
+            pEntry ? pEntry->dn.lberbv.bv_val : "NULL",
+            dwError);
 
+    if (bHasTxn)
+    {
+        searchOp.pBEIF->pfnBETxnAbort(searchOp.pBECtx);
+    }
+    _VmDirFreeTokenGroups(pTokenGroups);
     goto cleanup;
 }
 
-DWORD
-VmDirSrvCreateAccessTokenForWellKnowObject(
-    PACCESS_TOKEN * ppToken,
-    PCSTR            pszWellknownObjectSid
+static
+VOID
+_VmDirFreeTokenGroups(
+    PTOKEN_GROUPS   pGroups
     )
 {
-    DWORD               dwError = ERROR_SUCCESS;
-    PACCESS_TOKEN       pToken = NULL;
-    TOKEN_USER          user = {{0}};
-    TOKEN_OWNER         owner = {0};
-    TOKEN_GROUPS        groups = {0};
-    TOKEN_PRIVILEGES    privileges = {0};
-    TOKEN_PRIMARY_GROUP primaryGroup = {0};
-    TOKEN_DEFAULT_DACL  dacl = {0};
-
-    dwError = VmDirAllocateSidFromCString(pszWellknownObjectSid, &user.User.Sid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirCreateAccessToken(&pToken,
-                                     &user,
-                                     &groups,
-                                     &privileges,
-                                     &owner,
-                                     &primaryGroup,
-                                     &dacl);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppToken = pToken;
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(user.User.Sid);
-
-    return dwError;
+    DWORD i = 0;
 
-error:
-    *ppToken = NULL;
-
-    if (pToken)
+    if (pGroups)
     {
-        VmDirReleaseAccessToken(&pToken);
+        for (i = 0; i < pGroups->GroupCount; i++)
+        {
+            VMDIR_SAFE_FREE_MEMORY(pGroups->Groups[i].Sid);
+        }
+        VMDIR_SAFE_FREE_MEMORY(pGroups);
     }
-
-    goto cleanup;
-}
-
-DWORD
-VmDirCreateAccessToken(
-    PACCESS_TOKEN *         AccessToken,
-    PTOKEN_USER             User,
-    PTOKEN_GROUPS           Groups,
-    PTOKEN_PRIVILEGES       Privileges,
-    PTOKEN_OWNER            Owner,
-    PTOKEN_PRIMARY_GROUP    PrimaryGroup,
-    PTOKEN_DEFAULT_DACL     DefaultDacl
-    )
-{
-    return LwNtStatusToWin32Error(RtlCreateAccessToken(
-                                   AccessToken,
-                                   User,
-                                   Groups,
-                                   Privileges,
-                                   Owner,
-                                   PrimaryGroup,
-                                   DefaultDacl,
-                                   NULL));
 }
diff --git a/vmdir/server/backend/Makefile.am b/vmdir/server/backend/Makefile.am
index 8b186cd00..d2e68dc35 100644
--- a/vmdir/server/backend/Makefile.am
+++ b/vmdir/server/backend/Makefile.am
@@ -15,15 +15,15 @@ libbackend_la_SOURCES = \
     util.c
 
 libbackend_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libbackend_la_LDFLAGS = \
     -static
-
diff --git a/vmdir/server/backend/includes.h b/vmdir/server/backend/includes.h
index 55d54b2e6..2ce6ef8cb 100644
--- a/vmdir/server/backend/includes.h
+++ b/vmdir/server/backend/includes.h
@@ -49,7 +49,6 @@
 #include <ldaphead.h>
 
 #include <backend.h>
-
 #include <mdbstore.h>
 
 //#include "defines.h"
@@ -92,7 +91,6 @@
 #include <ldaphead.h>
 
 #include <backend.h>
-
 #include <mdbstore.h>
 
 #include "structs.h"
diff --git a/vmdir/server/backend/util.c b/vmdir/server/backend/util.c
index 8fa81d00c..53b2199b4 100644
--- a/vmdir/server/backend/util.c
+++ b/vmdir/server/backend/util.c
@@ -27,7 +27,10 @@ VmDirSimpleNormDNToEntry(
     PVDIR_BACKEND_INTERFACE pBE = NULL;
     PVDIR_SCHEMA_CTX        pSchemaCtx = NULL;
 
-    assert(pszNormDN && ppEntry);
+    if (IsNullOrEmptyString(pszNormDN) || !ppEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
     pBE = VmDirBackendSelect(NULL);
     assert(pBE);
@@ -76,7 +79,10 @@ VmDirSimpleDNToEntry(
     VDIR_BERVALUE           bvDn = VDIR_BERVALUE_INIT;
     PVDIR_SCHEMA_CTX        pSchemaCtx = NULL;
 
-    assert(pszDN && ppEntry);
+    if (IsNullOrEmptyString(pszDN) || !ppEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
 
     pBE = VmDirBackendSelect(NULL);
     assert(pBE);
diff --git a/vmdir/server/common/Makefile.am b/vmdir/server/common/Makefile.am
index 0b70fa6c5..32ea46f77 100644
--- a/vmdir/server/common/Makefile.am
+++ b/vmdir/server/common/Makefile.am
@@ -22,16 +22,17 @@ libsrvcommon_la_SOURCES = \
     vmdirtoldaperror.c
 
 libsrvcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/thirdparty \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmdir/thirdparty \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
diff --git a/vmdir/server/common/candidates.c b/vmdir/server/common/candidates.c
index 8a86638ae..2d8e8b2dd 100644
--- a/vmdir/server/common/candidates.c
+++ b/vmdir/server/common/candidates.c
@@ -363,6 +363,20 @@ OrFilterResults(
     VmDirLog( LDAP_DEBUG_TRACE, "OrFilterResults: End" );
 }
 
+VOID
+VmDirSortCandidateList(
+    VDIR_CANDIDATES *  pCl
+    )
+{
+    if (pCl && pCl->eIdsSorted == FALSE)
+    {
+        qsort ( pCl->eIds, pCl->size, sizeof( ENTRYID ), _VmDirCompareEntryIds );
+        pCl->eIdsSorted = TRUE;
+    }
+
+    return;
+}
+
 /* IntersectCandidates: Intersect 2 +ve candidates lists.
  *
  */
diff --git a/vmdir/server/common/util.c b/vmdir/server/common/util.c
index a128d46f3..3c4d06f0c 100644
--- a/vmdir/server/common/util.c
+++ b/vmdir/server/common/util.c
@@ -460,6 +460,16 @@ VmDirSrvCreateServerObj(
     switch (dwError)
     {
         case VMDIR_SUCCESS:
+
+            assert(gVmdirServerGlobals.bvDCClientGroupDN.lberbv_val);
+
+            // allow DCClients group to read site container (to get siteGUID during client join)
+            dwError = VmDirAppendAllowAceForDn(
+                        siteContainerDN.lberbv.bv_val,
+                        gVmdirServerGlobals.bvDCClientGroupDN.lberbv_val,
+                        VMDIR_RIGHT_DS_READ_PROP);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
             // Create Servers container
             dwError = VmDirSrvCreateContainer( pSchemaCtx, serversContainerDN.lberbv.bv_val, pszServersContainerName );
             BAIL_ON_VMDIR_ERROR(dwError);
@@ -597,14 +607,14 @@ VmDirSrvCreateDomain(
     )
 {
     DWORD   dwError = 0;
-    char    pszDomainCompName[MAX_DOMAIN_COMPONENT_VALUE_LEN];
+    char    pszObjDC[MAX_DOMAIN_COMPONENT_VALUE_LEN];
     PSTR    ppszDomainAttrs[] =
     {
         ATTR_OBJECT_CLASS,              OC_TOP,
         ATTR_OBJECT_CLASS,              OC_DC_OBJECT,
         ATTR_OBJECT_CLASS,              OC_DOMAIN,
         ATTR_OBJECT_CLASS,              OC_DOMAIN_DNS,
-        ATTR_DOMAIN_COMPONENT,          (PSTR)pszDomainCompName,
+        ATTR_DOMAIN_COMPONENT,          (PSTR)pszObjDC,
         ATTR_DOMAIN_FUNCTIONAL_LEVEL,   VDIR_DOMAIN_FUNCTIONAL_LEVEL,
         NULL
     };
@@ -614,27 +624,43 @@ VmDirSrvCreateDomain(
     int     startOfRdnValInd = 0;
     int     endOfRdnValInd = 0;
     int     rdnValLen = 0;
+    PSTR    pszObjDN = 0;
 
-    for (i = endOfRdnValInd = domainDNLen - 1; i >= 0; i-- )
+    for (i = endOfRdnValInd = domainDNLen - 1; i >= 0; i--)
     {
         if (i == 0 || pszDomainDN[i] == RDN_SEPARATOR_CHAR)
         {
             startOfRdnInd = (i == 0) ? 0 : i + 1 /* for , */;
             startOfRdnValInd = startOfRdnInd + ATTR_DOMAIN_COMPONENT_LEN + 1 /* for = */;
             rdnValLen = endOfRdnValInd - startOfRdnValInd + 1;
+            pszObjDN = (PSTR)pszDomainDN + startOfRdnInd;
 
-            dwError = VmDirStringNCpyA( pszDomainCompName, MAX_DOMAIN_COMPONENT_VALUE_LEN,
-                                        pszDomainDN + startOfRdnValInd, rdnValLen );
+            dwError = VmDirStringNCpyA(
+                    pszObjDC,
+                    MAX_DOMAIN_COMPONENT_VALUE_LEN,
+                    pszObjDN + ATTR_DOMAIN_COMPONENT_LEN + 1,
+                    rdnValLen);
             BAIL_ON_VMDIR_ERROR(dwError);
 
-            pszDomainCompName[rdnValLen] = '\0';
+            pszObjDC[rdnValLen] = '\0';
+
+            dwError = VmDirSimpleEntryCreate(
+                    pSchemaCtx, ppszDomainAttrs, pszObjDN, 0);
 
-            dwError = VmDirSimpleEntryCreate( pSchemaCtx, ppszDomainAttrs, (PSTR)pszDomainDN + startOfRdnInd, 0 );
             if (dwError == VMDIR_ERROR_BACKEND_ENTRY_EXISTS ||
                 dwError == VMDIR_ERROR_ENTRY_ALREADY_EXIST)
-            {   // pass through if parent exists
+            {
+                // pass through if parent exists
                 dwError = VMDIR_SUCCESS;
             }
+            else if (dwError == 0)
+            {
+                // remove SD for new domain objects - its should be set
+                // properly after the whole domain tree is created
+                dwError = VmDirSimpleEntryDeleteAttribute(
+                        pszObjDN, ATTR_OBJECT_SECURITY_DESCRIPTOR);
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
             BAIL_ON_VMDIR_ERROR(dwError);
 
             endOfRdnValInd = i - 1;
@@ -1278,3 +1304,104 @@ VmDirOperationTypeToName(
 
     return pszName;
 }
+
+/*
+ * Compare Attribute lberbv value only, no attribute normalization is done.
+ * Used in replication conflict resolution to suppress benign warning log.
+ *
+ * Should NOT be used as attribute semantics comparison.
+ */
+BOOLEAN
+VmDirIsSameConsumerSupplierEntryAttr(
+    PVDIR_ATTRIBUTE pAttr,
+    PVDIR_ENTRY     pSrcEntry,
+    PVDIR_ENTRY     pDstEntry
+    )
+{
+    BOOLEAN         bIsSameAttr = TRUE;
+    DWORD           dwError = 0;
+    PVDIR_ATTRIBUTE pSrcAttr = NULL;
+    PVDIR_ATTRIBUTE pDstAttr = NULL;
+    unsigned        i = 0;
+    unsigned        j = 0;
+
+    if (!pAttr || !pSrcEntry || !pDstEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    pSrcAttr = VmDirFindAttrByName(pSrcEntry, pAttr->type.lberbv_val);
+    pDstAttr = VmDirFindAttrByName(pDstEntry, pAttr->type.lberbv_val);
+
+    if (pSrcAttr && pDstAttr && pSrcAttr->numVals == pDstAttr->numVals)
+    {
+        for (i=0; bIsSameAttr && i < pSrcAttr->numVals; i++)
+        {
+             for (j = 0; j < pDstAttr->numVals; j++)
+             {
+                 if (pSrcAttr->vals[i].lberbv_len == pDstAttr->vals[j].lberbv_len &&
+                     memcmp( pSrcAttr->vals[i].lberbv_val, pDstAttr->vals[j].lberbv_val, pSrcAttr->vals[i].lberbv_len) == 0
+                    )
+                 {
+                     break;
+                 }
+             }
+
+             if (j == pDstAttr->numVals)
+             {
+                 bIsSameAttr = FALSE;
+             }
+        }
+    }
+    else
+    {
+        bIsSameAttr = FALSE;
+    }
+
+error:
+    return bIsSameAttr && dwError==0;
+}
+
+/*
+ * Sort function -
+ * Array of PVDIR_BERVALUE
+ */
+int
+VmDirPVdirBValCmp(
+    const void *p1,
+    const void *p2
+    )
+{
+
+    PVDIR_BERVALUE* ppBV1 = (PVDIR_BERVALUE*) p1;
+    PVDIR_BERVALUE* ppBV2 = (PVDIR_BERVALUE*) p2;
+
+    if ((ppBV1 == NULL || *ppBV1 == NULL) &&
+        (ppBV2 == NULL || *ppBV2 == NULL))
+    {
+        return 0;
+    }
+
+    if (ppBV1 == NULL || *ppBV1 == NULL)
+    {
+        return -1;
+    }
+
+    if (ppBV2 == NULL || *ppBV2 == NULL)
+    {
+        return 1;
+    }
+
+    if ( (*ppBV1)->lberbv_len > (*ppBV2)->lberbv_len )
+    {
+        return -1;
+    }
+    else if ( (*ppBV1)->lberbv_len < (*ppBV2)->lberbv_len )
+    {
+        return 1;
+    }
+    else
+    {
+        return memcmp((*ppBV1)->lberbv_val, (*ppBV2)->lberbv_val, (*ppBV1)->lberbv_len);
+    }
+}
diff --git a/vmdir/server/common/vmafdlib.c b/vmdir/server/common/vmafdlib.c
index cbafaa697..515116427 100644
--- a/vmdir/server/common/vmafdlib.c
+++ b/vmdir/server/common/vmafdlib.c
@@ -12,34 +12,20 @@
  * under the License.
  */
 
-/*
- * Module Name: Directory ldap head
- *
- * Filename: vesc.c
- *
- * Abstract:
- *
- * VECS integration to get SSL cert
- *
- */
-
 #include "includes.h"
 
-#ifndef _WIN32
-#include <dlfcn.h>
-#endif
-
-// WARNING, WARNING, WARNING. It is awkward to get VECS headers via source tree structure.
-#include "../../../vmafd/include/public/vmafdtypes.h"
-#include "../../../vmafd/include/public/vmafd.h"
-#include "../../../vmafd/include/public/vecsclient.h"
-
 #ifdef _WIN32
 
 #define VMAFD_VECS_CLIENT_LIBRARY   "\\libvmafdclient.dll"
 #define VMAFD_KEY_ROOT              VMAFD_CONFIG_SOFTWARE_KEY_PATH
 #define VMAFD_LIB_KEY               VMDIR_REG_KEY_INSTALL_PATH
 
+#elif LIGHTWAVE_BUILD
+
+#define VMAFD_VECS_CLIENT_LIBRARY   "/libvmafdclient.so"
+#define VMAFD_KEY_ROOT              VMAFD_CONFIG_KEY_ROOT
+#define VMAFD_LIB_KEY               VMAFD_REG_KEY_PATH
+
 #else
 
 #define VMAFD_VECS_CLIENT_LIBRARY   "/lib64/libvmafdclient.so"
@@ -54,37 +40,53 @@ VmDirOpenVmAfdClientLib(
     )
 {
     DWORD   dwError = 0;
-    VMDIR_LIB_HANDLE plibHandle = NULL;
-#ifdef _WIN32
-    CHAR    pszRegLibPath[VMDIR_MAX_PATH_LEN] = WIN_SYSTEM32_PATH;
-#else
     CHAR    pszRegLibPath[VMDIR_MAX_PATH_LEN] = {0};
-#endif
-    PSTR    pszVmafdName = NULL;
     PSTR    pszVmafdLibPath = NULL;
+    VMDIR_LIB_HANDLE    plibHandle = NULL;
+
+#ifdef _WIN32
+
+    dwError = VmDirStringCpyA(
+            pszRegLibPath,
+            VMDIR_MAX_PATH_LEN,
+            WIN_SYSTEM32_PATH);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+#elif LIGHTWAVE_BUILD
+
+    dwError = VmDirStringCpyA(
+            pszRegLibPath,
+            VMDIR_MAX_PATH_LEN,
+            VMDIR_LIB_DIR);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
-#ifndef _WIN32
-    dwError = VmDirGetRegKeyValue( VMAFD_KEY_ROOT,
-                                   VMAFD_LIB_KEY,
-                                   pszRegLibPath,
-                                   sizeof(pszRegLibPath)-1);
+#else
+
+    PSTR pszVmafdName = NULL;
+
+    dwError = VmDirGetRegKeyValue(
+            VMAFD_KEY_ROOT,
+            VMAFD_LIB_KEY,
+            pszRegLibPath,
+            sizeof(pszRegLibPath) - 1);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // find the first vmafd in path key "/usr/lib/vmware-vmafd/...."
     pszVmafdName = strstr(pszRegLibPath, VMAFD_NAME);
-    if (pszVmafdName == NULL)
-    {
-        dwError = VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        pszVmafdName[strlen(VMAFD_NAME)] = '\0';
-    }
+
+    dwError = pszVmafdName ? 0 : VMDIR_ERROR_NO_SUCH_FILE_OR_DIRECTORY;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszVmafdName[strlen(VMAFD_NAME)] = '\0';
+
 #endif
 
     // construct full path to libvmafdclient
-    dwError = VmDirAllocateStringPrintf( &pszVmafdLibPath, "%s%s",pszRegLibPath, VMAFD_VECS_CLIENT_LIBRARY);
+    dwError = VmDirAllocateStringPrintf(
+            &pszVmafdLibPath,
+            "%s%s",
+            pszRegLibPath,
+            VMAFD_VECS_CLIENT_LIBRARY);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirLoadLibrary(pszVmafdLibPath, &plibHandle);
@@ -94,7 +96,6 @@ VmDirOpenVmAfdClientLib(
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pszVmafdLibPath);
-
     return dwError;
 
 error:
diff --git a/vmdir/server/common/vmdirentry.c b/vmdir/server/common/vmdirentry.c
index 8f8553969..5bd61a3f3 100644
--- a/vmdir/server/common/vmdirentry.c
+++ b/vmdir/server/common/vmdirentry.c
@@ -962,56 +962,38 @@ VmDirFreeBervalContent(
 
 DWORD
 VmDirCreateTransientSecurityDescriptor(
-    BOOL bAllowAnonymousRead,
-    PVMDIR_SECURITY_DESCRIPTOR pvsd
+    BOOLEAN                     bAllowAnonymousRead,
+    PVMDIR_SECURITY_DESCRIPTOR  pvsd
     )
 {
-    DWORD dwError = 0;
-    PSTR pszDomainDN = NULL;
-    PSTR pszAdminsGroupSid = NULL;
-    PSTR pszDomainAdminsGroupSid = NULL;
-    PSTR pszDomainClientsGroupSid = NULL;
-    PSTR pszUsersGroupSid = NULL;
-    VMDIR_SECURITY_DESCRIPTOR SecDesc = {0};
+    DWORD   dwError = 0;
+    PSTR    pszDomainDN = NULL;
+    PSTR    pszAdminsGroupSid = NULL;
+    PSTR    pszDomainAdminsGroupSid = NULL;
+    VMDIR_SECURITY_DESCRIPTOR   SecDesc = {0};
 
     pszDomainDN = BERVAL_NORM_VAL(gVmdirServerGlobals.systemDomainDN);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_ADMINS,
-                                        &pszAdminsGroupSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ADMINS_RID,
-                                        &pszDomainAdminsGroupSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_CLIENTS_RID,
-                                        &pszDomainClientsGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN, VMDIR_DOMAIN_ALIAS_RID_ADMINS, &pszAdminsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_USERS,
-                                        &pszUsersGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN, VMDIR_DOMAIN_ADMINS_RID, &pszDomainAdminsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-
-    //
     // Create default security descriptor for internally-created entries.
-    //
     dwError = VmDirSrvCreateSecurityDescriptor(
-                VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT,
-                BERVAL_NORM_VAL(gVmdirServerGlobals.bvDefaultAdminDN),
-                pszAdminsGroupSid,
-                pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
-                FALSE,
-                bAllowAnonymousRead,
-                FALSE,
-                FALSE,
-                &SecDesc);
+            VMDIR_ENTRY_ALL_ACCESS_NO_DELETE_CHILD_BUT_DELETE_OBJECT,
+            BERVAL_NORM_VAL(gVmdirServerGlobals.bvDefaultAdminDN),
+            pszAdminsGroupSid,
+            pszDomainAdminsGroupSid,
+            FALSE,
+            bAllowAnonymousRead,
+            bAllowAnonymousRead,
+            FALSE,
+            FALSE,
+            &SecDesc);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     pvsd->pSecDesc = SecDesc.pSecDesc;
@@ -1021,9 +1003,8 @@ VmDirCreateTransientSecurityDescriptor(
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszAdminsGroupSid);
     VMDIR_SAFE_FREE_STRINGA(pszDomainAdminsGroupSid);
-    VMDIR_SAFE_FREE_STRINGA(pszDomainClientsGroupSid);
-    VMDIR_SAFE_FREE_STRINGA(pszUsersGroupSid);
     return dwError;
+
 error:
     goto cleanup;
 }
@@ -1043,27 +1024,18 @@ VmDirAttrListToNewEntry(
 
     assert(pSchemaCtx && pszDN && ppszAttrList && ppEntry);
 
-    dwError = VmDirAllocateMemory(
-        sizeof(VDIR_ENTRY),
-        (PVOID*)&pEntry);
+    dwError = VmDirAllocateMemory(sizeof(VDIR_ENTRY), (PVOID*)&pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = AttrListToEntry(
-        pSchemaCtx,
-        pszDN,
-        ppszAttrList,
-        pEntry);
+    dwError = AttrListToEntry(pSchemaCtx, pszDN, ppszAttrList, pEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateTransientSecurityDescriptor(
-                bAllowAnonymousRead,
-                &vsd);
+            bAllowAnonymousRead, &vsd);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirEntryCacheSecurityDescriptor(
-                pEntry,
-                vsd.pSecDesc,
-                vsd.ulSecDesc);
+            pEntry, vsd.pSecDesc, vsd.ulSecDesc);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppEntry = pEntry;
@@ -1073,12 +1045,7 @@ VmDirAttrListToNewEntry(
     return dwError;
 
 error:
-
-    if (pEntry)
-    {
-        VmDirFreeEntry(pEntry);
-    }
-
+    VmDirFreeEntry(pEntry);
     goto cleanup;
 }
 
@@ -1483,3 +1450,51 @@ VmDirDeleteEntry(
 error:
     goto cleanup;
 }
+
+DWORD
+VmDirSimpleEntryDeleteAttribute(
+    PCSTR   pszDN,
+    PCSTR   pszAttr
+    )
+{
+    DWORD   dwError = 0;
+    size_t  dnlen = 0;
+    size_t  attrlen = 0;
+    VDIR_OPERATION  ldapOp = {0};
+
+    if (IsNullOrEmptyString(pszDN) || IsNullOrEmptyString(pszAttr))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirInitStackOperation(
+            &ldapOp,
+            VDIR_OPERATION_TYPE_INTERNAL,
+            LDAP_REQ_MODIFY,
+            NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dnlen = VmDirStringLenA(pszDN);
+    attrlen = VmDirStringLenA(pszAttr);
+
+    ldapOp.pBEIF = VmDirBackendSelect(NULL);
+    ldapOp.reqDn.lberbv_val = (PSTR)pszDN;
+    ldapOp.reqDn.lberbv_len = dnlen;
+
+    ldapOp.request.modifyReq.dn.lberbv_val = ldapOp.reqDn.lberbv_val;
+    ldapOp.request.modifyReq.dn.lberbv_len = ldapOp.reqDn.lberbv_len;
+
+    dwError = VmDirAppendAMod(
+            &ldapOp, MOD_OP_DELETE, pszAttr, attrlen, NULL, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirInternalModifyEntry(&ldapOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VmDirFreeOperationContent(&ldapOp);
+    return dwError;
+
+error:
+    goto cleanup;
+}
diff --git a/vmdir/server/include/backend.h b/vmdir/server/include/backend.h
index 2627cab47..d71231075 100644
--- a/vmdir/server/include/backend.h
+++ b/vmdir/server/include/backend.h
@@ -99,6 +99,15 @@ typedef struct _VDIR_BACKEND_PARENT_ID_INDEX_ITERATOR
 
 } VDIR_BACKEND_PARENT_ID_INDEX_ITERATOR, *PVDIR_BACKEND_PARENT_ID_INDEX_ITERATOR;
 
+typedef struct _VDIR_BACKEND_ENTRYBLOB_ITERATOR
+{
+    PVOID   pIterator;
+    BOOLEAN bHasNext;
+    ENTRYID startEID;
+    ENTRYID maxEID;
+
+} VDIR_BACKEND_ENTRYBLOB_ITERATOR, *PVDIR_BACKEND_ENTRYBLOB_ITERATOR;
+
 typedef struct _VDIR_BACKEND_USN_LIST*          PVDIR_BACKEND_USN_LIST;
 
 /*
@@ -381,6 +390,33 @@ typedef VOID (*PFN_BACKEND_PARENT_ID_INDEX_ITERATOR_FREE)(
                     PVDIR_BACKEND_PARENT_ID_INDEX_ITERATOR  pIterator
                     );
 
+/*
+ * Initialize blob table iterator
+ * return error -
+ * ERROR_BACKEND_ERROR:             all others
+ */
+typedef DWORD (*PFN_BACKEND_ENTRYBLOB_ITERATOR_INIT)(
+                    ENTRYID                             eId,
+                    PVDIR_BACKEND_ENTRYBLOB_ITERATOR*   ppIterator
+                    );
+/*
+ * Iterate eid in the blob table
+ * return error -
+ * ERROR_BACKEND_ERROR:             all others
+ */
+typedef DWORD (*PFN_BACKEND_ENTRYBLOB_ITERATE)(
+                    PVDIR_BACKEND_ENTRYBLOB_ITERATOR    pIterator,
+                    ENTRYID*                            pEntryId
+                    );
+/*
+ * Free blob table iterator
+ * return error -
+ * ERROR_BACKEND_ERROR:             all others
+ */
+typedef VOID (*PFN_BACKEND_ENTRYBLOB_ITERATOR_FREE)(
+                    PVDIR_BACKEND_ENTRYBLOB_ITERATOR  pIterator
+                    );
+
 /*
  * Shutdown backend
  * return error -
@@ -549,6 +585,22 @@ typedef struct _VDIR_BACKEND_INTERFACE
      */
     PFN_BACKEND_PARENT_ID_INDEX_ITERATOR_FREE   pfnBEParentIdIndexIteratorFree;
 
+    //////////////////////////////////////////////////////////////////////
+    // EntryBlob iterator
+    //////////////////////////////////////////////////////////////////////
+    /*
+     * initialize blob table enumerator
+     */
+    PFN_BACKEND_ENTRYBLOB_ITERATOR_INIT   pfnBEEntryBlobIteratorInit;
+    /*
+     * enumerate eid  in the blob table
+     */
+    PFN_BACKEND_ENTRYBLOB_ITERATE         pfnBEEntryBlobIterate;
+    /*
+     * Free blob table enumerator
+     */
+    PFN_BACKEND_ENTRYBLOB_ITERATOR_FREE   pfnBEEntryBlobIteratorFree;
+
     //////////////////////////////////////////////////////////////////////
     // transaction related functions
     // NO nested transaction support currently.
@@ -810,16 +862,6 @@ VmDirBackendRemoveOutstandingUSN(
     PVDIR_BACKEND_CTX      pBECtx
     );
 
-DWORD
-VmDirBackendAddOriginatingUSN(
-    PVDIR_BACKEND_CTX      pBECtx
-    );
-
-VOID
-VmDirBackendRemoveOriginatingUSN(
-    PVDIR_BACKEND_CTX      pBECtx
-    );
-
 DWORD
 VmDirBackendUniqKeyGetValue(
     PCSTR       pKey,
diff --git a/vmdir/server/include/ldaphead.h b/vmdir/server/include/ldaphead.h
index 2582ef965..e9547fcd6 100644
--- a/vmdir/server/include/ldaphead.h
+++ b/vmdir/server/include/ldaphead.h
@@ -80,6 +80,12 @@ VmDirDeleteConnection(
     VDIR_CONNECTION **  conn
     );
 
+DWORD
+VmDirWhichAddressPresent(
+    BOOLEAN *pIPV4AddressPresent,
+    BOOLEAN *pIPV6AddressPresent
+    );
+
 // controls.c
 void
 DeleteControls(
@@ -112,11 +118,23 @@ WritePagedSearchDoneControl(
 int
 WriteSyncStateControl(
    VDIR_OPERATION *   op,
-   VDIR_ATTRIBUTE *   pAttr,
+   VDIR_ENTRY *       pEntry,
    BerElement *       ber,
    PSTR*              ppszErrorMsg
    );
 
+int
+VmDirCreateDigestControlContent(
+    PCSTR           pszDigest,
+    DWORD           dwDigestLen,
+    LDAPControl*    pDigestCtrl
+    );
+
+VOID
+VmDirDeleteDigestControlContent(
+    LDAPControl*    pDigestCtrl
+    );
+
 // delete.c
 int
 VmDirPerformDelete(
@@ -196,12 +214,12 @@ VmDirFreeOperation(
 // result.c
 void
 VmDirSendLdapResult(
-   VDIR_OPERATION *   op
-   );
+    PVDIR_OPERATION pOperation
+    );
 
 VOID
 VmDirSendSASLBindResponse(
-    PVDIR_OPERATION     pOperation
+    PVDIR_OPERATION pOperation
     );
 
 // modify.c
@@ -256,7 +274,12 @@ VmDirInitOPStatisticGlobals(
 
 uint16_t
 VmDirOPStatisticGetAvgTime(
-    PVMDIR_OPERATION_STATISTIC   pStatistic
+    ber_tag_t opTag
+    );
+
+uint64_t
+VmDirOPStatisticGetTotalTime(
+    ber_tag_t opTag
     );
 
 uint64_t
@@ -273,4 +296,11 @@ PCSTR
 VmDirGetOperationStringFromTag(
     ber_tag_t opTag);
 
+// vecs.c
+DWORD
+VmDirGetVecsMachineCert(
+    PSTR*   ppszCert,
+    PSTR*   ppszKey
+    );
+
 #endif /* LH_H_ */
diff --git a/vmdir/server/include/mdbstore.h b/vmdir/server/include/mdbstore.h
index 5318845da..a54ff9400 100644
--- a/vmdir/server/include/mdbstore.h
+++ b/vmdir/server/include/mdbstore.h
@@ -284,7 +284,6 @@ VmDirMDBIndexIteratorFree(
     PVDIR_BACKEND_INDEX_ITERATOR    pIterator
     );
 
-// iterate.c
 DWORD
 VmDirMDBParentIdIndexIteratorInit(
     ENTRYID                                 parentId,
@@ -302,6 +301,23 @@ VmDirMDBParentIdIndexIteratorFree(
     PVDIR_BACKEND_PARENT_ID_INDEX_ITERATOR  pIterator
     );
 
+DWORD
+VmDirMDBEntryBlobIteratorInit(
+    ENTRYID                                 EId,
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR*       ppIterator
+    );
+
+DWORD
+VmDirMDBEntryBlobIterate(
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR    pIterator,
+    ENTRYID*                            pEntryId
+    );
+
+VOID
+VmDirMDBEntryBlobIteratorFree(
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR  pIterator
+    );
+
 // config.c
 DWORD
 VmDirMDBConfigureFsync(
diff --git a/vmdir/server/include/schema.h b/vmdir/server/include/schema.h
index 242166f6c..c08b24165 100644
--- a/vmdir/server/include/schema.h
+++ b/vmdir/server/include/schema.h
@@ -417,6 +417,11 @@ VmDirSchemaAttrIsOctetString(
     PVDIR_SCHEMA_AT_DESC    pATDesc
     );
 
+BOOLEAN
+VmDirSchemaAttrIsDN(
+    PVDIR_SCHEMA_AT_DESC    pATDesc
+    );
+
 PVDIR_ENTRY
 VmDirSchemaAcquireAndOwnStartupEntry(
     VOID
diff --git a/vmdir/server/include/srvcommon.h b/vmdir/server/include/srvcommon.h
index 60021c244..bd625e431 100644
--- a/vmdir/server/include/srvcommon.h
+++ b/vmdir/server/include/srvcommon.h
@@ -17,6 +17,11 @@
 #ifndef COMMON_INTERFACE_H_
 #define COMMON_INTERFACE_H_
 
+#include <vmmetrics.h>
+extern PVM_METRICS_CONTEXT pmContext;
+
+#define VMDIR_RESPONSE_TIME(val) ((val) ? (val) : 1)
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -56,7 +61,12 @@ extern "C" {
 #define VMDIR_PAGED_SEARCH_CACHE_HASH_TABLE_SIZE 32
 #define VMDIR_LOCKOUT_VECTOR_HASH_TABLE_SIZE  1000
 
-#define VMDIR_DEFAULT_REPL_INTERVAL     "30"
+//Note: Ssetting replinterval to 1 second could have negative impact on a star topology where many nodes(say > 5) all
+//      have same sigle replication partner.
+//      In such case, the center node could potentially starve and could not catch up with changes from other nodes
+//      because there are constant repl pull from other nodes and current replication algorithm exclude roles a node can play (consumer/supplier).
+#define VMDIR_DEFAULT_REPL_INTERVAL     "1"
+
 #define VMDIR_DEFAULT_REPL_PAGE_SIZE    "1000"
 #define VMDIR_REPL_CONT_INDICATOR       "continue:1,"
 #define VMDIR_REPL_CONT_INDICATOR_LEN   sizeof(VMDIR_REPL_CONT_INDICATOR)-1
@@ -224,6 +234,11 @@ typedef struct _VDIR_SUPERLOG_RECORD
     VDIR_SUPERLOG_RECORD_OPERATION_INFO opInfo;
 } VDIR_SUPERLOG_RECORD, *PVDIR_SUPERLOG_RECORD;
 
+typedef struct _VDIR_CONN_REPL_SUPP_STATE
+{
+    PLW_HASHMAP     phmSyncStateOneMap;
+} VDIR_CONN_REPL_SUPP_STATE, *PVDIR_CONN_REPL_SUPP_STATE;
+
 typedef struct _VDIR_CONNECTION
 {
     Sockbuf *               sb;
@@ -238,6 +253,7 @@ typedef struct _VDIR_CONNECTION
     char                    szClientIP[INET6_ADDRSTRLEN];
     DWORD                   dwClientPort;
     VDIR_SUPERLOG_RECORD    SuperLogRec;
+    VDIR_CONN_REPL_SUPP_STATE   ReplConnState;
 } VDIR_CONNECTION, *PVDIR_CONNECTION;
 
 typedef struct _VDIR_CONNECTION_CTX
@@ -475,6 +491,7 @@ typedef struct SearchReq
     VDIR_BERVALUE * attrs;
     VDIR_FILTER *   filter;
     VDIR_BERVALUE   filterStr;
+    ACCESS_MASK     accessRequired;
     size_t          iNumEntrySent;      // total number entries sent for this request
     BOOLEAN         bStoreRsltInMem;    // store results in mem vs. writing to ber
 } SearchReq;
@@ -535,7 +552,7 @@ typedef struct SyncRequestControlValue
     VDIR_BERVALUE           bvLastLocalUsnProcessed;
     USN                     intLastLocalUsnProcessed;
     VDIR_BERVALUE           bvUtdVector;
-    BOOLEAN                 reloadHint;
+    BOOLEAN                 bFirstPage;
 } SyncRequestControlValue;
 
 typedef struct SyncDoneControlValue
@@ -551,11 +568,17 @@ typedef struct _VDIR_PAGED_RESULT_CONTROL_VALUE
     CHAR                    cookie[VMDIR_PS_COOKIE_LEN];
 } VDIR_PAGED_RESULT_CONTROL_VALUE;
 
+typedef struct _VDIR_DIGEST_CONTROL_VALUE
+{
+    CHAR                    sha1Digest[SHA_DIGEST_LENGTH+1];
+} VDIR_DIGEST_CONTROL_VALUE, *PVDIR_DIGEST_CONTROL_VALUE;
+
 typedef union LdapControlValue
 {
     SyncRequestControlValue            syncReqCtrlVal;
     SyncDoneControlValue               syncDoneCtrlVal;
     VDIR_PAGED_RESULT_CONTROL_VALUE    pagedResultCtrlVal;
+    VDIR_DIGEST_CONTROL_VALUE          digestCtrlVal;
 } LdapControlValue;
 
 typedef struct _VDIR_LDAP_CONTROL
@@ -590,6 +613,7 @@ typedef struct _VDIR_OPERATION
     VDIR_LDAP_CONTROL *       showDeletedObjectsCtrl; // points in reqControls list.
     VDIR_LDAP_CONTROL *       showMasterKeyCtrl;
     VDIR_LDAP_CONTROL *       showPagedResultsCtrl;
+    VDIR_LDAP_CONTROL *       digestCtrl;
                                      // SJ-TBD: If we add quite a few controls, we should consider defining a
                                      // structure to hold all those pointers.
     DWORD               dwSchemaWriteOp; // this operation is schema modification
@@ -645,14 +669,27 @@ typedef struct _VDIR_THREAD_INFO
 
 } REPO_THREAD_INFO, *PVDIR_THREAD_INFO;
 
+typedef struct _VMDIR_REPLICATION_METRICS
+{
+    PVM_METRICS_HISTOGRAM       pReplConnectDuration;
+    PVM_METRICS_COUNTER         pReplConnectFailures;
+    PVM_METRICS_COUNTER         pReplUnfinished;
+    PVM_METRICS_GAUGE           pReplUsn;
+    PVM_METRICS_COUNTER         pReplChanges;
+    PVM_METRICS_HISTOGRAM       pReplSyncDuration;
+
+} VMDIR_REPLICATION_METRICS, *PVMDIR_REPLICATION_METRICS;
+
 typedef struct _VMDIR_REPLICATION_AGREEMENT
 {
-    VDIR_BERVALUE       dn;
-    char                ldapURI[VMDIR_MAX_LDAP_URI_LEN];
-    VDIR_BERVALUE       lastLocalUsnProcessed;
-    BOOLEAN             isDeleted;
-    time_t              oldPasswordFailTime;
-    time_t              newPasswordFailTime;
+    VDIR_BERVALUE               dn;
+    char                        ldapURI[VMDIR_MAX_LDAP_URI_LEN];
+    VDIR_BERVALUE               lastLocalUsnProcessed;
+    BOOLEAN                     isDeleted;
+    time_t                      oldPasswordFailTime;
+    time_t                      newPasswordFailTime;
+    VMDIR_REPLICATION_METRICS   ReplMetrics;
+
     struct _VMDIR_REPLICATION_AGREEMENT *   next;
 
 } VMDIR_REPLICATION_AGREEMENT, *PVMDIR_REPLICATION_AGREEMENT;
@@ -875,8 +912,8 @@ VmDirBervalContentDup(
 
 DWORD
 VmDirCreateTransientSecurityDescriptor(
-    BOOL bAllowAnonymousRead,
-    PVMDIR_SECURITY_DESCRIPTOR pvsd
+    BOOLEAN                     bAllowAnonymousRead,
+    PVMDIR_SECURITY_DESCRIPTOR  pvsd
     );
 
 DWORD
@@ -905,6 +942,12 @@ VmDirDeleteEntry(
     PVDIR_ENTRY pEntry
     );
 
+DWORD
+VmDirSimpleEntryDeleteAttribute(
+    PCSTR   pszDN,
+    PCSTR   pszAttr
+    );
+
 // util.c
 DWORD
 VmDirToLDAPError(
@@ -1085,6 +1128,19 @@ VmDirOperationTypeToName(
     VDIR_OPERATION_TYPE opType
     );
 
+BOOLEAN
+VmDirIsSameConsumerSupplierEntryAttr(
+    PVDIR_ATTRIBUTE pAttr,
+    PVDIR_ENTRY     pSrcEntry,
+    PVDIR_ENTRY     pDstEntry
+    );
+
+int
+VmDirPVdirBValCmp(
+    const void *p1,
+    const void *p2
+    );
+
 // candidates.c
 void
 AndFilterResults(
@@ -1116,6 +1172,11 @@ OrFilterResults(
     VDIR_FILTER * src,
     VDIR_FILTER * dst);
 
+VOID
+VmDirSortCandidateList(
+    VDIR_CANDIDATES *  pCl
+    );
+
 // entryencodedecode.c
 DWORD
 VmDirComputeEncodedEntrySize(
@@ -1464,7 +1525,7 @@ VmDirSRPCreateSecret(
     PVDIR_BERVALUE   pSecretResult
     );
 
-//vmafdlib.c
+// vmafdlib.c
 DWORD
 VmDirOpenVmAfdClientLib(
     VMDIR_LIB_HANDLE*   pplibHandle
diff --git a/vmdir/server/include/vmacl.h b/vmdir/server/include/vmacl.h
index 23c87bb74..891d11339 100644
--- a/vmdir/server/include/vmacl.h
+++ b/vmdir/server/include/vmacl.h
@@ -140,9 +140,21 @@ extern "C" {
 //
 #define VMDIR_ANONYMOUS_LOGON_SID "S-1-5-7"
 
+//
+// Well-known SID for a user that has authenticated, irrespective of their domain.
+// If you want to ACL something for an arbitrary logged-in user for a given
+// domain you should use <domain SID>-VMDIR_DOMAIN_ALIAS_RID_USERS.
+//
+#define VMDIR_AUTHENTICATED_USER_SID "S-1-5-11"
 
-// objectSid.c
+//
+// Null SID template to be used in defaultSecurityDescriptors.
+// This template will be replaced with SID of corresponding domain
+// when applied to objects.
+//
+#define VMDIR_NULL_SID_TEMPLATE "S-1-0-0"
 
+// objectSid.c
 DWORD
 VmDirAdvanceDomainRID(
     DWORD   dwCnt
@@ -168,18 +180,17 @@ VmDirInternalRemoveOrgConfig(
 
 PCSTR
 VmDirFindDomainDN(
-    PCSTR pszObjectDN
+    PCSTR   pszObjectDN
     );
 
 DWORD
 VmDirGenerateWellknownSid(
-    PCSTR    pszDomainDN,
-    DWORD    dwWellKnowRid,
-    PSTR*    ppszAdminSid
+    PCSTR   pszDomainDN,
+    DWORD   dwWellKnowRid,
+    PSTR*   ppszAdminSid
     );
 
 // libmain.c
-
 DWORD
 VmDirVmAclInit(
     VOID
@@ -195,46 +206,49 @@ VmDirRegisterACLMode(
     VOID
     );
 
-// acl.c
+VOID
+VmDirSetACLMode(
+    VOID
+    );
 
+// acl.c
 DWORD
 VmDirSrvCreateAccessTokenWithEntry(
-    PVDIR_ENTRY pEntry,
-    PACCESS_TOKEN* ppToken,
-    PSTR* ppszObjectSid /* Optional */
+    PVDIR_ENTRY     pEntry,
+    PACCESS_TOKEN*  ppToken,
+    PSTR*           ppszObjectSid
     );
 
 DWORD
 VmDirSrvAccessCheck(
-    PVDIR_OPERATION pOperation,
-    PVDIR_ACCESS_INFO pAccessInfo,
-    PVDIR_ENTRY pEntry,
-    ACCESS_MASK AccessDesired
+    PVDIR_OPERATION     pOperation,
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    ACCESS_MASK         accessDesired
     );
 
 VOID
 VmDirAclCtxContentFree(
-    PVDIR_ACL_CTX pAclCtx
+    PVDIR_ACL_CTX   pAclCtx
     );
 
 DWORD
 VmDirSrvCreateSecurityDescriptor(
-    ACCESS_MASK amAccess,
-    PCSTR pszSystemAdministratorDn,
-    PCSTR pszAdminsGroupSid,
-    PCSTR pszDomainAdminsGroupSid,
-    PCSTR pszDomainClientsGroupSid,
-    PCSTR pszUsersGroupSid,
-    BOOLEAN bProtectedDacl,
-    BOOLEAN bAnonymousRead,
-    BOOLEAN bServicesDacl,
-    BOOLEAN bTenantDomain,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    ACCESS_MASK                 amAccess,
+    PCSTR                       pszDomainAdminDn,
+    PCSTR                       pszAdminsGroupSid,
+    PCSTR                       pszDomainAdminsGroupSid,
+    BOOLEAN                     bProtectedDacl,
+    BOOLEAN                     bAnonymousRead,
+    BOOLEAN                     bAuthenticatedRead,
+    BOOLEAN                     bServicesDacl,
+    BOOLEAN                     bTenantDomain,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     );
 
 VOID
 VmDirFreeAbsoluteSecurityDescriptor(
-    PSECURITY_DESCRIPTOR_ABSOLUTE *ppSecDesc
+    PSECURITY_DESCRIPTOR_ABSOLUTE*  ppSecDesc
     );
 
 DWORD
@@ -247,79 +261,84 @@ VmDirSrvAccessCheckIsAdminRole(
 
 BOOLEAN
 VmDirIsFailedAccessInfo(
-    PVDIR_ACCESS_INFO pAccessInfo
+    PVDIR_ACCESS_INFO   pAccessInfo
     );
 
 DWORD
-VmDirAddAceToSecurityDescriptor(
+VmDirGetObjectSidFromEntry(
     PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDesc,
-    PCSTR pszAdminUserDn,
-    ACCESS_MASK amAccess
+    PSTR*       ppszObjectSid, /* Optional */
+    PSID*       ppSid /* Optional */
     );
 
 DWORD
-VmDirGetObjectSidFromEntry(
-    PVDIR_ENTRY pEntry,
-    PSTR* ppszObjectSid, /* Optional */
-    PSID* ppSid /* Optional */
+VmDirIsBindDnMemberOfSystemDomainAdmins(
+    PVDIR_BACKEND_CTX   pBECtx,
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PBOOLEAN            pbIsMemberOfAdmins
     );
 
 // security.c
-
 DWORD
 VmDirGetSecurityDescriptorForEntry(
-    PVDIR_ENTRY pEntry,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE* ppSecDesc,
-    PULONG pulSecDescLength
+    PVDIR_ENTRY                     pEntry,
+    SECURITY_INFORMATION            SecurityInformation,
+    PSECURITY_DESCRIPTOR_RELATIVE*  ppSecDesc,
+    PULONG                          pulSecDescLength
     );
 
 DWORD
 VmDirSetSecurityDescriptorForDn(
-    PCSTR pszObjectDn,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     );
 
 DWORD
-VmDirEntryCacheSecurityDescriptor(
-    PVDIR_ENTRY pEntry,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelToSet,
-    ULONG ulSecDescToSetLen
+VmDirSetRecursiveSecurityDescriptorForDn(
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     );
 
 DWORD
-VmDirSetRecursiveSecurityDescriptorForDn(
-    PCSTR pszObjectDn,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+VmDirAppendSecurityDescriptorForDn(
+    PCSTR                       pszObjectDn,
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc,
+    BOOLEAN                     bReplaceOwnerAndGroup
     );
 
 DWORD
-VmDirSetSecurityDescriptorForEntry(
-    PVDIR_ENTRY pEntry,
-    SECURITY_INFORMATION SecurityInformation,
-    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRel,
-    ULONG ulSecDescRel
+VmDirAppendAllowAceForDn(
+    PCSTR       pszObjectDn,
+    PCSTR       pszTrusteeDN,
+    ACCESS_MASK accessMask
+    );
+
+DWORD
+VmDirEntryCacheSecurityDescriptor(
+    PVDIR_ENTRY                     pEntry,
+    PSECURITY_DESCRIPTOR_RELATIVE   pSecDescRelToSet,
+    ULONG                           ulSecDescToSetLen
+    );
+
+DWORD
+VmDirSetDefaultSecurityDescriptorForClass(
+    PCSTR   pszClassName,
+    PCSTR   pszDacl
     );
 
 // sdcalc.c
 DWORD
 VmDirComputeObjectSecurityDescriptor(
-    PVDIR_ACCESS_INFO pAccessInfo,
-    PVDIR_ENTRY pEntry,
-    PVDIR_ENTRY pParentEntry
+    PVDIR_ACCESS_INFO   pAccessInfo,
+    PVDIR_ENTRY         pEntry,
+    PVDIR_ENTRY         pParentEntry
     );
 
 // token.c
 DWORD
 VmDirSrvCreateAccessTokenForWellKnowObject(
-    PACCESS_TOKEN *ppToken,
-    PCSTR pszWellknownObjectSid
-    );
-
-VOID
-VmDirSetACLMode(
-    VOID
+    PACCESS_TOKEN*  ppToken,
+    PCSTR           pszWellknownObjectSid
     );
 
 #ifdef __cplusplus
diff --git a/vmdir/server/include/vmdirserver.h b/vmdir/server/include/vmdirserver.h
index 1c19caf4c..b784adbb4 100644
--- a/vmdir/server/include/vmdirserver.h
+++ b/vmdir/server/include/vmdirserver.h
@@ -42,7 +42,7 @@
 extern "C" {
 #endif
 
-#define REPL_THREAD_SCHED_PRIORITY 10
+#define DEFAULT_THREAD_PRIORITY_DELTA 10
 
 /*
  * Plugin logic has four hook points per LDAP operation -
@@ -145,7 +145,8 @@ typedef struct _VMDIR_GLOBALS
     DWORD                           dwLdapConnectPorts;
     PDWORD                          pdwLdapsConnectPorts;
     DWORD                           dwLdapsConnectPorts;
-    PSTR                            pszRestListenPort;
+    PSTR                            pszHTTPListenPort;
+    PSTR                            pszHTTPSListenPort;
 
     DWORD                           dwLdapRecvTimeoutSec;
     // following fields are protected by mutex
@@ -237,6 +238,37 @@ typedef struct _VMDIR_TRACK_LAST_LOGIN_TIME
 
 extern VMDIR_TRACK_LAST_LOGIN_TIME gVmdirTrackLastLoginTime;
 
+typedef struct _VMDIR_INTEGRITY_JOB *PVMDIR_INTEGRITY_JOB;
+
+typedef struct _VMDIR_INTEGRITY_CHECK_GLOBALS
+{
+    PVMDIR_MUTEX            pMutex;
+    PVMDIR_INTEGRITY_JOB    pJob;
+
+} VMDIR_INTEGRITY_CHECK_GLOBALS, *PVMDIR_INTEGRITY_CHECK_GLOBALS;
+
+extern VMDIR_INTEGRITY_CHECK_GLOBALS gVmdirIntegrityCheck;
+
+typedef enum
+{
+    INTEGRITY_CHECK_JOB_NONE = 0,
+    INTEGRITY_CHECK_JOB_START,
+    INTEGRITY_CHECK_JOB_STOP,
+    INTEGRITY_CHECK_JOB_FINISH,
+    INTEGRITY_CHECK_JOB_RECHECK,
+    INTEGRITY_CHECK_JOB_INVALID,
+    INTEGRITY_CHECK_JOB_SHOW_SUMMARY
+} VMDIR_INTEGRITY_CHECK_JOB_STATE, *PVMDIR_INTEGRITY_CHECK_JOB_STATE;
+
+typedef enum
+{
+    INTEGRITY_CHECK_JOBCXT_NONE = 0,
+    INTEGRITY_CHECK_JOBCTX_VALID,
+    INTEGRITY_CHECK_JOBCTX_INVALID,
+    INTEGRITY_CHECK_JOBCTX_SKIP,
+    INTEGRITY_CHECK_JOBCTX_ABORT
+} VMDIR_INTEGRITY_CHECK_JOBCTX_STATE, *PVMDIR_INTEGRITY_CHECK_JOBCTX_STATE;
+
 // krb.c
 DWORD
 VmDirKrbRealmNameNormalize(
@@ -320,7 +352,12 @@ VmDirGetLdapsConnectPorts(
 DWORD
 VmDirGetAllLdapPortsCount(
     VOID
-);
+    );
+
+DWORD
+VmDirCheckPortAvailability(
+    DWORD   dwPort
+    );
 
 VOID
 VmDirdSetReplNow(
@@ -398,6 +435,28 @@ VmDirAddTrackLastLoginItem(
     PCSTR   pszDN
     );
 
+// integritycheck.c
+DWORD
+VmDirEntrySHA1Digest(
+    PVDIR_ENTRY pEntry,
+    PSTR        pOutSH1DigestBuf
+    );
+
+DWORD
+VmDirIntegrityCheckStart(
+    VMDIR_INTEGRITY_CHECK_JOB_STATE jobState
+    );
+
+VOID
+VmDirIntegrityCheckStop(
+    VOID
+    );
+
+DWORD
+VmDirIntegrityCheckShowStatus(
+    PVDIR_ENTRY*    ppEntry
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/vmdir/server/include/vmkdcserver.h b/vmdir/server/include/vmkdcserver.h
index ada46aab2..c47efb133 100644
--- a/vmdir/server/include/vmkdcserver.h
+++ b/vmdir/server/include/vmkdcserver.h
@@ -67,7 +67,10 @@ typedef struct _VMKDC_GLOBALS
     int                             iMaxRenewableLife;
     INT64                           iAcceptSock;
     INT64                           iAcceptSockUdp;
+    INT64                           iAcceptSock6;
+    INT64                           iAcceptSock6Udp;
     int                             addrLen;
+    int                             addrLen6;
 
     // following fields are protected by mutex
     pthread_t                       thread;
diff --git a/vmdir/server/indexcfg/Makefile.am b/vmdir/server/indexcfg/Makefile.am
index cd45ac130..95fbbd245 100644
--- a/vmdir/server/indexcfg/Makefile.am
+++ b/vmdir/server/indexcfg/Makefile.am
@@ -13,15 +13,15 @@ libindexcfg_la_SOURCES = \
     vmit.c
 
 libindexcfg_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libindexcfg_la_LDFLAGS = \
     -static
-
diff --git a/vmdir/server/indexcfg/indexingthr.c b/vmdir/server/indexcfg/indexingthr.c
index 2260c0b7e..9af6de551 100644
--- a/vmdir/server/indexcfg/indexingthr.c
+++ b/vmdir/server/indexcfg/indexingthr.c
@@ -22,15 +22,15 @@ InitializeIndexingThread(
     DWORD   dwError = 0;
 
     dwError = VmDirSrvThrInit(
-                &gVdirIndexGlobals.pThrInfo,
-                gVdirIndexGlobals.mutex,
-                gVdirIndexGlobals.cond,
-                TRUE);
+            &gVdirIndexGlobals.pThrInfo,
+            gVdirIndexGlobals.mutex,
+            gVdirIndexGlobals.cond,
+            TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateThread(
             &gVdirIndexGlobals.pThrInfo->tid,
-            FALSE,
+            gVdirIndexGlobals.pThrInfo->bJoinThr,
             VmDirIndexingThreadFun,
             gVdirIndexGlobals.pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -53,6 +53,8 @@ VmDirIndexingThreadFun(
     VDIR_SERVER_STATE   vmdirState = VMDIRD_STATE_UNDEFINED;
     PVDIR_INDEXING_TASK pTask = NULL;
 
+    VmDirDropThreadPriority(DEFAULT_THREAD_PRIORITY_DELTA);
+
 resume:
     while (1)
     {
diff --git a/vmdir/server/kdckrb5/Makefile.am b/vmdir/server/kdckrb5/Makefile.am
index 1786c9700..29b67f7c0 100644
--- a/vmdir/server/kdckrb5/Makefile.am
+++ b/vmdir/server/kdckrb5/Makefile.am
@@ -28,13 +28,15 @@ libvmkrb5_la_SOURCES = \
     ticket.c
 
 libvmkrb5_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
+    -DOPENSSL_NO_KRB5 \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/server \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/vmdir/server/kdcsrvcommon/Makefile.am b/vmdir/server/kdcsrvcommon/Makefile.am
index cdf248266..c7016c7d6 100644
--- a/vmdir/server/kdcsrvcommon/Makefile.am
+++ b/vmdir/server/kdcsrvcommon/Makefile.am
@@ -9,7 +9,7 @@
 
 noinst_LTLIBRARIES = libkdcsrvcommon.la
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmdir/idl
 
 PAC_SOURCES =
 
@@ -28,7 +28,7 @@ CLEANFILES = \
     vmdir_pac_sstub.c
 
 vmdir_pac_cstub.c vmdir_pac_h.h: $(idl_srcdir)/vmdir_pac.idl $(idl_srcdir)/vmdir_pac.acf
-	$(IDL) $(IDLFLAGS) -DVMDIR_ENABLE_PAC -keep c_source -header vmdir_pac_h.h -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -DVMDIR_ENABLE_PAC -keep c_source -header vmdir_pac_h.h -I$(idl_srcdir) -I$(top_srcdir)/vmdir/include/public $<
 endif
 
 libkdcsrvcommon_la_SOURCES = \
@@ -38,11 +38,12 @@ libkdcsrvcommon_la_SOURCES = \
 
 libkdcsrvcommon_la_CPPFLAGS = \
     $(VMDIR_ENABLE_PAC_DEFINE) \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     -I. \
-    -I$(top_builddir)/server/kdcsrvcommon \
+    -I$(top_builddir)/vmdir/server/kdcsrvcommon \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
diff --git a/vmdir/server/kdctools/Makefile.am b/vmdir/server/kdctools/Makefile.am
index 7240d34de..751e6a58d 100644
--- a/vmdir/server/kdctools/Makefile.am
+++ b/vmdir/server/kdctools/Makefile.am
@@ -6,15 +6,17 @@ libvmkdctools_la_SOURCES = \
     parsekt.c
 
 libvmkdctools_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/kdckrb5 \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/server/vmkdc \
+    -DOPENSSL_NO_KRB5 \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/server/kdckrb5 \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmdir/server/vmkdc \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/vmdir/server/ldap-head/Makefile.am b/vmdir/server/ldap-head/Makefile.am
index e9a324368..1db5473b8 100644
--- a/vmdir/server/ldap-head/Makefile.am
+++ b/vmdir/server/ldap-head/Makefile.am
@@ -17,6 +17,7 @@ libldap_head_la_SOURCES = \
     delete.c        \
     filter.c        \
     globals.c       \
+    metricsinit.c   \
     modify.c        \
     openssl.c       \
     operation.c     \
@@ -28,15 +29,15 @@ libldap_head_la_SOURCES = \
     unbind.c
 
 libldap_head_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
 libldap_head_la_LDFLAGS = \
     -static
-
diff --git a/vmdir/server/ldap-head/connection.c b/vmdir/server/ldap-head/connection.c
index 26ac30d0d..81da0afce 100644
--- a/vmdir/server/ldap-head/connection.c
+++ b/vmdir/server/ldap-head/connection.c
@@ -72,12 +72,6 @@ NewConnection(
     Sockbuf_IO      *pSockbuf_IO
     );
 
-static DWORD
-VmDirWhichAddressPresent(
-    BOOLEAN *pIPV4AddressPresent,
-    BOOLEAN *pIPV6AddressPresent
-);
-
 static
 BOOLEAN
 _VmDirFlowCtrlThrEnter(
@@ -122,6 +116,12 @@ _VmDirPingAcceptThr(
     DWORD   dwPort
     );
 
+static
+VOID
+_VmDirUpdateErrorCount(
+    DWORD dwErrCode
+    );
+
 void
 VmDirDeleteConnection(
     VDIR_CONNECTION **conn
@@ -150,6 +150,12 @@ VmDirDeleteConnection(
         VmDirFreeAccessInfo(&((*conn)->AccessInfo));
         _VmDirScrubSuperLogContent(LDAP_REQ_UNBIND, &( (*conn)->SuperLogRec) );
 
+        if ((*conn)->ReplConnState.phmSyncStateOneMap)
+        {
+            LwRtlHashMapClear((*conn)->ReplConnState.phmSyncStateOneMap, VmDirSimpleHashMapPairFree, NULL);
+            LwRtlFreeHashMap(&(*conn)->ReplConnState.phmSyncStateOneMap);
+        }
+
         VMDIR_SAFE_FREE_MEMORY(*conn);
         *conn = NULL;
     }
@@ -187,11 +193,6 @@ VmDirInitConnAcceptThread(
 
     for (i = 0; i < dwLdapPorts; i++)
     {
-        dwError = VmDirAllocateMemory(
-                sizeof(*pThrInfo),
-                (PVOID*)&pThrInfo);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
         dwError = VmDirAllocateMemory(
                 sizeof(DWORD),
                 (PVOID)&pdwPort);
@@ -200,15 +201,15 @@ VmDirInitConnAcceptThread(
         *pdwPort = pdwLdapPorts[i];
 
         dwError = VmDirSrvThrInit(
-                    &pThrInfo,
-                    gVmdirGlobals.replCycleDoneMutex,
-                    gVmdirGlobals.replCycleDoneCondition,
-                    TRUE);
+                &pThrInfo,
+                gVmdirGlobals.replCycleDoneMutex,
+                gVmdirGlobals.replCycleDoneCondition,
+                TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 vmdirConnAcceptThrFunc,
                 (PVOID)pdwPort);  // New thread owns pdwPort
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -235,7 +236,7 @@ VmDirInitConnAcceptThread(
 
         dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 vmdirSSLConnAcceptThrFunc,
                 (PVOID)pdwPort);
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -619,6 +620,9 @@ ProcessAConnection(
    int            reTries = 0;
    BOOLEAN                      bDownOpThrCount = FALSE;
    PVDIR_CONNECTION_CTX pConnCtx = NULL;
+   int            metricsTag = -1;
+   uint64_t       iStartTime = 0;
+   uint64_t       iEndTime = 0;
 
    // increment operation thread counter
    retVal = VmDirSyncCounterIncrement(gVmdirGlobals.pOperationThrSyncCounter);
@@ -748,6 +752,8 @@ ProcessAConnection(
       //
       pConn->SuperLogRec.iStartTime = pConn->SuperLogRec.iStartTime ? pConn->SuperLogRec.iStartTime : VmDirGetTimeInMilliSec();
 
+      iStartTime = VmDirGetTimeInMilliSec();
+
       switch (tag)
       {
          case LDAP_REQ_BIND:
@@ -756,32 +762,38 @@ ProcessAConnection(
             {
                 _VmDirCollectBindSuperLog(pConn, pOperation); // ignore error
             }
+            metricsTag = METRICS_LDAP_OP_BIND;
 
             break;
 
          case LDAP_REQ_ADD:
             retVal = VmDirPerformAdd(pOperation);
+            metricsTag = METRICS_LDAP_OP_ADD;
             break;
 
          case LDAP_REQ_SEARCH:
             retVal = VmDirPerformSearch(pOperation);
+            metricsTag = METRICS_LDAP_OP_SEARCH;
             break;
 
          case LDAP_REQ_UNBIND:
             retVal = VmDirPerformUnbind(pOperation);
+            metricsTag = METRICS_LDAP_OP_UNBIND;
             break;
 
          case LDAP_REQ_MODIFY:
-             retVal = VmDirPerformModify(pOperation);
-             break;
+            retVal = VmDirPerformModify(pOperation);
+            metricsTag = METRICS_LDAP_OP_MODIFY;
+            break;
 
          case LDAP_REQ_DELETE:
-             retVal = VmDirPerformDelete(pOperation);
-             break;
+            retVal = VmDirPerformDelete(pOperation);
+            metricsTag = METRICS_LDAP_OP_DELETE;
+            break;
 
          case LDAP_REQ_MODDN:
-              retVal = VmDirPerformRename(pOperation);
-            break;
+             retVal = VmDirPerformRename(pOperation);
+             break;
 
          case LDAP_REQ_COMPARE:
          case LDAP_REQ_ABANDON:
@@ -799,7 +811,14 @@ ProcessAConnection(
             break;
       }
 
+      iEndTime = VmDirGetTimeInMilliSec();
+      if (metricsTag >= 0)
+      {
+            VmMetricsHistogramUpdate(pLdapRequestDuration[metricsTag], VMDIR_RESPONSE_TIME(iEndTime-iStartTime));
+      }
+
       pConn->SuperLogRec.iEndTime = VmDirGetTimeInMilliSec();
+
       VmDirOPStatisticUpdate(tag, pConn->SuperLogRec.iEndTime - pConn->SuperLogRec.iStartTime);
 
       if (tag != LDAP_REQ_BIND)
@@ -809,6 +828,8 @@ ProcessAConnection(
          _VmDirScrubSuperLogContent(tag, &pConn->SuperLogRec);
       }
 
+      _VmDirUpdateErrorCount(pOperation->ldapResult.errCode);
+
       VmDirFreeOperation(pOperation);
       pOperation = NULL;
 
@@ -1041,7 +1062,7 @@ vmdirConnAccept(
         newsockfd = -1;
         pConnCtx->pSockbuf_IO = pSockbuf_IO;
 
-        retVal = VmDirCreateThread(&threadId, TRUE, ProcessAConnection, (PVOID)pConnCtx);
+        retVal = VmDirCreateThread(&threadId, FALSE, ProcessAConnection, (PVOID)pConnCtx);
         if (retVal != 0)
         {
             VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s: VmDirCreateThread() (port) failed with errno: %d",
@@ -1091,11 +1112,11 @@ vmdirConnAccept(
  VmDirWhichAddressPresent: Check if ipv4 or ipv6 addresses exist
  */
 
-static DWORD
+DWORD
 VmDirWhichAddressPresent(
     BOOLEAN *pIPV4AddressPresent,
     BOOLEAN *pIPV6AddressPresent
-)
+    )
 {
     int                 retVal = 0;
 #ifndef _WIN32
@@ -1395,3 +1416,106 @@ _VmDirPingAcceptThr(
 
     return;
 }
+
+static
+VOID
+_VmDirUpdateErrorCount(
+    DWORD dwErrCode
+    )
+{
+    switch (dwErrCode)
+    {
+        case LDAP_SUCCESS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SUCCESS]);
+            break;
+
+        case LDAP_UNAVAILABLE:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_UNAVAILABLE]);
+            break;
+
+        case LDAP_SERVER_DOWN:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SERVER_DOWN]);
+            break;
+
+        case LDAP_UNWILLING_TO_PERFORM:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_UNWILLING_TO_PERFORM]);
+            break;
+
+        case LDAP_INVALID_DN_SYNTAX:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INVALID_DN_SYNTAX]);
+            break;
+
+        case LDAP_NO_SUCH_ATTRIBUTE:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_NO_SUCH_ATTRIBUTE]);
+            break;
+
+        case LDAP_INVALID_SYNTAX:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INVALID_SYNTAX]);
+            break;
+
+        case LDAP_UNDEFINED_TYPE:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_UNDEFINED_TYPE]);
+            break;
+
+        case LDAP_TYPE_OR_VALUE_EXISTS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_TYPE_OR_VALUE_EXISTS]);
+            break;
+
+        case LDAP_OBJECT_CLASS_VIOLATION:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_OBJECT_CLASS_VIOLATION]);
+            break;
+
+        case LDAP_ALREADY_EXISTS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_ALREADY_EXISTS]);
+            break;
+
+        case LDAP_CONSTRAINT_VIOLATION:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_CONSTRAINT_VIOLATION]);
+            break;
+
+        case LDAP_NOT_ALLOWED_ON_NONLEAF:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_NOT_ALLOWED_ON_NONLEAF]);
+            break;
+
+        case LDAP_PROTOCOL_ERROR:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_PROTOCOL_ERROR]);
+            break;
+
+        case LDAP_INVALID_CREDENTIALS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INVALID_CREDENTIALS]);
+            break;
+
+        case LDAP_INSUFFICIENT_ACCESS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_INSUFFICIENT_ACCESS]);
+            break;
+
+        case LDAP_AUTH_METHOD_NOT_SUPPORTED:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_AUTH_METHOD_NOT_SUPPORTED]);
+            break;
+
+        case LDAP_SASL_BIND_IN_PROGRESS:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SASL_BIND_IN_PROGRESS]);
+            break;
+
+        case LDAP_TIMELIMIT_EXCEEDED:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_TIMELIMIT_EXCEEDED]);
+            break;
+
+        case LDAP_SIZELIMIT_EXCEEDED:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_SIZELIMIT_EXCEEDED]);
+            break;
+
+        case LDAP_NO_SUCH_OBJECT:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_NO_SUCH_OBJECT]);
+            break;
+
+        case LDAP_BUSY:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_BUSY]);
+            break;
+
+        default:
+            VmMetricsCounterIncrement(pLdapErrorCount[METRICS_LDAP_OTHER]);
+            break;
+    }
+    return;
+}
diff --git a/vmdir/server/ldap-head/controls.c b/vmdir/server/ldap-head/controls.c
index a51591ad5..0b901d4cf 100644
--- a/vmdir/server/ldap-head/controls.c
+++ b/vmdir/server/ldap-head/controls.c
@@ -40,6 +40,15 @@ _ParseSyncStateControlVal(
     USN*        pPartnerUSN     // Output
     );
 
+static
+int
+_ParseDigestControlVal(
+    VDIR_OPERATION *                    op,
+    BerValue *                          controlValue,       // Input: control value encoded as ber
+    VDIR_DIGEST_CONTROL_VALUE *         digestCtrlVal,      // Output
+    VDIR_LDAP_RESULT *                  lr                  // Output
+    );
+
 /*
  * RFC 4511:
  * Section 4.1.1 Message Envelope:
@@ -186,6 +195,20 @@ ParseRequestControls(
                 op->showPagedResultsCtrl = *control;
             }
 
+            if (VmDirStringCompareA( (*control)->type, LDAP_CONTROL_DIGEST_SEARCH, TRUE ) == 0)
+            {
+                retVal = _ParseDigestControlVal( op,
+                                                &lberBervCtlValue,
+                                                &((*control)->value.digestCtrlVal),
+                                                lr);
+                if (retVal != LDAP_SUCCESS)
+                {
+                    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
+                                                  "ParseRequestControls: _ParseDigestControlVal failed.");
+                }
+                op->digestCtrl = *control;
+            }
+
             if ( ber_scanf( op->ber, "}") == LBER_ERROR ) // end of control
             {
                 lr->errCode = LDAP_PROTOCOL_ERROR;
@@ -284,7 +307,7 @@ WriteSyncDoneControl(
             writer = bvCtrlVal.lberbv.bv_val;
             bvCtrlVal.lberbv.bv_len = 0;
 
-            VmDirStringPrintFA( writer, bufferSize, "%ld,", op->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed );
+            VmDirStringPrintFA( writer, bufferSize, "%" PRId64 ",", op->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed );
             tmpLen = VmDirStringLenA( writer );
             writer += tmpLen;
             bufferSize -= tmpLen;
@@ -293,7 +316,7 @@ WriteSyncDoneControl(
             while ((pNode = LwRtlHashTableIterate(op->syncDoneCtrl->value.syncDoneCtrlVal.htUtdVector, &iter)))
             {
                 pUtdVectorEntry = LW_STRUCT_FROM_FIELD(pNode, UptoDateVectorEntry, Node);
-                VmDirStringPrintFA( writer, bufferSize, "%s:%ld,", pUtdVectorEntry->invocationId.lberbv.bv_val,
+                VmDirStringPrintFA( writer, bufferSize, "%s:%" PRId64 ",", pUtdVectorEntry->invocationId.lberbv.bv_val,
                                     pUtdVectorEntry->currMaxOrigUsnProcessed );
                 tmpLen = VmDirStringLenA( writer );
                 writer += tmpLen;
@@ -395,7 +418,7 @@ WritePagedSearchDoneControl(
 int
 WriteSyncStateControl(
    VDIR_OPERATION *   op,
-   VDIR_ATTRIBUTE *   pAttr,
+   VDIR_ENTRY *       pEntry,
    BerElement *       ber,
    PSTR*              ppszErrorMsg
    )
@@ -410,6 +433,10 @@ WriteSyncStateControl(
     PVDIR_BERVALUE      pbvUSN = NULL;
     PSTR                pszLocalErrorMsg = NULL;
     BOOLEAN             bHasFinalSyncState = FALSE;
+    CHAR                pszIDBuf[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
+    PSTR                pszEID = NULL;
+    PSTR                pszUSNCreated = NULL;
+    VDIR_ATTRIBUTE *    pAttr = NULL;
 
     VMDIR_LOG_DEBUG( LDAP_DEBUG_TRACE, "WriteSyncStateControl: Begin" );
 
@@ -425,7 +452,7 @@ WriteSyncStateControl(
      *  => may lead to various conflict resolution scenarios.
      */
 
-    for ( ; pAttr != NULL; pAttr = pAttr->next)
+    for (pAttr = pEntry->attrs ; pAttr != NULL; pAttr = pAttr->next)
     {
         if (VmDirStringCompareA( pAttr->type.lberbv.bv_val, ATTR_USN_CHANGED, FALSE ) == 0)
         {
@@ -448,6 +475,27 @@ WriteSyncStateControl(
             {
                 entryState = LDAP_SYNC_ADD;
                 bHasFinalSyncState = TRUE;
+
+                assert( VmDirStringNPrintFA(pszIDBuf, VMDIR_MAX_I64_ASCII_STR_LEN, VMDIR_MAX_I64_ASCII_STR_LEN, "%llu", pEntry->eId) == 0 );
+
+                if (LwRtlHashMapFindKey(op->conn->ReplConnState.phmSyncStateOneMap, NULL, pszIDBuf) != 0)
+                {
+                    retVal = VmDirAllocateStringA(pszIDBuf, &pszEID);
+                    BAIL_ON_VMDIR_ERROR(retVal);
+
+                    retVal = VmDirAllocateStringA(pAttr->vals[0].lberbv_val, &pszUSNCreated);
+                    BAIL_ON_VMDIR_ERROR(retVal);
+
+                    retVal = LwRtlHashMapInsert(op->conn->ReplConnState.phmSyncStateOneMap, pszEID, pszUSNCreated, NULL);
+                    BAIL_ON_VMDIR_ERROR(retVal);
+                    pszEID = NULL; pszUSNCreated = NULL; // map takes over
+
+                    VMDIR_LOG_VERBOSE(
+                            LDAP_DEBUG_REPL,
+                            "entry sync stat ADD %s at USNCreated %s",
+                            pEntry->dn.lberbv_val,
+                            pAttr->vals[0].lberbv_val);
+                }
             }
         }
     }
@@ -513,6 +561,9 @@ WriteSyncStateControl(
         VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
     }
 
+    VMDIR_SAFE_FREE_MEMORY(pszEID);
+    VMDIR_SAFE_FREE_MEMORY(pszUSNCreated);
+
     VMDIR_LOG_DEBUG( LDAP_DEBUG_TRACE, "WriteSyncStateControl: End" );
 
     return( retVal );
@@ -634,9 +685,9 @@ ParseSyncRequestControlVal(
     VDIR_BACKEND_CTX        backendCtx = {0};
     USN                     maxPartnerVisibleUSN = 0;
 
-    VMDIR_LOG_DEBUG( LDAP_DEBUG_TRACE, "ParseSyncRequestControlVal: Begin." );
+    VMDIR_LOG_DEBUG(LDAP_DEBUG_TRACE, "ParseSyncRequestControlVal: Begin");
 
-    ber_init2( ber, controlValue, LBER_USE_DER );
+    ber_init2(ber, controlValue, LBER_USE_DER);
 
     /* http://www.rfc-editor.org/rfc/rfc4533.txt
      *
@@ -654,38 +705,60 @@ ParseSyncRequestControlVal(
      *  }
     */
 
-    if (ber_scanf( ber, "{i", &(syncReqCtrlVal->mode) ) == LBER_ERROR)
+    if (ber_scanf(ber, "{i", &(syncReqCtrlVal->mode)) == LBER_ERROR)
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: ber_scanf failed while parsing the sync request "
-                  "control mode" );
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "ParseSyncRequestControlVal: ber_scanf failed while parsing the sync request "
+                "control mode");
+
         lr->errCode = LDAP_PROTOCOL_ERROR;
         retVal = LDAP_NOTICE_OF_DISCONNECT;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                        "Error in reading sync request control mode from PDU.");
+
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                retVal,
+                pszLocalErrorMsg,
+                "Error in reading sync request control mode from PDU.");
     }
 
     syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv.bv_val = "";
     syncReqCtrlVal->intLastLocalUsnProcessed = 0;
 
-    if (VmDirAllocateMemory( sizeof( VDIR_LDAP_CONTROL ), (PVOID *)&op->syncDoneCtrl) != 0)
+    if (VmDirAllocateMemory(sizeof(VDIR_LDAP_CONTROL), (PVOID*)&op->syncDoneCtrl) != 0)
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: VmDirAllocateMemory failed " );
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "ParseSyncRequestControlVal: VmDirAllocateMemory failed");
+
         lr->errCode = retVal = LDAP_OPERATIONS_ERROR;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                        "ParseSyncRequestControlVal: VmDirAllocateMemory failed.");
+
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                retVal,
+                pszLocalErrorMsg,
+                "ParseSyncRequestControlVal: VmDirAllocateMemory failed.");
     }
     op->syncDoneCtrl->type = LDAP_CONTROL_SYNC_DONE;
-    if (LwRtlCreateHashTable( &op->syncDoneCtrl->value.syncDoneCtrlVal.htUtdVector, UtdVectorEntryGetKey,
-                              LwRtlHashDigestPstr, LwRtlHashEqualPstr, NULL, VMDIR_UTD_VECTOR_HASH_TABLE_SIZE ) != 0)
+    if (LwRtlCreateHashTable(
+            &op->syncDoneCtrl->value.syncDoneCtrlVal.htUtdVector,
+            UtdVectorEntryGetKey,
+            LwRtlHashDigestPstr,
+            LwRtlHashEqualPstr,
+            NULL,
+            VMDIR_UTD_VECTOR_HASH_TABLE_SIZE) != 0)
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "UpdateSyncDoneUtdVectorEntry: LwRtlCreateHashTable failed" );
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "UpdateSyncDoneUtdVectorEntry: LwRtlCreateHashTable failed");
+
         lr->errCode = retVal = LDAP_OPERATIONS_ERROR;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                        "UpdateSyncDoneUtdVectorEntry: LwRtlCreateHashTable failed");
 
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                retVal,
+                pszLocalErrorMsg,
+                "UpdateSyncDoneUtdVectorEntry: LwRtlCreateHashTable failed.");
     }
 
-    tag = ber_peek_tag( ber, &len );
+    tag = ber_peek_tag(ber, &len);
 
     if (tag == LBER_SEQUENCE)
     { // syncCookie
@@ -703,123 +776,189 @@ ParseSyncRequestControlVal(
          */
         // {lastLocalUsnProcessed{{<serverid1><lastOrigUsnProcessed1>}{<serverid2><lastOrigUsnProcessed2>}...}}
 
-        if (ber_scanf( ber, "{mmm}",
-                        &syncReqCtrlVal->reqInvocationId.lberbv,
-                        &syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv,
-                        &syncReqCtrlVal->bvUtdVector.lberbv ) == LBER_ERROR )
+        if (ber_scanf(
+                ber,
+                "{mmm}",
+                &syncReqCtrlVal->reqInvocationId.lberbv,
+                &syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv,
+                &syncReqCtrlVal->bvUtdVector.lberbv) == LBER_ERROR)
         {
-            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: ber_scanf failed while parsing "
-                      "lastLocalUsnProcessed in the sync request control value" );
+            VMDIR_LOG_ERROR(
+                    VMDIR_LOG_MASK_ALL,
+                    "ParseSyncRequestControlVal: ber_scanf failed while parsing "
+                    "lastLocalUsnProcessed in the sync request control value");
+
             lr->errCode = LDAP_PROTOCOL_ERROR;
             retVal = LDAP_NOTICE_OF_DISCONNECT;
-            BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                            "Error in reading lastLocalUsnProcessed in the sync request control value");
+
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                    retVal,
+                    pszLocalErrorMsg,
+                    "Error in reading lastLocalUsnProcessed in the sync request control value.");
         }
 
-        VMDIR_LOG_DEBUG( LDAP_DEBUG_REPL, "ParseSyncRequestControlVal: ServerId: %s, lastLocalUsnProcessed: %s, utdVector: %s",
-                  syncReqCtrlVal->reqInvocationId.lberbv.bv_val, syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv.bv_val,
-                  syncReqCtrlVal->bvUtdVector.lberbv.bv_val );
+        VMDIR_LOG_DEBUG(
+                LDAP_DEBUG_REPL,
+                "ParseSyncRequestControlVal: ServerId: %s, lastLocalUsnProcessed: %s, utdVector: %s",
+                syncReqCtrlVal->reqInvocationId.lberbv.bv_val,
+                syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv.bv_val,
+                syncReqCtrlVal->bvUtdVector.lberbv.bv_val);
+
+        syncReqCtrlVal->intLastLocalUsnProcessed =
+                op->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed =
+                        VmDirStringToLA(syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv.bv_val, NULL, 10);
 
-        syncReqCtrlVal->intLastLocalUsnProcessed = op->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed =
-                                   VmDirStringToLA( syncReqCtrlVal->bvLastLocalUsnProcessed.lberbv.bv_val, NULL, 10 );
         {
-            char *                  nextServerIdStr = NULL;
-            char *                  nextOrigUsnStr = NULL;
+            char* nextServerIdStr = NULL;
+            char* nextOrigUsnStr = NULL;
 
             nextServerIdStr = syncReqCtrlVal->bvUtdVector.lberbv.bv_val;
 
-            while( nextServerIdStr != NULL && nextServerIdStr[0] != '\0')
+            while (nextServerIdStr != NULL && nextServerIdStr[0] != '\0')
             {
                 PLW_HASHTABLE_NODE pNode = NULL;
 
                 // Ignore continue indicator in sync request control
-                if (VmDirStringNCompareA(nextServerIdStr,
+                if (VmDirStringNCompareA(
+                        nextServerIdStr,
                         VMDIR_REPL_CONT_INDICATOR,
-                        VMDIR_REPL_CONT_INDICATOR_LEN, FALSE) == 0)
+                        VMDIR_REPL_CONT_INDICATOR_LEN,
+                        FALSE) == 0)
                 {
-                    nextServerIdStr = VmDirStringChrA( nextServerIdStr, ',') + 1;
+                    nextServerIdStr = VmDirStringChrA(nextServerIdStr, ',') + 1;
                     continue;
                 }
 
-                if (VmDirAllocateMemory( sizeof(UptoDateVectorEntry), (PVOID *)&utdVectorEntry ) != 0)
+                if (VmDirAllocateMemory(sizeof(UptoDateVectorEntry), (PVOID*)&utdVectorEntry) != 0)
                 {
-                    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: VmDirAllocateMemory failed " );
+                    VMDIR_LOG_ERROR(
+                            VMDIR_LOG_MASK_ALL,
+                            "ParseSyncRequestControlVal: VmDirAllocateMemory failed");
+
                     lr->errCode = retVal = LDAP_OPERATIONS_ERROR;
-                    BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                                    "ParseSyncRequestControlVal: VmDirAllocateMemory failed");
+
+                    BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                            retVal,
+                            pszLocalErrorMsg,
+                            "ParseSyncRequestControlVal: VmDirAllocateMemory failed.");
                 }
 
-                nextOrigUsnStr = VmDirStringChrA( nextServerIdStr, ':');
+                nextOrigUsnStr = VmDirStringChrA(nextServerIdStr, ':');
                 *nextOrigUsnStr = '\0';
                 nextOrigUsnStr++;
                 utdVectorEntry->invocationId.lberbv.bv_val = nextServerIdStr;
-                utdVectorEntry->invocationId.lberbv.bv_len = VmDirStringLenA( nextServerIdStr );
+                utdVectorEntry->invocationId.lberbv.bv_len = VmDirStringLenA(nextServerIdStr);
 
-                nextServerIdStr = VmDirStringChrA( nextOrigUsnStr, ',');
+                nextServerIdStr = VmDirStringChrA(nextOrigUsnStr, ',');
                 *nextServerIdStr = '\0';
                 nextServerIdStr++;
 
-                utdVectorEntry->currMaxOrigUsnProcessed = utdVectorEntry->reqLastOrigUsnProcessed =
-                                                              atol( nextOrigUsnStr );
+                utdVectorEntry->currMaxOrigUsnProcessed =
+                        utdVectorEntry->reqLastOrigUsnProcessed =
+                                atol(nextOrigUsnStr);
 
-                LwRtlHashTableResizeAndInsert( op->syncDoneCtrl->value.syncDoneCtrlVal.htUtdVector,
-                                               &utdVectorEntry->Node, &pNode);
-                assert( pNode == NULL );    // assert the key of added node is unique.
+                LwRtlHashTableResizeAndInsert(
+                        op->syncDoneCtrl->value.syncDoneCtrlVal.htUtdVector,
+                        &utdVectorEntry->Node,
+                        &pNode);
+                assert(pNode == NULL);    // assert the key of added node is unique.
             }
         }
 
-        tag = ber_peek_tag( ber, &len );
+        tag = ber_peek_tag(ber, &len);
     }
     if (tag == LBER_BOOLEAN)
     {
-        ber_int_t reloadHint;
-        if (ber_scanf( ber, "b", &reloadHint) == LBER_ERROR)
+        ber_int_t firstPage;
+        if (ber_scanf(ber, "b", &firstPage) == LBER_ERROR)
         {
-            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: Error in reading reloadHint from the PDU" );
+            VMDIR_LOG_ERROR(
+                    VMDIR_LOG_MASK_ALL,
+                    "ParseSyncRequestControlVal: Error in reading reloadHint from the PDU");
+
             lr->errCode = LDAP_PROTOCOL_ERROR;
             retVal = LDAP_NOTICE_OF_DISCONNECT;
-            BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                            "Error in reading reloadHint from the PDU.");
+
+            BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                    retVal,
+                    pszLocalErrorMsg,
+                    "Error in reading reloadHint from the PDU.");
         }
-        if (reloadHint)
+        if (firstPage)
         {
-            syncReqCtrlVal->reloadHint = TRUE;
+            syncReqCtrlVal->bFirstPage = TRUE;
         }
     }
-    if ( ber_scanf( ber, "}") == LBER_ERROR ) // End of control value
+    if (ber_scanf(ber, "}") == LBER_ERROR) // End of control value
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: ber_scanf failed while parsing the end of "
-                  "sync request control value." );
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "ParseSyncRequestControlVal: ber_scanf failed while parsing the end of "
+                "sync request control value");
+
         lr->errCode = LDAP_PROTOCOL_ERROR;
         retVal = LDAP_NOTICE_OF_DISCONNECT;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
-                                        "Decoding error while parsing the end of sync request control value.");
+
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                retVal,
+                pszLocalErrorMsg,
+                "Decoding error while parsing the end of sync request control value.");
     }
 
     backendCtx.pBE = VmDirBackendSelect("");
-    maxPartnerVisibleUSN = backendCtx.pBE->pfnBEGetLeastOutstandingUSN( &backendCtx, FALSE ) - 1;
+    maxPartnerVisibleUSN = backendCtx.pBE->pfnBEGetLeastOutstandingUSN(&backendCtx, FALSE) - 1;
 
     if (syncReqCtrlVal->intLastLocalUsnProcessed > maxPartnerVisibleUSN)
     {
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "ParseSyncRequestControlVal: ServerId %s has processed my USN (%u), my max USN is (%u).",
-                         syncReqCtrlVal->reqInvocationId.lberbv.bv_val, syncReqCtrlVal->intLastLocalUsnProcessed, maxPartnerVisibleUSN );
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "ParseSyncRequestControlVal: ServerId %s has processed my USN (%u), my max USN is (%u)",
+                syncReqCtrlVal->reqInvocationId.lberbv.bv_val,
+                syncReqCtrlVal->intLastLocalUsnProcessed, maxPartnerVisibleUSN);
+
         lr->errCode = LDAP_UNWILLING_TO_PERFORM;
         retVal = LDAP_NOTICE_OF_DISCONNECT;
-        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg), "Partner is ahead of my changes.");
+
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(
+                retVal,
+                pszLocalErrorMsg,
+                "Partner is ahead of my changes.");
+    }
+
+    if (op->conn->ReplConnState.phmSyncStateOneMap == NULL)
+    {
+        // replication request, create connection level map for SyncStateControl adjustment (ADD -> MODIFY)
+        if (LwRtlCreateHashMap(
+                &op->conn->ReplConnState.phmSyncStateOneMap,
+                LwRtlHashDigestPstrCaseless,
+                LwRtlHashEqualPstrCaseless,
+                NULL) != 0)
+        {
+            lr->errCode = retVal = LDAP_OPERATIONS_ERROR;
+            BAIL_ON_VMDIR_ERROR(retVal);
+        }
+    }
+    else if (syncReqCtrlVal->bFirstPage)
+    {
+        /*
+         * When retry happens, send add requests instead of modify requests.
+         * If entries are not removed from hashtable, modify request will be sent.
+         */
+        LwRtlHashMapClear(op->conn->ReplConnState.phmSyncStateOneMap, VmDirSimpleHashMapPairFree, NULL);
+        VMDIR_LOG_INFO(
+                LDAP_DEBUG_REPL,
+                "ParseSyncRequestControlVal: phmSyncStateOneMap Cleared because of replication cycle retry");
     }
 
 cleanup:
     // Even in the error case, syncDoneCtrl should be freed during operation delete.
-    VMDIR_LOG_DEBUG( LDAP_DEBUG_TRACE, "ParseSyncRequestControlVal: End." );
-    VmDirBackendCtxContentFree( &backendCtx );
+    VMDIR_LOG_DEBUG(LDAP_DEBUG_TRACE, "ParseSyncRequestControlVal: End");
+    VmDirBackendCtxContentFree(&backendCtx);
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
-
     return retVal;
 
 error:
-
     VMDIR_APPEND_ERROR_MSG(lr->pszErrMsg, pszLocalErrorMsg);
-
     goto cleanup;
 }
 
@@ -901,3 +1040,129 @@ _ParsePagedResultControlVal(
     VMDIR_APPEND_ERROR_MSG(lr->pszErrMsg, pszLocalErrorMsg);
     goto cleanup;
 }
+
+static
+int
+_ParseDigestControlVal(
+    VDIR_OPERATION *                    op,
+    BerValue *                          controlValue,       // Input: control value encoded as ber
+    VDIR_DIGEST_CONTROL_VALUE *         digestCtrlVal,      // Output
+    VDIR_LDAP_RESULT *                  lr                  // Output
+    )
+{
+    int                 retVal = LDAP_SUCCESS;
+    BerElementBuffer    berbuf;
+    BerElement *        ber = (BerElement *)&berbuf;
+    PSTR                pszLocalErrorMsg = NULL;
+    BerValue            localBV = {0};
+
+    if (!op)
+    {
+        retVal = LDAP_PROTOCOL_ERROR;
+        BAIL_ON_VMDIR_ERROR( retVal );
+    }
+
+    ber_init2( ber, controlValue, LBER_USE_DER );
+
+    /*
+     *
+     * The DigestControlValue is an OCTET STRING wrapping the BER-encoded version of the following SEQUENCE:
+     *
+     * realSearchControlValue ::= SEQUENCE {
+     *        digest            OCTET STRING
+     *  }
+     */
+
+    if ((ber_scanf(ber, "{m}", &localBV) == LBER_ERROR)
+        ||
+        localBV.bv_len != SHA_DIGEST_LENGTH
+       )
+    {
+        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s: ber_scanf failed while parsing digest control value", __FUNCTION__);
+        lr->errCode = LDAP_PROTOCOL_ERROR;
+        retVal = LDAP_NOTICE_OF_DISCONNECT;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG(   retVal, (pszLocalErrorMsg),
+                                        "Error in reading digest control digest value");
+    }
+
+    memcpy(digestCtrlVal->sha1Digest, localBV.bv_val, SHA_DIGEST_LENGTH);
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
+    return retVal;
+
+error:
+    VMDIR_APPEND_ERROR_MSG(lr->pszErrMsg, pszLocalErrorMsg);
+    goto cleanup;
+}
+
+int
+VmDirCreateDigestControlContent(
+    PCSTR           pszDigest,
+    DWORD           dwDigestLen,
+    LDAPControl*    pDigestCtrl
+    )
+{
+    int             retVal = LDAP_SUCCESS;
+    BerElement*     pBer = NULL;
+    BerValue        localBV = {0};
+
+    if (!pszDigest || !pDigestCtrl)
+    {
+        retVal = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
+    }
+
+    if ((pBer = ber_alloc()) == NULL)
+    {
+        retVal = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
+    }
+
+    localBV.bv_val = (char*)pszDigest;
+    localBV.bv_len = dwDigestLen;
+
+    if ( ber_printf( pBer, "{O}", &localBV) == -1)
+    {
+        VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s: ber_printf failed.", __FUNCTION__ );
+        retVal = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_SIMPLE_LDAP_ERROR( retVal );
+    }
+
+    memset( pDigestCtrl, 0, sizeof( LDAPControl ));
+    pDigestCtrl->ldctl_oid = LDAP_CONTROL_DIGEST_SEARCH;
+    pDigestCtrl->ldctl_iscritical = '1';
+    if (ber_flatten2(pBer, &pDigestCtrl->ldctl_value, 1))
+    {
+        retVal = LDAP_OPERATIONS_ERROR;
+        BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
+    }
+
+cleanup:
+
+    if (pBer)
+    {
+        ber_free(pBer, 1);
+    }
+    return retVal;
+
+ldaperror:
+    VmDirDeleteDigestControlContent(pDigestCtrl);
+    goto cleanup;
+}
+
+VOID
+VmDirDeleteDigestControlContent(
+    LDAPControl*    pDigestCtrl
+    )
+{
+    if (pDigestCtrl)
+    {
+        if (pDigestCtrl->ldctl_value.bv_val)
+        {
+            ber_memfree(pDigestCtrl->ldctl_value.bv_val);
+        }
+        memset(pDigestCtrl, 0, sizeof(LDAPControl));
+    }
+}
diff --git a/vmdir/server/ldap-head/defines.h b/vmdir/server/ldap-head/defines.h
index 23cb7dc49..91166502a 100644
--- a/vmdir/server/ldap-head/defines.h
+++ b/vmdir/server/ldap-head/defines.h
@@ -49,3 +49,44 @@ typedef int (*NEW_CONNECTION_FUNC)(
                 ber_socket_t      sfd,
                 VDIR_CONNECTION   **conn,
                 Sockbuf_IO        *pSockbuf_IO);
+
+typedef enum
+{
+    METRICS_LDAP_OP_BIND,
+    METRICS_LDAP_OP_SEARCH,
+    METRICS_LDAP_OP_ADD,
+    METRICS_LDAP_OP_MODIFY,
+    METRICS_LDAP_OP_DELETE,
+    METRICS_LDAP_OP_UNBIND,
+    METRICS_LDAP_OP_COUNT
+
+} METRICS_LDAP_OPS;
+
+typedef enum
+{
+    METRICS_LDAP_SUCCESS,
+    METRICS_LDAP_UNAVAILABLE,
+    METRICS_LDAP_SERVER_DOWN,
+    METRICS_LDAP_UNWILLING_TO_PERFORM,
+    METRICS_LDAP_INVALID_DN_SYNTAX,
+    METRICS_LDAP_NO_SUCH_ATTRIBUTE,
+    METRICS_LDAP_INVALID_SYNTAX,
+    METRICS_LDAP_UNDEFINED_TYPE,
+    METRICS_LDAP_TYPE_OR_VALUE_EXISTS,
+    METRICS_LDAP_OBJECT_CLASS_VIOLATION,
+    METRICS_LDAP_ALREADY_EXISTS,
+    METRICS_LDAP_CONSTRAINT_VIOLATION,
+    METRICS_LDAP_NOT_ALLOWED_ON_NONLEAF,
+    METRICS_LDAP_PROTOCOL_ERROR,
+    METRICS_LDAP_INVALID_CREDENTIALS,
+    METRICS_LDAP_INSUFFICIENT_ACCESS,
+    METRICS_LDAP_AUTH_METHOD_NOT_SUPPORTED,
+    METRICS_LDAP_SASL_BIND_IN_PROGRESS,
+    METRICS_LDAP_TIMELIMIT_EXCEEDED,
+    METRICS_LDAP_SIZELIMIT_EXCEEDED,
+    METRICS_LDAP_NO_SUCH_OBJECT,
+    METRICS_LDAP_BUSY,
+    METRICS_LDAP_OTHER,
+    METRICS_LDAP_ERROR_COUNT
+
+} METRICS_LDAP_ERRORS;
diff --git a/vmdir/server/ldap-head/externs.h b/vmdir/server/ldap-head/externs.h
index c88cb5a53..533ce16ff 100644
--- a/vmdir/server/ldap-head/externs.h
+++ b/vmdir/server/ldap-head/externs.h
@@ -31,3 +31,7 @@ extern Sockbuf_IO* gpVdirBerSockbufIOOpenssl;
 extern VMDIR_OP_STATISTIC_GLOBALS gVmdirOPStatisticGlobals;
 
 extern VMDIR_OPENSSL_GLOBALS gVmdirOpensslGlobals;
+
+extern PVM_METRICS_HISTOGRAM pLdapRequestDuration[];
+
+extern PVM_METRICS_COUNTER pLdapErrorCount[];
diff --git a/vmdir/server/ldap-head/metricsinit.c b/vmdir/server/ldap-head/metricsinit.c
new file mode 100644
index 000000000..269152669
--- /dev/null
+++ b/vmdir/server/ldap-head/metricsinit.c
@@ -0,0 +1,90 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+PVM_METRICS_HISTOGRAM pLdapRequestDuration[METRICS_LDAP_OP_COUNT];
+
+PVM_METRICS_COUNTER pLdapErrorCount[METRICS_LDAP_ERROR_COUNT];
+
+DWORD
+VmDirLdapMetricsInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+
+    uint64_t buckets[5] = {1, 10, 100, 500, 1000};
+
+    VM_METRICS_LABEL labelOps[METRICS_LDAP_OP_COUNT][1] = {{{"operation","bind"}},
+                                        {{"operation","search"}},
+                                        {{"operation","add"}},
+                                        {{"operation","modify"}},
+                                        {{"operation","delete"}},
+                                        {{"operation","unbind"}}};
+
+    VM_METRICS_LABEL labelErrors[METRICS_LDAP_ERROR_COUNT][1] = {{{"code","LDAP_SUCCESS"}},
+                                            {{"code","LDAP_UNAVAILABLE"}},
+                                            {{"code","LDAP_SERVER_DOWN"}},
+                                            {{"code","LDAP_UNWILLING_TO_PERFORM"}},
+                                            {{"code","LDAP_INVALID_DN_SYNTAX"}},
+                                            {{"code","LDAP_NO_SUCH_ATTRIBUTE"}},
+                                            {{"code","LDAP_INVALID_SYNTAX"}},
+                                            {{"code","LDAP_UNDEFINED_TYPE"}},
+                                            {{"code","LDAP_TYPE_OR_VALUE_EXISTS"}},
+                                            {{"code","LDAP_OBJECT_CLASS_VIOLATION"}},
+                                            {{"code","LDAP_ALREADY_EXISTS"}},
+                                            {{"code","LDAP_CONSTRAINT_VIOLATION"}},
+                                            {{"code","LDAP_NOT_ALLOWED_ON_NONLEAF"}},
+                                            {{"code","LDAP_PROTOCOL_ERROR"}},
+                                            {{"code","LDAP_INVALID_CREDENTIALS"}},
+                                            {{"code","LDAP_INSUFFICIENT_ACCESS"}},
+                                            {{"code","LDAP_AUTH_METHOD_NOT_SUPPORTED"}},
+                                            {{"code","LDAP_SASL_BIND_IN_PROGRESS"}},
+                                            {{"code","LDAP_TIMELIMIT_EXCEEDED"}},
+                                            {{"code","LDAP_SIZELIMIT_EXCEEDED"}},
+                                            {{"code","LDAP_NO_SUCH_OBJECT"}},
+                                            {{"code","LDAP_BUSY"}},
+                                            {{"code","LDAP_OTHER"}}};
+
+    for (i=0; i < METRICS_LDAP_ERROR_COUNT; i++)
+    {
+        dwError = VmMetricsCounterNew(pmContext,
+                                "vmdir_ldap_error_count",
+                                labelErrors[i], 1,
+                                "Counter for various LDAP errors",
+                                &pLdapErrorCount[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    for (i=0; i < METRICS_LDAP_OP_COUNT; i++)
+    {
+        dwError = VmMetricsHistogramNew(pmContext,
+                                "vmdir_ldap_request_duration",
+                                labelOps[i], 1,
+                                "Histogram for LDAP Request Durations for different operations",
+                                buckets, 5,
+                                &pLdapRequestDuration[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirLdapMetricsInit failed (%d)", dwError);
+
+    goto cleanup;
+}
diff --git a/vmdir/server/ldap-head/opstatistic.c b/vmdir/server/ldap-head/opstatistic.c
index 637101999..bec88d7fe 100644
--- a/vmdir/server/ldap-head/opstatistic.c
+++ b/vmdir/server/ldap-head/opstatistic.c
@@ -157,15 +157,20 @@ VmDirOPStatisticUpdate(
 
 uint16_t
 VmDirOPStatisticGetAvgTime(
-    PVMDIR_OPERATION_STATISTIC   pStatistic
+    ber_tag_t opTag
     )
 {
     BOOLEAN     bInLock = FALSE;
     uint64_t    iCurrentTotalTimeInMSec = 0;
     uint64_t    iCurrentCount = 0;
     uint64_t    iAvgTimeInMSecs = 0;
+    PVMDIR_OPERATION_STATISTIC pStatistic;
 
-    assert(pStatistic != NULL);
+    pStatistic = _VmDirGetStatisticFromTag(opTag);
+    if (pStatistic == NULL)
+    {
+        return 0;
+    }
 
     VMDIR_LOCK_MUTEX(bInLock, pStatistic->pmutex);
 
@@ -179,6 +184,28 @@ VmDirOPStatisticGetAvgTime(
     return iAvgTimeInMSecs > UINT16_MAX ? UINT16_MAX : (uint16_t)iAvgTimeInMSecs;
 }
 
+uint64_t
+VmDirOPStatisticGetTotalTime(
+        ber_tag_t opTag
+)
+{
+    BOOLEAN     bInLock = FALSE;
+    uint64_t    iCurrentTotalTimeInMSec = 0;
+    PVMDIR_OPERATION_STATISTIC pStatistic;
+
+    pStatistic = _VmDirGetStatisticFromTag(opTag);
+    if (pStatistic != NULL)
+    {
+        VMDIR_LOCK_MUTEX(bInLock, pStatistic->pmutex);
+
+        iCurrentTotalTimeInMSec = pStatistic->iTimeInMilliSec;
+
+        VMDIR_UNLOCK_MUTEX(bInLock, pStatistic->pmutex);
+    }
+
+    return iCurrentTotalTimeInMSec;
+}
+
 uint64_t
 VmDirOPStatisticGetCount(
     ber_tag_t opTag
@@ -225,7 +252,7 @@ VmDirOPStatistic(
                         "LDAP %10s - count:(%ld), Avg response time in MS:(%ld)",
                         pszOPName,
                         VmDirOPStatisticGetCount(opTag),
-                        VmDirOPStatisticGetAvgTime(pOPStatistic));
+                        VmDirOPStatisticGetAvgTime(opTag));
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
diff --git a/vmdir/server/ldap-head/prototypes.h b/vmdir/server/ldap-head/prototypes.h
index 89190f7a2..eadf06fcc 100644
--- a/vmdir/server/ldap-head/prototypes.h
+++ b/vmdir/server/ldap-head/prototypes.h
@@ -39,11 +39,10 @@ VmDirOPStatisticUpdate(
     uint64_t iThisTimeInMilliSecs
     );
 
-// vecs.c
+// ldapmetrics.c
 DWORD
-VmDirGetVecsMachineCert(
-    PSTR*   ppszCert,
-    PSTR*   ppszKey
+VmDirLdapMetricsInit(
+    VOID
     );
 
 #ifdef __cplusplus
diff --git a/vmdir/server/ldap-head/result.c b/vmdir/server/ldap-head/result.c
index 86845fc36..5d589b8f4 100644
--- a/vmdir/server/ldap-head/result.c
+++ b/vmdir/server/ldap-head/result.c
@@ -24,6 +24,7 @@ IsAttrInReplScope(
     VDIR_OPERATION *    op,
     char *              attrType,
     char *              attrMetaData,
+    USN                 priorSentUSNCreated,
     BOOLEAN *           inScope,
     PSTR*               ppszErrorMsg
     );
@@ -152,96 +153,108 @@ VmDirSendSASLBindResponse(
 
 void
 VmDirSendLdapResult(
-   VDIR_OPERATION * op
-   )
+    PVDIR_OPERATION pOperation
+    )
 {
-   BerElementBuffer berbuf;
-   BerElement *     ber = (BerElement *) &berbuf;
-   ber_int_t        msgId = 0;
-   ber_tag_t        resCode = 0;
-   size_t           iNumSearchEntrySent = 0;
-   PCSTR            pszSocketInfo = NULL;
+    BerElementBuffer berbuf;
+    BerElement *     ber = (BerElement *) &berbuf;
+    ber_int_t        msgId = 0;
+    ber_tag_t        resCode = 0;
+    size_t           iNumSearchEntrySent = 0;
+    PCSTR            pszSocketInfo = NULL;
 
-   (void) memset( (char *)&berbuf, '\0', sizeof( BerElementBuffer ));
+    (void)memset((char*)&berbuf, '\0', sizeof(BerElementBuffer));
 
-   resCode = GetResultTag( op->reqCode );
-   msgId = (resCode != LBER_SEQUENCE) ? op->msgId : 0;
+    resCode = GetResultTag(pOperation->reqCode);
+    msgId = (resCode != LBER_SEQUENCE) ? pOperation->msgId : 0;
 
-   if ( resCode == LDAP_RES_SEARCH_RESULT )
-   {
-       iNumSearchEntrySent = op->request.searchReq.iNumEntrySent;
-   }
+    if (resCode == LDAP_RES_SEARCH_RESULT)
+    {
+        iNumSearchEntrySent = pOperation->request.searchReq.iNumEntrySent;
+    }
 
-   ber_init2( ber, NULL, LBER_USE_DER );
+    ber_init2(ber, NULL, LBER_USE_DER);
 
-   if (op->conn)
-   {
-      pszSocketInfo = op->conn->szClientIP;
-   }
+    if (pOperation->conn)
+    {
+        pszSocketInfo = pOperation->conn->szClientIP;
+    }
 
-   if (op->ldapResult.errCode &&
-       op->ldapResult.errCode != LDAP_SASL_BIND_IN_PROGRESS)
-   {
-       VMDIR_LOG_ERROR(
-          VMDIR_LOG_MASK_ALL,
-          "VmDirSendLdapResult: Request (%s), Error (%d), Message (%s), (%u) socket (%s)",
-          VmDirLdapReqCodeToName(op->reqCode),
-          op->ldapResult.errCode,
-          VDIR_SAFE_STRING(op->ldapResult.pszErrMsg),
-          iNumSearchEntrySent,
-          VDIR_SAFE_STRING(pszSocketInfo));
-   }
-   else if ( op->reqCode == LDAP_REQ_SEARCH )
-   {
-       VMDIR_LOG_INFO(
-          LDAP_DEBUG_ARGS,
-          "VmDirSendLdapResult: Request (%s), Error (%d), Message (%s), (%u) socket (%s)",
-          VmDirLdapReqCodeToName(op->reqCode),
-          op->ldapResult.errCode,
-          VDIR_SAFE_STRING(op->ldapResult.pszErrMsg),
-          iNumSearchEntrySent,
-          VDIR_SAFE_STRING(pszSocketInfo));
-   }
+    if (pOperation->ldapResult.errCode &&
+        pOperation->ldapResult.errCode != LDAP_BUSY &&
+        pOperation->ldapResult.errCode != LDAP_SASL_BIND_IN_PROGRESS)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "VmDirSendLdapResult: Request (%s), Error (%d), Message (%s), (%u) socket (%s)",
+                VmDirLdapReqCodeToName(pOperation->reqCode),
+                pOperation->ldapResult.errCode,
+                VDIR_SAFE_STRING(pOperation->ldapResult.pszErrMsg),
+                iNumSearchEntrySent,
+                VDIR_SAFE_STRING(pszSocketInfo));
+    }
+    else if (pOperation->reqCode == LDAP_REQ_SEARCH)
+    {
+        VMDIR_LOG_INFO(
+                LDAP_DEBUG_ARGS,
+                "VmDirSendLdapResult: Request (%s), Error (%d), Message (%s), (%u) socket (%s)",
+                VmDirLdapReqCodeToName(pOperation->reqCode),
+                pOperation->ldapResult.errCode,
+                VDIR_SAFE_STRING(pOperation->ldapResult.pszErrMsg),
+                iNumSearchEntrySent,
+                VDIR_SAFE_STRING(pszSocketInfo));
+    }
 
-   if (ber_printf( ber, "{it{essN}", msgId, resCode, op->ldapResult.errCode, "",
-                       VDIR_SAFE_STRING(op->ldapResult.pszErrMsg)) == -1)
-   {
-      VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "SendLdapResult: ber_printf (to print msgId ...) failed" );
-      goto done;
-   }
+    if (ber_printf(
+            ber,
+            "{it{essN}",
+            msgId,
+            resCode,
+            pOperation->ldapResult.errCode,
+            "",
+            VDIR_SAFE_STRING(pOperation->ldapResult.pszErrMsg)) == -1)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "SendLdapResult: ber_printf (to print msgId ...) failed");
+        goto done;
+    }
 
-   // If Search, Replication, and one or more entries were sent back => Send back Sync Done Control
-   if ( op->reqCode == LDAP_REQ_SEARCH && op->syncReqCtrl != NULL && op->syncDoneCtrl != NULL)
-   {
-       if (WriteSyncDoneControl( op, ber ) != LDAP_SUCCESS)
-       {
-           goto done;
-       }
-   }
+    // If Search, Replication, and one or more entries were sent back => Send back Sync Done Control
+    if (pOperation->reqCode == LDAP_REQ_SEARCH && pOperation->syncReqCtrl && pOperation->syncDoneCtrl)
+    {
+        if (WriteSyncDoneControl(pOperation, ber) != LDAP_SUCCESS)
+        {
+            goto done;
+        }
+    }
 
-   if ( op->reqCode == LDAP_REQ_SEARCH && op->showPagedResultsCtrl != NULL)
-   {
-       if (WritePagedSearchDoneControl( op, ber ) != LDAP_SUCCESS)
-       {
-           goto done;
-       }
-   }
+    if (pOperation->reqCode == LDAP_REQ_SEARCH && pOperation->showPagedResultsCtrl)
+    {
+        if (WritePagedSearchDoneControl(pOperation, ber) != LDAP_SUCCESS)
+        {
+            goto done;
+        }
+    }
 
-   if (ber_printf( ber, "N}" ) == -1)
-   {
-      VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "SendLdapResult: ber_printf (to print msgId ...) failed" );
-      goto done;
-   }
+    if (ber_printf(ber, "N}") == -1)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "SendLdapResult: ber_printf (to print msgId ...) failed");
+        goto done;
+    }
 
-   if (WriteBerOnSocket( op->conn, ber ) != 0)
-   {
-      VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "SendLdapResult: WriteBerOnSocket failed" );
-      goto done;
-   }
+    if (WriteBerOnSocket(pOperation->conn, ber) != 0)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "SendLdapResult: WriteBerOnSocket failed");
+        goto done;
+    }
 
 done:
-   ber_free_buf( ber );
-
+    ber_free_buf(ber);
 }
 
 int
@@ -285,10 +298,8 @@ VmDirSendSearchEntry(
     // generating a final result to send back
     SetSpecialReturnChar(&pOperation->request.searchReq, &iSearchReqSpecialChars);
 
-    if ( pSrEntry->eId == DSE_ROOT_ENTRY_ID
-         &&
-         pOperation->request.searchReq.attrs == NULL
-       )
+    if (pSrEntry->eId == DSE_ROOT_ENTRY_ID &&
+        pOperation->request.searchReq.attrs == NULL)
     {
         //  For ADSI, if no specific attributes requested of DSE ROOT search,
         //  return ALL (include operational) attributes.
@@ -296,17 +307,21 @@ VmDirSendSearchEntry(
     }
 
     // ACL check before processing/sending the current srEntry back
-    retVal = VmDirSrvAccessCheck( pOperation, &pOperation->conn->AccessInfo, pSrEntry, VMDIR_RIGHT_DS_READ_PROP );
-    BAIL_ON_VMDIR_ERROR( retVal );
-
-    if ( pOperation->opType == VDIR_OPERATION_TYPE_INTERNAL )
+    retVal = VmDirSrvAccessCheck(
+            pOperation,
+            &pOperation->conn->AccessInfo,
+            pSrEntry,
+            pOperation->request.searchReq.accessRequired);
+    BAIL_ON_VMDIR_ERROR(retVal);
+
+    if (pOperation->opType == VDIR_OPERATION_TYPE_INTERNAL)
     {
         // This is an internal search operation.
         // Set bSearchEntrySent = TRUE to indicate that ACL
         // check passed and should be included in the result.
         pSrEntry->bSearchEntrySent = TRUE;
     }
-    else if ( sr->bStoreRsltInMem )
+    else if (sr->bStoreRsltInMem)
     {
         // This is an external search operation but wants to
         // store the result in memory instead of sending.
@@ -348,19 +363,19 @@ VmDirSendSearchEntry(
                     pOperation->lowestPendingUncommittedUsn++;
 
                     VMDIR_LOG_INFO( LDAP_DEBUG_REPL,
-                            "SendSearchEntry: bumping lowestPendingUncommittedUsn to %ld",
+                            "SendSearchEntry: bumping lowestPendingUncommittedUsn to %" PRId64,
                             pOperation->lowestPendingUncommittedUsn );
                 }
                 else if (usnChanged > pOperation->lowestPendingUncommittedUsn)
                 {
                     VMDIR_LOG_INFO( LDAP_DEBUG_REPL,
-                            "SendSearchEntry: usnChanged = %ld, lowestPendingUncommittedUsn = %ld, "
+                            "SendSearchEntry: usnChanged = %" PRId64 ", lowestPendingUncommittedUsn = %" PRId64 ", "
                             "skipping entry: %s", usnChanged, pOperation->lowestPendingUncommittedUsn,
                             pSrEntry->dn.lberbv.bv_val );
 
                     // Shouldn't stop cycle until we don't have a skip, inform consumer to come back again
                     pOperation->syncDoneCtrl->value.syncDoneCtrlVal.bContinue = TRUE;
-                    goto cleanup; // Don't send this entry
+                    goto updateSyncDoneCtrl; // Don't send this entry
                 }
             }
 
@@ -523,7 +538,7 @@ VmDirSendSearchEntry(
 
         if ( pOperation->syncReqCtrl != NULL ) // Replication, => write Sync State Control
         {
-            retVal = WriteSyncStateControl( pOperation, pSrEntry->attrs, ber, &pszLocalErrorMsg );
+            retVal = WriteSyncStateControl( pOperation, pSrEntry, ber, &pszLocalErrorMsg );
             BAIL_ON_VMDIR_ERROR( retVal );
         }
 
@@ -556,11 +571,26 @@ VmDirSendSearchEntry(
                             pSrEntry->dn.lberbv.bv_val, pOperation->syncReqCtrl, nonTrivialAttrsInReplScope);
         }
 
-        // record max local usnChanged in syncControlDone
+updateSyncDoneCtrl:
         if (pOperation->syncReqCtrl != NULL)
         {
-            if (usnChanged  > pOperation->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed)
+            if (pOperation->syncDoneCtrl->value.syncDoneCtrlVal.bContinue)
+            {
+                VMDIR_LOG_INFO(
+                        LDAP_DEBUG_REPL,
+                        "%s: update lastLocalUsnProcessed from %" PRId64 " to lowestPendingUncommittedUsn %" PRId64 " to avoid retry",
+                        __FUNCTION__,
+                        pOperation->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed,
+                        pOperation->lowestPendingUncommittedUsn-1);
+                /*
+                 * Sending high watermark to consumer results in repl cycle retry.
+                 * Avoid retry by sending lowestpendingUncommittedUsn-1.
+                 */
+                pOperation->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed = pOperation->lowestPendingUncommittedUsn-1;
+            }
+            else if (usnChanged  > pOperation->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed)
             {
+                // record max local usnChanged in syncControlDone
                 pOperation->syncDoneCtrl->value.syncDoneCtrlVal.intLastLocalUsnProcessed = usnChanged;
             }
         }
@@ -604,8 +634,10 @@ static
 int
 _VmDirIsUsnInScope(
     VDIR_OPERATION *    op,
+    PCSTR               pAttrName,
     char *              origInvocationId,
     USN                 origUsn,
+    USN                 priorSentUSNCreated,
     BOOLEAN *           isUsnInScope
     )
 {
@@ -661,7 +693,26 @@ _VmDirIsUsnInScope(
         {
             utdVectorEntry->currMaxOrigUsnProcessed = origUsn;
         }
-        *isUsnInScope = TRUE;
+
+        // Note, this handles ADD->MODIFY case but not multiple MODIFYs scenario.
+        // However, it is fine as consumer should be able to handle redundant feed from supplier.
+        // The key point here is to NOT send ATTR_USN_CREATED, so we can derive correct sync_state in WriteSyncStateControl.
+        if (origUsn > priorSentUSNCreated)
+        {
+            *isUsnInScope = TRUE;
+
+            if (priorSentUSNCreated > 0)
+            {
+                VMDIR_LOG_VERBOSE(LDAP_DEBUG_REPL, "%s new usn %llu after prior usncreated %llu attr %s",
+                                        __FUNCTION__, origUsn, priorSentUSNCreated, VDIR_SAFE_STRING(pAttrName));
+            }
+        }
+        else
+        {
+            VMDIR_LOG_VERBOSE(LDAP_DEBUG_REPL, "%s skip prior usncreated %llu attr %s",
+                                    __FUNCTION__, priorSentUSNCreated, VDIR_SAFE_STRING(pAttrName));
+        }
+
         goto cleanup;
     }
 
@@ -679,6 +730,7 @@ IsAttrInReplScope(
     VDIR_OPERATION *    op,
     char *              attrType,
     char *              attrMetaData,
+    USN                 priorSentUSNCreated,
     BOOLEAN *           inScope,
     PSTR*               ppszErrorMsg
     )
@@ -736,7 +788,7 @@ IsAttrInReplScope(
     else
     {
         BOOLEAN usnInScope = FALSE;
-        retVal = _VmDirIsUsnInScope(op, origInvocationId, origUsn, &usnInScope);
+        retVal = _VmDirIsUsnInScope(op, attrType, origInvocationId, origUsn, priorSentUSNCreated, &usnInScope);
         BAIL_ON_VMDIR_ERROR(retVal);
         if (!usnInScope)
         {
@@ -791,6 +843,21 @@ WriteAttributes(
     PVDIR_ATTRIBUTE pRetAttrs[3] = {pEntry->attrs, pEntry->pComputedAttrs, NULL};
     DWORD           dwCnt = 0;
     PSTR            pszLocalErrorMsg = NULL;
+    CHAR            pszIDBuf[VMDIR_MAX_I64_ASCII_STR_LEN] = {0};
+    PSTR            pszPriorSentUSNCreated = NULL;
+    USN             priorSentUSNCreated = 0;
+
+    if (op->syncReqCtrl != NULL)
+    {
+        assert( VmDirStringNPrintFA(pszIDBuf, VMDIR_MAX_I64_ASCII_STR_LEN, VMDIR_MAX_I64_ASCII_STR_LEN, "%llu", pEntry->eId) == 0 );
+
+        if (LwRtlHashMapFindKey(op->conn->ReplConnState.phmSyncStateOneMap, (PVOID*)&pszPriorSentUSNCreated, pszIDBuf) == 0)
+        {   // we have already sent this entry back with sync_state ADD in the same replication cycle
+            priorSentUSNCreated = VmDirStringToLA( pszPriorSentUSNCreated, NULL, 10 );
+
+            VMDIR_LOG_VERBOSE(LDAP_DEBUG_REPL, "%s sent %s with USNCreatd %llu before", __FUNCTION__, pEntry->dn.lberbv_val, priorSentUSNCreated);
+        }
+    }
 
     // loop through both normal and computed attributes
     for ( dwCnt = 0, pAttr = pRetAttrs[dwCnt];
@@ -804,7 +871,7 @@ WriteAttributes(
             if (op->syncReqCtrl != NULL) // Replication,
             {
                 // Filter attributes based on the input utdVector, and attribute's meta-data
-                retVal = IsAttrInReplScope( op, pAttr->type.lberbv.bv_val, pAttr->metaData, &bSendAttribute, &pszLocalErrorMsg );
+                retVal = IsAttrInReplScope( op, pAttr->type.lberbv.bv_val, pAttr->metaData, priorSentUSNCreated, &bSendAttribute, &pszLocalErrorMsg );
                 BAIL_ON_VMDIR_ERROR( retVal );
             }
             else
@@ -1048,11 +1115,12 @@ WriteMetaDataAttribute(
             berVal.lberbv.bv_val = attrMetaDataVal;
             berVal.lberbv.bv_len = VmDirStringLenA( attrMetaDataVal );
             if (VmDirStringCompareA( pAttr->type.lberbv.bv_val, ATTR_MODIFYTIMESTAMP, FALSE ) != 0 &&
+                VmDirStringCompareA( pAttr->type.lberbv.bv_val, ATTR_MODIFIERS_NAME, FALSE ) != 0  &&
                 VmDirStringCompareA( pAttr->type.lberbv.bv_val, ATTR_USN_CHANGED, FALSE ) != 0     &&
                 VmDirStringCompareA( pAttr->type.lberbv.bv_val, ATTR_OBJECT_GUID, FALSE ) != 0)
             {
                 // To prevent endless replication ping pong, supplier should send result only if there are changes
-                // to attribute other than ATTR_USN_CHANGED, ATTR_MODIFYTIMESTAMP and ATTR_OBJECT_GUID.
+                // to attribute other than ATTR_USN_CHANGED, ATTR_MODIFYTIMESTAMP,ATTR_MODIFIERS_NAME and ATTR_OBJECT_GUID.
                 *nonTrivialAttrsInReplScope = TRUE;
             }
             if (ber_printf( ber, "O", &berVal ) == -1 )
@@ -1074,7 +1142,7 @@ WriteMetaDataAttribute(
 
             if (pOp->syncReqCtrl != NULL) // Replication
             {
-                retVal = IsAttrInReplScope( pOp, NULL, pAttrMetaData[i].metaData, &bSendAttrMetaData, &pszLocalErrorMsg );
+                retVal = IsAttrInReplScope( pOp, NULL, pAttrMetaData[i].metaData, 0, &bSendAttrMetaData, &pszLocalErrorMsg );
                 BAIL_ON_VMDIR_ERROR( retVal );
             }
             else
@@ -1253,7 +1321,7 @@ PrepareValueMetaDataAttribute(
                 continue;
                 //Change is originated from the requesting server. Don't send it.
             }
-            retVal = _VmDirIsUsnInScope(pOp, origInvocationId, origUsn, &usnInScope);
+            retVal = _VmDirIsUsnInScope(pOp, NULL, origInvocationId, origUsn, 0, &usnInScope);
             BAIL_ON_VMDIR_ERROR(retVal);
             if (!usnInScope)
             {
diff --git a/vmdir/server/mdb-store/Makefile.am b/vmdir/server/mdb-store/Makefile.am
index ffeb2049d..650c4b0c9 100644
--- a/vmdir/server/mdb-store/Makefile.am
+++ b/vmdir/server/mdb-store/Makefile.am
@@ -6,7 +6,7 @@
 # Author: Sanjay Jain (sanjain@vmware.com)
 #         Sriram Nambakam (snambakam@vmware.com)
 #
-#    -L$(top_srcdir)/thirdparty/openldap/libraries/libmdb
+#    -L$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libmdb
 #    -lmdb
 
 noinst_LTLIBRARIES = libmdb-store.la
@@ -26,17 +26,18 @@ libmdb_store_la_SOURCES = \
     txn.c
 
 libmdb_store_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/mdb \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/mdb \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libmdb_store_la_LDFLAGS = \
     -static \
-    $(top_builddir)/thirdparty/openldap/libraries/mdb/libvmdirmdb.la \
+    $(top_builddir)/vmdir/thirdparty/openldap/libraries/mdb/libvmdirmdb.la \
     @LW_LDFLAGS@
diff --git a/vmdir/server/mdb-store/init.c b/vmdir/server/mdb-store/init.c
index 6b638f450..953dc2407 100644
--- a/vmdir/server/mdb-store/init.c
+++ b/vmdir/server/mdb-store/init.c
@@ -103,6 +103,9 @@ VmDirMDBBEInterface (
         VMDIR_SF_INIT(.pfnBEParentIdIndexIteratorInit, VmDirMDBParentIdIndexIteratorInit),
         VMDIR_SF_INIT(.pfnBEParentIdIndexIterate, VmDirMDBParentIdIndexIterate),
         VMDIR_SF_INIT(.pfnBEParentIdIndexIteratorFree, VmDirMDBParentIdIndexIteratorFree),
+        VMDIR_SF_INIT(.pfnBEEntryBlobIteratorInit, VmDirMDBEntryBlobIteratorInit),
+        VMDIR_SF_INIT(.pfnBEEntryBlobIterate, VmDirMDBEntryBlobIterate),
+        VMDIR_SF_INIT(.pfnBEEntryBlobIteratorFree, VmDirMDBEntryBlobIteratorFree),
         VMDIR_SF_INIT(.pfnBETxnBegin, VmDirMDBTxnBegin),
         VMDIR_SF_INIT(.pfnBETxnAbort, VmDirMDBTxnAbort),
         VMDIR_SF_INIT(.pfnBETxnCommit, VmDirMDBTxnCommit),
@@ -694,7 +697,7 @@ VmDirInitDbCopyThread(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirDbCopyThread,
                 NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1078,7 +1081,7 @@ _VmDirOpenDbEnv()
     if(dwError != 0)
     {
         //Snapshot database not found, open the default database file.
-        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirOpenDbEnv: snapshot database not exist; use default databsae file.");
+        VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirOpenDbEnv: snapshot database not exist; use default database file.");
         goto open_default;
     }
 
diff --git a/vmdir/server/mdb-store/iterate.c b/vmdir/server/mdb-store/iterate.c
index ef515c658..cb19a765e 100644
--- a/vmdir/server/mdb-store/iterate.c
+++ b/vmdir/server/mdb-store/iterate.c
@@ -389,3 +389,175 @@ VmDirMDBParentIdIndexIteratorFree(
         VMDIR_SAFE_FREE_MEMORY(pIterator);
     }
 }
+
+DWORD
+VmDirMDBEntryBlobIteratorInit(
+    ENTRYID                                 EId,
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR*       ppIterator
+    )
+{
+    DWORD   dwError = 0;
+    VDIR_DB mdbDBi = 0;
+    VDIR_DB_DBT     key = {0};
+    VDIR_DB_DBT     value = {0};
+    PVDIR_DB_TXN    pTxn = NULL;
+    PVDIR_DB_DBC    pCursor = NULL;
+    unsigned char   EIdBytes[sizeof( ENTRYID )] = {0};
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR  pIterator = NULL;
+    PVDIR_MDB_ENTRYBLOB_ITERATOR      pMdbIterator = NULL;
+
+    if (!ppIterator)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_BACKEND_ENTRYBLOB_ITERATOR),
+            (PVOID*)&pIterator);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_MDB_ENTRYBLOB_ITERATOR),
+            (PVOID*)&pMdbIterator);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pIterator->pIterator = (PVOID)pMdbIterator;
+
+    mdbDBi = gVdirMdbGlobals.mdbEntryDB.pMdbDataFiles[0].mdbDBi;
+
+    dwError = mdb_txn_begin(gVdirMdbGlobals.mdbEnv, NULL, MDB_RDONLY, &pTxn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pMdbIterator->pTxn = pTxn;
+
+    dwError = mdb_cursor_open(pTxn, mdbDBi, &pCursor);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pMdbIterator->pCursor = pCursor;
+
+    // get the last record - max eid
+    dwError = mdb_cursor_get(pCursor, &key, &value, MDB_LAST);
+    if (dwError != 0)
+    {
+        pIterator->bHasNext = FALSE;
+        dwError = MDB_NOTFOUND;
+        pMdbIterator->bAbort = TRUE;
+    }
+    MDBDBTToEntryId(&key, &pIterator->maxEID);
+
+    key.mv_data = &EIdBytes[0];
+    MDBEntryIdToDBT(EId, &key);
+
+    // locate next record that is >= key
+    dwError = mdb_cursor_get(pCursor, &key, &value, MDB_SET_RANGE);
+    if (dwError == 0)
+    {
+        MDBDBTToEntryId(&key, &pMdbIterator->entryId);
+        pIterator->startEID = pMdbIterator->entryId;
+        pIterator->bHasNext = TRUE;
+    }
+    else
+    {
+        pIterator->bHasNext = FALSE;
+        dwError = dwError == MDB_NOTFOUND ? 0 : dwError;
+        pMdbIterator->bAbort = dwError ? TRUE : FALSE;
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppIterator = pIterator;
+
+cleanup:
+
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError );
+
+    VmDirMDBEntryBlobIteratorFree(pIterator);
+    goto cleanup;
+}
+
+DWORD
+VmDirMDBEntryBlobIterate(
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR    pIterator,
+    ENTRYID*                            pEntryId
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_MDB_ENTRYBLOB_ITERATOR  pMdbIterator = NULL;
+    PVDIR_DB_DBC    pCursor = NULL;
+    VDIR_DB_DBT     key = {0};
+    VDIR_DB_DBT     value = {0};
+
+    if (!pIterator || !pEntryId)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    pMdbIterator = (PVDIR_MDB_ENTRYBLOB_ITERATOR)pIterator->pIterator;
+
+    pCursor = pMdbIterator->pCursor;
+    if (pIterator->bHasNext)
+    {
+        *pEntryId = pMdbIterator->entryId;
+
+        dwError = mdb_cursor_get(pCursor, &key, &value, MDB_NEXT);
+        MDBDBTToEntryId(&key, &pMdbIterator->entryId);
+
+        if (dwError == 0)
+        {
+            pIterator->bHasNext = TRUE;
+        }
+        else
+        {
+            pIterator->bHasNext = FALSE;
+            dwError = dwError == MDB_NOTFOUND ? 0 : dwError;
+            pMdbIterator->bAbort = dwError ? TRUE : FALSE;
+        }
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError );
+
+    goto cleanup;
+}
+
+VOID
+VmDirMDBEntryBlobIteratorFree(
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR  pIterator
+    )
+{
+    PVDIR_MDB_ENTRYBLOB_ITERATOR  pMdbIterator = NULL;
+
+    if (pIterator)
+    {
+        pMdbIterator = (PVDIR_MDB_ENTRYBLOB_ITERATOR)pIterator->pIterator;
+        if (pMdbIterator)
+        {
+            if (pMdbIterator->pCursor)
+            {
+                mdb_cursor_close(pMdbIterator->pCursor);
+            }
+            if (pMdbIterator->pTxn)
+            {
+                if (pMdbIterator->bAbort)
+                {
+                    mdb_txn_abort(pMdbIterator->pTxn);
+                }
+                else
+                {
+                    mdb_txn_commit(pMdbIterator->pTxn);
+                }
+            }
+            VMDIR_SAFE_FREE_MEMORY(pMdbIterator);
+        }
+        VMDIR_SAFE_FREE_MEMORY(pIterator);
+    }
+}
diff --git a/vmdir/server/mdb-store/structs.h b/vmdir/server/mdb-store/structs.h
index 03fd18db6..79ef3e715 100644
--- a/vmdir/server/mdb-store/structs.h
+++ b/vmdir/server/mdb-store/structs.h
@@ -67,6 +67,15 @@ typedef struct _VDIR_MDB_PARENT_ID_INDEX_ITERATOR
 
 } VDIR_MDB_PARENT_ID_INDEX_ITERATOR, *PVDIR_MDB_PARENT_ID_INDEX_ITERATOR;
 
+typedef struct _VDIR_MDB_ENTRYBLOB_ITERATOR
+{
+    PVDIR_DB_TXN    pTxn;
+    PVDIR_DB_DBC    pCursor;
+    ENTRYID         entryId;
+    BOOLEAN         bAbort;
+
+} VDIR_MDB_ENTRYBLOB_ITERATOR, *PVDIR_MDB_ENTRYBLOB_ITERATOR;
+
 typedef struct _VDIR_MDB_GLOBALS
 {
     // NOTE: order of fields MUST stay in sync with struct initializer...
diff --git a/vmdir/server/middle-layer/Makefile.am b/vmdir/server/middle-layer/Makefile.am
index 7b1fd5dd4..6b3d65abd 100644
--- a/vmdir/server/middle-layer/Makefile.am
+++ b/vmdir/server/middle-layer/Makefile.am
@@ -33,12 +33,13 @@ libmiddle_layer_la_SOURCES = \
     libmain.c
 
 libmiddle_layer_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
diff --git a/vmdir/server/middle-layer/add.c b/vmdir/server/middle-layer/add.c
index f6bcd53c7..1e348c90c 100644
--- a/vmdir/server/middle-layer/add.c
+++ b/vmdir/server/middle-layer/add.c
@@ -101,6 +101,13 @@ VmDirInternalAddEntry(
         BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Server in read-only mode");
     }
 
+    // make sure we have minimum DN length
+    if (pEntry->dn.lberbv_len < 3)
+    {
+        retVal = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Invalid DN length - (%u)", pEntry->dn.lberbv_len);
+    }
+
     // Make sure Attribute has its ATDesc set
     retVal = VmDirSchemaCheckSetAttrDesc(pEntry->pSchemaCtx, pEntry);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "%s",
diff --git a/vmdir/server/middle-layer/bind.c b/vmdir/server/middle-layer/bind.c
index 064287103..801bdd81e 100644
--- a/vmdir/server/middle-layer/bind.c
+++ b/vmdir/server/middle-layer/bind.c
@@ -117,8 +117,8 @@ VmDirMLBind(
             {
                 // install sasl encode/decode sockbuf i/o
                 pOperation->ldapResult.errCode = VmDirSASLSockbufInstall(
-                                                    pOperation->conn->sb,
-                                                    pOperation->conn->pSaslInfo);
+                        pOperation->conn->sb,
+                        pOperation->conn->pSaslInfo);
                 // do not bail in cleanup section.  we return ldapResult.errCode directly.
             }
 
@@ -187,7 +187,7 @@ VmDirInternalBindEntry(
     if (deadLockRetries > MAX_DEADLOCK_RETRIES)
     {
         retVal = VMDIR_ERROR_LOCK_DEADLOCK;
-        BAIL_ON_VMDIR_ERROR( retVal );
+        BAIL_ON_VMDIR_ERROR(retVal);
     }
     else
     {
@@ -234,10 +234,10 @@ VmDirInternalBindEntry(
     // transaction retry loop end.
     // ************************************************************************************
 
-    retVal = _VmDirBindSetupAccessInfo( &pOperation->conn->AccessInfo, pEntry );
-    BAIL_ON_VMDIR_ERROR(retVal );
+    retVal = _VmDirBindSetupAccessInfo(&pOperation->conn->AccessInfo, pEntry);
+    BAIL_ON_VMDIR_ERROR(retVal);
 
-    retVal = _VmDirBindHandleFailedPassword( pOperation, pEntry );
+    retVal = _VmDirBindHandleFailedPassword(pOperation, pEntry);
     BAIL_ON_VMDIR_ERROR(retVal);
 
     // deny access if login is blocked.
diff --git a/vmdir/server/middle-layer/computedattribute.c b/vmdir/server/middle-layer/computedattribute.c
index 347cb47be..2381fba11 100644
--- a/vmdir/server/middle-layer/computedattribute.c
+++ b/vmdir/server/middle-layer/computedattribute.c
@@ -171,7 +171,7 @@ _VmDirBuildHighestCommittedUSNfAttribute(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(    &pszLocalUSN,
-                                            "%ld",
+                                            "%" PRId64,
                                             highestCommittedUSN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -284,7 +284,7 @@ _VmDirBuildEIDAttribute(
     dwError = VmDirAttributeAllocate( ATTR_EID_SEQUENCE_NUMBER, 1, pOperation->pSchemaCtx, &pEIDAttr );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringPrintf( &pszLocalEID,  "%u",  pEntry->eId);
+    dwError = VmDirAllocateStringPrintf( &pszLocalEID,  "%llu",  pEntry->eId);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     pEIDAttr->vals[0].lberbv_val = pszLocalEID;
diff --git a/vmdir/server/middle-layer/delete.c b/vmdir/server/middle-layer/delete.c
index 9a51e3a87..8336805b5 100644
--- a/vmdir/server/middle-layer/delete.c
+++ b/vmdir/server/middle-layer/delete.c
@@ -98,6 +98,13 @@ VmDirInternalDeleteEntry(
         BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Server in read-only mode" );
     }
 
+    // make sure we have minimum DN length
+    if (delReq->dn.lberbv_len < 3)
+    {
+        retVal = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Invalid DN length - (%u)", delReq->dn.lberbv_len);
+    }
+
     // Normalize DN
     retVal = VmDirNormalizeDN( &(delReq->dn), pOperation->pSchemaCtx );
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "DN normalization failed - (%u)(%s)",
@@ -230,15 +237,15 @@ VmDirInternalDeleteEntry(
             retVal = VmDirSrvAccessCheck(
                         pOperation,
                         &pOperation->conn->AccessInfo,
-                        pEntry,
+                        pEntry->pParentEntry,
                         VMDIR_RIGHT_DS_DELETE_CHILD);
         }
         BAIL_ON_VMDIR_ERROR_WITH_MSG(
-            retVal,
-            pszLocalErrMsg,
-            "VmDirSrvAccessCheck failed - (%u)(%s)",
-            retVal,
-            VMDIR_ACCESS_DENIED_ERROR_MSG);
+                retVal,
+                pszLocalErrMsg,
+                "VmDirSrvAccessCheck failed - (%u)(%s)",
+                retVal,
+                VMDIR_ACCESS_DENIED_ERROR_MSG);
 
         // age off tombstone entry?
         if  (pEntry->pParentEntry &&
@@ -517,17 +524,19 @@ GenerateDeleteAttrsMods(
     VDIR_BERVALUE       deletedObjDN = VDIR_BERVALUE_INIT;
     ModifyReq *         modReq = &(pOperation->request.modifyReq);
 
-    for ( attr = pEntry->attrs; attr != NULL; attr = attr->next )
+    for (attr = pEntry->attrs; attr != NULL; attr = attr->next)
     {
         // Retain the following kind of attributes
         if (attr->pATDesc->usage != VDIR_LDAP_USER_APPLICATIONS_ATTRIBUTE ||
-            VmDirStringCompareA( attr->type.lberbv.bv_val, ATTR_OBJECT_CLASS, FALSE ) == 0 ||
-            VmDirStringCompareA( attr->type.lberbv.bv_val, ATTR_OBJECT_SECURITY_DESCRIPTOR, FALSE ) == 0)
+            VmDirStringCompareA(attr->type.lberbv.bv_val, ATTR_OBJECT_CLASS, FALSE ) == 0 ||
+            VmDirStringCompareA(attr->type.lberbv.bv_val, ATTR_OBJECT_SECURITY_DESCRIPTOR, FALSE ) == 0)
         {
             continue;
         }
-        retVal = VmDirAllocateMemory( sizeof( VDIR_MODIFICATION ), (PVOID *)&(delMod) );
-        BAIL_ON_VMDIR_ERROR( retVal );
+
+        retVal = VmDirAllocateMemory(
+                sizeof(VDIR_MODIFICATION), (PVOID*)&delMod);
+        BAIL_ON_VMDIR_ERROR(retVal);
 
         delMod->operation = MOD_OP_DELETE;
 
@@ -544,23 +553,31 @@ GenerateDeleteAttrsMods(
 
     // Add mod to set new DN.
     objectGuidAttr = VmDirEntryFindAttribute(ATTR_OBJECT_GUID, pEntry);
-    assert( objectGuidAttr );
-
-    retVal = constructDeletedObjDN( &pOperation->request.deleteReq.dn, objectGuidAttr->vals[0].lberbv.bv_val, &deletedObjDN );
-    BAIL_ON_VMDIR_ERROR( retVal );
-
-    retVal = VmDirAppendAMod( pOperation, MOD_OP_REPLACE, ATTR_DN, ATTR_DN_LEN,
-                               deletedObjDN.lberbv.bv_val, deletedObjDN.lberbv.bv_len );
-    BAIL_ON_VMDIR_ERROR( retVal );
+    assert(objectGuidAttr);
+
+    retVal = constructDeletedObjDN(
+            &pOperation->request.deleteReq.dn,
+            objectGuidAttr->vals[0].lberbv.bv_val,
+            &deletedObjDN);
+    BAIL_ON_VMDIR_ERROR(retVal);
+
+    retVal = VmDirAppendAMod(
+            pOperation,
+            MOD_OP_REPLACE,
+            ATTR_DN,
+            ATTR_DN_LEN,
+            deletedObjDN.lberbv.bv_val,
+            deletedObjDN.lberbv.bv_len);
+    BAIL_ON_VMDIR_ERROR(retVal);
 
 cleanup:
-    VmDirFreeMemory( deletedObjDN.lberbv.bv_val );
-
+    VmDirFreeMemory(deletedObjDN.lberbv.bv_val);
     return retVal;
 
 error:
     goto cleanup;
 }
+
 static
 BOOLEAN
 _VmDirIsDeletedContainer(
diff --git a/vmdir/server/middle-layer/group.c b/vmdir/server/middle-layer/group.c
index 5482eac15..32823261a 100644
--- a/vmdir/server/middle-layer/group.c
+++ b/vmdir/server/middle-layer/group.c
@@ -148,6 +148,17 @@ VmDirPluginGroupTypePreModify(
     goto cleanup;
 }
 
+//
+// Before an entry is deleted we remove it from any groups that it's a member
+// of. Note that this is called for all objects, not just security principals.
+//
+// Removing a user from a certain group requires the WP privilege while
+// deleting a user requires SD/DC. As such, it's possible for the caller to be
+// able to delete the object without having sufficient permission to remove it
+// from individual groups. So we verify that the user has permission to delete
+// the object, first. If so, then we remove it from groups as an internal
+// operation (so no access checking is performed).
+//
 DWORD
 VmDirPluginGroupMemberPreModApplyDelete(
     PVDIR_OPERATION  pOperation,
@@ -155,15 +166,47 @@ VmDirPluginGroupMemberPreModApplyDelete(
     DWORD            dwPriorResult
     )
 {
-    DWORD   dwError = 0;
-    DWORD   i = 0;
-    PVDIR_BERVALUE  pMemberDN = NULL;
-    PVDIR_BERVALUE  pGroupDN = NULL;
-    PVDIR_OPERATION pGroupOp = NULL;
-    VDIR_ENTRY_ARRAY    entryArray = {0};
+    DWORD dwError = 0;
+    DWORD i = 0;
+    BOOLEAN bHasParent = FALSE;
+    PVDIR_BERVALUE pMemberDN = NULL;
+    VDIR_BERVALUE bvParentDN = VDIR_BERVALUE_INIT;
+    PVDIR_BERVALUE pGroupDN = NULL;
+    VDIR_OPERATION groupOp = {0};
+    PVDIR_ENTRY pTargetEntry = NULL;
+    VDIR_ENTRY_ARRAY entryArray = {0};
 
     pMemberDN = &pOperation->request.deleteReq.dn;
 
+    dwError = VmDirSimpleDNToEntry(pMemberDN->lberbv.bv_val, &pTargetEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetParentDN(pMemberDN, &bvParentDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    bHasParent = bvParentDN.lberbv.bv_len > 0;
+
+    dwError = VmDirSrvAccessCheck(
+                    pOperation,
+                    &pOperation->conn->AccessInfo,
+                    pTargetEntry,
+                    VMDIR_RIGHT_DS_DELETE_OBJECT);
+    if (dwError && bHasParent)
+    {
+        VmDirFreeEntry(pTargetEntry);
+        pTargetEntry = NULL;
+
+        dwError = VmDirSimpleDNToEntry(bvParentDN.lberbv.bv_val, &pTargetEntry);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirSrvAccessCheck(
+                    pOperation,
+                    &pOperation->conn->AccessInfo,
+                    pTargetEntry,
+                    VMDIR_RIGHT_DS_DELETE_CHILD);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     // look up groups by searching "(member=dn)"
     dwError = VmDirSimpleEqualFilterInternalSearch(
             "",
@@ -176,19 +219,20 @@ VmDirPluginGroupMemberPreModApplyDelete(
     // delete the member from groups
     for (i = 0; i < entryArray.iSize; i++)
     {
-        VmDirFreeOperation(pGroupOp);
-        pGroupOp = NULL;
+        pGroupDN = &entryArray.pEntry[i].dn;
 
-        dwError = VmDirExternalOperationCreate(
-                NULL, -1, LDAP_REQ_MODIFY, pOperation->conn, &pGroupOp);
+        VmDirFreeOperationContent(&groupOp);
+        dwError = VmDirInitStackOperation(&groupOp,
+                VDIR_OPERATION_TYPE_INTERNAL,
+                LDAP_REQ_MODIFY,
+                NULL);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        pGroupDN = &entryArray.pEntry[i].dn;
-        pGroupOp->reqDn.lberbv = pGroupDN->lberbv;
-        pGroupOp->request.modifyReq.dn.lberbv = pGroupDN->lberbv;
+        groupOp.pBEIF = VmDirBackendSelect(NULL);
+        groupOp.reqDn.lberbv = pGroupDN->lberbv;
+        groupOp.request.modifyReq.dn.lberbv = pGroupDN->lberbv;
 
-        dwError = VmDirAppendAMod(
-                pGroupOp,
+        dwError = VmDirAppendAMod(&groupOp,
                 MOD_OP_DELETE,
                 ATTR_MEMBER,
                 ATTR_MEMBER_LEN,
@@ -196,7 +240,7 @@ VmDirPluginGroupMemberPreModApplyDelete(
                 pMemberDN->lberbv.bv_len);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirMLModify(pGroupOp);
+        dwError = VmDirInternalModifyEntry(&groupOp);
         // Handle possible conflicts gracefully:
         // - The member is already removed from group since search
         // - The group entry is deleted since search
@@ -209,8 +253,10 @@ VmDirPluginGroupMemberPreModApplyDelete(
     }
 
 cleanup:
+    VmDirFreeEntry(pTargetEntry);
     VmDirFreeEntryArrayContent(&entryArray);
-    VmDirFreeOperation(pGroupOp);
+    VmDirFreeOperationContent(&groupOp);
+    VmDirFreeBervalContent(&bvParentDN);
     return dwError;
 
 error:
diff --git a/vmdir/server/middle-layer/modify.c b/vmdir/server/middle-layer/modify.c
index 656037eff..dddfacba8 100644
--- a/vmdir/server/middle-layer/modify.c
+++ b/vmdir/server/middle-layer/modify.c
@@ -271,6 +271,13 @@ VmDirInternalModifyEntry(
 
     modReq = &(pOperation->request.modifyReq);
 
+    // make sure we have minimum DN length
+    if (modReq->dn.lberbv_len < 3)
+    {
+        retVal = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "Invalid DN length - (%u)", modReq->dn.lberbv_len);
+    }
+
     // Normalize DN
     retVal = VmDirNormalizeDN( &(modReq->dn), pOperation->pSchemaCtx);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "DN normalization failed - (%u)(%s)",
@@ -775,7 +782,6 @@ VmDirApplyModsToEntryStruct(
         }
     }
 
-
 cleanup:
 
     if (ppszErrorMsg)
@@ -966,7 +972,6 @@ VmDirGenerateModsNewMetaData(
  * 1. Normalize attribute values present in the modifications list.
  * 2. Make sure no duplicate value
  */
-
 int
 VmDirNormalizeMods(
     PVDIR_SCHEMA_CTX    pSchemaCtx,
@@ -1189,12 +1194,12 @@ CheckIfAnAttrValAlreadyExists(
     )
 {
     int retVal = LDAP_SUCCESS;
-    int i = 0;
-    int j = 0;
-    int numVals = modAttr->numVals;
+    unsigned int i = 0;
+    unsigned int j = 0;
+    unsigned int numVals = modAttr->numVals;
     PSTR    pszLocalErrorMsg = NULL;
 
-    for (i=0; i < (int)eAttr->numVals; i++)
+    for (i=0; i < eAttr->numVals; i++)
     {
         retVal = VmDirSchemaBervalNormalize( pSchemaCtx, modAttr->pATDesc, // Assumption: modAttr type is same as eAttr type
                                               &eAttr->vals[i]) ;
@@ -1204,7 +1209,7 @@ CheckIfAnAttrValAlreadyExists(
                                 VMDIR_MIN(eAttr->vals[i].lberbv.bv_len, VMDIR_MAX_LOG_OUTPUT_LEN),
                                 VDIR_SAFE_STRING(eAttr->vals[i].lberbv.bv_val));
 
-        for (j = 0; j < (int)modAttr->numVals; j++)
+        for (j = 0; j < modAttr->numVals; j++)
         {
             // modAttr values are already normalized.
             assert( modAttr->vals[j].bvnorm_val );
@@ -1242,7 +1247,7 @@ CheckIfAnAttrValAlreadyExists(
         }
     }
 
-    if (numVals < (int)modAttr->numVals)
+    if (numVals < modAttr->numVals)
     {
          VDIR_BERVALUE * vals = modAttr->vals;
          int modAttrNumVals = modAttr->numVals;
diff --git a/vmdir/server/middle-layer/plugin.c b/vmdir/server/middle-layer/plugin.c
index f5848f354..bb22b9b93 100644
--- a/vmdir/server/middle-layer/plugin.c
+++ b/vmdir/server/middle-layer/plugin.c
@@ -919,7 +919,7 @@ _VmDirPluginDflValidatePreModify(
 
                     if (pAttrMaxDfl)
                     {
-                        dwMaxDfl = atoi(BERVAL_NORM_VAL(pAttrVer->vals[0]));
+                        dwMaxDfl = atoi(BERVAL_NORM_VAL(pAttrMaxDfl->vals[0]));
                     }
                     else if (pAttrVer)
                     {
@@ -1129,13 +1129,12 @@ _VmDirPluginPasswordHashPreAdd(
     goto cleanup;
 }
 
-
 /*
-* Only users and groups ("security principals") require a real SID. Domain
-* objects need the domain-specific SID we store there (to construct SIDs for
-* real security principals). Rather than hard-code the classes that get a
-* SID here we just let the schema definition drive the logic.
-*/
+ * Only users and groups ("security principals") require a real SID. Domain
+ * objects need the domain-specific SID we store there (to construct SIDs for
+ * real security principals). Rather than hard-code the classes that get a
+ * SID here we just let the schema definition drive the logic.
+ */
 DWORD
 _VmDirNeedsSid(
     PVDIR_ENTRY pEntry,
@@ -1286,7 +1285,7 @@ _VmDirPluginAddOpAttrsPreAdd(
     dwError = pOperation->pBEIF->pfnBEGetNextUSN( pOperation->pBECtx, &usn );
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    VmDirStringNPrintFA( usnStr, sizeof(usnStr), sizeof(usnStr) - 1, "%ld", usn);
+    VmDirStringNPrintFA( usnStr, sizeof(usnStr), sizeof(usnStr) - 1, "%" PRId64, usn);
 
     // Append usnCreated attribute
     pszErrorContext = "Add USN create attribute";
@@ -1677,7 +1676,7 @@ _VmDirPluginReplaceOpAttrsPreModApplyModify(
     dwError = pOperation->pBEIF->pfnBEGetNextUSN( pOperation->pBECtx, &usn );
     BAIL_ON_VMDIR_ERROR( dwError );
 
-    VmDirStringNPrintFA( usnStr, sizeof(usnStr), sizeof(usnStr) - 1, "%ld", usn);
+    VmDirStringNPrintFA( usnStr, sizeof(usnStr), sizeof(usnStr) - 1, "%" PRId64, usn);
 
     pszErrorContext = "Replace USN change attribute";
     dwError = VmDirAppendAMod( pOperation, MOD_OP_REPLACE, ATTR_USN_CHANGED, ATTR_USN_CHANGED_LEN, usnStr, VmDirStringLenA( usnStr ) );
@@ -1833,26 +1832,37 @@ _VmDirPluginDflUpdatePostModifyCommit(
     PVDIR_ENTRY      pEntry,
     DWORD            dwPriorResult)
 {
-    PVDIR_ATTRIBUTE  pAttr = NULL;
-    DWORD dwDfl = 0;
+    PVDIR_MODIFICATION  pMod = NULL;
 
     // check if domain object
     if (gVmdirServerGlobals.systemDomainDN.bvnorm_val &&
-        VmDirStringCompareA(BERVAL_NORM_VAL(pEntry->dn),
-                            gVmdirServerGlobals.systemDomainDN.bvnorm_val,
-                            FALSE) == 0)
+        VmDirStringCompareA(
+                BERVAL_NORM_VAL(pEntry->dn),
+                gVmdirServerGlobals.systemDomainDN.bvnorm_val,
+                FALSE) == 0)
     {
-        // Search for vmwDomainFunctionalLevel attr
-        pAttr = VmDirFindAttrByName(pEntry, ATTR_DOMAIN_FUNCTIONAL_LEVEL);
-
-        if (pAttr)
+        // search for vmwDomainFunctionalLevel mod
+        pMod = pOperation->request.modifyReq.mods;
+        while (pMod)
         {
-            dwDfl = atoi(BERVAL_NORM_VAL(pAttr->vals[0]));
+            if (pMod->operation == MOD_OP_ADD &&
+                VmDirStringCompareA(
+                        BERVAL_NORM_VAL(pMod->attr.type),
+                        ATTR_DOMAIN_FUNCTIONAL_LEVEL,
+                        FALSE) == 0)
+            {
+                gVmdirServerGlobals.dwDomainFunctionalLevel =
+                        atoi(BERVAL_NORM_VAL(pMod->attr.vals[0]));
 
-            gVmdirServerGlobals.dwDomainFunctionalLevel = dwDfl;
+                VMDIR_LOG_INFO(
+                        VMDIR_LOG_MASK_ALL,
+                        "Domain Functional Level cache changed to (%d)",
+                        gVmdirServerGlobals.dwDomainFunctionalLevel);
 
-            VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Domain Functional Level cache changed to (%d)",
-                            gVmdirServerGlobals.dwDomainFunctionalLevel);
+                break;
+            }
+
+            pMod = pMod->next;
         }
     }
 
@@ -2355,12 +2365,12 @@ _VmDirPluginVerifyAclAccess(
             BAIL_ON_VMDIR_ERROR(dwError);
         }
 
-         //
-         // In general a caller can modify an entry if they have
-         // VMDIR_RIGHT_DS_WRITEPROP access. However, the entry's security
-         // descriptor is special-cased and requires a separate permission
-         // (VMDIR_ENTRY_WRITE_ACL). This is the same behavior as AD.
-         //
+        //
+        // In general a caller can modify an entry if they have
+        // VMDIR_RIGHT_DS_WRITEPROP access. However, the entry's security
+        // descriptor is special-cased and requires a separate permission
+        // (VMDIR_ENTRY_WRITE_ACL). This is the same behavior as AD.
+        //
         if (VmDirStringCompareA(pMod->attr.type.lberbv.bv_val, ATTR_ACL_STRING, FALSE) == 0 ||
             VmDirStringCompareA(pMod->attr.type.lberbv.bv_val, ATTR_OBJECT_SECURITY_DESCRIPTOR, FALSE) == 0)
         {
@@ -2375,6 +2385,7 @@ _VmDirPluginVerifyAclAccess(
 cleanup:
     VmDirFreeEntry(pCurrentEntry);
     return dwPriorResult ? dwPriorResult : dwError;
+
 error:
     VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirPluginVerifyAclAccess failed with error %d", dwError);
     goto cleanup;
diff --git a/vmdir/server/middle-layer/prototypes.h b/vmdir/server/middle-layer/prototypes.h
index d34f25e4c..967147637 100644
--- a/vmdir/server/middle-layer/prototypes.h
+++ b/vmdir/server/middle-layer/prototypes.h
@@ -376,4 +376,10 @@ VmDirIsSearchForSchemaReplStatus(
     PBOOLEAN            pbRefresh
     );
 
+BOOLEAN
+VmDirIsSearchForIntegrityCheckStatus(
+    PVDIR_OPERATION                     pOp,
+    PVMDIR_INTEGRITY_CHECK_JOB_STATE    pState
+    );
+
 #endif
diff --git a/vmdir/server/middle-layer/pscache.c b/vmdir/server/middle-layer/pscache.c
index 8a3622b98..ac9cee2ab 100644
--- a/vmdir/server/middle-layer/pscache.c
+++ b/vmdir/server/middle-layer/pscache.c
@@ -131,7 +131,7 @@ VmDirPagedSearchCreateThread(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirPagedSearchWorkerThread,
                 pSearchRecord);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -633,6 +633,8 @@ _VmDirPagedSearchWorkerThread(
     PVDIR_PAGED_SEARCH_ENTRY_LIST pEntryIdList = NULL;
     VDIR_OPERATION searchOp = {0};
 
+    VmDirDropThreadPriority(DEFAULT_THREAD_PRIORITY_DELTA);
+
     dwError = VmDirInitStackOperation(
                 &searchOp,
                 VDIR_OPERATION_TYPE_INTERNAL,
diff --git a/vmdir/server/middle-layer/search.c b/vmdir/server/middle-layer/search.c
index b064ce329..c0bda6679 100644
--- a/vmdir/server/middle-layer/search.c
+++ b/vmdir/server/middle-layer/search.c
@@ -16,6 +16,12 @@
 
 #include "includes.h"
 
+static
+VOID
+ComputeRequiredAccess(
+    SearchReq*  pSearchReq
+    );
+
 static
 int
 BuildCandidateList(
@@ -49,7 +55,7 @@ VmDirMLSearch(
     pOperation->pBEIF = VmDirBackendSelect(pOperation->reqDn.lberbv.bv_val);
     assert(pOperation->pBEIF);
 
-    retVal = VmDirInternalSearch( pOperation);
+    retVal = VmDirInternalSearch(pOperation);
     BAIL_ON_VMDIR_ERROR(retVal);
 
 cleanup:
@@ -169,19 +175,22 @@ VmDirInternalSearch(
     PVDIR_OPERATION pOperation
     )
 {
-    int        retVal = LDAP_SUCCESS;
-    ENTRYID    eId = 0;
-    int        deadLockRetries = 0;
-    BOOLEAN    bHasTxn = FALSE;
-    PSTR       pszLocalErrMsg = NULL;
-    PVDIR_LDAP_RESULT  pResult = &(pOperation->ldapResult);
-    ENTRYID eStartingId = 0;
-    ENTRYID *pValidatedEntries = NULL;
-    DWORD dwEntryCount = 0;
+    int     retVal = LDAP_SUCCESS;
+    int     deadLockRetries = 0;
+    DWORD   dwEntryCount = 0;
+    BOOLEAN bHasTxn = FALSE;
     BOOLEAN bUseOldSearch = TRUE;
+    PSTR    pszLocalErrMsg = NULL;
+    ENTRYID     eId = 0;
+    ENTRYID     eStartingId = 0;
+    ENTRYID*    pValidatedEntries = NULL;
+    PVDIR_LDAP_RESULT   pResult = &(pOperation->ldapResult);
 
     assert(pOperation && pOperation->pBEIF);
 
+    // compute required access for this search
+    ComputeRequiredAccess(&pOperation->request.searchReq);
+
     // Normalize (base) DN
     retVal = VmDirNormalizeDN( &(pOperation->reqDn), pOperation->pSchemaCtx );
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, pszLocalErrMsg, "DN normalization failed - (%u)(%s)",
@@ -189,7 +198,7 @@ VmDirInternalSearch(
 
     if (VmDirHandleSpecialSearch( pOperation, pResult )) // TODO, add &pszLocalErrMsg
     {
-        retVal = pResult->errCode;
+        retVal = pResult->errCode ? pResult->errCode : pResult->vmdirErrCode;
         BAIL_ON_VMDIR_ERROR_WITH_MSG(retVal, pszLocalErrMsg, "Special search failed - (%u)", retVal);
 
         goto cleanup;  // done special search
@@ -641,6 +650,48 @@ VmDirIsDirectMemberOf(
     goto cleanup;
 }
 
+static
+VOID
+ComputeRequiredAccess(
+    SearchReq*  pSearchReq
+    )
+{
+    DWORD   i = 0, j = 0;
+    BOOLEAN bSDAttr = FALSE;
+    PSTR    pszAttr = NULL;
+
+    PCSTR   pszSDAttrs[] = { ATTR_OBJECT_SECURITY_DESCRIPTOR, ATTR_ACL_STRING };
+
+    pSearchReq->accessRequired = VMDIR_RIGHT_DS_READ_PROP;
+
+    for (i = 0; pSearchReq->attrs && pSearchReq->attrs[i].lberbv.bv_val; i++)
+    {
+        bSDAttr = FALSE;
+        pszAttr = pSearchReq->attrs[i].lberbv.bv_val;
+
+        for (j = 0; j < VMDIR_ARRAY_SIZE(pszSDAttrs); j++)
+        {
+            if (VmDirStringCompareA(pszAttr, pszSDAttrs[j], FALSE) == 0)
+            {
+                bSDAttr = TRUE;
+                break;
+            }
+        }
+
+        if (bSDAttr)
+        {
+            // SD attributes require only READ_CONTROL
+            pSearchReq->accessRequired = VMDIR_ENTRY_READ_ACL;
+        }
+        else
+        {
+            // any other attributes require READ_PROP
+            pSearchReq->accessRequired = VMDIR_RIGHT_DS_READ_PROP;
+            break;  // no need to continue
+        }
+    }
+}
+
 static
 DWORD
 _GetFilterCandidateLabel(
@@ -1002,7 +1053,7 @@ SetPagedSearchCookie(
         dwError = VmDirStringPrintFA(
                     pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie,
                     VMDIR_ARRAY_SIZE(pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie),
-                    "%u",
+                    "%llu",
                     eId);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
@@ -1050,10 +1101,13 @@ ProcessCandidateList(
             pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.pageSize < (DWORD)pOperation->request.searchReq.sizeLimit))
     {
         VmDirLog( LDAP_DEBUG_TRACE, "showPagedResultsCtrl applies to this query." );
+
         bPageResultsCtrl = TRUE;
         dwPageSize = pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.pageSize;
-        lastEID = atoi(pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie);
+        lastEID = atoll(pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie);
         pOperation->showPagedResultsCtrl->value.pagedResultCtrlVal.cookie[0] = '\0';
+
+        VmDirSortCandidateList(cl);  // sort candidate list if not yet sorted
     }
 
     if (cl && cl->size > 0)
@@ -1077,13 +1131,9 @@ ProcessCandidateList(
         {
             if (!gVmdirGlobals.bPagedSearchReadAhead)
             {
-                //skip entries we sent before
-                if (bPageResultsCtrl && lastEID > 0)
+                //skip entries we sent before in sorted cl->eIds.
+                if (bPageResultsCtrl && cl->eIds[i] <= lastEID)
                 {
-                    if (cl->eIds[i] == lastEID)
-                    {
-                        lastEID = 0;
-                    }
                     continue;
                 }
             }
@@ -1110,30 +1160,54 @@ ProcessCandidateList(
 
             if (CheckIfEntryPassesFilter(pOperation, pSrEntry, pOperation->request.searchReq.filter) == FILTER_RES_TRUE)
             {
+                BOOLEAN bSendEntry = TRUE;
+                CHAR    sha1Digest[SHA_DIGEST_LENGTH] = {0};
+
                 retVal = VmDirBuildComputedAttribute( pOperation, pSrEntry );
                 BAIL_ON_VMDIR_ERROR( retVal );
 
-                retVal = VmDirSendSearchEntry( pOperation, pSrEntry );
-                if (retVal == VMDIR_ERROR_INSUFFICIENT_ACCESS)
+                if (pOperation->digestCtrl)
                 {
-                    VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL,
-                            "Access deny on search entry result [%s,%d] (bindedDN-%s) (targetDn-%s)\n",
-                            __FILE__,
-                            __LINE__,
-                            pOperation->conn->AccessInfo.pszBindedDn,
-                            pSrEntry->dn.lberbv.bv_val);
-                    // make sure search continues
-                    retVal = 0;
+                    retVal = VmDirEntrySHA1Digest(pSrEntry, sha1Digest);
+                    BAIL_ON_VMDIR_ERROR(retVal);
+
+                    if (memcmp(sha1Digest, pOperation->digestCtrl->value.digestCtrlVal.sha1Digest, SHA_DIGEST_LENGTH) == 0)
+                    {
+                        bSendEntry = FALSE;
+                        VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL,"%s digest match %s",
+                                           __FUNCTION__, pSrEntry->dn.lberbv.bv_val);
+                    }
+                    else
+                    {
+                        VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL,"%s digest mismatch %s",
+                                           __FUNCTION__, pSrEntry->dn.lberbv.bv_val);
+                    }
                 }
-                BAIL_ON_VMDIR_ERROR( retVal );
 
-                if (pSrEntry->bSearchEntrySent)
+                if (bSendEntry)
                 {
-                    numSentEntries++;
-                    if (bInternalSearch || bStoreRsltInMem)
+                    retVal = VmDirSendSearchEntry( pOperation, pSrEntry );
+                    if (retVal == VMDIR_ERROR_INSUFFICIENT_ACCESS)
+                    {
+                        VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL,
+                                "Access deny on search entry result [%s,%d] (bindedDN-%s) (targetDn-%s)\n",
+                                __FILE__,
+                                __LINE__,
+                                pOperation->conn->AccessInfo.pszBindedDn,
+                                pSrEntry->dn.lberbv.bv_val);
+                        // make sure search continues
+                        retVal = 0;
+                    }
+                    BAIL_ON_VMDIR_ERROR( retVal );
+
+                    if (pSrEntry->bSearchEntrySent)
                     {
-                        pOperation->internalSearchEntryArray.iSize++;
-                        pSrEntry = NULL;    // EntryArray takes over *pSrEntry content
+                        numSentEntries++;
+                        if (bInternalSearch || bStoreRsltInMem)
+                        {
+                            pOperation->internalSearchEntryArray.iSize++;
+                            pSrEntry = NULL;    // EntryArray takes over *pSrEntry content
+                        }
                     }
                 }
             }
diff --git a/vmdir/server/middle-layer/specialsearch.c b/vmdir/server/middle-layer/specialsearch.c
index c895e3a5d..e1f8d768c 100644
--- a/vmdir/server/middle-layer/specialsearch.c
+++ b/vmdir/server/middle-layer/specialsearch.c
@@ -30,11 +30,11 @@ VmDirHandleSpecialSearch(
 {
     DWORD   dwError = 0;
     size_t  i = 0;
-    BOOLEAN bRetVal = FALSE;
     BOOLEAN bHasTxn = FALSE;
     BOOLEAN bRefresh = FALSE;
     PVDIR_ENTRY_ARRAY   pEntryArray = NULL;
     VDIR_SPECIAL_SEARCH_ENTRY_TYPE entryType = REGULAR_SEARCH_ENTRY_TYPE;
+    VMDIR_INTEGRITY_CHECK_JOB_STATE integrityCheckStat = INTEGRITY_CHECK_JOB_NONE;
 
     static PCSTR pszEntryType[] =
     {
@@ -42,7 +42,8 @@ VmDirHandleSpecialSearch(
             "Schema Entry",
             "Server Status",
             "Replication Status",
-            "Schema Repl Status"
+            "Schema Repl Status",
+            "Integrity Check Status"
     };
 
     if ( !pOp || !pLdapResult )
@@ -116,10 +117,44 @@ VmDirHandleSpecialSearch(
                     "%s Entry search failed.", pszEntryType[entryType]);
         }
     }
+    else if (VmDirIsSearchForIntegrityCheckStatus(pOp, &integrityCheckStat))
+    {
+        BOOLEAN bIsMember = FALSE;
+
+        entryType = SPECIAL_SEARCH_ENTRY_TYPE_INTEGRITY_CHECK_STATUS;
+
+        dwError = VmDirIsBindDnMemberOfSystemDomainAdmins(NULL, &pOp->conn->AccessInfo, &bIsMember);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (!bIsMember)
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INSUFFICIENT_ACCESS);
+        }
+
+        if (integrityCheckStat == INTEGRITY_CHECK_JOB_START ||
+            integrityCheckStat == INTEGRITY_CHECK_JOB_RECHECK)
+        {
+            dwError = VmDirIntegrityCheckStart(integrityCheckStat);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (integrityCheckStat == INTEGRITY_CHECK_JOB_STOP)
+        {
+            VmDirIntegrityCheckStop();
+        }
+        else if (integrityCheckStat == INTEGRITY_CHECK_JOB_SHOW_SUMMARY)
+        {
+            dwError = VmDirIntegrityCheckShowStatus(&pEntryArray->pEntry);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            if (pEntryArray->pEntry)
+            {
+                pEntryArray->iSize = 1;
+            }
+        }
+    }
 
     if (entryType != REGULAR_SEARCH_ENTRY_TYPE)
     {
-        bRetVal = TRUE;
 
         /*
          * Read txn for preventing server crash (PR 1634501)
@@ -142,12 +177,14 @@ VmDirHandleSpecialSearch(
     {
         pOp->pBEIF->pfnBETxnCommit(pOp->pBECtx);
     }
-    return bRetVal;
+
+    return entryType != REGULAR_SEARCH_ENTRY_TYPE;
 
 error:
     VmDirLog( LDAP_DEBUG_ANY, "VmDirHandleSpecialSearch: (%d)(%s)",
             dwError, VDIR_SAFE_STRING(pLdapResult->pszErrMsg) );
-    pLdapResult->errCode = dwError;
+    pLdapResult->vmdirErrCode = dwError;
+
     goto cleanup;
 }
 
@@ -361,3 +398,63 @@ VmDirIsSearchForSchemaReplStatus(
 
     return bRetVal;
 }
+
+/*
+ * For integrity check status
+ * The search pattern is:
+ * BASE:    cn=integritycheckstatus
+ * FILTER:  (objectclass=*)
+ * SCOPE:   BASE - with optional attribute operation=start|stop|recheck
+ *          ONELEVEL - returns job summary with optional attribute detail
+ *
+ */
+BOOLEAN
+VmDirIsSearchForIntegrityCheckStatus(
+    PVDIR_OPERATION                     pOp,
+    PVMDIR_INTEGRITY_CHECK_JOB_STATE    pState
+    )
+{
+    BOOLEAN         bRetVal = FALSE;
+    SearchReq*      pSearchReq = &(pOp->request.searchReq);
+    PSTR            pszDN = pOp->reqDn.lberbv.bv_val;
+    PVDIR_FILTER    pFilter = pSearchReq ? pSearchReq->filter : NULL;
+
+    if (pSearchReq != NULL                                                  &&
+        pszDN != NULL                                                       &&
+        VmDirStringCompareA(pszDN, INTEGRITY_CHECK_STATUS_DN, FALSE) == 0   &&
+        pFilter != NULL                                                     &&
+        pFilter->choice == LDAP_FILTER_PRESENT                              &&
+        pFilter->filtComp.present.lberbv.bv_len == ATTR_OBJECT_CLASS_LEN    &&
+        pFilter->filtComp.present.lberbv.bv_val != NULL                     &&
+        VmDirStringNCompareA(ATTR_OBJECT_CLASS, pFilter->filtComp.present.lberbv.bv_val, ATTR_OBJECT_CLASS_LEN, FALSE) == 0)
+    {
+        bRetVal = TRUE;
+    }
+
+    if (pSearchReq->scope == LDAP_SCOPE_BASE && pState && pSearchReq->attrs)
+    {
+        PSTR pszAttr = pSearchReq->attrs[0].lberbv.bv_val;
+        if (VmDirStringCompareA(pszAttr, "start", FALSE) == 0)
+        {
+            *pState = INTEGRITY_CHECK_JOB_START;
+        }
+        else if (VmDirStringCompareA(pszAttr, "stop", FALSE) == 0)
+        {
+            *pState = INTEGRITY_CHECK_JOB_STOP;
+        }
+        else if (VmDirStringCompareA(pszAttr, "recheck", FALSE) == 0)
+        {
+            *pState = INTEGRITY_CHECK_JOB_RECHECK;
+        }
+        else
+        {
+            *pState = INTEGRITY_CHECK_JOB_NONE;
+        }
+    }
+    else if (pSearchReq->scope == LDAP_SCOPE_ONELEVEL && pState )
+    {
+        *pState = INTEGRITY_CHECK_JOB_SHOW_SUMMARY;
+    }
+
+    return bRetVal;
+}
diff --git a/vmdir/server/middle-layer/structs.h b/vmdir/server/middle-layer/structs.h
index 6fabc64d3..5db13b3a0 100644
--- a/vmdir/server/middle-layer/structs.h
+++ b/vmdir/server/middle-layer/structs.h
@@ -234,6 +234,7 @@ typedef enum _VDIR_SPECIAL_SEARCH_ENTRY_TYPE
     SPECIAL_SEARCH_ENTRY_TYPE_SERVER_STATUS,
     SPECIAL_SEARCH_ENTRY_TYPE_REPL_STATUS,
     SPECIAL_SEARCH_ENTRY_TYPE_SCHEMA_REPL_STATUS,
+    SPECIAL_SEARCH_ENTRY_TYPE_INTEGRITY_CHECK_STATUS,
     REGULAR_SEARCH_ENTRY_TYPE
 } VDIR_SPECIAL_SEARCH_ENTRY_TYPE;
 
diff --git a/vmdir/server/replication/Makefile.am b/vmdir/server/replication/Makefile.am
index 80bd5e578..01f97f01d 100644
--- a/vmdir/server/replication/Makefile.am
+++ b/vmdir/server/replication/Makefile.am
@@ -3,20 +3,21 @@ noinst_LTLIBRARIES = libreplication.la
 
 libreplication_la_SOURCES = \
     libmain.c \
+    metrics.c \
     firstreplcycle.c \
     replentry.c \
     thread.c
 
 libreplication_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libreplication_la_LDFLAGS = \
     -static
-
diff --git a/vmdir/server/replication/externs.h b/vmdir/server/replication/externs.h
new file mode 100644
index 000000000..baab3869b
--- /dev/null
+++ b/vmdir/server/replication/externs.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+extern PVM_METRICS_HISTOGRAM pReplCycleDuration;
diff --git a/vmdir/server/replication/firstreplcycle.c b/vmdir/server/replication/firstreplcycle.c
index 595aa5604..3294375c5 100644
--- a/vmdir/server/replication/firstreplcycle.c
+++ b/vmdir/server/replication/firstreplcycle.c
@@ -115,13 +115,7 @@ VmDirFirstReplicationCycle(
     }
 #endif
 
-    if ( gFirstReplCycleMode != FIRST_REPL_CYCLE_MODE_COPY_DB )
-    {
-        retVal = LDAP_OPERATIONS_ERROR;
-        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                  "VmDirFirstReplicationCycle: Not a special first replication cycle mode, nothing is to be done." );
-        goto cleanup;
-    }
+    assert( gFirstReplCycleMode == FIRST_REPL_CYCLE_MODE_COPY_DB );
 
     retVal = _VmDirGetRemoteDBUsingRPC(pszHostname, dbHomeDir);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
@@ -570,7 +564,7 @@ _VmDirWrapUpFirstReplicationCycle(
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "_VmDirWrapUpFirstReplicationCycle: partnerLocalUsn %llu locaUsn %llu", partnerLocalUsn, localUsn);
 
     if ((retVal = VmDirStringNPrintFA( partnerlocalUsnStr, sizeof(partnerlocalUsnStr), sizeof(partnerlocalUsnStr) - 1,
-                                       "%ld", partnerLocalUsn)) != 0)
+                                       "%" PRId64, partnerLocalUsn)) != 0)
     {
         VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmDirWrapUpFirstReplicationCycle: VmDirStringNPrintFA failed with error code: %d",
                   retVal );
@@ -743,7 +737,7 @@ _VmGetHighestCommittedUSN(
         VMDIR_SAFE_FREE_MEMORY(usnStr);
         VmDirFreeEntryArrayContent(&entryArray);
 
-        dwError = VmDirAllocateStringPrintf(&usnStr, "%llu", usn);
+        dwError = VmDirAllocateStringPrintf(&usnStr, "%" PRId64, usn);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         dwError = VmDirSimpleEqualFilterInternalSearch(
@@ -765,7 +759,7 @@ _VmGetHighestCommittedUSN(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmGetHighestCommittedUSN: fail to find an entry with USN <= %llu", startUsn);
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "_VmGetHighestCommittedUSN: fail to find an entry with USN <= %" PRId64, startUsn);
     goto cleanup;
 }
 
diff --git a/vmdir/server/replication/includes.h b/vmdir/server/replication/includes.h
index c500afc7f..d8adfb520 100644
--- a/vmdir/server/replication/includes.h
+++ b/vmdir/server/replication/includes.h
@@ -61,6 +61,7 @@
 
 #include <structs.h>
 #include <prototypes.h>
+#include "externs.h"
 
 #define VDIR_SAFE_UNBIND_EXT_S(pLd)             \
     do {                                        \
@@ -121,6 +122,7 @@
 
 #include <structs.h>
 #include "prototypes.h"
+#include "externs.h"
 #include "banned.h"
 #define VDIR_SAFE_UNBIND_EXT_S(pLd)             \
     do {                                        \
diff --git a/vmdir/server/replication/libmain.c b/vmdir/server/replication/libmain.c
index 76c77c951..264f8675b 100644
--- a/vmdir/server/replication/libmain.c
+++ b/vmdir/server/replication/libmain.c
@@ -97,6 +97,9 @@ VmDirReplAgrEntryToInMemory(
     VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,"Replication partner: (%s) lastLocalUsnProcessed: (%s)",
                    pReplAgr->ldapURI, pReplAgr->lastLocalUsnProcessed.lberbv_val);
 
+    dwError = VmDirReplNewPartnerMetricsInit(pReplAgr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     *ppReplAgr = pReplAgr;
 
 cleanup:
@@ -152,6 +155,9 @@ VmDirConstructReplAgr(
         BAIL_ON_VMDIR_ERROR( dwError );
     }
 
+    dwError = VmDirReplNewPartnerMetricsInit(pReplAgr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     *ppReplAgr = pReplAgr;
 
 cleanup:
@@ -163,6 +169,7 @@ VmDirConstructReplAgr(
     {
         VmDirFreeBervalContent( &pReplAgr->lastLocalUsnProcessed );
         VmDirFreeBervalContent( &pReplAgr->dn );
+        VmDirReplPartnerMetricsDelete(pReplAgr);
         VMDIR_SAFE_FREE_MEMORY( pReplAgr );
     }
     goto cleanup;
@@ -202,6 +209,10 @@ VmDirFreeReplicationAgreement(
 {
     if (pReplAgr)
     {
+        if (VmDirReplPartnerMetricsDelete(pReplAgr) != 0)
+        {
+            VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirFreeReplicationAgreement: Could not delete metrics");
+        }
         VmDirFreeBervalContent( &(pReplAgr->lastLocalUsnProcessed) );
         VmDirFreeBervalContent( &(pReplAgr->dn) );
         VMDIR_SAFE_FREE_MEMORY( pReplAgr );
diff --git a/vmdir/server/replication/metrics.c b/vmdir/server/replication/metrics.c
new file mode 100644
index 000000000..8a4b4fcf3
--- /dev/null
+++ b/vmdir/server/replication/metrics.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+PVM_METRICS_HISTOGRAM pReplCycleDuration;
+
+DWORD
+VmDirReplMetricsInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+    uint64_t buckets[4] = {1, 10, 100, 1000};
+
+    dwError = VmMetricsHistogramNew(pmContext,
+                    "vmdir_repl_cycle_duration",
+                    NULL, 0,
+                    "Histogram for Replication Cycle Duration",
+                    buckets, 4,
+                    &pReplCycleDuration);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirReplMetricsInit failed (%d)", dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirReplNewPartnerMetricsInit(
+    PVMDIR_REPLICATION_AGREEMENT pReplAgr
+    )
+{
+    DWORD dwError = 0;
+    uint64_t buckets[4] = {1, 10, 100, 1000};
+
+    VM_METRICS_LABEL partnerLabel[1] = {{"partner",pReplAgr->ldapURI}};
+
+    dwError = VmMetricsHistogramNew(pmContext,
+                            "vmdir_repl_connect_duration",
+                            partnerLabel, 1,
+                            "Replication connection duration per partner",
+                            buckets, 4,
+                            &pReplAgr->ReplMetrics.pReplConnectDuration);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsCounterNew(pmContext,
+                            "vmdir_repl_connect_failures",
+                            partnerLabel, 1,
+                            "Number of replication connection failures per partner",
+                            &pReplAgr->ReplMetrics.pReplConnectFailures);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsCounterNew(pmContext,
+                            "vmdir_repl_unfinished",
+                            partnerLabel, 1,
+                            "Number of unfinished replication attempts per partner",
+                            &pReplAgr->ReplMetrics.pReplUnfinished);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsGaugeNew(pmContext,
+                            "vmdir_repl_high_water_mark",
+                            partnerLabel, 1,
+                            "The high water mark USN per partner",
+                            &pReplAgr->ReplMetrics.pReplUsn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsCounterNew(pmContext,
+                            "vmdir_repl_changes",
+                            partnerLabel, 1,
+                            "Number of changes applied per partner",
+                            &pReplAgr->ReplMetrics.pReplChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsHistogramNew(pmContext,
+                            "vmdir_repl_sync_duration",
+                            partnerLabel, 1,
+                            "Replication sync duration per partner",
+                            buckets, 4,
+                            &pReplAgr->ReplMetrics.pReplSyncDuration);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirReplNewPartnerMetricsInit failed (%d)", dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirReplPartnerMetricsDelete(
+    PVMDIR_REPLICATION_AGREEMENT pReplAgr
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsHistogramDelete(pmContext, pReplAgr->ReplMetrics.pReplConnectDuration);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsCounterDelete(pmContext, pReplAgr->ReplMetrics.pReplConnectFailures);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsCounterDelete(pmContext, pReplAgr->ReplMetrics.pReplUnfinished);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsGaugeDelete(pmContext, pReplAgr->ReplMetrics.pReplUsn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsCounterDelete(pmContext, pReplAgr->ReplMetrics.pReplChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmMetricsHistogramDelete(pmContext, pReplAgr->ReplMetrics.pReplSyncDuration);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirReplPartnerMetricsDelete failed (%d)", dwError);
+
+    goto cleanup;
+}
diff --git a/vmdir/server/replication/prototypes.h b/vmdir/server/replication/prototypes.h
index 0e9917564..9edb51c3b 100644
--- a/vmdir/server/replication/prototypes.h
+++ b/vmdir/server/replication/prototypes.h
@@ -61,8 +61,7 @@ int
 ReplAddEntry(
     PVDIR_SCHEMA_CTX                pSchemaCtx,
     PVMDIR_REPLICATION_PAGE_ENTRY   pPageEntry,
-    PVDIR_SCHEMA_CTX*               ppOutSchemaCtx,
-    BOOLEAN                         bFirstReplicationCycle
+    PVDIR_SCHEMA_CTX*               ppOutSchemaCtx
     );
 
 int
@@ -78,6 +77,21 @@ ReplModifyEntry(
     PVDIR_SCHEMA_CTX*               ppOutSchemaCtx
     );
 
+DWORD
+VmDirReplMetricsInit(
+    VOID
+    );
+
+DWORD
+VmDirReplNewPartnerMetricsInit(
+    PVMDIR_REPLICATION_AGREEMENT pReplAgr
+    );
+
+DWORD
+VmDirReplPartnerMetricsDelete(
+    PVMDIR_REPLICATION_AGREEMENT pReplAgr
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/vmdir/server/replication/replentry.c b/vmdir/server/replication/replentry.c
index cfbea58f9..9cdb36c2f 100644
--- a/vmdir/server/replication/replentry.c
+++ b/vmdir/server/replication/replentry.c
@@ -29,9 +29,10 @@ static
 int
 DetectAndResolveAttrsConflicts(
     PVDIR_OPERATION     pOperation,
-    PVDIR_BERVALUE      pDn,
+    PVDIR_ENTRY         pSupplierEntry,
     PVDIR_ATTRIBUTE     pAttrAttrSupplierMetaData,
-    ENTRYID             entryId
+    ENTRYID             entryId,
+    PVDIR_ENTRY         pConsumerEntry
     );
 
 static
@@ -41,7 +42,8 @@ SetAttributesNewMetaData(
     PVDIR_ENTRY         pEntry,
     char *              localUsn,
     PVDIR_ATTRIBUTE *   ppAttrAttrMetaData,
-    ENTRYID             entryId
+    ENTRYID             entryId,
+    PVDIR_ENTRY         pConsumerEntry
     );
 
 static
@@ -59,12 +61,6 @@ _VmDirPatchData(
     PVDIR_OPERATION     pOperation
     );
 
-static
-DWORD
-_VmDirAssignEntryIdIfSpecialInternalEntry(
-    PVDIR_ENTRY pEntry
-    );
-
 static
 int
 ReplFixUpEntryDn(
@@ -115,56 +111,13 @@ _VmDirAttrValueMetaResolve(
     PBOOLEAN        pInScope
     );
 
-/*
- * _VmDirAssignEntryIdIfSpecialInternalEntry()
- *
- * Internal entries from vmdir.h:
- *
- * #define DSE_ROOT_ENTRY_ID              1
- * #define SCHEMA_NAMING_CONTEXT_ID       2
- * #define SUB_SCEHMA_SUB_ENTRY_ID        3
- * #define CFG_ROOT_ENTRY_ID              4
- * #define CFG_INDEX_ENTRY_ID             5
- * #define CFG_ORGANIZATION_ENTRY_ID      6
- * #define DEL_ENTRY_CONTAINER_ENTRY_ID   7
- * #define DEFAULT_ADMINISTRATOR_ENTRY_ID 8
- *
- * Except System administrator and deleted objects container entries, rest are created at the initialization time of
- * all replicas => getting expected entry Ids.
- *
- */
-static DWORD
-_VmDirAssignEntryIdIfSpecialInternalEntry(
-    PVDIR_ENTRY pEntry )
-{
-    DWORD       dwError = 0;
-    PSTR        pszLocalErrMsg = NULL;
-
-    dwError = VmDirNormalizeDN( &(pEntry->dn), pEntry->pSchemaCtx );
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
-                                  "_VmDirAssignEntryIdIfSpecialInternalEntry: DN normalization failed - (%u)(%s)",
-                                  dwError, pEntry->dn.lberbv.bv_val );
-
-    if (VmDirStringCompareA( BERVAL_NORM_VAL(pEntry->dn),
-                             BERVAL_NORM_VAL(gVmdirServerGlobals.bvDefaultAdminDN), TRUE) == 0)
-    {
-        pEntry->eId = DEFAULT_ADMINISTRATOR_ENTRY_ID;
-    }
-    else if (VmDirStringCompareA( BERVAL_NORM_VAL(pEntry->dn),
-                                  BERVAL_NORM_VAL(gVmdirServerGlobals.delObjsContainerDN), TRUE) == 0)
-    {
-        pEntry->eId = DEL_ENTRY_CONTAINER_ENTRY_ID;
-    }
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, pszLocalErrMsg );
-    goto cleanup;
-}
-
+static
+BOOLEAN
+_VmDirIsBenignReplConflict(
+    PVDIR_ATTRIBUTE pAttr,
+    PVDIR_ENTRY     pSupplierEntry,
+    PVDIR_ENTRY     pConsumerEntry
+    );
 
 // Replicate Add Entry operation
 
@@ -172,8 +125,7 @@ int
 ReplAddEntry(
     PVDIR_SCHEMA_CTX                pSchemaCtx,
     PVMDIR_REPLICATION_PAGE_ENTRY   pPageEntry,
-    PVDIR_SCHEMA_CTX*               ppOutSchemaCtx,
-    BOOLEAN                         bFirstReplicationCycle)
+    PVDIR_SCHEMA_CTX*               ppOutSchemaCtx)
 {
     int                 retVal = LDAP_SUCCESS;
     VDIR_OPERATION      op = {0};
@@ -188,6 +140,7 @@ ReplAddEntry(
     int                 i = 0;
     PVDIR_SCHEMA_CTX    pUpdateSchemaCtx = NULL;
     LDAPMessage *       ldapMsg = pPageEntry->entry;
+    VDIR_ENTRY          consumerEntry = {0};
 
     retVal = VmDirInitStackOperation( &op,
                                       VDIR_OPERATION_TYPE_REPL,
@@ -224,7 +177,7 @@ ReplAddEntry(
         BAIL_ON_VMDIR_ERROR( retVal );
     }
 
-    if ((retVal = VmDirStringNPrintFA( localUsnStr, sizeof(localUsnStr), sizeof(localUsnStr) - 1, "%ld", localUsn)) != 0)
+    if ((retVal = VmDirStringNPrintFA( localUsnStr, sizeof(localUsnStr), sizeof(localUsnStr) - 1, "%" PRId64, localUsn)) != 0)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "ReplAddEntry: VmDirStringNPrintFA failed with error code: %d", retVal);
         retVal = LDAP_OPERATIONS_ERROR;
@@ -238,7 +191,7 @@ ReplAddEntry(
     retVal = _VmDirDetatchValueMetaData(&op, pEntry, &pAttrAttrValueMetaData);
     BAIL_ON_VMDIR_ERROR( retVal );
 
-    retVal = SetAttributesNewMetaData(&op, pEntry, localUsnStr, &pAttrAttrMetaData, 0);
+    retVal = SetAttributesNewMetaData(&op, pEntry, localUsnStr, &pAttrAttrMetaData, 0, &consumerEntry);
     BAIL_ON_VMDIR_ERROR( retVal );
 
     // Creating deleted object scenario: Create attributes just with attribute meta data, and no values.
@@ -271,12 +224,6 @@ ReplAddEntry(
     retVal = _VmDirPatchData( &op );
     BAIL_ON_VMDIR_ERROR( retVal );
 
-    if (bFirstReplicationCycle)
-    {
-        retVal =  _VmDirAssignEntryIdIfSpecialInternalEntry( pEntry );
-        BAIL_ON_VMDIR_ERROR( retVal );
-    }
-
     op.ulPartnerUSN = pPageEntry->ulPartnerUSN;
 
     if ((retVal = VmDirInternalAddEntry( &op )) != LDAP_SUCCESS)
@@ -291,7 +238,7 @@ ReplAddEntry(
                           "ReplAddEntry/VmDirInternalAddEntry: %d (Object already exists). "
                           "DN: %s, first attribute: %s, it's meta data: '%s' "
                           "NOT resolving this possible replication CONFLICT or initial objects creation scenario. "
-                          "For this object, system may not converge. Partner USN %llu",
+                          "For this object, system may not converge. Partner USN %" PRId64,
                           retVal, pEntry->dn.lberbv.bv_val, pEntry->attrs->type.lberbv.bv_val, pEntry->attrs->metaData,
                           pPageEntry->ulPartnerUSN);
 
@@ -302,14 +249,14 @@ ReplAddEntry(
                           "ReplAddEntryVmDirInternalAddEntry: %d (Parent object does not exist). "
                           "DN: %s, first attribute: %s, it's meta data: '%s' "
                           "NOT resolving this possible replication CONFLICT or out-of-parent-child-order replication scenario. "
-                          "For this subtree, system may not converge. Partner USN %llu",
+                          "For this subtree, system may not converge. Partner USN %" PRId64,
                           retVal, pEntry->dn.lberbv.bv_val, pEntry->attrs->type.lberbv.bv_val, pEntry->attrs->metaData,
                           pPageEntry->ulPartnerUSN);
                 break;
 
             default:
                 VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                          "ReplAddEntry/VmDirInternalAddEntry:  %d (%s). Partner USN %llu",
+                          "ReplAddEntry/VmDirInternalAddEntry:  %d (%s). Partner USN %" PRId64,
                           retVal, VDIR_SAFE_STRING( op.ldapResult.pszErrMsg ), pPageEntry->ulPartnerUSN);
                 break;
         }
@@ -333,6 +280,7 @@ ReplAddEntry(
     VmDirFreeAttribute( pAttrAttrValueMetaData );
     VmDirFreeAttribute( pAttrAttrMetaData );
     VmDirFreeOperationContent(&op);
+    VmDirFreeEntryContent(&consumerEntry);
 
     return retVal;
 
@@ -410,7 +358,7 @@ ReplDeleteEntry(
                           "ReplDeleteEntry/VmDirInternalDeleteEntry: %d (Object does not exist). "
                           "DN: %s, first attribute: %s, it's meta data: '%s'. "
                           "NOT resolving this possible replication CONFLICT. "
-                          "For this object, system may not converge. Partner USN %llu",
+                          "For this object, system may not converge. Partner USN %" PRId64,
                           retVal, mr->dn.lberbv.bv_val, mr->mods->attr.type.lberbv.bv_val, mr->mods->attr.metaData,
                           pPageEntry->ulPartnerUSN);
                 retVal = LDAP_SUCCESS;
@@ -421,7 +369,7 @@ ReplDeleteEntry(
                           "ReplDeleteEntry/VmDirInternalDeleteEntry: %d (Operation not allowed on non-leaf). "
                           "DN: %s, first attribute: %s, it's meta data: '%s'. "
                           "NOT resolving this possible replication CONFLICT. "
-                          "For this object, system may not converge. Partner USN %llu",
+                          "For this object, system may not converge. Partner USN %" PRId64,
                           retVal, mr->dn.lberbv.bv_val, mr->mods->attr.type.lberbv.bv_val, mr->mods->attr.metaData,
                           pPageEntry->ulPartnerUSN);
                 break;
@@ -431,14 +379,14 @@ ReplDeleteEntry(
                           "ReplDeleteEntry/VmDirInternalDeleteEntry: %d (No such attribute). "
                           "DN: %s, first attribute: %s, it's meta data: '%s'. "
                           "NOT resolving this possible replication CONFLICT. "
-                          "For this object, system may not converge. Partner USN %llu",
+                          "For this object, system may not converge. Partner USN %" PRId64,
                           retVal, mr->dn.lberbv.bv_val, mr->mods->attr.type.lberbv.bv_val, mr->mods->attr.metaData,
                           pPageEntry->ulPartnerUSN);
                 break;
 
             default:
                 VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                          "ReplDeleteEntry/InternalDeleteEntry: %d (%s). Partner USN %llu",
+                          "ReplDeleteEntry/InternalDeleteEntry: %d (%s). Partner USN %" PRId64,
                           retVal, VDIR_SAFE_STRING( delOp.ldapResult.pszErrMsg ),pPageEntry->ulPartnerUSN);
                 break;
         }
@@ -575,7 +523,7 @@ ReplModifyEntry(
                           "ReplModifyEntry/SetupReplModifyRequest: %d (Object does not exist). "
                           "DN: %s, first attribute: %s, it's meta data: '%s'. "
                           "Possible replication CONFLICT. Object will get deleted from the system. "
-                          "Partner USN %llu",
+                          "Partner USN %" PRId64,
                           retVal, e.dn.lberbv.bv_val, e.attrs[0].type.lberbv.bv_val,
                           e.attrs[0].metaData, pPageEntry->ulPartnerUSN);
                 break;
@@ -588,7 +536,7 @@ ReplModifyEntry(
 
             default:
                 VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
-                          "ReplModifyEntry/SetupReplModifyRequest: %d (%s). Partner USN %llu",
+                          "ReplModifyEntry/SetupReplModifyRequest: %d (%s). Partner USN %" PRId64,
                           retVal, VDIR_SAFE_STRING( modOp.ldapResult.pszErrMsg ), pPageEntry->ulPartnerUSN);
                 break;
        }
@@ -772,6 +720,53 @@ ReplFixUpEntryDn(
     goto cleanup;
 }
 
+static
+BOOLEAN
+_VmDirIsBenignReplConflict(
+    PVDIR_ATTRIBUTE pAttr,
+    PVDIR_ENTRY     pSupplierEntry,
+    PVDIR_ENTRY     pConsumerEntry
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bIsBenign = FALSE;
+    CHAR    excludeAttrs[] = {ATTR_USN_CHANGED};  // supplier always send USNChanged, but it has a local context.
+    int     i = 0;
+
+    if (pConsumerEntry->eId == 0) // don't expect this, but pass through if no eid.
+    {
+        goto cleanup;
+    }
+
+    // query consumer entry if needed
+    if (!pConsumerEntry->dn.lberbv_val)
+    {
+        PVDIR_BACKEND_INTERFACE pBE = NULL;
+        pBE = VmDirBackendSelect(NULL);
+        assert(pBE);
+
+        dwError = pBE->pfnBESimpleIdToEntry(pConsumerEntry->eId, pConsumerEntry);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    for (i=0; i< VMDIR_ARRAY_SIZE(excludeAttrs); i++)
+    {
+        if (VmDirStringCompareA(pAttr->type.lberbv_val, &excludeAttrs[i], FALSE) == 0)
+        {
+            bIsBenign = TRUE;
+            goto cleanup;
+        }
+    }
+
+    bIsBenign = VmDirIsSameConsumerSupplierEntryAttr(pAttr, pSupplierEntry, pConsumerEntry);
+
+cleanup:
+    return bIsBenign;
+
+error:
+    goto cleanup;
+}
+
 /* Detect and resolve attribute level conflicts.
  *
  * Read consumer attributes' meta data corresponding to given supplier attributes' meta data, "compare" them, and "mark"
@@ -812,9 +807,10 @@ static
 int
 DetectAndResolveAttrsConflicts(
     PVDIR_OPERATION     pOperation,
-    PVDIR_BERVALUE      pDn,
+    PVDIR_ENTRY         pSupplierEntry,
     PVDIR_ATTRIBUTE     pAttrAttrSupplierMetaData,
-    ENTRYID             entryId
+    ENTRYID             entryId,
+    PVDIR_ENTRY         pConsumerEntry
     )
 {
     int             retVal = LDAP_SUCCESS;
@@ -864,6 +860,7 @@ DetectAndResolveAttrsConflicts(
                     BAIL_ON_LDAP_ERROR( retVal, LDAP_LOCK_DEADLOCK, (pOperation->ldapResult.pszErrMsg),
                                         "backend read entry failed - (%d)(%s)", retVal,
                                         VDIR_SAFE_STRING(pOperation->pBEErrorMsg));
+                    break;
 
                 default:
                     VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "DetectAndResolveAttrsConflicts: pfnBEGetAttrMetaData failed "
@@ -889,14 +886,14 @@ DetectAndResolveAttrsConflicts(
                 VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
                     "DetectAndResolveAttrsConflicts: No conflict, supplier version wins. "
                     "DN: %s, attr: %s, supplier attr meta: %s, consumer attr meta: %s ",
-                     pDn->lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
+                     pSupplierEntry->dn.lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
             }
             else if (supplierVersionNum < consumerVersionNum)
             {
                 VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
                     "DetectAndResolveAttrsConflicts: Possible conflict, supplier version loses. "
                     "DN: %s, attr: %s, supplier attr meta: %s, consumer attr meta: %s",
-                    pDn->lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
+                    pSupplierEntry->dn.lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
 
                 if (VmDirStringCompareA( pAttr->type.lberbv_val, ATTR_USN_CHANGED, FALSE ) == 0)
                 {
@@ -922,12 +919,18 @@ DetectAndResolveAttrsConflicts(
                 char * supplierInvocationId = strchr(strchr(metaData, ':') + 1, ':') + 1;
                 char * consumerInvocationId = strchr(strchr(pAttr->metaData, ':') + 1, ':') + 1;
 
+                // compare supplier and consumer attr content, log warning msg if different.
+                BOOLEAN bIsSameAttrValue = _VmDirIsBenignReplConflict(pAttr, pSupplierEntry, pConsumerEntry);
+
                 if (strncmp( supplierInvocationId, consumerInvocationId, VMDIR_GUID_STR_LEN ) < 0)
                 {
-                    VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-                        "DetectAndResolveAttrsConflicts: Possible conflict, supplier serverId loses. "
-                        "DN: %s, attr: %s, supplier attr meta: %s, consumer attr meta: %s",
-                        pDn->lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
+                    if (!bIsSameAttrValue)
+                    {
+                        VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
+                            "DetectAndResolveAttrsConflicts: Possible conflict, supplier serverId loses. "
+                            "DN: %s, attr: %s, supplier attr meta: %s, consumer attr meta: %s",
+                            pSupplierEntry->dn.lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
+                    }
 
                     if (VmDirStringCompareA( pAttr->type.lberbv_val, ATTR_USN_CHANGED, FALSE ) == 0)
                     {
@@ -949,10 +952,13 @@ DetectAndResolveAttrsConflicts(
                }
                 else
                 {
-                    VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
-                        "DetectAndResolveAttrsConflicts: Possible conflict, supplier serverId wins."
-                        "DN: %s, attr: %s, supplier attr meta: %s, consumer attr meta: %s",
-                        pDn->lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
+                    if (!bIsSameAttrValue)
+                    {
+                        VMDIR_LOG_WARNING(VMDIR_LOG_MASK_ALL,
+                            "DetectAndResolveAttrsConflicts: Possible conflict, supplier serverId wins."
+                            "DN: %s, attr: %s, supplier attr meta: %s, consumer attr meta: %s",
+                            pSupplierEntry->dn.lberbv.bv_val, pAttr->type.lberbv.bv_val, metaData, pAttr->metaData );
+                    }
                 }
             }
         }
@@ -1051,7 +1057,8 @@ SetAttributesNewMetaData(
     PVDIR_ENTRY         pEntry,
     char *              localUsnStr,
     PVDIR_ATTRIBUTE *   ppAttrAttrMetaData,
-    ENTRYID             entryId
+    ENTRYID             entryId,
+    PVDIR_ENTRY         pConsumerEntry
     )
 {
     int                 retVal = LDAP_SUCCESS;
@@ -1106,7 +1113,12 @@ SetAttributesNewMetaData(
 
     if (pOperation->reqCode == LDAP_REQ_MODIFY)
     {
-        retVal = DetectAndResolveAttrsConflicts(pOperation, &pEntry->dn, pAttrAttrMetaData, entryId);
+        retVal = DetectAndResolveAttrsConflicts(
+                        pOperation,
+                        pEntry,
+                        pAttrAttrMetaData,
+                        entryId,
+                        pConsumerEntry);
         BAIL_ON_VMDIR_ERROR( retVal );
     }
 
@@ -1241,6 +1253,7 @@ SetupReplModifyRequest(
     VDIR_MODIFICATION * lastKnownDNMod = NULL;
     PVDIR_SCHEMA_CTX    pSchemaCtx = pOperation->pSchemaCtx;
     ModifyReq *         mr = &(pOperation->request.modifyReq);
+    VDIR_ENTRY          consumerEntry = {0};
 
     VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "SetupReplModifyRequest: next entry being replicated/Modified is: %s",
               pEntry->dn.lberbv.bv_val );
@@ -1263,7 +1276,7 @@ SetupReplModifyRequest(
         BAIL_ON_VMDIR_ERROR( retVal );
     }
 
-    if ((retVal = VmDirStringNPrintFA( localUsnStr, sizeof(localUsnStr), sizeof(localUsnStr) - 1, "%ld",
+    if ((retVal = VmDirStringNPrintFA( localUsnStr, sizeof(localUsnStr), sizeof(localUsnStr) - 1, "%" PRId64,
                                        localUsn)) != 0)
     {
         VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "SetupReplModifyRequest: VmDirStringNPrintFA failed with error code: %d", retVal );
@@ -1275,7 +1288,8 @@ SetupReplModifyRequest(
 
     VMDIR_LOG_DEBUG(LDAP_DEBUG_REPL, "SetupReplModifyRequest: next generated localUSN: %s", localUsnStr );
 
-    retVal = SetAttributesNewMetaData(pOperation, pEntry, localUsnStr, &pAttrAttrMetaData, entryId);
+    consumerEntry.eId = entryId;
+    retVal = SetAttributesNewMetaData(pOperation, pEntry, localUsnStr, &pAttrAttrMetaData, entryId, &consumerEntry);
     BAIL_ON_VMDIR_ERROR( retVal );
 
     for (currAttr = pEntry->attrs; currAttr; currAttr = currAttr->next)
@@ -1402,6 +1416,7 @@ SetupReplModifyRequest(
 cleanup:
     // pAttrAttrMetaData is local, needs to be freed within the call
     VmDirFreeAttribute( pAttrAttrMetaData );
+    VmDirFreeEntryContent(&consumerEntry);
 
     return retVal;
 
@@ -1612,7 +1627,7 @@ _VmSetupValueMetaData(
        // p now points to <version>...
        // Need to replace supp's <local-usn> with new locally generated local-usn.
        retVal = VmDirStringNPrintFA(av_meta_pre, sizeof(av_meta_pre), sizeof(av_meta_pre) - 1,
-                    "%s:%ld:", pAttr->type.lberbv.bv_val, localUsn);
+                    "%s:%" PRId64 ":", pAttr->type.lberbv.bv_val, localUsn);
        BAIL_ON_VMDIR_ERROR(retVal);
 
        //av_meta_pre contains "<attr-name>:<new-local-usn>:"
@@ -1849,7 +1864,7 @@ _VmDirAttachValueMetaData(
                VALUE_META_TO_NEXT_FIELD(p, 2);
                // p now points to <version>...
                retVal = VmDirStringNPrintFA(av_meta_pre, sizeof(av_meta_pre), sizeof(av_meta_pre) -1,
-                            "%s:%ld:", attr->type.lberbv.bv_val, localUsn);
+                            "%s:%" PRId64 ":", attr->type.lberbv.bv_val, localUsn);
                BAIL_ON_VMDIR_ERROR(retVal);
 
                //av_meta_pre contains "<attr-name>:<new-local-usn>:"
diff --git a/vmdir/server/replication/structs.h b/vmdir/server/replication/structs.h
index 63bce4ce3..fb65be1eb 100644
--- a/vmdir/server/replication/structs.h
+++ b/vmdir/server/replication/structs.h
@@ -66,14 +66,13 @@ typedef struct _VMDIR_REPLICATION_CREDENTIALS
 
 typedef struct _VMDIR_REPLICATON_CONNECTION
 {
-    LDAP *pLd;
-    PSTR pszConnectionDescription;
+    LDAP*   pLd;
+    PSTR    pszPartnerHostName;
 } VMDIR_REPLICATION_CONNECTION, *PVMDIR_REPLICATION_CONNECTION;
 
 typedef struct _VMDIR_REPLICATION_CONTEXT
 {
-    PVDIR_SCHEMA_CTX pSchemaCtx;
-    BOOLEAN bFirstReplicationCycle;
-    time_t stLastTimeTriedToFillHoleInDirectory;
-    PSTR pszKrb5ErrorMsg;
+    PVDIR_SCHEMA_CTX    pSchemaCtx;
+    time_t              stLastTimeTriedToFillHoleInDirectory;
+    PSTR                pszKrb5ErrorMsg;
 } VMDIR_REPLICATION_CONTEXT, *PVMDIR_REPLICATION_CONTEXT;
diff --git a/vmdir/server/replication/thread.c b/vmdir/server/replication/thread.c
index 0b50a8685..7e0dfd59e 100644
--- a/vmdir/server/replication/thread.c
+++ b/vmdir/server/replication/thread.c
@@ -54,10 +54,10 @@ _VmDirReplicationFreeCredentialsContents(
 static
 DWORD
 _VmDirReplicationConnect(
-    PVMDIR_REPLICATION_CONTEXT pContext,
-    PVMDIR_REPLICATION_AGREEMENT pReplAgr,
-    PVMDIR_REPLICATION_CREDENTIALS pCreds,
-    PVMDIR_REPLICATION_CONNECTION pConnection
+    PVMDIR_REPLICATION_CONTEXT      pContext,
+    PVMDIR_REPLICATION_AGREEMENT    pReplAgr,
+    PVMDIR_REPLICATION_CREDENTIALS  pCreds,
+    PVMDIR_REPLICATION_CONNECTION   pConnection
     );
 
 static
@@ -69,16 +69,15 @@ _VmDirReplicationDisconnect(
 static
 DWORD
 _VmDirWaitForReplicationAgreement(
-    PBOOLEAN pbFirstReplicationCycle,
     PBOOLEAN pbExitReplicationThread
     );
 
 static
-int
+VOID
 _VmDirConsumePartner(
-    PVMDIR_REPLICATION_CONTEXT pContext,
-    PVMDIR_REPLICATION_AGREEMENT replAgr,
-    PVMDIR_REPLICATION_CONNECTION pConnection
+    PVMDIR_REPLICATION_CONTEXT      pContext,
+    PVMDIR_REPLICATION_AGREEMENT    replAgr,
+    PVMDIR_REPLICATION_CONNECTION   pConnection
     );
 
 static
@@ -103,10 +102,10 @@ VmDirSetGlobalServerId();
 static
 int
 _VmDirFetchReplicationPage(
-    PVMDIR_REPLICATION_CONNECTION pConnection,
-    USN lastSupplierUsnProcessed,
-    USN initUsn,
-    PVMDIR_REPLICATION_PAGE *ppPage
+    PVMDIR_REPLICATION_CONNECTION   pConnection,
+    USN                             lastSupplierUsnProcessed,
+    USN                             initUsn,
+    PVMDIR_REPLICATION_PAGE*        ppPage
     );
 
 static
@@ -160,13 +159,17 @@ InitializeReplicationThread(
     PVDIR_THREAD_INFO   pThrInfo = NULL;
 
     dwError = VmDirSrvThrInit(
-                &pThrInfo,
-                gVmdirGlobals.replAgrsMutex,
-                gVmdirGlobals.replAgrsCondition,
-                TRUE);
+            &pThrInfo,
+            gVmdirGlobals.replAgrsMutex,
+            gVmdirGlobals.replAgrsCondition,
+            TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateThread( &pThrInfo->tid, FALSE, vdirReplicationThrFun, pThrInfo);
+    dwError = VmDirCreateThread(
+            &pThrInfo->tid,
+            pThrInfo->bJoinThr,
+            vdirReplicationThrFun,
+            pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pThrInfo);
@@ -182,92 +185,6 @@ InitializeReplicationThread(
     goto cleanup;
 }
 
-/*
- * If the old policy is a realtime one (RR or FIFO), then increase it by
- * REPL_THREAD_SCHED_PRIORITY, otherwise (e.g. old policy is SCHED_NORMAL),
- * then set the new policy to RR with priority REPL_THREAD_SCHED_PRIORITY.
- * Assume that all operational threads have the same schedule policy/priority as
- * the replication thread before this change so that the replication thread
- * would be scheduled ahead of the operational threads.  This is to address
- * the backend's writer mutex contention problem so that the replication thread
- * wouldn't be starved by the local operational threads' write operations.
- * Pitfall: the priority upgrade has no effect on Windows 2008 server with
- * process under NORMAL_PRIORITY_CLASS, and has slight effect with
- * IDLE_PRIORITY_CLASS. If appears that Windows wakes up threads (for those
- * waiting for a mutex in NORMAL_PRIORITY_CLASS) in a FIFO way regardless of
- * their priorities. Therefore, there is no implementation of this function
- * for Windows.
- */
-static
-void
-vdirRaiseThreadSchedPriority()
-{
-    int                  old_sch_policy = 0;
-    int                  new_sch_policy = 0;
-    int                  max_sched_pri = 0;
-    struct sched_param   old_sch_param = {0};
-    struct sched_param   new_sch_param = {0};
-    int                  retVal = 0;
-    PSTR                 pszLocalErrorMsg = NULL;
-
-    retVal=pthread_getschedparam(pthread_self(), &old_sch_policy, &old_sch_param);
-    BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-         "vdirRaiseThreadSchedPriority: pthread_getschedparam failed");
-
-    if (old_sch_policy == SCHED_FIFO || old_sch_policy == SCHED_RR)
-    {
-        // Thread is already in a realtime policy,
-        // though the current vmdird wouldn't be setup at this policy
-        max_sched_pri = sched_get_priority_max(old_sch_policy);
-        if (max_sched_pri < 0)
-        {
-            retVal = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-                  "vdirRaiseThreadSchedPriority: sched_get_priority_max failed on policy %d", old_sch_policy);
-
-        }
-
-        new_sch_policy = old_sch_policy;
-        new_sch_param.sched_priority = old_sch_param.sched_priority + REPL_THREAD_SCHED_PRIORITY;
-        if (new_sch_param.sched_priority > max_sched_pri )
-        {
-            new_sch_param.sched_priority =  max_sched_pri;
-        }
-    } else
-    {
-        /*
-         * Thread is in a non-realtime policy
-         * put it on the lowest RR priority which would be schduled ahead of
-         * operational threads with SCHED_OTHER
-         */
-        new_sch_policy = SCHED_RR;
-        new_sch_param.sched_priority = sched_get_priority_min(new_sch_policy);
-        if (new_sch_param.sched_priority < 0)
-        {
-            retVal = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-                 "vdirRaiseThreadSchedPriority: sched_get_priority_min failed sch_policy=%d", new_sch_policy);
-        }
-    }
-
-   retVal = pthread_setschedparam(pthread_self(), new_sch_policy, &new_sch_param);
-   BAIL_ON_VMDIR_ERROR_WITH_MSG( retVal, (pszLocalErrorMsg),
-        "vdirRaiseThreadSchedPriority: setschedparam failed: errno=%d old_sch_policy=%d old_sch_priority=%d new_sch_policy=%d new_sch_priority=%d",
-        errno, old_sch_policy, old_sch_param.sched_priority, new_sch_policy, new_sch_param.sched_priority);
-
-   VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-          "vdirRaiseThreadSchedPriority: old_sch_policy=%d old_sch_priority=%d new_sch_policy=%d new_sch_priority=%d",
-          old_sch_policy, old_sch_param.sched_priority, new_sch_policy, new_sch_param.sched_priority);
-
-done:
-    VMDIR_SAFE_FREE_MEMORY(pszLocalErrorMsg);
-    return;
-
-error:
-    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s", VDIR_SAFE_STRING(pszLocalErrorMsg));
-    goto done;
-}
-
 // vdirReplicationThrFun is the main replication function that:
 //  - Executes replication cycles endlessly
 //  - Each replication cycle consist of processing all the RAs for this vmdird instance.
@@ -299,13 +216,21 @@ vdirReplicationThrFun(
     VMDIR_REPLICATION_CREDENTIALS   sCreds = {0};
     VMDIR_REPLICATION_CONNECTION    sConnection = {0};
     VMDIR_REPLICATION_CONTEXT       sContext = {0};
+    uint64_t                        uiCycleStartTime = 0;
+    uint64_t                        uiCycleEndTime = 0;
+    uint64_t                        uiConnectStartTime = 0;
+    uint64_t                        uiConnectEndTime = 0;
+    uint64_t                        uiSyncStartTime = 0;
+    uint64_t                        uiSyncEndTime = 0;
+
+    /*
+     * This is to address the backend's writer mutex contention problem so that
+     * the replication thread wouldn't be starved by the local operational threads'
+     * write operations.
+     */
+    VmDirRaiseThreadPriority(DEFAULT_THREAD_PRIORITY_DELTA);
 
-#ifndef _WIN32
-    vdirRaiseThreadSchedPriority();
-#endif
-
-    retVal = _VmDirWaitForReplicationAgreement(
-                &sContext.bFirstReplicationCycle, &bExitThread);
+    retVal = _VmDirWaitForReplicationAgreement(&bExitThread);
     BAIL_ON_VMDIR_ERROR(retVal);
 
     if (bExitThread)
@@ -332,7 +257,9 @@ vdirReplicationThrFun(
             VmDirSleep(1000);
             continue;
         }
+
         VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "vdirReplicationThrFun: Executing replication cycle %u.", gVmdirGlobals.dwReplCycleCounter + 1 );
+        uiCycleStartTime = VmDirGetTimeInMilliSec();
 
         // purge RAs that have been marked as isDeleted = TRUE
         VmDirRemoveDeletedRAsFromCache();
@@ -378,33 +305,42 @@ vdirReplicationThrFun(
                 replAgr->oldPasswordFailTime = 0;
             }
 
+            uiConnectStartTime = VmDirGetTimeInMilliSec();
+
             retVal = _VmDirReplicationConnect(&sContext, replAgr, &sCreds, &sConnection);
             if (retVal || sConnection.pLd == NULL)
             {
-                // Bail on first cycle only
-                if ( sContext.bFirstReplicationCycle )
+                if (replAgr->ReplMetrics.pReplConnectFailures)
                 {
-                    if( !retVal )
-                    {
-                        retVal = VMDIR_ERROR_UNAVAILABLE;
-                    }
-
-                    BAIL_ON_VMDIR_ERROR( retVal );
+                    VmMetricsCounterIncrement(replAgr->ReplMetrics.pReplConnectFailures);
                 }
-
                 continue;
             }
+            uiConnectEndTime = VmDirGetTimeInMilliSec();
 
-            retVal = _VmDirConsumePartner(&sContext, replAgr, &sConnection);
-            // Bail on first cycle only
-            if ( sContext.bFirstReplicationCycle )
+            if (replAgr->ReplMetrics.pReplConnectDuration)
             {
-                BAIL_ON_VMDIR_ERROR( retVal );
+                VmMetricsHistogramUpdate(replAgr->ReplMetrics.pReplConnectDuration,
+                            VMDIR_RESPONSE_TIME(uiConnectEndTime-uiConnectStartTime));
             }
+            uiSyncStartTime = VmDirGetTimeInMilliSec();
+            _VmDirConsumePartner(&sContext, replAgr, &sConnection);
+            uiSyncEndTime = VmDirGetTimeInMilliSec();
+
+            if (replAgr->ReplMetrics.pReplSyncDuration)
+            {
+                VmMetricsHistogramUpdate(replAgr->ReplMetrics.pReplSyncDuration,
+                            VMDIR_RESPONSE_TIME(uiSyncEndTime-uiSyncStartTime));
+            }
+
             _VmDirReplicationDisconnect(&sConnection);
         }
+
+        uiCycleEndTime = VmDirGetTimeInMilliSec();
         VMDIR_LOG_DEBUG(VMDIR_LOG_MASK_ALL, "vdirReplicationThrFun: Done executing the replication cycle.");
 
+        VmMetricsHistogramUpdate(pReplCycleDuration,
+                VMDIR_RESPONSE_TIME(uiCycleEndTime-uiCycleStartTime));
 
         VMDIR_LOCK_MUTEX(bInReplCycleDoneLock, gVmdirGlobals.replCycleDoneMutex);
         gVmdirGlobals.dwReplCycleCounter++;
@@ -704,23 +640,6 @@ VmDirSrvCreateReplAgrObj(
     return dwError;
 }
 
-static
-int
-_VmDirGetUsnFromSyncDoneCtrl(
-    struct berval* syncDoneCtrlVal,
-    USN *pUsn)
-{
-    int retVal = LDAP_SUCCESS;
-    PSTR pszEnd = NULL;
-    USN usn = 0;
-
-    usn = VmDirStringToLA(syncDoneCtrlVal->bv_val, &pszEnd, 10);
-
-    *pUsn = usn;
-
-    return retVal;
-}
-
 int
 VmDirReplUpdateCookies(
     PVDIR_SCHEMA_CTX                pSchemaCtx,
@@ -1042,28 +961,28 @@ VmDirSetGlobalServerId()
 static
 DWORD
 _VmDirReplicationConnect(
-    PVMDIR_REPLICATION_CONTEXT pContext,
-    PVMDIR_REPLICATION_AGREEMENT pReplAgr,
-    PVMDIR_REPLICATION_CREDENTIALS pCreds,
-    PVMDIR_REPLICATION_CONNECTION pConnection
+    PVMDIR_REPLICATION_CONTEXT      pContext,
+    PVMDIR_REPLICATION_AGREEMENT    pReplAgr,
+    PVMDIR_REPLICATION_CREDENTIALS  pCreds,
+    PVMDIR_REPLICATION_CONNECTION   pConnection
     )
 {
-    DWORD dwError = 0;
-    LDAP *pLd = NULL;
-    PSTR pszPartnerHostName = NULL;
-    VMDIR_REPLICATION_PASSWORD sPasswords[2];
-    DWORD dwPasswords = 0;
-    DWORD i = 0;
-    PSTR pszErrorMsg = NULL;
-    time_t currentTime = time(NULL);
+    DWORD   dwError = 0;
+    LDAP*   pLd = NULL;
+    PSTR    pszPartnerHostName = NULL;
+    VMDIR_REPLICATION_PASSWORD  sPasswords[2];
+    DWORD   dwPasswords = 0;
+    DWORD   i = 0;
+    PSTR    pszErrorMsg = NULL;
+    time_t  currentTime = time(NULL);
 
     dwError = VmDirReplURIToHostname(pReplAgr->ldapURI, &pszPartnerHostName);
     if (dwError != 0)
     {
         VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "_vdirReplicationConnect: VmDirReplURIToHostname failed. %s",
-            pReplAgr->ldapURI);
+                VMDIR_LOG_MASK_ALL,
+                "_vdirReplicationConnect: VmDirReplURIToHostname failed. %s",
+                pReplAgr->ldapURI);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -1108,17 +1027,13 @@ _VmDirReplicationConnect(
         }
 
         // Bind via SASL [srp,krb] mech
-        dwError = VmDirSafeLDAPBind(&pLd,
-                                    pszPartnerHostName,
-                                    pCreds->pszUPN,
-                                    pszPassword);
+        dwError = VmDirSafeLDAPBind(
+                &pLd, pszPartnerHostName, pCreds->pszUPN, pszPassword);
         if (dwError != 0)
         {
             // Use SSL and LDAP URI for 5.5 compatibility
-            dwError = VmDirSSLBind(&pLd,
-                                   pReplAgr->ldapURI,
-                                   pCreds->pszDN,
-                                   pszPassword);
+            dwError = VmDirSSLBind(
+                    &pLd, pReplAgr->ldapURI, pCreds->pszDN, pszPassword);
         }
 
         if (dwError == LDAP_INVALID_CREDENTIALS)
@@ -1132,11 +1047,16 @@ _VmDirReplicationConnect(
         }
     }
 
+    pConnection->pszPartnerHostName = pszPartnerHostName;
+    pszPartnerHostName = NULL;
+
     pConnection->pLd = pLd;
+    pLd = NULL;
 
 error:
     VMDIR_SAFE_FREE_STRINGA(pszErrorMsg);
     VMDIR_SAFE_FREE_STRINGA(pszPartnerHostName);
+    VDIR_SAFE_UNBIND_EXT_S(pLd);
     return dwError;
 }
 
@@ -1151,7 +1071,7 @@ _VmDirReplicationDisconnect(
     if (pConnection)
     {
         VDIR_SAFE_UNBIND_EXT_S(pConnection->pLd);
-        VMDIR_SAFE_FREE_STRINGA(pConnection->pszConnectionDescription);
+        VMDIR_SAFE_FREE_STRINGA(pConnection->pszPartnerHostName);
     }
 }
 
@@ -1255,7 +1175,6 @@ _VmDirReplicationFreeCredentialsContents(
 
 DWORD
 _VmDirWaitForReplicationAgreement(
-    PBOOLEAN pbFirstReplicationCycle,
     PBOOLEAN pbExitReplicationThread
     )
 {
@@ -1264,7 +1183,6 @@ _VmDirWaitForReplicationAgreement(
     int retVal = 0;
     PSTR pszPartnerHostName = NULL;
 
-    assert(pbFirstReplicationCycle != NULL);
     assert(pbExitReplicationThread != NULL);
 
     VMDIR_LOCK_MUTEX(bInReplAgrsLock, gVmdirGlobals.replAgrsMutex);
@@ -1310,14 +1228,15 @@ _VmDirWaitForReplicationAgreement(
                     *pbExitReplicationThread = TRUE;
                     dwError = LDAP_OPERATIONS_ERROR;
                     BAIL_ON_VMDIR_ERROR( dwError );
-                } else
+                }
+                else
                 {
                     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "vdirReplicationThrFun: VmDirFirstReplicationCycle() SUCCEEDED." );
                 }
-            } else
+            }
+            else
             {
-                VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "vdirReplicationThrFun: performing normal replication logic." );
-                *pbFirstReplicationCycle = TRUE;
+                assert(0);  // Lightwave server always use DB copy to bootstrap partner node.
             }
         }
         VMDIR_LOCK_MUTEX(bInReplAgrsLock, gVmdirGlobals.replAgrsMutex);
@@ -1332,11 +1251,11 @@ _VmDirWaitForReplicationAgreement(
 }
 
 static
-int
+VOID
 _VmDirConsumePartner(
-    PVMDIR_REPLICATION_CONTEXT pContext,
-    PVMDIR_REPLICATION_AGREEMENT replAgr,
-    PVMDIR_REPLICATION_CONNECTION pConnection
+    PVMDIR_REPLICATION_CONTEXT      pContext,
+    PVMDIR_REPLICATION_AGREEMENT    replAgr,
+    PVMDIR_REPLICATION_CONNECTION   pConnection
     )
 {
     int retVal = LDAP_SUCCESS;
@@ -1358,7 +1277,7 @@ _VmDirConsumePartner(
 
         bReTrialDesired = FALSE;
         bContinue = FALSE;
-        initUsn = VmDirStringToLA(replAgr->lastLocalUsnProcessed.lberbv.bv_val, NULL, 10 );
+        initUsn = VmDirStringToLA(replAgr->lastLocalUsnProcessed.lberbv.bv_val, NULL, 10);
 
         if (bReplayEverything)
         {
@@ -1374,6 +1293,14 @@ _VmDirConsumePartner(
         {
             if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
             {
+                if (iEntriesOutOfSequence == 0)
+                {   // no parent/child out of sequence so far, should update UTDVector before existing.
+                    // this avoids create->modify(s) scenario lost modify(s) if cycle force ended by service shutdown.
+                    // i.e. next cycle would receive SYNC_STATE(2)/modify instead of SYNC_STATE(1)/create.
+                    goto replcycledone;
+                }
+
+                // this should be very rare after LW1.0/PSC6.6 where we switch to db copy for first replication cycle.
                 retVal = LDAP_CANCELLED;
                 goto cleanup;
             }
@@ -1382,36 +1309,38 @@ _VmDirConsumePartner(
             pPage = NULL;
 
             retVal = _VmDirFetchReplicationPage(
-                        pConnection,
-                        lastSupplierUsnProcessed, // used in search filter
-                        initUsn,                  // used in syncRequestCtrl to send(supplier) high watermark.
-                        &pPage);
+                    pConnection,
+                    lastSupplierUsnProcessed, // used in search filter
+                    initUsn,                  // used in syncRequestCtrl to send(supplier) high watermark.
+                    &pPage);
             BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
-            retVal = _VmDirProcessReplicationPage(
-                        pContext,
-                        pPage);
+            retVal = _VmDirProcessReplicationPage(pContext, pPage);
             BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
             lastSupplierUsnProcessed = pPage->lastSupplierUsnProcessed;
             iEntriesOutOfSequence += pPage->iEntriesOutOfSequence;
 
             // When a page has 0 entry, we should selectively update bervalSyncDoneCtrl.
-            retVal = _VmDirFilterEmptyPageSyncDoneCtr(replAgr->lastLocalUsnProcessed.lberbv.bv_val,
-                                                      &bervalSyncDoneCtrl,
-                                                      &(pPage->searchResCtrls[0]->ldctl_value));
+            retVal = _VmDirFilterEmptyPageSyncDoneCtr(
+                    replAgr->lastLocalUsnProcessed.lberbv.bv_val,
+                    &bervalSyncDoneCtrl,
+                    &(pPage->searchResCtrls[0]->ldctl_value));
             BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
             // Check if sync done control contains explicit continue indicator
-            bContinue = VmDirStringStrA(pPage->searchResCtrls[0]->ldctl_value.bv_val,
-                                        VMDIR_REPL_CONT_INDICATOR) ? TRUE : FALSE;
+            bContinue = VmDirStringStrA(
+                    pPage->searchResCtrls[0]->ldctl_value.bv_val,
+                    VMDIR_REPL_CONT_INDICATOR) ?
+                            TRUE : FALSE;
 
             // Check if we received a full page and need to continue
             bContinue |= pPage->iEntriesRequested > 0 &&
                          pPage->iEntriesReceived > 0 &&
                          pPage->iEntriesReceived == pPage->iEntriesRequested;
 
-        } while (bContinue);
+        }
+        while (bContinue);
 
         if (iEntriesOutOfSequence > 0)
         {
@@ -1439,13 +1368,19 @@ _VmDirConsumePartner(
                 if (pContext->stLastTimeTriedToFillHoleInDirectory == 0 ||
                     pContext->stLastTimeTriedToFillHoleInDirectory + (SECONDS_IN_HOUR) < time(NULL))
                 {
-                    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirConsumePartner: Attempting to plug hole in directory.");
+                    VMDIR_LOG_ERROR(
+                            VMDIR_LOG_MASK_ALL,
+                            "_VmDirConsumePartner: Attempting to plug hole in directory");
+
                     bReplayEverything = TRUE;
                     bReTrialDesired = TRUE;
                 }
                 else
                 {
-                    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "_VmDirConsumePartner: Did not succesfully perform any updates.");
+                    VMDIR_LOG_ERROR(
+                            VMDIR_LOG_MASK_ALL,
+                            "_VmDirConsumePartner: Did not succesfully perform any updates");
+
                     bReTrialDesired = FALSE; // Trying again probably won't help.
                     retVal = LDAP_CANCELLED; // We need an error value.
                 }
@@ -1453,40 +1388,65 @@ _VmDirConsumePartner(
             }
         }
 
-        VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
-            "_VmDirConsumePartner: bReTrialDesired %d", bReTrialDesired);
-
-    } while ( bReTrialDesired );
+        if (bReTrialDesired)
+        {
+            VMDIR_LOG_WARNING(
+                    VMDIR_LOG_MASK_ALL,
+                    "_VmDirConsumePartner: will retry consuming partner (%s)",
+                    pConnection->pszPartnerHostName);
+        }
+    }
+    while (bReTrialDesired);
 
+replcycledone:
     if (retVal == LDAP_SUCCESS)
     {
         // If page fetch return 0 entry, bervalSyncDoneCtrl.bv_val could be NULL. Do not update cookies in this case.
         if (pPage && bervalSyncDoneCtrl.bv_val)
         {
             retVal = VmDirReplUpdateCookies(
-                    pContext->pSchemaCtx,
-                    &bervalSyncDoneCtrl,
-                    replAgr);
+                    pContext->pSchemaCtx, &bervalSyncDoneCtrl, replAgr);
             BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
-            VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-                "Replication supplier %s USN range (%llu,%s) processed.",
-                replAgr->ldapURI, initUsn, replAgr->lastLocalUsnProcessed.lberbv_val);
+            VmMetricsGaugeSet(
+                    replAgr->ReplMetrics.pReplUsn,
+                    VmDirStringToLA(replAgr->lastLocalUsnProcessed.lberbv_val, NULL, 10));
+
+            VmMetricsCounterAdd(
+                    replAgr->ReplMetrics.pReplChanges,
+                    VmDirStringToLA(replAgr->lastLocalUsnProcessed.lberbv_val, NULL, 10) - initUsn);
+
+            VMDIR_LOG_INFO(
+                    VMDIR_LOG_MASK_ALL,
+                    "Replication supplier %s USN range (%llu,%s) processed",
+                    replAgr->ldapURI,
+                    initUsn,
+                    replAgr->lastLocalUsnProcessed.lberbv_val);
+        }
+        else
+        {
+            VmMetricsCounterIncrement(replAgr->ReplMetrics.pReplUnfinished);
         }
-        pContext->bFirstReplicationCycle = FALSE;
     }
-    else if (pContext->bFirstReplicationCycle)
+    else
     {
-        BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
+        VmMetricsCounterIncrement(replAgr->ReplMetrics.pReplUnfinished);
     }
 
 cleanup:
     VMDIR_RWLOCK_UNLOCK(bInReplLock, gVmdirGlobals.replRWLock);
     VMDIR_SAFE_FREE_MEMORY(bervalSyncDoneCtrl.bv_val);
     _VmDirFreeReplicationPage(pPage);
-    return retVal;
+    return;
 
 ldaperror:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error code (%d)",
+            __FUNCTION__,
+            retVal);
+
+    VmMetricsCounterIncrement(replAgr->ReplMetrics.pReplUnfinished);
     goto cleanup;
 }
 
@@ -1549,19 +1509,20 @@ _VmDirFilterEmptyPageSyncDoneCtr(
 static
 int
 _VmDirFetchReplicationPage(
-    PVMDIR_REPLICATION_CONNECTION pConnection,
-    USN lastSupplierUsnProcessed,
-    USN initUsn,
-    PVMDIR_REPLICATION_PAGE *ppPage
+    PVMDIR_REPLICATION_CONNECTION   pConnection,
+    USN                             lastSupplierUsnProcessed,
+    USN                             initUsn,
+    PVMDIR_REPLICATION_PAGE*        ppPage
     )
 {
     int retVal = LDAP_SUCCESS;
-    LDAPControl *srvCtrls[2] = {NULL, NULL};
-    LDAPControl **ctrls = NULL;
+    BOOLEAN bLogErr = TRUE;
+    LDAPControl*    srvCtrls[2] = {NULL, NULL};
+    LDAPControl**   ctrls = NULL;
     PVMDIR_REPLICATION_PAGE pPage = NULL;
-    LDAP *pLd = NULL;
-    struct timeval tv = {0};
-    struct timeval *pTv = NULL;
+    LDAP*   pLd = NULL;
+    struct timeval  tv = {0};
+    struct timeval* pTv = NULL;
 
     if (gVmdirGlobals.dwLdapSearchTimeoutSec > 0)
     {
@@ -1580,7 +1541,8 @@ _VmDirFetchReplicationPage(
     pPage->iEntriesRequested = gVmdirServerGlobals.replPageSize;
 
     if (VmDirAllocateStringPrintf(
-            &pPage->pszFilter, "%s>=%ld",
+            &pPage->pszFilter,
+            "%s>=%" PRId64,
             ATTR_USN_CHANGED,
             lastSupplierUsnProcessed + 1))
     {
@@ -1589,18 +1551,39 @@ _VmDirFetchReplicationPage(
     }
 
     retVal = VmDirCreateSyncRequestControl(
-                gVmdirServerGlobals.invocationId.lberbv.bv_val,
-                initUsn,
-                gVmdirServerGlobals.utdVector.lberbv.bv_val,
-                &(pPage->syncReqCtrl));
+            gVmdirServerGlobals.invocationId.lberbv.bv_val,
+            initUsn,
+            gVmdirServerGlobals.utdVector.lberbv.bv_val,
+            initUsn == lastSupplierUsnProcessed || 0 == lastSupplierUsnProcessed, // it's fetching first page if TRUE
+            &(pPage->syncReqCtrl));
     BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
     srvCtrls[0] = &(pPage->syncReqCtrl);
     srvCtrls[1] = NULL;
 
-    retVal = ldap_search_ext_s(pLd, "", LDAP_SCOPE_SUBTREE, pPage->pszFilter, NULL, FALSE,
-                               srvCtrls, NULL, pTv, pPage->iEntriesRequested,
-                               &(pPage->searchRes) );
+    retVal = ldap_search_ext_s(
+            pLd,
+            "",
+            LDAP_SCOPE_SUBTREE,
+            pPage->pszFilter,
+            NULL,
+            FALSE,
+            srvCtrls,
+            NULL,
+            pTv,
+            pPage->iEntriesRequested,
+            &(pPage->searchRes));
+
+    if (retVal == LDAP_BUSY)
+    {
+        VMDIR_LOG_INFO(
+                LDAP_DEBUG_REPL,
+                "%s: partner (%s) is busy",
+                __FUNCTION__,
+                pConnection->pszPartnerHostName);
+
+        bLogErr = FALSE;
+    }
     BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
     pPage->iEntriesReceived = ldap_count_entries(pLd, pPage->searchRes);
@@ -1617,14 +1600,14 @@ _VmDirFetchReplicationPage(
             BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
         }
 
-        for (entry = ldap_first_entry( pLd, pPage->searchRes );
+        for (entry = ldap_first_entry(pLd, pPage->searchRes);
              entry != NULL && iEntries < pPage->iEntriesRequested;
-             entry = ldap_next_entry( pLd, entry ) )
+             entry = ldap_next_entry(pLd, entry))
         {
             int entryState = -1;
             USN ulPartnerUSN = 0;
 
-            retVal = ldap_get_entry_controls( pLd, entry, &ctrls );
+            retVal = ldap_get_entry_controls(pLd, entry, &ctrls);
             BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
             retVal = ParseAndFreeSyncStateControl(&ctrls, &entryState, &ulPartnerUSN);
@@ -1636,7 +1619,7 @@ _VmDirFetchReplicationPage(
             pPage->pEntries[iEntries].dwDnLength = 0;
             if (VmDirParseEntryForDn(entry, &(pPage->pEntries[iEntries].pszDn)) == 0)
             {
-                pPage->pEntries[iEntries].dwDnLength = (DWORD) VmDirStringLenA(pPage->pEntries[iEntries].pszDn);
+                pPage->pEntries[iEntries].dwDnLength = (DWORD)VmDirStringLenA(pPage->pEntries[iEntries].pszDn);
             }
 
             iEntries++;
@@ -1653,56 +1636,55 @@ _VmDirFetchReplicationPage(
     BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
     if (pPage->searchResCtrls[0] == NULL ||
-        VmDirStringCompareA(pPage->searchResCtrls[0]->ldctl_oid, LDAP_CONTROL_SYNC_DONE, TRUE ) != 0 )
+        VmDirStringCompareA(pPage->searchResCtrls[0]->ldctl_oid, LDAP_CONTROL_SYNC_DONE, TRUE) != 0)
     {
         retVal = LDAP_OPERATIONS_ERROR;
         BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
     }
 
     // Get last local USN processed from the cookie
-    retVal = _VmDirGetUsnFromSyncDoneCtrl(
-                &(pPage->searchResCtrls[0]->ldctl_value),
-                &(pPage->lastSupplierUsnProcessed));
+    retVal = VmDirStringToUSN(
+            pPage->searchResCtrls[0]->ldctl_value.bv_val,
+            &(pPage->lastSupplierUsnProcessed));
     BAIL_ON_SIMPLE_LDAP_ERROR(retVal);
 
     *ppPage = pPage;
 
-    VMDIR_LOG_INFO(
-        LDAP_DEBUG_REPL,
-        "%s: filter: '%s' requested: %d received: %d usn: %llu utd: '%s'",
-        __FUNCTION__,
-        VDIR_SAFE_STRING(pPage->pszFilter),
-        pPage->iEntriesRequested,
-        pPage->iEntriesReceived,
-        initUsn,
-        VDIR_SAFE_STRING(gVmdirServerGlobals.utdVector.lberbv.bv_val));
+    if (pPage->iEntriesReceived > 0)
+    {
+        VMDIR_LOG_INFO(
+                VMDIR_LOG_MASK_ALL,
+                "%s: filter: '%s' requested: %d received: %d usn: %" PRId64 " utd: '%s'",
+                __FUNCTION__,
+                VDIR_SAFE_STRING(pPage->pszFilter),
+                pPage->iEntriesRequested,
+                pPage->iEntriesReceived,
+                initUsn,
+                VDIR_SAFE_STRING(gVmdirServerGlobals.utdVector.lberbv.bv_val));
+    }
 
 cleanup:
-
     if (ctrls)
     {
         ldap_controls_free(ctrls);
         ctrls = NULL;
     }
-
     return retVal;
 
 ldaperror:
-
-    if (pPage)
+    if (bLogErr && pPage)
     {
         VMDIR_LOG_ERROR(
-            VMDIR_LOG_MASK_ALL,
-            "%s: error: %d filter: '%s' requested: %d received: %d usn: %llu utd: '%s'",
-            __FUNCTION__,
-            retVal,
-            VDIR_SAFE_STRING(pPage->pszFilter),
-            pPage->iEntriesRequested,
-            pPage->iEntriesReceived,
-            initUsn,
-            VDIR_SAFE_STRING(gVmdirServerGlobals.utdVector.lberbv.bv_val));
+                VMDIR_LOG_MASK_ALL,
+                "%s: error: %d filter: '%s' requested: %d received: %d usn: %llu utd: '%s'",
+                __FUNCTION__,
+                retVal,
+                VDIR_SAFE_STRING(pPage->pszFilter),
+                pPage->iEntriesRequested,
+                pPage->iEntriesReceived,
+                initUsn,
+                VDIR_SAFE_STRING(gVmdirServerGlobals.utdVector.lberbv.bv_val));
     }
-
     _VmDirFreeReplicationPage(pPage);
     pPage = NULL;
     goto cleanup;
@@ -1768,8 +1750,7 @@ _VmDirProcessReplicationPage(
 
         if (entryState == LDAP_SYNC_ADD)
         {
-            errVal = ReplAddEntry( pSchemaCtx, pPage->pEntries+i, &pSchemaCtx,
-                    pContext->bFirstReplicationCycle );
+            errVal = ReplAddEntry( pSchemaCtx, pPage->pEntries+i, &pSchemaCtx);
             pContext->pSchemaCtx = pSchemaCtx ;
 
             if (errVal == LDAP_NO_SUCH_OBJECT)
diff --git a/vmdir/server/rest-head/Makefile.am b/vmdir/server/rest-head/Makefile.am
index b391dd035..af67df4e9 100644
--- a/vmdir/server/rest-head/Makefile.am
+++ b/vmdir/server/rest-head/Makefile.am
@@ -2,33 +2,42 @@
 noinst_LTLIBRARIES = librest-head.la
 
 librest_head_la_SOURCES = \
-    accesstoken.c \
+    libmain.c
+
+if REST_ENABLED
+
+librest_head_la_SOURCES += \
     auth.c \
+    authtoken.c \
     decode.c \
     encode.c \
     globals.c \
+    handler.c \
     httperror.c \
     ldapapi.c \
-    libmain.c \
+    metricsapi.c \
     operation.c \
     param.c \
     resource.c \
     result.c
 
+endif
+
 librest_head_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@ \
-    @TRIDENT_INCLUDES@ \
     @JANSSON_INCLUDES@ \
     @COPENAPI_INCLUDES@ \
-    @SSOCOMMON_INCLUDES@ \
-    @OIDC_INCLUDES@
+    @CRESTENGINE_INCLUDES@
 
 librest_head_la_LDFLAGS = \
     -static
diff --git a/vmdir/server/rest-head/accesstoken.c b/vmdir/server/rest-head/accesstoken.c
deleted file mode 100644
index 406d2affc..000000000
--- a/vmdir/server/rest-head/accesstoken.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright © 2017 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-DWORD
-VmDirRESTAccessTokenInit(
-    PVDIR_REST_ACCESS_TOKEN*    ppAccessToken
-    )
-{
-    DWORD   dwError = 0;
-    PVDIR_REST_ACCESS_TOKEN pAccessToken = NULL;
-
-    if (!ppAccessToken)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(
-            sizeof(VDIR_REST_ACCESS_TOKEN), (PVOID*)&pAccessToken);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    *ppAccessToken = pAccessToken;
-
-cleanup:
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-
-    VmDirFreeRESTAccessToken(pAccessToken);
-    goto cleanup;
-}
-
-DWORD
-VmDirRESTAccessTokenParse(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken,
-    PSTR                    pszAuthData
-    )
-{
-    DWORD   dwError = 0;
-    PSTR    pszTokenType = NULL;
-    PSTR    pszAccessToken = NULL;
-    PSTR    pszDomainName = NULL;
-    POIDC_SERVER_METADATA   pOidcMetadata = NULL;
-    POIDC_ACCESS_TOKEN      pOidcAccessToken = NULL;
-
-    if (!pAccessToken || IsNullOrEmptyString(pszAuthData))
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    pszTokenType = VmDirStringTokA(pszAuthData, " ", &pszAccessToken);
-    if (IsNullOrEmptyString(pszTokenType) ||
-        IsNullOrEmptyString(pszAccessToken))
-    {
-        dwError = VMDIR_ERROR_AUTH_BAD_DATA;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    if (VmDirStringCompareA(pszTokenType, "Bearer", FALSE) == 0)
-    {
-        pAccessToken->tokenType = VDIR_REST_ACCESS_TOKEN_BEARER;
-    }
-    else
-    {
-        dwError = VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirDomainDNToName(
-            BERVAL_NORM_VAL(gVmdirServerGlobals.systemDomainDN),
-            &pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = OidcServerMetadataAcquire(
-            &pOidcMetadata,
-            VMDIR_REST_OIDC_SERVER,
-            VMDIR_REST_OIDC_PORT,
-            pszDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = OidcAccessTokenBuild(
-            &pOidcAccessToken,
-            pszAccessToken,
-            OidcServerMetadataGetSigningCertificatePEM(pOidcMetadata),
-            NULL,
-            VMDIR_REST_DEFAULT_SCOPE,
-            VMDIR_REST_DEFAULT_CLOCK_TOLERANCE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirAllocateStringA(
-            OidcAccessTokenGetSubject(pOidcAccessToken),
-            &pAccessToken->pszBindUPN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pszDomainName);
-    OidcServerMetadataDelete(pOidcMetadata);
-    OidcAccessTokenDelete(pOidcAccessToken);
-    return dwError;
-
-error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-    goto cleanup;
-}
-
-VOID
-VmDirFreeRESTAccessToken(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken
-    )
-{
-    if (pAccessToken)
-    {
-        VMDIR_SAFE_FREE_MEMORY(pAccessToken->pszBindUPN);
-        VMDIR_SAFE_FREE_MEMORY(pAccessToken);
-    }
-}
diff --git a/vmdir/server/rest-head/auth.c b/vmdir/server/rest-head/auth.c
index 00c6e3ce4..666775a8c 100644
--- a/vmdir/server/rest-head/auth.c
+++ b/vmdir/server/rest-head/auth.c
@@ -20,7 +20,6 @@ VmDirRESTAuth(
     )
 {
     DWORD   dwError = 0;
-    PVDIR_OPERATION pBindOp = NULL;
 
     if (!pRestOp)
     {
@@ -37,32 +36,29 @@ VmDirRESTAuth(
         goto cleanup;
     }
 
-    dwError = VmDirExternalOperationCreate(
-            NULL, -1, LDAP_REQ_BIND, pRestOp->pConn, &pBindOp);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirRESTAuthBasic(pRestOp, pBindOp);
-    dwError = dwError ? VmDirRESTAuthToken(pRestOp, pBindOp) : 0;
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirInternalBindEntry(pBindOp);
+    dwError = VmDirRESTAuthViaToken(pRestOp);
+    if (dwError && dwError == VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED)
+    {
+        dwError = VmDirRESTAuthViaBasic(pRestOp);
+    }
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VMDIR_SET_REST_RESULT(pRestOp, pBindOp, dwError, NULL);
-    VmDirFreeOperation(pBindOp);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
 DWORD
-VmDirRESTAuthBasic(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTAuthViaBasic(
+    PVDIR_REST_OPERATION    pRestOp
     )
 {
     DWORD   dwError = 0;
@@ -73,13 +69,18 @@ VmDirRESTAuthBasic(
     PSTR    pszDecode = NULL;
     PSTR    pszBindDN = NULL;
     PSTR    pszPasswd = NULL;
+    PVDIR_OPERATION pBindOp = NULL;
 
-    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth) || !pBindOp)
+    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth))
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    // unset previously set error
+    dwError = VmDirRESTResultUnsetError(pRestOp->pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     pszBasic = strstr(pRestOp->pszAuth, "Basic ");
     if (IsNullOrEmptyString(pszBasic))
     {
@@ -111,6 +112,10 @@ VmDirRESTAuthBasic(
     dwError = VmDirUPNToDN(pszDecode, &pszBindDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_BIND, pRestOp->pConn, &pBindOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     dwError = VmDirStringToBervalContent(pszBindDN, &pBindOp->reqDn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -119,9 +124,14 @@ VmDirRESTAuthBasic(
 
     pBindOp->request.bindReq.method = LDAP_AUTH_SIMPLE;
 
+    dwError = VmDirInternalBindEntry(pBindOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, pBindOp, dwError, NULL);
     VMDIR_SECURE_FREE_STRINGA(pszDecode);
     VMDIR_SAFE_FREE_STRINGA(pszBindDN);
+    VmDirFreeOperation(pBindOp);
     return dwError;
 
 error:
@@ -132,35 +142,42 @@ VmDirRESTAuthBasic(
  * Do Authentication based on received Token
  */
 DWORD
-VmDirRESTAuthToken(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTAuthViaToken(
+    PVDIR_REST_OPERATION    pRestOp
     )
 {
     DWORD   dwError = 0;
     PSTR    pszBindDN = NULL;
-    PVDIR_REST_ACCESS_TOKEN pAccessToken = NULL;
+    PVDIR_REST_AUTH_TOKEN   pAuthToken = NULL;
+    PVDIR_OPERATION pBindOp = NULL;
 
-    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth) || !pBindOp)
+    if (!pRestOp || IsNullOrEmptyString(pRestOp->pszAuth))
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirRESTAccessTokenInit(&pAccessToken);
+    // unset previously set error
+    dwError = VmDirRESTResultUnsetError(pRestOp->pResult);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTAccessTokenParse(pAccessToken, pRestOp->pszAuth);
+    dwError = VmDirRESTAuthTokenInit(&pAuthToken);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // TODO VDIR_REST_ACCESS_TOKEN_HOTK
-    if (pAccessToken->tokenType != VDIR_REST_ACCESS_TOKEN_BEARER)
+    dwError = VmDirRESTAuthTokenParse(pAuthToken, pRestOp->pszAuth);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pAuthToken->tokenType == VDIR_REST_AUTH_TOKEN_HOTK)
     {
-        dwError = VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        // TODO Validate the proof of possession
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNWILLING_TO_PERFORM);
     }
 
-    dwError = VmDirUPNToDN(pAccessToken->pszBindUPN, &pszBindDN);
+    dwError = VmDirUPNToDN(pAuthToken->pszBindUPN, &pszBindDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirExternalOperationCreate(
+            NULL, -1, LDAP_REQ_BIND, pRestOp->pConn, &pBindOp);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirStringToBervalContent(pszBindDN, &pBindOp->reqDn);
@@ -168,9 +185,14 @@ VmDirRESTAuthToken(
 
     pBindOp->request.bindReq.method = LDAP_AUTH_NONE;
 
+    dwError = VmDirInternalBindEntry(pBindOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 cleanup:
-    VmDirFreeRESTAccessToken(pAccessToken);
+    VMDIR_SET_REST_RESULT(pRestOp, pBindOp, dwError, NULL);
+    VmDirFreeRESTAuthToken(pAuthToken);
     VMDIR_SAFE_FREE_STRINGA(pszBindDN);
+    VmDirFreeOperation(pBindOp);
     return dwError;
 
 error:
diff --git a/vmdir/server/rest-head/authtoken.c b/vmdir/server/rest-head/authtoken.c
new file mode 100644
index 000000000..e030bdde6
--- /dev/null
+++ b/vmdir/server/rest-head/authtoken.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDirRESTAuthTokenInit(
+    PVDIR_REST_AUTH_TOKEN*  ppAuthToken
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_REST_AUTH_TOKEN   pAuthToken = NULL;
+
+    if (!ppAuthToken)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_REST_AUTH_TOKEN), (PVOID*)&pAuthToken);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppAuthToken = pAuthToken;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeRESTAuthToken(pAuthToken);
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTAuthTokenParse(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken,
+    PCSTR                   pszAuthData
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwOIDCError = 0;
+    PSTR    pszAuthDataCp = NULL;
+    PSTR    pszTokenType = NULL;
+    PSTR    pszAccessToken = NULL;
+    POIDC_SERVER_METADATA   pOidcMetadata = NULL;
+    POIDC_ACCESS_TOKEN      pOidcAccessToken = NULL;
+
+    if (!pAuthToken || IsNullOrEmptyString(pszAuthData))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringA(pszAuthData, &pszAuthDataCp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pszTokenType = VmDirStringTokA(pszAuthDataCp, " ", &pszAccessToken);
+    if (IsNullOrEmptyString(pszTokenType) ||
+        IsNullOrEmptyString(pszAccessToken))
+    {
+        dwError = VMDIR_ERROR_AUTH_BAD_DATA;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (VmDirStringCompareA(pszTokenType, "Bearer", FALSE) == 0)
+    {
+        pAuthToken->tokenType = VDIR_REST_AUTH_TOKEN_BEARER;
+    }
+    else if (VmDirStringCompareA(pszTokenType, "hotk-pk", FALSE) == 0)
+    {
+        pAuthToken->tokenType = VDIR_REST_AUTH_TOKEN_HOTK;
+    }
+    else
+    {
+        dwError = VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwOIDCError = OidcAccessTokenParse(&pOidcAccessToken, pszAccessToken);
+    dwError = dwOIDCError ? VMDIR_ERROR_OIDC_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwOIDCError = OidcServerMetadataAcquire(
+            &pOidcMetadata,
+            VMDIR_REST_OIDC_SERVER,
+            VMDIR_REST_OIDC_PORT,
+            OidcAccessTokenGetTenant(pOidcAccessToken),
+            NULL /* pszTlsCAPath: NULL means skip TLS validation, pass LIGHTWAVE_TLS_CA_PATH to turn on */);
+    dwError = dwOIDCError ? VMDIR_ERROR_OIDC_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwOIDCError = OidcAccessTokenValidate(
+            pOidcAccessToken,
+            OidcServerMetadataGetSigningCertificatePEM(pOidcMetadata),
+            NULL,
+            VMDIR_REST_DEFAULT_SCOPE,
+            VMDIR_REST_DEFAULT_CLOCK_TOLERANCE);
+    dwError = dwOIDCError ? VMDIR_ERROR_OIDC_UNAVAILABLE : 0;
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(
+            OidcAccessTokenGetSubject(pOidcAccessToken),
+            &pAuthToken->pszBindUPN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAuthDataCp);
+    OidcServerMetadataDelete(pOidcMetadata);
+    OidcAccessTokenDelete(pOidcAccessToken);
+    return dwError;
+
+error:
+    // don't log error if VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED,
+    // because it will try other available auth methods
+    if (dwError != VMDIR_ERROR_AUTH_METHOD_NOT_SUPPORTED)
+    {
+        VMDIR_LOG_ERROR(
+                VMDIR_LOG_MASK_ALL,
+                "%s failed, error (%d) OIDC error (%d)",
+                __FUNCTION__,
+                dwError,
+                dwOIDCError);
+    }
+    goto cleanup;
+}
+
+VOID
+VmDirFreeRESTAuthToken(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken
+    )
+{
+    if (pAuthToken)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pAuthToken->pszBindUPN);
+        VMDIR_SAFE_FREE_MEMORY(pAuthToken);
+    }
+}
diff --git a/vmdir/server/rest-head/decode.c b/vmdir/server/rest-head/decode.c
index fc4efd983..ccf01cd58 100644
--- a/vmdir/server/rest-head/decode.c
+++ b/vmdir/server/rest-head/decode.c
@@ -14,6 +14,150 @@
 
 #include "includes.h"
 
+DWORD
+VmDirRESTDecodeAttributeNoAlloc(
+    json_t*         pjInput,
+    PVDIR_ATTRIBUTE pAttr
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    json_t* pjAttr = NULL;
+    json_t* pjType = NULL;
+    json_t* pjVals = NULL;
+    json_t* pjVal = NULL;
+    PCSTR   pszType = NULL;
+    PCSTR   pszVal = NULL;
+    PSTR    pszDecoded = NULL;
+    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
+    size_t  valLen = 0;
+    int     len = 0;
+
+    if (!pAttr)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjAttr = pjInput;
+    if (!pjAttr || !json_is_object(pjAttr))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pjType = json_object_get(pjAttr, "type");
+    if (!pjType || !json_is_string(pjType))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    pszType = json_string_value(pjType);
+
+    dwError = VmDirStringToBervalContent(pszType, &pAttr->type);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSchemaAttrNameToDescriptor(
+            pSchemaCtx, pszType, &pAttr->pATDesc);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pjVals = json_object_get(pjAttr, "value");
+    if (!pjVals || !json_is_array(pjVals))
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    pAttr->numVals = (DWORD)json_array_size(pjVals);
+
+    dwError = VmDirAllocateMemory(
+            sizeof(VDIR_BERVALUE) * (pAttr->numVals + 1),
+            (PVOID*)&pAttr->vals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (i = 0; i < pAttr->numVals; i++)
+    {
+        pjVal = json_array_get(pjVals, i);
+        if (!pjVal || !json_is_string(pjVal))
+        {
+            dwError = VMDIR_ERROR_INVALID_REQUEST;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        pszVal = json_string_value(pjVal);
+
+        // check if value needs to be decoded
+        if (VmDirSchemaAttrIsOctetString(pAttr->pATDesc))
+        {
+            VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+
+            valLen = VmDirStringLenA(pszVal);
+            dwError = VmDirAllocateMemory(valLen + 1, (PVOID*)&pszDecoded);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            dwError = sasl_decode64(pszVal, valLen, pszDecoded, valLen, &len);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else
+        {
+            dwError = VmDirStringToBervalContent(pszVal, &pAttr->vals[i]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDecoded);
+    VmDirSchemaCtxRelease(pSchemaCtx);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTDecodeAttribute(
+    json_t*             pjInput,
+    PVDIR_ATTRIBUTE*    ppAttr
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_ATTRIBUTE pAttr = NULL;
+
+    if (!ppAttr)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(VDIR_ATTRIBUTE), (PVOID*)&pAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTDecodeAttributeNoAlloc(pjInput, pAttr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppAttr = pAttr;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VmDirFreeAttribute(pAttr);
+    goto cleanup;
+}
+
 DWORD
 VmDirRESTDecodeEntry(
     json_t*         pjInput,
@@ -21,17 +165,12 @@ VmDirRESTDecodeEntry(
     )
 {
     DWORD   dwError = 0;
-    DWORD   i = 0, j = 0;
+    DWORD   i = 0;
     json_t* pjEntry = NULL;
     json_t* pjDN = NULL;
     json_t* pjAttrs = NULL;
     json_t* pjAttr = NULL;
-    json_t* pjType = NULL;
-    json_t* pjVals = NULL;
-    json_t* pjVal = NULL;
     PCSTR   pszDN = NULL;
-    PCSTR   pszType = NULL;
-    PCSTR   pszVal = NULL;
     PVDIR_ENTRY     pEntry = NULL;
     PVDIR_ATTRIBUTE pAttr = NULL;
 
@@ -73,54 +212,10 @@ VmDirRESTDecodeEntry(
 
     for (i = 0; i < json_array_size(pjAttrs); i++)
     {
-        dwError = VmDirAllocateMemory(sizeof(VDIR_ATTRIBUTE), (PVOID*)&pAttr);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
         pjAttr = json_array_get(pjAttrs, i);
-        if (!pjAttr || !json_is_object(pjAttr))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        pjType = json_object_get(pjAttr, "type");
-        if (!pjType || !json_is_string(pjType))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        pszType = json_string_value(pjType);
-
-        dwError = VmDirStringToBervalContent(pszType, &pAttr->type);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pjVals = json_object_get(pjAttr, "value");
-        if (!pjVals || !json_is_array(pjVals))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        pAttr->numVals = (DWORD)json_array_size(pjVals);
-
-        dwError = VmDirAllocateMemory(
-                sizeof(VDIR_BERVALUE) * (pAttr->numVals + 1),
-                (PVOID*)&pAttr->vals);
+        dwError = VmDirRESTDecodeAttribute(pjAttr, &pAttr);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        for (j = 0; j < pAttr->numVals; j++)
-        {
-            pjVal = json_array_get(pjVals, j);
-            if (!pjVal || !json_is_string(pjVal))
-            {
-                dwError = VMDIR_ERROR_INVALID_REQUEST;
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-            pszVal = json_string_value(pjVal);
-
-            dwError = VmDirStringToBervalContent(pszVal, &pAttr->vals[j]);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
         pAttr->next = pEntry->attrs;
         pEntry->attrs = pAttr;
         pAttr = NULL;
@@ -132,8 +227,11 @@ VmDirRESTDecodeEntry(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeAttribute(pAttr);
     VmDirFreeEntry(pEntry);
@@ -141,7 +239,7 @@ VmDirRESTDecodeEntry(
 }
 
 DWORD
-VmDirRESTDecodeMods(
+VmDirRESTDecodeEntryMods(
     json_t*             pjInput,
     PVDIR_MODIFICATION* ppMods,
     DWORD*              pdwNumMods
@@ -149,17 +247,12 @@ VmDirRESTDecodeMods(
 {
     DWORD   dwError = 0;
     DWORD   dwNumMods = 0;
-    DWORD   i = 0, j = 0;
+    DWORD   i = 0;
     json_t* pjMods = NULL;
     json_t* pjMod = NULL;
     json_t* pjOp = NULL;
     json_t* pjAttr = NULL;
-    json_t* pjType = NULL;
-    json_t* pjVals = NULL;
-    json_t* pjVal = NULL;
     PCSTR   pszOp = NULL;
-    PCSTR   pszType = NULL;
-    PCSTR   pszVal = NULL;
     PVDIR_MODIFICATION  pMod = NULL;
     PVDIR_MODIFICATION  pMods = NULL;
 
@@ -222,44 +315,9 @@ VmDirRESTDecodeMods(
             BAIL_ON_VMDIR_ERROR(dwError);
         }
 
-        pjType = json_object_get(pjAttr, "type");
-        if (!pjType || !json_is_string(pjType))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        pszType = json_string_value(pjType);
-
-        dwError = VmDirStringToBervalContent(pszType, &pMod->attr.type);
+        dwError = VmDirRESTDecodeAttributeNoAlloc(pjAttr, &pMod->attr);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        pjVals = json_object_get(pjAttr, "value");
-        if (!pjVals || !json_is_array(pjVals))
-        {
-            dwError = VMDIR_ERROR_INVALID_REQUEST;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-        pMod->attr.numVals = (DWORD)json_array_size(pjVals);
-
-        dwError = VmDirAllocateMemory(
-                sizeof(VDIR_BERVALUE) * (pMod->attr.numVals + 1),
-                (PVOID*)&pMod->attr.vals);
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        for (j = 0; j < pMod->attr.numVals; j++)
-        {
-            pjVal = json_array_get(pjVals, j);
-            if (!pjVal || !json_is_string(pjVal))
-            {
-                dwError = VMDIR_ERROR_INVALID_REQUEST;
-                BAIL_ON_VMDIR_ERROR(dwError);
-            }
-            pszVal = json_string_value(pjVal);
-
-            dwError = VmDirStringToBervalContent(pszVal, &pMod->attr.vals[j]);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
         pMod->next = pMods;
         pMods = pMod;
         pMod = NULL;
@@ -272,8 +330,11 @@ VmDirRESTDecodeMods(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirModificationFree(pMod);
     for (pMod = pMods; pMod; )
diff --git a/vmdir/server/rest-head/defines.h b/vmdir/server/rest-head/defines.h
index 5bda00fed..9e7c93844 100644
--- a/vmdir/server/rest-head/defines.h
+++ b/vmdir/server/rest-head/defines.h
@@ -12,15 +12,15 @@
  * under the License.
  */
 
-// REST ENGINE CONFIG VALUES
-// TRIDENT
-#define VMDIR_REST_SSLCERT          VMDIR_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "vmdircert.pem"
-#define VMDIR_REST_SSLKEY           VMDIR_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "vmdirkey.pem"
-#define REST_API_SPEC               VMDIR_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "vmdir-rest.json"
-#define VMDIR_REST_DEBUGLOGFILE     "/tmp/vmdir-rest.log"
-//#define VMDIR_REST_DEBUGLOGFILE     VMDIR_LOG_DIR    VMDIR_PATH_SEPARATOR_STR "vmdir-rest.log"    TODO use this when lightwave-first is complete
-#define VMDIR_REST_CLIENTCNT        "5"
-#define VMDIR_REST_WORKERTHCNT      "5"
+// C REST ENGINE CONFIG VALUES
+#define REST_API_SPEC                VMDIR_CONFIG_DIR VMDIR_PATH_SEPARATOR_STR "vmdir-rest.json"
+#define VMDIR_HTTP_DEBUGLOGFILE      "/var/log/lightwave/vmdir-rest-HTTP.log"
+#define VMDIR_HTTPS_DEBUGLOGFILE     "/var/log/lightwave/vmdir-rest-HTTPS.log"
+//TODO-update VMDIR_LOG_DIR to correct path, is still pointing to /var/log/lightwave/vmdir
+//#define VMDIR_HTTP_DEBUGLOGFILE      VMDIR_LOG_DIR VMDIR_PATH_SEPARATOR_STR "vmdir-rest-HTTP.log"
+//#define VMDIR_HTTPS_DEBUGLOGFILE     VMDIR_LOG_DIR VMDIR_PATH_SEPARATOR_STR "vmdir-rest-HTTPS.log"
+#define VMDIR_REST_CLIENTCNT        "64"
+#define VMDIR_REST_WORKERTHCNT      "64"
 
 #define MAX_REST_PAYLOAD_LENGTH     4096
 
@@ -30,6 +30,10 @@
 #define VMDIR_REST_DEFAULT_SCOPE            "rs_vmdir"
 #define VMDIR_REST_DEFAULT_CLOCK_TOLERANCE  60.0
 
+// HTTP headers
+#define VMDIR_REST_HEADER_AUTHENTICATION    "Authorization"
+#define VMDIR_REST_HEADER_IF_MATCH          "If-Match"
+
 // HTTP STATUS CODES
 // 1xx Informational
 #define HTTP_CONTINUE                           100
@@ -115,7 +119,7 @@
         {                                                               \
             pResource = ((PVDIR_REST_OPERATION)pRestOp)->pResource;     \
             pRestRslt = ((PVDIR_REST_OPERATION)pRestOp)->pResult;       \
-            (pResource)->pfnSetResult(                                   \
+            (pResource)->pfnSetResult(                                  \
                     pRestRslt, pLdapRslt, dwError, pszErrMsg);          \
         }                                                               \
     } while (0)
diff --git a/vmdir/server/rest-head/encode.c b/vmdir/server/rest-head/encode.c
index 6e9813a7e..a612362f8 100644
--- a/vmdir/server/rest-head/encode.c
+++ b/vmdir/server/rest-head/encode.c
@@ -24,7 +24,7 @@ VmDirRESTEncodeAttribute(
     DWORD   i = 0;
     json_t* pjVals = NULL;
     json_t* pjAttr = NULL;
-    PSTR    pszEncodedVal = NULL;
+    PSTR    pszEncoded = NULL;
     int     len = 0;
 
     if (!pAttr || !ppjOutput)
@@ -45,23 +45,23 @@ VmDirRESTEncodeAttribute(
         // check if value needs to be encoded
         if (VmDirSchemaAttrIsOctetString(pAttr->pATDesc))
         {
-            VMDIR_SAFE_FREE_STRINGA(pszEncodedVal);
+            VMDIR_SAFE_FREE_STRINGA(pszEncoded);
 
             dwError = VmDirAllocateMemory(
                     pAttr->vals[i].lberbv.bv_len * 2 + 1,
-                    (PVOID*)&pszEncodedVal);
+                    (PVOID*)&pszEncoded);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             dwError = sasl_encode64(
                     pAttr->vals[i].lberbv.bv_val,
                     pAttr->vals[i].lberbv.bv_len,
-                    pszEncodedVal,
+                    pszEncoded,
                     pAttr->vals[i].lberbv.bv_len * 2 + 1,
                     &len);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             dwError = json_array_append_new(
-                    pjVals, json_string(pszEncodedVal));
+                    pjVals, json_string(pszEncoded));
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else
@@ -79,12 +79,15 @@ VmDirRESTEncodeAttribute(
     *ppjOutput = pjAttr;
 
 cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszEncodedVal);
+    VMDIR_SAFE_FREE_STRINGA(pszEncoded);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjVals)
     {
@@ -107,6 +110,8 @@ VmDirRESTEncodeEntry(
     DWORD   dwError = 0;
     DWORD   i = 0, j = 0;
     BOOLEAN bReturn = FALSE;
+    BOOLEAN bAsterisk = FALSE;
+    BOOLEAN bPlusSign = FALSE;
     PVDIR_ATTRIBUTE pAttr = NULL;
     PVDIR_ATTRIBUTE pAttrs[3] = {0};
     json_t*         pjAttr = NULL;
@@ -126,7 +131,18 @@ VmDirRESTEncodeEntry(
             pjEntry, "dn", json_string(pEntry->dn.lberbv.bv_val));
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    // TODO special char?
+    for (i = 0; pbvAttrs && pbvAttrs[i].lberbv.bv_val; i++)
+    {
+        if (VmDirStringCompareA("*", pbvAttrs[i].lberbv.bv_val, TRUE) == 0)
+        {
+            bAsterisk = TRUE;
+        }
+        else if (VmDirStringCompareA("+", pbvAttrs[i].lberbv.bv_val, TRUE) == 0)
+        {
+            bPlusSign = TRUE;
+        }
+    }
+
     pAttrs[0] = pEntry->attrs;
     pAttrs[1] = pEntry->pComputedAttrs;
 
@@ -134,17 +150,32 @@ VmDirRESTEncodeEntry(
     {
         for (pAttr = pAttrs[i]; pAttr; pAttr = pAttr->next)
         {
-            bReturn = pbvAttrs == NULL;
+            bReturn = FALSE;
 
-            for (j = 0; pbvAttrs && pbvAttrs[j].lberbv.bv_val; j++)
+            if ((bAsterisk || !pbvAttrs) &&
+                    pAttr->pATDesc->usage ==
+                            VDIR_LDAP_USER_APPLICATIONS_ATTRIBUTE)
+            {
+                bReturn = TRUE;
+            }
+            else if (bPlusSign &&
+                    pAttr->pATDesc->usage ==
+                            VDIR_LDAP_DIRECTORY_OPERATION_ATTRIBUTE)
+            {
+                bReturn = TRUE;
+            }
+            else if (pbvAttrs)
             {
-                if (VmDirStringCompareA(
-                        pAttr->type.lberbv.bv_val,
-                        pbvAttrs[j].lberbv.bv_val,
-                        FALSE) == 0)
+                for (j = 0; pbvAttrs[j].lberbv.bv_val; j++)
                 {
-                    bReturn = TRUE;
-                    break;
+                    if (VmDirStringCompareA(
+                            pAttr->type.lberbv.bv_val,
+                            pbvAttrs[j].lberbv.bv_val,
+                            FALSE) == 0)
+                    {
+                        bReturn = TRUE;
+                        break;
+                    }
                 }
             }
 
@@ -170,8 +201,11 @@ VmDirRESTEncodeEntry(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjAttr)
     {
@@ -227,8 +261,11 @@ VmDirRESTEncodeEntryArray(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjEntry)
     {
diff --git a/vmdir/server/rest-head/externs.h b/vmdir/server/rest-head/externs.h
index ae03d050c..057e096ab 100644
--- a/vmdir/server/rest-head/externs.h
+++ b/vmdir/server/rest-head/externs.h
@@ -13,3 +13,6 @@
  */
 
 extern PREST_API_DEF gpVdirRestApiDef;
+
+extern PVMREST_HANDLE gpVdirRestHTTPHandle;
+extern PVMREST_HANDLE gpVdirRestHTTPSHandle;
diff --git a/vmdir/server/rest-head/globals.c b/vmdir/server/rest-head/globals.c
index e08cfa791..8d08c0ee3 100644
--- a/vmdir/server/rest-head/globals.c
+++ b/vmdir/server/rest-head/globals.c
@@ -15,3 +15,6 @@
 #include "includes.h"
 
 PREST_API_DEF gpVdirRestApiDef = NULL;
+
+PVMREST_HANDLE gpVdirRestHTTPHandle = NULL;
+PVMREST_HANDLE gpVdirRestHTTPSHandle = NULL;
diff --git a/vmdir/server/rest-head/handler.c b/vmdir/server/rest-head/handler.c
new file mode 100644
index 000000000..cb2496c03
--- /dev/null
+++ b/vmdir/server/rest-head/handler.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * We provide this function as callback to c-rest-engine,
+ * c-rest-engine will use this callback upon receiving a request
+ */
+DWORD
+VmDirRESTRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwRestOpErr = 0;    // don't bail on this
+    PVDIR_REST_OPERATION    pRestOp = NULL;
+
+    if (!pRESTHandle || !pRequest || !ppResponse)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
+    {
+        goto cleanup;
+    }
+
+    dwRestOpErr = VmDirRESTOperationCreate(&pRestOp);
+    if (dwRestOpErr)
+    {
+        dwError = VmDirRESTWriteSimpleErrorResponse(
+                pRESTHandle, ppResponse, 500);  // 500 = Internal Server Error
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwRestOpErr = VmDirRESTProcessRequest(
+                pRestOp, pRESTHandle, pRequest, paramsCount);
+
+        dwError = VmDirRESTOperationWriteResponse(
+                pRestOp, pRESTHandle, ppResponse);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    VmDirFreeRESTOperation(pRestOp);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d), rest operation error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwRestOpErr);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTProcessRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest,
+    uint32_t                paramsCount
+    )
+{
+    DWORD   dwError = 0;
+    PREST_API_METHOD    pMethod = NULL;
+
+    if (!pRestOp || !pRESTHandle || !pRequest)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirRESTOperationReadRequest(
+            pRestOp, pRESTHandle, pRequest, paramsCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirRESTAuth(pRestOp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = coapi_find_handler(
+            gpVdirRestApiDef,
+            pRestOp->pszPath,
+            pRestOp->pszMethod,
+            &pMethod);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = pMethod->pFnImpl((void*)pRestOp, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTWriteSimpleErrorResponse(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_RESPONSE* ppResponse,
+    int             httpStatus
+    )
+{
+    DWORD   dwError = 0;
+    PVDIR_HTTP_ERROR    pHttpError = NULL;
+
+    if (!pRESTHandle || !ppResponse)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmRESTSetHttpStatusVersion(ppResponse, "HTTP/1.1");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pHttpError = VmDirRESTGetHttpError(httpStatus);
+
+    dwError = VmRESTSetHttpStatusCode(ppResponse, pHttpError->pszHttpStatus);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpReasonPhrase(ppResponse, pHttpError->pszHttpReason);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
diff --git a/vmdir/server/rest-head/includes.h b/vmdir/server/rest-head/includes.h
index 7e8526bea..a5373efa0 100644
--- a/vmdir/server/rest-head/includes.h
+++ b/vmdir/server/rest-head/includes.h
@@ -42,9 +42,13 @@
 
 #include <backend.h>
 #include <middlelayer.h>
+#include <ldaphead.h>
 #include <resthead.h>
+#include <schema.h>
 #include <vmdirserver.h>
 
+#ifdef REST_ENABLED
+
 #include <copenapi/copenapi.h>
 #include <curl/curl.h>
 #include <gssapi/gssapi.h>
@@ -53,7 +57,7 @@
 #include <sasl/saslutil.h>
 #include <vmrest.h>
 
-#include <common_types.h>
+#include <ssotypes.h>
 #include <oidc_types.h>
 #include <oidc.h>
 
@@ -61,3 +65,5 @@
 #include "externs.h"
 #include "structs.h"
 #include "prototypes.h"
+
+#endif
diff --git a/vmdir/server/rest-head/ldapapi.c b/vmdir/server/rest-head/ldapapi.c
index ebbf2ecd1..36fcbea2b 100644
--- a/vmdir/server/rest-head/ldapapi.c
+++ b/vmdir/server/rest-head/ldapapi.c
@@ -24,8 +24,7 @@ REST_MODULE _ldap_rest_module[] =
     {
         "/v1/vmdir/ldap",
         {VmDirRESTLdapSearch, VmDirRESTLdapAdd, NULL, VmDirRESTLdapDelete, VmDirRESTLdapModify}
-    },
-    {0}
+    }
 };
 
 DWORD
@@ -82,8 +81,12 @@ VmDirRESTLdapAdd(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -116,9 +119,11 @@ VmDirRESTLdapSearch(
             NULL, -1, LDAP_REQ_SEARCH, pRestOp->pConn, &pSearchOp);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirRESTGetStrParam(pRestOp, "dn", &pszDN, TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError)
+
     dwError = VmDirRESTGetLdapSearchParams(
             pRestOp,
-            &pszDN,
             &pSearchOp->request.searchReq.scope,
             &pSearchOp->request.searchReq.filter,
             &pSearchOp->request.searchReq.attrs,
@@ -171,8 +176,11 @@ VmDirRESTLdapSearch(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     if (pjResult)
     {
@@ -216,7 +224,7 @@ VmDirRESTLdapModify(
     dwError = VmDirStringToBervalContent(pszDN, &pModifyOp->request.modifyReq.dn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTDecodeMods(
+    dwError = VmDirRESTDecodeEntryMods(
             pRestOp->pjInput,
             &pModifyOp->request.modifyReq.mods,
             &pModifyOp->request.modifyReq.numMods);
@@ -232,8 +240,12 @@ VmDirRESTLdapModify(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -282,8 +294,12 @@ VmDirRESTLdapDelete(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -333,8 +349,12 @@ VmDirRESTLdapSetResult(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -410,7 +430,11 @@ VmDirRESTLdapGetHttpError(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
diff --git a/vmdir/server/rest-head/libmain.c b/vmdir/server/rest-head/libmain.c
index 4aea8580a..6a9347875 100644
--- a/vmdir/server/rest-head/libmain.c
+++ b/vmdir/server/rest-head/libmain.c
@@ -14,6 +14,8 @@
 
 #include "includes.h"
 
+#ifdef REST_ENABLED
+
 REST_PROCESSOR sVmDirRESTHandlers =
 {
     .pfnHandleCreate = &VmDirRESTRequestHandler,
@@ -23,61 +25,85 @@ REST_PROCESSOR sVmDirRESTHandlers =
     .pfnHandleOthers = &VmDirRESTRequestHandler
 };
 
+static
+DWORD
+_VmDirRESTServerInitHTTP(
+    VOID
+    );
+
+static
+DWORD
+_VmDirRESTServerInitHTTPS(
+    VOID
+    );
+
+static
+VOID
+_VmDirRESTServerShutdownHTTP(
+    VOID
+    );
+
+static
+VOID
+_VmDirRESTServerShutdownHTTPS(
+    VOID
+    );
+
 DWORD
 VmDirRESTServerInit(
     VOID
     )
 {
-    DWORD   dwError = 0;
-    REST_CONF   config = {0};
-    PREST_PROCESSOR     pHandlers = &sVmDirRESTHandlers;
-    PREST_API_MODULE    pModule = NULL;
+    DWORD dwError = 0;
 
     MODULE_REG_MAP stRegMap[] =
     {
         {"ldap", VmDirRESTGetLdapModule},
+        {"metrics", VmDirRESTGetMetricsModule},
         {NULL, NULL}
     };
 
-    config.pSSLCertificate = VMDIR_REST_SSLCERT;
-    config.pSSLKey = VMDIR_REST_SSLKEY;
-    config.pServerPort = gVmdirGlobals.pszRestListenPort;
-    config.pDebugLogFile = VMDIR_REST_DEBUGLOGFILE;
-    config.pClientCount = VMDIR_REST_CLIENTCNT;
-    config.pMaxWorkerThread = VMDIR_REST_WORKERTHCNT;
-
-    dwError = VmRESTInit(&config, NULL);
+    // Initialize OidcClient only once
+    dwError = OidcClientGlobalInit();
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    /*
+     * We can use the same REST_API_SPEC for both HTTP and HTTPS because vmdir
+     * rest init code only refers to API definitions (which is common)
+     */
     dwError = coapi_load_from_file(REST_API_SPEC, &gpVdirRestApiDef);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = coapi_map_api_impl(gpVdirRestApiDef, stRegMap);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (pModule = gpVdirRestApiDef->pModules; pModule; pModule = pModule->pNext)
+    dwError = _VmDirRESTServerInitHTTP();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirRESTServerInitHTTPS();
+    if (dwError != 0)
     {
-        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
-        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
-        {
-            dwError = VmRESTRegisterHandler(pEndPoint->pszName, pHandlers, NULL);
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
+        /*
+         * Before promoting lightwave node, obtaining cert from VECS will fail which is expected
+         * hence treat it as soft fail
+         */
+         VMDIR_LOG_WARNING(
+                 VMDIR_LOG_MASK_ALL,
+                 "VmRESTServerInit: HTTPS port init failed with error %d, (failure is expected before promote)",
+                 dwError);
+         dwError = 0;
     }
 
-    // TODO uncomment
-//    dwError = OidcClientGlobalInit();
-//    BAIL_ON_VMCA_ERROR(dwError);
-
-    dwError = VmRESTStart();
-    BAIL_ON_VMDIR_ERROR(dwError);
-
 cleanup:
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-                    "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -86,81 +112,233 @@ VmDirRESTServerShutdown(
     VOID
     )
 {
+    _VmDirRESTServerShutdownHTTP();
+    _VmDirRESTServerShutdownHTTPS();
+
+    OidcClientGlobalCleanup();
+    VMDIR_SAFE_FREE_MEMORY(gpVdirRestApiDef);
+}
+
+static
+DWORD
+_VmDirRESTServerInitHTTP(
+    VOID
+    )
+{
+    DWORD   dwError = 0;
+    REST_CONF   config = {0};
+    PREST_PROCESSOR     pHandlers = &sVmDirRESTHandlers;
     PREST_API_MODULE    pModule = NULL;
 
-    VmRESTStop();
-    if (gpVdirRestApiDef)
+    /*
+     * pszHTTPListenPort can never be NULL because of default values assigned to them
+     * if Port string is empty, it means user wants to disable corresponding service
+     */
+    if (IsNullOrEmptyString(gVmdirGlobals.pszHTTPListenPort))
+    {
+        VMDIR_LOG_WARNING(
+                VMDIR_LOG_MASK_ALL,
+                "%s : not listening in HTTP port",
+                __FUNCTION__);
+        goto cleanup;
+    }
+
+    config.pSSLCertificate = RSA_SERVER_CERT;
+    config.pSSLKey = RSA_SERVER_KEY;
+    config.pServerPort = gVmdirGlobals.pszHTTPListenPort;
+    config.pDebugLogFile = VMDIR_HTTP_DEBUGLOGFILE;
+    config.pClientCount = VMDIR_REST_CLIENTCNT;
+    config.pMaxWorkerThread = VMDIR_REST_WORKERTHCNT;
+
+    dwError = VmRESTInit(&config, NULL, &gpVdirRestHTTPHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (pModule = gpVdirRestApiDef->pModules; pModule; pModule = pModule->pNext)
     {
-        pModule = gpVdirRestApiDef->pModules;
-        for (; pModule; pModule = pModule->pNext)
+        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
         {
-            PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
-            for (; pEndPoint; pEndPoint = pEndPoint->pNext)
-            {
-                (VOID)VmRESTUnRegisterHandler(pEndPoint->pszName);
-            }
+            dwError = VmRESTRegisterHandler(
+                    gpVdirRestHTTPHandle, pEndPoint->pszName, pHandlers, NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
-    VmRESTShutdown();
 
-    // TODO uncomment
-//    OidcClientGlobalCleanup();
-    VMDIR_SAFE_FREE_MEMORY(gpVdirRestApiDef);
+    dwError = VmRESTStart(gpVdirRestHTTPHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
 }
 
+static
 DWORD
-VmDirRESTRequestHandler(
-    PREST_REQUEST   pRequest,
-    PREST_RESPONSE* ppResponse,
-    uint32_t        paramsCount
+_VmDirRESTServerInitHTTPS(
+    VOID
     )
 {
     DWORD   dwError = 0;
-    PVDIR_REST_OPERATION    pRestOp = NULL;
-    PREST_API_METHOD    pMethod = NULL;
-
-    if (!pRequest || !ppResponse)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    PSTR    pszCert = NULL;
+    PSTR    pszKey = NULL;
+    REST_CONF   config = {0};
+    PREST_PROCESSOR     pHandlers = &sVmDirRESTHandlers;
+    PREST_API_MODULE    pModule = NULL;
 
-    if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
+    /*
+     * pszHTTPSListenPort can never be NULL because of default values assigned to them
+     * if Port string is empty, it means user wants to disable corresponding service
+     */
+    if (IsNullOrEmptyString(gVmdirGlobals.pszHTTPSListenPort))
     {
+        VMDIR_LOG_WARNING(
+                VMDIR_LOG_MASK_ALL,
+                "%s : not listening in HTTPS port",
+                __FUNCTION__);
         goto cleanup;
     }
 
-    dwError = VmDirRESTOperationCreate(&pRestOp);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    config.pSSLCertificate = NULL;
+    config.pSSLKey = NULL;
+    config.pServerPort = gVmdirGlobals.pszHTTPSListenPort;
+    config.pDebugLogFile = VMDIR_HTTPS_DEBUGLOGFILE;
+    config.pClientCount = VMDIR_REST_CLIENTCNT;
+    config.pMaxWorkerThread = VMDIR_REST_WORKERTHCNT;
 
-    dwError = VmDirRESTOperationReadRequest(pRestOp, pRequest, paramsCount);
+    dwError = VmRESTInit(&config, NULL, &gpVdirRestHTTPSHandle);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTAuth(pRestOp);
+    //Get Certificate and Key from VECS and Set it to Rest Engine
+    dwError = VmDirGetVecsMachineCert(&pszCert, &pszKey);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = coapi_find_handler(
-            gpVdirRestApiDef,
-            pRestOp->pszEndpoint,
-            pRestOp->pszMethod,
-            &pMethod);
+    dwError = VmRESTSetSSLInfo(gpVdirRestHTTPSHandle, pszCert, VmDirStringLenA(pszCert)+1, SSL_DATA_TYPE_CERT);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = pMethod->pFnImpl((void*)pRestOp, NULL);
+    dwError = VmRESTSetSSLInfo(gpVdirRestHTTPSHandle, pszKey, VmDirStringLenA(pszKey)+1, SSL_DATA_TYPE_KEY);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-response:
-    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
-    // Nothing can be done if failed to send response
-    dwError = VmDirRESTOperationWriteResponse(pRestOp, ppResponse);
-    goto cleanup;
+    for (pModule = gpVdirRestApiDef->pModules; pModule; pModule = pModule->pNext)
+    {
+        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+        {
+            dwError = VmRESTRegisterHandler(
+                    gpVdirRestHTTPSHandle, pEndPoint->pszName, pHandlers, NULL);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    dwError = VmRESTStart(gpVdirRestHTTPSHandle);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
-    VmDirFreeRESTOperation(pRestOp);
+    VMDIR_SAFE_FREE_MEMORY(pszCert);
+    VMDIR_SAFE_FREE_MEMORY(pszKey);
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
-    goto response;
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirRESTServerShutdownHTTP(
+    VOID
+    )
+{
+    PREST_API_MODULE    pModule = NULL;
+
+    if (IsNullOrEmptyString(gVmdirGlobals.pszHTTPListenPort))
+    {
+        //No operation - HTTP port was not initialized
+        return;
+    }
+
+    if (gpVdirRestHTTPHandle)
+    {
+        VmRESTStop(gpVdirRestHTTPHandle);
+        if (gpVdirRestApiDef)
+        {
+            pModule = gpVdirRestApiDef->pModules;
+            for (; pModule; pModule = pModule->pNext)
+            {
+                PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+                for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+                {
+                    (VOID)VmRESTUnRegisterHandler(
+                            gpVdirRestHTTPHandle, pEndPoint->pszName);
+                }
+            }
+        }
+        VmRESTShutdown(gpVdirRestHTTPHandle);
+    }
 }
+
+static
+VOID
+_VmDirRESTServerShutdownHTTPS(
+    VOID
+    )
+{
+    PREST_API_MODULE    pModule = NULL;
+
+    if (IsNullOrEmptyString(gVmdirGlobals.pszHTTPSListenPort))
+    {
+        //No operation - HTTPS port was not initialized
+        return;
+    }
+
+    if (gpVdirRestHTTPSHandle)
+    {
+        VmRESTStop(gpVdirRestHTTPSHandle);
+        if (gpVdirRestApiDef)
+        {
+            pModule = gpVdirRestApiDef->pModules;
+            for (; pModule; pModule = pModule->pNext)
+            {
+                PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+                for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+                {
+                    (VOID)VmRESTUnRegisterHandler(
+                            gpVdirRestHTTPSHandle, pEndPoint->pszName);
+                }
+            }
+        }
+        VmRESTShutdown(gpVdirRestHTTPSHandle);
+    }
+}
+
+#else
+
+DWORD
+VmDirRESTServerInit(
+    VOID
+    )
+{
+    return 0;
+}
+
+VOID
+VmDirRESTServerShutdown(
+    VOID
+    )
+{
+    return;
+}
+
+#endif
diff --git a/vmdir/server/rest-head/metricsapi.c b/vmdir/server/rest-head/metricsapi.c
new file mode 100644
index 000000000..a11fe8e04
--- /dev/null
+++ b/vmdir/server/rest-head/metricsapi.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * REST_MODULE (from copenapitypes.h)
+ * callback indices must correspond to:
+ *      GET, PUT, POST, DELETE, PATCH
+ */
+REST_MODULE _metrics_rest_module[] =
+{
+    {
+        "/v1/vmdir/metrics",
+        {VmDirRESTMetricsGet, NULL, NULL, NULL, NULL}
+    }
+};
+
+DWORD
+VmDirRESTGetMetricsModule(
+    PREST_MODULE*   ppRestModule
+    )
+{
+    *ppRestModule = _metrics_rest_module;
+    return 0;
+}
+
+/*
+ * Performs GET operation for all the VmDir metrics
+ */
+DWORD
+VmDirRESTMetricsGet(
+    void*   pIn,
+    void**  ppOut
+    )
+{
+    DWORD dwError = 0;
+    PVDIR_REST_OPERATION pRestOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    pRestOp = (PVDIR_REST_OPERATION)pIn;
+
+    dwError = VmMetricsGetPrometheusData(pmContext,
+                        &pRestOp->pResult->pszData,
+                        &pRestOp->pResult->dwDataLen);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SET_REST_RESULT(pRestOp, NULL, dwError, NULL);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
diff --git a/vmdir/server/rest-head/operation.c b/vmdir/server/rest-head/operation.c
index 8165bc41f..8d4287102 100644
--- a/vmdir/server/rest-head/operation.c
+++ b/vmdir/server/rest-head/operation.c
@@ -46,7 +46,7 @@ VmDirRESTOperationCreate(
     dwError = VmDirRESTResultCreate(&pRestOp->pResult);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pRestOp->pResource = VmDirRESTGetResource(VDIR_REST_RSC_UNKNOWN);
+    pRestOp->pResource = VmDirRESTGetResource(NULL);
 
     *ppRestOp = pRestOp;
 
@@ -54,8 +54,11 @@ VmDirRESTOperationCreate(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeRESTOperation(pRestOp);
     goto cleanup;
@@ -64,21 +67,21 @@ VmDirRESTOperationCreate(
 DWORD
 VmDirRESTOperationReadRequest(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_REQUEST           pRestReq,
     DWORD                   dwParamCount
     )
 {
     DWORD   dwError = 0;
-    DWORD   i = 0, done = 0;
+    DWORD   i = 0, bytesRead = 0;
     json_error_t    jError = {0};
-    VDIR_REST_RESOURCE_TYPE  rscType = VDIR_REST_RSC_UNKNOWN;
     PSTR    pszTmp = NULL;
     PSTR    pszKey = NULL;
     PSTR    pszVal = NULL;
     PSTR    pszInput = NULL;
     size_t  len = 0;
 
-    if (!pRestOp || !pRestReq)
+    if (!pRestOp || !pRESTHandle || !pRestReq)
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -89,26 +92,34 @@ VmDirRESTOperationReadRequest(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // read request URI
-    dwError = VmRESTGetHttpURI(pRestReq, &pRestOp->pszEndpoint);
+    dwError = VmRESTGetHttpURI(pRestReq, &pRestOp->pszPath);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pszTmp = VmDirStringChrA(pRestOp->pszEndpoint, '?');
+    pszTmp = VmDirStringChrA(pRestOp->pszPath, '?');
     if (pszTmp)
     {
         *pszTmp = '\0';
     }
 
-    // determine resource and assign error callbacks
-    rscType = VmDirRESTGetEndpointRscType(pRestOp->pszEndpoint);
-    if (rscType == VDIR_REST_RSC_UNKNOWN)
+    // determine resource
+    pRestOp->pResource = VmDirRESTGetResource(pRestOp->pszPath);
+    if (pRestOp->pResource->rscType == VDIR_REST_RSC_UNKNOWN)
     {
         dwError = VMDIR_ERROR_INVALID_REQUEST;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
-    pRestOp->pResource = VmDirRESTGetResource(rscType);
+
+    // extract sub-path
+    if (pRestOp->pResource->bIsEndpointPrefix)
+    {
+        dwError = VmDirAllocateStringA(
+                pRestOp->pszPath + strlen(pRestOp->pResource->pszEndpoint) + 1,
+                &pRestOp->pszSubPath);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     // read request authorization info
-    dwError = VmRESTGetHttpHeader(pRestReq, "Authorization", &pRestOp->pszAuth);
+    dwError = VmRESTGetHttpHeader(pRestReq, VMDIR_REST_HEADER_AUTHENTICATION, &pRestOp->pszAuth);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // read request params
@@ -125,25 +136,46 @@ VmDirRESTOperationReadRequest(
     }
 
     // read request input json
-    while (!done)
+    do
     {
-        dwError = VmDirReallocateMemory(
-                (PVOID)pszInput,
-                (PVOID*)&pszInput,
-                len + MAX_REST_PAYLOAD_LENGTH);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        if (bytesRead || !pszInput)
+        {
+            dwError = VmDirReallocateMemory(
+                    (PVOID)pszInput,
+                    (PVOID*)&pszInput,
+                    len + MAX_REST_PAYLOAD_LENGTH + 1);     // +1 for NULL char
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
 
-        dwError = VmRESTGetData(pRestReq, pszInput + len, &done);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        bytesRead = 0;
+        dwError = VmRESTGetData(
+                pRESTHandle, pRestReq, pszInput + len, &bytesRead);
 
-        len = strlen(pszInput);
+        len += bytesRead;
     }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    pszInput[len] = 0;
 
     if (!IsNullOrEmptyString(pszInput))
     {
         pRestOp->pjInput = json_loads(pszInput, 0, &jError);
         if (!pRestOp->pjInput)
         {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                    "%s failed to parse json payload: "
+                    "(text=%s), "
+                    "(source=%s), "
+                    "(line=%d), "
+                    "(column=%d), "
+                    "(position=%d)",
+                    __FUNCTION__,
+                    jError.text,
+                    jError.source,
+                    jError.line,
+                    jError.column,
+                    jError.position);
+
             dwError = VMDIR_ERROR_INVALID_REQUEST;
             BAIL_ON_VMDIR_ERROR(dwError);
         }
@@ -154,8 +186,11 @@ VmDirRESTOperationReadRequest(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
     goto cleanup;
 }
 
@@ -165,11 +200,12 @@ VmDirRESTOperationReadRequest(
 DWORD
 VmDirRESTOperationWriteResponse(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_RESPONSE*         ppResponse
     )
 {
     DWORD   dwError = 0;
-    DWORD   done = 0;
+    DWORD   bytesWritten = 0;
     PSTR    pszHttpStatus = NULL;
     PSTR    pszHttpReason = NULL;
     PSTR    pszBody = NULL;
@@ -177,7 +213,7 @@ VmDirRESTOperationWriteResponse(
     size_t  bodyLen = 0;
     size_t  sentLen = 0;
 
-    if (!pRestOp || !ppResponse)
+    if (!pRestOp || !pRESTHandle || !ppResponse)
     {
         dwError = VMDIR_ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
@@ -199,14 +235,30 @@ VmDirRESTOperationWriteResponse(
     dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "application/json");
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pRestOp->pResult->pszData)
+    {
+        dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "text/plain");
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirRESTResultToResponseBody(
-            pRestOp->pResult, pRestOp->pResource, &pszBody);
-    BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = VmDirAllocateAndCopyMemory(
+                        (PVOID)pRestOp->pResult->pszData,
+                        pRestOp->pResult->dwDataLen,
+                        (PVOID*)&pszBody);
+        BAIL_ON_VMDIR_ERROR(dwError);
 
-    bodyLen = VmDirStringLenA(VDIR_SAFE_STRING(pszBody));
+        bodyLen = pRestOp->pResult->dwDataLen;
+    }
+    else
+    {
+        dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "application/json");
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirRESTResultToResponseBody(
+                pRestOp->pResult, pRestOp->pResource, &pszBody);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        bodyLen = VmDirStringLenA(VDIR_SAFE_STRING(pszBody));
+    }
 
     dwError = VmDirAllocateStringPrintf(&pszBodyLen, "%ld", bodyLen);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -215,19 +267,22 @@ VmDirRESTOperationWriteResponse(
             ppResponse, bodyLen > MAX_REST_PAYLOAD_LENGTH ? NULL : pszBodyLen);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    while (pszBody && !done)
+    do
     {
         size_t chunkLen = bodyLen > MAX_REST_PAYLOAD_LENGTH ?
                 MAX_REST_PAYLOAD_LENGTH : bodyLen;
 
-        dwError = VmRESTSetData(ppResponse, pszBody + sentLen, chunkLen, &done);
-        BAIL_ON_VMDIR_ERROR(dwError);
+        dwError = VmRESTSetData(
+                pRESTHandle,
+                ppResponse,
+                VDIR_SAFE_STRING(pszBody) + sentLen,
+                chunkLen,
+                &bytesWritten);
 
-        sentLen += chunkLen;
-        bodyLen -= chunkLen;
+        sentLen += bytesWritten;
+        bodyLen -= bytesWritten;
     }
-
-    dwError = VmRESTSetHttpPayload(ppResponse, "", 0, &done);
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
@@ -236,8 +291,12 @@ VmDirRESTOperationWriteResponse(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -250,7 +309,9 @@ VmDirFreeRESTOperation(
     {
         VMDIR_SAFE_FREE_MEMORY(pRestOp->pszAuth);
         VMDIR_SAFE_FREE_MEMORY(pRestOp->pszMethod);
-        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszEndpoint);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszPath);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszSubPath);
+        VMDIR_SAFE_FREE_MEMORY(pRestOp->pszHeaderIfMatch);
         if (pRestOp->pjInput)
         {
             json_decref(pRestOp->pjInput);
diff --git a/vmdir/server/rest-head/param.c b/vmdir/server/rest-head/param.c
index c73c4afa6..4d69c5149 100644
--- a/vmdir/server/rest-head/param.c
+++ b/vmdir/server/rest-head/param.c
@@ -17,7 +17,7 @@
 DWORD
 VmDirRESTGetStrParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PSTR*                   ppszVal,
     BOOLEAN                 bRequired
     )
@@ -47,9 +47,12 @@ VmDirRESTGetStrParam(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (pszKey=%s)",
-            __FUNCTION__, dwError, VDIR_SAFE_STRING(pszKey));
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
 
     goto cleanup;
 }
@@ -57,7 +60,7 @@ VmDirRESTGetStrParam(
 DWORD
 VmDirRESTGetIntParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     int*                    piVal,
     BOOLEAN                 bRequired
     )
@@ -86,9 +89,63 @@ VmDirRESTGetIntParam(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (pszKey=%s)",
-            __FUNCTION__, dwError, VDIR_SAFE_STRING(pszKey));
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTGetBoolParam(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszKey,
+    BOOLEAN*                pbVal,
+    BOOLEAN                 bRequired
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszVal = NULL;
+
+    if (!pRestOp || IsNullOrEmptyString(pszKey) || !pbVal)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (LwRtlHashMapFindKey(pRestOp->pParamMap, (PVOID*)&pszVal, pszKey) ||
+        IsNullOrEmptyString(pszVal))
+    {
+        dwError = bRequired ? VMDIR_ERROR_INVALID_REQUEST : 0;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else if (VmDirStringCompareA(pszVal, "true", FALSE) == 0)
+    {
+        *pbVal = TRUE;
+    }
+    else if (VmDirStringCompareA(pszVal, "false", FALSE) == 0)
+    {
+        *pbVal = FALSE;
+    }
+    else
+    {
+        dwError = VMDIR_ERROR_INVALID_REQUEST;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d) (pszKey=%s)",
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
 
     goto cleanup;
 }
@@ -96,7 +153,7 @@ VmDirRESTGetIntParam(
 DWORD
 VmDirRESTGetStrListParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PVMDIR_STRING_LIST*     ppValList,
     BOOLEAN                 bRequired
     )
@@ -126,9 +183,12 @@ VmDirRESTGetStrListParam(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
             "%s failed, error (%d) (pszKey=%s)",
-            __FUNCTION__, dwError, VDIR_SAFE_STRING(pszKey));
+            __FUNCTION__,
+            dwError,
+            VDIR_SAFE_STRING(pszKey));
 
     goto cleanup;
 }
@@ -136,7 +196,6 @@ VmDirRESTGetStrListParam(
 DWORD
 VmDirRESTGetLdapSearchParams(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR*                   ppszDN,
     int*                    piScope,
     PVDIR_FILTER*           ppFilter,
     PVDIR_BERVALUE*         ppbvAttrs,
@@ -145,7 +204,6 @@ VmDirRESTGetLdapSearchParams(
 {
     DWORD   dwError = 0;
     DWORD   i = 0;
-    PSTR    pszDN = NULL;
     PSTR    pszScope = NULL;
     PSTR    pszFilter = NULL;
     PVMDIR_STRING_LIST  pAttrs = NULL;
@@ -162,9 +220,6 @@ VmDirRESTGetLdapSearchParams(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirRESTGetStrParam(pRestOp, "dn", &pszDN, TRUE);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirRESTGetStrParam(pRestOp, "scope", &pszScope, FALSE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -257,7 +312,6 @@ VmDirRESTGetLdapSearchParams(
         VMDIR_SAFE_FREE_MEMORY(pPagedResultsCtrl);
     }
 
-    *ppszDN = pszDN;
     *piScope = scope;
     *ppFilter = pFilter;
     *ppbvAttrs = pbvAttrs;
@@ -271,12 +325,56 @@ VmDirRESTGetLdapSearchParams(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    VMDIR_SAFE_FREE_MEMORY(pszDN);
     DeleteFilter(pFilter);
     VMDIR_SAFE_FREE_MEMORY(pbvAttrs);
     VMDIR_SAFE_FREE_MEMORY(pPagedResultsCtrl);
     goto cleanup;
 }
+
+DWORD
+VmDirRESTRenameParamKey(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszOldKey,
+    PCSTR                   pszNewKey
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszNewKeyCp = NULL;
+    LW_HASHMAP_PAIR pair = {NULL, NULL};
+
+    if (IsNullOrEmptyString(pszOldKey) || IsNullOrEmptyString(pszNewKey))
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (LwRtlHashMapRemove(pRestOp->pParamMap, (PVOID)pszOldKey, &pair) == 0)
+    {
+        VMDIR_SAFE_FREE_MEMORY(pair.pKey);
+
+        dwError = VmDirAllocateStringA(pszNewKey, &pszNewKeyCp);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = LwRtlHashMapInsert(
+                pRestOp->pParamMap, pszNewKeyCp, pair.pValue, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    VMDIR_SAFE_FREE_MEMORY(pszNewKeyCp);
+    goto cleanup;
+}
diff --git a/vmdir/server/rest-head/prototypes.h b/vmdir/server/rest-head/prototypes.h
index 7bdef13b3..0c008eefc 100644
--- a/vmdir/server/rest-head/prototypes.h
+++ b/vmdir/server/rest-head/prototypes.h
@@ -12,42 +12,52 @@
  * under the License.
  */
 
-// accesstoken.c
+// auth.c
 DWORD
-VmDirRESTAccessTokenInit(
-    PVDIR_REST_ACCESS_TOKEN*    ppAccessToken
+VmDirRESTAuth(
+    PVDIR_REST_OPERATION    pRestOp
     );
 
 DWORD
-VmDirRESTAccessTokenParse(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken,
-    PSTR                    pszAuthData
-    );
-
-VOID
-VmDirFreeRESTAccessToken(
-    PVDIR_REST_ACCESS_TOKEN pAccessToken
+VmDirRESTAuthViaBasic(
+    PVDIR_REST_OPERATION    pRestOp
     );
 
-// auth.c
 DWORD
-VmDirRESTAuth(
+VmDirRESTAuthViaToken(
     PVDIR_REST_OPERATION    pRestOp
     );
 
+// authtoken.c
 DWORD
-VmDirRESTAuthBasic(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTAuthTokenInit(
+    PVDIR_REST_AUTH_TOKEN*  ppAuthToken
     );
 
 DWORD
-VmDirRESTAuthToken(
-    PVDIR_REST_OPERATION    pRestOp,
-    PVDIR_OPERATION         pBindOp
+VmDirRESTAuthTokenParse(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken,
+    PCSTR                   pszAuthData
+    );
+
+VOID
+VmDirFreeRESTAuthToken(
+    PVDIR_REST_AUTH_TOKEN   pAuthToken
     );
 
 // decode.c
+DWORD
+VmDirRESTDecodeAttributeNoAlloc(
+    json_t*         pjInput,
+    PVDIR_ATTRIBUTE pAttr
+    );
+
+DWORD
+VmDirRESTDecodeAttribute(
+    json_t*             pjInput,
+    PVDIR_ATTRIBUTE*    ppAttr
+    );
+
 DWORD
 VmDirRESTDecodeEntry(
     json_t*         pjInput,
@@ -55,7 +65,7 @@ VmDirRESTDecodeEntry(
     );
 
 DWORD
-VmDirRESTDecodeMods(
+VmDirRESTDecodeEntryMods(
     json_t*             pjInput,
     PVDIR_MODIFICATION* ppMods,
     DWORD*              pdwNumMods
@@ -82,6 +92,30 @@ VmDirRESTEncodeEntryArray(
     json_t**            ppjOutput
     );
 
+// handler.c
+DWORD
+VmDirRESTRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    );
+
+DWORD
+VmDirRESTProcessRequest(
+    PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest,
+    uint32_t                paramsCount
+    );
+
+DWORD
+VmDirRESTWriteSimpleErrorResponse(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_RESPONSE* ppResponse,
+    int             httpStatus
+    );
+
 // httperror.c
 PVDIR_HTTP_ERROR
 VmDirRESTGetHttpError(
@@ -133,12 +167,16 @@ VmDirRESTLdapGetHttpError(
     PSTR*               ppszHttpReason
     );
 
-// libmain.c
+// metricsapi.c
 DWORD
-VmDirRESTRequestHandler(
-    PREST_REQUEST   pRequest,
-    PREST_RESPONSE* ppResponse,
-    uint32_t        paramsCount
+VmDirRESTGetMetricsModule(
+    PREST_MODULE*   ppRestModule
+    );
+
+DWORD
+VmDirRESTMetricsGet(
+    void*   pIn,
+    void**  ppOut
     );
 
 // operation.c
@@ -150,6 +188,7 @@ VmDirRESTOperationCreate(
 DWORD
 VmDirRESTOperationReadRequest(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_REQUEST           pRestReq,
     DWORD                   dwParamCount
     );
@@ -157,6 +196,7 @@ VmDirRESTOperationReadRequest(
 DWORD
 VmDirRESTOperationWriteResponse(
     PVDIR_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
     PREST_RESPONSE*         ppResponse
     );
 
@@ -169,7 +209,7 @@ VmDirFreeRESTOperation(
 DWORD
 VmDirRESTGetStrParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PSTR*                   ppszVal,
     BOOLEAN                 bRequired
     );
@@ -177,15 +217,23 @@ VmDirRESTGetStrParam(
 DWORD
 VmDirRESTGetIntParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     int*                    piVal,
     BOOLEAN                 bRequired
     );
 
+DWORD
+VmDirRESTGetBoolParam(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszKey,
+    BOOLEAN*                pbVal,
+    BOOLEAN                 bRequired
+    );
+
 DWORD
 VmDirRESTGetStrListParam(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR                    pszKey,
+    PCSTR                   pszKey,
     PVMDIR_STRING_LIST*     ppValList,
     BOOLEAN                 bRequired
     );
@@ -193,22 +241,23 @@ VmDirRESTGetStrListParam(
 DWORD
 VmDirRESTGetLdapSearchParams(
     PVDIR_REST_OPERATION    pRestOp,
-    PSTR*                   ppszDN,
     int*                    piScope,
     PVDIR_FILTER*           ppFilter,
     PVDIR_BERVALUE*         ppbvAttrs,
     PVDIR_LDAP_CONTROL*     ppPagedResultsCtrl
     );
 
-// resource.c
-VDIR_REST_RESOURCE_TYPE
-VmDirRESTGetEndpointRscType(
-    PSTR    pszEndpoint
+DWORD
+VmDirRESTRenameParamKey(
+    PVDIR_REST_OPERATION    pRestOp,
+    PCSTR                   pszOldKey,
+    PCSTR                   pszNewKey
     );
 
+// resource.c
 PVDIR_REST_RESOURCE
 VmDirRESTGetResource(
-    VDIR_REST_RESOURCE_TYPE rscType
+    PSTR    pszPath
     );
 
 DWORD
@@ -239,6 +288,11 @@ VmDirRESTResultSetError(
     PSTR                pszErrMsg
     );
 
+DWORD
+VmDirRESTResultUnsetError(
+    PVDIR_REST_RESULT   pRestRslt
+    );
+
 DWORD
 VmDirRESTResultSetStrData(
     PVDIR_REST_RESULT   pRestRslt,
diff --git a/vmdir/server/rest-head/resource.c b/vmdir/server/rest-head/resource.c
index 37f5e94c7..038bc68af 100644
--- a/vmdir/server/rest-head/resource.c
+++ b/vmdir/server/rest-head/resource.c
@@ -14,48 +14,71 @@
 
 #include "includes.h"
 
-static VDIR_REST_RESOURCE_ENDPOINT rsourceEndpoints[] =
-{
-    {VDIR_REST_RSC_LDAP,    "/v1/vmdir/ldap"},
-    {VDIR_REST_RSC_UNKNOWN, NULL}
-};
-
 static VDIR_REST_RESOURCE resources[VDIR_REST_RSC_COUNT] =
 {
-    {VDIR_REST_RSC_LDAP,    VmDirRESTLdapSetResult,     VmDirRESTLdapGetHttpError,      "error-code",   "error-message"},
-    {VDIR_REST_RSC_UNKNOWN, VmDirRESTUnknownSetResult,  VmDirRESTUnknownGetHttpError,   NULL,           NULL}
-};
-
-VDIR_REST_RESOURCE_TYPE
-VmDirRESTGetEndpointRscType(
-    PSTR    pszEndpoint
-    )
-{
-    DWORD i = 0;
-
-    for (i = 0; rsourceEndpoints[i].pszEndpoint; i++)
     {
-        if (VmDirStringCompareA(
-                rsourceEndpoints[i].pszEndpoint, pszEndpoint, FALSE) == 0)
-        {
-            break;
-        }
+        VDIR_REST_RSC_LDAP,
+        "/v1/vmdir/ldap",
+        FALSE,
+        VmDirRESTLdapSetResult,
+        VmDirRESTLdapGetHttpError,
+        "error_code",
+        "error_message"
+    },
+    {
+        VDIR_REST_RSC_METRICS,
+        "/v1/vmdir/metrics",
+        FALSE,
+        VmDirRESTUnknownSetResult,
+        VmDirRESTUnknownGetHttpError,
+        "error_code",
+        "error_message"
+    },
+    {
+        VDIR_REST_RSC_UNKNOWN,
+        NULL,
+        FALSE,
+        VmDirRESTUnknownSetResult,
+        VmDirRESTUnknownGetHttpError,
+        NULL,
+        NULL
     }
-
-    return rsourceEndpoints[i].rscType;
-}
+};
 
 PVDIR_REST_RESOURCE
 VmDirRESTGetResource(
-    VDIR_REST_RESOURCE_TYPE rscType
+    PSTR    pszPath
     )
 {
-    if (rscType > VDIR_REST_RSC_UNKNOWN)
+    DWORD   i = 0;
+    BOOLEAN bValidPath = FALSE;
+
+    bValidPath = !IsNullOrEmptyString(pszPath);
+
+    for (i = 0; resources[i].pszEndpoint; i++)
     {
-        return &resources[VDIR_REST_RSC_UNKNOWN];
+        if (bValidPath)
+        {
+            if (resources[i].bIsEndpointPrefix)
+            {
+                if (VmDirStringStartsWith(
+                        pszPath, resources[i].pszEndpoint, FALSE))
+                {
+                    break;
+                }
+            }
+            else
+            {
+                if (VmDirStringCompareA(
+                        pszPath, resources[i].pszEndpoint, FALSE) == 0)
+                {
+                    break;
+                }
+            }
+        }
     }
 
-    return &resources[rscType];
+    return &resources[i];
 }
 
 DWORD
@@ -81,8 +104,12 @@ VmDirRESTUnknownSetResult(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -127,7 +154,11 @@ VmDirRESTUnknownGetHttpError(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
diff --git a/vmdir/server/rest-head/result.c b/vmdir/server/rest-head/result.c
index 32ca6462d..dc8f6ecb5 100644
--- a/vmdir/server/rest-head/result.c
+++ b/vmdir/server/rest-head/result.c
@@ -40,6 +40,7 @@ VmDirRESTResultCreate(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     pRestRslt->bErrSet = FALSE;
+    pRestRslt->dwDataLen = 0;
 
     *ppRestRslt = pRestRslt;
 
@@ -47,8 +48,11 @@ VmDirRESTResultCreate(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VmDirFreeRESTResult(pRestRslt);
     goto cleanup;
@@ -84,8 +88,42 @@ VmDirRESTResultSetError(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirRESTResultUnsetError(
+    PVDIR_REST_RESULT   pRestRslt
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestRslt)
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    VMDIR_SAFE_FREE_MEMORY(pRestRslt->pszErrMsg);
+    pRestRslt->pszErrMsg = NULL;
+    pRestRslt->errCode = 0;
+    pRestRslt->bErrSet = FALSE;
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -112,8 +150,12 @@ VmDirRESTResultSetStrData(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -133,8 +175,12 @@ VmDirRESTResultSetIntData(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -164,8 +210,11 @@ VmDirRESTResultSetObjData(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VMDIR_SAFE_FREE_MEMORY(pszKeyCp);
     goto cleanup;
@@ -223,7 +272,7 @@ VmDirRESTResultToResponseBody(
 
     if (json_object_size(pjBody))
     {
-        pszBody = json_dumps(pjBody, JSON_INDENT(4));
+        pszBody = json_dumps(pjBody, JSON_COMPACT);
         *ppszBody = pszBody;
     }
 
@@ -235,8 +284,11 @@ VmDirRESTResultToResponseBody(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     VMDIR_SAFE_FREE_MEMORY(pszBody);
     goto cleanup;
@@ -267,6 +319,7 @@ VmDirFreeRESTResult(
         VMDIR_SAFE_FREE_MEMORY(pRestRslt->pszErrMsg);
         LwRtlHashMapClear(pRestRslt->pDataMap, _DataMapPairFree, NULL);
         LwRtlFreeHashMap(&pRestRslt->pDataMap);
+        VMDIR_SAFE_FREE_MEMORY(pRestRslt->pszData);
         VMDIR_SAFE_FREE_MEMORY(pRestRslt);
     }
 }
diff --git a/vmdir/server/rest-head/structs.h b/vmdir/server/rest-head/structs.h
index bcfdd0334..12c2f3418 100644
--- a/vmdir/server/rest-head/structs.h
+++ b/vmdir/server/rest-head/structs.h
@@ -15,6 +15,7 @@
 typedef enum
 {
     VDIR_REST_RSC_LDAP,
+    VDIR_REST_RSC_METRICS,
     VDIR_REST_RSC_UNKNOWN,
     VDIR_REST_RSC_COUNT,
 
@@ -25,6 +26,8 @@ typedef struct _VDIR_REST_RESULT
     int         errCode;
     PSTR        pszErrMsg;
     PLW_HASHMAP pDataMap;
+    PSTR        pszData;
+    DWORD       dwDataLen;
     BOOLEAN     bErrSet;
 
 } VDIR_REST_RESULT, *PVDIR_REST_RESULT;
@@ -45,6 +48,8 @@ typedef DWORD (*PFN_GET_HTTP_ERROR)(
 typedef struct _VDIR_REST_RESOURCE
 {
     VDIR_REST_RESOURCE_TYPE rscType;
+    PCSTR                   pszEndpoint;
+    BOOLEAN                 bIsEndpointPrefix;
     PFN_SET_RESULT          pfnSetResult;
     PFN_GET_HTTP_ERROR      pfnGetHttpError;
     PCSTR                   pszErrCodeKey;
@@ -56,7 +61,9 @@ typedef struct _VDIR_REST_OPERATION
 {
     PSTR                pszAuth;
     PSTR                pszMethod;
-    PSTR                pszEndpoint;
+    PSTR                pszPath;
+    PSTR                pszSubPath;
+    PSTR                pszHeaderIfMatch; // lwraft only
     json_t*             pjInput;
     PLW_HASHMAP         pParamMap;
     PVDIR_CONNECTION    pConn;
@@ -65,20 +72,20 @@ typedef struct _VDIR_REST_OPERATION
 
 } VDIR_REST_OPERATION, *PVDIR_REST_OPERATION;
 
-// accesstoken.c
+// authtoken.c
 typedef enum
 {
-    VDIR_REST_ACCESS_TOKEN_BEARER,
-    VDIR_REST_ACCESS_TOKEN_HOTK
+    VDIR_REST_AUTH_TOKEN_BEARER,
+    VDIR_REST_AUTH_TOKEN_HOTK
 
-} VDIR_REST_ACCESS_TOKEN_TYPE;
+} VDIR_REST_AUTH_TOKEN_TYPE;
 
-typedef struct _VDIR_REST_ACCESS_TOKEN
+typedef struct _VDIR_REST_AUTH_TOKEN
 {
-    VDIR_REST_ACCESS_TOKEN_TYPE tokenType;
+    VDIR_REST_AUTH_TOKEN_TYPE   tokenType;
     PSTR                        pszBindUPN;
 
-} VDIR_REST_ACCESS_TOKEN, *PVDIR_REST_ACCESS_TOKEN;
+} VDIR_REST_AUTH_TOKEN, *PVDIR_REST_AUTH_TOKEN;
 
 // httperror.c
 typedef struct _VDIR_HTTP_ERROR
@@ -88,11 +95,3 @@ typedef struct _VDIR_HTTP_ERROR
     PSTR    pszHttpReason;
 
 } VDIR_HTTP_ERROR, *PVDIR_HTTP_ERROR;
-
-// resource.c
-typedef struct _VDIR_REST_RESOURCE_ENDPOINT
-{
-    VDIR_REST_RESOURCE_TYPE rscType;
-    PCSTR                   pszEndpoint;
-
-} VDIR_REST_RESOURCE_ENDPOINT, *PVDIR_REST_RESOURCE_ENDPOINT;
diff --git a/vmdir/server/saslvmdirdb/Makefile.am b/vmdir/server/saslvmdirdb/Makefile.am
index 3d95d3ec0..9e80ebe46 100644
--- a/vmdir/server/saslvmdirdb/Makefile.am
+++ b/vmdir/server/saslvmdirdb/Makefile.am
@@ -1,8 +1,8 @@
 vmdirsasl_LTLIBRARIES = libsaslvmdirdb.la
 
 libsaslvmdirdb_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -11,7 +11,7 @@ libsaslvmdirdb_la_SOURCES = \
     vmdirdb.c
 
 libsaslvmdirdb_la_LIBADD = \
-    $(top_builddir)/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @CRYPTO_LIBS@ \
     @PTHREAD_LIBS@
 
diff --git a/vmdir/server/schema/Makefile.am b/vmdir/server/schema/Makefile.am
index d8ceca5cd..189b77cd6 100644
--- a/vmdir/server/schema/Makefile.am
+++ b/vmdir/server/schema/Makefile.am
@@ -22,12 +22,13 @@ libschema_la_SOURCES = \
     legacy/legacyutil.c
 
 libschema_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
diff --git a/vmdir/server/schema/api.c b/vmdir/server/schema/api.c
index 659daf48f..94f4233ff 100644
--- a/vmdir/server/schema/api.c
+++ b/vmdir/server/schema/api.c
@@ -682,7 +682,7 @@ VmDirSchemaAttrIsOctetString(
     if (pATDesc && pATDesc->pSyntax)
     {
         if (!IsNullOrEmptyString(pATDesc->pSyntax->pszOid) &&
-                 VmDirStringCompareA(pATDesc->pSyntax->pszOid, VDIR_OID_OCTET_STRING, FALSE) == 0)
+            VmDirStringCompareA(pATDesc->pSyntax->pszOid, VDIR_OID_OCTET_STRING, FALSE) == 0)
         {
             bIsOctetStr = TRUE;
         }
@@ -691,6 +691,24 @@ VmDirSchemaAttrIsOctetString(
     return bIsOctetStr;
 }
 
+BOOLEAN
+VmDirSchemaAttrIsDN(
+    PVDIR_SCHEMA_AT_DESC    pATDesc
+    )
+{
+    BOOLEAN bIsDN = FALSE;
+    if (pATDesc && pATDesc->pSyntax)
+    {
+        if (!IsNullOrEmptyString(pATDesc->pSyntax->pszOid) &&
+            VmDirStringCompareA(pATDesc->pSyntax->pszOid, VDIR_OID_DN, FALSE) == 0)
+        {
+            bIsDN = TRUE;
+        }
+    }
+
+    return bIsDN;
+}
+
 /*
  * Berval syntax check
  */
diff --git a/vmdir/server/schema/legacy/legacylibmain.c b/vmdir/server/schema/legacy/legacylibmain.c
index 6c0b2a00d..043ce8f71 100644
--- a/vmdir/server/schema/legacy/legacylibmain.c
+++ b/vmdir/server/schema/legacy/legacylibmain.c
@@ -80,9 +80,6 @@ VmDirSchemaLibLoadSubSchemaSubEntry(
     dwError = VmDirLdapSchemaLoadSubSchemaSubEntry(pTmpLdapSchema, pSchemaEntry);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapSchemaRemoveNoopData(pTmpLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     dwError = VmDirLdapSchemaMerge(
             pCurLdapSchema, pTmpLdapSchema, &pNewLdapSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/vmdir/server/schema/legacy/legacyload.c b/vmdir/server/schema/legacy/legacyload.c
index bd62b0e8d..d3cf06389 100644
--- a/vmdir/server/schema/legacy/legacyload.c
+++ b/vmdir/server/schema/legacy/legacyload.c
@@ -60,7 +60,6 @@ VmDirSchemaAttrIdMapLoadSubSchemaSubEntry(
 
         pszToken = VmDirStringTokA(NULL, SCHEMA_ATTR_ID_MAP_TOKEN_SEP, &save);
     }
-    pAttrIdMap->usNextId = (USHORT)VmDirStringToIA(pszToken);
 
 cleanup:
     VMDIR_SAFE_FREE_MEMORY(pszBuf);
diff --git a/vmdir/server/schema/libmain.c b/vmdir/server/schema/libmain.c
index 9b42b5d9f..e700732f4 100644
--- a/vmdir/server/schema/libmain.c
+++ b/vmdir/server/schema/libmain.c
@@ -194,9 +194,6 @@ VmDirSchemaLibLoadFile(
             pCurLdapSchema, pTmpLdapSchema, &pNewLdapSchema);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirLdapSchemaRemoveNoopData(pNewLdapSchema);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
     while (LwRtlHashMapIterate(pNewLdapSchema->attributeTypes, &iter, &pair))
     {
         PVDIR_LDAP_ATTRIBUTE_TYPE pAt = (PVDIR_LDAP_ATTRIBUTE_TYPE)pair.pValue;
diff --git a/vmdir/server/schema/prototypes.h b/vmdir/server/schema/prototypes.h
index 7b7197be8..4fae252f5 100644
--- a/vmdir/server/schema/prototypes.h
+++ b/vmdir/server/schema/prototypes.h
@@ -53,13 +53,6 @@ VmDirSchemaIsAncestorOC(
     PVDIR_SCHEMA_OC_DESC    pAncestorOCDesc
     );
 
-// check.c
-DWORD
-VmDirSchemaGetEntryStructureOCDesc(
-    PVDIR_ENTRY             pEntry,
-    PVDIR_SCHEMA_OC_DESC*   ppStructureOCDesc   // caller does not own *ppStructureOCDesc
-    );
-
 // idmap.c
 DWORD
 VmDirSchemaAttrIdMapInit(
diff --git a/vmdir/server/schema/replstatus.c b/vmdir/server/schema/replstatus.c
index dadc617be..6428a7323 100644
--- a/vmdir/server/schema/replstatus.c
+++ b/vmdir/server/schema/replstatus.c
@@ -249,7 +249,7 @@ VmDirSchemaReplStatusEntriesRefresh(
 
         dwError = VmDirCreateThread(
                 &gVdirSchemaReplStatusGlobals.pThrInfo->tid,
-                FALSE,
+                gVdirSchemaReplStatusGlobals.pThrInfo->bJoinThr,
                 VmDirSchemaReplStatusEntriesRefreshThread,
                 gVdirSchemaReplStatusGlobals.pThrInfo);
         BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/vmdir/server/vmdir/Makefile.am b/vmdir/server/vmdir/Makefile.am
index baa19136c..bdb08439d 100644
--- a/vmdir/server/vmdir/Makefile.am
+++ b/vmdir/server/vmdir/Makefile.am
@@ -1,6 +1,6 @@
 sbin_PROGRAMS = vmdird
 
-idl_srcdir=$(top_srcdir)/idl
+idl_srcdir=$(top_srcdir)/vmdir/idl
 
 vmdird_SOURCES = \
     accountmgmt.c \
@@ -10,11 +10,14 @@ vmdird_SOURCES = \
     index.c \
     init.c \
     instance.c \
+    integritychk.c \
     ipcserver.c \
     ipclocalapi.c \
     ipcapihandler.c \
-    parseargs.c \
+    krb.c \
     main.c \
+    metricsinit.c \
+    parseargs.c \
     regconfig.c \
     rpcserv.c \
     rpcsrpserv.c \
@@ -24,56 +27,60 @@ vmdird_SOURCES = \
     service.c \
     shutdown.c \
     signal.c \
+    srp_verifier_sstub.c \
     srvthr.c \
     superlogging.c \
+    tenantmgmt.c \
+    tombstone.c \
+    tracklastlogin.c \
     utils.c \
-    krb.c \
     vmdir_sstub.c \
     vmdirftp_sstub.c \
     vmdirdbcp_sstub.c \
-    srp_verifier_sstub.c \
     vmdirsuperlog_sstub.c \
-    vmevent.c \
-    tenantmgmt.c \
-    tombstone.c \
-    tracklastlogin.c
+    vmevent.c
 
 VMDIRD_BACKEND_INCLUDES=
 VMDIRD_BACKEND_LD_FLAGS=
-VMDIRD_BACKEND_STORE= $(top_builddir)/server/mdb-store/libmdb-store.la
+VMDIRD_BACKEND_STORE= $(top_builddir)/vmdir/server/mdb-store/libmdb-store.la
 
 vmdird_CPPFLAGS = \
     -g \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/thirdparty/openldap/include \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/liblber \
-    -I$(top_srcdir)/thirdparty/openldap/libraries/libldap \
-    -I$(top_srcdir)/thirdparty \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/liblber \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/libraries/libldap \
+    -I$(top_srcdir)/vmdir/thirdparty \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmevent/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
     $(VMDIRD_BACKEND_INCLUDES) \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@ \
-    @VMEVENT_INCLUDES@
+    @OPENSSL_INCLUDES@
 
 vmdird_LDADD = \
-    $(top_builddir)/server/vmkdc/libvmkdcserv.la \
-    $(top_builddir)/server/ldap-head/libldap-head.la \
-    $(top_builddir)/server/indexcfg/libindexcfg.la \
-    $(top_builddir)/server/middle-layer/libmiddle-layer.la \
-    $(top_builddir)/server/schema/libschema.la \
-    $(top_builddir)/server/acl/libvmacl.la \
-    $(top_builddir)/server/backend/libbackend.la \
+    $(top_builddir)/vmdir/server/vmkdc/libvmkdcserv.la \
+    $(top_builddir)/vmdir/server/ldap-head/libldap-head.la \
+    $(top_builddir)/vmdir/server/rest-head/librest-head.la \
+    $(top_builddir)/vmdir/server/indexcfg/libindexcfg.la \
+    $(top_builddir)/vmdir/server/middle-layer/libmiddle-layer.la \
+    $(top_builddir)/vmdir/server/schema/libschema.la \
+    $(top_builddir)/vmdir/server/acl/libvmacl.la \
+    $(top_builddir)/vmdir/server/backend/libbackend.la \
     $(VMDIRD_BACKEND_STORE) \
-    $(top_builddir)/server/replication/libreplication.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
-    $(top_builddir)/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmdir/server/replication/libreplication.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/server/common/libsrvcommon.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/asn1/libasn1db.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/asn1/libasn1.la \
+    $(top_builddir)/vmdir/thirdparty/csrp/libcsrp.la \
+    $(top_builddir)/vmidentity/ssoclients/common/src/libssocommon.la \
+    $(top_builddir)/vmidentity/ssoclients/oidc/src/libssooidc.la \
+    $(top_builddir)/vmmetrics/libvmmetrics.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -88,13 +95,19 @@ vmdird_LDADD = \
     @LBER_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
-    @PTHREAD_LIBS@
+    @PTHREAD_LIBS@ \
+    @JANSSON_LIBS@ \
+    @COPENAPI_LIBS@ \
+    @CRESTENGINE_LIBS@
 
 vmdird_LDFLAGS = \
     -rdynamic -ldl \
     $(VMDIRD_BACKEND_LD_FLAGS) \
     @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
+    @LW_LDFLAGS@ \
+    @JANSSON_LDFLAGS@ \
+    @COPENAPI_LDFLAGS@ \
+    @CRESTENGINE_LDFLAGS@
 
 CLEANFILES = \
     vmdir_h.h \
@@ -128,4 +141,4 @@ srp_verifier_h.h srp_verifier_sstub.c: $(idl_srcdir)/srp_verifier.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header srp_verifier_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) $<
 
 vmdirsuperlog_h.h vmdirsuperlog_sstub.c: $(idl_srcdir)/vmdirsuperlog.idl
-	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/include/public $<
+	$(IDL) $(IDLFLAGS) -keep c_source -header vmdirsuperlog_h.h -cstub_pref Cli_ -sstub_pref Srv_ -I$(idl_srcdir) -I$(top_srcdir)/vmdir/include/public $<
diff --git a/vmdir/server/vmdir/defines.h b/vmdir/server/vmdir/defines.h
index 7be437ae8..f17488c1d 100644
--- a/vmdir/server/vmdir/defines.h
+++ b/vmdir/server/vmdir/defines.h
@@ -119,6 +119,16 @@
 #define TOMBSTONE_REAPING_THROTTLE_SLEEP (1 * 1000)
 #define VDIR_REAP_EXPIRED_ENTRIES_BATCH 2000
 
+#define VDIR_INTEGRITY_CHECK_BATCH     1000
+
+#ifdef LIGHTWAVE_BUILD
+#define ACTIVE_LDAP_PORT_STR   DEFAULT_LDAP_PORT_STR "\000"
+#define ACTIVE_LDAPS_PORT_STR  DEFAULT_LDAPS_PORT_STR "\000"
+#else
+#define ACTIVE_LDAP_PORT_STR   DEFAULT_LDAP_PORT_STR "\000" LEGACY_DEFAULT_LDAP_PORT_STR "\000"
+#define ACTIVE_LDAPS_PORT_STR  DEFAULT_LDAPS_PORT_STR "\000" LEGACY_DEFAULT_LDAPS_PORT_STR "\000"
+#endif
+
 /*
  * Table to define and initialize VMDIR configuration data.
  *
@@ -165,7 +175,7 @@
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAP_PORT_STR "\000" LEGACY_DEFAULT_LDAP_PORT_STR "\000", \
+        /*.pszDefault     = */ ACTIVE_LDAP_PORT_STR,             \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
@@ -176,7 +186,7 @@
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAPS_PORT_STR "\000" LEGACY_DEFAULT_LDAPS_PORT_STR "\000", \
+        /*.pszDefault     = */ ACTIVE_LDAPS_PORT_STR,            \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
@@ -187,7 +197,7 @@
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAP_PORT_STR "\000" LEGACY_DEFAULT_LDAP_PORT_STR "\000", \
+        /*.pszDefault     = */ ACTIVE_LDAP_PORT_STR,             \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
@@ -198,18 +208,29 @@
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_LDAPS_PORT_STR "\000" LEGACY_DEFAULT_LDAPS_PORT_STR "\000", \
+        /*.pszDefault     = */ ACTIVE_LDAPS_PORT_STR,            \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
-        /*.pszName        = */ VMDIR_REG_KEY_REST_LISTEN_PORT,   \
+        /*.pszName        = */ VMDIR_REG_KEY_HTTP_LISTEN_PORT,  \
         /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_STRING,   \
         /*.RegDataType    = */ REG_SZ,                           \
         /*.dwMin          = */ 0,                                \
         /*.dwMax          = */ 0,                                \
         /*.dwDefault      = */ 0,                                \
         /*.dwValue        = */ 0,                                \
-        /*.pszDefault     = */ DEFAULT_REST_PORT_STR,            \
+        /*.pszDefault     = */ DEFAULT_HTTP_PORT_STR,       \
+        /*.pszValue       = */ NULL                              \
+    },                                                           \
+    {                                                            \
+        /*.pszName        = */ VMDIR_REG_KEY_HTTPS_LISTEN_PORT,  \
+        /*.Type           = */ VMDIR_CONFIG_VALUE_TYPE_STRING,   \
+        /*.RegDataType    = */ REG_SZ,                           \
+        /*.dwMin          = */ 0,                                \
+        /*.dwMax          = */ 0,                                \
+        /*.dwDefault      = */ 0,                                \
+        /*.dwValue        = */ 0,                                \
+        /*.pszDefault     = */ DEFAULT_HTTPS_PORT_STR,      \
         /*.pszValue       = */ NULL                              \
     },                                                           \
     {                                                            \
@@ -377,3 +398,30 @@
         /*.pszValue       = */ NULL                              \
     },                                                           \
 }
+
+typedef enum
+{
+    METRICS_RPC_OP_GENERATEPASSWORD,
+    METRICS_RPC_OP_GETKEYTABRECBLOB,
+    METRICS_RPC_OP_CREATEUSER,
+    METRICS_RPC_OP_CREATEUSEREX,
+    METRICS_RPC_OP_SETLOGLEVEL,
+    METRICS_RPC_OP_SETLOGMASK,
+    METRICS_RPC_OP_SUPERLOGQUERYSERVERDATA,
+    METRICS_RPC_OP_SUPERLOGENABLE,
+    METRICS_RPC_OP_SUPERLOGDISABLE,
+    METRICS_RPC_OP_ISSUPERLOGENABLED,
+    METRICS_RPC_OP_SUPERLOGFLUSH,
+    METRICS_RPC_OP_SUPERLOGSETSIZE,
+    METRICS_RPC_OP_SUPERLOGGETSIZE,
+    METRICS_RPC_OP_SUPERLOGGETENTRIESLDAPOPERATION,
+    METRICS_RPC_OP_OPENDATABASEFILE,
+    METRICS_RPC_OP_READDATABASEFILE,
+    METRICS_RPC_OP_CLOSEDATABASEFILE,
+    METRICS_RPC_OP_SETBACKENDSTATE,
+    METRICS_RPC_OP_GETSTATE,
+    METRICS_RPC_OP_GETLOGLEVEL,
+    METRICS_RPC_OP_GETLOGMASK,
+    METRICS_RPC_OP_COUNT
+
+} METRICS_RPC_OPS;
diff --git a/vmdir/server/vmdir/externs.h b/vmdir/server/vmdir/externs.h
index 235addc7f..19f3acb83 100644
--- a/vmdir/server/vmdir/externs.h
+++ b/vmdir/server/vmdir/externs.h
@@ -27,3 +27,4 @@
 
 extern VMDIR_GLOBALS gVmdirGlobals;
 
+extern PVM_METRICS_HISTOGRAM pRpcRequestDuration[];
diff --git a/vmdir/server/vmdir/globals.c b/vmdir/server/vmdir/globals.c
index f5e565ec9..359af0573 100644
--- a/vmdir/server/vmdir/globals.c
+++ b/vmdir/server/vmdir/globals.c
@@ -51,7 +51,8 @@ VMDIR_GLOBALS gVmdirGlobals =
         VMDIR_SF_INIT(.dwLdapConnectPorts, 0),
         VMDIR_SF_INIT(.pdwLdapsConnectPorts, NULL),
         VMDIR_SF_INIT(.dwLdapsConnectPorts, 0),
-        VMDIR_SF_INIT(.pszRestListenPort, NULL),
+        VMDIR_SF_INIT(.pszHTTPListenPort, NULL),
+        VMDIR_SF_INIT(.pszHTTPSListenPort, NULL),
         VMDIR_SF_INIT(.dwLdapRecvTimeoutSec, 0),
         VMDIR_SF_INIT(.mutex, NULL),
         VMDIR_SF_INIT(.pSrvThrInfo, NULL),
@@ -153,3 +154,10 @@ VMDIR_TRACK_LAST_LOGIN_TIME gVmdirTrackLastLoginTime =
         VMDIR_SF_INIT(.pCond, NULL),
         VMDIR_SF_INIT(.pTSStack, NULL)
     };
+
+VMDIR_INTEGRITY_CHECK_GLOBALS gVmdirIntegrityCheck =
+    {
+        // NOTE: order of fields MUST stay in sync with struct definition...
+        VMDIR_SF_INIT(.pMutex, NULL),
+        VMDIR_SF_INIT(.pJob, NULL)
+    };
diff --git a/vmdir/server/vmdir/init.c b/vmdir/server/vmdir/init.c
index 5a83f7e3f..2d6e0669e 100644
--- a/vmdir/server/vmdir/init.c
+++ b/vmdir/server/vmdir/init.c
@@ -79,13 +79,6 @@ static
 DWORD
 _VmDirSrvCreatePersistedDSERoot(VOID);
 
-static
-DWORD
-_VmDirGetHostsInternal(
-    PSTR **pppszServerInfo,
-    size_t *pdwInfoCount
-    );
-
 static
 DWORD
 _VmDirCheckPartnerDomainFunctionalLevel(
@@ -322,6 +315,9 @@ VmDirInit(
     dwError = VmDirSuperLoggingInit(&gVmdirGlobals.pLogger);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = VmDirMetricsInitialize();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 #ifndef _WIN32
     dwError = InitializeResouceLimit();
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -374,6 +370,11 @@ VmDirInit(
             BAIL_ON_VMDIR_ERROR(dwError);
         }
 
+        // Check default LDAP port availability - If it fails, then it means
+        // another vmdird process is running in normal mode.
+        dwError = VmDirCheckPortAvailability(DEFAULT_LDAP_PORT_NUM);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, ">>> Schema patch starts <<<" );
 
         if (bLegacyDataLoaded)
@@ -388,6 +389,9 @@ VmDirInit(
                     gVmdirGlobals.pszBootStrapSchemaFile);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
+
+        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, ">>> Schema patch ends <<<" );
+
         (VOID)VmDirSetAdministratorPasswordNeverExpires();
     }
     else
@@ -449,10 +453,8 @@ VmDirInit(
         dwError = VmDirInitConnAcceptThread();
         BAIL_ON_VMDIR_ERROR(dwError);
 
-#if 0
         dwError = VmDirRESTServerInit();
         BAIL_ON_VMDIR_ERROR(dwError);
-#endif
     }
 
     if (gVmdirServerGlobals.serverId)
@@ -477,8 +479,12 @@ VmDirInit(
 
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Config MaxLdapOpThrs (%d)", gVmdirGlobals.dwMaxFlowCtrlThr );
 
-error:
+cleanup:
     return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s failed (%d)", __FUNCTION__, dwError );
+    goto cleanup;
 }
 
 #ifndef VDIR_PSC_VERSION
@@ -533,29 +539,6 @@ _VmDirSrvCreatePersistedDSERoot(VOID)
     goto cleanup;
 }
 
-static
-VOID
-_VmDirFreeCountedStringArray(
-    PSTR *ppszStrings,
-    size_t iCount
-    )
-{
-    size_t iIndex = 0;
-
-    if (ppszStrings == NULL)
-    {
-        return;
-    }
-
-    for (iIndex = 0; iIndex < iCount; iIndex++)
-    {
-        VmDirFreeStringA(ppszStrings[iIndex]);
-    }
-
-    VmDirFreeMemory(ppszStrings);
-}
-
-
 // _VmDirRestoreInstance():
 // 1. Get new invocation ID.
 //    So I can rejoin the federation with a fresh ID.
@@ -588,7 +571,7 @@ _VmDirRestoreInstance(
     dwError = VmDirRegReadDCAccount(&pszDCAccount);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VmDirGetHostsInternal(&ppszServerInfo, &dwInfoCount);
+    dwError = VmDirGetHostsInternal(&ppszServerInfo, &dwInfoCount);
     if (dwError != 0)
     {
         printf("_VmDirRestoreInstance: fail to get hosts from topology: %d\n", dwError );
@@ -683,14 +666,14 @@ _VmDirRestoreInstance(
     //It's value less 1 is the one that has been consumed by the server to be restored.
     nextUsn = gVmdirServerGlobals.initialNextUSN - 1;
 
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRestoreInstance: highest USN observed from partners %lu, local USN: %lu",
+    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL, "_VmDirRestoreInstance: highest USN observed from partners %" PRId64 " local USN: %" PRId64,
                    restoredUsn, nextUsn);
-    printf("Highest USN observed from partners %lu, local USN: %lu\n", restoredUsn, nextUsn);
+    printf("Highest USN observed from partners %" PRId64 " local USN: %" PRId64 "\n", restoredUsn, nextUsn);
 
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Utilize larger of %lu and %lu for new USN", restoredUsn, nextUsn );
-    printf("Utilize larger of %lu and %lu for new USN \n", restoredUsn, nextUsn );
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Utilize larger of %" PRId64 " and %" PRId64" new USN", restoredUsn, nextUsn );
+    printf("Utilize larger of %" PRId64 " and %" PRId64 " new USN \n", restoredUsn, nextUsn );
 
-    dwError = VmDirStringNPrintFA( nextUsnStr, sizeof(nextUsnStr), sizeof(nextUsnStr) - 1, "%ld", nextUsn);
+    dwError = VmDirStringNPrintFA( nextUsnStr, sizeof(nextUsnStr), sizeof(nextUsnStr) - 1, "%" PRId64, nextUsn);
     BAIL_ON_VMDIR_ERROR_WITH_MSG( dwError, pszLocalErrMsg,
                 "_VmDirRestoreInstance: VmDirStringNPrintFA failed with error code: %d", dwError,
                 VDIR_SAFE_STRING(op.pBECtx->pszBEErrorMsg) );
@@ -738,7 +721,7 @@ _VmDirRestoreInstance(
     // Advance the USN to the upToDateUsn passed in, which should be the maximum USN that has been seen by peer nodes.
     // This will avoid the situation where some new entries will be skipped in replication to peer nodes.
     // See Bug 1272548 for details.
-    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Advancing USN if neccessary, current: %d, goal to restore to: %d",
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Advancing USN if neccessary, current: %" PRId64 ", goal to restore to: %" PRId64,
                     nextUsn, restoredUsn );
     while ( nextUsn < restoredUsn )
     {
@@ -764,7 +747,7 @@ _VmDirRestoreInstance(
     printf("Lotus instance restore succeeded.\n");
 
 cleanup:
-    _VmDirFreeCountedStringArray(ppszServerInfo, dwInfoCount);
+    VmDirFreeStrArray(ppszServerInfo);
     VmDirFreeBervalContent(&newUtdVector);
     VmDirFreeOperationContent(&op);
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
@@ -809,7 +792,7 @@ _VmDirCheckPartnerDomainFunctionalLevel(
         goto cleanup;
     }
 
-    dwError = _VmDirGetHostsInternal(&ppszServerInfo, &dwInfoCount);
+    dwError = VmDirGetHostsInternal(&ppszServerInfo, &dwInfoCount);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // No partners to compare DFL with.
@@ -902,7 +885,7 @@ _VmDirCheckPartnerDomainFunctionalLevel(
         VmDirLdapUnbind(&pPartnerLd);
     }
 
-    _VmDirFreeCountedStringArray(ppszServerInfo, dwInfoCount);
+    VmDirFreeStrArray(ppszServerInfo);
     VMDIR_SAFE_FREE_MEMORY(pszDomainName);
     return dwError;
 
@@ -946,7 +929,10 @@ InitializeVmdirdSystemEntries(
     iError = VmDirSchemaCtxAcquire(&pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(iError);
 
-    iError = InitializeSchemaEntries(pSchemaCtx);
+    iError = VmDirSchemaInitializeSubtree(pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(iError);
+
+    iError = VmDirSchemaSetSystemDefaultSecurityDescriptors();
     BAIL_ON_VMDIR_ERROR(iError);
 
     iError = InitializeCFGEntries(pSchemaCtx);
@@ -1584,6 +1570,9 @@ InitializeGlobalVars(
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
+    dwError = VmDirAllocateMutex(&gVmdirIntegrityCheck.pMutex);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
 cleanup:
 
     return dwError;
@@ -1599,41 +1588,42 @@ InitializeGlobalVars(
  * Lookup servers topology internally first. Then one of the servers
  * will be used to query uptoupdate servers topology
  */
-static
 DWORD
-_VmDirGetHostsInternal(
-    PSTR **pppszServerInfo,
-    size_t *pdwInfoCount
+VmDirGetHostsInternal(
+    PSTR**  pppszServerInfo,
+    size_t* pdwInfoCount
     )
 {
-    DWORD               dwError = 0;
-    DWORD               i = 0;
+    DWORD   dwError = 0;
+    DWORD   i = 0;
+    PSTR    pszSearchBaseDN = NULL;
     VDIR_ENTRY_ARRAY    entryArray = {0};
-    PSTR                pszSearchBaseDN = NULL;
     PVDIR_ATTRIBUTE     pAttr = NULL;
-    PSTR *ppszServerInfo = NULL;
+    PSTR*   ppszServerInfo = NULL;
 
     dwError = VmDirAllocateStringPrintf(
-                &pszSearchBaseDN,
-                "cn=Sites,cn=Configuration,%s",
-                gVmdirServerGlobals.systemDomainDN.bvnorm_val);
+            &pszSearchBaseDN,
+            "cn=Sites,cn=Configuration,%s",
+            gVmdirServerGlobals.systemDomainDN.bvnorm_val);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSimpleEqualFilterInternalSearch(
-                    pszSearchBaseDN,
-                    LDAP_SCOPE_SUBTREE,
-                    ATTR_OBJECT_CLASS,
-                    OC_DIR_SERVER,
-                    &entryArray);
+            pszSearchBaseDN,
+            LDAP_SCOPE_SUBTREE,
+            ATTR_OBJECT_CLASS,
+            OC_DIR_SERVER,
+            &entryArray);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (entryArray.iSize == 0 )
+    if (entryArray.iSize == 0)
     {
         dwError = LDAP_NO_SUCH_OBJECT;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    dwError = VmDirAllocateMemory(entryArray.iSize*sizeof(PSTR), (PVOID*)&ppszServerInfo);
+    dwError = VmDirAllocateMemory(
+            sizeof(PSTR) * (entryArray.iSize+1),
+            (PVOID*)&ppszServerInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     for (i=0; i<entryArray.iSize; i++)
@@ -1642,6 +1632,7 @@ _VmDirGetHostsInternal(
          dwError = VmDirAllocateStringA(pAttr->vals[0].lberbv.bv_val, &ppszServerInfo[i]);
          BAIL_ON_VMDIR_ERROR(dwError);
     }
+
     *pppszServerInfo = ppszServerInfo;
     *pdwInfoCount = entryArray.iSize;
 
@@ -1649,8 +1640,9 @@ _VmDirGetHostsInternal(
     VMDIR_SAFE_FREE_STRINGA(pszSearchBaseDN);
     VmDirFreeEntryArrayContent(&entryArray);
     return dwError;
+
 error:
-    _VmDirFreeCountedStringArray(ppszServerInfo, entryArray.iSize);
+    VmDirFreeStrArray(ppszServerInfo);
     goto cleanup;
 }
 
diff --git a/vmdir/server/vmdir/instance.c b/vmdir/server/vmdir/instance.c
index 95d44c48e..9447f9f97 100644
--- a/vmdir/server/vmdir/instance.c
+++ b/vmdir/server/vmdir/instance.c
@@ -220,10 +220,11 @@ VmDirSrvSetupHostInstance(
     PSTR    pszUpperCaseFQDomainName = NULL;
     PSTR    pszLowerCaseHostName = NULL;
     PSTR    pszDefaultAdminDN = NULL;
+    PSTR    pszDCClientGroupDN = NULL;
 
-    PVDIR_SCHEMA_CTX     pSchemaCtx = NULL;
-    char                 pszHostName[VMDIR_MAX_HOSTNAME_LEN];
-    VDIR_BERVALUE        bv = VDIR_BERVALUE_INIT;
+    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
+    char                pszHostName[VMDIR_MAX_HOSTNAME_LEN];
+    VDIR_BERVALUE       bv = VDIR_BERVALUE_INIT;
 
     BOOLEAN                       bInLockReplCycle = FALSE;
     PVMDIR_REPLICATION_AGREEMENT  pReplAgr = NULL;
@@ -231,299 +232,374 @@ VmDirSrvSetupHostInstance(
     PSTR                          pszUserDN = NULL;
     PCSTR                         pszUsersContainerName    = "Users";
     PSTR                          pszUsersContainerDN   = NULL; // CN=Users,<domain DN>
-    VMDIR_SECURITY_DESCRIPTOR SecDescServices = {0};
     VMDIR_SECURITY_DESCRIPTOR SecDescAnonymousRead = {0};
-    VMDIR_SECURITY_DESCRIPTOR SecDescDeletedItems = {0};
+    VMDIR_SECURITY_DESCRIPTOR SecDescNoDelete = {0};
 
-    VMDIR_LOG_INFO(VMDIR_LOG_MASK_ALL,
-                   "Setting up a host instance (%s).",
-                   VDIR_SAFE_STRING(pszFQDomainName));
+    VMDIR_LOG_INFO(
+            VMDIR_LOG_MASK_ALL,
+            "Setting up a host instance (%s).",
+            VDIR_SAFE_STRING(pszFQDomainName));
 
     if (pszSiteName)
     {
         pszSiteContainerName = pszSiteName;
     }
 
-    dwError = VmDirSchemaCtxAcquire( &pSchemaCtx );
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Construct important DNs and create the persisted DSE Root entry
 
     // Domain DN
-    dwError = VmDirSrvCreateDomainDN( pszFQDomainName, &pszDomainDN );
+    dwError = VmDirDomainNameToDN(pszFQDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Deleted objects container DN
-    dwError = VmDirSrvCreateDN( pszDelObjsContainerName, pszDomainDN, &pszDelObjsContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszDelObjsContainerName, pszDomainDN, &pszDelObjsContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Configuration container DN
-    dwError = VmDirSrvCreateDN( pszConfigContainerName, pszDomainDN, &pszConfigContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszConfigContainerName, pszDomainDN, &pszConfigContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Domain Controllers container DN
-    dwError = VmDirAllocateStringPrintf(&pszDCsContainerDN, "%s=%s,%s", ATTR_OU, pszDCsContainerName, pszDomainDN);
+    dwError = VmDirAllocateStringPrintf(
+            &pszDCsContainerDN,
+            "%s=%s,%s",
+            ATTR_OU,
+            pszDCsContainerName,
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Domain Computers container DN
-    dwError = VmDirAllocateStringPrintf(&pszComputersContainerDN, "%s=%s,%s", ATTR_OU, pszComputersContainerName, pszDomainDN);
+    dwError = VmDirAllocateStringPrintf(
+            &pszComputersContainerDN,
+            "%s=%s,%s",
+            ATTR_OU,
+            pszComputersContainerName,
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Sites container DN
-    dwError = VmDirSrvCreateDN( pszSitesContainerName, pszConfigContainerDN, &pszSitesContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszSitesContainerName, pszConfigContainerDN, &pszSitesContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Certificate-Authorities container DN
-    dwError = VmDirSrvCreateDN( pszCAContainerName, pszConfigContainerDN, &pszCAContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszCAContainerName, pszConfigContainerDN, &pszCAContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Particular site container DN
-    dwError = VmDirSrvCreateDN( pszSiteContainerName, pszSitesContainerDN, &pszSiteContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszSiteContainerName, pszSitesContainerDN, &pszSiteContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Servers within the site container DN
-    dwError = VmDirSrvCreateDN( pszServersContainerName, pszSiteContainerDN, &pszServersContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszServersContainerName, pszSiteContainerDN, &pszServersContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // This server DN
 
     // vdcpromo sets this key.
-    dwError = VmDirGetRegKeyValue( VMDIR_CONFIG_PARAMETER_KEY_PATH,
-                                   VMDIR_REG_KEY_DC_ACCOUNT,
-                                   pszHostName,
-                                   sizeof(pszHostName)-1);
+    dwError = VmDirGetRegKeyValue(
+            VMDIR_CONFIG_PARAMETER_KEY_PATH,
+            VMDIR_REG_KEY_DC_ACCOUNT,
+            pszHostName,
+            sizeof(pszHostName)-1);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocASCIIUpperToLower( pszHostName, &pszLowerCaseHostName );
+    dwError = VmDirAllocASCIIUpperToLower(
+            pszHostName, &pszLowerCaseHostName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszServersContainerDN, &pszServerDN );
+    dwError = VmDirSrvCreateDN(
+            pszLowerCaseHostName, pszServersContainerDN, &pszServerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Domain controller account DN
-    dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszDCsContainerDN, &pszDCAccountDN );
+    dwError = VmDirSrvCreateDN(
+            pszLowerCaseHostName, pszDCsContainerDN, &pszDCAccountDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Domain controller account UPN
-    dwError = VmDirAllocASCIILowerToUpper( pszFQDomainName, &pszUpperCaseFQDomainName );
+    dwError = VmDirAllocASCIILowerToUpper(
+            pszFQDomainName, &pszUpperCaseFQDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringPrintf(&pszDCAccountUPN, "%s@%s", pszLowerCaseHostName, pszUpperCaseFQDomainName );
+    dwError = VmDirAllocateStringPrintf(
+            &pszDCAccountUPN,
+            "%s@%s",
+            pszLowerCaseHostName,
+            pszUpperCaseFQDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Computer account DN
-    dwError = VmDirSrvCreateDN( pszLowerCaseHostName, pszComputersContainerDN, &pszComputerAccountDN );
+    dwError = VmDirSrvCreateDN(
+            pszLowerCaseHostName, pszComputersContainerDN, &pszComputerAccountDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Replication agreements container DN
-    dwError = VmDirSrvCreateDN( pszReplAgrsContainerName, pszServerDN, &pszReplAgrsContainerDN );
+    dwError = VmDirSrvCreateDN(
+            pszReplAgrsContainerName, pszServerDN, &pszReplAgrsContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Managed Service Accounts container DN
-    dwError = VmDirSrvCreateDN( pszMSAsContainerName, pszDomainDN, &pszMSAsDN );
+    dwError = VmDirSrvCreateDN(
+            pszMSAsContainerName, pszDomainDN, &pszMSAsDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Default administrator DN
-    dwError = VmDirAllocateStringPrintf( &pszDefaultAdminDN, "cn=%s,cn=%s,%s",
-                                             pszUsername, pszUsersContainerName, pszDomainDN );
+    dwError = VmDirAllocateStringPrintf(
+            &pszDefaultAdminDN,
+            "cn=%s,cn=%s,%s",
+            pszUsername,
+            pszUsersContainerName,
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (firstReplCycleMode != FIRST_REPL_CYCLE_MODE_USE_COPIED_DB)
     {
         // Modify persisted DSE Root entry
-        dwError = VmDirSrvModifyPersistedDSERoot( pSchemaCtx, pszDomainDN, pszConfigContainerDN, SCHEMA_NAMING_CONTEXT_DN,
-                                                  SUB_SCHEMA_SUB_ENTRY_DN, pszServerDN, pszDefaultAdminDN,
-                                                  pszDCAccountDN, pszDCAccountUPN, pszDelObjsContainerDN,
-                                                  (PSTR) pszSiteContainerName );
+        dwError = VmDirSrvModifyPersistedDSERoot(
+                pSchemaCtx,
+                pszDomainDN,
+                pszConfigContainerDN,
+                SCHEMA_NAMING_CONTEXT_DN,
+                SUB_SCHEMA_SUB_ENTRY_DN,
+                pszServerDN,
+                pszDefaultAdminDN,
+                pszDCAccountDN,
+                pszDCAccountUPN,
+                pszDelObjsContainerDN,
+                (PSTR) pszSiteContainerName);
+        BAIL_ON_VMDIR_ERROR(dwError);
     }
-    BAIL_ON_VMDIR_ERROR(dwError);
 
     // set gVmdirServerGlobals.bvDefaultAdminDN
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.bvDefaultAdminDN,
-                "%s",
-                pszDefaultAdminDN);
+            &gVmdirServerGlobals.bvDefaultAdminDN,
+            "%s",
+            pszDefaultAdminDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &gVmdirServerGlobals.bvDefaultAdminDN, pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.bvDefaultAdminDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set systemDomainDN
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.systemDomainDN,
-                "%s",
-                pszDomainDN);
+            &gVmdirServerGlobals.systemDomainDN,
+            "%s",
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &gVmdirServerGlobals.systemDomainDN, pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.systemDomainDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set serverObjDN
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.serverObjDN,
-                "%s",
-                pszServerDN);
+            &gVmdirServerGlobals.serverObjDN,
+            "%s",
+            pszServerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &gVmdirServerGlobals.serverObjDN, pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.serverObjDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set dcAccountDN
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.dcAccountDN,
-                "%s",
-                pszDCAccountDN);
+            &gVmdirServerGlobals.dcAccountDN,
+            "%s",
+            pszDCAccountDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &gVmdirServerGlobals.dcAccountDN, pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.dcAccountDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set dcAccountUPN
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.dcAccountUPN,
-                "%s",
-                pszDCAccountUPN);
+            &gVmdirServerGlobals.dcAccountUPN,
+            "%s",
+            pszDCAccountUPN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set replInterval and replPageSize
-    gVmdirServerGlobals.replInterval = VmDirStringToIA(VMDIR_DEFAULT_REPL_INTERVAL);
-    gVmdirServerGlobals.replPageSize = VmDirStringToIA(VMDIR_DEFAULT_REPL_PAGE_SIZE);
+    gVmdirServerGlobals.replInterval =
+            VmDirStringToIA(VMDIR_DEFAULT_REPL_INTERVAL);
+
+    gVmdirServerGlobals.replPageSize =
+            VmDirStringToIA(VMDIR_DEFAULT_REPL_PAGE_SIZE);
 
     // Set utdVector
     VmDirFreeBervalContent(&bv);
     bv.lberbv.bv_val = "";
     bv.lberbv.bv_len = 0;
-    dwError = VmDirBervalContentDup( &bv, &gVmdirServerGlobals.utdVector );
+
+    dwError = VmDirBervalContentDup(
+            &bv, &gVmdirServerGlobals.utdVector);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set delObjsContainerDN
     VmDirFreeBervalContent(&bv);
     bv.lberbv.bv_val = pszDelObjsContainerDN;
-    bv.lberbv.bv_len = VmDirStringLenA( bv.lberbv.bv_val );
-    dwError = VmDirBervalContentDup( &bv, &gVmdirServerGlobals.delObjsContainerDN );
+    bv.lberbv.bv_len = VmDirStringLenA(bv.lberbv.bv_val);
+
+    dwError = VmDirBervalContentDup(
+            &bv, &gVmdirServerGlobals.delObjsContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN(&gVmdirServerGlobals.delObjsContainerDN, pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.delObjsContainerDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirAllocateStringA( pszSiteContainerName, &gVmdirServerGlobals.pszSiteName);
+    dwError = VmDirAllocateStringA(
+            pszSiteContainerName, &gVmdirServerGlobals.pszSiteName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Create Administrator DN
-    dwError = VmDirSrvCreateDN( pszUsersContainerName, pszDomainDN, &pszUsersContainerDN);
+    dwError = VmDirSrvCreateDN(
+            pszUsersContainerName, pszDomainDN, &pszUsersContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateUserDN( pszUsername, pszUsersContainerDN, &pszUserDN);
+    dwError = VmDirSrvCreateUserDN(
+            pszUsername, pszUsersContainerDN, &pszUserDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set DomainControllerGroupDN for first,second+ host setup
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.bvDCGroupDN,
-                "cn=%s,cn=%s,%s",
-                VMDIR_DC_GROUP_NAME,
-                VMDIR_BUILTIN_CONTAINER_NAME,
-                pszDomainDN);
+            &gVmdirServerGlobals.bvDCGroupDN,
+            "cn=%s,cn=%s,%s",
+            VMDIR_DC_GROUP_NAME,
+            VMDIR_BUILTIN_CONTAINER_NAME,
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvDCGroupDN), pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.bvDCGroupDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set DCClientGroupDN for first,second+ host setup
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.bvDCClientGroupDN,
-                "cn=%s,cn=%s,%s",
-                VMDIR_DCCLIENT_GROUP_NAME,
-                VMDIR_BUILTIN_CONTAINER_NAME,
-                pszDomainDN);
+            &gVmdirServerGlobals.bvDCClientGroupDN,
+            "cn=%s,cn=%s,%s",
+            VMDIR_DCCLIENT_GROUP_NAME,
+            VMDIR_BUILTIN_CONTAINER_NAME,
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvDCClientGroupDN), pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.bvDCClientGroupDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // set ServicesRootDN for first,second+ host setup
     dwError = VmDirAllocateBerValueAVsnprintf(
-                &gVmdirServerGlobals.bvServicesRootDN,
-                "cn=%s,%s",
-                VMDIR_SERVICES_CONTAINER_NAME,
-                pszDomainDN);
+            &gVmdirServerGlobals.bvServicesRootDN,
+            "cn=%s,%s",
+            VMDIR_SERVICES_CONTAINER_NAME,
+            pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirNormalizeDN( &(gVmdirServerGlobals.bvServicesRootDN), pSchemaCtx);
+    dwError = VmDirNormalizeDN(
+            &gVmdirServerGlobals.bvServicesRootDN, pSchemaCtx);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (IsNullOrEmptyString(pszReplURI)) // 1st directory instance is being setup
+    // 1st directory instance is being setup
+    if (IsNullOrEmptyString(pszReplURI))
     {
-        // Set gVmdirServerGlobals.serverId FIRST, so that correct SID can be generated for the objects added subsequently.
+        // Set gVmdirServerGlobals.serverId FIRST, so that correct
+        // SID can be generated for the objects added subsequently.
         gVmdirServerGlobals.serverId = 1;
 
         dwError = VmDirSrvSetupDomainInstance(
-                    pSchemaCtx,
-                    TRUE,
-                    TRUE,
-                    pszFQDomainName,
-                    pszDomainDN,
-                    pszUsername,
-                    pszPassword,
-                    &SecDescServices,
-                    &SecDescAnonymousRead,
-                    &SecDescDeletedItems
-                    );
+                pSchemaCtx,
+                TRUE,
+                TRUE,
+                pszFQDomainName,
+                pszDomainDN,
+                pszUsername,
+                pszPassword,
+                &SecDescAnonymousRead,
+                &SecDescNoDelete);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Deleted Objects container
         dwError = VmDirSrvCreateContainerWithEID(
-                    pSchemaCtx,
-                    pszDelObjsContainerDN,
-                    pszDelObjsContainerName,
-                    &SecDescDeletedItems,
-                    DEL_ENTRY_CONTAINER_ENTRY_ID);
+                pSchemaCtx,
+                pszDelObjsContainerDN,
+                pszDelObjsContainerName,
+                &SecDescNoDelete,
+                DEL_ENTRY_CONTAINER_ENTRY_ID);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        //
         // Go back and ACL objects that were created early.
-        //
-        dwError = _VmDirAclServerObjects(&SecDescAnonymousRead, &SecDescDeletedItems);
+        dwError = _VmDirAclServerObjects(
+                &SecDescAnonymousRead, &SecDescNoDelete);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Domain Controllers container
-        dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszDCsContainerDN, pszDCsContainerName );
+        dwError = VmDirSrvCreateOUContainer(
+                pSchemaCtx, pszDCsContainerDN, pszDCsContainerName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Computers container
-        dwError = VmDirSrvCreateOUContainer( pSchemaCtx, pszComputersContainerDN, pszComputersContainerName );
+        dwError = VmDirSrvCreateOUContainer(
+                pSchemaCtx, pszComputersContainerDN, pszComputersContainerName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Managed Service Accounts container
-
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszMSAsDN, pszMSAsContainerName );
+        dwError = VmDirSrvCreateContainer(
+                pSchemaCtx, pszMSAsDN, pszMSAsContainerName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Configuration container
-        dwError = VmDirSrvCreateConfigContainer( pSchemaCtx, pszConfigContainerDN, pszConfigContainerName );
+        dwError = VmDirSrvCreateConfigContainer(
+                pSchemaCtx, pszConfigContainerDN, pszConfigContainerName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Certificate-Authorities container
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszCAContainerDN, pszCAContainerName );
+        dwError = VmDirSrvCreateConfigContainer(
+                pSchemaCtx, pszCAContainerDN, pszCAContainerName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Sites container
-        dwError = VmDirSrvCreateContainer( pSchemaCtx, pszSitesContainerDN, pszSitesContainerName );
+        dwError = VmDirSrvCreateContainer(
+                pSchemaCtx, pszSitesContainerDN, pszSitesContainerName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Site-Name container, Servers container, and THE Server object
-        dwError = VmDirSrvCreateServerObj( pSchemaCtx );
+        dwError = VmDirSrvCreateServerObj(pSchemaCtx);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-         dwError = VmDirSrvCreateContainerWithEID(
-                        pSchemaCtx,
-                        gVmdirServerGlobals.bvServicesRootDN.lberbv.bv_val,
-                        VMDIR_SERVICES_CONTAINER_NAME,
-                        &SecDescServices,
-                        0);
+        dwError = VmDirSrvCreateContainer(
+                pSchemaCtx,
+                gVmdirServerGlobals.bvServicesRootDN.lberbv.bv_val,
+                VMDIR_SERVICES_CONTAINER_NAME);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Create Replication Agreements container
-        dwError = VmDirSrvCreateReplAgrsContainer( pSchemaCtx );
+        dwError = VmDirSrvCreateReplAgrsContainer(pSchemaCtx);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAllocateStringPrintf(
+                &pszDCClientGroupDN,
+                "cn=%s,cn=%s,%s",
+                VMDIR_DCCLIENT_GROUP_NAME,
+                VMDIR_BUILTIN_CONTAINER_NAME,
+                pszDomainDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        // allow DCClients group to read (RP) system domain
+        dwError = VmDirAppendAllowAceForDn(
+                pszDomainDN,
+                pszDCClientGroupDN,
+                VMDIR_RIGHT_DS_READ_PROP);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // 1st replica => no replication agreements => 1st replication cycle done
@@ -533,11 +609,19 @@ VmDirSrvSetupHostInstance(
     }
     else
     {
-        dwError = VmDirAllocateStringPrintf( &pszReplAgrDN, "labeledURI=%s,%s", pszReplURI, pszReplAgrsContainerDN );
+        dwError = VmDirAllocateStringPrintf(
+                &pszReplAgrDN,
+                "labeledURI=%s,%s",
+                pszReplURI,
+                pszReplAgrsContainerDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirConstructReplAgr( pSchemaCtx, pszReplURI,
-                                         VMDIR_DEFAULT_REPL_LAST_USN_PROCESSED, pszReplAgrDN, &pReplAgr );
+        dwError = VmDirConstructReplAgr(
+                pSchemaCtx,
+                pszReplURI,
+                VMDIR_DEFAULT_REPL_LAST_USN_PROCESSED,
+                pszReplAgrDN,
+                &pReplAgr);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         gFirstReplCycleMode = firstReplCycleMode;
@@ -545,6 +629,7 @@ VmDirSrvSetupHostInstance(
         VMDIR_LOCK_MUTEX(bInLock, gVmdirGlobals.replAgrsMutex);
         pReplAgr->next = gVmdirReplAgrs;
         gVmdirReplAgrs = pReplAgr; // ownership transfer
+
         // wake up replication thread waiting on the existence
         // of a replication agreement.
         VmDirConditionSignal(gVmdirGlobals.replAgrsCondition);
@@ -552,12 +637,7 @@ VmDirSrvSetupHostInstance(
     }
 
 cleanup:
-
-    if (pSchemaCtx)
-    {
-        VmDirSchemaCtxRelease(pSchemaCtx);
-    }
-
+    VmDirSchemaCtxRelease(pSchemaCtx);
     VMDIR_SAFE_FREE_MEMORY(pszDomainDN);
     VMDIR_SAFE_FREE_MEMORY(pszDelObjsContainerDN);
     VMDIR_SAFE_FREE_MEMORY(pszConfigContainerDN);
@@ -580,60 +660,17 @@ VmDirSrvSetupHostInstance(
     VMDIR_SAFE_FREE_MEMORY(pszDefaultAdminDN);
     VMDIR_SAFE_FREE_MEMORY(pszLowerCaseHostName);
     VMDIR_SAFE_FREE_MEMORY(SecDescAnonymousRead.pSecDesc);
-    VMDIR_SAFE_FREE_MEMORY(SecDescServices.pSecDesc);
-    VMDIR_SAFE_FREE_MEMORY(SecDescDeletedItems.pSecDesc);
-
+    VMDIR_SAFE_FREE_MEMORY(SecDescNoDelete.pSecDesc);
+    VMDIR_SAFE_FREE_MEMORY(pszDCClientGroupDN);
     VmDirFreeBervalContent(&bv);
-
     return dwError;
 
 error:
-    VmDirLog(LDAP_DEBUG_ANY, "VmDirSrvSetupHostInstance failed. Error(%u)", dwError);
-    goto cleanup;
-}
+    VMDIR_LOG_ERROR(
+            LDAP_DEBUG_ANY,
+            "VmDirSrvSetupHostInstance failed. Error(%u)",
+            dwError);
 
-DWORD
-_VmDirAclRootDomainObject(
-    PCSTR pszDn,
-    PCSTR pszUserDn,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
-    )
-{
-    DWORD dwError = 0;
-    PVDIR_ENTRY pEntry = NULL;
-    PSECURITY_DESCRIPTOR_RELATIVE pCurrentSecDesc = NULL;
-    ULONG ulLength = 0;
-
-    dwError = VmDirSimpleDNToEntry(pszDn, &pEntry);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGetSecurityDescriptorForEntry(
-                pEntry,
-                OWNER_SECURITY_INFORMATION |
-                    GROUP_SECURITY_INFORMATION |
-                    DACL_SECURITY_INFORMATION |
-                    SACL_SECURITY_INFORMATION,
-                    &pCurrentSecDesc,
-                    &ulLength);
-    if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
-    {
-        dwError = VmDirSetSecurityDescriptorForDn(pszDn, pSecDesc);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else if (dwError == ERROR_SUCCESS)
-    {
-        dwError = VmDirAddAceToSecurityDescriptor(pEntry, pCurrentSecDesc, pszUserDn, VMDIR_RIGHT_DS_READ_PROP | VMDIR_RIGHT_DS_DELETE_OBJECT);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-    else
-    {
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-cleanup:
-    VMDIR_SAFE_FREE_MEMORY(pCurrentSecDesc);
-    VmDirFreeEntry(pEntry);
-    return dwError;
-error:
     goto cleanup;
 }
 
@@ -649,42 +686,70 @@ _VmDirAclRootDomainObject(
 //
 DWORD
 _VmDirAclDomainObjects(
-    PCSTR pszDomainDN,
-    PCSTR pszAdminUserDn, // DN of the admin user for the domain being created.
-    PVMDIR_SECURITY_DESCRIPTOR pSecDesc
+    PCSTR                       pszLeafDomainDN,
+    PCSTR                       pszAdminUserDn, // DN of the admin user for the domain being created.
+    PVMDIR_SECURITY_DESCRIPTOR  pSecDesc
     )
 {
-    DWORD dwError = 0;
-    int i = 0;
-    int startOfRdnInd = 0;
-    BOOLEAN bAcledRootObject = FALSE; // Have we already ACL'ed the root domain object?
-
-    for (i = (int)VmDirStringLenA(pszDomainDN) - 1; i >= 0; --i)
+    DWORD   dwError = 0;
+    int     i = 0, j = 0;
+    ULONG   ulLength = 0;
+    PCSTR   pszDomainDN = NULL;
+    PVDIR_ENTRY pDomainEntry = NULL;
+    PSECURITY_DESCRIPTOR_RELATIVE   pCurSecDesc = NULL;
+
+    SECURITY_INFORMATION    SecInfoAll =
+            OWNER_SECURITY_INFORMATION |
+            GROUP_SECURITY_INFORMATION |
+            DACL_SECURITY_INFORMATION |
+            SACL_SECURITY_INFORMATION;
+
+    for (i = (int)VmDirStringLenA(pszLeafDomainDN) - 1; i >= 0; --i)
     {
-        if (i == 0 || pszDomainDN[i] == RDN_SEPARATOR_CHAR)
+        if (i == 0 || pszLeafDomainDN[i] == RDN_SEPARATOR_CHAR)
         {
-            startOfRdnInd = (i == 0) ? 0 : i + 1 /* for , */;
-            if (!bAcledRootObject)
+            j = (i == 0) ? 0 : i + 1 /* for , */;
+            pszDomainDN = pszLeafDomainDN + j;
+
+            VmDirFreeEntry(pDomainEntry);
+            dwError = VmDirSimpleDNToEntry(pszDomainDN, &pDomainEntry);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            VMDIR_SAFE_FREE_MEMORY(pCurSecDesc);
+            dwError = VmDirGetSecurityDescriptorForEntry(
+                    pDomainEntry, SecInfoAll, &pCurSecDesc, &ulLength);
+
+            if (dwError == VMDIR_ERROR_NO_SECURITY_DESCRIPTOR)
             {
-                dwError = _VmDirAclRootDomainObject(
-                            pszDomainDN + startOfRdnInd,
-                            pszAdminUserDn,
-                            pSecDesc);
+                // if it does not exist, set new SD
+                dwError = VmDirSetSecurityDescriptorForDn(pszDomainDN, pSecDesc);
                 BAIL_ON_VMDIR_ERROR(dwError);
-
-                bAcledRootObject = TRUE;
             }
-            else
+            else if (dwError == 0)
             {
-                dwError = VmDirSetSecurityDescriptorForDn(pszDomainDN + startOfRdnInd, pSecDesc);
+                // if it already exists, update SD with ace for the new admin
+                dwError = VmDirAppendAllowAceForDn(
+                        pszDomainDN,
+                        pszAdminUserDn,
+                        VMDIR_RIGHT_DS_READ_PROP | VMDIR_RIGHT_DS_DELETE_OBJECT);
+                BAIL_ON_VMDIR_ERROR(dwError);
             }
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
 
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pCurSecDesc);
+    VmDirFreeEntry(pDomainEntry);
     return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -697,9 +762,8 @@ VmDirSrvSetupDomainInstance(
     PCSTR            pszDomainDN,
     PCSTR            pszUsername,
     PCSTR            pszPassword,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDescServicesOut, // OPTIONAL
-    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousReadOut, // OPTIONAL
-    PVMDIR_SECURITY_DESCRIPTOR pSecDescDeletedObjectsOut // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousReadOut,    // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescNoDeleteOut          // OPTIONAL
     )
 {
     DWORD dwError = 0;
@@ -727,14 +791,12 @@ VmDirSrvSetupDomainInstance(
     VMDIR_SECURITY_DESCRIPTOR SecDescNoDelete = {0};
     VMDIR_SECURITY_DESCRIPTOR SecDescNoDeleteChild = {0};
     VMDIR_SECURITY_DESCRIPTOR SecDescAnonymousRead = {0};
-    VMDIR_SECURITY_DESCRIPTOR SecDescServices = {0};
     VMDIR_SECURITY_DESCRIPTOR SecDescDomain = {0};
     PSTR pszAdminSid = NULL;
     PSTR pszBuiltInUsersGroupSid = NULL;
     PSTR pszAdminsGroupSid = NULL;
     PSTR pszDomainAdminsGroupSid = NULL;
     PSTR pszDomainClientsGroupSid = NULL;
-    PSTR pszUsersGroupSid = NULL;
     PSTR pszKrbtgtSid = NULL;
     PSTR pszAdminUserKrbUPN = NULL;
 
@@ -745,26 +807,32 @@ VmDirSrvSetupDomainInstance(
 
     // Create Users container
 
-    dwError = VmDirSrvCreateDN( pszUsersContainerName, pszDomainDN, &pszUsersContainerDN);
+    dwError = VmDirSrvCreateDN(
+            pszUsersContainerName, pszDomainDN, &pszUsersContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateContainer( pSchemaCtx, pszUsersContainerDN, pszUsersContainerName);
+    dwError = VmDirSrvCreateContainer(
+            pSchemaCtx, pszUsersContainerDN, pszUsersContainerName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Create Builtin container
 
-    dwError = VmDirSrvCreateDN( pszBuiltInContainerName, pszDomainDN, &pszBuiltInContainerDN);
+    dwError = VmDirSrvCreateDN(
+            pszBuiltInContainerName, pszDomainDN, &pszBuiltInContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateBuiltinContainer( pSchemaCtx, pszBuiltInContainerDN, pszBuiltInContainerName );
+    dwError = VmDirSrvCreateBuiltinContainer(
+            pSchemaCtx, pszBuiltInContainerDN, pszBuiltInContainerName );
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Create ForeignSecurityPrincipals container
 
-    dwError = VmDirSrvCreateDN( pszFSPsContainerName, pszDomainDN, &pszFSPsContainerDN);
+    dwError = VmDirSrvCreateDN(
+            pszFSPsContainerName, pszDomainDN, &pszFSPsContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateContainer( pSchemaCtx, pszFSPsContainerDN, pszFSPsContainerName);
+    dwError = VmDirSrvCreateContainer(
+            pSchemaCtx, pszFSPsContainerDN, pszFSPsContainerName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (bSetupHost)
@@ -773,57 +841,67 @@ VmDirSrvSetupDomainInstance(
         if (bFirstNodeBootstrap)
         {
             dwError = VmDirGenerateWellknownSid(
-                        pszDomainDN,
-                        VMDIR_DOMAIN_KRBTGT_RID,
-                        &pszKrbtgtSid);
+                    pszDomainDN,
+                    VMDIR_DOMAIN_KRBTGT_RID,
+                    &pszKrbtgtSid);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             dwError = VmDirSrvInitKrb(
-                        pSchemaCtx,
-                        pszFQDomainName,
-                        pszDomainDN,
-                        pszKrbtgtSid,
-                        &pszTgtDN,
-                        &pszKMDN);
+                    pSchemaCtx,
+                    pszFQDomainName,
+                    pszDomainDN,
+                    pszKrbtgtSid,
+                    &pszTgtDN,
+                    &pszKMDN);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             // prepare administrator krb UPN for the very first node
             dwError = VmDirAllocateStringPrintf(
-                            &pszAdminUserKrbUPN,
-                            "%s@%s",
-                            pszUsername,
-                            gVmdirKrbGlobals.pszRealm);
+                    &pszAdminUserKrbUPN,
+                    "%s@%s",
+                    pszUsername,
+                    gVmdirKrbGlobals.pszRealm);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
     else
-    {   // setup tenant scenario.
-        // Though we only support system domain kdc, we need UPN for SRP to function.
-        dwError = VmDirKrbRealmNameNormalize(pszFQDomainName, &pszTenantRealmName);
+    {   // Setup tenant scenario. Although we only support system domain kdc,
+        // we need UPN for SRP to function.
+        dwError = VmDirKrbRealmNameNormalize(
+                pszFQDomainName, &pszTenantRealmName);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         dwError = VmDirAllocateStringPrintf(
-                        &pszAdminUserKrbUPN,
-                        "%s@%s",
-                        pszUsername,
-                        pszTenantRealmName);
+                &pszAdminUserKrbUPN,
+                "%s@%s",
+                pszUsername,
+                pszTenantRealmName);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     // Create Admin user
 
-    dwError = VmDirSrvCreateUserDN( pszUsername, pszUsersContainerDN, &pszUserDN);
+    dwError = VmDirSrvCreateUserDN(
+            pszUsername, pszUsersContainerDN, &pszUserDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_USER_RID_ADMIN,
-                                        &pszAdminSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN,
+            VMDIR_DOMAIN_USER_RID_ADMIN,
+            &pszAdminSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateUser( pSchemaCtx,
-                                  (bSetupHost && bFirstNodeBootstrap) ? DEFAULT_ADMINISTRATOR_ENTRY_ID : 0,
-                                  pszUsername, pszUsername, pszFQDomainName, pszUsername, pszPassword,
-                                  pszUserDN, pszAdminSid, pszAdminUserKrbUPN);
+    dwError = VmDirSrvCreateUser(
+            pSchemaCtx,
+            (bSetupHost && bFirstNodeBootstrap) ? DEFAULT_ADMINISTRATOR_ENTRY_ID : 0,
+            pszUsername,
+            pszUsername,
+            pszFQDomainName,
+            pszUsername,
+            pszPassword,
+            pszUserDN,
+            pszAdminSid,
+            pszAdminUserKrbUPN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSetAdministratorPasswordNeverExpires();
@@ -831,50 +909,56 @@ VmDirSrvSetupDomainInstance(
 
     // Create BuiltInUsers group
 
-    dwError = VmDirAllocateStringPrintf( &pszBuiltInUsersGroupDN, "cn=%s,%s", pszBuiltInUsersGroupName,
-                                             pszBuiltInContainerDN);
+    dwError = VmDirAllocateStringPrintf(
+            &pszBuiltInUsersGroupDN,
+            "cn=%s,%s",
+            pszBuiltInUsersGroupName,
+            pszBuiltInContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_USERS,
-                                        &pszBuiltInUsersGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN,
+            VMDIR_DOMAIN_ALIAS_RID_USERS,
+            &pszBuiltInUsersGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    //
     // Create the user group for tenant setup or for first host setup.
-    //
     if (bSetupHost == FALSE || bFirstNodeBootstrap == TRUE)
     {
-        dwError = VmDirSrvCreateBuiltInUsersGroup( pSchemaCtx, pszBuiltInUsersGroupName,
-                                                   pszBuiltInUsersGroupDN, pszUserDN,
-                                                   pszBuiltInUsersGroupSid);
+        dwError = VmDirSrvCreateBuiltInUsersGroup(
+                pSchemaCtx,
+                pszBuiltInUsersGroupName,
+                pszBuiltInUsersGroupDN,
+                pszUserDN,
+                pszBuiltInUsersGroupSid);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     // Create BuiltInAdministrators group
 
-    dwError = VmDirAllocateStringPrintf( &pszBuiltInAdministratorsGroupDN, "cn=%s,%s",
-                                             pszBuiltInAdministratorsGroupName, pszBuiltInContainerDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_ADMINS,
-                                        &pszAdminsGroupSid);
+    dwError = VmDirAllocateStringPrintf(
+            &pszBuiltInAdministratorsGroupDN,
+            "cn=%s,%s",
+            pszBuiltInAdministratorsGroupName,
+            pszBuiltInContainerDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ADMINS_RID,
-                                        &pszDomainAdminsGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN,
+            VMDIR_DOMAIN_ALIAS_RID_ADMINS,
+            &pszAdminsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_CLIENTS_RID,
-                                        &pszDomainClientsGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN,
+            VMDIR_DOMAIN_ADMINS_RID,
+            &pszDomainAdminsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirGenerateWellknownSid(pszDomainDN,
-                                        VMDIR_DOMAIN_ALIAS_RID_USERS,
-                                        &pszUsersGroupSid);
+    dwError = VmDirGenerateWellknownSid(
+            pszDomainDN,
+            VMDIR_DOMAIN_CLIENTS_RID,
+            &pszDomainClientsGroupSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     //
@@ -882,9 +966,12 @@ VmDirSrvSetupDomainInstance(
     //
     if (bSetupHost == FALSE || bFirstNodeBootstrap == TRUE)
     {
-        dwError = VmDirSrvCreateBuiltInAdminGroup( pSchemaCtx, pszBuiltInAdministratorsGroupName,
-                                                   pszBuiltInAdministratorsGroupDN, pszUserDN,
-                                                   pszAdminsGroupSid );
+        dwError = VmDirSrvCreateBuiltInAdminGroup(
+                pSchemaCtx,
+                pszBuiltInAdministratorsGroupName,
+                pszBuiltInAdministratorsGroupDN,
+                pszUserDN,
+                pszAdminsGroupSid );
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -895,44 +982,50 @@ VmDirSrvSetupDomainInstance(
     if ( bSetupHost && bFirstNodeBootstrap )
     {
         // create DCAdmins Group
-        dwError = VmDirAllocateStringPrintf( &pszDCGroupDN,
-                                                 "cn=%s,%s",
-                                                 VMDIR_DC_GROUP_NAME,
-                                                 pszBuiltInContainerDN);
+        dwError = VmDirAllocateStringPrintf(
+                &pszDCGroupDN,
+                "cn=%s,%s",
+                VMDIR_DC_GROUP_NAME,
+                pszBuiltInContainerDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = _VmDirSrvCreateBuiltInGroup( pSchemaCtx,
-                                               VMDIR_DC_GROUP_NAME,
-                                               pszDomainAdminsGroupSid,
-                                               pszDCGroupDN);
+        dwError = _VmDirSrvCreateBuiltInGroup(
+                pSchemaCtx,
+                VMDIR_DC_GROUP_NAME,
+                pszDomainAdminsGroupSid,
+                pszDCGroupDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // create DCClients Group
-        dwError = VmDirAllocateStringPrintf( &pszDCClientGroupDN,
-                                                 "cn=%s,%s",
-                                                 VMDIR_DCCLIENT_GROUP_NAME,
-                                                 pszBuiltInContainerDN);
+        dwError = VmDirAllocateStringPrintf(
+                &pszDCClientGroupDN,
+                "cn=%s,%s",
+                VMDIR_DCCLIENT_GROUP_NAME,
+                pszBuiltInContainerDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = _VmDirSrvCreateBuiltInGroup( pSchemaCtx,
-                                               VMDIR_DCCLIENT_GROUP_NAME,
-                                               pszDomainClientsGroupSid,
-                                               pszDCClientGroupDN);
+        dwError = _VmDirSrvCreateBuiltInGroup(
+                pSchemaCtx,
+                VMDIR_DCCLIENT_GROUP_NAME,
+                pszDomainClientsGroupSid,
+                pszDCClientGroupDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // create CertAdmins Group
-        dwError = VmDirAllocateStringPrintf( &pszCertGroupDN,
-                                                 "cn=%s,%s",
-                                                 VMDIR_CERT_GROUP_NAME,
-                                                 pszBuiltInContainerDN);
+        dwError = VmDirAllocateStringPrintf(
+                &pszCertGroupDN,
+                "cn=%s,%s",
+                VMDIR_CERT_GROUP_NAME,
+                pszBuiltInContainerDN);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = _VmDirSrvCreateBuiltInCertGroup( pSchemaCtx,
-                                                   VMDIR_CERT_GROUP_NAME,
-                                                   pszCertGroupDN,
-                                                   pszUserDN,           // member: default administrator
-                                                   pszDCGroupDN,        // member: DCAdmins group
-                                                   pszDCClientGroupDN); // member: DCClients group
+        dwError = _VmDirSrvCreateBuiltInCertGroup(
+                pSchemaCtx,
+                VMDIR_CERT_GROUP_NAME,
+                pszCertGroupDN,
+                pszUserDN,           // member: default administrator
+                pszDCGroupDN,        // member: DCAdmins group
+                pszDCClientGroupDN); // member: DCClients group
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -944,8 +1037,7 @@ VmDirSrvSetupDomainInstance(
                 pszUserDN,
                 pszAdminsGroupSid,
                 pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
+                FALSE,
                 FALSE,
                 FALSE,
                 FALSE,
@@ -964,12 +1056,11 @@ VmDirSrvSetupDomainInstance(
                 pszUserDN,
                 pszAdminsGroupSid,
                 pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
                 TRUE,
                 FALSE,
                 FALSE,
                 FALSE,
+                FALSE,
                 &SecDescNoDelete);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -985,8 +1076,7 @@ VmDirSrvSetupDomainInstance(
                 pszUserDN,
                 pszAdminsGroupSid,
                 pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
+                FALSE,
                 FALSE,
                 FALSE,
                 FALSE,
@@ -999,10 +1089,9 @@ VmDirSrvSetupDomainInstance(
                 pszUserDN,
                 pszAdminsGroupSid,
                 pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
                 FALSE,
                 TRUE,
+                TRUE,
                 FALSE,
                 FALSE,
                 &SecDescAnonymousRead);
@@ -1013,23 +1102,8 @@ VmDirSrvSetupDomainInstance(
                 pszUserDN,
                 pszAdminsGroupSid,
                 pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
-                FALSE,
-                FALSE,
                 TRUE,
                 FALSE,
-                &SecDescServices);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateSecurityDescriptor(
-                VMDIR_ENTRY_ALL_ACCESS,
-                pszUserDN,
-                pszAdminsGroupSid,
-                pszDomainAdminsGroupSid,
-                pszDomainClientsGroupSid,
-                pszUsersGroupSid,
-                TRUE,
                 FALSE,
                 FALSE,
                 !bSetupHost,
@@ -1040,87 +1114,90 @@ VmDirSrvSetupDomainInstance(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set SD for the administrator object
-    dwError = VmDirSetSecurityDescriptorForDn(pszUserDN, &SecDescNoDelete);
+    dwError = VmDirAppendSecurityDescriptorForDn(
+            pszUserDN, &SecDescNoDelete, TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    //
     // Set SD for Users container
-    //
-    dwError = VmDirSetSecurityDescriptorForDn(pszUsersContainerDN, &SecDescNoDeleteChild);
+    dwError = VmDirAppendSecurityDescriptorForDn(
+            pszUsersContainerDN, &SecDescNoDeleteChild, TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    //
     // Set SD for Builtin container
-    //
-    dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInContainerDN, &SecDescNoDelete);
+    dwError = VmDirAppendSecurityDescriptorForDn(
+            pszBuiltInContainerDN, &SecDescNoDelete, TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set SD for ForeignSecurityPrincipals container
-
-    dwError = VmDirSetSecurityDescriptorForDn(pszFSPsContainerDN, &SecDescFullAccess);
+    dwError = VmDirAppendSecurityDescriptorForDn(
+            pszFSPsContainerDN, &SecDescFullAccess, TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     if (bSetupHost == FALSE || bFirstNodeBootstrap == TRUE)
     {
         // Set SD for BuiltInUsers group
-
-        dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInUsersGroupDN, &SecDescNoDelete);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszBuiltInUsersGroupDN, &SecDescNoDelete, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Set SD for BuiltInAdministrators group
-
-        dwError = VmDirSetSecurityDescriptorForDn(pszBuiltInAdministratorsGroupDN, &SecDescNoDelete);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszBuiltInAdministratorsGroupDN, &SecDescNoDelete, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     if (bSetupHost && bFirstNodeBootstrap)
     {
         // Set SD for BuiltIn DC group
-        dwError = VmDirSetSecurityDescriptorForDn(pszDCGroupDN, &SecDescNoDelete);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszDCGroupDN, &SecDescNoDelete, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Set SD for BuiltIn DCClients group
-        dwError = VmDirSetSecurityDescriptorForDn(pszDCClientGroupDN, &SecDescNoDelete);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszDCClientGroupDN, &SecDescNoDelete, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Set SD for BuiltIn Cert group
-        dwError = VmDirSetSecurityDescriptorForDn(pszCertGroupDN, &SecDescNoDelete);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszCertGroupDN, &SecDescNoDelete, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         // Set SD for kerberos users
-        dwError = VmDirSetSecurityDescriptorForDn(pszTgtDN, &SecDescFullAccess);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszTgtDN, &SecDescFullAccess, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
 
-        dwError = VmDirSetSecurityDescriptorForDn(pszKMDN, &SecDescFullAccess);
+        dwError = VmDirAppendSecurityDescriptorForDn(
+                pszKMDN, &SecDescFullAccess, TRUE);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
     // Create default password and lockout policy
-    dwError = VmDirSrvCreateDN(PASSWD_LOCKOUT_POLICY_DEFAULT_CN, pszDomainDN, &pszDefaultPasswdLockoutPolicyDN);
+    dwError = VmDirSrvCreateDN(
+            PASSWD_LOCKOUT_POLICY_DEFAULT_CN,
+            pszDomainDN,
+            &pszDefaultPasswdLockoutPolicyDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDefaultPasswdPolicy(pSchemaCtx, pszDefaultPasswdLockoutPolicyDN);
+    dwError = VmDirSrvCreateDefaultPasswdPolicy(
+            pSchemaCtx, pszDefaultPasswdLockoutPolicyDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     // Set SD for Password lockout policy object
-    dwError = VmDirSetSecurityDescriptorForDn(pszDefaultPasswdLockoutPolicyDN, &SecDescFullAccess);
+    dwError = VmDirSetSecurityDescriptorForDn(
+            pszDefaultPasswdLockoutPolicyDN, &SecDescFullAccess);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    if (pSecDescServicesOut != NULL)
-    {
-        *pSecDescServicesOut = SecDescServices;
-        SecDescServices.pSecDesc = NULL;
-    }
-
-    if (pSecDescAnonymousReadOut != NULL)
+    if (pSecDescAnonymousReadOut)
     {
         *pSecDescAnonymousReadOut = SecDescAnonymousRead;
         SecDescAnonymousRead.pSecDesc = NULL;
     }
 
-    if (pSecDescDeletedObjectsOut != NULL)
+    if (pSecDescNoDeleteOut)
     {
-        *pSecDescDeletedObjectsOut = SecDescNoDelete;
+        *pSecDescNoDeleteOut = SecDescNoDelete;
         SecDescNoDelete.pSecDesc = NULL;
     }
 
@@ -1142,7 +1219,6 @@ VmDirSrvSetupDomainInstance(
     VMDIR_SAFE_FREE_MEMORY(SecDescNoDelete.pSecDesc);
     VMDIR_SAFE_FREE_MEMORY(SecDescNoDeleteChild.pSecDesc);
     VMDIR_SAFE_FREE_MEMORY(SecDescAnonymousRead.pSecDesc);
-    VMDIR_SAFE_FREE_MEMORY(SecDescServices.pSecDesc);
     VMDIR_SAFE_FREE_MEMORY(SecDescDomain.pSecDesc);
 
     VMDIR_SAFE_FREE_MEMORY(pszAdminSid);
@@ -1150,7 +1226,6 @@ VmDirSrvSetupDomainInstance(
     VMDIR_SAFE_FREE_MEMORY(pszAdminsGroupSid);
     VMDIR_SAFE_FREE_MEMORY(pszDomainAdminsGroupSid);
     VMDIR_SAFE_FREE_MEMORY(pszDomainClientsGroupSid);
-    VMDIR_SAFE_FREE_MEMORY(pszUsersGroupSid);
     VMDIR_SAFE_FREE_STRINGA(pszKrbtgtSid);
     VMDIR_SAFE_FREE_MEMORY(pszAdminUserKrbUPN);
     VMDIR_SAFE_FREE_MEMORY(pszTgtDN);
@@ -1159,7 +1234,11 @@ VmDirSrvSetupDomainInstance(
     return dwError;
 
 error:
-    VmDirLog(LDAP_DEBUG_ANY, "VmDirSrvSetupDomainInstance failed. Error(%u)", dwError);
+    VMDIR_LOG_ERROR(
+            LDAP_DEBUG_ANY,
+            "VmDirSrvSetupDomainInstance failed. Error(%u)",
+            dwError);
+
     goto cleanup;
 }
 
@@ -1429,10 +1508,14 @@ VmDirSrvCreateUser(
     }
 
 cleanup:
-
     return dwError;
 
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -1465,9 +1548,17 @@ VmDirSrvCreateBuiltInUsersGroup(
                     0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+cleanup:
+    return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    return dwError;
+    goto cleanup;
 }
 
 static
@@ -1498,9 +1589,17 @@ VmDirSrvCreateBuiltInAdminGroup(
                     0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+cleanup:
+    return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    return dwError;
+    goto cleanup;
 }
 
 static
@@ -1529,9 +1628,17 @@ _VmDirSrvCreateBuiltInGroup(
                     0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+cleanup:
+    return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    return dwError;
+    goto cleanup;
 }
 
 static
@@ -1564,9 +1671,17 @@ _VmDirSrvCreateBuiltInCertGroup(
                     0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+cleanup:
+    return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    return dwError;
+    goto cleanup;
 }
 
 static
@@ -1608,9 +1723,17 @@ VmDirSrvCreateDefaultPasswdPolicy(
                     0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+cleanup:
+    return dwError;
+
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
-    return dwError;
+    goto cleanup;
 }
 
 static
@@ -1746,7 +1869,6 @@ VmDirSrvInitKrb(
     pszKMDN = NULL;
 
 cleanup:
-
     VMDIR_SAFE_FREE_MEMORY(pMasterKey);
     VMDIR_SAFE_FREE_MEMORY(pEncMasterKey);
     VMDIR_SAFE_FREE_MEMORY(pszTgtUPN);
@@ -1757,9 +1879,14 @@ VmDirSrvInitKrb(
     VMDIR_SAFE_FREE_MEMORY(pszRealmName);
     VMDIR_SAFE_FREE_MEMORY(pszKMDN);
     VMDIR_SAFE_FREE_MEMORY(pszTgtDN);
-
     return dwError;
 
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
diff --git a/vmdir/server/vmdir/integritychk.c b/vmdir/server/vmdir/integritychk.c
new file mode 100644
index 000000000..148c55180
--- /dev/null
+++ b/vmdir/server/vmdir/integritychk.c
@@ -0,0 +1,958 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+/*
+ * Module Name: Integrity Checking Thread
+ *
+ */
+
+#include "includes.h"
+
+static
+DWORD
+_VmDirIntegrityCheckingThreadFun(
+    PVOID pArg
+    );
+
+static
+DWORD
+_VmDirIntegrityCheckJobStart(
+    PVMDIR_INTEGRITY_JOB pJob
+    );
+
+static
+DWORD
+_VmDirIntegrityCheckJobRecheck(
+    PVMDIR_INTEGRITY_JOB    pJob
+    );
+
+static
+VOID
+_VmDirIntegrityCheckEntry(
+    PVMDIR_INTEGRITY_JOB    pJob,
+    PVDIR_ENTRY             pEntry
+    );
+
+static
+VOID
+_VmDirIntegrityCheckFreeJobResource(
+    PVMDIR_INTEGRITY_JOB    pJob
+    );
+
+static
+VOID
+_VmDirIntegrityCheckFreeJobContent(
+    PVMDIR_INTEGRITY_JOB    pJob
+    );
+
+static
+DWORD
+_VmDirInitIntegrityCheckThread(
+    PVMDIR_INTEGRITY_JOB    pGlobalJob
+    );
+
+static
+DWORD
+_VmDirIntegrityCheckComposeStatus(
+    PVMDIR_INTEGRITY_JOB    pJob,
+    PVDIR_ENTRY*            ppEntry
+    );
+
+/*
+ *  Job state machine                          | -------> STOP
+ *                            | -----> START   | -------> INVALID
+ *  NONE -----> START -----> FINISH -----> RECHECK -----> FINISH
+ *                |--------> INVALID
+ *                |--------> STOP -------> INVALID -----> START
+ *
+ */
+DWORD
+VmDirIntegrityCheckStart(
+    VMDIR_INTEGRITY_CHECK_JOB_STATE jobState
+    )
+{
+    DWORD       dwError = 0;
+    BOOLEAN     bInLock = FALSE;
+    CHAR        finishedTimebuf[MAX_PATH] = {0};
+
+    VMDIR_LOCK_MUTEX(bInLock, gVmdirIntegrityCheck.pMutex);
+
+    if (gVmdirIntegrityCheck.pJob == NULL)
+    {
+        dwError = VmDirAllocateMemory(sizeof(VMDIR_INTEGRITY_JOB), (PVOID*)&gVmdirIntegrityCheck.pJob);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    // bail if not in running state
+    if (gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_START   ||
+        gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_RECHECK
+       )
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNWILLING_TO_PERFORM);
+    }
+
+    if (jobState != INTEGRITY_CHECK_JOB_START   &&
+        jobState != INTEGRITY_CHECK_JOB_RECHECK
+       )
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_REQUEST);
+    }
+
+    // bail if recheck w/o finished job
+    if (jobState == INTEGRITY_CHECK_JOB_RECHECK &&
+        gVmdirIntegrityCheck.pJob->state != INTEGRITY_CHECK_JOB_FINISH
+       )
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_REQUEST);
+    }
+
+    dwError = VmDirCopyMemory(finishedTimebuf, MAX_PATH, gVmdirIntegrityCheck.pJob->finishedTimebuf, MAX_PATH);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    _VmDirIntegrityCheckFreeJobContent(gVmdirIntegrityCheck.pJob);
+
+    dwError = VmDirCopyMemory(gVmdirIntegrityCheck.pJob->finishedTimebuf, MAX_PATH, finishedTimebuf, MAX_PATH);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    gVmdirIntegrityCheck.pJob->state = jobState;
+    _VmDirInitIntegrityCheckThread(gVmdirIntegrityCheck.pJob);
+
+error:
+    VMDIR_UNLOCK_MUTEX(bInLock, gVmdirIntegrityCheck.pMutex);
+
+    return dwError;
+}
+
+VOID
+VmDirIntegrityCheckStop(
+    VOID
+    )
+{
+    BOOLEAN     bInLock = FALSE;
+
+    VMDIR_LOCK_MUTEX(bInLock, gVmdirIntegrityCheck.pMutex);
+
+    if (gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_START ||
+        gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_RECHECK
+       )
+    {
+        gVmdirIntegrityCheck.pJob->state = INTEGRITY_CHECK_JOB_STOP;
+    }
+
+    VMDIR_UNLOCK_MUTEX(bInLock, gVmdirIntegrityCheck.pMutex);
+
+    return;
+}
+
+DWORD
+VmDirIntegrityCheckShowStatus(
+    PVDIR_ENTRY*    ppEntry
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bInLock = FALSE;
+
+    if (!ppEntry)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    VMDIR_LOCK_MUTEX(bInLock, gVmdirIntegrityCheck.pMutex);
+
+    if ( gVmdirIntegrityCheck.pJob &&
+         ( gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_START    ||
+           gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_RECHECK  ||
+           gVmdirIntegrityCheck.pJob->state == INTEGRITY_CHECK_JOB_FINISH
+         )
+       )
+    {
+        // still running or finished, compose status
+        dwError = _VmDirIntegrityCheckComposeStatus(gVmdirIntegrityCheck.pJob, ppEntry);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+error:
+    VMDIR_UNLOCK_MUTEX(bInLock, gVmdirIntegrityCheck.pMutex);
+
+    return dwError;
+}
+
+
+/*
+ * Generate entry digest
+ * Only cover application attributes for now.
+ *
+ * TODO: We would have a way to cover replication related meta data to ensure replication algorithm integrity as well.
+ */
+DWORD
+VmDirEntrySHA1Digest(
+    PVDIR_ENTRY pEntry,
+    PSTR        pOutSH1DigestBuf
+    )
+{
+    DWORD           dwError = 0;
+    PVDIR_ATTRIBUTE pAttr = NULL;
+    DWORD           dwSize = 0;
+    DWORD           dwSizeLimit = 128;
+    unsigned        dwCnt = 0;
+    SHA_CTX         shaCtx = {0};
+    char            sha1Digest[SHA_DIGEST_LENGTH] = {0};
+    VDIR_BERVALUE** ppVdirBV = NULL;
+
+
+    if (!pEntry || !pOutSH1DigestBuf)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateMemory(sizeof(PVDIR_BERVALUE)*dwSizeLimit, (PVOID)&ppVdirBV);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (pAttr = pEntry->attrs; pAttr; pAttr = pAttr->next)
+    {
+        for (dwCnt = 0;
+            pAttr->pATDesc->usage == VDIR_LDAP_USER_APPLICATIONS_ATTRIBUTE && dwCnt < pAttr->numVals;
+            dwCnt++)
+        {
+            if (dwSize+1 == dwSizeLimit)
+            {
+                dwSizeLimit *= 2;
+                dwError = VmDirReallocateMemoryWithInit(
+                                ppVdirBV,
+                                (PVOID*)&ppVdirBV,
+                                (dwSizeLimit) * sizeof(PVDIR_BERVALUE),
+                                (dwSizeLimit/2) * sizeof(PVDIR_BERVALUE));
+                BAIL_ON_VMDIR_ERROR(dwError);
+            }
+
+            ppVdirBV[dwSize++] = pAttr->vals+dwCnt;
+        }
+    }
+
+    // compact entry structure may not be in exact order across nodes, sort values before digesting.
+    qsort(ppVdirBV, dwSize, sizeof(PVDIR_BERVALUE), VmDirPVdirBValCmp);
+
+    SHA1_Init(&shaCtx);
+
+    for (dwCnt = 0; dwCnt < dwSize; dwCnt++)
+    {
+        SHA1_Update(&shaCtx, ppVdirBV[dwCnt]->lberbv_val, ppVdirBV[dwCnt]->lberbv_len);
+    }
+
+    SHA1_Final(sha1Digest, &shaCtx);
+    memcpy(pOutSH1DigestBuf, sha1Digest, SHA_DIGEST_LENGTH);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(ppVdirBV);
+
+    return dwError;
+
+error:
+    goto cleanup;;
+}
+
+static
+DWORD
+_VmDirInitIntegrityCheckThread(
+    PVMDIR_INTEGRITY_JOB    pGlobalJob
+    )
+{
+    DWORD dwError = 0;
+    PVDIR_THREAD_INFO pThrInfo = NULL;
+
+    dwError = VmDirSrvThrInit(&pThrInfo, NULL, NULL, TRUE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirCreateThread(
+                &pThrInfo->tid,
+                pThrInfo->bJoinThr,
+                _VmDirIntegrityCheckingThreadFun,
+                pGlobalJob);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    VmDirSrvThrAdd(pThrInfo);
+
+cleanup:
+    return dwError;
+
+error:
+
+    VmDirSrvThrFree(pThrInfo);
+
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirIntegrityCheckEntry(
+    PVMDIR_INTEGRITY_JOB    pJob,
+    PVDIR_ENTRY             pEntry
+    )
+{
+    DWORD           dwError = 0;
+    LDAPMessage*    pSearchRes = NULL;
+    LDAPControl     digestCtl = {0};
+    LDAPControl*    srvCtrls[2] = {&digestCtl, NULL};
+    CHAR            sha1Digest[SHA_DIGEST_LENGTH+1] = {0};
+    DWORD           dwNodeCnt = 0;
+
+    // TODO, should ignore server objects and replication agreements entries ???
+    // or we specifically ignore some attributes (user application?)
+
+    memset(sha1Digest, 0, SHA_DIGEST_LENGTH);
+    VmDirEntrySHA1Digest(pEntry, sha1Digest); // ignore error
+
+    VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "%s, iterate (%llu)(%020s)(%s)",
+                       __FUNCTION__, pEntry->eId, sha1Digest, pEntry->dn.lberbv.bv_val);
+
+    memset(&digestCtl, 0, sizeof(digestCtl));
+    dwError = VmDirCreateDigestControlContent(sha1Digest, SHA_DIGEST_LENGTH, &digestCtl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwNodeCnt=0; dwNodeCnt < pJob->dwNumJobCtx; dwNodeCnt++)
+    {
+        PVMDIR_INTEGRITY_JOB_CTX    pJobCtx = pJob->pJobctx+dwNodeCnt;
+
+        if ( pJobCtx->state != INTEGRITY_CHECK_JOBCTX_VALID )
+        {
+            continue;
+        }
+
+        ldap_msgfree(pSearchRes);
+        pSearchRes = NULL;
+
+        dwError = ldap_search_ext_s(
+                    pJobCtx->pLd,
+                    pEntry->dn.lberbv_val,
+                    LDAP_SCOPE_BASE,
+                    NULL,
+                    NULL,
+                    TRUE,
+                    srvCtrls, // digest control
+                    NULL,
+                    NULL,
+                    1,
+                    &pSearchRes
+                    );
+
+        if (dwError == 0)
+        {
+            if ( ldap_count_entries(pJobCtx->pLd, pSearchRes) > 0 )
+            {
+                // digest mismatch, partner send entry content back.
+                pJobCtx->dwFailedDigestCnt++;
+
+                if (fprintf(pJobCtx->fp, "I %s\n", pEntry->dn.lberbv_val) < 0)
+                {
+                    pJobCtx->state = INTEGRITY_CHECK_JOBCTX_ABORT;
+                }
+
+                VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "%s, %s digest mismatch",
+                                       __FUNCTION__, pJobCtx->pszPartnerName);
+                // TODO, identify out of sync attributes/values.
+            }
+        }
+        else if (dwError == LDAP_NO_SUCH_OBJECT)
+        {
+            pJobCtx->dwMissedEntryCnt++;
+
+            if (fprintf(pJobCtx->fp, "M %s\n", pEntry->dn.lberbv_val) < 0)
+            {
+                pJobCtx->state = INTEGRITY_CHECK_JOBCTX_ABORT;
+            }
+
+            VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "%s, %s entry missing",
+                                                       __FUNCTION__, pJobCtx->pszPartnerName);
+        }
+        else if (dwError == LDAP_SERVER_DOWN)
+        {
+            pJobCtx->state = INTEGRITY_CHECK_JOBCTX_ABORT;
+        }
+        else
+        {
+            VMDIR_LOG_WARNING( LDAP_DEBUG_TRACE,"%s failed, error (%d)", __FUNCTION__, dwError );
+        }
+    }
+
+cleanup:
+    ldap_msgfree(pSearchRes);
+    VmDirDeleteDigestControlContent(&digestCtl);
+
+    return;
+
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirIntegrityCheckJobStart(
+    PVMDIR_INTEGRITY_JOB    pJob
+    )
+{
+    DWORD       dwError = 0;
+    ENTRYID     eId = 0;
+    VDIR_ENTRY  entry = {0};
+    PVDIR_BACKEND_INTERFACE             pBE = NULL;
+    PVDIR_BACKEND_ENTRYBLOB_ITERATOR    pIterator = NULL;
+
+    pBE = VmDirBackendSelect(NULL);
+
+    dwError = pBE->pfnBEEntryBlobIteratorInit(0, &pIterator);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pJob->maxEntryID = pIterator->maxEID;
+
+    while (pIterator->bHasNext)
+    {
+        dwError = pBE->pfnBEEntryBlobIterate(pIterator, &eId);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (++pJob->dwNumProcessed % VDIR_INTEGRITY_CHECK_BATCH == 0) // reset txn per 1000 iteration
+        {
+            if (VmDirdState() == VMDIRD_STATE_SHUTDOWN || (pJob->state != INTEGRITY_CHECK_JOB_START))
+            {
+                BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_UNAVAILABLE);
+            }
+
+            pBE->pfnBEEntryBlobIteratorFree(pIterator);
+            dwError = pBE->pfnBEEntryBlobIteratorInit(eId, &pIterator);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            pJob->maxEntryID = pIterator->maxEID;
+
+            continue;
+        }
+
+        pJob->currentEntryID = eId;
+
+        dwError = pBE->pfnBESimpleIdToEntry(eId, &entry);
+        if (dwError != 0)
+        {
+            //
+            // We have seen instances in the wild where this call fails due
+            // to a bad entry, so let's keep going if this fails.
+            //
+            dwError = 0;
+            continue;
+        }
+
+        _VmDirIntegrityCheckEntry(pJob, &entry);
+
+        VmDirFreeEntryContent(&entry);
+    }
+
+cleanup:
+
+    pBE->pfnBEEntryBlobIteratorFree(pIterator);
+    VmDirFreeEntryContent(&entry);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,"%s failed, error (%d)(%d)", __FUNCTION__, dwError, pJob->state );
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirIntegrityCheckJobRecheck(
+    PVMDIR_INTEGRITY_JOB    pJob
+    )
+{
+    DWORD       dwError = 0;
+    DWORD       dwCnt = 9;
+    FILE*       fp = NULL;
+    CHAR        fileNameBuf[MAX_PATH] = {0};
+    CHAR        lineBuf[VMDIR_MAX_DN_LEN + 3] = {0};
+    PVDIR_ENTRY pEntry = NULL;
+
+    for (dwCnt=0; dwCnt < pJob->dwNumJobCtx; dwCnt++)
+    {
+        if (pJob->pJobctx[dwCnt].state != INTEGRITY_CHECK_JOBCTX_VALID)
+        {
+            continue;
+        }
+
+        memset(fileNameBuf, 0, sizeof(fileNameBuf));
+
+        dwError = VmDirStringPrintFA(fileNameBuf, sizeof(fileNameBuf) - 1,
+                    "%s/Integrity.%s.%s",
+                    VMDIR_LOG_DIR,
+                    pJob->pJobctx[dwCnt].pszPartnerName,
+                    pJob->finishedTimebuf);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (fp)
+        {
+            fclose(fp);
+            fp = NULL;
+        }
+
+        if (!(fp = fopen(fileNameBuf, "r")))
+        {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s open file %s failed %d",
+                             __FUNCTION__, fileNameBuf, errno);
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_IO);
+        }
+
+        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s open file %s", __FUNCTION__, fileNameBuf);
+
+        while (fgets(lineBuf, sizeof(lineBuf), fp))
+        {
+            size_t len = VmDirStringLenA(lineBuf) - 1;
+            if (lineBuf[len] == '\n')
+            {
+                lineBuf[len] = '\0';
+            }
+
+            VmDirFreeEntry(pEntry);
+            pEntry = NULL;
+
+            dwError = VmDirSimpleDNToEntry(lineBuf+2, &pEntry); // skip first two chars "I|M " for DN
+            if (dwError == VMDIR_ERROR_BACKEND_ENTRY_NOTFOUND)
+            {
+                dwError = 0;
+                continue;
+            }
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+            ++pJob->dwNumProcessed;
+            _VmDirIntegrityCheckEntry(pJob, pEntry);
+        }
+    }
+
+cleanup:
+    if (fp)
+    {
+        fclose(fp);
+    }
+
+    VmDirFreeEntry(pEntry);
+
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,"%s failed, error (%d)(%d)", __FUNCTION__, dwError, pJob->state );
+
+    goto cleanup;
+}
+
+/*
+ * job thread to handle running job (start|recheck)
+ */
+static
+DWORD
+_VmDirIntegrityCheckingThreadFun(
+    PVOID pArg
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwValidJobs = 0;
+    PSTR    pszDCAccount = NULL;
+    PSTR    pszDCPasswd = NULL;
+    PSTR    pszDCUPN = NULL;
+    PSTR*   ppszServerInfo = NULL;
+    size_t  dwInfoCount = 0;
+    CHAR    timeBuf[MAX_PATH] = {0};
+    PVMDIR_INTEGRITY_JOB    pJob = (PVMDIR_INTEGRITY_JOB) pArg;
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s begin integrity check %s job.",
+                    __FUNCTION__,
+                    pJob->state == INTEGRITY_CHECK_JOB_START ? "start" : "recheck");
+
+    VmDirDropThreadPriority(DEFAULT_THREAD_PRIORITY_DELTA);
+
+    /*
+     * TODO, lower thread priority.  Pending PR 1860315
+     */
+
+    dwError = VmDirRegReadDCAccount(&pszDCAccount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirReadDCAccountPassword(&pszDCPasswd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(gVmdirServerGlobals.dcAccountUPN.lberbv.bv_val, &pszDCUPN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGetHostsInternal(&ppszServerInfo, &dwInfoCount);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (dwInfoCount<2)
+    {
+        VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "Domain Controllers count < 2. skip integrity job request.");
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_REQUEST);
+    }
+
+    clock_gettime(CLOCK_REALTIME, &pJob->startTime);
+    gmtime_r(&pJob->startTime.tv_sec, &pJob->startTM);
+
+    snprintf(timeBuf, sizeof(timeBuf) - 1,
+            "%4d%02d%02d%02d%02d%02d",
+            pJob->startTM.tm_year+1900,
+            pJob->startTM.tm_mon+1,
+            pJob->startTM.tm_mday,
+            pJob->startTM.tm_hour,
+            pJob->startTM.tm_min,
+            pJob->startTM.tm_sec);
+
+    dwError = VmDirAllocateMemory(sizeof(VMDIR_INTEGRITY_JOB_CTX)*dwInfoCount, (PVOID)&pJob->pJobctx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (pJob->dwNumJobCtx=0 ; pJob->dwNumJobCtx<dwInfoCount; pJob->dwNumJobCtx++)
+    {
+        if (VmDirStringCompareA(ppszServerInfo[pJob->dwNumJobCtx], pszDCAccount, FALSE) == 0)
+        {
+            pJob->pJobctx[pJob->dwNumJobCtx].state = INTEGRITY_CHECK_JOBCTX_SKIP;
+            continue;
+        }
+
+        pJob->pJobctx[pJob->dwNumJobCtx].state = INTEGRITY_CHECK_JOBCTX_VALID;
+
+        dwError = VmDirAllocateStringA(ppszServerInfo[pJob->dwNumJobCtx], &pJob->pJobctx[pJob->dwNumJobCtx].pszPartnerName);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirSafeLDAPBind(
+                    &pJob->pJobctx[pJob->dwNumJobCtx].pLd,
+                    pJob->pJobctx[pJob->dwNumJobCtx].pszPartnerName,
+                    pszDCUPN,
+                    pszDCPasswd);
+        if (dwError)
+        {
+            VMDIR_LOG_WARNING( VMDIR_LOG_MASK_ALL, "%s failed to connect to DC %s, %d",
+                               __FUNCTION__, pJob->pJobctx[pJob->dwNumJobCtx].pszPartnerName, dwError);
+
+            pJob->pJobctx[pJob->dwNumJobCtx].state = INTEGRITY_CHECK_JOBCTX_INVALID;
+            continue;
+        }
+
+        dwError = VmDirAllocateStringPrintf(
+                    &(pJob->pJobctx[pJob->dwNumJobCtx].pszRptFileName),
+                    "%s/Integrity.%s.%s",
+                    VMDIR_LOG_DIR,
+                    pJob->pJobctx[pJob->dwNumJobCtx].pszPartnerName,
+                    timeBuf);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pJob->pJobctx[pJob->dwNumJobCtx].fp = fopen(pJob->pJobctx[pJob->dwNumJobCtx].pszRptFileName, "w+");
+        if (!pJob->pJobctx[pJob->dwNumJobCtx].fp)
+        {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s open file %s failed %d",
+                             __FUNCTION__, pJob->pJobctx[pJob->dwNumJobCtx].pszPartnerName, errno);
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_IO);
+        }
+
+        dwValidJobs++;
+    }
+
+    if (dwValidJobs > 0)
+    {
+        if (pJob->state == INTEGRITY_CHECK_JOB_START)
+        {
+            dwError = _VmDirIntegrityCheckJobStart(pJob);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (pJob->state == INTEGRITY_CHECK_JOB_RECHECK)
+        {
+            dwError = _VmDirIntegrityCheckJobRecheck(pJob);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_REQUEST);
+        }
+
+        pJob->state = INTEGRITY_CHECK_JOB_FINISH;
+        clock_gettime(CLOCK_REALTIME, &pJob->endTime);
+
+        dwError = VmDirCopyMemory(pJob->finishedTimebuf, MAX_PATH, timeBuf, MAX_PATH);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s end integrity check job, %d entries processed", __FUNCTION__, pJob->dwNumProcessed);
+
+cleanup:
+    _VmDirIntegrityCheckFreeJobResource(pJob);
+    VmDirFreeStrArray(ppszServerInfo);
+    VMDIR_SAFE_FREE_MEMORY(pszDCAccount);
+    VMDIR_SAFE_FREE_MEMORY(pszDCPasswd);
+    VMDIR_SAFE_FREE_MEMORY(pszDCUPN);
+
+    return dwError;
+
+error:
+
+    pJob->state = INTEGRITY_CHECK_JOB_INVALID;
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "%s integrity check job failed, error (%d)", __FUNCTION__, dwError );
+
+    goto cleanup;
+}
+
+static
+VOID
+_VmDirIntegrityCheckFreeJobResource(
+    PVMDIR_INTEGRITY_JOB    pJob
+    )
+{
+    DWORD   dwCnt = 0;
+
+    for (dwCnt=0; dwCnt < pJob->dwNumJobCtx; dwCnt++)
+    {
+        if (pJob->pJobctx[dwCnt].pLd)
+        {
+            ldap_unbind_ext_s(pJob->pJobctx[dwCnt].pLd, NULL, NULL);
+            pJob->pJobctx[dwCnt].pLd = NULL;
+        }
+
+        if (pJob->pJobctx[dwCnt].fp)
+        {
+            fclose(pJob->pJobctx[dwCnt].fp);
+            pJob->pJobctx[dwCnt].fp = NULL;
+        }
+    }
+}
+
+static
+VOID
+_VmDirIntegrityCheckFreeJobContent(
+    PVMDIR_INTEGRITY_JOB    pJob
+    )
+{
+    DWORD   dwCnt = 0;
+
+    for (dwCnt=0; dwCnt < pJob->dwNumJobCtx; dwCnt++)
+    {
+        if (pJob->pJobctx[dwCnt].pLd)
+        {
+            ldap_unbind_ext_s(pJob->pJobctx[dwCnt].pLd, NULL, NULL);
+        }
+
+        if (pJob->pJobctx[dwCnt].fp)
+        {
+            fclose(pJob->pJobctx[dwCnt].fp);
+        }
+
+        VMDIR_SAFE_FREE_MEMORY(pJob->pJobctx[dwCnt].pszPartnerName);
+        VMDIR_SAFE_FREE_MEMORY(pJob->pJobctx[dwCnt].pszRptFileName);
+    }
+
+    VMDIR_SAFE_FREE_MEMORY(pJob->pJobctx);
+    memset(pJob, 0 , sizeof(*pJob));
+}
+
+static
+DWORD
+_VmDirIntegrityCheckComposeStatus(
+    PVMDIR_INTEGRITY_JOB    pJob,
+    PVDIR_ENTRY*            ppEntry
+    )
+{
+    DWORD               dwError = 0;
+    DWORD               dwNumAttrs = 0;
+    PSTR*               ppszAttrList = NULL;
+    PVDIR_ENTRY         pEntry = NULL;
+    PVDIR_SCHEMA_CTX    pSchemaCtx = NULL;
+    VDIR_BACKEND_CTX    backendCtx = {0};
+    DWORD               dwCnt = 0, dwGoodPartner = 0, dwIdx = 0;
+    struct timespec     timeNow = {0};
+    struct tm           myTM = {0};
+    DWORD               dwElapseSec = 0;
+    DWORD               dwRemainingSec = 0;
+    PSTR                pszStartTime = NULL;
+    PSTR                pszEndTime = NULL;
+    PSTR                pszEstimatedEndTime = NULL;
+    PSTR                pszEntryProcessed = NULL;
+    PSTR*               ppszPartner = NULL;
+
+    dwNumAttrs = 2 + // cn/oc
+                 3 + // start/end/remaining time
+                 1 + // processed cnt
+                 pJob->dwNumJobCtx;
+
+    dwError = VmDirAllocateStringPrintf(&pszStartTime,
+                "%-20s %4d-%02d-%02d:%02d:%02d:%02d",
+                "start time: ",
+                pJob->startTM.tm_year+1900,
+                pJob->startTM.tm_mon+1,
+                pJob->startTM.tm_mday,
+                pJob->startTM.tm_hour,
+                pJob->startTM.tm_min,
+                pJob->startTM.tm_sec);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if ( pJob->state == INTEGRITY_CHECK_JOB_START)
+    {
+        clock_gettime(CLOCK_REALTIME, &timeNow);
+        dwElapseSec = VMDIR_MAX( timeNow.tv_sec - pJob->startTime.tv_sec, 1);
+
+        dwRemainingSec = (pJob->maxEntryID - pJob->currentEntryID) / VMDIR_MAX((pJob->currentEntryID / dwElapseSec), 1);
+    }
+    else
+    {
+        gmtime_r(&pJob->endTime.tv_sec, &myTM);
+
+        dwError = VmDirAllocateStringPrintf(&pszEndTime,
+                    "%-20s %4d-%02d-%02d:%02d:%02d:%02d",
+                    "end time: ",
+                    myTM.tm_year+1900,
+                    myTM.tm_mon+1,
+                    myTM.tm_mday,
+                    myTM.tm_hour,
+                    myTM.tm_min,
+                    myTM.tm_sec);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (dwRemainingSec > 0)
+    {
+        timeNow.tv_sec += dwRemainingSec;
+        gmtime_r(&timeNow.tv_sec, &myTM);
+
+        dwError = VmDirAllocateStringPrintf(&pszEstimatedEndTime,
+                    "%-20s %4d-%02d-%02d:%02d:%02d:%02d",
+                    "estimated end time: ",
+                    myTM.tm_year+1900,
+                    myTM.tm_mon+1,
+                    myTM.tm_mday,
+                    myTM.tm_hour,
+                    myTM.tm_min,
+                    myTM.tm_sec);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringPrintf(&pszEntryProcessed,
+                    "%-20s %d",
+                    "entries processed:",
+                    pJob->dwNumProcessed);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateMemory(sizeof(PSTR) * (pJob->dwNumJobCtx), (PVOID*)&ppszPartner);
+    BAIL_ON_VMDIR_ERROR(dwError );
+
+    for (dwCnt=0; dwCnt < pJob->dwNumJobCtx; dwCnt++)
+    {
+        if (pJob->pJobctx[dwCnt].state != INTEGRITY_CHECK_JOBCTX_SKIP)
+        {
+            dwError = VmDirAllocateStringPrintf( &ppszPartner[dwGoodPartner++],
+                        "%s partner %s, digest mismatch (%d), missing entry (%d)",
+                        (pJob->pJobctx[dwCnt].state == INTEGRITY_CHECK_JOBCTX_VALID) ? "Valid" :"Invalid",
+                        pJob->pJobctx[dwCnt].pszPartnerName,
+                        pJob->pJobctx[dwCnt].dwFailedDigestCnt,
+                        pJob->pJobctx[dwCnt].dwMissedEntryCnt);
+            BAIL_ON_VMDIR_ERROR(dwError);
+
+        }
+    }
+
+    dwError = VmDirAllocateMemory( sizeof(PSTR) * ((dwNumAttrs) * 2 + 1), // add 1 for VmDirFreeStringArrayA call later
+                                   (PVOID)&ppszAttrList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwCnt=0;
+
+    dwError = VmDirAllocateStringA(ATTR_CN, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(INTEGRITY_CHECK_STATUS_CN, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(ATTR_OBJECT_CLASS, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(OC_SERVER_STATUS, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(ATTR_SERVER_RUNTIME_STATUS, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(pszStartTime, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (pszEndTime)
+    {
+        dwError = VmDirAllocateStringA(ATTR_SERVER_RUNTIME_STATUS, &ppszAttrList[dwCnt++]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAllocateStringA(pszEndTime, &ppszAttrList[dwCnt++]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (pszEstimatedEndTime)
+    {
+        dwError = VmDirAllocateStringA(ATTR_SERVER_RUNTIME_STATUS, &ppszAttrList[dwCnt++]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirAllocateStringA(pszEstimatedEndTime, &ppszAttrList[dwCnt++]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirAllocateStringA(ATTR_SERVER_RUNTIME_STATUS, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringA(pszEntryProcessed, &ppszAttrList[dwCnt++]);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwIdx = 0; dwIdx < dwGoodPartner; dwIdx++)
+    {
+        dwError = VmDirAllocateStringA(ATTR_SERVER_RUNTIME_STATUS, &ppszAttrList[dwCnt++]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        ppszAttrList[dwCnt++] = ppszPartner[dwIdx];
+        ppszPartner[dwIdx] = NULL;
+    }
+
+    dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAttrListToNewEntry( pSchemaCtx,
+                                       INTEGRITY_CHECK_STATUS_DN,
+                                       ppszAttrList,
+                                       FALSE,
+                                       &pEntry);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppEntry = pEntry;
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(ppszPartner);
+    VMDIR_SAFE_FREE_MEMORY(pszEntryProcessed);
+    VMDIR_SAFE_FREE_MEMORY(pszEstimatedEndTime);
+    VMDIR_SAFE_FREE_MEMORY(pszEndTime);
+    VMDIR_SAFE_FREE_MEMORY(pszStartTime);
+    VmDirBackendCtxContentFree( &backendCtx );
+
+    if (ppszAttrList != NULL)
+    {
+        VmDirFreeStringArrayA(ppszAttrList);
+        VMDIR_SAFE_FREE_MEMORY(ppszAttrList);
+    }
+
+    if (pSchemaCtx != NULL)
+    {
+        VmDirSchemaCtxRelease(pSchemaCtx);
+    }
+
+    return dwError;
+
+error:
+
+    if (pEntry != NULL)
+    {
+        VmDirFreeEntry(pEntry);
+    }
+
+    goto cleanup;
+}
diff --git a/vmdir/server/vmdir/ipcapihandler.c b/vmdir/server/vmdir/ipcapihandler.c
index 702cc4992..0c1c60419 100644
--- a/vmdir/server/vmdir/ipcapihandler.c
+++ b/vmdir/server/vmdir/ipcapihandler.c
@@ -111,6 +111,17 @@ VmDirLocalAPIHandler(
                         );
         break;
 
+      case VMDIR_IPC_GET_SRP_SECRET:
+
+        dwError = VmDirIpcGetSRPSecret(
+                        pSecurityContext,
+                        pRequest,
+                        dwRequestSize,
+                        &pResponse,
+                        &dwResponseSize
+                        );
+        break;
+
       case VMDIR_IPC_SET_SRP_SECRET:
 
         dwError = VmDirIpcSetSRPSecret(
diff --git a/vmdir/server/vmdir/ipclocalapi.c b/vmdir/server/vmdir/ipclocalapi.c
index a8b56dcc6..d3887aba9 100644
--- a/vmdir/server/vmdir/ipclocalapi.c
+++ b/vmdir/server/vmdir/ipclocalapi.c
@@ -669,6 +669,7 @@ VmDirIpcForceResetPassword(
         dwError = ERROR_ACCESS_DENIED;
         BAIL_ON_VMDIR_ERROR (dwError);
     }
+
     //
     // Unmarshall the request buffer to the format
     // that the API actually has
@@ -1158,3 +1159,165 @@ VmDirMarshalResponse (
 
     goto cleanup;
 }
+
+static
+DWORD
+VmDirSrvGetSRPSecret(
+    PSTR       pszUPN,               // [in] account UPN
+    VMDIR_DATA_CONTAINER* pContainer // [out]
+    )
+{
+    DWORD   dwError = 0;
+    PBYTE   pLocalByte = NULL;
+    DWORD   dwKeySize = 0;
+
+    if (   IsNullOrEmptyString(pszUPN)
+        || !pContainer
+       )
+    {
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirSRPGetIdentityData( pszUPN,
+                                       &pLocalByte,
+                                       &dwKeySize);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pContainer->data    = pLocalByte;
+    pContainer->dwCount = dwKeySize;
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    VmDirRpcFreeMemory( pLocalByte );
+
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "VmDirSrvGetSRPSecret failed (%u)(%s)",
+                                      dwError, VDIR_SAFE_STRING(pszUPN) );
+
+    goto cleanup;
+}
+
+DWORD
+VmDirIpcGetSRPSecret(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    )
+{
+    DWORD dwError = 0;
+    UINT32 uResult = 0;
+    UINT32 apiType = VMDIR_IPC_GET_SRP_SECRET;
+    DWORD noOfArgsIn = 0;
+    DWORD noOfArgsOut = 0;
+    PBYTE pResponse = NULL;
+    DWORD dwResponseSize = 0;
+    PSTR pszUPN = NULL;
+    VMDIR_DATA_CONTAINER dataContainer = {0};
+    DWORD dwContainerLength = 0;
+    PBYTE pContainerBlob = NULL;
+    VMW_TYPE_SPEC input_spec[] = GET_SRP_SECRET_INPUT_PARAMS;
+    VMW_TYPE_SPEC output_spec[] = GET_SRP_SECRET_OUTPUT_PARAMS;
+
+    VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "Entering VmDirIpcGetSRPSecret");
+
+    if (!pSecurityContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR (dwError);
+    }
+
+    if (!VmDirIsRootSecurityContext(pSecurityContext))
+    {
+        VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                         "%s: Access Denied",
+                         __FUNCTION__);
+        dwError = ERROR_ACCESS_DENIED;
+        BAIL_ON_VMDIR_ERROR (dwError);
+    }
+
+    //
+    // Unmarshall the request buffer to the format
+    // that the API actually has
+    //
+    noOfArgsIn = sizeof (input_spec) / sizeof (VMW_TYPE_SPEC);
+    noOfArgsOut = sizeof (output_spec) / sizeof (VMW_TYPE_SPEC);
+    dwError = VmDirUnMarshal (
+                    apiType,
+                    VER1_INPUT,
+                    noOfArgsIn,
+                    pRequest,
+                    dwRequestSize,
+                    input_spec);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+
+    pszUPN = input_spec[0].data.pString;
+
+    uResult = VmDirSrvGetSRPSecret(
+                    pszUPN,
+                    &dataContainer);
+
+    dwError = VmDirMarshalContainerLength(
+                              (PVMDIR_IPC_DATA_CONTAINER)&dataContainer,
+                              &dwContainerLength);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    dwError = VmDirAllocateMemory(
+                             dwContainerLength,
+                             (PVOID*)&pContainerBlob);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    dwError = VmDirMarshalContainer(
+                               (PVMDIR_IPC_DATA_CONTAINER)&dataContainer,
+                               dwContainerLength,
+                               pContainerBlob);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    output_spec[0].data.pUint32 = &uResult;
+    output_spec[1].data.pUint32 = &dwContainerLength;
+    output_spec[2].data.pByte = (PBYTE) pContainerBlob;
+
+    dwError = VmDirMarshalResponse (
+                    apiType,
+                    output_spec,
+                    noOfArgsOut,
+                    &pResponse,
+                    &dwResponseSize);
+    BAIL_ON_VMDIR_ERROR (dwError);
+
+    VMDIR_LOG_VERBOSE( VMDIR_LOG_MASK_ALL, "Exiting VmDirIpcGetSRPSecret");
+
+cleanup:
+
+    VMDIR_SAFE_FREE_MEMORY(dataContainer.data);
+    VMDIR_SAFE_FREE_MEMORY(pContainerBlob);
+
+    *ppResponse = pResponse;
+    *pdwResponseSize = dwResponseSize;
+
+    VmDirFreeTypeSpecContent (input_spec, noOfArgsIn);
+    return dwError;
+
+error:
+    VmDirHandleError(
+            apiType,
+            dwError,
+            output_spec,
+            noOfArgsOut,
+            &pResponse,
+            &dwResponseSize
+            );
+
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                     "VmDirIpcGetSRPSecret failed (%u)",
+                     dwError);
+
+    dwError = 0;
+    goto cleanup;
+}
diff --git a/vmdir/server/vmdir/metricsinit.c b/vmdir/server/vmdir/metricsinit.c
new file mode 100644
index 000000000..4603c11ea
--- /dev/null
+++ b/vmdir/server/vmdir/metricsinit.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+PVM_METRICS_CONTEXT pmContext = NULL;
+
+PVM_METRICS_HISTOGRAM pRpcRequestDuration[METRICS_RPC_OP_COUNT];
+
+static
+DWORD
+_VmDirRpcMetricsInit(
+    VOID);
+
+DWORD
+VmDirMetricsInitialize(
+    VOID
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = VmMetricsInit(&pmContext);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirLdapMetricsInit();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirReplMetricsInit();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _VmDirRpcMetricsInit();
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "VmDirMetricsInitialize failed (%d)", dwError);
+
+    goto cleanup;
+}
+
+static
+DWORD
+_VmDirRpcMetricsInit(
+    VOID)
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+
+    uint64_t buckets[5] = {1, 10, 100, 500, 1000};
+
+    VM_METRICS_LABEL labelOps[METRICS_RPC_OP_COUNT][1] = {
+        {{"operation", "GeneratePassword"}},
+        {{"operation", "GetKeyTabRecBlob"}},
+        {{"operation", "CreateUser"}},
+        {{"operation", "CreateUserEx"}},
+        {{"operation", "SetLogLevel"}},
+        {{"operation", "SetLogMask"}},
+        {{"operation", "SuperLogQueryServerData"}},
+        {{"operation", "SuperLogEnable"}},
+        {{"operation", "SuperLogDisable"}},
+        {{"operation", "IsSuperLogEnabled"}},
+        {{"operation", "SuperLogFlush"}},
+        {{"operation", "SuperLogSetSize"}},
+        {{"operation", "SuperLogGetSize"}},
+        {{"operation", "SuperLogGetEntriesLdapOperation"}},
+        {{"operation", "OpenDatabaseFile"}},
+        {{"operation", "ReadDatabaseFile"}},
+        {{"operation", "CloseDatabaseFile"}},
+        {{"operation", "SetBackendState"}},
+        {{"operation", "GetState"}},
+        {{"operation", "GetLogLevel"}},
+        {{"operation", "GetLogMask"}}
+    };
+
+    for (i=0; i < METRICS_RPC_OP_COUNT; i++)
+    {
+        dwError = VmMetricsHistogramNew(pmContext,
+                                "vmdir_dcerpc_request_duration",
+                                labelOps[i], 1,
+                                "Histogram for DCERPC Request Durations for different operations",
+                                buckets, 5,
+                                &pRpcRequestDuration[i]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "%s (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/vmdir/server/vmdir/prototypes.h b/vmdir/server/vmdir/prototypes.h
index 7cdc451a9..2bd4aa2de 100644
--- a/vmdir/server/vmdir/prototypes.h
+++ b/vmdir/server/vmdir/prototypes.h
@@ -122,6 +122,12 @@ VmDirAllocateBerValueAVsnprintf(
     ...
     );
 
+DWORD
+VmDirGetHostsInternal(
+    PSTR**  pppszServerInfo,
+    size_t* pdwInfoCount
+    );
+
 // instance.c
 
 DWORD
@@ -133,9 +139,8 @@ VmDirSrvSetupDomainInstance(
     PCSTR            pszDomainDN,
     PCSTR            pszUsername,
     PCSTR            pszPassword,
-    PVMDIR_SECURITY_DESCRIPTOR pSecDescServicesOut, // OPTIONAL
-    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousRead, // OPTIONAL
-    PVMDIR_SECURITY_DESCRIPTOR pSecDescDeletedObjectsOut // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescAnonymousReadOut,    // OPTIONAL
+    PVMDIR_SECURITY_DESCRIPTOR pSecDescNoDeleteOut          // OPTIONAL
     );
 
 DWORD
@@ -184,10 +189,15 @@ VmDirLoadSchema(
     );
 
 DWORD
-InitializeSchemaEntries(
+VmDirSchemaInitializeSubtree(
     PVDIR_SCHEMA_CTX    pSchemaCtx
     );
 
+DWORD
+VmDirSchemaSetSystemDefaultSecurityDescriptors(
+    VOID
+    );
+
 DWORD
 VmDirSchemaPatchViaFile(
     PCSTR       pszSchemaFilePath
@@ -601,6 +611,22 @@ VmDirCreateHeartbeatThread(
 VOID
 VmDirKillHeartbeatThread(
     );
+
+DWORD
+VmDirIpcGetSRPSecret(
+    PVM_DIR_SECURITY_CONTEXT pSecurityContext,
+    PBYTE pRequest,
+    DWORD dwRequestSize,
+    PBYTE * ppResponse,
+    PDWORD pdwResponseSize
+    );
+
+// metricsinit.c
+DWORD
+VmDirMetricsInitialize(
+    VOID
+    );
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/vmdir/server/vmdir/regconfig.c b/vmdir/server/vmdir/regconfig.c
index c993fab71..7902312f1 100644
--- a/vmdir/server/vmdir/regconfig.c
+++ b/vmdir/server/vmdir/regconfig.c
@@ -166,12 +166,22 @@ VmDirSrvUpdateConfig(
         }
         else if (!VmDirStringCompareA(
                     pEntry->pszName,
-                    VMDIR_REG_KEY_REST_LISTEN_PORT,
+                    VMDIR_REG_KEY_HTTP_LISTEN_PORT,
                     TRUE))
         {
             dwError = VmDirAllocateStringA(
                         pEntry->pszValue,
-                        &gVmdirGlobals.pszRestListenPort);
+                        &gVmdirGlobals.pszHTTPListenPort);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+        else if (!VmDirStringCompareA(
+                    pEntry->pszName,
+                    VMDIR_REG_KEY_HTTPS_LISTEN_PORT,
+                    TRUE))
+        {
+            dwError = VmDirAllocateStringA(
+                        pEntry->pszValue,
+                        &gVmdirGlobals.pszHTTPSListenPort);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
         else if (!VmDirStringCompareA(
diff --git a/vmdir/server/vmdir/rpc.c b/vmdir/server/vmdir/rpc.c
index b3f8e8fd0..47cba08b0 100644
--- a/vmdir/server/vmdir/rpc.c
+++ b/vmdir/server/vmdir/rpc.c
@@ -313,6 +313,10 @@ VmDirRpcEpRegister(
 {
     ULONG ulError = 0;
 
+#if 1
+    /* Do not register with dcerpc; all services use fixed endpoints */
+    return ulError;
+#else
     DCETHREAD_TRY
     {
        rpc_ep_register(
@@ -336,6 +340,7 @@ VmDirRpcEpRegister(
     DCETHREAD_ENDTRY;
 
     return ulError;
+#endif
 }
 
 ULONG
diff --git a/vmdir/server/vmdir/rpcserv.c b/vmdir/server/vmdir/rpcserv.c
index c20a82c88..7fe705303 100644
--- a/vmdir/server/vmdir/rpcserv.c
+++ b/vmdir/server/vmdir/rpcserv.c
@@ -225,6 +225,10 @@ Srv_RpcVmDirGeneratePassword(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
     int pwdLen = 0;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     if ( !pContainer)
     {
@@ -267,6 +271,10 @@ Srv_RpcVmDirGeneratePassword(
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GENERATEPASSWORD],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwAPIError;
 
 error:
@@ -277,7 +285,6 @@ Srv_RpcVmDirGeneratePassword(
     VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcVmDirGeneratePassword failed (%u)(%u)", dwError, dwAPIError);
 
     goto cleanup;
-
 }
 
 UINT32
@@ -301,6 +308,10 @@ Srv_RpcVmDirGetKeyTabRecBlob(
                      | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                      | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     if (IsNullOrEmptyString(pwszUPN)
         || !pContainer )
@@ -354,6 +365,10 @@ Srv_RpcVmDirGetKeyTabRecBlob(
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETKEYTABRECBLOB],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwAPIError;
 
 error:
@@ -714,6 +729,10 @@ Srv_RpcVmDirCreateUser(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -731,6 +750,11 @@ Srv_RpcVmDirCreateUser(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_CREATEUSER],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -753,6 +777,10 @@ Srv_RpcVmDirCreateUserEx(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     if (!hBinding || !pCreateParams)
     {
@@ -773,6 +801,10 @@ Srv_RpcVmDirCreateUserEx(
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_CREATEUSEREX],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -821,6 +853,10 @@ Srv_RpcVmDirSetLogLevel(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -832,6 +868,11 @@ Srv_RpcVmDirSetLogLevel(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETLOGLEVEL],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -854,6 +895,10 @@ Srv_RpcVmDirSetLogMask(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -865,6 +910,11 @@ Srv_RpcVmDirSetLogMask(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETLOGMASK],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1173,6 +1223,10 @@ Srv_RpcVmDirSuperLogQueryServerData(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1185,6 +1239,11 @@ Srv_RpcVmDirSuperLogQueryServerData(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGQUERYSERVERDATA],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1204,6 +1263,10 @@ Srv_RpcVmDirSuperLogEnable(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1216,6 +1279,11 @@ Srv_RpcVmDirSuperLogEnable(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGENABLE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1235,6 +1303,10 @@ Srv_RpcVmDirSuperLogDisable(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1247,6 +1319,11 @@ Srv_RpcVmDirSuperLogDisable(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGDISABLE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1268,6 +1345,10 @@ Srv_RpcVmDirIsSuperLogEnabled(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
     BOOLEAN bEnabled = FALSE;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1280,6 +1361,11 @@ Srv_RpcVmDirIsSuperLogEnabled(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_ISSUPERLOGENABLED],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1299,6 +1385,10 @@ Srv_RpcVmDirSuperLogFlush(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1311,6 +1401,11 @@ Srv_RpcVmDirSuperLogFlush(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGFLUSH],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1331,6 +1426,10 @@ Srv_RpcVmDirSuperLogSetSize(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1343,6 +1442,11 @@ Srv_RpcVmDirSuperLogSetSize(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGSETSIZE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1363,6 +1467,10 @@ Srv_RpcVmDirSuperLogGetSize(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1375,6 +1483,11 @@ Srv_RpcVmDirSuperLogGetSize(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGGETSIZE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1429,6 +1542,10 @@ Srv_RpcVmDirSuperLogGetEntriesLdapOperation(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1444,6 +1561,11 @@ Srv_RpcVmDirSuperLogGetEntriesLdapOperation(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SUPERLOGGETENTRIESLDAPOPERATION],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1461,6 +1583,10 @@ Srv_RpcVmDirOpenDatabaseFile(
     FILE              *pFileHandle = NULL;
     PSTR               pszDBFileName = NULL;
     PSTR               pszLocalErrMsg = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     DWORD dwRpcFlags = VMDIR_RPC_FLAG_ALLOW_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
@@ -1516,6 +1642,11 @@ Srv_RpcVmDirOpenDatabaseFile(
     }
     VMDIR_SAFE_FREE_MEMORY(pszDBFileName);
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_OPENDATABASEFILE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1543,6 +1674,10 @@ Srv_RpcVmDirReadDatabaseFile(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1585,6 +1720,10 @@ Srv_RpcVmDirReadDatabaseFile(
     }
     VMDIR_SAFE_FREE_MEMORY(pszLocalErrMsg);
 
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_READDATABASEFILE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1606,6 +1745,10 @@ Srv_RpcVmDirCloseDatabaseFile(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1630,6 +1773,11 @@ Srv_RpcVmDirCloseDatabaseFile(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_CLOSEDATABASEFILE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1659,6 +1807,10 @@ Srv_RpcVmDirSetBackendState(
     DWORD dwDbSizeMb = 0;
     DWORD dwDbMapSizeMb = 0;
     PBYTE pData = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1685,6 +1837,11 @@ Srv_RpcVmDirSetBackendState(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_SETBACKENDSTATE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1707,6 +1864,10 @@ Srv_RpcVmDirGetState(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1724,6 +1885,11 @@ Srv_RpcVmDirGetState(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETSTATE],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1743,6 +1909,10 @@ Srv_RpcVmDirGetLogLevel(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1760,6 +1930,11 @@ Srv_RpcVmDirGetLogLevel(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETLOGLEVEL],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
@@ -1779,6 +1954,10 @@ Srv_RpcVmDirGetLogMask(
                        | VMDIR_RPC_FLAG_REQUIRE_AUTH_TCPIP
                        | VMDIR_RPC_FLAG_REQUIRE_AUTHZ;
     PVMDIR_SRV_ACCESS_TOKEN pAccessToken = NULL;
+    uint64_t uiStartTime = 0;
+    uint64_t uiEndTime = 0;
+
+    uiStartTime = VmDirGetTimeInMilliSec();
 
     dwError = _VmDirRPCCheckAccess(hBinding, dwRpcFlags, &pAccessToken);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -1796,6 +1975,11 @@ Srv_RpcVmDirGetLogMask(
     {
         VmDirSrvReleaseAccessToken(pAccessToken);
     }
+
+    uiEndTime = VmDirGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(pRpcRequestDuration[METRICS_RPC_OP_GETLOGMASK],
+                             VMDIR_RESPONSE_TIME(uiEndTime-uiStartTime));
+
     return dwError;
 
 error:
diff --git a/vmdir/server/vmdir/schema.c b/vmdir/server/vmdir/schema.c
index 4a9f86f5b..3d7c07581 100644
--- a/vmdir/server/vmdir/schema.c
+++ b/vmdir/server/vmdir/schema.c
@@ -102,8 +102,11 @@ VmDirLoadSchema(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -113,7 +116,7 @@ VmDirLoadSchema(
  * Should be called if InitializeSchema() results pbWriteSchemaEntry = TRUE
  */
 DWORD
-InitializeSchemaEntries(
+VmDirSchemaInitializeSubtree(
     PVDIR_SCHEMA_CTX    pSchemaCtx
     )
 {
@@ -136,8 +139,81 @@ InitializeSchemaEntries(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDirSchemaSetSystemDefaultSecurityDescriptors(
+    VOID
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszBuiltInUsersGroupSid = NULL;
+    PSTR    pszDomainClientsGroupSid = NULL;
+    PSTR    pszDaclTemplate = NULL;
+
+    // create builtin users group and domain clients group SID templates
+    dwError = VmDirGenerateWellknownSid(
+            NULL, VMDIR_DOMAIN_ALIAS_RID_USERS, &pszBuiltInUsersGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirGenerateWellknownSid(
+            NULL, VMDIR_DOMAIN_CLIENTS_RID, &pszDomainClientsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // grant built-in users group rights to read control & property of
+    // any group/computer/certificates object
+    dwError = VmDirAllocateStringPrintf(
+            &pszDaclTemplate,
+            "D:(A;;RCRP;;;%s)",
+            pszBuiltInUsersGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetDefaultSecurityDescriptorForClass(
+            OC_GROUP, pszDaclTemplate);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetDefaultSecurityDescriptorForClass(
+            OC_COMPUTER, pszDaclTemplate);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetDefaultSecurityDescriptorForClass(
+            OC_VMW_CERTIFICATION_AUTHORITY, pszDaclTemplate);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // grant built-in users group to read control of any user object
+    // grant domain clients group to read property of any user object
+    VMDIR_SAFE_FREE_MEMORY(pszDaclTemplate);
+    dwError = VmDirAllocateStringPrintf(
+            &pszDaclTemplate,
+            "D:(A;;RC;;;%s)(A;;RP;;;%s)",
+            pszBuiltInUsersGroupSid,
+            pszDomainClientsGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirSetDefaultSecurityDescriptorForClass(
+            OC_USER, pszDaclTemplate);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszBuiltInUsersGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszDomainClientsGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszDaclTemplate);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
 
@@ -184,8 +260,11 @@ VmDirSchemaPatchViaFile(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -222,8 +301,11 @@ VmDirSchemaPatchLegacyViaFile(
     return dwError;
 
 error:
-    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
-            "%s failed, error (%d)", __FUNCTION__, dwError );
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
 
     goto cleanup;
 }
@@ -283,5 +365,11 @@ _MarkDefaultIndices(
     return dwError;
 
 error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
     goto cleanup;
 }
diff --git a/vmdir/server/vmdir/service.c b/vmdir/server/vmdir/service.c
index 824b7173d..b9f4a3400 100644
--- a/vmdir/server/vmdir/service.c
+++ b/vmdir/server/vmdir/service.c
@@ -125,7 +125,9 @@ VmDirRegisterRpcServer(
     VMDIR_IF_HANDLE_T pSuperLogInterfaceSpec = vmdirsuperlog_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_IF_HANDLE_T pVmDirDbcpInterfaceSpec = vmdirdbcp_v1_0_s_ifspec; // IDL compiler will generate Srv_ prefix
     VMDIR_RPC_BINDING_VECTOR_P_T pServerBinding = NULL;
+#if 0
     BOOLEAN bEndpointsRegistered = TRUE;
+#endif
 
     ulError = VmDirRpcServerRegisterIf(pVmDirInterfaceSpec);
     BAIL_ON_VMDIR_ERROR(ulError);
@@ -149,6 +151,7 @@ VmDirRegisterRpcServer(
 
     VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "VMware Directory Service bound successfully.");
 
+#if 0
 #if !defined(HAVE_DCERPC_WIN32)
     ulError = VmDirRpcEpRegister( pServerBinding, pVmDirInterfaceSpec, "VMware Directory Service");
     if (ulError)
@@ -172,6 +175,7 @@ VmDirRegisterRpcServer(
     {
         VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL, "RPC Endpoints registered successfully.");
     }
+#endif
 #endif
 
     ulError = VmDirRpcServerRegisterAuthInfo();
diff --git a/vmdir/server/vmdir/shutdown.c b/vmdir/server/vmdir/shutdown.c
index 63b70b955..f7b8eb4c0 100644
--- a/vmdir/server/vmdir/shutdown.c
+++ b/vmdir/server/vmdir/shutdown.c
@@ -45,10 +45,8 @@ VmDirShutdown(
 
     pBE = VmDirBackendSelect(NULL);
 
-#if 0
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: stop REST listening threads", __func__);
     VmDirRESTServerShutdown();
-#endif
 
     VMDIR_LOG_INFO( VMDIR_LOG_MASK_ALL, "%s: stop LDAP listening threads", __func__);
     VmDirShutdownConnAcceptThread();
@@ -116,6 +114,8 @@ VmDirShutdown(
 
     VmDirCleanupGlobals();
 
+    VmMetricsDestroy(pmContext);
+
     (VOID)VmDirSetRegKeyValueDword(
             VMDIR_CONFIG_PARAMETER_KEY_PATH,
             VMDIR_REG_KEY_DIRTY_SHUTDOWN,
@@ -197,7 +197,8 @@ VmDirCleanupGlobals(
     // Free vmdir global 'gVmdirGlobals' upon shutdown
     VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszBDBHome);
     VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszBootStrapSchemaFile);
-    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszRestListenPort);
+    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszHTTPListenPort);
+    VMDIR_SAFE_FREE_MEMORY(gVmdirGlobals.pszHTTPSListenPort);
 
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.replCycleDoneMutex );
     VMDIR_SAFE_FREE_MUTEX( gVmdirGlobals.replAgrsMutex );
@@ -220,4 +221,7 @@ VmDirCleanupGlobals(
     VMDIR_SAFE_FREE_MUTEX( gVmdirTrackLastLoginTime.pMutex );
     VMDIR_SAFE_FREE_CONDITION(gVmdirTrackLastLoginTime.pCond);
     // ignore gVmdirTrackLastLoginTime.pTSStack
+
+    VMDIR_SAFE_FREE_MUTEX( gVmdirIntegrityCheck.pMutex );
+    VMDIR_SAFE_FREE_MEMORY( gVmdirIntegrityCheck.pJob );
 }
diff --git a/vmdir/server/vmdir/structs.h b/vmdir/server/vmdir/structs.h
index 7a0e9a10e..697a04c4a 100644
--- a/vmdir/server/vmdir/structs.h
+++ b/vmdir/server/vmdir/structs.h
@@ -88,4 +88,30 @@ typedef struct _VMDIR_LOGIN_TIME
 
 } VMDIR_LOGIN_TIME, *PVMDIR_LOGIN_TIME;
 
+typedef struct _VMDIR_INTEGRITY_JOB_CTX
+{
+    PSTR        pszPartnerName;
+    LDAP*       pLd;
+    PSTR        pszRptFileName;
+    FILE*       fp;
+    DWORD       dwFailedDigestCnt;
+    DWORD       dwMissedEntryCnt;
+    VMDIR_INTEGRITY_CHECK_JOBCTX_STATE state;
+
+} VMDIR_INTEGRITY_JOB_CTX, *PVMDIR_INTEGRITY_JOB_CTX;
+
+typedef struct _VMDIR_INTEGRITY_JOB
+{
+    struct timespec             startTime;
+    struct tm                   startTM;
+    struct timespec             endTime;
+    CHAR                        finishedTimebuf[MAX_PATH];
+    ENTRYID                     maxEntryID;
+    ENTRYID                     currentEntryID;
+    DWORD                       dwNumProcessed;
+    PVMDIR_INTEGRITY_JOB_CTX    pJobctx;
+    DWORD                       dwNumJobCtx;
+    VMDIR_INTEGRITY_CHECK_JOB_STATE state;
+
+} VMDIR_INTEGRITY_JOB, *PVMDIR_INTEGRITY_JOB;
 
diff --git a/vmdir/server/vmdir/superlogging.c b/vmdir/server/vmdir/superlogging.c
index 1bff7375a..59646ae55 100644
--- a/vmdir/server/vmdir/superlogging.c
+++ b/vmdir/server/vmdir/superlogging.c
@@ -174,7 +174,11 @@ _VmDirInitEventLogPublisherThread(
     dwError = VmDirSrvThrInit(&pThrInfo, NULL, NULL, TRUE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirCreateThread(&pThrInfo->tid, FALSE, _VmDirEventLogPublisherThrFun, (PVOID)pCircularBuffer);
+    dwError = VmDirCreateThread(
+            &pThrInfo->tid,
+            pThrInfo->bJoinThr,
+            _VmDirEventLogPublisherThrFun,
+            (PVOID)pCircularBuffer);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     VmDirSrvThrAdd(pThrInfo);
diff --git a/vmdir/server/vmdir/tenantmgmt.c b/vmdir/server/vmdir/tenantmgmt.c
index 5a514ab7e..91873dd2e 100644
--- a/vmdir/server/vmdir/tenantmgmt.c
+++ b/vmdir/server/vmdir/tenantmgmt.c
@@ -68,33 +68,6 @@ VmDirSrvInitializeTenant(
     goto cleanup;
 }
 
-//
-// This routine verifies that the tenant domain is at most two levels deep
-// (e.g., vsphere.local is OK, vsphere.foo.local is not).
-//
-DWORD
-_VmDirSrvCheckDomainDepth(
-    PCSTR pszDomainName
-    )
-{
-    PCSTR pszFirstDot = NULL;
-    PCSTR pszLastDot = NULL;
-    DWORD dwError = 0;
-
-    pszFirstDot = VmDirStringChrA(pszDomainName, '.');
-    pszLastDot = VmDirStringRChrA(pszDomainName, '.');
-
-    if (pszFirstDot != pszLastDot)
-    {
-        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
-    }
-
-cleanup:
-    return dwError;
-error:
-    goto cleanup;
-}
-
 DWORD
 VmDirSrvCreateTenant(
     PCSTR pszFQDomainName,
@@ -110,10 +83,7 @@ VmDirSrvCreateTenant(
                    "Setting up a tenant instance (%s).",
                    VDIR_SAFE_STRING(pszFQDomainName));
 
-    dwError = _VmDirSrvCheckDomainDepth(pszFQDomainName);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirSrvCreateDomainDN(pszFQDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszFQDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSchemaCtxAcquire(&pSchemaCtx);
@@ -128,7 +98,6 @@ VmDirSrvCreateTenant(
                     pszUsername,
                     pszPassword,
                     NULL,
-                    NULL,
                     NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/vmdir/server/vmdir/tombstone.c b/vmdir/server/vmdir/tombstone.c
index 47a8b91b5..4ea1bd59b 100644
--- a/vmdir/server/vmdir/tombstone.c
+++ b/vmdir/server/vmdir/tombstone.c
@@ -52,7 +52,7 @@ VmDirInitTombstoneReapingThread(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirTombstoneReapingThreadFun,
                 pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -225,6 +225,8 @@ _VmDirTombstoneReapingThreadFun(
     BOOLEAN bInLock = FALSE;
     PVDIR_THREAD_INFO pThreadInfo = (PVDIR_THREAD_INFO)pArg;
 
+    VmDirDropThreadPriority(DEFAULT_THREAD_PRIORITY_DELTA);
+
     while (TRUE)
     {
         if (VmDirdState() == VMDIRD_STATE_SHUTDOWN)
diff --git a/vmdir/server/vmdir/tracklastlogin.c b/vmdir/server/vmdir/tracklastlogin.c
index d8f7f0ffe..1a23bb229 100644
--- a/vmdir/server/vmdir/tracklastlogin.c
+++ b/vmdir/server/vmdir/tracklastlogin.c
@@ -103,7 +103,7 @@ VmDirInitTrackLastLoginThread(
 
     dwError = VmDirCreateThread(
                 &pThrInfo->tid,
-                FALSE,
+                pThrInfo->bJoinThr,
                 _VmDirTrackLastLoginTimeThreadFun,
                 pThrInfo);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/vmdir/server/vmdir/utils.c b/vmdir/server/vmdir/utils.c
index f5f4c3b76..cea9a9ddd 100644
--- a/vmdir/server/vmdir/utils.c
+++ b/vmdir/server/vmdir/utils.c
@@ -335,11 +335,106 @@ VmDirGetLdapsConnectPorts(
 DWORD
 VmDirGetAllLdapPortsCount(
     VOID
-)
+    )
 {
     return gVmdirGlobals.dwLdapConnectPorts + gVmdirGlobals.dwLdapsConnectPorts;
 }
 
+DWORD
+VmDirCheckPortAvailability(
+    DWORD   dwPort
+    )
+{
+    DWORD   dwError = 0;
+    BOOLEAN bIPV4Addr = FALSE;
+    BOOLEAN bIPV6Addr = FALSE;
+    int     ip4_fd = -1;
+    int     ip6_fd = -1;
+    int     level = 0;
+    int     optname = 0;
+    int     on = 1;
+    struct sockaddr_in  serv_4addr = {0};
+    struct sockaddr_in6 serv_6addr = {0};
+
+#ifdef _WIN32
+    level = IPPROTO_IPV6;
+    optname = SO_EXCLUSIVEADDRUSE;
+#else
+    level = SOL_IPV6;
+    optname = SO_REUSEADDR;
+#endif
+
+    dwError = VmDirWhichAddressPresent(&bIPV4Addr, &bIPV6Addr);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (bIPV4Addr)
+    {
+        if ((ip4_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
+        {
+            dwError = LwErrnoToWin32Error(errno);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        bzero((char *) &serv_4addr, sizeof(serv_4addr));
+        serv_4addr.sin_family = AF_INET;
+        serv_4addr.sin_addr.s_addr = INADDR_ANY;
+        serv_4addr.sin_port = htons(dwPort);
+
+        if (setsockopt(ip4_fd, SOL_SOCKET, optname, (const char *)(&on), sizeof(on)) < 0 ||
+            bind(ip4_fd, (struct sockaddr *)&serv_4addr, sizeof(serv_4addr)) < 0)
+        {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                    "%s failed to bind to (IPV4) port %d with errno %d",
+                    __FUNCTION__, dwPort, errno );
+
+            dwError = VMDIR_ERROR_INVALID_STATE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    if (bIPV6Addr)
+    {
+        if ((ip6_fd = socket(AF_INET6, SOCK_STREAM, 0)) < 0)
+        {
+            dwError = LwErrnoToWin32Error(errno);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+
+        memset((char *) &serv_6addr, 0, sizeof(serv_6addr));
+        serv_6addr.sin6_family = AF_INET6;
+        serv_6addr.sin6_port = htons(dwPort);
+
+        if (setsockopt(ip6_fd, SOL_SOCKET, optname, (const char *)(&on), sizeof(on)) < 0 ||
+            setsockopt(ip6_fd, level, IPV6_V6ONLY, (const char *)(&on), sizeof(on)) < 0 ||
+            bind(ip6_fd, (struct sockaddr *)&serv_6addr, sizeof(serv_6addr)) < 0)
+        {
+            VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+                    "%s failed to bind to (IPV6) port %d with errno %d",
+                    __FUNCTION__, dwPort, errno );
+
+            dwError = VMDIR_ERROR_INVALID_STATE;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    if (ip4_fd >= 0)
+    {
+        tcp_close(ip4_fd);
+    }
+    if (ip6_fd >= 0)
+    {
+        tcp_close(ip6_fd);
+    }
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
+            "%s failed, error (%d)", __FUNCTION__, dwError);
+
+    goto cleanup;
+}
+
 DWORD
 VmDirServerStatusEntry(
     PVDIR_ENTRY*    ppEntry
@@ -472,7 +567,7 @@ VmDirReplicationStatusEntry(
     maxOriginatingUSN = backendCtx.pBE->pfnBEGetMaxOriginatingUSN( &backendCtx );
 
     dwError = VmDirAllocateStringPrintf( &pszPartnerVisibleUSN,
-                                             "%u",
+                                             "%" PRId64,
                                              maxPartnerVisibleUSN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
@@ -482,7 +577,7 @@ VmDirReplicationStatusEntry(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf( &pszMaxOriginatingUSN,
-                                             "%u",
+                                             "%" PRId64,
                                              maxOriginatingUSN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/vmdir/server/vmdir/win/vmdird.vcproj b/vmdir/server/vmdir/win/vmdird.vcproj
index 58939b99b..4ff87a1a2 100755
--- a/vmdir/server/vmdir/win/vmdird.vcproj
+++ b/vmdir/server/vmdir/win/vmdird.vcproj
@@ -210,6 +210,10 @@
 				RelativePath="..\instance.c"
 				>
 			</File>
+			<File
+				RelativePath="..\integritychk.c"
+				>
+			</File>
 			<File
 				RelativePath="..\ipcapihandler.c"
 				>
diff --git a/vmdir/server/vmdir/win/vmdird.vcxproj b/vmdir/server/vmdir/win/vmdird.vcxproj
index 28fd47d6f..4990f7c29 100755
--- a/vmdir/server/vmdir/win/vmdird.vcxproj
+++ b/vmdir/server/vmdir/win/vmdird.vcxproj
@@ -138,6 +138,7 @@
     <ClCompile Include="..\index.c" />
     <ClCompile Include="..\init.c" />
     <ClCompile Include="..\instance.c" />
+    <ClCompile Include="..\integritychk.c" />
     <ClCompile Include="..\ipcapihandler.c" />
     <ClCompile Include="..\ipclocalapi.c" />
     <ClCompile Include="ipcserver.c" />
diff --git a/vmdir/server/vmdir/win/vmdird.vcxproj.filters b/vmdir/server/vmdir/win/vmdird.vcxproj.filters
index 76e1c0a60..d8786e2e2 100755
--- a/vmdir/server/vmdir/win/vmdird.vcxproj.filters
+++ b/vmdir/server/vmdir/win/vmdird.vcxproj.filters
@@ -36,6 +36,9 @@
     <ClCompile Include="..\instance.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="..\integritychk.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="..\ipcapihandler.c">
       <Filter>Source Files</Filter>
     </ClCompile>
diff --git a/vmdir/server/vmkdc/Makefile.am b/vmdir/server/vmkdc/Makefile.am
index c4df83e41..1b2ba1a88 100644
--- a/vmdir/server/vmkdc/Makefile.am
+++ b/vmdir/server/vmkdc/Makefile.am
@@ -22,28 +22,29 @@ libvmkdcserv_la_SOURCES = \
 
 libvmkdcserv_la_CPPFLAGS = \
     -DLDAP_DEPRECATED \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/kdctools \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/thirdparty/heimdal \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/build/server/kdcsrvcommon \
-    -I$(top_srcdir)/server/kdcsrvcommon \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/server/kdctools \
+    -I$(top_srcdir)/vmdir/server \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmdir/build/server/kdcsrvcommon \
+    -I$(top_srcdir)/vmdir/server/kdcsrvcommon \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 libvmkdcserv_la_LIBADD = \
-    $(top_builddir)/server/kdckrb5/libvmkrb5.la \
-    $(top_builddir)/server/kdctools/libvmkdctools.la \
-    $(top_builddir)/server/kdcsrvcommon/libkdcsrvcommon.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
+    $(top_builddir)/vmdir/server/kdckrb5/libvmkrb5.la \
+    $(top_builddir)/vmdir/server/kdctools/libvmkdctools.la \
+    $(top_builddir)/vmdir/server/kdcsrvcommon/libkdcsrvcommon.la \
+    $(top_builddir)/vmdir/kdccommon/libkdccommon.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/asn1/libasn1.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/asn1/libasn1db.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -60,6 +61,6 @@ libvmkdcserv_la_LIBADD = \
 
 #    $(VMKDCD_BACKEND_LD_FLAGS) 
 libvmkdcserv_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/server/vmkdc/libvmkdcserv.exp \
+    -export-symbols @top_srcdir@/vmdir/server/vmkdc/libvmkdcserv.exp \
     @LW_LDFLAGS@ \
     @OPENSSL_LDFLAGS@
diff --git a/vmdir/server/vmkdc/init.c b/vmdir/server/vmkdc/init.c
index e940483b0..e7c061ce5 100644
--- a/vmdir/server/vmkdc/init.c
+++ b/vmdir/server/vmkdc/init.c
@@ -29,6 +29,8 @@ InitializeGlobals(
 {
     pGlobals->iAcceptSock = -1;
     pGlobals->iAcceptSockUdp = -1;
+    pGlobals->iAcceptSock6 = -1;
+    pGlobals->iAcceptSock6Udp = -1;
     pGlobals->workerThreadMax = 10; // Get from registry configuration
     pGlobals->workerThreadCount = 0; // Total number of running threads
     pthread_mutex_init(&pGlobals->mutex, NULL);
@@ -56,10 +58,16 @@ VmKdcInit()
     dwError = VmKdcInitKrb5(&gVmkdcGlobals.pKrb5Ctx);
     BAIL_ON_VMKDC_ERROR(dwError);
 
-    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, VMKDC_SERVICE_PORT_TCP);
+    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, TRUE, VMKDC_SERVICE_PORT_TCP);
     BAIL_ON_VMKDC_ERROR(dwError);
 
-    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, VMKDC_SERVICE_PORT_UDP);
+    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, FALSE, VMKDC_SERVICE_PORT_TCP);
+    BAIL_ON_VMKDC_ERROR(dwError);
+
+    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, TRUE, VMKDC_SERVICE_PORT_UDP);
+    BAIL_ON_VMKDC_ERROR(dwError);
+
+    dwError = VmKdcSrvOpenServicePort(&gVmkdcGlobals, FALSE, VMKDC_SERVICE_PORT_UDP);
     BAIL_ON_VMKDC_ERROR(dwError);
 
     dwError = VmKdcSrvServicePortListen(&gVmkdcGlobals);
diff --git a/vmdir/server/vmkdc/networking.c b/vmdir/server/vmkdc/networking.c
index 399461ee1..030a1184a 100644
--- a/vmdir/server/vmkdc/networking.c
+++ b/vmdir/server/vmkdc/networking.c
@@ -68,89 +68,10 @@ VmKdcCreateThreadMaxLimit(
 }
 
 
-static DWORD
-_VmKdcIsIPV6AddressPresent(BOOLEAN  *pIPV6AddressPresent)
-{
-    int                 retVal = 0;
-#ifndef _WIN32
-    struct ifaddrs *    myaddrs = NULL;
-    struct ifaddrs *    ifa = NULL;
-#else
-    PADDRINFOA          myaddrs = NULL;
-    PADDRINFOA          ifa = NULL;
-    unsigned long       loopback_addr = 0;
-    struct sockaddr_in  *pIp4Addr = NULL;
-    struct addrinfo     hints = {0};
-#endif
-
-    *pIPV6AddressPresent = FALSE;
-
-#ifndef _WIN32
-    retVal = getifaddrs(&myaddrs);
-#else
-    hints.ai_family = AF_UNSPEC;
-    hints.ai_socktype = SOCK_STREAM;
-    hints.ai_protocol = IPPROTO_TCP;
-    loopback_addr = inet_addr("127.0.0.1");
-
-    if (getaddrinfo( "", NULL, &hints, &myaddrs ) != 0 )
-    {
-        retVal = WSAGetLastError();
-    }
-#endif
-    BAIL_ON_VMKDC_ERROR( retVal );
-
-    for (ifa = myaddrs; ifa != NULL; ifa = VMKDC_ADDR_INFO_NEXT(ifa))
-    {
-        if ((VMKDC_ADDR_INFO_ADDR(ifa) == NULL)
-#ifndef _WIN32 // because getaddrinfo() does NOT set ai_flags in the returned address info structures.
-            || ((VMKDC_ADDR_INFO_FLAGS(ifa) & IFF_UP) == 0)
-            || ((VMKDC_ADDR_INFO_FLAGS(ifa) & IFF_LOOPBACK) != 0)
-#endif
-        )
-        {
-            continue;
-        }
-        if (VMKDC_ADDR_INFO_ADDR(ifa)->sa_family == AF_INET6)
-        {
-            *pIPV6AddressPresent = TRUE;
-        }
-        else if (VMKDC_ADDR_INFO_ADDR(ifa)->sa_family == AF_INET)
-        {
-#ifdef _WIN32
-            pIp4Addr = (struct sockaddr_in *) VMKDC_ADDR_INFO_ADDR(ifa);
-            if (memcmp(&pIp4Addr->sin_addr.s_addr,
-                &loopback_addr,
-                sizeof(loopback_addr)) == 0)
-            {
-                continue;
-            }
-#endif
-
-            *pIPV6AddressPresent = FALSE;
-            break;
-        }
-    }
-
-cleanup:
-    if (myaddrs)
-    {
-#ifndef _WIN32
-        freeifaddrs(myaddrs);
-#else
-        freeaddrinfo(myaddrs);
-#endif
-    }
-    return retVal;
-
-error:
-    goto cleanup;
-}
-
-
 static DWORD
 _VmKdcMakeIpAddress(
     int port,
+    BOOLEAN bIsIpV6,
     struct sockaddr **ppAddr,
     int *pAddrLen,
     int *pAddrType)
@@ -161,10 +82,6 @@ _VmKdcMakeIpAddress(
     void                *pAddr = NULL;
     short               addrType = AF_INET;
     int                 addrLen = 0;
-    BOOLEAN bIsIpV6 = FALSE;
-
-    dwError = _VmKdcIsIPV6AddressPresent(&bIsIpV6);
-    BAIL_ON_VMKDC_ERROR(dwError);
 
     addrLen = bIsIpV6 ? sizeof(struct sockaddr_in6) :
                         sizeof(struct sockaddr_in);
@@ -200,6 +117,7 @@ _VmKdcMakeIpAddress(
 DWORD
 VmKdcSrvOpenServicePort(
     PVMKDC_GLOBALS pGlobals,
+    BOOLEAN bIpV6,
     VMKDC_SERVICE_PORT_TYPE portType)
 {
     DWORD dwError = 0;
@@ -215,6 +133,7 @@ VmKdcSrvOpenServicePort(
 
     dwError = _VmKdcMakeIpAddress(
                    pGlobals->iListenPort,
+                   bIpV6,
                    &saddr,
                    &saddr_len,
                    &saddr_type);
@@ -239,6 +158,17 @@ VmKdcSrvOpenServicePort(
         BAIL_ON_VMKDC_ERROR(dwError);
     }
 
+    if (bIpV6)
+    {
+        int on = 1;
+
+#ifdef _WIN32
+        setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, (void *) &on, sizeof(on));
+#else
+        setsockopt(sock, SOL_IPV6, IPV6_V6ONLY, (void *) &on, sizeof(on));
+#endif
+    }
+
     if (portType == VMKDC_SERVICE_PORT_TCP)
     {
 #ifdef _WIN32
@@ -263,22 +193,36 @@ VmKdcSrvOpenServicePort(
     sts = bind(sock, saddr, saddr_len);
     if (sts == -1)
     {
-#ifdef _WIN32
-        errno = WSAGetLastError();
-#endif
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
+        tcp_close(sock);
+        sock = -1;
     }
 
     if (portType == VMKDC_SERVICE_PORT_TCP)
     {
-        pGlobals->iAcceptSock = sock;
+        if (bIpV6)
+        {
+            pGlobals->iAcceptSock6 = sock;
+            pGlobals->addrLen6 = saddr_len;
+        }
+        else
+        {
+            pGlobals->iAcceptSock = sock;
+            pGlobals->addrLen = saddr_len;
+        }
     }
     else
     {
-        pGlobals->iAcceptSockUdp = sock;
+        if (bIpV6)
+        {
+            pGlobals->iAcceptSock6Udp = sock;
+            pGlobals->addrLen6 = saddr_len;
+        }
+        else
+        {
+            pGlobals->iAcceptSockUdp = sock;
+            pGlobals->addrLen = saddr_len;
+        }
     }
-    pGlobals->addrLen = saddr_len;
 
 error:
     VMKDC_SAFE_FREE_MEMORY(saddr);
@@ -304,11 +248,24 @@ VmKdcSrvServicePortListen(
     DWORD dwError = 0;
     int sts = 0;
 
-    sts = listen(pGlobals->iAcceptSock, 5);
-    if (sts == -1)
+    if (pGlobals->iAcceptSock >= 0)
     {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMKDC_ERROR(dwError);
+        sts = listen(pGlobals->iAcceptSock, 5);
+        if (sts == -1)
+        {
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMKDC_ERROR(dwError);
+        }
+    }
+
+    if (pGlobals->iAcceptSock6 >= 0)
+    {
+        sts = listen(pGlobals->iAcceptSock6, 5);
+        if (sts == -1)
+        {
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMKDC_ERROR(dwError);
+        }
     }
 error:
     return dwError;
@@ -327,15 +284,37 @@ VmKdcSrvServiceAcceptConn(
     INT64 maxFd = -1;
 
     FD_ZERO(&rmask);
-    FD_SET(pGlobals->iAcceptSock, &rmask);
-    if (pGlobals->iAcceptSock > maxFd)
+    if (pGlobals->iAcceptSock >= 0)
+    {
+        FD_SET(pGlobals->iAcceptSock, &rmask);
+        if (pGlobals->iAcceptSock > maxFd)
+        {
+            maxFd = pGlobals->iAcceptSock;
+        }
+    }
+    if (pGlobals->iAcceptSockUdp >= 0)
     {
-        maxFd = pGlobals->iAcceptSock;
+        FD_SET(pGlobals->iAcceptSockUdp, &rmask);
+        if (pGlobals->iAcceptSockUdp > maxFd)
+        {
+            maxFd = pGlobals->iAcceptSockUdp;
+        }
     }
-    FD_SET(pGlobals->iAcceptSockUdp, &rmask);
-    if (pGlobals->iAcceptSockUdp > maxFd)
+    if (pGlobals->iAcceptSock6 >= 0)
     {
-        maxFd = pGlobals->iAcceptSockUdp;
+        FD_SET(pGlobals->iAcceptSock6, &rmask);
+        if (pGlobals->iAcceptSock6 > maxFd)
+        {
+            maxFd = pGlobals->iAcceptSock6;
+        }
+    }
+    if (pGlobals->iAcceptSock6Udp >= 0)
+    {
+        FD_SET(pGlobals->iAcceptSock6Udp, &rmask);
+        if (pGlobals->iAcceptSock6Udp > maxFd)
+        {
+            maxFd = pGlobals->iAcceptSock6Udp;
+        }
     }
 
     sts = select((int) (maxFd + 1), &rmask, NULL, NULL, NULL);
@@ -348,6 +327,8 @@ VmKdcSrvServiceAcceptConn(
     {
         goto error;
     }
+
+    /* Inspect ether IPv4 or IPv6 TCP sockets for activity */
     if (FD_ISSET(pGlobals->iAcceptSock, &rmask))
     {
         sts = accept(pGlobals->iAcceptSock, NULL, NULL);
@@ -356,10 +337,24 @@ VmKdcSrvServiceAcceptConn(
             *acceptSocket = (int) sts;
         }
     }
+    else if (FD_ISSET(pGlobals->iAcceptSock6, &rmask))
+    {
+        sts = accept(pGlobals->iAcceptSock6, NULL, NULL);
+        if (sts != -1)
+        {
+            *acceptSocket = (int) sts;
+        }
+    }
+
+    /* Inspect ether IPv4 or IPv6 UDP sockets for activity */
     if (FD_ISSET(pGlobals->iAcceptSockUdp, &rmask))
     {
         *acceptSocketUdp = (int) pGlobals->iAcceptSockUdp;
     }
+    else if (FD_ISSET(pGlobals->iAcceptSock6Udp, &rmask))
+    {
+        *acceptSocketUdp = (int) pGlobals->iAcceptSock6Udp;
+    }
 error:
     return dwError;
 }
@@ -907,6 +902,18 @@ VmKdcSrvCloseSocketAcceptFd(
         gVmkdcGlobals.iAcceptSockUdp = -1;
     }
 
+    if (gVmkdcGlobals.iAcceptSock6 >= 0)
+    {
+        tcp_close(gVmkdcGlobals.iAcceptSock6);
+        gVmkdcGlobals.iAcceptSock6 = -1;
+    }
+
+    if (gVmkdcGlobals.iAcceptSock6Udp >= 0)
+    {
+        tcp_close(gVmkdcGlobals.iAcceptSock6Udp);
+        gVmkdcGlobals.iAcceptSock6Udp = -1;
+    }
+
     pthread_mutex_unlock(&gVmkdcGlobals.mutex);
 }
 
diff --git a/vmdir/server/vmkdc/networking.h b/vmdir/server/vmkdc/networking.h
index ceac5e109..ec32a319f 100644
--- a/vmdir/server/vmkdc/networking.h
+++ b/vmdir/server/vmkdc/networking.h
@@ -23,6 +23,7 @@ typedef enum _VMKDC_SERVICE_PORT_TYPE
 DWORD
 VmKdcSrvOpenServicePort(
     PVMKDC_GLOBALS pGlobals,
+    BOOLEAN bIpV6,
     VMKDC_SERVICE_PORT_TYPE portType);
 
 DWORD
diff --git a/vmdir/server/vmkdc/rpc.c b/vmdir/server/vmkdc/rpc.c
index 676d273ca..b69ccac35 100644
--- a/vmdir/server/vmkdc/rpc.c
+++ b/vmdir/server/vmkdc/rpc.c
@@ -201,6 +201,10 @@ VmKdcRpcEpRegister(
     )
 {
     DWORD dwError = ERROR_SUCCESS;
+#if 1
+    /* Do not register with dcerpc; all services use fixed endpoints */
+    return dwError;
+#else
     error_status_t rpcStatus = rpc_s_ok;
 
     rpc_ep_register(
@@ -213,6 +217,7 @@ VmKdcRpcEpRegister(
     dwError = rpcStatus;
 
     return dwError;
+#endif
 }
 
 DWORD
diff --git a/vmdir/server/vmkdc/service.c b/vmdir/server/vmkdc/service.c
index a8b46f3d0..e554d17be 100644
--- a/vmdir/server/vmkdc/service.c
+++ b/vmdir/server/vmkdc/service.c
@@ -96,6 +96,7 @@ VmKdcRegisterRpcServer(
     VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
         "VMware Kdc Service bound successfully.");
 
+#if 0
 #ifndef _WIN32
     dwError = VmKdcRpcEpRegister(
         pServerBinding,
@@ -107,6 +108,7 @@ VmKdcRegisterRpcServer(
 
     VMDIR_LOG_VERBOSE(VMDIR_LOG_MASK_ALL,
         "RPC Endpoints registered successfully.");
+#endif
 
 #ifndef _WIN32
 /*
diff --git a/vmdir/server/vmkdc_mit_tools/Makefile.am b/vmdir/server/vmkdc_mit_tools/Makefile.am
index 1d47765cf..3085d9954 100644
--- a/vmdir/server/vmkdc_mit_tools/Makefile.am
+++ b/vmdir/server/vmkdc_mit_tools/Makefile.am
@@ -1,5 +1,5 @@
-thirdparty_srcdir = $(top_srcdir)/thirdparty
-thirdparty_builddir = $(top_builddir)/thirdparty
+thirdparty_srcdir = $(top_srcdir)/vmdir/thirdparty
+thirdparty_builddir = $(top_builddir)/vmdir/thirdparty
 
 noinst_PROGRAMS = \
     parsedb \
@@ -13,28 +13,29 @@ noinst_PROGRAMS = \
 #    krb5keys-test
 
 MIT_TOOLS_INCLUDES = \
-    -I$(top_srcdir)/server/vmkdc \
-    -I$(top_srcdir)/server/kdctools \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/server/tools \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/vmkrb5 \
+    -I$(top_srcdir)/vmdir/server/vmkdc \
+    -I$(top_srcdir)/vmdir/server/kdctools \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server \
+    -I$(top_srcdir)/vmdir/server/tools \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/server/vmkrb5 \
     -I$(thirdparty_srcdir)/heimdal \
     -I$(thirdparty_srcdir)/heimdal/krb5-crypto \
     -I$(thirdparty_srcdir)/heimdal/asn1 \
-    -I$(top_srcdir)/server/vmkdc \
+    -I$(top_srcdir)/vmdir/server/vmkdc \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 MIT_TOOLS_LDADD = \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/server/kdctools/libvmkdctools.la \
-    $(top_builddir)/server/kdckrb5/libvmkrb5.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/server/common/libsrvcommon.la \
+    $(top_builddir)/vmdir/kdccommon/libkdccommon.la \
+    $(top_builddir)/vmdir/server/kdctools/libvmkdctools.la \
+    $(top_builddir)/vmdir/server/kdckrb5/libvmkrb5.la \
+    $(top_builddir)/vmdir/kdccommon/libkdccommon.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     $(thirdparty_builddir)/heimdal/krb5-crypto/libkrb5crypto.la \
     $(thirdparty_builddir)/heimdal/asn1/libasn1db.la \
     $(thirdparty_builddir)/heimdal/asn1/libasn1.la \
diff --git a/vmdir/testing/integration_tests/acls/Makefile.am b/vmdir/testing/integration_tests/acls/Makefile.am
index 8096e8c94..ab25895d4 100644
--- a/vmdir/testing/integration_tests/acls/Makefile.am
+++ b/vmdir/testing/integration_tests/acls/Makefile.am
@@ -1,8 +1,8 @@
 lib_LTLIBRARIES = libsecuritydescriptortests.la
 
 libsecuritydescriptortests_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
@@ -11,9 +11,12 @@ libsecuritydescriptortests_la_SOURCES = \
     administratorrights.c \
     administratorsrights.c \
     bad_parameters.c \
+    custom_groups.c \
+    default_security_descriptor.c \
     domainadminsrights.c \
     domainclientsrights.c \
     inheritance.c \
+    k8s_machine_act_selfservice.c \
     legacy_access_checks.c \
     main.c \
     ntsecuritydescriptor.c \
@@ -24,7 +27,7 @@ libsecuritydescriptortests_la_SOURCES = \
     wellknownsids.c
 
 libsecuritydescriptortests_la_LIBADD = \
-    @top_builddir@/testing/test_lib/libvmdirtesting.la \
+    @top_builddir@/vmdir/testing/test_lib/libvmdirtesting.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -40,7 +43,7 @@ libsecuritydescriptortests_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libsecuritydescriptortests_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/testing/integration_tests/acls/libsecuritydescriptortests.exp \
+    -export-symbols @top_srcdir@/vmdir/testing/integration_tests/acls/libsecuritydescriptortests.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/testing/integration_tests/acls/administratorsrights.c b/vmdir/testing/integration_tests/acls/administratorsrights.c
index 430899640..06d4e3d13 100644
--- a/vmdir/testing/integration_tests/acls/administratorsrights.c
+++ b/vmdir/testing/integration_tests/acls/administratorsrights.c
@@ -16,14 +16,14 @@
 DWORD
 AdminGroupShouldBeAbleToDeleteObject(
     PVMDIR_TEST_STATE pState,
-    PCSTR pszContainer // TODO
+    PCSTR pszContainer
     )
 {
     DWORD dwError = 0;
     PSTR pszUserName = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -47,7 +47,7 @@ AdminGroupShouldBeAbleToReadProperties(
     PSTR pszUserDn = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -84,7 +84,7 @@ AdminGroupShouldBeAbleToReadSD(
     PSTR pszUserDn = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -121,7 +121,7 @@ AdminGroupShouldBeAbleToWriteProperties(
     PSTR pszUserDn = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -158,7 +158,7 @@ AdminGroupShouldBeAbleToWriteSD(
     PSTR pszDomainSid = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -213,7 +213,7 @@ AdminGroupShouldBeAbleToListObject(
     PSTR pszUserName = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainer, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -252,7 +252,7 @@ AdminGroupShouldBeAbleToListChildObjects(
     PSTR pszContainerDn = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -264,7 +264,7 @@ AdminGroupShouldBeAbleToListChildObjects(
                 pState->pszBaseDN);
     TestAssertEquals(dwError, 0);
 
-    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL, NULL, NULL);
     TestAssertEquals(dwError, 0);
     return dwError;
 }
@@ -285,10 +285,8 @@ TestStandardRightsForAdminGroup(
     LDAP *pLdNewUser = NULL;
     LDAP *pLdOld = NULL;
 
-    raise(SIGTRAP);
-
     dwError = VmDirTestGetGuid(&pszUserName);
-    TestAssertEquals(dwError, 0); // TODO
+    TestAssertEquals(dwError, 0);
 
     dwError = VmDirTestCreateUser(pState, pszContainerName, pszUserName, NULL);
     TestAssertEquals(dwError, 0);
@@ -307,7 +305,7 @@ TestStandardRightsForAdminGroup(
                 pState->pszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirTestAddUserToGroup(pState, pszUserDn, pszGroupDn);
+    dwError = VmDirTestAddUserToGroupByDn(pState->pLd, pszUserDn, pszGroupDn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirTestConnectionFromUser(pState, pszUserName, &pLdNewUser);
diff --git a/vmdir/testing/integration_tests/acls/bad_parameters.c b/vmdir/testing/integration_tests/acls/bad_parameters.c
index 77b874a1a..251dee967 100644
--- a/vmdir/testing/integration_tests/acls/bad_parameters.c
+++ b/vmdir/testing/integration_tests/acls/bad_parameters.c
@@ -29,7 +29,7 @@ SpecifyingAclStringAndSecurityDescriptorShouldFail(
     PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
     PCSTR valsPNE[] = {"TRUE", NULL};
     PCSTR valsPN[] = {NULL, NULL};
-    PCSTR valsPass[] = {"Admin!23", NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
     PSTR pszUPN = NULL;
     PSTR pszDN = NULL;
     struct berval bvSecurityDescriptor = {0};
diff --git a/vmdir/testing/integration_tests/acls/custom_groups.c b/vmdir/testing/integration_tests/acls/custom_groups.c
new file mode 100644
index 000000000..68c5216c7
--- /dev/null
+++ b/vmdir/testing/integration_tests/acls/custom_groups.c
@@ -0,0 +1,524 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+CleanupCustomSetup(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    (VOID)VmDirTestDeleteUser(pState, NULL, "non_member");
+
+    (VOID)VmDirTestDeleteUser(pState, NULL, "c_client");
+
+    (VOID)VmDirTestDeleteUser(pState, NULL, "c_admin");
+
+    (VOID)VmDirTestDeleteContainer(pState, "CustomObjects");
+
+    (VOID)VmDirTestDeleteGroup(pState, NULL, "CustomClients");
+
+    (VOID)VmDirTestDeleteGroup(pState, NULL, "CustomAdmins");
+
+    return 0;
+}
+
+DWORD
+InitializeCustomSetup(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDomainSid = NULL;
+    PSTR    pszAdminsSid = NULL;
+    PSTR    pszClientsSid = NULL;
+    PSTR    pszGroupSD = NULL;
+    PSTR    pszContainerSD = NULL;
+
+    pState->pfnCleanupCallback = CleanupCustomSetup;
+
+    // Cleanup leftover from previous run
+    dwError = CleanupCustomSetup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Override SD to be deletable by administrator
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupSD, "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)", pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateGroup(pState, NULL, "CustomAdmins", pszGroupSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateGroup(pState, NULL, "CustomClients", pszGroupSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetGroupSid(pState, "CustomAdmins", NULL, &pszAdminsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetGroupSid(pState, "CustomClients", NULL, &pszClientsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Grant CustomAdmins READ+WRITE permissions and
+    // grant CustomClients READ permission
+    dwError = VmDirAllocateStringPrintf(
+            &pszContainerSD,
+            "O:BAG:BAD:(A;CIOIID;GXRCCCDCRPWP;;;%s)(A;CIOIID;RP;;;%s)",
+            pszAdminsSid,
+            pszClientsSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateContainer(pState, "CustomObjects", pszContainerSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // Create users and assign memberships
+    dwError = VmDirTestCreateUser(pState, NULL, "c_admin", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, NULL, "c_client", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, NULL, "non_member", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroup(
+            pState, "c_admin", NULL, "CustomAdmins", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroup(
+            pState, "c_client", NULL, "CustomClients", NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+error:
+    VMDIR_SAFE_FREE_STRINGA(pszDomainSid);
+    VMDIR_SAFE_FREE_STRINGA(pszAdminsSid);
+    VMDIR_SAFE_FREE_STRINGA(pszClientsSid);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupSD);
+    VMDIR_SAFE_FREE_STRINGA(pszContainerSD);
+    return dwError;
+}
+
+DWORD
+CreateCustomObject(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PCSTR   valsCn[] = { pszName, NULL };
+    PCSTR   valsClass[] = { "user", NULL };
+    LDAPMod mod[]={
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLdCustom, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+DeleteCustomObject(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_delete_ext_s(pState->pLdCustom, pszDN, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ListCustomObjects(
+    PVMDIR_TEST_STATE   pState,
+    PDWORD              pdwCount
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PVMDIR_STRING_LIST  pObjects = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=CustomObjects,cn=%s,%s",
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetObjectList(pState->pLdCustom, pszDN, NULL, NULL, &pObjects);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCount = pObjects->dwCount;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VmDirStringListFree(pObjects);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadCustomObjectProperties(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PSTR    pszCN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+            pState->pLdCustom, pszDN, LDAP_SCOPE_BASE, NULL, ATTR_CN, &pszCN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszCN);
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+WriteCustomObjectProperties(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PCSTR   ppszAttrVals[] = {"hello world", NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+            pState->pLdCustom,
+            pszDN,
+            ATTR_DESCRIPTION,
+            ppszAttrVals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadCustomObjectSD(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PSTR    pszSD = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+            pState->pLdCustom,
+            pszDN,
+            LDAP_SCOPE_BASE,
+            NULL,
+            ATTR_ACL_STRING,
+            &pszSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszSD);
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+WriteCustomObjectSD(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+    PCSTR   ppszAttrVals[] = {"O:BAG:BAD:(A;;RCRPWPWDSD;;;BA)", NULL};
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=CustomObjects,cn=%s,%s",
+            pszName,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestReplaceAttributeValues(
+            pState->pLdCustom,
+            pszDN,
+            ATTR_ACL_STRING,
+            ppszAttrVals);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+
+}
+
+DWORD
+TestCustomAdminRights(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+
+    dwError = VmDirTestConnectionFromUser(pState, "c_admin", &pState->pLdCustom);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // should be able to create objects
+    dwError = CreateCustomObject(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    dwError = CreateCustomObject(pState, "co-2");
+    TestAssertEquals(dwError, 0);
+
+    dwError = CreateCustomObject(pState, "co-3");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to delete objects
+    dwError = DeleteCustomObject(pState, "co-3");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to list objects
+    dwError = ListCustomObjects(pState, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 2);
+
+    // should be able to read properties
+    dwError = ReadCustomObjectProperties(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to write properties
+    dwError = WriteCustomObjectProperties(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    // should be able to read SD
+    dwError = ReadCustomObjectSD(pState, "co-1");
+    TestAssertEquals(dwError, 0);
+
+    // should NOT be able to write SD
+    dwError = WriteCustomObjectSD(pState, "co-1");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // pass all tests, return 0
+    dwError = 0;
+
+error:
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    pState->pLdCustom = NULL;
+    return dwError;
+}
+
+DWORD
+TestCustomClientRights(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+
+    dwError = VmDirTestConnectionFromUser(pState, "c_client", &pState->pLdCustom);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // should NOT be able to create objects
+    dwError = CreateCustomObject(pState, "co-4");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to delete objects
+    dwError = DeleteCustomObject(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should be able to list objects
+    dwError = ListCustomObjects(pState, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 2);
+
+    // should be able to read properties
+    dwError = ReadCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, 0);
+
+    // should NOT be able to write properties
+    dwError = WriteCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should be able to read SD
+    dwError = ReadCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, 0);
+
+    // should NOT be able to write SD
+    dwError = WriteCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // pass all tests, return 0
+    dwError = 0;
+
+error:
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    pState->pLdCustom = NULL;
+    return dwError;
+}
+
+DWORD
+TestNonMemberRights(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCount = 0;
+
+    dwError = VmDirTestConnectionFromUser(pState, "non_member", &pState->pLdCustom);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // should NOT be able to create objects
+    dwError = CreateCustomObject(pState, "co-4");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to delete objects
+    dwError = DeleteCustomObject(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should NOT be able to list objects
+    dwError = ListCustomObjects(pState, &dwCount);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCount, 0);
+
+    // should NOT be able to read properties
+    dwError = ReadCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, ERROR_INVALID_STATE);
+
+    // should NOT be able to write properties
+    dwError = WriteCustomObjectProperties(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // should be able to read SD
+    dwError = ReadCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, 0);
+
+    // should NOT be able to write SD
+    dwError = WriteCustomObjectSD(pState, "co-2");
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    // pass all tests, return 0
+    dwError = 0;
+
+error:
+    VmDirTestLdapUnbind(pState->pLdCustom);
+    pState->pLdCustom = NULL;
+    return dwError;
+}
+
+DWORD
+TestCustomGroups(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = InitializeCustomSetup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCustomAdminRights(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCustomClientRights(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestNonMemberRights(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = CleanupCustomSetup(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    printf("%s %s (%d)\n", __FUNCTION__, dwError ? "failed" : "succeeded", dwError);
+    return dwError;
+
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/vmdir/testing/integration_tests/acls/default_security_descriptor.c b/vmdir/testing/integration_tests/acls/default_security_descriptor.c
new file mode 100644
index 000000000..adcab44c8
--- /dev/null
+++ b/vmdir/testing/integration_tests/acls/default_security_descriptor.c
@@ -0,0 +1,601 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+CleanupDefaultSecurityDescriptorTestData(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    // delete default SD for residentialperson
+    (VOID)VmDirTestReplaceAttributeValues(
+            pState->pLd,
+            "cn=residentialperson,cn=schemacontext",
+            "defaultsecuritydescriptor",
+            NULL);
+
+    // delete test computers
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=testcomputer001,ou=Computers");
+
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=testcomputer002,ou=Computers");
+
+    // delete test cert auths
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=testcert001,cn=Certificate-Authorities,cn=Configuration");
+
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=testcert002,cn=Certificate-Authorities,cn=Configuration");
+
+    // delete test users
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=testuser001,cn=users");
+
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=testuser002,cn=users");
+
+    // delete test residential persons
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=residentialperson001,cn=users");
+
+    (VOID)VmDirTestDeleteObjectByDNPrefix(
+            pState, "cn=residentialperson002,cn=users");
+
+    return 0;
+}
+
+DWORD
+InitializeDefaultSecurityDescriptorTestData(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    PCSTR   pszDefaultSD[] = { "D:(A;;RP;;;S-1-0-0-545)", NULL };
+
+    pState->pfnCleanupCallback = CleanupDefaultSecurityDescriptorTestData;
+
+    // set default SD for residentialperson
+    // - grant READ_PROP permission to authenticated users
+    dwError = VmDirTestReplaceAttributeValues(
+            pState->pLd,
+            "cn=residentialperson,cn=schemacontext",
+            "defaultsecuritydescriptor",
+            pszDefaultSD);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // create test computers
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=testcomputer001,ou=Computers", "computer");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=testcomputer002,ou=Computers", "computer");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // create test cert auths
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=testcert001,cn=Certificate-Authorities,cn=Configuration", "vmwcertificationauthority");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=testcert002,cn=Certificate-Authorities,cn=Configuration", "vmwcertificationauthority");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // create test users
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=testuser001,cn=users", "user");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=testuser002,cn=users", "user");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // create test residential persons
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=residentialperson001,cn=users", "residentialperson");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateObjectByDNPrefix(
+            pState, "cn=residentialperson002,cn=users", "residentialperson");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+error:
+    return dwError;
+}
+
+DWORD
+ReadDefaultSecurityDescriptors(
+    LDAP*   pLd,
+    PDWORD  pdwCnt
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_STRING_LIST  pClasses = NULL;
+
+    // read default security descriptor
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            "cn=schemacontext",
+            "(defaultsecuritydescriptor=*)",
+            ATTR_DEFAULT_SECURITY_DESCRIPTOR,
+            &pClasses);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCnt = pClasses->dwCount;
+
+cleanup:
+    VmDirStringListFree(pClasses);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadGroupEntries(
+    PVMDIR_TEST_STATE   pState,
+    LDAP*               pLd,
+    PDWORD              pdwCntProp,
+    PDWORD              pdwCntCtrl
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_STRING_LIST  pEntriesByProp = NULL;
+    PVMDIR_STRING_LIST  pEntriesByCtrl = NULL;
+
+    // read property
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            "(objectclass=group)",
+            ATTR_OBJECT_CLASS,
+            &pEntriesByProp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntProp = pEntriesByProp->dwCount;
+
+    // read control
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            "(objectclass=group)",
+            ATTR_OBJECT_SECURITY_DESCRIPTOR,
+            &pEntriesByCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntCtrl = pEntriesByCtrl->dwCount;
+
+cleanup:
+    VmDirStringListFree(pEntriesByProp);
+    VmDirStringListFree(pEntriesByCtrl);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadComputerEntries(
+    PVMDIR_TEST_STATE   pState,
+    LDAP*               pLd,
+    PDWORD              pdwCntProp,
+    PDWORD              pdwCntCtrl
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_STRING_LIST  pEntriesByProp = NULL;
+    PVMDIR_STRING_LIST  pEntriesByCtrl = NULL;
+
+    // read property
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            // ignore msDS-ManagedServiceAccount objects
+            "(&(objectclass=computer)(!(objectclass=msDS-ManagedServiceAccount)))",
+            ATTR_OBJECT_CLASS,
+            &pEntriesByProp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntProp = pEntriesByProp->dwCount;
+
+    // read control
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            // ignore msDS-ManagedServiceAccount objects
+            "(&(objectclass=computer)(!(objectclass=msDS-ManagedServiceAccount)))",
+            ATTR_OBJECT_SECURITY_DESCRIPTOR,
+            &pEntriesByCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntCtrl = pEntriesByCtrl->dwCount;
+
+cleanup:
+    VmDirStringListFree(pEntriesByProp);
+    VmDirStringListFree(pEntriesByCtrl);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadCertAuthEntries(
+    PVMDIR_TEST_STATE   pState,
+    LDAP*               pLd,
+    PDWORD              pdwCntProp,
+    PDWORD              pdwCntCtrl
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_STRING_LIST  pEntriesByProp = NULL;
+    PVMDIR_STRING_LIST  pEntriesByCtrl = NULL;
+
+    // read property
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            "(objectclass=vmwcertificationauthority)",
+            ATTR_OBJECT_CLASS,
+            &pEntriesByProp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntProp = pEntriesByProp->dwCount;
+
+    // read control
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            "(objectclass=vmwcertificationauthority)",
+            ATTR_OBJECT_SECURITY_DESCRIPTOR,
+            &pEntriesByCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntCtrl = pEntriesByCtrl->dwCount;
+
+cleanup:
+    VmDirStringListFree(pEntriesByProp);
+    VmDirStringListFree(pEntriesByCtrl);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadUserEntries(
+    PVMDIR_TEST_STATE   pState,
+    LDAP*               pLd,
+    PDWORD              pdwCntProp,
+    PDWORD              pdwCntCtrl
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_STRING_LIST  pEntriesByProp = NULL;
+    PVMDIR_STRING_LIST  pEntriesByCtrl = NULL;
+
+    // read property
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            // ignore computer objects
+            "(&(&(objectclass=user)(!(objectclass=computer))))",
+            ATTR_OBJECT_CLASS,
+            &pEntriesByProp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntProp = pEntriesByProp->dwCount;
+
+    // read control
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            // ignore computer objects
+            "(&(&(objectclass=user)(!(objectclass=computer))))",
+            ATTR_OBJECT_SECURITY_DESCRIPTOR,
+            &pEntriesByCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntCtrl = pEntriesByCtrl->dwCount;
+
+cleanup:
+    VmDirStringListFree(pEntriesByProp);
+    VmDirStringListFree(pEntriesByCtrl);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+ReadResidentialPersonEntries(
+    PVMDIR_TEST_STATE   pState,
+    LDAP*               pLd,
+    PDWORD              pdwCntProp,
+    PDWORD              pdwCntCtrl
+    )
+{
+    DWORD   dwError = 0;
+    PVMDIR_STRING_LIST  pEntriesByProp = NULL;
+    PVMDIR_STRING_LIST  pEntriesByCtrl = NULL;
+
+    // read property
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            "(objectclass=residentialperson)",
+            ATTR_OBJECT_CLASS,
+            &pEntriesByProp);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntProp = pEntriesByProp->dwCount;
+
+    // read control
+    dwError = VmDirTestGetObjectList(
+            pLd,
+            pState->pszBaseDN,
+            "(objectclass=residentialperson)",
+            ATTR_OBJECT_SECURITY_DESCRIPTOR,
+            &pEntriesByCtrl);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *pdwCntCtrl = pEntriesByCtrl->dwCount;
+
+cleanup:
+    VmDirStringListFree(pEntriesByProp);
+    VmDirStringListFree(pEntriesByCtrl);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+TestSystemDefaultSecurityDescriptors(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCnt = 0;
+
+    // default security descriptors should be readable by administrator
+    dwError = ReadDefaultSecurityDescriptors(pState->pLd, &dwCnt);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCnt, 5);
+
+    // default security descriptors should be readable by authenticated users
+    dwError = ReadDefaultSecurityDescriptors(pState->pLdLimited, &dwCnt);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCnt, 5);
+
+    // default security descriptors should be readable by anonymous users
+    dwError = ReadDefaultSecurityDescriptors(pState->pLdAnonymous, &dwCnt);
+    TestAssertEquals(dwError, 0);
+    TestAssertEquals(dwCnt, 5);
+
+    // pass all tests, return 0
+    return 0;
+}
+
+DWORD
+TestGroupEntriesSD(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCntProp = 0;
+    DWORD   dwCntCtrl = 0;
+
+    dwError = ReadGroupEntries(pState, pState->pLd, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // group property should be readable by administrator
+    TestAssertEquals(dwCntProp, 5);
+    // group control should be readable by administrator
+    TestAssertEquals(dwCntCtrl, 5);
+
+    dwError = ReadGroupEntries(pState, pState->pLdLimited, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // group property should be readable by authenticated users
+    TestAssertEquals(dwCntProp, 5);
+    // group control should be readable by authenticated users
+    TestAssertEquals(dwCntCtrl, 5);
+
+    dwError = ReadGroupEntries(pState, pState->pLdAnonymous, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // group property should be NOT readable by anonymous users
+    TestAssertEquals(dwCntProp, 0);
+    // group control should be NOT readable by anonymous users
+    TestAssertEquals(dwCntCtrl, 0);
+
+    // pass all tests, return 0
+    return 0;
+}
+
+DWORD
+TestComputerEntriesSD(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCntProp = 0;
+    DWORD   dwCntCtrl = 0;
+
+    dwError = ReadComputerEntries(pState, pState->pLd, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // computer property should be readable by administrator
+    TestAssertEquals(dwCntProp, 3);
+    // computer control should be readable by administrator
+    TestAssertEquals(dwCntCtrl, 3);
+
+    dwError = ReadComputerEntries(pState, pState->pLdLimited, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // computer property should be readable by authenticated users
+    TestAssertEquals(dwCntProp, 3);
+    // computer control should be readable by authenticated users
+    TestAssertEquals(dwCntCtrl, 3);
+
+    dwError = ReadComputerEntries(pState, pState->pLdAnonymous, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // computer property should be NOT readable by anonymous users
+    TestAssertEquals(dwCntProp, 0);
+    // computer control should be NOT readable by anonymous users
+    TestAssertEquals(dwCntCtrl, 0);
+
+    // pass all tests, return 0
+    return 0;
+}
+
+DWORD
+TestCertAuthEntriesSD(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCntProp = 0;
+    DWORD   dwCntCtrl = 0;
+
+    dwError = ReadCertAuthEntries(pState, pState->pLd, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // cert auth property should be readable by administrator
+    TestAssertEquals(dwCntProp, 2);
+    // cert auth control should be readable by administrator
+    TestAssertEquals(dwCntCtrl, 2);
+
+    dwError = ReadCertAuthEntries(pState, pState->pLdLimited, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // cert auth property should be readable by authenticated users
+    TestAssertEquals(dwCntProp, 2);
+    // cert auth control should be readable by authenticated users
+    TestAssertEquals(dwCntCtrl, 2);
+
+    dwError = ReadCertAuthEntries(pState, pState->pLdAnonymous, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // cert auth property should be NOT readable by anonymous users
+    TestAssertEquals(dwCntProp, 0);
+    // cert auth control should be NOT readable by anonymous users
+    TestAssertEquals(dwCntCtrl, 0);
+
+    // pass all tests, return 0
+    return 0;
+}
+
+DWORD
+TestUserEntriesSD(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCntProp = 0;
+    DWORD   dwCntCtrl = 0;
+
+    dwError = ReadUserEntries(pState, pState->pLd, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // user property should be readable by administrator
+    TestAssertEquals(dwCntProp, 6);
+    // user control should be readable by administrator
+    TestAssertEquals(dwCntCtrl, 6);
+
+    dwError = ReadUserEntries(pState, pState->pLdLimited, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // user property should be NOT readable by authenticated users (except self)
+    TestAssertEquals(dwCntProp, 1);
+    // user control should be readable by authenticated users
+    TestAssertEquals(dwCntCtrl, 6);
+
+    dwError = ReadUserEntries(pState, pState->pLdAnonymous, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // user property should be NOT readable by anonymous users
+    TestAssertEquals(dwCntProp, 0);
+    // user control should be NOT readable by anonymous users
+    TestAssertEquals(dwCntCtrl, 0);
+
+    // pass all tests, return 0
+    return 0;
+}
+
+DWORD
+TestResidentialPersonEntriesSD(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCntProp = 0;
+    DWORD   dwCntCtrl = 0;
+
+    dwError = ReadResidentialPersonEntries(pState, pState->pLd, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // residential person property should be readable by administrator
+    TestAssertEquals(dwCntProp, 2);
+    // residential person control should be readable by administrator
+    TestAssertEquals(dwCntCtrl, 2);
+
+    dwError = ReadResidentialPersonEntries(pState, pState->pLdLimited, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // residential person property should be readable by authenticated users
+    TestAssertEquals(dwCntProp, 2);
+    // residential person control should NOT be readable by authenticated users
+    TestAssertEquals(dwCntCtrl, 0);
+
+    dwError = ReadResidentialPersonEntries(pState, pState->pLdAnonymous, &dwCntProp, &dwCntCtrl);
+    TestAssertEquals(dwError, 0);
+    // residential person property should NOT be readable by anonymous users
+    TestAssertEquals(dwCntProp, 0);
+    // residential person control should NOT be readable by anonymous users
+    TestAssertEquals(dwCntCtrl, 0);
+
+    // pass all tests, return 0
+    return 0;
+}
+
+DWORD
+TestDefaultSecurityDescriptor(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+
+    dwError = InitializeDefaultSecurityDescriptorTestData(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestSystemDefaultSecurityDescriptors(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestGroupEntriesSD(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestComputerEntriesSD(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCertAuthEntriesSD(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestUserEntriesSD(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestResidentialPersonEntriesSD(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = CleanupDefaultSecurityDescriptorTestData(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    printf("%s %s (%d)\n", __FUNCTION__, dwError ? "failed" : "succeeded", dwError);
+    return dwError;
+
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/vmdir/testing/integration_tests/acls/domainadminsrights.c b/vmdir/testing/integration_tests/acls/domainadminsrights.c
index 47a4b7e46..832843be5 100644
--- a/vmdir/testing/integration_tests/acls/domainadminsrights.c
+++ b/vmdir/testing/integration_tests/acls/domainadminsrights.c
@@ -260,7 +260,7 @@ DomainAdminShouldBeAbleToListChildObjects(
                 pState->pszBaseDN);
     TestAssertEquals(dwError, 0);
 
-    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL, NULL, NULL);
     TestAssertEquals(dwError, 0);
     return dwError;
 }
diff --git a/vmdir/testing/integration_tests/acls/domainclientsrights.c b/vmdir/testing/integration_tests/acls/domainclientsrights.c
index 94bf031fe..153693d6c 100644
--- a/vmdir/testing/integration_tests/acls/domainclientsrights.c
+++ b/vmdir/testing/integration_tests/acls/domainclientsrights.c
@@ -260,7 +260,7 @@ DomainClientsShouldBeAbleToListChildObjects(
                 pState->pszBaseDN);
     TestAssertEquals(dwError, 0);
 
-    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL, NULL, NULL);
     TestAssertEquals(dwError, 0);
     return dwError;
 }
diff --git a/vmdir/testing/integration_tests/acls/k8s_machine_act_selfservice.c b/vmdir/testing/integration_tests/acls/k8s_machine_act_selfservice.c
new file mode 100644
index 000000000..5a50b463d
--- /dev/null
+++ b/vmdir/testing/integration_tests/acls/k8s_machine_act_selfservice.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+typedef struct _VMDIR_K8S_STATE
+{
+    PSTR    pszK8sOrgUnit;
+    PSTR    pszK8sOrgUnitDN;
+    PSTR    pszK8sGroupName;
+    PSTR    pszK8sGroupNameDN;
+    PSTR    pszMachineName;
+    PSTR    pszMachineNameDN;
+    PSTR    pszMachinePassword;
+    PSTR    pszEtcdDN;
+
+} VMDIR_K8S_STATE, *PVMDIR_K8S_STATE;
+
+static
+DWORD
+_ACLOUContainer(
+    PVMDIR_TEST_STATE   pState,
+    PVMDIR_K8S_STATE    pK8s
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszACLString = NULL;
+    PSTR    pszGroupSid = NULL;
+    PSTR    pszNewACLString = NULL;
+    PSTR    ppszAttributeValues[] = { NULL, NULL };
+
+    dwError = VmDirAllocateStringPrintf(
+                &pK8s->pszK8sOrgUnitDN,
+                "%s=%s,%s=%s,%s",
+                ATTR_OU,
+                pK8s->pszK8sOrgUnit,
+                ATTR_OU,
+                VMDIR_COMPUTERS_RDN_VAL,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // ACL container
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pK8s->pszK8sOrgUnitDN,
+                LDAP_SCOPE_BASE,
+                "(objectclass=*)",
+                ATTR_ACL_STRING,
+                &pszACLString);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pK8s->pszK8sGroupNameDN,
+                LDAP_SCOPE_BASE,
+                "(objectclass=*)",
+                ATTR_OBJECT_SID,
+                &pszGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszNewACLString,
+                "%s(A;CIOI;CCDCRPWP;;;%s)",
+                pszACLString,
+                pszGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ppszAttributeValues[0] = pszNewACLString;
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pK8s->pszK8sOrgUnitDN,
+                ATTR_ACL_STRING,
+                (PCSTR*)&ppszAttributeValues);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszACLString);
+    VMDIR_SAFE_FREE_MEMORY(pszGroupSid);
+    VMDIR_SAFE_FREE_MEMORY(pszNewACLString);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+static
+DWORD
+_CleanupTestK8sMachineActSelfService(
+    PVMDIR_TEST_STATE   pState,
+    PVMDIR_K8S_STATE    pK8s
+    )
+{
+    ldap_delete_ext_s(pState->pLd, pK8s->pszEtcdDN, NULL, NULL);
+    ldap_delete_ext_s(pState->pLd, pK8s->pszMachineNameDN, NULL, NULL);
+    ldap_delete_ext_s(pState->pLd, pK8s->pszK8sOrgUnitDN, NULL, NULL);
+    ldap_delete_ext_s(pState->pLd, pK8s->pszK8sGroupNameDN, NULL, NULL);
+
+    VMDIR_SAFE_FREE_MEMORY(pK8s->pszEtcdDN);
+    VMDIR_SAFE_FREE_MEMORY(pK8s->pszK8sGroupNameDN);
+    VMDIR_SAFE_FREE_MEMORY(pK8s->pszK8sOrgUnitDN);
+    VMDIR_SAFE_FREE_MEMORY(pK8s->pszMachineNameDN);
+    VMDIR_SAFE_FREE_MEMORY(pK8s->pszMachinePassword);
+
+    return 0;
+}
+
+static
+DWORD
+_InitializeTestK8sMachineActSelfService(
+    PVMDIR_TEST_STATE   pState,
+    PVMDIR_K8S_STATE    pK8s
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszOutPassword = NULL;
+    PCSTR   pszTempGroupContainer = "users";
+
+    //pState->pfnCleanupCallback = _CleanupTestK8sMachineActSelfService;
+
+    dwError = VmDirCreateComputerAccount(
+                  pState->pszServerName,
+                  pState->pszUserName,
+                  pState->pszPassword,
+                  pK8s->pszMachineName,
+                  pK8s->pszK8sOrgUnit,
+                  &pszOutPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateGroup(
+                pState,
+                pszTempGroupContainer,
+                pK8s->pszK8sGroupName,
+                NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pK8s->pszMachineNameDN,
+                "cn=%s,%s=%s,%s=%s,%s",
+                pK8s->pszMachineName,
+                ATTR_OU,
+                pK8s->pszK8sOrgUnit,
+                ATTR_OU,
+                VMDIR_COMPUTERS_RDN_VAL,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pK8s->pszK8sGroupNameDN,
+                "cn=%s,cn=%s,%s",
+                pK8s->pszK8sGroupName,
+                pszTempGroupContainer,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroupByDn(
+                pState->pLd,
+                pK8s->pszMachineNameDN,
+                pK8s->pszK8sGroupNameDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pK8s->pszMachinePassword = pszOutPassword;
+
+cleanup:
+
+    return dwError;
+
+error:
+    VMDIR_SAFE_FREE_MEMORY(pszOutPassword);
+    goto cleanup;
+}
+
+static
+DWORD
+_TestK8sMachineActSelfService(
+    PVMDIR_TEST_STATE   pState,
+    PVMDIR_K8S_STATE    pK8s
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszOutPassword = NULL;
+    PSTR    pszEtcdCN = "ETCD-NODE";
+
+    dwError = VmDirCreateComputerAccount(
+                  pState->pszServerName,
+                  pK8s->pszMachineName,
+                  pK8s->pszMachinePassword,
+                  "ETCD-NODE",
+                  pK8s->pszK8sOrgUnit,
+                  &pszOutPassword);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pK8s->pszEtcdDN,
+                "cn=%s,%s",
+                pszEtcdCN,
+                pK8s->pszK8sOrgUnitDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszOutPassword);
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+TestK8sMachineActSelfService(
+    PVMDIR_TEST_STATE   pState
+    )
+{
+    DWORD   dwError = 0;
+    VMDIR_K8S_STATE K8sState =
+    {
+        .pszK8sOrgUnit          = "K8sOrgUnit",
+        .pszK8sOrgUnitDN        = NULL,
+        .pszK8sGroupName        = "K8sGroup",
+        .pszK8sGroupNameDN      = NULL,
+        .pszMachineNameDN       = NULL,
+        .pszMachineName         = "TestK8SMachine",
+        .pszMachinePassword     = NULL,
+        .pszEtcdDN              = NULL,
+    };
+
+    dwError = _InitializeTestK8sMachineActSelfService(pState, &K8sState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _TestK8sMachineActSelfService(pState, &K8sState);
+    if (dwError == 0) // should check LDAP_INSUFFICIENT_ACCESS?
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACL_VIOLATION);
+    }
+
+    dwError = _ACLOUContainer(pState, &K8sState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _TestK8sMachineActSelfService(pState, &K8sState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = _CleanupTestK8sMachineActSelfService(pState, &K8sState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    printf("%s %s (%d)\n", __FUNCTION__, dwError ? "failed" : "succeeded", dwError);
+    return dwError;
+
+error:
+    TestAssertEquals(dwError, 0);
+    goto cleanup;
+}
diff --git a/vmdir/testing/integration_tests/acls/legacy_access_checks.c b/vmdir/testing/integration_tests/acls/legacy_access_checks.c
index 398254660..22ac5be83 100644
--- a/vmdir/testing/integration_tests/acls/legacy_access_checks.c
+++ b/vmdir/testing/integration_tests/acls/legacy_access_checks.c
@@ -97,7 +97,7 @@ _VmDirSetSecurityDescriptors(
     dwError = VmDirTestGetParentDn(pState->pszBaseDN, &pszParentDn);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirTestGetObjectList(pState->pLd, pszParentDn, &pObjectList);
+    dwError = VmDirTestGetObjectList(pState->pLd, pszParentDn, NULL, NULL, &pObjectList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = _VmDirApplyAttributeModification(
diff --git a/vmdir/testing/integration_tests/acls/main.c b/vmdir/testing/integration_tests/acls/main.c
index 14cba8650..983a4b692 100644
--- a/vmdir/testing/integration_tests/acls/main.c
+++ b/vmdir/testing/integration_tests/acls/main.c
@@ -11,6 +11,7 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
+
 #include "includes.h"
 
 DWORD
@@ -60,8 +61,16 @@ TestRunner(
     dwError = TestProtectedEntries(pState);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = TestCustomGroups(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestK8sMachineActSelfService(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
 #if 0 // TODO
+    dwError = TestDefaultSecurityDescriptor(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     dwError = TestStandardRightsForAdminUser(pState);
     BAIL_ON_VMDIR_ERROR(dwError);
 
diff --git a/vmdir/testing/integration_tests/acls/ntsecuritydescriptor.c b/vmdir/testing/integration_tests/acls/ntsecuritydescriptor.c
index cf0645d34..05dd5289b 100644
--- a/vmdir/testing/integration_tests/acls/ntsecuritydescriptor.c
+++ b/vmdir/testing/integration_tests/acls/ntsecuritydescriptor.c
@@ -653,8 +653,8 @@ TestDomainAdminPrivileges(
     PSTR pszGroupDn = NULL;
     LDAP *pLd = NULL;
 
-    dwError = VmDirTestGetGuid(&pszUserName); // TODO -- We need to be freeing these strings.
-    TestAssert(dwError == 0); // TODO
+    dwError = VmDirTestGetGuid(&pszUserName);
+    TestAssert(dwError == 0);
 
     dwError = VmDirTestCreateUser(pState, "testcontainer", pszUserName, NULL);
     TestAssert(dwError == 0);
@@ -673,7 +673,6 @@ TestDomainAdminPrivileges(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = _VdcConnectionFromUser(pState, pszUserName, &pLd);
-    printf("connection from user returned %d\n", dwError);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 #if 0 // TODO -- This isn't returning an error for this case.
@@ -683,24 +682,21 @@ TestDomainAdminPrivileges(
 #endif
     VmDirTestLdapUnbind(pLd); pLd = NULL;
 
-    printf("Adding user %s to group %s\n", pszUserDn, pszGroupDn); // TODO
-    dwError = VmDirTestAddUserToGroup(pState, pszUserDn, pszGroupDn);
+    dwError = VmDirTestAddUserToGroupByDn(pState->pLd, pszUserDn, pszGroupDn);
     TestAssert(dwError == 0);
 
     dwError = _VdcConnectionFromUser(pState, pszUserName, &pLd); // TODO -- Why are we re-opening this connection?
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirTestGetObjectList(pLd, pState->pszBaseDN, NULL);
-    printf("ldapgetobjectlist returned %d\n", dwError); // TODO
+    dwError = VmDirTestGetObjectList(pLd, pState->pszBaseDN, NULL, NULL, NULL);
     TestAssert(dwError == 0);
     VmDirTestLdapUnbind(pLd); pLd = NULL;
 
-    dwError = VmDirTestRemoveUserFromGroup(pState, pszUserDn, pszGroupDn);
+    dwError = VmDirTestRemoveUserFromGroupByDn(pState->pLd, pszUserDn, pszGroupDn);
     TestAssert(dwError == 0);
 
 cleanup:
-    dwError = VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
-    printf("deleteuser returned %d\n", dwError); dwError = 0;
+    VmDirTestDeleteUser(pState, "testcontainer", pszUserName);
     VMDIR_SAFE_FREE_STRINGA(pszUserName);
     VMDIR_SAFE_FREE_STRINGA(pszUserDn);
     VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
@@ -717,6 +713,7 @@ TestRoundTrip(
     )
 {
     DWORD dwError = 0;
+
     //
     // First, make sure we can round-trip the current SD.
     //
diff --git a/vmdir/testing/integration_tests/acls/protected_entries.c b/vmdir/testing/integration_tests/acls/protected_entries.c
index c656c4983..9a795d938 100644
--- a/vmdir/testing/integration_tests/acls/protected_entries.c
+++ b/vmdir/testing/integration_tests/acls/protected_entries.c
@@ -27,7 +27,6 @@ TestEntriesProtectedByEid(
         "cn=attributeMetaData,cn=schemacontext",
         "cn=config",
         "cn=organization,cn=config",
-        "cn=Deleted Objects,%s",
         "cn=Administrator,cn=Users,%s"
     };
 
@@ -133,13 +132,25 @@ TestBuiltinContainerDeletion(
     PVMDIR_TEST_STATE pState
     )
 {
-    DWORD dwError = 0;
-    PSTR pszUserName = NULL;
+    DWORD   dwError = 0;
+    PSTR    pszUserName = NULL;
+    PSTR    pszDomainSid = NULL;
+    PSTR    pszSD = NULL;
 
     dwError = VmDirTestGetGuid(&pszUserName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirTestCreateUser(pState, "builtin", pszUserName, NULL);
+    // TODO
+    // By default, we do not allow deleting object under builtin container.
+    // Validate and update (or remove) this test case
+    dwError = VmDirTestGetDomainSid(pState, pState->pszBaseDN, &pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszSD, "O:BAG:BAD:(A;;RCRPWPWDSD;;;%s-500)", pszDomainSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, "builtin", pszUserName, pszSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirTestDeleteUser(pState, "builtin", pszUserName);
@@ -171,12 +182,10 @@ TestProtectedEntries(
     dwError = TestBuiltinContainerDeletion(pState);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    printf("Protected entries tests succceeded!\n");
-
 cleanup:
+    printf("%s %s (%d)\n", __FUNCTION__, dwError ? "failed" : "succeeded", dwError);
     return dwError;
 
 error:
-    printf("Security Descriptor tests failed with error 0n%d\n", dwError);
     goto cleanup;
 }
diff --git a/vmdir/testing/integration_tests/acls/prototypes.h b/vmdir/testing/integration_tests/acls/prototypes.h
index 8b88b64fe..3f9fc63c5 100644
--- a/vmdir/testing/integration_tests/acls/prototypes.h
+++ b/vmdir/testing/integration_tests/acls/prototypes.h
@@ -30,6 +30,24 @@ TestBadParameters(
     PVMDIR_TEST_STATE pState
     );
 
+// custom_groups.c
+DWORD
+TestCustomGroups(
+    PVMDIR_TEST_STATE pState
+    );
+
+// default_security_descriptor.c
+DWORD
+TestDefaultSecurityDescriptor(
+    PVMDIR_TEST_STATE pState
+    );
+
+// k8s_machine_act_selfservice.c
+DWORD
+TestK8sMachineActSelfService(
+    PVMDIR_TEST_STATE pState
+    );
+
 // domainadminsrights.c
 DWORD
 TestStandardRightsForDomainAdmin(
@@ -42,16 +60,19 @@ TestStandardRightsForDomainClients(
     PVMDIR_TEST_STATE pState
     );
 
+// ntsecuritydescriptor.c
 DWORD
 TestSecurityDescriptors(
     PVMDIR_TEST_STATE pState
     );
 
+// sddl.c
 DWORD
 TestSecurityDescriptorsSddl(
     PVMDIR_TEST_STATE pState
     );
 
+// protected_entries.c
 DWORD
 TestProtectedEntries(
     PVMDIR_TEST_STATE pState
@@ -70,7 +91,6 @@ TestLegacyAccessChecks(
     );
 
 // standard_rights.c
-
 DWORD
 TryToListChildObjects(
     PVMDIR_TEST_STATE pState,
diff --git a/vmdir/testing/integration_tests/acls/standard_operations.c b/vmdir/testing/integration_tests/acls/standard_operations.c
index 9d87fa574..54b606064 100644
--- a/vmdir/testing/integration_tests/acls/standard_operations.c
+++ b/vmdir/testing/integration_tests/acls/standard_operations.c
@@ -284,7 +284,7 @@ TryToListChildObjects(
                 pState->pszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL);
+    dwError = VmDirTestGetObjectList(pState->pLd, pszContainerDn, NULL, NULL, NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
diff --git a/vmdir/testing/integration_tests/acls/util.c b/vmdir/testing/integration_tests/acls/util.c
index c24e562a8..55ab327e2 100644
--- a/vmdir/testing/integration_tests/acls/util.c
+++ b/vmdir/testing/integration_tests/acls/util.c
@@ -231,62 +231,6 @@ _GetBuiltinGroupSid(
     goto cleanup;
 }
 
-DWORD
-VmDirTestAddUserToGroup(
-    PVMDIR_TEST_STATE pState,
-    PCSTR pszUserDn,
-    PCSTR pszGroupDn
-    )
-{
-    DWORD dwError = 0;
-    LDAPMod addition;
-    LDAPMod *mods[2];
-    PCSTR ppszAttributeValues[] = { pszUserDn, NULL };
-
-    addition.mod_op     = LDAP_MOD_ADD;
-    addition.mod_type   = ATTR_MEMBER;
-    addition.mod_values = (PSTR*)ppszAttributeValues;
-
-    mods[0] = &addition;
-    mods[1] = NULL;
-
-    dwError = ldap_modify_ext_s(pState->pLd, pszGroupDn, mods, NULL, NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-error:
-    goto cleanup;
-}
-
-DWORD
-VmDirTestRemoveUserFromGroup(
-    PVMDIR_TEST_STATE pState,
-    PCSTR pszUserDn,
-    PCSTR pszGroupDn
-    )
-{
-    DWORD dwError = 0;
-    LDAPMod addition;
-    LDAPMod *mods[2];
-    PCSTR ppszAttributeValues[] = { pszUserDn, NULL };
-
-    addition.mod_op     = LDAP_MOD_DELETE;
-    addition.mod_type   = ATTR_MEMBER;
-    addition.mod_values = (PSTR*)ppszAttributeValues;
-
-    mods[0] = &addition;
-    mods[1] = NULL;
-
-    dwError = ldap_modify_ext_s(pState->pLd, pszGroupDn, mods, NULL, NULL);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    return dwError;
-error:
-    goto cleanup;
-}
-
 DWORD
 _VdcConnectionFromUser(
     PVMDIR_TEST_STATE pState,
diff --git a/vmdir/testing/integration_tests/misc/Makefile.am b/vmdir/testing/integration_tests/misc/Makefile.am
index 801566dca..b07173edf 100644
--- a/vmdir/testing/integration_tests/misc/Makefile.am
+++ b/vmdir/testing/integration_tests/misc/Makefile.am
@@ -1,8 +1,8 @@
 lib_LTLIBRARIES = libmisctests.la
 
 libmisctests_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
@@ -10,10 +10,11 @@ libmisctests_la_CPPFLAGS = \
 libmisctests_la_SOURCES = \
     main.c \
     dcaccount.c \
+    groupmembership.c \
     tombstone.c
 
 libmisctests_la_LIBADD = \
-    @top_builddir@/testing/test_lib/libvmdirtesting.la \
+    @top_builddir@/vmdir/testing/test_lib/libvmdirtesting.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -29,7 +30,7 @@ libmisctests_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libmisctests_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/testing/integration_tests/misc/libmisctests.exp \
+    -export-symbols @top_srcdir@/vmdir/testing/integration_tests/misc/libmisctests.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/testing/integration_tests/misc/groupmembership.c b/vmdir/testing/integration_tests/misc/groupmembership.c
new file mode 100644
index 000000000..e76f2ab25
--- /dev/null
+++ b/vmdir/testing/integration_tests/misc/groupmembership.c
@@ -0,0 +1,394 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include "includes.h"
+
+PCSTR ppszGroups[] =
+{
+    "GroupTestGroup1",
+    "GroupTestGroup2",
+};
+
+
+BOOLEAN
+VmDirStringListContainsEx(
+    PVMDIR_STRING_LIST pvsList,
+    PCSTR pszString,
+    BOOLEAN bCaseSensitive
+    )
+{
+    DWORD dwIndex = 0;
+    BOOLEAN bFound = FALSE;
+
+    for (dwIndex = 0; dwIndex < pvsList->dwCount; ++dwIndex)
+    {
+        if (VmDirStringCompareA(pszString, pvsList->pStringList[dwIndex], bCaseSensitive) == 0)
+        {
+            bFound = TRUE;
+            break;
+        }
+    }
+
+    return bFound;
+}
+
+BOOLEAN
+VmDirStringListEqualsNoOrder(
+    PVMDIR_STRING_LIST pStringListLHS,
+    PVMDIR_STRING_LIST pStringListRHS,
+    BOOLEAN bCaseSensitive
+    )
+{
+    DWORD dwMatching = 0;
+    DWORD dwIndex = 0;
+
+    if (pStringListLHS->dwCount != pStringListRHS->dwCount)
+    {
+        return FALSE;
+    }
+
+    for (dwIndex = 0; dwIndex < pStringListLHS->dwCount; ++dwIndex)
+    {
+        if (VmDirStringListContainsEx(pStringListLHS, pStringListRHS->pStringList[dwIndex], bCaseSensitive))
+        {
+            dwMatching++;
+        }
+    }
+
+    return (dwMatching == pStringListLHS->dwCount);
+}
+
+//
+// Give the limited user delete access to the user.
+//
+DWORD
+TestModifyUserAcl(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserDN,
+    PCSTR pszPermission
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszSddlString = NULL;
+    PSTR pszNewSddlString = NULL;
+    PSTR pszLimitedUserSid = NULL;
+    PSTR ppszAttributeValues[] = { NULL, NULL };
+
+    dwError = VmDirTestGetAttributeValueString(
+                pState->pLd,
+                pszUserDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                ATTR_ACL_STRING,
+                &pszSddlString);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetUserSid(pState, VmDirTestGetInternalUserCn(pState), NULL, &pszLimitedUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszNewSddlString,
+                "%s(A;;%s;;;%s)",
+                pszSddlString,
+                pszPermission,
+                pszLimitedUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    ppszAttributeValues[0] = pszNewSddlString;
+    dwError = VmDirTestReplaceAttributeValues(
+                pState->pLd,
+                pszUserDN,
+                ATTR_ACL_STRING,
+                (PCSTR*)ppszAttributeValues);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszSddlString);
+    VMDIR_SAFE_FREE_STRINGA(pszNewSddlString);
+    VMDIR_SAFE_FREE_STRINGA(pszLimitedUserSid);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestCreateGroups(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST *ppvslGroupDNs
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pvslGroups = NULL;
+    PSTR pszGroupDN = NULL;
+
+    dwError = VmDirStringListInitialize(&pvslGroups, VMDIR_ARRAY_SIZE(ppszGroups));
+    BAIL_ON_VMDIR_ERROR(dwError)
+
+    for (dwIndex = 0; dwIndex < VMDIR_ARRAY_SIZE(ppszGroups); ++dwIndex)
+    {
+        dwError = VmDirAllocateStringPrintf(
+                    &pszGroupDN,
+                    "cn=%s,cn=%s,%s",
+                    ppszGroups[dwIndex],
+                    pState->pszTestContainerName,
+                    pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError = VmDirStringListAdd(pvslGroups, pszGroupDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszGroupDN = NULL;
+
+        dwError = VmDirTestCreateGroup(pState, pState->pszTestContainerName, ppszGroups[dwIndex], NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    *ppvslGroupDNs = pvslGroups;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDN);
+    return dwError;
+error:
+    VmDirStringListFree(pvslGroups);
+    goto cleanup;
+}
+
+DWORD
+TestCleanupGroups(
+    PVMDIR_TEST_STATE pState,
+    PVMDIR_STRING_LIST pvslGroupDNs
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwIndex = 0;
+
+    for (dwIndex = 0; dwIndex < pvslGroupDNs->dwCount; ++dwIndex)
+    {
+        dwError = ldap_delete_ext_s(pState->pLd, pvslGroupDNs->pStringList[dwIndex], NULL, NULL);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestAddingUserToGroups(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserDN,
+    PVMDIR_STRING_LIST pvslGroupDNs
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pvsUsersGroups = NULL;
+    BOOLEAN bIsListEqual = FALSE;
+
+    for (dwIndex = 0; dwIndex < pvslGroupDNs->dwCount; ++dwIndex)
+    {
+        dwError = VmDirTestAddUserToGroupByDn(
+                    pState->pLd,
+                    pszUserDN,
+                    pvslGroupDNs->pStringList[dwIndex]);
+    }
+
+    dwError = VmDirTestListUsersGroups(pState->pLd, pszUserDN, &pvsUsersGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    bIsListEqual = VmDirStringListEqualsNoOrder(pvsUsersGroups, pvslGroupDNs, FALSE);
+    TestAssert(bIsListEqual);
+
+cleanup:
+    VmDirStringListFree(pvsUsersGroups);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestExplicitlyRemovingUserFromGroups(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserDN,
+    PVMDIR_STRING_LIST pvslGroupDNs
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pvsUsersGroups = NULL;
+
+    for (dwIndex = 0; dwIndex < pvslGroupDNs->dwCount; ++dwIndex)
+    {
+        //
+        // We neeed to have the write-property privilege to remove the user from
+        // a group.
+        //
+        dwError = TestModifyUserAcl(pState, pvslGroupDNs->pStringList[dwIndex], "WP");
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        dwError  = VmDirTestRemoveUserFromGroupByDn(
+                    pState->pLdLimited,
+                    pszUserDN,
+                    pvslGroupDNs->pStringList[dwIndex]);
+        TestAssertEquals(dwError, 0);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirTestListUsersGroups(pState->pLd, pszUserDN, &pvsUsersGroups);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    TestAssert(pvsUsersGroups->dwCount == 0);
+
+cleanup:
+    VmDirStringListFree(pvsUsersGroups);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD TestImplicitlyRemovingUserFromGroups(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserDN,
+    PVMDIR_STRING_LIST pvslGroupDNs
+    )
+{
+    DWORD dwError = 0;
+    BOOLEAN bIsMember = FALSE;
+    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pvsGroupMembers = NULL;
+
+    dwError = ldap_delete_ext_s(pState->pLdLimited, pszUserDN, NULL, NULL);
+    TestAssertEquals(dwError, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    for (dwIndex = 0; dwIndex < pvslGroupDNs->dwCount; ++dwIndex)
+    {
+        dwError = VmDirTestListGroupMembers(
+                    pState->pLd,
+                    pvslGroupDNs->pStringList[dwIndex],
+                    &pvsGroupMembers);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        bIsMember = VmDirStringListContainsEx(pvsGroupMembers, pszUserDN, FALSE);
+        TestAssert(!bIsMember);
+        VmDirStringListFree(pvsGroupMembers);
+        pvsGroupMembers = NULL;
+    }
+
+cleanup:
+    VmDirStringListFree(pvsGroupMembers);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+TestDeletionFailureDoesntTouchGroups(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszUserDN,
+    PVMDIR_STRING_LIST pvslGroupDNs
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pvsUsersGroups = NULL;
+    BOOLEAN bEquals = FALSE;
+
+    dwError = ldap_delete_ext_s(pState->pLdLimited, pszUserDN, NULL, NULL);
+    TestAssertEquals(dwError, LDAP_INSUFFICIENT_ACCESS);
+
+    dwError = VmDirTestListUsersGroups(pState->pLd, pszUserDN, &pvsUsersGroups);
+    TestAssertEquals(dwError, VMDIR_SUCCESS);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    bEquals = VmDirStringListEqualsNoOrder(pvsUsersGroups, pvslGroupDNs, FALSE);
+    TestAssert(bEquals);
+
+cleanup:
+    VmDirStringListFree(pvsUsersGroups);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+//
+// Verify that a user can be:
+// (1) Added to groups
+// (2) If we try to delete a user that we don't have permission to delete
+//     the user's group membership is untouched.
+// (3) Explicitly removed from groups
+// (4) When a user is deleted they're properly removed from their groups.
+//
+DWORD
+TestGroupMembership(
+    PVMDIR_TEST_STATE pState
+    )
+{
+    DWORD dwError = 0;
+    PVMDIR_STRING_LIST pvslGroupDNs = NULL;
+    PSTR pszUserName = NULL;
+    PSTR pszUserDN = NULL;
+
+    dwError = VmDirTestGetGuid(&pszUserName);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateUser(pState, pState->pszTestContainerName, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDN,
+                "cn=%s,cn=%s,%s",
+                pszUserName,
+                pState->pszTestContainerName,
+                pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCreateGroups(pState, &pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestAddingUserToGroups(pState, pszUserDN, pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestDeletionFailureDoesntTouchGroups(pState, pszUserDN, pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestModifyUserAcl(pState, pszUserDN, "SD");
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestImplicitlyRemovingUserFromGroups(pState, pszUserDN, pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    //
+    // TestImplicitlyRemovingUserFromGroups deletes the user so we have to
+    // re-create it and re-add it to the groups.
+    //
+    dwError = VmDirTestCreateUser(pState, pState->pszTestContainerName, pszUserName, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    dwError = TestAddingUserToGroups(pState, pszUserDN, pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestExplicitlyRemovingUserFromGroups(pState, pszUserDN, pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = TestCleanupGroups(pState, pvslGroupDNs);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VMDIR_SAFE_FREE_STRINGA(pszUserDN);
+    VmDirStringListFree(pvslGroupDNs);
+    return dwError;
+error:
+    goto cleanup;
+}
diff --git a/vmdir/testing/integration_tests/misc/main.c b/vmdir/testing/integration_tests/misc/main.c
index edb921d38..ea4e50503 100644
--- a/vmdir/testing/integration_tests/misc/main.c
+++ b/vmdir/testing/integration_tests/misc/main.c
@@ -43,6 +43,9 @@ TestRunner(
     dwError = TestTombstone(pState);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+    dwError = TestGroupMembership(pState);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     printf("Miscellaneous tests completed successfully.\n");
 
 cleanup:
diff --git a/vmdir/testing/integration_tests/misc/prototypes.h b/vmdir/testing/integration_tests/misc/prototypes.h
index 3868dc617..bc861a391 100644
--- a/vmdir/testing/integration_tests/misc/prototypes.h
+++ b/vmdir/testing/integration_tests/misc/prototypes.h
@@ -21,3 +21,8 @@ DWORD
 TestTombstone(
     PVMDIR_TEST_STATE pState
     );
+
+DWORD
+TestGroupMembership(
+    PVMDIR_TEST_STATE pState
+    );
diff --git a/vmdir/testing/integration_tests/multitenancy/Makefile.am b/vmdir/testing/integration_tests/multitenancy/Makefile.am
index 8e0f7b96e..eb708bafb 100644
--- a/vmdir/testing/integration_tests/multitenancy/Makefile.am
+++ b/vmdir/testing/integration_tests/multitenancy/Makefile.am
@@ -1,8 +1,8 @@
 lib_LTLIBRARIES = libmultitenancytests.la
 
 libmultitenancytests_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
@@ -13,7 +13,7 @@ libmultitenancytests_la_SOURCES = \
     permissions.c
 
 libmultitenancytests_la_LIBADD = \
-    @top_builddir@/testing/test_lib/libvmdirtesting.la \
+    @top_builddir@/vmdir/testing/test_lib/libvmdirtesting.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -29,7 +29,7 @@ libmultitenancytests_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libmultitenancytests_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/testing/integration_tests/multitenancy/libmultitenancytests.exp \
+    -export-symbols @top_srcdir@/vmdir/testing/integration_tests/multitenancy/libmultitenancytests.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/testing/integration_tests/multitenancy/apis.c b/vmdir/testing/integration_tests/multitenancy/apis.c
index 7f1c3b6f3..9e7e82a3f 100644
--- a/vmdir/testing/integration_tests/multitenancy/apis.c
+++ b/vmdir/testing/integration_tests/multitenancy/apis.c
@@ -84,6 +84,83 @@ SanityCheckTenantDomain(
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszUserDn);
     VMDIR_SAFE_FREE_STRINGA(pszUserSid);
+    VMDIR_SAFE_LDAP_UNBIND(pLd);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+//
+// Test System Domain Administrator Permission in Tenant tree
+// 1. It can read tenant top tree DC entry
+// 2. It can not create object/container in tenant tree
+// 3. It can not read object/container created by tenant admin in tenant tree
+//
+DWORD
+TestSystemAdminTenantTreePermission(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszTenantName, // "foo.bar"
+    PCSTR pszTenantDn // dc=foo,dc=bar
+    )
+{
+    DWORD dwError = 0;
+    LDAP *pLd = NULL;
+    PSTR pszUserDn = NULL;
+    PSTR pszContainerDn = NULL;
+
+    dwError = _VmDirTestAdminConnectionFromDomain(pState, pszTenantName, &pLd);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszUserDn,
+                "cn=test-user-1-cn,%s",
+                pszTenantDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszContainerDn,
+                "cn=test-container-1-cn,%s",
+                pszTenantDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // use system domain admin cred
+    dwError = VmDirTestCreateSimpleUser(pState->pLd, "cn=test-user-1-cn", pszUserDn);
+    if (dwError != LDAP_INSUFFICIENT_ACCESS)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACL_VIOLATION);
+    }
+    dwError = 0;
+
+    dwError = VmDirTestCreateSimpleContainer(pState->pLd, "cn=test-container-1-cn", pszContainerDn);
+    if (dwError != LDAP_INSUFFICIENT_ACCESS)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACL_VIOLATION);
+    }
+    dwError = 0;
+
+    // use tenant domain admin cred
+    dwError = VmDirTestCreateSimpleUser(pLd, "cn=test-user-1-cn", pszUserDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestCreateSimpleContainer(pLd, "cn=test-container-1-cn", pszContainerDn);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // system domain admin could not read created user/container
+    if (VmDirTestCanReadSingleEntry(pState->pLd, pszUserDn) == TRUE)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACL_VIOLATION);
+    }
+
+    if (VmDirTestCanReadSingleEntry(pState->pLd, pszContainerDn) == TRUE)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACL_VIOLATION);
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserDn);
+    VMDIR_SAFE_FREE_STRINGA(pszContainerDn);
+
+    VMDIR_SAFE_LDAP_UNBIND(pLd);
     return dwError;
 error:
     goto cleanup;
@@ -97,42 +174,48 @@ ShouldBeAbleToCreateTenants(
     DWORD dwError = 0;
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "secondary.local",
                 "administrator",
                 pState->pszPassword);
+    TestAssertEquals(dwError, 0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = SanityCheckTenantDomain(pState, "secondary.local", "dc=secondary,dc=local");
     TestAssertEquals(dwError, 0);
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "tertiary.com",
                 "administrator",
                 pState->pszPassword);
+    TestAssertEquals(dwError, 0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = SanityCheckTenantDomain(pState, "tertiary.com", "dc=tertiary,dc=com");
     TestAssertEquals(dwError, 0);
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "quad.com",
                 "administrator",
                 pState->pszPassword);
+    TestAssertEquals(dwError, 0);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = SanityCheckTenantDomain(pState, "quad.com", "dc=quad,dc=com");
     TestAssertEquals(dwError, 0);
 
+    dwError = TestSystemAdminTenantTreePermission(pState, "quad.com", "dc=quad,dc=com");
+    TestAssertEquals(dwError, 0);
+
 cleanup:
     return dwError;
 error:
-    TestAssert(dwError == 0);
+    TestAssertEquals(dwError, 0);
     goto cleanup;
 }
 
@@ -144,7 +227,7 @@ ShouldNotBeAbleToCreateTenantsOfACertainLength(
     DWORD dwError = 0;
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "marketing.pepsi.com",
                 "administrator",
@@ -168,7 +251,7 @@ ShouldBeAbleToEnumerateTenants(
     DWORD dwTenantCount = 0;
 
     dwError = VmDirEnumerateTenants(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 &ppszTenants,
                 &dwTenantCount);
@@ -191,19 +274,19 @@ ShouldBeAbleToDeleteTenants(
     DWORD dwError = 0;
 
     dwError = VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "secondary.local");
     TestAssertEquals(dwError, 0);
 
     dwError = VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "tertiary.com");
     TestAssertEquals(dwError, 0);
 
     dwError = VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "quad.com");
     TestAssertEquals(dwError, 0);
@@ -223,37 +306,37 @@ NullParametersShouldFail(
     dwError = VmDirCreateTenant(NULL, pState->pszPassword, "domain.com", "administrator", pState->pszPassword);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirCreateTenant(pState->pszUserName, NULL, "domain.com", "administrator", pState->pszPassword);
+    dwError = VmDirCreateTenant(pState->pszUserUPN, NULL, "domain.com", "administrator", pState->pszPassword);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirCreateTenant(pState->pszUserName, pState->pszPassword, NULL, "administrator", pState->pszPassword);
+    dwError = VmDirCreateTenant(pState->pszUserUPN, pState->pszPassword, NULL, "administrator", pState->pszPassword);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirCreateTenant(pState->pszUserName, pState->pszPassword, "domain.com", NULL, pState->pszPassword);
+    dwError = VmDirCreateTenant(pState->pszUserUPN, pState->pszPassword, "domain.com", NULL, pState->pszPassword);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirCreateTenant(pState->pszUserName, pState->pszPassword, "domain.com", "administrator", NULL);
+    dwError = VmDirCreateTenant(pState->pszUserUPN, pState->pszPassword, "domain.com", "administrator", NULL);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
     dwError = VmDirDeleteTenant(NULL, pState->pszPassword, "domain.com");
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirDeleteTenant(pState->pszUserName, NULL, "domain.com");
+    dwError = VmDirDeleteTenant(pState->pszUserUPN, NULL, "domain.com");
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirDeleteTenant(pState->pszUserName, pState->pszPassword, NULL);
+    dwError = VmDirDeleteTenant(pState->pszUserUPN, pState->pszPassword, NULL);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
     dwError = VmDirEnumerateTenants(NULL, pState->pszPassword, &ppszTenants, &dwTenantCount);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirEnumerateTenants(pState->pszUserName, NULL, &ppszTenants, &dwTenantCount);
+    dwError = VmDirEnumerateTenants(pState->pszUserUPN, NULL, &ppszTenants, &dwTenantCount);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirEnumerateTenants(pState->pszUserName, pState->pszPassword, NULL, &dwTenantCount);
+    dwError = VmDirEnumerateTenants(pState->pszUserUPN, pState->pszPassword, NULL, &dwTenantCount);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 
-    dwError = VmDirEnumerateTenants(pState->pszUserName, pState->pszPassword, &ppszTenants, NULL);
+    dwError = VmDirEnumerateTenants(pState->pszUserUPN, pState->pszPassword, &ppszTenants, NULL);
     TestAssertEquals(dwError, VMDIR_ERROR_INVALID_PARAMETER);
 }
 
@@ -269,18 +352,18 @@ InvalidCredentialsShouldFail(
     dwError = VmDirCreateTenant("no_such_user@vsphere.local", pState->pszPassword, "domain.com", "administrator", pState->pszPassword);
     TestAssertEquals(dwError, VMDIR_ERROR_ENTRY_NOT_FOUND);
 
-    dwError = VmDirCreateTenant(pState->pszUserName, "not the password", "domain.com", "administrator", pState->pszPassword);
+    dwError = VmDirCreateTenant(pState->pszUserUPN, "not the password", "domain.com", "administrator", pState->pszPassword);
     TestAssertEquals(dwError, VMDIR_ERROR_USER_INVALID_CREDENTIAL);
 
     dwError = VmDirDeleteTenant("no_such_user@vsphere.local", pState->pszPassword, "domaintodelete.com");
     TestAssertEquals(dwError, VMDIR_ERROR_ENTRY_NOT_FOUND);
 
-    dwError = VmDirDeleteTenant(pState->pszUserName, "not the password", "domaintodelete.com");
+    dwError = VmDirDeleteTenant(pState->pszUserUPN, "not the password", "domaintodelete.com");
     TestAssertEquals(dwError, VMDIR_ERROR_USER_INVALID_CREDENTIAL);
 
     dwError = VmDirEnumerateTenants("no_such_user@vsphere.local", pState->pszPassword, &ppszTenants, &dwTenantCount);
     TestAssertEquals(dwError, VMDIR_ERROR_ENTRY_NOT_FOUND);
 
-    dwError = VmDirEnumerateTenants(pState->pszUserName, "not the password", &ppszTenants, &dwTenantCount);
+    dwError = VmDirEnumerateTenants(pState->pszUserUPN, "not the password", &ppszTenants, &dwTenantCount);
     TestAssertEquals(dwError, VMDIR_ERROR_USER_INVALID_CREDENTIAL);
 }
diff --git a/vmdir/testing/integration_tests/multitenancy/main.c b/vmdir/testing/integration_tests/multitenancy/main.c
index d864aaa8c..353363b00 100644
--- a/vmdir/testing/integration_tests/multitenancy/main.c
+++ b/vmdir/testing/integration_tests/multitenancy/main.c
@@ -27,32 +27,32 @@ TestCleanup(
     )
 {
     (VOID)VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "secondary.local");
 
     (VOID)VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "tertiary.com");
 
     (VOID)VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "quad.com");
 
     (VOID)VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "testing.local");
 
     (VOID)VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "customer.com");
 
     (VOID)VmDirDeleteTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "foobar.net");
 
diff --git a/vmdir/testing/integration_tests/multitenancy/permissions.c b/vmdir/testing/integration_tests/multitenancy/permissions.c
index 1c6610b6c..ac127803d 100644
--- a/vmdir/testing/integration_tests/multitenancy/permissions.c
+++ b/vmdir/testing/integration_tests/multitenancy/permissions.c
@@ -24,10 +24,7 @@ _VmDirTestRecursiveDeleteContainer(
     DWORD dwIndex = 0;
     PVMDIR_STRING_LIST pObjectList;
 
-    dwError = VmDirTestGetObjectList(
-                pLd,
-                pszContainerDn,
-                &pObjectList);
+    dwError = VmDirTestGetObjectList(pLd, pszContainerDn, NULL, NULL, &pObjectList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     for (dwIndex = 0; dwIndex < pObjectList->dwCount; ++dwIndex)
@@ -355,7 +352,7 @@ TestMultiTenancyPermissions(
     LDAP *pLdFoobarDotNet = NULL;
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "testing.local",
                 "administrator",
@@ -363,7 +360,7 @@ TestMultiTenancyPermissions(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "customer.com",
                 "administrator",
@@ -371,7 +368,7 @@ TestMultiTenancyPermissions(
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirCreateTenant(
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword,
                 "foobar.net",
                 "administrator",
@@ -412,9 +409,9 @@ TestMultiTenancyPermissions(
     CrossTenancyDeletionsShouldFail(pState);
 
 cleanup:
-    VmDirDeleteTenant(pState->pszUserName, pState->pszPassword, "testing.local");
-    VmDirDeleteTenant(pState->pszUserName, pState->pszPassword, "customer.com");
-    VmDirDeleteTenant(pState->pszUserName, pState->pszPassword, "foobar.net");
+    VmDirDeleteTenant(pState->pszUserUPN, pState->pszPassword, "testing.local");
+    VmDirDeleteTenant(pState->pszUserUPN, pState->pszPassword, "customer.com");
+    VmDirDeleteTenant(pState->pszUserUPN, pState->pszPassword, "foobar.net");
 
     VmDirTestLdapUnbind(pLdTestingDotLocal);
     VmDirTestLdapUnbind(pLdCustomerDotCom);
diff --git a/vmdir/testing/integration_tests/passwordapis/Makefile.am b/vmdir/testing/integration_tests/passwordapis/Makefile.am
index 72e87e325..5387d6926 100644
--- a/vmdir/testing/integration_tests/passwordapis/Makefile.am
+++ b/vmdir/testing/integration_tests/passwordapis/Makefile.am
@@ -1,8 +1,8 @@
 lib_LTLIBRARIES = libpasswordapistests.la
 
 libpasswordapistests_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
@@ -13,7 +13,7 @@ libpasswordapistests_la_SOURCES = \
     main.c
 
 libpasswordapistests_la_LIBADD = \
-    @top_builddir@/testing/test_lib/libvmdirtesting.la \
+    @top_builddir@/vmdir/testing/test_lib/libvmdirtesting.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -29,7 +29,7 @@ libpasswordapistests_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libpasswordapistests_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/testing/integration_tests/passwordapis/libpasswordapistests.exp \
+    -export-symbols @top_srcdir@/vmdir/testing/integration_tests/passwordapis/libpasswordapistests.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/testing/integration_tests/search/Makefile.am b/vmdir/testing/integration_tests/search/Makefile.am
index 970ef1f6b..b27b67b5e 100644
--- a/vmdir/testing/integration_tests/search/Makefile.am
+++ b/vmdir/testing/integration_tests/search/Makefile.am
@@ -1,8 +1,8 @@
 lib_LTLIBRARIES = libsearchtests.la
 
 libsearchtests_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
@@ -13,7 +13,7 @@ libsearchtests_la_SOURCES = \
     pagedsearch.c
 
 libsearchtests_la_LIBADD = \
-    @top_builddir@/testing/test_lib/libvmdirtesting.la \
+    @top_builddir@/vmdir/testing/test_lib/libvmdirtesting.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -29,7 +29,7 @@ libsearchtests_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libsearchtests_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/testing/integration_tests/search/libsearchtests.exp \
+    -export-symbols @top_srcdir@/vmdir/testing/integration_tests/search/libsearchtests.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/testing/kerberos/Makefile.am b/vmdir/testing/kerberos/Makefile.am
index 84cc6318c..d87a09272 100644
--- a/vmdir/testing/kerberos/Makefile.am
+++ b/vmdir/testing/kerberos/Makefile.am
@@ -5,21 +5,22 @@ krb5keys_test_SOURCES = \
     krb5keys-test.c
 
 krb5keys_test_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server \
-    -I$(top_srcdir)/server/tools \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server \
+    -I$(top_srcdir)/vmdir/server/tools \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 krb5keys_test_LDADD = \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
+    $(top_builddir)/vmdir/server/common/libsrvcommon.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/asn1/libasn1db.la \
+    $(top_builddir)/vmdir/thirdparty/heimdal/asn1/libasn1.la \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @LWBASE_LIBS@ \
diff --git a/vmdir/testing/query/Makefile.am b/vmdir/testing/query/Makefile.am
index 9f65d5523..bcf9e3db8 100644
--- a/vmdir/testing/query/Makefile.am
+++ b/vmdir/testing/query/Makefile.am
@@ -5,14 +5,14 @@ vmdir_test_query_SOURCES = \
     main.c
 
 vmdir_test_query_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     -DLDAP_DEPRECATED=1 \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmdir_test_query_LDADD = \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     @LWBASE_LIBS@ \
     @LDAP_LIBS@ \
     @LBER_LIBS@ \
diff --git a/vmdir/testing/test_lib/Makefile.am b/vmdir/testing/test_lib/Makefile.am
index 07d584f1a..ff00a4396 100644
--- a/vmdir/testing/test_lib/Makefile.am
+++ b/vmdir/testing/test_lib/Makefile.am
@@ -9,13 +9,13 @@ libvmdirtesting_la_SOURCES = \
     user.c
 
 libvmdirtesting_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
 libvmdirtesting_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
+    @top_builddir@/vmdir/common/libcommon.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
diff --git a/vmdir/testing/test_lib/ldap.c b/vmdir/testing/test_lib/ldap.c
index 15f17c099..f9ef6952b 100644
--- a/vmdir/testing/test_lib/ldap.c
+++ b/vmdir/testing/test_lib/ldap.c
@@ -67,7 +67,7 @@ VmDirTestGetAttributeValueString(
                 pLd,
                 pBase,
                 ldapScope,
-                pszFilter ? pszFilter : "",
+                pszFilter,
                 (PSTR*)ppszAttrs,
                 0,
                 NULL,
@@ -251,14 +251,16 @@ VmDirTestLdapUnbind(
 //
 DWORD
 VmDirTestGetObjectList(
-    LDAP *pLd,
-    PCSTR pszDn,
-    PVMDIR_STRING_LIST *ppObjectList /* OPTIONAL */
+    LDAP*               pLd,
+    PCSTR               pszDn,
+    PCSTR               pszFilter,      /* OPTIONAL */
+    PCSTR               pszAttr,        /* OPTIONAL */
+    PVMDIR_STRING_LIST* ppObjectList    /* OPTIONAL */
     )
 {
-    DWORD dwError = 0;
-    DWORD dwObjectCount = 0;
-    PCSTR ppszAttrs[] = {NULL};
+    DWORD   dwError = 0;
+    DWORD   dwObjectCount = 0;
+    PSTR    pszAttrs[] = { (PSTR)pszAttr, NULL };
     LDAPMessage *pResult = NULL;
     PVMDIR_STRING_LIST pObjectList = NULL;
 
@@ -266,8 +268,8 @@ VmDirTestGetObjectList(
                 pLd,
                 pszDn,
                 LDAP_SCOPE_SUBTREE,
-                "(objectClass=*)",
-                (PSTR*)ppszAttrs,
+                pszFilter,
+                pszAttrs,
                 0,
                 NULL,
                 NULL,
@@ -280,18 +282,21 @@ VmDirTestGetObjectList(
     {
         dwObjectCount = ldap_count_entries(pLd, pResult);
         dwError = VmDirStringListInitialize(&pObjectList, dwObjectCount);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
         if (dwObjectCount > 0)
         {
             LDAPMessage* pEntry = ldap_first_entry(pLd, pResult);
 
-            //
-            // Grab the next entry. The first one will be the base DN itself.
-            //
-            pEntry = ldap_next_entry(pLd, pEntry);
             for (; pEntry != NULL; pEntry = ldap_next_entry(pLd, pEntry))
             {
-                dwError = VmDirStringListAddStrClone(ldap_get_dn(pLd, pEntry), pObjectList);
-                BAIL_ON_VMDIR_ERROR(dwError);
+                PCSTR pszObjDn = ldap_get_dn(pLd, pEntry);
+                // skip the root entry
+                if (VmDirStringCompareA(pszDn, pszObjDn, FALSE))
+                {
+                    dwError = VmDirStringListAddStrClone(ldap_get_dn(pLd, pEntry), pObjectList);
+                    BAIL_ON_VMDIR_ERROR(dwError);
+                }
             }
         }
 
@@ -346,29 +351,26 @@ VmDirTestConnectionFromUser(
 }
 
 DWORD
-VmDirTestDeleteContainer(
+VmDirTestDeleteContainerByDn(
     LDAP *pLd,
     PCSTR pszContainerDn
     )
 {
     DWORD dwError = 0;
     DWORD dwIndex = 0;
-    PVMDIR_STRING_LIST pObjectList;
+    PVMDIR_STRING_LIST pObjectList = NULL;
 
-    dwError = VmDirTestGetObjectList(
-                pLd,
-                pszContainerDn,
-                &pObjectList);
+    dwError = VmDirTestGetObjectList(pLd, pszContainerDn, NULL, NULL, &pObjectList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     for (dwIndex = 0; dwIndex < pObjectList->dwCount; ++dwIndex)
     {
-        dwError = ldap_delete_ext_s(pLd, pObjectList->pStringList[dwIndex], NULL, NULL);
+        dwError = ldap_delete_ext_s(
+                pLd, pObjectList->pStringList[dwIndex], NULL, NULL);
         if (dwError == LDAP_NOT_ALLOWED_ON_NONLEAF)
         {
-            dwError = VmDirTestDeleteContainer(
-                        pLd,
-                        pObjectList->pStringList[dwIndex]);
+            dwError = VmDirTestDeleteContainerByDn(
+                    pLd, pObjectList->pStringList[dwIndex]);
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
@@ -377,7 +379,108 @@ VmDirTestDeleteContainer(
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
+    VmDirStringListFree(pObjectList);
     return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateSimpleUser(
+    LDAP *pLd,
+    PCSTR pszCN,
+    PCSTR pszUserDN
+    )
+{
+    DWORD       dwError = 0;
+
+    PCSTR       valsCn[] = {pszCN, NULL};
+    PCSTR       valsClass[] = {OC_USER, NULL};
+
+    LDAPMod     mod[2]={
+                            {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+                            {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}
+                       };
+    LDAPMod*    attrs[] = {&mod[0], &mod[1], NULL};
+
+    dwError = ldap_add_ext_s(pLd, pszUserDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateSimpleContainer(
+    LDAP *pLd,
+    PCSTR pszCN,
+    PCSTR pszContainerDN
+    )
+{
+    DWORD       dwError = 0;
+
+    PCSTR       valsCn[] = {pszCN, NULL};
+    PCSTR       valsClass[] = {OC_CONTAINER, NULL};
+
+    LDAPMod     mod[2]={
+                            {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+                            {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}}
+                       };
+    LDAPMod*    attrs[] = {&mod[0], &mod[1], NULL};
+
+    dwError = ldap_add_ext_s(pLd, pszContainerDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+BOOLEAN
+VmDirTestCanReadSingleEntry(
+    LDAP* pLd,
+    PCSTR pszBaseDn
+    )
+{
+    DWORD   dwError = 0;
+    LDAPMessage* pResult = NULL;
+    BOOLEAN bRtn = FALSE;
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszBaseDn,
+                LDAP_SCOPE_BASE,
+                NULL,
+                NULL,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (ldap_count_entries(pLd, pResult) == 1)
+    {
+        bRtn = TRUE;
+    }
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    return bRtn;
+
 error:
     goto cleanup;
 }
diff --git a/vmdir/testing/test_lib/misc.c b/vmdir/testing/test_lib/misc.c
index 66a13d1eb..e278c39dd 100644
--- a/vmdir/testing/test_lib/misc.c
+++ b/vmdir/testing/test_lib/misc.c
@@ -102,23 +102,59 @@ VmDirTestCreateObject(
     LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
 
     dwError = VmDirAllocateStringPrintf(
-                &pszDN,
-                "cn=%s,cn=%s,cn=%s,%s",
-                pszClassName,
-                pszContainer,
-                VmDirTestGetTestContainerCn(pState),
-                pState->pszBaseDN);
+            &pszDN,
+            "cn=%s,cn=%s,cn=%s,%s",
+            pszClassName,
+            pszContainer,
+            VmDirTestGetTestContainerCn(pState),
+            pState->pszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = ldap_add_ext_s(
-                pState->pLd,
-                pszDN,
-                attrs,
-                NULL,
-                NULL);
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateObjectByDNPrefix(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszDNPrefix,
+    PCSTR               pszClassName
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszCN = NULL;
+    PSTR    pszDN = NULL;
+    PSTR    valsCn[] = { NULL, NULL };
+    PSTR    valsClass[] = { NULL, NULL };
+    LDAPMod mod[]=
+    {
+            { LDAP_MOD_ADD, ATTR_CN, { valsCn } },
+            { LDAP_MOD_ADD, ATTR_OBJECT_CLASS, { valsClass } },
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
+
+    dwError = VmDirDnLastRDNToCn(pszDNPrefix, &pszCN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN, "%s,%s", pszDNPrefix, pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    valsCn[0] = pszCN;
+    valsClass[0] = (PSTR)pszClassName;
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszCN);
     VMDIR_SAFE_FREE_STRINGA(pszDN);
     return dwError;
 
@@ -129,33 +165,115 @@ VmDirTestCreateObject(
 DWORD
 VmDirTestCreateContainer(
     PVMDIR_TEST_STATE pState,
-    PCSTR pszName
+    PCSTR pszContainer,
+    PCSTR pszAcl /* OPTIONAL */
     )
 {
     DWORD dwError = 0;
-    PCSTR valsCn[] = {pszName, NULL};
+    PCSTR valsCn[] = {pszContainer, NULL};
     PCSTR valsClass[] = {"top", "container", NULL};
+    PCSTR valsAcl[] = {pszAcl, NULL};
     PSTR pszDN = NULL;
     LDAPMod mod[]={
         {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
         {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
     };
-    LDAPMod *attrs[] = {&mod[0], &mod[1], NULL};
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], NULL};
 
-    dwError = VmDirAllocateStringPrintf(
+    if (IsNullOrEmptyString(pszContainer))
+    {
+        valsCn[0] = VmDirTestGetTestContainerCn(pState);
+
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,%s",
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf(
                 &pszDN,
                 "cn=%s,cn=%s,%s",
-                pszName,
+                pszContainer,
                 VmDirTestGetTestContainerCn(pState),
                 pState->pszBaseDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    if (IsNullOrEmptyString(pszAcl))
+    {
+        attrs[2] = NULL;
+    }
 
     dwError = ldap_add_ext_s(
-                pState->pLd,
-                pszDN,
-                attrs,
-                NULL,
-                NULL);
+            pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteObjectByDNPrefix(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszDNPrefix
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN, "%s,%s", pszDNPrefix, pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_delete_ext_s(pState->pLd, pszDN, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteContainer(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszDN = NULL;
+
+    if (IsNullOrEmptyString(pszContainer))
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,%s",
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    else
+    {
+        dwError = VmDirAllocateStringPrintf(
+                &pszDN,
+                "cn=%s,cn=%s,%s",
+                pszContainer,
+                VmDirTestGetTestContainerCn(pState),
+                pState->pszBaseDN);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    dwError = VmDirTestDeleteContainerByDn(pState->pLd, pszDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
diff --git a/vmdir/testing/test_lib/user.c b/vmdir/testing/test_lib/user.c
index cc1e94577..e66c29030 100644
--- a/vmdir/testing/test_lib/user.c
+++ b/vmdir/testing/test_lib/user.c
@@ -116,13 +116,13 @@ VmDirTestCreateUserWithLimitedAccount(
     )
 {
     DWORD dwError = 0;
-    PCSTR valsAcl[] = {NULL, NULL};
+    PCSTR valsAcl[] = {pszAcl, NULL};
     PCSTR valsCn[] = {pszUserName, NULL};
     PCSTR valssAMActName[] = {pszUserName, NULL};
     PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
     PCSTR valsPNE[] = {"TRUE", NULL};
-    PCSTR valsPN[] = {NULL, NULL};
-    PCSTR valsPass[] = {"Admin!23", NULL};
+    PCSTR valsUPN[] = {NULL, NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
     PSTR pszUPN = NULL;
     PSTR pszDN = NULL;
     LDAPMod mod[]={
@@ -130,7 +130,7 @@ VmDirTestCreateUserWithLimitedAccount(
         {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
         {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
         {LDAP_MOD_ADD, ATTR_PASSWORD_NEVER_EXPIRES, {(PSTR*)valsPNE}},
-        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsPN}},
+        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsUPN}},
         {LDAP_MOD_ADD, ATTR_USER_PASSWORD, {(PSTR*)valsPass}},
         {LDAP_MOD_ADD, ATTR_SN, {(PSTR*)valsCn}},
         {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
@@ -140,30 +140,22 @@ VmDirTestCreateUserWithLimitedAccount(
     dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pState->pszDomain);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    valsPN[0] = pszUPN;
-    if (pszAcl != NULL)
-    {
-        valsAcl[0] = pszAcl;
-    }
-    else
+    valsUPN[0] = pszUPN;
+
+    if (IsNullOrEmptyString(pszAcl))
     {
         attrs[7] = NULL;
     }
 
     dwError = VmDirAllocateStringPrintf(
-                &pszDN,
-                "cn=%s,cn=%s,%s",
-                pszUserName,
-                pszContainer ? pszContainer : "Users",
-                pState->pszBaseDN);
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszContainer ? pszContainer : "Users",
+            pState->pszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = ldap_add_ext_s(
-                pState->pLdLimited,
-                pszDN,
-                attrs,
-                NULL,
-                NULL);
+    dwError = ldap_add_ext_s(pState->pLdLimited, pszDN, attrs, NULL, NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
@@ -184,13 +176,13 @@ VmDirTestCreateUser(
     )
 {
     DWORD dwError = 0;
-    PCSTR valsAcl[] = {NULL, NULL};
+    PCSTR valsAcl[] = {pszAcl, NULL};
     PCSTR valsCn[] = {pszUserName, NULL};
     PCSTR valssAMActName[] = {pszUserName, NULL};
     PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
     PCSTR valsPNE[] = {"TRUE", NULL};
-    PCSTR valsPN[] = {NULL, NULL};
-    PCSTR valsPass[] = {"Admin!23", NULL};
+    PCSTR valsUPN[] = {NULL, NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
     PSTR pszUPN = NULL;
     PSTR pszDN = NULL;
     LDAPMod mod[]={
@@ -198,7 +190,7 @@ VmDirTestCreateUser(
         {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
         {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
         {LDAP_MOD_ADD, ATTR_PASSWORD_NEVER_EXPIRES, {(PSTR*)valsPNE}},
-        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsPN}},
+        {LDAP_MOD_ADD, ATTR_KRB_UPN, {(PSTR*)valsUPN}},
         {LDAP_MOD_ADD, ATTR_USER_PASSWORD, {(PSTR*)valsPass}},
         {LDAP_MOD_ADD, ATTR_SN, {(PSTR*)valsCn}},
         {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
@@ -208,30 +200,22 @@ VmDirTestCreateUser(
     dwError = VmDirAllocateStringPrintf(&pszUPN, "%s@%s", pszUserName, pState->pszDomain);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    valsPN[0] = pszUPN;
-    if (pszAcl != NULL)
-    {
-        valsAcl[0] = pszAcl;
-    }
-    else
+    valsUPN[0] = pszUPN;
+
+    if (IsNullOrEmptyString(pszAcl))
     {
         attrs[7] = NULL;
     }
 
     dwError = VmDirAllocateStringPrintf(
-                &pszDN,
-                "cn=%s,cn=%s,%s",
-                pszUserName,
-                pszContainer ? pszContainer : "Users",
-                pState->pszBaseDN);
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszContainer ? pszContainer : "Users",
+            pState->pszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = ldap_add_ext_s(
-                pState->pLd,
-                pszDN,
-                attrs,
-                NULL,
-                NULL);
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
@@ -258,7 +242,7 @@ VmDirTestCreateUserWithSecurityDescriptor(
     PCSTR valsClass[] = {OC_USER, OC_PERSON, OC_TOP, OC_ORGANIZATIONAL_PERSON, NULL};
     PCSTR valsPNE[] = {"TRUE", NULL};
     PCSTR valsPN[] = {NULL, NULL};
-    PCSTR valsPass[] = {"Admin!23", NULL};
+    PCSTR valsPass[] = {pState->pszPassword, NULL};
     PSTR pszUPN = NULL;
     PSTR pszDN = NULL;
     LDAPMod mod[]={
@@ -285,27 +269,424 @@ VmDirTestCreateUserWithSecurityDescriptor(
     pbvSecurityDescriptors[0] = &bvSecurityDescriptor;
     mod[7].mod_vals.modv_bvals = pbvSecurityDescriptors;
 
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszContainer ? pszContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    VMDIR_SAFE_FREE_STRINGA(pszUPN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestAddUserToGroupByDn(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PCSTR pszGroupDn
+    )
+{
+    DWORD dwError = 0;
+    LDAPMod addition;
+    LDAPMod *mods[2];
+    PCSTR ppszAttributeValues[] = { pszUserDn, NULL };
+
+    addition.mod_op     = LDAP_MOD_ADD;
+    addition.mod_type   = ATTR_MEMBER;
+    addition.mod_values = (PSTR*)ppszAttributeValues;
+
+    mods[0] = &addition;
+    mods[1] = NULL;
+
+    dwError = ldap_modify_ext_s(pLd, pszGroupDn, mods, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestAddUserToGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszUserDN = NULL;
+    PSTR    pszGroupDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszUserDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszUserContainer ? pszUserContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupDN,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszGroupContainer ? pszGroupContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestAddUserToGroupByDn(pState->pLd, pszUserDN, pszGroupDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserDN);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestRemoveUserFromGroupByDn(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PCSTR pszGroupDn
+    )
+{
+    DWORD dwError = 0;
+    LDAPMod addition;
+    LDAPMod *mods[2];
+    PCSTR ppszAttributeValues[] = { pszUserDn, NULL };
+
+    addition.mod_op     = LDAP_MOD_DELETE;
+    addition.mod_type   = ATTR_MEMBER;
+    addition.mod_values = (PSTR*)ppszAttributeValues;
+
+    mods[0] = &addition;
+    mods[1] = NULL;
+
+    dwError = ldap_modify_ext_s(pLd, pszGroupDn, mods, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestRemoveUserFromGroup(
+    PVMDIR_TEST_STATE   pState,
+    PCSTR               pszUserName,
+    PCSTR               pszUserContainer, // optional
+    PCSTR               pszGroupName,
+    PCSTR               pszGroupContainer // optional
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszUserDN = NULL;
+    PSTR    pszGroupDN = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszUserDN,
+            "cn=%s,cn=%s,%s",
+            pszUserName,
+            pszUserContainer ? pszUserContainer : "Users",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupDN,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszGroupContainer ? pszGroupContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestRemoveUserFromGroupByDn(pState->pLd, pszUserDN, pszGroupDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszUserDN);
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestListGroupMembers(
+    LDAP *pLd,
+    PCSTR pszGroupDN,
+    PVMDIR_STRING_LIST *ppvsMembers
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwMemberCount = 0;
+    DWORD dwIndex = 0;
+    PCSTR ppszAttrs[] = {ATTR_MEMBER, NULL};
+    LDAPMessage *pResult = NULL;
+    PVMDIR_STRING_LIST pvsMembers = NULL;
+    BerValue** ppBerValues = NULL;
+    LDAPMessage* pEntry = NULL;
+
+    dwError = VmDirStringListInitialize(&pvsMembers, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszGroupDN,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ATTR_MEMBER);
+    if (ppBerValues != NULL)
+    {
+        dwMemberCount = ldap_count_values_len(ppBerValues);
+
+        for (dwIndex = 0; dwIndex < dwMemberCount; ++dwIndex)
+        {
+            dwError = VmDirStringListAddStrClone(ppBerValues[dwIndex]->bv_val, pvsMembers);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *ppvsMembers = pvsMembers;
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pvsMembers);
+    goto cleanup;
+}
+
+DWORD
+VmDirTestListUsersGroups(
+    LDAP *pLd,
+    PCSTR pszUserDn,
+    PVMDIR_STRING_LIST *ppvsGroups /* OUT */
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwGroupCount = 0;
+    DWORD dwIndex = 0;
+    PCSTR ppszAttrs[] = {ATTR_MEMBEROF, NULL};
+    LDAPMessage *pResult = NULL;
+    PVMDIR_STRING_LIST pvsGroups = NULL;
+    BerValue** ppBerValues = NULL;
+    LDAPMessage* pEntry = NULL;
+
+    dwError = VmDirStringListInitialize(&pvsGroups, 0);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_search_ext_s(
+                pLd,
+                pszUserDn,
+                LDAP_SCOPE_BASE,
+                "(objectClass=*)",
+                (PSTR*)ppszAttrs,
+                0,
+                NULL,
+                NULL,
+                NULL,
+                -1,
+                &pResult);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    pEntry = ldap_first_entry(pLd, pResult);
+    ppBerValues = ldap_get_values_len(pLd, pEntry, ATTR_MEMBEROF);
+    if (ppBerValues != NULL)
+    {
+        dwGroupCount = ldap_count_values_len(ppBerValues);
+
+        for (dwIndex = 0; dwIndex < dwGroupCount; ++dwIndex)
+        {
+            dwError = VmDirStringListAddStrClone(ppBerValues[dwIndex]->bv_val, pvsGroups);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    *ppvsGroups = pvsGroups;
+
+cleanup:
+    if (pResult)
+    {
+        ldap_msgfree(pResult);
+    }
+
+    if (ppBerValues)
+    {
+        ldap_value_free_len(ppBerValues);
+    }
+
+    return dwError;
+
+error:
+    VmDirStringListFree(pvsGroups);
+    goto cleanup;
+}
+
+DWORD
+VmDirTestCreateGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer, /* OPTIONAL */
+    PCSTR pszGroupName,
+    PCSTR pszAcl /* OPTIONAL */
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+    PCSTR valsAcl[] = {pszAcl, NULL};
+    PCSTR valsCn[] = {pszGroupName, NULL};
+    PCSTR valssAMActName[] = {pszGroupName, NULL};
+    PCSTR valsClass[] = {OC_GROUP, OC_TOP, NULL};
+    LDAPMod mod[] = {
+        {LDAP_MOD_ADD, ATTR_CN, {(PSTR*)valsCn}},
+        {LDAP_MOD_ADD, ATTR_SAM_ACCOUNT_NAME, {(PSTR*)valssAMActName}},
+        {LDAP_MOD_ADD, ATTR_OBJECT_CLASS, {(PSTR*)valsClass}},
+        {LDAP_MOD_ADD, ATTR_ACL_STRING, {(PSTR*)valsAcl}},
+    };
+    LDAPMod *attrs[] = {&mod[0], &mod[1], &mod[2], &mod[3], NULL};
+
+    if (IsNullOrEmptyString(pszAcl))
+    {
+        attrs[3] = NULL;
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszDN,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszContainer ? pszContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = ldap_add_ext_s(pState->pLd, pszDN, attrs, NULL, NULL);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszDN);
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteGroupEx(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroupName,
+    BOOLEAN bUseLimitedAccount
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+
     dwError = VmDirAllocateStringPrintf(
                 &pszDN,
                 "cn=%s,cn=%s,%s",
-                pszUserName,
-                pszContainer ? pszContainer : "Users",
+                pszGroupName,
+                pszContainer ? pszContainer : "Builtin",
                 pState->pszBaseDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = ldap_add_ext_s(
-                pState->pLd,
-                pszDN,
-                attrs,
-                NULL,
-                NULL);
+    if (bUseLimitedAccount)
+    {
+        dwError = ldap_delete_ext_s(pState->pLdLimited, pszDN, NULL, NULL);
+    }
+    else
+    {
+        dwError = ldap_delete_ext_s(pState->pLd, pszDN, NULL, NULL);
+    }
     BAIL_ON_VMDIR_ERROR(dwError);
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszDN);
-    VMDIR_SAFE_FREE_STRINGA(pszUPN);
+    return dwError;
+error:
+    goto cleanup;
+}
+
+DWORD
+VmDirTestDeleteGroup(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszContainer,
+    PCSTR pszGroupName
+    )
+{
+    return VmDirTestDeleteGroupEx(pState, pszContainer, pszGroupName, FALSE);
+}
+
+DWORD
+VmDirTestGetGroupSid(
+    PVMDIR_TEST_STATE pState,
+    PCSTR pszGroupName,
+    PCSTR pszContainer, // optional
+    PSTR *ppszGroupSid
+    )
+{
+    DWORD   dwError;
+    PSTR    pszGroupDn = NULL;
+    PSTR    pszGroupSid = NULL;
+
+    dwError = VmDirAllocateStringPrintf(
+            &pszGroupDn,
+            "cn=%s,cn=%s,%s",
+            pszGroupName,
+            pszContainer ? pszContainer : "Builtin",
+            pState->pszBaseDN);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirTestGetAttributeValueString(
+            pState->pLd,
+            pszGroupDn,
+            LDAP_SCOPE_BASE,
+            NULL,
+            "objectSid",
+            &pszGroupSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    *ppszGroupSid = pszGroupSid;
+
+cleanup:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupDn);
     return dwError;
 
 error:
+    VMDIR_SAFE_FREE_STRINGA(pszGroupSid);
     goto cleanup;
 }
diff --git a/vmdir/testing/test_runner/Makefile.am b/vmdir/testing/test_runner/Makefile.am
index fc93c5176..c74399654 100644
--- a/vmdir/testing/test_runner/Makefile.am
+++ b/vmdir/testing/test_runner/Makefile.am
@@ -5,14 +5,14 @@ vmdir_test_runner_SOURCES = \
     testinfrastructure.c
 
 vmdir_test_runner_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmdir_test_runner_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     ../test_lib/libvmdirtesting.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
diff --git a/vmdir/testing/test_runner/main.c b/vmdir/testing/test_runner/main.c
index 802c71f62..d1c0e3459 100644
--- a/vmdir/testing/test_runner/main.c
+++ b/vmdir/testing/test_runner/main.c
@@ -24,7 +24,7 @@ ShowUsage(
     printf("Usage: vmdir_integration_test <args>\n");
     printf("Required arguments:\n");
     printf("\t-H/--host <host> -- The host to connect to.\n");
-    printf("\t-u/--username <user UPN> -- user@domain to connect with.\n");
+    printf("\t-u/--username <user name> -- user to connect with.\n");
     printf("\t-w/--password <password> -- The password to authenticate with\n");
     printf("\t-d/--domain domain -- The domain to use (e.g., vsphere.local)\n");
     printf("\t-b/--break -- Break into debugger if a test fails.\n");
@@ -85,30 +85,6 @@ DWORD VmDirSetBaseDN(
     goto cleanup;
 }
 
-DWORD
-_TestInfrastructureCleanupContainer(
-    PVMDIR_TEST_STATE pState
-    )
-{
-    PSTR pszContainerDn = NULL;
-    DWORD dwError = 0;
-
-    dwError = VmDirAllocateStringPrintf(
-                &pszContainerDn,
-                "cn=testcontainer,%s",
-                pState->pszBaseDN);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = VmDirTestDeleteContainer(pState->pLd, pszContainerDn);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    VmDirFreeStringA(pszContainerDn);
-    return dwError;
-error:
-    goto cleanup;
-}
-
 DWORD
 TestInfrastructureCleanup(
     PVMDIR_TEST_STATE pState
@@ -124,23 +100,22 @@ TestInfrastructureCleanup(
     dwError = VmDirTestDeleteUser(pState, NULL, VmDirTestGetInternalUserCn(pState));
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _TestInfrastructureCleanupContainer(pState);
+    dwError = VmDirTestDeleteContainer(pState, NULL);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-
 cleanup:
     VmDirFreeStringA((PSTR)pState->pszBaseDN);
-    VmDirTestLdapUnbind(pState->pLdAnonymous);
     VmDirTestLdapUnbind(pState->pLd);
     VmDirTestLdapUnbind(pState->pLdLimited);
-
+    VmDirTestLdapUnbind(pState->pLdAnonymous);
+    VmDirTestLdapUnbind(pState->pLdCustom);
     return 0;
+
 error:
     printf("Test cleanup failed with error %d\n", dwError);
     goto cleanup;
 }
 
-
 DWORD
 _VmDirTestCreateLimitedUserAndConnection(
     PVMDIR_TEST_STATE pState
@@ -262,14 +237,14 @@ TestInfrastructureInitialize(
     dwError = VmDirSafeLDAPBind(
                 &pState->pLd,
                 pState->pszServerName,
-                pState->pszUserName,
+                pState->pszUserUPN,
                 pState->pszPassword);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     //
     // Cleanup any leftover state from a previous run.
     //
-    (VOID)_TestInfrastructureCleanupContainer(pState);
+    (VOID)VmDirTestDeleteContainer(pState, NULL);
 
     dwError = VmDirTestCreateAnonymousConnection(
                 pState->pszServerName,
@@ -302,7 +277,8 @@ _VmDirExecuteTestModule(
     PTEST_CLEANUP_CALLBACK pfnTestCleanup = NULL;
     DWORD dwError = 0;
 
-    printf("executing test module: %s ...\n", pszModule);
+    printf("Executing test module: %s ...\n", pszModule);
+
     // Need to make sure that there's a slash in the name
     pDllHandle = dlopen(pszModule, RTLD_NOW | RTLD_LOCAL);
     if (pDllHandle == NULL)
@@ -387,6 +363,14 @@ VmDirMain(
                 argv);
     BAIL_ON_VMDIR_ERROR(dwError);
 
+
+    dwError = VmDirAllocateStringPrintf(
+                (PSTR*)&State.pszUserUPN,
+                "%s@%s",
+                State.pszUserName,
+                State.pszDomain);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
     printf("VmDir integration tests starting ...\n");
 
     dwError = TestInfrastructureInitialize(&State);
diff --git a/vmdir/testing/unittests/libcommon/Makefile.am b/vmdir/testing/unittests/libcommon/Makefile.am
index 547db1bb9..41a9e1795 100644
--- a/vmdir/testing/unittests/libcommon/Makefile.am
+++ b/vmdir/testing/unittests/libcommon/Makefile.am
@@ -1,8 +1,8 @@
 lib_LTLIBRARIES = libcommonunittests.la
 
 libcommonunittests_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -25,7 +25,7 @@ libcommonunittests_la_SOURCES = \
     VmDirStringToTokenList.c
 
 libcommonunittests_la_LIBADD = \
-    @top_builddir@/testing/test_lib/libvmdirtesting.la \
+    @top_builddir@/vmdir/testing/test_lib/libvmdirtesting.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -41,7 +41,7 @@ libcommonunittests_la_LIBADD = \
     @PTHREAD_LIBS@
 
 libcommonunittests_la_LDFLAGS = \
-    -export-symbols @top_srcdir@/testing/unittests/libcommon/libcommonunittests.exp \
+    -export-symbols @top_srcdir@/vmdir/testing/unittests/libcommon/libcommonunittests.exp \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/thirdparty/csrp/srp.c b/vmdir/thirdparty/csrp/srp.c
index a4bd49e72..d53168a7f 100644
--- a/vmdir/thirdparty/csrp/srp.c
+++ b/vmdir/thirdparty/csrp/srp.c
@@ -444,6 +444,7 @@ static BIGNUM * calculate_x( SRP_HashAlgorithm alg, const BIGNUM * salt, const c
     hash_update( alg, &ctx, password, password_len );
     
     hash_final( alg, &ctx, ucp_hash, &len );
+    EVP_MD_CTX_cleanup(&ctx.mdctx);
         
     return H_ns( alg, salt, ucp_hash, len );
 }
@@ -501,6 +502,7 @@ static void calculate_M( SRP_HashAlgorithm alg, NGConstant *ng, unsigned char *
     hash_update( alg, &ctx, K, hash_len );
     
     hash_final( alg, &ctx, dest, &len );
+    EVP_MD_CTX_cleanup(&ctx.mdctx);
 }
 
 static void calculate_H_AMK( SRP_HashAlgorithm alg, unsigned char *dest, const BIGNUM * A, const unsigned char * M, const unsigned char * K )
@@ -515,6 +517,7 @@ static void calculate_H_AMK( SRP_HashAlgorithm alg, unsigned char *dest, const B
     hash_update( alg, &ctx, K, len );
     
     hash_final( alg, &ctx, dest, &len );
+    EVP_MD_CTX_cleanup(&ctx.mdctx);
 }
 
 
@@ -525,6 +528,7 @@ static void init_random()
     HCRYPTPROV wctx;
 #else
     FILE   *fp   = 0;
+    size_t lread = 0;
 #endif
 
     if (g_initialized)
@@ -546,7 +550,7 @@ static void init_random()
         
         if (fp)
         {
-            fread(buff, sizeof(buff), 1, fp);
+            lread = fread(buff, sizeof(buff), 1, fp);
             fclose(fp);
             g_initialized = 1;
         }
@@ -1039,6 +1043,7 @@ void srp_hash(int argc, char *argv[])
         hash_update( SRP_SHA1, &hctx, argv[i], strlen(argv[i]));
     }
     hash_final( SRP_SHA1, &hctx, md_value, &md_len);
+    EVP_MD_CTX_cleanup(&hctx.mdctx);
 
     printf("Digest is: ");
     for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
diff --git a/vmdir/thirdparty/heimdal/asn1/Makefile.am b/vmdir/thirdparty/heimdal/asn1/Makefile.am
index 596499b95..3e4da4624 100644
--- a/vmdir/thirdparty/heimdal/asn1/Makefile.am
+++ b/vmdir/thirdparty/heimdal/asn1/Makefile.am
@@ -16,9 +16,9 @@ libasn1_la_SOURCES = \
     hex.c
 
 libasn1_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/public \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/public \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1
 
 libasn1_la_LDFLAGS = \
     -static
@@ -28,7 +28,7 @@ libasn1db_la_SOURCES = \
     asn1_kerberos_db.c
 
 libasn1db_la_CPPFLAGS = \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1
 
 libasn1db_la_LDFLAGS = \
     -static
diff --git a/vmdir/thirdparty/heimdal/krb5-crypto/Makefile.am b/vmdir/thirdparty/heimdal/krb5-crypto/Makefile.am
index b0ec99a7d..7bfd8dba8 100644
--- a/vmdir/thirdparty/heimdal/krb5-crypto/Makefile.am
+++ b/vmdir/thirdparty/heimdal/krb5-crypto/Makefile.am
@@ -41,9 +41,9 @@ libkrb5crypto_la_SOURCES = \
 libkrb5crypto_la_CPPFLAGS = \
     -DHEIMDAL_SMALLER \
     @OPENSSL_INCLUDES@ \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto \
-    -I$(top_srcdir)/server/tools
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto \
+    -I$(top_srcdir)/vmdir/server/tools
 
 libkrb5crypto_la_LDFLAGS = \
-    -export-symbols $(top_srcdir)/thirdparty/heimdal/krb5-crypto/krb5-crypto.exp
+    -export-symbols $(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto/krb5-crypto.exp
diff --git a/vmdir/thirdparty/heimdal/krb5-crypto/principal.c b/vmdir/thirdparty/heimdal/krb5-crypto/principal.c
index bfc982c4d..e7868ff9d 100644
--- a/vmdir/thirdparty/heimdal/krb5-crypto/principal.c
+++ b/vmdir/thirdparty/heimdal/krb5-crypto/principal.c
@@ -410,7 +410,9 @@ krb5_parse_name(krb5_context context,
 
 static const char quotable_chars[] = " \n\t\b\\/@";
 static const char replace_chars[] = " ntb\\/@";
+#if 0
 static const char nq_chars[] = "    \\/@";
+#endif
 
 #define add_char(BASE, INDEX, LEN, C) do { if((INDEX) < (LEN)) (BASE)[(INDEX)++] = (C); }while(0);
 
diff --git a/vmdir/thirdparty/heimdal/ntlm/Makefile.am b/vmdir/thirdparty/heimdal/ntlm/Makefile.am
index b6231a3d3..c5e0f76e4 100644
--- a/vmdir/thirdparty/heimdal/ntlm/Makefile.am
+++ b/vmdir/thirdparty/heimdal/ntlm/Makefile.am
@@ -5,11 +5,11 @@ libheimntlm_la_SOURCES = \
 
 libheimntlm_la_CPPFLAGS = \
     @OPENSSL_INCLUDES@ \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     -DHAVE_OPENSSL \
-    -I$(top_srcdir)/thirdparty/heimdal/asn1 \
-    -I$(top_srcdir)/thirdparty/heimdal/krb5-crypto
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/asn1 \
+    -I$(top_srcdir)/vmdir/thirdparty/heimdal/krb5-crypto
 
 libheimntlm_la_LDFLAGS = \
     -static
diff --git a/vmdir/thirdparty/openldap/libraries/mdb/Makefile.am b/vmdir/thirdparty/openldap/libraries/mdb/Makefile.am
index d0498eb50..650cf0fbf 100644
--- a/vmdir/thirdparty/openldap/libraries/mdb/Makefile.am
+++ b/vmdir/thirdparty/openldap/libraries/mdb/Makefile.am
@@ -5,9 +5,9 @@ libvmdirmdb_la_SOURCES = \
     midl.c
 
 libvmdirmdb_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/public \
-    -I$(top_srcdir)/thirdparty/openldap/include
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/thirdparty/openldap/include
 
 libvmdirmdb_la_LDFLAGS = \
     -static
diff --git a/vmdir/tools/test/circularbuffer/Makefile.am b/vmdir/tools/test/circularbuffer/Makefile.am
deleted file mode 100644
index 5ef79e7b2..000000000
--- a/vmdir/tools/test/circularbuffer/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-bin_PROGRAMS = circularbuffertest
-
-circularbuffertest_SOURCES = \
-    main.c
-
-circularbuffertest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-circularbuffertest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-circularbuffertest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/vmdir/tools/test/circularbuffer/includes.h b/vmdir/tools/test/circularbuffer/includes.h
deleted file mode 100644
index d5cbf5cc1..000000000
--- a/vmdir/tools/test/circularbuffer/includes.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
diff --git a/vmdir/tools/test/circularbuffer/main.c b/vmdir/tools/test/circularbuffer/main.c
deleted file mode 100644
index 91ae4f2a2..000000000
--- a/vmdir/tools/test/circularbuffer/main.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
-
-typedef struct _TEST_ELEMENT
-{
-    PCSTR   name;
-    int     age;
-} TEST_ELEMENT, *PTEST_ELEMENT;
-int             arrLen = 5;
-TEST_ELEMENT    arrTestData[] = {
-                            {"user1", 1},
-                            {"user2", 2},
-                            {"user3", 3},
-                            {"user4", 4},
-                            {"user5", 5}};
-
-void FillBuffer(
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer,
-    UINT Count
-    )
-{
-    UINT i = 0;
-
-    for (; i < Count; ++i)
-    {
-        PTEST_ELEMENT Destination = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-        PTEST_ELEMENT Source;
-
-        Source = &arrTestData[i % 5];
-        Destination->name = Source->name;
-        Destination->age = Source->age;
-    }
-}
-
-BOOLEAN Callback(PVOID Element, PVOID Context)
-{
-    PTEST_ELEMENT TestElement = (PTEST_ELEMENT)Element;
-    PTEST_ELEMENT ReferenceElement = (PTEST_ELEMENT)Context;
-
-    ASSERT(TestElement->age == ReferenceElement->age);
-    ASSERT(strcmp(TestElement->name, ReferenceElement->name) == 0);
-
-    return TRUE;
-}
-
-void TestCleanupOfValidCircularBuffer()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
-    DWORD dwError = 0;
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    VmDirCircularBufferFree(pCircularBuffer);
-}
-
-void TestCleanupOfNullCircularBuffer()
-{
-    VmDirCircularBufferFree(NULL);
-}
-
-void TestSingleElement()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
-    DWORD dwError = 0;
-    PTEST_ELEMENT Element = NULL;
-
-    printf("TestSingleElement() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[0].name;
-    Element->age = arrTestData[0].age;
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 1, Callback, &arrTestData[0]);
-    ASSERT(dwError == 0);
-
-    VmDirCircularBufferFree(pCircularBuffer);
-}
-
-void TestWrap()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer;
-    PTEST_ELEMENT Element;
-    DWORD dwError = 0;
-
-    printf("TestWrap() ...\n");
-
-    dwError = VmDirCircularBufferCreate(3, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[0].name;
-    Element->age = arrTestData[0].age;
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[1].name;
-    Element->age = arrTestData[1].age;
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[2].name;
-    Element->age = arrTestData[2].age;
-
-    Element = VmDirCircularBufferGetNextEntry(pCircularBuffer);
-    Element->name = arrTestData[3].name;
-    Element->age = arrTestData[3].age;
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 1, Callback, &arrTestData[1]);
-    ASSERT(dwError == 0);
-
-    VmDirCircularBufferFree(pCircularBuffer);
-}
-
-void TestZeroSizedBufferShouldFail()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestZeroSizedBufferShouldFail() ...\n");
-
-    dwError = VmDirCircularBufferCreate(0, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError != 0);
-}
-
-void TestOverflowSizedBufferShouldFail()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestOverFlowSizedBufferShouldFail() ...\n");
-
-    dwError = VmDirCircularBufferCreate((0XFFFFFFFF / sizeof(TEST_ELEMENT)) + 2, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError != 0);
-}
-
-void TestMakeCapacityBiggerShouldSucceed()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestMakeCapacityBiggerShouldSucceed() ...\n");
-
-    dwError = VmDirCircularBufferCreate(2, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    dwError = VmDirCircularBufferSetCapacity(pCircularBuffer, 4);
-    ASSERT(dwError == 0);
-}
-
-void TestMakeCapacitySmallerShouldSucceed()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-
-    printf("TestMakeCapacitySmallerShouldSucceed() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 4);
-
-    dwError = VmDirCircularBufferSetCapacity(pCircularBuffer, 2);
-    ASSERT(pCircularBuffer->dwCapacity == 2);
-    ASSERT(dwError == 0);
-    ASSERT(pCircularBuffer->dwHead < pCircularBuffer->dwCapacity);
-}
-
-BOOLEAN Callback2(PVOID Element, PVOID Context)
-{
-    PDWORD pdwCount = (PDWORD)Context;
-
-    switch (*pdwCount)
-    {
-        case 0:
-        ASSERT(memcmp(Element, &arrTestData[3], sizeof(TEST_ELEMENT)) == 0);
-        break;
-
-        case 1:
-        ASSERT(memcmp(Element, &arrTestData[4], sizeof(TEST_ELEMENT)) == 0);
-        break;
-
-        case 2:
-        ASSERT(memcmp(Element, &arrTestData[0], sizeof(TEST_ELEMENT)) == 0);
-        break;
-
-        case 3:
-        ASSERT(memcmp(Element, &arrTestData[1], sizeof(TEST_ELEMENT)) == 0);
-        break;
-    }
-
-    *pdwCount += 1;
-    return TRUE;
-}
-
-void TestSelectReturnsCorrectElementsInCorrectOrder()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-    DWORD dwCount = 0;
-
-    printf("TestSelectReturnsCorrectElementsInCorrectOrder() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 7);
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 4, Callback2, &dwCount);
-    ASSERT(dwError == 0);
-}
-
-BOOLEAN CountingCallback(PVOID Element, PVOID Context)
-{
-    PDWORD pdwCount = (PDWORD)Context;
-    PTEST_ELEMENT TestElement = (PTEST_ELEMENT)Element;
-
-    if (TestElement->age == 3)
-    {
-        return FALSE;
-    }
-
-    *pdwCount += 1;
-    return TRUE;
-}
-
-void TestSelectReturnsWhenCallbackReturnsFalse()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-    DWORD dwCount = 0;
-
-    printf("TestSelectReturnsWhenCallbackReturnsFalse() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 4);
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 4, CountingCallback, &dwCount);
-    ASSERT(dwError == 0);
-    ASSERT(dwCount == 2);
-}
-
-void TestSelectTooManyElementsQuietlySucceeds()
-{
-    PVMDIR_CIRCULAR_BUFFER pCircularBuffer = NULL;
-    DWORD dwError = 0;
-    DWORD dwCount = 0;
-
-    printf("TestSelectTooManyElementsQuietlySucceeds() ...\n");
-
-    dwError = VmDirCircularBufferCreate(4, sizeof(TEST_ELEMENT), &pCircularBuffer);
-    ASSERT(dwError == 0);
-
-    FillBuffer(pCircularBuffer, 4);
-
-    dwError = VmDirCircularBufferSelectElements(pCircularBuffer, 20, CountingCallback, &dwCount);
-    ASSERT(dwError == 0);
-}
-
-int
-main(int argc, char* argv[])
-{
-    TestSingleElement();
-    TestWrap();
-
-    TestZeroSizedBufferShouldFail();
-    TestOverflowSizedBufferShouldFail();
-    TestMakeCapacityBiggerShouldSucceed();
-    TestMakeCapacitySmallerShouldSucceed();
-    TestSelectReturnsCorrectElementsInCorrectOrder();
-    TestSelectReturnsWhenCallbackReturnsFalse();
-    TestSelectTooManyElementsQuietlySucceeds();
-    TestCleanupOfValidCircularBuffer();
-    TestCleanupOfNullCircularBuffer();
-
-    return 0;
-}
diff --git a/vmdir/tools/test/dequetest/Makefile.am b/vmdir/tools/test/dequetest/Makefile.am
deleted file mode 100644
index c151d347b..000000000
--- a/vmdir/tools/test/dequetest/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = dequetest
-
-dequetest_SOURCES = \
-    main.c
-
-dequetest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-dequetest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/thirdparty/heimdal/krb5-crypto/libkrb5crypto.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1db.la \
-    $(top_builddir)/thirdparty/heimdal/asn1/libasn1.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-dequetest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/vmdir/tools/test/dequetest/includes.h b/vmdir/tools/test/dequetest/includes.h
deleted file mode 100644
index a182442b5..000000000
--- a/vmdir/tools/test/dequetest/includes.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
diff --git a/vmdir/tools/test/dequetest/main.c b/vmdir/tools/test/dequetest/main.c
deleted file mode 100644
index 3be6a51cc..000000000
--- a/vmdir/tools/test/dequetest/main.c
+++ /dev/null
@@ -1,159 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-typedef struct _TEST_ELEMENT
-{
-    PCSTR   name;
-    int     age;
-} TEST_ELEMENT, *PTEST_ELEMENT;
-int             arrLen = 5;
-TEST_ELEMENT    arrTestData[] = {
-                            {"user1", 1},
-                            {"user2", 2},
-                            {"user3", 3},
-                            {"user4", 4},
-                            {"user5", 5}};
-DWORD
-testEmpty(PDEQUE pDeque)
-{
-    DWORD           dwError = 0;
-    PTEST_ELEMENT   pElement = NULL;
-    //Test case: pop from empty queue
-    printf("\nTest empty deque...\n");
-    if (!dequeIsEmpty(pDeque))
-    {
-        printf("deque is not NULL.\n");
-        goto error;
-    }
-
-    dwError = dequePopLeft(pDeque, (PVOID*)&pElement);
-    if (dwError != ERROR_NO_MORE_ITEMS)
-    {
-        printf("PopLeft is not NULL from empty queue.\n");
-        goto error;
-    }
-    else
-    {
-        dwError = 0;
-    }
-
-cleanup:
-    printf("Test empty finished.\n");
-    return dwError;
-error:
-    goto cleanup;
-}
-
-DWORD
-testQueue(PDEQUE pDeque)
-{
-    DWORD           dwError = 0;
-    PTEST_ELEMENT   pElement = NULL;
-    int             i=0;
-
-    printf("\nTesting Queue...\n");
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePush(pDeque, &arrTestData[i]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePopLeft(pDeque, (PVOID*)&pElement);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        if(pElement != &arrTestData[i])
-        {
-            printf("test failed.\n");
-            dwError = 1;
-            goto error;
-        }
-        printf("Name: %s, Age: %d\n", pElement->name, pElement->age);
-    }
-
-cleanup:
-    printf("testQueue finished.\n");
-    return dwError;
-error:
-    goto cleanup;
-}
-
-DWORD
-testStack(PDEQUE pDeque)
-{
-    DWORD           dwError = 0;
-    PTEST_ELEMENT   pElement = NULL;
-    int             i=0;
-
-    printf("\nTesting Stack...\n");
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePush(pDeque, &arrTestData[i]);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    for (i=0; i<arrLen; i++)
-    {
-        dwError = dequePop(pDeque, (PVOID*)&pElement);
-        BAIL_ON_VMDIR_ERROR(dwError);
-        if(pElement != &arrTestData[arrLen-i-1])
-        {
-            printf("test failed.\n");
-            dwError = 1;
-            goto error;
-        }
-        printf("Name: %s, Age: %d\n", pElement->name, pElement->age);
-    }
-
-cleanup:
-    printf("testStack finished.\n");
-    return dwError;
-error:
-    goto cleanup;
-}
-
-int
-main(int argc, char* argv[])
-{
-    DWORD           dwError = 0;
-    PDEQUE          pDeque = NULL;
-
-    dwError = dequeCreate(&pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testEmpty(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testQueue(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testStack(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    dwError = testEmpty(pDeque);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-cleanup:
-    if (pDeque)
-    {
-        dequeFree(pDeque);
-    }
-
-    return dwError;
-error:
-
-    goto cleanup;
-}
diff --git a/vmdir/tools/test/parseargs/Makefile.am b/vmdir/tools/test/parseargs/Makefile.am
deleted file mode 100644
index 280d541d1..000000000
--- a/vmdir/tools/test/parseargs/Makefile.am
+++ /dev/null
@@ -1,28 +0,0 @@
-bin_PROGRAMS = parseargstest
-
-parseargstest_SOURCES = \
-    parseargs.c \
-    main.c
-
-parseargstest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-parseargstest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-parseargstest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/vmdir/tools/test/parseargs/defines.h b/vmdir/tools/test/parseargs/defines.h
deleted file mode 100644
index 1dd9f861c..000000000
--- a/vmdir/tools/test/parseargs/defines.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
diff --git a/vmdir/tools/test/parseargs/includes.h b/vmdir/tools/test/parseargs/includes.h
deleted file mode 100644
index b463f9688..000000000
--- a/vmdir/tools/test/parseargs/includes.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include <config.h>
-#include <vmdirsys.h>
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
-#include "defines.h"
-#include "prototypes.h"
diff --git a/vmdir/tools/test/parseargs/main.c b/vmdir/tools/test/parseargs/main.c
deleted file mode 100644
index 41bec360a..000000000
--- a/vmdir/tools/test/parseargs/main.c
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-int
-main(int argc, char* argv[])
-{
-    TestVmDirParseArguments();
-    return 0;
-}
diff --git a/vmdir/tools/test/parseargs/parseargs.c b/vmdir/tools/test/parseargs/parseargs.c
deleted file mode 100644
index e5bbb2d2f..000000000
--- a/vmdir/tools/test/parseargs/parseargs.c
+++ /dev/null
@@ -1,1355 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-typedef struct
-{
-    PSTR pszString;
-    DWORD dwInteger;
-    BOOLEAN bTriggered;
-    BOOLEAN bShowUsageTriggered;
-    BOOLEAN bPostValidationCallbackTriggered;
-    BOOLEAN bReturnFailure;
-    DWORD dwStringCallbackCount;
-    DWORD dwIntegerCallbackCount;
-    DWORD dwNoneCallbackCount;
-} COMMAND_LINE_PARAMETER_STATE, *PCOMMAND_LINE_PARAMETER_STATE;
-
-
-DWORD
-PostValidateParameters(
-    PVOID pvParameter
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE State = (PCOMMAND_LINE_PARAMETER_STATE)pvParameter;
-
-    State->bPostValidationCallbackTriggered = TRUE;
-
-    if (State->bReturnFailure)
-    {
-        return VMDIR_ERROR_INVALID_PARAMETER;
-    }
-    else
-    {
-        return 0;
-    }
-}
-
-VOID
-ShowUsage(
-    PVOID pvParameter
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE State = (PCOMMAND_LINE_PARAMETER_STATE)pvParameter;
-
-    State->bShowUsageTriggered = TRUE;
-}
-
-DWORD
-HandleStringParameter(
-    PVOID pContext,
-    PCSTR pValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE ParameterState = (PCOMMAND_LINE_PARAMETER_STATE)pContext;
-
-    ParameterState->pszString = (PSTR)pValue;
-    ParameterState->dwStringCallbackCount++;
-    return 0;
-}
-
-DWORD
-HandleIntegerParameter(
-    PVOID pContext,
-    DWORD dwValue
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE ParameterState = (PCOMMAND_LINE_PARAMETER_STATE)pContext;
-
-    ParameterState->dwInteger = dwValue;
-    ParameterState->dwIntegerCallbackCount++;
-    return 0;
-}
-
-DWORD
-HandleNoParameter(
-    PVOID pContext
-    )
-{
-    PCOMMAND_LINE_PARAMETER_STATE ParameterState = (PCOMMAND_LINE_PARAMETER_STATE)pContext;
-
-    ParameterState->bTriggered = TRUE;
-    ParameterState->dwNoneCallbackCount++;
-
-    return 0;
-}
-
-VMDIR_COMMAND_LINE_OPTIONS CommandLineOptions =
-{
-    ShowUsage,
-    PostValidateParameters,
-    {
-        {'s', "string1", CL_STRING_PARAMETER, HandleStringParameter},
-        {'t', "string2", CL_STRING_PARAMETER, HandleStringParameter},
-        {'u', "string3", CL_STRING_PARAMETER, HandleStringParameter},
-        {'i', "integer1", CL_INTEGER_PARAMETER, HandleIntegerParameter},
-        {'j', "integer2", CL_INTEGER_PARAMETER, HandleIntegerParameter},
-        {'k', "integer3", CL_INTEGER_PARAMETER, HandleIntegerParameter},
-        {'n', "noparameter1", CL_NO_PARAMETER, HandleNoParameter},
-        {'o', "noparameter2", CL_NO_PARAMETER, HandleNoParameter},
-        {'p', "noparameter3", CL_NO_PARAMETER, HandleNoParameter},
-        {0, 0, 0, 0}
-    }
-};
-
-VOID
-_Test_VmDirParseArgumentsWithInvalidEnumValueFails(
-    VOID)
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-s"};
-    static VMDIR_COMMAND_LINE_OPTIONS Options =
-    {
-        ShowUsage,
-        PostValidateParameters,
-        {
-            {'s', NULL, 0xFFFFFFFF, HandleStringParameter}
-        }
-    };
-
-    dwError = VmDirParseArguments(&Options, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArgumentsWithNullLongFlagDoesntCrash(
-    VOID)
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--invalid"};
-    static VMDIR_COMMAND_LINE_OPTIONS Options =
-    {
-        ShowUsage,
-        PostValidateParameters,
-        {
-            {'s', NULL, CL_STRING_PARAMETER, HandleStringParameter},
-        }
-    };
-
-    dwError = VmDirParseArguments(&Options, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArgumentsWithEmptyLongFlagDoesntCrash(
-    VOID)
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--invalid"};
-    static VMDIR_COMMAND_LINE_OPTIONS Options =
-    {
-        ShowUsage,
-        PostValidateParameters,
-        {
-            {'s', "", CL_STRING_PARAMETER, HandleStringParameter},
-        }
-    };
-
-    dwError = VmDirParseArguments(&Options, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_StringParameterWithNoParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-s"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_IntegerParameterWithNoParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-i"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, 2, argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_IntegerParameterWithStringParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-i", "hello"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_NoParameterWithParameterShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-n", "extraparameter"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmDirParseArguments_ShortStringParameterWithStringParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-s", "hello"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(Parameters.pszString, "hello") == 0);
-}
-
-VOID
-_Test_VmDirParseArguments_ShortIntegerParameterWithIntegerParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-i", "42"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwInteger = 42);
-}
-
-VOID
-_Test_VmDirParseArguments_ShortNoParameterWithNoParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.bTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_LongStringParameterWithStringParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--string1", "hello, world!"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(Parameters.pszString, "hello, world!") == 0);
-}
-
-VOID
-_Test_VmDirParseArguments_LongIntegerParameterWithIntegerParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--integer1", "-37"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwInteger == (DWORD)-37);
-}
-
-VOID
-_Test_VmDirParseArguments_LongNoParameterWithNoParameterShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.bTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_InvalidParametersShowUsageShouldBeCalled(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--invalid-parameter"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-    ASSERT(Parameters.bShowUsageTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalled(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.bPostValidationCallbackTriggered);
-}
-
-VOID
-_Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalledAndShowUsage(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app", "--noparameter1"};
-
-    Parameters.bReturnFailure = TRUE;
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-    ASSERT(Parameters.bPostValidationCallbackTriggered);
-    ASSERT(Parameters.bShowUsageTriggered);
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-u", "string3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 3);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--string3", "string3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 3);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-t", "string2", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--string2", "string2", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-i", "1", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--integer1", "1", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-n", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-n", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortStringNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-s", "string1", "-n", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongStringNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--string1", "string1", "--noparameter1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-s", "string1", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--string1", "string1", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-k", "3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 3);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--integer3", "3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 3);
-    ASSERT(Parameters.dwNoneCallbackCount == 0);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-j", "2", "-n"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--integer2", "2", "--noparameter1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-n", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-n", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortIntegerNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-i", "1", "-n", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongIntegerNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--integer1", "1", "--noparameter1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-s", "string1", "-t", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneStringStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--string2", "string2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 2);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-s", "string1", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneStringIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-s", "string1", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneStringNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--string1", "string1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-i", "1", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneIntegerStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-i", "1", "-j", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneIntegerIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--integer2", "2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 2);
-    ASSERT(Parameters.dwNoneCallbackCount == 1);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-i", "1", "-o"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneIntegerNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--integer1", "1", "--noparameter2"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-o", "-s", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneNoneStringWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--string1", "string1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 1);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-o", "-i", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneNoneIntegerWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--integer1", "1"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 1);
-    ASSERT(Parameters.dwNoneCallbackCount == 2);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsShortNoneNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "-n", "-o", "-p"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 3);
-
-}
-
-VOID
-_Test_VmDirParseArgumentsLongNoneNoneNoneWithValidParametersShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    COMMAND_LINE_PARAMETER_STATE Parameters = { 0 };
-    char *argv[] = {"app_name", "--noparameter1", "--noparameter2", "--noparameter3"};
-
-    dwError = VmDirParseArguments(&CommandLineOptions, &Parameters, VMDIR_ARRAY_SIZE(argv), argv);
-    ASSERT(dwError == 0);
-    ASSERT(Parameters.dwStringCallbackCount == 0);
-    ASSERT(Parameters.dwIntegerCallbackCount == 0);
-    ASSERT(Parameters.dwNoneCallbackCount == 3);
-
-}
-
-VOID
-TestVmDirParseArguments(
-    VOID
-    )
-{
-    printf("Testing VmDirParseArguments ...\n");
-
-    _Test_VmDirParseArgumentsWithInvalidEnumValueFails();
-    _Test_VmDirParseArgumentsWithNullLongFlagDoesntCrash();
-    _Test_VmDirParseArgumentsWithEmptyLongFlagDoesntCrash();
-
-    _Test_VmDirParseArguments_StringParameterWithNoParameterShouldFail();
-    _Test_VmDirParseArguments_IntegerParameterWithNoParameterShouldFail();
-    _Test_VmDirParseArguments_IntegerParameterWithStringParameterShouldFail();
-    _Test_VmDirParseArguments_NoParameterWithParameterShouldFail();
-    _Test_VmDirParseArguments_ShortStringParameterWithStringParameterShouldSucceed();
-    _Test_VmDirParseArguments_ShortIntegerParameterWithIntegerParameterShouldSucceed();
-    _Test_VmDirParseArguments_ShortNoParameterWithNoParameterShouldSucceed();
-    _Test_VmDirParseArguments_LongStringParameterWithStringParameterShouldSucceed();
-    _Test_VmDirParseArguments_LongIntegerParameterWithIntegerParameterShouldSucceed();
-    _Test_VmDirParseArguments_LongNoParameterWithNoParameterShouldSucceed();
-
-    _Test_VmDirParseArguments_InvalidParametersShowUsageShouldBeCalled();
-    _Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalled();
-    _Test_VmDirParseArguments_ValidParametersPostValidtionShouldBeCalledAndShowUsage();
-
-    _Test_VmDirParseArgumentsLongStringStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongStringNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortStringNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongIntegerNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortIntegerNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneStringStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneStringIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneStringNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneIntegerStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneIntegerIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneIntegerNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneNoneStringWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneNoneIntegerWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsLongNoneNoneNoneWithValidParametersShouldSucceed();
-    _Test_VmDirParseArgumentsShortNoneNoneNoneWithValidParametersShouldSucceed();
-}
diff --git a/vmdir/tools/test/parseargs/prototypes.h b/vmdir/tools/test/parseargs/prototypes.h
deleted file mode 100644
index 135cd2311..000000000
--- a/vmdir/tools/test/parseargs/prototypes.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-VOID
-TestVmDirParseArguments(
-    VOID
-    );
diff --git a/vmdir/tools/test/registry/Makefile.am b/vmdir/tools/test/registry/Makefile.am
deleted file mode 100644
index 6284ad22c..000000000
--- a/vmdir/tools/test/registry/Makefile.am
+++ /dev/null
@@ -1,27 +0,0 @@
-bin_PROGRAMS = registrytest
-
-registrytest_SOURCES = \
-    main.c
-
-registrytest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-registrytest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-registrytest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/vmdir/tools/test/registry/includes.h b/vmdir/tools/test/registry/includes.h
deleted file mode 100644
index d5cbf5cc1..000000000
--- a/vmdir/tools/test/registry/includes.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
diff --git a/vmdir/tools/test/registry/main.c b/vmdir/tools/test/registry/main.c
deleted file mode 100644
index 2b379040d..000000000
--- a/vmdir/tools/test/registry/main.c
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-
-#include "includes.h"
-
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
-
-void TestDwordRoundTrip()
-{
-    DWORD dwTestValue = 0;
-    DWORD dwComparisonValue = 0;
-    DWORD dwError = 0;
-
-    printf("TestDwordRoundTrip() ...\n");
-
-    dwTestValue = 42;
-    dwError = VmDirSetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestValue", dwTestValue);
-    ASSERT(dwError == 0);
-
-    dwError = VmDirGetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestValue", &dwComparisonValue, 0);
-    ASSERT(dwError == 0);
-
-    ASSERT(dwTestValue == dwComparisonValue);
-}
-
-void TestDwordDefaultValue()
-{
-    DWORD dwTestValue = 0;
-    DWORD dwComparisonValue = 0;
-    DWORD dwError = 0;
-
-    printf("TestDwordDefaultValue() ...\n");
-
-    dwTestValue = 42;
-    dwError = VmDirGetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestValueDoesNotExist", &dwComparisonValue, dwTestValue);
-    ASSERT(dwError != 0);
-
-    ASSERT(dwTestValue == dwComparisonValue);
-}
-
-void TestMaxDwordValueRoundTrip()
-{
-    DWORD dwTestValue = 0;
-    DWORD dwComparisonValue = 0;
-    DWORD dwError = 0;
-
-    printf("TestMaxDwordValueRoundTrip() ...\n");
-
-    dwTestValue = 0xFFFFFFFF; // Biggest possible DWORD
-    dwError = VmDirSetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestMaxValue", dwTestValue);
-    ASSERT(dwError == 0);
-
-    VmDirGetRegKeyValueDword(VMDIR_CONFIG_PARAMETER_KEY_PATH, "TestMaxValue", &dwComparisonValue, 0);
-    ASSERT(dwError == 0);
-
-    ASSERT(dwTestValue == dwComparisonValue);
-}
-
-
-int
-main(int argc, char* argv[])
-{
-    TestDwordRoundTrip();
-    TestDwordDefaultValue();
-    TestMaxDwordValueRoundTrip();
-
-    return 0;
-}
diff --git a/vmdir/tools/test/string/Makefile.am b/vmdir/tools/test/string/Makefile.am
deleted file mode 100644
index 59865b3d4..000000000
--- a/vmdir/tools/test/string/Makefile.am
+++ /dev/null
@@ -1,30 +0,0 @@
-bin_PROGRAMS = stringtest
-
-stringtest_SOURCES = \
-    VmDirAllocateStringOfLenA.c \
-    VmDirAllocateStringA.c \
-    stringlist.c    \
-    main.c
-
-stringtest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    @LW_INCLUDES@ \
-    @OPENSSL_INCLUDES@
-
-stringtest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    @LWIO_LIBS@ \
-    @SCHANNEL_LIBS@ \
-    @LWMSG_LIBS@ \
-    @LWREG_LIBS@ \
-    @LWBASE_LIBS@ \
-    @CRYPTO_LIBS@ \
-    @CRYPT_LIBS@ \
-    @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
-
-stringtest_LDFLAGS = \
-    @LW_LDFLAGS@
diff --git a/vmdir/tools/test/string/VmDirAllocateStringA.c b/vmdir/tools/test/string/VmDirAllocateStringA.c
deleted file mode 100644
index 4f1909df0..000000000
--- a/vmdir/tools/test/string/VmDirAllocateStringA.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-VOID
-_Test_VmdirAllocateStringA_NullSourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = (PSTR)0xDEADBEEF;
-
-    dwError = VmDirAllocateStringA(NULL, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(pszString == NULL);
-}
-
-VOID
-_Test_VmdirAllocateStringA_EmptySourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringA("", &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(*pszString == '\0');
-}
-
-VOID
-_Test_VmdirAllocateStringA_NullDestinationString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirAllocateStringA("test", NULL);
-    ASSERT(dwError == 0);
-}
-
-VOID
-_Test_VmdirAllocateStringA_CallShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringA("Hello, world!", &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(pszString, "Hello, world!") == 0);
-}
-
-
-VOID
-TestVmDirAllocateStringA(
-    VOID
-    )
-{
-    printf("Testing VmDirAllocateStringA ...\n");
-    _Test_VmdirAllocateStringA_NullSourceString();
-    _Test_VmdirAllocateStringA_EmptySourceString();
-    _Test_VmdirAllocateStringA_NullDestinationString();
-    _Test_VmdirAllocateStringA_CallShouldSucceed();
-}
diff --git a/vmdir/tools/test/string/VmDirAllocateStringOfLenA.c b/vmdir/tools/test/string/VmDirAllocateStringOfLenA.c
deleted file mode 100644
index 732add5b6..000000000
--- a/vmdir/tools/test/string/VmDirAllocateStringOfLenA.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-VOID
-_Test_VmdirAllocateStringOfLenA_NullSourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = (PSTR)0xDEADBEEF;
-
-    dwError = VmDirAllocateStringOfLenA(NULL, 0, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(pszString == NULL);
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_EmptySourceString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringOfLenA("", 0, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(*pszString == '\0');
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_NullDestinationString(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirAllocateStringOfLenA("test", 2, NULL);
-    ASSERT(dwError == 0);
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_TooManyCharactersRequestedShouldFail(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringOfLenA("Hello, world!", 20, &pszString);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-}
-
-VOID
-_Test_VmdirAllocateStringOfLenA_CallShouldSucceed(
-    VOID
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = NULL;
-
-    dwError = VmDirAllocateStringOfLenA("Hello, world!", 5, &pszString);
-    ASSERT(dwError == 0);
-    ASSERT(strcmp(pszString, "Hello") == 0);
-}
-
-
-VOID
-TestVmDirAllocateStringOfLenA(
-    VOID
-    )
-{
-    printf("Testing VmDirAllocateStringOfLenA ...\n");
-    _Test_VmdirAllocateStringOfLenA_NullSourceString();
-    _Test_VmdirAllocateStringOfLenA_EmptySourceString();
-    _Test_VmdirAllocateStringOfLenA_NullDestinationString();
-    _Test_VmdirAllocateStringOfLenA_TooManyCharactersRequestedShouldFail();
-    _Test_VmdirAllocateStringOfLenA_CallShouldSucceed();
-}
diff --git a/vmdir/tools/test/string/defines.h b/vmdir/tools/test/string/defines.h
deleted file mode 100644
index 11c78754c..000000000
--- a/vmdir/tools/test/string/defines.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#define ASSERT(a) if (!(a)) { \
-                    printf("Assertion failed ==> %s (%s:%d)\n", #a, __FILE__, __LINE__); \
-                    exit(0); \
-                  }
diff --git a/vmdir/tools/test/string/includes.h b/vmdir/tools/test/string/includes.h
deleted file mode 100644
index 67384d2a7..000000000
--- a/vmdir/tools/test/string/includes.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-/*
- * Module Name: vdcmerge
- *
- * Filename: includes.h
- *
- * Abstract:
- *
- * vdcmerge main module include file
- *
- */
-
-#include <config.h>
-
-#include <vmdirsys.h>
-
-#include <vmdir.h>
-#include <vmdirtypes.h>
-#include <vmdirdefines.h>
-#include <vmdirerrorcode.h>
-#include <vmdirerrors.h>
-#include <vmdircommon.h>
-#include <ldap.h>
-
-#include "defines.h"
-#include "prototypes.h"
diff --git a/vmdir/tools/test/string/main.c b/vmdir/tools/test/string/main.c
deleted file mode 100644
index b22145d89..000000000
--- a/vmdir/tools/test/string/main.c
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-#include "includes.h"
-
-int
-main(int argc, char* argv[])
-{
-    TestVmDirAllocateStringA();
-    TestVmDirAllocateStringOfLenA();
-    TestVmDirStringList();
-
-    return 0;
-}
diff --git a/vmdir/tools/test/string/prototypes.h b/vmdir/tools/test/string/prototypes.h
deleted file mode 100644
index 24b888782..000000000
--- a/vmdir/tools/test/string/prototypes.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-
-VOID
-TestVmDirAllocateStringOfLenA(
-    VOID
-    );
-
-VOID
-TestVmDirAllocateStringA(
-    VOID
-    );
-
-VOID
-TestVmDirStringList(
-    VOID
-    );
diff --git a/vmdir/tools/test/string/stringlist.c b/vmdir/tools/test/string/stringlist.c
deleted file mode 100644
index 182287378..000000000
--- a/vmdir/tools/test/string/stringlist.c
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-#include "includes.h"
-
-PSTR GenerateString(
-    VOID
-    )
-{
-    static DWORD i = 0;
-    PSTR pszString = NULL;
-    DWORD dwError = 0;
-
-    //
-    // This is a unit test so we assume that the allocation succeeds.
-    //
-    dwError = VmDirAllocateStringAVsnprintf(
-                &pszString,
-                "Test String #%d",
-                i++);
-    ASSERT(dwError == 0);
-
-    return pszString;
-}
-
-VOID
-TestStringListInitialization(
-    PVMDIR_STRING_LIST *ppStringList
-    )
-{
-    PVMDIR_STRING_LIST pStringList;
-    DWORD dwError = 0;
-
-    dwError = VmDirStringListInitialize(&pStringList, 10);
-    ASSERT(dwError == 0);
-    ASSERT(pStringList != NULL);
-    ASSERT(pStringList->dwCount == 0);
-    ASSERT(pStringList->dwSize == 10);
-
-    *ppStringList = pStringList;
-}
-
-VOID
-TestStringListInitializationCountTooBig(
-    VOID
-    )
-{
-    PVMDIR_STRING_LIST pStringList = NULL;
-    DWORD dwError = 0;
-
-    dwError = VmDirStringListInitialize(&pStringList, 0xFFFFFFFF);
-    ASSERT(dwError == VMDIR_ERROR_INVALID_PARAMETER);
-    ASSERT(pStringList == NULL);
-}
-
-VOID
-TestStringListAdd(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-    PCSTR pszString = GenerateString();
-
-    dwError = VmDirStringListAdd(pStringList, pszString);
-    ASSERT(dwError == 0);
-    ASSERT(VmDirStringListContains(pStringList, pszString));
-}
-
-VOID
-TestStringListAddWithReallocation(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    UINT i = 0;
-    DWORD dwMaxSize = 0;
-    DWORD dwError = 0;
-
-    dwMaxSize = pStringList->dwSize + 5;
-    for (i = pStringList->dwCount; i < dwMaxSize; ++i)
-    {
-        dwError = VmDirStringListAdd(
-                    pStringList,
-                    GenerateString());
-        ASSERT(dwError == 0);
-    }
-
-    ASSERT(pStringList->dwSize > pStringList->dwCount);
-    ASSERT(pStringList->dwSize > dwMaxSize);
-    ASSERT(pStringList->dwCount >= dwMaxSize);
-}
-
-VOID
-TestStringListAddLayout(
-    VOID
-    )
-{
-    PSTR ppszStrings[5];
-    DWORD dwError = 0;
-    DWORD i = 0;
-    PVMDIR_STRING_LIST pStringList;
-
-    dwError = VmDirStringListInitialize(&pStringList, 10);
-    ASSERT(dwError == 0);
-
-    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
-    {
-        ppszStrings[i] = GenerateString();
-        dwError = VmDirStringListAdd(pStringList, ppszStrings[i]);
-        ASSERT(dwError == 0);
-    }
-
-    ASSERT(pStringList->dwCount == VMDIR_ARRAY_SIZE(ppszStrings));
-
-    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
-    {
-        ASSERT(pStringList->pStringList[i] == ppszStrings[i]);
-    }
-
-    VmDirStringListFree(pStringList);
-}
-
-VOID
-TestStringListRemoveShouldSucceed(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-    PCSTR pszString = GenerateString();
-    DWORD dwCount = 0;
-
-    VmDirStringListAdd(pStringList, pszString);
-    ASSERT(dwError == 0);
-    ASSERT(VmDirStringListContains(pStringList, pszString));
-    dwCount = pStringList->dwCount;
-
-    dwError = VmDirStringListRemove(pStringList, pszString);
-    ASSERT(dwError == 0);
-    ASSERT(!VmDirStringListContains(pStringList, pszString));
-    ASSERT(dwCount == pStringList->dwCount + 1);
-}
-
-VOID
-TestStringListRemoveShouldHaveCorrectLayout(
-    VOID)
-{
-    PCSTR ppszStrings[] = {
-        "Test 1",
-        "Test 2",
-        "Test 3",
-        "Test 4",
-        "Test 5"
-    };
-    PVMDIR_STRING_LIST pStringList = NULL;
-    DWORD dwError = 0;
-    DWORD i = 0;
-
-    dwError = VmDirStringListInitialize(&pStringList, 10);
-    ASSERT(dwError == 0);
-
-    for (i = 0; i < VMDIR_ARRAY_SIZE(ppszStrings); ++i)
-    {
-        dwError = VmDirStringListAdd(pStringList, ppszStrings[i]);
-        ASSERT(dwError == 0);
-    }
-
-    dwError = VmDirStringListRemove(pStringList, ppszStrings[2]);
-    ASSERT(dwError == 0);
-    ASSERT(pStringList->dwCount == VMDIR_ARRAY_SIZE(ppszStrings) - 1);
-    ASSERT(pStringList->pStringList[0] == ppszStrings[0]);
-    ASSERT(pStringList->pStringList[1] == ppszStrings[1]);
-    ASSERT(pStringList->pStringList[2] == ppszStrings[3]);
-    ASSERT(pStringList->pStringList[3] == ppszStrings[4]);
-}
-
-VOID
-TestStringListRemoveShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-    PSTR pszString = GenerateString();
-
-    dwError = VmDirStringListRemove(pStringList, pszString);
-    ASSERT(dwError == VMDIR_ERROR_NOT_FOUND);
-    ASSERT(!VmDirStringListContains(pStringList, pszString));
-}
-
-VOID
-TestStringListRemoveNullShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    DWORD dwError = 0;
-
-    dwError = VmDirStringListRemove(pStringList, NULL);
-    ASSERT(dwError == VMDIR_ERROR_NOT_FOUND);
-    ASSERT(!VmDirStringListContains(pStringList, NULL));
-}
-
-VOID
-TestStringListContainsNullShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    ASSERT(!VmDirStringListContains(pStringList, NULL));
-}
-
-VOID
-TestStringListContainsShouldFail(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    ASSERT(!VmDirStringListContains(pStringList, GenerateString()));
-}
-
-VOID
-TestStringListFree(
-    PVMDIR_STRING_LIST pStringList
-    )
-{
-    VmDirStringListFree(pStringList);
-}
-
-VOID
-TestStringListFreeWithNull(
-    VOID
-    )
-{
-    VmDirStringListFree(NULL);
-}
-
-VOID TestVmDirStringList(
-    VOID
-    )
-{
-    PVMDIR_STRING_LIST pStringList;
-
-    printf("Testing VmDirStringList code ...\n");
-    TestStringListInitialization(&pStringList);
-    TestStringListInitializationCountTooBig();
-    TestStringListAdd(pStringList);
-    TestStringListAddWithReallocation(pStringList);
-    TestStringListAddLayout();
-    TestStringListRemoveShouldSucceed(pStringList);
-    TestStringListRemoveShouldHaveCorrectLayout();
-    TestStringListRemoveShouldFail(pStringList);
-    TestStringListRemoveNullShouldFail(pStringList);
-    TestStringListContainsNullShouldFail(pStringList);
-    TestStringListContainsShouldFail(pStringList);
-    TestStringListFree(pStringList);
-    TestStringListFreeWithNull();
-}
diff --git a/vmdir/tools/test/vmdirclienttest/Makefile.am b/vmdir/tools/test/vmdirclienttest/Makefile.am
index 088aec9bd..1fcff746b 100644
--- a/vmdir/tools/test/vmdirclienttest/Makefile.am
+++ b/vmdir/tools/test/vmdirclienttest/Makefile.am
@@ -5,18 +5,18 @@ vmdirclienttest_SOURCES = \
     saslclient.c
 
 vmdirclienttest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmdir/client \
+    -I$(top_builddir)/vmdir/client \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmdirclienttest_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
diff --git a/vmdir/tools/vdcaclmgr/Makefile.am b/vmdir/tools/vdcaclmgr/Makefile.am
index 598d714e1..59747f65f 100644
--- a/vmdir/tools/vdcaclmgr/Makefile.am
+++ b/vmdir/tools/vdcaclmgr/Makefile.am
@@ -6,18 +6,20 @@ vdcaclmgr_SOURCES = \
     main.c
 
 vdcaclmgr_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmdir/client \
+    -I$(top_builddir)/vmdir/client \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcaclmgr_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
     @LWREG_LIBS@ \
@@ -25,7 +27,10 @@ vdcaclmgr_LDADD = \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
+    @LDAP_LIBS@ \
+    @PTHREAD_LIBS@ \
+    @UUID_LIBS@ \
+    @LBER_LIBS@
 
 vdcaclmgr_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
diff --git a/vmdir/tools/vdcaclmgr/acl.c b/vmdir/tools/vdcaclmgr/acl.c
index 36114864d..ccd041f34 100644
--- a/vmdir/tools/vdcaclmgr/acl.c
+++ b/vmdir/tools/vdcaclmgr/acl.c
@@ -19,6 +19,28 @@ _VdcParsePermissionsString(
     PVMDIR_STRING_LIST pStringList
     );
 
+DWORD
+_VdcParseAceFlagString(
+    PCSTR pszAceFlags,
+    PVMDIR_STRING_LIST pStringList
+    );
+
+static
+DWORD
+_VdcAppendNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum
+    );
+
+static
+VOID
+_VdcSkipNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum
+    );
+
 //
 // Looks up the user's SID give a username. However, pUserName might already
 // be the SID, in which case we just return that. On exit the caller owns
@@ -69,63 +91,138 @@ _VdcLookupUserSid(
 }
 
 //
-// pszPermissionStatement will be of the form "Username:(PERMISSION)+". E.g.,
-// "testuser:RP" or "administrator:RPWP". Note that the username can also be
-// a SID.
+// pszPermissionStatement :: = GRANTEE:(PERMISSIONS)*:(ACE_FLAGS)*
+//
+// GRANTEE          : could be cn or SID
+// (PERMISSIONS)*   : optional permissions
+// (ACE_FLAGS)*     : optional ACE_FLAGS (currently support 'CI' 'OI')
+//
+// Should have at lest one PERMISSIONS or ACE_FLAGS; otherwise, return VMDIR_ERROR_INVALID_PARAMETER
 //
 DWORD
 _VdcParsePermissionStatement(
     PCSTR pszPermissionStatement,
     PLW_HASHMAP pUserToSidMapping,
     PSTR *ppszUserSid,
-    PVMDIR_STRING_LIST *ppPermissionList
+    PVMDIR_STRING_LIST *ppPermissionList,
+    PVMDIR_STRING_LIST *ppAceFlagList
     )
 {
     DWORD dwError = 0;
     PSTR pszUserSid = NULL;
-    PSTR pszUserName = NULL;
-    PSTR pszPermission = NULL;
-    PSTR pszStringEnd = NULL;
-    PVMDIR_STRING_LIST pPermissionList = NULL;
+    PVMDIR_STRING_LIST  pStrList = NULL;
+    PVMDIR_STRING_LIST  pPermissionList = NULL;
+    PVMDIR_STRING_LIST  pAceFlagList = NULL;
 
     dwError = VmDirStringListInitialize(&pPermissionList, DEFAULT_PERMISSION_LIST_SIZE);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pszStringEnd = strchr(pszPermissionStatement, ':');
-    if (pszStringEnd == NULL)
+    dwError = VmDirStringListInitialize(&pAceFlagList, DEFAULT_PERMISSION_LIST_SIZE);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    dwError = VmDirStringToTokenListExt(pszPermissionStatement, ":", &pStrList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (!pStrList || pStrList->dwCount < 2 || pStrList->dwCount > 3)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
-    dwError = VmDirAllocateStringOfLenA(pszPermissionStatement, pszStringEnd - pszPermissionStatement, &pszUserName);
+    dwError = _VdcLookupUserSid(pUserToSidMapping, pStrList->pStringList[0], &pszUserSid);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VdcLookupUserSid(pUserToSidMapping, pszUserName, &pszUserSid);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pStrList->pStringList[1][0] != '\0')
+    {
+        dwError = _VdcParsePermissionsString(pStrList->pStringList[1], pPermissionList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
-    dwError = _VdcParsePermissionsString(++pszStringEnd, pPermissionList);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (pStrList->dwCount == 3 && pStrList->pStringList[2][0] != '\0')
+    {
+        dwError = _VdcParseAceFlagString(pStrList->pStringList[2], pAceFlagList);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
     //
-    // There should be at least one permission specified.
+    // no permission and no ace flag
     //
-    if (pPermissionList->dwCount == 0)
+    if (pPermissionList->dwCount == 0 && (pAceFlagList->dwCount == 0))
     {
         BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
     }
 
     *ppszUserSid = pszUserSid;
-    *ppPermissionList = pPermissionList;
+
+    if (pPermissionList->dwCount > 0)
+    {
+        *ppPermissionList = pPermissionList;
+        pPermissionList = NULL;
+    }
+
+    if (pAceFlagList->dwCount > 0)
+    {
+        *ppAceFlagList = pAceFlagList;
+        pAceFlagList = NULL;
+    }
 
 cleanup:
-    VMDIR_SAFE_FREE_STRINGA(pszUserName);
+    VmDirStringListFree(pStrList);
+    VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pAceFlagList);
+
     return dwError;
 
 error:
-    VMDIR_SAFE_FREE_STRINGA(pszPermission);
     VMDIR_SAFE_FREE_STRINGA(pszUserSid);
-    VmDirStringListFree(pPermissionList);
+
+    goto cleanup;
+}
+
+DWORD
+_VdcParseAceFlagString(
+    PCSTR pszAceFlags,
+    PVMDIR_STRING_LIST pStringList
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszFlag = NULL;
+
+    //
+    // All ace flags are two characters long so the length of the entire string should
+    // be even.
+    //
+    if (strlen(pszAceFlags) % SDDL_PERMISSION_LENGTH != 0)
+    {
+        dwError = VMDIR_ERROR_INVALID_ACE;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    while (*pszAceFlags)
+    {
+        //
+        // All ace flags are two characters long.
+        //
+        dwError = VmDirAllocateStringOfLenA(pszAceFlags, SDDL_PERMISSION_LENGTH, &pszFlag);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        pszAceFlags += SDDL_PERMISSION_LENGTH;
+
+        if (VmDirStringCompareA(pszFlag, "CI", TRUE) != 0 &&
+            VmDirStringCompareA(pszFlag, "OI", TRUE) != 0 )
+        {
+            BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_ACE);
+        }
+
+        dwError = VmDirStringListAdd(pStringList, pszFlag);
+        BAIL_ON_VMDIR_ERROR(dwError);
+        pszFlag = NULL;
+    }
+
+cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszFlag);
+    return dwError;
+
+error:
     goto cleanup;
 }
 
@@ -143,7 +240,7 @@ _VdcParsePermissionsString(
     //
     if (strlen(pszPermissions) % SDDL_PERMISSION_LENGTH != 0)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        dwError = VMDIR_ERROR_INVALID_ACE;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
@@ -502,19 +599,82 @@ DWORD
 _VdcAddAceToSecurityDescriptor(
     PCSTR pszObjectSD,
     PCSTR pszUserSid,
-    PCSTR pszPermission,
+    PVMDIR_STRING_LIST  pPermissionList,
+    PVMDIR_STRING_LIST  pAceFlagList,
+    BOOLEAN bVerbose,
     PSTR *ppszNewSecurityDescriptor
     )
 {
     DWORD dwError = 0;
+    PSTR pszPermission = NULL;
+    PSTR pszAceFlag = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
+    PSTR pszNewAce = NULL;
+    SIZE_T  dwTmpSize = 0;
+    DWORD   dwIdx = 0;
+
+    if (pPermissionList)
+    {
+        dwTmpSize = pPermissionList->dwCount * 2 + 1; //  +1 for null
+        dwError = VmDirAllocateMemory(dwTmpSize, (PVOID*)&pszPermission);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (dwIdx = 0; dwIdx < pPermissionList->dwCount; dwIdx++)
+        {
+            dwError = VmDirStringCatA(
+                        pszPermission,
+                        dwTmpSize,
+                        pPermissionList->pStringList[dwIdx]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    if (pAceFlagList)
+    {
+        dwTmpSize = pAceFlagList->dwCount * 2 + 1; //  +1 for null
+        dwError = VmDirAllocateMemory(dwTmpSize, (PVOID*)&pszAceFlag);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        for (dwIdx = 0; dwIdx < pAceFlagList->dwCount; dwIdx++)
+        {
+            dwError = VmDirStringCatA(
+                        pszAceFlag,
+                        dwTmpSize,
+                        pAceFlagList->pStringList[dwIdx]);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+
+    if (!pszPermission && !pszAceFlag)
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    dwError = VmDirAllocateStringPrintf(
+                &pszNewAce, "(A;%s;%s;;;%s)",
+                pszAceFlag ? pszAceFlag : "",
+                pszPermission ? pszPermission : "",
+                pszUserSid);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    if (bVerbose)
+    {
+        printf("New ACE: %s\n\n", pszNewAce);
+    }
 
-    dwError = VmDirAllocateStringPrintf(&pszNewSecurityDescriptor, "%s(A;;%s;;;%s)", pszObjectSD, pszPermission, pszUserSid);
+    dwError = VmDirAllocateStringPrintf(
+                &pszNewSecurityDescriptor,
+                "%s%s",
+                pszObjectSD,
+                pszNewAce);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszNewSecurityDescriptor = pszNewSecurityDescriptor;
 
 cleanup:
+    VMDIR_SAFE_FREE_MEMORY(pszAceFlag);
+    VMDIR_SAFE_FREE_MEMORY(pszPermission);
+    VMDIR_SAFE_FREE_MEMORY(pszNewAce);
     return dwError;
 
 error:
@@ -525,25 +685,32 @@ DWORD
 _VdcUpdateSecurityDescriptor(
     PSTR *ppszNewSecurityDescriptor,
     PCSTR pszObjectSD,
-    PCSTR pszAce,
-    PCSTR pszPermission,
-    BOOLEAN fAddPermission
+    PCSTR pszTargetAce,
+    PVMDIR_STRING_LIST  pPermissionList,
+    PVMDIR_STRING_LIST  pAceFlagList,
+    BOOLEAN fAddPermission,
+    BOOLEAN bVerbose
     )
 {
     DWORD dwError = 0;
     SIZE_T sDestinationBufferSize = 0;
     PSTR pszNewSecurityDescriptor = NULL;
     PSTR pszAceStart = NULL;
-    PSTR pszTokenizer = NULL;
+    PSTR pszRemainingSD = NULL;
+    PSTR pszNewAce = NULL;
+    PVMDIR_STRING_LIST  pLocalStrList = NULL;
 
     //
-    // +1 for the null.
+    // calculate buffer size
     //
-    sDestinationBufferSize = strlen(pszObjectSD) + strlen(pszPermission) + 1;
+    sDestinationBufferSize = strlen(pszObjectSD) +
+                             (pPermissionList ? pPermissionList->dwCount * 2 : 0) +   // permission is 2 chars
+                             (pAceFlagList ? pAceFlagList->dwCount * 2 : 0) +         // ace flag is 2 chars
+                             1;                                                       // +1 for null
     dwError = VmDirAllocateMemory(sDestinationBufferSize, (PVOID*)&pszNewSecurityDescriptor);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    pszAceStart = strstr(pszObjectSD, pszAce);
+    pszAceStart = strstr(pszObjectSD, pszTargetAce);
     dwError = VmDirStringNCpyA(
                 pszNewSecurityDescriptor,
                 sDestinationBufferSize,
@@ -551,61 +718,76 @@ _VdcUpdateSecurityDescriptor(
                 pszAceStart - pszObjectSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    //
-    // Skip ahead to the permssion section of the ACE.
-    //
-    pszTokenizer = strchr(pszAceStart, ';');
-    if (pszTokenizer == NULL)
+    pszRemainingSD = pszAceStart + VmDirStringLenA(pszTargetAce);
+
+    // separate pszTargetAce into token
+    dwError = VmDirStringToTokenListExt(pszTargetAce, ";", &pLocalStrList);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    // proper ACE should have 6 parts
+    if (pLocalStrList->dwCount != 6)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_ACE);
     }
-    pszTokenizer = strchr(pszTokenizer + 1, ';');
-    if (pszTokenizer == NULL)
+
+    if (fAddPermission)
     {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+        if (pPermissionList && pPermissionList->dwCount > 0)
+        {
+            dwError = _VdcAppendNewValue(pLocalStrList, pPermissionList, 2);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
 
-    pszTokenizer += 1;
+        if (pAceFlagList && pAceFlagList->dwCount > 0)
+        {
+            dwError = _VdcAppendNewValue(pLocalStrList, pAceFlagList, 1);
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
+    else
+    {   // delete permission
+        if (pPermissionList && pPermissionList->dwCount > 0)
+        {
+            _VdcSkipNewValue(pLocalStrList, pPermissionList, 2);
+        }
 
-    dwError = VmDirStringNCatA(
-                pszNewSecurityDescriptor,
-                sDestinationBufferSize,
-                pszAceStart,
-                pszTokenizer - pszAceStart);
-    BAIL_ON_VMDIR_ERROR(dwError);
+        if (pAceFlagList && pAceFlagList->dwCount > 0)
+        {
+            _VdcSkipNewValue(pLocalStrList, pAceFlagList, 1);
+        }
+    }
 
-    if (fAddPermission)
+    // make sure we have at least one permission; otherwise, skip this ACE.
+    if (pLocalStrList->pStringList[2][0] != '\0')
     {
-        //
-        // Add this permission to the ACE.
-        //
+        dwError = VmDirAllocateStringPrintf(
+                    &pszNewAce, "%s;%s;%s;%s;%s;%s",
+                    pLocalStrList->pStringList[0],
+                    pLocalStrList->pStringList[1],
+                    pLocalStrList->pStringList[2],
+                    pLocalStrList->pStringList[3],
+                    pLocalStrList->pStringList[4],
+                    pLocalStrList->pStringList[5]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+
+        if (bVerbose)
+        {
+            printf("Old ACE: %s\n", pszTargetAce);
+            printf("New ACE: %s\n\n", pszNewAce);
+        }
+
         dwError = VmDirStringCatA(
                     pszNewSecurityDescriptor,
                     sDestinationBufferSize,
-                    pszPermission);
+                    pszNewAce);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
     else
     {
-        while (*pszTokenizer != ';')
+        if (bVerbose)
         {
-            if (strncmp(pszTokenizer, pszPermission, SDDL_PERMISSION_LENGTH) == 0)
-            {
-                pszTokenizer += SDDL_PERMISSION_LENGTH;
-                continue;
-            }
-            else
-            {
-                dwError = VmDirStringNCatA(
-                            pszNewSecurityDescriptor,
-                            sDestinationBufferSize,
-                            pszTokenizer,
-                            SDDL_PERMISSION_LENGTH);
-                BAIL_ON_VMDIR_ERROR(dwError);
-                pszTokenizer += SDDL_PERMISSION_LENGTH;
-            }
+            printf("Old ACE: %s\n", pszTargetAce);
+            printf("New ACE: %s\n\n", "NULL");
         }
     }
 
@@ -615,12 +797,14 @@ _VdcUpdateSecurityDescriptor(
     dwError = VmDirStringCatA(
                 pszNewSecurityDescriptor,
                 sDestinationBufferSize,
-                pszTokenizer);
+                pszRemainingSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     *ppszNewSecurityDescriptor = pszNewSecurityDescriptor;
 
 cleanup:
+    VmDirStringListFree(pLocalStrList);
+    VMDIR_SAFE_FREE_MEMORY(pszNewAce);
     return dwError;
 
 error:
@@ -632,8 +816,10 @@ DWORD
 _VdcUpdateAclInSD(
     PCSTR pszObjectSD,
     PCSTR pszUserSid,
-    PCSTR pszPermission,
+    PVMDIR_STRING_LIST pPermissionList,
+    PVMDIR_STRING_LIST pAceFlagList,
     BOOLEAN fAddPermission,
+    BOOLEAN bVerbose,
     PSTR *ppszNewSD
     )
 {
@@ -642,9 +828,10 @@ _VdcUpdateAclInSD(
     DWORD dwUserAce = 0;
     PSTR pszOwnerSid = NULL;
     PSTR pszGroupSid = NULL;
+    PSTR pszSid = NULL;
     PVMDIR_STRING_LIST pAceList = NULL;
     BOOLEAN bFoundUser = FALSE;
-    PVMDIR_STRING_LIST pPermissionList = NULL;
+    PVMDIR_STRING_LIST pTmpList = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
 
     dwError = _VdcParseSecurityDescriptor(
@@ -656,13 +843,13 @@ _VdcUpdateAclInSD(
 
     for (i = 0; i < pAceList->dwCount; ++i)
     {
-        PSTR pszSid = NULL;
-
-        dwError = _VdcParseAce(pAceList->pStringList[i], &pszSid, &pPermissionList);
+        dwError = _VdcParseAce(pAceList->pStringList[i], &pszSid, &pTmpList);
         BAIL_ON_VMDIR_ERROR(dwError);
 
         bFoundUser = (strcmp(pszSid, pszUserSid) == 0);
         VMDIR_SAFE_FREE_STRINGA(pszSid);
+        VmDirStringListFree(pTmpList);
+        pTmpList = NULL;
 
         if (bFoundUser)
         {
@@ -673,22 +860,40 @@ _VdcUpdateAclInSD(
 
     if (bFoundUser)
     {
-        dwError = _VdcUpdateSecurityDescriptor(&pszNewSecurityDescriptor, pszObjectSD, pAceList->pStringList[dwUserAce], pszPermission, fAddPermission);
+        dwError = _VdcUpdateSecurityDescriptor(
+                    &pszNewSecurityDescriptor,
+                    pszObjectSD,
+                    pAceList->pStringList[dwUserAce],
+                    pPermissionList,
+                    pAceFlagList,
+                    fAddPermission,
+                    bVerbose);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
-    else
+    else if (fAddPermission)
     {
-        dwError = _VdcAddAceToSecurityDescriptor(pszObjectSD, pszUserSid, pszPermission, &pszNewSecurityDescriptor);
+        dwError = _VdcAddAceToSecurityDescriptor(
+                    pszObjectSD,
+                    pszUserSid,
+                    pPermissionList,
+                    pAceFlagList,
+                    bVerbose,
+                    &pszNewSecurityDescriptor);
         BAIL_ON_VMDIR_ERROR(dwError);
     }
+    else
+    {   // delete permission but no such ACE exists
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_ACE_NOT_FOUND);
+    }
 
     *ppszNewSD = pszNewSecurityDescriptor;
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszOwnerSid);
     VMDIR_SAFE_FREE_STRINGA(pszGroupSid);
+    VMDIR_SAFE_FREE_STRINGA(pszSid);
     VmDirStringListFree(pAceList);
-    VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pTmpList);
 
     return dwError;
 
@@ -701,7 +906,7 @@ VdcGrantPermissionToUser(
     LDAP *pLd,
     PLW_HASHMAP pUserToSidMapping,
     PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    COMMAND_LINE_PARAMETER_STATE*   pState
     )
 {
     DWORD dwError = 0;
@@ -710,45 +915,50 @@ VdcGrantPermissionToUser(
     PSTR pszUserSid = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
     PVMDIR_STRING_LIST pPermissionList = NULL;
-    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pAceFlagList = NULL;
 
     dwError = _VdcGetObjectSecurityDescriptor(pLd, pszObjectDN, &pszObjectSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = _VdcParsePermissionStatement(
-                pszPermissionStatement,
+                pState->pszGrantParameter,
                 pUserToSidMapping,
                 &pszUserSid,
-                &pPermissionList);
+                &pPermissionList,
+                &pAceFlagList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (dwIndex = 0; dwIndex < pPermissionList->dwCount; ++dwIndex)
-    {
-        dwError = _VdcUpdateAclInSD(
-                    pszObjectSD,
-                    pszUserSid,
-                    pPermissionList->pStringList[dwIndex],
-                    TRUE,
-                    &pszNewSecurityDescriptor);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    dwError = _VdcUpdateAclInSD(
+                pszObjectSD,
+                pszUserSid,
+                pPermissionList,
+                pAceFlagList,
+                TRUE,
+                pState->bVerbose,
+                &pszNewSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VdcLdapReplaceAttrOnEntries(pLd,
-                                          pszObjectDN,
-                                          LDAP_SCOPE_BASE,
-                                          pszFilter,
-                                          ATTR_ACL_STRING,
-                                          pszNewSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!pState->bDryrun)
+    {
+        dwError = VdcLdapReplaceAttrOnEntries(
+                    pLd,
+                    pszObjectDN,
+                    LDAP_SCOPE_BASE,
+                    pszFilter,
+                    ATTR_ACL_STRING,
+                    pszNewSecurityDescriptor);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszNewSecurityDescriptor);
     VMDIR_SAFE_FREE_STRINGA(pszFilter);
     VMDIR_SAFE_FREE_STRINGA(pszUserSid);
     VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pAceFlagList);
     return dwError;
 
 error:
@@ -760,7 +970,7 @@ VdcRemovePermissionFromUser(
     LDAP *pLd,
     PLW_HASHMAP pUserToSidMapping,
     PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    COMMAND_LINE_PARAMETER_STATE*   pState
     )
 {
     DWORD dwError = 0;
@@ -769,40 +979,49 @@ VdcRemovePermissionFromUser(
     PSTR pszUserSid = NULL;
     PSTR pszNewSecurityDescriptor = NULL;
     PVMDIR_STRING_LIST pPermissionList = NULL;
-    DWORD dwIndex = 0;
+    PVMDIR_STRING_LIST pAceFlagList = NULL;
 
     dwError = _VdcGetObjectSecurityDescriptor(pLd, pszObjectDN, &pszObjectSD);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = _VdcParsePermissionStatement(pszPermissionStatement, pUserToSidMapping, &pszUserSid, &pPermissionList);
+    dwError = _VdcParsePermissionStatement(
+                pState->pszRemoveParameter,
+                pUserToSidMapping,
+                &pszUserSid,
+                &pPermissionList,
+                &pAceFlagList);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    for (dwIndex = 0; dwIndex < pPermissionList->dwCount; ++dwIndex)
-    {
-        dwError = _VdcUpdateAclInSD(
-                    pszObjectSD,
-                    pszUserSid,
-                    pPermissionList->pStringList[dwIndex],
-                    FALSE,
-                    &pszNewSecurityDescriptor);
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
+    dwError = _VdcUpdateAclInSD(
+                pszObjectSD,
+                pszUserSid,
+                pPermissionList,
+                pAceFlagList,
+                FALSE,
+                pState->bVerbose,
+                &pszNewSecurityDescriptor);
+    BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirAllocateStringPrintf(&pszFilter, "%s=*", ATTR_OBJECT_CLASS);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VdcLdapReplaceAttrOnEntries(pLd,
-                                          pszObjectDN,
-                                          LDAP_SCOPE_BASE,
-                                          pszFilter,
-                                          ATTR_ACL_STRING,
-                                          pszNewSecurityDescriptor);
-    BAIL_ON_VMDIR_ERROR(dwError);
+    if (!pState->bDryrun)
+    {
+        dwError = VdcLdapReplaceAttrOnEntries(
+                    pLd,
+                    pszObjectDN,
+                    LDAP_SCOPE_BASE,
+                    pszFilter,
+                    ATTR_ACL_STRING,
+                    pszNewSecurityDescriptor);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
 cleanup:
     VMDIR_SAFE_FREE_STRINGA(pszNewSecurityDescriptor);
     VMDIR_SAFE_FREE_STRINGA(pszUserSid);
     VmDirStringListFree(pPermissionList);
+    VmDirStringListFree(pAceFlagList);
     return dwError;
 
 error:
@@ -982,3 +1201,84 @@ VdcPrintSecurityDescriptorForObject(
 error:
     goto cleanup;
 }
+
+static
+DWORD
+_VdcAppendNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum)
+{
+    DWORD dwError;
+    DWORD dwIdx = 0;
+    SIZE_T dwNewSize = 0;
+
+    dwNewSize = VmDirStringLenA(pAceTokenList->pStringList[dwNum]) + (pNewValueList->dwCount*2) + 1;
+
+    dwError = VmDirReallocateMemory(
+                (PVOID)pAceTokenList->pStringList[dwNum],
+                (PVOID*)&(pAceTokenList->pStringList[dwNum]),
+                dwNewSize);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    //
+    // Add new values to proper ACE token
+    //
+    // TODO, it is ok to have duplicate permission. But we could have check and add only if it does not exists.
+    //
+    for (dwIdx = 0; dwIdx < pNewValueList->dwCount; dwIdx++)
+    {
+        dwError = VmDirStringCatA(
+                    (PSTR)pAceTokenList->pStringList[dwNum],
+                    dwNewSize,
+                    pNewValueList->pStringList[dwIdx]);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+static
+VOID
+_VdcSkipNewValue(
+    PVMDIR_STRING_LIST  pAceTokenList,
+    PVMDIR_STRING_LIST  pNewValueList,
+    DWORD               dwNum)
+{
+    DWORD dwIdx = 0;
+    PSTR  pszHead = NULL;
+    PSTR  pszCurrent = NULL;
+
+    pszHead = pszCurrent = (PSTR)pAceTokenList->pStringList[dwNum];
+
+    while (*pszCurrent != '\0')
+    {
+        for (dwIdx = 0; dwIdx < pNewValueList->dwCount; dwIdx++)
+        {
+            if (strncmp(pszCurrent, pNewValueList->pStringList[dwIdx], SDDL_PERMISSION_LENGTH) == 0)
+            {
+                break;
+            }
+        }
+
+        if (dwIdx == pNewValueList->dwCount)
+        {
+            if (pszHead != pszCurrent)
+            {
+                *(pszHead)   = *(pszCurrent);
+                *(pszHead+1) = *(pszCurrent+1);
+            }
+
+            pszHead += 2;
+        }
+
+        pszCurrent += 2;
+    }
+
+    *pszHead = '\0';
+
+    return;
+}
diff --git a/vmdir/tools/vdcaclmgr/main.c b/vmdir/tools/vdcaclmgr/main.c
index e15ac3833..7515bd16c 100644
--- a/vmdir/tools/vdcaclmgr/main.c
+++ b/vmdir/tools/vdcaclmgr/main.c
@@ -79,7 +79,22 @@ ShowUsage(
     PVOID pvContext
     )
 {
-    printf("Usage: vdcaclmgr -H <host> -u <user UPN> [-w <password> | -x <password file>] -b <base DN> -o <object DN> [-g <username:permissions>] [-d <username:permissions>] [-r] [-v]\n");
+
+    printf(
+        "Usage: vdcaclmgr { arguments }\n\n"
+        "Arguments:\n\n"
+        "\t-H\t<host name>\n\n"
+        "\t-u\t<user UPN> For example administrator@lw.local>\n\n"
+        "\t-o\t<DN of the target object to grant/delete permission to -g/-d username> For example cn=myContainer,dc=lw,dc=local\n"
+        "\t[-r]\t<recursively grant/delete permission to -o DN subtree>\n\n"
+        "\t-b\t<base DN to find users and groups to match -g/-d username>\n\n"
+        "\t[-g\t<grant username:FLAGS>]  For example -g DCAdmins:RP:CI\n"
+        "\t[-d\t<delete username:FALGS>] For example -d DCAdmins:WP:OI\n\n"
+        "\t[-v]\t<verbose output>\n\n"
+        "\t[-D]\t<dry run>\n\n"
+        "\t[-w <password> | -x <password file>]\n\n"
+        "Where FLAGS := (PERMISSIONS such as RPWP)*:(ACE_FLAGS such as CIOI)*\n\n"
+        "\t\n");
 }
 
 DWORD
@@ -182,6 +197,7 @@ VmDirMain(int argc, char* argv[])
             {'x', "password-file", CL_STRING_PARAMETER, &State.pszPasswordFile},
             {'v', "verbose", CL_NO_PARAMETER, &State.bVerbose},
             {'r', "recursive", CL_NO_PARAMETER, &State.bRecursive},
+            {'D', "dryrun", CL_NO_PARAMETER, &State.bDryrun},
 
             {0, 0, 0, 0}
     };
@@ -232,7 +248,8 @@ VmDirMain(int argc, char* argv[])
                         pLd,
                         pUserToSidMapping,
                         pObjectDNs->pStringList[dwStringIndex],
-                        State.pszGrantParameter);
+                        &State);
+
         }
         else if (State.pszRemoveParameter)
         {
@@ -240,7 +257,7 @@ VmDirMain(int argc, char* argv[])
                         pLd,
                         pUserToSidMapping,
                         pObjectDNs->pStringList[dwStringIndex],
-                        State.pszRemoveParameter);
+                        &State);
         }
         else
         {
diff --git a/vmdir/tools/vdcaclmgr/prototypes.h b/vmdir/tools/vdcaclmgr/prototypes.h
index a4b370853..541fa6cad 100644
--- a/vmdir/tools/vdcaclmgr/prototypes.h
+++ b/vmdir/tools/vdcaclmgr/prototypes.h
@@ -123,18 +123,18 @@ VdcLdapUnbind(
 //
 DWORD
 VdcGrantPermissionToUser(
-    LDAP *pLd,
+    LDAP*       pLd,
     PLW_HASHMAP pUserToSidMapping,
-    PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    PCSTR       pszObjectDN,
+    COMMAND_LINE_PARAMETER_STATE*   pState
     );
 
 DWORD
 VdcRemovePermissionFromUser(
-    LDAP *pLd,
+    LDAP*       pLd,
     PLW_HASHMAP pUserToSidMapping,
-    PCSTR pszObjectDN,
-    PCSTR pszPermissionStatement
+    PCSTR       pszObjectDN,
+    COMMAND_LINE_PARAMETER_STATE*   pState
     );
 
 DWORD
diff --git a/vmdir/tools/vdcaclmgr/stringlist.c b/vmdir/tools/vdcaclmgr/stringlist.c
deleted file mode 100644
index 9d8be7960..000000000
--- a/vmdir/tools/vdcaclmgr/stringlist.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the “License”); you may not
- * use this file except in compliance with the License.  You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an “AS IS” BASIS, without
- * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
- * License for the specific language governing permissions and limitations
- * under the License.
- */
-#include "includes.h"
-
-VOID
-VdcStringListFree(
-    PSTRING_LIST pStringList
-    )
-{
-    DWORD i = 0;
-
-    if (pStringList != NULL)
-    {
-        for (i = 0; i < pStringList->dwCount; ++i)
-        {
-            VmDirFreeStringA(pStringList->pStringList[i]);
-        }
-
-        pStringList->pStringList = NULL;
-        pStringList->dwCount = 0;
-    }
-}
-
-DWORD
-VdcStringListInitialize(
-    PSTRING_LIST *ppStringList,
-    DWORD dwInitialCount
-    )
-{
-    DWORD dwError = 0;
-    PSTRING_LIST pStringList = NULL;
-    size_t sAllocationSize = 0;
-
-    dwError = VmDirAllocateMemory(sizeof(*pStringList), (PVOID *)&pStringList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    sAllocationSize = dwInitialCount * sizeof(PSTR);
-    if (sAllocationSize < dwInitialCount)
-    {
-        dwError = VMDIR_ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDIR_ERROR(dwError);
-    }
-
-    dwError = VmDirAllocateMemory(sAllocationSize, (PVOID *)&pStringList->pStringList);
-    BAIL_ON_VMDIR_ERROR(dwError);
-
-    pStringList->dwCount = 0;
-    pStringList->dwSize = dwInitialCount;
-
-    *ppStringList = pStringList;
-
-cleanup:
-    return dwError;
-
-error:
-    VdcStringListFree(pStringList);
-    goto cleanup;
-}
-
-DWORD
-VdcStringListAdd(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    )
-{
-    DWORD dwError = 0;
-
-    if (pStringList->dwCount == pStringList->dwSize)
-    {
-        size_t iOldSize = pStringList->dwCount;
-        size_t iNewSize = pStringList->dwSize * 2;
-
-        //
-        // Check for overflow.
-        //
-        if (iNewSize < pStringList->dwSize)
-        {
-            dwError = VMDIR_ERROR_SIZELIMIT_EXCEEDED;
-            BAIL_ON_VMDIR_ERROR(dwError);
-        }
-
-        dwError = VmDirReallocateMemoryWithInit(
-                    pStringList->pStringList,
-                    (PVOID*)&pStringList->pStringList,
-                    (iNewSize + 1) * sizeof(PSTR),
-                    iOldSize * sizeof(PSTR));
-        BAIL_ON_VMDIR_ERROR(dwError);
-
-        pStringList->dwSize = iNewSize;
-    }
-
-    pStringList->pStringList[pStringList->dwCount++] = (PSTR)pszString;
-
-cleanup:
-    return dwError;
-
-error:
-    goto cleanup;
-}
-
-DWORD
-VdcStringListRemove(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    )
-{
-    DWORD i = 0;
-
-    for (i = 0; i < pStringList->dwCount; ++i)
-    {
-        if (strcmp(pStringList->pStringList[i], pszString) == 0)
-        {
-            memmove(&pStringList->pStringList[i],
-                    &pStringList->pStringList[i + 1],
-                    pStringList->dwCount - i - 1);
-            pStringList->dwCount -= 1;
-        }
-    }
-
-    //
-    // Specified string not found.
-    //
-    return VMDIR_ERROR_INVALID_PARAMETER;
-}
-
-BOOLEAN
-VdcStringListContains(
-    PSTRING_LIST pStringList,
-    PCSTR pszString
-    )
-{
-    DWORD i = 0;
-
-    for (i = 0; i < pStringList->dwCount; ++i)
-    {
-        if (strcmp(pStringList->pStringList[i], pszString) == 0)
-        {
-            return TRUE;
-        }
-    }
-
-    return FALSE;
-}
diff --git a/vmdir/tools/vdcaclmgr/structs.h b/vmdir/tools/vdcaclmgr/structs.h
index 59678f177..0ba2d7502 100644
--- a/vmdir/tools/vdcaclmgr/structs.h
+++ b/vmdir/tools/vdcaclmgr/structs.h
@@ -24,5 +24,6 @@ typedef struct
     PSTR pszPasswordFile;       // password file
     BOOLEAN bVerbose;           // Break down the object's ACL information.
     BOOLEAN bRecursive;         // Apply the operation to the specified object
+    BOOLEAN bDryrun;            // Do not make change to SD
                                 // and all objects below it.
 } COMMAND_LINE_PARAMETER_STATE, *PCOMMAND_LINE_PARAMETER_STATE;
diff --git a/vmdir/tools/vdcadmintool/Makefile.am b/vmdir/tools/vdcadmintool/Makefile.am
index 549ca58a2..614f243ee 100644
--- a/vmdir/tools/vdcadmintool/Makefile.am
+++ b/vmdir/tools/vdcadmintool/Makefile.am
@@ -6,29 +6,32 @@ vdcadmintool_SOURCES = \
     util.c
 
 vdcadmintool_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmdir/client \
+    -I$(top_builddir)/vmdir/client \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcadmintool_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
+    @UUID_LIBS@ \
     @SASL_LIBS@ \
-    @LDAP_LIBS@
+    @LDAP_LIBS@ \
+    @LBER_LIBS@
 
 vdcadmintool_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
diff --git a/vmdir/tools/vdcbackup/Makefile.am b/vmdir/tools/vdcbackup/Makefile.am
index 5d58b3ef4..c3367c979 100644
--- a/vmdir/tools/vdcbackup/Makefile.am
+++ b/vmdir/tools/vdcbackup/Makefile.am
@@ -4,15 +4,21 @@ vdcbackup_SOURCES = \
     main.c
 
 vdcbackup_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcbackup_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    @LWRSUTILS_LIBS@ \
+    @LWBASE_LIBS@ \
+    @LWREG_LIBS@ \
+    @CRYPTO_LIBS@ \
+    @LDAP_LIBS@ \
+    @UUID_LIBS@
 
 vdcbackup_LDFLAGS = \
     @LW_LDFLAGS@
diff --git a/vmdir/tools/vdcleavefed/Makefile.am b/vmdir/tools/vdcleavefed/Makefile.am
index 6c3322a03..d132bd907 100644
--- a/vmdir/tools/vdcleavefed/Makefile.am
+++ b/vmdir/tools/vdcleavefed/Makefile.am
@@ -5,22 +5,24 @@ vdcleavefed_SOURCES = \
     main.c
 
 vdcleavefed_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcleavefed_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
     @LWREG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@
 
diff --git a/vmdir/tools/vdcmetric/Makefile.am b/vmdir/tools/vdcmetric/Makefile.am
index 7081c79a6..6027df48c 100644
--- a/vmdir/tools/vdcmetric/Makefile.am
+++ b/vmdir/tools/vdcmetric/Makefile.am
@@ -6,24 +6,26 @@ vdcmetric_SOURCES = \
     main.c
 
 vdcmetric_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmdir/client \
+    -I$(top_builddir)/vmdir/client \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcmetric_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@
 
diff --git a/vmdir/tools/vdcpass/Makefile.am b/vmdir/tools/vdcpass/Makefile.am
index 51a38293b..24b0f1a10 100644
--- a/vmdir/tools/vdcpass/Makefile.am
+++ b/vmdir/tools/vdcpass/Makefile.am
@@ -5,24 +5,29 @@ vdcpass_SOURCES = \
     parseargs.c
 
 vdcpass_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcpass_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
+    @UUID_LIBS@ \
+    @SASL_LIBS@ \
+    @LDAP_LIBS@ \
+    @LBER_LIBS@
 
 vdcpass_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
diff --git a/vmdir/tools/vdcpromo/Makefile.am b/vmdir/tools/vdcpromo/Makefile.am
index 11ac99853..4fb129144 100644
--- a/vmdir/tools/vdcpromo/Makefile.am
+++ b/vmdir/tools/vdcpromo/Makefile.am
@@ -1,32 +1,35 @@
-bin_PROGRAMS = vdcpromo
+bin_PROGRAMS = vdcvmdirpromo
 
-vdcpromo_SOURCES = \
+vdcvmdirpromo_SOURCES = \
     parseargs.c \
     main.c
 
-vdcpromo_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+vdcvmdirpromo_CPPFLAGS = \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
-vdcpromo_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
+vdcvmdirpromo_LDADD = \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
+    @UUID_LIBS@ \
+    @SASL_LIBS@ \
     @LDAP_LIBS@ \
-    @PTHREAD_LIBS@
+    @LBER_LIBS@
 
-vdcpromo_LDFLAGS = \
+vdcvmdirpromo_LDFLAGS = \
     @DCERPC_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdir/tools/vdcrepadmin/Makefile.am b/vmdir/tools/vdcrepadmin/Makefile.am
index c88e77f30..0f14a25e4 100644
--- a/vmdir/tools/vdcrepadmin/Makefile.am
+++ b/vmdir/tools/vdcrepadmin/Makefile.am
@@ -2,28 +2,35 @@ bin_PROGRAMS = vdcrepadmin
 
 vdcrepadmin_SOURCES = \
     parseargs.c \
+    redundancy.c \
     main.c
 
 vdcrepadmin_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcrepadmin_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
+    @UUID_LIBS@ \
+    @SASL_LIBS@ \
+    @LDAP_LIBS@ \
+    @LBER_LIBS@
 
 vdcrepadmin_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
diff --git a/vmdir/tools/vdcrepadmin/defines.h b/vmdir/tools/vdcrepadmin/defines.h
index 258984464..a6f33c897 100644
--- a/vmdir/tools/vdcrepadmin/defines.h
+++ b/vmdir/tools/vdcrepadmin/defines.h
@@ -26,35 +26,41 @@
 #define VDCREPADMIN_FEATURE_DUMMY_DOMAIN_WRITE         "dummydomainwrite"
 #define VDCREPADMIN_QUERY_IS_FIRST_CYCLE_DONE          "isfirstcycledone"
 #define VDCREPADMIN_FEATURE_SHOW_ATTRIBUTE_METADATA    "showattributemetadata"
-
+#define VDCREPADMIN_FEATURE_ENABLE_REDUNDANT_TOPOLOGY  "enableredundanttopology"
 
 #ifndef _WIN32
 
-#define VDCREPADMIN_OPTION_SOURCE_HOSTNAME    'h'
-#define VDCREPADMIN_OPTION_TARGET_HOSTNAME    'H'
-#define VDCREPADMIN_OPTION_SOURCE_PORT        'p'
-#define VDCREPADMIN_OPTION_TARGET_PORT        'P'
-#define VDCREPADMIN_OPTION_SOURCE_USERNAME    'u'
-#define VDCREPADMIN_OPTION_SOURCE_PASSWORD    'w'
-#define VDCREPADMIN_OPTION_VERBOSE            'v'
-#define VDCREPADMIN_OPTION_TWO_WAY_REPL       '2'
-#define VDCREPADMIN_OPTION_FEATURE_SET        'f'
-#define VDCREPADMIN_OPTION_ENTRY_DN           'e'
-#define VDCREPADMIN_OPTION_ATTRIBUTE          'a'
-#define VDCREPADMIN_OPTIONS_VALID             "2h:H:p:P:D:u:w:vf:e:a:"
+#define VDCREPADMIN_OPTION_SOURCE_HOSTNAME      'h'
+#define VDCREPADMIN_OPTION_TARGET_HOSTNAME      'H'
+#define VDCREPADMIN_OPTION_SOURCE_PORT          'p'
+#define VDCREPADMIN_OPTION_TARGET_PORT          'P'
+#define VDCREPADMIN_OPTION_SOURCE_USERNAME      'u'
+#define VDCREPADMIN_OPTION_SOURCE_PASSWORD      'w'
+#define VDCREPADMIN_OPTION_VERBOSE              'v'
+#define VDCREPADMIN_OPTION_TWO_WAY_REPL         '2'
+#define VDCREPADMIN_OPTION_FEATURE_SET          'f'
+#define VDCREPADMIN_OPTION_ENTRY_DN             'e'
+#define VDCREPADMIN_OPTION_ATTRIBUTE            'a'
+#define VDCREPADMIN_OPTION_NO_INTERACTION       'n'
+#define VDCREPADMIN_OPTION_INCLUDE_OFFLINE_NODE 'o'
+#define VDCREPADMIN_OPTION_SITENAME             's'
+#define VDCREPADMIN_OPTIONS_VALID               "2h:H:p:P:D:u:w:vf:e:a:nos:"
 
 #else
-#define VDCREPADMIN_OPTION_SOURCE_HOSTNAME    "-h"
-#define VDCREPADMIN_OPTION_TARGET_HOSTNAME    "-H"
-#define VDCREPADMIN_OPTION_SOURCE_PORT        "-p"
-#define VDCREPADMIN_OPTION_TARGET_PORT        "-P"
-#define VDCREPADMIN_OPTION_SOURCE_USERNAME    "-u"
-#define VDCREPADMIN_OPTION_SOURCE_PASSWORD    "-w"
-#define VDCREPADMIN_OPTION_VERBOSE            "-v"
-#define VDCREPADMIN_OPTION_TWO_WAY_REPL       "-2"
-#define VDCREPADMIN_OPTION_FEATURE_SET        "-f"
-#define VDCREPADMIN_OPTION_ENTRY_DN           "-e"
-#define VDCREPADMIN_OPTION_ATTRIBUTE          "-a"
+#define VDCREPADMIN_OPTION_SOURCE_HOSTNAME      "-h"
+#define VDCREPADMIN_OPTION_TARGET_HOSTNAME      "-H"
+#define VDCREPADMIN_OPTION_SOURCE_PORT          "-p"
+#define VDCREPADMIN_OPTION_TARGET_PORT          "-P"
+#define VDCREPADMIN_OPTION_SOURCE_USERNAME      "-u"
+#define VDCREPADMIN_OPTION_SOURCE_PASSWORD      "-w"
+#define VDCREPADMIN_OPTION_VERBOSE              "-v"
+#define VDCREPADMIN_OPTION_TWO_WAY_REPL         "-2"
+#define VDCREPADMIN_OPTION_FEATURE_SET          "-f"
+#define VDCREPADMIN_OPTION_ENTRY_DN             "-e"
+#define VDCREPADMIN_OPTION_ATTRIBUTE            "-a"
+#define VDCREPADMIN_OPTION_NO_INTERACTION       "-n"
+#define VDCREPADMIN_OPTION_INCLUDE_OFFLINE_NODE "-o"
+#define VDCREPADMIN_OPTION_SITENAME             "-s"
 
 #endif
 
diff --git a/vmdir/tools/vdcrepadmin/main.c b/vmdir/tools/vdcrepadmin/main.c
old mode 100644
new mode 100755
index 1db26edcb..5690dd2ea
--- a/vmdir/tools/vdcrepadmin/main.c
+++ b/vmdir/tools/vdcrepadmin/main.c
@@ -175,8 +175,8 @@ _VmDirPrintReplStateList(
         printf("\nDomain Controller: %s\n",VDIR_SAFE_STRING(pReplStateList[dwCount]->pszHost));
         printf("  Invocation ID: ......... %s\n",VDIR_SAFE_STRING(pReplStateList[dwCount]->pszInvocationId));
         printf("  Replication Cycles: .... %d\n",pReplStateList[dwCount]->dwCycleCount);
-        printf("  Highest Replicable  USN: %lu\n",pReplStateList[dwCount]->maxConsumableUSN);
-        printf("  Highest Originating USN: %lu\n",pReplStateList[dwCount]->maxOriginatingUSN);
+        printf("  Highest Replicable  USN: %" PRId64 "\n",pReplStateList[dwCount]->maxConsumableUSN);
+        printf("  Highest Originating USN: %" PRId64 "\n",pReplStateList[dwCount]->maxOriginatingUSN);
 
 
         pVector = pReplStateList[dwCount]->pReplUTDVec;
@@ -249,7 +249,7 @@ _VmDirPrintReplStateList(
 
             partnerOrigUsn = pVector->maxOriginatingUSN;
 
-            dwError = VmDirAllocateStringPrintf(&pszHighestOrigUsn, "%10lu", partnerOrigUsn);
+            dwError = VmDirAllocateStringPrintf(&pszHighestOrigUsn, "%10" PRId64, partnerOrigUsn);
             BAIL_ON_VMDIR_ERROR(dwError);
 
             if (bPartnerFound)
@@ -276,7 +276,7 @@ _VmDirPrintReplStateList(
 
                         dwError = VmDirAllocateStringPrintf(
                                                 &pszLag,
-                                                "%ld",
+                                                "%" PRId64,
                                                 partnerLocalOrigUsn - partnerOrigUsn
                                                 );
                     }
@@ -287,14 +287,14 @@ _VmDirPrintReplStateList(
                 {
                     dwError = VmDirAllocateStringPrintf(
                                                 &pszHighestReplUsn,
-                                                "%lu",
+                                                "%" PRId64,
                                                 partnerReplUsn
                                                 );
                     BAIL_ON_VMDIR_ERROR(dwError);
 
                     dwError = VmDirAllocateStringPrintf(
                                                 &pszLag,
-                                                "%ld",
+                                                "%" PRId64,
                                                 partnerLocalUsn - partnerReplUsn
                                                 );
                     BAIL_ON_VMDIR_ERROR(dwError);
@@ -681,7 +681,7 @@ _VmDirDummyDomainWrite(
     dwError =  VmDirUPNToNameAndDomain(pszUserName, &pszName, &pszDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(pszDomainName, &pszDomainDN);
+    dwError = VmDirDomainNameToDN(pszDomainName, &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
 
     dwError = VmDirSafeLDAPBind(&pLd, pszHostName, pszUserName, pszPassword);
@@ -746,6 +746,8 @@ _VmDirDummyDomainWrite(
                                                   ATTR_COMMENT,
                                                   (PCSTR*) ppszVals);
         BAIL_ON_VMDIR_ERROR(dwError);
+
+        printf("Domain Controller: %s dummy write triggered\n", pszServerName);
     }
 
 cleanup:
@@ -764,6 +766,7 @@ _VmDirDummyDomainWrite(
     return dwError;
 
 error:
+    printf("%s failed %d\n\n", __FUNCTION__, dwError);
     goto cleanup;
 }
 
@@ -884,6 +887,9 @@ VmDirMain(int argc, char* argv[])
     DWORD                       dwReplPartnerInfoCount = 0;
     DWORD                       dwReplPartnerStatusCount = 0;
     DWORD                       dwServerInfoCount      = 0;
+    BOOLEAN bNoInteraction  = FALSE;
+    BOOLEAN bIncludeOffline = FALSE;
+    PSTR    pszSiteName     = NULL;
 
     CHAR        pszPath[MAX_PATH];
 
@@ -916,7 +922,10 @@ VmDirMain(int argc, char* argv[])
                     &pszTgtPort,
                     &pszEntryDn,
                     &pszAttribute,
-                    &bVerbose
+                    &pszSiteName,
+                    &bVerbose,
+                    &bNoInteraction,
+                    &bIncludeOffline
                     );
 
     if (bVerbose)
@@ -1070,7 +1079,7 @@ VmDirMain(int argc, char* argv[])
     else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_SHOW_ATTRIBUTE_METADATA,
                                   pszFeatureSet,
                                   TRUE) == 0 )
-       {
+    {
            dwError = _VmDirGetAttributeMetadata(
                                 pszSrcHostName,
                                 pszSrcUserName,
@@ -1080,7 +1089,22 @@ VmDirMain(int argc, char* argv[])
                                 );
            BAIL_ON_VMDIR_ERROR(dwError);
 
-       }
+    }
+    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_ENABLE_REDUNDANT_TOPOLOGY,
+                                  pszFeatureSet,
+                                  TRUE) == 0 )
+    {
+            dwError = VmDirEnableRedundantTopology(
+                                    bNoInteraction,
+                                    bIncludeOffline,
+                                    pszSrcHostName,
+                                    pszSrcPort,
+                                    pszSrcUserName,
+                                    pszSrcPassword,
+                                    pszSiteName
+                                    );
+            BAIL_ON_VMDIR_ERROR(dwError);
+    }
 
 cleanup:
     // Free internal memory used
diff --git a/vmdir/tools/vdcrepadmin/parseargs.c b/vmdir/tools/vdcrepadmin/parseargs.c
index a397c9938..2b625d3ff 100644
--- a/vmdir/tools/vdcrepadmin/parseargs.c
+++ b/vmdir/tools/vdcrepadmin/parseargs.c
@@ -41,21 +41,27 @@ VmDirParseArgs(
     PSTR*    ppszTgtPort,
     PSTR*    ppszEntryDn,
     PSTR*    ppszAttribute,
-    PBOOLEAN pbVerbose
+    PSTR*    ppszSiteName,
+    PBOOLEAN pbVerbose,
+    PBOOLEAN pbNoInteraction,
+    PBOOLEAN pbIncludeOffline
     )
 {
-    DWORD   dwError        = ERROR_SUCCESS;
-    PSTR    pszFeatureSet  = NULL;
-    PSTR    pszSrcHostName = NULL;
-    PSTR    pszSrcPort     = DEFAULT_LDAPS_PORT_STR;
-    PSTR    pszSrcUserName = NULL;
-    PSTR    pszSrcPassword = NULL;
-    PSTR    pszTgtHostName = NULL;
-    PSTR    pszTgtPort     = DEFAULT_LDAPS_PORT_STR;
-    PSTR    pszEntryDn     = NULL;
-    PSTR    pszAttribute   = NULL;
-    BOOLEAN bVerbose       = FALSE;
-    BOOLEAN bTwoWayRepl    = FALSE;
+    DWORD   dwError         = ERROR_SUCCESS;
+    PSTR    pszFeatureSet   = NULL;
+    PSTR    pszSrcHostName  = NULL;
+    PSTR    pszSrcPort      = DEFAULT_LDAPS_PORT_STR;
+    PSTR    pszSrcUserName  = NULL;
+    PSTR    pszSrcPassword  = NULL;
+    PSTR    pszTgtHostName  = NULL;
+    PSTR    pszTgtPort      = DEFAULT_LDAPS_PORT_STR;
+    PSTR    pszEntryDn      = NULL;
+    PSTR    pszAttribute    = NULL;
+    PSTR    pszSiteName     = NULL;
+    BOOLEAN bVerbose        = FALSE;
+    BOOLEAN bTwoWayRepl     = FALSE;
+    BOOLEAN bNoInteraction  = FALSE;
+    BOOLEAN bIncludeOffline = FALSE;
 
 #ifndef _WIN32
     int opt = 0;
@@ -65,16 +71,18 @@ VmDirParseArgs(
 #endif
 
     if (
-           ppszFeatureSet  == NULL
-        || ppszSrcHostName == NULL
-        || ppszSrcPort     == NULL
-        || ppszSrcUserName == NULL
-        || ppszSrcPassword == NULL
-        || ppszTgtHostName == NULL
-        || ppszTgtPort     == NULL
-        || pbVerbose       == NULL
-        || pbTwoWayRepl    == NULL
-
+           ppszFeatureSet   == NULL
+        || ppszSrcHostName  == NULL
+        || ppszSrcPort      == NULL
+        || ppszSrcUserName  == NULL
+        || ppszSrcPassword  == NULL
+        || ppszTgtHostName  == NULL
+        || ppszTgtPort      == NULL
+        || pbVerbose        == NULL
+        || pbTwoWayRepl     == NULL
+        || pbIncludeOffline == NULL
+        || pbNoInteraction  == NULL
+        || ppszSiteName     == NULL
 
         )
     {
@@ -131,6 +139,18 @@ VmDirParseArgs(
                 pszAttribute = optarg;
                 break;
 
+            case VDCREPADMIN_OPTION_NO_INTERACTION:
+                bNoInteraction = TRUE;
+                break;
+
+            case VDCREPADMIN_OPTION_INCLUDE_OFFLINE_NODE:
+                bIncludeOffline = TRUE;
+                break;
+
+            case VDCREPADMIN_OPTION_SITENAME:
+                pszSiteName = optarg;
+                break;
+
             default:
                 dwError = ERROR_INVALID_PARAMETER;
                 BAIL_ON_VMDIR_ERROR(dwError);
@@ -208,6 +228,24 @@ VmDirParseArgs(
             {
                 VmDirGetCmdLineOption(argc, argv, &i, &pszAttribute);
             }
+            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_NO_INTERACTION,
+                                         argv[i],
+                                         TRUE) == 0)
+            {
+                bNoInteraction = TRUE;
+            }
+            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_INCLUDE_OFFLINE_NODE,
+                                         argv[i],
+                                         TRUE) == 0)
+            {
+                bIncludeOffline = TRUE;
+            }
+            else if (VmDirStringCompareA(VDCREPADMIN_OPTION_SITENAME,
+                                         argv[i],
+                                         TRUE) == 0)
+            {
+                VmDirGetCmdLineOption(argc, argv, &i, &pszSiteName);
+            }
 
         }
         i++;
@@ -350,23 +388,39 @@ VmDirParseArgs(
             BAIL_ON_VMDIR_ERROR(dwError);
         }
     }
+    else if ( VmDirStringCompareA(VDCREPADMIN_FEATURE_ENABLE_REDUNDANT_TOPOLOGY,
+                                  pszFeatureSet,
+                                  TRUE) == 0 )
+    {
+        if (
+               pszSrcHostName == NULL
+            || pszSrcUserName == NULL
+           )
+        {
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDIR_ERROR(dwError);
+        }
+    }
     else
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDIR_ERROR(dwError);
     }
 
-    *ppszFeatureSet  = pszFeatureSet;
-    *ppszSrcHostName = pszSrcHostName;
-    *ppszSrcPort     = pszSrcPort;
-    *ppszSrcUserName = pszSrcUserName;
-    *ppszSrcPassword = pszSrcPassword;
-    *ppszTgtHostName = pszTgtHostName;
-    *ppszTgtPort     = pszTgtPort;
-    *ppszEntryDn     = pszEntryDn;
-    *ppszAttribute   = pszAttribute;
-    *pbVerbose       = bVerbose;
-    *pbTwoWayRepl    = bTwoWayRepl;
+    *ppszFeatureSet     = pszFeatureSet;
+    *ppszSrcHostName    = pszSrcHostName;
+    *ppszSrcPort        = pszSrcPort;
+    *ppszSrcUserName    = pszSrcUserName;
+    *ppszSrcPassword    = pszSrcPassword;
+    *ppszTgtHostName    = pszTgtHostName;
+    *ppszTgtPort        = pszTgtPort;
+    *ppszEntryDn        = pszEntryDn;
+    *ppszAttribute      = pszAttribute;
+    *pbVerbose          = bVerbose;
+    *pbTwoWayRepl       = bTwoWayRepl;
+    *pbNoInteraction    = bNoInteraction;
+    *pbIncludeOffline   = bIncludeOffline;
+    *ppszSiteName       = pszSiteName;
 
 cleanup:
     return dwError;
@@ -416,5 +470,15 @@ ShowUsage(
         "                   -e <entry_dn> [-a <attribute>]\n"
         "                   -h <source_hostname> [-p <source_portnumber>]\n"
         "                   -u <source_username> [-w <source_password>]\n"
+        "       vdcrepadmin -f enableredundanttopology\n"
+        "                   -h <source_hostname> [-p <source_portnumber>]\n"
+        "                   -u <source_username> [-w <source_password>]\n"
+        "                   [-s <sitename>]\n"
+        "                   [-n]\n"
+        "                   [-o]\n"
+        "                   Note:   -n, -s, -o are optional arguments. In absence of -s, inter-site topology will be created\n"
+        "                           -s should be mentioned only for creating intra-site topology with sitename\n"
+        "                           -n is for No Interaction option,\n"
+        "                           -o is for considering non-reachable servers to create topology\n"
       );
 }
diff --git a/vmdir/tools/vdcrepadmin/prototypes.h b/vmdir/tools/vdcrepadmin/prototypes.h
old mode 100644
new mode 100755
index 4f6fa9f0c..5bc495d20
--- a/vmdir/tools/vdcrepadmin/prototypes.h
+++ b/vmdir/tools/vdcrepadmin/prototypes.h
@@ -30,7 +30,10 @@ VmDirParseArgs(
     PSTR*    ppszTgtPort,
     PSTR*    ppszEntryDn,
     PSTR*    ppszAttribute,
-    PBOOLEAN pbVerbose
+    PSTR*    ppszSiteName,
+    PBOOLEAN pbVerbose,
+    PBOOLEAN pbNoInteraction,
+    PBOOLEAN pIncludeOffline
     );
 
 VOID
@@ -38,3 +41,13 @@ ShowUsage(
     VOID
     );
 
+DWORD
+VmDirEnableRedundantTopology(
+    BOOLEAN             bNoInteraction,
+    BOOLEAN             bIncludeOffline,
+    PCSTR               pszSrcHostName,
+    PCSTR               pszSrcPort,
+    PCSTR               pszSrcUserName,
+    PCSTR               pszSrcPassword,
+    PCSTR               pszSiteName
+    );
diff --git a/vmdir/tools/vdcrepadmin/redundancy.c b/vmdir/tools/vdcrepadmin/redundancy.c
new file mode 100755
index 000000000..c7e19a1da
--- /dev/null
+++ b/vmdir/tools/vdcrepadmin/redundancy.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+
+/*
+ * Module Name: vdcrepadmin
+ *
+ * Filename: redundancy.c
+ *
+ * Abstract:
+ *
+ * vdcrepadmin's HA management feature entry point
+ *
+ */
+
+#include "includes.h"
+
+VOID
+_PrintOptionSelected(
+    BOOLEAN bNoInteraction,
+    BOOLEAN bIncludeOffline,
+    PCSTR   pszSiteName
+    )
+{
+    printf("\t\t--------------------Configuration--------------------\n\n");
+    printf("\tNote: Site Name Cannot be Displayed for Offline Nodes\n\n");
+    if (bNoInteraction)
+    {
+        printf("\tRunning the tool in No Interaction Mode\n\n");
+    }
+
+    if (bIncludeOffline)
+    {
+        printf("\tTool is allowed to consider non-reachable servers for creating topology\n\n");
+    }
+
+    if (pszSiteName)
+    {
+        printf("\tTool is fixing Intra-Site Region with site-name as %s\n\n",pszSiteName);
+    }
+    else
+    {
+        printf("\tTool is fixing Inter-Site Region\n\n");
+    }
+    printf("\t\t-----------------------------------------------------\n\n");
+}
+
+DWORD
+_PrintHAServerList(
+    PVMDIR_HA_SERVER_INFO* ppList,
+    DWORD   dwCount
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwCnt   = 0;
+    DWORD   dwPCnt  = 0;
+
+    if (!ppList || !dwCount)
+    {
+        printf("\t\tInvalid Parameter to Print List\n\n");
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+
+    for (dwCnt=0; dwCnt<dwCount; dwCnt++)
+    {
+        if (!(ppList[dwCnt]) || !(ppList[dwCnt]->pszHostName))
+        {
+            dwError = VMDIR_ERROR_INVALID_RESULT;
+            break;
+        }
+        printf("\t\t%s\n",ppList[dwCnt]->pszHostName);
+        if (ppList[dwCnt]->pszSiteName)
+        {
+            printf("\t\tSite: %s\n\n",ppList[dwCnt]->pszSiteName);
+        }
+        if (ppList[dwCnt]->dwPartnerCnt)
+        {
+            printf("\t\t\tPartner of Server are as follow:\n");
+            for (dwPCnt=0; dwPCnt<ppList[dwCnt]->dwPartnerCnt; dwPCnt++)
+            {
+                printf("\t\t\t\t%s\n",ppList[dwCnt]->ppPartnerList[dwPCnt]->pszHostName);
+                if (ppList[dwCnt]->ppPartnerList[dwPCnt]->pszSiteName)
+                {
+                    printf("\t\t\t\tSite: %s\n\n",ppList[dwCnt]->ppPartnerList[dwPCnt]->pszSiteName);
+                }
+            }
+            printf("\n");
+        }
+        else
+        {
+            printf("\t\t\tNo Partners of this server were found.\n\n");
+        }
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    printf("%s failed. Error code [%d]\n",
+           __FUNCTION__,
+           dwError);
+    goto cleanup;
+}
+
+DWORD
+_PrintTopologyServers(
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pTopology
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pTopology)
+    {
+        printf("\n\tSomething Terribly is wrong! Received NULL Topology pointer\n\n");
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    if (!(pTopology->ppConsiderList) || !(pTopology->dwConsiderListCnt))
+    {
+        printf("\n\tNo Appropriate Servers Found\n\n");
+    }
+    else
+    {
+        printf("\n\tConsidered Servers are as follow:\n\n");
+        dwError = _PrintHAServerList(
+                        pTopology->ppConsiderList,
+                        pTopology->dwConsiderListCnt);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    if (!(pTopology->ppOnlineList) || !(pTopology->dwOnlineListCnt))
+    {
+        printf("\n\tNo Online Servers Found\n\n");
+    }
+    else
+    {
+        printf("\n\tOnline Servers are as follow:\n\n");
+        dwError = _PrintHAServerList(
+                        pTopology->ppOnlineList,
+                        pTopology->dwOnlineListCnt);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    if (!(pTopology->ppOfflineList) || !(pTopology->dwOfflineListCnt))
+    {
+        printf("\n\tNo Offline Servers Found\n\n");
+    }
+    else
+    {
+        printf("\n\tOffline Servers are as follow:\n\n");
+        dwError = _PrintHAServerList(
+                        pTopology->ppOfflineList,
+                        pTopology->dwOfflineListCnt);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+cleanup:
+    return dwError;
+
+error:
+    printf("[%s] failed. Error code [%d]\n",
+           __FUNCTION__,
+           dwError);
+    goto cleanup;
+
+}
+
+DWORD
+_PrintTopologyChanges(
+    PVMDIR_HA_TOPOLOGY_CHANGES  pChanges
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pChanges)
+    {
+        printf("\n\tSomething Terribly is wrong! Received NULL pointer\n\n");
+        dwError = VMDIR_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    if (!(pChanges->ppAddLinkList) || !(pChanges->dwAddListCnt))
+    {
+        printf("\n\tNo Links to be Added\n\n");
+    }
+    else
+    {
+        printf("\n\tLinks to be added are as follow:\n\n");
+        dwError = _PrintHAServerList(
+                        pChanges->ppAddLinkList,
+                        pChanges->dwAddListCnt);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+    if (!(pChanges->ppDelLinkList) || !(pChanges->dwDelListCnt))
+    {
+        printf("\n\tNo Links to be Deleted\n\n");
+    }
+    else
+    {
+        printf("\n\tLinks to be deleted are as follow:\n\n");
+        dwError = _PrintHAServerList(
+                        pChanges->ppDelLinkList,
+                        pChanges->dwDelListCnt);
+        BAIL_ON_VMDIR_ERROR(dwError);
+    }
+cleanup:
+    return dwError;
+
+error:
+    printf("[%s] failed. Error code [%d]\n",
+           __FUNCTION__,
+           dwError);
+    goto cleanup;
+}
+
+DWORD
+_PromptForContinuation()
+{
+    CHAR    pszContinueStr[1 + 1] = {""}; // 1- for '0' or '1', 1- for '\0' character
+    DWORD   dwContinueVal = 1;
+
+    // read Integer to continue from stdin
+    VmDirReadString(
+        "Enter 1 to Continue, 0 to Abort: ",
+        pszContinueStr,
+        sizeof(pszContinueStr),
+        FALSE);
+    dwContinueVal = (DWORD)VmDirStringToIA(pszContinueStr);
+    if (dwContinueVal == 0)
+    {
+        printf("\n\tUser Decided to Abort and Therefore Aborting Task\n\n");
+    }
+    else if (dwContinueVal != 1)
+    {
+        printf("\n\tUser provided unrecognized input and Therefore Continuing Task\n\n");
+        dwContinueVal = 1;
+    }
+
+    return dwContinueVal;
+}
+
+DWORD
+VmDirEnableRedundantTopology(
+    BOOLEAN             bNoInteraction,
+    BOOLEAN             bIncludeOffline,
+    PCSTR               pszSrcHostName,
+    PCSTR               pszSrcPort,
+    PCSTR               pszSrcUserName,
+    PCSTR               pszSrcPassword,
+    PCSTR               pszSiteName
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwContinueVal = 1;
+    CHAR    flsh = '\0';
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pCurTopology = NULL;
+    PVMDIR_HA_REPLICATION_TOPOLOGY  pNewTopology = NULL;
+    PVMDIR_HA_TOPOLOGY_CHANGES  pTopologyChanges = NULL;
+
+    if (IsNullOrEmptyString(pszSrcHostName) ||
+        IsNullOrEmptyString(pszSrcUserName) ||
+        IsNullOrEmptyString(pszSrcPassword))
+    {
+        BAIL_WITH_VMDIR_ERROR(dwError, VMDIR_ERROR_INVALID_PARAMETER);
+    }
+
+    // VOID function, no return type to check
+    _PrintOptionSelected(
+        bNoInteraction,
+        bIncludeOffline,
+        pszSiteName
+        );
+
+    if (pszSiteName)
+    {
+        dwError = VmDirGetCurrentTopologyAtSite(
+                            pszSrcUserName,
+                            pszSrcPassword,
+                            pszSrcHostName,
+                            pszSiteName,
+                            bIncludeOffline,
+                            &pCurTopology);
+    }
+    else
+    {
+        dwError = VmDirGetCurrentGlobalTopology(
+                            pszSrcUserName,
+                            pszSrcPassword,
+                            pszSrcHostName,
+                            bIncludeOffline,
+                            &pCurTopology);
+    }
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    printf("\t\t----------------------Current Topology-----------------\n");
+    dwError = _PrintTopologyServers(pCurTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    printf("\t\t-------------------------------------------------------\n\n");
+
+    if (!bNoInteraction)
+    {
+        dwContinueVal = _PromptForContinuation();
+        if (!dwContinueVal)
+        {
+            goto cleanup;
+        }
+    }
+
+    dwError = VmDirGetProposedTopology(
+                    pCurTopology,
+                    &pNewTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    printf("\t\t----------------------New Topology-----------------\n");
+    dwError = _PrintTopologyServers(pNewTopology);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    printf("\t\t---------------------------------------------------\n\n");
+
+    if (!bNoInteraction)
+    {
+        scanf("%c", &flsh); // To read '\n' which was entered during last prompt
+        dwContinueVal = _PromptForContinuation();
+        if (!dwContinueVal)
+        {
+            goto cleanup;
+        }
+    }
+
+    dwError = VmDirGetChangesInTopology(
+                        pCurTopology,
+                        pNewTopology,
+                        &pTopologyChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    printf("\t\t----------------------Proposed Topology Changes-----------------\n");
+    dwError = _PrintTopologyChanges(pTopologyChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+    printf("\t\t----------------------------------------------------------------\n\n");
+
+    if (!bNoInteraction)
+    {
+        scanf("%c", &flsh); // To read '\n' which was entered during last prompt
+        dwContinueVal = _PromptForContinuation();
+        if (!dwContinueVal)
+        {
+            goto cleanup;
+        }
+    }
+
+    dwError = VmDirApplyTopologyChanges(pTopologyChanges);
+    BAIL_ON_VMDIR_ERROR(dwError);
+
+    printf("Topology was successfully modified and is now Highly Available Topology!!\n");
+
+cleanup:
+    VmDirFreeHATopologyData(pCurTopology);
+    VmDirFreeHATopologyData(pNewTopology);
+    VmDirFreeHATopologyChanges(pTopologyChanges);
+    return dwError;
+
+error:
+    VMDIR_LOG_ERROR(
+            VMDIR_LOG_MASK_ALL,
+            "%s failed with Error code [%d]\n",
+            __FUNCTION__,
+            dwError);
+    goto cleanup;
+}
diff --git a/vmdir/tools/vdcresetMachineActCred/Makefile.am b/vmdir/tools/vdcresetMachineActCred/Makefile.am
index b59b74252..f9b969392 100644
--- a/vmdir/tools/vdcresetMachineActCred/Makefile.am
+++ b/vmdir/tools/vdcresetMachineActCred/Makefile.am
@@ -5,23 +5,26 @@ vdcresetMachineActCred_SOURCES = \
     main.c
 
 vdcresetMachineActCred_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcresetMachineActCred_LDADD = \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@
 
diff --git a/vmdir/tools/vdcschema/Makefile.am b/vmdir/tools/vdcschema/Makefile.am
index 6fc35fd32..316299ddf 100644
--- a/vmdir/tools/vdcschema/Makefile.am
+++ b/vmdir/tools/vdcschema/Makefile.am
@@ -9,25 +9,28 @@ vdcschema_SOURCES = \
     util.c
 
 vdcschema_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
-    -I$(top_srcdir)/client \
-    -I$(top_builddir)/client \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
+    -I$(top_srcdir)/vmdir/client \
+    -I$(top_builddir)/vmdir/client \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcschema_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
+    @PTHREAD_LIBS@ \
     @LDAP_LIBS@
 
 vdcschema_LDFLAGS = \
diff --git a/vmdir/tools/vdcschema/util.c b/vmdir/tools/vdcschema/util.c
index 372ec861f..559b18b7e 100644
--- a/vmdir/tools/vdcschema/util.c
+++ b/vmdir/tools/vdcschema/util.c
@@ -70,6 +70,7 @@ VmDirSchemaPrintDiff(
     LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
     LW_HASHMAP_PAIR pair = {NULL, NULL};
     DWORD   i = 0;
+    BOOLEAN bDiv = FALSE;
 
     static PCSTR ppszModOp[4] = { "add", "delete", "replace", NULL };
 
@@ -103,16 +104,18 @@ VmDirSchemaPrintDiff(
         printf("dn: %s\n", pDiff->pszDN);
         printf("changetype: modify\n");
 
+        bDiv = FALSE;
         LwRtlHashMapResetIter(&iter);
         while (LwRtlHashMapIterate(pDiff->mods, &iter, &pair))
         {
+            printf("%s", bDiv ? "-\n" : "");
             pMod = (PVDIR_LDAP_MOD)pair.pValue;
             printf("%s: %s\n", ppszModOp[pMod->op], pMod->pszType);
             for (i = 0; pMod->pVals->pStringList[i]; i++)
             {
                 printf("%s: %s\n", pMod->pszType, pMod->pVals->pStringList[i]);
             }
-            printf("%s", iter.Inner.pNext ? "-\n" : "");
+            bDiv = TRUE;
         }
         pNode = pNode->pPrev;
     }
@@ -145,16 +148,18 @@ VmDirSchemaPrintDiff(
         printf("dn: %s\n", pDiff->pszDN);
         printf("changetype: modify\n");
 
+        bDiv = FALSE;
         LwRtlHashMapResetIter(&iter);
         while (LwRtlHashMapIterate(pDiff->mods, &iter, &pair))
         {
+            printf("%s", bDiv ? "-\n" : "");
             pMod = (PVDIR_LDAP_MOD)pair.pValue;
             printf("%s: %s\n", ppszModOp[pMod->op], pMod->pszType);
             for (i = 0; pMod->pVals->pStringList[i]; i++)
             {
                 printf("%s: %s\n", pMod->pszType, pMod->pVals->pStringList[i]);
             }
-            printf("%s", iter.Inner.pNext ? "-\n" : "");
+            bDiv = TRUE;
         }
         pNode = pNode->pPrev;
     }
diff --git a/vmdir/tools/vdcsetupldu/Makefile.am b/vmdir/tools/vdcsetupldu/Makefile.am
index d9cf961fe..0aa79f01f 100644
--- a/vmdir/tools/vdcsetupldu/Makefile.am
+++ b/vmdir/tools/vdcsetupldu/Makefile.am
@@ -5,24 +5,29 @@ vdcsetupldu_SOURCES = \
     parseargs.c
 
 vdcsetupldu_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcsetupldu_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
     @GSSAPI_LIBS@ \
-    @LDAP_LIBS@
+    @UUID_LIBS@ \
+    @SASL_LIBS@ \
+    @LDAP_LIBS@ \
+    @LBER_LIBS@
 
 vdcsetupldu_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
diff --git a/vmdir/tools/vdcsrp/Makefile.am b/vmdir/tools/vdcsrp/Makefile.am
index cbe098067..1c6a7a025 100644
--- a/vmdir/tools/vdcsrp/Makefile.am
+++ b/vmdir/tools/vdcsrp/Makefile.am
@@ -5,26 +5,27 @@ vdcsrp_SOURCES = \
     parseargs.c
 
 vdcsrp_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcsrp_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@
 
 vdcsrp_LDFLAGS = \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
-
diff --git a/vmdir/tools/vdcupgrade/Makefile.am b/vmdir/tools/vdcupgrade/Makefile.am
index 279724e7f..2d15c3cbe 100644
--- a/vmdir/tools/vdcupgrade/Makefile.am
+++ b/vmdir/tools/vdcupgrade/Makefile.am
@@ -6,22 +6,24 @@ vdcupgrade_SOURCES = \
     parseargs.c
 
 vdcupgrade_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/tools/include \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/tools/include \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vdcupgrade_LDADD = \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @CRYPTO_LIBS@ \
     @CRYPT_LIBS@ \
+    @UUID_LIBS@ \
     @GSSAPI_LIBS@ \
     @LDAP_LIBS@
 
diff --git a/vmdir/tools/vdcupgrade/main.c b/vmdir/tools/vdcupgrade/main.c
index da952f4b7..7bb0a3170 100644
--- a/vmdir/tools/vdcupgrade/main.c
+++ b/vmdir/tools/vdcupgrade/main.c
@@ -370,7 +370,7 @@ AddComputersContainer(
                   &pszDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomainName,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -446,7 +446,7 @@ AddCAContainer(
                   &pszDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomainName,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -520,7 +520,7 @@ AddBuiltinDCClientsGroup(
                   &pszDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomainName,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
@@ -595,7 +595,7 @@ AddBuiltinCAAdminsGroup(
                   &pszDomainName);
     BAIL_ON_VMDIR_ERROR(dwError);
 
-    dwError = VmDirSrvCreateDomainDN(
+    dwError = VmDirDomainNameToDN(
                   pszDomainName,
                   &pszDomainDN);
     BAIL_ON_VMDIR_ERROR(dwError);
diff --git a/vmdir/tools/vmkdc_admin/Makefile.am b/vmdir/tools/vmkdc_admin/Makefile.am
index cadef551b..c783dade5 100644
--- a/vmdir/tools/vmkdc_admin/Makefile.am
+++ b/vmdir/tools/vmkdc_admin/Makefile.am
@@ -1,7 +1,7 @@
 bin_PROGRAMS = vmkdc_admin
 
-thirdparty_srcdir = $(top_srcdir)/thirdparty
-thirdparty_builddir = $(top_builddir)/thirdparty
+thirdparty_srcdir = $(top_srcdir)/vmdir/thirdparty
+thirdparty_builddir = $(top_builddir)/vmdir/thirdparty
 
 vmkdc_admin_SOURCES = \
     addprinc.c \
@@ -9,23 +9,24 @@ vmkdc_admin_SOURCES = \
     main.c
 
 vmkdc_admin_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server \
+    -I$(top_srcdir)/vmdir/include \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmdir/server/include \
+    -I$(top_srcdir)/vmdir/server \
     -I$(thirdparty_srcdir)/heimdal \
     -I$(thirdparty_srcdir)/heimdal/krb5-crypto \
     -I$(thirdparty_srcdir)/heimdal/asn1 \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
 
 vmkdc_admin_LDADD = \
-    $(top_builddir)/server/kdckrb5/libvmkrb5.la \
-    $(top_builddir)/kdccommon/libkdccommon.la \
-    $(top_builddir)/client/libvmdirclient.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/server/kdctools/libvmkdctools.la \
+    $(top_builddir)/vmdir/server/kdckrb5/libvmkrb5.la \
+    $(top_builddir)/vmdir/kdccommon/libkdccommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmdir/common/libcommon.la \
+    $(top_builddir)/vmdir/server/kdctools/libvmkdctools.la \
     $(thirdparty_builddir)/heimdal/krb5-crypto/libkrb5crypto.la \
     $(thirdparty_builddir)/heimdal/asn1/libasn1.la \
     $(thirdparty_builddir)/heimdal/asn1/libasn1db.la \
@@ -33,6 +34,7 @@ vmkdc_admin_LDADD = \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
     @LWMSG_LIBS@ \
+    @LWRSUTILS_LIBS@ \
     @LWREG_LIBS@ \
     @LWBASE_LIBS@ \
     @UUID_LIBS@ \
diff --git a/vmdir/tools/vmkdc_admin/main.c b/vmdir/tools/vmkdc_admin/main.c
index cf040557d..7fe8f40c7 100644
--- a/vmdir/tools/vmkdc_admin/main.c
+++ b/vmdir/tools/vmkdc_admin/main.c
@@ -108,7 +108,8 @@ parseArgs(
 }
 
 typedef enum {
-    VMKDC_ADMIN_COMMAND_ADDPRINC=1,
+    VMKDC_ADMIN_COMMAND_NONE,
+    VMKDC_ADMIN_COMMAND_ADDPRINC,
     VMKDC_ADMIN_COMMAND_KTADD,
 } VMKDC_ADMIN_COMMANDS;
 
@@ -194,7 +195,7 @@ int _tmain(int argc, TCHAR *targv[])
     DWORD   dwError = 0;
     PROG_ARGS args = {0};
     int params = 0;
-    VMKDC_ADMIN_COMMANDS cmd;
+    VMKDC_ADMIN_COMMANDS cmd = VMKDC_ADMIN_COMMAND_NONE;
 
 #ifdef _WIN32
 
diff --git a/vmdns/build/Makefile.bootstrap b/vmdns/build/Makefile.bootstrap
index 06242556a..ee812ada4 100755
--- a/vmdns/build/Makefile.bootstrap
+++ b/vmdns/build/Makefile.bootstrap
@@ -53,7 +53,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/include/config.h.in* \
     $(SRCROOT)/install-sh \
     $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
+    $(SRCROOT)/missing \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=vmware-dns.spec
 
diff --git a/vmdns/build/package/rpm/vmware-dns.spec b/vmdns/build/package/rpm/vmware-dns.spec
deleted file mode 100644
index e9d728fa3..000000000
--- a/vmdns/build/package/rpm/vmware-dns.spec
+++ /dev/null
@@ -1,301 +0,0 @@
-Name:    vmware-dns
-Summary: DNS Service
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10
-BuildRequires:  coreutils >= 8.22, openssl-devel >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open-devel >= 6.2.10, vmware-directory-client-devel = %{version}
-%define _unpackaged_files_terminate_build 0
-
-%if 0%{?_sasl_prefix:1} == 0
-%define _sasl_prefix /usr
-%endif
-
-%if 0%{?_krb5_prefix:1} == 0
-%define _krb5_prefix /usr
-%endif
-
-%if 0%{?_likewise_open_prefix:1} == 0
-%define _likewise_open_prefix /opt/likewise
-%endif
-
-%define _likewise_open_bindir %{_likewise_open_prefix}/bin
-%define _likewise_open_sbindir %{_likewise_open_prefix}/sbin
-
-%define _krb5_lib_dir %{_krb5_prefix}/lib64
-%define _krb5_gss_conf_dir /etc/gss
-%define _logdir /var/log/lightwave
-%define _logconfdir /etc/syslog-ng/lightwave.conf.d
-
-%description
-VMware DNS Service
-
-%package client
-Summary: VMware DNS Client
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, krb5 >= 1.14, cyrus-sasl >= 2.1, likewise-open >= 6.2.10
-%description client
-Client libraries to communicate with DNS Service
-
-%package client-devel
-Summary: VMware DNS Client Development Library
-Requires: vmware-dns-client = %{version}
-%description client-devel
-Development Libraries to communicate with DNS Service
-
-%build
-export CFLAGS="-Wno-unused-but-set-variable -Wno-pointer-sign -Wno-implicit-function-declaration -Wno-address -Wno-enum-compare"
-cd build
-autoreconf -mif ..
-../configure \
-    --prefix=%{_prefix} \
-    --libdir=%{_lib64dir} \
-    --localstatedir=%{_localstatedir}/lib/vmware/vmdir \
-    --with-vmdir=%{_prefix} \
-    --with-likewise=%{_likewise_open_prefix} \
-    --with-ssl=/usr 
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=$RPM_BUILD_ROOT
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-        # Not in chroot
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                /bin/systemctl start lwsmd
-            fi
-        fi
-    fi
-
-%pre client
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-        # Not in chroot
-        if [ -z "`pidof lwsmd`" ]; then
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                /bin/systemctl start lwsmd
-            fi
-        fi
-    fi
-
-%post
-
-    /sbin/ldconfig
-
-    /bin/mkdir -m 755 -p %{_logdir}
-    /bin/mkdir -m 755 -p %{_logconfdir}
-    if [ -a %{_logconfdir}/vmdnsd-syslog-ng.conf ]; then
-        /bin/rm %{_logconfdir}/vmdnsd-syslog-ng.conf
-    fi
-    /bin/ln -s %{_datadir}/config/vmdnsd-syslog-ng.conf %{_logconfdir}/vmdnsd-syslog-ng.conf
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;         
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%post client
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-
-    case "$1" in
-        1)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns-client.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell import %{_datadir}/config/vmdns-client.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;         
-        2)
-            try_starting_lwregd_svc=true
-
-            if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            /bin/systemctl >/dev/null 2>&1
-            if [ $? -ne 0 ]; then
-                try_starting_lwregd_svc=false
-            fi
-
-            if [ $try_starting_lwregd_svc = true ]; then
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns-client.reg
-                %{_likewise_open_bindir}/lwsm -q refresh
-            else
-                started_lwregd=false
-                if [ -z "`pidof lwregd`" ]; then
-                    echo "Starting lwregd"
-                    %{_likewise_open_sbindir}/lwregd &
-                    started_lwregd=true
-                    sleep 5
-                fi
-                %{_likewise_open_bindir}/lwregshell upgrade %{_datadir}/config/vmdns-client.reg
-                if [ $started_lwregd = true ]; then
-                    kill -TERM `pidof lwregd`
-                    wait
-                fi
-            fi
-            ;;
-    esac
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            ;;
-    esac
-
-%preun client
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            ;;
-    esac
-
-%postun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    /sbin/ldconfig
-
-
-
-
-%postun client
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-    case "$1" in
-        0)
-            ;;
-    esac
-
-%files
-%defattr(-,root,root)
-%{_sbindir}/vmdnsd
-%{_datadir}/config/vmdns.reg
-%{_datadir}/config/vmdnsd-syslog-ng.conf
-
-%files client
-%defattr(-,root,root)
-%{_bindir}/vmdns-cli
-%{_datadir}/config/vmdns-client.reg
-%{_lib64dir}/libvmdnsclient.*
-
-%files client-devel
-%defattr(-,root,root,0755)
-%{_includedir}/vmdns.h
-%{_includedir}/vmdnstypes.h
-%{_lib64dir}/libvmdnsclient.*
-
-%exclude %{_bindir}/dnstest
-
-%changelog
diff --git a/vmdns/client/Makefile.am b/vmdns/client/Makefile.am
index a4a5933f0..3c8e984c3 100755
--- a/vmdns/client/Makefile.am
+++ b/vmdns/client/Makefile.am
@@ -1,12 +1,12 @@
 
 lib_LTLIBRARIES = libvmdnsclient.la
 
-idl_srcdir=$(top_srcdir)/idl
-idl_incdir=$(top_srcdir)/include/public
+idl_srcdir=$(top_srcdir)/vmdns/idl
+idl_incdir=$(top_srcdir)/vmdns/include/public
 
 libvmdnsclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -19,8 +19,8 @@ libvmdnsclient_la_SOURCES = \
     libmain.c
 
 libvmdnsclient_la_LIBADD = \
-    @top_builddir@/common/libcommon.la \
-    @top_builddir@/vmsock/api/libvmsock.la \
+    @top_builddir@/vmdns/common/libcommon.la \
+    @top_builddir@/vmdns/vmsock/api/libvmsock.la \
     @DCERPC_LIBS@ \
     @LWBASE_LIBS@ \
     @GSSAPI_LIBS@ \
@@ -39,6 +39,3 @@ BUILT_SOURCES = vmdns_h.h
 
 vmdns_h.h vmdns_cstub.c: $(idl_srcdir)/vmdns.idl
 	$(IDL) $(IDLFLAGS) -keep c_source -header vmdns_h.h -I$(idl_srcdir) -I$(idl_incdir) $<
-
-
-
diff --git a/vmdns/client/client.c b/vmdns/client/client.c
index 02084b54a..ba781b0d6 100755
--- a/vmdns/client/client.c
+++ b/vmdns/client/client.c
@@ -167,14 +167,17 @@ VMDNS_API
 VOID
 VmDnsCloseServer(PVMDNS_SERVER_CONTEXT pServerContext)
 {
-    if (pServerContext->hBinding)
-    {
-        DWORD dwError = 0;
-        rpc_binding_free(&pServerContext->hBinding, &dwError);
-        pServerContext->hBinding = NULL;
-    }
-
-    VMDNS_SAFE_FREE_MEMORY(pServerContext);
+	if(pServerContext)
+	{
+		if (pServerContext->hBinding)
+		{
+			DWORD dwError = 0;
+			rpc_binding_free(&pServerContext->hBinding, &dwError);
+			pServerContext->hBinding = NULL;
+		}
+
+		VMDNS_SAFE_FREE_MEMORY(pServerContext);
+	}
 }
 
 VMDNS_API
diff --git a/vmdns/client/rpc.c b/vmdns/client/rpc.c
index d5f3d2711..421964c91 100755
--- a/vmdns/client/rpc.c
+++ b/vmdns/client/rpc.c
@@ -222,17 +222,20 @@ VmDnsAllocateFromRpcZoneInfoArray(
                                      (PVOID*)&pZoneInfoArrayTemp);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmDnsAllocateMemory(sizeof(VMDNS_ZONE_INFO)*pZoneInfoArray->dwCount,
+    if (pZoneInfoArray->dwCount)
+    {
+       dwError = VmDnsAllocateMemory(sizeof(VMDNS_ZONE_INFO)*pZoneInfoArray->dwCount,
                                      (PVOID*)&pZoneInfoArrayTemp->ZoneInfos);
-    BAIL_ON_VMDNS_ERROR(dwError);
+       BAIL_ON_VMDNS_ERROR(dwError);
+    }
 
     for (; idx < pZoneInfoArray->dwCount; ++idx)
     {
         dwError = VmDnsCopyFromZoneInfo(&pZoneInfoArray->ZoneInfos[idx],
                                         &pZoneInfoArrayTemp->ZoneInfos[idx]);
+        pZoneInfoArrayTemp->dwCount++;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
-    pZoneInfoArrayTemp->dwCount = pZoneInfoArray->dwCount;
 
     *ppZoneInfoArray = pZoneInfoArrayTemp;
 
diff --git a/vmdns/common/Makefile.am b/vmdns/common/Makefile.am
index 900e5e7fa..b389f3bb0 100755
--- a/vmdns/common/Makefile.am
+++ b/vmdns/common/Makefile.am
@@ -32,8 +32,8 @@ libcommon_la_SOURCES = \
     utils.c
 
 libcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
diff --git a/vmdns/common/buffer.c b/vmdns/common/buffer.c
index 09310a7fe..bcca4e30a 100755
--- a/vmdns/common/buffer.c
+++ b/vmdns/common/buffer.c
@@ -1385,11 +1385,9 @@ VmDnsReadStringFromBuffer(
                         );
             BAIL_ON_VMDNS_ERROR(dwError);
 
-
             pVmDnsBuffer->szCursor += dwStringLength;
+            pszString[dwStringLength] = '\0';
         }
-
-        pszString[dwStringLength] = '\0';
     }
     else
     {
@@ -1446,7 +1444,7 @@ VmDnsReadOffsetStringFromBuffer(
     }
 
     dwError = VmDnsAllocateMemory(
-                        VMDNS_NAME_LENGTH_MAX + 1,
+                        VMDNS_NAME_LENGTH_MAX + 2,
                         (PVOID *)&pszTempString
                         );
     BAIL_ON_VMDNS_ERROR(dwError);
@@ -1455,7 +1453,9 @@ VmDnsReadOffsetStringFromBuffer(
 
     pszTempStringCursor = pszTempString;
 
+    // Get the first part of the label
     dwLabelLength = *(PUINT8)pCurrentPos;
+    pCurrentPos += sizeof(UINT8);
 
     while (dwLabelLength)
     {
@@ -1464,41 +1464,49 @@ VmDnsReadOffsetStringFromBuffer(
             dwError = ERROR_LABEL_TOO_LONG;
             BAIL_ON_VMDNS_ERROR(dwError);
         }
+        if (dwStringLength > VMDNS_NAME_LENGTH_MAX)
+        {
+            dwError = ERROR_LABEL_TOO_LONG;
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
+        if (dwLabelLength > (VMDNS_NAME_LENGTH_MAX - dwStringLength))
+        {
+            dwError = ERROR_LABEL_TOO_LONG;
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
 
         dwError = VmDnsCheckMemory(pVmDnsBuffer, dwLabelLength);
         BAIL_ON_VMDNS_ERROR(dwError);
 
-        pCurrentPos += sizeof(UINT8);
+        if ((pCurrentPos + dwLabelLength) >
+            (pVmDnsBuffer->pMessage + pVmDnsBuffer->szLength ))
+        {
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
 
         dwError = VmDnsCopyMemory(
                         pszTempStringCursor,
-                        dwLabelLength + 1,
+                        VMDNS_NAME_LENGTH_MAX - dwStringLength,
                         pCurrentPos,
                         dwLabelLength
                         );
+
         BAIL_ON_VMDNS_ERROR(dwError);
 
-        if (dwLabelLength > (VMDNS_NAME_LENGTH_MAX - dwStringLength))
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDNS_ERROR(dwError);
-        }
+        pCurrentPos += dwLabelLength;
+        pszTempStringCursor += dwLabelLength;
 
-        pszTempStringCursor[dwLabelLength]='.';
-        dwLabelLength++;
+        // Append . at the end
+        *pszTempStringCursor = '.';
+        ++dwLabelLength;
+        ++pszTempStringCursor;
 
-        pszTempStringCursor = &pszTempStringCursor[dwLabelLength];
         dwStringLength += dwLabelLength;
 
-        if (dwStringLength > VMDNS_NAME_LENGTH_MAX)
-        {
-            dwError = ERROR_LABEL_TOO_LONG;
-            BAIL_ON_VMDNS_ERROR(dwError);
-        }
-
-        pCurrentPos += dwLabelLength - 1;
-
+        // Go to the next part of the label
         dwLabelLength = *(PUINT8)pCurrentPos;
+        pCurrentPos += sizeof(UINT8);
     }
 
     bEndOfString = TRUE;
diff --git a/vmdns/common/logging.c b/vmdns/common/logging.c
index f3b25a16b..9b52c0b94 100755
--- a/vmdns/common/logging.c
+++ b/vmdns/common/logging.c
@@ -53,6 +53,11 @@ VmDnsLogInitialize(
    if (vmdns_syslog)
    {
       openlog("vmdnsd", 0, LOG_DAEMON);
+      setlogmask(LOG_UPTO(logLevelToSysLogLevel(vmdns_syslog_level)));
+   }
+   else
+   {
+      setlogmask(LOG_UPTO(LOG_ERR));
    }
 
 done:
@@ -161,6 +166,10 @@ logLevelToSysLogLevel(
    {
       case VMDNS_LOG_LEVEL_ERROR:
          return LOG_ERR;
+      case VMDNS_LOG_LEVEL_WARNING:
+         return LOG_WARNING;
+      case VMDNS_LOG_LEVEL_INFO:
+         return LOG_INFO;
       default:
          return LOG_DEBUG;
    }
diff --git a/vmdns/common/record.c b/vmdns/common/record.c
index 08027d522..87ae64762 100644
--- a/vmdns/common/record.c
+++ b/vmdns/common/record.c
@@ -63,6 +63,10 @@ VmDnsClearRecord(
         {
             gRecordMethods[idx].pfnClear(pRecord);
         }
+        else
+        {
+            VMDNS_SAFE_FREE_MEMORY(pRecord->pszName);
+        }
     }
 }
 
@@ -80,6 +84,10 @@ VmDnsRpcClearRecord(
         {
             gRecordMethods[idx].pfnRpcClear(pRecord);
         }
+        else
+        {
+            VmDnsRpcFreeMemory(pRecord->pszName);
+        }
     }
 }
 
@@ -1027,7 +1035,7 @@ VmDnsReadDomainNameFromBuffer(
     }
 
     dwError = VmDnsAllocateMemory(
-                        VMDNS_NAME_LENGTH_MAX + 1,
+                        VMDNS_NAME_LENGTH_MAX + 2,
                         (PVOID *)&pszTempString
                         );
     BAIL_ON_VMDNS_ERROR(dwError);
@@ -1062,22 +1070,17 @@ VmDnsReadDomainNameFromBuffer(
 
             if (!bEndOfString)
             {
-                // check if this a valid IPAddress
-                if (!VmDnsCheckIfIPV4AddressA(pszTempString)
-                    && !VmDnsCheckIfIPV6AddressA(pszTempString))
+                if (pszTempStringCursor[dwLabelLength - 1] != '.')
                 {
-                    if (pszTempStringCursor[dwLabelLength - 1] != '.')
-                    {
-                        pszTempStringCursor[dwLabelLength]='.';
-                        dwLabelLength++;
-                    }
+                    pszTempStringCursor[dwLabelLength]='.';
+                    dwLabelLength++;
                 }
            }
         }
 
-        pszTempStringCursor = &pszTempStringCursor[dwLabelLength];
-        VMDNS_SAFE_FREE_STRINGA(pszLabels);
+        pszTempStringCursor += dwLabelLength;
         dwTotalStringLength += dwLabelLength;
+        VMDNS_SAFE_FREE_STRINGA(pszLabels);
 
         if (dwTotalStringLength > VMDNS_NAME_LENGTH_MAX)
         {
@@ -1240,19 +1243,10 @@ VmDnsIsSupportedRecordType(
         dwRecordType == VMDNS_RR_TYPE_NS    ||
         dwRecordType == VMDNS_RR_TYPE_SOA   ||
         dwRecordType == VMDNS_RR_TYPE_SRV   ||
+        dwRecordType == VMDNS_RR_TYPE_PTR   ||
         dwRecordType == VMDNS_RR_QTYPE_ANY;
 }
 
-BOOL
-VmDnsIsUpdatePermitted(
-    VMDNS_RR_TYPE   dwRecordType
-    )
-{
-    return
-        dwRecordType == VMDNS_RR_TYPE_SOA   ||
-        dwRecordType == VMDNS_RR_TYPE_CNAME;
-}
-
 BOOL
 VmDnsIsRecordRType(
     VMDNS_RR_TYPE   dwRecordType
diff --git a/vmdns/common/string.c b/vmdns/common/string.c
index c9e6bc42f..e0790da4c 100755
--- a/vmdns/common/string.c
+++ b/vmdns/common/string.c
@@ -117,6 +117,38 @@ VmDnsAllocateStringPrintfVA(
     return ulError;
 }
 
+BOOLEAN
+VmDnsStringStartsWith(
+    PCSTR   pszStr,
+    PCSTR   pszPrefix,
+    BOOLEAN bIsCaseSensitive
+    )
+{
+    BOOLEAN bStartsWith = FALSE;
+
+    if (IsNullOrEmptyString(pszPrefix))
+    {
+        bStartsWith = TRUE;
+    }
+    else if (!IsNullOrEmptyString(pszStr))
+    {
+        size_t strlen = VmDnsStringLenA(pszStr);
+        size_t prefixlen = VmDnsStringLenA(pszPrefix);
+
+        if (strlen >= prefixlen)
+        {
+            if (VmDnsStringNCompareA(
+                    pszStr, pszPrefix, prefixlen, bIsCaseSensitive) == 0)
+            {
+                bStartsWith = TRUE;
+            }
+        }
+    }
+
+    return bStartsWith;
+}
+
+
 ULONG
 VmDnsAllocateStringPrintfA(
     OUT PSTR* ppszString,
diff --git a/vmdns/common/structs.h b/vmdns/common/structs.h
index 69b7f4b70..68fb1b4a4 100755
--- a/vmdns/common/structs.h
+++ b/vmdns/common/structs.h
@@ -38,8 +38,6 @@ typedef struct _VMDNS_COND
 
 typedef struct _VMDNS_RWLOCK
 {
-    pthread_key_t       readKey;
-    pthread_key_t       writeKey;
     pthread_rwlock_t    rwLock;
 } VMDNS_RWLOCK;
 
diff --git a/vmdns/common/threading.c b/vmdns/common/threading.c
index 273d6a4e9..244f34474 100755
--- a/vmdns/common/threading.c
+++ b/vmdns/common/threading.c
@@ -27,18 +27,6 @@
 
 #include "includes.h"
 
-static
-void
-VmDnsFreeLockCount(
-    void* pkeyData
-    );
-
-static
-int*
-VmDnsGetLockKey(
-    pthread_key_t*  pLockKey
-    );
-
 DWORD
 VmDnsAllocateMutex(
     PVMDNS_MUTEX* ppMutex
@@ -527,14 +515,6 @@ VmDnsAllocateRWLock(
     dwError = POSIX_TO_WIN32_ERROR(dwError);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = pthread_key_create(&pLock->readKey, VmDnsFreeLockCount);
-    dwError = POSIX_TO_WIN32_ERROR(dwError);
-    BAIL_ON_VMDNS_ERROR(dwError);
-
-    dwError = pthread_key_create(&pLock->writeKey, VmDnsFreeLockCount);
-    dwError = POSIX_TO_WIN32_ERROR(dwError);
-    BAIL_ON_VMDNS_ERROR(dwError);
-
     *ppLock = pLock;
 
 cleanup:
@@ -549,9 +529,11 @@ VmDnsFreeRWLock(
     PVMDNS_RWLOCK pLock
     )
 {
-    pthread_key_delete(pLock->readKey);
-    pthread_key_delete(pLock->writeKey);
-    VmDnsFreeMemory(pLock);
+    if (pLock)
+    {
+        pthread_rwlock_destroy(&pLock->rwLock);
+        VmDnsFreeMemory(pLock);
+    }
 }
 
 void
@@ -559,37 +541,7 @@ VmDnsLockRead(
     PVMDNS_RWLOCK  pLock
     )
 {
-    int* pWriteLockCount = VmDnsGetLockKey(&pLock->writeKey);
-    int* pReadLockCount = VmDnsGetLockKey(&pLock->readKey);
-
-    if (!pWriteLockCount || !pReadLockCount)
-    {
-        VMDNS_LOG_WARNING("Out of memory, try plain locking.");
-        pthread_rwlock_rdlock(&pLock->rwLock);
-    }
-    else
-    {
-        if (*pWriteLockCount > 0)
-        {
-            // Simply increment a read count but don't lock for read
-            // as that would cause undefined behavior.
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG,
-                     "Lock read when already holding %u write lock.",
-                     *pWriteLockCount);
-        }
-        else
-        {
-            if (*pReadLockCount == 0)
-            {
-                pthread_rwlock_rdlock(&pLock->rwLock);
-                VmDnsLog(VMDNS_LOG_LEVEL_DEBUG,
-                         "Actually locking for read. Result read count: %u\n",
-                         *pReadLockCount + 1);
-            }
-        }
-        (*pReadLockCount)++;
-        VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[++READ %u]\n", *pReadLockCount);
-    }
+    pthread_rwlock_rdlock(&pLock->rwLock);
 }
 
 int
@@ -597,47 +549,7 @@ VmDnsTryLockRead(
     PVMDNS_RWLOCK  pLock
     )
 {
-    int result = ERROR_BUSY;
-    int* pWriteLockCount = VmDnsGetLockKey(&pLock->writeKey);
-    int* pReadLockCount = VmDnsGetLockKey(&pLock->readKey);
-
-    if (pWriteLockCount && pReadLockCount)
-    {
-        if (*pWriteLockCount > 0)
-        {
-            // Simply increment a read count but don't lock for read
-            // as that would cause undefined behavior.
-            result = 0;
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG,
-                     "Lock read when already holding %u write lock.",
-                     *pWriteLockCount);
-        }
-        else
-        {
-            if (*pReadLockCount == 0)
-            {
-                result = pthread_rwlock_tryrdlock(&pLock->rwLock);
-                if (!result)
-                {
-                    VmDnsLog(VMDNS_LOG_LEVEL_DEBUG,
-                             "Locked for read. Result read count: %u\n",
-                             *pReadLockCount + 1);
-                }
-            }
-            else
-            {
-                result = 0;
-            }
-        }
-
-        if (!result)
-        {
-            (*pReadLockCount)++;
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[++READ %u]\n", *pReadLockCount);
-        }
-    }
-
-    return result;
+    return pthread_rwlock_tryrdlock(&pLock->rwLock);
 }
 
 void
@@ -645,38 +557,7 @@ VmDnsUnlockRead(
     PVMDNS_RWLOCK  pLock
     )
 {
-    int* pWriteLockCount = VmDnsGetLockKey(&pLock->writeKey);
-    int* pReadLockCount = VmDnsGetLockKey(&pLock->readKey);
-
-    if (!pWriteLockCount || !pReadLockCount)
-    {
-        VMDNS_LOG_ERROR("Out of memory, can't decrement lock count.");
-    }
-    else
-    {
-        if (*pWriteLockCount > 0)
-        {
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "Read unlock while already holding write lock.");
-        }
-        else
-        {
-            if (*pReadLockCount ==1)
-            {
-                pthread_rwlock_unlock(&pLock->rwLock);
-                VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[UNLOCK READ]");
-            }
-        }
-
-        if (*pReadLockCount > 0)
-        {
-            (*pReadLockCount)--;
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[--READ %u]\n", *pReadLockCount);
-        }
-        else
-        {
-            VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "Unexpected read unlock.");
-        }
-    }
+    pthread_rwlock_unlock(&pLock->rwLock);
 }
 
 void
@@ -684,22 +565,7 @@ VmDnsLockWrite(
     PVMDNS_RWLOCK  pLock
     )
 {
-    int* pWriteLockCount = VmDnsGetLockKey(&pLock->writeKey);
-    if (!pWriteLockCount)
-    {
-        VMDNS_LOG_WARNING("Out of memory, try plain locking.");
-        pthread_rwlock_wrlock(&pLock->rwLock);
-    }
-    else
-    {
-        if (*pWriteLockCount == 0)
-        {
-            pthread_rwlock_wrlock(&pLock->rwLock);
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[LOCK WRITE]");
-        }
-        (*pWriteLockCount)++;
-        VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[++WRITE %u]\n", *pWriteLockCount);
-    }
+    pthread_rwlock_wrlock(&pLock->rwLock);
 }
 
 int
@@ -707,42 +573,7 @@ VmDnsTryLockWrite(
     PVMDNS_RWLOCK  pLock
     )
 {
-    int result = ERROR_BUSY;
-    int* pWriteLockCount = VmDnsGetLockKey(&pLock->writeKey);
-    int* pReadLockCount = VmDnsGetLockKey(&pLock->readKey);
-    if (pWriteLockCount && pReadLockCount)
-    {
-        if (*pReadLockCount > 0)
-        {
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG,
-                    "Cannot wrlock with %u existing rdlock from same thread.\n",
-                    *pReadLockCount);
-            result = ERROR_POSSIBLE_DEADLOCK;
-        }
-        else
-        {
-            if (*pWriteLockCount <= 0)
-            {
-                result = pthread_rwlock_trywrlock(&pLock->rwLock);
-                if (result)
-                {
-                    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "trywrlock returned %u\n", result);
-                }
-            }
-            else
-            {
-                result = 0;
-            }
-
-            if (!result)
-            {
-                (*pWriteLockCount)++;
-                VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "[++WRITE %u]\n", *pWriteLockCount);
-            }
-        }
-    }
-
-    return result;
+    return pthread_rwlock_trywrlock(&pLock->rwLock);
 }
 
 void
@@ -750,71 +581,5 @@ VmDnsUnlockWrite(
     PVMDNS_RWLOCK  pLock
     )
 {
-    int* pWriteLockCount = VmDnsGetLockKey(&pLock->writeKey);
-    if (!pWriteLockCount)
-    {
-        VMDNS_LOG_ERROR("Out of memory, can't decrement lock count.");
-    }
-    else
-    {
-        if (*pWriteLockCount ==1)
-        {
-            pthread_rwlock_unlock(&pLock->rwLock);
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG,
-                    "[UNLOCK WRITE] result write count is %u.\n",
-                    *pWriteLockCount);
-        }
-
-        if (*pWriteLockCount > 0)
-        {
-            (*pWriteLockCount)--;
-            VmDnsLog(VMDNS_LOG_LEVEL_DEBUG, "[--WRITE %u]\n", *pWriteLockCount);
-        }
-        else
-        {
-            VmDnsLog(VMDNS_LOG_LEVEL_ERROR,
-                     "Unexpected unlock write, write count is %u.\n",
-                     *pWriteLockCount);
-        }
-    }
-}
-
-static
-void
-VmDnsFreeLockCount(
-    void* pkeyData
-    )
-{
-    VmDnsFreeMemory(pkeyData);
-}
-
-static
-int*
-VmDnsGetLockKey(
-    pthread_key_t*  pLockKey
-)
-{
-    DWORD dwError = ERROR_SUCCESS;
-    int* pCounter = NULL;
-
-    int* pCount = (int*)pthread_getspecific(*pLockKey);
-    if (!pCount)
-    {
-        dwError = VmDnsAllocateMemory(sizeof(int), (void**)&(pCounter));
-        BAIL_ON_VMDNS_ERROR(dwError);
-
-        dwError = pthread_setspecific(*pLockKey, pCounter);
-        dwError = POSIX_TO_WIN32_ERROR(dwError);
-        BAIL_ON_VMDNS_ERROR(dwError);
-        pCounter = NULL;
-
-        pCount = (int*)pthread_getspecific(*pLockKey);
-    }
-
-cleanup:
-    return pCount;
-
-error:
-    VMDNS_SAFE_FREE_MEMORY(pCounter);
-    goto cleanup;
+    pthread_rwlock_unlock(&pLock->rwLock);
 }
diff --git a/vmdns/common/utils.c b/vmdns/common/utils.c
index 2f91ec9d3..305b83ec7 100644
--- a/vmdns/common/utils.c
+++ b/vmdns/common/utils.c
@@ -128,17 +128,20 @@ VmDnsRpcCopyZoneInfoArray(
                                      (PVOID*)&pZoneInfoArrayTemp);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmDnsRpcAllocateMemory(sizeof(VMDNS_ZONE_INFO)*pZoneInfoArray->dwCount,
+    if (pZoneInfoArray->dwCount)
+    {
+       dwError = VmDnsRpcAllocateMemory(sizeof(VMDNS_ZONE_INFO)*pZoneInfoArray->dwCount,
                                      (PVOID*)&pZoneInfoArrayTemp->ZoneInfos);
-    BAIL_ON_VMDNS_ERROR(dwError);
+       BAIL_ON_VMDNS_ERROR(dwError);
+    }
 
     for (; idx < pZoneInfoArray->dwCount; ++idx)
     {
         dwError = VmDnsRpcCopyZoneInfo(&pZoneInfoArray->ZoneInfos[idx],
                                         &pZoneInfoArrayTemp->ZoneInfos[idx]);
+        pZoneInfoArrayTemp->dwCount++;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
-    pZoneInfoArrayTemp->dwCount = pZoneInfoArray->dwCount;
 
     *ppZoneInfoArray = pZoneInfoArrayTemp;
 
@@ -242,9 +245,14 @@ VmDnsGenerateReversZoneNameFromNetworkId(
 
     length = atoi(pLength);
 
-    dwError = VmDnsGeneratePtrNameFromIp(pszNetworkId, &family, &pszPtrName);
+    dwError = VmDnsGeneratePtrNameFromIp(pszNetworkId, &pszPtrName);
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    if (VmDnsStringChrA(pszNetworkId, ':'))
+    {
+        family = AF_INET6;
+    }
+
     if (family != AF_INET && family != AF_INET6)
     {
         dwError = ERROR_INVALID_PARAMETER;
@@ -299,7 +307,6 @@ VmDnsGenerateReversZoneNameFromNetworkId(
 DWORD
 VmDnsGeneratePtrNameFromIp(
     PCSTR pszIPAddress,
-    int*  pnFamily,
     PSTR* ppszPtrName
     )
 {
@@ -307,7 +314,7 @@ VmDnsGeneratePtrNameFromIp(
     DWORD dwAddr = 0;
     PSTR pszPtrName = NULL;
     BYTE* pByte = NULL;
-    int ret = 0;
+    DWORD ret = 0;
     int af = AF_INET;
     unsigned char buf[sizeof(struct in6_addr)];
 
@@ -335,7 +342,7 @@ VmDnsGeneratePtrNameFromIp(
         // Example: 11.1.193.128.in-addr.arpa
         dwError = VmDnsAllocateStringPrintfA(
                     &pszPtrName,
-                    "%d.%d.%d.%d%s",
+                    "%d.%d.%d.%d%s.",
                     (dwAddr & 0xFF000000) >> 24,
                     (dwAddr & 0xFF0000) >> 16,
                     (dwAddr & 0xFF00) >> 8,
@@ -359,7 +366,7 @@ VmDnsGeneratePtrNameFromIp(
                     &pszPtrName,
                     "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
                     "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x"
-                    "%s",
+                    "%s.",
                     LOW_HEX(pByte[15]), HIGH_HEX(pByte[15]),
                     LOW_HEX(pByte[14]), HIGH_HEX(pByte[14]),
                     LOW_HEX(pByte[13]), HIGH_HEX(pByte[13]),
@@ -382,10 +389,6 @@ VmDnsGeneratePtrNameFromIp(
     }
 
     *ppszPtrName = pszPtrName;
-    if (pnFamily)
-    {
-        *pnFamily = af;
-    }
 
 cleanup:
     return dwError;
@@ -406,31 +409,28 @@ VmDnsIsReverseZoneName(
     PCSTR pszTail = NULL;
     PCSTR suffix[] =
     {
-        PTR_NAME_SUFFIX_IP4,
-        PTR_NAME_SUFFIX_IP6
+        "in-addr.arpa.",
+        "ip6.arpa."
     };
+    ulNameLength = VmDnsStringLenA(pszZoneName);
 
     if (!pszZoneName || !pszZoneName[0])
     {
         return FALSE;
     }
 
-    ulNameLength = VmDnsStringLenA(pszZoneName);
-
     for (; idx < sizeof(suffix)/sizeof(PCSTR); ++idx)
     {
         ulSuffixLength = VmDnsStringLenA(suffix[idx]);
-        if (ulSuffixLength < ulNameLength)
+        pszTail = pszZoneName + ulNameLength - ulSuffixLength;
+
+        if (VmDnsStringCompareA(
+                pszTail,
+                suffix[idx],
+                FALSE) == 0)
         {
-            pszTail = pszZoneName + ulNameLength - ulSuffixLength;
-            if (VmDnsStringCompareA(
-                                pszTail,
-                                suffix[idx],
-                                FALSE) == 0)
-            {
-                result = TRUE;
-                break;
-            }
+            result = TRUE;
+            break;
         }
     }
 
@@ -676,3 +676,36 @@ VmDnsStringToLower(
      goto cleanup;
 }
 
+UINT64
+VmDnsGetTimeInMilliSec(
+    VOID
+    )
+{
+    UINT64            iTimeInMSec = 0;
+
+#ifdef _WIN32
+
+    FILETIME        currentFileTime = {0};
+    ULARGE_INTEGER  currentTime = {0};
+
+    GetSystemTimeAsFileTime(&currentFileTime);
+
+    currentTime.LowPart  = currentFileTime.dwLowDateTime;
+    currentTime.HighPart = currentFileTime.dwHighDateTime;
+
+    iTimeInMSec = (currentTime.QuadPart * 100) / NSECS_PER_MSEC;
+
+#elif !defined(__APPLE__)
+
+    struct timespec     timeValue = {0};
+
+    if (clock_gettime(CLOCK_REALTIME, &timeValue) == 0)
+    {
+        iTimeInMSec = timeValue.tv_sec * MSECS_PER_SEC + timeValue.tv_nsec / NSECS_PER_MSEC;
+    }
+
+#endif
+
+    return  iTimeInMSec;
+}
+
diff --git a/vmdns/config/Makefile.am b/vmdns/config/Makefile.am
index b5aa9454b..ffb55b73a 100755
--- a/vmdns/config/Makefile.am
+++ b/vmdns/config/Makefile.am
@@ -1,4 +1,6 @@
 vmdnsconf_DATA = \
     vmdns.reg    \
     vmdns-client.reg \
-    vmdnsd-syslog-ng.conf
+    vmdnsd-syslog-ng.conf \
+    vmdns-rest.json \
+    vmdns-telegraf.conf
diff --git a/vmdns/config/vmdns-rest.json b/vmdns/config/vmdns-rest.json
new file mode 100755
index 000000000..b8a456fb7
--- /dev/null
+++ b/vmdns/config/vmdns-rest.json
@@ -0,0 +1,54 @@
+{
+  "swagger": "2.0",
+  "info": {
+    "title": "Lightwave VmDns API",
+    "version": "1.3.0"
+  },
+  "schemes": [
+    "http"
+  ],
+  "host": "IPADDRESS_MARKER:7677",
+  "basePath": "/v1",
+  "produces": [
+    "application/json"
+  ],
+  "tags": [
+    {
+      "name": "VmDnsMetrics",
+      "description": "Metrics module for publishing metrics data"
+    }
+  ],
+  "paths": {
+    "/dns/metrics": {
+      "get": {
+        "summary": "Get metrics data",
+        "description": "Get metrics data",
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "Metrics response",
+            "schema": {
+              "$ref": "#/definitions/MetricsResponse"
+            }
+          }
+        },
+        "tags": [
+          "metrics"
+        ]
+      }
+    }
+  },
+  "definitions": {
+    "MetricsResponse": {
+      "type": "object",
+      "properties": {
+        "dns_metrics_data": {
+          "type": "string",
+          "format": "text/plain"
+        }
+      }
+    }
+  }
+}
diff --git a/vmdns/config/vmdns-telegraf.conf b/vmdns/config/vmdns-telegraf.conf
new file mode 100644
index 000000000..778a19eeb
--- /dev/null
+++ b/vmdns/config/vmdns-telegraf.conf
@@ -0,0 +1,6 @@
+[[inputs.procstat]]
+  exe="vmdnsd"
+  prefix="vmdns"
+
+[[inputs.prometheus]]
+  urls = ["http://localhost:7677/v1/dns/metrics"]
diff --git a/vmdns/config/vmdns.reg.in b/vmdns/config/vmdns.reg.in
index c229dfe6e..84af0428b 100644
--- a/vmdns/config/vmdns.reg.in
+++ b/vmdns/config/vmdns.reg.in
@@ -35,3 +35,8 @@
     value   = dword:00000001
     doc = "Set to '1' to allow DNS Protocol Listener"
 }
+"RestListenPort" = {
+    default = "7677p"
+    value   = "7677p"
+    doc = "Set 7677 as Rest Listener Port"
+}
diff --git a/vmdns/configure.ac b/vmdns/configure.ac
deleted file mode 100755
index 0bc8c9309..000000000
--- a/vmdns/configure.ac
+++ /dev/null
@@ -1,423 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([vmdns], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign subdir-objects])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-
-    linux*:x86_64)
-        PLATFORM_LIB_PREFIX=lib64
-        ;;
-    darwin*:x86_64)
-        PLATFORM_LIB_PREFIX=lib
-        ;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-MODACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([modacl],
-    [AC_HELP_STRING([--enable-modacl], [enable acl check on modify (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            MODACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$MODACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(MODACL_CHECK_DISABLED, "1", [ Disable ACL checks on modify ])
-fi
-
-DELACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([delacl],
-    [AC_HELP_STRING([--enable-delacl], [enable acl check on delete (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            DELACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$DELACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(DELACL_CHECK_DISABLED, "1", [ Disable ACL checks on delete ])
-fi
-
-SEAACL_CHECK_ENABLED="yes"
-AC_ARG_ENABLE([seaacl],
-    [AC_HELP_STRING([--enable-seaacl], [enable acl check on search (default: enabled)])],
-    [
-        if test x"$enableval" = x"no"
-        then
-            SEAACL_CHECK_ENABLED="no"
-        fi
-    ])
-
-if test x"$SEAACL_CHECK_ENABLED" = x"no"
-then
-AC_DEFINE_UNQUOTED(SEAACL_CHECK_DISABLED, "1", [ Disable ACL checks on search ])
-fi
-
-# openssl component
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib64
-    ;;
-    darwin*:x86_64)
-    OPEN_SSL_DEFAULT_PATH=/opt/vmware/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$OPEN_SSL_DEFAULT_PATH"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-# Likewise components
-
-case "${host_os}:${host_cpu}" in
-
-    linux*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib64
-    ;;
-    darwin*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    linux*:aarch64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-LW_RPATH=$LIKEWISE_DEFAULT_PATH
-AC_ARG_WITH([likewise-rpath],
-    [AC_HELP_STRING([--with-likewise-rpath=<dir>], [use Likewise libraries located at <dir> at runtime])],
-    [
-        LW_RPATH="$withval"
-    ])
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use Likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval/$PLATFORM_LIB_PREFIX"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use Likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use Likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval -Wl,-rpath,$LW_RPATH -Wl,-rpath-link,$withval"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$LW_BASE_PATH/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_ARG_WITH([dcerpc],
-    [AC_HELP_STRING([--with-dcerpc=<dir>], [use DCERPC binaries rooted at prefix <dir> ])],
-    [
-        DCERPC_PATH="$withval/bin"
-        DCERPC_INCLUDES="-I$withval/include"
-        DCERPC_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([dcerpc-includes],
-    [AC_HELP_STRING([--with-dcerpc-includes=<dir>], [use DCERPC headers located in prefix <dir> ])],
-    [
-        DCERPC_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([dcerpc-libs],
-    [AC_HELP_STRING([--with-dcerpc-libs=<dir>], [use DCERPC libraries located in prefix <dir> ])],
-    [
-        DCERPC_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lw/types.h uuid/uuid.h)
-AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-# VMDIR component
-VMDIR_DEFAULT_PATH=/usr/lib/vmware-vmdir/lib64
-
-VMDIR_RPATH=$VMDIR_DEFAULT_PATH
-AC_ARG_WITH([vmdir-rpath],
-    [AC_HELP_STRING([--with-vmdir-rpath=<dir>], [use vmdir libraries located at
-<dir> at runtime])],
-    [
-        VMDIR_RPATH="$withval"
-    ])
-
-AC_ARG_WITH([vmdir],
-    [AC_HELP_STRING([--with-vmdir=<dir>], [use VMDIR binaries rooted at prefix <dir> ])],
-    [
-        VMDIR_BASE_PATH="$withval"
-        VMDIR_INCLUDES="-I$withval/include"
-        VMDIR_LDFLAGS="-L$withval/lib64 -Wl,-rpath,$VMDIR_RPATH -Wl,-rpath-link,$withval/lib64"
-    ])
-
-AC_ARG_WITH([vmdir-includes],
-    [AC_HELP_STRING([--with-vmdir-includes=<dir>], [use VMDIR headers located in prefix <dir> ])],
-    [
-        VMDIR_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([vmdir-libs],
-    [AC_HELP_STRING([--with-vmdir-libs=<dir>], [use VMDIR libraries located in prefix <dir> ])],
-    [
-        VMDIR_LDFLAGS="-L$withval -Wl,-rpath,$VMDIR_RPATH -Wl,-rpath-link,$withval"
-    ])
-
-AC_SUBST(VMDIR_BASE_PATH)
-AC_SUBST(VMDIR_INCLUDES)
-AC_SUBST(VMDIR_LDFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $VMDIR_INCLUDES $DCERPC_INCLUDES"
-AC_CHECK_HEADERS(vmdirclient.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h arpa/inet.h fcntl.h)
-AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([uuid],[uuid_copy], [UUID_LIBS="-luuid"], [], [$LW_LDFLAGS -luuid])
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-AC_CHECK_LIB(
-              [lber],
-              [ber_scanf],
-              [LBER_LIBS="-llber"],
-              [],
-              [$LW_LDFLAGS -llber])
-#AC_CHECK_LIB([ldap_r], [ldap_initialize], [LDAP_LIBS="-lldap_r -llber -lsasl2"], [], [$LW_LDFLAGS -llber -lsasl2 $GSSAPI_LIBS])
-AC_CHECK_LIB(
-              [ldap_r],
-              [ldap_add_ext],
-              [LDAP_LIBS="-lldap_r -llber -lsasl2"],
-              [],
-              [$LW_LDFLAGS -llber -lsasl2 $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-
-AC_CHECK_LIB(
-    [vmdirclient],
-    [VmDirSetupHostInstance],
-    [VMDIR_LIBS="-lvmdirclient"],
-    [],
-    [$VMDIR_LDFLAGS -lvmdirclient $LW_LDFLAGS $DCERPC_LIBS $SCHANNEL_LIBS $LWMSG_LIBS $LWRSUTILS_LIBS $LWREG_LIBS $LWIO_LIBS $LWBASE_LIBS $LDAP_LIBS $PTHREAD_LIBS $UUID_LIBS $LWBASE_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-
-AC_CHECK_LIB([shadow], [getspnam], [SHADOW_LIBS="-lshadow"])
-AC_CHECK_LIB([crypt], [crypt_r], [CRYPT_LIBS="-lcrypt"])
-
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(SHADOW_LIBS)
-AC_SUBST(CRYPT_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(LBER_LIBS)
-AC_SUBST(VMDIR_LIBS)
-
-AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-if test x"$IDL" = x"no"; then
-    AC_MSG_ERROR([DCERPC IDL compiler not found])
-fi
-
-AS_AC_EXPAND(VMDNS_PREFIX_DIR, ["${prefix}"])
-
-AS_AC_EXPAND(VMDNS_SBIN_DIR, ["${sbindir}"])
-
-vmdnsconfdir="$datadir/config"
-AC_SUBST(vmdnsconfdir)
-AS_AC_EXPAND(VMDNS_CONFIG_DIR, $vmdnsconfdir)
-AC_DEFINE_UNQUOTED(VMDNS_CONFIG_DIR, "$VMDNS_CONFIG_DIR", [Config dns])
-
-initddir=$sysconfdir/init.d
-AC_SUBST(initddir)
-
-bootstrapdir=$VMDNS_PREFIX_DIR/firstboot
-AC_SUBST(bootstrapdir)
-
-firewalldir=$VMDNS_PREFIX_DIR/firewall
-AC_SUBST(firewalldir)
-
-AC_CONFIG_FILES([Makefile
-                 include/Makefile
-                 include/public/Makefile
-                 config/Makefile
-                 config/vmdns.reg
-                 config/vmdns-client.reg
-                 common/Makefile
-                 vmsock/Makefile
-                 vmsock/posix/Makefile
-                 vmsock/api/Makefile
-                 server/Makefile
-                 server/common/Makefile
-                 server/vmdns/Makefile
-                 client/Makefile
-                 tools/Makefile
-                 tools/cli/Makefile
-                 test/Makefile
-                ])
-AC_OUTPUT
-
diff --git a/vmdns/include/vmdnscommon.h b/vmdns/include/vmdnscommon.h
index 655ccc3a0..90816f071 100755
--- a/vmdns/include/vmdnscommon.h
+++ b/vmdns/include/vmdnscommon.h
@@ -57,10 +57,10 @@ typedef enum
 
 DWORD
 VmDnsLogInitialize(
-	PCSTR   pszLogFileName,
-	DWORD   dwMaximumOldFiles,
-	DWORD   dwMaxLogSizeBytes
-	);
+    PCSTR   pszLogFileName,
+    DWORD   dwMaximumOldFiles,
+    DWORD   dwMaxLogSizeBytes
+    );
 
 void
 VmDnsLogTerminate();
@@ -104,6 +104,10 @@ extern VMDNS_LOG_LEVEL VMDNSLogGetLevel();
         VMDNS_LOG_LEVEL_DEBUG,               \
     Format " [file: %s][line: %d]",     \
     ##__VA_ARGS__, __FILE__, __LINE__ )
+#define VMDNS_LOG_IO_RELEASE(pIoBuffer) \
+    VMDNS_LOG_DEBUG(                    \
+          "IoBuffer %p, Thread: %p, FUNCTION: %s", \
+           pIoBuffer, pthread_self(), __FUNCTION__)
 
 // Read write lock
 
@@ -290,6 +294,13 @@ VmDnsAllocateStringPrintfVA(
     va_list argList
     );
 
+BOOLEAN
+VmDnsStringStartsWith(
+    PCSTR   pszStr,
+    PCSTR   pszPrefix,
+    BOOLEAN bIsCaseSensitive
+    );
+
 ULONG
 VmDnsAllocateStringPrintfA(
     OUT PSTR* ppszString,
@@ -494,7 +505,12 @@ VmDnsTrimDomainNameSuffix(
 DWORD
 VmDnsGeneratePtrNameFromIp(
     PCSTR pszIPAddress,
-    int*  pnFamily,
+    PSTR* ppszPtrName
+    );
+
+DWORD
+VmDnsGeneratePtrNameFromIpQuery(
+    PCSTR pszIPAddress,
     PSTR* ppszPtrName
     );
 
@@ -890,11 +906,6 @@ VmDnsIsSupportedRecordType(
     VMDNS_RR_TYPE   dwRecordType
     );
 
-BOOL
-VmDnsIsUpdatePermitted(
-    VMDNS_RR_TYPE   dwRecordType
-    );
-
 BOOL
 VmDnsIsSupportedRecordType(
     VMDNS_RR_TYPE   dwRecordType
@@ -921,6 +932,11 @@ VmDnsStringToLower (
     PSTR *pszDstStr
     );
 
+UINT64
+VmDnsGetTimeInMilliSec(
+    VOID
+    );
+
 #define VMDNS_FREE_RECORD(pRecord) \
     if (pRecord) \
     { \
diff --git a/vmdns/include/vmdnsdefines.h b/vmdns/include/vmdnsdefines.h
index fc759e2aa..2f6ae890e 100755
--- a/vmdns/include/vmdnsdefines.h
+++ b/vmdns/include/vmdnsdefines.h
@@ -90,7 +90,7 @@ extern "C" {
     do {                                  \
         if ((bInLock))                    \
         {                                 \
-            VmDnsUnLockMutex(mutex);      \
+            VmDnsUnlockMutex(mutex);      \
             (bInLock) = FALSE;            \
         }                                 \
     } while (0)
@@ -209,6 +209,9 @@ extern "C" {
 #define VMDNS_DEFAULT_TTL               3600
 #define VMDNS_DEFAULT_LDAP_PORT         389
 #define VMDNS_DEFAULT_KDC_PORT          88
+/* Time */
+#define NSECS_PER_MSEC      1000000
+#define MSECS_PER_SEC       1000
 
 #ifdef __cplusplus
 }
diff --git a/vmdns/include/vmsock.h b/vmdns/include/vmsock.h
index 4fe7052aa..df19b2ddc 100644
--- a/vmdns/include/vmsock.h
+++ b/vmdns/include/vmsock.h
@@ -34,8 +34,11 @@ typedef struct _VM_SOCK_IO_BUFFER
     DWORD                    dwTotalBytesTransferred;
     struct sockaddr_storage  clientAddr;
     socklen_t                addrLen;
+    PVM_SOCKET               pClientSocket;
 } VM_SOCK_IO_BUFFER, *PVM_SOCK_IO_BUFFER;
 
+typedef PBYTE PVM_SOCK_EVENT_CONTEXT;
+
 typedef enum
 {
     VM_SOCK_EVENT_TYPE_UNKNOWN = 0,
@@ -68,7 +71,7 @@ typedef enum
  * @return DWORD - 0 on success
  */
 DWORD
-VmwSockInitialize(
+VmDnsSockInitialize(
     );
 
 /**
@@ -83,7 +86,7 @@ VmwSockInitialize(
  * @return 0 on success
  */
 DWORD
-VmwSockOpenClient(
+VmDnsSockOpenClient(
     PCSTR                pszHost,
     USHORT               usPort,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -104,7 +107,7 @@ VmwSockOpenClient(
  * @return 0 on success
  */
 DWORD
-VmwSockOpenServer(
+VmDnsSockOpenServer(
     USHORT               usPort,
     int                  iListenQueueSize,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -120,7 +123,7 @@ VmwSockOpenServer(
  * @return 0 on success
  */
 DWORD
-VmwSockStartListening(
+VmDnsSockStartListening(
     PVM_SOCKET           pSocket,
     int                  iListenQueueSize
     );
@@ -136,7 +139,7 @@ VmwSockStartListening(
  * @return 0 on success
  */
 DWORD
-VmwSockCreateEventQueue(
+VmDnsSockCreateEventQueue(
     int                   iEventQueueSize,
     PVM_SOCK_EVENT_QUEUE* ppQueue
     );
@@ -150,8 +153,9 @@ VmwSockCreateEventQueue(
  * @return 0 on success
  */
 DWORD
-VmwSockEventQueueAdd(
+VmDnsSockEventQueueAdd(
     PVM_SOCK_EVENT_QUEUE pQueue,
+    BOOL                 bOneShot,
     PVM_SOCKET           pSocket
     );
 
@@ -168,7 +172,7 @@ VmwSockEventQueueAdd(
  * @return 0 on success
  */
 DWORD
-VmwSockWaitForEvent(
+VmDnsSockWaitForEvent(
     PVM_SOCK_EVENT_QUEUE pQueue,
     int                  iTimeoutMS,
     PVM_SOCKET*          ppSocket,
@@ -185,7 +189,7 @@ VmwSockWaitForEvent(
  */
 
 VOID
-VmwSockCloseEventQueue(
+VmDnsSockCloseEventQueue(
     PVM_SOCK_EVENT_QUEUE pQueue
     );
 
@@ -198,7 +202,7 @@ VmwSockCloseEventQueue(
  */
 
 DWORD
-VmwSockSetNonBlocking(
+VmDnsSockSetNonBlocking(
     PVM_SOCKET           pSocket
     );
 
@@ -212,7 +216,7 @@ VmwSockSetNonBlocking(
  */
 
 DWORD
-VmwSockSetTimeOut(
+VmDnsSockSetTimeOut(
     PVM_SOCKET           pSocket,
     DWORD                dwTimeOut
     );
@@ -226,7 +230,7 @@ VmwSockSetTimeOut(
  *                            This will be one of { SOCK_STREAM, SOCK_DGRAM... }
  */
 DWORD
-VmwSockGetProtocol(
+VmDnsSockGetProtocol(
     PVM_SOCKET           pSocket,
     PDWORD               pdwProtocol
     );
@@ -241,7 +245,7 @@ VmwSockGetProtocol(
  * @return 0 on success
  */
 DWORD
-VmwSockSetData(
+VmDnsSockSetData(
     PVM_SOCKET           pSocket,
     PVOID                pData,
     PVOID*               ppOldData
@@ -256,7 +260,7 @@ VmwSockSetData(
  * @return 0 on success
  */
 DWORD
-VmwSockGetData(
+VmDnsSockGetData(
     PVM_SOCKET          pSocket,
     PVOID*              ppData
     );
@@ -274,7 +278,7 @@ VmwSockGetData(
  * @return 0 on success
  */
 DWORD
-VmwSockRead(
+VmDnsSockRead(
     PVM_SOCKET          pSocket,
     PVM_SOCK_IO_BUFFER  pIoBuffer
     );
@@ -295,7 +299,7 @@ VmwSockRead(
  * @return 0 on success
  */
 DWORD
-VmwSockWrite(
+VmDnsSockWrite(
     PVM_SOCKET              pSocket,
     const struct sockaddr*  pClientAddress,
     socklen_t               addrLength,
@@ -309,7 +313,7 @@ VmwSockWrite(
  */
 
 PVM_SOCKET
-VmwSockAcquire(
+VmDnsSockAcquire(
     PVM_SOCKET           pSocket
     );
 
@@ -318,7 +322,7 @@ VmwSockAcquire(
  *
  */
 VOID
-VmwSockRelease(
+VmDnsSockRelease(
     PVM_SOCKET           pSocket
     );
 
@@ -327,7 +331,7 @@ VmwSockRelease(
  *        This call does not release the reference to the socket or free it.
  */
 DWORD
-VmwSockClose(
+VmDnsSockClose(
     PVM_SOCKET           pSocket
     );
 
@@ -337,7 +341,7 @@ VmwSockClose(
  * @return TRUE(1) if the string is a valid IP Address, 0 otherwise.
  */
 BOOLEAN
-VmwSockIsValidIPAddress(
+VmDnsSockIsValidIPAddress(
     PCSTR                pszAddress
     );
 
@@ -351,17 +355,31 @@ VmwSockIsValidIPAddress(
  * @return DWORD - 0 on success
  */
 DWORD
-VmwSockGetAddress(
+VmDnsSockGetAddress(
     PVM_SOCKET                  pSocket,
     struct sockaddr_storage*    pAddress,
     socklen_t*                  pAddresLen
     );
 
 DWORD
-VmwSockAllocateIoBuffer(
-    VM_SOCK_EVENT_TYPE      eventType,
-    DWORD                   dwSize,
-    PVM_SOCK_IO_BUFFER*     ppIoContext
+VmDnsSockAllocateIoBuffer(
+    VM_SOCK_EVENT_TYPE          eventType,
+    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+    DWORD                       dwSize,
+    PVM_SOCK_IO_BUFFER*         ppIoContext
+    );
+
+DWORD
+VmDnsSockSetEventContext(
+    PVM_SOCK_IO_BUFFER      pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT  pEventContext,
+    PVM_SOCK_EVENT_CONTEXT* ppOldEventContext
+    );
+
+DWORD
+VmDnsSockGetEventContext(
+    PVM_SOCK_IO_BUFFER      pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT* ppEventContext
     );
 
 /**
@@ -372,7 +390,7 @@ VmwSockAllocateIoBuffer(
  * @return DWORD - 0 on success
  */
 DWORD
-VmwSockReleaseIoBuffer(
+VmDnsSockReleaseIoBuffer(
     PVM_SOCK_IO_BUFFER  pIoBuffer
     );
 
@@ -381,6 +399,6 @@ VmwSockReleaseIoBuffer(
  *
  */
 VOID
-VmwSockShutdown(
+VmDnsSockShutdown(
     );
 
diff --git a/vmdns/m4/README b/vmdns/m4/README
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vmdns/m4/as-ac-expand.m4 b/vmdns/m4/as-ac-expand.m4
deleted file mode 100755
index 8bd95a85c..000000000
--- a/vmdns/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/vmdns/m4/libtool.m4 b/vmdns/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/vmdns/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/vmdns/m4/ltoptions.m4 b/vmdns/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/vmdns/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/vmdns/m4/ltsugar.m4 b/vmdns/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/vmdns/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/vmdns/m4/ltversion.m4 b/vmdns/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/vmdns/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/vmdns/m4/lt~obsolete.m4 b/vmdns/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/vmdns/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/vmdns/server/Makefile.am b/vmdns/server/Makefile.am
index 50e0de777..45d1eb457 100755
--- a/vmdns/server/Makefile.am
+++ b/vmdns/server/Makefile.am
@@ -9,5 +9,5 @@
 
 SUBDIRS = \
     common \
+    rest-head \
     vmdns
-
diff --git a/vmdns/server/common/Makefile.am b/vmdns/server/common/Makefile.am
index 22bc5a369..a969895d6 100755
--- a/vmdns/server/common/Makefile.am
+++ b/vmdns/server/common/Makefile.am
@@ -31,14 +31,16 @@ libsrvcommon_la_SOURCES = \
     zonelist.c
 
 libsrvcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/include \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdns/server/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
 libsrvcommon_la_LIBADD = \
-		$(top_builddir)/vmsock/api/libvmsock.la
+    $(top_builddir)/vmdns/vmsock/api/libvmsock.la \
+    $(top_builddir)/vmmetrics/libvmmetrics.la
 
 libsrvcommon_la_LDFLAGS = \
     -static
diff --git a/vmdns/server/common/cache.c b/vmdns/server/common/cache.c
index 220269b6c..040477858 100644
--- a/vmdns/server/common/cache.c
+++ b/vmdns/server/common/cache.c
@@ -387,7 +387,7 @@ VmDnsCacheFindZoneByQName(
 {
     DWORD dwError = 0;
     PVMDNS_ZONE_OBJECT pZoneObject = NULL;
-    BOOL bLocked = TRUE;
+    BOOL bLocked = FALSE;
 
     if (!pContext || IsNullOrEmptyString(szQName) || !ppZoneObject)
     {
@@ -412,6 +412,8 @@ VmDnsCacheFindZoneByQName(
         VmDnsUnlockRead(pContext->pLock);
     }
 
+    VmMetricsCounterIncrement(gVmDnsCounterMetrics[CACHE_ZONE_LOOKUP]);
+
     return dwError;
 
 error:
@@ -422,11 +424,22 @@ VmDnsCacheFindZoneByQName(
 DWORD
 VmDnsCachePurgeRecord(
     PVMDNS_ZONE_OBJECT pZoneObject,
-    PCSTR              pszRecord
+    PCSTR              pszRecord,
+    DWORD              dwCachePurgeEvent
     )
 {
     PVMDNS_RECORD_LIST pList = NULL;
     DWORD dwError = 0;
+    DWORD dwOpCode;
+
+    if (dwCachePurgeEvent == CACHE_PURGE_MODIFICATION)
+    {
+       dwOpCode = CACHE_MODIFY_PURGE_COUNT;
+    }
+    else if (dwCachePurgeEvent == CACHE_PURGE_REPLICATION)
+    {
+       dwOpCode = CACHE_NOTIFY_PURGE_COUNT;
+    }
 
     if (VmDnsStringCompareA(pZoneObject->pszName, pszRecord, FALSE) == 0)
     {
@@ -468,6 +481,7 @@ VmDnsCachePurgeRecord(
         }
         else
         {
+            VmMetricsCounterIncrement(gVmDnsCounterMetrics[dwOpCode]);
             VmDnsLog(
                 VMDNS_LOG_LEVEL_DEBUG,
                 "Succesfully Purged (%s) from Cache",
@@ -506,7 +520,7 @@ VmDnsCachePurgeRecordProc(
                     );
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmDnsCachePurgeRecord(pZoneObject, pszNode);
+    dwError = VmDnsCachePurgeRecord(pZoneObject, pszNode, CACHE_PURGE_REPLICATION);
     BAIL_ON_VMDNS_ERROR(dwError);
 
 cleanup:
@@ -620,13 +634,16 @@ VmDnsCacheRefreshThread(
             dwError = VmDnsCacheLoadInitialData(pCacheContext);
             if (dwError)
             {
-                VMDNS_LOG_ERROR("Loading intial data failed with %u.", dwError);
+                VMDNS_LOG_DEBUG("DnsCacheRefreshThread loading initial data failed with %u...Retrying", dwError);
+                goto wait;
             }
             else
             {
+                VMDNS_LOG_INFO("DnsCacheRefreshThread loaded initial data, setting VMDNS state to READY.");
                 VmDnsSrvSetState(VMDNS_READY);
             }
         }
+
         newUSN = 0;
         VmDnsStoreGetReplicationStatus(&newUSN);
         if (pCacheContext->dwLastUSN != 0)
@@ -637,19 +654,28 @@ VmDnsCacheRefreshThread(
                             newUSN,
                             pCacheContext
                             );
-            BAIL_ON_VMDNS_ERROR(dwError)
+            if (dwError)
+            {
+                VMDNS_LOG_ERROR("DnsCacheRefreshThread zone synchronization failed with %u.", dwError);
+            }
         }
         else
         {
-            VMDNS_LOG_ERROR("Failed to get replication status %u.", dwError);
+            VMDNS_LOG_ERROR("DnsCacheRefreshThread failed to get replication status %u.", dwError);
         }
+
         if (newUSN != 0)
         {
             pCacheContext->dwLastUSN = newUSN;
 
             dwError = VmDnsCachePurgeLRU(pCacheContext);
-            BAIL_ON_VMDNS_ERROR(dwError);
+            if (dwError)
+            {
+                VMDNS_LOG_ERROR("DnsCacheRefreshThread failed to purge LRU cache with %u.", dwError);
+            }
         }
+
+wait:
         if (!pCacheContext->bShutdown)
         {
             dwError = VmDnsConditionTimedWait(
@@ -661,6 +687,7 @@ VmDnsCacheRefreshThread(
                 dwError != WSAETIMEDOUT &&
                 dwError != ERROR_SUCCESS)
             {
+                VMDNS_LOG_ERROR("DnsCacheRefreshThread failed to wait with %u. Thread DIEING.", dwError);
                 BAIL_ON_VMDNS_ERROR(dwError);
             }
         }
@@ -668,7 +695,6 @@ VmDnsCacheRefreshThread(
 
 cleanup:
     pCacheContext->bRunning = FALSE;
-
     return dwError;
 
 error:
diff --git a/vmdns/server/common/defines.h b/vmdns/server/common/defines.h
index de3540999..2a9a11ee4 100644
--- a/vmdns/server/common/defines.h
+++ b/vmdns/server/common/defines.h
@@ -24,7 +24,7 @@ extern "C" {
 
 #define VMW_DNS_DEFAULT_LISTENER_QUEUE_COUNT (5)
 
-#define VMW_DNS_DEFAULT_THREAD_COUNT (1)
+#define VMW_DNS_DEFAULT_THREAD_COUNT (4)
 
 #define ATTR_KRB_UPN  "userPrincipalName"
 #define ATTR_MEMBEROF "memberOf"
@@ -36,7 +36,9 @@ extern "C" {
 #define VMAFD_REG_KEY_DOMAIN_NAME   "DomainName"
 #define VMAFD_REG_KEY_PNID          "PNID"
 
+#define VMDNS_ROOTDNSCONTEXT_NAME       "rootDomainNamingContext"
 #define VMDNS_DOMAINDNSZONES_NAME       "DomainDnsZones"
+#define VMDNS_DELETEDOBJECTS_NAME       "Deleted Objects"
 
 #define VMDNS_LDAP_SEARCH_TIMEOUT_SECS  (15)
 
@@ -48,18 +50,18 @@ extern "C" {
 #define VMDNS_LDAP_OC_VMWDNSCONFIG      "vmwDNSConfig"
 
 #define VMDNS_LDAP_ATTR_DC              "dc"
+#define VMDNS_LDAP_ATTR_DN              "dn"
+#define VMDNS_LDAP_ATTR_CN              "cn"
 #define VMDNS_LDAP_ATTR_FORWARDERS      "vmwDNSForwarders"
 #define VMDNS_LDAP_ATTR_NAME            "name"
 #define VMDNS_LDAP_ATTR_DNS_RECORD      "dnsRecord"
 #define VMDNS_LDAP_ATTR_OBJECTCLASS     "objectclass"
 #define VMDNS_LDAP_ATTR_USNCHANGED      "USNChanged"
 #define VMDNS_LDAP_ATTR_DNSANY          "dns*"
-#define VMDNS_LDAP_ATTR_DNSBASEDN       "dc=DomainDnsZones,dc=vsphere,dc=local"
 #define VMDNS_LDAP_ATTR_RUNTIMESTATUS   "vmwServerRunTimeStatus"
 #define VMDNS_LDAP_ATTR_USN             "USN: "
 
 #define VMDNS_LDAP_DELETE_CONTROL       "1.2.840.113556.1.4.417"
-#define VMDNS_LDAP_DELETE_BASEDN        "cn=Deleted Objects,dc=vsphere,dc=local"
 #define VMDNS_LDAP_DELETE_DELIMITER     "#"
 
 #define VMDNS_REPL_BASEDN               "cn=replicationstatus"
@@ -144,6 +146,13 @@ typedef enum
     VM_DNS_QUERY_OP_RESPONSE = 1
 } VM_DNS_QUERY_OP;
 
+typedef enum
+{
+    CACHE_PURGE_REPLICATION,
+    CACHE_PURGE_MODIFICATION,
+
+} VM_DNS_CACHE_PURGE_TYPE;
+
 
 #ifndef PopEntryList
 #define PopEntryList(ListHead) \
diff --git a/vmdns/server/common/dnsparser.c b/vmdns/server/common/dnsparser.c
index 49e720570..2449cac33 100644
--- a/vmdns/server/common/dnsparser.c
+++ b/vmdns/server/common/dnsparser.c
@@ -133,7 +133,6 @@ VmDnsReadDnsHeaderFromBuffer(
 
     *ppHeader = pHeader;
 
-
 cleanup:
 
     return dwError;
@@ -478,18 +477,23 @@ VmDnsWriteQueryMessageToBuffer(
 {
     DWORD dwError = 0;
 
-    if (!pDnsMessage || !pMessageBuffer)
+    if (!pDnsMessage ||
+        !pDnsMessage->pHeader ||
+        !pMessageBuffer)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
     // Write question section
-    dwError = VmDnsWriteQuestionToBuffer(
-                        pDnsMessage->pQuestions[0],
-                        pMessageBuffer
-                        );
-    BAIL_ON_VMDNS_ERROR(dwError);
+    if (pDnsMessage->pHeader->usQDCount != 0)
+    {
+        dwError = VmDnsWriteQuestionToBuffer(
+                            pDnsMessage->pQuestions[0],
+                            pMessageBuffer
+                            );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
 
     // Write answers section
     dwError = VmDnsWriteRecordsToBuffer(
diff --git a/vmdns/server/common/dnsprotocol.c b/vmdns/server/common/dnsprotocol.c
index 5ea22f27d..0c82806d9 100644
--- a/vmdns/server/common/dnsprotocol.c
+++ b/vmdns/server/common/dnsprotocol.c
@@ -93,6 +93,11 @@ VmDnsGetUpdateResponse(
     PDWORD                  pdwDnsResponseSize
     );
 
+static
+VOID
+VmDnsMetricsRcodeUpdate(
+ UCHAR rCode
+ );
 
 DWORD
 VmDnsProcessRequest(
@@ -107,13 +112,11 @@ VmDnsProcessRequest(
     PBYTE pDnsResponse = NULL;
     DWORD dwDnsResponseSize = 0;
     PBYTE pForwarderResponse = NULL;
-    DWORD dwForwarderResponseSize = 0;
     PVMDNS_MESSAGE_BUFFER pDnsMessageBuffer = NULL;
     PVMDNS_HEADER pDnsHeader = NULL;
     PVMDNS_MESSAGE pDnsMessage = NULL;
     PVMDNS_UPDATE_MESSAGE pDnsUpdateMessage = NULL;
     UCHAR rCode = 0;
-    UCHAR rCodeFwder = 0;
 
     if (!pDnsRequest || !ppDnsResponse ||
         !pdwDnsResponseSize || !dwDnsRequestSize || !pRCode)
@@ -144,6 +147,8 @@ VmDnsProcessRequest(
                         );
         BAIL_ON_VMDNS_ERROR(dwError);
 
+        pDnsHeader = NULL;
+
         dwError = VmDnsProcessQuery(
                         pDnsMessage,
                         &pDnsResponse,
@@ -161,6 +166,8 @@ VmDnsProcessRequest(
                         );
         BAIL_ON_VMDNS_ERROR(dwError);
 
+        pDnsHeader = NULL;
+
         dwError = VmDnsProcessUpdate(
                         pDnsUpdateMessage,
                         &pDnsResponse,
@@ -170,32 +177,7 @@ VmDnsProcessRequest(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    if (rCode != 0)
-    {
-        dwError = VmDnsForwarderResolveRequest(
-                        gpSrvContext->pForwarderContext,
-                        TRUE,
-                        FALSE,
-                        dwDnsRequestSize,
-                        pDnsRequest,
-                        &dwForwarderResponseSize,
-                        &pForwarderResponse,
-                        &rCodeFwder
-                        );
-
-        if (dwError == 0 &&
-            (dwForwarderResponseSize > 0 || pForwarderResponse))
-        {
-            VMDNS_SAFE_FREE_MEMORY(pDnsResponse);
-            pDnsResponse = pForwarderResponse;
-            dwDnsResponseSize = dwForwarderResponseSize;
-            rCode = rCodeFwder;
-
-            pForwarderResponse = NULL;
-        }
-
-        dwError = 0;
-    }
+    //VmDnsOPStatisticUpdate(DNS_QUERY_COUNT);
 
 cleanup:
 
@@ -213,11 +195,14 @@ VmDnsProcessRequest(
     }
 
     VMDNS_SAFE_FREE_MEMORY(pForwarderResponse);
+    VMDNS_SAFE_FREE_MEMORY(pDnsHeader);
 
     *ppDnsResponse = pDnsResponse;
     *pdwDnsResponseSize = dwDnsResponseSize;
     *pRCode = rCode;
 
+    VmDnsMetricsRcodeUpdate(rCode);
+
     return dwError;
 
 error:
@@ -243,6 +228,10 @@ VmDnsProcessQuery(
     PVMDNS_RECORD_LIST pAnswerList = NULL;
     PBYTE pDnsResponse = NULL;
     DWORD dwDnsResponseSize = 0;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
 
     BAIL_ON_VMDNS_INVALID_POINTER(pDnsMessage, dwError);
     BAIL_ON_VMDNS_INVALID_POINTER(ppDnsResponse, dwError);
@@ -359,6 +348,12 @@ VmDnsProcessQuery(
 
     VmDnsCleanupDnsMessage(&ResponseMessage);
 
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[DNS_QUERY_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 
 error:
@@ -388,6 +383,10 @@ VmDnsProcessUpdate(
     PVMDNS_ZONE_OBJECT pZoneObject = NULL;
     PBYTE pDnsResponse = NULL;
     DWORD dwDnsResponseSize = 0;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
 
     BAIL_ON_VMDNS_INVALID_POINTER(pDnsUpdateMessage, dwError);
     BAIL_ON_VMDNS_INVALID_POINTER(ppDnsResponse, dwError);
@@ -547,6 +546,12 @@ VmDnsProcessUpdate(
 
     VmDnsCleanupDnsUpdateMessage(&ResponseMessage);
 
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[DNS_UPDATE_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 
 error:
@@ -1532,3 +1537,27 @@ VmDnsGetUpdateResponse(
 
     goto cleanup;
 }
+
+static
+VOID
+VmDnsMetricsRcodeUpdate(
+ UCHAR rCode
+ )
+{
+    if (rCode ==  VM_DNS_RCODE_NAME_ERROR)
+    {
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[DNS_ERROR_NXDOMAIN_ERR_COUNT]);
+    }
+    else if (rCode == VM_DNS_RCODE_NOT_IMPLEMENTED)
+    {
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[DNS_ERROR_NOT_IMPLEMENTED_COUNT]);
+    }
+    else if (rCode == VM_DNS_RCODE_SERVER_FAILURE)
+    {
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[DNS_ERROR_UNKNOWN_COUNT]);
+    }
+    else if (rCode == VM_DNS_RCODE_NOERROR)
+    {
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[DNS_NO_ERROR]);
+    }
+}
diff --git a/vmdns/server/common/dnsutils.c b/vmdns/server/common/dnsutils.c
index c893e2ec8..bc8c1930e 100644
--- a/vmdns/server/common/dnsutils.c
+++ b/vmdns/server/common/dnsutils.c
@@ -485,3 +485,51 @@ VmDnsFreeBufferContext(
     }
     VmDnsFreeMemory(pMessage);
 }
+
+DWORD
+VmDnsIsUpdatePermitted(
+    VMDNS_RR_TYPE   dwRecordType,
+    PVMDNS_RECORD_LIST pRecordList
+    )
+{
+    DWORD dwSize = 0;
+    DWORD i = 0;
+    DWORD dwError = 0;
+    PVMDNS_RECORD_OBJECT pRecordObj = NULL;
+
+    if (!pRecordList)
+    {
+        return dwError;
+    }
+
+    dwSize = VmDnsRecordListGetSize(pRecordList);
+
+    if (dwRecordType == VMDNS_RR_TYPE_SOA ||
+        dwRecordType == VMDNS_RR_TYPE_CNAME)
+    {
+        if (pRecordList && pRecordList->dwCurrentSize != 0)
+        {
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
+    }
+
+    else
+    {
+        for (; i < dwSize; i++)
+        {
+            pRecordObj = VmDnsRecordListGetRecord(pRecordList, i);
+            if (pRecordObj->pRecord->dwType == VMDNS_RR_TYPE_CNAME)
+            {
+                dwError = ERROR_INVALID_PARAMETER;
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+        }
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
\ No newline at end of file
diff --git a/vmdns/server/common/externs.h b/vmdns/server/common/externs.h
index da4a94fc5..54f6c7f25 100644
--- a/vmdns/server/common/externs.h
+++ b/vmdns/server/common/externs.h
@@ -13,3 +13,4 @@
  */
 
 extern PVMW_DNS_DRIVER_GLOBALS gpSrvContext;
+
diff --git a/vmdns/server/common/forwarder.c b/vmdns/server/common/forwarder.c
index 45f26ba47..877dd7094 100644
--- a/vmdns/server/common/forwarder.c
+++ b/vmdns/server/common/forwarder.c
@@ -22,36 +22,39 @@
 
 #include "includes.h"
 
+static
+DWORD
+VmDnsGetForwarders_inlock(
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
+    PSTR**                      pppszForwarders,
+    PDWORD                      pdwCount
+    );
+
 static
 int
 VmDnsForwarderLookup(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwardHost
     );
 
 static
 DWORD
 VmDnsForwarderAppend(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwarders
     );
 
 static
 DWORD
 VmDnsForwarderRemoveAt(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     int                         nIndex
     );
 
 static
-DWORD
-VmDnsForwardRequest(
-    PCSTR       pszForwarder,
-    BOOL        bUseUDP,
-    DWORD       dwQuerySize,
-    PBYTE       pQueryBuffer,
-    PDWORD      pdwResponseSize,
-    PBYTE*      ppResopnse
+VOID
+VmDnsFreeForwarderPacketContext(
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext
     );
 
 static
@@ -68,18 +71,37 @@ VmDnsValidateForwarder(
     PCSTR       pszForwarder
     );
 
+static
+VOID
+VmDnsFreeForwarderEntry(
+    PVMDNS_FORWARDER_ENTRY pForwarderEntry
+    );
+
+static
+DWORD
+VmDnsForwarderMetricsInit(
+    PVMDNS_FORWARDER_ENTRY   pForwarderEntry
+    );
+
+
+static
+DWORD
+VmDnsForwarderMetricsDelete(
+    PVMDNS_FORWARDER_ENTRY    pForwarderEntry
+    );
+
 DWORD
 VmDnsForwarderInit(
-    PVMDNS_FORWARDER_CONETXT*   ppForwarder
+    PVMDNS_FORWARDER_CONTEXT*   ppForwarder
     )
 {
     DWORD dwError = ERROR_SUCCESS;
-    PVMDNS_FORWARDER_CONETXT pForwarderContext = NULL;
+    PVMDNS_FORWARDER_CONTEXT pForwarderContext = NULL;
 
     BAIL_ON_VMDNS_INVALID_POINTER(ppForwarder, dwError);
 
     dwError = VmDnsAllocateMemory(
-                        sizeof(VMDNS_FORWARDER_CONETXT),
+                        sizeof(VMDNS_FORWARDER_CONTEXT),
                         (PVOID*)&pForwarderContext);
     BAIL_ON_VMDNS_ERROR(dwError);
 
@@ -103,23 +125,26 @@ VmDnsForwarderInit(
 
 VOID
 VmDnsForwarderCleanup(
-    PVMDNS_FORWARDER_CONETXT    pForwarder
+    PVMDNS_FORWARDER_CONTEXT    pForwarder
     )
 {
+    DWORD i = 0;
+
     if (pForwarder)
     {
-        DWORD i;
         for (i = 0; i < pForwarder->dwCount; ++i)
         {
-            VMDNS_SAFE_FREE_STRINGA(pForwarder->ppszForwarders[i]);
+            if (pForwarder->pForwarderEntries[i])
+            {
+                VmDnsFreeForwarderEntry(pForwarder->pForwarderEntries[i]);
+            }
         }
-
         VMDNS_FREE_RWLOCK(pForwarder->pLock);
         VMDNS_SAFE_FREE_MEMORY(pForwarder);
     }
 }
 
-PVMDNS_FORWARDER_CONETXT
+PVMDNS_FORWARDER_CONTEXT
 VmDnsGetForwarderContext(
     )
 {
@@ -128,41 +153,67 @@ VmDnsGetForwarderContext(
 
 DWORD
 VmDnsGetForwarders(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PSTR**                      pppszForwarders,
     PDWORD                      pdwCount
     )
 {
     DWORD dwError = 0;
-    PSTR* pszForwarders = NULL;
-    DWORD dwCount = 0, i = 0;
     BOOL bLocked = FALSE;
 
-    BAIL_ON_VMDNS_INVALID_POINTER(pForwarder, dwError);
-    BAIL_ON_VMDNS_INVALID_POINTER(pppszForwarders, dwError);
-    BAIL_ON_VMDNS_INVALID_POINTER(pdwCount, dwError);
-
     VMDNS_LOCKREAD(pForwarder->pLock);
     bLocked = TRUE;
 
-    dwCount = pForwarder->dwCount;
-
-    dwError = VmDnsAllocateMemory(
-                        (dwCount + 1) * sizeof(PSTR),
-                        (PVOID*)&pszForwarders);
+    dwError = VmDnsGetForwarders_inlock(
+                         pForwarder,
+                         pppszForwarders,
+                         pdwCount
+                         );
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    for (; i < dwCount; ++i)
+cleanup:
+
+    if (bLocked)
     {
-        dwError = VmDnsAllocateStringA(
-                            pForwarder->ppszForwarders[i],
-                            &pszForwarders[i]);
+        VMDNS_UNLOCKREAD(pForwarder->pLock);
+    }
+    return dwError;
+
+error:
+
+    goto cleanup;
+}
+
+DWORD
+VmDnsGetForwarderAtIndex(
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
+    DWORD                       dwIndex,
+    PSTR*                       ppszForwarder
+    )
+{
+    DWORD dwError = 0;
+    PSTR  pszForwarder = NULL;
+    BOOL  bLocked = FALSE;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(pForwarder, dwError);
+    BAIL_ON_VMDNS_INVALID_POINTER(ppszForwarder, dwError);
+
+    VMDNS_LOCKREAD(pForwarder->pLock);
+    bLocked = TRUE;
+
+    if (dwIndex >= pForwarder->dwCount)
+    {
+        dwError = ERROR_INVALID_INDEX;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    *pdwCount = dwCount;
-    *pppszForwarders = pszForwarders;
+    dwError = VmDnsAllocateStringA(
+                            pForwarder->pForwarderEntries[dwIndex]->pszForwarder,
+                            &pszForwarder
+                            );
+    BAIL_ON_VMDNS_ERROR(dwError);
 
+    *ppszForwarder = pszForwarder;
 cleanup:
 
     if (bLocked)
@@ -170,16 +221,19 @@ VmDnsGetForwarders(
         VMDNS_UNLOCKREAD(pForwarder->pLock);
     }
     return dwError;
-
 error:
-    VmDnsFreeStringArrayA(pszForwarders);
 
+    if (ppszForwarder)
+    {
+        *ppszForwarder = NULL;
+    }
+    VMDNS_SAFE_FREE_STRINGA(pszForwarder);
     goto cleanup;
 }
 
 DWORD
 VmDnsSetForwarders(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     DWORD                       dwCount,
     PSTR*                       ppszForwarders
     )
@@ -197,8 +251,7 @@ VmDnsSetForwarders(
     dwCurrentCount = pForwarder->dwCount;
     for (i = 0; i < dwCurrentCount; ++i)
     {
-        VMDNS_SAFE_FREE_STRINGA(pForwarder->ppszForwarders[i]);
-        pForwarder->ppszForwarders[i] = 0;
+        VmDnsFreeForwarderEntry(pForwarder->pForwarderEntries[i]);
     }
 
     pForwarder->dwCount = 0;
@@ -227,12 +280,14 @@ VmDnsSetForwarders(
 
 DWORD
 VmDnsAddForwarder(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwarder
     )
 {
     DWORD dwError = 0;
     BOOL bLocked = FALSE;
+    PSTR* ppszForwarders = NULL;
+    DWORD dwCount = 0;
 
     BAIL_ON_VMDNS_INVALID_POINTER(pForwarder, dwError);
     BAIL_ON_VMDNS_INVALID_POINTER(pszForwarder, dwError);
@@ -256,9 +311,18 @@ VmDnsAddForwarder(
                         pszForwarder);
         BAIL_ON_VMDNS_ERROR(dwError);
 
+        VMDNS_UNLOCKWRITE(pForwarder->pLock);
+        bLocked = FALSE;
+
+        dwError = VmDnsGetForwarders_inlock(
+                        pForwarder,
+                        &ppszForwarders,
+                        &dwCount);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
         dwError = VmDnsStoreSaveForwarders(
                         pForwarder->dwCount,
-                        pForwarder->ppszForwarders);
+                        ppszForwarders);
         BAIL_ON_VMDNS_ERROR(dwError);
     }
     else
@@ -269,10 +333,16 @@ VmDnsAddForwarder(
 
 cleanup:
 
+    if (ppszForwarders)
+    {
+        VmDnsFreeStringCountedArrayA(ppszForwarders, dwCount);
+    }
+
     if (bLocked)
     {
         VMDNS_UNLOCKWRITE(pForwarder->pLock);
     }
+
     return dwError;
 
 error:
@@ -282,18 +352,20 @@ VmDnsAddForwarder(
 
 DWORD
 VmDnsDeleteForwarder(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwarder
     )
 {
     DWORD dwError = 0;
     DWORD index = 0;
     BOOL bLocked = FALSE;
+    PSTR* ppszForwarders = NULL;
+    DWORD dwCount = 0;
 
     BAIL_ON_VMDNS_INVALID_POINTER(pForwarder, dwError);
     BAIL_ON_VMDNS_INVALID_POINTER(pszForwarder, dwError);
 
-    VMDNS_LOCKREAD(pForwarder->pLock);
+    VMDNS_LOCKWRITE(pForwarder->pLock);
     bLocked = TRUE;
 
     index = VmDnsForwarderLookup(
@@ -306,9 +378,15 @@ VmDnsDeleteForwarder(
                             index);
         BAIL_ON_VMDNS_ERROR(dwError);
 
+        dwError = VmDnsGetForwarders_inlock(
+                            pForwarder,
+                            &ppszForwarders,
+                            &dwCount);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
         dwError = VmDnsStoreSaveForwarders(
                             pForwarder->dwCount,
-                            pForwarder->ppszForwarders);
+                            ppszForwarders);
         BAIL_ON_VMDNS_ERROR(dwError);
     }
     else
@@ -319,10 +397,16 @@ VmDnsDeleteForwarder(
 
 cleanup:
 
+    if (ppszForwarders)
+    {
+        VmDnsFreeStringCountedArrayA(ppszForwarders, dwCount);
+    }
+
     if (bLocked)
     {
-        VMDNS_UNLOCKREAD(pForwarder->pLock);
+        VMDNS_UNLOCKWRITE(pForwarder->pLock);
     }
+
     return dwError;
 
 error:
@@ -330,9 +414,52 @@ VmDnsDeleteForwarder(
     goto cleanup;
 }
 
+DWORD
+VmDnsGetForwarders_inlock(
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
+    PSTR**                      pppszForwarders,
+    PDWORD                      pdwCount
+    )
+{
+    DWORD dwError = 0;
+    PSTR* pszForwarders = NULL;
+    DWORD dwCount = 0, i = 0;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(pForwarder, dwError);
+    BAIL_ON_VMDNS_INVALID_POINTER(pppszForwarders, dwError);
+    BAIL_ON_VMDNS_INVALID_POINTER(pdwCount, dwError);
+
+    dwCount = pForwarder->dwCount;
+
+    dwError = VmDnsAllocateMemory(
+                        (dwCount + 1) * sizeof(PSTR),
+                        (PVOID*)&pszForwarders);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    for (; i < dwCount; ++i)
+    {
+        dwError = VmDnsAllocateStringA(
+                            pForwarder->pForwarderEntries[i]->pszForwarder,
+                            &pszForwarders[i]);
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    *pdwCount = dwCount;
+    *pppszForwarders = pszForwarders;
+
+cleanup:
+
+    return dwError;
+
+error:
+    VmDnsFreeStringArrayA(pszForwarders);
+
+    goto cleanup;
+}
+
 static int
 VmDnsForwarderLookup(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwardHost
     )
 {
@@ -342,7 +469,7 @@ VmDnsForwarderLookup(
     for (i = 0; i < pForwarder->dwCount; ++i)
     {
         int match = VmDnsStringCompareA(
-                                pForwarder->ppszForwarders[i],
+                                pForwarder->pForwarderEntries[i]->pszForwarder,
                                 pszForwardHost,
                                 FALSE);
         if (match == 0)
@@ -357,7 +484,7 @@ VmDnsForwarderLookup(
 
 DWORD
 VmDnsForwarderAppend(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwarder
     )
 {
@@ -374,15 +501,28 @@ VmDnsForwarderAppend(
     dwError = VmDnsAllocateStringA(pszForwarder, &szForwarderCopy);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    pForwarder->ppszForwarders[dwCount++] = szForwarderCopy;
-    pForwarder->dwCount = dwCount;
+    dwError = VmDnsAllocateMemory(
+                        sizeof(VMDNS_FORWARDER_ENTRY),
+                        (void**)&pForwarder->pForwarderEntries[dwCount]);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pForwarder->pForwarderEntries[dwCount]->pszForwarder = szForwarderCopy;
     szForwarderCopy = NULL;
 
+    dwError = VmDnsForwarderMetricsInit(pForwarder->pForwarderEntries[dwCount]);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pForwarder->dwCount++;
+
 cleanup:
 
     return dwError;
 error:
 
+    if (dwCount < VMDNS_MAX_NUM_FORWARDS && pForwarder->pForwarderEntries[dwCount])
+    {
+        VmDnsFreeForwarderEntry(pForwarder->pForwarderEntries[dwCount]);
+    }
     VMDNS_SAFE_FREE_STRINGA(szForwarderCopy);
 
     goto cleanup;
@@ -390,12 +530,11 @@ VmDnsForwarderAppend(
 
 DWORD
 VmDnsForwarderRemoveAt(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     int                         nIndex
     )
 {
     DWORD dwError = 0;
-    PSTR szTemp = NULL;
 
     if ((DWORD)nIndex >= pForwarder->dwCount)
     {
@@ -403,20 +542,20 @@ VmDnsForwarderRemoveAt(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    szTemp = pForwarder->ppszForwarders[nIndex];
-    pForwarder->ppszForwarders[nIndex] = NULL;
+    VmDnsFreeForwarderEntry(pForwarder->pForwarderEntries[nIndex]);
+    pForwarder->pForwarderEntries[nIndex] = NULL;
 
 #ifndef WIN32
-    memmove(&pForwarder->ppszForwarders[nIndex],
-            &pForwarder->ppszForwarders[nIndex+1],
-            sizeof(PSTR) * (pForwarder->dwCount - nIndex + 1));
+    memmove(&pForwarder->pForwarderEntries[nIndex],
+            &pForwarder->pForwarderEntries[nIndex+1],
+            sizeof(PVMDNS_FORWARDER_ENTRY) * (pForwarder->dwCount - (nIndex + 1)));
 #else
-    memmove_s(&pForwarder->ppszForwarders[nIndex],
-            sizeof(PSTR) * (pForwarder->dwCount - nIndex),
-            &pForwarder->ppszForwarders[nIndex + 1],
-            sizeof(PSTR) * (pForwarder->dwCount - (nIndex + 1)));
+    memmove_s(&pForwarder->pForwarderEntries[nIndex],
+            sizeof(PVMDNS_FORWARDER_ENTRY) * (pForwarder->dwCount - nIndex),
+            &pForwarder->pForwarderEntries[nIndex + 1],
+            sizeof(PVMDNS_FORWARDER_ENTRY) * (pForwarder->dwCount - (nIndex + 1)));
 #endif
-    pForwarder->ppszForwarders[--pForwarder->dwCount] = NULL;
+    pForwarder->pForwarderEntries[--pForwarder->dwCount] = NULL;
 
 cleanup:
 
@@ -427,140 +566,133 @@ VmDnsForwarderRemoveAt(
 }
 
 DWORD
-VmDnsForwarderResolveRequest(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
-    BOOL                        bUseUDP,
-    BOOL                        bRecusive,
-    DWORD                       dwQuerySize,
-    PBYTE                       pQueryBuffer,
-    PDWORD                      pdwResponseSize,
-    PBYTE*                      ppResopnse,
-    PUCHAR                      prCode
-    )
+VmDnsAllocateForwarderPacketContext(
+   PVMDNS_FORWARDER_PACKET_CONTEXT* ppForwarderContext
+   )
 {
     DWORD dwError = 0;
-    DWORD index = 0;
-    DWORD dwResponseSize = 0;
-    PBYTE pResponse = NULL;
-    DWORD dwResponseCode = 0;
 
-    if ((bUseUDP && dwQuerySize > VMDNS_UDP_PACKET_SIZE) ||
-        !pQueryBuffer ||
-        !pdwResponseSize ||
-        !ppResopnse)
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext = NULL;
+
+    if (!ppForwarderContext)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
-    for (; index < pForwarder->dwCount; ++index)
-    {
-        if (pResponse)
-        {
-            VmDnsFreeMemory(pResponse);
-            pResponse = NULL;
-        }
-
-        dwError = VmDnsForwardRequest(
-                        pForwarder->ppszForwarders[index],
-                        bUseUDP,
-                        dwQuerySize,
-                        pQueryBuffer,
-                        &dwResponseSize,
-                        &pResponse);
-        if (dwError != ERROR_SUCCESS)
-        {
-            continue;
-        }
 
-        if (dwResponseSize > 0 && pResponse)
-        {
-            dwError = VmDnsPeekResponseCode(
-                            dwResponseSize,
-                            pResponse,
-                            &dwResponseCode);
-
-            if (dwError != ERROR_SUCCESS ||
-                dwResponseCode != VM_DNS_RCODE_NOERROR)
-            {
-                continue;
-            }
-            else
-            {
-                break;
-            }
-        }
-    }
+    dwError = VmDnsAllocateMemory(
+                          sizeof(VMDNS_FORWARDER_PACKET_CONTEXT),
+                          (PVOID*)&pForwarderContext
+                          );
+    BAIL_ON_VMDNS_ERROR(dwError);
 
-    *ppResopnse = pResponse;
-    *pdwResponseSize = dwResponseSize;
-    *prCode = (UCHAR)dwResponseCode;
+    pForwarderContext->dwRefCount = 1;
 
+    *ppForwarderContext = pForwarderContext;
 cleanup:
 
     return dwError;
+error:
 
-error :
+    if (ppForwarderContext)
+    {
+        *ppForwarderContext = NULL;
+    }
+    if (pForwarderContext)
+    {
+        VmDnsFreeForwarderPacketContext(pForwarderContext);
+    }
+    goto cleanup;
+}
 
-    if (pResponse)
+PVMDNS_FORWARDER_PACKET_CONTEXT
+VmDnsAcquireForwarderPacketContext(
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext
+    )
+{
+    if (pForwarderContext)
     {
-        VmDnsFreeMemory(pResponse);
+        InterlockedIncrement(&pForwarderContext->dwRefCount);
     }
 
-    goto cleanup;
+    return pForwarderContext;
+}
+
+VOID
+VmDnsReleaseForwarderPacketContext(
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext
+    )
+{
+    if (pForwarderContext)
+    {
+        if (InterlockedDecrement(&pForwarderContext->dwRefCount) == 0)
+        {
+            VmDnsFreeForwarderPacketContext(pForwarderContext);
+        }
+    }
 }
 
 DWORD
 VmDnsForwardRequest(
-    PCSTR       pszForwarder,
-    BOOL        bUseUDP,
-    DWORD       dwQuerySize,
-    PBYTE       pQueryBuffer,
-    PDWORD      pdwResponseSize,
-    PBYTE*      ppResponse
+    PVMDNS_FORWARDER_PACKET_CONTEXT      pForwarderPacketContext,
+    BOOL                                 bUseUDP,
+    PVM_SOCK_IO_BUFFER                   pIoBuffer
     )
 {
     DWORD dwError = 0;
-    PBYTE pResponse = NULL;
-    VM_SOCK_CREATE_FLAGS falgs = (bUseUDP) ? VM_SOCK_CREATE_FLAGS_UDP : VM_SOCK_CREATE_FLAGS_TCP;
+    PSTR  pszForwarder = NULL;
+    VM_SOCK_CREATE_FLAGS flags = (bUseUDP) ? VM_SOCK_CREATE_FLAGS_UDP : VM_SOCK_CREATE_FLAGS_TCP;
     PVM_SOCKET pSocket = NULL;
-    UINT16 usExpectedSize = 0;
+
+    DWORD dwQuerySize = 0;
+    PBYTE pQueryBuffer = NULL;
     struct sockaddr_storage address;
     socklen_t addLenth = sizeof address;
     PVM_SOCK_IO_BUFFER pIoRequest = NULL;
-    PVM_SOCK_IO_BUFFER pIoSizeResponse = NULL;
-    PVM_SOCK_IO_BUFFER pIoDataResponse = NULL;
+    PVM_SOCK_IO_BUFFER pOldRequest = NULL;
+    PVMDNS_FORWARDER_PACKET_CONTEXT pCurrentContext = NULL;
 
-    if ((bUseUDP && dwQuerySize > VMDNS_UDP_PACKET_SIZE)||
-        !pszForwarder ||
-        !pQueryBuffer ||
-        !pdwResponseSize ||
-        !ppResponse)
+    if (!pIoBuffer || (bUseUDP && (pIoBuffer->dwTotalBytesTransferred > VMDNS_UDP_PACKET_SIZE))||
+        !pIoBuffer->pData ||
+        !pForwarderPacketContext)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    dwError = VmwSockOpenClient(
+    dwQuerySize = pIoBuffer->dwTotalBytesTransferred;
+    pQueryBuffer = pIoBuffer->pData;
+
+    pCurrentContext = VmDnsAcquireForwarderPacketContext(pForwarderPacketContext);
+
+    dwError = VmDnsGetForwarderAtIndex(
+                                gpSrvContext->pForwarderContext,
+                                pCurrentContext->dwCurrentIndex++,
+                                &pszForwarder
+                                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsSockOpenClient(
                     pszForwarder,
                     VMW_DNS_PORT,
-                    falgs,
+                    flags,
                     &pSocket);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockSetTimeOut(
-                    pSocket,
-                    VMDNS_FORWARDER_TIMEOUT
-                    );
+    dwError = VmDnsSockSetNonBlocking(pSocket);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockGetAddress(
+    dwError = VmDnsSockGetAddress(
                     pSocket,
                     &address,
                     &addLenth);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockAllocateIoBuffer(
-                    VM_SOCK_EVENT_TYPE_UNKNOWN,
+    dwError = VmDnsSockAllocateIoBuffer(
+                    bUseUDP?
+                    VM_SOCK_EVENT_TYPE_UDP_FWD_RESPONSE_DATA_READ:
+                    VM_SOCK_EVENT_TYPE_TCP_FWD_RESPONSE_DATA_READ,
+                    (PVM_SOCK_EVENT_CONTEXT)pCurrentContext,
                     dwQuerySize,
                     &pIoRequest);
     BAIL_ON_VMDNS_ERROR(dwError);
@@ -572,58 +704,131 @@ VmDnsForwardRequest(
                     dwQuerySize);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockWrite(
+    memcpy(
+        &pIoRequest->clientAddr,
+        &pIoBuffer->clientAddr,
+        pIoBuffer->addrLen);
+
+    pIoRequest->addrLen = pIoBuffer->addrLen;
+    pIoRequest->pClientSocket = VmDnsSockAcquire(pIoBuffer->pClientSocket);
+
+    dwError = VmDnsSockSetData(
+                            pSocket,
+                            pIoRequest,
+                            (PVOID*)&pOldRequest
+                            );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsSockWrite(
                     pSocket,
-                    (struct sockaddr*)&address,
-                    addLenth,
+                    NULL,
+                    0,
                     pIoRequest);
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    dwError = VmDnsSockEventQueueAdd(
+                                gpSrvContext->pSockContext->pEventQueue,
+                                TRUE,
+                                pSocket
+                                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+//    VmDnsOPStatisticUpdate(FORWARDER_QUERY_COUNT);
+
+cleanup:
+
+    VMDNS_SAFE_FREE_MEMORY(pszForwarder);
+
+    if (pOldRequest)
+    {
+        VMDNS_LOG_IO_RELEASE(pOldRequest);
+        VmDnsSockReleaseIoBuffer(pOldRequest);
+    }
+    if (pSocket)
+    {
+        VmDnsSockRelease(pSocket);
+    }
+
+    return dwError;
+
+error:
+
+    if (pCurrentContext)
+    {
+        VmDnsReleaseForwarderPacketContext(pCurrentContext);
+    }
+    if (pIoRequest)
+    {
+        VMDNS_LOG_IO_RELEASE(pIoRequest);
+        VmDnsSockReleaseIoBuffer(pIoRequest);
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDnsForwardResponse(
+    BOOL        bUseUDP,
+    PVM_SOCKET  pSocket,
+    PBYTE*      ppResponse,
+    PDWORD      pdwResponseSize,
+    PDWORD      pdwRCode
+    )
+{
+    DWORD dwError = 0;
+    PBYTE pResponse = NULL;
+    DWORD dwResponseCode = 0;
+    UINT16 usExpectedSize = 0;
+    PVM_SOCK_IO_BUFFER pIoSizeResponse = NULL;
+    PVM_SOCK_IO_BUFFER pIoDataResponse = NULL;
+
+    if (!pSocket ||
+        !ppResponse ||
+        !pdwResponseSize ||
+        !pdwRCode
+       )
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
     if (bUseUDP)
     {
-        dwError = VmwSockAllocateIoBuffer(
+        dwError = VmDnsSockAllocateIoBuffer(
                         VM_SOCK_EVENT_TYPE_UNKNOWN,
+                        NULL,
                         VMDNS_UDP_PACKET_SIZE,
                         &pIoDataResponse);
         BAIL_ON_VMDNS_ERROR(dwError);
 
-
-        dwError = VmDnsCopyMemory(
-                          &pIoDataResponse->clientAddr,
-                          sizeof pIoDataResponse->clientAddr,
-                          &address,
-                          addLenth);
-        BAIL_ON_VMDNS_ERROR(dwError);
-
-        pIoDataResponse->addrLen = addLenth;
-
-        dwError = VmwSockRead(
+        dwError = VmDnsSockRead(
                         pSocket,
                         pIoDataResponse);
        BAIL_ON_VMDNS_ERROR(dwError);
     }
     else
     {
-        dwError = VmwSockAllocateIoBuffer(
+        dwError = VmDnsSockAllocateIoBuffer(
                         VM_SOCK_EVENT_TYPE_UNKNOWN,
+                        NULL,
                         sizeof(UINT16),
                         &pIoSizeResponse);
         BAIL_ON_VMDNS_ERROR(dwError);
 
-        dwError = VmwSockRead(
+        dwError = VmDnsSockRead(
                         pSocket,
                         pIoSizeResponse);
         BAIL_ON_VMDNS_ERROR(dwError);
 
         usExpectedSize = htons(*((UINT*)pIoSizeResponse->pData));
 
-        dwError = VmwSockAllocateIoBuffer(
+        dwError = VmDnsSockAllocateIoBuffer(
                         VM_SOCK_EVENT_TYPE_UNKNOWN,
+                        NULL,
                         usExpectedSize,
                         &pIoDataResponse);
         BAIL_ON_VMDNS_ERROR(dwError);
 
-        dwError = VmwSockRead(
+        dwError = VmDnsSockRead(
                         pSocket,
                         pIoDataResponse);
         BAIL_ON_VMDNS_ERROR(dwError);
@@ -641,26 +846,36 @@ VmDnsForwardRequest(
                       pIoDataResponse->dwCurrentSize);
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    dwError = VmDnsPeekResponseCode(
+                      pIoDataResponse->dwCurrentSize,
+                      pResponse,
+                      &dwResponseCode
+                      );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsSockEventQueueRemove(
+                                gpSrvContext->pSockContext->pEventQueue,
+                                pSocket
+                                );
+    dwError = 0;
+
     *ppResponse = pResponse;
     *pdwResponseSize = pIoDataResponse->dwCurrentSize;
+    *pdwRCode = dwResponseCode;
+    //VmDnsOPStatisticUpdate(FORWARDER_QUERY_COUNT);
 
 cleanup:
 
-    if (pSocket)
-    {
-        VmwSockRelease(pSocket);
-    }
-    if (pIoRequest)
-    {
-        VmwSockReleaseIoBuffer(pIoRequest);
-    }
     if (pIoSizeResponse)
     {
-        VmwSockReleaseIoBuffer(pIoSizeResponse);
+      
+        VMDNS_LOG_IO_RELEASE(pIoSizeResponse);
+        VmDnsSockReleaseIoBuffer(pIoSizeResponse);
     }
     if (pIoDataResponse)
     {
-        VmwSockReleaseIoBuffer(pIoDataResponse);
+        VMDNS_LOG_IO_RELEASE(pIoDataResponse);
+        VmDnsSockReleaseIoBuffer(pIoDataResponse);
     }
 
     return dwError;
@@ -677,6 +892,11 @@ VmDnsForwardRequest(
         *ppResponse = NULL;
     }
 
+    if (pdwRCode)
+    {
+        *pdwRCode = 0;
+    }
+
     if (pResponse)
     {
         VmDnsFreeMemory(pResponse);
@@ -685,6 +905,32 @@ VmDnsForwardRequest(
     goto cleanup;
 }
 
+static
+VOID
+VmDnsFreeForwarderEntry(
+    PVMDNS_FORWARDER_ENTRY pForwarderEntry
+    )
+{
+    if (pForwarderEntry)
+    {
+        (void) VmDnsForwarderMetricsDelete(pForwarderEntry);
+        VMDNS_SAFE_FREE_STRINGA(pForwarderEntry->pszForwarder);
+        VMDNS_SAFE_FREE_MEMORY(pForwarderEntry);
+    }
+}
+
+static
+VOID
+VmDnsFreeForwarderPacketContext(
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext
+    )
+{
+    if (pForwarderContext)
+    {
+        VMDNS_SAFE_FREE_MEMORY(pForwarderContext);
+    }
+}
+
 static
 DWORD
 VmDnsPeekResponseCode(
@@ -694,29 +940,36 @@ VmDnsPeekResponseCode(
     )
 {
     DWORD dwError = ERROR_SUCCESS;
-    //PVMDNS_MESSAGE pDnsMessage = NULL;
-    //PVMDNS_UPDATE_MESSAGE pUpdateDnsMessage = NULL;
+    PVMDNS_HEADER pDnsHeader = NULL;
+    PVMDNS_MESSAGE_BUFFER pDnsMessageBuffer = NULL;
 
     if (!pdwResponseCode)
     {
         dwError = ERROR_INVALID_PARAMETER;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
+    dwError = VmDnsGetDnsMessageBuffer(
+                        pResponseBytes,
+                        dwResponseSize,
+                        &pDnsMessageBuffer
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
 
-    //dwError = VmDnsGetDnsMessage(
-    //                      pResponseBytes,
-    //                      dwResponseSize,
-    //                      &pDnsMessage,
-    //                      &pUpdateDnsMessage
-    //                      );
-    //BAIL_ON_VMDNS_ERROR(dwError);
+    dwError = VmDnsReadDnsHeaderFromBuffer(
+                        pDnsMessageBuffer,
+                        &pDnsHeader
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
 
-    //*pdwResponseCode = pDnsMessage->pHeader->codes.RCODE;
+    *pdwResponseCode =  pDnsHeader->codes.RCODE;
 
 cleanup:
 
-    //VmDnsFreeDnsMessage(pDnsMessage);
-    //VmDnsFreeDnsUpdateMessage(pUpdateDnsMessage);
+    if (pDnsMessageBuffer)
+    {
+       VmDnsFreeBufferStream(pDnsMessageBuffer);
+    }
+    VMDNS_SAFE_FREE_MEMORY(pDnsHeader);
 
     return dwError;
 
@@ -742,3 +995,79 @@ VmDnsValidateForwarder(
 
     return TRUE;
 }
+
+static
+DWORD
+VmDnsForwarderMetricsInit(
+    PVMDNS_FORWARDER_ENTRY pForwarderEntry
+    )
+{
+    DWORD dwError = 0;
+    UINT64 buckets[] = {1, 10, 100, 300, 1000};
+    VM_METRICS_LABEL labelDurationOps[2][2] = {{{"operation","query"},{"forwarder",""}},
+                                               {{"operation","update"},{"forwarder",""}}};
+
+    labelDurationOps[0][1].pszValue = pForwarderEntry->pszForwarder;
+    labelDurationOps[1][1].pszValue = pForwarderEntry->pszForwarder;
+
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmMetricsHistogramNew(
+                gVmDnsMetricsContext,
+                "vmdns_forwarder_request_duration",
+                labelDurationOps[0],
+                2,
+                "Forwarder Process Request Duration",
+                buckets,
+                5,
+                &pForwarderEntry->ForwarderMetricsContext.pQueryDuration
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmMetricsHistogramNew(
+                gVmDnsMetricsContext,
+                "vmdns_forwarder_request_duration",
+                labelDurationOps[1],
+                2,
+                "Forwarder Process Request Duration",
+                buckets,
+                5,
+                &pForwarderEntry->ForwarderMetricsContext.pUpdateDuration
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsForwarderMetricsDelete(
+    PVMDNS_FORWARDER_ENTRY    pForwarderEntry
+    )
+{
+    DWORD dwError = 0;
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+/*    dwError = VmMetricsHistogramDelete(
+                          gVmDnsMetricsContext,
+                          pForwarderEntry->ForwarderMetricsContext.pQueryDuration);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmMetricsHistogramDelete(
+                          gVmDnsMetricsContext,
+                          pForwarderEntry->ForwarderMetricsContext.pUpdateDuration);
+    BAIL_ON_VMDNS_ERROR(dwError);
+*/
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/vmdns/server/common/globals.c b/vmdns/server/common/globals.c
old mode 100644
new mode 100755
index c74a1555b..c11f6ff87
--- a/vmdns/server/common/globals.c
+++ b/vmdns/server/common/globals.c
@@ -16,3 +16,8 @@
 
 VMW_DNS_DRIVER_GLOBALS gDNSDriverGlobals;
 PVMW_DNS_DRIVER_GLOBALS gpSrvContext = &gDNSDriverGlobals;
+
+PVM_METRICS_COUNTER gVmDnsCounterMetrics[VDNS_COUNTER_COUNT];
+PVM_METRICS_HISTOGRAM gVmDnsHistogramMetrics[VDNS_HISTOGRAM_COUNT];
+PVM_METRICS_GAUGE gVmDnsGaugeMetrics[VDNS_GAUGE_COUNT];
+PVM_METRICS_CONTEXT gVmDnsMetricsContext = NULL;
diff --git a/vmdns/server/common/includes.h b/vmdns/server/common/includes.h
index acd8872dc..8e4a4ee36 100755
--- a/vmdns/server/common/includes.h
+++ b/vmdns/server/common/includes.h
@@ -59,6 +59,7 @@
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_ext.h>
 #include <time.h>
+#include <vmdnsmetrics.h>
 
 #include "structs.h"
 #include "externs.h"
diff --git a/vmdns/server/common/ldap.c b/vmdns/server/common/ldap.c
index 2ad8c499a..99da633ad 100644
--- a/vmdns/server/common/ldap.c
+++ b/vmdns/server/common/ldap.c
@@ -18,6 +18,15 @@
 #define ATTR_KRB_UPN  "userPrincipalName"
 #define ATTR_MEMBEROF "memberOf"
 
+static
+DWORD
+VmDnsDirBuildDN(
+    PCSTR       pszRdnName,
+    PCSTR       pszRdnValue,
+    PCSTR       pszBaseDN,
+    PSTR*       ppszDN
+    );
+
 static
 DWORD
 VmDnsDirGetMachineAccountInfoA(
@@ -56,15 +65,22 @@ static
 DWORD
 VmDnsDirGetForwarders(
     PVMDNS_DIR_CONTEXT  pDirContext,
-    PSTR**           pppszForwarders,
-    PDWORD           pdwCount
+    PSTR**              pppszForwarders,
+    PDWORD              pdwCount
     );
 
 static
 DWORD
 VmDnsDirGetDomainZonesDN(
     PVMDNS_DIR_CONTEXT  pDirContext,
-    PSTR*               ppDomainZonesDN
+    PSTR*               ppszDomainZonesDN
+    );
+
+static
+DWORD
+VmDnsDirGetDeletedObjDN(
+    PVMDNS_DIR_CONTEXT  pDirContext,
+    PSTR*               ppszDeletedObjDN
     );
 
 static
@@ -237,6 +253,46 @@ VmDnsDirClose(
     }
 }
 
+static
+DWORD
+VmDnsDirBuildDN(
+    PCSTR       pszRdnName,
+    PCSTR       pszRdnValue,
+    PCSTR       pszBaseDN,
+    PSTR*       ppszDN
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszDN = NULL;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(ppszDN, dwError);
+
+    dwError = VmDnsAllocateStringPrintfA(
+                        &pszDN,
+                        "%s=%s,%s",
+                        pszRdnName,
+                        pszRdnValue,
+                        pszBaseDN
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    *ppszDN = pszDN;
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    VMDNS_SAFE_FREE_STRINGA(pszDN);
+    if (ppszDN)
+    {
+        *ppszDN = NULL;
+    }
+
+    goto cleanup;
+}
+
 DWORD
 VmDnsDirGetMachineAccountInfoA(
     PSTR* ppszAccount,
@@ -613,15 +669,16 @@ VmDnsGetDefaultDomainName(
     )
 {
     DWORD dwError = 0;
-    PCHAR pszDomainNameAttr = "rootdomainnamingcontext";
     PSTR pszDomainName = NULL;
 
+    BAIL_ON_VMDNS_INVALID_POINTER(pConnection, dwError);
     BAIL_ON_VMDNS_INVALID_POINTER(ppDomainName, dwError);
 
     dwError = VmDnsGetDSERootAttribute(
                     pConnection,
-                    pszDomainNameAttr,
-                    &pszDomainName);
+                    VMDNS_ROOTDNSCONTEXT_NAME,
+                    &pszDomainName
+                    );
     BAIL_ON_VMDNS_ERROR(dwError);
 
     *ppDomainName = pszDomainName;
@@ -630,8 +687,9 @@ VmDnsGetDefaultDomainName(
 
     return dwError;
 
-error :
+error:
 
+    VMDNS_SAFE_FREE_STRINGA(pszDomainName);
     if (ppDomainName)
     {
         *ppDomainName = NULL;
@@ -647,16 +705,27 @@ VmDnsDirGetDomainZonesDN(
     )
 {
     DWORD dwError = 0;
-    PSTR pszRootDN = NULL, pszDomainZonesDN = NULL;
+    PSTR pszRootDN = NULL;
+    PSTR pszDomainZonesDN = NULL;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(pDirContext, dwError);
+    BAIL_ON_VMDNS_INVALID_POINTER(ppszDomainZonesDN, dwError);
 
-    dwError = VmDnsGetDSERootAttribute(pDirContext, "rootDomainNamingContext", &pszRootDN);
+    dwError = VmDnsGetDefaultDomainName(
+                        pDirContext,
+                        &pszRootDN
+                        );
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmDnsDirBuildZoneDN(pszRootDN, VMDNS_DOMAINDNSZONES_NAME, &pszDomainZonesDN);
+    dwError = VmDnsDirBuildDN(
+                        VMDNS_LDAP_ATTR_DC,
+                        VMDNS_DOMAINDNSZONES_NAME,
+                        pszRootDN,
+                        &pszDomainZonesDN
+                        );
     BAIL_ON_VMDNS_ERROR(dwError);
 
     *ppszDomainZonesDN = pszDomainZonesDN;
-    pszDomainZonesDN = NULL;
 
 cleanup:
 
@@ -664,14 +733,64 @@ VmDnsDirGetDomainZonesDN(
 
     return dwError;
 
-error :
+error:
 
     VMDNS_SAFE_FREE_STRINGA(pszDomainZonesDN);
+    if (ppszDomainZonesDN)
+    {
+        *ppszDomainZonesDN = NULL;
+    }
 
     goto cleanup;
 
 }
 
+DWORD
+VmDnsDirGetDeletedObjDN(
+    PVMDNS_DIR_CONTEXT  pDirContext,
+    PSTR*               ppszDeletedObjDN
+    )
+{
+    DWORD dwError = 0;
+    PSTR pszRootDN = NULL;
+    PSTR pszDeletedObjDN = NULL;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(pDirContext, dwError);
+    BAIL_ON_VMDNS_INVALID_POINTER(ppszDeletedObjDN, dwError);
+
+    dwError = VmDnsGetDefaultDomainName(
+                        pDirContext,
+                        &pszRootDN
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsDirBuildDN(
+                        VMDNS_LDAP_ATTR_CN,
+                        VMDNS_DELETEDOBJECTS_NAME,
+                        pszRootDN,
+                        &pszDeletedObjDN
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    *ppszDeletedObjDN = pszDeletedObjDN;
+
+cleanup:
+
+    VMDNS_SAFE_FREE_STRINGA(pszRootDN);
+
+    return dwError;
+
+error:
+
+    VMDNS_SAFE_FREE_STRINGA(pszDeletedObjDN);
+    if (ppszDeletedObjDN)
+    {
+        *ppszDeletedObjDN = NULL;
+    }
+
+    goto cleanup;
+}
+
 
 DWORD
 VmDnsDirCreateBaseContainer(
@@ -1305,7 +1424,34 @@ VmDnsDirBuildZoneDN(
     PSTR*               ppszUpnDN
     )
 {
-    return VmDnsAllocateStringPrintfA(ppszUpnDN, "DC=%s, %s", pszZoneName, pszBaseDN);
+    DWORD dwError = 0;
+    PSTR pszUpnDN = NULL;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(ppszUpnDN, dwError);
+
+    dwError = VmDnsDirBuildDN(
+                    VMDNS_LDAP_ATTR_DC,
+                    pszZoneName,
+                    pszBaseDN,
+                    &pszUpnDN
+                    );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    *ppszUpnDN = pszUpnDN;
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    VMDNS_SAFE_FREE_STRINGA(pszUpnDN);
+    if (ppszUpnDN)
+    {
+        *ppszUpnDN = NULL;
+    }
+
+    goto cleanup;
 }
 
 DWORD
@@ -1968,6 +2114,8 @@ VmDnsDirProcessRecord(
 
 cleanup:
     VMDNS_SAFE_FREE_STRINGA(pszRecordDN);
+    VMDNS_SAFE_FREE_MEMORY(pRecordEntry);
+
     return dwError;
 error:
     VMDNS_LOG_DEBUG("Failed op %u on %s dir record %s %u.",
@@ -2218,14 +2366,21 @@ VmDnsDirSyncDeleted(
     PSTR pszNodeDN = NULL;
     PCSTR pszParentDC = NULL;
     PCSTR pszZone = NULL;
-    PCSTR pBaseDN = VMDNS_LDAP_DELETE_BASEDN;
+    PSTR pszBaseDN = NULL;
     PCSTR ppszAttrs[] = {NULL};
     PVMDNS_DIR_CONTEXT pDirContext = NULL;
-    LDAPControl* pServerControl = NULL;
+    LDAPControl* pCtrl = NULL;
+    LDAPControl* pServerControl[2] = {NULL, NULL};
 
     dwError = VmDnsDirConnect("localhost", &pDirContext);
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    dwError = VmDnsDirGetDeletedObjDN(
+                        pDirContext,
+                        &pszBaseDN
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
     dwError = VmDnsAllocateStringPrintfA(
                         &pszFilter,
                         "(&(!(%s<=%d))(%s<=%d)(%s=%s))",
@@ -2243,19 +2398,21 @@ VmDnsDirSyncDeleted(
                         0,
                         NULL,
                         0,
-                        &pServerControl
+                        &pCtrl
                         );
     BAIL_ON_VMDNS_ERROR_IF(dwError && dwError != LDAP_SUCCESS);
 
+    pServerControl[0] = pCtrl;
+
     //sync zones, remove any from cache that do not exist in store
     dwError = ldap_search_ext_s(
                         pDirContext->pLdap,
-                        pBaseDN,
+                        pszBaseDN,
                         LDAP_SCOPE_SUB,
                         pszFilter,
                         (PSTR*)ppszAttrs,
                         FALSE,
-                        &pServerControl,
+                        pServerControl,
                         NULL,
                         NULL,
                         0,
@@ -2306,18 +2463,17 @@ VmDnsDirSyncDeleted(
     VmDnsDirClose(pDirContext);
 
     VMDNS_SAFE_FREE_MEMORY(pszFilter);
-
     VMDNS_SAFE_FREE_MEMORY(pszNodeDNCopy);
+    VMDNS_SAFE_FREE_MEMORY(pszBaseDN);
 
     if (pszNodeDN)
     {
         ldap_memfree(pszNodeDN);
     }
-    if (pServerControl)
+    if (pCtrl)
     {
-        ldap_control_free(pServerControl);
+        ldap_control_free(pCtrl);
     }
-
     if (pResult)
     {
         ldap_msgfree(pResult);
@@ -2349,12 +2505,18 @@ VmDnsDirSyncNewObjects(
     PSTR pszNodeDN = NULL;
     PCSTR pszNodeDC = NULL;
     PCSTR pszParentDC = NULL;
-    PCSTR pBaseDN = VMDNS_LDAP_ATTR_DNSBASEDN;
+    PSTR pszBaseDN = NULL;
     PCSTR ppszAttrs[] = {VMDNS_LDAP_ATTR_OBJECTCLASS, VMDNS_LDAP_ATTR_DC, NULL};
 
     dwError = VmDnsDirConnect("localhost", &pDirContext);
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    dwError = VmDnsDirGetDomainZonesDN(
+                        pDirContext,
+                        &pszBaseDN
+                        );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
     dwError = VmDnsAllocateStringPrintfA(
                         &pszFilter,
                         "(&(!(%s<=%d))(%s<=%d)(%s=%s))",
@@ -2369,7 +2531,7 @@ VmDnsDirSyncNewObjects(
 
     dwError = ldap_search_ext_s(
                         pDirContext->pLdap,
-                        pBaseDN,
+                        pszBaseDN,
                         LDAP_SCOPE_SUB,
                         pszFilter,
                         (PSTR*)ppszAttrs,
@@ -2453,8 +2615,8 @@ VmDnsDirSyncNewObjects(
     VmDnsDirClose(pDirContext);
 
     VMDNS_SAFE_FREE_MEMORY(pszFilter);
-
     VMDNS_SAFE_FREE_MEMORY(pszNodeDNCopy);
+    VMDNS_SAFE_FREE_MEMORY(pszBaseDN);
 
     if (pszNodeDN)
     {
@@ -2484,7 +2646,7 @@ VmDnsDirGetReplicationStatus(
     DWORD dwError = 0;
     DWORD dwUsnLen;
     DWORD i;
-    PCSTR pBaseDN = VMDNS_REPL_BASEDN;
+    PCSTR pszBaseDN = VMDNS_REPL_BASEDN;
     PCSTR pszFilter = VMDNS_REPL_FILTER;
     PCSTR ppszAttrs[] = {VMDNS_LDAP_ATTR_RUNTIMESTATUS, NULL};
 
@@ -2499,7 +2661,7 @@ VmDnsDirGetReplicationStatus(
 
     dwError = ldap_search_ext_s(
                     pDirContext->pLdap,
-                    pBaseDN,
+                    pszBaseDN,
                     LDAP_SCOPE_BASE,
                     pszFilter,
                     (PSTR*)ppszAttrs,
diff --git a/vmdns/server/common/lru.c b/vmdns/server/common/lru.c
index de301954f..234754270 100644
--- a/vmdns/server/common/lru.c
+++ b/vmdns/server/common/lru.c
@@ -118,7 +118,7 @@ VmDnsLruAddNameEntry(
             "LRU Cache Full, Evicting"
             );
 
-        dwError = VmDnsLruTrimEntries(
+        dwError = VmDnsLruClearEntries(
                             pLruList,
                             10);
         BAIL_ON_VMDNS_ERROR(dwError);
@@ -128,6 +128,7 @@ VmDnsLruAddNameEntry(
     VmDnsNameEntryAddRef(pNameEntry);
 
     ++pLruList->dwCurrentCount;
+    VmMetricsGaugeIncrement(gVmDnsGaugeMetrics[CACHE_OBJECT_COUNT]);
 
 cleanup:
 
@@ -162,6 +163,7 @@ VmDnsLruRemoveNameEntry(
 
     RemoveEntryList(&pNameEntry->LruList);
     --pLruList->dwCurrentCount;
+    VmMetricsGaugeDecrement(gVmDnsGaugeMetrics[CACHE_OBJECT_COUNT]);
     VmDnsNameEntryRelease(pNameEntry);
 
 cleanup:
@@ -213,24 +215,16 @@ VmDnsLruRefreshNameEntry(
 }
 
 DWORD
-VmDnsLruTrimEntries(
+VmDnsLruClearEntries(
     PVMDNS_LRU_LIST pLruList,
     DWORD dwCount
     )
 {
     DWORD dwError = 0;
-    BOOL bLocked = FALSE;
     PVMDNS_NAME_ENTRY pNameEntry = NULL;
     PLIST_ENTRY pLink = NULL;
 
-    assert(pLruList);
-    assert(pLruList->pLock);
-
-    dwError = VmDnsLockMutex(pLruList->pLock);
-    BAIL_ON_VMDNS_ERROR(dwError);
-    bLocked = TRUE;
-
-    //start purging from least priority up
+        //start purging from least priority up
     for (pLink = pLruList->LruListHead.Blink;
         (pLink != &pLruList->LruListHead && dwCount > 0);
         pLink = pLink->Blink)
@@ -239,6 +233,8 @@ VmDnsLruTrimEntries(
 
         RemoveEntryList(&pNameEntry->LruList);
         --pLruList->dwCurrentCount;
+        VmMetricsGaugeDecrement(gVmDnsGaugeMetrics[CACHE_OBJECT_COUNT]);
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[CACHE_LRU_PURGE_COUNT]);
 
         dwError = pLruList->pPurgeEntryProc(pNameEntry, pLruList->pZoneObject);
         BAIL_ON_VMDNS_ERROR(dwError && dwError != ERROR_INVALID_PARAMETER);
@@ -256,6 +252,33 @@ VmDnsLruTrimEntries(
     }
 cleanup:
 
+    return dwError;
+
+error:
+
+    goto cleanup;
+}
+
+DWORD
+VmDnsLruTrimEntries(
+    PVMDNS_LRU_LIST pLruList,
+    DWORD dwCount
+    )
+{
+    DWORD dwError = 0;
+    BOOL bLocked = FALSE;
+
+    assert(pLruList);
+    assert(pLruList->pLock);
+
+    dwError = VmDnsLockMutex(pLruList->pLock);
+    BAIL_ON_VMDNS_ERROR(dwError);
+    bLocked = TRUE;
+
+    dwError = VmDnsLruClearEntries(pLruList, dwCount);
+    BAIL_ON_VMDNS_ERROR(dwError);
+cleanup:
+
     if (bLocked)
     {
         VmDnsUnlockMutex(pLruList->pLock);
@@ -325,6 +348,7 @@ VmDnsLruClearList(PVMDNS_LRU_LIST pLruList)
     {
         RemoveEntryList((&pLruList->LruListHead)->Flink)
         pLruList->dwCurrentCount--;
+        VmMetricsGaugeDecrement(gVmDnsGaugeMetrics[CACHE_OBJECT_COUNT]);
     }
 
 cleanup:
diff --git a/vmdns/server/common/nameEntry.c b/vmdns/server/common/nameEntry.c
index 838ad737b..b2d6f5d38 100644
--- a/vmdns/server/common/nameEntry.c
+++ b/vmdns/server/common/nameEntry.c
@@ -31,6 +31,9 @@ VmDnsNameEntryCreate(
 
     pNameEntry->lRefCount = 1;
 
+    pNameEntry->dwRoundRobinIndex = 0;
+    pNameEntry->dwRoundRobinType = 0;
+
     dwError = VmDnsAllocateStringA(pszName, &pNameEntry->pszName);
     BAIL_ON_VMDNS_ERROR(dwError);
 
@@ -136,20 +139,27 @@ VmDnsNameEntryGetRecords(
     PVMDNS_RECORD_LIST      *ppRecordList
     )
 {
-    DWORD dwError = 0, i = 0;
+    DWORD dwError = 0, i = 0, dwListSize = 0;
     PVMDNS_RECORD_OBJECT pRecordObj = NULL;
     DWORD dwSize = VmDnsRecordListGetSize(pNameEntry->pRecords);
-    PVMDNS_RECORD_LIST pRecordList = NULL;
+    PVMDNS_RECORD_LIST pRecordList = NULL, pTempRecordList = NULL;
+    DWORD dwRoundRobinIndex = 0;
+
+    if (pNameEntry->dwRoundRobinType == rrType)
+    {
+        dwRoundRobinIndex = pNameEntry->dwRoundRobinIndex;
+    }
 
-    dwError = VmDnsRecordListCreate(&pRecordList);
+    dwError = VmDnsRecordListCreate(&pTempRecordList);
     BAIL_ON_VMDNS_ERROR(dwError);
 
     for (i = 0; i < dwSize; ++i)
     {
         pRecordObj = VmDnsRecordListGetRecord(pNameEntry->pRecords, i);
-        if (pRecordObj->pRecord->dwType == rrType || rrType == VMDNS_RR_QTYPE_ANY)
+        if (pRecordObj->pRecord->dwType == rrType || rrType == VMDNS_RR_QTYPE_ANY
+            || pRecordObj->pRecord->dwType == VMDNS_RR_TYPE_CNAME)
         {
-            dwError = VmDnsRecordListAdd(pRecordList, pRecordObj);
+            dwError = VmDnsRecordListAdd(pTempRecordList, pRecordObj);
             BAIL_ON_VMDNS_ERROR(dwError);
         }
 
@@ -157,10 +167,27 @@ VmDnsNameEntryGetRecords(
         pRecordObj = NULL;
     }
 
+    dwError = VmDnsRecordListRoundRobin(pTempRecordList, dwRoundRobinIndex, &pRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwListSize = VmDnsRecordListGetSize(pRecordList);
+    if (dwListSize)
+    {
+        dwRoundRobinIndex = (dwRoundRobinIndex + 1) % dwListSize;
+    }
+
+    pNameEntry->dwRoundRobinIndex = dwRoundRobinIndex;
+
+    if (pNameEntry->dwRoundRobinType != rrType)
+    {
+        pNameEntry->dwRoundRobinType = rrType;
+    }
+
     *ppRecordList = pRecordList;
 
 cleanup:
     VmDnsRecordObjectRelease(pRecordObj);
+    VmDnsRecordListRelease(pTempRecordList);
     return dwError;
 
 error:
diff --git a/vmdns/server/common/prototypes.h b/vmdns/server/common/prototypes.h
old mode 100644
new mode 100755
index f88a88cb4..27a0afc14
--- a/vmdns/server/common/prototypes.h
+++ b/vmdns/server/common/prototypes.h
@@ -157,6 +157,12 @@ VmDnsFreeDnsUpdateMessage(
     PVMDNS_UPDATE_MESSAGE pVmDnsMessage
     );
 
+DWORD
+VmDnsIsUpdatePermitted(
+    VMDNS_RR_TYPE   dwRecordType,
+    PVMDNS_RECORD_LIST pRecordList
+    );
+
 /* cache.c */
 
 DWORD
@@ -222,7 +228,8 @@ VmDnsCacheFindZoneByQName(
 DWORD
 VmDnsCachePurgeRecord(
     PVMDNS_ZONE_OBJECT pZoneObject,
-    PCSTR              pszRecord
+    PCSTR              pszRecord,
+    DWORD              dwCachePurgeEvent
     );
 
 DWORD
@@ -290,6 +297,12 @@ VmDnsLruRefreshNameEntry(
     PVMDNS_NAME_ENTRY pNameEntry
     );
 
+DWORD
+VmDnsLruClearEntries(
+    PVMDNS_LRU_LIST pLruList,
+    DWORD dwCount
+    );
+
 DWORD
 VmDnsLruTrimEntries(
     PVMDNS_LRU_LIST pLruList,
@@ -494,50 +507,76 @@ VmDnsNameEntryGetRecords(
 
 DWORD
 VmDnsForwarderInit(
-    PVMDNS_FORWARDER_CONETXT*   ppForwarder
+    PVMDNS_FORWARDER_CONTEXT*   ppForwarder
     );
 
 VOID
 VmDnsForwarderCleanup(
-    PVMDNS_FORWARDER_CONETXT    pForwarder
+    PVMDNS_FORWARDER_CONTEXT    pForwarder
     );
 
 DWORD
 VmDnsGetForwarders(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PSTR**                      pppszForwarders,
     PDWORD                      pdwCount
     );
 
+DWORD
+VmDnsGetForwarderAtIndex(
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
+    DWORD                       dwIndex,
+    PSTR*                       ppszForwarder
+    );
+
 DWORD
 VmDnsSetForwarders(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     DWORD                       dwCount,
     PSTR*                       ppszForwarders
     );
 
 DWORD
 VmDnsAddForwarder(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwarder
     );
 
 DWORD
 VmDnsDeleteForwarder(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
+    PVMDNS_FORWARDER_CONTEXT    pForwarder,
     PCSTR                       pszForwarder
     );
 
 DWORD
-VmDnsForwarderResolveRequest(
-    PVMDNS_FORWARDER_CONETXT    pForwarder,
-    BOOL                        bUseUDP,
-    BOOL                        bRecusive,
-    DWORD                       dwQuerySize,
-    PBYTE                       pQueryBuffer,
-    PDWORD                      pdwResponseSize,
-    PBYTE*                      ppResopnse,
-    PUCHAR                      prCode
+VmDnsAllocateForwarderPacketContext(
+   PVMDNS_FORWARDER_PACKET_CONTEXT* ppForwarderContext
+   );
+
+PVMDNS_FORWARDER_PACKET_CONTEXT
+VmDnsAcquireForwarderPacketContext(
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext
+    );
+
+VOID
+VmDnsReleaseForwarderPacketContext(
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext
+    );
+
+DWORD
+VmDnsForwardRequest(
+    PVMDNS_FORWARDER_PACKET_CONTEXT      pForwarderPacketContext,
+    BOOL                                 bUseUDP,
+    PVM_SOCK_IO_BUFFER                   pIoBuffer
+    );
+
+DWORD
+VmDnsForwardResponse(
+    BOOL        bUseUDP,
+    PVM_SOCKET  pSocket,
+    PBYTE*      ppResponse,
+    PDWORD      pdwResponseSize,
+    PDWORD      pdwRCode
     );
 
 //dirfacade
diff --git a/vmdns/server/common/recordlist.c b/vmdns/server/common/recordlist.c
index e798b42cd..3e6366a16 100644
--- a/vmdns/server/common/recordlist.c
+++ b/vmdns/server/common/recordlist.c
@@ -103,6 +103,32 @@ VmDnsRecordListAdd(
     goto cleanup;
 }
 
+DWORD
+VmDnsRecordListAddList(
+    PVMDNS_RECORD_LIST          pDestList,
+    PVMDNS_RECORD_LIST          pSrcList
+    )
+{
+    DWORD dwError = 0, i = 0, dwRecordListSize = 0;
+
+    if (!pSrcList || pSrcList->dwCurrentSize == 0)
+        return dwError;
+
+    dwRecordListSize = VmDnsRecordListGetSize(pSrcList);
+
+    for (; i < dwRecordListSize; i++)
+    {
+        dwError = VmDnsRecordListAdd(pDestList, pSrcList->ppRecords[i]);
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
 
 DWORD
 VmDnsRecordListRemove(
@@ -215,6 +241,52 @@ VmDnsRecordListRelease(
     }
 }
 
+DWORD
+VmDnsRecordListRoundRobin(
+    PVMDNS_RECORD_LIST          pList,
+    DWORD                       dwIndex,
+    PVMDNS_RECORD_LIST          *ppList
+    )
+{
+    PVMDNS_RECORD_LIST pRecordList = NULL;
+    DWORD dwSize = 0, dwError = 0, i = 0;
+    PVMDNS_RECORD_OBJECT pRecordObj = NULL;
+    DWORD dwRecordIndex = dwIndex;
+
+    BAIL_ON_VMDNS_INVALID_POINTER(pList,dwError);
+    BAIL_ON_VMDNS_INVALID_POINTER(ppList,dwError);
+
+    dwError = VmDnsRecordListCreate(&pRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwSize = VmDnsRecordListGetSize(pList);
+
+    for (; i < dwSize; i++)
+    {
+        pRecordObj = VmDnsRecordListGetRecord(pList, dwRecordIndex);
+
+        dwError = VmDnsRecordListAdd(pRecordList, pRecordObj);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        dwRecordIndex = (dwRecordIndex + 1) % dwSize;
+    }
+
+    *ppList = pRecordList;
+
+cleanup:
+    VmDnsRecordObjectRelease(pRecordObj);
+    return dwError;
+
+error:
+    VmDnsRecordListRelease(pRecordList);
+    if(ppList)
+    {
+        *ppList = NULL;
+    }
+
+    goto cleanup;
+}
+
 DWORD
 VmDnsCopyRecordArray(
     PVMDNS_RECORD_LIST  pRecordList,
diff --git a/vmdns/server/common/serviceapi.c b/vmdns/server/common/serviceapi.c
index 103cf1eec..ba598c137 100644
--- a/vmdns/server/common/serviceapi.c
+++ b/vmdns/server/common/serviceapi.c
@@ -35,7 +35,7 @@ VmDnsSrvInitialize(
     )
 {
     DWORD dwError = ERROR_SUCCESS;
-    PVMDNS_FORWARDER_CONETXT pForwarderContext = NULL;
+    PVMDNS_FORWARDER_CONTEXT pForwarderContext = NULL;
     PVMDNS_CACHE_CONTEXT pCacheContext = NULL;
     PVMDNS_SECURITY_CONTEXT pSecurityContext = NULL;
 
@@ -293,6 +293,7 @@ VmDnsSrvAddRecord(
     DWORD dwError = 0;
     PSTR pszName = NULL;
     PVMDNS_RECORD_LIST pRecordList = NULL;
+    VMDNS_RR_TYPE dwType = pRecord->dwType;
 
     if (VMDNS_READY != VmDnsSrvGetState())
     {
@@ -312,32 +313,25 @@ VmDnsSrvAddRecord(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    if (VmDnsIsUpdatePermitted(pRecord->dwType))
+    if (pRecord->dwType == VMDNS_RR_TYPE_CNAME)
     {
-        dwError = VmDnsSrvQueryRecords(
-                            pZoneObject,
-                            pRecord->pszName,
-                            pRecord->dwType,
-                            0,
-                            &pRecordList
-                            );
-        BAIL_ON_VMDNS_ERROR_IF(dwError && dwError != ERROR_NOT_FOUND);
-
-        if (pRecordList &&
-            VmDnsRecordListGetSize(pRecordList) == 1)
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDNS_ERROR(dwError);
-        }
+        dwType = VMDNS_RR_QTYPE_ANY;
     }
 
+    dwError = VmDnsSrvGetRecords(pZoneObject, pRecord->pszName, dwType, &pRecordList);
+
+    BAIL_ON_VMDNS_ERROR_IF(dwError && dwError != ERROR_NOT_FOUND);
+
+    dwError = VmDnsIsUpdatePermitted(pRecord->dwType,pRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
     dwError = VmDnsStoreAddZoneRecord(
                         pszName,
                         pRecord
                         );
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmDnsCachePurgeRecord(pZoneObject, pRecord->pszName);
+    dwError = VmDnsCachePurgeRecord(pZoneObject, pRecord->pszName, CACHE_PURGE_MODIFICATION);
     BAIL_ON_VMDNS_ERROR(dwError);
 
 cleanup:
@@ -372,23 +366,10 @@ VmDnsSrvDeleteRecord(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    if (VmDnsIsUpdatePermitted(pRecord->dwType))
+    if (pRecord->dwType == VMDNS_RR_TYPE_SOA)
     {
-        dwError = VmDnsSrvQueryRecords(
-                            pZoneObject,
-                            pRecord->pszName,
-                            pRecord->dwType,
-                            0,
-                            &pRecordList
-                            );
-        BAIL_ON_VMDNS_ERROR_IF(dwError && dwError != ERROR_NOT_FOUND);
-
-        if (pRecordList &&
-            VmDnsRecordListGetSize(pRecordList) < 1)
-        {
-            dwError = ERROR_INVALID_PARAMETER;
-            BAIL_ON_VMDNS_ERROR(dwError);
-        }
+        dwError = ERROR_OPERATION_NOT_PERMITTED;
+        BAIL_ON_VMDNS_ERROR(dwError);
     }
 
     dwError = VmDnsCacheGetZoneName(
@@ -521,82 +502,70 @@ VmDnsSrvDeleteRecords(
 }
 
 DWORD
-VmDnsSrvQueryRecords(
+VmDnsSrvGetRecords(
     PVMDNS_ZONE_OBJECT  pZoneObject,
     PCSTR               pszName,
     VMDNS_RR_TYPE       dwType,
-    DWORD               dwOptions,
     PVMDNS_RECORD_LIST  *ppRecordList
     )
 {
     DWORD dwError = 0;
-    PVMDNS_RECORD_LIST pRecordList = NULL;
     PSTR pszZone = NULL;
     PSTR szNameFqdn = NULL;
     PCSTR szNameQuery = NULL;
-
-    if (!pZoneObject)
-    {
-        dwError = ERROR_INVALID_PARAMETER;
-        BAIL_ON_VMDNS_ERROR(dwError);
-    }
-
-    if (VMDNS_READY != VmDnsSrvGetState())
-    {
-        dwError = ERROR_NOT_READY;
-        BAIL_ON_VMDNS_ERROR(dwError);
-    }
+    PVMDNS_RECORD_LIST pRecordList = NULL;
 
     dwError = VmDnsCacheGetZoneName(
-                        pZoneObject,
-                        &pszZone
-                        );
+                pZoneObject,
+                &pszZone
+                );
     BAIL_ON_VMDNS_ERROR(dwError);
 
     dwError = VmDnsMakeFQDN(
-                    pszName,
-                    pszZone,
-                    &szNameFqdn
-                    );
+                pszName,
+                pszZone,
+                &szNameFqdn
+                );
     BAIL_ON_VMDNS_ERROR(dwError);
 
     szNameQuery = szNameFqdn ? szNameFqdn : pszName;
 
     dwError = VmDnsZoneGetRecords(
-                        pZoneObject,
-                        szNameQuery,
-                        dwType,
-                        &pRecordList
-                        );
+                pZoneObject,
+                szNameQuery,
+                dwType,
+                &pRecordList
+                );
     BAIL_ON_VMDNS_ERROR_IF(dwError && dwError != ERROR_NOT_FOUND);
 
-    if (!pRecordList)
+    if (!pRecordList || VmDnsRecordListGetSize(pRecordList) == 0)
     {
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[CACHE_CACHE_MISS]);
         dwError = VmDnsStoreGetRecords(
-                            pszZone,
-                            szNameQuery,
-                            &pRecordList
-                            );
+                    pszZone,
+                    szNameQuery,
+                    &pRecordList
+                    );
         BAIL_ON_VMDNS_ERROR(dwError && dwError != ERROR_NOT_FOUND);
 
         if (pRecordList)
         {
             dwError = VmDnsZoneUpdateRecords(
-                                pZoneObject,
-                                szNameQuery,
-                                pRecordList
-                                );
+                        pZoneObject,
+                        szNameQuery,
+                        pRecordList
+                        );
             BAIL_ON_VMDNS_ERROR(dwError);
 
             VmDnsRecordListRelease(pRecordList);
             pRecordList = NULL;
 
             dwError = VmDnsZoneGetRecords(
-                            pZoneObject,
-                            szNameQuery,
-                            dwType,
-                            &pRecordList
-                            );
+                        pZoneObject,
+                        szNameQuery,
+                        dwType,
+                        &pRecordList
+                        );
             BAIL_ON_VMDNS_ERROR(dwError);
         }
     }
@@ -610,7 +579,155 @@ VmDnsSrvQueryRecords(
     return dwError;
 
 error:
+    if (ppRecordList)
+    {
+        *ppRecordList = NULL;
+    }
+
+    VmDnsRecordListRelease(pRecordList);
+
+    goto cleanup;
+}
+
+DWORD
+VmDnsSrvQueryRecords(
+    PVMDNS_ZONE_OBJECT  pZoneObject,
+    PCSTR               pszName,
+    VMDNS_RR_TYPE       dwType,
+    DWORD               dwOptions,
+    PVMDNS_RECORD_LIST  *ppRecordList
+    )
+{
+    DWORD dwError = 0, dwRecordListSize = 0, dwRecursionIndex = 0, i = 0;
+    PVMDNS_RECORD_LIST pRecordList = NULL;
+    PVMDNS_RECORD_LIST pLinkedRecordList = NULL;
+    PVMDNS_RECORD_LIST pTempRecordList = NULL;
+    PVMDNS_RECORD_OBJECT pRecordObject = NULL;
+
+    if (!pZoneObject)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    if (VMDNS_READY != VmDnsSrvGetState())
+    {
+        dwError = ERROR_NOT_READY;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsRecordListCreate(&pLinkedRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsSrvGetRecords(pZoneObject, pszName, dwType, &pRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwRecordListSize = VmDnsRecordListGetSize(pRecordList);
+
+    for (; i < dwRecordListSize; i++)
+    {
+        pRecordObject = VmDnsRecordListGetRecord(pRecordList, i);
+
+        dwError = VmDnsGetLinkedRecords(++dwRecursionIndex,
+                                        pZoneObject,
+                                        dwType,
+                                        pRecordObject->pRecord,
+                                        &pTempRecordList
+                                        );
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        dwError = VmDnsRecordListAddList(pLinkedRecordList, pTempRecordList);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        VmDnsRecordListRelease(pTempRecordList);
+        pTempRecordList = NULL;
+    }
+
+    dwError = VmDnsRecordListAddList(pRecordList, pLinkedRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    *ppRecordList = pRecordList;
+
+cleanup:
+    VmDnsRecordObjectRelease(pRecordObject);
+    VmDnsRecordListRelease(pLinkedRecordList);
+
+    return dwError;
+
+error:
+    if (ppRecordList)
+    {
+        *ppRecordList = NULL;
+    }
+
+    VmDnsRecordListRelease(pRecordList);
+
+    goto cleanup;
+}
 
+DWORD
+VmDnsGetLinkedRecords(
+    DWORD               dwRecursionIndex,
+    PVMDNS_ZONE_OBJECT  pZoneObject,
+    VMDNS_RR_TYPE       dwType,
+    PVMDNS_RECORD       pRecord,
+    PVMDNS_RECORD_LIST  *ppRecordList
+    )
+{
+    DWORD dwError = 0, i = 0, dwRecordListSize = 0;
+    PVMDNS_RECORD_LIST pRecordList = NULL;
+    PVMDNS_RECORD_LIST pTempRecordList = NULL;
+    PVMDNS_RECORD_LIST pLinkedRecordList = NULL;
+    PVMDNS_RECORD_OBJECT pRecordObject = NULL;
+
+    if(pRecord->dwType != VMDNS_RR_TYPE_CNAME)
+        return 0;
+
+    if(dwRecursionIndex > 4)
+    {
+        dwError = ERROR_NOT_SUPPORTED;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsRecordListCreate(&pLinkedRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsSrvGetRecords(pZoneObject, pRecord->Data.CNAME.pNameHost, dwType, &pRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwRecordListSize = VmDnsRecordListGetSize(pRecordList);
+
+    for (; i < dwRecordListSize; i++)
+    {
+        pRecordObject = VmDnsRecordListGetRecord(pRecordList, i);
+
+        dwError = VmDnsGetLinkedRecords(++dwRecursionIndex,
+                                        pZoneObject,
+                                        dwType,
+                                        pRecordObject->pRecord,
+                                        &pTempRecordList
+                                        );
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        dwError = VmDnsRecordListAddList(pLinkedRecordList, pTempRecordList);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        VmDnsRecordListRelease(pTempRecordList);
+        pTempRecordList = NULL;
+    }
+
+    dwError = VmDnsRecordListAddList(pRecordList, pLinkedRecordList);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    *ppRecordList = pRecordList;
+
+cleanup:
+    VmDnsRecordObjectRelease(pRecordObject);
+    VmDnsRecordListRelease(pLinkedRecordList);
+
+    return dwError;
+
+error:
     if (ppRecordList)
     {
         *ppRecordList = NULL;
@@ -684,6 +801,7 @@ VmDnsSrvListRecords(
     *ppRecordList = pRecordList;
 
 cleanup:
+    VMDNS_SAFE_FREE_STRINGA(pszZone);
     return dwError;
 
 error:
@@ -1004,6 +1122,28 @@ VmDnsSrvInitDomain(
             }
         }
     }
+
+    for (idx = 0; idx < 5 || VmDnsSrvGetState() != VMDNS_READY; idx++)
+    {
+        dwError = VmDnsConditionSignal(gpSrvContext->pCacheContext->pRefreshEvent);
+        if (dwError)
+        {
+            VMDNS_LOG_ERROR("Failed to signal cache refresh thread with %u.", dwError);
+        }
+        BAIL_ON_VMDNS_ERROR(dwError);
+        sleep(5);
+    }
+
+    if (VmDnsSrvGetState() != VMDNS_READY)
+    {
+        dwError = ERROR_INVALID_STATE;
+        VMDNS_LOG_ERROR("Failed to populate cache and VMDNS state is not ready: %u.", dwError);
+    }
+    else
+    {
+        VMDNS_LOG_INFO("Succesfully populated cache and VMDNS state is ready: %u.", dwError);
+    }
+
     dwError = VmDnsCacheLoadZoneFromStore(
                             gpSrvContext->pCacheContext,
                             pInitInfo->pszDomain
@@ -1033,6 +1173,8 @@ VmDnsSrvCleanupDomain(
     PVMDNS_RECORD_LIST pNsRecordList = NULL;
     PVMDNS_RECORD_LIST pLdapSrvRecordList = NULL;
     PVMDNS_RECORD_LIST pKerberosSrvRecordList = NULL;
+    PVMDNS_RECORD_LIST pLdapDcSrvRecordList = NULL;
+    PVMDNS_RECORD_LIST pKerberosDcSrvRecordList = NULL;
     PVMDNS_RECORD_LIST pIpV4RecordList = NULL;
     PVMDNS_RECORD_LIST pIpV6RecordList = NULL;
     DWORD idx = 0;
@@ -1103,6 +1245,32 @@ VmDnsSrvCleanupDomain(
         VMDNS_LOG_ERROR("%s, failed to get KDC SRV records.", __FUNCTION__);
     }
 
+    // Query LDAP TCP DC SRV record(s)
+    dwError = VmDnsSrvQueryRecords(
+                    pZoneObject,
+                    VMDNS_LDAP_DC_SRV_NAME,
+                    VMDNS_RR_TYPE_SRV,
+                    0,
+                    &pLdapDcSrvRecordList
+                    );
+    if (dwError)
+    {
+        VMDNS_LOG_ERROR("%s, failed to get LDAP DC SRV records.", __FUNCTION__);
+    }
+
+    // Query KDC TCP DC SRV record(s)
+    dwError = VmDnsSrvQueryRecords(
+                    pZoneObject,
+                    VMDNS_KERBEROS_DC_SRV_NAME,
+                    VMDNS_RR_TYPE_SRV,
+                    0,
+                    &pKerberosDcSrvRecordList
+                    );
+    if (dwError)
+    {
+        VMDNS_LOG_ERROR("%s, failed to get KDC DC SRV records.", __FUNCTION__);
+    }
+
     // Query A record(s)
     dwError = VmDnsSrvQueryRecords(
                     pZoneObject,
@@ -1153,7 +1321,13 @@ VmDnsSrvCleanupDomain(
         }
     }
 
-    srvRecord.pszName = VMDNS_LDAP_SRV_NAME;
+    dwError = VmDnsAllocateStringPrintfA(
+                            &srvRecord.pszName,
+                            "%s.%s",
+                            VMDNS_LDAP_SRV_NAME,
+                            pInitInfo->pszDomain
+                            );
+    BAIL_ON_VMDNS_ERROR(dwError);
     srvRecord.dwType = VMDNS_RR_TYPE_SRV;
     srvRecord.iClass = VMDNS_CLASS_IN;
     srvRecord.Data.SRV.pNameTarget = pInitInfo->pszDcSrvName;
@@ -1181,7 +1355,14 @@ VmDnsSrvCleanupDomain(
         }
     }
 
-    srvRecord.pszName = VMDNS_KERBEROS_SRV_NAME;
+    VMDNS_SAFE_FREE_STRINGA(srvRecord.pszName);
+    dwError = VmDnsAllocateStringPrintfA(
+                            &srvRecord.pszName,
+                            "%s.%s",
+                            VMDNS_KERBEROS_SRV_NAME,
+                            pInitInfo->pszDomain
+                            );
+    BAIL_ON_VMDNS_ERROR(dwError);
 
     // Remove KDC TCP SRV record(s)
     if (pKerberosSrvRecordList)
@@ -1206,6 +1387,70 @@ VmDnsSrvCleanupDomain(
         }
     }
 
+    VMDNS_SAFE_FREE_STRINGA(srvRecord.pszName);
+    dwError = VmDnsAllocateStringPrintfA(
+                            &srvRecord.pszName,
+                            "%s.%s",
+                            VMDNS_LDAP_DC_SRV_NAME,
+                            pInitInfo->pszDomain
+                            );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    // Remove KDC TCP DC SRV record(s)
+    if (pLdapDcSrvRecordList)
+    {
+        for (idx = 0; idx < pLdapDcSrvRecordList->dwCurrentSize; ++idx)
+        {
+            if (VmDnsMatchRecord(
+                        &srvRecord,
+                        pLdapDcSrvRecordList->ppRecords[idx]->pRecord))
+            {
+                dwError = VmDnsSrvDeleteRecord(
+                                    pZoneObject,
+                                    pLdapDcSrvRecordList->ppRecords[idx]->pRecord
+                                    );
+                VMDNS_LOG_INFO(
+                        "Cleanup LDAP:DC:SRV record %s from zone %s, status: %u.",
+                        pLdapDcSrvRecordList->ppRecords[idx]->pRecord->pszName,
+                        pInitInfo->pszDomain,
+                        dwError
+                        );
+            }
+        }
+    }
+
+    VMDNS_SAFE_FREE_STRINGA(srvRecord.pszName);
+    dwError = VmDnsAllocateStringPrintfA(
+                            &srvRecord.pszName,
+                            "%s.%s",
+                            VMDNS_KERBEROS_DC_SRV_NAME,
+                            pInitInfo->pszDomain
+                            );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    // Remove KDC TCP DC SRV record(s)
+    if (pKerberosDcSrvRecordList)
+    {
+        for (idx = 0; idx < pKerberosDcSrvRecordList->dwCurrentSize; ++idx)
+        {
+            if (VmDnsMatchRecord(
+                        &srvRecord,
+                        pKerberosDcSrvRecordList->ppRecords[idx]->pRecord))
+            {
+                dwError = VmDnsSrvDeleteRecord(
+                                    pZoneObject,
+                                    pKerberosDcSrvRecordList->ppRecords[idx]->pRecord
+                                    );
+                VMDNS_LOG_INFO(
+                        "Cleanup KDC:DC:SRV record %s from zone %s, status: %u.",
+                        pKerberosDcSrvRecordList->ppRecords[idx]->pRecord->pszName,
+                        pInitInfo->pszDomain,
+                        dwError
+                        );
+            }
+        }
+    }
+
     // Remove A record(s)
     if (pIpV4RecordList)
     {
@@ -1250,9 +1495,12 @@ VmDnsSrvCleanupDomain(
     VmDnsRecordListRelease(pIpV4RecordList);
     VmDnsRecordListRelease(pIpV6RecordList);
     VMDNS_SAFE_FREE_STRINGA(pszAddressRecordName);
+    VMDNS_SAFE_FREE_STRINGA(srvRecord.pszName);
+
     return dwError;
 error:
     VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed. Error(%u)", __FUNCTION__, dwError);
+
     goto cleanup;
 }
 
diff --git a/vmdns/server/common/sockinterface.c b/vmdns/server/common/sockinterface.c
index 2f9a3a71a..7638e7d89 100644
--- a/vmdns/server/common/sockinterface.c
+++ b/vmdns/server/common/sockinterface.c
@@ -132,6 +132,28 @@ VmDnsOnUdpResponseDataWrite(
     PVM_SOCK_IO_BUFFER  pIoBuffer
     );
 
+static
+DWORD
+VmDnsOnForwarderResponse(
+    BOOL                bUseUDP,
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    );
+
+static
+DWORD
+VmDnsOnUdpForwardResponse(
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    );
+
+static
+DWORD
+VmDnsOnTcpForwardResponse(
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    );
+
 static
 DWORD
 VmDnsDisconnectClient(
@@ -144,6 +166,14 @@ VmDnsSockWorkerThreadProc(
     PVOID               pData
     );
 
+static
+DWORD
+VmDnsOnForwarderRequest(
+    BOOL                bUseUDP,
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    );
+
 typedef DWORD
 (*PVMDNS_SOCK_EVENT_HANDLER)(
     PVM_SOCKET pSocket,
@@ -170,6 +200,10 @@ static PVMDNS_SOCK_EVENT_HANDLER eventHandlerMap[] =
             &VmDnsOnUdpRequestDataRead,
     [VM_SOCK_EVENT_TYPE_UDP_RESPONSE_DATA_WRITE] =
             &VmDnsOnUdpResponseDataWrite,
+    [VM_SOCK_EVENT_TYPE_UDP_FWD_RESPONSE_DATA_READ] =
+            &VmDnsOnUdpForwardResponse,
+    [VM_SOCK_EVENT_TYPE_TCP_FWD_RESPONSE_DATA_READ] =
+            &VmDnsOnTcpForwardResponse,
     [VM_SOCK_EVENT_TYPE_CONNECTION_CLOSED] =
             &VmDnsOnDisconnect,
     [VM_SOCK_EVENT_TYPE_MAX] = NULL
@@ -238,7 +272,7 @@ VmDnsInitProtocolServer(
     BAIL_ON_VMDNS_ERROR(dwError);
 
     /* Handle IPv4 case */
-    dwError = VmwSockOpenServer(
+    dwError = VmDnsSockOpenServer(
                         VMW_DNS_PORT,
                         -1,
                         dwFlags | VM_SOCK_CREATE_FLAGS_UDP |
@@ -246,7 +280,7 @@ VmDnsInitProtocolServer(
                         &pSockContext->pListenerUDP);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockOpenServer(
+    dwError = VmDnsSockOpenServer(
                         VMW_DNS_PORT,
                         VMW_DNS_DEFAULT_THREAD_COUNT,
                         dwFlags | VM_SOCK_CREATE_FLAGS_TCP |
@@ -256,7 +290,7 @@ VmDnsInitProtocolServer(
 
 #ifdef AF_INET6
     /* Handle IPv6 case */
-    dwError = VmwSockOpenServer(
+    dwError = VmDnsSockOpenServer(
                         VMW_DNS_PORT,
                         -1,
                         dwFlags | VM_SOCK_CREATE_FLAGS_UDP |
@@ -264,7 +298,7 @@ VmDnsInitProtocolServer(
                         &pSockContext->pListenerUDP6);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockOpenServer(
+    dwError = VmDnsSockOpenServer(
                         VMW_DNS_PORT,
                         VMW_DNS_DEFAULT_THREAD_COUNT,
                         dwFlags | VM_SOCK_CREATE_FLAGS_TCP |
@@ -273,33 +307,37 @@ VmDnsInitProtocolServer(
     BAIL_ON_VMDNS_ERROR(dwError);
 #endif
 
-    dwError = VmwSockCreateEventQueue(-1, &pSockContext->pEventQueue);
+    dwError = VmDnsSockCreateEventQueue(-1, &pSockContext->pEventQueue);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockEventQueueAdd(
+    dwError = VmDnsSockEventQueueAdd(
                         pSockContext->pEventQueue,
+                        FALSE,
                         pSockContext->pListenerTCP);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockEventQueueAdd(
+    dwError = VmDnsSockEventQueueAdd(
                         pSockContext->pEventQueue,
+                        FALSE,
                         pSockContext->pListenerUDP);
     BAIL_ON_VMDNS_ERROR(dwError);
 
 #ifdef AF_INET6
-    dwError = VmwSockEventQueueAdd(
+    dwError = VmDnsSockEventQueueAdd(
                         pSockContext->pEventQueue,
+                        FALSE,
                         pSockContext->pListenerTCP6);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockEventQueueAdd(
+    dwError = VmDnsSockEventQueueAdd(
                         pSockContext->pEventQueue,
+                        FALSE,
                         pSockContext->pListenerUDP6);
     BAIL_ON_VMDNS_ERROR(dwError);
 #endif
 
 #ifdef WIN32
-    dwError = VmwSockStartListening(
+    dwError = VmDnsSockStartListening(
                         pSockContext->pListenerTCP,
                         VMW_DNS_DEFAULT_THREAD_COUNT);
     BAIL_ON_VMDNS_ERROR(dwError);
@@ -310,9 +348,9 @@ VmDnsInitProtocolServer(
                         (PVOID*)&pSockContext->pWorkerThreads);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    pSockContext->dwNumThreads = VMW_DNS_DEFAULT_THREAD_COUNT;
+    pSockContext->dwNumThreads = 0;
 
-    for (; iThr < pSockContext->dwNumThreads; iThr++)
+    for (; iThr < VMW_DNS_DEFAULT_THREAD_COUNT; iThr++)
     {
         dwError = VmDnsAllocateMemory(
                             sizeof(VMDNS_THREAD),
@@ -322,11 +360,12 @@ VmDnsInitProtocolServer(
 
         dwError = VmDnsCreateThread(
                             pSockContext->pWorkerThreads[iThr],
-                            TRUE,
+                            FALSE,
                             (PVMDNS_START_ROUTINE)&VmDnsSockWorkerThreadProc,
                             pSockContext
                             );
-            BAIL_ON_VMDNS_ERROR(dwError);
+        BAIL_ON_VMDNS_ERROR(dwError);
+        pSockContext->dwNumThreads++;
     }
 
     gpSrvContext->pSockContext = pSockContext;
@@ -376,7 +415,7 @@ VmDnsSockWorkerThreadProc(
     {
         VM_SOCK_EVENT_TYPE eventType = VM_SOCK_EVENT_TYPE_UNKNOWN;
 
-        dwError = VmwSockWaitForEvent(
+        dwError = VmDnsSockWaitForEvent(
                         pSockContext->pEventQueue,
                         -1,
                         &pSocket,
@@ -397,6 +436,8 @@ VmDnsSockWorkerThreadProc(
             pSocket = pSockContext->pListenerUDP;
         }
 
+        VmMetricsGaugeIncrement(gVmDnsGaugeMetrics[DNS_ACTIVE_SERVICE_THREADS]);
+
         dwError = VmDnsHandleSocketEvent(
                         pSocket,
                         eventType,
@@ -424,6 +465,8 @@ VmDnsSockWorkerThreadProc(
             pIoBuffer = NULL;
             dwError = 0;
         }
+
+        VmMetricsGaugeDecrement(gVmDnsGaugeMetrics[DNS_ACTIVE_SERVICE_THREADS]);
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
@@ -431,7 +474,7 @@ VmDnsSockWorkerThreadProc(
 
     if (pSocket)
     {
-        VmwSockRelease(pSocket);
+        VmDnsSockRelease(pSocket);
     }
 
     return NULL;
@@ -452,10 +495,11 @@ VmDnsHandleSocketEvent(
         if (pEventHandler)
         {
             VMDNS_LOG_DEBUG(
-                    "New Event - %s, Buffer Size: %d, Buffer Ptr: %p",
+                    "New Event - %s, Buffer Size: %d, Buffer Ptr: %p, Thread Ptr: %p",
                     ppszEventTypeMap[sockEvent],
                     pIoBuffer ? pIoBuffer->dwTotalBytesTransferred : 0,
-                    pIoBuffer);
+                    pIoBuffer,
+                    pthread_self());
 
             dwError = pEventHandler(pSocket, pIoBuffer);
             BAIL_ON_VMDNS_ERROR(dwError);
@@ -471,7 +515,8 @@ VmDnsHandleSocketEvent(
 
     if (dwError != ERROR_IO_PENDING && pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return dwError;
@@ -488,6 +533,7 @@ VmDnsOnTcpNewConnection(
     )
 {
     DWORD dwError = 0;
+    VmMetricsGaugeIncrement(gVmDnsGaugeMetrics[DNS_OUTSTANDING_REQUEST_COUNT]);
 
     if (!pSocket)
     {
@@ -500,7 +546,7 @@ VmDnsOnTcpNewConnection(
     BAIL_ON_VMDNS_ERROR(dwError);
 #endif
 cleanup:
-
+    VmMetricsGaugeDecrement(gVmDnsGaugeMetrics[DNS_OUTSTANDING_REQUEST_COUNT]);
     return dwError;
 
 error:
@@ -518,12 +564,13 @@ VmDnsOnDisconnect(
 
     if (pSocket)
     {
-        VmwSockClose(pSocket);
+        VmDnsSockClose(pSocket);
     }
 
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return ERROR_SUCCESS;
@@ -550,7 +597,8 @@ VmDnsOnDataAvailable(
 cleanup:
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return dwError;
@@ -576,7 +624,7 @@ VmDnsReceiveData(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    dwError = VmwSockGetProtocol(pSocket, &dwProtocol);
+    dwError = VmDnsSockGetProtocol(pSocket, &dwProtocol);
     BAIL_ON_VMDNS_ERROR(dwError);
 
     if (dwProtocol == SOCK_STREAM)
@@ -593,7 +641,8 @@ VmDnsReceiveData(
 cleanup:
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return dwError;
@@ -633,7 +682,8 @@ VmDnsTcpReceiveData(
 cleanup:
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return dwError;
@@ -671,7 +721,8 @@ VmDnsUdpReceiveData(
 cleanup:
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return dwError;
@@ -690,13 +741,14 @@ VmDnsTcpReceiveNewData(
     DWORD dwError = 0;
     PVM_SOCK_IO_BUFFER  pIoBuffer = NULL;
 
-    dwError = VmwSockAllocateIoBuffer(
+    dwError = VmDnsSockAllocateIoBuffer(
                         VM_SOCK_EVENT_TYPE_TCP_REQUEST_SIZE_READ,
+                        NULL,
                         sizeof(UINT16),
                         &pIoBuffer);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockRead(
+    dwError = VmDnsSockRead(
                         pSocket,
                         pIoBuffer);
 
@@ -719,7 +771,8 @@ VmDnsTcpReceiveNewData(
 
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
     return dwError;
@@ -737,14 +790,17 @@ VmDnsUdpReceiveNewData(
 {
     DWORD dwError = 0;
     PVM_SOCK_IO_BUFFER  pIoBuffer = NULL;
+    VmMetricsGaugeIncrement(gVmDnsGaugeMetrics[DNS_OUTSTANDING_REQUEST_COUNT]);
 
-    dwError = VmwSockAllocateIoBuffer(
+    dwError = VmDnsSockAllocateIoBuffer(
                         VM_SOCK_EVENT_TYPE_UDP_REQUEST_DATA_READ,
+                        NULL,
                         VMDNS_UDP_PACKET_SIZE,
                         &pIoBuffer);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockRead(
+
+    dwError = VmDnsSockRead(
                         pSocket,
                         pIoBuffer);
 
@@ -767,9 +823,11 @@ VmDnsUdpReceiveNewData(
 
     if (pIoBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoBuffer);
     }
 
+    VmMetricsGaugeDecrement(gVmDnsGaugeMetrics[DNS_OUTSTANDING_REQUEST_COUNT]);
     return dwError;
 
 error:
@@ -803,16 +861,17 @@ VmDnsOnTcpRequestSizeRead(
 
     uSizeToRead = htons(*((UINT16*)(pIoBuffer->pData)));
 
-    dwError = VmwSockAllocateIoBuffer(
+    dwError = VmDnsSockAllocateIoBuffer(
                         VM_SOCK_EVENT_TYPE_TCP_REQUEST_DATA_READ,
+                        NULL,
                         uSizeToRead,
                         &pIoNewBuffer);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockSetData(pSocket, pIoBuffer, &pOldData);
+    dwError = VmDnsSockSetData(pSocket, pIoBuffer, &pOldData);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockRead(
+    dwError = VmDnsSockRead(
                         pSocket,
                         pIoNewBuffer);
 
@@ -834,7 +893,8 @@ VmDnsOnTcpRequestSizeRead(
 
     if (pIoNewBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoNewBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoNewBuffer);
     }
 
     return dwError;
@@ -870,7 +930,7 @@ VmDnsOnTcpRequestDataRead(
 
     if (pIoBuffer->dwExpectedSize > pIoBuffer->dwTotalBytesTransferred)
     {
-        dwError = VmwSockRead(
+        dwError = VmDnsSockRead(
                         pSocket,
                         pIoBuffer
                         );
@@ -899,66 +959,76 @@ VmDnsOnTcpRequestDataRead(
                             );
         BAIL_ON_VMDNS_ERROR(dwError);
 
-        dwError = VmwSockAllocateIoBuffer(
-                            VM_SOCK_EVENT_TYPE_TCP_RESPONSE_SIZE_WRITE,
-                            sizeof(INT16),
-                            &pIoSizeBuffer
-                            );
-        BAIL_ON_VMDNS_ERROR(dwError);
-
-        dwError = VmwSockAllocateIoBuffer(
-                            VM_SOCK_EVENT_TYPE_TCP_RESPONSE_DATA_WRITE,
-                            dwDnsResponseSize,
-                            &pIoNewBuffer
-                            );
-        BAIL_ON_VMDNS_ERROR(dwError);
+        if (!rCode)
+        {
+            dwError = VmDnsSockAllocateIoBuffer(
+                                VM_SOCK_EVENT_TYPE_TCP_RESPONSE_SIZE_WRITE,
+                                NULL,
+                                sizeof(INT16),
+                                &pIoSizeBuffer
+                                );
+            BAIL_ON_VMDNS_ERROR(dwError);
 
-        (*(UINT16*)pIoSizeBuffer->pData) = htons(dwDnsResponseSize);
+            dwError = VmDnsSockAllocateIoBuffer(
+                                VM_SOCK_EVENT_TYPE_TCP_RESPONSE_DATA_WRITE,
+                                NULL,
+                                dwDnsResponseSize,
+                                &pIoNewBuffer
+                                );
+            BAIL_ON_VMDNS_ERROR(dwError);
 
-        dwError = VmDnsCopyMemory(
-                        pIoNewBuffer->pData,
-                        pIoNewBuffer->dwExpectedSize,
-                        pResponse,
-                        dwDnsResponseSize
-                        );
-        BAIL_ON_VMDNS_ERROR(dwError);
+            (*(UINT16*)pIoSizeBuffer->pData) = htons(dwDnsResponseSize);
 
-        dwError = VmwSockWrite(
-                        pSocket,
-                        (struct sockaddr*)&pIoBuffer->clientAddr,
-                        pIoSizeBuffer->addrLen,
-                        pIoSizeBuffer
-                        );
-        if (dwError == ERROR_SUCCESS)
-        {
-            dwError = VmDnsOnTcpResponseSizeWrite(
-                                    pSocket,
-                                    pIoSizeBuffer
-                                    );
+            dwError = VmDnsCopyMemory(
+                            pIoNewBuffer->pData,
+                            pIoNewBuffer->dwExpectedSize,
+                            pResponse,
+                            dwDnsResponseSize
+                            );
             BAIL_ON_VMDNS_ERROR(dwError);
-        }
-        else if (dwError == ERROR_IO_PENDING)
-        {
-            pIoSizeBuffer = NULL;
-        }
 
-        dwError = VmwSockWrite(
-                        pSocket,
-                        (struct sockaddr*)&pIoBuffer->clientAddr,
-                        pIoNewBuffer->addrLen,
-                        pIoNewBuffer
-                        );
-        if (dwError == ERROR_SUCCESS)
-        {
-            dwError = VmDnsOnTcpResponseDataWrite(
-                                    pSocket,
-                                    pIoSizeBuffer
-                                    );
-            BAIL_ON_VMDNS_ERROR(dwError);
+            dwError = VmDnsSockWrite(
+                            pSocket,
+                            (struct sockaddr*)&pIoBuffer->clientAddr,
+                            pIoBuffer->addrLen,
+                            pIoSizeBuffer
+                            );
+            if (dwError == ERROR_SUCCESS)
+            {
+                dwError = VmDnsOnTcpResponseSizeWrite(
+                                        pSocket,
+                                        pIoSizeBuffer
+                                        );
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+            else if (dwError == ERROR_IO_PENDING)
+            {
+                pIoSizeBuffer = NULL;
+            }
+
+            dwError = VmDnsSockWrite(
+                            pSocket,
+                            NULL,
+                            0,
+                            pIoNewBuffer
+                            );
+            if (dwError == ERROR_SUCCESS)
+            {
+                dwError = VmDnsOnTcpResponseDataWrite(
+                                        pSocket,
+                                        pIoSizeBuffer
+                                        );
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+            else if (dwError == ERROR_IO_PENDING)
+            {
+                pIoNewBuffer = NULL;
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
         }
-        else if (dwError == ERROR_IO_PENDING)
+        else
         {
-            pIoNewBuffer = NULL;
+            dwError = VmDnsOnForwarderRequest(FALSE, pSocket, pIoBuffer);
             BAIL_ON_VMDNS_ERROR(dwError);
         }
     }
@@ -966,11 +1036,13 @@ VmDnsOnTcpRequestDataRead(
 
     if (pIoSizeBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoSizeBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoSizeBuffer);
+        VmDnsSockReleaseIoBuffer(pIoSizeBuffer);
     }
     if (pIoNewBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoNewBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoNewBuffer);
+        VmDnsSockReleaseIoBuffer(pIoNewBuffer);
     }
 
     VMDNS_SAFE_FREE_MEMORY(pResponse);
@@ -1013,45 +1085,63 @@ VmDnsOnUdpRequestDataRead(
                         );
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockAllocateIoBuffer(
-                        VM_SOCK_EVENT_TYPE_UDP_RESPONSE_DATA_WRITE,
-                        dwDnsResponseSize,
-                        &pIoNewBuffer
-                        );
-    BAIL_ON_VMDNS_ERROR(dwError);
+    if (!rCode)
+    {
 
-    dwError = VmDnsCopyMemory(
-                    pIoNewBuffer->pData,
-                    pIoNewBuffer->dwExpectedSize,
-                    pResponse,
-                    dwDnsResponseSize
-                    );
-    BAIL_ON_VMDNS_ERROR(dwError);
+        dwError = VmDnsSockAllocateIoBuffer(
+                            VM_SOCK_EVENT_TYPE_UDP_RESPONSE_DATA_WRITE,
+                            NULL,
+                            dwDnsResponseSize,
+                            &pIoNewBuffer
+                            );
+        BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockWrite(
-                    pSocket,
-                    (struct sockaddr*)&pIoBuffer->clientAddr,
-                    pIoBuffer->addrLen,
-                    pIoNewBuffer
-                    );
-    if (dwError == ERROR_SUCCESS)
-    {
-        dwError = VmDnsOnUdpResponseDataWrite(
-                                pSocket,
-                                pIoNewBuffer
-                                );
+        dwError = VmDnsCopyMemory(
+                        pIoNewBuffer->pData,
+                        pIoNewBuffer->dwExpectedSize,
+                        pResponse,
+                        dwDnsResponseSize
+                        );
         BAIL_ON_VMDNS_ERROR(dwError);
+
+
+        dwError = VmDnsSockWrite(
+                        pSocket,
+                        (struct sockaddr*)&pIoBuffer->clientAddr,
+                        pIoBuffer->addrLen,
+                        pIoNewBuffer
+                        );
+
+        if (dwError == ERROR_SUCCESS)
+        {
+            dwError = VmDnsOnUdpResponseDataWrite(
+                                    pSocket,
+                                    pIoNewBuffer
+                                    );
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
+        else if (dwError == ERROR_IO_PENDING)
+        {
+            pIoNewBuffer = NULL;
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
     }
-    else if (dwError == ERROR_IO_PENDING)
+    else
     {
-        pIoNewBuffer = NULL;
-        BAIL_ON_VMDNS_ERROR(dwError);
+       dwError = VmDnsOnForwarderRequest(
+                                    TRUE,
+                                    pSocket,
+                                    pIoBuffer
+                                    );
+       BAIL_ON_VMDNS_ERROR(dwError);
     }
+
 cleanup:
 
     if (pIoNewBuffer)
     {
-        VmwSockReleaseIoBuffer(pIoNewBuffer);
+	    VMDNS_LOG_IO_RELEASE(pIoBuffer);
+        VmDnsSockReleaseIoBuffer(pIoNewBuffer);
     }
 
     VMDNS_SAFE_FREE_MEMORY(pResponse);
@@ -1138,17 +1228,35 @@ VmDnsSockContextFree(
 {
     if (pSockContext->pEventQueue)
     {
-        VmwSockCloseEventQueue(pSockContext->pEventQueue);
-        pSockContext->pEventQueue = NULL;
-    }
-    if (pSockContext->pListenerTCP)
-    {
-        VmwSockRelease(pSockContext->pListenerTCP);
-    }
-    if (pSockContext->pListenerUDP)
-    {
-        VmwSockClose(pSockContext->pListenerUDP);
+        if (pSockContext->pListenerTCP)
+        {
+            VmDnsSockEventQueueRemove(pSockContext->pEventQueue,
+                    pSockContext->pListenerTCP);
+            VmDnsSockRelease(pSockContext->pListenerTCP);
+        }
+        if (pSockContext->pListenerUDP)
+        {
+            VmDnsSockEventQueueRemove(pSockContext->pEventQueue,
+                    pSockContext->pListenerUDP);
+            VmDnsSockRelease(pSockContext->pListenerUDP);
+        }
+#ifdef AF_INET6
+        if (pSockContext->pListenerTCP6)
+        {
+            VmDnsSockEventQueueRemove(pSockContext->pEventQueue,
+                        pSockContext->pListenerTCP6);
+            VmDnsSockRelease(pSockContext->pListenerTCP6);
+        }
+        if (pSockContext->pListenerUDP6)
+        {
+            VmDnsSockEventQueueRemove(pSockContext->pEventQueue,
+                        pSockContext->pListenerUDP6);
+            VmDnsSockRelease(pSockContext->pListenerUDP6);
+        }
+#endif
+        VmDnsSockShutdownEventQueue(pSockContext->pEventQueue);
     }
+
     if (pSockContext->pWorkerThreads)
     {
         DWORD iThr = 0;
@@ -1159,10 +1267,17 @@ VmDnsSockContextFree(
 
             if (pThread)
             {
+                VmDnsThreadJoin(pThread, NULL);
                 VmDnsFreeThread(pThread);
             }
         }
 
+        if (pSockContext->pEventQueue)
+        {
+            VmDnsSockFreeEventQueue(pSockContext->pEventQueue);
+            pSockContext->pEventQueue = NULL;
+        }
+
         VmDnsFreeMemory(pSockContext->pWorkerThreads);
     }
     if (pSockContext->pMutex)
@@ -1186,14 +1301,304 @@ VmDnsDisconnectClient(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    VmwSockClose(pSocket);
-    VmwSockRelease(pSocket);
+    VmDnsSockClose(pSocket);
+    VmDnsSockRelease(pSocket);
+
+cleanup:
+
+    return dwError;
+
+error:
+    
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsOnForwarderRequest(
+    BOOL                bUseUDP,
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    )
+{
+    DWORD dwError = 0;
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext = NULL;
+
+    if (!pSocket || !pIoBuffer)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsAllocateForwarderPacketContext(
+                                &pForwarderContext
+                                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pIoBuffer->pClientSocket = VmDnsSockAcquire(pSocket);
+
+    dwError = VmDnsForwardRequest(
+                          pForwarderContext,
+                          TRUE,
+                          pIoBuffer
+                          );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+
+    if (pForwarderContext)
+    {
+        VmDnsReleaseForwarderPacketContext(pForwarderContext);
+    }
+    return dwError;
+error:
+
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsOnForwarderResponse(
+    BOOL                bUseUDP,
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    )
+{
+    DWORD dwError = 0;
+    DWORD dwForwardRequestError = 0;
+    PVMDNS_FORWARDER_PACKET_CONTEXT pForwarderContext = NULL;
+    PVM_SOCK_EVENT_CONTEXT pSockEventContext = NULL;
+    PVM_SOCKET pClientSocket = NULL;
+    PVM_SOCK_IO_BUFFER pIoNewBuffer = NULL;
+    PVM_SOCK_IO_BUFFER pIoSizeBuffer = NULL;
+    PBYTE pResponse = NULL;
+    DWORD dwResponseSize = 0;
+    DWORD dwResponseCode = 0;
+
+    if (!pSocket || !pIoBuffer)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+
+    dwError = VmDnsSockSetEventContext(pIoBuffer,NULL,&pSockEventContext);
+    BAIL_ON_VMDNS_ERROR(dwError);
+    pClientSocket = VmDnsSockAcquire(pIoBuffer->pClientSocket);
+
+    if (!pClientSocket)
+    {
+        dwError = ERROR_INVALID_STATE;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    pForwarderContext = (PVMDNS_FORWARDER_PACKET_CONTEXT)pSockEventContext;
+
+    if (!pForwarderContext)
+    {
+        dwError = ERROR_INVALID_STATE;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsForwardResponse(
+                              TRUE,
+                              pSocket,
+                              &pResponse,
+                              &dwResponseSize,
+                              &dwResponseCode
+                              );
+
+    if (dwResponseCode || dwError)
+    {
+        dwForwardRequestError = VmDnsForwardRequest(
+                                      pForwarderContext,
+                                      bUseUDP,
+                                      pIoBuffer
+                                      );
+    }
+    if (!dwResponseCode || dwForwardRequestError)
+    {
+        if (bUseUDP)
+        {
+            dwError = VmDnsSockAllocateIoBuffer(
+                                VM_SOCK_EVENT_TYPE_UDP_RESPONSE_DATA_WRITE,
+                                NULL,
+                                dwResponseSize,
+                                &pIoNewBuffer
+                                );
+            BAIL_ON_VMDNS_ERROR(dwError);
+
+            dwError = VmDnsCopyMemory(
+                            pIoNewBuffer->pData,
+                            pIoNewBuffer->dwExpectedSize,
+                            pResponse,
+                            dwResponseSize
+                            );
+            BAIL_ON_VMDNS_ERROR(dwError);
+
+            dwError = VmDnsSockWrite(
+                            pClientSocket,
+                            (struct sockaddr*)&pIoBuffer->clientAddr,
+                            pIoBuffer->addrLen,
+                            pIoNewBuffer
+                            );
+            if (dwError == ERROR_SUCCESS)
+            {
+                dwError = VmDnsOnUdpResponseDataWrite(
+                                        pClientSocket,
+                                        pIoNewBuffer
+                                        );
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+        }
+        else
+        {
+            dwError = VmDnsSockAllocateIoBuffer(
+                                VM_SOCK_EVENT_TYPE_TCP_RESPONSE_SIZE_WRITE,
+                                NULL,
+                                sizeof(INT16),
+                                &pIoSizeBuffer
+                                );
+            BAIL_ON_VMDNS_ERROR(dwError);
+
+            dwError = VmDnsSockAllocateIoBuffer(
+                                VM_SOCK_EVENT_TYPE_TCP_RESPONSE_DATA_WRITE,
+                                NULL,
+                                dwResponseSize,
+                                &pIoNewBuffer
+                                );
+            BAIL_ON_VMDNS_ERROR(dwError);
+
+            (*(UINT16*)pIoSizeBuffer->pData) = htons(dwResponseSize);
+
+            dwError = VmDnsCopyMemory(
+                            pIoNewBuffer->pData,
+                            pIoNewBuffer->dwExpectedSize,
+                            pResponse,
+                            dwResponseSize
+                            );
+            BAIL_ON_VMDNS_ERROR(dwError);
+
+            dwError = VmDnsSockWrite(
+                            pClientSocket,
+                            NULL,
+                            0,
+                            pIoSizeBuffer
+                            );
+            if (dwError == ERROR_SUCCESS)
+            {
+                dwError = VmDnsOnTcpResponseSizeWrite(
+                                        pClientSocket,
+                                        pIoSizeBuffer
+                                        );
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+            else if (dwError == ERROR_IO_PENDING)
+            {
+                pIoSizeBuffer = NULL;
+            }
+
+            dwError = VmDnsSockWrite(
+                            pClientSocket,
+                            NULL,
+                            0,
+                            pIoNewBuffer
+                            );
+            if (dwError == ERROR_SUCCESS)
+            {
+                dwError = VmDnsOnTcpResponseDataWrite(
+                                        pClientSocket,
+                                        pIoSizeBuffer
+                                        );
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+            else if (dwError == ERROR_IO_PENDING)
+            {
+                pIoNewBuffer = NULL;
+                BAIL_ON_VMDNS_ERROR(dwError);
+            }
+        }
+    }
+
+cleanup:
+
+    VMDNS_SAFE_FREE_MEMORY(pResponse);
+
+    if (pForwarderContext)
+    {
+        VmDnsReleaseForwarderPacketContext(pForwarderContext);
+    }
+    if (pClientSocket)
+    {
+        VmDnsSockRelease(pClientSocket);
+    }
+    if (pIoNewBuffer)
+    {
+	VMDNS_LOG_IO_RELEASE(pIoNewBuffer);
+        VmDnsSockReleaseIoBuffer(pIoNewBuffer);
+    }
+    if (pIoSizeBuffer)
+    {
+	VMDNS_LOG_IO_RELEASE(pIoSizeBuffer);
+        VmDnsSockReleaseIoBuffer(pIoSizeBuffer);
+    }
+
+    return dwError;
+error:
+
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsOnUdpForwardResponse(
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    )
+{
+    DWORD dwError = 0;
+    dwError = VmDnsOnForwarderResponse(TRUE, pSocket, pIoBuffer);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+
+    if (pSocket)
+    {
+        VmDnsSockRelease(pSocket);
+    }
+
+    return dwError;
+
+error:
+
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsOnTcpForwardResponse(
+    PVM_SOCKET          pSocket,
+    PVM_SOCK_IO_BUFFER  pIoBuffer
+    )
+{
+
+    //TODO: Change to use TCP
+    DWORD dwError = 0;
+    dwError = VmDnsOnForwarderResponse(FALSE, pSocket, pIoBuffer);
+    BAIL_ON_VMDNS_ERROR(dwError);
 
 cleanup:
 
+    if (pSocket)
+    {
+        VmDnsSockRelease(pSocket);
+    }
+
     return dwError;
 
 error:
 
     goto cleanup;
 }
+
+
diff --git a/vmdns/server/common/store.c b/vmdns/server/common/store.c
index 6737bf708..e711493d1 100644
--- a/vmdns/server/common/store.c
+++ b/vmdns/server/common/store.c
@@ -112,8 +112,19 @@ VmDnsStoreAddZoneRecord(
     )
 {
     DWORD dwError = 0;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
+
     dwError = VmDnsDirAddZoneRecord(pszZoneName, pRecord);
 
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[STORE_UPDATE_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 }
 
@@ -124,7 +135,19 @@ VmDnsStoreDeleteZoneRecord(
     )
 {
     DWORD dwError = 0;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
+
     dwError = VmDnsDirDeleteZoneRecord(pszZoneName, pRecord);
+
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[STORE_UPDATE_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 }
 
@@ -136,6 +159,11 @@ VmDnsStoreGetRecords(
     )
 {
     DWORD dwError = 0;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
+
     dwError = VmDnsDirGetRecords(
                         pszZone,
                         pszName,
@@ -144,6 +172,12 @@ VmDnsStoreGetRecords(
     /* Translating LDAP error code to MS error code for use in serviceapi */
     dwError = (dwError == LDAP_NO_SUCH_OBJECT) ? ERROR_NOT_FOUND : dwError;
 
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[STORE_QUERY_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 }
 DWORD
diff --git a/vmdns/server/common/structs.h b/vmdns/server/common/structs.h
index 3d4e8a2a9..d10d451b8 100755
--- a/vmdns/server/common/structs.h
+++ b/vmdns/server/common/structs.h
@@ -191,10 +191,10 @@ typedef struct _VMDNS_HASHTABLE
 
 typedef struct _VMDNS_HASH_TABLE
 {
-	ULONG ulSize;
-	ULONG ulThreshold;
-	ULONG ulCount;
-	PVMDNS_HASH_TABLE_NODE* ppData;
+    ULONG ulSize;
+    ULONG ulThreshold;
+    ULONG ulCount;
+    PVMDNS_HASH_TABLE_NODE* ppData;
 } VMDNS_HASH_TABLE;
 
 typedef struct _VMDNS_DIR_CONTEXT
@@ -271,6 +271,8 @@ typedef struct _VMDNS_NAME_ENTRY
     LIST_ENTRY          LruList;
     PSTR                pszName;
     PVMDNS_RECORD_LIST  pRecords;
+    DWORD               dwRoundRobinIndex;
+    VMDNS_RR_TYPE       dwRoundRobinType;
 } VMDNS_NAME_ENTRY;
 
 typedef struct _VMDNS_RECORD_OBJECT
@@ -299,12 +301,24 @@ typedef struct _VMDNS_CACHE_CONTEXT
     DWORD               dwLastUSN;
 } VMDNS_CACHE_CONTEXT, *PVMDNS_CACHE_CONTEXT;
 
-typedef struct _VMDNS_FORWARDER_CONETXT
+typedef struct _VMDNS_FORWARDER_METRICS_CONTEXT
 {
-    PSTR                ppszForwarders[VMDNS_MAX_NUM_FORWARDS];
-    DWORD               dwCount;
-    PVMDNS_RWLOCK       pLock;
-} VMDNS_FORWARDER_CONETXT;
+    PVM_METRICS_HISTOGRAM  pUpdateDuration;
+    PVM_METRICS_HISTOGRAM  pQueryDuration;
+} VMDNS_FORWARDER_METRICS_CONTEXT;
+
+typedef struct _VMDNS_FORWARDER_ENTRY
+{
+    PSTR                               pszForwarder;
+    VMDNS_FORWARDER_METRICS_CONTEXT    ForwarderMetricsContext;
+} VMDNS_FORWARDER_ENTRY, *PVMDNS_FORWARDER_ENTRY;
+
+typedef struct _VMDNS_FORWARDER_CONTEXT
+{
+    PVMDNS_FORWARDER_ENTRY    pForwarderEntries[VMDNS_MAX_NUM_FORWARDS];
+    DWORD                     dwCount;
+    PVMDNS_RWLOCK             pLock;
+} VMDNS_FORWARDER_CONTEXT, *PVMDNS_FORWARDER_CONTEXT;
 
 typedef struct _VMDNS_GSS_CONTEXT_HANDLE
 {
@@ -325,8 +339,14 @@ typedef struct _VMDNS_DRIVER_GLOBALS
 {
     PVMDNS_SECURITY_CONTEXT     pSecurityContext;
     PVMDNS_CACHE_CONTEXT        pCacheContext;
-    PVMDNS_FORWARDER_CONETXT    pForwarderContext;
+    PVMDNS_FORWARDER_CONTEXT    pForwarderContext;
     PVMDNS_SOCK_CONTEXT         pSockContext;
     VMDNS_STATE                 state;
     BOOL                        bUseDirectoryStore;
 } VMW_DNS_DRIVER_GLOBALS, *PVMW_DNS_DRIVER_GLOBALS;
+
+typedef struct _VMDNS_FORWARDER_PACKET_CONTEXT
+{
+    DWORD             dwCurrentIndex;
+    DWORD             dwRefCount;
+} VMDNS_FORWARDER_PACKET_CONTEXT, *PVMDNS_FORWARDER_PACKET_CONTEXT;
diff --git a/vmdns/server/common/zone.c b/vmdns/server/common/zone.c
index 43a437ca1..7486b23e7 100644
--- a/vmdns/server/common/zone.c
+++ b/vmdns/server/common/zone.c
@@ -432,6 +432,8 @@ VmDnsZoneGetRecords(
     VmDnsUnlockRead(pZoneObject->pLock);
     VmDnsNameEntryRelease(pNameEntry);
 
+    VmMetricsCounterIncrement(gVmDnsCounterMetrics[CACHE_CACHE_LOOKUP]);
+
     return dwError;
 error:
     goto cleanup;
diff --git a/vmdns/server/common/zonelist.c b/vmdns/server/common/zonelist.c
index 86bb1c515..6da09a12a 100644
--- a/vmdns/server/common/zonelist.c
+++ b/vmdns/server/common/zonelist.c
@@ -248,6 +248,7 @@ VmDnsZoneListFindZoneByQName(
     }
     else
     {
+        VmMetricsCounterIncrement(gVmDnsCounterMetrics[CACHE_ZONE_MISS]);
         dwError = ERROR_NOT_FOUND;
         BAIL_ON_VMDNS_ERROR(dwError);
     }
@@ -286,10 +287,13 @@ VmDnsZoneListGetZones(
                         (void**)&pZoneArray);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmDnsAllocateMemory(
+    if (dwCount)
+    {
+       dwError = VmDnsAllocateMemory(
                         sizeof(VMDNS_ZONE_INFO)*dwCount,
                         (void**)&pZoneArray->ZoneInfos);
-    BAIL_ON_VMDNS_ERROR(dwError);
+       BAIL_ON_VMDNS_ERROR(dwError);
+    }
 
     for (i = 0; i < VMDNS_MAX_ZONES; ++i)
     {
diff --git a/vmdns/server/include/resthead.h b/vmdns/server/include/resthead.h
new file mode 100755
index 000000000..9e6fe9f68
--- /dev/null
+++ b/vmdns/server/include/resthead.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+DWORD
+VmDnsRESTServerInit(
+    VOID
+    );
+
+VOID
+VmDnsRESTServerShutdown(
+    VOID
+    );
diff --git a/vmdns/server/include/srvcommon.h b/vmdns/server/include/srvcommon.h
index 8a850197a..e06770019 100755
--- a/vmdns/server/include/srvcommon.h
+++ b/vmdns/server/include/srvcommon.h
@@ -12,7 +12,6 @@
  * under the License.
  */
 
-
 #ifndef _SRV_COMMON_H_
 #define _SRV_COMMON_H_
 
@@ -167,7 +166,7 @@ typedef struct _VMDNS_LRU_LIST          *PVMDNS_LRU_LIST;
 typedef struct _VMDNS_NAME_ENTRY        *PVMDNS_NAME_ENTRY;
 typedef struct _VMDNS_RECORD_LIST       *PVMDNS_RECORD_LIST;
 typedef struct _VMDNS_RECORD_OBJECT     *PVMDNS_RECORD_OBJECT;
-typedef struct _VMDNS_FORWARDER_CONETXT *PVMDNS_FORWARDER_CONETXT;
+typedef struct _VMDNS_FORWARDER_CONTEXT *PVMDNS_FORWARDER_CONTEXT;
 typedef struct _VMDNS_CACHE_CONETXT     *PVMDNS_CACHE_CONETXT;
 typedef struct _VMDNS_SECURITY_CONTEXT  *PVMDNS_SECURITY_CONTEXT;
 
@@ -292,6 +291,23 @@ VmDnsSrvQueryRecords(
     PVMDNS_RECORD_LIST  *ppRecordList
     );
 
+DWORD
+VmDnsSrvGetRecords(
+    PVMDNS_ZONE_OBJECT  pZoneObject,
+    PCSTR               pszName,
+    VMDNS_RR_TYPE       dwType,
+    PVMDNS_RECORD_LIST  *ppRecordList
+    );
+
+DWORD
+VmDnsGetLinkedRecords(
+    DWORD               dwRecursionIndex,
+    PVMDNS_ZONE_OBJECT  pZoneObject,
+    VMDNS_RR_TYPE       dwType,
+    PVMDNS_RECORD       pRecord,
+    PVMDNS_RECORD_LIST  *ppRecordList
+    );
+
 DWORD
 VmDnsSrvListRecords(
     PVMDNS_ZONE_OBJECT  pZoneObject,
@@ -366,6 +382,12 @@ VmDnsRecordListAdd(
     PVMDNS_RECORD_OBJECT    pRecord
     );
 
+DWORD
+VmDnsRecordListAddList(
+    PVMDNS_RECORD_LIST      pDestList,
+    PVMDNS_RECORD_LIST      pSrcList
+    );
+
 DWORD
 VmDnsRecordListRemove(
     PVMDNS_RECORD_LIST      pList,
@@ -405,6 +427,13 @@ VmDnsRecordListRelease(
     PVMDNS_RECORD_LIST      pRecordList
     );
 
+DWORD
+VmDnsRecordListRoundRobin(
+    PVMDNS_RECORD_LIST      pList,
+    DWORD                   dwIndex,
+    PVMDNS_RECORD_LIST      *ppList
+    );
+
 DWORD
 VmDnsRecordObjectCreate(
     PVMDNS_RECORD   pRecord,
diff --git a/vmdns/server/include/vmdnsmetrics.h b/vmdns/server/include/vmdnsmetrics.h
new file mode 100644
index 000000000..83385bad7
--- /dev/null
+++ b/vmdns/server/include/vmdnsmetrics.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright © 2012-2015 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <vmmetrics.h>
+
+typedef enum
+{
+    /*DNS Metrics - Error Count*/
+    DNS_ERROR_NXDOMAIN_ERR_COUNT,
+    DNS_ERROR_NOT_IMPLEMENTED_COUNT,
+    DNS_ERROR_UNKNOWN_COUNT,
+    DNS_NO_ERROR,
+
+    /*DNS Metrics - Cache Lookup,Miss,Purge Counts*/
+    CACHE_ZONE_LOOKUP,
+    CACHE_ZONE_MISS,
+    CACHE_CACHE_LOOKUP,
+    CACHE_CACHE_MISS,
+    CACHE_MODIFY_PURGE_COUNT,
+    CACHE_LRU_PURGE_COUNT,
+    CACHE_NOTIFY_PURGE_COUNT,
+
+    VDNS_COUNTER_COUNT,
+
+} VDNS_COUNTER_METRICS;
+
+typedef enum
+{
+    /*DNS Protocol - Query,Update Duration*/
+    DNS_QUERY_DURATION,
+    DNS_UPDATE_DURATION,
+
+    /*STORE - Query,Update Duration*/
+    STORE_QUERY_DURATION,
+    STORE_UPDATE_DURATION,
+
+    /*RPC Protocol - Query,Update Duration*/
+    RPC_QUERY_DURATION,
+    RPC_UPDATE_DURATION,
+
+    VDNS_HISTOGRAM_COUNT
+
+} VDNS_HISTOGRAM_METRICS;
+
+typedef enum
+{
+    DNS_OUTSTANDING_REQUEST_COUNT,
+    DNS_ACTIVE_SERVICE_THREADS,
+
+    CACHE_OBJECT_COUNT,
+
+    VDNS_GAUGE_COUNT,
+
+} VDNS_GAUGE_METRICS;
+
+#define VDNS_RESPONSE_TIME(val) ((val) ? (val) : 1)
+
+extern PVM_METRICS_COUNTER gVmDnsCounterMetrics[VDNS_COUNTER_COUNT];
+extern PVM_METRICS_HISTOGRAM gVmDnsHistogramMetrics[VDNS_HISTOGRAM_COUNT];
+extern PVM_METRICS_GAUGE gVmDnsGaugeMetrics[VDNS_GAUGE_COUNT];
+extern PVM_METRICS_CONTEXT gVmDnsMetricsContext;
+
diff --git a/vmdns/server/include/vmdnsserver.h b/vmdns/server/include/vmdnsserver.h
index 6bbc8b6e6..5ccc442dd 100755
--- a/vmdns/server/include/vmdnsserver.h
+++ b/vmdns/server/include/vmdnsserver.h
@@ -60,6 +60,7 @@ typedef struct _VMDNS_GLOBALS
     dcethread*                      pRPCServerThread;
     BOOLEAN                         bRegisterTcpEndpoint;
     BOOLEAN                         bEnableDNSProtocol;
+    PSTR                            pszRestListenPort;
 
 } VMDNS_GLOBALS, *PVMDNS_GLOBALS;
 
diff --git a/vmdns/server/rest-head/Makefile.am b/vmdns/server/rest-head/Makefile.am
new file mode 100755
index 000000000..5dcc0f4e4
--- /dev/null
+++ b/vmdns/server/rest-head/Makefile.am
@@ -0,0 +1,34 @@
+
+noinst_LTLIBRARIES = librest-head.la
+
+librest_head_la_SOURCES = \
+    libmain.c
+
+if REST_ENABLED
+
+librest_head_la_SOURCES += \
+    globals.c \
+    handler.c \
+    httperror.c \
+    metricsapi.c \
+    operation.c \
+    resource.c \
+    result.c
+
+endif
+
+librest_head_la_CPPFLAGS = \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdns/server/include \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
+    @LW_INCLUDES@ \
+    @OPENSSL_INCLUDES@ \
+    @JANSSON_INCLUDES@ \
+    @COPENAPI_INCLUDES@ \
+    @CRESTENGINE_INCLUDES@
+
+librest_head_la_LDFLAGS = \
+    -static
diff --git a/vmdns/server/rest-head/defines.h b/vmdns/server/rest-head/defines.h
new file mode 100755
index 000000000..3fba9e781
--- /dev/null
+++ b/vmdns/server/rest-head/defines.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// C REST ENGINE CONFIG VALUES
+#define REST_API_SPEC               VMDNS_CONFIG_DIR VMDNS_PATH_SEPARATOR_STR "vmdns-rest.json"
+#define VMDNS_REST_DEBUGLOGFILE     "/var/log/lightwave/vmdns-rest.log"
+//#define VMDNS_REST_DEBUGLOGFILE     VMDNS_LOG_DIR    VMDNS_PATH_SEPARATOR_STR "vmdns-rest.log"    TODO use this when lightwave-first is complete
+#define VMDNS_REST_CLIENTCNT        "64"
+#define VMDNS_REST_WORKERTHCNT      "64"
+
+//Rest Listen Port Registry Key
+#define VMDNS_REG_KEY_REST_LISTEN_PORT        "RestListenPort"
+#define VMDNS_REG_CONFIG_KEY_PATH             "Services\\vmdns\\Parameters"
+#define VDNS_SAFE_STRING(str) ((str) ? (str) : "")
+
+#define MAX_REST_PAYLOAD_LENGTH     4096
+
+// HTTP headers
+#define VMDNS_REST_HEADER_AUTHENTICATION    "Authorization"
+#define VMDNS_REST_HEADER_IF_MATCH          "If-Match"
+
+// HTTP STATUS CODES
+// 1xx Informational
+#define HTTP_CONTINUE                           100
+#define HTTP_SWITCHING_PROTOCOLS                101
+#define HTTP_PROCESSING                         102
+// 2xx Success
+#define HTTP_OK                                 200
+#define HTTP_CREATED                            201
+#define HTTP_ACCEPTED                           202
+#define HTTP_NON_AUTHORITATIVE_INFORMATION      203
+#define HTTP_NO_CONTENT                         204
+#define HTTP_RESET_CONTENT                      205
+#define HTTP_PARTIAL_CONTENT                    206
+#define HTTP_MULTI_STATUS                       207
+#define HTTP_ALREADY_REPORTED                   208
+#define HTTP_IM_USED                            226
+// 3xx Redirection
+#define HTTP_MULTIPLE_CHOICES                   300
+#define HTTP_MOVED_PERMANENTLY                  301
+#define HTTP_FOUND                              302
+#define HTTP_SEE_OTHER                          303
+#define HTTP_NOT_MODIFIED                       304
+#define HTTP_USE_PROXY                          305
+#define HTTP_TEMPORARY_REDIRECT                 307
+#define HTTP_PERMANENT_REDIRECT                 308
+// 4xx Client Error
+#define HTTP_BAD_REQUEST                        400
+#define HTTP_UNAUTHORIZED                       401
+#define HTTP_PAYMENT_REQUIRED                   402
+#define HTTP_FORBIDDEN                          403
+#define HTTP_NOT_FOUND                          404
+#define HTTP_METHOD_NOT_ALLOWED                 405
+#define HTTP_NOT_ACCEPTABLE                     406
+#define HTTP_PROXY_AUTHENTICATION_REQUIRED      407
+#define HTTP_REQUEST_TIMEOUT                    408
+#define HTTP_CONFLICT                           409
+#define HTTP_GONE                               410
+#define HTTP_LENGTH_REQUIRED                    411
+#define HTTP_PRECONDITION_FAILED                412
+#define HTTP_PAYLOAD_TOO_LARGE                  413
+#define HTTP_REQUEST_URI_TOO_LONG               414
+#define HTTP_UNSUPPORTED_MEDIA_TYPE             415
+#define HTTP_REQUESTED_RANGE_NOT_SATISFIABLE    416
+#define HTTP_EXPECTATION_FAILED                 417
+#define HTTP_I_M_A_TEAPOT                       418
+#define HTTP_MISDIRECTED_REQUEST                421
+#define HTTP_UNPROCESSABLE_ENTITY               422
+#define HTTP_LOCKED                             423
+#define HTTP_FAILED_DEPENDENCY                  424
+#define HTTP_UPGRADE_REQUIRED                   426
+#define HTTP_PRECONDITION_REQUIRED              428
+#define HTTP_TOO_MANY_REQUESTS                  429
+#define HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE    431
+#define HTTP_CONNECTION_CLOSED_WITHOUT_RESPONSE 444
+#define HTTP_UNAVAILABLE_FOR_LEGAL_REASONS      451
+#define HTTP_CLIENT_CLOSED_REQUEST              499
+// 5xx Server Error
+#define HTTP_INTERNAL_SERVER_ERROR              500
+#define HTTP_NOT_IMPLEMENTED                    501
+#define HTTP_BAD_GATEWAY                        502
+#define HTTP_SERVICE_UNAVAILABLE                503
+#define HTTP_GATEWAY_TIMEOUT                    504
+#define HTTP_HTTP_VERSION_NOT_SUPPORTED         505
+#define HTTP_VARIANT_ALSO_NEGOTIATES            506
+#define HTTP_INSUFFICIENT_STORAGE               507
+#define HTTP_LOOP_DETECTED                      508
+#define HTTP_NOT_EXTENDED                       510
+#define HTTP_NETWORK_AUTHENTICATION_REQUIRED    511
+#define HTTP_NETWORK_CONNECT_TIMEOUT_ERROR      599
+
+
+#define VMDNS_SET_REST_RESULT(pRestOp, dwError, pszErrMsg)       \
+    do                                                                  \
+    {                                                                   \
+        PVDNS_REST_RESOURCE pResource = NULL;                           \
+        PVDNS_REST_RESULT pRestRslt = NULL;                             \
+        if (pRestOp)                                                    \
+        {                                                               \
+            pResource = ((PVDNS_REST_OPERATION)pRestOp)->pResource;     \
+            pRestRslt = ((PVDNS_REST_OPERATION)pRestOp)->pResult;       \
+            (pResource)->pfnSetResult(                                   \
+                    pRestRslt, dwError, pszErrMsg);          \
+        }                                                               \
+    } while (0)
diff --git a/vmdns/server/rest-head/externs.h b/vmdns/server/rest-head/externs.h
new file mode 100755
index 000000000..df33189ea
--- /dev/null
+++ b/vmdns/server/rest-head/externs.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+extern PREST_API_DEF gpVdnsRestApiDef;
+
+extern PVMREST_HANDLE gpVdnsRESTHandle;
diff --git a/vmdns/server/rest-head/globals.c b/vmdns/server/rest-head/globals.c
new file mode 100755
index 000000000..2ce13a3e3
--- /dev/null
+++ b/vmdns/server/rest-head/globals.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+PREST_API_DEF gpVdnsRestApiDef = NULL;
+
+PVMREST_HANDLE gpVdnsRESTHandle = NULL;
diff --git a/vmdns/server/rest-head/handler.c b/vmdns/server/rest-head/handler.c
new file mode 100644
index 000000000..ec1b1b136
--- /dev/null
+++ b/vmdns/server/rest-head/handler.c
@@ -0,0 +1,160 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * We provide this function as callback to c-rest-engine,
+ * c-rest-engine will use this callback upon receiving a request
+ */
+DWORD
+VmDnsRESTRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   dwRestOpErr = 0;    // don't bail on this
+    PVDNS_REST_OPERATION    pRestOp = NULL;
+
+    if (!pRESTHandle || !pRequest || !ppResponse)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    if (VmDnsdState() == VMDNS_SHUTDOWN)
+    {
+        goto cleanup;
+    }
+
+    dwRestOpErr = VmDnsRESTOperationCreate(&pRestOp);
+    if (dwRestOpErr)
+    {
+        dwError = VmDnsRESTWriteSimpleErrorResponse(
+                pRESTHandle, ppResponse, 500);  // 500 = Internal Server Error
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+    else
+    {
+        dwRestOpErr = VmDnsRESTProcessRequest(
+                pRestOp, pRESTHandle, pRequest);
+
+        dwError = VmDnsRESTOperationWriteResponse(
+                pRestOp, pRESTHandle, ppResponse);
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+cleanup:
+    VmDnsFreeRESTOperation(pRestOp);
+    return dwError;
+
+error:
+    VmDnsLog(
+            VMDNS_LOG_LEVEL_ERROR,
+            "%s failed, error (%d), rest operation error (%d)",
+            __FUNCTION__,
+            dwError,
+            dwRestOpErr);
+
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTProcessRequest(
+    PVDNS_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest
+    )
+{
+    DWORD   dwError = 0;
+    PREST_API_METHOD    pMethod = NULL;
+
+    if (!pRestOp || !pRESTHandle || !pRequest)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsRESTOperationReadRequest(pRestOp, pRESTHandle, pRequest);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = coapi_find_handler(
+            gpVdnsRestApiDef,
+            pRestOp->pszPath,
+            pRestOp->pszMethod,
+            &pMethod);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = pMethod->pFnImpl((void*)pRestOp, NULL);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    VMDNS_SET_REST_RESULT(pRestOp, dwError, NULL);
+    return dwError;
+
+error:
+    VmDnsLog(
+            VMDNS_LOG_LEVEL_ERROR,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTWriteSimpleErrorResponse(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_RESPONSE* ppResponse,
+    int             httpStatus
+    )
+{
+    DWORD   dwError = 0;
+    PVDNS_HTTP_ERROR    pHttpError = NULL;
+
+    if (!pRESTHandle || !ppResponse)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmRESTSetHttpStatusVersion(ppResponse, "HTTP/1.1");
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pHttpError = VmDnsRESTGetHttpError(httpStatus);
+
+    dwError = VmRESTSetHttpStatusCode(ppResponse, pHttpError->pszHttpStatus);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmRESTSetHttpReasonPhrase(ppResponse, pHttpError->pszHttpReason);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(
+            VMDNS_LOG_LEVEL_ERROR,
+            "%s failed, error (%d)",
+            __FUNCTION__,
+            dwError);
+
+    goto cleanup;
+}
diff --git a/vmdns/server/rest-head/httperror.c b/vmdns/server/rest-head/httperror.c
new file mode 100755
index 000000000..bb48f0a2e
--- /dev/null
+++ b/vmdns/server/rest-head/httperror.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static VDNS_HTTP_ERROR httpErrors[] =
+{
+    {HTTP_CONTINUE,                             "100",  "Continue"},
+    {HTTP_SWITCHING_PROTOCOLS,                  "101",  "Switching Protocols"},
+    {HTTP_PROCESSING,                           "102",  "Processing"},
+    {HTTP_OK,                                   "200",  "OK"},
+    {HTTP_CREATED,                              "201",  "Created"},
+    {HTTP_ACCEPTED,                             "202",  "Accepted"},
+    {HTTP_NON_AUTHORITATIVE_INFORMATION,        "203",  "Non-authoritative Information"},
+    {HTTP_NO_CONTENT,                           "204",  "No Content"},
+    {HTTP_RESET_CONTENT,                        "205",  "Reset Content"},
+    {HTTP_PARTIAL_CONTENT,                      "206",  "Partial Content"},
+    {HTTP_MULTI_STATUS,                         "207",  "Multi-Status"},
+    {HTTP_ALREADY_REPORTED,                     "208",  "Already Reported"},
+    {HTTP_IM_USED,                              "226",  "IM Used"},
+    {HTTP_MULTIPLE_CHOICES,                     "300",  "Multiple Choices"},
+    {HTTP_MOVED_PERMANENTLY,                    "301",  "Moved Permanently"},
+    {HTTP_FOUND,                                "302",  "Found"},
+    {HTTP_SEE_OTHER,                            "303",  "See Other"},
+    {HTTP_NOT_MODIFIED,                         "304",  "Not Modified"},
+    {HTTP_USE_PROXY,                            "305",  "Use Proxy"},
+    {HTTP_TEMPORARY_REDIRECT,                   "307",  "Temporary Redirect"},
+    {HTTP_PERMANENT_REDIRECT,                   "308",  "Permanent Redirect"},
+    {HTTP_BAD_REQUEST,                          "400",  "Bad Request"},
+    {HTTP_UNAUTHORIZED,                         "401",  "Unauthorized"},
+    {HTTP_PAYMENT_REQUIRED,                     "402",  "Payment Required"},
+    {HTTP_FORBIDDEN,                            "403",  "Forbidden"},
+    {HTTP_NOT_FOUND,                            "404",  "Not Found"},
+    {HTTP_METHOD_NOT_ALLOWED,                   "405",  "Method Not Allowed"},
+    {HTTP_NOT_ACCEPTABLE,                       "406",  "Not Acceptable"},
+    {HTTP_PROXY_AUTHENTICATION_REQUIRED,        "407",  "Proxy Authentication Required"},
+    {HTTP_REQUEST_TIMEOUT,                      "408",  "Request Timeout"},
+    {HTTP_CONFLICT,                             "409",  "Conflict"},
+    {HTTP_GONE,                                 "410",  "Gone"},
+    {HTTP_LENGTH_REQUIRED,                      "411",  "Length Required"},
+    {HTTP_PRECONDITION_FAILED,                  "412",  "Precondition Failed"},
+    {HTTP_PAYLOAD_TOO_LARGE,                    "413",  "Payload Too Large"},
+    {HTTP_REQUEST_URI_TOO_LONG,                 "414",  "Request-URI Too Long"},
+    {HTTP_UNSUPPORTED_MEDIA_TYPE,               "415",  "Unsupported Media Type"},
+    {HTTP_REQUESTED_RANGE_NOT_SATISFIABLE,      "416",  "Requested Range Not Satisfiable"},
+    {HTTP_EXPECTATION_FAILED,                   "417",  "Expectation Failed"},
+    {HTTP_I_M_A_TEAPOT,                         "418",  "I'm a teapot"},
+    {HTTP_MISDIRECTED_REQUEST,                  "421",  "Misdirected Request"},
+    {HTTP_UNPROCESSABLE_ENTITY,                 "422",  "Unprocessable Entity"},
+    {HTTP_LOCKED,                               "423",  "Locked"},
+    {HTTP_FAILED_DEPENDENCY,                    "424",  "Failed Dependency"},
+    {HTTP_UPGRADE_REQUIRED,                     "426",  "Upgrade Required"},
+    {HTTP_PRECONDITION_REQUIRED,                "428",  "Precondition Required"},
+    {HTTP_TOO_MANY_REQUESTS,                    "429",  "Too Many Requests"},
+    {HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE,      "431",  "Request Header Fields Too Large"},
+    {HTTP_CONNECTION_CLOSED_WITHOUT_RESPONSE,   "444",  "Connection Closed Without Response"},
+    {HTTP_UNAVAILABLE_FOR_LEGAL_REASONS,        "451",  "Unavailable For Legal Reasons"},
+    {HTTP_CLIENT_CLOSED_REQUEST,                "499",  "Client Closed Request"},
+    {HTTP_INTERNAL_SERVER_ERROR,                "500",  "Internal Server Error"},
+    {HTTP_NOT_IMPLEMENTED,                      "501",  "Not Implemented"},
+    {HTTP_BAD_GATEWAY,                          "502",  "Bad Gateway"},
+    {HTTP_SERVICE_UNAVAILABLE,                  "503",  "Service Unavailable"},
+    {HTTP_GATEWAY_TIMEOUT,                      "504",  "Gateway Timeout"},
+    {HTTP_HTTP_VERSION_NOT_SUPPORTED,           "505",  "HTTP Version Not Supported"},
+    {HTTP_VARIANT_ALSO_NEGOTIATES,              "506",  "Variant Also Negotiates"},
+    {HTTP_INSUFFICIENT_STORAGE,                 "507",  "Insufficient Storage"},
+    {HTTP_LOOP_DETECTED,                        "508",  "Loop Detected"},
+    {HTTP_NOT_EXTENDED,                         "510",  "Not Extended"},
+    {HTTP_NETWORK_AUTHENTICATION_REQUIRED,      "511",  "Network Authentication Required"},
+    {HTTP_NETWORK_CONNECT_TIMEOUT_ERROR,        "599",  "Network Connect Timeout Error"},
+    {0,                                         "0",    "Unknown Error"}
+};
+
+PVDNS_HTTP_ERROR
+VmDnsRESTGetHttpError(
+    int httpStatus
+    )
+{
+    DWORD i = 0;
+
+    for (i = 0; httpErrors[i].httpStatus; i++)
+    {
+        if (httpErrors[i].httpStatus == httpStatus)
+        {
+            break;
+        }
+    }
+
+    return &httpErrors[i];
+}
diff --git a/vmdns/server/rest-head/includes.h b/vmdns/server/rest-head/includes.h
new file mode 100755
index 000000000..b4fa039de
--- /dev/null
+++ b/vmdns/server/rest-head/includes.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _WIN32
+
+#include <config.h>
+#include <vmdnssys.h>
+
+#else
+
+#pragma once
+
+#include "targetver.h"
+#include <windows.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+#include <errno.h>
+#include <tchar.h>
+
+#endif
+
+#include <vmdns.h>
+#include <vmdnstypes.h>
+#include <vmdnsdefines.h>
+#include <vmdnserrorcode.h>
+#include <vmdnscommon.h>
+
+
+#include <resthead.h>
+#include <vmdnsserver.h>
+#include <srvcommon.h>
+#include <vmdnsmetrics.h>
+
+#ifdef REST_ENABLED
+
+#include <copenapi/copenapi.h>
+#include <curl/curl.h>
+#include <gssapi/gssapi.h>
+#include <gssapi/gssapi_ext.h>
+#include <jansson.h>
+#include <sasl/saslutil.h>
+#include <vmrest.h>
+
+#include <ssotypes.h>
+#include <oidc_types.h>
+#include <oidc.h>
+
+#include "defines.h"
+#include "externs.h"
+#include "structs.h"
+#include "prototypes.h"
+
+#endif
diff --git a/vmdns/server/rest-head/libmain.c b/vmdns/server/rest-head/libmain.c
new file mode 100755
index 000000000..85896845c
--- /dev/null
+++ b/vmdns/server/rest-head/libmain.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+#ifdef REST_ENABLED
+
+REST_PROCESSOR sVmDnsRESTHandlers =
+{
+    .pfnHandleCreate = &VmDnsRESTRequestHandler,
+    .pfnHandleRead = &VmDnsRESTRequestHandler,
+    .pfnHandleUpdate = &VmDnsRESTRequestHandler,
+    .pfnHandleDelete = &VmDnsRESTRequestHandler,
+    .pfnHandleOthers = &VmDnsRESTRequestHandler
+};
+
+DWORD
+VmDnsRESTServerInit(
+    VOID
+    )
+{
+
+    DWORD   dwError = 0;
+    REST_CONF   config = {0};
+    PREST_PROCESSOR     pHandlers = &sVmDnsRESTHandlers;
+    PREST_API_MODULE    pModule = NULL;
+
+    MODULE_REG_MAP stRegMap[] =
+    {
+          {"VmDnsMetrics", VmDnsRESTGetMetricsModule},
+          {NULL, NULL}
+    };
+
+    config.pSSLCertificate = NULL;
+    config.pSSLKey = NULL;
+
+    //get the listen port from the registry
+    dwError = VmDnsConfigGetStringA(
+                VMDNS_REG_CONFIG_KEY_PATH,
+                VMDNS_REG_KEY_REST_LISTEN_PORT,
+                &gVmdnsGlobals.pszRestListenPort
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    config.pServerPort = gVmdnsGlobals.pszRestListenPort;
+    config.pDebugLogFile = VMDNS_REST_DEBUGLOGFILE;
+    config.pClientCount = VMDNS_REST_CLIENTCNT;
+    config.pMaxWorkerThread = VMDNS_REST_WORKERTHCNT;
+
+    dwError = VmRESTInit(&config, NULL, &gpVdnsRESTHandle);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = coapi_load_from_file(REST_API_SPEC, &gpVdnsRestApiDef);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = coapi_map_api_impl(gpVdnsRestApiDef, stRegMap);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    for (pModule = gpVdnsRestApiDef->pModules; pModule; pModule = pModule->pNext)
+    {
+        PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+        for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+        {
+            dwError = VmRESTRegisterHandler(
+                            gpVdnsRESTHandle,
+                            pEndPoint->pszName,
+                            pHandlers,
+                            NULL
+                            );
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
+    }
+
+    dwError = VmRESTStart(gpVdnsRESTHandle);
+    if (dwError)
+    {
+        // soft fail - will not listen on REST port.
+        VmDnsLog(VMDNS_LOG_LEVEL_ERROR,"VmRESTStart failed with error %d, not going to listen on REST port",dwError);
+        dwError = 0;
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+VOID
+VmDnsRESTServerShutdown(
+    VOID
+    )
+{
+    PREST_API_MODULE    pModule = NULL;
+
+    if (gpVdnsRESTHandle)
+    {
+        VmRESTStop(gpVdnsRESTHandle);
+        if (gpVdnsRestApiDef)
+        {
+            pModule = gpVdnsRestApiDef->pModules;
+            for (; pModule; pModule = pModule->pNext)
+            {
+                PREST_API_ENDPOINT pEndPoint = pModule->pEndPoints;
+                for (; pEndPoint; pEndPoint = pEndPoint->pNext)
+                {
+                    (VOID)VmRESTUnRegisterHandler(
+                            gpVdnsRESTHandle, pEndPoint->pszName);
+                }
+            }
+        }
+        VmRESTShutdown(gpVdnsRESTHandle);
+    }
+}
+
+#else
+
+DWORD
+VmDnsRESTServerInit(
+    VOID
+    )
+{
+    return 0;
+}
+
+VOID
+VmDnsRESTServerShutdown(
+    VOID
+    )
+{
+    return;
+}
+
+#endif
diff --git a/vmdns/server/rest-head/metricsapi.c b/vmdns/server/rest-head/metricsapi.c
new file mode 100755
index 000000000..a55b91a57
--- /dev/null
+++ b/vmdns/server/rest-head/metricsapi.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+/*
+ * REST_MODULE (from copenapitypes.h)
+ * callback indices must correspond to:
+ *      GET, PUT, POST, DELETE, PATCH
+ */
+REST_MODULE gMetricsRestModule[] =
+{
+    {
+        "/v1/dns/metrics",
+        {VmDnsRESTMetricsGet, NULL, NULL, NULL, NULL}
+    }
+};
+
+DWORD
+VmDnsRESTGetMetricsModule(
+    PREST_MODULE*   ppRestModule
+    )
+{
+    *ppRestModule = gMetricsRestModule;
+    return 0;
+}
+
+/*
+ * Performs GET operation for the metrics group.
+ */
+DWORD
+VmDnsRESTMetricsGet(
+    PVOID   pIn,
+    PVOID*  ppOut
+    )
+{
+    DWORD   dwError = 0;
+    PVDNS_REST_OPERATION pRestOp = NULL;
+
+    if (!pIn)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    pRestOp = (PVDNS_REST_OPERATION)pIn;
+
+    VmMetricsGetPrometheusData(
+            gVmDnsMetricsContext,
+            &pRestOp->pResult->pszData,
+            &pRestOp->pResult->dwDataLen
+            );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    VMDNS_SET_REST_RESULT(pRestOp, dwError, NULL);
+
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/vmdns/server/rest-head/operation.c b/vmdns/server/rest-head/operation.c
new file mode 100755
index 000000000..465d05df9
--- /dev/null
+++ b/vmdns/server/rest-head/operation.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDnsRESTOperationCreate(
+    PVDNS_REST_OPERATION*   ppRestOp
+    )
+{
+    DWORD   dwError = 0;
+    PVDNS_REST_OPERATION    pRestOp = NULL;
+
+    if (!ppRestOp)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsAllocateMemory(
+                    sizeof(VDNS_REST_OPERATION),
+                    (PVOID*)&pRestOp
+                    );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsRESTResultCreate(&pRestOp->pResult);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pRestOp->pResource = VmDnsRESTGetResource(NULL);
+
+    *ppRestOp = pRestOp;
+
+cleanup:
+
+    return dwError;
+
+error:
+
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    if (ppRestOp)
+    {
+       *ppRestOp = NULL;
+    }
+    VmDnsFreeRESTOperation(pRestOp);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTOperationReadRequest(
+    PVDNS_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRestReq
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   bytesRead = 0;
+    json_error_t    jError = {0};
+    PSTR    pszTmp = NULL;
+    PSTR    pszInput = NULL;
+    size_t  len = 0;
+
+    if (!pRestOp || !pRESTHandle || !pRestReq)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    // read request methods
+    dwError = VmRESTGetHttpMethod(pRestReq, &pRestOp->pszMethod);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    // read request URI
+    dwError = VmRESTGetHttpURI(pRestReq, &pRestOp->pszPath);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pszTmp = VmDnsStringChrA(pRestOp->pszPath, '?');
+    if (pszTmp)
+    {
+        *pszTmp = '\0';
+    }
+
+    // determine resource
+    pRestOp->pResource = VmDnsRESTGetResource(pRestOp->pszPath);
+    if (pRestOp->pResource->rscType == VDNS_REST_RSC_UNKNOWN)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    // extract sub-path
+    if (pRestOp->pResource->bIsEndpointPrefix)
+    {
+        dwError = VmDnsAllocateStringA(
+                pRestOp->pszPath + strlen(pRestOp->pResource->pszEndpoint) + 1,
+                &pRestOp->pszSubPath
+                );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    // read request authorization info
+    dwError = VmRESTGetHttpHeader(pRestReq, VMDNS_REST_HEADER_AUTHENTICATION, &pRestOp->pszAuth);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    // read request input json
+    do
+    {
+        if (bytesRead || !pszInput)
+        {
+            dwError = VmDnsReallocateMemory(
+                    (PVOID)pszInput,
+                    (PVOID*)&pszInput,
+                    len + MAX_REST_PAYLOAD_LENGTH + 1       // +1 for NULL char
+                    );
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
+
+        bytesRead = 0;
+        dwError = VmRESTGetData(
+                pRESTHandle,
+                pRestReq,
+                pszInput + len,
+                &bytesRead
+                );
+
+        len += bytesRead;
+    }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMDNS_ERROR(dwError);
+    pszInput[len] = 0;
+
+    if (!IsNullOrEmptyString(pszInput))
+    {
+        pRestOp->pjInput = json_loads(pszInput, 0, &jError);
+        if (!pRestOp->pjInput)
+        {
+            VmDnsLog(VMDNS_LOG_LEVEL_ERROR,
+                    "%s failed to parse json payload: "
+                    "(text=%s), "
+                    "(source=%s), "
+                    "(line=%d), "
+                    "(column=%d), "
+                    "(position=%d)",
+                    __FUNCTION__,
+                    jError.text,
+                    jError.source,
+                    jError.line,
+                    jError.column,
+                    jError.position);
+
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDNS_ERROR(dwError);
+        }
+    }
+
+cleanup:
+    VMDNS_SAFE_FREE_MEMORY(pszInput);
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+/*
+ * Set HTTP headers as well as payload
+ */
+DWORD
+VmDnsRESTOperationWriteResponse(
+    PVDNS_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_RESPONSE*         ppResponse
+    )
+{
+    DWORD   dwError = 0;
+    DWORD   bytesWritten = 0;
+    PSTR    pszHttpStatus = NULL;
+    PSTR    pszHttpReason = NULL;
+    PSTR    pszBody = NULL;
+    PSTR    pszBodyLen = NULL;
+    size_t  bodyLen = 0;
+    size_t  sentLen = 0;
+
+    if (!pRestOp || !pRESTHandle || !ppResponse)
+    {
+        dwError  = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmRESTSetHttpStatusVersion(ppResponse, "HTTP/1.1");
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = pRestOp->pResource->pfnGetHttpError(
+                       pRestOp->pResult,
+                       &pszHttpStatus,
+                       &pszHttpReason
+                       );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmRESTSetHttpStatusCode(ppResponse, pszHttpStatus);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmRESTSetHttpReasonPhrase(ppResponse, pszHttpReason);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmRESTSetHttpHeader(ppResponse, "Connection", "close");
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+
+    if (pRestOp->pResult->pszData)
+    {
+       dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "text/plain");
+       BAIL_ON_VMDNS_ERROR(dwError);
+
+       bodyLen = pRestOp->pResult->dwDataLen;
+
+       dwError = VmDnsAllocateMemory(
+                    bodyLen + 1,
+                    (PVOID*)&pszBody);
+       BAIL_ON_VMDNS_ERROR(dwError);
+
+       dwError = VmDnsCopyMemory(
+                    (PVOID)pszBody,
+                    bodyLen + 1,
+                    (PVOID)pRestOp->pResult->pszData,
+                    bodyLen
+                    );
+       BAIL_ON_VMDNS_ERROR(dwError);
+    }
+    else
+    {
+       dwError = VmRESTSetHttpHeader(ppResponse, "Content-Type", "application/json");
+       BAIL_ON_VMDNS_ERROR(dwError);
+       dwError = VmDnsRESTResultToResponseBody(
+                                       pRestOp->pResult,
+                                       pRestOp->pResource,
+                                       &pszBody
+                                       );
+       BAIL_ON_VMDNS_ERROR(dwError);
+       bodyLen = VmDnsStringLenA(VDNS_SAFE_STRING(pszBody));
+    }
+
+    dwError = VmDnsAllocateStringPrintfA(&pszBodyLen, "%ld", bodyLen);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmRESTSetDataLength(
+                       ppResponse,
+                       bodyLen > MAX_REST_PAYLOAD_LENGTH ? NULL : pszBodyLen
+                       );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    do
+    {
+        size_t chunkLen = bodyLen > MAX_REST_PAYLOAD_LENGTH ?
+                MAX_REST_PAYLOAD_LENGTH : bodyLen;
+
+        dwError = VmRESTSetData(
+                pRESTHandle,
+                ppResponse,
+                VDNS_SAFE_STRING(pszBody) + sentLen,
+                chunkLen,
+                &bytesWritten
+                );
+
+        sentLen += bytesWritten;
+        bodyLen -= bytesWritten;
+    }
+    while (dwError == REST_ENGINE_MORE_IO_REQUIRED);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    VMDNS_SAFE_FREE_STRINGA(pszBody);
+    VMDNS_SAFE_FREE_STRINGA(pszBodyLen);
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+VOID
+VmDnsFreeRESTOperation(
+    PVDNS_REST_OPERATION    pRestOp
+    )
+{
+    if (pRestOp)
+    {
+        VMDNS_SAFE_FREE_MEMORY(pRestOp->pszAuth);
+        VMDNS_SAFE_FREE_MEMORY(pRestOp->pszMethod);
+        VMDNS_SAFE_FREE_MEMORY(pRestOp->pszPath);
+        VMDNS_SAFE_FREE_MEMORY(pRestOp->pszSubPath);
+        VMDNS_SAFE_FREE_MEMORY(pRestOp->pszHeaderIfMatch);
+        if (pRestOp->pjInput)
+        {
+            json_decref(pRestOp->pjInput);
+        }
+        VmDnsFreeRESTResult(pRestOp->pResult);
+        VMDNS_SAFE_FREE_MEMORY(pRestOp);
+    }
+}
+
+
diff --git a/vmdns/server/rest-head/prototypes.h b/vmdns/server/rest-head/prototypes.h
new file mode 100755
index 000000000..e91db2aa1
--- /dev/null
+++ b/vmdns/server/rest-head/prototypes.h
@@ -0,0 +1,151 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+// handler.c
+DWORD
+VmDnsRESTRequestHandler(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_REQUEST   pRequest,
+    PREST_RESPONSE* ppResponse,
+    uint32_t        paramsCount
+    );
+
+DWORD
+VmDnsRESTProcessRequest(
+    PVDNS_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRequest
+    );
+
+DWORD
+VmDnsRESTWriteSimpleErrorResponse(
+    PVMREST_HANDLE  pRESTHandle,
+    PREST_RESPONSE* ppResponse,
+    int             httpStatus
+    );
+
+//// httperror.c
+PVDNS_HTTP_ERROR
+VmDnsRESTGetHttpError(
+    int httpStatus
+    );
+
+// metricsapi.c
+DWORD
+VmDnsRESTGetMetricsModule(
+    PREST_MODULE*   ppRestModule
+    );
+
+DWORD
+VmDnsRESTMetricsGet(
+    PVOID           pIn,
+    PVOID*          ppOut
+    );
+
+// operation.c
+DWORD
+VmDnsRESTOperationCreate(
+    PVDNS_REST_OPERATION*   ppRestOp
+    );
+
+DWORD
+VmDnsRESTOperationReadRequest(
+    PVDNS_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_REQUEST           pRestReq
+    );
+
+DWORD
+VmDnsRESTOperationWriteResponse(
+    PVDNS_REST_OPERATION    pRestOp,
+    PVMREST_HANDLE          pRESTHandle,
+    PREST_RESPONSE*         ppResponse
+    );
+
+VOID
+VmDnsFreeRESTOperation(
+    PVDNS_REST_OPERATION    pRestOp
+    );
+
+VOID
+VmDnsSimpleHashMapPairFree(
+    PLW_HASHMAP_PAIR    pPair,
+    PVOID               pUnused
+    );
+
+// resource.c
+PVDNS_REST_RESOURCE
+VmDnsRESTGetResource(
+    PSTR    pszPath
+    );
+
+DWORD
+VmDnsRESTUnknownSetResult(
+    PVDNS_REST_RESULT   pRestRslt,
+    DWORD               dwErr,
+    PSTR                pszErrMsg
+    );
+
+DWORD
+VmDnsRESTUnknownGetHttpError(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR*               ppszHttpStatus,
+    PSTR*               ppszHttpReason
+    );
+
+// result.c
+DWORD
+VmDnsRESTResultCreate(
+    PVDNS_REST_RESULT*  ppRestRslt
+    );
+
+DWORD
+VmDnsRESTResultSetError(
+    PVDNS_REST_RESULT   pRestRslt,
+    int                 errCode,
+    PSTR                pszErrMsg
+    );
+
+DWORD
+VmDnsRESTResultSetStrData(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR                pszKey,
+    PSTR                pszVal
+    );
+
+DWORD
+VmDnsRESTResultSetIntData(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR                pszKey,
+    int                 iVal
+    );
+
+DWORD
+VmDnsRESTResultSetObjData(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR                pszKey,
+    json_t*             pjVal
+    );
+
+DWORD
+VmDnsRESTResultToResponseBody(
+    PVDNS_REST_RESULT   pRestRslt,
+    PVDNS_REST_RESOURCE pResource,
+    PSTR*               ppszBody
+    );
+
+VOID
+VmDnsFreeRESTResult(
+    PVDNS_REST_RESULT   pRestRslt
+    );
diff --git a/vmdns/server/rest-head/resource.c b/vmdns/server/rest-head/resource.c
new file mode 100755
index 000000000..f5e46a843
--- /dev/null
+++ b/vmdns/server/rest-head/resource.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static VDNS_REST_RESOURCE resources[VDNS_REST_RSC_COUNT] =
+{
+    {
+        VDNS_REST_RSC_METRICS,
+        "/v1/dns/metrics",
+        FALSE,
+        VmDnsRESTUnknownSetResult,
+        VmDnsRESTUnknownGetHttpError,
+        "error-code",
+        "error-message"
+    },
+    {
+       VDNS_REST_RSC_UNKNOWN,
+       NULL,
+       FALSE,
+       VmDnsRESTUnknownSetResult,
+       VmDnsRESTUnknownGetHttpError,
+       NULL,
+       NULL
+    }
+};
+
+PVDNS_REST_RESOURCE
+VmDnsRESTGetResource(
+    PSTR    pszPath
+    )
+{
+    DWORD   i = 0;
+    BOOLEAN bValidPath = FALSE;
+
+    bValidPath = !IsNullOrEmptyString(pszPath);
+
+    for (i = 0; resources[i].pszEndpoint; i++)
+    {
+        if (bValidPath)
+        {
+            if (resources[i].bIsEndpointPrefix)
+            {
+                if (VmDnsStringStartsWith(
+                        pszPath, resources[i].pszEndpoint, FALSE))
+                {
+                    break;
+                }
+            }
+            else
+            {
+                if (VmDnsStringCompareA(
+                        pszPath, resources[i].pszEndpoint, FALSE) == 0)
+                {
+                    break;
+                }
+            }
+        }
+    }
+
+    return &resources[i];
+}
+
+DWORD
+VmDnsRESTUnknownSetResult(
+    PVDNS_REST_RESULT   pRestRslt,
+    DWORD               dwErr,
+    PSTR                pszErrMsg
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestRslt)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsRESTResultSetError(pRestRslt, (int)dwErr, pszErrMsg);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTUnknownGetHttpError(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR*               ppszHttpStatus,
+    PSTR*               ppszHttpReason
+    )
+{
+    DWORD   dwError = 0;
+    int     httpStatus = 0;
+    PVDNS_HTTP_ERROR    pHttpError = NULL;
+
+    if (!ppszHttpStatus || !ppszHttpReason)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    switch ((DWORD)pRestRslt->errCode)
+    {
+    case 0:
+        httpStatus = HTTP_OK;
+        break;
+
+    case 1:
+        httpStatus = HTTP_BAD_REQUEST;
+        break;
+
+    default:
+        httpStatus = HTTP_INTERNAL_SERVER_ERROR;
+        break;
+    }
+
+    pHttpError = VmDnsRESTGetHttpError(httpStatus);
+
+    *ppszHttpStatus = pHttpError->pszHttpStatus;
+    *ppszHttpReason = pHttpError->pszHttpReason;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/vmdns/server/rest-head/result.c b/vmdns/server/rest-head/result.c
new file mode 100755
index 000000000..9a19dfa3a
--- /dev/null
+++ b/vmdns/server/rest-head/result.c
@@ -0,0 +1,289 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmDnsRESTResultCreate(
+    PVDNS_REST_RESULT*  ppRestRslt
+    )
+{
+    DWORD   dwError = 0;
+    PVDNS_REST_RESULT   pRestRslt = NULL;
+
+    if (!ppRestRslt)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsAllocateMemory(
+                sizeof(VDNS_REST_RESULT),
+                (PVOID*)&pRestRslt
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = LwRtlCreateHashMap(
+                &pRestRslt->pDataMap,
+                LwRtlHashDigestPstrCaseless,
+                LwRtlHashEqualPstrCaseless,
+                NULL
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    pRestRslt->bErrSet = FALSE;
+    pRestRslt->dwDataLen = 0;
+
+    *ppRestRslt = pRestRslt;
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    if (ppRestRslt)
+    {
+        *ppRestRslt = NULL;
+    }
+    VmDnsFreeRESTResult(pRestRslt);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTResultSetError(
+    PVDNS_REST_RESULT   pRestRslt,
+    int                 errCode,
+    PSTR                pszErrMsg
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestRslt)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    if (!pRestRslt->bErrSet && errCode)
+    {
+        VMDNS_SAFE_FREE_MEMORY(pRestRslt->pszErrMsg);
+        dwError = VmDnsAllocateStringA(
+                    VDNS_SAFE_STRING(pszErrMsg),
+                    &pRestRslt->pszErrMsg
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        pRestRslt->errCode = errCode;
+        pRestRslt->bErrSet = TRUE;
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTResultSetStrData(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR                pszKey,
+    PSTR                pszVal
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestRslt || IsNullOrEmptyString(pszKey) || IsNullOrEmptyString(pszVal))
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsRESTResultSetObjData(pRestRslt, pszKey, json_string(pszVal));
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTResultSetIntData(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR                pszKey,
+    int                 iVal
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pRestRslt || IsNullOrEmptyString(pszKey))
+    {
+            dwError = ERROR_INVALID_PARAMETER;
+            BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsRESTResultSetObjData(pRestRslt, pszKey, json_integer(iVal));
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTResultSetObjData(
+    PVDNS_REST_RESULT   pRestRslt,
+    PSTR                pszKey,
+    json_t*             pjVal
+    )
+{
+    DWORD   dwError = 0;
+    PSTR    pszKeyCp = NULL;
+
+    if (!pRestRslt || IsNullOrEmptyString(pszKey) || !pjVal)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    dwError = VmDnsAllocateStringA(pszKey, &pszKeyCp);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = LwRtlHashMapInsert(pRestRslt->pDataMap, pszKeyCp, pjVal, NULL);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    VMDNS_SAFE_FREE_MEMORY(pszKeyCp);
+    goto cleanup;
+}
+
+DWORD
+VmDnsRESTResultToResponseBody(
+    PVDNS_REST_RESULT   pRestRslt,
+    PVDNS_REST_RESOURCE pResource,
+    PSTR*               ppszBody
+    )
+{
+    DWORD   dwError = 0;
+    json_t* pjBody = NULL;
+    json_t* pjErrCode = NULL;
+    json_t* pjErrMsg = NULL;
+    json_t* pjData = NULL;
+    LW_HASHMAP_ITER iter = LW_HASHMAP_ITER_INIT;
+    LW_HASHMAP_PAIR pair = {NULL, NULL};
+    PSTR    pszBody = NULL;
+
+    if (!pRestRslt || !pResource || !ppszBody)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    if (pResource->rscType == VDNS_REST_RSC_UNKNOWN)
+    {
+        // don't produce response body if resource is unknown
+        goto cleanup;
+    }
+
+    pjBody = json_object();
+
+    if (pRestRslt->errCode)
+    {
+        pjErrCode = json_integer(pRestRslt->errCode);
+        dwError = json_object_set_new(
+                    pjBody,
+                    pResource->pszErrCodeKey,
+                    pjErrCode
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        pjErrMsg = json_string(VDNS_SAFE_STRING(pRestRslt->pszErrMsg));
+        dwError = json_object_set_new(
+                    pjBody,
+                    pResource->pszErrMsgKey,
+                    pjErrMsg
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    while (LwRtlHashMapIterate(pRestRslt->pDataMap, &iter, &pair))
+    {
+        pjData = (json_t*)pair.pValue;
+        dwError = json_object_set(pjBody, (PSTR)pair.pKey, pjData);
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    if (json_object_size(pjBody))
+    {
+        pszBody = json_dumps(pjBody, JSON_INDENT(4));
+        *ppszBody = pszBody;
+    }
+
+cleanup:
+    if (pjBody)
+    {
+        json_decref(pjBody);
+    }
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    if (ppszBody)
+    {
+       *ppszBody = NULL;
+    }
+    VMDNS_SAFE_FREE_MEMORY(pszBody);
+    goto cleanup;
+}
+
+static
+VOID
+_DataMapPairFree(
+    PLW_HASHMAP_PAIR    pPair,
+    PVOID               pUnused
+    )
+{
+    VMDNS_SAFE_FREE_MEMORY(pPair->pKey);
+    if (pPair->pValue)
+    {
+        json_t* pjData = (json_t*)pPair->pValue;
+        json_decref(pjData);
+    }
+}
+
+VOID
+VmDnsFreeRESTResult(
+    PVDNS_REST_RESULT   pRestRslt
+    )
+{
+    if (pRestRslt)
+    {
+        VMDNS_SAFE_FREE_MEMORY(pRestRslt->pszErrMsg);
+        VMDNS_SAFE_FREE_MEMORY(pRestRslt->pszData);
+        LwRtlHashMapClear(pRestRslt->pDataMap, _DataMapPairFree, NULL);
+        LwRtlFreeHashMap(&pRestRslt->pDataMap);
+        VMDNS_SAFE_FREE_MEMORY(pRestRslt);
+    }
+}
diff --git a/vmdns/server/rest-head/structs.h b/vmdns/server/rest-head/structs.h
new file mode 100755
index 000000000..0fda84531
--- /dev/null
+++ b/vmdns/server/rest-head/structs.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+typedef enum
+{
+    VDNS_REST_RSC_METRICS,
+    VDNS_REST_RSC_UNKNOWN,
+    VDNS_REST_RSC_COUNT,
+
+} VDNS_REST_RESOURCE_TYPE;
+
+typedef struct _VDNS_REST_RESULT
+{
+    int         errCode;
+    PSTR        pszErrMsg;
+    PLW_HASHMAP pDataMap;
+    BOOLEAN     bErrSet;
+    PSTR        pszData;
+    DWORD       dwDataLen;
+
+} VDNS_REST_RESULT, *PVDNS_REST_RESULT;
+
+typedef DWORD (*PFN_SET_RESULT)(
+        PVDNS_REST_RESULT   pRestRslt,
+        DWORD               dwErr,
+        PSTR                pszErrMsg
+        );
+
+typedef DWORD (*PFN_GET_HTTP_ERROR)(
+        PVDNS_REST_RESULT   pRestRslt,
+        PSTR*               ppszHttpStatus,
+        PSTR*               ppszHttpReason
+        );
+
+typedef struct _VDNS_REST_RESOURCE
+{
+    VDNS_REST_RESOURCE_TYPE rscType;
+    PCSTR                   pszEndpoint;
+    BOOLEAN                 bIsEndpointPrefix;
+    PFN_SET_RESULT          pfnSetResult;
+    PFN_GET_HTTP_ERROR      pfnGetHttpError;
+    PCSTR                   pszErrCodeKey;
+    PCSTR                   pszErrMsgKey;
+
+} VDNS_REST_RESOURCE, *PVDNS_REST_RESOURCE;
+
+typedef struct _VDNS_REST_OPERATION
+{
+    PSTR                pszAuth;
+    PSTR                pszMethod;
+    PSTR                pszPath;
+    PSTR                pszSubPath;
+    PSTR                pszHeaderIfMatch;
+    json_t*             pjInput;
+    PVDNS_REST_RESULT   pResult;
+    PVDNS_REST_RESOURCE pResource;
+
+} VDNS_REST_OPERATION, *PVDNS_REST_OPERATION;
+
+//// httperror.c
+typedef struct _VDNS_HTTP_ERROR
+{
+    int     httpStatus;
+    PSTR    pszHttpStatus;
+    PSTR    pszHttpReason;
+
+} VDNS_HTTP_ERROR, *PVDNS_HTTP_ERROR;
diff --git a/vmdns/server/vmdns/Makefile.am b/vmdns/server/vmdns/Makefile.am
index c0468e059..1a758a5c6 100755
--- a/vmdns/server/vmdns/Makefile.am
+++ b/vmdns/server/vmdns/Makefile.am
@@ -1,14 +1,14 @@
 sbin_PROGRAMS = vmdnsd
 
-idl_srcdir=$(top_srcdir)/idl
-include_srcdir=$(top_srcdir)/include
-include_public_srcdir=$(top_srcdir)/include/public
+idl_srcdir=$(top_srcdir)/vmdns/idl
+include_public_srcdir=$(top_srcdir)/vmdns/include/public
 
 vmdnsd_SOURCES = \
     auth.c        \
     globals.c     \
     init.c        \
     main.c        \
+    metrics.c     \
     parseargs.c   \
     rpc.c         \
     rpcserv.c     \
@@ -19,19 +19,24 @@ vmdnsd_SOURCES = \
     vmdns_sstub.c
 
 vmdnsd_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/server/common \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/service \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdns/server/common \
+    -I$(top_srcdir)/vmdns/server/include \
+    -I$(top_srcdir)/vmdns/server/service \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
 vmdnsd_LDADD = \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/common/libcommon.la \
-    $(top_builddir)/vmsock/api/libvmsock.la \
-    @VMDIR_LIBS@ \
+    $(top_builddir)/vmdns/server/common/libsrvcommon.la \
+    $(top_builddir)/vmdns/server/rest-head/librest-head.la \
+    $(top_builddir)/vmdns/common/libcommon.la \
+    $(top_builddir)/vmdns/vmsock/api/libvmsock.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmidentity/ssoclients/common/src/libssocommon.la \
+    $(top_builddir)/vmidentity/ssoclients/oidc/src/libssooidc.la \
     @DCERPC_LIBS@ \
     @LDAP_LIBS@ \
     @LWIO_LIBS@ \
@@ -43,12 +48,17 @@ vmdnsd_LDADD = \
     @CRYPTO_LIBS@ \
     @GSSAPI_LIBS@ \
     @UUID_LIBS@ \
-    @PTHREAD_LIBS@
+    @PTHREAD_LIBS@ \
+    @JANSSON_LIBS@ \
+    @COPENAPI_LIBS@ \
+    @CRESTENGINE_LIBS@
 
 vmdnsd_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
-    @LW_LDFLAGS@
+    @LW_LDFLAGS@ \
+    @JANSSON_LDFLAGS@ \
+    @COPENAPI_LDFLAGS@ \
+    @CRESTENGINE_LDFLAGS@
 
 CLEANFILES = \
     vmdns_h.h \
diff --git a/vmdns/server/vmdns/globals.c b/vmdns/server/vmdns/globals.c
index b2ed1bff9..e704c010f 100755
--- a/vmdns/server/vmdns/globals.c
+++ b/vmdns/server/vmdns/globals.c
@@ -48,5 +48,8 @@ VMDNS_GLOBALS gVmdnsGlobals =
         VMDNS_SF_INIT(.vmdnsdState, VMDNSD_STARTUP),
         VMDNS_SF_INIT(.pRPCServerThread, NULL),
         VMDNS_SF_INIT(.bRegisterTcpEndpoint, FALSE),
-        VMDNS_SF_INIT(.bEnableDNSProtocol, FALSE)
+        VMDNS_SF_INIT(.bEnableDNSProtocol, FALSE),
+
+        //rest-head
+        VMDNS_SF_INIT(.pszRestListenPort, NULL)
     };
diff --git a/vmdns/server/vmdns/includes.h b/vmdns/server/vmdns/includes.h
index c7e60d536..d1430c99b 100755
--- a/vmdns/server/vmdns/includes.h
+++ b/vmdns/server/vmdns/includes.h
@@ -69,6 +69,7 @@
 #include <srvcommon.h>
 #include <vmsock.h>
 #include <vmdnsserver.h>
+#include <vmdnsmetrics.h>
 
 #include "defines.h"
 #include "structs.h"
diff --git a/vmdns/server/vmdns/init.c b/vmdns/server/vmdns/init.c
index a87f7cd4d..4daf60503 100755
--- a/vmdns/server/vmdns/init.c
+++ b/vmdns/server/vmdns/init.c
@@ -45,15 +45,21 @@ VmDnsInit()
     dwError = VmDnsAllocateMutex(&gVmdnsGlobals.pMutex);
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    dwError = VmDnsMetricsInit();
+    BAIL_ON_VMDNS_ERROR(dwError);
+
     dwError = VmDnsSrvInitialize(TRUE);
     BAIL_ON_VMDNS_ERROR(dwError);
 
-    dwError = VmwSockInitialize();
+    dwError = VmDnsSockInitialize();
     BAIL_ON_VMDNS_ERROR(dwError);
 
     dwError = VmDnsRpcServerInit();
     BAIL_ON_VMDNS_ERROR(dwError);
 
+    dwError = VmDnsRESTServerInit();
+    BAIL_ON_VMDNS_ERROR(dwError);
+
     dwError = VmDnsConfigGetDword(VMDNS_KEY_VALUE_ENABLE_PROTOCOL, &dwEnableDNS);
     if (dwError)
     {
diff --git a/vmdns/server/vmdns/metrics.c b/vmdns/server/vmdns/metrics.c
new file mode 100644
index 000000000..228e1dcc3
--- /dev/null
+++ b/vmdns/server/vmdns/metrics.c
@@ -0,0 +1,250 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+VmDnsMetricsCounterInit(
+    VOID
+    );
+
+static
+DWORD
+VmDnsMetricsHistogramInit(
+    VOID
+    );
+
+static
+DWORD
+VmDnsMetricsGaugeInit(
+    VOID
+    );
+
+static VM_METRICS_LABEL labelDurationOps[2][1] = {{{"operation","query"}},
+                                                  {{"operation","update"}}};
+
+static VM_METRICS_LABEL labelErrors[4][1] = {{{"code","nxdomain_error"}},
+                                             {{"code","not_implemented_error"}},
+                                             {{"code","unknown_error"}},
+                                             {{"code","no_error"}}};
+
+static VM_METRICS_LABEL labelCacheOps[2][1] = {{{"operation","lookup"}},
+                                               {{"operation","miss"}}};
+
+static VM_METRICS_LABEL labelCachePurgeType[3][1] = {{{"operation","modify_purge"}},
+                                                     {{"operation","lru_purge"}},
+                                                     {{"operation","replication_purge"}}};
+
+DWORD
+VmDnsMetricsInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsInit(&gVmDnsMetricsContext);
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsMetricsCounterInit();
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsMetricsHistogramInit();
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmDnsMetricsGaugeInit();
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsMetricsCounterInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+    int i;
+
+    for (i=DNS_ERROR_NXDOMAIN_ERR_COUNT; i<=DNS_NO_ERROR; i++ )
+    {
+        dwError = VmMetricsCounterNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_dns_error_count",
+                    labelErrors[i - DNS_ERROR_NXDOMAIN_ERR_COUNT],
+                    1,
+                    "DNS Error Counts",
+                    &gVmDnsCounterMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+    for (i=CACHE_ZONE_LOOKUP; i<=CACHE_ZONE_MISS; i++ )
+    {
+        dwError = VmMetricsCounterNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_cache_zone",
+                    labelCacheOps[i - CACHE_ZONE_LOOKUP],
+                    1,
+                    "DNS Cache Zone",
+                    &gVmDnsCounterMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+    for (i=CACHE_CACHE_LOOKUP; i<=CACHE_CACHE_MISS; i++ )
+    {
+        dwError = VmMetricsCounterNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_cache_cache",
+                    labelCacheOps[i - CACHE_CACHE_LOOKUP],
+                    1,
+                    "DNS Cache Object",
+                    &gVmDnsCounterMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+    for (i=CACHE_MODIFY_PURGE_COUNT; i<=CACHE_NOTIFY_PURGE_COUNT; i++ )
+    {
+        dwError = VmMetricsCounterNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_cache_purge",
+                    labelCachePurgeType[i - CACHE_MODIFY_PURGE_COUNT],
+                    1,
+                    "DNS Error Counts",
+                    &gVmDnsCounterMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsMetricsHistogramInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+    UINT64 buckets[] = {1, 10, 100, 300, 1000};
+    int i;
+
+    for (i=DNS_QUERY_DURATION; i<=DNS_UPDATE_DURATION; i++)
+    {
+        dwError = VmMetricsHistogramNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_dns_request_duration",
+                    labelDurationOps[i - DNS_QUERY_DURATION],
+                    1,
+                    "DNS Protocol Process Request Duration",
+                    buckets,
+                    5,
+                    &gVmDnsHistogramMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    for (i=STORE_QUERY_DURATION; i<=STORE_UPDATE_DURATION; i++)
+    {
+        dwError = VmMetricsHistogramNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_store_request_duration",
+                    labelDurationOps[i - STORE_QUERY_DURATION],
+                    1,
+                    "Store Process Request Duration",
+                    buckets,
+                    5,
+                    &gVmDnsHistogramMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+    for (i=RPC_QUERY_DURATION; i<=RPC_UPDATE_DURATION; i++)
+    {
+        dwError = VmMetricsHistogramNew(
+                    gVmDnsMetricsContext,
+                    "vmdns_rpc_request_duration",
+                    labelDurationOps[i - RPC_QUERY_DURATION],
+                    1,
+                    "Rpc Process Request Duration",
+                    buckets,
+                    5,
+                    &gVmDnsHistogramMetrics[i]
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
+
+static
+DWORD
+VmDnsMetricsGaugeInit(
+    VOID
+    )
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsGaugeNew(
+                gVmDnsMetricsContext,
+                "vmdns_dns_outstanding_request_count",
+                NULL,
+                0,
+                "Number of outstanding io requests in the queue",
+                &gVmDnsGaugeMetrics[DNS_OUTSTANDING_REQUEST_COUNT]
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmMetricsGaugeNew(
+                gVmDnsMetricsContext,
+                "vmdns_dns_active_service_threads",
+                NULL,
+                0,
+                "Numbers of threads active for servicing the requests",
+                &gVmDnsGaugeMetrics[DNS_ACTIVE_SERVICE_THREADS]
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+    dwError = VmMetricsGaugeNew(
+                gVmDnsMetricsContext,
+                "vmdns_cache_object_count",
+                NULL,
+                0,
+                "Number of active objects in the cache",
+                &gVmDnsGaugeMetrics[CACHE_OBJECT_COUNT]
+                );
+    BAIL_ON_VMDNS_ERROR(dwError);
+
+cleanup:
+    return dwError;
+
+error:
+    VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed, error (%d)", __FUNCTION__, dwError);
+    goto cleanup;
+}
diff --git a/vmdns/server/vmdns/rpc.c b/vmdns/server/vmdns/rpc.c
index ac19c6b38..7250ae7bd 100755
--- a/vmdns/server/vmdns/rpc.c
+++ b/vmdns/server/vmdns/rpc.c
@@ -251,7 +251,10 @@ VmDnsRpcEpRegister(
     )
 {
     DWORD dwError = 0;
-
+#if 1
+    /* Do not register with dcerpc; all services use fixed endpoints */
+    return dwError;
+#else
     DCETHREAD_TRY
     {
        rpc_ep_register(
@@ -275,6 +278,7 @@ VmDnsRpcEpRegister(
     DCETHREAD_ENDTRY;
 
     return dwError;
+#endif
 }
 
 DWORD
diff --git a/vmdns/server/vmdns/rpcserv.c b/vmdns/server/vmdns/rpcserv.c
index ac6955809..a655297cf 100755
--- a/vmdns/server/vmdns/rpcserv.c
+++ b/vmdns/server/vmdns/rpcserv.c
@@ -164,6 +164,10 @@ VmDnsRpcAddRecord(
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDNS_ZONE_OBJECT pZoneObject = NULL;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
 
     if (IsNullOrEmptyString(pszZone) || !pRecord)
     {
@@ -182,6 +186,13 @@ VmDnsRpcAddRecord(
 
 cleanup:
     VmDnsZoneObjectRelease(pZoneObject);
+
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[RPC_UPDATE_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 error:
     VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed. Error(%u)", __FUNCTION__, dwError);
@@ -197,6 +208,11 @@ VmDnsRpcDeleteRecord(
 {
     DWORD dwError = ERROR_SUCCESS;
     PVMDNS_ZONE_OBJECT pZoneObject = NULL;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
+
 
     if (IsNullOrEmptyString(pszZone) || !pRecord)
     {
@@ -215,6 +231,13 @@ VmDnsRpcDeleteRecord(
 
 cleanup:
     VmDnsZoneObjectRelease(pZoneObject);
+
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[RPC_UPDATE_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 error:
     VmDnsLog(VMDNS_LOG_LEVEL_ERROR, "%s failed. Error(%u)", __FUNCTION__, dwError);
@@ -235,6 +258,10 @@ VmDnsRpcQueryRecords(
     PVMDNS_RECORD_LIST pRecordList = NULL;
     PVMDNS_RECORD_ARRAY pRecordArray = NULL;
     PVMDNS_ZONE_OBJECT pZoneObject = NULL;
+    UINT64 startTime = 0;
+    UINT64 endTime = 0;
+
+    startTime = VmDnsGetTimeInMilliSec();
 
     BAIL_ON_VMDNS_INVALID_POINTER(ppRecordArray, dwError);
     *ppRecordArray = NULL;
@@ -263,6 +290,13 @@ VmDnsRpcQueryRecords(
 cleanup:
     VmDnsZoneObjectRelease(pZoneObject);
     VmDnsRecordListRelease(pRecordList);
+
+    endTime = VmDnsGetTimeInMilliSec();
+    VmMetricsHistogramUpdate(
+            gVmDnsHistogramMetrics[RPC_QUERY_DURATION],
+            VDNS_RESPONSE_TIME(endTime - startTime)
+            );
+
     return dwError;
 error:
     if (pRecordArray)
diff --git a/vmdns/server/vmdns/service.c b/vmdns/server/vmdns/service.c
index 244485a47..0f8d288fe 100755
--- a/vmdns/server/vmdns/service.c
+++ b/vmdns/server/vmdns/service.c
@@ -104,6 +104,7 @@ VmDnsRegisterRpcServer(
 
     VmDnsLog(VMDNS_LOG_LEVEL_INFO, "VMware dns Service bound successfully.");
 
+#if 0
 #ifndef _WIN32
     dwError = VmDnsRpcEpRegister(
                         pServerBinding,
@@ -115,6 +116,7 @@ VmDnsRegisterRpcServer(
         VmDnsLog(VMDNS_LOG_LEVEL_INFO, "RPC Endpoint registered successfully.");
     }
 #endif
+#endif
 
 #ifndef _WIN32
 /*
diff --git a/vmdns/server/vmdns/shutdown.c b/vmdns/server/vmdns/shutdown.c
index a69185245..658d38718 100755
--- a/vmdns/server/vmdns/shutdown.c
+++ b/vmdns/server/vmdns/shutdown.c
@@ -39,8 +39,10 @@ VmDnsShutdown(
     VmDnsRpcServerShutdown();
     VmDnsShutdownProtocolServer();
     VmDnsSrvCleanup();
-    VmwSockShutdown();
+    VmDnsSockShutdown();
     VmDnsCleanupGlobals();
+    VmDnsRESTServerShutdown();
+    VmMetricsDestroy(gVmDnsMetricsContext);
 }
 
 static
@@ -51,4 +53,5 @@ VmDnsCleanupGlobals(
 {
     VMDNS_SAFE_FREE_MEMORY(gVmdnsGlobals.pszLogFile);
     VmDnsFreeMutex( gVmdnsGlobals.pMutex);
+    VMDNS_SAFE_FREE_MEMORY(gVmdnsGlobals.pszRestListenPort);
 }
diff --git a/vmdns/test/AllTests.c b/vmdns/test/AllTests.c
index 0b4a558ea..70569d594 100755
--- a/vmdns/test/AllTests.c
+++ b/vmdns/test/AllTests.c
@@ -48,6 +48,7 @@ int  vmdns_debug = 0;
 CuSuite* CuGetUtilSuite();
 CuSuite* CuGetLruSuite();
 CuSuite* CuGetRecordListSuite();
+CuSuite* CuGetPtrSuite();
 
 void RunAllTests(void)
 {
@@ -70,6 +71,10 @@ void RunAllTests(void)
     CuSuiteAddSuite(suite, lruSuite);
     CuSuiteDelete(lruSuite);
 
+    CuSuite* ptrSuite = CuGetPtrSuite();
+    CuSuiteAddSuite(suite, ptrSuite);
+    CuSuiteDelete(ptrSuite);
+
     CuSuiteRun(suite);
     CuSuiteSummary(suite, output);
     CuSuiteDetails(suite, output);
diff --git a/vmdns/test/Makefile.am b/vmdns/test/Makefile.am
index f48f5be84..7d39fae0c 100755
--- a/vmdns/test/Makefile.am
+++ b/vmdns/test/Makefile.am
@@ -1,8 +1,7 @@
 bin_PROGRAMS = dnstest
 
-idl_srcdir=$(top_srcdir)/idl
-include_srcdir=$(top_srcdir)/include
-include_public_srcdir=$(top_srcdir)/include/public
+idl_srcdir=$(top_srcdir)/vmdns/idl
+include_public_srcdir=$(top_srcdir)/vmdns/include/public
 
 dnstest_SOURCES =       \
     AllTests.c          \
@@ -10,23 +9,28 @@ dnstest_SOURCES =       \
     LruListTest.c       \
     test-nameentry.c    \
     test-recordlist.c   \
-    TestUtils.c
+    TestUtils.c         \
+    TestPtr.c
 
 dnstest_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/common/include \
-    -I$(top_srcdir)/server/include \
-    -I$(top_srcdir)/server/common \
-    -I$(top_srcdir)/build/server/service \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdns/common/include \
+    -I$(top_srcdir)/vmdns/server/include \
+    -I$(top_srcdir)/vmdns/server/common \
+    -I$(top_srcdir)/vmdns/build/server/service \
+    -I$(top_srcdir)/vmdir/include/public \
+    -I$(top_srcdir)/vmmetrics/include/public \
     @DCERPC_INCLUDES@ \
     @LW_INCLUDES@
 
 dnstest_LDADD = \
-    $(top_builddir)/server/common/libsrvcommon.la \
-    $(top_builddir)/common/libcommon.la \
+    $(top_builddir)/vmdns/server/common/libsrvcommon.la \
+    $(top_builddir)/vmdns/common/libcommon.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    $(top_builddir)/vmmetrics/libvmmetrics.la \
     @SCHANNEL_LIBS@ \
-    @VMDIR_LIBS@ \
+    @DCERPC_LIBS@ \
     @LDAP_LIBS@ \
     @LWMSG_LIBS@ \
     @LWRSUTILS_LIBS@ \
@@ -38,6 +42,5 @@ dnstest_LDADD = \
     @PTHREAD_LIBS@
 
 dnstest_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdns/test/TestPtr.c b/vmdns/test/TestPtr.c
new file mode 100644
index 000000000..ff59255cd
--- /dev/null
+++ b/vmdns/test/TestPtr.c
@@ -0,0 +1,118 @@
+//
+// Created by sakhardandea on 6/13/17.
+//
+
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+#include<stdio.h>
+#include "CuTest.h"
+#include "../server/common/includes.h"
+#include "../server/common/prototypes.h"
+
+extern int vmdns_syslog_level;
+
+#define DEFAULT_EXPIRE  (60*60*24*30*6)
+#define DEFAULT_TTL     (60*30)
+#define DEFAULT_SERIAL  1
+#define DEFAULT_REFRESH (60*60)
+#define DEFAULT_RETRY   (60*10)
+
+static
+PVMDNS_RECORD
+CreatePtrRecord(
+        PCSTR pszIpAddress,
+        PCSTR pszHostname,
+        PCSTR pszZone
+)
+{
+    PVMDNS_RECORD pRecord = NULL;
+    PSTR         pszPtrName = NULL;
+
+    VmDnsGeneratePtrNameFromIp(pszIpAddress,&pszPtrName);
+    VmDnsAllocateMemory(sizeof(VMDNS_RECORD), (void**)&pRecord);
+    VmDnsAllocateStringA(pszPtrName, &pRecord->pszName);
+    VmDnsAllocateStringPrintfA(&pRecord->Data.PTR.pNameHost,"%s.",pszHostname);
+    pRecord->dwType = VMDNS_RR_TYPE_PTR;
+    pRecord->iClass = VMDNS_CLASS_IN;
+    pRecord->dwTtl = VMDNS_DEFAULT_TTL;
+
+    return pRecord;
+}
+
+void TestPtrRecord(CuTest *tc) {
+    DWORD dwError = 0;
+    PVMDNS_RECORD pRecord;
+    PSTR pszIpAddress = "1.2.3.4";
+    PSTR pszHostname = "test";
+    PSTR pszZone = "in-addr.arpa.";
+    PVMDNS_RECORD_LIST pRecordList = NULL;
+
+    pRecord = CreatePtrRecord(pszIpAddress, pszHostname, pszZone);
+
+    dwError = VmDnsStoreAddZoneRecord(pszZone, pRecord);
+    CuAssert(tc, "Adding Record should succeed", !dwError);
+
+    dwError = VmDnsStoreGetRecords(pszZone, pRecord->pszName, &pRecordList);
+    CuAssert(tc, "Querying Records should succeed", !dwError);
+    CuAssert(tc, "Ipv4 pointer record count should be 1", pRecordList->dwCurrentSize==1);
+
+    dwError = VmDnsStoreDeleteZoneRecord(pszZone,pRecord);
+    CuAssert(tc, "Deleting Records should succeed", !dwError);
+
+    PSTR pszPtrName = NULL;
+    VmDnsGeneratePtrNameFromIp(pszIpAddress,&pszPtrName);
+
+    VMDNS_FREE_RECORD(pRecord);
+    VmDnsRecordListRelease(pRecordList);
+    pRecordList = NULL;
+
+    dwError = VmDnsStoreGetRecords(pszZone, pszPtrName, &pRecordList);
+    CuAssert(tc, "Querying Records should fail", dwError);
+
+    pszIpAddress = "::1:2:3";
+    pszZone = "ip6.arpa.";
+    pRecordList = NULL;
+
+    pRecord = CreatePtrRecord(pszIpAddress, pszHostname, pszZone);
+
+    dwError = VmDnsStoreAddZoneRecord(pszZone, pRecord);
+    CuAssert(tc, "Adding Record should succeed", !dwError);
+
+    dwError = VmDnsStoreGetRecords(pszZone, pRecord->pszName, &pRecordList);
+    CuAssert(tc, "Querying Records should succeed", !dwError);
+    CuAssert(tc, "Ipv4 pointer record count should be 1", pRecordList->dwCurrentSize==1);
+
+    dwError = VmDnsStoreDeleteZoneRecord(pszZone,pRecord);
+    CuAssert(tc, "Deleting Records should succeed", !dwError);
+
+    pszPtrName = NULL;
+    VmDnsGeneratePtrNameFromIp(pszIpAddress,&pszPtrName);
+
+    VMDNS_FREE_RECORD(pRecord);
+    VmDnsRecordListRelease(pRecordList);
+    pRecordList = NULL;
+
+    dwError = VmDnsStoreGetRecords(pszZone, pszPtrName, &pRecordList);
+    CuAssert(tc, "Querying Records should fail", dwError);
+    }
+
+CuSuite *CuGetPtrSuite(void) {
+    CuSuite *suite = CuSuiteNew();
+
+    SUITE_ADD_TEST(suite, TestPtrRecord);
+
+    return suite;
+}
+
+
diff --git a/vmdns/test/TestUtils.c b/vmdns/test/TestUtils.c
index 3ac50ad10..cebd4cec1 100644
--- a/vmdns/test/TestUtils.c
+++ b/vmdns/test/TestUtils.c
@@ -127,7 +127,6 @@ void TestReverseZoneName(CuTest* tc)
 {
     DWORD dwError = 0;
     DWORD idx = 0;
-    int family = AF_INET;
     PSTR pszPtrName = NULL;
     PCSTR pszNetworkIds[] = {
         "192.168.1.1",
@@ -141,7 +140,7 @@ void TestReverseZoneName(CuTest* tc)
 
     for (; idx < sizeof(pszNetworkIds)/sizeof(PCSTR); ++idx)
     {
-        dwError = VmDnsGeneratePtrNameFromIp(pszNetworkIds[idx], &family, &pszPtrName);
+        dwError = VmDnsGeneratePtrNameFromIp(pszNetworkIds[idx], &pszPtrName);
         CuAssert(tc, "Generating PTR name from ip address should succeed.", !dwError);
     }
 }
@@ -192,7 +191,6 @@ CuSuite* CuGetUtilSuite(void)
 	CuSuite* suite = CuSuiteNew();
 
 	SUITE_ADD_TEST(suite, TestTrimDomainName);
-    SUITE_ADD_TEST(suite, TestPtrName);
     SUITE_ADD_TEST(suite, TestReverseZoneName);
 	SUITE_ADD_TEST(suite, VmDnsTestTrimString);
 
diff --git a/vmdns/test/scripts/test-rest-head.sh b/vmdns/test/scripts/test-rest-head.sh
new file mode 100755
index 000000000..45518d643
--- /dev/null
+++ b/vmdns/test/scripts/test-rest-head.sh
@@ -0,0 +1,20 @@
+# Test Script that performs testing for VMDNS REST API for Metrics Collection
+
+## VARIABLES AND CONSTANTS ##
+
+host="localhost"
+port="7677"
+
+# Admin DN
+admindn="cn=administrator,cn=users,dc=vsphere,dc=local"
+adminpw='Admin!23'
+
+# Unit Test: VMDNS Get Metrics Data testing
+echo "Unit Test: VMDNS Get Metrics Data testing"
+echo "Expected Result: Should be able to see all the metrics in Prometheus Data Format(text/plain)"
+echo "Hit Enter to continue"
+read
+curl -v -u $admindn:$adminpw http://$host:$port/v1/dns/metrics
+echo
+echo "Unit Test Done."
+exit 0
diff --git a/vmdns/test/scripts/test1.sh b/vmdns/test/scripts/test1.sh
new file mode 100755
index 000000000..53c10659c
--- /dev/null
+++ b/vmdns/test/scripts/test1.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+/opt/vmware/bin/vmdns-cli add-record --zone in-addr.arpa --type PTR --hostname check --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli query-record --zone in-addr.arpa --type PTR --ip 1.2.3.4 --password 'Ca$hc0w1'
+nslookup 1.2.3.4
+dig -x 1.2.3.4
+/opt/vmware/bin/vmdns-cli del-record --zone in-addr.arpa --type PTR --ip 1.2.3.4 --hostname check --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli add-record --zone ip6.arpa --type PTR --hostname check --ip ::1 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli query-record --zone ip6.arpa --type PTR --ip ::1 --password 'Ca$hc0w1'
+nslookup ::1
+dig -x ::1
+/opt/vmware/bin/vmdns-cli del-record --zone ip6.arpa --type PTR --ip ::1 --hostname check --password 'Ca$hc0w1'
diff --git a/vmdns/test/scripts/test2.sh b/vmdns/test/scripts/test2.sh
new file mode 100755
index 000000000..782a9df87
--- /dev/null
+++ b/vmdns/test/scripts/test2.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+/opt/vmware/bin/vmdns-cli add-record --zone lightwave.local --type PTR --hostname check --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli add-record --zone lightwave.local --type PTR --hostname check --ip ::1 --password 'Ca$hc0w1'
diff --git a/vmdns/test/scripts/test3.sh b/vmdns/test/scripts/test3.sh
new file mode 100755
index 000000000..1110923b9
--- /dev/null
+++ b/vmdns/test/scripts/test3.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/opt/vmware/bin/vmdns-cli add-record --zone in-addr.arpa --type PTR --hostname check --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli query-record --zone in-addr.arpa --type PTR --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-record --zone in-addr.arpa --type PTR --ip 1.2.3.4 --hostname check --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-record --zone in-addr.arpa --type PTR --ip 1.2.3.4 --hostname check --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-record --zone ip6.arpa --type PTR --ip ::1 --hostname check --password 'Ca$hc0w1'
diff --git a/vmdns/test/scripts/test4.sh b/vmdns/test/scripts/test4.sh
new file mode 100755
index 000000000..12dd0ec52
--- /dev/null
+++ b/vmdns/test/scripts/test4.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+/opt/vmware/bin/vmdns-cli query-record --zone in-addr.arpa --type PTR --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli query-record --zone ip6.arpa --type PTR --ip ::1 --password 'Ca$hc0w1'
diff --git a/vmdns/test/scripts/test5.sh b/vmdns/test/scripts/test5.sh
new file mode 100755
index 000000000..a5c00d794
--- /dev/null
+++ b/vmdns/test/scripts/test5.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+/opt/vmware/bin/vmdns-cli add-zone 1.in-addr.arpa --ns-host ns1 --ns-ip 172.16.1.1 --type reverse --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli add-record --zone 1.in-addr.arpa --type PTR --hostname check-sub --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli query-record --zone 1.in-addr.arpa --ip 1.2.3.4 --type PTR --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-record --zone 1.in-addr.arpa --type PTR --hostname check-sub --ip 1.2.3.4 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-zone 1.in-addr.arpa --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli add-zone 1.0.0.0.ip6.arpa --ns-host ns1 --ns-ip 172.16.1.1 --type reverse --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli add-record --zone 1.0.0.0.ip6.arpa --type PTR --hostname check-sub --ip 1::0 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli query-record --zone 1.0.0.0.ip6.arpa --ip 1::0 --type PTR --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-record --zone 1.0.0.0.ip6.arpa --type PTR --hostname check-sub --ip 1::0 --password 'Ca$hc0w1'
+/opt/vmware/bin/vmdns-cli del-zone 1.0.0.0.ip6.arpa --password 'Ca$hc0w1'
diff --git a/vmdns/tools/cli/Makefile.am b/vmdns/tools/cli/Makefile.am
index 5d4087a13..b60c34810 100644
--- a/vmdns/tools/cli/Makefile.am
+++ b/vmdns/tools/cli/Makefile.am
@@ -6,15 +6,16 @@ vmdns_cli_SOURCES = \
     utils.c
 
 vmdns_cli_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdir/include/public \
     @LW_INCLUDES@
 
 vmdns_cli_LDADD = \
-    $(top_builddir)/client/libvmdnsclient.la \
-    @top_builddir@/common/libcommon.la \
+    $(top_builddir)/vmdns/client/libvmdnsclient.la \
+    $(top_builddir)/vmdir/client/libvmdirclient.la \
+    @top_builddir@/vmdns/common/libcommon.la \
     @LDAP_LIBS@ \
-    @VMDIR_LIBS@ \
     @DCERPC_LIBS@ \
     @LWIO_LIBS@ \
     @SCHANNEL_LIBS@ \
@@ -27,6 +28,5 @@ vmdns_cli_LDADD = \
     @PTHREAD_LIBS@
 
 vmdns_cli_LDFLAGS = \
-    @VMDIR_LDFLAGS@ \
     @OPENSSL_LDFLAGS@ \
     @LW_LDFLAGS@
diff --git a/vmdns/tools/cli/cli.c b/vmdns/tools/cli/cli.c
index 595c05660..8212046c5 100644
--- a/vmdns/tools/cli/cli.c
+++ b/vmdns/tools/cli/cli.c
@@ -299,6 +299,26 @@ VmDnsCliCreateZone(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
+    if (!IsNullOrEmptyString(pContext->pszNSHost) &&
+        !IsNullOrEmptyString(pContext->pszNSIp) &&
+        pContext->dwZoneType == VMDNS_ZONE_TYPE_REVERSE)
+    {
+        addrRecord.iClass   = VMDNS_CLASS_IN;
+        addrRecord.dwType   = VMDNS_RR_TYPE_PTR;
+        addrRecord.dwTtl    = VMDNS_DEFAULT_TTL;
+        addrRecord.Data.PTR.pNameHost = pszTargetFQDN;
+
+        dwError = VmDnsGeneratePtrNameFromIp(pContext->pszNSIp,&addrRecord.pszName);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        dwError = VmDnsAddRecordA(
+                    pContext->pServerContext,
+                    pContext->pszZone,
+                    &addrRecord
+                    );
+        BAIL_ON_VMDNS_ERROR(dwError);
+    }
+
 cleanup:
 
     if (pszMboxDomain)
@@ -569,6 +589,21 @@ VmDnsCliDelRecord(
             pszTargetFQDN = NULL;
         }
     }
+    if (pContext->record.dwType == VMDNS_RR_TYPE_PTR)
+    {
+        dwError = VmDnsMakeFQDN(
+                pContext->record.pszName,
+                pContext->pszZone,
+                &pszTargetFQDN);
+        BAIL_ON_VMDNS_ERROR(dwError);
+
+        if (pszTargetFQDN)
+        {
+            VMDNS_SAFE_FREE_STRINGA(pContext->record.pszName);
+            pContext->record.pszName = pszTargetFQDN;
+            pszTargetFQDN = NULL;
+        }
+    }
     else
     {
         VmDnsTrimDomainNameSuffix(pContext->record.pszName, pContext->pszZone);
diff --git a/vmdns/tools/cli/main.c b/vmdns/tools/cli/main.c
index 9196a40a7..3201a54dd 100644
--- a/vmdns/tools/cli/main.c
+++ b/vmdns/tools/cli/main.c
@@ -647,21 +647,6 @@ ParseArgsAddZone(
         }
     }
 
-    if (pContext->dwZoneType == VMDNS_ZONE_TYPE_REVERSE)
-    {
-        dwError = VmDnsGenerateReversZoneNameFromNetworkId(
-                    pContext->pszZone,
-                    &pContext->pszZone);
-        if (dwError)
-        {
-            fprintf(
-                stdout,
-                "Failed to generate reverse zone name, %u.\n",
-                dwError);
-        }
-        BAIL_ON_VMDNS_ERROR(dwError);
-    }
-
 error:
 
     return dwError;
@@ -1227,7 +1212,6 @@ ParseArgsAddRecord(
 
                 dwError = VmDnsGeneratePtrNameFromIp(
                                 pszArg,
-                                NULL,
                                 &pContext->record.pszName);
                 BAIL_ON_VMDNS_ERROR(dwError);
 
@@ -1236,10 +1220,11 @@ ParseArgsAddRecord(
                 break;
 
             case PARSE_MODE_ADD_RECORD_PTR_HOSTNAME:
-
+                /*
                 dwError = VmDnsAllocateStringA(
                                 pszArg,
-                                &pContext->record.Data.PTR.pNameHost);
+                                &pContext->record.Data.PTR.pNameHost);*/
+                dwError = VmDnsAllocateStringPrintfA(&pContext->record.Data.PTR.pNameHost,"%s.",pszArg);
                 BAIL_ON_VMDNS_ERROR(dwError);
 
                 parseMode = PARSE_MODE_ADD_RECORD_OPEN;
@@ -1689,7 +1674,6 @@ ParseArgsDelRecord(
 
                 dwError = VmDnsGeneratePtrNameFromIp(
                                 pszArg,
-                                NULL,
                                 &pContext->record.pszName);
                 BAIL_ON_VMDNS_ERROR(dwError);
 
@@ -1698,10 +1682,11 @@ ParseArgsDelRecord(
                 break;
 
             case PARSE_MODE_DEL_RECORD_PTR_HOSTNAME:
-
+                /*
                 dwError = VmDnsAllocateStringA(
                                 pszArg,
-                                &pContext->record.Data.PTR.pNameHost);
+                                &pContext->record.Data.PTR.pNameHost);*/
+                dwError = VmDnsAllocateStringPrintfA(&pContext->record.Data.PTR.pNameHost,"%s.",pszArg);
                 BAIL_ON_VMDNS_ERROR(dwError);
 
                 parseMode = PARSE_MODE_DEL_RECORD_OPEN;
@@ -1803,6 +1788,7 @@ ParseArgsQueryRecords(
         PARSE_MODE_QUERY_RECORD_DOMAIN,
         PARSE_MODE_QUERY_RECORD_PASSWORD,
         PARSE_MODE_QUERY_RECORD_SERVER,
+        PARSE_MODE_QUERY_RECORD_IP,
 
     } PARSE_MODE_QUERY_RECORD;
     PARSE_MODE_QUERY_RECORD parseMode = PARSE_MODE_QUERY_RECORD_OPEN;
@@ -1853,6 +1839,10 @@ ParseArgsQueryRecords(
                 {
                     parseMode = PARSE_MODE_QUERY_RECORD_SERVER;
                 }
+                else if (!strcmp(pszArg, "--ip"))
+                {
+                    parseMode = PARSE_MODE_QUERY_RECORD_IP;
+                }
 
                 break;
 
@@ -1919,6 +1909,17 @@ ParseArgsQueryRecords(
 
                 break;
 
+            case PARSE_MODE_QUERY_RECORD_IP:
+
+                dwError = VmDnsGeneratePtrNameFromIp(
+                           pszArg,
+                           &pContext->record.pszName);
+                BAIL_ON_VMDNS_ERROR(dwError);
+
+                parseMode = PARSE_MODE_QUERY_RECORD_OPEN;
+
+                break;
+
             default:
 
                 break;
@@ -2221,7 +2222,7 @@ ShowUsage(
         "\t\t--ns-host <hostname>\n"
         "\t\t--ns-ip <ip address>\n"
         "\t\t[--admin-email <admin-email>]\n"
-        "\t\t[--type <forward>]\n"
+        "\t\t[--type <forward | reverse>]\n"
         /*"\t\t[--type <forward|reverse>]\n"*/
         "\t\t--server <server>\n"
         "\t\t--username <user>\n"
@@ -2269,9 +2270,9 @@ ShowUsage(
         "\t\t<key> <value> pair for NS:\n"
         "\t\t\t--ns-domain   <domain>\n"
         "\t\t\t--hostname <hostname>\n"
-/*      "\t\t<key> <value> pair for PTR:\n"
-        "\t\t\t--<ip|ip6> <address>\n"
-        "\t\t\t--hostname <hostname>\n" */
+        "\t\t<key> <value> pair for PTR:\n"
+        "\t\t\t--ip <address>\n"
+        "\t\t\t--hostname <hostname>\n"
         "\t\t<key> <value> pair for CNAME:\n"
         "\t\t\t--<name> <name>\n"
         "\t\t\t--hostname <hostname>\n"
@@ -2297,9 +2298,9 @@ ShowUsage(
         "\t\t<key> <value> pair for NS:\n"
         "\t\t\t--ns-domain <domain>\n"
         "\t\t\t--hostname <hostname>\n"
-/*        "\t\t<key> <value> pair for PTR:\n"
-        "\t\t\t--<ip|ip6> <address>\n"
-        "\t\t\t--hostname <hostname>\n" */
+        "\t\t<key> <value> pair for PTR:\n"
+        "\t\t\t--ip <address>\n"
+        "\t\t\t--hostname <hostname>\n"
         "\t\t<key> <value> pair for CNAME:\n"
         "\t\t\t--name <name>\n"
         "\t\t\t--hostname <hostname>\n"
@@ -2311,6 +2312,8 @@ ShowUsage(
         "\tquery-record --zone <zone name>\n"
         "\t\t--type <record type>\n"
         "\t\t--name <record name>\n"
+        "\t\tFor PTR records use:\n"
+        "\t\t\t--ip <address> instead of --name <record name>\n"
         "\t\t<key> <value>\n"
         "\t\t--server <server>\n"
         "\t\t--username <user>\n"
diff --git a/vmdns/vmsock/api/Makefile.am b/vmdns/vmsock/api/Makefile.am
index d9b95ea8f..b5dcc846c 100644
--- a/vmdns/vmsock/api/Makefile.am
+++ b/vmdns/vmsock/api/Makefile.am
@@ -10,9 +10,9 @@ libvmsock_la_SOURCES = \
     libmain.c
 
 libvmsock_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/vmsock/include \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdns/vmsock/include \
     -DHAVE_ARPA_INET_H \
     @LW_INCLUDES@
 
@@ -21,6 +21,5 @@ libvmsock_la_LDFLAGS = \
     @LW_LDFLAGS@
 
 libvmsock_la_LIBADD = \
-    $(top_builddir)/vmsock/posix/libvmsockposix.la \
+    $(top_builddir)/vmdns/vmsock/posix/libvmsockposix.la \
     @LWBASE_LIBS@
-
diff --git a/vmdns/vmsock/api/api.c b/vmdns/vmsock/api/api.c
index de9373d87..6b8f0c0c1 100644
--- a/vmdns/vmsock/api/api.c
+++ b/vmdns/vmsock/api/api.c
@@ -16,7 +16,7 @@
 #include "includes.h"
 
 DWORD
-VmwSockOpenClient(
+VmDnsSockOpenClient(
     PCSTR                pszHost,
     USHORT               usPort,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -31,7 +31,7 @@ VmwSockOpenClient(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnOpenClientSocket(
+    dwError = gpVmDnsSockPackage->pfnOpenClientSocket(
                                     pszHost,
                                     usPort,
                                     dwFlags,
@@ -43,7 +43,7 @@ VmwSockOpenClient(
 }
 
 DWORD
-VmwSockOpenServer(
+VmDnsSockOpenServer(
     USHORT               usPort,
     int                  iListenQueueSize,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -58,7 +58,7 @@ VmwSockOpenServer(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnOpenServerSocket(
+    dwError = gpVmDnsSockPackage->pfnOpenServerSocket(
                                     usPort,
                                     iListenQueueSize,
                                     dwFlags,
@@ -69,7 +69,7 @@ VmwSockOpenServer(
 }
 
 DWORD
-VmwSockCreateEventQueue(
+VmDnsSockCreateEventQueue(
     int                   iEventQueueSize,  /*         OPTIONAL */
     PVM_SOCK_EVENT_QUEUE* ppQueue           /*     OUT          */
     )
@@ -82,7 +82,7 @@ VmwSockCreateEventQueue(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnCreateEventQueue(iEventQueueSize, ppQueue);
+    dwError = gpVmDnsSockPackage->pfnCreateEventQueue(iEventQueueSize, ppQueue);
 
 error:
 
@@ -90,8 +90,9 @@ VmwSockCreateEventQueue(
 }
 
 DWORD
-VmwSockEventQueueAdd(
+VmDnsSockEventQueueAdd(
     PVM_SOCK_EVENT_QUEUE pQueue,
+    BOOL                 bOneShot,
     PVM_SOCKET           pSocket
     )
 {
@@ -103,7 +104,7 @@ VmwSockEventQueueAdd(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnAddEventQueue(pQueue, pSocket);
+    dwError = gpVmDnsSockPackage->pfnAddEventQueue(pQueue, bOneShot,pSocket);
 
 error:
 
@@ -111,7 +112,29 @@ VmwSockEventQueueAdd(
 }
 
 DWORD
-VmwSockWaitForEvent(
+VmDnsSockEventQueueRemove(
+    PVM_SOCK_EVENT_QUEUE pQueue,
+    PVM_SOCKET           pSocket
+    )
+{
+    DWORD dwError = 0;
+
+#ifndef WIN32
+    if (!pQueue || !pSocket)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMSOCK_ERROR(dwError);
+    }
+
+    dwError = gpVmDnsSockPackage->pfnRemoveEventQueue(pQueue, pSocket);
+#endif
+
+error:
+    return dwError;
+}
+
+DWORD
+VmDnsSockWaitForEvent(
     PVM_SOCK_EVENT_QUEUE pQueue,
     int                  iTimeoutMS,
     PVM_SOCKET*          ppSocket,
@@ -127,7 +150,7 @@ VmwSockWaitForEvent(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnWaitForEvent(
+    dwError = gpVmDnsSockPackage->pfnWaitForEvent(
                                     pQueue,
                                     iTimeoutMS,
                                     ppSocket,
@@ -141,18 +164,31 @@ VmwSockWaitForEvent(
 }
 
 VOID
-VmwSockCloseEventQueue(
+VmDnsSockShutdownEventQueue(
+    PVM_SOCK_EVENT_QUEUE pQueue
+    )
+{
+    if (pQueue)
+    {
+        gpVmDnsSockPackage->pfnShutdownEventQueue(pQueue);
+    }
+}
+
+VOID
+VmDnsSockFreeEventQueue(
     PVM_SOCK_EVENT_QUEUE pQueue
     )
 {
+#ifndef WIN32
     if (pQueue)
     {
-        gpVmSockPackage->pfnCloseEventQueue(pQueue);
+        gpVmDnsSockPackage->pfnFreeEventQueue(pQueue);
     }
+#endif
 }
 
 DWORD
-VmwSockSetNonBlocking(
+VmDnsSockSetNonBlocking(
     PVM_SOCKET pSocket
     )
 {
@@ -164,7 +200,7 @@ VmwSockSetNonBlocking(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnSetNonBlocking(pSocket);
+    dwError = gpVmDnsSockPackage->pfnSetNonBlocking(pSocket);
 
 error:
 
@@ -172,7 +208,7 @@ VmwSockSetNonBlocking(
 }
 
 DWORD
-VmwSockSetTimeOut(
+VmDnsSockSetTimeOut(
     PVM_SOCKET pSocket,
     DWORD      dwTimeOut
     )
@@ -187,7 +223,7 @@ VmwSockSetTimeOut(
 
     if (dwTimeOut)
     {
-        dwError = gpVmSockPackage->pfnSetTimeOut(pSocket, dwTimeOut);
+        dwError = gpVmDnsSockPackage->pfnSetTimeOut(pSocket, dwTimeOut);
     }
 
 error:
@@ -197,7 +233,7 @@ VmwSockSetTimeOut(
 
 
 DWORD
-VmwSockGetProtocol(
+VmDnsSockGetProtocol(
     PVM_SOCKET           pSocket,
     PDWORD               pdwProtocol
     )
@@ -210,7 +246,7 @@ VmwSockGetProtocol(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnGetProtocol(pSocket, pdwProtocol);
+    dwError = gpVmDnsSockPackage->pfnGetProtocol(pSocket, pdwProtocol);
 
 error:
 
@@ -218,7 +254,7 @@ VmwSockGetProtocol(
 }
 
 DWORD
-VmwSockSetData(
+VmDnsSockSetData(
     PVM_SOCKET           pSocket,
     PVOID                pData,
     PVOID*               ppOldData
@@ -232,7 +268,7 @@ VmwSockSetData(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnSetData(pSocket, pData, ppOldData);
+    dwError = gpVmDnsSockPackage->pfnSetData(pSocket, pData, ppOldData);
 
 error:
 
@@ -240,7 +276,7 @@ VmwSockSetData(
 }
 
 DWORD
-VmwSockGetData(
+VmDnsSockGetData(
     PVM_SOCKET          pSocket,
     PVOID*              ppData
     )
@@ -253,7 +289,7 @@ VmwSockGetData(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnGetData(pSocket, ppData);
+    dwError = gpVmDnsSockPackage->pfnGetData(pSocket, ppData);
 
 error:
 
@@ -261,7 +297,7 @@ VmwSockGetData(
 }
 
 DWORD
-VmwSockRead(
+VmDnsSockRead(
     PVM_SOCKET          pSocket,
     PVM_SOCK_IO_BUFFER  pIoBuffer
     )
@@ -274,7 +310,7 @@ VmwSockRead(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnRead(
+    dwError = gpVmDnsSockPackage->pfnRead(
                             pSocket,
                             pIoBuffer);
 
@@ -284,7 +320,7 @@ VmwSockRead(
 }
 
 DWORD
-VmwSockWrite(
+VmDnsSockWrite(
     PVM_SOCKET              pSocket,
     const struct sockaddr*  pClientAddress,
     socklen_t               addrLength,
@@ -299,7 +335,7 @@ VmwSockWrite(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnWrite(
+    dwError = gpVmDnsSockPackage->pfnWrite(
                             pSocket,
                             pClientAddress,
                             addrLength,
@@ -312,26 +348,26 @@ VmwSockWrite(
 }
 
 PVM_SOCKET
-VmwSockAcquire(
+VmDnsSockAcquire(
     PVM_SOCKET           pSocket
     )
 {
-    return pSocket ? gpVmSockPackage->pfnAcquireSocket(pSocket) : NULL;
+    return pSocket ? gpVmDnsSockPackage->pfnAcquireSocket(pSocket) : NULL;
 }
 
 VOID
-VmwSockRelease(
+VmDnsSockRelease(
     PVM_SOCKET           pSocket
     )
 {
     if (pSocket)
     {
-        gpVmSockPackage->pfnReleaseSocket(pSocket);
+        gpVmDnsSockPackage->pfnReleaseSocket(pSocket);
     }
 }
 
 DWORD
-VmwSockClose(
+VmDnsSockClose(
     PVM_SOCKET pSocket
     )
 {
@@ -343,7 +379,7 @@ VmwSockClose(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnCloseSocket(pSocket);
+    dwError = gpVmDnsSockPackage->pfnCloseSocket(pSocket);
     BAIL_ON_VMSOCK_ERROR(dwError);
 
 error:
@@ -352,7 +388,7 @@ VmwSockClose(
 }
 
 BOOLEAN
-VmwSockIsValidIPAddress(
+VmDnsSockIsValidIPAddress(
     PCSTR pszAddress
     )
 {
@@ -379,7 +415,7 @@ VmwSockIsValidIPAddress(
 
 
 DWORD
-VmwSockGetAddress(
+VmDnsSockGetAddress(
     PVM_SOCKET                  pSocket,
     struct sockaddr_storage*    pAddress,
     socklen_t*                  addresLen
@@ -393,7 +429,7 @@ VmwSockGetAddress(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnGetAddress(pSocket, pAddress, addresLen);
+    dwError = gpVmDnsSockPackage->pfnGetAddress(pSocket, pAddress, addresLen);
     BAIL_ON_VMSOCK_ERROR(dwError);
 
 error:
@@ -402,7 +438,7 @@ VmwSockGetAddress(
 }
 
 DWORD
-VmwSockStartListening(
+VmDnsSockStartListening(
     PVM_SOCKET           pSocket,
     int                  iListenQueueSize
     )
@@ -415,7 +451,7 @@ VmwSockStartListening(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnStartListening(pSocket, iListenQueueSize);
+    dwError = gpVmDnsSockPackage->pfnStartListening(pSocket, iListenQueueSize);
     BAIL_ON_VMSOCK_ERROR(dwError);
 
 error:
@@ -424,10 +460,11 @@ VmwSockStartListening(
 }
 
 DWORD
-VmwSockAllocateIoBuffer(
-    VM_SOCK_EVENT_TYPE      eventType,
-    DWORD                   dwSize,
-    PVM_SOCK_IO_BUFFER*     ppIoBuffer
+VmDnsSockAllocateIoBuffer(
+    VM_SOCK_EVENT_TYPE          eventType,
+    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+    DWORD                       dwSize,
+    PVM_SOCK_IO_BUFFER*         ppIoBuffer
     )
 {
     DWORD dwError = 0;
@@ -438,7 +475,12 @@ VmwSockAllocateIoBuffer(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    dwError = gpVmSockPackage->pfnAllocateIoBuffer(eventType, dwSize, ppIoBuffer);
+    dwError = gpVmDnsSockPackage->pfnAllocateIoBuffer(
+                                                  eventType,
+                                                  pEventContext,
+                                                  dwSize,
+                                                  ppIoBuffer
+                                                  );
     BAIL_ON_VMSOCK_ERROR(dwError);
 
 error:
@@ -447,7 +489,68 @@ VmwSockAllocateIoBuffer(
 }
 
 DWORD
-VmwSockReleaseIoBuffer(
+VmDnsSockSetEventContext(
+    PVM_SOCK_IO_BUFFER      pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT  pEventContext,
+    PVM_SOCK_EVENT_CONTEXT* ppOldEventContext
+    )
+{
+    DWORD dwError = 0;
+
+    if (!pIoBuffer || !ppOldEventContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMSOCK_ERROR(dwError);
+    }
+
+    dwError = gpVmDnsSockPackage->pfnSetEventContext(pIoBuffer, pEventContext, ppOldEventContext);
+    BAIL_ON_VMSOCK_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+error:
+
+    if (ppOldEventContext)
+    {
+        *ppOldEventContext = NULL;
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDnsSockGetEventContext(
+    PVM_SOCK_IO_BUFFER      pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT* ppEventContext
+    )
+{
+    DWORD dwError = 0;
+
+    if (!pIoBuffer || !ppEventContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_VMSOCK_ERROR(dwError);
+    }
+
+    dwError = gpVmDnsSockPackage->pfnGetEventContext(pIoBuffer, ppEventContext);
+    BAIL_ON_VMSOCK_ERROR(dwError);
+
+cleanup:
+
+    return dwError;
+error:
+
+    if (ppEventContext)
+    {
+        *ppEventContext = NULL;
+    }
+    goto cleanup;
+}
+
+
+
+DWORD
+VmDnsSockReleaseIoBuffer(
     PVM_SOCK_IO_BUFFER  pIoBuffer
     )
 {
@@ -459,7 +562,7 @@ VmwSockReleaseIoBuffer(
         BAIL_ON_VMSOCK_ERROR(dwError);
     }
 
-    gpVmSockPackage->pfnReleaseIoBuffer(pIoBuffer);
+    gpVmDnsSockPackage->pfnReleaseIoBuffer(pIoBuffer);
 
 error:
 
diff --git a/vmdns/vmsock/api/externs.h b/vmdns/vmsock/api/externs.h
index 15bdc895e..d0b1395fd 100644
--- a/vmdns/vmsock/api/externs.h
+++ b/vmdns/vmsock/api/externs.h
@@ -13,4 +13,4 @@
  */
 
 
-extern PVM_SOCK_PACKAGE gpVmSockPackage;
+extern PVM_SOCK_PACKAGE gpVmDnsSockPackage;
diff --git a/vmdns/vmsock/api/globals.c b/vmdns/vmsock/api/globals.c
index 90e531b8f..012b1cf84 100644
--- a/vmdns/vmsock/api/globals.c
+++ b/vmdns/vmsock/api/globals.c
@@ -15,4 +15,4 @@
 
 #include "includes.h"
 
-PVM_SOCK_PACKAGE gpVmSockPackage = NULL;
+PVM_SOCK_PACKAGE gpVmDnsSockPackage = NULL;
diff --git a/vmdns/vmsock/api/libmain.c b/vmdns/vmsock/api/libmain.c
index 228f1131a..b99a43ab1 100644
--- a/vmdns/vmsock/api/libmain.c
+++ b/vmdns/vmsock/api/libmain.c
@@ -16,18 +16,18 @@
 #include "includes.h"
 
 DWORD
-VmwSockInitialize(
+VmDnsSockInitialize(
     VOID
     )
 {
     DWORD dwError = 0;
 
-    if (!gpVmSockPackage)
+    if (!gpVmDnsSockPackage)
     {
 #ifdef _WIN32
-        dwError = VmWinSockInitialize(&gpVmSockPackage);
+        dwError = VmWinSockInitialize(&gpVmDnsSockPackage);
 #else
-        dwError = VmSockPosixInitialize(&gpVmSockPackage);
+        dwError = VmDnsSockPosixInitialize(&gpVmDnsSockPackage);
 #endif
     }
 
@@ -35,16 +35,16 @@ VmwSockInitialize(
 }
 
 VOID
-VmwSockShutdown(
+VmDnsSockShutdown(
     VOID
     )
 {
-    if (gpVmSockPackage)
+    if (gpVmDnsSockPackage)
     {
 #ifdef _WIN32
-        VmWinSockShutdown(gpVmSockPackage);
+        VmWinSockShutdown(gpVmDnsSockPackage);
 #else
-        VmSockPosixShutdown(gpVmSockPackage);
+        VmDnsSockPosixShutdown(gpVmDnsSockPackage);
 #endif
     }
 }
diff --git a/vmdns/vmsock/include/vmsockapi.h b/vmdns/vmsock/include/vmsockapi.h
index 290e7e885..b54c00582 100644
--- a/vmdns/vmsock/include/vmsockapi.h
+++ b/vmdns/vmsock/include/vmsockapi.h
@@ -26,6 +26,7 @@ typedef enum
     VM_SOCK_TYPE_CLIENT,
     VM_SOCK_TYPE_SERVER,
     VM_SOCK_TYPE_LISTENER,
+    VM_SOCK_TYPE_FORWARDER,
     VM_SOCK_TYPE_SIGNAL
 } VM_SOCK_TYPE;
 
@@ -54,6 +55,12 @@ typedef DWORD (*PFN_CREATE_EVENT_QUEUE)(
                     );
 
 typedef DWORD (*PFN_ADD_EVENT_QUEUE)(
+                    PVM_SOCK_EVENT_QUEUE pQueue,
+                    BOOL                 bOneShot,
+                    PVM_SOCKET           pSocket
+                    );
+
+typedef DWORD (*PFN_REMOVE_EVENT_QUEUE)(
                     PVM_SOCK_EVENT_QUEUE pQueue,
                     PVM_SOCKET           pSocket
                     );
@@ -66,7 +73,11 @@ typedef DWORD (*PFN_WAIT_FOR_EVENT)(
                     PVM_SOCK_IO_BUFFER*  ppIoBuffer
                     );
 
-typedef VOID (*PFN_CLOSE_EVENT_QUEUE)(
+typedef VOID (*PFN_SHUTDOWN_EVENT_QUEUE)(
+                    PVM_SOCK_EVENT_QUEUE pQueue
+                    );
+
+typedef VOID (*PFN_FREE_EVENT_QUEUE)(
                     PVM_SOCK_EVENT_QUEUE pQueue
                     );
 
@@ -126,9 +137,21 @@ typedef DWORD (*PFN_GET_ADDRESS)(
                     );
 
 typedef DWORD (*PFN_ALLOCATE_IO_BUFFER)(
-                    VM_SOCK_EVENT_TYPE      eventType,
-                    DWORD                   dwSize,
-                    PVM_SOCK_IO_BUFFER*     ppIoBuffer
+                    VM_SOCK_EVENT_TYPE          eventType,
+                    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+                    DWORD                       dwSize,
+                    PVM_SOCK_IO_BUFFER*         ppIoBuffer
+                    );
+
+typedef DWORD(*PFN_SET_EVENT_CONTEXT)(
+                    PVM_SOCK_IO_BUFFER      pIoBuffer,
+                    PVM_SOCK_EVENT_CONTEXT  pEventContext,
+                    PVM_SOCK_EVENT_CONTEXT* ppOldEventContext
+                    );
+
+typedef DWORD(*PFN_GET_EVENT_CONTEXT)(
+                    PVM_SOCK_IO_BUFFER      pIoBuffer,
+                    PVM_SOCK_EVENT_CONTEXT* ppEventContext
                     );
 
 typedef VOID(*PFN_RELEASE_IO_BUFFER)(
@@ -142,8 +165,10 @@ typedef struct _VM_SOCK_PACKAGE
     PFN_START_LISTENING    pfnStartListening;
     PFN_CREATE_EVENT_QUEUE pfnCreateEventQueue;
     PFN_ADD_EVENT_QUEUE    pfnAddEventQueue;
+    PFN_REMOVE_EVENT_QUEUE pfnRemoveEventQueue;
     PFN_WAIT_FOR_EVENT     pfnWaitForEvent;
-    PFN_CLOSE_EVENT_QUEUE  pfnCloseEventQueue;
+    PFN_SHUTDOWN_EVENT_QUEUE  pfnShutdownEventQueue;
+    PFN_FREE_EVENT_QUEUE   pfnFreeEventQueue;
     PFN_SET_NON_BLOCKING   pfnSetNonBlocking;
     PFN_SET_TIMEOUT        pfnSetTimeOut;
     PFN_GET_PROTOCOL       pfnGetProtocol;
@@ -156,5 +181,7 @@ typedef struct _VM_SOCK_PACKAGE
     PFN_CLOSE_SOCKET       pfnCloseSocket;
     PFN_GET_ADDRESS        pfnGetAddress;
     PFN_ALLOCATE_IO_BUFFER pfnAllocateIoBuffer;
+    PFN_SET_EVENT_CONTEXT  pfnSetEventContext;
+    PFN_GET_EVENT_CONTEXT  pfnGetEventContext;
     PFN_RELEASE_IO_BUFFER  pfnReleaseIoBuffer;
 } VM_SOCK_PACKAGE, *PVM_SOCK_PACKAGE;
diff --git a/vmdns/vmsock/include/vmsockposix.h b/vmdns/vmsock/include/vmsockposix.h
index c45ce216b..b21e1e5e6 100644
--- a/vmdns/vmsock/include/vmsockposix.h
+++ b/vmdns/vmsock/include/vmsockposix.h
@@ -14,11 +14,11 @@
 
 
 DWORD
-VmSockPosixInitialize(
+VmDnsSockPosixInitialize(
     PVM_SOCK_PACKAGE* ppPackage
     );
 
 VOID
-VmSockPosixShutdown(
+VmDnsSockPosixShutdown(
     PVM_SOCK_PACKAGE pPackage
     );
diff --git a/vmdns/vmsock/posix/Makefile.am b/vmdns/vmsock/posix/Makefile.am
index 82b67808e..6bb9e5fa6 100644
--- a/vmdns/vmsock/posix/Makefile.am
+++ b/vmdns/vmsock/posix/Makefile.am
@@ -10,9 +10,9 @@ libvmsockposix_la_SOURCES = \
     socket.c
 
 libvmsockposix_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/vmsock/include \
+    -I$(top_srcdir)/vmdns/include \
+    -I$(top_srcdir)/vmdns/include/public \
+    -I$(top_srcdir)/vmdns/vmsock/include \
     -DHAVE_SYS_EPOLL_H \
     -DHAVE_FCNTL_H \
     -DHAVE_ARPA_INET_H \
diff --git a/vmdns/vmsock/posix/externs.h b/vmdns/vmsock/posix/externs.h
index 5d62d07e6..753aeee0d 100644
--- a/vmdns/vmsock/posix/externs.h
+++ b/vmdns/vmsock/posix/externs.h
@@ -13,4 +13,4 @@
  */
 
 
-extern PVM_SOCK_PACKAGE gpVmSockPosixPackage;
+extern PVM_SOCK_PACKAGE gpVmDnsSockPosixPackage;
diff --git a/vmdns/vmsock/posix/globals.c b/vmdns/vmsock/posix/globals.c
index 37d89d2cb..cab2d88d3 100644
--- a/vmdns/vmsock/posix/globals.c
+++ b/vmdns/vmsock/posix/globals.c
@@ -15,27 +15,31 @@
 
 #include "includes.h"
 
-VM_SOCK_PACKAGE gVmSockPosixPackage =
+VM_SOCK_PACKAGE gVmDnsSockPosixPackage =
 {
-    .pfnOpenClientSocket = &VmSockPosixOpenClient,
-    .pfnOpenServerSocket = &VmSockPosixOpenServer,
-    .pfnCreateEventQueue = &VmSockPosixCreateEventQueue,
-    .pfnAddEventQueue = &VmSockPosixEventQueueAdd,
-    .pfnWaitForEvent = &VmSockPosixWaitForEvent,
-    .pfnCloseEventQueue = &VmSockPosixCloseEventQueue,
-    .pfnSetNonBlocking = &VmSockPosixSetNonBlocking,
-    .pfnSetTimeOut = &VmSockPosixSetTimeOut,
-    .pfnGetProtocol = &VmSockPosixGetProtocol,
-    .pfnSetData = &VmSockPosixSetData,
-    .pfnGetData = &VmSockPosixGetData,
-    .pfnRead = &VmSockPosixRead,
-    .pfnWrite = &VmSockPosixWrite,
-    .pfnAcquireSocket = &VmSockPosixAcquireSocket,
-    .pfnReleaseSocket = &VmSockPosixReleaseSocket,
-    .pfnCloseSocket = &VmSockPosixCloseSocket,
-    .pfnGetAddress = &VmSockPosixGetAddress,
-    .pfnAllocateIoBuffer = &VmSockPosixAllocateIoBuffer,
-    .pfnReleaseIoBuffer = &VmSockPosixFreeIoBuffer
+    .pfnOpenClientSocket = &VmDnsSockPosixOpenClient,
+    .pfnOpenServerSocket = &VmDnsSockPosixOpenServer,
+    .pfnCreateEventQueue = &VmDnsSockPosixCreateEventQueue,
+    .pfnAddEventQueue = &VmDnsSockPosixEventQueueAdd,
+    .pfnRemoveEventQueue = &VmDnsSockPosixEventQueueRemove,
+    .pfnWaitForEvent = &VmDnsSockPosixWaitForEvent,
+    .pfnShutdownEventQueue = &VmDnsSockPosixShutdownEventQueue,
+    .pfnFreeEventQueue = &VmDnsSockPosixFreeEventQueue,
+    .pfnSetNonBlocking = &VmDnsSockPosixSetNonBlocking,
+    .pfnSetTimeOut = &VmDnsSockPosixSetTimeOut,
+    .pfnGetProtocol = &VmDnsSockPosixGetProtocol,
+    .pfnSetData = &VmDnsSockPosixSetData,
+    .pfnGetData = &VmDnsSockPosixGetData,
+    .pfnRead = &VmDnsSockPosixRead,
+    .pfnWrite = &VmDnsSockPosixWrite,
+    .pfnAcquireSocket = &VmDnsSockPosixAcquireSocket,
+    .pfnReleaseSocket = &VmDnsSockPosixReleaseSocket,
+    .pfnCloseSocket = &VmDnsSockPosixCloseSocket,
+    .pfnGetAddress = &VmDnsSockPosixGetAddress,
+    .pfnAllocateIoBuffer = &VmDnsSockPosixAllocateIoBuffer,
+    .pfnSetEventContext = &VmDnsSockPosixSetEventContext,
+    .pfnGetEventContext = &VmDnsSockPosixGetEventContext,
+    .pfnReleaseIoBuffer = &VmDnsSockPosixFreeIoBuffer
 };
 
-PVM_SOCK_PACKAGE gpVmSockPosixPackage = &gVmSockPosixPackage;
+PVM_SOCK_PACKAGE gpVmDnsSockPosixPackage = &gVmDnsSockPosixPackage;
diff --git a/vmdns/vmsock/posix/libmain.c b/vmdns/vmsock/posix/libmain.c
index 29a9ceeb4..2d75a87e9 100644
--- a/vmdns/vmsock/posix/libmain.c
+++ b/vmdns/vmsock/posix/libmain.c
@@ -16,17 +16,17 @@
 #include "includes.h"
 
 DWORD
-VmSockPosixInitialize(
+VmDnsSockPosixInitialize(
     PVM_SOCK_PACKAGE* ppPackage
     )
 {
-    *ppPackage = gpVmSockPosixPackage;
+    *ppPackage = gpVmDnsSockPosixPackage;
 
     return 0;
 }
 
 VOID
-VmSockPosixShutdown(
+VmDnsSockPosixShutdown(
     PVM_SOCK_PACKAGE pPackage
     )
 {
diff --git a/vmdns/vmsock/posix/prototypes.h b/vmdns/vmsock/posix/prototypes.h
index 53aadde22..e279b001c 100644
--- a/vmdns/vmsock/posix/prototypes.h
+++ b/vmdns/vmsock/posix/prototypes.h
@@ -25,7 +25,7 @@
  * @return 0 on success
  */
 DWORD
-VmSockPosixOpenClient(
+VmDnsSockPosixOpenClient(
     PCSTR                pszHost,
     USHORT               usPort,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -46,7 +46,7 @@ VmSockPosixOpenClient(
  * @return 0 on success
  */
 DWORD
-VmSockPosixOpenServer(
+VmDnsSockPosixOpenServer(
     USHORT               usPort,
     int                  iListenQueueSize,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -64,7 +64,7 @@ VmSockPosixOpenServer(
  * @return 0 on success
  */
 DWORD
-VmSockPosixCreateEventQueue(
+VmDnsSockPosixCreateEventQueue(
     int                   iEventQueueSize,
     PVM_SOCK_EVENT_QUEUE* ppQueue
     );
@@ -78,7 +78,22 @@ VmSockPosixCreateEventQueue(
  * @return 0 on success
  */
 DWORD
-VmSockPosixEventQueueAdd(
+VmDnsSockPosixEventQueueAdd(
+    PVM_SOCK_EVENT_QUEUE pQueue,
+    BOOL                 bOneShot,
+    PVM_SOCKET           pSocket
+    );
+
+/**
+ * @brief Removes a socket on the event queue
+ *
+ * @param[in] pQueue  Pointer to Event queue
+ * @param[in] pSocket Pointer to Socket
+ *
+ * @return 0 on success
+ */
+DWORD
+VmDnsSockPosixEventQueueRemove(
     PVM_SOCK_EVENT_QUEUE pQueue,
     PVM_SOCKET           pSocket
     );
@@ -96,7 +111,7 @@ VmSockPosixEventQueueAdd(
  * @return 0 on success
  */
 DWORD
-VmSockPosixWaitForEvent(
+VmDnsSockPosixWaitForEvent(
     PVM_SOCK_EVENT_QUEUE pQueue,
     int                  iTimeoutMS,
     PVM_SOCKET*          ppSocket,
@@ -105,15 +120,27 @@ VmSockPosixWaitForEvent(
     );
 
 /**
- * @brief Closes and frees event queue
+ * @brief Shuts down the event queue
  *
  * @param[in] pQueue Pointer to event queue
  *
- * @return 0 on success
+ *
  */
 
 VOID
-VmSockPosixCloseEventQueue(
+VmDnsSockPosixShutdownEventQueue(
+    PVM_SOCK_EVENT_QUEUE pQueue
+    );
+
+/**
+ * @brief frees event queue
+ *
+ * @param[in] pQueue Pointer to event queue
+ *
+ *
+ */
+VOID
+VmDnsSockPosixFreeEventQueue(
     PVM_SOCK_EVENT_QUEUE pQueue
     );
 
@@ -126,7 +153,7 @@ VmSockPosixCloseEventQueue(
  */
 
 DWORD
-VmSockPosixSetNonBlocking(
+VmDnsSockPosixSetNonBlocking(
     PVM_SOCKET           pSocket
     );
 
@@ -140,7 +167,7 @@ VmSockPosixSetNonBlocking(
  */
 
 DWORD
-VmSockPosixSetTimeOut(
+VmDnsSockPosixSetTimeOut(
     PVM_SOCKET           pSocket,
     DWORD                dwTimeOut
     );
@@ -154,7 +181,7 @@ VmSockPosixSetTimeOut(
  *                            This will be one of { SOCK_STREAM, SOCK_DGRAM... }
  */
 DWORD
-VmSockPosixGetProtocol(
+VmDnsSockPosixGetProtocol(
     PVM_SOCKET           pSocket,
     PDWORD               pdwProtocol
     );
@@ -169,7 +196,7 @@ VmSockPosixGetProtocol(
  * @return 0 on success
  */
 DWORD
-VmSockPosixSetData(
+VmDnsSockPosixSetData(
     PVM_SOCKET           pSocket,
     PVOID                pData,
     PVOID*               ppOldData
@@ -184,7 +211,7 @@ VmSockPosixSetData(
  * @return Pointer to current data associated with the socket
  */
 DWORD
-VmSockPosixGetData(
+VmDnsSockPosixGetData(
     PVM_SOCKET          pSocket,
     PVOID*              ppData
     );
@@ -202,7 +229,7 @@ VmSockPosixGetData(
  * @return 0 on success
  */
 DWORD
-VmSockPosixRead(
+VmDnsSockPosixRead(
     PVM_SOCKET          pSocket,
     PVM_SOCK_IO_BUFFER  pIoBuffer
     );
@@ -223,7 +250,7 @@ VmSockPosixRead(
  * @return 0 on success
  */
 DWORD
-VmSockPosixWrite(
+VmDnsSockPosixWrite(
     PVM_SOCKET          pSocket,
     const struct sockaddr*    pClientAddress,
     socklen_t           addrLength,
@@ -237,7 +264,7 @@ VmSockPosixWrite(
  */
 
 PVM_SOCKET
-VmSockPosixAcquireSocket(
+VmDnsSockPosixAcquireSocket(
     PVM_SOCKET           pSocket
     );
 
@@ -246,7 +273,7 @@ VmSockPosixAcquireSocket(
  *
  */
 VOID
-VmSockPosixReleaseSocket(
+VmDnsSockPosixReleaseSocket(
     PVM_SOCKET           pSocket
     );
 
@@ -255,25 +282,39 @@ VmSockPosixReleaseSocket(
  *        This call does not release the reference to the socket or free it.
  */
 DWORD
-VmSockPosixCloseSocket(
+VmDnsSockPosixCloseSocket(
     PVM_SOCKET           pSocket
     );
 
 DWORD
-VmSockPosixGetAddress(
+VmDnsSockPosixGetAddress(
     PVM_SOCKET                  pSocket,
     struct sockaddr_storage*    pAddress,
     socklen_t*                  pAddresLen
     );
 
 DWORD
-VmSockPosixAllocateIoBuffer(
-    VM_SOCK_EVENT_TYPE      eventType,
-    DWORD                   dwSize,
-    PVM_SOCK_IO_BUFFER*     ppIoBuffer
+VmDnsSockPosixAllocateIoBuffer(
+    VM_SOCK_EVENT_TYPE          eventType,
+    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+    DWORD                       dwSize,
+    PVM_SOCK_IO_BUFFER*         ppIoBuffer
+    );
+
+DWORD
+VmDnsSockPosixSetEventContext(
+    PVM_SOCK_IO_BUFFER      pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT  pEventContext,
+    PVM_SOCK_EVENT_CONTEXT* ppOldEventContext
+    );
+
+DWORD
+VmDnsSockPosixGetEventContext(
+    PVM_SOCK_IO_BUFFER        pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT*   ppEventContext
     );
 
 VOID
-VmSockPosixFreeIoBuffer(
+VmDnsSockPosixFreeIoBuffer(
     PVM_SOCK_IO_BUFFER     pIoBuffer
     );
diff --git a/vmdns/vmsock/posix/socket.c b/vmdns/vmsock/posix/socket.c
index 98f0faec4..749a963f1 100644
--- a/vmdns/vmsock/posix/socket.c
+++ b/vmdns/vmsock/posix/socket.c
@@ -17,51 +17,53 @@
 
 static
 DWORD
-VmSockPosixCreateSignalSockets(
+VmDnsSockPosixCreateSignalSockets(
     PVM_SOCKET* ppReaderSocket,
     PVM_SOCKET* ppWriterSocket
     );
 
 static
 DWORD
-VmSockPosixEventQueueAdd_inlock(
+VmDnsSockPosixEventQueueAdd_inlock(
     PVM_SOCK_EVENT_QUEUE pQueue,
+    BOOL                 bOneShot,
     PVM_SOCKET           pSocket
     );
 
 static
 DWORD
-VmSockPosixAcceptConnection(
-    PVM_SOCKET  pListener,
-    PVM_SOCKET* ppSocket
+VmDnsSockPosixEventQueueDelete_inlock(
+    PVM_SOCK_EVENT_QUEUE pQueue,
+    PVM_SOCKET           pSocket
     );
 
 static
 DWORD
-VmSockPosixSetDescriptorNonBlocking(
-    int fd
+VmDnsSockPosixAcceptConnection(
+    PVM_SOCKET  pListener,
+    PVM_SOCKET* ppSocket
     );
 
 static
 DWORD
-VmSockPosixSetReuseAddress(
+VmDnsSockPosixSetDescriptorNonBlocking(
     int fd
     );
 
 static
-VOID
-VmSockPosixFreeEventQueue(
-    PVM_SOCK_EVENT_QUEUE pQueue
+DWORD
+VmDnsSockPosixSetReuseAddress(
+    int fd
     );
 
 static
 VOID
-VmSockPosixFreeSocket(
+VmDnsSockPosixFreeSocket(
     PVM_SOCKET pSocket
     );
 
 DWORD
-VmSockPosixOpenClient(
+VmDnsSockPosixOpenClient(
     PCSTR                pszHost,
     USHORT               usPort,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -143,7 +145,7 @@ VmSockPosixOpenClient(
 
     if (dwFlags & VM_SOCK_CREATE_FLAGS_NON_BLOCK)
     {
-        dwError = VmSockPosixSetDescriptorNonBlocking(fd);
+        dwError = VmDnsSockPosixSetDescriptorNonBlocking(fd);
         BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
@@ -189,7 +191,7 @@ VmSockPosixOpenClient(
     }
     if (pSocket)
     {
-        VmSockPosixFreeSocket(pSocket);
+        VmDnsSockPosixFreeSocket(pSocket);
     }
     if (fd >= 0)
     {
@@ -200,7 +202,7 @@ VmSockPosixOpenClient(
 }
 
 DWORD
-VmSockPosixOpenServer(
+VmDnsSockPosixOpenServer(
     USHORT               usPort,
     int                  iListenQueueSize,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -260,7 +262,7 @@ VmSockPosixOpenServer(
 
     if (dwFlags & VM_SOCK_CREATE_FLAGS_REUSE_ADDR)
     {
-        dwError = VmSockPosixSetReuseAddress(fd);
+        dwError = VmDnsSockPosixSetReuseAddress(fd);
         BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
@@ -304,7 +306,7 @@ VmSockPosixOpenServer(
 
     if (dwFlags & VM_SOCK_CREATE_FLAGS_NON_BLOCK)
     {
-        dwError = VmSockPosixSetDescriptorNonBlocking(fd);
+        dwError = VmDnsSockPosixSetDescriptorNonBlocking(fd);
         BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
@@ -358,7 +360,7 @@ VmSockPosixOpenServer(
 
     if (pSocket)
     {
-        VmSockPosixFreeSocket(pSocket);
+        VmDnsSockPosixFreeSocket(pSocket);
     }
     if (fd >= 0)
     {
@@ -369,7 +371,7 @@ VmSockPosixOpenServer(
 }
 
 DWORD
-VmSockPosixCreateEventQueue(
+VmDnsSockPosixCreateEventQueue(
     int                   iEventQueueSize,
     PVM_SOCK_EVENT_QUEUE* ppQueue
     )
@@ -391,7 +393,7 @@ VmSockPosixCreateEventQueue(
     dwError = VmDnsAllocateMemory(sizeof(*pQueue), (PVOID*)&pQueue);
     BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
-    dwError = VmSockPosixCreateSignalSockets(
+    dwError = VmDnsSockPosixCreateSignalSockets(
                     &pQueue->pSignalReader,
                     &pQueue->pSignalWriter);
     BAIL_ON_POSIX_SOCK_ERROR(dwError);
@@ -417,7 +419,7 @@ VmSockPosixCreateEventQueue(
     pQueue->nReady = -1;
     pQueue->iReady = 0;
 
-    dwError = VmSockPosixEventQueueAdd_inlock(pQueue, pQueue->pSignalReader);
+    dwError = VmDnsSockPosixEventQueueAdd_inlock(pQueue, FALSE, pQueue->pSignalReader);
     BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
     *ppQueue = pQueue;
@@ -435,20 +437,20 @@ VmSockPosixCreateEventQueue(
 
     if (pQueue)
     {
-        VmSockPosixFreeEventQueue(pQueue);
+        VmDnsSockPosixFreeEventQueue(pQueue);
     }
 
     goto cleanup;
 }
 
 DWORD
-VmSockPosixEventQueueAdd(
+VmDnsSockPosixEventQueueAdd(
     PVM_SOCK_EVENT_QUEUE pQueue,
+    BOOL                 bOneShot,
     PVM_SOCKET           pSocket
     )
 {
     DWORD   dwError = 0;
-    BOOLEAN bLocked = TRUE;
 
     if (!pQueue || !pSocket)
     {
@@ -456,21 +458,37 @@ VmSockPosixEventQueueAdd(
         BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
-    dwError = VmDnsLockMutex(pQueue->pMutex);
+    dwError = VmDnsSockPosixEventQueueAdd_inlock(pQueue, bOneShot,pSocket);
     BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
-    bLocked = TRUE;
+cleanup:
 
-    dwError = VmSockPosixEventQueueAdd_inlock(pQueue, pSocket);
-    BAIL_ON_POSIX_SOCK_ERROR(dwError);
+    return dwError;
 
-cleanup:
+error:
 
-    if (bLocked)
+    goto cleanup;
+}
+
+DWORD
+VmDnsSockPosixEventQueueRemove(
+    PVM_SOCK_EVENT_QUEUE pQueue,
+    PVM_SOCKET           pSocket
+    )
+{
+    DWORD   dwError = 0;
+
+    if (!pQueue || !pSocket)
     {
-        VmDnsUnlockMutex(pQueue->pMutex);
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
+    dwError = VmDnsSockPosixEventQueueDelete_inlock(pQueue, pSocket);
+    BAIL_ON_POSIX_SOCK_ERROR(dwError);
+
+cleanup:
+
     return dwError;
 
 error:
@@ -479,7 +497,7 @@ VmSockPosixEventQueueAdd(
 }
 
 DWORD
-VmSockPosixWaitForEvent(
+VmDnsSockPosixWaitForEvent(
     PVM_SOCK_EVENT_QUEUE pQueue,
     int                  iTimeoutMS,
     PVM_SOCKET*          ppSocket,
@@ -491,6 +509,8 @@ VmSockPosixWaitForEvent(
     BOOLEAN bLocked = FALSE;
     VM_SOCK_EVENT_TYPE eventType = VM_SOCK_EVENT_TYPE_UNKNOWN;
     PVM_SOCKET pSocket = NULL;
+    PVM_SOCK_IO_BUFFER pIoBuffer = NULL;
+    PVM_SOCK_IO_CONTEXT pIoContext = NULL;
 
     if (!pQueue || !ppSocket || !pEventType)
     {
@@ -503,6 +523,13 @@ VmSockPosixWaitForEvent(
 
     bLocked = TRUE;
 
+    if (pQueue->bShutdown)
+    {
+        dwError = ERROR_SHUTDOWN_IN_PROGRESS;
+        BAIL_ON_POSIX_SOCK_ERROR(dwError);
+    }
+
+
     if ((pQueue->state == VM_SOCK_POSIX_EVENT_STATE_PROCESS) &&
         (pQueue->iReady >= pQueue->nReady))
     {
@@ -527,6 +554,12 @@ VmSockPosixWaitForEvent(
                 dwError = LwErrnoToWin32Error(errno);
                 BAIL_ON_POSIX_SOCK_ERROR(dwError);
             }
+
+            if (pQueue->bShutdown)
+            {
+                dwError = ERROR_SHUTDOWN_IN_PROGRESS;
+                BAIL_ON_POSIX_SOCK_ERROR(dwError);
+            }
         }
 
         pQueue->state = VM_SOCK_POSIX_EVENT_STATE_PROCESS;
@@ -550,6 +583,11 @@ VmSockPosixWaitForEvent(
                 eventType = VM_SOCK_EVENT_TYPE_CONNECTION_CLOSED;
 
                 pSocket = pEventSocket;
+
+                dwError = VmDnsSockPosixEventQueueDelete_inlock(
+                                        pQueue,
+                                        pSocket);
+                BAIL_ON_POSIX_SOCK_ERROR(dwError);
             }
             else if (pEventSocket->type == VM_SOCK_TYPE_LISTENER)
             {
@@ -557,26 +595,28 @@ VmSockPosixWaitForEvent(
                 {
                     case VM_SOCK_PROTOCOL_TCP:
 
-                        dwError = VmSockPosixAcceptConnection(
+                        dwError = VmDnsSockPosixAcceptConnection(
                                         pEventSocket,
                                         &pSocket);
                         BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
-                        dwError = VmSockPosixSetNonBlocking(pSocket);
+                        dwError = VmDnsSockPosixSetNonBlocking(pSocket);
                         BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
-                        dwError = VmSockPosixEventQueueAdd_inlock(
+                        dwError = VmDnsSockPosixEventQueueAdd_inlock(
                                         pQueue,
+                                        FALSE,
                                         pSocket);
                         BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
+                        pSocket->bInEventQueue = TRUE;
+
                         eventType = VM_SOCK_EVENT_TYPE_TCP_NEW_CONNECTION;
 
                         break;
 
                     case VM_SOCK_PROTOCOL_UDP:
-
-                        pSocket = VmSockPosixAcquireSocket(pEventSocket);
+                        pSocket = VmDnsSockPosixAcquireSocket(pEventSocket);
 
                         eventType = VM_SOCK_EVENT_TYPE_DATA_AVAILABLE;
 
@@ -599,25 +639,32 @@ VmSockPosixWaitForEvent(
                 }
                 else
                 {
-                    pSocket = VmSockPosixAcquireSocket(pEventSocket);
-                    eventType = VM_SOCK_EVENT_TYPE_DATA_AVAILABLE;
+                    pSocket = VmDnsSockPosixAcquireSocket(pEventSocket);
                 }
 
             }
             else
             {
-                pSocket = VmSockPosixAcquireSocket(pEventSocket);
-
-                eventType = VM_SOCK_EVENT_TYPE_DATA_AVAILABLE;
+                pSocket = VmDnsSockPosixAcquireSocket(pEventSocket);
             }
         }
 
         pQueue->iReady++;
     }
 
+    dwError = VmDnsSockPosixSetData(pSocket, NULL, (PVOID *)&pIoBuffer);
+    BAIL_ON_POSIX_SOCK_ERROR(dwError);
+
+    if (pIoBuffer && eventType == VM_SOCK_EVENT_TYPE_UNKNOWN)
+    {
+
+        pIoContext = CONTAINING_RECORD(pIoBuffer, VM_SOCK_IO_CONTEXT, IoBuffer);
+        eventType = pIoContext->eventType;
+    }
+
     *ppSocket = pSocket;
+    *ppIoBuffer = pIoBuffer;
     *pEventType = eventType;
-    *ppIoBuffer = (PVM_SOCK_IO_BUFFER)pSocket->pData;
 
 cleanup:
 
@@ -626,16 +673,7 @@ VmSockPosixWaitForEvent(
         VmDnsUnlockMutex(pQueue->pMutex);
     }
 
-    if (ppIoBuffer)
-    {
-        *ppIoBuffer = NULL;
-    }
 
-    // This needs to happen after we unlock mutex
-    if (dwError == ERROR_SHUTDOWN_IN_PROGRESS)
-    {
-        VmSockPosixFreeEventQueue(pQueue);
-    }
 
     return dwError;
 
@@ -645,40 +683,73 @@ VmSockPosixWaitForEvent(
     {
         *ppSocket = NULL;
     }
+    if (ppIoBuffer)
+    {
+        *ppIoBuffer = NULL;
+    }
     if (pEventType)
     {
         *pEventType = VM_SOCK_EVENT_TYPE_UNKNOWN;
     }
     if (pSocket)
     {
-        VmSockPosixReleaseSocket(pSocket);
+        VmDnsSockPosixReleaseSocket(pSocket);
     }
 
     goto cleanup;
 }
 
 VOID
-VmSockPosixCloseEventQueue(
+VmDnsSockPosixShutdownEventQueue(
     PVM_SOCK_EVENT_QUEUE pQueue
     )
 {
+
     LONG result = 0;
     if (pQueue)
     {
+        result = InterlockedExchange((LONG*)(&pQueue->bShutdown), TRUE);
         if (pQueue->pSignalWriter)
         {
             char szBuf[] = {0};
             ssize_t nWritten = 0;
-
             nWritten = write(pQueue->pSignalWriter->fd, szBuf, sizeof(szBuf));
         }
+    }
 
-        result = InterlockedExchange((LONG*)(&pQueue->bShutdown), TRUE);
+}
+
+VOID
+VmDnsSockPosixFreeEventQueue(
+    PVM_SOCK_EVENT_QUEUE pQueue
+    )
+{
+    if (pQueue->pSignalReader)
+    {
+        VmDnsSockPosixReleaseSocket(pQueue->pSignalReader);
+    }
+    if (pQueue->pSignalWriter)
+    {
+        VmDnsSockPosixReleaseSocket(pQueue->pSignalWriter);
+    }
+    if (pQueue->pMutex)
+    {
+        VmDnsFreeMutex(pQueue->pMutex);
+    }
+    if (pQueue->epollFd >= 0)
+    {
+        close(pQueue->epollFd);
+    }
+    if (pQueue->pEventArray)
+    {
+        VmDnsFreeMemory(pQueue->pEventArray);
+        pQueue->pEventArray = NULL;
     }
+    VmDnsFreeMemory(pQueue);
 }
 
 DWORD
-VmSockPosixSetNonBlocking(
+VmDnsSockPosixSetNonBlocking(
     PVM_SOCKET pSocket
     )
 {
@@ -690,7 +761,7 @@ VmSockPosixSetNonBlocking(
 
     bLocked = TRUE;
 
-    dwError = VmSockPosixSetDescriptorNonBlocking(pSocket->fd);
+    dwError = VmDnsSockPosixSetDescriptorNonBlocking(pSocket->fd);
     BAIL_ON_POSIX_SOCK_ERROR(dwError);
 
 cleanup:
@@ -708,7 +779,7 @@ VmSockPosixSetNonBlocking(
 }
 
 DWORD
-VmSockPosixSetTimeOut(
+VmDnsSockPosixSetTimeOut(
     PVM_SOCKET pSocket,
     DWORD      dwTimeOut
     )
@@ -759,7 +830,7 @@ VmSockPosixSetTimeOut(
 
 
 DWORD
-VmSockPosixGetProtocol(
+VmDnsSockPosixGetProtocol(
     PVM_SOCKET           pSocket,
     PDWORD               pdwProtocol
     )
@@ -823,7 +894,7 @@ VmSockPosixGetProtocol(
 }
 
 DWORD
-VmSockPosixSetData(
+VmDnsSockPosixSetData(
     PVM_SOCKET           pSocket,
     PVOID                pData,
     PVOID*               ppOldData
@@ -873,7 +944,7 @@ VmSockPosixSetData(
 }
 
 DWORD
-VmSockPosixGetData(
+VmDnsSockPosixGetData(
     PVM_SOCKET          pSocket,
     PVOID*              ppData
     )
@@ -914,7 +985,7 @@ VmSockPosixGetData(
 }
 
 DWORD
-VmSockPosixRead(
+VmDnsSockPosixRead(
     PVM_SOCKET          pSocket,
     PVM_SOCK_IO_BUFFER  pIoBuffer
     )
@@ -924,6 +995,7 @@ VmSockPosixRead(
     int     flags   = 0;
     ssize_t nRead   = 0;
     DWORD dwBufSize = 0;
+    DWORD dwSockAddrLen = 0;
 
     if (!pSocket || !pIoBuffer || !pIoBuffer->pData)
     {
@@ -938,7 +1010,7 @@ VmSockPosixRead(
     }
 
     dwBufSize = pIoBuffer->dwExpectedSize - pIoBuffer->dwCurrentSize;
-    pIoBuffer->addrLen = sizeof pIoBuffer->clientAddr;
+    dwSockAddrLen = sizeof pIoBuffer->clientAddr;
 
     dwError = VmDnsLockMutex(pSocket->pMutex);
     BAIL_ON_POSIX_SOCK_ERROR(dwError);
@@ -951,13 +1023,15 @@ VmSockPosixRead(
                 dwBufSize,
                 flags,
                 (struct sockaddr*)&pIoBuffer->clientAddr,
-                &pIoBuffer->addrLen);
+                &dwSockAddrLen);
     if (nRead < 0)
     {
         dwError = LwErrnoToWin32Error(errno);
         BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
+    pIoBuffer->addrLen = dwSockAddrLen;
+
     pIoBuffer->dwCurrentSize += nRead;
     pIoBuffer->dwTotalBytesTransferred += nRead;
 
@@ -976,7 +1050,7 @@ VmSockPosixRead(
 }
 
 DWORD
-VmSockPosixWrite(
+VmDnsSockPosixWrite(
     PVM_SOCKET          pSocket,
     const struct sockaddr*    pClientAddress,
     socklen_t           addrLength,
@@ -999,39 +1073,15 @@ VmSockPosixWrite(
 
     dwBytesToWrite = pIoBuffer->dwExpectedSize - pIoBuffer->dwCurrentSize;
 
-    switch (pSocket->protocol)
+    if (pClientAddress && addrLength)
     {
-        case VM_SOCK_PROTOCOL_TCP:
-
-            pClientAddressLocal = &pSocket->addr;
-            addrLengthLocal     = pSocket->addrLen;
-
-            break;
-
-        case VM_SOCK_PROTOCOL_UDP:
-
-            if (!pClientAddress || addrLength <= 0)
-            {
-                dwError = ERROR_INVALID_PARAMETER;
-                BAIL_ON_VMDNS_ERROR(dwError);
-            }
-
-            memcpy(
-                &pIoBuffer->clientAddr,
-                pClientAddress,
-                addrLength);
-
-            pClientAddressLocal = pClientAddress;
-            addrLengthLocal = addrLength;
-
-            break;
-
-        default:
-
-            dwError = ERROR_NOT_SUPPORTED;
-            BAIL_ON_POSIX_SOCK_ERROR(dwError);
-
-            break;
+        pClientAddressLocal = pClientAddress;
+        addrLengthLocal = addrLength;
+    }
+    else
+    {
+        pClientAddressLocal = &pSocket->addr;
+        addrLengthLocal = pSocket->addrLen;
     }
 
     dwError = VmDnsLockMutex(pSocket->pMutex);
@@ -1070,7 +1120,7 @@ VmSockPosixWrite(
 }
 
 PVM_SOCKET
-VmSockPosixAcquireSocket(
+VmDnsSockPosixAcquireSocket(
     PVM_SOCKET           pSocket
     )
 {
@@ -1083,7 +1133,7 @@ VmSockPosixAcquireSocket(
 }
 
 VOID
-VmSockPosixReleaseSocket(
+VmDnsSockPosixReleaseSocket(
     PVM_SOCKET           pSocket
     )
 {
@@ -1091,13 +1141,13 @@ VmSockPosixReleaseSocket(
     {
         if (InterlockedDecrement(&pSocket->refCount) == 0)
         {
-            VmSockPosixFreeSocket(pSocket);
+            VmDnsSockPosixFreeSocket(pSocket);
         }
     }
 }
 
 DWORD
-VmSockPosixCloseSocket(
+VmDnsSockPosixCloseSocket(
     PVM_SOCKET pSocket
     )
 {
@@ -1131,7 +1181,7 @@ VmSockPosixCloseSocket(
 
 static
 DWORD
-VmSockPosixCreateSignalSockets(
+VmDnsSockPosixCreateSignalSockets(
     PVM_SOCKET* ppReaderSocket,
     PVM_SOCKET* ppWriterSocket
     )
@@ -1184,11 +1234,11 @@ VmSockPosixCreateSignalSockets(
 
     if (pReaderSocket)
     {
-        VmSockPosixFreeSocket(pReaderSocket);
+        VmDnsSockPosixFreeSocket(pReaderSocket);
     }
     if (pWriterSocket)
     {
-        VmSockPosixFreeSocket(pWriterSocket);
+        VmDnsSockPosixFreeSocket(pWriterSocket);
     }
     for (iSock = 0; iSock < sizeof(fdPair)/sizeof(fdPair[0]); iSock++)
     {
@@ -1203,8 +1253,9 @@ VmSockPosixCreateSignalSockets(
 
 static
 DWORD
-VmSockPosixEventQueueAdd_inlock(
+VmDnsSockPosixEventQueueAdd_inlock(
     PVM_SOCK_EVENT_QUEUE pQueue,
+    BOOL                 bOneShot,
     PVM_SOCKET           pSocket
     )
 {
@@ -1213,14 +1264,21 @@ VmSockPosixEventQueueAdd_inlock(
 
     event.data.ptr = pSocket;
     event.events = EPOLLIN;
+    if (bOneShot)
+    {
+       event.events = event.events | EPOLLONESHOT;
+    }
+
 
-    if (epoll_ctl(pQueue->epollFd, EPOLL_CTL_ADD, pSocket->fd, &event) < 0)
+    VmDnsSockPosixAcquireSocket(pSocket);
+    if (pSocket->bInEventQueue == FALSE &&
+        epoll_ctl(pQueue->epollFd, EPOLL_CTL_ADD, pSocket->fd, &event) < 0)
     {
         dwError = LwErrnoToWin32Error(errno);
         BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
+    pSocket->bInEventQueue = TRUE;
 
-    VmSockPosixAcquireSocket(pSocket);
 
 error:
 
@@ -1229,7 +1287,32 @@ VmSockPosixEventQueueAdd_inlock(
 
 static
 DWORD
-VmSockPosixAcceptConnection(
+VmDnsSockPosixEventQueueDelete_inlock(
+    PVM_SOCK_EVENT_QUEUE pQueue,
+    PVM_SOCKET           pSocket
+    )
+{
+    DWORD dwError = 0;
+    struct epoll_event event = {0};
+
+
+    if (pSocket->bInEventQueue == TRUE &&
+        epoll_ctl(pQueue->epollFd, EPOLL_CTL_DEL, pSocket->fd, &event) < 0)
+    {
+        dwError = LwErrnoToWin32Error(errno);
+        BAIL_ON_POSIX_SOCK_ERROR(dwError);
+    }
+    pSocket->bInEventQueue = FALSE;
+
+    VmDnsSockPosixReleaseSocket(pSocket);
+
+error:
+    return dwError;
+}
+
+static
+DWORD
+VmDnsSockPosixAcceptConnection(
     PVM_SOCKET  pListener,
     PVM_SOCKET* ppSocket
     )
@@ -1273,7 +1356,7 @@ VmSockPosixAcceptConnection(
 
     if (pSocket)
     {
-        VmSockPosixFreeSocket(pSocket);
+        VmDnsSockPosixFreeSocket(pSocket);
     }
     if (fd >= 0)
     {
@@ -1285,7 +1368,7 @@ VmSockPosixAcceptConnection(
 
 static
 DWORD
-VmSockPosixSetDescriptorNonBlocking(
+VmDnsSockPosixSetDescriptorNonBlocking(
     int fd
     )
 {
@@ -1313,7 +1396,7 @@ VmSockPosixSetDescriptorNonBlocking(
 
 static
 DWORD
-VmSockPosixSetReuseAddress(
+VmDnsSockPosixSetReuseAddress(
     int fd
     )
 {
@@ -1333,37 +1416,7 @@ VmSockPosixSetReuseAddress(
 
 static
 VOID
-VmSockPosixFreeEventQueue(
-    PVM_SOCK_EVENT_QUEUE pQueue
-    )
-{
-    if (pQueue->pSignalReader)
-    {
-        VmSockPosixReleaseSocket(pQueue->pSignalReader);
-    }
-    if (pQueue->pSignalWriter)
-    {
-        VmSockPosixReleaseSocket(pQueue->pSignalWriter);
-    }
-    if (pQueue->pMutex)
-    {
-        VmDnsFreeMutex(pQueue->pMutex);
-    }
-    if (pQueue->epollFd >= 0)
-    {
-        close(pQueue->epollFd);
-    }
-    if (pQueue->pEventArray)
-    {
-        VmDnsFreeMemory(pQueue->pEventArray);
-        pQueue->pEventArray = NULL;
-    }
-    VmDnsFreeMemory(pQueue);
-}
-
-static
-VOID
-VmSockPosixFreeSocket(
+VmDnsSockPosixFreeSocket(
     PVM_SOCKET pSocket
     )
 {
@@ -1379,7 +1432,7 @@ VmSockPosixFreeSocket(
 }
 
 DWORD
-VmSockPosixStartListening(
+VmDnsSockPosixStartListening(
     PVM_SOCKET           pSocket,
     int                  iListenQueueSize
     )
@@ -1388,10 +1441,11 @@ VmSockPosixStartListening(
 }
 
 DWORD
-VmSockPosixAllocateIoBuffer(
-    VM_SOCK_EVENT_TYPE      eventType,
-    DWORD                   dwSize,
-    PVM_SOCK_IO_BUFFER*     ppIoBuffer
+VmDnsSockPosixAllocateIoBuffer(
+    VM_SOCK_EVENT_TYPE          eventType,
+    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+    DWORD                       dwSize,
+    PVM_SOCK_IO_BUFFER*         ppIoBuffer
     )
 {
     DWORD dwError = 0;
@@ -1409,6 +1463,7 @@ VmSockPosixAllocateIoBuffer(
     BAIL_ON_VMDNS_ERROR(dwError);
 
     pIoContext->eventType = eventType;
+    pIoContext->pEventContext = pEventContext;
     pIoContext->IoBuffer.dwExpectedSize = dwSize;
     pIoContext->IoBuffer.pData = pIoContext->DataBuffer;
 
@@ -1422,17 +1477,94 @@ VmSockPosixAllocateIoBuffer(
 
     if (pIoContext)
     {
-        VmSockPosixFreeIoBuffer(&pIoContext->IoBuffer);
+        VmDnsSockPosixFreeIoBuffer(&pIoContext->IoBuffer);
+    }
+
+    goto cleanup;
+}
+
+DWORD
+VmDnsSockPosixSetEventContext(
+    PVM_SOCK_IO_BUFFER      pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT  pEventContext,
+    PVM_SOCK_EVENT_CONTEXT* ppOldEventContext
+    )
+{
+    DWORD dwError = 0;
+    PVM_SOCK_IO_CONTEXT pIoContext = NULL;
+    PVM_SOCK_EVENT_CONTEXT pOldEventContext = NULL;
+
+    if (!pIoBuffer || !ppOldEventContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_POSIX_SOCK_ERROR(dwError);
+    }
+
+    pIoContext = CONTAINING_RECORD(pIoBuffer, VM_SOCK_IO_CONTEXT, IoBuffer);
+
+    pOldEventContext = (PVM_SOCK_EVENT_CONTEXT)
+                        InterlockedExchange(&(pIoContext->pEventContext), pEventContext);
+
+    *ppOldEventContext = pOldEventContext;
+
+cleanup:
+
+    return dwError;
+error:
+
+    if (ppOldEventContext)
+    {
+        *ppOldEventContext = NULL;
+    }
+    goto cleanup;
+}
+
+DWORD
+VmDnsSockPosixGetEventContext(
+    PVM_SOCK_IO_BUFFER        pIoBuffer,
+    PVM_SOCK_EVENT_CONTEXT*   ppEventContext
+    )
+{
+    DWORD dwError = 0;
+    PVM_SOCK_EVENT_CONTEXT pEventContext = NULL;
+    PVM_SOCK_IO_CONTEXT pIoContext = NULL;
+
+    if (!pIoBuffer || !ppEventContext)
+    {
+        dwError = ERROR_INVALID_PARAMETER;
+        BAIL_ON_POSIX_SOCK_ERROR(dwError);
     }
 
+
+    pIoContext = CONTAINING_RECORD(pIoBuffer, VM_SOCK_IO_CONTEXT, IoBuffer);
+
+    pEventContext = pIoContext->pEventContext;
+
+    *ppEventContext = pEventContext;
+
+cleanup:
+
+    return dwError;
+error:
+
+    if (ppEventContext)
+    {
+        *ppEventContext = NULL;
+    }
     goto cleanup;
 }
 
+
 VOID
-VmSockPosixFreeIoBuffer(
+VmDnsSockPosixFreeIoBuffer(
     PVM_SOCK_IO_BUFFER     pIoBuffer
     )
 {
+//    VMDNS_LOG_DEBUG("pIoBuffer:%p released from thread %p", pIoBuffer, pthread_self());
+    if (pIoBuffer && pIoBuffer->pClientSocket)
+    {
+        VmDnsSockPosixReleaseSocket(pIoBuffer->pClientSocket);
+    }
     PVM_SOCK_IO_CONTEXT pIoContext = CONTAINING_RECORD(pIoBuffer, VM_SOCK_IO_CONTEXT, IoBuffer);
     VMDNS_SAFE_FREE_MEMORY(pIoContext);
 }
@@ -1447,7 +1579,7 @@ VmSockPosixFreeIoBuffer(
  * @return DWORD - 0 on success
  */
 DWORD
-VmSockPosixGetAddress(
+VmDnsSockPosixGetAddress(
     PVM_SOCKET                  pSocket,
     struct sockaddr_storage*    pAddress,
     socklen_t*                  pAddresLen
diff --git a/vmdns/vmsock/posix/structs.h b/vmdns/vmsock/posix/structs.h
index 87d403863..192c211c5 100644
--- a/vmdns/vmsock/posix/structs.h
+++ b/vmdns/vmsock/posix/structs.h
@@ -29,6 +29,7 @@ typedef struct _VM_SOCKET
     int              fd;
 
     PVOID            pData;
+    BOOL             bInEventQueue;
 
 } VM_SOCKET;
 
@@ -54,8 +55,9 @@ typedef struct _VM_SOCK_EVENT_QUEUE
 
 typedef struct _VM_SOCK_IO_CONTEXT
 {
-    VM_SOCK_EVENT_TYPE  eventType;
-    VM_SOCK_IO_BUFFER   IoBuffer;
-    CHAR                DataBuffer[1];
+    VM_SOCK_EVENT_TYPE           eventType;
+    PVM_SOCK_EVENT_CONTEXT       pEventContext;
+    VM_SOCK_IO_BUFFER            IoBuffer;
+    CHAR                         DataBuffer[1];
 } VM_SOCK_IO_CONTEXT, *PVM_SOCK_IO_CONTEXT;
 
diff --git a/vmdns/vmsock/win/globals.c b/vmdns/vmsock/win/globals.c
index 9590cb71b..84a5e3864 100644
--- a/vmdns/vmsock/win/globals.c
+++ b/vmdns/vmsock/win/globals.c
@@ -17,28 +17,28 @@
 
 // For now only client socket part is portable
 
-VM_SOCK_PACKAGE gVmSockWinPackage =
+VM_SOCK_PACKAGE gVmDnsSockWinPackage =
 {
-    .pfnOpenClientSocket = &VmSockWinOpenClient,
-    .pfnOpenServerSocket = &VmSockWinOpenServer,
-    .pfnCreateEventQueue = &VmSockWinCreateEventQueue,
-    .pfnAddEventQueue = &VmSockWinEventQueueAdd,
-    .pfnWaitForEvent = &VmSockWinWaitForEvent,
-    .pfnStartListening = &VmSockWinStartListening,
-    .pfnCloseEventQueue = &VmSockWinCloseEventQueue,
-    .pfnSetNonBlocking = &VmSockWinSetNonBlocking,
-    .pfnSetTimeOut = &VmSockWinSetTimeOut,
-    .pfnGetProtocol = &VmSockWinGetProtocol,
-    .pfnSetData = &VmSockWinSetData,
-    .pfnGetData = &VmSockWinGetData,
-    .pfnRead = &VmSockWinRead,
-    .pfnWrite = &VmSockWinWrite,
-    .pfnAcquireSocket = &VmSockWinAcquire,
-    .pfnReleaseSocket = &VmSockWinRelease,
-    .pfnCloseSocket = &VmSockWinClose,
-    .pfnGetAddress = &VmSockWinGetAddress,
-    .pfnAllocateIoBuffer = &VmSockWinAllocateIoBuffer,
-    .pfnReleaseIoBuffer = &VmSockWinFreeIoBuffer
+    .pfnOpenClientSocket = &VmDnsSockWinOpenClient,
+    .pfnOpenServerSocket = &VmDnsSockWinOpenServer,
+    .pfnCreateEventQueue = &VmDnsSockWinCreateEventQueue,
+    .pfnAddEventQueue = &VmDnsSockWinEventQueueAdd,
+    .pfnWaitForEvent = &VmDnsSockWinWaitForEvent,
+    .pfnStartListening = &VmDnsSockWinStartListening,
+    .pfnShutdownEventQueue = &VmDnsSockWinCloseEventQueue,
+    .pfnSetNonBlocking = &VmDnsSockWinSetNonBlocking,
+    .pfnSetTimeOut = &VmDnsSockWinSetTimeOut,
+    .pfnGetProtocol = &VmDnsSockWinGetProtocol,
+    .pfnSetData = &VmDnsSockWinSetData,
+    .pfnGetData = &VmDnsSockWinGetData,
+    .pfnRead = &VmDnsSockWinRead,
+    .pfnWrite = &VmDnsSockWinWrite,
+    .pfnAcquireSocket = &VmDnsSockWinAcquire,
+    .pfnReleaseSocket = &VmDnsSockWinRelease,
+    .pfnCloseSocket = &VmDnsSockWinClose,
+    .pfnGetAddress = &VmDnsSockWinGetAddress,
+    .pfnAllocateIoBuffer = &VmDnsSockWinAllocateIoBuffer,
+    .pfnReleaseIoBuffer = &VmDnsSockWinFreeIoBuffer
 };
 
-PVM_SOCK_PACKAGE gpVmWinSockPackage = &gVmSockWinPackage;
+PVM_SOCK_PACKAGE gpVmWinSockPackage = &gVmDnsSockWinPackage;
diff --git a/vmdns/vmsock/win/prototypes.h b/vmdns/vmsock/win/prototypes.h
index b16056b7e..82a91cf21 100644
--- a/vmdns/vmsock/win/prototypes.h
+++ b/vmdns/vmsock/win/prototypes.h
@@ -46,7 +46,7 @@ VmWinSockShutdown(
  * @return 0 on success
  */
 DWORD
-VmSockWinOpenClient(
+VmDnsSockWinOpenClient(
     PCSTR                   pszHost,
     USHORT                  usPort,
     VM_SOCK_CREATE_FLAGS    dwFlags,
@@ -67,7 +67,7 @@ VmSockWinOpenClient(
  * @return 0 on success
  */
 DWORD
-VmSockWinOpenServer(
+VmDnsSockWinOpenServer(
     USHORT               usPort,
     int                  iListenQueueSize,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -83,7 +83,7 @@ VmSockWinOpenServer(
  * @return 0 on success
  */
 DWORD
-VmSockWinStartListening(
+VmDnsSockWinStartListening(
     PVM_SOCKET           pSocket,
     int                  iListenQueueSize
     );
@@ -99,7 +99,7 @@ VmSockWinStartListening(
  * @return 0 on success
  */
 DWORD
-VmSockWinCreateEventQueue(
+VmDnsSockWinCreateEventQueue(
     int                     iEventQueueSize,
     PVM_SOCK_EVENT_QUEUE*   ppQueue
     );
@@ -113,7 +113,7 @@ VmSockWinCreateEventQueue(
  * @return 0 on success
  */
 DWORD
-VmSockWinEventQueueAdd(
+VmDnsSockWinEventQueueAdd(
     PVM_SOCK_EVENT_QUEUE pQueue,
     PVM_SOCKET           pSocket
     );
@@ -131,7 +131,7 @@ VmSockWinEventQueueAdd(
  * @return 0 on success
  */
 DWORD
-VmSockWinWaitForEvent(
+VmDnsSockWinWaitForEvent(
     PVM_SOCK_EVENT_QUEUE pQueue,
     int                  iTimeoutMS,
     PVM_SOCKET*          ppSocket,
@@ -148,7 +148,7 @@ VmSockWinWaitForEvent(
  */
 
 VOID
-VmSockWinCloseEventQueue(
+VmDnsSockWinCloseEventQueue(
     PVM_SOCK_EVENT_QUEUE pQueue
     );
 
@@ -161,7 +161,7 @@ VmSockWinCloseEventQueue(
  */
 
 DWORD
-VmSockWinSetNonBlocking(
+VmDnsSockWinSetNonBlocking(
     PVM_SOCKET           pSocket
     );
 
@@ -175,7 +175,7 @@ VmSockWinSetNonBlocking(
  */
 
 DWORD
-VmSockWinSetTimeOut(
+VmDnsSockWinSetTimeOut(
     PVM_SOCKET           pSocket,
     DWORD                dwTimeOut
     );
@@ -188,7 +188,7 @@ VmSockWinSetTimeOut(
  *                            This will be one of { SOCK_STREAM, SOCK_DGRAM... }
  */
 DWORD
-VmSockWinGetProtocol(
+VmDnsSockWinGetProtocol(
     PVM_SOCKET           pSocket,
     PDWORD               pdwProtocol
     );
@@ -203,7 +203,7 @@ VmSockWinGetProtocol(
  * @return 0 on success
  */
 DWORD
-VmSockWinSetData(
+VmDnsSockWinSetData(
     PVM_SOCKET           pSocket,
     PVOID                pData,
     PVOID*               ppOldData
@@ -218,7 +218,7 @@ VmSockWinSetData(
  * @return 0 on success
  */
 DWORD
-VmSockWinGetData(
+VmDnsSockWinGetData(
     PVM_SOCKET          pSocket,
     PVOID*              ppData
     );
@@ -236,7 +236,7 @@ VmSockWinGetData(
  * @return 0 on success
  */
 DWORD
-VmSockWinRead(
+VmDnsSockWinRead(
     PVM_SOCKET          pSocket,
     PVM_SOCK_IO_BUFFER  pIoBuffer
     );
@@ -257,7 +257,7 @@ VmSockWinRead(
  * @return 0 on success
  */
 DWORD
-VmSockWinWrite(
+VmDnsSockWinWrite(
     PVM_SOCKET          pSocket,
     struct sockaddr*    pClientAddress,
     socklen_t           addrLength,
@@ -271,7 +271,7 @@ VmSockWinWrite(
  */
 
 PVM_SOCKET
-VmSockWinAcquire(
+VmDnsSockWinAcquire(
     PVM_SOCKET          pSocket
     );
 
@@ -280,7 +280,7 @@ VmSockWinAcquire(
  *
  */
 VOID
-VmSockWinRelease(
+VmDnsSockWinRelease(
     PVM_SOCKET          pSocket
     );
 
@@ -289,7 +289,7 @@ VmSockWinRelease(
  *        This call does not release the reference to the socket or free it.
  */
 DWORD
-VmSockWinClose(
+VmDnsSockWinClose(
     PVM_SOCKET          pSocket
     );
 
@@ -299,12 +299,12 @@ VmSockWinClose(
  * @return TRUE(1) if the string is a valid IP Address, 0 otherwise.
  */
 BOOLEAN
-VmSockWinIsValidIPAddress(
+VmDnsSockWinIsValidIPAddress(
     PCSTR               pszAddress
     );
 
 /**
- * @brief  VmwSockGetAddress
+ * @brief  VmDnsSockGetAddress
  *
  * @param[in] pSocket
  * @param[in] pAddress
@@ -313,15 +313,17 @@ VmSockWinIsValidIPAddress(
  * @return DWORD - 0 on success
  */
 DWORD
-VmSockWinGetAddress(
+VmDnsSockWinGetAddress(
     PVM_SOCKET                  pSocket,
     struct sockaddr_storage*    pAddress,
     socklen_t*                  pAddresLen
     );
 
 DWORD
-VmSockWinAllocateIoBuffer(
+VmDnsSockWinAllocateIoBuffer(
     VM_SOCK_EVENT_TYPE      eventType,
+    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+    PFN_SOCK_EVENT_CONTEXT_FREE pfnEventContextFree,
     DWORD                   dwSize,
     PVM_SOCK_IO_BUFFER*     ppIoContext
     );
@@ -334,7 +336,7 @@ VmSockWinAllocateIoBuffer(
  * @return VOID - 0 on success
  */
 VOID
-VmSockWinFreeIoBuffer(
+VmDnsSockWinFreeIoBuffer(
     PVM_SOCK_IO_BUFFER  pIoBuffer
     );
 
diff --git a/vmdns/vmsock/win/winsock.c b/vmdns/vmsock/win/winsock.c
index e25611a88..8ef5e8e4f 100644
--- a/vmdns/vmsock/win/winsock.c
+++ b/vmdns/vmsock/win/winsock.c
@@ -17,7 +17,7 @@
 
 
 static DWORD
-VmSockWinAcceptConnection(
+VmDnsSockWinAcceptConnection(
     PVM_SOCKET              pListenSocket,
     SOCKET                  clientSocket,
     struct sockaddr*        pClientAddress,
@@ -25,18 +25,18 @@ VmSockWinAcceptConnection(
     );
 
 static DWORD
-VmSockWinCopyTargetAddress(
+VmDnsSockWinCopyTargetAddress(
     struct addrinfo*        pInfo,
     PVM_SOCKET              pSocket
     );
 
 static VOID
-VmSockWinFreeSocket(
+VmDnsSockWinFreeSocket(
     PVM_SOCKET              pSocket
     );
 
 static DWORD WINAPI
-VmSockWinListenerThreadProc(
+VmDnsSockWinListenerThreadProc(
     LPVOID                  pThreadParam
     );
 
@@ -52,7 +52,7 @@ VmSockWinListenerThreadProc(
  * @return 0 on success
  */
 DWORD
-VmSockWinOpenClient(
+VmDnsSockWinOpenClient(
     PCSTR                   pszHost,
     USHORT                  usPort,
     VM_SOCK_CREATE_FLAGS    dwFlags,
@@ -159,7 +159,7 @@ VmSockWinOpenClient(
         pSocket->protocol = VM_SOCK_PROTOCOL_UDP;
     }
 
-    dwError = VmSockWinCopyTargetAddress(pClientAddress, pSocket);
+    dwError = VmDnsSockWinCopyTargetAddress(pClientAddress, pSocket);
     BAIL_ON_VMDNS_ERROR(dwError);
 
     pSocket->hSocket = socket;
@@ -202,7 +202,7 @@ error :
  * @return 0 on success
  */
 DWORD
-VmSockWinOpenServer(
+VmDnsSockWinOpenServer(
     USHORT               usPort,
     int                  iListenQueueSize,
     VM_SOCK_CREATE_FLAGS dwFlags,
@@ -351,7 +351,7 @@ VmSockWinOpenServer(
 
     if (pSocket)
     {
-        VmSockWinFreeSocket(pSocket);
+        VmDnsSockWinFreeSocket(pSocket);
     }
     if (socket != INVALID_SOCKET)
     {
@@ -372,7 +372,7 @@ VmSockWinOpenServer(
  * @return 0 on success
  */
 DWORD
-VmSockWinCreateEventQueue(
+VmDnsSockWinCreateEventQueue(
     int                     iEventQueueSize,
     PVM_SOCK_EVENT_QUEUE*   ppQueue
     )
@@ -426,12 +426,12 @@ VmSockWinCreateEventQueue(
         *ppQueue = NULL;
     }
 
-    VmSockWinCloseEventQueue(pQueue);
+    VmDnsSockWinCloseEventQueue(pQueue);
     goto cleanup;
 }
 
 DWORD
-VmSockWinEventQueueAdd(
+VmDnsSockWinEventQueueAdd(
     PVM_SOCK_EVENT_QUEUE pQueue,
     PVM_SOCKET           pSocket
     )
@@ -484,7 +484,7 @@ VmSockWinEventQueueAdd(
  * @return 0 on success
  */
 DWORD
-VmSockWinStartListening(
+VmDnsSockWinStartListening(
     PVM_SOCKET           pSocket,
     int                  iListenQueueSize
     )
@@ -505,7 +505,7 @@ VmSockWinStartListening(
     hThreadListen = CreateThread(
                             NULL,
                             0,
-                            VmSockWinListenerThreadProc,
+                            VmDnsSockWinListenerThreadProc,
                             pSocket,
                             0,
                             &dwThreadId);
@@ -545,7 +545,7 @@ VmSockWinStartListening(
  * @return 0 on success
  */
 DWORD
-VmSockWinWaitForEvent(
+VmDnsSockWinWaitForEvent(
     PVM_SOCK_EVENT_QUEUE pQueue,
     int                  iTimeoutMS,
     PVM_SOCKET*          ppSocket,
@@ -627,7 +627,7 @@ VmSockWinWaitForEvent(
  */
 
 VOID
-VmSockWinCloseEventQueue(
+VmDnsSockWinCloseEventQueue(
     PVM_SOCK_EVENT_QUEUE pQueue
     )
 {
@@ -656,7 +656,7 @@ VmSockWinCloseEventQueue(
  */
 
 DWORD
-VmSockWinSetNonBlocking(
+VmDnsSockWinSetNonBlocking(
     PVM_SOCKET           pSocket
     )
 {
@@ -674,7 +674,7 @@ VmSockWinSetNonBlocking(
  */
 
 DWORD
-VmSockWinSetTimeOut(
+VmDnsSockWinSetTimeOut(
     PVM_SOCKET           pSocket,
     DWORD                dwTimeOut
     )
@@ -691,7 +691,7 @@ VmSockWinSetTimeOut(
  *                            This will be one of { SOCK_STREAM, SOCK_DGRAM... }
  */
 DWORD
-VmSockWinGetProtocol(
+VmDnsSockWinGetProtocol(
     PVM_SOCKET           pSocket,
     PDWORD               pdwProtocol
     )
@@ -752,7 +752,7 @@ VmSockWinGetProtocol(
  * @return 0 on success
  */
 DWORD
-VmSockWinSetData(
+VmDnsSockWinSetData(
     PVM_SOCKET           pSocket,
     PVOID                pData,
     PVOID*               ppOldData
@@ -770,7 +770,7 @@ VmSockWinSetData(
  * @return 0 on success
  */
 DWORD
-VmSockWinGetData(
+VmDnsSockWinGetData(
     PVM_SOCKET          pSocket,
     PVOID*              ppData
     )
@@ -791,7 +791,7 @@ VmSockWinGetData(
  * @return 0 on success
  */
 DWORD
-VmSockWinRead(
+VmDnsSockWinRead(
     PVM_SOCKET          pSocket,
     PVM_SOCK_IO_BUFFER  pIoBuffer
     )
@@ -916,7 +916,7 @@ VmSockWinRead(
  * @return 0 on success
  */
 DWORD
-VmSockWinWrite(
+VmDnsSockWinWrite(
     PVM_SOCKET          pSocket,
     struct sockaddr*    pClientAddress,
     socklen_t           addrLength,
@@ -1029,7 +1029,7 @@ VmSockWinWrite(
  */
 
 PVM_SOCKET
-VmSockWinAcquire(
+VmDnsSockWinAcquire(
     PVM_SOCKET           pSocket
     )
 {
@@ -1046,7 +1046,7 @@ VmSockWinAcquire(
  *
  */
 VOID
-VmSockWinRelease(
+VmDnsSockWinRelease(
     PVM_SOCKET           pSocket
     )
 {
@@ -1054,7 +1054,7 @@ VmSockWinRelease(
     {
         if (InterlockedDecrement(&pSocket->refCount) == 0)
         {
-            VmSockWinFreeSocket(pSocket);
+            VmDnsSockWinFreeSocket(pSocket);
         }
     }
 }
@@ -1064,7 +1064,7 @@ VmSockWinRelease(
  *        This call does not release the reference to the socket or free it.
  */
 DWORD
-VmSockWinClose(
+VmDnsSockWinClose(
     PVM_SOCKET           pSocket
     )
 {
@@ -1085,7 +1085,7 @@ VmSockWinClose(
  * @return TRUE(1) if the string is a valid IP Address, 0 otherwise.
  */
 BOOLEAN
-VmSockWinIsValidIPAddress(
+VmDnsSockWinIsValidIPAddress(
     PCSTR                pszAddress
     )
 {
@@ -1093,7 +1093,7 @@ VmSockWinIsValidIPAddress(
 }
 
 static DWORD
-VmSockWinCopyTargetAddress(
+VmDnsSockWinCopyTargetAddress(
     struct addrinfo*    pInfo,
     PVM_SOCKET          pSocket
     )
@@ -1104,7 +1104,7 @@ VmSockWinCopyTargetAddress(
 }
 
 static VOID
-VmSockWinFreeSocket(
+VmDnsSockWinFreeSocket(
     PVM_SOCKET  pSocket
     )
 {
@@ -1119,7 +1119,7 @@ VmSockWinFreeSocket(
 }
 
 static VOID
-VmSockWinDisconnectSocket(
+VmDnsSockWinDisconnectSocket(
     SOCKET clientSocket
     )
 {
@@ -1135,7 +1135,7 @@ VmSockWinDisconnectSocket(
 }
 
 DWORD WINAPI
-VmSockWinListenerThreadProc(
+VmDnsSockWinListenerThreadProc(
     LPVOID pThreadParam
     )
 {
@@ -1202,7 +1202,7 @@ VmSockWinListenerThreadProc(
                 }
                 else
                 {
-                    dwError = VmSockWinAcceptConnection(
+                    dwError = VmDnsSockWinAcceptConnection(
                                     pListenSocket,
                                     clientSocket,
                                     (struct sockaddr*)&clientAddress,
@@ -1226,7 +1226,7 @@ VmSockWinListenerThreadProc(
 }
 
 DWORD
-VmSockWinAcceptConnection(
+VmDnsSockWinAcceptConnection(
     PVM_SOCKET              pListenSocket,
     SOCKET                  clientSocket,
     struct sockaddr*        pClientAddr,
@@ -1288,7 +1288,7 @@ VmSockWinAcceptConnection(
         BAIL_ON_VMDNS_ERROR(dwError);
     }
 
-    dwError = VmSockWinAllocateIoBuffer(
+    dwError = VmDnsSockWinAllocateIoBuffer(
                     VM_SOCK_EVENT_TYPE_TCP_NEW_CONNECTION,
                     0,
                     &pIoBuffer);
@@ -1323,20 +1323,22 @@ VmSockWinAcceptConnection(
 
     if (pClientSocket)
     {
-        VmSockWinFreeSocket(pClientSocket);
+        VmDnsSockWinFreeSocket(pClientSocket);
     }
 
     if (pIoBuffer)
     {
-        VmSockWinFreeIoBuffer(pIoBuffer);
+        VmDnsSockWinFreeIoBuffer(pIoBuffer);
     }
 
     goto cleanup;
 }
 
 DWORD
-VmSockWinAllocateIoBuffer(
+VmDnsSockWinAllocateIoBuffer(
     VM_SOCK_EVENT_TYPE      eventType,
+    PVM_SOCK_EVENT_CONTEXT      pEventContext,
+    PFN_SOCK_EVENT_CONTEXT_FREE pfnEventContextFree,
     DWORD                   dwSize,
     PVM_SOCK_IO_BUFFER*     ppIoBuffer
     )
@@ -1377,14 +1379,14 @@ VmSockWinAllocateIoBuffer(
 
     if (pIoContext)
     {
-        VmSockWinFreeIoBuffer(&pIoContext->IoBuffer);
+        VmDnsSockWinFreeIoBuffer(&pIoContext->IoBuffer);
     }
 
     goto cleanup;
 }
 
 VOID
-VmSockWinFreeIoBuffer(
+VmDnsSockWinFreeIoBuffer(
     PVM_SOCK_IO_BUFFER     pIoBuffer
     )
 {
@@ -1403,7 +1405,7 @@ VmSockWinFreeIoBuffer(
  * @return DWORD - 0 on success
  */
 DWORD
-VmSockWinGetAddress(
+VmDnsSockWinGetAddress(
     PVM_SOCKET                  pSocket,
     struct sockaddr_storage*    pAddress,
     socklen_t*                  pAddresLen
diff --git a/vmevent/build/Makefile.bootstrap b/vmevent/build/Makefile.bootstrap
index 320fd4da3..229331bc6 100644
--- a/vmevent/build/Makefile.bootstrap
+++ b/vmevent/build/Makefile.bootstrap
@@ -41,7 +41,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/include/config.h.in* \
     $(SRCROOT)/install-sh \
     $(SRCROOT)/ltmain.sh \
-    $(SRCROOT)/missing
+    $(SRCROOT)/missing \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=vmware-event-devel.spec
 
diff --git a/vmevent/build/package/rpm/vmware-event-devel.spec b/vmevent/build/package/rpm/vmware-event-devel.spec
deleted file mode 100644
index 356fa7300..000000000
--- a/vmevent/build/package/rpm/vmware-event-devel.spec
+++ /dev/null
@@ -1,34 +0,0 @@
-Name:    vmware-event-devel
-Summary: VMware Event SDK
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22
-BuildRequires:  coreutils >= 8.22
-
-%description
-VMware Event Service Software Development Kit
-
-%build
-cd build
-autoreconf -mif ..
-../configure \
-    --prefix=%{_prefix}
-
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=$RPM_BUILD_ROOT
-
-%files
-%defattr(-,root,root)
-%{_includedir}/*
-
-%changelog
-
diff --git a/vmevent/configure.ac b/vmevent/configure.ac
deleted file mode 100644
index c24889abc..000000000
--- a/vmevent/configure.ac
+++ /dev/null
@@ -1,62 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([vmdir], [1.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-
-    linux*:x86_64)
-	;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h)
-AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
-AC_CHECK_HEADERS(termios.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-
-AC_CONFIG_FILES([Makefile
-                 include/Makefile
-                 include/public/Makefile
-                ])
-AC_OUTPUT
-
diff --git a/vmevent/m4/README b/vmevent/m4/README
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vmevent/m4/as-ac-expand.m4 b/vmevent/m4/as-ac-expand.m4
deleted file mode 100644
index 8bd95a85c..000000000
--- a/vmevent/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/vmevent/m4/libtool.m4 b/vmevent/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/vmevent/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/vmevent/m4/ltoptions.m4 b/vmevent/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/vmevent/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/vmevent/m4/ltsugar.m4 b/vmevent/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/vmevent/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/vmevent/m4/ltversion.m4 b/vmevent/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/vmevent/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/vmevent/m4/lt~obsolete.m4 b/vmevent/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/vmevent/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/vmidentity/Makefile.am b/vmidentity/Makefile.am
index ae96c4871..ff97e8603 100644
--- a/vmidentity/Makefile.am
+++ b/vmidentity/Makefile.am
@@ -2,6 +2,5 @@ ACLOCAL_AMFLAGS = -I m4
 
 SUBDIRS = \
     interop \
-    ssoclients \
     build-maven \
     make-target
diff --git a/vmidentity/build-maven/Makefile.am b/vmidentity/build-maven/Makefile.am
index 7ef4e33b4..1e91a7a57 100644
--- a/vmidentity/build-maven/Makefile.am
+++ b/vmidentity/build-maven/Makefile.am
@@ -1,9 +1,7 @@
-
 CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
 
 all: jar
 
 jar:
 	@echo "Building vmidentity"
-	cd @top_srcdir@ && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Djre.home="@JAVA_HOME@/jre" -Dmaven.home="@MAVEN_HOME@" -DBUILD_NUMBER="0" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
-
+	cd @top_srcdir@/vmidentity && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" -Dlibs.ant-contrib-home="@abs_top_builddir@/vmidentity/depends" -Djre.home="@JAVA_HOME@/jre" -Dmaven.home="@MAVEN_HOME@" -DBUILD_NUMBER="0" -Dbuild_dir="@abs_top_builddir@"/vmidentity org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/vmidentity/build.xml b/vmidentity/build.xml
index 25162750d..968113dc7 100644
--- a/vmidentity/build.xml
+++ b/vmidentity/build.xml
@@ -2,53 +2,76 @@
 <project name="vmidentity" default="build" basedir=".">
 
   <!-- Configuration set up -->
-  <property file="product.properties" />
   <property name="MAINSRCROOT" value="${basedir}" />
-  <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}" />
-  <property name="PACKAGE_BASE" value="${buildRoot}/packages" />
-  <property name="AFD_PACKAGE_BASE" value="${MAINSRCROOT}/../vmafd/build/authentication-framework/packages" />
-  <property name="VMCA_PACKAGE_BASE" value="${MAINSRCROOT}/../vmca/build/packages" />
+  <property file="${MAINSRCROOT}/product.properties" />
+  <property name="buildRoot" value="${build_dir}/${PRODUCT_NAME}" />
+
+  <condition property="afd_build_dir"
+             value="${MAINSRCROOT}/../vmafd/build"
+             else="${build_dir}/../vmafd">
+    <equals arg1="${MAINSRCROOT}/build/rpmbuild/BUILD/build" arg2="${build_dir}" />
+  </condition>
+
+  <condition property="vmca_build_dir"
+             value="${MAINSRCROOT}/../vmca/build"
+             else="${build_dir}/../vmca">
+    <equals arg1="${MAINSRCROOT}/build/rpmbuild/BUILD/build" arg2="${build_dir}" />
+  </condition>
+
+  <property name="PACKAGE_BASE" value="${build_dir}/vmware-sts/packages" />
+  <property name="AFD_PACKAGE_BASE" value="${afd_build_dir}/authentication-framework/packages" />
+  <property name="VMCA_PACKAGE_BASE" value="${vmca_build_dir}/certificate-authority/packages" />
 
   <property name="AFD_GROUP_BASE" value="com.vmware.vmafd" />
   <property name="VMCA_GROUP_BASE" value="com.vmware.vmca" />
 
   <!-- Artifacts of VMIDENTITY related Projects -->
-  <property name="VERSION" value="1.2.0-SNAPSHOT" />
+  <property name="VERSION" value="1.3.0-SNAPSHOT" />
   <property name="maven" value="${maven.home}/bin/mvn" />
 
+  <!-- Install the dependencies that VMAFD and VMCA do not -->
   <target name="install.vmware-dependencies">
     <exec executable="${maven}" failonerror="true">
       <env key="M2_HOME" value="${maven.home}" />
       <env key="JAVA_HOME" value="${jre.home}"/>
-      <arg line=" -s settings.xml install:install-file -Dfile=${AFD_PACKAGE_BASE}/client-domain-controller-cache.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=client-domain-controller-cache -Dversion=${VERSION} -Dpackaging=jar" />
+      <arg line=" install:install-file -Dfile=${AFD_PACKAGE_BASE}/client-domain-controller-cache.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=client-domain-controller-cache -Dversion=${VERSION} -Dpackaging=jar" />
     </exec>
     <exec executable="${maven}" failonerror="true">
       <env key="M2_HOME" value="${maven.home}" />
       <env key="JAVA_HOME" value="${jre.home}"/>
-      <arg line=" -s settings.xml install:install-file -Dfile=${AFD_PACKAGE_BASE}/authentication-framework.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=authentication-framework -Dversion=${VERSION} -Dpackaging=jar" />
+      <arg line=" install:install-file -Dfile=${AFD_PACKAGE_BASE}/authentication-framework.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=authentication-framework -Dversion=${VERSION} -Dpackaging=jar" />
     </exec>
     <exec executable="${maven}" failonerror="true">
       <env key="M2_HOME" value="${maven.home}" />
       <env key="JAVA_HOME" value="${jre.home}"/>
-      <arg line=" -s settings.xml install:install-file -Dfile=${AFD_PACKAGE_BASE}/afd-heartbeat-service.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=afd-heartbeat-service -Dversion=${VERSION} -Dpackaging=jar" />
+      <arg line=" install:install-file -Dfile=${AFD_PACKAGE_BASE}/afd-heartbeat-service.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=afd-heartbeat-service -Dversion=${VERSION} -Dpackaging=jar" />
     </exec>
     <exec executable="${maven}" failonerror="true">
       <env key="M2_HOME" value="${maven.home}" />
       <env key="JAVA_HOME" value="${jre.home}"/>
-      <arg line="-s settings.xml install:install-file -Dfile=${VMCA_PACKAGE_BASE}/vmware-vmca-client.jar -DgroupId=${VMCA_GROUP_BASE} -DartifactId=vmware-vmca-client -Dversion=${VERSION} -Dpackaging=jar" />
+      <arg line=" install:install-file -Dfile=${VMCA_PACKAGE_BASE}/vmware-vmca-client.jar -DgroupId=${VMCA_GROUP_BASE} -DartifactId=vmware-vmca-client -Dversion=${VERSION} -Dpackaging=jar" />
     </exec>
     <exec executable="${maven}" failonerror="true">
       <env key="M2_HOME" value="${maven.home}" />
       <env key="JAVA_HOME" value="${jre.home}"/>
-      <arg line="install:install-file -Dfile=${AFD_PACKAGE_BASE}/vmware-endpoint-certificate-store.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=vmware-endpoint-certificate-store -Dversion=${VERSION} -Dpackaging=jar" />
+      <arg line=" install:install-file -Dfile=${AFD_PACKAGE_BASE}/vmware-endpoint-certificate-store.jar -DgroupId=${AFD_GROUP_BASE} -DartifactId=vmware-endpoint-certificate-store -Dversion=${VERSION} -Dpackaging=jar" />
     </exec>
   </target>
 
-  <target name="build" depends="install.vmware-dependencies">
+  <target name="goclients">
+    <exec executable="go" failonerror="true">
+      <env key="GOPATH" value="${MAINSRCROOT}/goclients" />
+      <env key="CGO_CFLAGS" value="-I${MAINSRCROOT}/ssoclients/common/include/public -I${MAINSRCROOT}/ssoclients/oidc/include/public" />
+      <env key="CGO_LDFLAGS" value="-L${build_dir}/ssoclients/common/src/.libs -L${build_dir}/ssoclients/oidc/src/.libs -lssocommon -lssooidc" />
+      <arg line="build oidc" />
+    </exec>
+  </target>
+
+  <target name="build" depends="install.vmware-dependencies, goclients">
     <exec executable="${maven}" failonerror="true">
       <env key="M2_HOME" value="${maven.home}"/>
       <env key="JAVA_HOME" value="${jre.home}"/>
-      <arg line=" -s settings.xml versions:set -DskipTests=true -Dmaven.javadoc.skip=true clean install" />
+      <arg line=" versions:set -DnewVersion=${VERSION} -DgenerateBackupPoms=false -DskipTests=true -Dmaven.javadoc.skip=true -Dbuild_dir=${build_dir} -DbuildDir=${build_dir}/${PRODUCT_NAME} clean install" />
     </exec>
     <antcall target="copy.uaa"/>
   </target>
@@ -59,4 +82,5 @@
     <copy file="uaa/samples/api/build/libs/cloudfoundry-identity-api-3.9.3.war" tofile="${PACKAGE_BASE}/uaa-api.war"/>
   </target>
 
+
 </project>
diff --git a/vmidentity/build/Makefile.bootstrap b/vmidentity/build/Makefile.bootstrap
index 16072bf69..33c0f0755 100644
--- a/vmidentity/build/Makefile.bootstrap
+++ b/vmidentity/build/Makefile.bootstrap
@@ -33,7 +33,6 @@ CLEAN_OBJECTS = \
     diagnostics \
     idm \
     interop \
-    jdepends \
     platform \
     config.log \
     config.status \
@@ -88,7 +87,6 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/openidconnect/server/src/main/resources/messages.properties \
     $(SRCROOT)/openidconnect/server/src/main/resources/locale \
     $(SRCROOT)/ROOT/target \
-    $(SRCROOT)/jdepends/target \
     $(SRCROOT)/diagnostics/target \
     $(SRCROOT)/platform/target \
     $(SRCROOT)/idm/interface/target \
@@ -103,8 +101,10 @@ CLEAN_OBJECTS = \
     $(SRCROOT)/sts/target \
     $(SRCROOT)/websso/target \
     $(SRCROOT)/lightwaveui/target \
-    $(SRCROOT)/sso-config/target
-
+    $(SRCROOT)/sso-config/target \
+    $(SRCROOT)/debugfiles.list \
+    $(SRCROOT)/debuglinks.list \
+    $(SRCROOT)/debugsources.list
 
 PKG_SPEC=vmware-sts.spec
 
@@ -131,7 +131,6 @@ package: $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
               --define "_javahome ${JAVA_HOME}" \
               --define "_antdir ${ANT_HOME}" \
               --define "_tomcatdir ${TOMCAT_HOME}" \
-              --define "_jaxwsdir ${JAXWS_HOME}" \
               --define "_mavendir ${MAVEN_HOME}" \
               --define "_version $(VMSTS_MAJOR_VER).$(VMSTS_MINOR_VER).$(VMSTS_RELEASE_VER)" \
               --define "_patch $(VMSTS_PATCH_VER)" \
diff --git a/vmidentity/build/Makefile.cclient.bootstrap b/vmidentity/build/Makefile.cclient.bootstrap
index 5a8e6e4ce..905bfbfce 100644
--- a/vmidentity/build/Makefile.cclient.bootstrap
+++ b/vmidentity/build/Makefile.cclient.bootstrap
@@ -54,7 +54,6 @@ package: $(RPMBUILD_SPECS)/$(PKG_SPEC) | $(RPMBUILD_DIRS)
               --define "_javahome ${JAVA_HOME}" \
               --define "_antdir ${ANT_HOME}" \
               --define "_tomcatdir ${TOMCAT_HOME}" \
-              --define "_jaxwsdir ${JAXWS_HOME}" \
               --define "_mavendir ${MAVEN_HOME}" \
               --define "_version $(VMSTS_MAJOR_VER).$(VMSTS_MINOR_VER).$(VMSTS_RELEASE_VER)" \
               --define "_patch $(VMSTS_PATCH_VER)" \
diff --git a/vmidentity/build/ant/buildcycle-template.xml b/vmidentity/build/ant/buildcycle-template.xml
deleted file mode 100644
index b7ec8b58f..000000000
--- a/vmidentity/build/ant/buildcycle-template.xml
+++ /dev/null
@@ -1,373 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<project name="internal-buildcycle">
-
-   <import file="presets.xml" />
-
-   <target name="after-clean" />
-   <target name="clean" depends="import-helper-tasks">
-      <delete dir="${build.project}" />
-
-      <antcall inheritrefs="true" target="after-clean" />
-   </target>
-
-   <!-- == == == == == == Initialize == == == == == == -->
-
-   <target name="after-init" />
-   <target name="init" depends="import-helper-tasks">
-
-      <var name="valid-targetsets"
-           value="main,test,osgi-bundle,webapp" />
-
-      <!-- Which target sets to build? -->
-      <for list="${target-sets}" param="target-set" trim="true">
-      <sequential>
-         <var name="is-targetset-valid" value="false" />
-         <for list="${valid-targetsets}" param="valid-targetset" trim="true">
-            <sequential>
-            <if>
-               <equals arg1="@{target-set}" arg2="@{valid-targetset}" />
-               <then><var name="is-targetset-valid" value="true" /></then>
-            </if>
-            </sequential>
-         </for>
-
-         <if>
-            <istrue value="${is-targetset-valid}" />
-            <then><property name="target-set.@{target-set}" value="true" /></then>
-            <else>
-               <fail message="Uknown target set: '@{target-set}'" />
-            </else>
-         </if>
-      </sequential>
-      </for>
-
-      <condition property="target-set.run-unit-tests">
-         <and>
-            <istrue value="${target-set.test}" />
-            <not><istrue value="${skipTests}" /></not>
-         </and>
-      </condition>
-
-      <!-- Create the output directories -->
-      <mkdir dir="${build.classes.main}" />
-      <mkdir dir="${build.endorsed}" />
-      <mkdir dir="${build.packing.webapp}" />
-      <mkdir dir="${build.reports}" />
-      <mkdir dir="${build.packages}" />
-      <mkdir dir="${build.dist}" />
-      <mkdir dir="${build.publish}" />
-      <mkdir dir="${build.instrumented.dir}" />
-      <mkdir dir="${build.classes.test}" />
-
-     <!-- Total or per-module report -->
-      <condition
-         property="build.resolved-test-logs"
-         value="${build.total-test-logs}"
-         else="${build.test-logs}">
-
-         <istrue value="${totalReport}" />
-      </condition>
-
-      <mkdir dir="${build.resolved-test-logs}" />
-
-      <antcall target="after-init" />
-   </target>
-
-   <!-- == == == == == == Target set: main == == == == == == -->
-
-   <target name="after-compile" />
-   <target name="compile" if="target-set.main">
-
-      <copy todir="${build.endorsed}" flatten="true">
-	 <path refid="java-endorsed" />
-      </copy>
-
-      <compile-dependency-helper srcdir="${src.main.java}"
-         destdir="${build.classes.main}" classpathref="classpath.main">
-
-         <include name="${arg.javac.main-include-pattern}" />
-         <exclude name="${arg.javac.main-exclude-pattern}" />
-      </compile-dependency-helper>
-
-      <call-javac
-         classpathref="classpath.main"
-         srcdir="${src.main.java}"
-         destdir="${build.classes.main}"
-         includes="${arg.javac.main-include-pattern}"
-         excludes="${arg.javac.main-exclude-pattern}"
-         includeantruntime="false" />
-
-      <antcall target="after-compile" />
-   </target>
-
-   <target name="after-process-resources" />
-   <target name="process-resources" depends="compile" if="target-set.main">
-      <if>
-         <available type="dir" file="${src.main.resources}" />
-         <then>
-            <copy todir="${build.classes.main}">
-               <fileset dir="${src.main.resources}" >
-                  <selector refid="src.main.internal-resources" />
-               </fileset>
-            </copy>
-         </then>
-      </if>
-
-      <if>
-         <istrue value="${put-sources-in-main}" />
-         <then>
-            <copy todir="${build.classes.main}">
-               <fileset dir="${src.main.java}" />
-            </copy>
-         </then>
-      </if>
-
-      <antcall target="after-process-resources" />
-   </target>
-
-   <target name="create-build-info-file" if="target-set.main">
-      <property name="markerfile" location="${build.classes.main}/build.properties" />
-      <echo level="debug"> Build info for  ${build.dist.bundle} may be found at ${markerfile}</echo>
-      <if>
-         <available type="file" file="${markerfile}" />
-         <else>
-            <echo file="${markerfile}" append="yes" message="official-build-number=${BUILD_NUMBER}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-            <echo file="${markerfile}" append="yes" message="branch=${BRANCH_NAME}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-            <echo file="${markerfile}" append="yes" message="changeset=${CHANGE_NUMBER}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-            <echo file="${markerfile}" append="yes" message="build-type=${OBJDIR}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-            <echo file="${markerfile}" append="yes" message="release-type=${RELTYPE}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-            <echo file="${markerfile}" append="yes" message="product-name=${PRODUCT_NAME}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-            <echo file="${markerfile}" append="yes" message="product-build-number=${PRODUCT_BUILD_NUMBER}" />
-            <echo file="${markerfile}" append="yes" message="${line.separator}"/>
-         </else>
-      </if>
-   </target>
-
-   <target name="after-package" />
-   <target name="package" depends="compile,create-build-info-file" if="target-set.main">
-      <if>
-         <isset property="src.main.resources.manifest_mf" />
-         <then>
-            <jar destfile="${build.packages.main}" basedir="${build.classes.main}"
-                 manifest="${src.main.resources.manifest_mf}" />
-         </then>
-         <else>
-            <jar destfile="${build.packages.main}" basedir="${build.classes.main}" />
-         </else>
-      </if>
-
-      <antcall target="after-package" />
-   </target>
-
-
-   <target name="after-package-sources" />
-   <target name="package-sources" depends="package" if="target-set.main">
-      <jar destfile="${build.packages.sources}" basedir="${src.main.java}" />
-
-      <antcall target="after-package-sources" />
-   </target>
-  
-   <!-- == == == == == == Target set: osgi-bundle == == == == == == -->
-
-   <target name="after-osgi-bundle" />
-   <target name="osgi-bundle" depends="package-sources" if="target-set.osgi-bundle">
-      <fail unless="src.conf.bundle-manifest-template"
-        message="Bundle manifest location 'src.conf.bundle-manifest-template' not set"/>
-
-      <bundlor-helper
-         inputPath="${build.packages.main}"
-         outputPath="${build.dist.bundle}"
-         manifestTemplatePath="${src.conf.bundle-manifest-template}" />
-
-      <antcall target="after-osgi-bundle" inheritrefs="${withClover}" />
-   </target>
-
-   <!-- == == == == == == Target set: webapp == == == == == == -->
-
-   <target name="after-process-webapp-resources" />
-   <target name="process-webapp-resources" depends="package"
-      if="target-set.webapp">
-
-      <mkdir dir="${build.packing.webapp}/META-INF" />
-      <mkdir dir="${build.packing.webapp}/WEB-INF/lib" />
-
-      <if>
-         <available type="dir" file="${src.main.webapp}" />
-         <then>
-            <copy todir="${build.packing.webapp}">
-               <fileset dir="${src.main.webapp}">
-                  <exclude name="WEB-INF/web.xml" />
-               </fileset>
-            </copy>
-         </then>
-      </if>
-
-      <copy todir="${build.packing.webapp}/WEB-INF/lib" flatten="true">
-         <resources refid="classpath.webapp-libs" />
-      </copy>
-
-      <antcall target="after-process-webapp-resources" />
-   </target>
-
-
-   <target name="generate-webapp-manifest" depends="process-webapp-resources"
-      if="target-set.webapp">
-
-      <manifest file="${build.packing.webapp-manifest_mf}" />
-      <!-- TODO: {Specification,Implementation}-{Title,Version,Vendor} -->
-   </target>
-   
-    <!-- == == == == == ==Target : test == == == == == == -->
-   <target name="test">
-      <!-- force unit test execution -->
-      <antcall target="build">
-         <param name="skipTests" value="false" />
-      </antcall>
-   </target>
-
-  <!-- == == == == == == ==  Target set : test == == == == == === == -->
-  <target name="generate-test-sources" />
-  <target name="after-compile-tests" />
-  <target name="compile-tests" depends="package-webapp" if="target-set.test">
-
-      <antcall target="generate-test-sources" inheritrefs="${withClover}" />
-      <echo message= "Compiling test classes files to :  ${build.classes.test}" />
-
-      <compile-dependency-helper srcdir="${src.test.java}"
-         destdir="${build.classes.test}" classpathref="classpath.test">
-
-         <include name="${arg.javac.test-include-pattern}" />
-         <exclude name="${arg.javac.test-exclude-pattern}" />
-      </compile-dependency-helper>
-
-      <call-javac
-         classpathref="classpath.test"
-         srcdir="${src.test.java}"
-         destdir="${build.classes.test}"
-         includes="${arg.javac.test-include-pattern}"
-         excludes="${arg.javac.test-exclude-pattern}" />
-      
-      <echo message="Tests compiled successfully" />
-
-      <antcall target="after-compile-tests" inheritrefs="${withClover}" />
-   </target>
-
-   <target name="after-process-test-resources" />
-   <target name="process-test-resources" depends="compile-tests" if="target-set.test">
-      <if>
-         <available type="dir" file="${src.test.resources}" />
-         <then>
-            <copy todir="${build.classes.test}">
-               <fileset dir="${src.test.resources}" />
-            </copy>
-         </then>
-      </if>
-
-      <if>
-         <istrue value="${put-sources-in-main}" />
-         <then>
-            <copy todir="${build.classes.test}">
-               <fileset dir="${src.test.java}" />
-            </copy>
-         </then>
-      </if>
-      <antcall target="after-process-test-resources" inheritrefs="${withClover}" />
-   </target>
-
-   <target name="after-package-tests" />
-   <target name="package-tests" depends="process-test-resources" if="target-set.test">
-      	<jar destfile="${build.packages.test}" basedir="${build.classes.test}" />
-      	<antcall target="after-package-tests" inheritrefs="${withClover}" />
-   </target>
-
-   <target name="after-execute-tests" />
-   <target name="execute-tests" depends="package-tests" if="target-set.run-unit-tests">
-        <echo message="Running unit tests now .." />
-         <if>
-	    <not><equals arg1="${runlist}" arg2="$${runlist}" /></not>
-            <then>
-
-              <!-- load runlist.txt from filesystem somewhere .... -Drunlist=runlist.txt -->
-	      <!-- runlist should be in format on each line : testClassName testMethod1,testMethod2,..-->
-	      <loadfile property="file.list" srcFile="${runlist}" />
-	      <echo message="${file.list}" />
-
-	      <for list="${file.list}" param="fileName" delimiter="${line.separator}">
-	          <sequential>
-		     <var name="test.name" unset="true" />
-	             <var name="test.methods" unset="true" />
-		     <propertyregex
-			property="test.name"
-	                input="@{fileName}"
-	                regexp="(.+) (.+)"
-			select="\1"/>
-	             <propertyregex
-			property="test.methods"
-	                input="@{fileName}"
-			regexp="(.+) (.+)"
-			select="\2"/>
-
-		     <echo message="Test class: ${test.name}" />
-		     <echo message="Test methodss: ${test.methods}" />
-
-		     <junit-test test="${test.name}" methods="${test.methods}"/>
-
-		  </sequential>
-	      </for>
-            </then>
-            <else>
-              <echo message="Running unit tests now..." />
-              <junit-test />
-            </else>
-         </if>
-
-         <antcall target="after-execute-tests" />
-   </target>
-
-   <target name="create-tests-report" depends="execute-tests" if="target-set.run-unit-tests">
-      <if>
-         <isfalse value="${totalReport}" />
-         <then>
-            <testreport-helper />
-         </then>
-      </if>
-   </target>
-
-   <target name="after-package-webapp" />
-   <target name="package-webapp" depends="generate-webapp-manifest"
-      if="target-set.webapp">
-
-      <war
-         destfile="${build.packages.webapp}"
-         basedir="${build.packing.webapp}"
-         manifest="${build.packing.webapp-manifest_mf}"
-         webxml="${src.conf.web_xml}" />
-
-      <antcall target="after-package-webapp" />
-   </target>
-
-   <!-- == == == == == == Build == == == == == == -->
-   <target name="build"
-         depends="init,
-                  compile,
-                  process-resources,
-                  package,
-                  process-webapp-resources,
-                  generate-webapp-manifest, 
-                  package-webapp,
-                  compile-tests,
-		  process-test-resources,
-		  package-tests,
-		  execute-tests,
-                  create-tests-report" />
-
-   <target name="rebuild" depends="clean,build" />
-
-</project>
diff --git a/vmidentity/build/ant/defaults.xml b/vmidentity/build/ant/defaults.xml
deleted file mode 100644
index 9effcbc60..000000000
--- a/vmidentity/build/ant/defaults.xml
+++ /dev/null
@@ -1,205 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
-  Default attribute values for the build.
- -->
-<project name="internal-property-defaults">
-
-   <import file="libraries.xml" />
-
-   <!-- - - - - - compiler arguments - - - - - -->
-
-   <!--
-     Each "arg.javac.something" property shall be passed as it is to the
-     "something" property of the javac task.
-   -->
-   <property name="arg.javac.deprecation" value="true" />
-   <property name="arg.javac.debug" value="true" />
-   <property name="arg.javac.fork" value="false" />
-   <property name="arg.javac.failonerror" value="true" />
-   <property name="arg.javac.optimize" value="false" />
-   <property name="arg.javac.source-version" value="1.7" /> <!-- corresponds to "source" -->
-   <property name="arg.javac.target-version" value="1.7" /> <!-- corresponds to "target" -->
-
-   <!--
-     Include/Exclude patterns for the compile and compile-tests targets.
-   -->
-   <property name="arg.javac.main-include-pattern" value="**/*.java" />
-   <property name="arg.javac.main-exclude-pattern" value="" />
-
-   <property name="arg.javac.test-include-pattern" value="**/*.java" />
-   <property name="arg.javac.test-exclude-pattern" value="" />
-
-   <selector id="src.main.internal-resources"
-             description="Specifies which resources must go in the package.">
-      <filename name="**/*" />
-   </selector>
-
-
-   <!-- - - - - - - - - junit arguments - - - - - - - -->
-
-   <!--
-     Each "arg.junit.something" property shall be passed as it is to the
-     "something" property of the junit task.
-   -->
-   <property name="arg.junit.fork" value="true" /> <!-- if this variable is set to false then assertions should be enabled differently, not with assertions subelement of junit task -->
-   <property name="arg.junit.showoutput" value="false" />
-   <property name="arg.junit.haltonfailure" value="true" />
-   <property name="arg.junit.maxmemory" value="128m" />
-   <property name="arg.junit.printsummary" value="withOutAndErr" />
-   <property name="arg.junit.forked-jvm-args-line" value="-javaagent:${buildRoot}/../depends/aspectjweaver-1.6.9.jar" />
-
-   <!-- - - - - - source file and directories - - - - - -->
-
-   <property name="srcRoot" location="${basedir}" />
-
-   <property name="src.main.java" location="${srcRoot}/src/main/java" />
-   <property name="src.main.scripts" location="${srcRoot}/src/main/scripts" />
-   <property name="src.main.resources" location="${srcRoot}/src/main/resources" />
-   <property name="src.main.webapp" location="${srcRoot}/src/main/webapp" />
-
-   <property name="src.test.java" location="${srcRoot}/src/test/java" />
-   <property name="src.test.resources" location="${srcRoot}/src/test/resources" />
-
-   <property name="src.conf.web_xml" location="${src.main.webapp}/WEB-INF/web.xml" />
-   <property name="src.conf.findbugs-filter" location="${srcRoot}/findbugs-excludes.xml" />
-   <property name="src.conf.pmd-rulesets" value="rulesets/internal/all-java.xml" />
-
-
-   <!-- - - - - - build directories - - - - - -->
-
-   <!-- map from GoBuild-style (all uppercase) to local style names -->
-   <property name="BUILD_ROOT" location="../../build/${PRODUCT_NAME}" />
-   <property name="buildRoot" location="${BUILD_ROOT}" />
-
-   <property name="PUBLISH_DIR" location="${buildRoot}/publish" />
-   <property name="build.dist"  location="${buildRoot}/dist" />
-   <property name="build.publish" location="${PUBLISH_DIR}" />
-
-   <property name="COMPONENT_DIST_DIR" location="${build.dist}" />
-
-   <property name="build.project" location="${buildRoot}/${ant.project.name}" />
-
-   <property name="build.classes.main" location="${build.project}/classes" />
-   <property name="build.endorsed" location="${build.project}/endorsed" />
-   <property name="build.classes.test" location="${build.project}/test-classes" />
-   <property name="build.packing.webapp" location="${build.project}/webapp" />
-   <property name="build.packing.webapp-manifest_mf"
-      location="${build.packing.webapp}/META-INF/manifest.mf" />
-
-   <property name="build.test-logs" location="${build.project}/test-logs" />
-   <property name="build.total-test-logs" location="${buildRoot}/test-logs" />
-
-   <property name="build.reports" location="${build.project}/analysis-reports" />
-   <property name="test.reports" location="${build.project}/test-reports" />
-
-   <property name="build.instrumented.dir" location="${build.project}/instrumented" />
-   <property name="coverage.xml.dir" location="${test.reports}/XML Coverage" />
-   <property name="coverage.summaryxml.dir" location="${test.reports}/Summary XML Coverage" />
-   <property name="coverage.html.dir" location="${test.reports}/HTML Coverage" />
-
-   <property name="build.reports.findbugs_xml"
-	   location="${build.reports}/findbugs-report.xml" />
-   <property name="build.reports.findbugs_html"
-         location="${build.reports}/findbugs-report.html" />
-
-   <!-- available FindBugs templates: plain, default, fancy -->
-   <property name="build.reports.findbugs-template" value="plain" />
-
-   <property name="build.reports.pmd_html" location="${build.reports}/pmd-report.html" />
-   <property name="build.reports.pmd_xml" location="${build.reports}/pmd-report.xml" />
-   <property name="build.reports.pmd_html-template" value="corley-pmd-report.xslt" /> <!-- corley or wz -->
-
-   <property name="build.reports.pmd.cpd_xml" value="${build.reports}/pmd-cpd-report.xml"/>
-   <property name="build.reports.pmd.cpd_html-template" value="cpdhtml.xslt"/>
-
-   <!-- All (intermediate) packages go here -->
-   <property name="build.packages" location="${buildRoot}/packages" />
-
-   <!-- - - - - - - - - - default deliverables names - - - - - - - - - - -->
-   <property name="build.packages.main"
-         location="${build.packages}/${ant.project.name}.jar" />
-
-   <property name="build.dist.bundle"
-         location="${build.dist}/${ant.project.name}.jar" />
-
-   <property name="build.packages.test"
-         location="${build.packages}/${ant.project.name}-tests.jar" />
-
-   <property name="build.packages.sources"
-         location="${build.packages}/${ant.project.name}-src.jar" />
-
-   <property name="build.packages.webapp"
-         location="${build.packages}/${ant.project.name}.war" />
-
-
-   <!-- - - - - Miscellaneous parameters for controlling the build - - - - -->
-
-   <property name="BUILD_NUMBER" value="dev" />
-   <property name="buildNumber" value="${BUILD_NUMBER}" />
-   <!-- by default: set to dummy value in lieu of gobuild support -->
-   <property name="VERSION_MAJOR" value="0" />
-   <property name="VERSION_MINOR" value="0" />
-   <property name="VERSION_MAINT" value="0" />
-
-   <property name="bundle.version" value="0.0.1.${buildNumber}"/>
-
-   <!-- by default: do not run unit tests -->
-   <property name="skipTests" value="true" />
-
-   <!-- by default: abort the build on failed unit test -->
-   <property name="haltOnTestFail" value="true" />
-
-   <!-- by default: do no run static analysis tools -->
-   <property name="skipAnalysis" value="true"/>
-
-   <!-- See "init" in buildcycle-template.xml for the list of valid target sets -->
-   <property name="target-sets" value="main,test" />
-
-   <!-- - - - - - - - SSO client jars default locations - - - - - - - - -->
-
-   <property name="jars.wstClient"
-             location="${build.packages}/wstClient.jar" />
-   <property name="jars.samltoken"
-             location="${build.packages}/samltoken.jar" />
-
-   <!-- - - - - - Default classpaths for various stages/targets - - - - - - -->
-
-   <path id="java-endorsed" />
-
-   <path id="classpath.test">
-      <path refid="classpath.main" />
-      <pathelement location="${build.packages.main}" />
-      <fileset refid="jar-set.junit" />
-   </path>
-
-   <path id="classpath.run-tests">
-      <pathelement location="${build.instrumented.dir}" />
-      <pathelement location="${build.classes.test}" />
-      <path refid="classpath.test" />
-      <path refid="classpath.main" />
-   </path>
-
-   <path id="classpath.webapp-libs">
-      <pathelement location="${build.packages.main}" />
-      <path refid="classpath.main" />
-   </path>
-
-   <property name="classpath.pmd.resources.xslt"
-	     location="${libs.pmd-home}/etc/xslt" />
-
-   <fileset id="classpath.main.plus.test.without.generated.classes" dir="${srcRoot}/src">
-      <include name="main/java/com/**/*.java"/>
-      <include name="test/java/**/*.java"/>
-   </fileset>
-
-   <property name="pmd.minPrio" value="3" />
-   <property name="pmd.failOnRuleViolation" value="false" />
-   <property name="checkstyle.maxErrors" value="0" />
-   <property name="checkstyle.failOnRuleViolation" value="false" />
-
-   <!-- - - - - - - the default set of unit tests to execute - - - - - - - -->
-   <fileset id="unit-test-classes" dir="${build.classes.test}">
-      <include name="**/*Test.class"/>
-      <exclude name="**/*$*.class"/>
-   </fileset>
-</project>
diff --git a/vmidentity/build/ant/libraries.xml b/vmidentity/build/ant/libraries.xml
deleted file mode 100644
index fe3327adf..000000000
--- a/vmidentity/build/ant/libraries.xml
+++ /dev/null
@@ -1,220 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project name="internal-library-sets">
-
-   <property environment="env" />
-
-   <!-- - - - - - Ant Task Libraries - - - - - -->
-
-   <property name="libs.ant-contrib-home"
-             location="/var/opt/ant-contrib" />
-
-   <fileset id="jar-set.apache-commons-daemon"
-            dir="${MAINSRCROOT}/build/depends">
-        <include name="commons-daemon-1.0.10.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.apache-commons-cli" dir="${MAINSRCROOT}/build/depends">
-        <include name="commons-cli-1.2.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.tomcat-coyote" dir="${MAINSRCROOT}/build/depends">
-        <include name="tomcat-coyote-7.0.26.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.tomcat-catalina" dir="${MAINSRCROOT}/build/depends">
-        <include name="tomcat-catalina-7.0.25.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.apache-httpclient" dir="${MAINSRCROOT}/build/depends">
-        <include name="httpclient-4.3.3.jar"/>
-        <include name="httpcore-4.3.2.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.jaxb-core" dir="${MAINSRCROOT}/build/depends">
-        <include name="jaxb-core-2.2.10.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.apache-commons-lang" dir="${MAINSRCROOT}/build/depends">
-       <include name="commons-lang-2.5.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.jsr-250" dir="${MAINSRCROOT}/build/depends">
-        <include name="jsr250-api-1.0.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.jsr-173" dir="${MAINSRCROOT}/build/depends">
-        <include name="jsr173-1.0.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.saaj-api" dir="${MAINSRCROOT}/build/depends">
-        <include name="saaj-api-1.3.1.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.http" dir="${MAINSRCROOT}/build/depends">
-        <include name="http-20070405.jar" />
-   </fileset>
-
-   <fileset id="jar-set.objenesis" dir="${MAINSRCROOT}/build/depends">
-	<include name="objenesis-1.2.jar" />
-   </fileset>
-
-   <fileset id="jar-set.cglib" dir="${MAINSRCROOT}/build/depends">
-	<include name="cglib-2.2.jar" />
-   </fileset>
-
-   <fileset id="jar-set.easymock" dir="${MAINSRCROOT}/build/depends">
-        <include name="easymock-3.0.jar" />
-   </fileset>
-
-   <fileset id="jar-set.clover" dir="${MAINSRCROOT}/build/depends">
-	<include name="clover-3.0.2.jar" />
-   </fileset>
-
-   <fileset id="jar-set.woodstox" dir="${MAINSRCROOT}/build/depends">
-        <include name="stax2-api-3.0.1.jar" />
-        <include name="woodstox-core-asl-4.0.5.jar" />
-   </fileset>
-
-   <fileset id="jar-set.apache-commons-lang-3.3" dir="${MAINSRCROOT}/build/depends">
-        <include name="commons-lang3-3.3.1.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.velocity" dir="${MAINSRCROOT}/build/depends">
-        <include name="velocity-1.5.jar" />
-   </fileset>
-
-   <fileset id="jar-set.commons-collections" dir="${MAINSRCROOR}/build/depends">
-        <include name="commons-collections-3.2.1.jar" />
-   </fileset>
-
-   <fileset id="jar-set.esapi" dir="${MAINSRCROOT}/build/depends">
-       <include name="esapi-2.0.1.jar" />
-   </fileset>
-
-   <fileset id="jar-set.opensaml" dir="${MAINSRCROOT}/build/depends">
-        <include name="opensaml-2.5.3.jar"/>
-   </fileset>
-   <fileset id="jar-set.cglib" dir="${MAINSRCROOT}/build/depends">
-        <include name="cglib-2.2.jar"/>
-   </fileset>
-   <fileset id="jar-set.asm" dir="${MAINSRCROOT}/build/depends">
-        <include name="asm-3.3.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.opensaml-lib" dir="${MAINSRCROOT}/build/depends">
-       <include name="xmltooling-1.3.4.jar" />
-       <include name="openws-1.4.4.jar" />
-       <include name="joda-time-1.6.2.jar" />
-       <include name="opensaml-2.5.3.jar" />
-       <include name="javax.servlet-api-3.0.1.jar" />
-       <include name="xmlsec-1.4.5.jar" />
-   </fileset>
-   
-   <fileset id="jar-set.joda-time" dir="${MAINSRCROOT}/build/depends">
-        <include name="joda-time-1.6.2.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.apache-commons-logging" dir="${MAINSRCROOT}/build/depends">
-        <include name="commons-logging-1.1.1.jar"/>
-   </fileset>
-   
-   <fileset id="jar-set.bouncy-castle" dir="${MAINSRCROOT}/build/depends">
-      <include name="bcprov-jdk15on-*.jar" />
-      <include name="bcpkix-jdk15on-*.jar" /> 
-   </fileset>
-
-   <fileset id="jar-set.jna" dir="${MAINSRCROOT}/build/depends">
-        <include name="jna.jar"/>
-        <include name="platform.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.commons-codec" dir="${MAINSRCROOT}/build/depends">
-        <include name="commons-codec-1.4.jar" />
-   </fileset>
-
-   <fileset id="jar-set.commons-collections" dir="${MAINSRCROOT}/build/depends" >
-        <include name="commons-collections-3.2.1.jar" />
-   </fileset>
-
-   <fileset id="jar-set.junit" dir="${MAINSRCROOT}/build/depends">
-      <include name="junit-4.4.jar" />
-   </fileset>
-
-   <fileset id="jar-set.activation" dir="${MAINSRCROOT}/build/depends">
-        <include name="activation-1.1.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.servlet-api" dir="${MAINSRCROOT}/build/depends">
-        <include name="javax.servlet-api-3.0.1.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.jcip-annotations" dir="${MAINSRCROOT}/build/depends">
-        <include name="jcip-annotations-1.0.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.json-smart" dir="${MAINSRCROOT}/build/depends">
-        <include name="json-smart-1.1.1.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.lang-tag" dir="${MAINSRCROOT}/build/depends">
-        <include name="lang-tag-1.4.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.mail" dir="${MAINSRCROOT}/build/depends">
-        <include name="mail-1.4.7.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.nimbus-jose-jwt" dir="${MAINSRCROOT}/build/depends">
-        <include name="nimbus-jose-jwt-4.12.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.ouath2-oidc-sdk" dir="${MAINSRCROOT}/build/depends">
-        <include name="oauth2-oidc-sdk-4.9.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.commons-validator" dir="${MAINSRCROOT}/build/depends">
-        <include name="commons-validator-1.4.0.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.log4j" dir="${MAINSRCROOT}/build/depends">
-      <include name="log4j-1.2.16.jar" />
-   </fileset>
-
-   <fileset id="jar-set.LOG4J2" dir="${MAINSRCROOT}/build/depends">
-        <include name="log4j-1.2-api-2.0.2.jar"/>
-        <include name="log4j-api-2.2.jar"/>
-        <include name="log4j-core-2.2.jar"/>
-        <include name="log4j-slf4j-impl-2.2.jar"/>
-        <include name="slf4j-api-1.7.10.jar"/>
-        <include name="jcl-over-slf4j-1.7.10.jar"/>
-   </fileset>
-   
-   <fileset id="jar-set.jstl-1.2" dir="${MAINSRCROOT}/build/depends" >
-        <include name="jstl-api-1.2.jar" />
-        <include name="jstl-impl-1.2.jar" />
-   </fileset>
-
-   <fileset id="jar-set.spring-framework-4.0.6" dir="${MAINSRCROOT}/build/depends"> 
-       <include name="spring-aop-4.0.6.RELEASE.jar" />
-       <include name="spring-beans-4.0.6.RELEASE.jar" />
-       <include name="spring-context-4.0.6.RELEASE.jar" />
-       <include name="spring-core-4.0.6.RELEASE.jar" />
-       <include name="spring-expression-4.0.6.RELEASE.jar" />
-       <include name="spring-test-4.0.6.RELEASE.jar" />
-       <include name="spring-web-4.0.6.RELEASE.jar" />
-       <include name="spring-webmvc-4.0.6.RELEASE.jar" />
-   </fileset>
-
-   <fileset id="jar-set.opensaml.endorsed" dir="${MAINSRCROOT}/build/depends">
-      <include name="serializer-2.7.1.jar"/>
-      <include name="xalan-2.7.1.jar"/>
-      <include name="xercesImpl-2.10.0.jar"/>
-      <include name="xml-apis-1.4.01.jar"/>
-      <include name="xml-resolver-1.2.jar"/>
-   </fileset>
-
-   <fileset id="jar-set.opensaml.xmltooling" dir="${MAINSRCROOT}/build/depends">
-      <include name="xmltooling-1.3.4.jar"/>
-   </fileset>
-
-</project>
diff --git a/vmidentity/build/ant/presets.xml b/vmidentity/build/ant/presets.xml
deleted file mode 100644
index 4b36d9c0e..000000000
--- a/vmidentity/build/ant/presets.xml
+++ /dev/null
@@ -1,314 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<project name="internal-compiler-presets" >
-
-   <import file="libraries.xml" />
-
-   <target name="import-helper-tasks" unless="flow.helper-tasks-defined">
-      <taskdef resource="net/sf/antcontrib/antcontrib.properties">
-         <classpath>
-            <pathelement
-               location="${libs.ant-contrib-home}/ant-contrib-1.0b3.jar"/>
-         </classpath>
-      </taskdef>
-
-      <taskdef resource="net/sf/antcontrib/antlib.xml">
-         <classpath location="${libs.ant-contrib-home}/ant-contrib-1.0b3.jar" />
-      </taskdef>
-
-      <property name="flow.helper-tasks-defined" value="true" />
-   </target>
-
-   <macrodef name="find-file-by-age">
-      <attribute name="age" default="youngest" />
-      <attribute name="property-dirname" />
-      <attribute name="property-basename" />
-      <element name="from" implicit="true" />
-
-      <sequential>
-         <var name="tmp-build.find-latest-file-name" unset="true" />
-         <timestampselector
-            property="tmp-build.find-latest-file-name"
-            count="1"
-            age="@{age}">
-
-            <path>
-               <from />
-            </path>
-         </timestampselector>
-
-         <dirname
-            file="${tmp-build.find-latest-file-name}"
-            property="@{property-dirname}"/>
-         <basename
-            file="${tmp-build.find-latest-file-name}"
-            property="@{property-basename}"/>
-      </sequential>
-   </macrodef>
-
-   <macrodef name="if-outofdate">
-      <attribute name="property" default="" />
-      <element name="sourcefiles" />
-      <element name="targetfiles" />
-      <element name="do" optional="true" />
-
-      <sequential>
-         <var name="tmp-build.outofdate-src-latest-basename" unset="true" />
-         <var name="tmp-build.outofdate-src-latest-dirname" unset="true" />
-         <find-file-by-age
-            property-basename="tmp-build.outofdate-src-latest-basename"
-            property-dirname="tmp-build.outofdate-src-latest-dirname">
-
-            <sourcefiles />
-         </find-file-by-age>
-
-         <var name="tmp-build.outofdate-dst-eldest-basename" unset="true" />
-         <var name="tmp-build.outofdate-dst-eldest-dirname" unset="true" />
-         <find-file-by-age
-            age="eldest"
-            property-basename="tmp-build.outofdate-dst-eldest-basename"
-            property-dirname="tmp-build.outofdate-dst-eldest-dirname">
-
-            <targetfiles />
-         </find-file-by-age>
-
-         <fileset id="tmp-build.outofdate-in-src"
-            dir="${tmp-build.outofdate-src-latest-dirname}"
-            includes="${tmp-build.outofdate-src-latest-basename}">
-
-            <depend targetdir="${tmp-build.outofdate-dst-eldest-dirname}">
-               <mapper
-                  type="merge"
-                  to="${tmp-build.outofdate-dst-eldest-basename}" />
-            </depend>
-         </fileset>
-
-         <if>
-            <not><equals arg1="${toString:tmp-build.outofdate-in-src}" arg2="" /></not>
-            <then>
-               <if>
-                  <not><equals arg1="@{property}" arg2="" /></not>
-                  <then><property name="@{property}" value="true" /></then>
-               </if>
-
-               <do />
-            </then>
-         </if>
-      </sequential>
-   </macrodef>
-
-   <presetdef name="call-javac">
-      <!-- TODO: add the rest of the javac arguments -->
-
-      <!--
-      Setting a specific compiler breaks Clover!
-      Consequently we also can't set compiler specific settings.
-      -->
-      <javac
-         deprecation="${arg.javac.deprecation}"
-         debug="${arg.javac.debug}"
-         optimize="${arg.javac.optimize}"
-         fork="${arg.javac.fork}"
-         failonerror="${arg.javac.failonerror}"
-         source="${arg.javac.source-version}"
-         target="${arg.javac.target-version}"
-
-         includes="**/*.java">
-         <compilerarg value="-Djava.endorsed.dirs=${build.endorsed}" />
-      </javac>
-   </presetdef>
-
-   <macrodef name="compile-dependency-helper">
-      <attribute name="srcdir" />
-      <attribute name="destdir" />
-      <attribute name="classpathref" />
-      <element name="source-includes" implicit="true" optional="true" />
-      <sequential>
-         <if-outofdate>
-            <sourcefiles>
-               <fileset dir="@{srcdir}">
-                  <source-includes />
-               </fileset>
-               <path refid="@{classpathref}" />
-            </sourcefiles>
-
-            <targetfiles>
-               <fileset dir="@{destdir}" />
-            </targetfiles>
-
-            <do>
-               <delete>
-                  <fileset dir="@{destdir}" />
-               </delete>
-            </do>
-         </if-outofdate>
-      </sequential>
-   </macrodef>
-
- <macrodef name="junit-wrapper">
-      <attribute name="classpathref" default="classpath.run-tests" />
-      <element name="junit-options" implicit="true" optional="true" />
-
-      <sequential>
-         <junit
-            dir="${build.classes.test}"
-            fork="${arg.junit.fork}"
-            showoutput="${arg.junit.showoutput}"
-            haltonfailure="${arg.junit.haltonfailure}"
-            maxmemory="${arg.junit.maxmemory}"
-            printsummary="${arg.junit.printsummary}"
-
-            failureproperty="tmp-build.unittests-have-failed">
-
-            <classpath refid="@{classpathref}" />
-
-            <formatter type="xml" />
-            <formatter type="plain" />
-	    <sysproperty key="net.sourceforge.cobertura.datafile"
-                file="${build.cobertura.instrumented.file}" />
-
-            <jvmarg line="${arg.junit.forked-jvm-args-line}" />
-            <junit-options />
-	    <assertions>
-	      <enable/>
-	    </assertions> 
-         </junit>
-      </sequential>
-   </macrodef>
-
-   <macrodef name="junit-test">
-      <attribute name="logdir" default="${build.resolved-test-logs}" />
-      <attribute name="classpathref" default="classpath.run-tests" />
-      <attribute name="test" default="" />
-      <attribute name="methods" default="*" />
-      <element name="junit-options" implicit="true" optional="true" />
-
-      <sequential>
-         <if>
-            <not><equals arg1="@{test}" arg2=""/></not>
-            <then>
-               <!-- single test case; only execute if no runTest requested -->
-               <if>
-                  <not><isset property="runTest" /></not>
-                  <then>
-		    <if>
-		      <equals arg1="@{methods}" arg2="*"/>
-		      <then>
-			<junit-wrapper classpathref="@{classpathref}">
-			  <test todir="@{logdir}" name="@{test}"/>
-			  <junit-options />
-			</junit-wrapper>
-		      </then>
-		      <else>
-			<junit-wrapper classpathref="@{classpathref}">
-			  <test todir="@{logdir}" name="@{test}" methods="@{methods}"/>
-			  <junit-options />
-			</junit-wrapper>
-		      </else>
-		    </if>
-                  </then>
-               </if>
-            </then>
-
-            <!-- "runTest" is set forcing us to execute just this test -->
-            <elseif><isset property="runTest" />
-            <then>
-               <var name="tmp-build.requested-run-test" unset="true" />
-               <propertyregex
-                  property="tmp-build.requested-run-test"
-                  input="${runTest}"
-                  regexp="\." replace="/" defaultValue="${runTest}"/>
-
-               <junit-wrapper classpathref="@{classpathref}">
-                  <batchtest todir="@{logdir}">
-                     <fileset dir="${build.classes.test}">
-                        <filename name="**/${tmp-build.requested-run-test}.class" />
-                     </fileset>
-                  </batchtest>
-
-                  <junit-options />
-               </junit-wrapper>
-            </then>
-            </elseif>
-
-            <!-- standard behaviour: execute all unit-test-classes -->
-            <else>
-               <junit-wrapper classpathref="@{classpathref}">
-                  <batchtest todir="@{logdir}">
-                     <fileset refid="unit-test-classes" />
-                  </batchtest>
-
-                  <junit-options />
-               </junit-wrapper>
-            </else>
-         </if>
-      </sequential>
-   </macrodef>
-
-   <macrodef name="testreport-helper">
-      <attribute name="logdir" default="${build.resolved-test-logs}" />
-      <attribute name="failmessage"
-         default="One or more tests have failed. Aborting the build." />
-      <sequential>
-         <if>
-            <istrue value="${withClover}" />
-            <then>
-               <!-- Clover reports both coverage and test results -->
-               <clover-report initstring="@{logdir}/clover/db">
-                  <current outfile="@{logdir}">
-                     <format type="html" filter="log, iflog" />
-                  </current>
-               </clover-report>
-            </then>
-            <else>
-               <!-- JUnit reports only test results -->
-               <junitreport todir="@{logdir}">
-                  <fileset dir="@{logdir}">
-                     <include name="TEST-*.xml" />
-                  </fileset>
-                  <report format="frames" todir="@{logdir}" />
-               </junitreport>
-
-               <if>
-		  <isfalse value="${skipAnalysis}" />
-		  <then>
-		    <!-- <cobertura-check branchrate="34" totallinerate="100" /> -->
-		    <!-- failonerror -->
-		    <cobertura-report srcdir="${src.main.java}" destdir="${coverage.xml.dir}" format="xml" datafile="${build.cobertura.instrumented.file}" />
-		    <cobertura-report srcdir="${src.main.java}" destdir="${coverage.summaryxml.dir}" format="summaryXml" datafile="${build.cobertura.instrumented.file}" />
-		    <cobertura-report destdir="${coverage.html.dir}" datafile="${build.cobertura.instrumented.file}">
-			<fileset dir="${src.main.java}">
-			  <include name="**/*.java"/>
-			</fileset>
-		    </cobertura-report>
-		  </then>
-		</if>
-            </else>
-         </if>
-
-         <var name="tmp-build.must-halt" unset="true" />
-         <condition property="tmp-build.must-halt">
-            <and>
-               <isset property="tmp-build.unittests-have-failed" />
-               <istrue value="${haltOnTestFail}" />
-            </and>
-         </condition>
-
-         <fail if="tmp-build.must-halt" message="@{failmessage}" />
-      </sequential>
-   </macrodef>
-
-   <presetdef name="make-module">
-      <ant antfile="build.xml" target="build"
-         inheritall="false" inheritrefs="false">
-
-         <propertyset negate="true">
-            <propertyref name="srcRoot" />
-            <propertyref prefix="src" />
-            <propertyref prefix="build"/>
-         </propertyset>
-      </ant>
-   </presetdef>
-
-</project>
-
diff --git a/vmidentity/build/package/rpm/vmware-sts-c-client.spec b/vmidentity/build/package/rpm/vmware-sts-c-client.spec
deleted file mode 100644
index b174fc6f0..000000000
--- a/vmidentity/build/package/rpm/vmware-sts-c-client.spec
+++ /dev/null
@@ -1,57 +0,0 @@
-Name:    vmware-sts-c-client
-Summary: VMware Secure Token Service C Client
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  openssl >= 1.0.2
-BuildRequires: openssl-devel >= 1.0.2
-
-%define _dbdir %_localstatedir/lib/vmware/vmsts
-
-%description
-C Client libraries to communicate with VMware Secure Token Service
-
-%build
-
-cd build
-autoreconf -mif .. &&
-../configure --prefix=%{_prefix} \
-             --libdir=%{_lib64dir} \
-             --localstatedir=%{_dbdir} \
-             --with-afd=%{_prefix} \
-             --with-likewise=%{_likewise_open_prefix} \
-             --with-jansson=%{_janssondir} \
-             --with-curl=%{_curldir} \
-             --with-ssl=%{_ssldir} \
-             --with-java=%{_javahome} \
-             --with-commons-daemon=%{_commons_daemondir} \
-             --with-ant=%{_antdir} \
-             --with-tomcat=%{_tomcatdir} \
-             --with-jax-ws=%{_jaxwsdir} \
-             --with-maven=%{_mavendir}
-
-cd ssoclients
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build/ssoclients && make install DESTDIR=%{buildroot}
-
-%files
-%defattr(-,root,root,0755)
-%{_includedir}/*.h
-%{_lib64dir}/*.so*
-%{_lib64dir}/*.la
-%{_lib64dir}/*.a
-
-%exclude %{_bindir}/*test
-
-# %doc ChangeLog README COPYING
-
-%changelog
-
diff --git a/vmidentity/build/package/rpm/vmware-sts.spec b/vmidentity/build/package/rpm/vmware-sts.spec
deleted file mode 100644
index 316a17ff8..000000000
--- a/vmidentity/build/package/rpm/vmware-sts.spec
+++ /dev/null
@@ -1,250 +0,0 @@
-Name:    vmware-sts
-Summary: VMware Secure Token Service
-Version: %{_version}
-Release: %{_patch}
-Group:   Applications/System
-Vendor:  VMware, Inc.
-License: VMware
-URL:     http://www.vmware.com
-BuildArch: x86_64
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, likewise-open >= 6.2.10, vmware-directory = %{version}, vmware-afd = %{version}, vmware-ca = %{version}, openjre >= 1.8.0.112, commons-daemon >= 1.0.15, apache-tomcat >= 8.5.8, %{name}-client = %{version}
-BuildRequires: coreutils >= 8.22, openssl-devel >= 1.0.2, likewise-open-devel >= 6.2.10, vmware-directory-client-devel = %{version}, vmware-afd-client-devel = %{version}, vmware-ca-client-devel = %{version}, openjdk >= 1.8.0.112, apache-ant >= 1.9.4
-
-%define _dbdir %_localstatedir/lib/vmware/vmsts
-%define _jarsdir %_prefix/jars
-%define _binsdir %_prefix/bin
-%define _webappsdir %_prefix/vmware-sts/webapps
-%define _backupdir /tmp/sso
-%define _lwisbindir %_likewise_open_prefix/bin
-
-%if 0%{?_javahome:1} == 0
-%define _javahome %_javahome
-%endif
-
-%description
-VMware Secure Token Server
-
-%package client
-Summary: VMware Secure Token Service Client
-Requires:  coreutils >= 8.22, openssl >= 1.0.2, openjre >= 1.8.0.45, vmware-directory-client >= %{version}, likewise-open >= 6.2.10
-%description client
-Client libraries to communicate with VMware Secure Token Service
-
-%package samples
-Summary: VMware Secure Token Service Samples
-Requires:  vmware-sts-client >= %{version}
-%description samples
-Samples for VMware Secure Token Service
-
-%build
-
-cd build
-autoreconf -mif .. &&
-../configure --prefix=%{_prefix} \
-             --libdir=%{_lib64dir} \
-             --localstatedir=%{_dbdir} \
-             --with-afd=%{_prefix} \
-             --with-likewise=%{_likewise_open_prefix} \
-             --with-jansson=%{_janssondir} \
-             --with-curl=%{_curldir} \
-             --with-ssl=%{_ssldir} \
-             --with-java=%{_javahome} \
-             --with-commons-daemon=%{_commons_daemondir} \
-             --with-ant=%{_antdir} \
-             --with-tomcat=%{_tomcatdir} \
-             --with-jax-ws=%{_jaxwsdir} \
-             --with-maven=%{_mavendir}
-make
-
-%install
-
-[ %{buildroot} != "/" ] && rm -rf %{buildroot}/*
-cd build && make install DESTDIR=%{buildroot}
-
-%pre
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-if [[ $1 -gt 1 ]]
-then
-    if [ ! -d %{_backupdir} ];
-    then
-        /bin/mkdir "%{_backupdir}"
-    fi
-    /bin/cp "%{_prefix}/vmware-sts/conf/server.xml" "%{_backupdir}/server.xml"
-fi
-
-%post
-
-    # First argument is 1 => New Installation
-    # First argument is 2 => Upgrade
-    /sbin/ldconfig
-
-    /bin/mkdir -m 700 -p %{_dbdir}
-
-case "$1" in
-    1)
-
-        /bin/systemctl enable vmware-stsd.service >/dev/null 2>&1
-        if [ $? -ne 0 ]; then
-            /bin/ln -s /lib/systemd/system/vmware-stsd.service /etc/systemd/system/multi-user.target.wants/vmware-stsd.service
-        fi
-        /bin/systemctl >/dev/null 2>&1
-        if [ $? -eq 0 ]; then
-            /bin/systemctl daemon-reload
-        fi
-
-        ;;
-
-    2)
-        %{_sbindir}/configure-build.sh "%{_backupdir}"
-        ;;
-esac
-
-if [ -x "%{_lwisbindir}/lwregshell" ]
-then
-    %{_lwisbindir}/lwregshell list_keys "[HKEY_THIS_MACHINE\Software\VMware\Identity]" > /dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        # add key if not exist
-        %{_lwisbindir}/lwregshell add_key "[HKEY_THIS_MACHINE\Software]"
-        %{_lwisbindir}/lwregshell add_key "[HKEY_THIS_MACHINE\Software\VMware]"
-        %{_lwisbindir}/lwregshell add_key "[HKEY_THIS_MACHINE\Software\VMware\Identity]"
-    fi
-
-    %{_lwisbindir}/lwregshell list_values "[HKEY_THIS_MACHINE\Software\VMware\Identity]" | grep "Release" > /dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        # add value if not exist
-        %{_lwisbindir}/lwregshell add_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Release" REG_SZ "Lightwave"
-    fi
-
-    %{_lwisbindir}/lwregshell list_values "[HKEY_THIS_MACHINE\Software\VMware\Identity]" | grep "Version" > /dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        # add value if not exist
-        %{_lwisbindir}/lwregshell add_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Version" REG_SZ "%{_version}"
-    else
-        # set value if exists
-        %{_lwisbindir}/lwregshell set_value "[HKEY_THIS_MACHINE\Software\VMware\Identity]" "Version" "%{_version}"
-    fi
-fi
-
-%preun
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-if [ "$1" = 0 ]; then
-    /bin/systemctl >/dev/null 2>&1
-    if [ $? -eq 0 ]; then
-
-         if [ -f /etc/systemd/system/vmware-stsd.service ]; then
-             /bin/systemctl stop vmware-stsd.service
-             /bin/systemctl disable vmware-stsd.service
-             /bin/rm -f /etc/systemd/system/vmware-stsd.service
-             /bin/systemctl daemon-reload
-         fi
-    fi
-fi
-
-%postun
-
-    /sbin/ldconfig
-
-    # First argument is 0 => Uninstall
-    # First argument is 1 => Upgrade
-
-    case "$1" in
-        0)
-            /bin/rm -rf %{_dbdir}
-
-            if [ -x "%{_lwisbindir}/lwregshell" ]
-            then
-                %{_lwisbindir}/lwregshell list_keys "[HKEY_THIS_MACHINE\Software\VMware\Identity]" > /dev/null 2>&1
-                if [ $? -eq 0 ]; then
-                    # delete key if exist
-                    %{_lwisbindir}/lwregshell delete_tree "[HKEY_THIS_MACHINE\Software\VMware\Identity]"
-                fi
-            fi
-
-            ;;
-    esac
-
-%files
-%defattr(-,root,root,0755)
-/lib/systemd/system/vmware-stsd.service
-%{_sbindir}/vmware-stsd.sh
-%{_sbindir}/configure-build.sh
-%{_sbindir}/sso-config.sh
-%{_includedir}/*.h
-%{_lib64dir}/*.so*
-%{_binsdir}/test-ldapbind
-%{_binsdir}/test-logon
-%{_binsdir}/test-svr
-%{_jarsdir}/openidconnect-client-lib.jar
-%{_jarsdir}/openidconnect-common.jar
-%{_jarsdir}/openidconnect-protocol.jar
-%{_jarsdir}/samlauthority.jar
-%{_jarsdir}/vmware-identity-diagnostics.jar
-%{_jarsdir}/vmware-identity-idm-server.jar
-%{_jarsdir}/vmware-identity-rest-afd-server.jar
-%{_jarsdir}/vmware-identity-rest-core-server.jar
-%{_jarsdir}/vmware-identity-rest-idm-server.jar
-%{_jarsdir}/vmware-directory-rest-server.jar
-%{_jarsdir}/vmware-identity-install.jar
-%{_jarsdir}/vmware-identity-sso-config.jar
-%{_jarsdir}/websso.jar
-%{_jarsdir}/sts.jar
-%{_jarsdir}/openidconnect-server.jar
-%{_webappsdir}/lightwaveui.war
-%{_webappsdir}/ROOT.war
-%{_datadir}/config/idm/*
-%config %attr(600, root, root) %{_prefix}/vmware-sts/bin/setenv.sh
-%config %attr(600, root, root) %{_prefix}/vmware-sts/bin/vmware-identity-tomcat-extensions.jar
-
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/catalina.policy
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/catalina.properties
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/context.xml
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/logging.properties
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/server.xml
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/web.xml
-%config %attr(600, root, root) %{_prefix}/vmware-sts/conf/tomcat-users.xml
-
-%exclude %{_lib64dir}/*.la
-%exclude %{_lib64dir}/*.a
-
-%files client
-%defattr(-,root,root)
-%{_jarsdir}/samltoken.jar
-%{_jarsdir}/vmware-identity-rest-idm-common.jar
-%{_jarsdir}/vmware-directory-rest-common.jar
-%{_jarsdir}/vmware-directory-rest-client.jar
-%{_jarsdir}/vmware-identity-rest-core-common.jar
-%{_jarsdir}/vmware-identity-websso-client.jar
-%{_jarsdir}/vmware-identity-platform.jar
-%{_jarsdir}/vmware-identity-wsTrustClient.jar
-%{_jarsdir}/vmware-identity-rest-afd-common.jar
-%{_jarsdir}/openidconnect-common.jar
-%{_jarsdir}/vmware-identity-depends.jar
-%{_jarsdir}/openidconnect-client-lib.jar
-%{_jarsdir}/vmware-identity-idm-client.jar
-%{_jarsdir}/vmware-identity-idm-interface.jar
-%{_jarsdir}/vmware-identity-rest-afd-client.jar
-%{_jarsdir}/vmware-identity-rest-core-client.jar
-%{_jarsdir}/vmware-identity-rest-idm-client.jar
-%{_jarsdir}/vmware-directory-rest-client.jar
-%{_includedir}/*.h
-%{_lib64dir}/*.so*
-
-%exclude %{_bindir}/*test
-
-# %doc ChangeLog README COPYING
-
-%files samples
-%{_webappsdir}/openidconnect-sample-rp.war
-%{_webappsdir}/uaa-api.war
-%{_webappsdir}/uaa-app.war
-%{_webappsdir}/uaa-manager.war
-%{_jarsdir}/vmware-identity-rest-idm-samples.jar
-
-
-%changelog
-
diff --git a/vmidentity/commons/pom.xml b/vmidentity/commons/pom.xml
index f9159ec49..756e39cfa 100644
--- a/vmidentity/commons/pom.xml
+++ b/vmidentity/commons/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.commons</groupId>
diff --git a/vmidentity/commons/samltoken/pom.xml b/vmidentity/commons/samltoken/pom.xml
index 4153ec70b..ac129795f 100644
--- a/vmidentity/commons/samltoken/pom.xml
+++ b/vmidentity/commons/samltoken/pom.xml
@@ -6,22 +6,41 @@
   <parent>
     <groupId>com.vmware.identity.commons</groupId>
     <artifactId>vmware-identity-commons</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>samltoken</artifactId>
-  <packaging>bundle</packaging>
+  <packaging>jar</packaging>
   <name>SAML Token Library</name>
 
   <build>
     <plugins>
-      <!-- Build OSGi Manifest -->
+
+    <plugin>
+      <artifactId>maven-jar-plugin</artifactId>
+      <configuration>
+        <archive>
+        <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+        </archive>
+      </configuration>
+     </plugin>
+    
+     <!-- Build OSGi Manifest -->
       <plugin>
         <groupId>org.apache.felix</groupId>
         <artifactId>maven-bundle-plugin</artifactId>
         <version>${maven.bundle.plugin.version}</version>
         <extensions>true</extensions>
-      </plugin>
+         <executions>
+          <execution>
+            <id>bundle-manifest</id>
+            <phase>process-classes</phase>
+            <goals>
+              <goal>manifest</goal>
+            </goals>
+          </execution>
+        </executions>
+     </plugin>
     </plugins>
   </build>
 
diff --git a/vmidentity/commons/samltoken/src/main/resources/MANIFEST.MF b/vmidentity/commons/samltoken/src/main/resources/MANIFEST.MF
index 2aa751da6..757352ba3 100644
--- a/vmidentity/commons/samltoken/src/main/resources/MANIFEST.MF
+++ b/vmidentity/commons/samltoken/src/main/resources/MANIFEST.MF
@@ -3,5 +3,5 @@ Name: samltoken
 Specification-Title: VMSTS component - Samltoken
 Specification-Vendor: VMware Inc.
 Specification-Version: 6.6.0
-Class-Path: log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar
+Class-Path: log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar
 
diff --git a/vmidentity/config/vmsts-telegraf.conf b/vmidentity/config/vmsts-telegraf.conf
new file mode 100644
index 000000000..b4aa223d5
--- /dev/null
+++ b/vmidentity/config/vmsts-telegraf.conf
@@ -0,0 +1,3 @@
+[[inputs.procstat]]
+  pid_file="/var/log/vmware/sso/tcserver.pid"
+  prefix="stsd"
diff --git a/vmidentity/config/vmware-stsd.service.in b/vmidentity/config/vmware-stsd.service.in
index 853591d0b..4bd1cb333 100644
--- a/vmidentity/config/vmware-stsd.service.in
+++ b/vmidentity/config/vmware-stsd.service.in
@@ -6,7 +6,7 @@ Requires=lwsmd.service
 [Service]
 Type=forking
 ExecStart=/opt/vmware/sbin/vmware-stsd.sh start
-SuccessExitStatus=143
+SuccessExitStatus=0
 
 [Install]
 WantedBy=multi-user.target
diff --git a/vmidentity/config/vmware-stsd.sh.in b/vmidentity/config/vmware-stsd.sh.in
index ef8df7838..942129860 100755
--- a/vmidentity/config/vmware-stsd.sh.in
+++ b/vmidentity/config/vmware-stsd.sh.in
@@ -5,7 +5,7 @@ INSTANCE_NAME=vmware-sts
 VMWARE_INSTANCE=$VMWARE_HOME/$INSTANCE_NAME
 VMWARE_STS_CONFIG=$VMWARE_HOME/config
 
-JAVA_HOME=${JAVA_HOME:-@JAVA_HOME@}
+JAVA_HOME=/etc/alternatives/jre
 JSVC_HOME=${JSVC_HOME:-@COMMONS_DAEMON_HOME@}
 JSVC_BIN=@JSVC@
 DEFAULT_MAX_RAM=256m
@@ -18,7 +18,7 @@ DAEMON_CLASS=org.apache.catalina.startup.Bootstrap
 # JAVA Security Properties
 JAVA_SEC_PROP=/etc/vmware/java/vmware-override-java.security
 
-# STS Instance 
+# STS Instance
 SERVICE_NAME=vmware-sts-stsd
 
 STSD_LOG_DIR="/var/log/vmware/sso"
@@ -62,21 +62,22 @@ StartService()
             $JAVA_OPTS \
             $CATALINA_OPTS \
             -Djava.endorsed.dirs="$CATALINA_HOME/endorsed" \
-            -classpath "$CATALINA_HOME/lib/*:$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/tomcat-juli.jar:$CATALINA_BASE/bin/vmware-identity-tomcat-extensions.jar" \
+            -classpath "$JSVC_HOME/*:$CATALINA_HOME/lib/*:$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/tomcat-juli.jar:$CATALINA_BASE/bin/vmware-identity-tomcat-extensions.jar" \
             -Dcatalina.base=$CATALINA_BASE \
             -Dcatalina.home=$CATALINA_HOME \
             -Dvmware.log.dir=$STSD_LOG_DIR \
             -Dorg.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true \
             -Djava.io.tmpdir="$CATALINA_BASE/temp" \
+            -Djavax.xml.transform.TransformerFactory=com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl \
             $DAEMON_CLASS start
 
     rc=$?
     if [ $rc -ne 0 ]; then
         echo "Failed to start STS service. Error code : $rc"
-    else 
-	echo "STS(Secure Tokebn service) started successfully!"
+    else
+	echo "STS(Secure Token service) started successfully!"
     fi
-      
+
     return $rc
 }
 
diff --git a/vmidentity/configure.ac b/vmidentity/configure.ac
deleted file mode 100644
index b30271753..000000000
--- a/vmidentity/configure.ac
+++ /dev/null
@@ -1,536 +0,0 @@
-AC_PREREQ(2.59)
-
-AC_INIT([vmsts], [6.0.0], [support@vmware.com])
-AC_CANONICAL_SYSTEM
-AM_INIT_AUTOMAKE([-Wall -Werror foreign])
-AC_CONFIG_HEADERS([include/config.h])
-AC_CONFIG_MACRO_DIR([m4])
-m4_pattern_allow([AM_PROG_AR])
-AM_PROG_AR
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-
-dnl Check supported operating systems
-dnl
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-        PLATFORM_LIB_PREFIX=lib64
-        ;;
-    darwin*:x86_64)
-        PLATFORM_LIB_PREFIX=lib
-        ;;
-    *)
-        AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-        ;;
-esac
-
-CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_GNU_SOURCE -fPIC"
-
-AM_CPPFLAGS="$AM_CPPFLAGS -I${top_srcdir}/include"
-AM_CFLAGS="$AM_CFLAGS -Wall -Werror -fno-strict-aliasing"
-
-AC_SUBST(AM_CPPFLAGS)
-AC_SUBST(AM_CFLAGS)
-
-AC_ARG_ENABLE([debug],
-    [AC_HELP_STRING([--enable-debug], [enable debugging (default: disabled)])],
-    [
-        if test x"$enableval" = x"yes"
-        then
-            AM_CFLAGS="$AM_CFLAGS -g -O0"
-            AM_CPPFLAGS="$AM_CPPFLAGS -DDEBUG -DLDAP_DEBUG"
-        fi
-    ])
-
-# jansson components
-
-AC_ARG_WITH([jansson],
-    [AC_HELP_STRING([--with-jansson=<dir>], [use jansson binaries rooted at prefix <dir> ])],
-    [
-        JANSSON_BASE_PATH="$withval"
-        JANSSON_INCLUDES="-I$withval/include"
-        JANSSON_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([jansson-includes],
-    [AC_HELP_STRING([--with-jansson-includes=<dir>], [use jansson headers located in prefix <dir> ])],
-    [
-        JANSSON_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([jansson-libs],
-    [AC_HELP_STRING([--with-jansson-libs=<dir>], [use jansson libraries located in prefix <dir> ])],
-    [
-        JANSSON_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(JANSSON_BASE_PATH)
-AC_SUBST(JANSSON_INCLUDES)
-AC_SUBST(JANSSON_LDFLAGS)
-
-# CURL components
-
-AC_ARG_WITH([curl],
-    [AC_HELP_STRING([--with-curl=<dir>], [use CURL binaries rooted at prefix <dir> ])],
-    [
-        CURL_BASE_PATH="$withval"
-        CURL_INCLUDES="-I$withval/include"
-        CURL_LDFLAGS="-L$withval/lib"
-    ])
-
-AC_ARG_WITH([curl-includes],
-    [AC_HELP_STRING([--with-curl-includes=<dir>], [use CURL headers located in prefix <dir> ])],
-    [
-        CURL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([curl-libs],
-    [AC_HELP_STRING([--with-curl-libs=<dir>], [use CURL libraries located in prefix <dir> ])],
-    [
-        CURL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(CURL_BASE_PATH)
-AC_SUBST(CURL_INCLUDES)
-AC_SUBST(CURL_LDFLAGS)
-
-# vmafd component
-
-AC_ARG_WITH([afd],
-    [AC_HELP_STRING([--with-afd=<dir>], [use afd-server binaries rooted at prefix <dir> ])],
-    [
-        VMAFD_BASE_PATH="$withval"
-        VMAFD_INCLUDES="-I$withval/include"
-        VMAFD_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/usr/lib/vmware-vmafd/lib64"
-    ])
-
-AC_ARG_WITH([afd-includes],
-    [AC_HELP_STRING([--with-afd-includes=<dir>], [use afd-server headers located in prefix <dir> ])],
-    [
-        VMAFD_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([afd-libs],
-    [AC_HELP_STRING([--with-afd-libs=<dir>], [use afd-server libraries located in prefix <dir> ])],
-    [
-        VMAFD_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(VMAFD_BASE_PATH)
-AC_SUBST(VMAFD_INCLUDES)
-AC_SUBST(VMAFD_LDFLAGS)
-
-# openssl component
-
-AC_ARG_WITH([ssl],
-    [AC_HELP_STRING([--with-ssl=<dir>], [use SSL binaries rooted at prefix <dir> ])],
-    [
-        OPENSSL_BASE_PATH="$withval"
-        OPENSSL_INCLUDES="-I$withval/include"
-        OPENSSL_LDFLAGS="-L$withval/lib64 -Wl,-rpath,/opt/vmware/lib64 -Wl,-rpath-link,/opt/vmware/lib64"
-    ])
-
-AC_ARG_WITH([ssl-includes],
-    [AC_HELP_STRING([--with-ssl-includes=<dir>], [use SSL headers located in prefix <dir> ])],
-    [
-        OPENSSL_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([ssl-libs],
-    [AC_HELP_STRING([--with-ssl-libs=<dir>], [use SSL libraries located in prefix <dir> ])],
-    [
-        OPENSSL_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(OPENSSL_BASE_PATH)
-AC_SUBST(OPENSSL_INCLUDES)
-AC_SUBST(OPENSSL_LDFLAGS)
-
-# Java component
-
-AC_ARG_WITH([java],
-    [AC_HELP_STRING([--with-java=<dir>], [use Java binaries rooted at prefix <dir> ])],
-    [
-        JAVA_HOME="$withval"
-        JAVA=$JAVA_HOME/bin/java
-        TOOLS_CLASSPATH=$JAVA_HOME/lib/tools.jar
-    ])
-
-AC_PATH_PROG([JAVAC], [javac], [no], [$PATH:$JAVA_HOME/bin])
-
-if test x"$JAVAC" = x"no"; then
-    AC_MSG_ERROR([JAVAC compiler not found])
-fi
-
-AC_SUBST(JAVA_HOME)
-AC_SUBST(JAVA)
-AC_SUBST(TOOLS_CLASSPATH)
-
-# Ant component
-
-AC_ARG_WITH([ant],
-    [AC_HELP_STRING([--with-ant=<dir>], [use Ant binaries rooted at prefix <dir> ])],
-    [
-        ANT_HOME="$withval"
-        ANT_CLASSPATH=$ANT_HOME/lib/ant.jar:$ANT_HOME/lib/ant-launcher.jar
-    ])
-
-AC_PATH_PROG([ANT], [ant], [no], [$PATH:$JAVA_HOME/bin:$ANT_HOME/bin])
-
-if test x"$ANT" = x"no"; then
-    AC_MSG_ERROR([ANT compiler not found])
-fi
-
-AC_SUBST(ANT_HOME)
-AC_SUBST(ANT_CLASSPATH)
-
-# Commons Daemon component
-
-AC_ARG_WITH([commons-daemon],
-    [AC_HELP_STRING([--with-commons-daemon=<dir>], [use Commons daemon binaries rooted at prefix <dir> ])],
-    [
-        COMMONS_DAEMON_HOME="$withval"
-        JSVC=$COMMONS_DAEMON_HOME/bin/jsvc
-    ])
-
-AC_SUBST(COMMONS_DAEMON_HOME)
-AC_SUBST(JSVC)
-
-# JAX-WS component
-
-AC_ARG_WITH([jax-ws],
-    [AC_HELP_STRING([--with-jax-ws=<dir>], [use JAX WS binaries rooted at prefix <dir> ])],
-    [
-        JAX_WS_HOME="$withval"
-    ])
-
-AC_SUBST(JAX_WS_HOME)
-
-# Maven component
-
-AC_ARG_WITH([maven],
-    [AC_HELP_STRING([--with-maven=<dir>], [use Apache Maven  binaries rooted at prefix <dir> ])],
-    [
-        MAVEN_HOME="$withval"
-    ])
-
-AC_SUBST(MAVEN_HOME)
-
-
-# Tomcat component
-
-AC_ARG_WITH([tomcat],
-    [AC_HELP_STRING([--with-tomcat=<dir>], [use Apache Tomcat binaries rooted at prefix <dir> ])],
-    [
-        TOMCAT_HOME="$withval"
-        TOMCAT_CLASSPATH=$TOMCAT_HOME/lib/servlet-api.jar
-    ])
-
-AC_SUBST(TOMCAT_HOME)
-AC_SUBST(TOMCAT_CLASSPATH)
-
-# Tomcat component
-
-AC_ARG_WITH([afd],
-    [AC_HELP_STRING([--with-afd=<dir>], [use VMware Authentication Framework binaries rooted at prefix <dir> ])],
-    [
-        VMAFD_HOME="$withval"
-        VMAFD_CLASSPATH=$VMAFD_HOME/jars/authentication-framework.jar
-    ])
-
-AC_SUBST(VMAFD_HOME)
-AC_SUBST(VMAFD_CLASSPATH)
-
-# Likewise components
-
-case "${host_os}:${host_cpu}" in
-    linux*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib64
-    ;;
-    darwin*:x86_64)
-    LIKEWISE_DEFAULT_PATH=/opt/likewise/lib
-    ;;
-    *)
-    AC_ERROR("Unsupported operating system - ${host_os}:${host_cpu}")
-    ;;
-esac
-
-AC_ARG_WITH([likewise],
-    [AC_HELP_STRING([--with-likewise=<dir>], [use likewise binaries rooted at prefix <dir> ])],
-    [
-        LW_BASE_PATH="$withval"
-        LW_INCLUDES="-I$withval/include"
-        LW_LDFLAGS="-L$withval/$PLATFORM_LIB_PREFIX -Wl,-rpath,$LIKEWISE_DEFAULT_PATH -Wl,-rpath-link,$withval/$PLATFORM_LIB_PREFIX"
-    ])
-
-AC_ARG_WITH([likewise-includes],
-    [AC_HELP_STRING([--with-likewise-includes=<dir>], [use likewise headers located in prefix <dir> ])],
-    [
-        LW_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([likewise-libs],
-    [AC_HELP_STRING([--with-likewise-libs=<dir>], [use likewise libraries located in prefix <dir> ])],
-    [
-        LW_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(LW_BASE_PATH)
-AC_SUBST(LW_INCLUDES)
-AC_SUBST(LW_LDFLAGS)
-
-DCERPC_PATH=$LW_BASE_PATH/bin
-DCERPC_INCLUDES=$LW_INCLUDES
-DCERPC_LDFLAGS=$LW_LDFLAGS
-
-AC_ARG_WITH([dcerpc],
-    [AC_HELP_STRING([--with-dcerpc=<dir>], [use DCERPC binaries rooted at prefix <dir> ])],
-    [
-        DCERPC_PATH="$withval/bin"
-        DCERPC_INCLUDES="-I$withval/include"
-        DCERPC_LDFLAGS="-L$withval/lib64"
-    ])
-
-AC_ARG_WITH([dcerpc-includes],
-    [AC_HELP_STRING([--with-dcerpc-includes=<dir>], [use DCERPC headers located in prefix <dir> ])],
-    [
-        DCERPC_INCLUDES="-I$withval"
-    ])
-
-AC_ARG_WITH([dcerpc-libs],
-    [AC_HELP_STRING([--with-dcerpc-libs=<dir>], [use DCERPC libraries located in prefix <dir> ])],
-    [
-        DCERPC_LDFLAGS="-L$withval"
-    ])
-
-AC_SUBST(DCERPC_PATH)
-AC_SUBST(DCERPC_INCLUDES)
-AC_SUBST(DCERPC_LDFLAGS)
-
-for i in $CPPFLAGS ${DCERPC_INCLUDES} ${LW_INCLUDES}; do
-    j=`echo $i | grep '^-I'`
-    if test x != x"$j"
-    then
-        IDLFLAGS="$IDLFLAGS $j"
-    fi
-done
-
-AC_SUBST(IDLFLAGS)
-
-saved_CPPFLAGS="$CPPFLAGS"
-CPPFLAGS="$CPPFLAGS $LW_INCLUDES"
-AC_CHECK_HEADERS(lw/base.h lwmem.h lw/types.h uuid/uuid.h limits.h)
-AC_CHECK_HEADERS(openssl/crypto.h openssl/ssl.h openssl/err.h)
-CPPFLAGS="$saved_CPPFLAGS"
-
-AC_HEADER_STDC
-AC_CHECK_HEADERS(pthread.h errno.h sys/types.h stdio.h string.h strings.h)
-AC_CHECK_HEADERS(unistd.h time.h inttypes.h sys/socket.h netdb.h syslog.h)
-AC_CHECK_HEADERS(stdlib.h locale.h stddef.h stdarg.h assert.h signal.h)
-AC_CHECK_HEADERS(ctype.h netinet/in.h)
-AC_CHECK_HEADERS(pwd.h grp.h nss.h nss_common.h nsswitch.h shadow.h crypt.h)
-AC_CHECK_HEADERS(termios.h)
-
-AC_C_CONST
-AC_TYPE_SIZE_T
-
-AC_FUNC_VPRINTF
-AC_CHECK_FUNCS(strerror)
-
-AC_CHECK_LIB([dl], [dlopen], [DL_LIBS="-ldl"])
-AC_CHECK_LIB([pthread], [pthread_self], [PTHREAD_LIBS="-lpthread"])
-AC_CHECK_LIB([uuid],[uuid_copy], [UUID_LIBS="-luuid"], [], [$LW_LDFLAGS -luuid])
-AC_CHECK_LIB(
-    [crypto],
-    [MD5_Init],
-    [CRYPTO_LIBS="-lcrypto -lssl"],
-    [],
-    [$OPENSSL_LDFLAGS])
-AC_CHECK_LIB([lber], [ber_scanf], [LBER_LIBS="-llber"], [], [$LW_LDFLAGS -llber])
-AC_CHECK_LIB(
-    [gssapi_krb5],
-    [gss_accept_sec_context],
-    [GSSAPI_LIBS="-lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err"],
-    [],
-    [$LW_LDFLAGS -lgssapi_krb5 -lkrb5 -lk5crypto -lkrb5support -lcom_err])
-AC_CHECK_LIB([sasl2], [sasl_server_init], [SASL_LIBS="-lsasl2"], [], [$SASL_LDFLAGS])
-AC_CHECK_LIB([ldap_r], [ldap_initialize], [LDAP_LIBS="-lldap_r -llber"], [], [$LW_LDFLAGS -llber $SASL_LDFLAGS $SASL_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwbase],
-    [LwRtlMemoryAllocate],
-    [LWBASE_LIBS="-llwbase -llwbase_nothr"],
-    [],
-    [$LW_LDFLAGS -llwbase_nothr])
-AC_CHECK_LIB(
-    [lwadvapi],
-    [LwFreeMemory],
-    [LWADVAPI_LIBS="-llwadvapi -llwadvapi_nothr"],
-    [],
-    [$LW_LDFLAGS -llwadvapi_nothr $LWBASE_LIBS $LDAP_LIBS $GSSAPI_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwmsg],
-    [lwmsg_connection_new],
-    [LWMSG_LIBS="-llwmsg -llwmsg_nothr"],
-    [],
-    [$LW_LDFLAGS -llwmsg_nothr $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [regclient],
-    [LwRegOpenKeyExW],
-    [LWREG_LIBS="-lregclient -lregcommon"],
-    [],
-    [$LW_LDFLAGS -lregcommon $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [rsutils],
-    [RegUtilSetValue],
-    [LWRSUTILS_LIBS="-lrsutils"],
-    [],
-    [$LW_LDFLAGS -lrsutils $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS])
-AC_CHECK_LIB(
-    [schannel],
-    [schn_init_creds],
-    [SCHANNEL_LIBS="-lschannel"],
-    [],
-    [$LW_LDFLAGS $LWBASE_LIBS $OPENSSL_LDFLAGS $CRYPTO_LIBS])
-AC_CHECK_LIB(
-    [lwioclient],
-    [LwNtCreateFile],
-    [LWIO_LIBS="-llwioclient -llwioshareinfo -llwiocommon"],
-    [],
-    [$LW_LDFLAGS -llwioshareinfo -llwiocommon
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS $GSSAPI_LIBS
-    ])
-AC_CHECK_LIB(
-    [dcerpc],
-    [rpc__init],
-    [DCERPC_LIBS="-ldcerpc"],
-    [],
-    [$DCERPC_LDFLAGS $OPENSSL_LDFLAGS $GSSAPI_LIBS $SCHANNEL_LIBS $CRYPTO_LIBS $LWIO_LIBS
-     $LWREG_LIBS $LWMSG_LIBS $LWBASE_LIBS
-    ])
-AC_CHECK_LIB(
-    [jansson],
-    [json_loads],
-    [JANSSON_LIBS="-ljansson"],
-    [],
-    [$JANSSON_LDFLAGS])
-AC_CHECK_LIB(
-    [curl],
-    [main],
-    [CURL_LIBS="-lcurl"],
-    [],
-    [$CURL_LDFLAGS])
-
-AC_CHECK_LIB([shadow], [getspnam], [SHADOW_LIBS="-lshadow"])
-AC_CHECK_LIB([crypt], [crypt_r], [CRYPT_LIBS="-lcrypt"])
-
-AC_SUBST(DL_LIBS)
-AC_SUBST(PTHREAD_LIBS)
-AC_SUBST(GSSAPI_LIBS)
-AC_SUBST(LWBASE_LIBS)
-AC_SUBST(LWADVAPI_LIBS)
-AC_SUBST(LWMSG_LIBS)
-AC_SUBST(LWREG_LIBS)
-AC_SUBST(LWRSUTILS_LIBS)
-AC_SUBST(CRYPTO_LIBS)
-AC_SUBST(SCHANNEL_LIBS)
-AC_SUBST(LWIO_LIBS)
-AC_SUBST(DCERPC_LIBS)
-AC_SUBST(UUID_LIBS)
-AC_SUBST(LDAP_LIBS)
-AC_SUBST(LBER_LIBS)
-AC_SUBST(SHADOW_LIBS)
-AC_SUBST(CRYPT_LIBS)
-AC_SUBST(SASL_LIBS)
-AC_SUBST(JANSSON_LIBS)
-AC_SUBST(ZLIB_LIBS)
-AC_SUBST(CARES_LIBS)
-AC_SUBST(CURL_LIBS)
-
-AC_PATH_PROG([IDL], [dceidl], [no], [$PATH:$DCERPC_PATH])
-
-if test x"$IDL" = x"no"; then
-    AC_MSG_ERROR([DCERPC IDL compiler not found])
-fi
-
-if test x"$localstatedir" = x"/var"; then
-    vmstsdbdir="$localstatedir/lib/vmware/vmsts"
-else
-    vmstsdbdir="$localstatedir"
-fi
-AC_SUBST(vmstsdbdir)
-AS_AC_EXPAND(VMSTS_DB_DIR, $vmstsdbdir)
-AC_SUBST(VMSTS_DB_DIR)
-AC_DEFINE_UNQUOTED(VMSTS_DB_DIR, "$VMSTS_DB_DIR", [Database directory])
-
-VMSTS_PREFIX_DIR="$prefix"
-AC_SUBST(VMSTS_PREFIX_DIR)
-
-VMSTS_SBIN_DIR="$prefix/sbin"
-AC_SUBST(VMSTS_SBIN_DIR)
-
-vmstsjarsdir="$prefix/jars"
-AC_SUBST(vmstsjarsdir)
-
-vmstswebappsdir="$prefix/vmware-sts/webapps"
-AC_SUBST(vmstswebappsdir)
-
-vmstsconfdir="$prefix/vmware-sts/conf"
-AC_SUBST(vmstsconfdir)
-
-vmstsbindir="$prefix/vmware-sts/bin"
-AC_SUBST(vmstsbindir)
-
-vmidmconfdir="$datadir/config/idm"
-AC_SUBST(vmidmconfdir)
-
-systemddir="/lib/systemd/system"
-AC_SUBST(systemddir)
-
-AC_CONFIG_FILES([Makefile
-                 config/setenv.sh
-                 config/vmware-stsd.sh
-                 config/vmware-stsd.service
-                 config/configure-build.sh
-                 interop/Makefile
-                 interop/idm/Makefile
-                 interop/idm/ad/Makefile
-                 interop/idm/ad/server/Makefile
-                 interop/idm/common/Makefile
-                 interop/idm/localos/Makefile
-                 ssoclients/Makefile
-                 ssoclients/common/Makefile
-                 ssoclients/common/include/Makefile
-                 ssoclients/common/include/public/Makefile
-                 ssoclients/common/src/Makefile
-                 ssoclients/common/test/Makefile
-                 ssoclients/oidc/Makefile
-                 ssoclients/oidc/include/Makefile
-                 ssoclients/oidc/include/public/Makefile
-                 ssoclients/oidc/src/Makefile
-                 ssoclients/oidc/test/Makefile
-                 ssoclients/restclient/Makefile
-                 ssoclients/restclient/coreclient/Makefile
-                 ssoclients/restclient/coreclient/include/Makefile
-                 ssoclients/restclient/coreclient/include/public/Makefile
-                 ssoclients/restclient/coreclient/src/Makefile
-                 ssoclients/restclient/idmclient/Makefile
-                 ssoclients/restclient/idmclient/include/Makefile
-                 ssoclients/restclient/idmclient/include/public/Makefile
-                 ssoclients/restclient/idmclient/src/Makefile
-                 ssoclients/restclient/afdclient/Makefile
-                 ssoclients/restclient/afdclient/include/Makefile
-                 ssoclients/restclient/afdclient/include/public/Makefile
-                 ssoclients/restclient/afdclient/src/Makefile
-                 ssoclients/restclient/vmdirclient/Makefile
-                 ssoclients/restclient/vmdirclient/include/Makefile
-                 ssoclients/restclient/vmdirclient/include/public/Makefile
-                 ssoclients/restclient/vmdirclient/src/Makefile
-                 ssoclients/restclient/test/Makefile
-                 ssoclients/restclient/test/src/Makefile
-                 build-maven/Makefile
-                 make-target/Makefile
-                ])
-AC_OUTPUT
-
diff --git a/vmidentity/diagnostics/pom.xml b/vmidentity/diagnostics/pom.xml
index 9ff50a2ef..3a63d8a59 100644
--- a/vmidentity/diagnostics/pom.xml
+++ b/vmidentity/diagnostics/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-diagnostics</artifactId>
diff --git a/vmidentity/diagnostics/src/main/java/com/vmware/identity/diagnostics/VMIdentityLogger.java b/vmidentity/diagnostics/src/main/java/com/vmware/identity/diagnostics/VMIdentityLogger.java
index dc167ffa9..56882863e 100644
--- a/vmidentity/diagnostics/src/main/java/com/vmware/identity/diagnostics/VMIdentityLogger.java
+++ b/vmidentity/diagnostics/src/main/java/com/vmware/identity/diagnostics/VMIdentityLogger.java
@@ -19,8 +19,11 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Marker;
 import org.apache.logging.log4j.ThreadContext;
+import org.apache.logging.log4j.message.EntryMessage;
 import org.apache.logging.log4j.message.Message;
 import org.apache.logging.log4j.message.MessageFactory;
+import org.apache.logging.log4j.util.MessageSupplier;
+import org.apache.logging.log4j.util.Supplier;
 
 class VMIdentityLogger extends IDiagnosticsLogger{
     private final Logger _logger;
@@ -1334,4 +1337,1564 @@ public boolean isEnabled(Level arg0, Marker arg1, String arg2,
         return this._logger.isEnabled(arg0);
     }
 
+    @Override
+    public boolean isEnabled(Level level, Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public boolean isEnabled(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        return this._logger.isEnabled(level, marker);
+    }
+
+    @Override
+    public void debug(Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message);
+    }
+
+    @Override
+    public void debug(Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, t);
+    }
+
+    @Override
+    public void debug(CharSequence message) {
+        // dispatch to this._logger
+        this._logger.debug(message);
+    }
+
+    @Override
+    public void debug(CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.debug(message, t);
+    }
+
+    @Override
+    public void debug(Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.debug(msgSupplier);
+    }
+
+    @Override
+    public void debug(Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.debug(msgSupplier, t);
+    }
+
+    @Override
+    public void debug(Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.debug(marker, msgSupplier);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void debug(Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.debug(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void debug(String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.debug(message, paramSuppliers);
+    }
+
+    @Override
+    public void debug(Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.debug(marker, msgSupplier);
+    }
+
+    @Override
+    public void debug(Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.debug(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void debug(MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.debug(msgSupplier);
+    }
+
+    @Override
+    public void debug(MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.debug(msgSupplier, t);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void debug(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.debug(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void debug(String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void debug(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.debug(message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void error(Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.error(marker, message);
+    }
+
+    @Override
+    public void error(Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, t);
+    }
+
+    @Override
+    public void error(CharSequence message) {
+        // dispatch to this._logger
+        this._logger.error(message);
+    }
+
+    @Override
+    public void error(CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.error(message, t);
+    }
+
+    @Override
+    public void error(Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.error(msgSupplier);
+    }
+
+    @Override
+    public void error(Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.error(msgSupplier, t);
+    }
+
+    @Override
+    public void error(Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.error(marker, msgSupplier);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void error(Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.error(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void error(String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.error(message, paramSuppliers);
+    }
+
+    @Override
+    public void error(Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.error(marker, msgSupplier);
+    }
+
+    @Override
+    public void error(Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.error(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void error(MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.error(msgSupplier);
+    }
+
+    @Override
+    public void error(MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.error(msgSupplier, t);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void error(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.error(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void error(String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.error(message, p0);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void error(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.error(message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void fatal(Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message);
+    }
+
+    @Override
+    public void fatal(Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, t);
+    }
+
+    @Override
+    public void fatal(CharSequence message) {
+        // dispatch to this._logger
+        this._logger.fatal(message);
+    }
+
+    @Override
+    public void fatal(CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.fatal(message, t);
+    }
+
+    @Override
+    public void fatal(Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.fatal(msgSupplier);
+    }
+
+    @Override
+    public void fatal(Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.fatal(msgSupplier, t);
+    }
+
+    @Override
+    public void fatal(Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, msgSupplier);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void fatal(Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void fatal(String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.fatal(message, paramSuppliers);
+    }
+
+    @Override
+    public void fatal(Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, msgSupplier);
+    }
+
+    @Override
+    public void fatal(Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void fatal(MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.fatal(msgSupplier);
+    }
+
+    @Override
+    public void fatal(MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.fatal(msgSupplier, t);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void fatal(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.fatal(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void fatal(String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void fatal(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.fatal(message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void info(Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.info(marker, message);
+    }
+
+    @Override
+    public void info(Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, t);
+    }
+
+    @Override
+    public void info(CharSequence message) {
+        // dispatch to this._logger
+        this._logger.info(message);
+    }
+
+    @Override
+    public void info(CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.info(message, t);
+    }
+
+    @Override
+    public void info(Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.info(msgSupplier);
+    }
+
+    @Override
+    public void info(Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.info(msgSupplier, t);
+    }
+
+    @Override
+    public void info(Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.info(marker, msgSupplier);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void info(Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.info(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void info(String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.info(message, paramSuppliers);
+    }
+
+    @Override
+    public void info(Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.info(marker, msgSupplier);
+    }
+
+    @Override
+    public void info(Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.info(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void info(MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.info(msgSupplier);
+    }
+
+    @Override
+    public void info(MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.info(msgSupplier, t);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void info(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.info(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void info(String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.info(message, p0);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void info(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.info(message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, t);
+    }
+
+    @Override
+    public void log(Level level, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.log(level, message);
+    }
+
+    @Override
+    public void log(Level level, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.log(level, message, t);
+    }
+
+    @Override
+    public void log(Level level, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.log(level, msgSupplier);
+    }
+
+    @Override
+    public void log(Level level, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.log(level, msgSupplier, t);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, msgSupplier);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, msgSupplier, t);
+    }
+
+    @Override
+    public void log(Level level, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.log(level, message, paramSuppliers);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, msgSupplier);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, msgSupplier, t);
+    }
+
+    @Override
+    public void log(Level level, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.log(level, msgSupplier);
+    }
+
+    @Override
+    public void log(Level level, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.log(level, msgSupplier, t);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void log(Level level, Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.log(level, marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void log(Level level, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.log(level, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void trace(Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message);
+    }
+
+    @Override
+    public void trace(Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, t);
+    }
+
+    @Override
+    public void trace(CharSequence message) {
+        // dispatch to this._logger
+        this._logger.trace(message);
+    }
+
+    @Override
+    public void trace(CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.trace(message, t);
+    }
+
+    @Override
+    public void trace(Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.trace(msgSupplier);
+    }
+
+    @Override
+    public void trace(Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.trace(msgSupplier, t);
+    }
+
+    @Override
+    public void trace(Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.trace(marker, msgSupplier);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void trace(Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.trace(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void trace(String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.trace(message, paramSuppliers);
+    }
+
+    @Override
+    public void trace(Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.trace(marker, msgSupplier);
+    }
+
+    @Override
+    public void trace(Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.trace(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void trace(MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.trace(msgSupplier);
+    }
+
+    @Override
+    public void trace(MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.trace(msgSupplier, t);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void trace(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.trace(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void trace(String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void trace(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.trace(message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public EntryMessage traceEntry() {
+        // dispatch to this._logger
+        return this._logger.traceEntry();
+    }
+
+    @Override
+    public EntryMessage traceEntry(String format, Object... params) {
+        // dispatch to this._logger
+        return this._logger.traceEntry(format, params);
+    }
+
+    @Override
+    public EntryMessage traceEntry(Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        return this._logger.traceEntry(paramSuppliers);
+    }
+
+    @Override
+    public EntryMessage traceEntry(String format, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        return this._logger.traceEntry(format, paramSuppliers);
+    }
+
+    @Override
+    public EntryMessage traceEntry(Message message) {
+        // dispatch to this._logger
+        return this._logger.traceEntry(message);
+    }
+
+    @Override
+    public void traceExit() {
+        // dispatch to this._logger
+        this._logger.traceExit();
+    }
+
+    @Override
+    public <R> R traceExit(R result) {
+        // dispatch to this._logger
+        return this._logger.traceExit(result);
+    }
+
+    @Override
+    public <R> R traceExit(String format, R result) {
+        // dispatch to this._logger
+        return this._logger.traceExit(format, result);
+    }
+
+    @Override
+    public void traceExit(EntryMessage message) {
+        // dispatch to this._logger
+        this._logger.traceExit(message);
+    }
+
+    @Override
+    public <R> R traceExit(EntryMessage message, R result) {
+        // dispatch to this._logger
+        return this._logger.traceExit(message, result);
+    }
+
+    @Override
+    public <R> R traceExit(Message message, R result) {
+        // dispatch to this._logger
+        return this._logger.traceExit(message, result);
+    }
+
+    @Override
+    public void warn(Marker marker, CharSequence message) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message);
+    }
+
+    @Override
+    public void warn(Marker marker, CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, t);
+    }
+
+    @Override
+    public void warn(CharSequence message) {
+        // dispatch to this._logger
+        this._logger.warn(message);
+    }
+
+    @Override
+    public void warn(CharSequence message, Throwable t) {
+        // dispatch to this._logger
+        this._logger.warn(message, t);
+    }
+
+    @Override
+    public void warn(Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.warn(msgSupplier);
+    }
+
+    @Override
+    public void warn(Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.warn(msgSupplier, t);
+    }
+
+    @Override
+    public void warn(Marker marker, Supplier<?> msgSupplier) {
+        // dispatch to this._logger
+        this._logger.warn(marker, msgSupplier);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, paramSuppliers);
+    }
+
+    @Override
+    public void warn(Marker marker, Supplier<?> msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.warn(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void warn(String message, Supplier<?>... paramSuppliers) {
+        // dispatch to this._logger
+        this._logger.warn(message, paramSuppliers);
+    }
+
+    @Override
+    public void warn(Marker marker, MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.warn(marker, msgSupplier);
+    }
+
+    @Override
+    public void warn(Marker marker, MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.warn(marker, msgSupplier, t);
+    }
+
+    @Override
+    public void warn(MessageSupplier msgSupplier) {
+        // dispatch to this._logger
+        this._logger.warn(msgSupplier);
+    }
+
+    @Override
+    public void warn(MessageSupplier msgSupplier, Throwable t) {
+        // dispatch to this._logger
+        this._logger.warn(msgSupplier, t);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void warn(Marker marker, String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.warn(marker, message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
+    @Override
+    public void warn(String message, Object p0) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3, p4);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3, p4, p5);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3, p4, p5, p6);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3, p4, p5, p6, p7);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3, p4, p5, p6, p7, p8);
+    }
+
+    @Override
+    public void warn(String message, Object p0, Object p1, Object p2, Object p3, Object p4, Object p5, Object p6, Object p7, Object p8, Object p9) {
+        // dispatch to this._logger
+        this._logger.warn(message, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9);
+    }
+
 }
diff --git a/vmidentity/diagnostics/src/main/resources/MANIFEST.MF b/vmidentity/diagnostics/src/main/resources/MANIFEST.MF
index a4519ec5d..e67cc9ff6 100644
--- a/vmidentity/diagnostics/src/main/resources/MANIFEST.MF
+++ b/vmidentity/diagnostics/src/main/resources/MANIFEST.MF
@@ -1,2 +1,2 @@
 Manifest-Version: 1.0
-Class-Path: ./ vmware-identity-diagnostics.jar log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar
+Class-Path: ./ vmware-identity-diagnostics.jar log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar
diff --git a/vmidentity/goclients/src/oidc/access_token.go b/vmidentity/goclients/src/oidc/access_token.go
new file mode 100644
index 000000000..96cafc929
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/access_token.go
@@ -0,0 +1,166 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "runtime"
+import "time"
+
+type AccessToken struct {
+    p C.POIDC_ACCESS_TOKEN
+}
+
+// (TODO) Deprecated
+func AccessTokenBuild(
+        jwt string,
+        signingCertificatePEM string,
+        issuer string,
+        resourceServerName string,
+        clockToleranceInSeconds int64) (result *AccessToken, err error) {
+    jwtCStr                     := goStringToCString(jwt)
+    signingCertificatePEMCStr   := goStringToCString(signingCertificatePEM)
+    issuerCStr                  := goStringToCString(issuer)
+    resourceServerNameCStr      := goStringToCString(resourceServerName)
+
+    defer freeCString(jwtCStr)
+    defer freeCString(signingCertificatePEMCStr)
+    defer freeCString(issuerCStr)
+    defer freeCString(resourceServerNameCStr)
+
+    var p C.POIDC_ACCESS_TOKEN = nil
+    var e C.SSOERROR = C.OidcAccessTokenBuild(
+        &p,
+        jwtCStr,
+        signingCertificatePEMCStr,
+        issuerCStr,
+        resourceServerNameCStr,
+        C.SSO_LONG(clockToleranceInSeconds))
+    if e != 0 {
+        err = cErrorToGoError(e)
+        return
+    }
+
+    result = &AccessToken { p }
+    runtime.SetFinalizer(result, accessTokenFinalize)
+    return
+}
+
+// on success, result will be non-null, Close it when done
+func AccessTokenParse(jwt string) (result *AccessToken, err error) {
+    jwtCStr := goStringToCString(jwt)
+    defer freeCString(jwtCStr)
+
+    var p C.POIDC_ACCESS_TOKEN = nil
+    var e C.SSOERROR = C.OidcAccessTokenParse(&p, jwtCStr)
+    if e != 0 {
+        err = cErrorToGoError(e)
+        return
+    }
+
+    result = &AccessToken { p }
+    runtime.SetFinalizer(result, accessTokenFinalize)
+    return
+}
+
+func (this *AccessToken) AccessTokenValidate(
+        signingCertificatePEM string,
+        issuer string,
+        resourceServerName string,
+        clockToleranceInSeconds int64) error {
+    signingCertificatePEMCStr   := goStringToCString(signingCertificatePEM)
+    issuerCStr                  := goStringToCString(issuer)
+    resourceServerNameCStr      := goStringToCString(resourceServerName)
+
+    defer freeCString(signingCertificatePEMCStr)
+    defer freeCString(issuerCStr)
+    defer freeCString(resourceServerNameCStr)
+
+    var e C.SSOERROR = C.OidcAccessTokenValidate(
+        this.p,
+        signingCertificatePEMCStr,
+        issuerCStr,
+        resourceServerNameCStr,
+        C.SSO_LONG(clockToleranceInSeconds))
+
+    var err error = nil
+    if e != 0 {
+        err = cErrorToGoError(e)
+    }
+    return err
+}
+
+func accessTokenFinalize(this *AccessToken) {
+    this.Close()
+}
+
+func (this *AccessToken) Close() error {
+    if (this.p != nil) {
+        C.OidcAccessTokenDelete(this.p)
+        this.p = nil
+    }
+    return nil
+}
+
+func (this *AccessToken) GetTokenType() TokenType {
+    return cTokenTypeToGoTokenType(C.OidcAccessTokenGetTokenType(this.p))
+}
+
+func (this *AccessToken) GetIssuer() string {
+    return cStringToGoString(C.OidcAccessTokenGetIssuer(this.p))
+}
+
+func (this *AccessToken) GetSubject() string {
+    return cStringToGoString(C.OidcAccessTokenGetSubject(this.p))
+}
+
+func (this *AccessToken) GetAudience() []string {
+    var size int = int(C.OidcAccessTokenGetAudienceSize(this.p))
+    var result []string = make([]string, size)
+    for i := 0; i < size; i++ {
+        result[i] = cStringToGoString(C.OidcAccessTokenGetAudienceEntry(this.p, C.int(i)))
+    }
+    return result
+}
+
+func (this *AccessToken) GetIssueTime() time.Time {
+    return time.Unix(int64(C.OidcAccessTokenGetIssueTime(this.p)), 0)
+}
+
+func (this *AccessToken) GetExpirationTime() time.Time {
+    return time.Unix(int64(C.OidcAccessTokenGetExpirationTime(this.p)), 0)
+}
+
+func (this *AccessToken) GetHolderOfKeyPEM() string {
+    return cStringToGoString(C.OidcAccessTokenGetHolderOfKeyPEM(this.p))
+}
+
+func (this *AccessToken) GetGroups() []string {
+    var size int = int(C.OidcAccessTokenGetGroupsSize(this.p))
+    var result []string = make([]string, size)
+    for i := 0; i < size; i++ {
+        result[i] = cStringToGoString(C.OidcAccessTokenGetGroupsEntry(this.p, C.int(i)))
+    }
+    return result
+}
+
+func (this *AccessToken) GetTenant() string {
+    return cStringToGoString(C.OidcAccessTokenGetTenant(this.p))
+}
+
+func (this *AccessToken) GetStringClaim(key string) string {
+    keyCStr := goStringToCString(key)
+    defer freeCString(keyCStr)
+
+    var value C.PSTRING = nil
+    C.OidcAccessTokenGetStringClaim(
+        this.p,
+        keyCStr,
+        &value)
+    return ssoAllocatedStringToGoString(value)
+}
diff --git a/vmidentity/goclients/src/oidc/common.go b/vmidentity/goclients/src/oidc/common.go
new file mode 100644
index 000000000..b3a683d7f
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/common.go
@@ -0,0 +1,54 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "ssocommon.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "errors"
+import "unsafe"
+
+// returns a c string allocated on the c heap, needs to be freed via freeCString()
+func goStringToCString(gostr string) (cstr C.PSTRING) {
+    if gostr == "" {
+        cstr = nil // go's empty string becomes null as that is how we do OPTIONAL parameters in c
+    } else {
+        cstr = C.CString(gostr)
+    }
+    return cstr
+}
+
+func cStringToGoString(cstr C.PCSTRING) (gostr string) {
+    if cstr == nil {
+        gostr = ""
+    } else {
+        gostr = C.GoString(cstr)
+    }
+    return gostr
+}
+
+// free c string after copying it to go string
+func ssoAllocatedStringToGoString(cstr C.PSTRING) (gostr string) {
+    if cstr == nil {
+        gostr = ""
+    } else {
+        gostr = C.GoString(cstr)
+        C.SSOStringFree(cstr)
+    }
+    return gostr
+}
+
+func cErrorToGoError(e C.SSOERROR) (err error) {
+    return errors.New(C.GoString(C.SSOErrorToString(e)))
+}
+
+func freeCString(cstr C.PSTRING) {
+    if (cstr != nil) {
+        C.free(unsafe.Pointer(cstr))
+    }
+}
\ No newline at end of file
diff --git a/vmidentity/goclients/src/oidc/error_response.go b/vmidentity/goclients/src/oidc/error_response.go
new file mode 100644
index 000000000..d3169d8e5
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/error_response.go
@@ -0,0 +1,42 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "runtime"
+
+type ErrorResponse struct {
+    p C.POIDC_ERROR_RESPONSE
+}
+
+func errorResponseNew(p C.POIDC_ERROR_RESPONSE) *ErrorResponse {
+    var result *ErrorResponse = &ErrorResponse { p }
+    runtime.SetFinalizer(result, errorResponseFinalize)
+    return result
+}
+
+func errorResponseFinalize(this *ErrorResponse) {
+    this.Close()
+}
+
+func (this *ErrorResponse) Close() error {
+    if (this.p != nil) {
+        C.OidcErrorResponseDelete(this.p)
+        this.p = nil
+    }
+    return nil
+}
+
+func (this *ErrorResponse) GetError() string {
+    return cStringToGoString(C.OidcErrorResponseGetError(this.p))
+}
+
+func (this *ErrorResponse) GetErrorDescription() string {
+    return cStringToGoString(C.OidcErrorResponseGetErrorDescription(this.p))
+}
diff --git a/vmidentity/goclients/src/oidc/id_token.go b/vmidentity/goclients/src/oidc/id_token.go
new file mode 100644
index 000000000..ba9a48785
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/id_token.go
@@ -0,0 +1,158 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "runtime"
+import "time"
+
+type IDToken struct {
+    p C.POIDC_ID_TOKEN
+}
+
+// (TODO) Deprecated
+func IDTokenBuild(
+        jwt string,
+        signingCertificatePEM string,
+        issuer string,
+        clockToleranceInSeconds int64) (result *IDToken, err error) {
+    jwtCStr                     := goStringToCString(jwt)
+    signingCertificatePEMCStr   := goStringToCString(signingCertificatePEM)
+    issuerCStr                  := goStringToCString(issuer)
+
+    defer freeCString(jwtCStr)
+    defer freeCString(signingCertificatePEMCStr)
+    defer freeCString(issuerCStr)
+
+    var p C.POIDC_ID_TOKEN = nil
+    var e C.SSOERROR = C.OidcIDTokenBuild(
+        &p,
+        jwtCStr,
+        signingCertificatePEMCStr,
+        issuerCStr,
+        C.SSO_LONG(clockToleranceInSeconds))
+    if e != 0 {
+        err = cErrorToGoError(e)
+        return
+    }
+
+    result = &IDToken { p }
+    runtime.SetFinalizer(result, idTokenFinalize)
+    return
+}
+
+// on success, result will be non-null, Close it when done
+func IDTokenParse(jwt string) (result *IDToken, err error) {
+    jwtCStr := goStringToCString(jwt)
+    defer freeCString(jwtCStr)
+
+    var p C.POIDC_ID_TOKEN = nil
+    var e C.SSOERROR = C.OidcIDTokenParse(&p, jwtCStr)
+    if e != 0 {
+        err = cErrorToGoError(e)
+        return
+    }
+
+    result = &IDToken { p }
+    runtime.SetFinalizer(result, idTokenFinalize)
+    return
+}
+
+func (this *IDToken) IDTokenValidate(
+        signingCertificatePEM string,
+        issuer string,
+        clockToleranceInSeconds int64) error {
+    signingCertificatePEMCStr   := goStringToCString(signingCertificatePEM)
+    issuerCStr                  := goStringToCString(issuer)
+
+    defer freeCString(signingCertificatePEMCStr)
+    defer freeCString(issuerCStr)
+
+    var e C.SSOERROR = C.OidcIDTokenValidate(
+        this.p,
+        signingCertificatePEMCStr,
+        issuerCStr,
+        C.SSO_LONG(clockToleranceInSeconds))
+
+    var err error = nil
+    if e != 0 {
+        err = cErrorToGoError(e)
+    }
+    return err
+}
+
+func idTokenFinalize(this *IDToken) {
+    this.Close()
+}
+
+func (this *IDToken) Close() error {
+    if (this.p != nil) {
+        C.OidcIDTokenDelete(this.p)
+        this.p = nil
+    }
+    return nil
+}
+
+func (this *IDToken) GetTokenType() TokenType {
+    return cTokenTypeToGoTokenType(C.OidcIDTokenGetTokenType(this.p))
+}
+
+func (this *IDToken) GetIssuer() string {
+    return cStringToGoString(C.OidcIDTokenGetIssuer(this.p))
+}
+
+func (this *IDToken) GetSubject() string {
+    return cStringToGoString(C.OidcIDTokenGetSubject(this.p))
+}
+
+func (this *IDToken) GetAudience() []string {
+    var size int = int(C.OidcIDTokenGetAudienceSize(this.p))
+    var result []string = make([]string, size)
+    for i := 0; i < size; i++ {
+        result[i] = cStringToGoString(C.OidcIDTokenGetAudienceEntry(this.p, C.int(i)))
+    }
+    return result
+}
+
+func (this *IDToken) GetIssueTime() time.Time {
+    return time.Unix(int64(C.OidcIDTokenGetIssueTime(this.p)), 0)
+}
+
+func (this *IDToken) GetExpirationTime() time.Time {
+    return time.Unix(int64(C.OidcIDTokenGetExpirationTime(this.p)), 0)
+}
+
+func (this *IDToken) GetHolderOfKeyPEM() string {
+    return cStringToGoString(C.OidcIDTokenGetHolderOfKeyPEM(this.p))
+}
+
+func (this *IDToken) GetGroups() []string {
+    var size int = int(C.OidcIDTokenGetGroupsSize(this.p))
+    var result []string = make([]string, size)
+    for i := 0; i < size; i++ {
+        result[i] = cStringToGoString(C.OidcIDTokenGetGroupsEntry(this.p, C.int(i)))
+    }
+    return result
+}
+
+func (this *IDToken) GetTenant() string {
+    return cStringToGoString(C.OidcIDTokenGetTenant(this.p))
+}
+
+func (this *IDToken) GetStringClaim(key string) string {
+    keyCStr := goStringToCString(key)
+    defer freeCString(keyCStr)
+
+    var value C.PSTRING = nil
+    C.OidcIDTokenGetStringClaim(
+        this.p,
+        keyCStr,
+        &value)
+    return ssoAllocatedStringToGoString(value)
+}
diff --git a/vmidentity/goclients/src/oidc/oidc_client.go b/vmidentity/goclients/src/oidc/oidc_client.go
new file mode 100644
index 000000000..a2308761e
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/oidc_client.go
@@ -0,0 +1,196 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "runtime"
+
+// keep this in sync with LIGHTWAVE_TLS_CA_PATH in http_client.c
+const LIGHTWAVE_TLS_CA_PATH = "/etc/ssl/certs/"
+
+type OidcClient struct {
+    p C.POIDC_CLIENT
+}
+
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
+func OidcClientGlobalInit() (err error) {
+    var e C.SSOERROR = C.OidcClientGlobalInit()
+    if e != 0 {
+        err = cErrorToGoError(e)
+    }
+    return err
+}
+
+// this function is not thread safe. Call it right before process exit
+func OidcClientGlobalCleanup() {
+    C.OidcClientGlobalCleanup()
+}
+
+// make sure you call OidcClientGlobalInit once per process before calling this
+// on success, result will be non-null, Close it when done
+// tlsCAPath: empty means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
+func OidcClientBuild(
+        server string,
+        portNumber int,
+        tenant string,
+        clientID string, /* optional */
+        tlsCAPath string /* optional, see comment above */) (result *OidcClient, err error) {
+    serverCStr      := goStringToCString(server)
+    tenantCStr      := goStringToCString(tenant)
+    clientIDCStr    := goStringToCString(clientID)
+    tlsCAPathCStr   := goStringToCString(tlsCAPath)
+
+    defer freeCString(serverCStr)
+    defer freeCString(tenantCStr)
+    defer freeCString(clientIDCStr)
+    defer freeCString(tlsCAPathCStr)
+
+    var p C.POIDC_CLIENT = nil
+    var e C.SSOERROR = C.OidcClientBuild(
+        &p,
+        serverCStr,
+        C.int(portNumber),
+        tenantCStr,
+        clientIDCStr,
+        tlsCAPathCStr)
+    if e != 0 {
+        err = cErrorToGoError(e)
+        return
+    }
+
+    result = &OidcClient { p }
+    runtime.SetFinalizer(result, oidcClientFinalize)
+    return
+}
+
+func oidcClientFinalize(this *OidcClient) {
+    this.Close()
+}
+
+func (this *OidcClient) Close() error {
+    if (this.p != nil) {
+        C.OidcClientDelete(this.p)
+        this.p = nil
+    }
+    return nil
+}
+
+// on success, successResponse will be non-null
+// on error, errorResponse might be non-null (it will carry error info returned by the server if any)
+// Close both when done, whether invocation is successful or not
+func (this *OidcClient) AcquireTokensByPassword(
+        username string,
+        password string,
+        scope string) (successResponse *TokenSuccessResponse, errorResponse *ErrorResponse, err error) {
+    usernameCStr    := goStringToCString(username)
+    passwordCStr    := goStringToCString(password)
+    scopeCStr       := goStringToCString(scope)
+
+    defer freeCString(usernameCStr)
+    defer freeCString(passwordCStr)
+    defer freeCString(scopeCStr)
+
+    var oidcTokenSuccessResponse C.POIDC_TOKEN_SUCCESS_RESPONSE = nil
+    var oidcErrorResponse C.POIDC_ERROR_RESPONSE = nil
+    var e C.SSOERROR = C.OidcClientAcquireTokensByPassword(
+        this.p,
+        usernameCStr,
+        passwordCStr,
+        scopeCStr,
+        &oidcTokenSuccessResponse,
+        &oidcErrorResponse)
+    if oidcTokenSuccessResponse != nil {
+        successResponse = tokenSuccessResponseNew(oidcTokenSuccessResponse)
+    }
+    if oidcErrorResponse != nil {
+        errorResponse = errorResponseNew(oidcErrorResponse)
+    }
+    if e != 0 {
+        err = cErrorToGoError(e)
+    }
+
+    return
+}
+
+// on success, successResponse will be non-null
+// on error, errorResponse might be non-null (it will carry error info returned by the server if any)
+// Close both when done, whether invocation is successful or not
+func (this *OidcClient) AcquireTokensByRefreshToken(
+        refreshToken string) (successResponse *TokenSuccessResponse, errorResponse *ErrorResponse, err error) {
+    refreshTokenCStr := goStringToCString(refreshToken)
+    defer freeCString(refreshTokenCStr)
+
+    var oidcTokenSuccessResponse C.POIDC_TOKEN_SUCCESS_RESPONSE = nil
+    var oidcErrorResponse C.POIDC_ERROR_RESPONSE = nil
+    var e C.SSOERROR = C.OidcClientAcquireTokensByRefreshToken(
+        this.p,
+        refreshTokenCStr,
+        &oidcTokenSuccessResponse,
+        &oidcErrorResponse)
+    if oidcTokenSuccessResponse != nil {
+        successResponse = tokenSuccessResponseNew(oidcTokenSuccessResponse)
+    }
+    if oidcErrorResponse != nil {
+        errorResponse = errorResponseNew(oidcErrorResponse)
+    }
+    if e != 0 {
+        err = cErrorToGoError(e)
+    }
+
+    return
+}
+
+// on success, successResponse will be non-null
+// on error, errorResponse might be non-null (it will carry error info returned by the server if any)
+// Close both when done, whether invocation is successful or not
+func (this *OidcClient) AcquireTokensBySolutionUserCredentials(
+        certificateSubjectDN string,
+        privateKeyPEM string,
+        scope string) (successResponse *TokenSuccessResponse, errorResponse *ErrorResponse, err error) {
+    certificateSubjectDNCStr    := goStringToCString(certificateSubjectDN)
+    privateKeyPEMCStr           := goStringToCString(privateKeyPEM)
+    scopeCStr                   := goStringToCString(scope)
+
+    defer freeCString(certificateSubjectDNCStr)
+    defer freeCString(privateKeyPEMCStr)
+    defer freeCString(scopeCStr)
+
+    var oidcTokenSuccessResponse C.POIDC_TOKEN_SUCCESS_RESPONSE = nil
+    var oidcErrorResponse C.POIDC_ERROR_RESPONSE = nil
+    var e C.SSOERROR = C.OidcClientAcquireTokensBySolutionUserCredentials(
+        this.p,
+        certificateSubjectDNCStr,
+        privateKeyPEMCStr,
+        scopeCStr,
+        &oidcTokenSuccessResponse,
+        &oidcErrorResponse)
+    if oidcTokenSuccessResponse != nil {
+        successResponse = tokenSuccessResponseNew(oidcTokenSuccessResponse)
+    }
+    if oidcErrorResponse != nil {
+        errorResponse = errorResponseNew(oidcErrorResponse)
+    }
+    if e != 0 {
+        err = cErrorToGoError(e)
+    }
+
+    return
+}
+
+func (this *OidcClient) GetSigningCertificatePEM() string {
+    return cStringToGoString(C.OidcClientGetSigningCertificatePEM(this.p))
+}
diff --git a/vmidentity/goclients/src/oidc/oidc_test.go b/vmidentity/goclients/src/oidc/oidc_test.go
new file mode 100644
index 000000000..611b95312
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/oidc_test.go
@@ -0,0 +1,119 @@
+package oidc
+
+import "testing"
+import "os"
+import "fmt"
+import "errors"
+
+func TestOidc(t *testing.T) {
+    var server string = os.Getenv("LW_SERVER")
+    var tenant string = os.Getenv("LW_TENANT")
+    var username string = os.Getenv("LW_USERNAME")
+    var password string = os.Getenv("LW_PASSWORD")
+    var clientID string = os.Getenv("LW_CLIENT_ID")
+
+    test(t, server, tenant, username, password, clientID)
+}
+
+func test(
+        t *testing.T,
+        server string,
+        tenant string,
+        username string,
+        password string,
+        clientID string) {
+    OidcClientGlobalInit()
+    defer OidcClientGlobalCleanup()
+
+    serverMetadata, err := ServerMetadataAcquire(server, 443, tenant, "" /* skip tls validation */)
+    exitOnError(t, err)
+    defer serverMetadata.Close()
+
+    client, err := OidcClientBuild(server, 443, tenant, clientID, "" /* skip tls validation */)
+    exitOnError(t, err)
+    defer client.Close()
+
+    var successResponse *TokenSuccessResponse = nil
+    var errorResponse *ErrorResponse = nil
+
+    successResponse, errorResponse, err = client.AcquireTokensByPassword(
+        username,
+        password,
+        "openid offline_access id_groups at_groups rs_admin_server")
+    assert(t, successResponse != nil, "successResponse != nil")
+    assert(t, errorResponse == nil, "errorResponse == nil")
+    assert(t, err == nil, "err == nil")
+    validateIDToken(t, successResponse.GetIDToken(), serverMetadata.GetSigningCertificatePEM())
+    validateAccessToken(t, successResponse.GetAccessToken(), serverMetadata.GetSigningCertificatePEM())
+    var refreshToken string = successResponse.GetRefreshToken()
+    successResponse.Close()
+
+    successResponse, errorResponse, err = client.AcquireTokensByRefreshToken(refreshToken)
+    assert(t, successResponse != nil, "successResponse != nil")
+    assert(t, errorResponse == nil, "errorResponse == nil")
+    assert(t, err == nil, "err == nil")
+    validateIDToken(t, successResponse.GetIDToken(), serverMetadata.GetSigningCertificatePEM())
+    validateAccessToken(t, successResponse.GetAccessToken(), serverMetadata.GetSigningCertificatePEM())
+    successResponse.Close()
+
+    // test wrong password
+    successResponse, errorResponse, err = client.AcquireTokensByPassword(username, password + "_nonmatching", "openid")
+    assert(t, successResponse == nil, "successResponse == nil")
+    assert(t, errorResponse != nil, "errorResponse != nil")
+    assert(t, err != nil, "err != nil")
+    assertEqual(t, "invalid_grant", errorResponse.GetError())
+    assertEqual(t, "incorrect username or password", errorResponse.GetErrorDescription())
+    assertEqual(t, "SSOERROR_OIDC_SERVER_INVALID_GRANT", err.Error())
+    errorResponse.Close()
+}
+
+func validateIDToken(t *testing.T, jwt string, pem string) {
+    id, err := IDTokenBuild(
+        jwt,
+        pem,
+        "", /* issuer */
+        10  /* clockToleranceInSeconds */)
+    exitOnError(t, err)
+    fmt.Printf(
+        "id_token: [issuer: %v] [subject: %v] [audience: %v] [groups: %v]\n",
+        id.GetIssuer(),
+        id.GetSubject(),
+        id.GetAudience(),
+        id.GetGroups())
+    id.Close()
+}
+
+func validateAccessToken(t *testing.T, jwt string, pem string) {
+    at, err := AccessTokenBuild(
+        jwt,
+        pem,
+        "", /* issuer */
+        "", /* resourceServerName */
+        10  /* clockToleranceInSeconds */)
+    exitOnError(t, err)
+    fmt.Printf(
+        "access_token: [issuer: %v] [subject: %v] [audience: %v] [groups: %v]\n",
+        at.GetIssuer(),
+        at.GetSubject(),
+        at.GetAudience(),
+        at.GetGroups())
+    at.Close()
+}
+
+func exitOnError(t *testing.T, err error) {
+    if err != nil {
+        t.Fatal(err.Error())
+    }
+}
+
+func assert(t *testing.T, expression bool, message string) {
+    if !expression {
+        t.Fatal(errors.New(message))
+    }
+}
+
+func assertEqual(t *testing.T, expected string, actual string) {
+    if expected != actual {
+        t.Fatal(errors.New(fmt.Sprintf("expected: [%s], actual: [%s]", expected, actual)))
+    }
+}
diff --git a/vmidentity/goclients/src/oidc/server_metadata.go b/vmidentity/goclients/src/oidc/server_metadata.go
new file mode 100644
index 000000000..074618bfa
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/server_metadata.go
@@ -0,0 +1,69 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "runtime"
+
+type ServerMetadata struct {
+    p C.POIDC_SERVER_METADATA
+}
+
+// make sure you call OidcClientGlobalInit once per process before calling this
+// on success, result will be non-null, Close it when done
+// tlsCAPath: empty means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
+func ServerMetadataAcquire(
+        server string,
+        portNumber int,
+        tenant string,
+        tlsCAPath string /* optional, see comment above */) (result *ServerMetadata, err error) {
+    serverCStr      := goStringToCString(server)
+    tenantCStr      := goStringToCString(tenant)
+    tlsCAPathCStr   := goStringToCString(tlsCAPath)
+
+    defer freeCString(serverCStr)
+    defer freeCString(tenantCStr)
+    defer freeCString(tlsCAPathCStr)
+
+    var p C.POIDC_SERVER_METADATA = nil
+    var e C.SSOERROR = C.OidcServerMetadataAcquire(
+        &p,
+        serverCStr,
+        C.int(portNumber),
+        tenantCStr,
+        tlsCAPathCStr)
+    if e != 0 {
+        err = cErrorToGoError(e)
+        return
+    }
+
+    result = &ServerMetadata { p }
+    runtime.SetFinalizer(result, serverMetadataFinalize)
+    return
+}
+
+func serverMetadataFinalize(this *ServerMetadata) {
+    this.Close()
+}
+
+func (this *ServerMetadata) Close() error {
+    if (this.p != nil) {
+        C.OidcServerMetadataDelete(this.p)
+        this.p = nil
+    }
+    return nil
+}
+
+func (this *ServerMetadata) GetTokenEndpointUrl() string {
+    return cStringToGoString(C.OidcServerMetadataGetTokenEndpointUrl(this.p))
+}
+
+func (this *ServerMetadata) GetSigningCertificatePEM() string {
+    return cStringToGoString(C.OidcServerMetadataGetSigningCertificatePEM(this.p))
+}
diff --git a/vmidentity/goclients/src/oidc/token_success_response.go b/vmidentity/goclients/src/oidc/token_success_response.go
new file mode 100644
index 000000000..02397000d
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/token_success_response.go
@@ -0,0 +1,46 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+import "runtime"
+
+type TokenSuccessResponse struct {
+    p C.POIDC_TOKEN_SUCCESS_RESPONSE
+}
+
+func tokenSuccessResponseNew(p C.POIDC_TOKEN_SUCCESS_RESPONSE) *TokenSuccessResponse {
+    var result *TokenSuccessResponse = &TokenSuccessResponse { p }
+    runtime.SetFinalizer(result, tokenSuccessResponseFinalize)
+    return result
+}
+
+func tokenSuccessResponseFinalize(this *TokenSuccessResponse) {
+    this.Close()
+}
+
+func (this *TokenSuccessResponse) Close() error {
+    if (this.p != nil) {
+        C.OidcTokenSuccessResponseDelete(this.p)
+        this.p = nil
+    }
+    return nil
+}
+
+func (this *TokenSuccessResponse) GetIDToken() string {
+    return cStringToGoString(C.OidcTokenSuccessResponseGetIDToken(this.p))
+}
+
+func (this *TokenSuccessResponse) GetAccessToken() string {
+    return cStringToGoString(C.OidcTokenSuccessResponseGetAccessToken(this.p))
+}
+
+func (this *TokenSuccessResponse) GetRefreshToken() string {
+    return cStringToGoString(C.OidcTokenSuccessResponseGetRefreshToken(this.p))
+}
diff --git a/vmidentity/goclients/src/oidc/token_type.go b/vmidentity/goclients/src/oidc/token_type.go
new file mode 100644
index 000000000..875e0b66a
--- /dev/null
+++ b/vmidentity/goclients/src/oidc/token_type.go
@@ -0,0 +1,25 @@
+package oidc
+
+/*
+#include <stdlib.h>
+#include "ssotypes.h"
+#include "ssoerrors.h"
+#include "oidc_types.h"
+#include "oidc.h"
+*/
+import "C"
+
+// TokenType enum
+type TokenType string
+const TokenType_BEARER  TokenType = "TokenType_BEARER"
+const TokenType_HOK     TokenType = "TokenType_HOK"
+
+func cTokenTypeToGoTokenType(cTokenType C.OIDC_TOKEN_TYPE) TokenType {
+    var result TokenType
+    if cTokenType == C.OIDC_TOKEN_TYPE_BEARER {
+        result = TokenType_BEARER
+    } else {
+        result = TokenType_HOK
+    }
+    return result
+}
diff --git a/vmidentity/idm/client/pom.xml b/vmidentity/idm/client/pom.xml
index 786944604..a335d6009 100644
--- a/vmidentity/idm/client/pom.xml
+++ b/vmidentity/idm/client/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.idm</groupId>
     <artifactId>vmware-identity-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-idm-client</artifactId>
diff --git a/vmidentity/idm/client/src/main/java/com/vmware/identity/idm/client/CasIdmClient.java b/vmidentity/idm/client/src/main/java/com/vmware/identity/idm/client/CasIdmClient.java
index 1d3420935..6bb989e88 100644
--- a/vmidentity/idm/client/src/main/java/com/vmware/identity/idm/client/CasIdmClient.java
+++ b/vmidentity/idm/client/src/main/java/com/vmware/identity/idm/client/CasIdmClient.java
@@ -1203,6 +1203,30 @@ Collection<String> getDefaultProviders(String tenantName) throws Exception
                 tenantPrivateKey, this.getServiceContext());
     }
 
+    /**
+     * Sets a certificate chain and private key for the tenant.
+     *
+     * This is the credential used to sign SAML tokens generated for the
+     * tenant's clients.
+     *
+     * @param tenantName         Name of tenant
+     * TODO: verify this is correct Exception
+     * @throws IllegalArgumentException
+     *         when either privateKey or certification chain fails in validation
+     * @throws IDMException
+     * @throws Exception
+     */
+    public
+    void
+    setTenantCredentials(
+        String                  tenantName
+        ) throws Exception
+    {
+        getService().setTenantCredentials(
+                tenantName,
+                this.getServiceContext());
+    }
+
     /**
      * Add a trusted certificate chain for the tenant.
      *
diff --git a/vmidentity/idm/client/src/main/resources/MANIFEST.MF b/vmidentity/idm/client/src/main/resources/MANIFEST.MF
index b7b03480a..4a6c20740 100644
--- a/vmidentity/idm/client/src/main/resources/MANIFEST.MF
+++ b/vmidentity/idm/client/src/main/resources/MANIFEST.MF
@@ -3,5 +3,5 @@ Name: Identity Manager Client
 Specification-Title: VMSTS component - vmware-identity-idm-client
 Specification-Vendor: VMware Inc.
 Specification-Version: 6.6.1
-Class-Path: diagnostics-6.6.1.jar vmware-identity-idm-interface-6.6.1.jar serializer-2.7.1.jar xercesImpl-2.10.0.jar xml-apis-1.4.01.jar xml-resolver-1.2.jar commons-loggong-1.2.jar xmltooling-1.4.4.jar log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar
+Class-Path: diagnostics-6.6.1.jar vmware-identity-idm-interface-6.6.1.jar serializer-2.7.2.jar xercesImpl-2.10.0.jar xml-apis-1.4.01.jar xml-resolver-1.2.jar commons-loggong-1.2.jar xmltooling-1.4.4.jar log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar
 
diff --git a/vmidentity/idm/interface/pom.xml b/vmidentity/idm/interface/pom.xml
index 8ea5f959d..6a3f7243b 100644
--- a/vmidentity/idm/interface/pom.xml
+++ b/vmidentity/idm/interface/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.idm</groupId>
     <artifactId>vmware-identity-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-idm-interface</artifactId>
diff --git a/vmidentity/idm/interface/src/main/java/com/vmware/identity/idm/IIdentityManager.java b/vmidentity/idm/interface/src/main/java/com/vmware/identity/idm/IIdentityManager.java
index dab9e7ac2..737092fcf 100644
--- a/vmidentity/idm/interface/src/main/java/com/vmware/identity/idm/IIdentityManager.java
+++ b/vmidentity/idm/interface/src/main/java/com/vmware/identity/idm/IIdentityManager.java
@@ -67,6 +67,8 @@ public interface IIdentityManager
 
     public void setTenantCredentials(String tenantName, Collection<Certificate> tenantCertificate, PrivateKey tenantPrivateKey, IIdmServiceContext serviceContext) throws  IDMException;
 
+    public void setTenantCredentials(String tenantName, IIdmServiceContext serviceContext) throws  IDMException;
+
     public PrivateKey getTenantPrivateKey(String tenantName, IIdmServiceContext serviceContext) throws  IDMException;
 
     public long getClockTolerance(String tenantName, IIdmServiceContext serviceContext) throws  IDMException;
diff --git a/vmidentity/idm/interface/src/main/resources/MANIFEST.MF b/vmidentity/idm/interface/src/main/resources/MANIFEST.MF
index bded81e4d..a2ac2f147 100644
--- a/vmidentity/idm/interface/src/main/resources/MANIFEST.MF
+++ b/vmidentity/idm/interface/src/main/resources/MANIFEST.MF
@@ -3,5 +3,5 @@ Name: Identity Manager Interface
 Specification-Title: vmware-identity-idm-interface
 Specification-Vendor: VMware Inc.
 Specification-Version: 6.6.1
-Class-Path: commons-lang-2.5.jar diagnostics-6.6.1.jar log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar
+Class-Path: commons-lang-2.5.jar diagnostics-6.6.1.jar log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar
 
diff --git a/vmidentity/idm/pom.xml b/vmidentity/idm/pom.xml
index 7aedfd1f9..a812b4ce0 100644
--- a/vmidentity/idm/pom.xml
+++ b/vmidentity/idm/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.idm</groupId>
diff --git a/vmidentity/idm/server/pom.xml b/vmidentity/idm/server/pom.xml
index 649c4b2da..84617819c 100644
--- a/vmidentity/idm/server/pom.xml
+++ b/vmidentity/idm/server/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.idm</groupId>
     <artifactId>vmware-identity-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-idm-server</artifactId>
diff --git a/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/IdentityManager.java b/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/IdentityManager.java
index c6c3f3376..05070bdfa 100644
--- a/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/IdentityManager.java
+++ b/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/IdentityManager.java
@@ -337,6 +337,8 @@ private ProvidersInfo(Collection<IIdentityProvider> providers,
     public static final String WELLKNOWN_CONFIGURATIONUSERS_GROUP_DESCRIPTION = "Well-known configuration users' group which contains all configuration users as members.";
     public static final String WELLKNOWN_ACT_AS_USERS_GROUP_NAME = "ActAsUsers";
     public static final String WELLKNOWN_ACT_AS_USERS_GROUP_DESCRIPTION = "Well-known act-as users' group which contains all solution users that are allowed to act on behalf of person users.";
+    public static final String WELLKNOWN_TRUSTED_USERS_GROUP_NAME = "TrustedUsers";
+    public static final String WELLKNOWN_TRUSTED_USERS_GROUP_DESCRIPTION = "Well-known trusted users' group which contains all users with privileges just below administrator.";
     public static final String WELLKNOWN_EXTERNALIDP_USERS_GROUP_NAME =  "ExternalIDPUsers";
     public static final String WELLKNOWN_EXTERNALIDP_USERS_GROUP_DESCRIPTION = "Well-known external IDP users' group, which registers external IDP users as guests.";
     public static final String WELLKNOWN_CONTAINER_SERVICE_PRINCIPALS = "ServicePrincipals";
@@ -451,6 +453,9 @@ private void ensureValidTenant(String tenantName) throws Exception {
         ensureWellKnownGroupExists(tenantName, WELLKNOWN_ACT_AS_USERS_GROUP_NAME,
                 WELLKNOWN_ACT_AS_USERS_GROUP_DESCRIPTION);
 
+        ensureWellKnownGroupExists(tenantName, WELLKNOWN_TRUSTED_USERS_GROUP_NAME,
+                WELLKNOWN_TRUSTED_USERS_GROUP_DESCRIPTION);
+
         // Make sure we create ServicePrincipal containers to place solution users
         ensureContainerExists(tenantName, WELLKNOWN_CONTAINER_SERVICE_PRINCIPALS);
 
@@ -772,7 +777,7 @@ String getTenantSignatureAlgorithm(
             ValidateUtil.validateNotEmpty(tenantName, "Tenant name");
 
             logger.debug(String.format(
-                    "Band name [%s] will be set for tenant [%s]",
+                    "Brand name [%s] will be set for tenant [%s]",
                     brandName,
                     tenantName));
 
@@ -7321,9 +7326,9 @@ private void setTenantBrandName(String tenantName) throws Exception {
                         IS_LIGHTWAVE_KEY,
                         true);
             	if(isLightwave != 0 ) {
-                logger.info("Configuring branding name for Lightwave instance");
-            	_configStore.setBrandName(tenantName, "Photon Platform<br/>Single Sign-On");
-            }
+                    logger.info("Configuring branding name for Lightwave instance");
+                    _configStore.setBrandName(tenantName, "Lightwave Authentication Service");
+                }
             } finally {
                 rootRegistryKey.close();
             }
@@ -8668,6 +8673,26 @@ public void setTenantCredentials(String tenantName,
         }
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void setTenantCredentials(String tenantName,
+            IIdmServiceContext serviceContext) throws  IDMException
+    {
+        try(IDiagnosticsContextScope ctxt = getDiagnosticsContext(tenantName, serviceContext, "setTenantCredentials"))
+        {
+            try
+            {
+                this.setTenantCredentials(tenantName);
+            }
+            catch(Exception ex)
+            {
+                throw ServerUtils.getRemoteException(ex);
+            }
+        }
+    }
+
     /**
      * {@inheritDoc}
      */
diff --git a/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/provider/vmwdirectory/VMwareDirectoryProvider.java b/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/provider/vmwdirectory/VMwareDirectoryProvider.java
index ec0d5b553..66f1e8b10 100644
--- a/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/provider/vmwdirectory/VMwareDirectoryProvider.java
+++ b/vmidentity/idm/server/src/main/java/com/vmware/identity/idm/server/provider/vmwdirectory/VMwareDirectoryProvider.java
@@ -2877,82 +2877,86 @@ public Set<SolutionUser> findServicePrincipalsInGroup(String groupName,
 
                        // Search from Users by default
                        String solutionSearchBaseDn = val.toString();
-                       if (solutionSearchBaseDn.startsWith(ATTR_NAME_EXTERNAL_OBJECT_ID)) {
-                           // skip external group members
-                           continue;
-                       }
-                       solutionMessage =
-                               connection.search(solutionSearchBaseDn,
-                                       LdapScope.SCOPE_BASE, solutionFilter,
-                                       solutionAttrNames, false);
+                       try {
+                           solutionMessage =
+                                   connection.search(solutionSearchBaseDn,
+                                           LdapScope.SCOPE_BASE, solutionFilter,
+                                           solutionAttrNames, false);
 
-                       ILdapEntry[] solutionEntries = solutionMessage.getEntries();
+                           ILdapEntry[] solutionEntries = solutionMessage.getEntries();
 
-                       if (solutionEntries == null || solutionEntries.length == 0)
-                       {
-                           // This isn't a solution user
-                           continue;
-                       } else if (solutionEntries.length != 1)
-                       {
-                           throw new IllegalStateException(
-                                   "More than one solution user found");
-                       }
+                           if (solutionEntries == null || solutionEntries.length == 0)
+                           {
+                               // This isn't a solution user
+                               continue;
+                           } else if (solutionEntries.length != 1)
+                           {
+                               throw new IllegalStateException(
+                                       "More than one solution user found");
+                           }
 
-                       boolean isExternal = true;
-                       // check whether this member solution user lives in ldu, only then it is internal
-                       if (servicePrincipalsDN != null && !servicePrincipalsDN.isEmpty() &&
-                           solutionSearchBaseDn.toLowerCase().contains(servicePrincipalsDN.toLowerCase()))
-                       {
-                           isExternal= false;
-                       }
+                           boolean isExternal = true;
+                           // check whether this member solution user lives in ldu, only then it is internal
+                           if (servicePrincipalsDN != null && !servicePrincipalsDN.isEmpty() &&
+                               solutionSearchBaseDn.toLowerCase().contains(servicePrincipalsDN.toLowerCase()))
+                           {
+                               isExternal= false;
+                           }
 
-                       String accountName =
-                               getStringValue(solutionEntries[0]
-                                       .getAttributeValues(ATTR_NAME_ACCOUNT));
+                           String accountName =
+                                   getStringValue(solutionEntries[0]
+                                           .getAttributeValues(ATTR_NAME_ACCOUNT));
 
-                       String upn =
-                               getOptionalStringValue(solutionEntries[0]
-                                       .getAttributeValues(ATTR_USER_PRINCIPAL_NAME));
+                           String upn =
+                                   getOptionalStringValue(solutionEntries[0]
+                                           .getAttributeValues(ATTR_USER_PRINCIPAL_NAME));
 
-                       String description =
-                               getOptionalStringValue(solutionEntries[0]
-                                       .getAttributeValues(ATTR_SVC_DESCRIPTION));
+                           String description =
+                                   getOptionalStringValue(solutionEntries[0]
+                                           .getAttributeValues(ATTR_SVC_DESCRIPTION));
 
-                       if (containsSearchString(accountName, searchString) ||
-                           containsSearchString(upn, searchString) ||
-                           containsSearchString(description, searchString))
-                       {
-                           PrincipalId principal = null;
+                           if (containsSearchString(accountName, searchString) ||
+                               containsSearchString(upn, searchString) ||
+                               containsSearchString(description, searchString))
+                           {
+                               PrincipalId principal = null;
 
-                           principal =
-                                   this.getPrincipalId(upn, accountName, domainName);
+                               principal = this.getPrincipalId(upn, accountName, domainName);
 
-                           LdapValue[] certValue =
-                                   solutionEntries[0]
-                                           .getAttributeValues(ATTR_NAME_CERT);
+                               LdapValue[] certValue =
+                                       solutionEntries[0]
+                                               .getAttributeValues(ATTR_NAME_CERT);
 
-                           if (certValue == null || certValue[0] == null)
-                           {
-                               throw new IllegalStateException(
-                                           "Certificate content should exist.");
-                           }
+                               if (certValue == null || certValue[0] == null)
+                               {
+                                   throw new IllegalStateException(
+                                               "Certificate content should exist.");
+                               }
 
-                           X509Certificate cert = ServerUtils.getCertificateValue(certValue);
+                               X509Certificate cert = ServerUtils.getCertificateValue(certValue);
 
-                           SolutionDetail detail = new SolutionDetail(cert, description);
+                               SolutionDetail detail = new SolutionDetail(cert, description);
 
-                           int flag = getOptionalIntegerValue(
-                                               entries[0].getAttributeValues(ATTR_NAME_ACCOUNT_FLAGS),
-                                               0);
+                               int flag = getOptionalIntegerValue(
+                                                   entries[0].getAttributeValues(ATTR_NAME_ACCOUNT_FLAGS),
+                                                   0);
 
-                           boolean disabled =
-                                       ((flag & USER_ACCT_DISABLED_FLAG) != 0);
+                               boolean disabled = ((flag & USER_ACCT_DISABLED_FLAG) != 0);
 
-                           SolutionUser solution =
-                                       new SolutionUser(principal, this.getPrincipalAliasId(accountName), null,
-                                               detail, disabled, isExternal);
+                               SolutionUser solution =
+                                           new SolutionUser(principal, this.getPrincipalAliasId(accountName), null,
+                                                   detail, disabled, isExternal);
 
-                           solutions.add(solution);
+                               solutions.add(solution);
+                           }
+                       } catch (com.vmware.identity.interop.ldap.NoSuchObjectLdapException ne) {
+                           logger.warn(String.format("Group member with attribute [%s] does not exist.", solutionSearchBaseDn), ne);
+                           continue; // skip deleted or external members
+                       } finally {
+                           if (null != solutionMessage)
+                           {
+                               solutionMessage.close();
+                           }
                        }
                    }
                 }
@@ -2963,11 +2967,6 @@ public Set<SolutionUser> findServicePrincipalsInGroup(String groupName,
             {
                 message.close();
             }
-
-            if (null != solutionMessage)
-            {
-                solutionMessage.close();
-            }
         }
 
         return solutions;
diff --git a/vmidentity/idm/server/src/main/resources/MANIFEST.MF b/vmidentity/idm/server/src/main/resources/MANIFEST.MF
index 2471bd1a9..a09f68499 100644
--- a/vmidentity/idm/server/src/main/resources/MANIFEST.MF
+++ b/vmidentity/idm/server/src/main/resources/MANIFEST.MF
@@ -1,3 +1,3 @@
 Manifest-Version: 1.0
 Main-Class: com.vmware.identity.idm.server.IdmServer
-Class-Path: ./ vmware-identity-depends.jar vmware-identity-idm-interface.jar vmware-identity-platform.jar vmware-identity-diagnostics.jar
+Class-Path: ./ vmware-identity-idm-interface.jar vmware-identity-platform.jar vmware-identity-diagnostics.jar
diff --git a/vmidentity/install/MANIFEST.MF b/vmidentity/install/MANIFEST.MF
index 944d7e4a2..9375044f7 100644
--- a/vmidentity/install/MANIFEST.MF
+++ b/vmidentity/install/MANIFEST.MF
@@ -1,9 +1,9 @@
 Main-Class: com.vmware.identity.installer.STSInstaller
 Class-Path: ./ jna.jar platform.jar commons-logging-1.1.1.jar
- log4j-1.2.16.jar commons-lang-2.5.jar commons-codec-1.4.jar
+ log4j-1.2.17.jar commons-lang-2.5.jar commons-codec-1.4.jar
  authentication-framework.jar vmware-endpoint-certificate-store.jar
  vmware-vmca-client.jar vmware-identity-idm-interface.jar
  vmware-identity-idm-client.jar vmware-identity-platform.jar
- lookupservice-bindings-client.jar lookupservice.jar slf4j-api-1.7.2.jar
- slf4j-log4j12-1.7.2.jar httpclient-4.5.1.jar vmware-identity-diagnostics.jar
- log4j-api-2.2.jar log4j-core-2.2.jar vmware-identity-platform.jar
+ lookupservice-bindings-client.jar lookupservice.jar slf4j-api-1.7.25.jar
+ slf4j-log4j12-1.7.25.jar httpclient-4.5.1.jar vmware-identity-diagnostics.jar
+ log4j-api-2.8.2.jar log4j-core-2.8.2.jar vmware-identity-platform.jar
diff --git a/vmidentity/install/pom.xml b/vmidentity/install/pom.xml
index dda0a7f2f..7edb839e3 100644
--- a/vmidentity/install/pom.xml
+++ b/vmidentity/install/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-install</artifactId>
diff --git a/vmidentity/install/src/main/java/com/vmware/identity/configure/VMIdentityController.java b/vmidentity/install/src/main/java/com/vmware/identity/configure/VMIdentityController.java
index 76e406f85..b9691b820 100644
--- a/vmidentity/install/src/main/java/com/vmware/identity/configure/VMIdentityController.java
+++ b/vmidentity/install/src/main/java/com/vmware/identity/configure/VMIdentityController.java
@@ -327,7 +327,8 @@ private void checkVMDIRService() throws Exception {
             }
             finally
             {
-                connection.close();
+                if(connection != null)
+                   connection.close();
             }
         } catch(Exception ex){
             throw new ServiceCheckException("Failed to check directory service. Cannot configure IDM or STS.", ex);
diff --git a/vmidentity/install/src/main/java/com/vmware/identity/installer/ReleaseUtil.java b/vmidentity/install/src/main/java/com/vmware/identity/installer/ReleaseUtil.java
index a7d13b6b5..631b64255 100644
--- a/vmidentity/install/src/main/java/com/vmware/identity/installer/ReleaseUtil.java
+++ b/vmidentity/install/src/main/java/com/vmware/identity/installer/ReleaseUtil.java
@@ -22,10 +22,11 @@ public class ReleaseUtil {
 
     // Decision factor : The RPM name is vmware-sts in lightwave and vmware-identity-sts in Vsphere.
     // TODO : Add the product release in registry entry.
+    // TODO : Add support for non-RPM Linux distributions
     public static boolean isLightwave() throws IOException {
 
         boolean lightwave = true;
-        Process p = Runtime.getRuntime().exec("rpm -qa vmware-sts");
+        Process p = Runtime.getRuntime().exec("rpm -qa lightwave");
         String rpmInfo;
         try (BufferedReader reader = new BufferedReader(new InputStreamReader(
                 p.getInputStream()))) {
diff --git a/vmidentity/interop/idm/ad/Makefile.am b/vmidentity/interop/idm/ad/Makefile.am
index 775c6cf45..3a3ffb213 100644
--- a/vmidentity/interop/idm/ad/Makefile.am
+++ b/vmidentity/interop/idm/ad/Makefile.am
@@ -8,14 +8,14 @@ libidm_la_SOURCES = \
     sidcache.c
 
 libidm_la_CPPFLAGS = \
-    -I$(top_srcdir)/interop/include \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/interop/idm/include \
+    -I$(top_srcdir)/vmidentity/interop/include \
+    -I$(top_srcdir)/vmidentity/include \
+    -I$(top_srcdir)/vmidentity/interop/idm/include \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
 libidm_la_LIBADD = \
-    @top_builddir@/interop/idm/common/libidmcommon.la \
+    @top_builddir@/vmidentity/interop/idm/common/libidmcommon.la \
     @DCERPC_LIBS@ \
     @LWBASE_LIBS@ \
     @LWADVAPI_LIBS@ \
diff --git a/vmidentity/interop/idm/ad/server/Makefile.am b/vmidentity/interop/idm/ad/server/Makefile.am
index 6e6fd475e..ffbda64c8 100644
--- a/vmidentity/interop/idm/ad/server/Makefile.am
+++ b/vmidentity/interop/idm/ad/server/Makefile.am
@@ -5,7 +5,7 @@ test_logon_SOURCES = test-logon.c
 test_ldapbind_SOURCES = test-ldap-bind.c
 
 test_svr_LDADD = \
-    $(top_builddir)/interop/idm/ad/libidm.la \
+    $(top_builddir)/vmidentity/interop/idm/ad/libidm.la \
     -llsaclient \
     -llwnetclientapi \
     -llwnetcommon \
@@ -28,9 +28,9 @@ test_svr_LDADD = \
     @PTHREAD_LIBS@
 
 test_svr_CPPFLAGS = \
-    -I$(top_srcdir)/interop/include/public \
-    -I$(top_srcdir)/interop/include \
-    -I$(top_srcdir)/interop/idm/include \
+    -I$(top_srcdir)/vmidentity/interop/include/public \
+    -I$(top_srcdir)/vmidentity/interop/include \
+    -I$(top_srcdir)/vmidentity/interop/idm/include \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -41,7 +41,7 @@ test_svr_LDFLAGS = \
     @LW_LDFLAGS@
 
 test_logon_LDADD = \
-    $(top_builddir)/interop/idm/ad/libidm.la \
+    $(top_builddir)/vmidentity/interop/idm/ad/libidm.la \
     -llsaclient \
     -llwnetclientapi \
     -llwnetcommon \
@@ -65,9 +65,9 @@ test_logon_LDADD = \
 
 test_logon_CPPFLAGS = \
     -D_USE_GSS_SRP \
-    -I$(top_srcdir)/interop/include/public \
-    -I$(top_srcdir)/interop/include \
-    -I$(top_srcdir)/interop/idm/include \
+    -I$(top_srcdir)/vmidentity/interop/include/public \
+    -I$(top_srcdir)/vmidentity/interop/include \
+    -I$(top_srcdir)/vmidentity/interop/idm/include \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -78,9 +78,9 @@ test_logon_LDFLAGS = \
     @LW_LDFLAGS@
 
 test_ldapbind_CPPFLAGS = \
-    -I$(top_srcdir)/interop/include/public \
-    -I$(top_srcdir)/interop/include \
-    -I$(top_srcdir)/interop/idm/include \
+    -I$(top_srcdir)/vmidentity/interop/include/public \
+    -I$(top_srcdir)/vmidentity/interop/include \
+    -I$(top_srcdir)/vmidentity/interop/idm/include \
     @OPENSSL_INCLUDES@ \
     @LW_INCLUDES@
 
@@ -91,7 +91,7 @@ test_ldapbind_LDFLAGS = \
     @LW_LDFLAGS@
 
 test_ldapbind_LDADD = \
-    $(top_builddir)/interop/idm/ad/libidm.la \
+    $(top_builddir)/vmidentity/interop/idm/ad/libidm.la \
     -llsaclient \
     -llwnetclientapi \
     -llwnetcommon \
diff --git a/vmidentity/interop/idm/common/Makefile.am b/vmidentity/interop/idm/common/Makefile.am
index dde148752..3442e91a5 100644
--- a/vmidentity/interop/idm/common/Makefile.am
+++ b/vmidentity/interop/idm/common/Makefile.am
@@ -2,8 +2,8 @@
 noinst_LTLIBRARIES = libidmcommon.la
 
 libidmcommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
+    -I$(top_srcdir)/vmidentity/include \
+    -I$(top_srcdir)/vmidentity/include/public \
     -D_XOPEN_SOURCE=1 \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -18,4 +18,3 @@ libidmcommon_la_LIBADD = \
 libidmcommon_la_LDFLAGS = \
     -static \
     @LW_LDFLAGS@
-
diff --git a/vmidentity/interop/idm/localos/Makefile.am b/vmidentity/interop/idm/localos/Makefile.am
index 1247d7daa..e144c7992 100644
--- a/vmidentity/interop/idm/localos/Makefile.am
+++ b/vmidentity/interop/idm/localos/Makefile.am
@@ -2,9 +2,9 @@
 lib_LTLIBRARIES = libvmdirauth.la
 
 libvmdirauth_la_CPPFLAGS = \
-    -I$(top_srcdir)/include \
-    -I$(top_srcdir)/include/public \
-    -I$(top_srcdir)/interop/idm/include \
+    -I$(top_srcdir)/vmidentity/include \
+    -I$(top_srcdir)/vmidentity/include/public \
+    -I$(top_srcdir)/vmidentity/interop/idm/include \
     -D_XOPEN_SOURCE=1 \
     @LW_INCLUDES@ \
     @OPENSSL_INCLUDES@
@@ -14,7 +14,7 @@ libvmdirauth_la_SOURCES = \
     libmain.c
 
 libvmdirauth_la_LIBADD = \
-    @top_builddir@/interop/idm/common/libidmcommon.la \
+    @top_builddir@/vmidentity/interop/idm/common/libidmcommon.la \
     @LWBASE_LIBS@ \
     @SHADOW_LIBS@ \
     @CRYPT_LIBS@ \
@@ -23,4 +23,3 @@ libvmdirauth_la_LIBADD = \
 
 libvmdirauth_la_LDFLAGS = \
     @LW_LDFLAGS@
-
diff --git a/vmidentity/jdepends/Makefile.am b/vmidentity/jdepends/Makefile.am
deleted file mode 100644
index 4eb2ad867..000000000
--- a/vmidentity/jdepends/Makefile.am
+++ /dev/null
@@ -1,9 +0,0 @@
-
-CLASSPATH=@TOOLS_CLASSPATH@:@ANT_CLASSPATH@
-
-vmstsjars_DATA= \
-    @top_builddir@/vmware-sts/packages/vmware-identity-depends.jar
-
-@top_builddir@/vmware-sts/packages/vmware-identity-depends.jar:
-	@echo "Handling dependent jars"
-	cd @top_srcdir@/jdepends && @JAVA@ -Xmx128m -Xms64m -Xss1024k -classpath "$(CLASSPATH)" -Dant.home="@ANT_HOME@" org.apache.tools.ant.launch.Launcher $(ANT_VERBOSE) -f build.xml build
diff --git a/vmidentity/jdepends/build.xml b/vmidentity/jdepends/build.xml
deleted file mode 100644
index 4e4898432..000000000
--- a/vmidentity/jdepends/build.xml
+++ /dev/null
@@ -1,119 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Copyright 2011 VMware, Inc. All rights reserved.
--->
-<project name="vmware-identity-depends" default="build" basedir=".">
-
-  <property name="MAINSRCROOT" value="${basedir}/.." />
-  <property file="../product.properties" />
-  <property name="buildRoot" value="${MAINSRCROOT}/build/${PRODUCT_NAME}" />
-  <property name="depends" value="${MAINSRCROOT}/build/depends" />
-
-  <import file="${MAINSRCROOT}/build/ant/presets.xml" />
-  <import file="${MAINSRCROOT}/build/ant/defaults.xml" />
-
-  <target name="build">
-
-    <!-- Download all necessary dependencies for VMware STS (Secure Token Service) from Nexus Maven Repo -->
-
-    <copy todir="${depends}" verbose="true" overwrite="false" flatten="true">
-      <resources>
-
-        <!-- CORE (COMPILE_TIME + RUN_TIME)DEPENDENCIES -->
-        <url url="http://central.maven.org/maven2/args4j/args4j/2.33/args4j-2.33.jar" />
-        <url url="http://central.maven.org/maven2/asm/asm/3.3/asm-3.3.jar" />
-        <url url="http://central.maven.org/maven2/cglib/cglib/2.2/cglib-2.2.jar" />
-        <url url="http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-annotations/2.3.2/jackson-annotations-2.3.2.jar" />
-        <url url="http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.3.2/jackson-core-2.3.2.jar" />
-        <url url="http://central.maven.org/maven2/com/fasterxml/jackson/core/jackson-databind/2.3.2/jackson-databind-2.3.2.jar" />
-        <url url="http://central.maven.org/maven2/com/nimbusds/lang-tag/1.4/lang-tag-1.4.jar" />
-        <url url="http://central.maven.org/maven2/com/nimbusds/nimbus-jose-jwt/4.12/nimbus-jose-jwt-4.12.jar" />
-        <url url="http://central.maven.org/maven2/com/nimbusds/oauth2-oidc-sdk/4.9/oauth2-oidc-sdk-4.9.jar" />
-        <url url="http://central.maven.org/maven2/com/sun/net/httpserver/http/20070405/http-20070405.jar" />
-        <url url="http://central.maven.org/maven2/com/sun/xml/bind/jaxb-core/2.2.10/jaxb-core-2.2.10.jar" />
-        <url url="http://central.maven.org/maven2/commons-cli/commons-cli/1.2/commons-cli-1.2.jar" />
-        <url url="http://central.maven.org/maven2/commons-codec/commons-codec/1.4/commons-codec-1.4.jar" />
-        <url url="http://central.maven.org/maven2/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar" />
-        <url url="http://central.maven.org/maven2/commons-daemon/commons-daemon/1.0.10/commons-daemon-1.0.10.jar" />
-        <url url="http://central.maven.org/maven2/commons-io/commons-io/1.4/commons-io-1.4.jar" />
-        <url url="http://central.maven.org/maven2/commons-lang/commons-lang/2.5/commons-lang-2.5.jar" />
-        <url url="http://central.maven.org/maven2/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar" />
-        <url url="http://central.maven.org/maven2/commons-validator/commons-validator/1.4.0/commons-validator-1.4.0.jar" />
-        <url url="http://central.maven.org/maven2/commons-validator/commons-validator/1.4.0/commons-validator-1.4.0.jar" />
-        <url url="http://central.maven.org/maven2/javax/activation/activation/1.1.1/activation-1.1.1.jar" />
-        <url url="http://central.maven.org/maven2/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar" />
-        <url url="http://central.maven.org/maven2/javax/mail/mail/1.4.7/mail-1.4.7.jar" />
-        <url url="http://central.maven.org/maven2/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar" />
-        <url url="http://central.maven.org/maven2/javax/servlet/jsp/jstl/jstl-api/1.2/jstl-api-1.2.jar" />
-        <url url="http://central.maven.org/maven2/javax/xml/jsr173/1.0/jsr173-1.0.jar" />
-        <url url="http://central.maven.org/maven2/javax/xml/soap/saaj-api/1.3.1/saaj-api-1.3.1.jar" />
-        <url url="http://central.maven.org/maven2/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar" />
-        <url url="http://central.maven.org/maven2/log4j/log4j/1.2.16/log4j-1.2.16.jar" />
-        <url url="http://central.maven.org/maven2/net/java/dev/jna/jna-platform/4.2.1/jna-platform-4.2.1.jar" />
-        <url url="http://central.maven.org/maven2/net/java/dev/jna/jna/4.2.1/jna-4.2.1.jar" />
-        <url url="http://central.maven.org/maven2/net/jcip/jcip-annotations/1.0/jcip-annotations-1.0.jar" />
-        <url url="http://central.maven.org/maven2/net/minidev/json-smart/1.1.1/json-smart-1.1.1.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/commons/commons-lang3/3.3.1/commons-lang3-3.3.1.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/httpcomponents/httpclient/4.5.1/httpclient-4.5.1.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.3/httpcore-4.4.3.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-1.2-api/2.0.2/log4j-1.2-api-2.0.2.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-1.2-api/2.0.2/log4j-1.2-api-2.0.2.jar" /> 
-        <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-api/2.2/log4j-api-2.2.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.2/log4j-core-2.2.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl/2.2/log4j-slf4j-impl-2.2.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/tomcat/tomcat-catalina/7.0.25/tomcat-catalina-7.0.25.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/tomcat/tomcat-coyote/7.0.26/tomcat-coyote-7.0.26.jar" />
-        <url url="http://central.maven.org/maven2/org/apache/velocity/velocity/1.5/velocity-1.5.jar" />
-        <url url="http://central.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.47/bcpkix-jdk15on-1.47.jar" />
-        <url url="http://central.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.47/bcprov-jdk15on-1.47.jar" />
-        <url url="http://central.maven.org/maven2/org/glassfish/web/jstl-impl/1.2/jstl-impl-1.2.jar" />
-        <url url="http://central.maven.org/maven2/org/opensaml/opensaml/2.5.3/opensaml-2.5.3.jar" />
-        <url url="http://central.maven.org/maven2/org/opensaml/openws/1.4.4/openws-1.4.4.jar" />
-        <url url="http://central.maven.org/maven2/org/opensaml/xmltooling/1.3.4/xmltooling-1.3.4.jar" />
-        <url url="http://central.maven.org/maven2/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar" />
-        <url url="http://central.maven.org/maven2/org/slf4j/jcl-over-slf4j/1.7.10/jcl-over-slf4j-1.7.10.jar" />
-        <url url="http://central.maven.org/maven2/org/slf4j/slf4j-api/1.7.10/slf4j-api-1.7.10.jar" />
-        <url url="http://central.maven.org/maven2/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-aop/4.0.6.RELEASE/spring-aop-4.0.6.RELEASE.jar " />   
-        <url url="http://central.maven.org/maven2/org/springframework/spring-asm/3.0.5.RELEASE/spring-asm-3.0.5.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-beans/4.0.6.RELEASE/spring-beans-4.0.6.RELEASE.jar" /> 
-        <url url="http://central.maven.org/maven2/org/springframework/spring-context/4.0.6.RELEASE/spring-context-4.0.6.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-core/4.0.6.RELEASE/spring-core-4.0.6.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-expression/4.0.6.RELEASE/spring-expression-4.0.6.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-test/4.0.6.RELEASE/spring-test-4.0.6.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-web/4.0.6.RELEASE/spring-web-4.0.6.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/org/springframework/spring-webmvc/4.0.6.RELEASE/spring-webmvc-4.0.6.RELEASE.jar" />
-        <url url="http://central.maven.org/maven2/xalan/serializer/2.7.1/serializer-2.7.1.jar" />
-        <url url="http://central.maven.org/maven2/xalan/xalan/2.7.1/xalan-2.7.1.jar" />
-        <url url="http://central.maven.org/maven2/xerces/xercesImpl/2.10.0/xercesImpl-2.10.0.jar" />
-        <url url="http://central.maven.org/maven2/xml-apis/xml-apis/1.4.01/xml-apis-1.4.01.jar" />
-        <url url="http://repo.maven.apache.org/maven2/org/apache/santuario/xmlsec/1.4.5/xmlsec-1.4.5.jar" />
-
-        <!-- TEST DEPENDENCIES -->
-        <url url="http://central.maven.org/maven2/org/powermock/powermock-easymock-release-full/1.6.2/powermock-easymock-release-full-1.6.2-full.jar" />
-        <url url="http://central.maven.org/maven2/junit/junit/4.4/junit-4.4.jar" />
-        <url url="http://central.maven.org/maven2/org/easymock/easymock/3.0/easymock-3.0.jar" />
-        <url url="http://central.maven.org/maven2/com/cenqua/clover/clover/3.0.2/clover-3.0.2.jar" />
-        <url url="http://central.maven.org/maven2/ant-contrib/ant-contrib/1.0b3/ant-contrib-1.0b3.jar" />
-        <url url="http://central.maven.org/maven2/org/objenesis/objenesis/1.2/objenesis-1.2.jar" />
-      </resources>
-    </copy>
-
-    <move file="${depends}/jna-4.2.1.jar" tofile="${depends}/jna.jar" />
-    <move file="${depends}/jna-platform-4.2.1.jar" tofile="${depends}/platform.jar" />
-
-    <jar destfile="${buildRoot}/vmware-identity-depends-tmp.jar" >
-      <zipgroupfileset dir="${depends}" includes="*.jar" />
-    </jar>
-    <jar destfile="${build.packages}/vmware-identity-depends.jar" >
-      <zipfileset src="${buildRoot}/vmware-identity-depends-tmp.jar">
-        <exclude name="META-INF/*.SF" />
-      </zipfileset>
-    </jar>
-  </target>
-
-  <target name="clean">
-    <delete dir="${buildRoot}" />
-  </target>
-
-</project>
diff --git a/vmidentity/jdepends/pom.xml b/vmidentity/jdepends/pom.xml
deleted file mode 100644
index c0a6d5bbf..000000000
--- a/vmidentity/jdepends/pom.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-
-  <parent>
-    <groupId>com.vmware.identity</groupId>
-    <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
-  </parent>
-
-  <artifactId>vmware-identity-depends</artifactId>
-  <packaging>jar</packaging>
-  <name>VMware Identity Consolidated Dependency</name>
-
-  <build>
-    <finalName>${project.artifactId}</finalName>
-    <plugins>
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-antrun-plugin</artifactId>
-        <version>1.8</version>
-        <dependencies>
-          <dependency>
-            <groupId>com.sun</groupId>
-            <artifactId>tools</artifactId>
-            <version>${java.version}</version>
-            <scope>system</scope>
-            <systemPath>${java.home}/../lib/tools.jar</systemPath>
-          </dependency>
-        </dependencies>
-        <executions>
-          <execution>
-            <id>build-ant</id>
-            <phase>compile</phase>
-            <goals>
-              <goal>run</goal>
-            </goals>
-            <configuration>
-              <tasks>
-                <ant antfile="./build.xml" target="build"/>
-              </tasks>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
-
-      <!-- Provided maven interface to build this project with ant, so install -->
-      <!-- these jars into maven repo with install plugin                      -->
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-install-plugin</artifactId>
-        <version>2.5.1</version>
-        <executions>
-          <execution>
-            <id>admin-interfaces</id>
-            <goals>
-              <goal>install-file</goal>
-            </goals>
-            <phase>package</phase>
-            <configuration>
-              <groupId>com.vmware.identity</groupId>
-              <artifactId>vmware-identity-depends</artifactId>
-              <version>${vmware.version}</version>
-              <packaging>jar</packaging>
-              <file>${outputDirectory}/vmware-identity-depends.jar</file>
-            </configuration>
-          </execution>
-          <execution>
-            <id>default-install</id>
-            <phase>none</phase>
-          </execution>
-        </executions>
-      </plugin>
-    </plugins>
-  </build>
-
-  <properties>
-    <rootDirectory>${basedir}/..</rootDirectory>
-  </properties>
-
-</project>
diff --git a/vmidentity/lightwaveui/build.properties b/vmidentity/lightwaveui/build.properties
index 2608192a2..29e30f405 100644
--- a/vmidentity/lightwaveui/build.properties
+++ b/vmidentity/lightwaveui/build.properties
@@ -1,2 +1,2 @@
-lib.excludes.pattern=WEB-INF/lib/afd-heartbeat*.jar,WEB-INF/lib/ant*.jar,WEB-INF/lib/asm-tree*.jar,WEB-INF/lib/aopalliance-1.0*.jar,WEB-INF/lib/bat*.jar,WEB-INF/lib/bcprov-jdk15-1.46*.jar,WEB-INF/lib/bsh*.jar,WEB-INF/lib/client-domain-controller*.jar,WEB-INF/lib/cobertura*.jar,WEB-INF/lib/commons-beanutils-core*.jar,WEB-INF/lib/commons-conf*.jar,WEB-INF/lib/commons-configuration*.jar,WEB-INF/lib/commons-file*.jar,WEB-INF/lib/commons-fileupload*.jar,WEB-INF/lib/dom4j*.jar,WEB-INF/lib/istack*.jar,WEB-INF/lib/javax.annotation-3.1*.jar,WEB-INF/lib/javax.inject-1*.jar,WEB-INF/lib/jaxen*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/jstl-1.2*.jar,WEB-INF/lib/log4j-1.2.16*.jar,WEB-INF/lib/neko*.jar,WEB-INF/lib/objenesis*.jar,WEB-INF/lib/oro*.jar,WEB-INF/lib/relax*.jar,WEB-INF/lib/samltoken*tests*.jar,WEB-INF/lib/serializer-2.7.2*.jar,WEB-INF/lib/stax-api*.jar,WEB-INF/lib/t*.jar,WEB-INF/lib/xmlParser*.jar,WEB-INF/lib/xom*.jar,WEB-INF/lib/xml-apis-ext*.jar
+lib.excludes.pattern=WEB-INF/lib/afd-heartbeat*.jar,WEB-INF/lib/ant*.jar,WEB-INF/lib/asm-tree*.jar,WEB-INF/lib/aopalliance-1.0*.jar,WEB-INF/lib/bat*.jar,WEB-INF/lib/bcprov-jdk15-1.46*.jar,WEB-INF/lib/bsh*.jar,WEB-INF/lib/client-domain-controller*.jar,WEB-INF/lib/cobertura*.jar,WEB-INF/lib/commons-beanutils*.jar,WEB-INF/lib/commons-conf*.jar,WEB-INF/lib/commons-configuration*.jar,WEB-INF/lib/commons-file*.jar,WEB-INF/lib/commons-fileupload*.jar,WEB-INF/lib/dom4j*.jar,WEB-INF/lib/istack*.jar,WEB-INF/lib/javax.annotation-3.1*.jar,WEB-INF/lib/javax.inject-1*.jar,WEB-INF/lib/jaxen*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/jstl-1.2*.jar,WEB-INF/lib/log4j-1.2.17*.jar,WEB-INF/lib/neko*.jar,WEB-INF/lib/objenesis*.jar,WEB-INF/lib/oro*.jar,WEB-INF/lib/relax*.jar,WEB-INF/lib/samltoken*tests*.jar,WEB-INF/lib/serializer-2.7.2*.jar,WEB-INF/lib/stax-api*.jar,WEB-INF/lib/t*.jar,WEB-INF/lib/xmlParser*.jar,WEB-INF/lib/xom*.jar,WEB-INF/lib/xml-apis-ext*.jar
 
diff --git a/vmidentity/lightwaveui/pom.xml b/vmidentity/lightwaveui/pom.xml
index daf6701cf..a06f43cbb 100644
--- a/vmidentity/lightwaveui/pom.xml
+++ b/vmidentity/lightwaveui/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>lightwaveui</artifactId>
@@ -154,22 +154,9 @@
       <artifactId>spring-webmvc</artifactId>
       <version>${spring.release.version}</version>
     </dependency>
-
-
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>jstl-api</artifactId>
-      <version>${jstl.version}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
     <dependency>
       <groupId>org.glassfish.web</groupId>
-      <artifactId>jstl-impl</artifactId>
+      <artifactId>javax.servlet.jsp.jstl</artifactId>
       <version>${jstl.version}</version>
       <exclusions>
         <exclusion>
@@ -235,6 +222,11 @@
     </dependency>
 
     <!-- Opensaml dependencies -->
+    <dependency>
+      <groupId>commons-beanutils</groupId>
+      <artifactId>commons-beanutils</artifactId>
+      <version>${commons.beanutils.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
@@ -245,6 +237,11 @@
       <artifactId>commons-collections</artifactId>
       <version>${commons.collection.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-fileupload</groupId>
+      <artifactId>commons-fileupload</artifactId>
+      <version>${commons.fileupload.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-httpclient</groupId>
       <artifactId>commons-httpclient</artifactId>
@@ -259,6 +256,12 @@
       <groupId>org.owasp.esapi</groupId>
       <artifactId>esapi</artifactId>
       <version>${esapi.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>net.jcip</groupId>
diff --git a/vmidentity/lightwaveui/src/main/webapp/index.jsp b/vmidentity/lightwaveui/src/main/webapp/index.jsp
index 36511ebee..17d0ce345 100644
--- a/vmidentity/lightwaveui/src/main/webapp/index.jsp
+++ b/vmidentity/lightwaveui/src/main/webapp/index.jsp
@@ -23,30 +23,30 @@
 	<link rel="stylesheet" href="app/css/lightwave-ui.1.0.2.0.min.css">
 	<link rel="stylesheet" href="app/css/lightwave-ui-vendor.1.0.2.0.min.css">
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-	<title>Photon Authentication Services</title>
+	<title>Cascade Identity Services</title>
 	<style>
 	.headerLogo {
 		margin-left:10px;
 		border-radius: 3px;
 		margin-right:5px;
 	}
-	
+
 	.contentRow{
 		margin-top:100px;
 		width:900px;
 	}
-	
+
 	.formRow {
 		margin-top:40px;
 		width:400px;
 		margin-left:100px;
 	}
-	
+
 	.margin-top-bottom-10{
 		margin-top:10px;
 		margin-bottom: 10px;
 	}
-	
+
 	.caption {
 		font-size: 24px;
 	    line-height: 48px;
@@ -58,15 +58,14 @@
 </head>
 <body>
 <div class="container">
-	
+
 		<div class="title">
 		 	<img src="app/assets/vm_logo.png" height="32px;" width="32px" class="headerLogo"/>
-			Photon Authentication Services
-			<sup><small>beta</small></sup>
+			Cascade Identity Services
 		</div>
 		<div class="row content contentRow">
-			<div class="caption">Photon Authentication Services</div><br/>
-			<strong>Photon Authentication Services </strong> comprises of enterprise-grade, identity and access management services targeting critical security, governance & compliance challenges for Cloud-Native Apps within the enterprise.
+			<div class="caption">Cascade Identity Services</div><br/>
+			<strong>Cascade Identity Services </strong> comprises of enterprise-grade, identity and access management services targeting critical security, governance & compliance challenges for Cloud-Native Apps within the enterprise.
 			<br/><br/>
 			Lightwave includes ...<br/><br/>
 			<div><strong>Lightwave Authentication Services </strong><br/>A cloud authentication services with support for Kerberos, OAuth 2.0/OpenID Connect, SAML and WSTrust.</div><br/>
@@ -76,16 +75,23 @@
 		</div>
 		<div class="row content formRow">
 			<span>Enter the tenant you want to login to </span>
-			<input type="text" id="tenant" class="form-control pull-left margin-top-bottom-10" 
-				   placeholder="lightwave.local" /> 
+			<input type="text" id="tenant" class="form-control pull-left margin-top-bottom-10"
+				   placeholder="lightwave.local" />
 			<button type="submit" class="btn btn-primary pull-right"
 				    onclick="redirect()">Take me to Lightwave Admin ...</button>
 		</div>
 </div>
 <script type="text/javascript">
+document.getElementById("tenant")
+    .addEventListener("keyup", function(event) {
+    event.preventDefault();
+    if (event.keyCode == 13) {
+        redirect();
+    }
+});
 function redirect(){
 	var tenantName = document.getElementById('tenant').value;
-	
+
 	if(tenantName == null || tenantName == '')
 		{
 			alert('Enter a tenant name');
diff --git a/vmidentity/lightwaveui/web/app/index.html b/vmidentity/lightwaveui/web/app/index.html
index 5140921ce..4c1ca8891 100644
--- a/vmidentity/lightwaveui/web/app/index.html
+++ b/vmidentity/lightwaveui/web/app/index.html
@@ -38,8 +38,7 @@
     <div ng-controller="ProfileCntrl">
         <div class="title">
           <img src="assets/vm_logo.png" height="32px;" width="32px" style="margin-left:10px;border-radius: 3px;margin-right:5px;"/>
-            Lightwave Admin
-            <sup><small>Beta</small></sup>
+            Cascade Admin
             <div ng-show="globals.currentUser" class="logged-in-user ng-cloak">
                 {{globals.currentUser.username}}
                 <button type="button"
diff --git a/vmidentity/m4/README b/vmidentity/m4/README
deleted file mode 100644
index e69de29bb..000000000
diff --git a/vmidentity/m4/as-ac-expand.m4 b/vmidentity/m4/as-ac-expand.m4
deleted file mode 100644
index 8bd95a85c..000000000
--- a/vmidentity/m4/as-ac-expand.m4
+++ /dev/null
@@ -1,50 +0,0 @@
-dnl as-ac-expand.m4 0.2.0                                   -*- autoconf -*-
-dnl autostars m4 macro for expanding directories using configure's prefix
-
-dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
-
-dnl Copying and distribution of this file, with or without modification,
-dnl are permitted in any medium without royalty provided the copyright
-dnl notice and this notice are preserved.
-
-dnl AS_AC_EXPAND(VAR, CONFIGURE_VAR)
-
-dnl example:
-dnl AS_AC_EXPAND(SYSCONFDIR, $sysconfdir)
-dnl will set SYSCONFDIR to /usr/local/etc if prefix=/usr/local
-
-AC_DEFUN([AS_AC_EXPAND],
-[
-  EXP_VAR=[$1]
-  FROM_VAR=[$2]
-
-  dnl first expand prefix and exec_prefix if necessary
-  prefix_save=$prefix
-  exec_prefix_save=$exec_prefix
-
-  dnl if no prefix given, then use /usr/local, the default prefix
-  if test "x$prefix" = "xNONE"; then
-    prefix="$ac_default_prefix"
-  fi
-  dnl if no exec_prefix given, then use prefix
-  if test "x$exec_prefix" = "xNONE"; then
-    exec_prefix=$prefix
-  fi
-
-  full_var="$FROM_VAR"
-  dnl loop until it doesn't change anymore
-  while true; do
-    new_full_var="`eval echo $full_var`"
-    if test "x$new_full_var" = "x$full_var"; then break; fi
-    full_var=$new_full_var
-  done
-
-  dnl clean up
-  full_var=$new_full_var
-  AC_SUBST([$1], "$full_var")
-
-  dnl restore prefix and exec_prefix
-  prefix=$prefix_save
-  exec_prefix=$exec_prefix_save
-])
-
diff --git a/vmidentity/m4/libtool.m4 b/vmidentity/m4/libtool.m4
deleted file mode 100644
index a3bc337b7..000000000
--- a/vmidentity/m4/libtool.m4
+++ /dev/null
@@ -1,8369 +0,0 @@
-# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
-#
-#   Copyright (C) 1996-2001, 2003-2015 Free Software Foundation, Inc.
-#   Written by Gordon Matzigkeit, 1996
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-m4_define([_LT_COPYING], [dnl
-# Copyright (C) 2014 Free Software Foundation, Inc.
-# This is free software; see the source for copying conditions.  There is NO
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-# GNU Libtool is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of of the License, or
-# (at your option) any later version.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program or library that is built
-# using GNU Libtool, you may include this file under the  same
-# distribution terms that you use for the rest of that program.
-#
-# GNU Libtool is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-])
-
-# serial 58 LT_INIT
-
-
-# LT_PREREQ(VERSION)
-# ------------------
-# Complain and exit if this libtool version is less that VERSION.
-m4_defun([LT_PREREQ],
-[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
-       [m4_default([$3],
-		   [m4_fatal([Libtool version $1 or higher is required],
-		             63)])],
-       [$2])])
-
-
-# _LT_CHECK_BUILDDIR
-# ------------------
-# Complain if the absolute build directory name contains unusual characters
-m4_defun([_LT_CHECK_BUILDDIR],
-[case `pwd` in
-  *\ * | *\	*)
-    AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
-esac
-])
-
-
-# LT_INIT([OPTIONS])
-# ------------------
-AC_DEFUN([LT_INIT],
-[AC_PREREQ([2.62])dnl We use AC_PATH_PROGS_FEATURE_CHECK
-AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl
-AC_BEFORE([$0], [LT_LANG])dnl
-AC_BEFORE([$0], [LT_OUTPUT])dnl
-AC_BEFORE([$0], [LTDL_INIT])dnl
-m4_require([_LT_CHECK_BUILDDIR])dnl
-
-dnl Autoconf doesn't catch unexpanded LT_ macros by default:
-m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
-m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
-dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
-dnl unless we require an AC_DEFUNed macro:
-AC_REQUIRE([LTOPTIONS_VERSION])dnl
-AC_REQUIRE([LTSUGAR_VERSION])dnl
-AC_REQUIRE([LTVERSION_VERSION])dnl
-AC_REQUIRE([LTOBSOLETE_VERSION])dnl
-m4_require([_LT_PROG_LTMAIN])dnl
-
-_LT_SHELL_INIT([SHELL=${CONFIG_SHELL-/bin/sh}])
-
-dnl Parse OPTIONS
-_LT_SET_OPTIONS([$0], [$1])
-
-# This can be used to rebuild libtool when needed
-LIBTOOL_DEPS=$ltmain
-
-# Always use our own libtool.
-LIBTOOL='$(SHELL) $(top_builddir)/libtool'
-AC_SUBST(LIBTOOL)dnl
-
-_LT_SETUP
-
-# Only expand once:
-m4_define([LT_INIT])
-])# LT_INIT
-
-# Old names:
-AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
-AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
-dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
-
-
-# _LT_PREPARE_CC_BASENAME
-# -----------------------
-m4_defun([_LT_PREPARE_CC_BASENAME], [
-# Calculate cc_basename.  Skip known compiler wrappers and cross-prefix.
-func_cc_basename ()
-{
-    for cc_temp in @S|@*""; do
-      case $cc_temp in
-        compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
-        distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
-        \-*) ;;
-        *) break;;
-      esac
-    done
-    func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"`
-}
-])# _LT_PREPARE_CC_BASENAME
-
-
-# _LT_CC_BASENAME(CC)
-# -------------------
-# It would be clearer to call AC_REQUIREs from _LT_PREPARE_CC_BASENAME,
-# but that macro is also expanded into generated libtool script, which
-# arranges for $SED and $ECHO to be set by different means.
-m4_defun([_LT_CC_BASENAME],
-[m4_require([_LT_PREPARE_CC_BASENAME])dnl
-AC_REQUIRE([_LT_DECL_SED])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-func_cc_basename $1
-cc_basename=$func_cc_basename_result
-])
-
-
-# _LT_FILEUTILS_DEFAULTS
-# ----------------------
-# It is okay to use these file commands and assume they have been set
-# sensibly after 'm4_require([_LT_FILEUTILS_DEFAULTS])'.
-m4_defun([_LT_FILEUTILS_DEFAULTS],
-[: ${CP="cp -f"}
-: ${MV="mv -f"}
-: ${RM="rm -f"}
-])# _LT_FILEUTILS_DEFAULTS
-
-
-# _LT_SETUP
-# ---------
-m4_defun([_LT_SETUP],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_REQUIRE([_LT_PREPARE_SED_QUOTE_VARS])dnl
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])dnl
-
-_LT_DECL([], [PATH_SEPARATOR], [1], [The PATH separator for the build system])dnl
-dnl
-_LT_DECL([], [host_alias], [0], [The host system])dnl
-_LT_DECL([], [host], [0])dnl
-_LT_DECL([], [host_os], [0])dnl
-dnl
-_LT_DECL([], [build_alias], [0], [The build system])dnl
-_LT_DECL([], [build], [0])dnl
-_LT_DECL([], [build_os], [0])dnl
-dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-dnl
-AC_REQUIRE([AC_PROG_LN_S])dnl
-test -z "$LN_S" && LN_S="ln -s"
-_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
-dnl
-AC_REQUIRE([LT_CMD_MAX_LEN])dnl
-_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
-_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
-dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PATH_CONVERSION_FUNCTIONS])dnl
-m4_require([_LT_CMD_RELOAD])dnl
-m4_require([_LT_CHECK_MAGIC_METHOD])dnl
-m4_require([_LT_CHECK_SHAREDLIB_FROM_LINKLIB])dnl
-m4_require([_LT_CMD_OLD_ARCHIVE])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_WITH_SYSROOT])dnl
-m4_require([_LT_CMD_TRUNCATE])dnl
-
-_LT_CONFIG_LIBTOOL_INIT([
-# See if we are running on zsh, and set the options that allow our
-# commands through without removal of \ escapes INIT.
-if test -n "\${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-])
-if test -n "${ZSH_VERSION+set}"; then
-   setopt NO_GLOB_SUBST
-fi
-
-_LT_CHECK_OBJDIR
-
-m4_require([_LT_TAG_COMPILER])dnl
-
-case $host_os in
-aix3*)
-  # AIX sometimes has problems with the GCC collect2 program.  For some
-  # reason, if we set the COLLECT_NAMES environment variable, the problems
-  # vanish in a puff of smoke.
-  if test set != "${COLLECT_NAMES+set}"; then
-    COLLECT_NAMES=
-    export COLLECT_NAMES
-  fi
-  ;;
-esac
-
-# Global variables:
-ofile=libtool
-can_build_shared=yes
-
-# All known linkers require a '.a' archive for static linking (except MSVC,
-# which needs '.lib').
-libext=a
-
-with_gnu_ld=$lt_cv_prog_gnu_ld
-
-old_CC=$CC
-old_CFLAGS=$CFLAGS
-
-# Set sane defaults for various variables
-test -z "$CC" && CC=cc
-test -z "$LTCC" && LTCC=$CC
-test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
-test -z "$LD" && LD=ld
-test -z "$ac_objext" && ac_objext=o
-
-_LT_CC_BASENAME([$compiler])
-
-# Only perform the check for file, if the check method requires it
-test -z "$MAGIC_CMD" && MAGIC_CMD=file
-case $deplibs_check_method in
-file_magic*)
-  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
-    _LT_PATH_MAGIC
-  fi
-  ;;
-esac
-
-# Use C for the default configuration in the libtool script
-LT_SUPPORTED_TAG([CC])
-_LT_LANG_C_CONFIG
-_LT_LANG_DEFAULT_CONFIG
-_LT_CONFIG_COMMANDS
-])# _LT_SETUP
-
-
-# _LT_PREPARE_SED_QUOTE_VARS
-# --------------------------
-# Define a few sed substitution that help us do robust quoting.
-m4_defun([_LT_PREPARE_SED_QUOTE_VARS],
-[# Backslashify metacharacters that are still active within
-# double-quoted strings.
-sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
-
-# Same as above, but do not quote variable references.
-double_quote_subst='s/\([["`\\]]\)/\\\1/g'
-
-# Sed substitution to delay expansion of an escaped shell variable in a
-# double_quote_subst'ed string.
-delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
-
-# Sed substitution to delay expansion of an escaped single quote.
-delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
-
-# Sed substitution to avoid accidental globbing in evaled expressions
-no_glob_subst='s/\*/\\\*/g'
-])
-
-# _LT_PROG_LTMAIN
-# ---------------
-# Note that this code is called both from 'configure', and 'config.status'
-# now that we use AC_CONFIG_COMMANDS to generate libtool.  Notably,
-# 'config.status' has no value for ac_aux_dir unless we are using Automake,
-# so we pass a copy along to make sure it has a sensible value anyway.
-m4_defun([_LT_PROG_LTMAIN],
-[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
-_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
-ltmain=$ac_aux_dir/ltmain.sh
-])# _LT_PROG_LTMAIN
-
-
-## ------------------------------------- ##
-## Accumulate code for creating libtool. ##
-## ------------------------------------- ##
-
-# So that we can recreate a full libtool script including additional
-# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
-# in macros and then make a single call at the end using the 'libtool'
-# label.
-
-
-# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
-# ----------------------------------------
-# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL_INIT],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_INIT])
-
-
-# _LT_CONFIG_LIBTOOL([COMMANDS])
-# ------------------------------
-# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
-m4_define([_LT_CONFIG_LIBTOOL],
-[m4_ifval([$1],
-          [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
-                     [$1
-])])])
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
-
-
-# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
-# -----------------------------------------------------
-m4_defun([_LT_CONFIG_SAVE_COMMANDS],
-[_LT_CONFIG_LIBTOOL([$1])
-_LT_CONFIG_LIBTOOL_INIT([$2])
-])
-
-
-# _LT_FORMAT_COMMENT([COMMENT])
-# -----------------------------
-# Add leading comment marks to the start of each line, and a trailing
-# full-stop to the whole comment if one is not present already.
-m4_define([_LT_FORMAT_COMMENT],
-[m4_ifval([$1], [
-m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
-              [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
-)])
-
-
-
-## ------------------------ ##
-## FIXME: Eliminate VARNAME ##
-## ------------------------ ##
-
-
-# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
-# -------------------------------------------------------------------
-# CONFIGNAME is the name given to the value in the libtool script.
-# VARNAME is the (base) name used in the configure script.
-# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
-# VARNAME.  Any other value will be used directly.
-m4_define([_LT_DECL],
-[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
-    [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
-	[m4_ifval([$1], [$1], [$2])])
-    lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
-    m4_ifval([$4],
-	[lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
-    lt_dict_add_subkey([lt_decl_dict], [$2],
-	[tagged?], [m4_ifval([$5], [yes], [no])])])
-])
-
-
-# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
-# --------------------------------------------------------
-m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
-
-
-# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_tag_varnames],
-[_lt_decl_filter([tagged?], [yes], $@)])
-
-
-# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
-# ---------------------------------------------------------
-m4_define([_lt_decl_filter],
-[m4_case([$#],
-  [0], [m4_fatal([$0: too few arguments: $#])],
-  [1], [m4_fatal([$0: too few arguments: $#: $1])],
-  [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
-  [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
-  [lt_dict_filter([lt_decl_dict], $@)])[]dnl
-])
-
-
-# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
-# --------------------------------------------------
-m4_define([lt_decl_quote_varnames],
-[_lt_decl_filter([value], [1], $@)])
-
-
-# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_dquote_varnames],
-[_lt_decl_filter([value], [2], $@)])
-
-
-# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
-# ---------------------------------------------------
-m4_define([lt_decl_varnames_tagged],
-[m4_assert([$# <= 2])dnl
-_$0(m4_quote(m4_default([$1], [[, ]])),
-    m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
-    m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
-m4_define([_lt_decl_varnames_tagged],
-[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
-
-
-# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
-# ------------------------------------------------
-m4_define([lt_decl_all_varnames],
-[_$0(m4_quote(m4_default([$1], [[, ]])),
-     m4_if([$2], [],
-	   m4_quote(lt_decl_varnames),
-	m4_quote(m4_shift($@))))[]dnl
-])
-m4_define([_lt_decl_all_varnames],
-[lt_join($@, lt_decl_varnames_tagged([$1],
-			lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
-])
-
-
-# _LT_CONFIG_STATUS_DECLARE([VARNAME])
-# ------------------------------------
-# Quote a variable value, and forward it to 'config.status' so that its
-# declaration there will have the same value as in 'configure'.  VARNAME
-# must have a single quote delimited value for this to work.
-m4_define([_LT_CONFIG_STATUS_DECLARE],
-[$1='`$ECHO "$][$1" | $SED "$delay_single_quote_subst"`'])
-
-
-# _LT_CONFIG_STATUS_DECLARATIONS
-# ------------------------------
-# We delimit libtool config variables with single quotes, so when
-# we write them to config.status, we have to be sure to quote all
-# embedded single quotes properly.  In configure, this macro expands
-# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
-#
-#    <var>='`$ECHO "$<var>" | $SED "$delay_single_quote_subst"`'
-m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
-    [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAGS
-# ----------------
-# Output comment and list of tags supported by the script
-m4_defun([_LT_LIBTOOL_TAGS],
-[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
-available_tags='_LT_TAGS'dnl
-])
-
-
-# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
-# -----------------------------------
-# Extract the dictionary values for VARNAME (optionally with TAG) and
-# expand to a commented shell variable setting:
-#
-#    # Some comment about what VAR is for.
-#    visible_name=$lt_internal_name
-m4_define([_LT_LIBTOOL_DECLARE],
-[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
-					   [description])))[]dnl
-m4_pushdef([_libtool_name],
-    m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
-m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
-    [0], [_libtool_name=[$]$1],
-    [1], [_libtool_name=$lt_[]$1],
-    [2], [_libtool_name=$lt_[]$1],
-    [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
-m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
-])
-
-
-# _LT_LIBTOOL_CONFIG_VARS
-# -----------------------
-# Produce commented declarations of non-tagged libtool config variables
-# suitable for insertion in the LIBTOOL CONFIG section of the 'libtool'
-# script.  Tagged libtool config variables (even for the LIBTOOL CONFIG
-# section) are produced by _LT_LIBTOOL_TAG_VARS.
-m4_defun([_LT_LIBTOOL_CONFIG_VARS],
-[m4_foreach([_lt_var],
-    m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
-
-
-# _LT_LIBTOOL_TAG_VARS(TAG)
-# -------------------------
-m4_define([_LT_LIBTOOL_TAG_VARS],
-[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
-    [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
-
-
-# _LT_TAGVAR(VARNAME, [TAGNAME])
-# ------------------------------
-m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
-
-
-# _LT_CONFIG_COMMANDS
-# -------------------
-# Send accumulated output to $CONFIG_STATUS.  Thanks to the lists of
-# variables for single and double quote escaping we saved from calls
-# to _LT_DECL, we can put quote escaped variables declarations
-# into 'config.status', and then the shell code to quote escape them in
-# for loops in 'config.status'.  Finally, any additional code accumulated
-# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
-m4_defun([_LT_CONFIG_COMMANDS],
-[AC_PROVIDE_IFELSE([LT_OUTPUT],
-	dnl If the libtool generation code has been placed in $CONFIG_LT,
-	dnl instead of duplicating it all over again into config.status,
-	dnl then we will have config.status run $CONFIG_LT later, so it
-	dnl needs to know what name is stored there:
-        [AC_CONFIG_COMMANDS([libtool],
-            [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
-    dnl If the libtool generation code is destined for config.status,
-    dnl expand the accumulated commands and init code now:
-    [AC_CONFIG_COMMANDS([libtool],
-        [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
-])#_LT_CONFIG_COMMANDS
-
-
-# Initialize.
-m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
-[
-
-# The HP-UX ksh and POSIX shell print the target directory to stdout
-# if CDPATH is set.
-(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
-
-sed_quote_subst='$sed_quote_subst'
-double_quote_subst='$double_quote_subst'
-delay_variable_subst='$delay_variable_subst'
-_LT_CONFIG_STATUS_DECLARATIONS
-LTCC='$LTCC'
-LTCFLAGS='$LTCFLAGS'
-compiler='$compiler_DEFAULT'
-
-# A function that is used when there is no print builtin or printf.
-func_fallback_echo ()
-{
-  eval 'cat <<_LTECHO_EOF
-\$[]1
-_LTECHO_EOF'
-}
-
-# Quote evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_quote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-# Double-quote double-evaled strings.
-for var in lt_decl_all_varnames([[ \
-]], lt_decl_dquote_varnames); do
-    case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in
-    *[[\\\\\\\`\\"\\\$]]*)
-      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes
-      ;;
-    *)
-      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
-      ;;
-    esac
-done
-
-_LT_OUTPUT_LIBTOOL_INIT
-])
-
-# _LT_GENERATED_FILE_INIT(FILE, [COMMENT])
-# ------------------------------------
-# Generate a child script FILE with all initialization necessary to
-# reuse the environment learned by the parent script, and make the
-# file executable.  If COMMENT is supplied, it is inserted after the
-# '#!' sequence but before initialization text begins.  After this
-# macro, additional text can be appended to FILE to form the body of
-# the child script.  The macro ends with non-zero status if the
-# file could not be fully written (such as if the disk is full).
-m4_ifdef([AS_INIT_GENERATED],
-[m4_defun([_LT_GENERATED_FILE_INIT],[AS_INIT_GENERATED($@)])],
-[m4_defun([_LT_GENERATED_FILE_INIT],
-[m4_require([AS_PREPARE])]dnl
-[m4_pushdef([AS_MESSAGE_LOG_FD])]dnl
-[lt_write_fail=0
-cat >$1 <<_ASEOF || lt_write_fail=1
-#! $SHELL
-# Generated by $as_me.
-$2
-SHELL=\${CONFIG_SHELL-$SHELL}
-export SHELL
-_ASEOF
-cat >>$1 <<\_ASEOF || lt_write_fail=1
-AS_SHELL_SANITIZE
-_AS_PREPARE
-exec AS_MESSAGE_FD>&1
-_ASEOF
-test 0 = "$lt_write_fail" && chmod +x $1[]dnl
-m4_popdef([AS_MESSAGE_LOG_FD])])])# _LT_GENERATED_FILE_INIT
-
-# LT_OUTPUT
-# ---------
-# This macro allows early generation of the libtool script (before
-# AC_OUTPUT is called), incase it is used in configure for compilation
-# tests.
-AC_DEFUN([LT_OUTPUT],
-[: ${CONFIG_LT=./config.lt}
-AC_MSG_NOTICE([creating $CONFIG_LT])
-_LT_GENERATED_FILE_INIT(["$CONFIG_LT"],
-[# Run this file to recreate a libtool stub with the current configuration.])
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-lt_cl_silent=false
-exec AS_MESSAGE_LOG_FD>>config.log
-{
-  echo
-  AS_BOX([Running $as_me.])
-} >&AS_MESSAGE_LOG_FD
-
-lt_cl_help="\
-'$as_me' creates a local libtool stub from the current configuration,
-for use in further configure time tests before the real libtool is
-generated.
-
-Usage: $[0] [[OPTIONS]]
-
-  -h, --help      print this help, then exit
-  -V, --version   print version number, then exit
-  -q, --quiet     do not print progress messages
-  -d, --debug     don't remove temporary files
-
-Report bugs to <bug-libtool@gnu.org>."
-
-lt_cl_version="\
-m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
-m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
-configured by $[0], generated by m4_PACKAGE_STRING.
-
-Copyright (C) 2011 Free Software Foundation, Inc.
-This config.lt script is free software; the Free Software Foundation
-gives unlimited permision to copy, distribute and modify it."
-
-while test 0 != $[#]
-do
-  case $[1] in
-    --version | --v* | -V )
-      echo "$lt_cl_version"; exit 0 ;;
-    --help | --h* | -h )
-      echo "$lt_cl_help"; exit 0 ;;
-    --debug | --d* | -d )
-      debug=: ;;
-    --quiet | --q* | --silent | --s* | -q )
-      lt_cl_silent=: ;;
-
-    -*) AC_MSG_ERROR([unrecognized option: $[1]
-Try '$[0] --help' for more information.]) ;;
-
-    *) AC_MSG_ERROR([unrecognized argument: $[1]
-Try '$[0] --help' for more information.]) ;;
-  esac
-  shift
-done
-
-if $lt_cl_silent; then
-  exec AS_MESSAGE_FD>/dev/null
-fi
-_LTEOF
-
-cat >>"$CONFIG_LT" <<_LTEOF
-_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
-_LTEOF
-
-cat >>"$CONFIG_LT" <<\_LTEOF
-AC_MSG_NOTICE([creating $ofile])
-_LT_OUTPUT_LIBTOOL_COMMANDS
-AS_EXIT(0)
-_LTEOF
-chmod +x "$CONFIG_LT"
-
-# configure is writing to config.log, but config.lt does its own redirection,
-# appending to config.log, which fails on DOS, as config.log is still kept
-# open by configure.  Here we exec the FD to /dev/null, effectively closing
-# config.log, so it can be properly (re)opened and appended to by config.lt.
-lt_cl_success=:
-test yes = "$silent" &&
-  lt_config_lt_args="$lt_config_lt_args --quiet"
-exec AS_MESSAGE_LOG_FD>/dev/null
-$SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
-exec AS_MESSAGE_LOG_FD>>config.log
-$lt_cl_success || AS_EXIT(1)
-])# LT_OUTPUT
-
-
-# _LT_CONFIG(TAG)
-# ---------------
-# If TAG is the built-in tag, create an initial libtool script with a
-# default configuration from the untagged config vars.  Otherwise add code
-# to config.status for appending the configuration named by TAG from the
-# matching tagged config vars.
-m4_defun([_LT_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_CONFIG_SAVE_COMMANDS([
-  m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
-  m4_if(_LT_TAG, [C], [
-    # See if we are running on zsh, and set the options that allow our
-    # commands through without removal of \ escapes.
-    if test -n "${ZSH_VERSION+set}"; then
-      setopt NO_GLOB_SUBST
-    fi
-
-    cfgfile=${ofile}T
-    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
-    $RM "$cfgfile"
-
-    cat <<_LT_EOF >> "$cfgfile"
-#! $SHELL
-# Generated automatically by $as_me ($PACKAGE) $VERSION
-# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
-# NOTE: Changes made to this file will be lost: look at ltmain.sh.
-
-# Provide generalized library-building support services.
-# Written by Gordon Matzigkeit, 1996
-
-_LT_COPYING
-_LT_LIBTOOL_TAGS
-
-# Configured defaults for sys_lib_dlsearch_path munging.
-: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"}
-
-# ### BEGIN LIBTOOL CONFIG
-_LT_LIBTOOL_CONFIG_VARS
-_LT_LIBTOOL_TAG_VARS
-# ### END LIBTOOL CONFIG
-
-_LT_EOF
-
-    cat <<'_LT_EOF' >> "$cfgfile"
-
-# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_PREPARE_MUNGE_PATH_LIST
-_LT_PREPARE_CC_BASENAME
-
-# ### END FUNCTIONS SHARED WITH CONFIGURE
-
-_LT_EOF
-
-  case $host_os in
-  aix3*)
-    cat <<\_LT_EOF >> "$cfgfile"
-# AIX sometimes has problems with the GCC collect2 program.  For some
-# reason, if we set the COLLECT_NAMES environment variable, the problems
-# vanish in a puff of smoke.
-if test set != "${COLLECT_NAMES+set}"; then
-  COLLECT_NAMES=
-  export COLLECT_NAMES
-fi
-_LT_EOF
-    ;;
-  esac
-
-  _LT_PROG_LTMAIN
-
-  # We use sed instead of cat because bash on DJGPP gets confused if
-  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
-  # text mode, it properly converts lines to CR/LF.  This bash problem
-  # is reportedly fixed, but why not run on old versions too?
-  sed '$q' "$ltmain" >> "$cfgfile" \
-     || (rm -f "$cfgfile"; exit 1)
-
-   mv -f "$cfgfile" "$ofile" ||
-    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
-  chmod +x "$ofile"
-],
-[cat <<_LT_EOF >> "$ofile"
-
-dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
-dnl in a comment (ie after a #).
-# ### BEGIN LIBTOOL TAG CONFIG: $1
-_LT_LIBTOOL_TAG_VARS(_LT_TAG)
-# ### END LIBTOOL TAG CONFIG: $1
-_LT_EOF
-])dnl /m4_if
-],
-[m4_if([$1], [], [
-    PACKAGE='$PACKAGE'
-    VERSION='$VERSION'
-    RM='$RM'
-    ofile='$ofile'], [])
-])dnl /_LT_CONFIG_SAVE_COMMANDS
-])# _LT_CONFIG
-
-
-# LT_SUPPORTED_TAG(TAG)
-# ---------------------
-# Trace this macro to discover what tags are supported by the libtool
-# --tag option, using:
-#    autoconf --trace 'LT_SUPPORTED_TAG:$1'
-AC_DEFUN([LT_SUPPORTED_TAG], [])
-
-
-# C support is built-in for now
-m4_define([_LT_LANG_C_enabled], [])
-m4_define([_LT_TAGS], [])
-
-
-# LT_LANG(LANG)
-# -------------
-# Enable libtool support for the given language if not already enabled.
-AC_DEFUN([LT_LANG],
-[AC_BEFORE([$0], [LT_OUTPUT])dnl
-m4_case([$1],
-  [C],			[_LT_LANG(C)],
-  [C++],		[_LT_LANG(CXX)],
-  [Go],			[_LT_LANG(GO)],
-  [Java],		[_LT_LANG(GCJ)],
-  [Fortran 77],		[_LT_LANG(F77)],
-  [Fortran],		[_LT_LANG(FC)],
-  [Windows Resource],	[_LT_LANG(RC)],
-  [m4_ifdef([_LT_LANG_]$1[_CONFIG],
-    [_LT_LANG($1)],
-    [m4_fatal([$0: unsupported language: "$1"])])])dnl
-])# LT_LANG
-
-
-# _LT_LANG(LANGNAME)
-# ------------------
-m4_defun([_LT_LANG],
-[m4_ifdef([_LT_LANG_]$1[_enabled], [],
-  [LT_SUPPORTED_TAG([$1])dnl
-  m4_append([_LT_TAGS], [$1 ])dnl
-  m4_define([_LT_LANG_]$1[_enabled], [])dnl
-  _LT_LANG_$1_CONFIG($1)])dnl
-])# _LT_LANG
-
-
-m4_ifndef([AC_PROG_GO], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_GO.  When it is available in    #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-m4_defun([AC_PROG_GO],
-[AC_LANG_PUSH(Go)dnl
-AC_ARG_VAR([GOC],     [Go compiler command])dnl
-AC_ARG_VAR([GOFLAGS], [Go compiler flags])dnl
-_AC_ARG_VAR_LDFLAGS()dnl
-AC_CHECK_TOOL(GOC, gccgo)
-if test -z "$GOC"; then
-  if test -n "$ac_tool_prefix"; then
-    AC_CHECK_PROG(GOC, [${ac_tool_prefix}gccgo], [${ac_tool_prefix}gccgo])
-  fi
-fi
-if test -z "$GOC"; then
-  AC_CHECK_PROG(GOC, gccgo, gccgo, false)
-fi
-])#m4_defun
-])#m4_ifndef
-
-
-# _LT_LANG_DEFAULT_CONFIG
-# -----------------------
-m4_defun([_LT_LANG_DEFAULT_CONFIG],
-[AC_PROVIDE_IFELSE([AC_PROG_CXX],
-  [LT_LANG(CXX)],
-  [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_F77],
-  [LT_LANG(F77)],
-  [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
-
-AC_PROVIDE_IFELSE([AC_PROG_FC],
-  [LT_LANG(FC)],
-  [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
-
-dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
-dnl pulling things in needlessly.
-AC_PROVIDE_IFELSE([AC_PROG_GCJ],
-  [LT_LANG(GCJ)],
-  [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
-    [LT_LANG(GCJ)],
-    [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
-      [LT_LANG(GCJ)],
-      [m4_ifdef([AC_PROG_GCJ],
-	[m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([A][M_PROG_GCJ],
-	[m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
-       m4_ifdef([LT_PROG_GCJ],
-	[m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
-
-AC_PROVIDE_IFELSE([AC_PROG_GO],
-  [LT_LANG(GO)],
-  [m4_define([AC_PROG_GO], defn([AC_PROG_GO])[LT_LANG(GO)])])
-
-AC_PROVIDE_IFELSE([LT_PROG_RC],
-  [LT_LANG(RC)],
-  [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
-])# _LT_LANG_DEFAULT_CONFIG
-
-# Obsolete macros:
-AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
-AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
-AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
-AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
-AU_DEFUN([AC_LIBTOOL_RC], [LT_LANG(Windows Resource)])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
-dnl AC_DEFUN([AC_LIBTOOL_F77], [])
-dnl AC_DEFUN([AC_LIBTOOL_FC], [])
-dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
-dnl AC_DEFUN([AC_LIBTOOL_RC], [])
-
-
-# _LT_TAG_COMPILER
-# ----------------
-m4_defun([_LT_TAG_COMPILER],
-[AC_REQUIRE([AC_PROG_CC])dnl
-
-_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
-_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
-_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
-_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
-
-# If no C compiler was specified, use CC.
-LTCC=${LTCC-"$CC"}
-
-# If no C compiler flags were specified, use CFLAGS.
-LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
-
-# Allow CC to be a program name with arguments.
-compiler=$CC
-])# _LT_TAG_COMPILER
-
-
-# _LT_COMPILER_BOILERPLATE
-# ------------------------
-# Check for compiler boilerplate output or warnings with
-# the simple compiler test code.
-m4_defun([_LT_COMPILER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_compile_test_code" >conftest.$ac_ext
-eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_compiler_boilerplate=`cat conftest.err`
-$RM conftest*
-])# _LT_COMPILER_BOILERPLATE
-
-
-# _LT_LINKER_BOILERPLATE
-# ----------------------
-# Check for linker boilerplate output or warnings with
-# the simple link test code.
-m4_defun([_LT_LINKER_BOILERPLATE],
-[m4_require([_LT_DECL_SED])dnl
-ac_outfile=conftest.$ac_objext
-echo "$lt_simple_link_test_code" >conftest.$ac_ext
-eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
-_lt_linker_boilerplate=`cat conftest.err`
-$RM -r conftest*
-])# _LT_LINKER_BOILERPLATE
-
-# _LT_REQUIRED_DARWIN_CHECKS
-# -------------------------
-m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
-  case $host_os in
-    rhapsody* | darwin*)
-    AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
-    AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
-    AC_CHECK_TOOL([LIPO], [lipo], [:])
-    AC_CHECK_TOOL([OTOOL], [otool], [:])
-    AC_CHECK_TOOL([OTOOL64], [otool64], [:])
-    _LT_DECL([], [DSYMUTIL], [1],
-      [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
-    _LT_DECL([], [NMEDIT], [1],
-      [Tool to change global to local symbols on Mac OS X])
-    _LT_DECL([], [LIPO], [1],
-      [Tool to manipulate fat objects and archives on Mac OS X])
-    _LT_DECL([], [OTOOL], [1],
-      [ldd/readelf like tool for Mach-O binaries on Mac OS X])
-    _LT_DECL([], [OTOOL64], [1],
-      [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
-
-    AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
-      [lt_cv_apple_cc_single_mod=no
-      if test -z "$LT_MULTI_MODULE"; then
-	# By default we will add the -single_module flag. You can override
-	# by either setting the environment variable LT_MULTI_MODULE
-	# non-empty at configure time, or by adding -multi_module to the
-	# link flags.
-	rm -rf libconftest.dylib*
-	echo "int foo(void){return 1;}" > conftest.c
-	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
--dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
-	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
-	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
-        _lt_result=$?
-	# If there is a non-empty error log, and "single_module"
-	# appears in it, assume the flag caused a linker warning
-        if test -s conftest.err && $GREP single_module conftest.err; then
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	# Otherwise, if the output was created with a 0 exit code from
-	# the compiler, it worked.
-	elif test -f libconftest.dylib && test 0 = "$_lt_result"; then
-	  lt_cv_apple_cc_single_mod=yes
-	else
-	  cat conftest.err >&AS_MESSAGE_LOG_FD
-	fi
-	rm -rf libconftest.dylib*
-	rm -f conftest.*
-      fi])
-
-    AC_CACHE_CHECK([for -exported_symbols_list linker flag],
-      [lt_cv_ld_exported_symbols_list],
-      [lt_cv_ld_exported_symbols_list=no
-      save_LDFLAGS=$LDFLAGS
-      echo "_main" > conftest.sym
-      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
-      AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-	[lt_cv_ld_exported_symbols_list=yes],
-	[lt_cv_ld_exported_symbols_list=no])
-	LDFLAGS=$save_LDFLAGS
-    ])
-
-    AC_CACHE_CHECK([for -force_load linker flag],[lt_cv_ld_force_load],
-      [lt_cv_ld_force_load=no
-      cat > conftest.c << _LT_EOF
-int forced_loaded() { return 2;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD
-      echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD
-      $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD
-      echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD
-      $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD
-      cat > conftest.c << _LT_EOF
-int main() { return 0;}
-_LT_EOF
-      echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&AS_MESSAGE_LOG_FD
-      $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err
-      _lt_result=$?
-      if test -s conftest.err && $GREP force_load conftest.err; then
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then
-	lt_cv_ld_force_load=yes
-      else
-	cat conftest.err >&AS_MESSAGE_LOG_FD
-      fi
-        rm -f conftest.err libconftest.a conftest conftest.c
-        rm -rf conftest.dSYM
-    ])
-    case $host_os in
-    rhapsody* | darwin1.[[012]])
-      _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;;
-    darwin1.*)
-      _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-    darwin*) # darwin 5.x on
-      # if running on 10.5 or later, the deployment target defaults
-      # to the OS version, if on x86, and 10.4, the deployment
-      # target defaults to 10.4. Don't you love it?
-      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
-	10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-	10.[[012]][[,.]]*)
-	  _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;;
-	10.*)
-	  _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;;
-      esac
-    ;;
-  esac
-    if test yes = "$lt_cv_apple_cc_single_mod"; then
-      _lt_dar_single_mod='$single_module'
-    fi
-    if test yes = "$lt_cv_ld_exported_symbols_list"; then
-      _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym'
-    else
-      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib'
-    fi
-    if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then
-      _lt_dsymutil='~$DSYMUTIL $lib || :'
-    else
-      _lt_dsymutil=
-    fi
-    ;;
-  esac
-])
-
-
-# _LT_DARWIN_LINKER_FEATURES([TAG])
-# ---------------------------------
-# Checks for linker and compiler features on darwin
-m4_defun([_LT_DARWIN_LINKER_FEATURES],
-[
-  m4_require([_LT_REQUIRED_DARWIN_CHECKS])
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_automatic, $1)=yes
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  if test yes = "$lt_cv_ld_force_load"; then
-    _LT_TAGVAR(whole_archive_flag_spec, $1)='`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`'
-    m4_case([$1], [F77], [_LT_TAGVAR(compiler_needs_object, $1)=yes],
-                  [FC],  [_LT_TAGVAR(compiler_needs_object, $1)=yes])
-  else
-    _LT_TAGVAR(whole_archive_flag_spec, $1)=''
-  fi
-  _LT_TAGVAR(link_all_deplibs, $1)=yes
-  _LT_TAGVAR(allow_undefined_flag, $1)=$_lt_dar_allow_undefined
-  case $cc_basename in
-     ifort*|nagfor*) _lt_dar_can_shared=yes ;;
-     *) _lt_dar_can_shared=$GCC ;;
-  esac
-  if test yes = "$_lt_dar_can_shared"; then
-    output_verbose_link_cmd=func_echo_all
-    _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil"
-    _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil"
-    _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil"
-    _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil"
-    m4_if([$1], [CXX],
-[   if test yes != "$lt_cv_apple_cc_single_mod"; then
-      _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil"
-      _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil"
-    fi
-],[])
-  else
-  _LT_TAGVAR(ld_shlibs, $1)=no
-  fi
-])
-
-# _LT_SYS_MODULE_PATH_AIX([TAGNAME])
-# ----------------------------------
-# Links a minimal program and checks the executable
-# for the system default hardcoded library path. In most cases,
-# this is /usr/lib:/lib, but when the MPI compilers are used
-# the location of the communication and MPI libs are included too.
-# If we don't find anything, use the default library path according
-# to the aix ld manual.
-# Store the results from the different compilers for each TAGNAME.
-# Allow to override them for all tags through lt_cv_aix_libpath.
-m4_defun([_LT_SYS_MODULE_PATH_AIX],
-[m4_require([_LT_DECL_SED])dnl
-if test set = "${lt_cv_aix_libpath+set}"; then
-  aix_libpath=$lt_cv_aix_libpath
-else
-  AC_CACHE_VAL([_LT_TAGVAR([lt_cv_aix_libpath_], [$1])],
-  [AC_LINK_IFELSE([AC_LANG_PROGRAM],[
-  lt_aix_libpath_sed='[
-      /Import File Strings/,/^$/ {
-	  /^0/ {
-	      s/^0  *\([^ ]*\) *$/\1/
-	      p
-	  }
-      }]'
-  _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  # Check for a 64-bit object if we didn't find anything.
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
-  fi],[])
-  if test -z "$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])"; then
-    _LT_TAGVAR([lt_cv_aix_libpath_], [$1])=/usr/lib:/lib
-  fi
-  ])
-  aix_libpath=$_LT_TAGVAR([lt_cv_aix_libpath_], [$1])
-fi
-])# _LT_SYS_MODULE_PATH_AIX
-
-
-# _LT_SHELL_INIT(ARG)
-# -------------------
-m4_define([_LT_SHELL_INIT],
-[m4_divert_text([M4SH-INIT], [$1
-])])# _LT_SHELL_INIT
-
-
-
-# _LT_PROG_ECHO_BACKSLASH
-# -----------------------
-# Find how we can fake an echo command that does not interpret backslash.
-# In particular, with Autoconf 2.60 or later we add some code to the start
-# of the generated configure script that will find a shell with a builtin
-# printf (that we can use as an echo command).
-m4_defun([_LT_PROG_ECHO_BACKSLASH],
-[ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-
-AC_MSG_CHECKING([how to print strings])
-# Test print first, because it will be a builtin if present.
-if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \
-   test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='print -r --'
-elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then
-  ECHO='printf %s\n'
-else
-  # Use this function as a fallback that always works.
-  func_fallback_echo ()
-  {
-    eval 'cat <<_LTECHO_EOF
-$[]1
-_LTECHO_EOF'
-  }
-  ECHO='func_fallback_echo'
-fi
-
-# func_echo_all arg...
-# Invoke $ECHO with all args, space-separated.
-func_echo_all ()
-{
-    $ECHO "$*"
-}
-
-case $ECHO in
-  printf*) AC_MSG_RESULT([printf]) ;;
-  print*) AC_MSG_RESULT([print -r]) ;;
-  *) AC_MSG_RESULT([cat]) ;;
-esac
-
-m4_ifdef([_AS_DETECT_SUGGESTED],
-[_AS_DETECT_SUGGESTED([
-  test -n "${ZSH_VERSION+set}${BASH_VERSION+set}" || (
-    ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO
-    ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO
-    PATH=/empty FPATH=/empty; export PATH FPATH
-    test "X`printf %s $ECHO`" = "X$ECHO" \
-      || test "X`print -r -- $ECHO`" = "X$ECHO" )])])
-
-_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
-_LT_DECL([], [ECHO], [1], [An echo program that protects backslashes])
-])# _LT_PROG_ECHO_BACKSLASH
-
-
-# _LT_WITH_SYSROOT
-# ----------------
-AC_DEFUN([_LT_WITH_SYSROOT],
-[AC_MSG_CHECKING([for sysroot])
-AC_ARG_WITH([sysroot],
-[AS_HELP_STRING([--with-sysroot@<:@=DIR@:>@],
-  [Search for dependent libraries within DIR (or the compiler's sysroot
-   if not specified).])],
-[], [with_sysroot=no])
-
-dnl lt_sysroot will always be passed unquoted.  We quote it here
-dnl in case the user passed a directory name.
-lt_sysroot=
-case $with_sysroot in #(
- yes)
-   if test yes = "$GCC"; then
-     lt_sysroot=`$CC --print-sysroot 2>/dev/null`
-   fi
-   ;; #(
- /*)
-   lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"`
-   ;; #(
- no|'')
-   ;; #(
- *)
-   AC_MSG_RESULT([$with_sysroot])
-   AC_MSG_ERROR([The sysroot must be an absolute path.])
-   ;;
-esac
-
- AC_MSG_RESULT([${lt_sysroot:-no}])
-_LT_DECL([], [lt_sysroot], [0], [The root where to search for ]dnl
-[dependent libraries, and where our libraries should be installed.])])
-
-# _LT_ENABLE_LOCK
-# ---------------
-m4_defun([_LT_ENABLE_LOCK],
-[AC_ARG_ENABLE([libtool-lock],
-  [AS_HELP_STRING([--disable-libtool-lock],
-    [avoid locking (might break parallel builds)])])
-test no = "$enable_libtool_lock" || enable_libtool_lock=yes
-
-# Some flags need to be propagated to the compiler or linker for good
-# libtool support.
-case $host in
-ia64-*-hpux*)
-  # Find out what ABI is being produced by ac_compile, and set mode
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.$ac_objext` in
-      *ELF-32*)
-	HPUX_IA64_MODE=32
-	;;
-      *ELF-64*)
-	HPUX_IA64_MODE=64
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-*-*-irix6*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    if test yes = "$lt_cv_prog_gnu_ld"; then
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -melf32bsmip"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -melf32bmipn32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -melf64bmip"
-	;;
-      esac
-    else
-      case `/usr/bin/file conftest.$ac_objext` in
-	*32-bit*)
-	  LD="${LD-ld} -32"
-	  ;;
-	*N32*)
-	  LD="${LD-ld} -n32"
-	  ;;
-	*64-bit*)
-	  LD="${LD-ld} -64"
-	  ;;
-      esac
-    fi
-  fi
-  rm -rf conftest*
-  ;;
-
-mips64*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo '[#]line '$LINENO' "configure"' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    emul=elf
-    case `/usr/bin/file conftest.$ac_objext` in
-      *32-bit*)
-	emul="${emul}32"
-	;;
-      *64-bit*)
-	emul="${emul}64"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *MSB*)
-	emul="${emul}btsmip"
-	;;
-      *LSB*)
-	emul="${emul}ltsmip"
-	;;
-    esac
-    case `/usr/bin/file conftest.$ac_objext` in
-      *N32*)
-	emul="${emul}n32"
-	;;
-    esac
-    LD="${LD-ld} -m $emul"
-  fi
-  rm -rf conftest*
-  ;;
-
-x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \
-s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.  Note that the listed cases only cover the
-  # situations where additional linker options are needed (such as when
-  # doing 32-bit compilation for a host where ld defaults to 64-bit, or
-  # vice versa); the common cases where no linker options are needed do
-  # not appear in the list.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-      *32-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_i386_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    case `/usr/bin/file conftest.o` in
-	      *x86-64*)
-		LD="${LD-ld} -m elf32_x86_64"
-		;;
-	      *)
-		LD="${LD-ld} -m elf_i386"
-		;;
-	    esac
-	    ;;
-	  powerpc64le-*linux*)
-	    LD="${LD-ld} -m elf32lppclinux"
-	    ;;
-	  powerpc64-*linux*)
-	    LD="${LD-ld} -m elf32ppclinux"
-	    ;;
-	  s390x-*linux*)
-	    LD="${LD-ld} -m elf_s390"
-	    ;;
-	  sparc64-*linux*)
-	    LD="${LD-ld} -m elf32_sparc"
-	    ;;
-	esac
-	;;
-      *64-bit*)
-	case $host in
-	  x86_64-*kfreebsd*-gnu)
-	    LD="${LD-ld} -m elf_x86_64_fbsd"
-	    ;;
-	  x86_64-*linux*)
-	    LD="${LD-ld} -m elf_x86_64"
-	    ;;
-	  powerpcle-*linux*)
-	    LD="${LD-ld} -m elf64lppc"
-	    ;;
-	  powerpc-*linux*)
-	    LD="${LD-ld} -m elf64ppc"
-	    ;;
-	  s390*-*linux*|s390*-*tpf*)
-	    LD="${LD-ld} -m elf64_s390"
-	    ;;
-	  sparc*-*linux*)
-	    LD="${LD-ld} -m elf64_sparc"
-	    ;;
-	esac
-	;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-
-*-*-sco3.2v5*)
-  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
-  SAVE_CFLAGS=$CFLAGS
-  CFLAGS="$CFLAGS -belf"
-  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
-    [AC_LANG_PUSH(C)
-     AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
-     AC_LANG_POP])
-  if test yes != "$lt_cv_cc_needs_belf"; then
-    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
-    CFLAGS=$SAVE_CFLAGS
-  fi
-  ;;
-*-*solaris*)
-  # Find out what ABI is being produced by ac_compile, and set linker
-  # options accordingly.
-  echo 'int i;' > conftest.$ac_ext
-  if AC_TRY_EVAL(ac_compile); then
-    case `/usr/bin/file conftest.o` in
-    *64-bit*)
-      case $lt_cv_prog_gnu_ld in
-      yes*)
-        case $host in
-        i?86-*-solaris*|x86_64-*-solaris*)
-          LD="${LD-ld} -m elf_x86_64"
-          ;;
-        sparc*-*-solaris*)
-          LD="${LD-ld} -m elf64_sparc"
-          ;;
-        esac
-        # GNU ld 2.21 introduced _sol2 emulations.  Use them if available.
-        if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then
-          LD=${LD-ld}_sol2
-        fi
-        ;;
-      *)
-	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
-	  LD="${LD-ld} -64"
-	fi
-	;;
-      esac
-      ;;
-    esac
-  fi
-  rm -rf conftest*
-  ;;
-esac
-
-need_locks=$enable_libtool_lock
-])# _LT_ENABLE_LOCK
-
-
-# _LT_PROG_AR
-# -----------
-m4_defun([_LT_PROG_AR],
-[AC_CHECK_TOOLS(AR, [ar], false)
-: ${AR=ar}
-: ${AR_FLAGS=cru}
-_LT_DECL([], [AR], [1], [The archiver])
-_LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive])
-
-AC_CACHE_CHECK([for archiver @FILE support], [lt_cv_ar_at_file],
-  [lt_cv_ar_at_file=no
-   AC_COMPILE_IFELSE([AC_LANG_PROGRAM],
-     [echo conftest.$ac_objext > conftest.lst
-      lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&AS_MESSAGE_LOG_FD'
-      AC_TRY_EVAL([lt_ar_try])
-      if test 0 -eq "$ac_status"; then
-	# Ensure the archiver fails upon bogus file names.
-	rm -f conftest.$ac_objext libconftest.a
-	AC_TRY_EVAL([lt_ar_try])
-	if test 0 -ne "$ac_status"; then
-          lt_cv_ar_at_file=@
-        fi
-      fi
-      rm -f conftest.* libconftest.a
-     ])
-  ])
-
-if test no = "$lt_cv_ar_at_file"; then
-  archiver_list_spec=
-else
-  archiver_list_spec=$lt_cv_ar_at_file
-fi
-_LT_DECL([], [archiver_list_spec], [1],
-  [How to feed a file listing to the archiver])
-])# _LT_PROG_AR
-
-
-# _LT_CMD_OLD_ARCHIVE
-# -------------------
-m4_defun([_LT_CMD_OLD_ARCHIVE],
-[_LT_PROG_AR
-
-AC_CHECK_TOOL(STRIP, strip, :)
-test -z "$STRIP" && STRIP=:
-_LT_DECL([], [STRIP], [1], [A symbol stripping program])
-
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-test -z "$RANLIB" && RANLIB=:
-_LT_DECL([], [RANLIB], [1],
-    [Commands used to install an old-style archive])
-
-# Determine commands to create old-style static archives.
-old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
-old_postinstall_cmds='chmod 644 $oldlib'
-old_postuninstall_cmds=
-
-if test -n "$RANLIB"; then
-  case $host_os in
-  bitrig* | openbsd*)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib"
-    ;;
-  *)
-    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib"
-    ;;
-  esac
-  old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib"
-fi
-
-case $host_os in
-  darwin*)
-    lock_old_archive_extraction=yes ;;
-  *)
-    lock_old_archive_extraction=no ;;
-esac
-_LT_DECL([], [old_postinstall_cmds], [2])
-_LT_DECL([], [old_postuninstall_cmds], [2])
-_LT_TAGDECL([], [old_archive_cmds], [2],
-    [Commands used to build an old-style archive])
-_LT_DECL([], [lock_old_archive_extraction], [0],
-    [Whether to use a lock for old archive extraction])
-])# _LT_CMD_OLD_ARCHIVE
-
-
-# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#		[OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------------------
-# Check whether the given compiler option works
-AC_DEFUN([_LT_COMPILER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-   lt_compiler_flag="$3"  ## exclude from sc_useless_quotes_in_assignment
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   # The option is referenced via a variable to avoid confusing sed.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>conftest.err)
-   ac_status=$?
-   cat conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s "$ac_outfile"; then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings other than the usual output.
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp
-     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
-       $2=yes
-     fi
-   fi
-   $RM conftest*
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$5], , :, [$5])
-else
-    m4_if([$6], , :, [$6])
-fi
-])# _LT_COMPILER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
-
-
-# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
-#                  [ACTION-SUCCESS], [ACTION-FAILURE])
-# ----------------------------------------------------
-# Check whether the given linker option works
-AC_DEFUN([_LT_LINKER_OPTION],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_SED])dnl
-AC_CACHE_CHECK([$1], [$2],
-  [$2=no
-   save_LDFLAGS=$LDFLAGS
-   LDFLAGS="$LDFLAGS $3"
-   echo "$lt_simple_link_test_code" > conftest.$ac_ext
-   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
-     # The linker can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     if test -s conftest.err; then
-       # Append any errors to the config.log.
-       cat conftest.err 1>&AS_MESSAGE_LOG_FD
-       $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp
-       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
-       if diff conftest.exp conftest.er2 >/dev/null; then
-         $2=yes
-       fi
-     else
-       $2=yes
-     fi
-   fi
-   $RM -r conftest*
-   LDFLAGS=$save_LDFLAGS
-])
-
-if test yes = "[$]$2"; then
-    m4_if([$4], , :, [$4])
-else
-    m4_if([$5], , :, [$5])
-fi
-])# _LT_LINKER_OPTION
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
-
-
-# LT_CMD_MAX_LEN
-#---------------
-AC_DEFUN([LT_CMD_MAX_LEN],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-# find the maximum length of command line arguments
-AC_MSG_CHECKING([the maximum length of command line arguments])
-AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
-  i=0
-  teststring=ABCD
-
-  case $build_os in
-  msdosdjgpp*)
-    # On DJGPP, this test can blow up pretty badly due to problems in libc
-    # (any single argument exceeding 2000 bytes causes a buffer overrun
-    # during glob expansion).  Even if it were fixed, the result of this
-    # check would be larger than it should be.
-    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
-    ;;
-
-  gnu*)
-    # Under GNU Hurd, this test is not required because there is
-    # no limit to the length of command line arguments.
-    # Libtool will interpret -1 as no limit whatsoever
-    lt_cv_sys_max_cmd_len=-1;
-    ;;
-
-  cygwin* | mingw* | cegcc*)
-    # On Win9x/ME, this test blows up -- it succeeds, but takes
-    # about 5 minutes as the teststring grows exponentially.
-    # Worse, since 9x/ME are not pre-emptively multitasking,
-    # you end up with a "frozen" computer, even though with patience
-    # the test eventually succeeds (with a max line length of 256k).
-    # Instead, let's just punt: use the minimum linelength reported by
-    # all of the supported platforms: 8192 (on NT/2K/XP).
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  mint*)
-    # On MiNT this can take a long time and run out of memory.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  amigaos*)
-    # On AmigaOS with pdksh, this test takes hours, literally.
-    # So we just punt and use a minimum line length of 8192.
-    lt_cv_sys_max_cmd_len=8192;
-    ;;
-
-  bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*)
-    # This has been around since 386BSD, at least.  Likely further.
-    if test -x /sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
-    elif test -x /usr/sbin/sysctl; then
-      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
-    else
-      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
-    fi
-    # And add a safety zone
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    ;;
-
-  interix*)
-    # We know the value 262144 and hardcode it with a safety zone (like BSD)
-    lt_cv_sys_max_cmd_len=196608
-    ;;
-
-  os2*)
-    # The test takes a long time on OS/2.
-    lt_cv_sys_max_cmd_len=8192
-    ;;
-
-  osf*)
-    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
-    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
-    # nice to cause kernel panics so lets avoid the loop below.
-    # First set a reasonable default.
-    lt_cv_sys_max_cmd_len=16384
-    #
-    if test -x /sbin/sysconfig; then
-      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
-        *1*) lt_cv_sys_max_cmd_len=-1 ;;
-      esac
-    fi
-    ;;
-  sco3.2v5*)
-    lt_cv_sys_max_cmd_len=102400
-    ;;
-  sysv5* | sco5v6* | sysv4.2uw2*)
-    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
-    if test -n "$kargmax"; then
-      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[	 ]]//'`
-    else
-      lt_cv_sys_max_cmd_len=32768
-    fi
-    ;;
-  *)
-    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
-    if test -n "$lt_cv_sys_max_cmd_len" && \
-       test undefined != "$lt_cv_sys_max_cmd_len"; then
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
-    else
-      # Make teststring a little bigger before we do anything with it.
-      # a 1K string should be a reasonable start.
-      for i in 1 2 3 4 5 6 7 8; do
-        teststring=$teststring$teststring
-      done
-      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
-      # If test is not a shell built-in, we'll probably end up computing a
-      # maximum length that is only half of the actual maximum length, but
-      # we can't tell.
-      while { test X`env echo "$teststring$teststring" 2>/dev/null` \
-	         = "X$teststring$teststring"; } >/dev/null 2>&1 &&
-	      test 17 != "$i" # 1/2 MB should be enough
-      do
-        i=`expr $i + 1`
-        teststring=$teststring$teststring
-      done
-      # Only check the string length outside the loop.
-      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
-      teststring=
-      # Add a significant safety factor because C++ compilers can tack on
-      # massive amounts of additional arguments before passing them to the
-      # linker.  It appears as though 1/2 is a usable value.
-      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
-    fi
-    ;;
-  esac
-])
-if test -n "$lt_cv_sys_max_cmd_len"; then
-  AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
-else
-  AC_MSG_RESULT(none)
-fi
-max_cmd_len=$lt_cv_sys_max_cmd_len
-_LT_DECL([], [max_cmd_len], [0],
-    [What is the maximum length of a command?])
-])# LT_CMD_MAX_LEN
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
-
-
-# _LT_HEADER_DLFCN
-# ----------------
-m4_defun([_LT_HEADER_DLFCN],
-[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
-])# _LT_HEADER_DLFCN
-
-
-# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
-#                      ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
-# ----------------------------------------------------------------
-m4_defun([_LT_TRY_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes = "$cross_compiling"; then :
-  [$4]
-else
-  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
-  lt_status=$lt_dlunknown
-  cat > conftest.$ac_ext <<_LT_EOF
-[#line $LINENO "configure"
-#include "confdefs.h"
-
-#if HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef RTLD_GLOBAL
-#  define LT_DLGLOBAL		RTLD_GLOBAL
-#else
-#  ifdef DL_GLOBAL
-#    define LT_DLGLOBAL		DL_GLOBAL
-#  else
-#    define LT_DLGLOBAL		0
-#  endif
-#endif
-
-/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
-   find out it does not work in some platform. */
-#ifndef LT_DLLAZY_OR_NOW
-#  ifdef RTLD_LAZY
-#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
-#  else
-#    ifdef DL_LAZY
-#      define LT_DLLAZY_OR_NOW		DL_LAZY
-#    else
-#      ifdef RTLD_NOW
-#        define LT_DLLAZY_OR_NOW	RTLD_NOW
-#      else
-#        ifdef DL_NOW
-#          define LT_DLLAZY_OR_NOW	DL_NOW
-#        else
-#          define LT_DLLAZY_OR_NOW	0
-#        endif
-#      endif
-#    endif
-#  endif
-#endif
-
-/* When -fvisibility=hidden is used, assume the code has been annotated
-   correspondingly for the symbols needed.  */
-#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3))
-int fnord () __attribute__((visibility("default")));
-#endif
-
-int fnord () { return 42; }
-int main ()
-{
-  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
-  int status = $lt_dlunknown;
-
-  if (self)
-    {
-      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
-      else
-        {
-	  if (dlsym( self,"_fnord"))  status = $lt_dlneed_uscore;
-          else puts (dlerror ());
-	}
-      /* dlclose (self); */
-    }
-  else
-    puts (dlerror ());
-
-  return status;
-}]
-_LT_EOF
-  if AC_TRY_EVAL(ac_link) && test -s "conftest$ac_exeext" 2>/dev/null; then
-    (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
-    lt_status=$?
-    case x$lt_status in
-      x$lt_dlno_uscore) $1 ;;
-      x$lt_dlneed_uscore) $2 ;;
-      x$lt_dlunknown|x*) $3 ;;
-    esac
-  else :
-    # compilation failed
-    $3
-  fi
-fi
-rm -fr conftest*
-])# _LT_TRY_DLOPEN_SELF
-
-
-# LT_SYS_DLOPEN_SELF
-# ------------------
-AC_DEFUN([LT_SYS_DLOPEN_SELF],
-[m4_require([_LT_HEADER_DLFCN])dnl
-if test yes != "$enable_dlopen"; then
-  enable_dlopen=unknown
-  enable_dlopen_self=unknown
-  enable_dlopen_self_static=unknown
-else
-  lt_cv_dlopen=no
-  lt_cv_dlopen_libs=
-
-  case $host_os in
-  beos*)
-    lt_cv_dlopen=load_add_on
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ;;
-
-  mingw* | pw32* | cegcc*)
-    lt_cv_dlopen=LoadLibrary
-    lt_cv_dlopen_libs=
-    ;;
-
-  cygwin*)
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    ;;
-
-  darwin*)
-    # if libdl is installed we need to link against it
-    AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],[
-    lt_cv_dlopen=dyld
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=yes
-    ])
-    ;;
-
-  tpf*)
-    # Don't try to run any link tests for TPF.  We know it's impossible
-    # because TPF is a cross-compiler, and we know how we open DSOs.
-    lt_cv_dlopen=dlopen
-    lt_cv_dlopen_libs=
-    lt_cv_dlopen_self=no
-    ;;
-
-  *)
-    AC_CHECK_FUNC([shl_load],
-	  [lt_cv_dlopen=shl_load],
-      [AC_CHECK_LIB([dld], [shl_load],
-	    [lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld],
-	[AC_CHECK_FUNC([dlopen],
-	      [lt_cv_dlopen=dlopen],
-	  [AC_CHECK_LIB([dl], [dlopen],
-		[lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl],
-	    [AC_CHECK_LIB([svld], [dlopen],
-		  [lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld],
-	      [AC_CHECK_LIB([dld], [dld_link],
-		    [lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld])
-	      ])
-	    ])
-	  ])
-	])
-      ])
-    ;;
-  esac
-
-  if test no = "$lt_cv_dlopen"; then
-    enable_dlopen=no
-  else
-    enable_dlopen=yes
-  fi
-
-  case $lt_cv_dlopen in
-  dlopen)
-    save_CPPFLAGS=$CPPFLAGS
-    test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
-
-    save_LDFLAGS=$LDFLAGS
-    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
-
-    save_LIBS=$LIBS
-    LIBS="$lt_cv_dlopen_libs $LIBS"
-
-    AC_CACHE_CHECK([whether a program can dlopen itself],
-	  lt_cv_dlopen_self, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
-	    lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
-    ])
-
-    if test yes = "$lt_cv_dlopen_self"; then
-      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
-      AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
-	  lt_cv_dlopen_self_static, [dnl
-	  _LT_TRY_DLOPEN_SELF(
-	    lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
-	    lt_cv_dlopen_self_static=no,  lt_cv_dlopen_self_static=cross)
-      ])
-    fi
-
-    CPPFLAGS=$save_CPPFLAGS
-    LDFLAGS=$save_LDFLAGS
-    LIBS=$save_LIBS
-    ;;
-  esac
-
-  case $lt_cv_dlopen_self in
-  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
-  *) enable_dlopen_self=unknown ;;
-  esac
-
-  case $lt_cv_dlopen_self_static in
-  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
-  *) enable_dlopen_self_static=unknown ;;
-  esac
-fi
-_LT_DECL([dlopen_support], [enable_dlopen], [0],
-	 [Whether dlopen is supported])
-_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
-	 [Whether dlopen of programs is supported])
-_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
-	 [Whether dlopen of statically linked programs is supported])
-])# LT_SYS_DLOPEN_SELF
-
-# Old name:
-AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
-
-
-# _LT_COMPILER_C_O([TAGNAME])
-# ---------------------------
-# Check to see if options -c and -o are simultaneously supported by compiler.
-# This macro does not hard code the compiler like AC_PROG_CC_C_O.
-m4_defun([_LT_COMPILER_C_O],
-[m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
-   $RM -r conftest 2>/dev/null
-   mkdir conftest
-   cd conftest
-   mkdir out
-   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-   lt_compiler_flag="-o out/conftest2.$ac_objext"
-   # Insert the option either (1) after the last *FLAGS variable, or
-   # (2) before a word containing "conftest.", or (3) at the end.
-   # Note that $ac_compile itself does not contain backslashes and begins
-   # with a dollar sign (not a hyphen), so the echo should work correctly.
-   lt_compile=`echo "$ac_compile" | $SED \
-   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-   -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
-   -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
-   (eval "$lt_compile" 2>out/conftest.err)
-   ac_status=$?
-   cat out/conftest.err >&AS_MESSAGE_LOG_FD
-   echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
-   if (exit $ac_status) && test -s out/conftest2.$ac_objext
-   then
-     # The compiler can only warn and ignore the option if not recognized
-     # So say no if there are warnings
-     $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp
-     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
-     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
-       _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-     fi
-   fi
-   chmod u+w . 2>&AS_MESSAGE_LOG_FD
-   $RM conftest*
-   # SGI C++ compiler will create directory out/ii_files/ for
-   # template instantiation
-   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
-   $RM out/* && rmdir out
-   cd ..
-   $RM -r conftest
-   $RM conftest*
-])
-_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
-	[Does compiler simultaneously support -c and -o options?])
-])# _LT_COMPILER_C_O
-
-
-# _LT_COMPILER_FILE_LOCKS([TAGNAME])
-# ----------------------------------
-# Check to see if we can do hard links to lock some files if needed
-m4_defun([_LT_COMPILER_FILE_LOCKS],
-[m4_require([_LT_ENABLE_LOCK])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-_LT_COMPILER_C_O([$1])
-
-hard_links=nottested
-if test no = "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" && test no != "$need_locks"; then
-  # do not overwrite the value of need_locks provided by the user
-  AC_MSG_CHECKING([if we can lock with hard links])
-  hard_links=yes
-  $RM conftest*
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  touch conftest.a
-  ln conftest.a conftest.b 2>&5 || hard_links=no
-  ln conftest.a conftest.b 2>/dev/null && hard_links=no
-  AC_MSG_RESULT([$hard_links])
-  if test no = "$hard_links"; then
-    AC_MSG_WARN(['$CC' does not support '-c -o', so 'make -j' may be unsafe])
-    need_locks=warn
-  fi
-else
-  need_locks=no
-fi
-_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
-])# _LT_COMPILER_FILE_LOCKS
-
-
-# _LT_CHECK_OBJDIR
-# ----------------
-m4_defun([_LT_CHECK_OBJDIR],
-[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
-[rm -f .libs 2>/dev/null
-mkdir .libs 2>/dev/null
-if test -d .libs; then
-  lt_cv_objdir=.libs
-else
-  # MS-DOS does not allow filenames that begin with a dot.
-  lt_cv_objdir=_libs
-fi
-rmdir .libs 2>/dev/null])
-objdir=$lt_cv_objdir
-_LT_DECL([], [objdir], [0],
-         [The name of the directory that contains temporary libtool files])dnl
-m4_pattern_allow([LT_OBJDIR])dnl
-AC_DEFINE_UNQUOTED([LT_OBJDIR], "$lt_cv_objdir/",
-  [Define to the sub-directory where libtool stores uninstalled libraries.])
-])# _LT_CHECK_OBJDIR
-
-
-# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
-# --------------------------------------
-# Check hardcoding attributes.
-m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
-[AC_MSG_CHECKING([how to hardcode library paths into programs])
-_LT_TAGVAR(hardcode_action, $1)=
-if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
-   test -n "$_LT_TAGVAR(runpath_var, $1)" ||
-   test yes = "$_LT_TAGVAR(hardcode_automatic, $1)"; then
-
-  # We can hardcode non-existent directories.
-  if test no != "$_LT_TAGVAR(hardcode_direct, $1)" &&
-     # If the only mechanism to avoid hardcoding is shlibpath_var, we
-     # have to relink, otherwise we might link with an installed library
-     # when we should be linking with a yet-to-be-installed one
-     ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" &&
-     test no != "$_LT_TAGVAR(hardcode_minus_L, $1)"; then
-    # Linking always hardcodes the temporary library directory.
-    _LT_TAGVAR(hardcode_action, $1)=relink
-  else
-    # We can link without hardcoding, and we can hardcode nonexisting dirs.
-    _LT_TAGVAR(hardcode_action, $1)=immediate
-  fi
-else
-  # We cannot hardcode anything, or else we can only hardcode existing
-  # directories.
-  _LT_TAGVAR(hardcode_action, $1)=unsupported
-fi
-AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
-
-if test relink = "$_LT_TAGVAR(hardcode_action, $1)" ||
-   test yes = "$_LT_TAGVAR(inherit_rpath, $1)"; then
-  # Fast installation is not supported
-  enable_fast_install=no
-elif test yes = "$shlibpath_overrides_runpath" ||
-     test no = "$enable_shared"; then
-  # Fast installation is not necessary
-  enable_fast_install=needless
-fi
-_LT_TAGDECL([], [hardcode_action], [0],
-    [How to hardcode a shared library path into an executable])
-])# _LT_LINKER_HARDCODE_LIBPATH
-
-
-# _LT_CMD_STRIPLIB
-# ----------------
-m4_defun([_LT_CMD_STRIPLIB],
-[m4_require([_LT_DECL_EGREP])
-striplib=
-old_striplib=
-AC_MSG_CHECKING([whether stripping libraries is possible])
-if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
-  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
-  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
-  AC_MSG_RESULT([yes])
-else
-# FIXME - insert some real tests, host_os isn't really good enough
-  case $host_os in
-  darwin*)
-    if test -n "$STRIP"; then
-      striplib="$STRIP -x"
-      old_striplib="$STRIP -S"
-      AC_MSG_RESULT([yes])
-    else
-      AC_MSG_RESULT([no])
-    fi
-    ;;
-  *)
-    AC_MSG_RESULT([no])
-    ;;
-  esac
-fi
-_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
-_LT_DECL([], [striplib], [1])
-])# _LT_CMD_STRIPLIB
-
-
-# _LT_PREPARE_MUNGE_PATH_LIST
-# ---------------------------
-# Make sure func_munge_path_list() is defined correctly.
-m4_defun([_LT_PREPARE_MUNGE_PATH_LIST],
-[[# func_munge_path_list VARIABLE PATH
-# -----------------------------------
-# VARIABLE is name of variable containing _space_ separated list of
-# directories to be munged by the contents of PATH, which is string
-# having a format:
-# "DIR[:DIR]:"
-#       string "DIR[ DIR]" will be prepended to VARIABLE
-# ":DIR[:DIR]"
-#       string "DIR[ DIR]" will be appended to VARIABLE
-# "DIRP[:DIRP]::[DIRA:]DIRA"
-#       string "DIRP[ DIRP]" will be prepended to VARIABLE and string
-#       "DIRA[ DIRA]" will be appended to VARIABLE
-# "DIR[:DIR]"
-#       VARIABLE will be replaced by "DIR[ DIR]"
-func_munge_path_list ()
-{
-    case x@S|@2 in
-    x)
-        ;;
-    *:)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'` \@S|@@S|@1\"
-        ;;
-    x:*)
-        eval @S|@1=\"\@S|@@S|@1 `$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    *::*)
-        eval @S|@1=\"\@S|@@S|@1\ `$ECHO @S|@2 | $SED -e 's/.*:://' -e 's/:/ /g'`\"
-        eval @S|@1=\"`$ECHO @S|@2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \@S|@@S|@1\"
-        ;;
-    *)
-        eval @S|@1=\"`$ECHO @S|@2 | $SED 's/:/ /g'`\"
-        ;;
-    esac
-}
-]])# _LT_PREPARE_PATH_LIST
-
-
-# _LT_SYS_DYNAMIC_LINKER([TAG])
-# -----------------------------
-# PORTME Fill in your ld.so characteristics
-m4_defun([_LT_SYS_DYNAMIC_LINKER],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_OBJDUMP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CHECK_SHELL_FEATURES])dnl
-m4_require([_LT_PREPARE_MUNGE_PATH_LIST])dnl
-AC_MSG_CHECKING([dynamic linker characteristics])
-m4_if([$1],
-	[], [
-if test yes = "$GCC"; then
-  case $host_os in
-    darwin*) lt_awk_arg='/^libraries:/,/LR/' ;;
-    *) lt_awk_arg='/^libraries:/' ;;
-  esac
-  case $host_os in
-    mingw* | cegcc*) lt_sed_strip_eq='s|=\([[A-Za-z]]:\)|\1|g' ;;
-    *) lt_sed_strip_eq='s|=/|/|g' ;;
-  esac
-  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq`
-  case $lt_search_path_spec in
-  *\;*)
-    # if the path contains ";" then we assume it to be the separator
-    # otherwise default to the standard path separator (i.e. ":") - it is
-    # assumed that no part of a normal pathname contains ";" but that should
-    # okay in the real world where ";" in dirpaths is itself problematic.
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'`
-    ;;
-  *)
-    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"`
-    ;;
-  esac
-  # Ok, now we have the path, separated by spaces, we can step through it
-  # and add multilib dir if necessary...
-  lt_tmp_lt_search_path_spec=
-  lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
-  # ...but if some path component already ends with the multilib dir we assume
-  # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer).
-  case "$lt_multi_os_dir; $lt_search_path_spec " in
-  "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*)
-    lt_multi_os_dir=
-    ;;
-  esac
-  for lt_sys_path in $lt_search_path_spec; do
-    if test -d "$lt_sys_path$lt_multi_os_dir"; then
-      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir"
-    elif test -n "$lt_multi_os_dir"; then
-      test -d "$lt_sys_path" && \
-	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
-    fi
-  done
-  lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk '
-BEGIN {RS = " "; FS = "/|\n";} {
-  lt_foo = "";
-  lt_count = 0;
-  for (lt_i = NF; lt_i > 0; lt_i--) {
-    if ($lt_i != "" && $lt_i != ".") {
-      if ($lt_i == "..") {
-        lt_count++;
-      } else {
-        if (lt_count == 0) {
-          lt_foo = "/" $lt_i lt_foo;
-        } else {
-          lt_count--;
-        }
-      }
-    }
-  }
-  if (lt_foo != "") { lt_freq[[lt_foo]]++; }
-  if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
-}'`
-  # AWK program above erroneously prepends '/' to C:/dos/paths
-  # for these hosts.
-  case $host_os in
-    mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\
-      $SED 's|/\([[A-Za-z]]:\)|\1|g'` ;;
-  esac
-  sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP`
-else
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-fi])
-library_names_spec=
-libname_spec='lib$name'
-soname_spec=
-shrext_cmds=.so
-postinstall_cmds=
-postuninstall_cmds=
-finish_cmds=
-finish_eval=
-shlibpath_var=
-shlibpath_overrides_runpath=unknown
-version_type=none
-dynamic_linker="$host_os ld.so"
-sys_lib_dlsearch_path_spec="/lib /usr/lib"
-need_lib_prefix=unknown
-hardcode_into_libs=no
-
-# when you set need_version to no, make sure it does not cause -set_version
-# flags to be left without arguments
-need_version=unknown
-
-AC_ARG_VAR([LT_SYS_LIBRARY_PATH],
-[User-defined run-time library search path.])
-
-case $host_os in
-aix3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname.a'
-  shlibpath_var=LIBPATH
-
-  # AIX 3 has no versioning support, so we append a major version to the name.
-  soname_spec='$libname$release$shared_ext$major'
-  ;;
-
-aix[[4-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  hardcode_into_libs=yes
-  if test ia64 = "$host_cpu"; then
-    # AIX 5 supports IA64
-    library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext'
-    shlibpath_var=LD_LIBRARY_PATH
-  else
-    # With GCC up to 2.95.x, collect2 would create an import file
-    # for dependence libraries.  The import file would start with
-    # the line '#! .'.  This would cause the generated library to
-    # depend on '.', always an invalid library.  This was fixed in
-    # development snapshots of GCC prior to 3.0.
-    case $host_os in
-      aix4 | aix4.[[01]] | aix4.[[01]].*)
-      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
-	   echo ' yes '
-	   echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then
-	:
-      else
-	can_build_shared=no
-      fi
-      ;;
-    esac
-    # Using Import Files as archive members, it is possible to support
-    # filename-based versioning of shared library archives on AIX. While
-    # this would work for both with and without runtime linking, it will
-    # prevent static linking of such archives. So we do filename-based
-    # shared library versioning with .so extension only, which is used
-    # when both runtime linking and shared linking is enabled.
-    # Unfortunately, runtime linking may impact performance, so we do
-    # not want this to be the default eventually. Also, we use the
-    # versioned .so libs for executables only if there is the -brtl
-    # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only.
-    # To allow for filename-based versioning support, we need to create
-    # libNAME.so.V as an archive file, containing:
-    # *) an Import File, referring to the versioned filename of the
-    #    archive as well as the shared archive member, telling the
-    #    bitwidth (32 or 64) of that shared object, and providing the
-    #    list of exported symbols of that shared object, eventually
-    #    decorated with the 'weak' keyword
-    # *) the shared object with the F_LOADONLY flag set, to really avoid
-    #    it being seen by the linker.
-    # At run time we better use the real file rather than another symlink,
-    # but for link time we create the symlink libNAME.so -> libNAME.so.V
-
-    case $with_aix_soname,$aix_use_runtimelinking in
-    # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct
-    # soname into executable. Probably we can add versioning support to
-    # collect2, so additional links can be useful in future.
-    aix,yes) # traditional libtool
-      dynamic_linker='AIX unversionable lib.so'
-      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
-      # instead of lib<name>.a to let people know that these are not
-      # typical AIX shared libraries.
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      ;;
-    aix,no) # traditional AIX only
-      dynamic_linker='AIX lib.a[(]lib.so.V[)]'
-      # We preserve .a as extension for shared libraries through AIX4.2
-      # and later when we are not doing run time linking.
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      ;;
-    svr4,*) # full svr4 only
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,yes) # both, prefer svr4
-      dynamic_linker="AIX lib.so.V[(]$shared_archive_member_spec.o[)], lib.a[(]lib.so.V[)]"
-      library_names_spec='$libname$release$shared_ext$major $libname$shared_ext'
-      # unpreferred sharedlib libNAME.a needs extra handling
-      postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"'
-      postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"'
-      # We do not specify a path in Import Files, so LIBPATH fires.
-      shlibpath_overrides_runpath=yes
-      ;;
-    *,no) # both, prefer aix
-      dynamic_linker="AIX lib.a[(]lib.so.V[)], lib.so.V[(]$shared_archive_member_spec.o[)]"
-      library_names_spec='$libname$release.a $libname.a'
-      soname_spec='$libname$release$shared_ext$major'
-      # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling
-      postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)'
-      postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"'
-      ;;
-    esac
-    shlibpath_var=LIBPATH
-  fi
-  ;;
-
-amigaos*)
-  case $host_cpu in
-  powerpc)
-    # Since July 2007 AmigaOS4 officially supports .so libraries.
-    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    ;;
-  m68k)
-    library_names_spec='$libname.ixlibrary $libname.a'
-    # Create ${libname}_ixlibrary.a entries in /sys/libs.
-    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
-    ;;
-  esac
-  ;;
-
-beos*)
-  library_names_spec='$libname$shared_ext'
-  dynamic_linker="$host_os ld.so"
-  shlibpath_var=LIBRARY_PATH
-  ;;
-
-bsdi[[45]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
-  # the default ld.so.conf also contains /usr/contrib/lib and
-  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
-  # libtool to hard-code these into programs
-  ;;
-
-cygwin* | mingw* | pw32* | cegcc*)
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-
-  case $GCC,$cc_basename in
-  yes,*)
-    # gcc
-    library_names_spec='$libname.dll.a'
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname~
-      chmod a+x \$dldir/$dlname~
-      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-      fi'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-
-    case $host_os in
-    cygwin*)
-      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
-      soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-m4_if([$1], [],[
-      sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api"])
-      ;;
-    mingw* | cegcc*)
-      # MinGW DLLs use traditional 'lib' prefix
-      soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    pw32*)
-      # pw32 DLLs use 'pw' prefix rather than 'lib'
-      library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-      ;;
-    esac
-    dynamic_linker='Win32 ld.exe'
-    ;;
-
-  *,cl*)
-    # Native MSVC
-    libname_spec='$name'
-    soname_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext'
-    library_names_spec='$libname.dll.lib'
-
-    case $build_os in
-    mingw*)
-      sys_lib_search_path_spec=
-      lt_save_ifs=$IFS
-      IFS=';'
-      for lt_path in $LIB
-      do
-        IFS=$lt_save_ifs
-        # Let DOS variable expansion print the short 8.3 style file name.
-        lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"`
-        sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path"
-      done
-      IFS=$lt_save_ifs
-      # Convert to MSYS style.
-      sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([[a-zA-Z]]\\):| /\\1|g' -e 's|^ ||'`
-      ;;
-    cygwin*)
-      # Convert to unix form, then to dos form, then back to unix form
-      # but this time dos style (no spaces!) so that the unix form looks
-      # like /cygdrive/c/PROGRA~1:/cygdr...
-      sys_lib_search_path_spec=`cygpath --path --unix "$LIB"`
-      sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null`
-      sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      ;;
-    *)
-      sys_lib_search_path_spec=$LIB
-      if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
-        # It is most probably a Windows format PATH.
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
-      else
-        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
-      fi
-      # FIXME: find the short name or the path components, as spaces are
-      # common. (e.g. "Program Files" -> "PROGRA~1")
-      ;;
-    esac
-
-    # DLL is installed to $(libdir)/../bin by postinstall_cmds
-    postinstall_cmds='base_file=`basename \$file`~
-      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~
-      dldir=$destdir/`dirname \$dlpath`~
-      test -d \$dldir || mkdir -p \$dldir~
-      $install_prog $dir/$dlname \$dldir/$dlname'
-    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
-      dlpath=$dir/\$dldll~
-       $RM \$dlpath'
-    shlibpath_overrides_runpath=yes
-    dynamic_linker='Win32 link.exe'
-    ;;
-
-  *)
-    # Assume MSVC wrapper
-    library_names_spec='$libname`echo $release | $SED -e 's/[[.]]/-/g'`$versuffix$shared_ext $libname.lib'
-    dynamic_linker='Win32 ld.exe'
-    ;;
-  esac
-  # FIXME: first we should search . and the directory the executable is in
-  shlibpath_var=PATH
-  ;;
-
-darwin* | rhapsody*)
-  dynamic_linker="$host_os dyld"
-  version_type=darwin
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$major$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$major$shared_ext'
-  shlibpath_overrides_runpath=yes
-  shlibpath_var=DYLD_LIBRARY_PATH
-  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
-m4_if([$1], [],[
-  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
-  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
-  ;;
-
-dgux*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-freebsd* | dragonfly*)
-  # DragonFly does not have aout.  When/if they implement a new
-  # versioning mechanism, adjust this.
-  if test -x /usr/bin/objformat; then
-    objformat=`/usr/bin/objformat`
-  else
-    case $host_os in
-    freebsd[[23]].*) objformat=aout ;;
-    *) objformat=elf ;;
-    esac
-  fi
-  version_type=freebsd-$objformat
-  case $version_type in
-    freebsd-elf*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-      soname_spec='$libname$release$shared_ext$major'
-      need_version=no
-      need_lib_prefix=no
-      ;;
-    freebsd-*)
-      library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-      need_version=yes
-      ;;
-  esac
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_os in
-  freebsd2.*)
-    shlibpath_overrides_runpath=yes
-    ;;
-  freebsd3.[[01]]* | freebsdelf3.[[01]]*)
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
-  freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
-    shlibpath_overrides_runpath=no
-    hardcode_into_libs=yes
-    ;;
-  *) # from 4.6 on, and DragonFly
-    shlibpath_overrides_runpath=yes
-    hardcode_into_libs=yes
-    ;;
-  esac
-  ;;
-
-haiku*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  dynamic_linker="$host_os runtime_loader"
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
-  hardcode_into_libs=yes
-  ;;
-
-hpux9* | hpux10* | hpux11*)
-  # Give a soname corresponding to the major version so that dld.sl refuses to
-  # link against other versions.
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  case $host_cpu in
-  ia64*)
-    shrext_cmds='.so'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.so"
-    shlibpath_var=LD_LIBRARY_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    if test 32 = "$HPUX_IA64_MODE"; then
-      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux32
-    else
-      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
-      sys_lib_dlsearch_path_spec=/usr/lib/hpux64
-    fi
-    ;;
-  hppa*64*)
-    shrext_cmds='.sl'
-    hardcode_into_libs=yes
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
-    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
-    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-    ;;
-  *)
-    shrext_cmds='.sl'
-    dynamic_linker="$host_os dld.sl"
-    shlibpath_var=SHLIB_PATH
-    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    ;;
-  esac
-  # HP-UX runs *really* slowly unless shared libraries are mode 555, ...
-  postinstall_cmds='chmod 555 $lib'
-  # or fails outright, so override atomically:
-  install_override_mode=555
-  ;;
-
-interix[[3-9]]*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $host_os in
-    nonstopux*) version_type=nonstopux ;;
-    *)
-	if test yes = "$lt_cv_prog_gnu_ld"; then
-		version_type=linux # correct to gnu/linux during the next big refactor
-	else
-		version_type=irix
-	fi ;;
-  esac
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext'
-  case $host_os in
-  irix5* | nonstopux*)
-    libsuff= shlibsuff=
-    ;;
-  *)
-    case $LD in # libtool.m4 will add one of these switches to LD
-    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
-      libsuff= shlibsuff= libmagic=32-bit;;
-    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
-      libsuff=32 shlibsuff=N32 libmagic=N32;;
-    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
-      libsuff=64 shlibsuff=64 libmagic=64-bit;;
-    *) libsuff= shlibsuff= libmagic=never-match;;
-    esac
-    ;;
-  esac
-  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
-  shlibpath_overrides_runpath=no
-  sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff"
-  sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff"
-  hardcode_into_libs=yes
-  ;;
-
-# No shared lib support for Linux oldld, aout, or coff.
-linux*oldld* | linux*aout* | linux*coff*)
-  dynamic_linker=no
-  ;;
-
-linux*android*)
-  version_type=none # Android doesn't support versioned libraries.
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext'
-  soname_spec='$libname$release$shared_ext'
-  finish_cmds=
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  dynamic_linker='Android linker'
-  # Don't embed -rpath directories since the linker doesn't support them.
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-
-  # Some binutils ld are patched to set DT_RUNPATH
-  AC_CACHE_VAL([lt_cv_shlibpath_overrides_runpath],
-    [lt_cv_shlibpath_overrides_runpath=no
-    save_LDFLAGS=$LDFLAGS
-    save_libdir=$libdir
-    eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
-	 LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
-    AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
-      [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
-	 [lt_cv_shlibpath_overrides_runpath=yes])])
-    LDFLAGS=$save_LDFLAGS
-    libdir=$save_libdir
-    ])
-  shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath
-
-  # This implies no fast_install, which is unacceptable.
-  # Some rework will be needed to allow for fast_install
-  # before this can be enabled.
-  hardcode_into_libs=yes
-
-  # Ideally, we could use ldconfig to report *all* directores which are
-  # searched for libraries, however this is still not possible.  Aside from not
-  # being certain /sbin/ldconfig is available, command
-  # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64,
-  # even though it is searched at run-time.  Try to do the best guess by
-  # appending ld.so.conf contents (and includes) to the search path.
-  if test -f /etc/ld.so.conf; then
-    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
-  fi
-
-  # We used to test for /lib/ld.so.1 and disable shared libraries on
-  # powerpc, because MkLinux only supported shared libraries with the
-  # GNU dynamic linker.  Since this was broken with cross compilers,
-  # most powerpc-linux boxes support dynamic linking these days and
-  # people can always --disable-shared, the test was removed, and we
-  # assume the GNU/Linux dynamic linker is in use.
-  dynamic_linker='GNU/Linux ld.so'
-  ;;
-
-netbsd*)
-  version_type=sunos
-  need_lib_prefix=no
-  need_version=no
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-    dynamic_linker='NetBSD (a.out) ld.so'
-  else
-    library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-    soname_spec='$libname$release$shared_ext$major'
-    dynamic_linker='NetBSD ld.elf_so'
-  fi
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  ;;
-
-newsos6)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-*nto* | *qnx*)
-  version_type=qnx
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  dynamic_linker='ldqnx.so'
-  ;;
-
-openbsd* | bitrig*)
-  version_type=sunos
-  sys_lib_dlsearch_path_spec=/usr/lib
-  need_lib_prefix=no
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    need_version=no
-  else
-    need_version=yes
-  fi
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  ;;
-
-os2*)
-  libname_spec='$name'
-  version_type=windows
-  shrext_cmds=.dll
-  need_version=no
-  need_lib_prefix=no
-  # OS/2 can only load a DLL with a base name of 8 characters or less.
-  soname_spec='`test -n "$os2dllname" && libname="$os2dllname";
-    v=$($ECHO $release$versuffix | tr -d .-);
-    n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _);
-    $ECHO $n$v`$shared_ext'
-  library_names_spec='${libname}_dll.$libext'
-  dynamic_linker='OS/2 ld.exe'
-  shlibpath_var=BEGINLIBPATH
-  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  postinstall_cmds='base_file=`basename \$file`~
-    dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~
-    dldir=$destdir/`dirname \$dlpath`~
-    test -d \$dldir || mkdir -p \$dldir~
-    $install_prog $dir/$dlname \$dldir/$dlname~
-    chmod a+x \$dldir/$dlname~
-    if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
-      eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
-    fi'
-  postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~
-    dlpath=$dir/\$dldll~
-    $RM \$dlpath'
-  ;;
-
-osf3* | osf4* | osf5*)
-  version_type=osf
-  need_lib_prefix=no
-  need_version=no
-  soname_spec='$libname$release$shared_ext$major'
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
-  sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
-  ;;
-
-rdos*)
-  dynamic_linker=no
-  ;;
-
-solaris*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  # ldd complains unless libraries are executable
-  postinstall_cmds='chmod +x $lib'
-  ;;
-
-sunos4*)
-  version_type=sunos
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix'
-  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  if test yes = "$with_gnu_ld"; then
-    need_lib_prefix=no
-  fi
-  need_version=yes
-  ;;
-
-sysv4 | sysv4.3*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  case $host_vendor in
-    sni)
-      shlibpath_overrides_runpath=no
-      need_lib_prefix=no
-      runpath_var=LD_RUN_PATH
-      ;;
-    siemens)
-      need_lib_prefix=no
-      ;;
-    motorola)
-      need_lib_prefix=no
-      need_version=no
-      shlibpath_overrides_runpath=no
-      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
-      ;;
-  esac
-  ;;
-
-sysv4*MP*)
-  if test -d /usr/nec; then
-    version_type=linux # correct to gnu/linux during the next big refactor
-    library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext'
-    soname_spec='$libname$shared_ext.$major'
-    shlibpath_var=LD_LIBRARY_PATH
-  fi
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  version_type=sco
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=yes
-  hardcode_into_libs=yes
-  if test yes = "$with_gnu_ld"; then
-    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
-  else
-    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
-    case $host_os in
-      sco3.2v5*)
-        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
-	;;
-    esac
-  fi
-  sys_lib_dlsearch_path_spec='/usr/lib'
-  ;;
-
-tpf*)
-  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
-  version_type=linux # correct to gnu/linux during the next big refactor
-  need_lib_prefix=no
-  need_version=no
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  shlibpath_var=LD_LIBRARY_PATH
-  shlibpath_overrides_runpath=no
-  hardcode_into_libs=yes
-  ;;
-
-uts4*)
-  version_type=linux # correct to gnu/linux during the next big refactor
-  library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext'
-  soname_spec='$libname$release$shared_ext$major'
-  shlibpath_var=LD_LIBRARY_PATH
-  ;;
-
-*)
-  dynamic_linker=no
-  ;;
-esac
-AC_MSG_RESULT([$dynamic_linker])
-test no = "$dynamic_linker" && can_build_shared=no
-
-variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
-if test yes = "$GCC"; then
-  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
-fi
-
-if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then
-  sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec
-fi
-
-if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then
-  sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec
-fi
-
-# remember unaugmented sys_lib_dlsearch_path content for libtool script decls...
-configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec
-
-# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code
-func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH"
-
-# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool
-configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH
-
-_LT_DECL([], [variables_saved_for_relink], [1],
-    [Variables whose values should be saved in libtool wrapper scripts and
-    restored at link time])
-_LT_DECL([], [need_lib_prefix], [0],
-    [Do we need the "lib" prefix for modules?])
-_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
-_LT_DECL([], [version_type], [0], [Library versioning type])
-_LT_DECL([], [runpath_var], [0],  [Shared library runtime path variable])
-_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
-_LT_DECL([], [shlibpath_overrides_runpath], [0],
-    [Is shlibpath searched before the hard-coded library search path?])
-_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
-_LT_DECL([], [library_names_spec], [1],
-    [[List of archive names.  First name is the real one, the rest are links.
-    The last name is the one that the linker finds with -lNAME]])
-_LT_DECL([], [soname_spec], [1],
-    [[The coded name of the library, if different from the real name]])
-_LT_DECL([], [install_override_mode], [1],
-    [Permission mode override for installation of shared libraries])
-_LT_DECL([], [postinstall_cmds], [2],
-    [Command to use after installation of a shared archive])
-_LT_DECL([], [postuninstall_cmds], [2],
-    [Command to use after uninstallation of a shared archive])
-_LT_DECL([], [finish_cmds], [2],
-    [Commands used to finish a libtool library installation in a directory])
-_LT_DECL([], [finish_eval], [1],
-    [[As "finish_cmds", except a single script fragment to be evaled but
-    not shown]])
-_LT_DECL([], [hardcode_into_libs], [0],
-    [Whether we should hardcode library paths into libraries])
-_LT_DECL([], [sys_lib_search_path_spec], [2],
-    [Compile-time system search path for libraries])
-_LT_DECL([sys_lib_dlsearch_path_spec], [configure_time_dlsearch_path], [2],
-    [Detected run-time system search path for libraries])
-_LT_DECL([], [configure_time_lt_sys_library_path], [2],
-    [Explicit LT_SYS_LIBRARY_PATH set during ./configure time])
-])# _LT_SYS_DYNAMIC_LINKER
-
-
-# _LT_PATH_TOOL_PREFIX(TOOL)
-# --------------------------
-# find a file program that can recognize shared library
-AC_DEFUN([_LT_PATH_TOOL_PREFIX],
-[m4_require([_LT_DECL_EGREP])dnl
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
-[case $MAGIC_CMD in
-[[\\/*] |  ?:[\\/]*])
-  lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path.
-  ;;
-*)
-  lt_save_MAGIC_CMD=$MAGIC_CMD
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-dnl $ac_dummy forces splitting on constant user-supplied paths.
-dnl POSIX.2 word splitting is done only on the output of word expansions,
-dnl not every word.  This closes a longstanding sh security hole.
-  ac_dummy="m4_if([$2], , $PATH, [$2])"
-  for ac_dir in $ac_dummy; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$1"; then
-      lt_cv_path_MAGIC_CMD=$ac_dir/"$1"
-      if test -n "$file_magic_test_file"; then
-	case $deplibs_check_method in
-	"file_magic "*)
-	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
-	  MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
-	    $EGREP "$file_magic_regex" > /dev/null; then
-	    :
-	  else
-	    cat <<_LT_EOF 1>&2
-
-*** Warning: the command libtool uses to detect shared libraries,
-*** $file_magic_cmd, produces output that libtool cannot recognize.
-*** The result is that libtool may fail to recognize shared libraries
-*** as such.  This will affect the creation of libtool libraries that
-*** depend on shared libraries, but programs linked with such libtool
-*** libraries will work regardless of this problem.  Nevertheless, you
-*** may want to report the problem to your system manager and/or to
-*** bug-libtool@gnu.org
-
-_LT_EOF
-	  fi ;;
-	esac
-      fi
-      break
-    fi
-  done
-  IFS=$lt_save_ifs
-  MAGIC_CMD=$lt_save_MAGIC_CMD
-  ;;
-esac])
-MAGIC_CMD=$lt_cv_path_MAGIC_CMD
-if test -n "$MAGIC_CMD"; then
-  AC_MSG_RESULT($MAGIC_CMD)
-else
-  AC_MSG_RESULT(no)
-fi
-_LT_DECL([], [MAGIC_CMD], [0],
-	 [Used to examine libraries when file_magic_cmd begins with "file"])dnl
-])# _LT_PATH_TOOL_PREFIX
-
-# Old name:
-AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
-
-
-# _LT_PATH_MAGIC
-# --------------
-# find a file program that can recognize a shared library
-m4_defun([_LT_PATH_MAGIC],
-[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
-if test -z "$lt_cv_path_MAGIC_CMD"; then
-  if test -n "$ac_tool_prefix"; then
-    _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
-  else
-    MAGIC_CMD=:
-  fi
-fi
-])# _LT_PATH_MAGIC
-
-
-# LT_PATH_LD
-# ----------
-# find the pathname to the GNU or non-GNU linker
-AC_DEFUN([LT_PATH_LD],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PROG_ECHO_BACKSLASH])dnl
-
-AC_ARG_WITH([gnu-ld],
-    [AS_HELP_STRING([--with-gnu-ld],
-	[assume the C compiler uses GNU ld @<:@default=no@:>@])],
-    [test no = "$withval" || with_gnu_ld=yes],
-    [with_gnu_ld=no])dnl
-
-ac_prog=ld
-if test yes = "$GCC"; then
-  # Check if gcc -print-prog-name=ld gives a path.
-  AC_MSG_CHECKING([for ld used by $CC])
-  case $host in
-  *-*-mingw*)
-    # gcc leaves a trailing carriage return, which upsets mingw
-    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
-  *)
-    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
-  esac
-  case $ac_prog in
-    # Accept absolute paths.
-    [[\\/]]* | ?:[[\\/]]*)
-      re_direlt='/[[^/]][[^/]]*/\.\./'
-      # Canonicalize the pathname of ld
-      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
-      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
-	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
-      done
-      test -z "$LD" && LD=$ac_prog
-      ;;
-  "")
-    # If it fails, then pretend we aren't using GCC.
-    ac_prog=ld
-    ;;
-  *)
-    # If it is relative, then search for the first ld in PATH.
-    with_gnu_ld=unknown
-    ;;
-  esac
-elif test yes = "$with_gnu_ld"; then
-  AC_MSG_CHECKING([for GNU ld])
-else
-  AC_MSG_CHECKING([for non-GNU ld])
-fi
-AC_CACHE_VAL(lt_cv_path_LD,
-[if test -z "$LD"; then
-  lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-  for ac_dir in $PATH; do
-    IFS=$lt_save_ifs
-    test -z "$ac_dir" && ac_dir=.
-    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
-      lt_cv_path_LD=$ac_dir/$ac_prog
-      # Check to see if the program is GNU ld.  I'd rather use --version,
-      # but apparently some variants of GNU ld only accept -v.
-      # Break only if it was the GNU/non-GNU ld that we prefer.
-      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
-      *GNU* | *'with BFD'*)
-	test no != "$with_gnu_ld" && break
-	;;
-      *)
-	test yes != "$with_gnu_ld" && break
-	;;
-      esac
-    fi
-  done
-  IFS=$lt_save_ifs
-else
-  lt_cv_path_LD=$LD # Let the user override the test with a path.
-fi])
-LD=$lt_cv_path_LD
-if test -n "$LD"; then
-  AC_MSG_RESULT($LD)
-else
-  AC_MSG_RESULT(no)
-fi
-test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
-_LT_PATH_LD_GNU
-AC_SUBST([LD])
-
-_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
-])# LT_PATH_LD
-
-# Old names:
-AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
-AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_LD], [])
-dnl AC_DEFUN([AC_PROG_LD], [])
-
-
-# _LT_PATH_LD_GNU
-#- --------------
-m4_defun([_LT_PATH_LD_GNU],
-[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
-[# I'd rather use --version here, but apparently some GNU lds only accept -v.
-case `$LD -v 2>&1 </dev/null` in
-*GNU* | *'with BFD'*)
-  lt_cv_prog_gnu_ld=yes
-  ;;
-*)
-  lt_cv_prog_gnu_ld=no
-  ;;
-esac])
-with_gnu_ld=$lt_cv_prog_gnu_ld
-])# _LT_PATH_LD_GNU
-
-
-# _LT_CMD_RELOAD
-# --------------
-# find reload flag for linker
-#   -- PORTME Some linkers may need a different reload flag.
-m4_defun([_LT_CMD_RELOAD],
-[AC_CACHE_CHECK([for $LD option to reload object files],
-  lt_cv_ld_reload_flag,
-  [lt_cv_ld_reload_flag='-r'])
-reload_flag=$lt_cv_ld_reload_flag
-case $reload_flag in
-"" | " "*) ;;
-*) reload_flag=" $reload_flag" ;;
-esac
-reload_cmds='$LD$reload_flag -o $output$reload_objs'
-case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    if test yes != "$GCC"; then
-      reload_cmds=false
-    fi
-    ;;
-  darwin*)
-    if test yes = "$GCC"; then
-      reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs'
-    else
-      reload_cmds='$LD$reload_flag -o $output$reload_objs'
-    fi
-    ;;
-esac
-_LT_TAGDECL([], [reload_flag], [1], [How to create reloadable object files])dnl
-_LT_TAGDECL([], [reload_cmds], [2])dnl
-])# _LT_CMD_RELOAD
-
-
-# _LT_PATH_DD
-# -----------
-# find a working dd
-m4_defun([_LT_PATH_DD],
-[AC_CACHE_CHECK([for a working dd], [ac_cv_path_lt_DD],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-: ${lt_DD:=$DD}
-AC_PATH_PROGS_FEATURE_CHECK([lt_DD], [dd],
-[if "$ac_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=:
-fi])
-rm -f conftest.i conftest2.i conftest.out])
-])# _LT_PATH_DD
-
-
-# _LT_CMD_TRUNCATE
-# ----------------
-# find command to truncate a binary pipe
-m4_defun([_LT_CMD_TRUNCATE],
-[m4_require([_LT_PATH_DD])
-AC_CACHE_CHECK([how to truncate binary pipes], [lt_cv_truncate_bin],
-[printf 0123456789abcdef0123456789abcdef >conftest.i
-cat conftest.i conftest.i >conftest2.i
-lt_cv_truncate_bin=
-if "$ac_cv_path_lt_DD" bs=32 count=1 <conftest2.i >conftest.out 2>/dev/null; then
-  cmp -s conftest.i conftest.out \
-  && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1"
-fi
-rm -f conftest.i conftest2.i conftest.out
-test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q"])
-_LT_DECL([lt_truncate_bin], [lt_cv_truncate_bin], [1],
-  [Command to truncate a binary pipe])
-])# _LT_CMD_TRUNCATE
-
-
-# _LT_CHECK_MAGIC_METHOD
-# ----------------------
-# how to check for library dependencies
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_MAGIC_METHOD],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-AC_CACHE_CHECK([how to recognize dependent libraries],
-lt_cv_deplibs_check_method,
-[lt_cv_file_magic_cmd='$MAGIC_CMD'
-lt_cv_file_magic_test_file=
-lt_cv_deplibs_check_method='unknown'
-# Need to set the preceding variable on all platforms that support
-# interlibrary dependencies.
-# 'none' -- dependencies not supported.
-# 'unknown' -- same as none, but documents that we really don't know.
-# 'pass_all' -- all dependencies passed with no checks.
-# 'test_compile' -- check by making test program.
-# 'file_magic [[regex]]' -- check by looking for files in library path
-# that responds to the $file_magic_cmd with a given extended regex.
-# If you have 'file' or equivalent on your system and you're not sure
-# whether 'pass_all' will *always* work, you probably want this one.
-
-case $host_os in
-aix[[4-9]]*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-beos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-bsdi[[45]]*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
-  lt_cv_file_magic_cmd='/usr/bin/file -L'
-  lt_cv_file_magic_test_file=/shlib/libc.so
-  ;;
-
-cygwin*)
-  # func_win32_libid is a shell function defined in ltmain.sh
-  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-  lt_cv_file_magic_cmd='func_win32_libid'
-  ;;
-
-mingw* | pw32*)
-  # Base MSYS/MinGW do not provide the 'file' command needed by
-  # func_win32_libid shell function, so use a weaker test based on 'objdump',
-  # unless we find 'file', for example because we are cross-compiling.
-  if ( file / ) >/dev/null 2>&1; then
-    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
-    lt_cv_file_magic_cmd='func_win32_libid'
-  else
-    # Keep this pattern in sync with the one in func_win32_libid.
-    lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)'
-    lt_cv_file_magic_cmd='$OBJDUMP -f'
-  fi
-  ;;
-
-cegcc*)
-  # use the weaker test based on 'objdump'. See mingw*.
-  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
-  lt_cv_file_magic_cmd='$OBJDUMP -f'
-  ;;
-
-darwin* | rhapsody*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-freebsd* | dragonfly*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    case $host_cpu in
-    i*86 )
-      # Not sure whether the presence of OpenBSD here was a mistake.
-      # Let's accept both of them until this is cleared up.
-      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
-      lt_cv_file_magic_cmd=/usr/bin/file
-      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
-      ;;
-    esac
-  else
-    lt_cv_deplibs_check_method=pass_all
-  fi
-  ;;
-
-haiku*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-hpux10.20* | hpux11*)
-  lt_cv_file_magic_cmd=/usr/bin/file
-  case $host_cpu in
-  ia64*)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
-    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
-    ;;
-  hppa*64*)
-    [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]']
-    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
-    ;;
-  *)
-    lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]]\.[[0-9]]) shared library'
-    lt_cv_file_magic_test_file=/usr/lib/libc.sl
-    ;;
-  esac
-  ;;
-
-interix[[3-9]]*)
-  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
-  lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
-  ;;
-
-irix5* | irix6* | nonstopux*)
-  case $LD in
-  *-32|*"-32 ") libmagic=32-bit;;
-  *-n32|*"-n32 ") libmagic=N32;;
-  *-64|*"-64 ") libmagic=64-bit;;
-  *) libmagic=never-match;;
-  esac
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-# This must be glibc/ELF.
-linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-netbsd*)
-  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
-  fi
-  ;;
-
-newos6*)
-  lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
-  lt_cv_file_magic_cmd=/usr/bin/file
-  lt_cv_file_magic_test_file=/usr/lib/libnls.so
-  ;;
-
-*nto* | *qnx*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-openbsd* | bitrig*)
-  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
-  else
-    lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
-  fi
-  ;;
-
-osf3* | osf4* | osf5*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-rdos*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-solaris*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-
-sysv4 | sysv4.3*)
-  case $host_vendor in
-  motorola)
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
-    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
-    ;;
-  ncr)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  sequent)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
-    ;;
-  sni)
-    lt_cv_file_magic_cmd='/bin/file'
-    lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
-    lt_cv_file_magic_test_file=/lib/libc.so
-    ;;
-  siemens)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  pc)
-    lt_cv_deplibs_check_method=pass_all
-    ;;
-  esac
-  ;;
-
-tpf*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-os2*)
-  lt_cv_deplibs_check_method=pass_all
-  ;;
-esac
-])
-
-file_magic_glob=
-want_nocaseglob=no
-if test "$build" = "$host"; then
-  case $host_os in
-  mingw* | pw32*)
-    if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then
-      want_nocaseglob=yes
-    else
-      file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[[\1]]\/[[\1]]\/g;/g"`
-    fi
-    ;;
-  esac
-fi
-
-file_magic_cmd=$lt_cv_file_magic_cmd
-deplibs_check_method=$lt_cv_deplibs_check_method
-test -z "$deplibs_check_method" && deplibs_check_method=unknown
-
-_LT_DECL([], [deplibs_check_method], [1],
-    [Method to check whether dependent libraries are shared objects])
-_LT_DECL([], [file_magic_cmd], [1],
-    [Command to use when deplibs_check_method = "file_magic"])
-_LT_DECL([], [file_magic_glob], [1],
-    [How to find potential files when deplibs_check_method = "file_magic"])
-_LT_DECL([], [want_nocaseglob], [1],
-    [Find potential files using nocaseglob when deplibs_check_method = "file_magic"])
-])# _LT_CHECK_MAGIC_METHOD
-
-
-# LT_PATH_NM
-# ----------
-# find the pathname to a BSD- or MS-compatible name lister
-AC_DEFUN([LT_PATH_NM],
-[AC_REQUIRE([AC_PROG_CC])dnl
-AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
-[if test -n "$NM"; then
-  # Let the user override the test.
-  lt_cv_path_NM=$NM
-else
-  lt_nm_to_check=${ac_tool_prefix}nm
-  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
-    lt_nm_to_check="$lt_nm_to_check nm"
-  fi
-  for lt_tmp_nm in $lt_nm_to_check; do
-    lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR
-    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
-      IFS=$lt_save_ifs
-      test -z "$ac_dir" && ac_dir=.
-      tmp_nm=$ac_dir/$lt_tmp_nm
-      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then
-	# Check to see if the nm accepts a BSD-compat flag.
-	# Adding the 'sed 1q' prevents false positives on HP-UX, which says:
-	#   nm: unknown option "B" ignored
-	# Tru64's nm complains that /dev/null is an invalid object file
-	# MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty
-	case $build_os in
-	mingw*) lt_bad_file=conftest.nm/nofile ;;
-	*) lt_bad_file=/dev/null ;;
-	esac
-	case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in
-	*$lt_bad_file* | *'Invalid file or object type'*)
-	  lt_cv_path_NM="$tmp_nm -B"
-	  break 2
-	  ;;
-	*)
-	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
-	  */dev/null*)
-	    lt_cv_path_NM="$tmp_nm -p"
-	    break 2
-	    ;;
-	  *)
-	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
-	    continue # so that we can try to find one that supports BSD flags
-	    ;;
-	  esac
-	  ;;
-	esac
-      fi
-    done
-    IFS=$lt_save_ifs
-  done
-  : ${lt_cv_path_NM=no}
-fi])
-if test no != "$lt_cv_path_NM"; then
-  NM=$lt_cv_path_NM
-else
-  # Didn't find any BSD compatible name lister, look for dumpbin.
-  if test -n "$DUMPBIN"; then :
-    # Let the user override the test.
-  else
-    AC_CHECK_TOOLS(DUMPBIN, [dumpbin "link -dump"], :)
-    case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in
-    *COFF*)
-      DUMPBIN="$DUMPBIN -symbols -headers"
-      ;;
-    *)
-      DUMPBIN=:
-      ;;
-    esac
-  fi
-  AC_SUBST([DUMPBIN])
-  if test : != "$DUMPBIN"; then
-    NM=$DUMPBIN
-  fi
-fi
-test -z "$NM" && NM=nm
-AC_SUBST([NM])
-_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
-
-AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
-  [lt_cv_nm_interface="BSD nm"
-  echo "int some_variable = 0;" > conftest.$ac_ext
-  (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$ac_compile" 2>conftest.err)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
-  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  (eval echo "\"\$as_me:$LINENO: output\"" >&AS_MESSAGE_LOG_FD)
-  cat conftest.out >&AS_MESSAGE_LOG_FD
-  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
-    lt_cv_nm_interface="MS dumpbin"
-  fi
-  rm -f conftest*])
-])# LT_PATH_NM
-
-# Old names:
-AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
-AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_PROG_NM], [])
-dnl AC_DEFUN([AC_PROG_NM], [])
-
-# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-# --------------------------------
-# how to determine the name of the shared library
-# associated with a specific link library.
-#  -- PORTME fill in with the dynamic library characteristics
-m4_defun([_LT_CHECK_SHAREDLIB_FROM_LINKLIB],
-[m4_require([_LT_DECL_EGREP])
-m4_require([_LT_DECL_OBJDUMP])
-m4_require([_LT_DECL_DLLTOOL])
-AC_CACHE_CHECK([how to associate runtime and link libraries],
-lt_cv_sharedlib_from_linklib_cmd,
-[lt_cv_sharedlib_from_linklib_cmd='unknown'
-
-case $host_os in
-cygwin* | mingw* | pw32* | cegcc*)
-  # two different shell functions defined in ltmain.sh;
-  # decide which one to use based on capabilities of $DLLTOOL
-  case `$DLLTOOL --help 2>&1` in
-  *--identify-strict*)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib
-    ;;
-  *)
-    lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback
-    ;;
-  esac
-  ;;
-*)
-  # fallback: assume linklib IS sharedlib
-  lt_cv_sharedlib_from_linklib_cmd=$ECHO
-  ;;
-esac
-])
-sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd
-test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO
-
-_LT_DECL([], [sharedlib_from_linklib_cmd], [1],
-    [Command to associate shared and link libraries])
-])# _LT_CHECK_SHAREDLIB_FROM_LINKLIB
-
-
-# _LT_PATH_MANIFEST_TOOL
-# ----------------------
-# locate the manifest tool
-m4_defun([_LT_PATH_MANIFEST_TOOL],
-[AC_CHECK_TOOL(MANIFEST_TOOL, mt, :)
-test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt
-AC_CACHE_CHECK([if $MANIFEST_TOOL is a manifest tool], [lt_cv_path_mainfest_tool],
-  [lt_cv_path_mainfest_tool=no
-  echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&AS_MESSAGE_LOG_FD
-  $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out
-  cat conftest.err >&AS_MESSAGE_LOG_FD
-  if $GREP 'Manifest Tool' conftest.out > /dev/null; then
-    lt_cv_path_mainfest_tool=yes
-  fi
-  rm -f conftest*])
-if test yes != "$lt_cv_path_mainfest_tool"; then
-  MANIFEST_TOOL=:
-fi
-_LT_DECL([], [MANIFEST_TOOL], [1], [Manifest tool])dnl
-])# _LT_PATH_MANIFEST_TOOL
-
-
-# _LT_DLL_DEF_P([FILE])
-# ---------------------
-# True iff FILE is a Windows DLL '.def' file.
-# Keep in sync with func_dll_def_p in the libtool script
-AC_DEFUN([_LT_DLL_DEF_P],
-[dnl
-  test DEF = "`$SED -n dnl
-    -e '\''s/^[[	 ]]*//'\'' dnl Strip leading whitespace
-    -e '\''/^\(;.*\)*$/d'\'' dnl      Delete empty lines and comments
-    -e '\''s/^\(EXPORTS\|LIBRARY\)\([[	 ]].*\)*$/DEF/p'\'' dnl
-    -e q dnl                          Only consider the first "real" line
-    $1`" dnl
-])# _LT_DLL_DEF_P
-
-
-# LT_LIB_M
-# --------
-# check for math library
-AC_DEFUN([LT_LIB_M],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-LIBM=
-case $host in
-*-*-beos* | *-*-cegcc* | *-*-cygwin* | *-*-haiku* | *-*-pw32* | *-*-darwin*)
-  # These system don't have libm, or don't need it
-  ;;
-*-ncr-sysv4.3*)
-  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM=-lmw)
-  AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
-  ;;
-*)
-  AC_CHECK_LIB(m, cos, LIBM=-lm)
-  ;;
-esac
-AC_SUBST([LIBM])
-])# LT_LIB_M
-
-# Old name:
-AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_CHECK_LIBM], [])
-
-
-# _LT_COMPILER_NO_RTTI([TAGNAME])
-# -------------------------------
-m4_defun([_LT_COMPILER_NO_RTTI],
-[m4_require([_LT_TAG_COMPILER])dnl
-
-_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-
-if test yes = "$GCC"; then
-  case $cc_basename in
-  nvcc*)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -Xcompiler -fno-builtin' ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' ;;
-  esac
-
-  _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
-    lt_cv_prog_compiler_rtti_exceptions,
-    [-fno-rtti -fno-exceptions], [],
-    [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
-fi
-_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
-	[Compiler flag to turn off builtin functions])
-])# _LT_COMPILER_NO_RTTI
-
-
-# _LT_CMD_GLOBAL_SYMBOLS
-# ----------------------
-m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_PROG_CC])dnl
-AC_REQUIRE([AC_PROG_AWK])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-AC_REQUIRE([LT_PATH_LD])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-
-# Check for command to grab the raw symbol name followed by C symbol from nm.
-AC_MSG_CHECKING([command to parse $NM output from $compiler object])
-AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
-[
-# These are sane defaults that work on at least a few old systems.
-# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
-
-# Character class describing NM global symbol codes.
-symcode='[[BCDEGRST]]'
-
-# Regexp to match symbols that can be accessed directly from C.
-sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
-
-# Define system-specific variables.
-case $host_os in
-aix*)
-  symcode='[[BCDT]]'
-  ;;
-cygwin* | mingw* | pw32* | cegcc*)
-  symcode='[[ABCDGISTW]]'
-  ;;
-hpux*)
-  if test ia64 = "$host_cpu"; then
-    symcode='[[ABCDEGRST]]'
-  fi
-  ;;
-irix* | nonstopux*)
-  symcode='[[BCDEGRST]]'
-  ;;
-osf*)
-  symcode='[[BCDEGQRST]]'
-  ;;
-solaris*)
-  symcode='[[BDRT]]'
-  ;;
-sco3.2v5*)
-  symcode='[[DT]]'
-  ;;
-sysv4.2uw2*)
-  symcode='[[DT]]'
-  ;;
-sysv5* | sco5v6* | unixware* | OpenUNIX*)
-  symcode='[[ABDT]]'
-  ;;
-sysv4)
-  symcode='[[DFNSTU]]'
-  ;;
-esac
-
-# If we're using GNU nm, then use its standard symbol codes.
-case `$NM -V 2>&1` in
-*GNU* | *'with BFD'*)
-  symcode='[[ABCDGIRSTW]]' ;;
-esac
-
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  # Gets list of data symbols to import.
-  lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'"
-  # Adjust the below global symbol transforms to fixup imported variables.
-  lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'"
-  lt_c_name_hook=" -e 's/^I .* \(.*\)$/  {\"\1\", (void *) 0},/p'"
-  lt_c_name_lib_hook="\
-  -e 's/^I .* \(lib.*\)$/  {\"\1\", (void *) 0},/p'\
-  -e 's/^I .* \(.*\)$/  {\"lib\1\", (void *) 0},/p'"
-else
-  # Disable hooks by default.
-  lt_cv_sys_global_symbol_to_import=
-  lt_cdecl_hook=
-  lt_c_name_hook=
-  lt_c_name_lib_hook=
-fi
-
-# Transform an extracted symbol line into a proper C declaration.
-# Some systems (esp. on ia64) link data and code symbols differently,
-# so use this general approach.
-lt_cv_sys_global_symbol_to_cdecl="sed -n"\
-$lt_cdecl_hook\
-" -e 's/^T .* \(.*\)$/extern int \1();/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'"
-
-# Transform an extracted symbol line into symbol name and symbol address
-lt_cv_sys_global_symbol_to_c_name_address="sed -n"\
-$lt_c_name_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/p'"
-
-# Transform an extracted symbol line into symbol name with lib prefix and
-# symbol address.
-lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\
-$lt_c_name_lib_hook\
-" -e 's/^: \(.*\) .*$/  {\"\1\", (void *) 0},/p'"\
-" -e 's/^$symcode$symcode* .* \(lib.*\)$/  {\"\1\", (void *) \&\1},/p'"\
-" -e 's/^$symcode$symcode* .* \(.*\)$/  {\"lib\1\", (void *) \&\1},/p'"
-
-# Handle CRLF in mingw tool chain
-opt_cr=
-case $build_os in
-mingw*)
-  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
-  ;;
-esac
-
-# Try without a prefix underscore, then with it.
-for ac_symprfx in "" "_"; do
-
-  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
-  symxfrm="\\1 $ac_symprfx\\2 \\2"
-
-  # Write the raw and C identifiers.
-  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-    # Fake it for dumpbin and say T for any non-static function,
-    # D for any global variable and I for any imported variable.
-    # Also find C++ and __fastcall symbols from MSVC++,
-    # which start with @ or ?.
-    lt_cv_sys_global_symbol_pipe="$AWK ['"\
-"     {last_section=section; section=\$ 3};"\
-"     /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\
-"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
-"     /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\
-"     /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\
-"     /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\
-"     \$ 0!~/External *\|/{next};"\
-"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
-"     {if(hide[section]) next};"\
-"     {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\
-"     {split(\$ 0,a,/\||\r/); split(a[2],s)};"\
-"     s[1]~/^[@?]/{print f,s[1],s[1]; next};"\
-"     s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\
-"     ' prfx=^$ac_symprfx]"
-  else
-    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[	 ]]\($symcode$symcode*\)[[	 ]][[	 ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
-  fi
-  lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'"
-
-  # Check to see that the pipe works correctly.
-  pipe_works=no
-
-  rm -f conftest*
-  cat > conftest.$ac_ext <<_LT_EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-char nm_test_var;
-void nm_test_func(void);
-void nm_test_func(void){}
-#ifdef __cplusplus
-}
-#endif
-int main(){nm_test_var='a';nm_test_func();return(0);}
-_LT_EOF
-
-  if AC_TRY_EVAL(ac_compile); then
-    # Now try to grab the symbols.
-    nlist=conftest.nm
-    if AC_TRY_EVAL(NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) && test -s "$nlist"; then
-      # Try sorting and uniquifying the output.
-      if sort "$nlist" | uniq > "$nlist"T; then
-	mv -f "$nlist"T "$nlist"
-      else
-	rm -f "$nlist"T
-      fi
-
-      # Make sure that we snagged all the symbols we need.
-      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
-	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
-	  cat <<_LT_EOF > conftest.$ac_ext
-/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests.  */
-#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE
-/* DATA imports from DLLs on WIN32 can't be const, because runtime
-   relocations are performed -- see ld's documentation on pseudo-relocs.  */
-# define LT@&t@_DLSYM_CONST
-#elif defined __osf__
-/* This system does not cope well with relocations in const data.  */
-# define LT@&t@_DLSYM_CONST
-#else
-# define LT@&t@_DLSYM_CONST const
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-_LT_EOF
-	  # Now generate the symbol file.
-	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
-
-	  cat <<_LT_EOF >> conftest.$ac_ext
-
-/* The mapping between symbol names and symbols.  */
-LT@&t@_DLSYM_CONST struct {
-  const char *name;
-  void       *address;
-}
-lt__PROGRAM__LTX_preloaded_symbols[[]] =
-{
-  { "@PROGRAM@", (void *) 0 },
-_LT_EOF
-	  $SED "s/^$symcode$symcode* .* \(.*\)$/  {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
-	  cat <<\_LT_EOF >> conftest.$ac_ext
-  {0, (void *) 0}
-};
-
-/* This works around a problem in FreeBSD linker */
-#ifdef FREEBSD_WORKAROUND
-static const void *lt_preloaded_setup() {
-  return lt__PROGRAM__LTX_preloaded_symbols;
-}
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-_LT_EOF
-	  # Now try linking the two files.
-	  mv conftest.$ac_objext conftstm.$ac_objext
-	  lt_globsym_save_LIBS=$LIBS
-	  lt_globsym_save_CFLAGS=$CFLAGS
-	  LIBS=conftstm.$ac_objext
-	  CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
-	  if AC_TRY_EVAL(ac_link) && test -s conftest$ac_exeext; then
-	    pipe_works=yes
-	  fi
-	  LIBS=$lt_globsym_save_LIBS
-	  CFLAGS=$lt_globsym_save_CFLAGS
-	else
-	  echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
-	fi
-      else
-	echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
-      fi
-    else
-      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
-    fi
-  else
-    echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
-    cat conftest.$ac_ext >&5
-  fi
-  rm -rf conftest* conftst*
-
-  # Do not use the global_symbol_pipe unless it works.
-  if test yes = "$pipe_works"; then
-    break
-  else
-    lt_cv_sys_global_symbol_pipe=
-  fi
-done
-])
-if test -z "$lt_cv_sys_global_symbol_pipe"; then
-  lt_cv_sys_global_symbol_to_cdecl=
-fi
-if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
-  AC_MSG_RESULT(failed)
-else
-  AC_MSG_RESULT(ok)
-fi
-
-# Response file support.
-if test "$lt_cv_nm_interface" = "MS dumpbin"; then
-  nm_file_list_spec='@'
-elif $NM --help 2>/dev/null | grep '[[@]]FILE' >/dev/null; then
-  nm_file_list_spec='@'
-fi
-
-_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
-    [Take the output of nm and produce a listing of raw symbols and C names])
-_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
-    [Transform the output of nm in a proper C declaration])
-_LT_DECL([global_symbol_to_import], [lt_cv_sys_global_symbol_to_import], [1],
-    [Transform the output of nm into a list of symbols to manually relocate])
-_LT_DECL([global_symbol_to_c_name_address],
-    [lt_cv_sys_global_symbol_to_c_name_address], [1],
-    [Transform the output of nm in a C name address pair])
-_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
-    [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
-    [Transform the output of nm in a C name address pair when lib prefix is needed])
-_LT_DECL([nm_interface], [lt_cv_nm_interface], [1],
-    [The name lister interface])
-_LT_DECL([], [nm_file_list_spec], [1],
-    [Specify filename containing input files for $NM])
-]) # _LT_CMD_GLOBAL_SYMBOLS
-
-
-# _LT_COMPILER_PIC([TAGNAME])
-# ---------------------------
-m4_defun([_LT_COMPILER_PIC],
-[m4_require([_LT_TAG_COMPILER])dnl
-_LT_TAGVAR(lt_prog_compiler_wl, $1)=
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-_LT_TAGVAR(lt_prog_compiler_static, $1)=
-
-m4_if([$1], [CXX], [
-  # C++ specific cases for pic, static, wl, etc.
-  if test yes = "$GXX"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-    aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-    mingw* | cygwin* | os2* | pw32* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-    *djgpp*)
-      # DJGPP does not support shared libraries at all
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-      ;;
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-    *qnx* | *nto*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-  else
-    case $host_os in
-      aix[[4-9]]*)
-	# All AIX code is PIC.
-	if test ia64 = "$host_cpu"; then
-	  # AIX 5 now supports IA64 processor
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	else
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-	fi
-	;;
-      chorus*)
-	case $cc_basename in
-	cxch68*)
-	  # Green Hills C++ Compiler
-	  # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
-	  ;;
-	esac
-	;;
-      mingw* | cygwin* | os2* | pw32* | cegcc*)
-	# This hack is so that the source file can tell whether it is being
-	# built for inclusion in a dll (and should export symbols for example).
-	m4_if([$1], [GCJ], [],
-	  [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-	;;
-      dgux*)
-	case $cc_basename in
-	  ec++*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  ghcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      freebsd* | dragonfly*)
-	# FreeBSD uses GNU C++
-	;;
-      hpux9* | hpux10* | hpux11*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    if test ia64 != "$host_cpu"; then
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	    fi
-	    ;;
-	  aCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-	    case $host_cpu in
-	    hppa*64*|ia64*)
-	      # +Z the default
-	      ;;
-	    *)
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	      ;;
-	    esac
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      interix*)
-	# This is c89, which is MS Visual C++ (no shared libs)
-	# Anyone wants to do a port?
-	;;
-      irix5* | irix6* | nonstopux*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    # CC pic flag -KPIC is the default.
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-	case $cc_basename in
-	  KCC*)
-	    # KAI C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    ;;
-	  ecpc* )
-	    # old Intel C++ for x86_64, which still supported -KPIC.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  icpc* )
-	    # Intel C++, used to be incompatible with GCC.
-	    # ICC 10 doesn't accept -KPIC any more.
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	    ;;
-	  pgCC* | pgcpp*)
-	    # Portland Group C++ compiler
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  cxx*)
-	    # Compaq C++
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  xlc* | xlC* | bgxl[[cC]]* | mpixl[[cC]]*)
-	    # IBM XL 8.0, 9.0 on PPC and BlueGene
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-      lynxos*)
-	;;
-      m88k*)
-	;;
-      mvs*)
-	case $cc_basename in
-	  cxx*)
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      netbsd*)
-	;;
-      *qnx* | *nto*)
-        # QNX uses GNU C++, but need to define -shared option too, otherwise
-        # it will coredump.
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-        ;;
-      osf3* | osf4* | osf5*)
-	case $cc_basename in
-	  KCC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
-	    ;;
-	  RCC*)
-	    # Rational C++ 2.4.1
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  cxx*)
-	    # Digital/Compaq C++
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    # Make sure the PIC flag is empty.  It appears that all Alpha
-	    # Linux and Compaq Tru64 Unix objects are PIC.
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      psos*)
-	;;
-      solaris*)
-	case $cc_basename in
-	  CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	    ;;
-	  gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sunos4*)
-	case $cc_basename in
-	  CC*)
-	    # Sun C++ 4.x
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	  lcc*)
-	    # Lucid
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-	case $cc_basename in
-	  CC*)
-	    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	    ;;
-	esac
-	;;
-      tandem*)
-	case $cc_basename in
-	  NCC*)
-	    # NonStop-UX NCC 3.20
-	    _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	    ;;
-	  *)
-	    ;;
-	esac
-	;;
-      vxworks*)
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-	;;
-    esac
-  fi
-],
-[
-  if test yes = "$GCC"; then
-    _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-    _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-
-    case $host_os in
-      aix*)
-      # All AIX code is PIC.
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-        ;;
-      m68k)
-            # FIXME: we need at least 68020 code to build shared libraries, but
-            # adding the '-m68020' flag to GCC prevents building anything better,
-            # like '-m68040'.
-            _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
-        ;;
-      esac
-      ;;
-
-    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
-      # PIC is the default for these OSes.
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      # Although the cygwin gcc ignores -fPIC, still need this for old-style
-      # (--disable-auto-import) libraries
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      ;;
-
-    haiku*)
-      # PIC is the default for Haiku.
-      # The "-static" flag exists, but is broken.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)=
-      ;;
-
-    hpux*)
-      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
-      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
-      # sets the default TLS model and affects inlining.
-      case $host_cpu in
-      hppa*64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	;;
-      esac
-      ;;
-
-    interix[[3-9]]*)
-      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
-      # Instead, we relocate shared libraries at runtime.
-      ;;
-
-    msdosdjgpp*)
-      # Just because we use GCC doesn't mean we suddenly get shared libraries
-      # on systems that don't support them.
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      enable_shared=no
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
-      fi
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-      ;;
-    esac
-
-    case $cc_basename in
-    nvcc*) # Cuda Compiler Driver 2.2
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Xlinker '
-      if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)="-Xcompiler $_LT_TAGVAR(lt_prog_compiler_pic, $1)"
-      fi
-      ;;
-    esac
-  else
-    # PORTME Check for flag to pass linker flags through the system compiler.
-    case $host_os in
-    aix*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      if test ia64 = "$host_cpu"; then
-	# AIX 5 now supports IA64 processor
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      else
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
-      fi
-      ;;
-
-    darwin* | rhapsody*)
-      # PIC is the default on this platform
-      # Common symbols not allowed in MH_DYLIB files
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
-      case $cc_basename in
-      nagfor*)
-        # NAG Fortran compiler
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-        _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      esac
-      ;;
-
-    mingw* | cygwin* | pw32* | os2* | cegcc*)
-      # This hack is so that the source file can tell whether it is being
-      # built for inclusion in a dll (and should export symbols for example).
-      m4_if([$1], [GCJ], [],
-	[_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
-      case $host_os in
-      os2*)
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-static'
-	;;
-      esac
-      ;;
-
-    hpux9* | hpux10* | hpux11*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
-      # not for PA HP-UX.
-      case $host_cpu in
-      hppa*64*|ia64*)
-	# +Z the default
-	;;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
-	;;
-      esac
-      # Is there a better lt_prog_compiler_static that works with the bundled CC?
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='$wl-a ${wl}archive'
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # PIC (with -KPIC) is the default.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-      case $cc_basename in
-      # old Intel for x86_64, which still supported -KPIC.
-      ecc*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # icc used to be incompatible with GCC.
-      # ICC 10 doesn't accept -KPIC any more.
-      icc* | ifort*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-        ;;
-      # Lahey Fortran 8.1.
-      lf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
-	;;
-      nagfor*)
-	# NAG Fortran compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,-Wl,,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	;;
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	;;
-      pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
-        # Portland Group compilers (*not* the Pentium gcc compiler,
-	# which looks to be a dead project)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-        ;;
-      ccc*)
-        _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-        # All Alpha code is PIC.
-        _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-        ;;
-      xl* | bgxl* | bgf* | mpixl*)
-	# IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
-	;;
-      *)
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [[1-7]].* | *Sun*Fortran*\ 8.[[0-3]]*)
-	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
-	  ;;
-	*Sun\ F* | *Sun*Fortran*)
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-	  ;;
-	*Sun\ C*)
-	  # Sun C 5.9
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  ;;
-        *Intel*\ [[CF]]*Compiler*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
-	  ;;
-	*Portland\ Group*)
-	  _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-	  _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
-	  _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-	  ;;
-	esac
-	;;
-      esac
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *nto* | *qnx*)
-      # QNX uses GNU C++, but need to define -shared option too, otherwise
-      # it will coredump.
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
-      ;;
-
-    osf3* | osf4* | osf5*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      # All OSF/1 code is PIC.
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    rdos*)
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      case $cc_basename in
-      f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
-      *)
-	_LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4 | sysv4.2uw2* | sysv4.3*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
-	_LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      fi
-      ;;
-
-    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    unicos*)
-      _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
-      _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
-      ;;
-
-    *)
-      _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
-      ;;
-    esac
-  fi
-])
-case $host_os in
-  # For platforms that do not support PIC, -DPIC is meaningless:
-  *djgpp*)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)=
-    ;;
-  *)
-    _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
-    ;;
-esac
-
-AC_CACHE_CHECK([for $compiler option to produce PIC],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)],
-  [_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
-_LT_TAGVAR(lt_prog_compiler_pic, $1)=$_LT_TAGVAR(lt_cv_prog_compiler_pic, $1)
-
-#
-# Check to make sure the PIC flag actually works.
-#
-if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
-  _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
-    [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
-    [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
-    [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
-     "" | " "*) ;;
-     *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
-     esac],
-    [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
-     _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
-fi
-_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
-	[Additional compiler flags for building library objects])
-
-_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
-	[How to pass a linker flag through the compiler])
-#
-# Check to make sure the static flag actually works.
-#
-wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
-_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
-  _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
-  $lt_tmp_static_flag,
-  [],
-  [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
-_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
-	[Compiler flag to prevent dynamic linking])
-])# _LT_COMPILER_PIC
-
-
-# _LT_LINKER_SHLIBS([TAGNAME])
-# ----------------------------
-# See if the linker supports building shared libraries.
-m4_defun([_LT_LINKER_SHLIBS],
-[AC_REQUIRE([LT_PATH_LD])dnl
-AC_REQUIRE([LT_PATH_NM])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_DECL_SED])dnl
-m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
-m4_require([_LT_TAG_COMPILER])dnl
-AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-m4_if([$1], [CXX], [
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  case $host_os in
-  aix[[4-9]]*)
-    # If we're using GNU nm, then we don't want the "-C" option.
-    # -C means demangle to GNU nm, but means don't demangle to AIX nm.
-    # Without the "-l" option, or with the "-B" option, AIX nm treats
-    # weak defined symbols like other global defined symbols, whereas
-    # GNU nm marks them as "W".
-    # While the 'weak' keyword is ignored in the Export File, we need
-    # it in the Import File for the 'aix-soname' feature, so we have
-    # to replace the "-B" option with "-P" for AIX nm.
-    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-    else
-      _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-    fi
-    ;;
-  pw32*)
-    _LT_TAGVAR(export_symbols_cmds, $1)=$ltdll_cmds
-    ;;
-  cygwin* | mingw* | cegcc*)
-    case $cc_basename in
-    cl*)
-      _LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-      ;;
-    *)
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-      ;;
-    esac
-    ;;
-  *)
-    _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-    ;;
-  esac
-], [
-  runpath_var=
-  _LT_TAGVAR(allow_undefined_flag, $1)=
-  _LT_TAGVAR(always_export_symbols, $1)=no
-  _LT_TAGVAR(archive_cmds, $1)=
-  _LT_TAGVAR(archive_expsym_cmds, $1)=
-  _LT_TAGVAR(compiler_needs_object, $1)=no
-  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-  _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-  _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
-  _LT_TAGVAR(hardcode_automatic, $1)=no
-  _LT_TAGVAR(hardcode_direct, $1)=no
-  _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-  _LT_TAGVAR(hardcode_minus_L, $1)=no
-  _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-  _LT_TAGVAR(inherit_rpath, $1)=no
-  _LT_TAGVAR(link_all_deplibs, $1)=unknown
-  _LT_TAGVAR(module_cmds, $1)=
-  _LT_TAGVAR(module_expsym_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_new_cmds, $1)=
-  _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
-  _LT_TAGVAR(thread_safe_flag_spec, $1)=
-  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-  # include_expsyms should be a list of space-separated symbols to be *always*
-  # included in the symbol list
-  _LT_TAGVAR(include_expsyms, $1)=
-  # exclude_expsyms can be an extended regexp of symbols to exclude
-  # it will be wrapped by ' (' and ')$', so one must not match beginning or
-  # end of line.  Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc',
-  # as well as any symbol that contains 'd'.
-  _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
-  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
-  # platforms (ab)use it in PIC code, but their linkers get confused if
-  # the symbol is explicitly referenced.  Since portable code cannot
-  # rely on this symbol name, it's probably fine to never include it in
-  # preloaded symbol tables.
-  # Exclude shared library initialization/finalization symbols.
-dnl Note also adjust exclude_expsyms for C++ above.
-  extract_expsyms_cmds=
-
-  case $host_os in
-  cygwin* | mingw* | pw32* | cegcc*)
-    # FIXME: the MSVC++ port hasn't been tested in a loooong time
-    # When not using gcc, we currently assume that we are using
-    # Microsoft Visual C++.
-    if test yes != "$GCC"; then
-      with_gnu_ld=no
-    fi
-    ;;
-  interix*)
-    # we just hope/assume this is gcc and not c89 (= MSVC++)
-    with_gnu_ld=yes
-    ;;
-  openbsd* | bitrig*)
-    with_gnu_ld=no
-    ;;
-  esac
-
-  _LT_TAGVAR(ld_shlibs, $1)=yes
-
-  # On some targets, GNU ld is compatible enough with the native linker
-  # that we're better off using the native interface for both.
-  lt_use_gnu_ld_interface=no
-  if test yes = "$with_gnu_ld"; then
-    case $host_os in
-      aix*)
-	# The AIX port of GNU ld has always aspired to compatibility
-	# with the native linker.  However, as the warning in the GNU ld
-	# block says, versions before 2.19.5* couldn't really create working
-	# shared libraries, regardless of the interface used.
-	case `$LD -v 2>&1` in
-	  *\ \(GNU\ Binutils\)\ 2.19.5*) ;;
-	  *\ \(GNU\ Binutils\)\ 2.[[2-9]]*) ;;
-	  *\ \(GNU\ Binutils\)\ [[3-9]]*) ;;
-	  *)
-	    lt_use_gnu_ld_interface=yes
-	    ;;
-	esac
-	;;
-      *)
-	lt_use_gnu_ld_interface=yes
-	;;
-    esac
-  fi
-
-  if test yes = "$lt_use_gnu_ld_interface"; then
-    # If archive_cmds runs LD, not CC, wlarc should be empty
-    wlarc='$wl'
-
-    # Set some defaults for GNU ld with shared library support. These
-    # are reset later if shared libraries are not supported. Putting them
-    # here allows them to be overridden if necessary.
-    runpath_var=LD_RUN_PATH
-    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-    # ancient GNU ld didn't support --whole-archive et. al.
-    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-    else
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-    supports_anon_versioning=no
-    case `$LD -v | $SED -e 's/([^)]\+)\s\+//' 2>&1` in
-      *GNU\ gold*) supports_anon_versioning=yes ;;
-      *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
-      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
-      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
-      *\ 2.11.*) ;; # other 2.11 versions
-      *) supports_anon_versioning=yes ;;
-    esac
-
-    # See if GNU ld supports shared libraries.
-    case $host_os in
-    aix[[3-9]]*)
-      # On AIX/PPC, the GNU linker is very broken
-      if test ia64 != "$host_cpu"; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: the GNU linker, at least up to release 2.19, is reported
-*** to be unable to reliably create shared libraries on AIX.
-*** Therefore, libtool is disabling shared libraries support.  If you
-*** really care for shared libraries, you may want to install binutils
-*** 2.20 or above, or modify your PATH so that a non-GNU linker is found.
-*** You will then need to restart the configuration process.
-
-_LT_EOF
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    beos*)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	# support --undefined.  This deserves some investigation.  FIXME
-	_LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-      # as there is no search path for DLLs.
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=no
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
-      _LT_TAGVAR(exclude_expsyms, $1)=['[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname']
-
-      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	# If the export-symbols file already is a .def file, use it as
-	# is; otherwise, prepend EXPORTS...
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-          cp $export_symbols $output_objdir/$soname.def;
-        else
-          echo EXPORTS > $output_objdir/$soname.def;
-          cat $export_symbols >> $output_objdir/$soname.def;
-        fi~
-        $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    haiku*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    interix[[3-9]]*)
-      _LT_TAGVAR(hardcode_direct, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-      # Instead, shared libraries are loaded at an image base (0x10000000 by
-      # default) and relocated if they conflict, which is a slow very memory
-      # consuming and fragmenting process.  To avoid this, we pick a random,
-      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-      ;;
-
-    gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
-      tmp_diet=no
-      if test linux-dietlibc = "$host_os"; then
-	case $cc_basename in
-	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
-	esac
-      fi
-      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
-	 && test no = "$tmp_diet"
-      then
-	tmp_addflag=' $pic_flag'
-	tmp_sharedflag='-shared'
-	case $cc_basename,$host_cpu in
-        pgcc*)				# Portland Group C compiler
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag'
-	  ;;
-	pgf77* | pgf90* | pgf95* | pgfortran*)
-					# Portland Group f77 and f90 compilers
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  tmp_addflag=' $pic_flag -Mnomain' ;;
-	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
-	  tmp_addflag=' -i_dynamic' ;;
-	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
-	  tmp_addflag=' -i_dynamic -nofor_main' ;;
-	ifc* | ifort*)			# Intel Fortran compiler
-	  tmp_addflag=' -nofor_main' ;;
-	lf95*)				# Lahey Fortran 8.1
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)=
-	  tmp_sharedflag='--shared' ;;
-        nagfor*)                        # NAGFOR 5.3
-          tmp_sharedflag='-Wl,-shared' ;;
-	xl[[cC]]* | bgxl[[cC]]* | mpixl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
-	  tmp_sharedflag='-qmkshrobj'
-	  tmp_addflag= ;;
-	nvcc*)	# Cuda Compiler Driver 2.2
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  ;;
-	esac
-	case `$CC -V 2>&1 | sed 5q` in
-	*Sun\ C*)			# Sun C 5.9
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	  _LT_TAGVAR(compiler_needs_object, $1)=yes
-	  tmp_sharedflag='-G' ;;
-	*Sun\ F*)			# Sun Fortran 8.3
-	  tmp_sharedflag='-G' ;;
-	esac
-	_LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-
-        if test yes = "$supports_anon_versioning"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-            cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-            echo "local: *; };" >> $output_objdir/$libname.ver~
-            $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-        fi
-
-	case $cc_basename in
-	tcc*)
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='-rdynamic'
-	  ;;
-	xlf* | bgf* | bgxlf* | mpixlf*)
-	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib'
-	  if test yes = "$supports_anon_versioning"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-              cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-              echo "local: *; };" >> $output_objdir/$libname.ver~
-              $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
-	  fi
-	  ;;
-	esac
-      else
-        _LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
-	wlarc=
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      fi
-      ;;
-
-    solaris*)
-      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: The releases 2.8.* of the GNU linker cannot reliably
-*** create shared libraries on Solaris systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.9.1 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
-      case `$LD -v 2>&1` in
-        *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	cat <<_LT_EOF 1>&2
-
-*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot
-*** reliably create shared libraries on SCO systems.  Therefore, libtool
-*** is disabling shared libraries support.  We urge you to upgrade GNU
-*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
-*** your PATH or compiler configuration so that the native linker is
-*** used, and then restart.
-
-_LT_EOF
-	;;
-	*)
-	  # For security reasons, it is highly recommended that you always
-	  # use absolute paths for naming shared libraries, and exclude the
-	  # DT_RUNPATH tag from executables and libraries.  But doing so
-	  # requires that you compile everything twice, which is a pain.
-	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	;;
-      esac
-      ;;
-
-    sunos4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      wlarc=
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-    esac
-
-    if test no = "$_LT_TAGVAR(ld_shlibs, $1)"; then
-      runpath_var=
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=
-      _LT_TAGVAR(whole_archive_flag_spec, $1)=
-    fi
-  else
-    # PORTME fill in a description of your system's linker (not GNU ld)
-    case $host_os in
-    aix3*)
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
-      # Note: this linker hardcodes the directories in LIBPATH if there
-      # are no directories specified by -L.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then
-	# Neither direct hardcoding nor static linking is supported with a
-	# broken collect2.
-	_LT_TAGVAR(hardcode_direct, $1)=unsupported
-      fi
-      ;;
-
-    aix[[4-9]]*)
-      if test ia64 = "$host_cpu"; then
-	# On IA64, the linker does run time linking by default, so we don't
-	# have to do anything special.
-	aix_use_runtimelinking=no
-	exp_sym_flag='-Bexport'
-	no_entry_flag=
-      else
-	# If we're using GNU nm, then we don't want the "-C" option.
-	# -C means demangle to GNU nm, but means don't demangle to AIX nm.
-	# Without the "-l" option, or with the "-B" option, AIX nm treats
-	# weak defined symbols like other global defined symbols, whereas
-	# GNU nm marks them as "W".
-	# While the 'weak' keyword is ignored in the Export File, we need
-	# it in the Import File for the 'aix-soname' feature, so we have
-	# to replace the "-B" option with "-P" for AIX nm.
-	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
-	  _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && ([substr](\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols'
-	else
-	  _LT_TAGVAR(export_symbols_cmds, $1)='`func_echo_all $NM | $SED -e '\''s/B\([[^B]]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && ([substr](\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols'
-	fi
-	aix_use_runtimelinking=no
-
-	# Test if we are trying to use run time linking or normal
-	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
-	# have runtime linking enabled, and use it for executables.
-	# For shared libraries, we enable/disable runtime linking
-	# depending on the kind of the shared library created -
-	# when "with_aix_soname,aix_use_runtimelinking" is:
-	# "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "aix,yes"  lib.so          shared, rtl:yes, for executables
-	#            lib.a           static archive
-	# "both,no"  lib.so.V(shr.o) shared, rtl:yes
-	#            lib.a(lib.so.V) shared, rtl:no,  for executables
-	# "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a(lib.so.V) shared, rtl:no
-	# "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-	#            lib.a           static archive
-	case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	  for ld_flag in $LDFLAGS; do
-	  if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then
-	    aix_use_runtimelinking=yes
-	    break
-	  fi
-	  done
-	  if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	    # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	    # so we don't have lib.a shared libs to link our executables.
-	    # We have to force runtime linking in this case.
-	    aix_use_runtimelinking=yes
-	    LDFLAGS="$LDFLAGS -Wl,-brtl"
-	  fi
-	  ;;
-	esac
-
-	exp_sym_flag='-bexport'
-	no_entry_flag='-bnoentry'
-      fi
-
-      # When large executables or shared objects are built, AIX ld can
-      # have problems creating the table of contents.  If linking a library
-      # or program results in "error TOC overflow" add -mminimal-toc to
-      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-      _LT_TAGVAR(archive_cmds, $1)=''
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-      case $with_aix_soname,$aix_use_runtimelinking in
-      aix,*) ;; # traditional, no import file
-      svr4,* | *,yes) # use import file
-	# The Import File defines what to hardcode.
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-	;;
-      esac
-
-      if test yes = "$GCC"; then
-	case $host_os in aix4.[[012]]|aix4.[[012]].*)
-	# We only want to do this on AIX 4.2 and lower, the check
-	# below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	  # We have reworked collect2
-	  :
-	  else
-	  # We have old collect2
-	  _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	  # It fails to find uninstalled libraries when the uninstalled
-	  # path is not listed in the libpath.  Setting hardcode_minus_L
-	  # to unsupported forces relinking
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-	  ;;
-	esac
-	shared_flag='-shared'
-	if test yes = "$aix_use_runtimelinking"; then
-	  shared_flag="$shared_flag "'$wl-G'
-	fi
-	# Need to ensure runtime linking is disabled for the traditional
-	# shared library, or the linker may eventually find shared libraries
-	# /with/ Import File - we do not want to mix them.
-	shared_flag_aix='-shared'
-	shared_flag_svr4='-shared $wl-G'
-      else
-	# not using gcc
-	if test ia64 = "$host_cpu"; then
-	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	# chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-	else
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag='$wl-G'
-	  else
-	    shared_flag='$wl-bM:SRE'
-	  fi
-	  shared_flag_aix='$wl-bM:SRE'
-	  shared_flag_svr4='$wl-G'
-	fi
-      fi
-
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-      # It seems that -bexpall does not export symbols beginning with
-      # underscore (_), so it is better to generate a list of symbols to export.
-      _LT_TAGVAR(always_export_symbols, $1)=yes
-      if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-	# Warning - without using the other runtime loading flags (-brtl),
-	# -berok will link without error, but may produce a broken library.
-	_LT_TAGVAR(allow_undefined_flag, $1)='-berok'
-        # Determine the default libpath from the value encoded in an
-        # empty executable.
-        _LT_SYS_MODULE_PATH_AIX([$1])
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-      else
-	if test ia64 = "$host_cpu"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	  _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-	else
-	 # Determine the default libpath from the value encoded in an
-	 # empty executable.
-	 _LT_SYS_MODULE_PATH_AIX([$1])
-	 _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	  # Warning - without using the other run time loading flags,
-	  # -berok will link without error, but may produce a broken library.
-	  _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	  if test yes = "$with_gnu_ld"; then
-	    # We only use this code for GNU lds that support --whole-archive.
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	  else
-	    # Exported symbols can be pulled into shared objects from archives
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	  fi
-	  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	  # -brtl affects multiple linker settings, -berok does not and is overridden later
-	  compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	  if test svr4 != "$with_aix_soname"; then
-	    # This is similar to how AIX traditionally builds its shared libraries.
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	  fi
-	  if test aix != "$with_aix_soname"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	  else
-	    # used by -dlpreopen to get the symbols
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	  fi
-	  _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-	fi
-      fi
-      ;;
-
-    amigaos*)
-      case $host_cpu in
-      powerpc)
-            # see comment about AmigaOS4 .so support
-            _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-            _LT_TAGVAR(archive_expsym_cmds, $1)=''
-        ;;
-      m68k)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
-            _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes
-        ;;
-      esac
-      ;;
-
-    bsdi[[45]]*)
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
-      ;;
-
-    cygwin* | mingw* | pw32* | cegcc*)
-      # When not using gcc, we currently assume that we are using
-      # Microsoft Visual C++.
-      # hardcode_libdir_flag_spec is actually meaningless, as there is
-      # no search path for DLLs.
-      case $cc_basename in
-      cl*)
-	# Native MSVC
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	_LT_TAGVAR(always_export_symbols, $1)=yes
-	_LT_TAGVAR(file_list_spec, $1)='@'
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	_LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-            cp "$export_symbols" "$output_objdir/$soname.def";
-            echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-          else
-            $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-          fi~
-          $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-          linknames='
-	# The linker will not automatically build a static lib if we build a DLL.
-	# _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	_LT_TAGVAR(exclude_expsyms, $1)='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*'
-	_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1,DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
-	# Don't use ranlib
-	_LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	_LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-          lt_tool_outputfile="@TOOL_OUTPUT@"~
-          case $lt_outputfile in
-            *.exe|*.EXE) ;;
-            *)
-              lt_outputfile=$lt_outputfile.exe
-              lt_tool_outputfile=$lt_tool_outputfile.exe
-              ;;
-          esac~
-          if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-            $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-            $RM "$lt_outputfile.manifest";
-          fi'
-	;;
-      *)
-	# Assume MSVC wrapper
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	# Tell ltmain to make .lib files, not .a files.
-	libext=lib
-	# Tell ltmain to make .dll files, not .so files.
-	shrext_cmds=.dll
-	# FIXME: Setting linknames here is a bad hack.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames='
-	# The linker will automatically build a .lib file if we build a DLL.
-	_LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	# FIXME: Should let the user specify the lib program.
-	_LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-      esac
-      ;;
-
-    darwin* | rhapsody*)
-      _LT_DARWIN_LINKER_FEATURES($1)
-      ;;
-
-    dgux*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
-    # support.  Future versions do this automatically, but an explicit c++rt0.o
-    # does not break anything, and helps significantly (at the cost of a little
-    # extra space).
-    freebsd2.2*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
-    freebsd2.*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
-    freebsd* | dragonfly*)
-      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    hpux9*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-
-      # hardcode_minus_L: Not really in the search PATH,
-      # but as the default location of the library.
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-      ;;
-
-    hpux10*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# hardcode_minus_L: Not really in the search PATH,
-	# but as the default location of the library.
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-      fi
-      ;;
-
-    hpux11*)
-      if test yes,no = "$GCC,$with_gnu_ld"; then
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	esac
-      else
-	case $host_cpu in
-	hppa*64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	ia64*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	m4_if($1, [], [
-	  # Older versions of the 11.00 compiler do not understand -b yet
-	  # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does)
-	  _LT_LINKER_OPTION([if $CC understands -b],
-	    _LT_TAGVAR(lt_cv_prog_compiler__b, $1), [-b],
-	    [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'],
-	    [_LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'])],
-	  [_LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags'])
-	  ;;
-	esac
-      fi
-      if test no = "$with_gnu_ld"; then
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	case $host_cpu in
-	hppa*64*|ia64*)
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  ;;
-	*)
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-
-	  # hardcode_minus_L: Not really in the search PATH,
-	  # but as the default location of the library.
-	  _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	  ;;
-	esac
-      fi
-      ;;
-
-    irix5* | irix6* | nonstopux*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	# Try to use the -exported_symbol ld option, if it does not
-	# work, assume that -exports_file does not work either and
-	# implicitly export all symbols.
-	# This should be the same for all languages, so no per-tag cache variable.
-	AC_CACHE_CHECK([whether the $host_os linker accepts -exported_symbol],
-	  [lt_cv_irix_exported_symbol],
-	  [save_LDFLAGS=$LDFLAGS
-	   LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null"
-	   AC_LINK_IFELSE(
-	     [AC_LANG_SOURCE(
-	        [AC_LANG_CASE([C], [[int foo (void) { return 0; }]],
-			      [C++], [[int foo (void) { return 0; }]],
-			      [Fortran 77], [[
-      subroutine foo
-      end]],
-			      [Fortran], [[
-      subroutine foo
-      end]])])],
-	      [lt_cv_irix_exported_symbol=yes],
-	      [lt_cv_irix_exported_symbol=no])
-           LDFLAGS=$save_LDFLAGS])
-	if test yes = "$lt_cv_irix_exported_symbol"; then
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
-	fi
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(inherit_rpath, $1)=yes
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    linux*)
-      case $cc_basename in
-      tcc*)
-	# Fabrice Bellard et al's Tiny C Compiler
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	;;
-      esac
-      ;;
-
-    netbsd*)
-      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    newsos6)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *nto* | *qnx*)
-      ;;
-
-    openbsd* | bitrig*)
-      if test -f /usr/libexec/ld.so; then
-	_LT_TAGVAR(hardcode_direct, $1)=yes
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	else
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	fi
-      else
-	_LT_TAGVAR(ld_shlibs, $1)=no
-      fi
-      ;;
-
-    os2*)
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-      shrext_cmds=.dll
-      _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	$ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	$ECHO EXPORTS >> $output_objdir/$libname.def~
-	prefix_cmds="$SED"~
-	if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	  prefix_cmds="$prefix_cmds -e 1d";
-	fi~
-	prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	$CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	emximp -o $lib $output_objdir/$libname.def'
-      _LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-      _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-      ;;
-
-    osf3*)
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    osf4* | osf5*)	# as osf3* with the addition of -msym flag
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-      else
-	_LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
-          $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp'
-
-	# Both c and cxx compiler support -rpath directly
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-      fi
-      _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-      ;;
-
-    solaris*)
-      _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
-      if test yes = "$GCC"; then
-	wlarc='$wl'
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-          $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-      else
-	case `$CC -V 2>&1` in
-	*"Compilers 5.0"*)
-	  wlarc=''
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
-	  ;;
-	*)
-	  wlarc='$wl'
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-            $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
-	  ;;
-	esac
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      case $host_os in
-      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-      *)
-	# The compiler driver will combine and reorder linker options,
-	# but understands '-z linker_flag'.  GCC discards it without '$wl',
-	# but is careful enough not to reorder.
-	# Supported since Solaris 2.6 (maybe 2.5.1?)
-	if test yes = "$GCC"; then
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-	else
-	  _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	fi
-	;;
-      esac
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      ;;
-
-    sunos4*)
-      if test sequent = "$host_vendor"; then
-	# Use $CC to link under sequent, because it throws in some extra .o
-	# files that make .init and .fini sections work.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
-      fi
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_direct, $1)=yes
-      _LT_TAGVAR(hardcode_minus_L, $1)=yes
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4)
-      case $host_vendor in
-	sni)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
-	;;
-	siemens)
-	  ## LD is ld it makes a PLAMLIB
-	  ## CC just makes a GrossModule.
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
-	  _LT_TAGVAR(hardcode_direct, $1)=no
-        ;;
-	motorola)
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	  _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
-	;;
-      esac
-      runpath_var='LD_RUN_PATH'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    sysv4.3*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
-      ;;
-
-    sysv4*MP*)
-      if test -d /usr/nec; then
-	_LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	runpath_var=LD_RUN_PATH
-	hardcode_runpath_var=yes
-	_LT_TAGVAR(ld_shlibs, $1)=yes
-      fi
-      ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    sysv5* | sco3.2v5* | sco5v6*)
-      # Note: We CANNOT use -z defs as we might desire, because we do not
-      # link with -lc, and that would cause any symbols used from libc to
-      # always be unresolved, which means just about no library would
-      # ever link correctly.  If we're not using GNU ld we use -z text
-      # though, which does catch some bad symbols but isn't as heavy-handed
-      # as -z defs.
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-      _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-      _LT_TAGVAR(link_all_deplibs, $1)=yes
-      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-      runpath_var='LD_RUN_PATH'
-
-      if test yes = "$GCC"; then
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      else
-	_LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-      fi
-      ;;
-
-    uts4*)
-      _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
-      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      ;;
-
-    *)
-      _LT_TAGVAR(ld_shlibs, $1)=no
-      ;;
-    esac
-
-    if test sni = "$host_vendor"; then
-      case $host in
-      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Blargedynsym'
-	;;
-      esac
-    fi
-  fi
-])
-AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
-
-_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
-_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
-_LT_DECL([], [extract_expsyms_cmds], [2],
-    [The commands to extract the exported symbol list from a shared archive])
-
-#
-# Do we need to explicitly link libc?
-#
-case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
-x|xyes)
-  # Assume -lc should be added
-  _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-
-  if test yes,yes = "$GCC,$enable_shared"; then
-    case $_LT_TAGVAR(archive_cmds, $1) in
-    *'~'*)
-      # FIXME: we may have to deal with multi-command sequences.
-      ;;
-    '$CC '*)
-      # Test whether the compiler implicitly links with -lc since on some
-      # systems, -lgcc has to come before -lc. If gcc already passes -lc
-      # to ld, don't add -lc before -lgcc.
-      AC_CACHE_CHECK([whether -lc should be explicitly linked in],
-	[lt_cv_]_LT_TAGVAR(archive_cmds_need_lc, $1),
-	[$RM conftest*
-	echo "$lt_simple_compile_test_code" > conftest.$ac_ext
-
-	if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
-	  soname=conftest
-	  lib=conftest
-	  libobjs=conftest.$ac_objext
-	  deplibs=
-	  wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
-	  pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
-	  compiler_flags=-v
-	  linker_flags=-v
-	  verstring=
-	  output_objdir=.
-	  libname=conftest
-	  lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
-	  _LT_TAGVAR(allow_undefined_flag, $1)=
-	  if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
-	  then
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	  else
-	    lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	  fi
-	  _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
-	else
-	  cat conftest.err 1>&5
-	fi
-	$RM conftest*
-	])
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=$lt_cv_[]_LT_TAGVAR(archive_cmds_need_lc, $1)
-      ;;
-    esac
-  fi
-  ;;
-esac
-
-_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
-    [Whether or not to add -lc for building shared libraries])
-_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
-    [enable_shared_with_static_runtimes], [0],
-    [Whether or not to disallow shared libs when runtime libs are static])
-_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
-    [Compiler flag to allow reflexive dlopens])
-_LT_TAGDECL([], [whole_archive_flag_spec], [1],
-    [Compiler flag to generate shared objects directly from archives])
-_LT_TAGDECL([], [compiler_needs_object], [1],
-    [Whether the compiler copes with passing no objects directly])
-_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
-    [Create an old-style archive from a shared archive])
-_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
-    [Create a temporary old-style archive to link instead of a shared archive])
-_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
-_LT_TAGDECL([], [archive_expsym_cmds], [2])
-_LT_TAGDECL([], [module_cmds], [2],
-    [Commands used to build a loadable module if different from building
-    a shared archive.])
-_LT_TAGDECL([], [module_expsym_cmds], [2])
-_LT_TAGDECL([], [with_gnu_ld], [1],
-    [Whether we are building with GNU ld or not])
-_LT_TAGDECL([], [allow_undefined_flag], [1],
-    [Flag that allows shared libraries with undefined symbols to be built])
-_LT_TAGDECL([], [no_undefined_flag], [1],
-    [Flag that enforces no undefined symbols])
-_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
-    [Flag to hardcode $libdir into a binary during linking.
-    This must work even if $libdir does not exist])
-_LT_TAGDECL([], [hardcode_libdir_separator], [1],
-    [Whether we need a single "-rpath" flag with a separated argument])
-_LT_TAGDECL([], [hardcode_direct], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary])
-_LT_TAGDECL([], [hardcode_direct_absolute], [0],
-    [Set to "yes" if using DIR/libNAME$shared_ext during linking hardcodes
-    DIR into the resulting binary and the resulting library dependency is
-    "absolute", i.e impossible to change by setting $shlibpath_var if the
-    library is relocated])
-_LT_TAGDECL([], [hardcode_minus_L], [0],
-    [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
-    [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
-    into the resulting binary])
-_LT_TAGDECL([], [hardcode_automatic], [0],
-    [Set to "yes" if building a shared library automatically hardcodes DIR
-    into the library and all subsequent libraries and executables linked
-    against it])
-_LT_TAGDECL([], [inherit_rpath], [0],
-    [Set to yes if linker adds runtime paths of dependent libraries
-    to runtime path list])
-_LT_TAGDECL([], [link_all_deplibs], [0],
-    [Whether libtool must link a program against all its dependency libraries])
-_LT_TAGDECL([], [always_export_symbols], [0],
-    [Set to "yes" if exported symbols are required])
-_LT_TAGDECL([], [export_symbols_cmds], [2],
-    [The commands to list exported symbols])
-_LT_TAGDECL([], [exclude_expsyms], [1],
-    [Symbols that should not be listed in the preloaded symbols])
-_LT_TAGDECL([], [include_expsyms], [1],
-    [Symbols that must always be exported])
-_LT_TAGDECL([], [prelink_cmds], [2],
-    [Commands necessary for linking programs (against libraries) with templates])
-_LT_TAGDECL([], [postlink_cmds], [2],
-    [Commands necessary for finishing linking programs])
-_LT_TAGDECL([], [file_list_spec], [1],
-    [Specify filename containing input files])
-dnl FIXME: Not yet implemented
-dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
-dnl    [Compiler flag to generate thread safe objects])
-])# _LT_LINKER_SHLIBS
-
-
-# _LT_LANG_C_CONFIG([TAG])
-# ------------------------
-# Ensure that the configuration variables for a C compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_C_CONFIG],
-[m4_require([_LT_DECL_EGREP])dnl
-lt_save_CC=$CC
-AC_LANG_PUSH(C)
-
-# Source file extension for C test sources.
-ac_ext=c
-
-# Object file extension for compiled C test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="int some_variable = 0;"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='int main(){return(0);}'
-
-_LT_TAG_COMPILER
-# Save the default compiler, since it gets overwritten when the other
-# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
-compiler_DEFAULT=$CC
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_SYS_DYNAMIC_LINKER($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-  LT_SYS_DLOPEN_SELF
-  _LT_CMD_STRIPLIB
-
-  # Report what library types will actually be built
-  AC_MSG_CHECKING([if libtool supports shared libraries])
-  AC_MSG_RESULT([$can_build_shared])
-
-  AC_MSG_CHECKING([whether to build shared libraries])
-  test no = "$can_build_shared" && enable_shared=no
-
-  # On AIX, shared libraries and static libraries use the same namespace, and
-  # are all built from PIC.
-  case $host_os in
-  aix3*)
-    test yes = "$enable_shared" && enable_static=no
-    if test -n "$RANLIB"; then
-      archive_cmds="$archive_cmds~\$RANLIB \$lib"
-      postinstall_cmds='$RANLIB $lib'
-    fi
-    ;;
-
-  aix[[4-9]]*)
-    if test ia64 != "$host_cpu"; then
-      case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-      yes,aix,yes) ;;			# shared object as lib.so file only
-      yes,svr4,*) ;;			# shared object as lib.so archive member only
-      yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-      esac
-    fi
-    ;;
-  esac
-  AC_MSG_RESULT([$enable_shared])
-
-  AC_MSG_CHECKING([whether to build static libraries])
-  # Make sure either enable_shared or enable_static is yes.
-  test yes = "$enable_shared" || enable_static=yes
-  AC_MSG_RESULT([$enable_static])
-
-  _LT_CONFIG($1)
-fi
-AC_LANG_POP
-CC=$lt_save_CC
-])# _LT_LANG_C_CONFIG
-
-
-# _LT_LANG_CXX_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a C++ compiler are suitably
-# defined.  These variables are subsequently used by _LT_CONFIG to write
-# the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_CXX_CONFIG],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-m4_require([_LT_DECL_EGREP])dnl
-m4_require([_LT_PATH_MANIFEST_TOOL])dnl
-if test -n "$CXX" && ( test no != "$CXX" &&
-    ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) ||
-    (test g++ != "$CXX"))); then
-  AC_PROG_CXXCPP
-else
-  _lt_caught_CXX_error=yes
-fi
-
-AC_LANG_PUSH(C++)
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(compiler_needs_object, $1)=no
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for C++ test sources.
-ac_ext=cpp
-
-# Object file extension for compiled C++ test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the CXX compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_caught_CXX_error"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="int some_variable = 0;"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_CFLAGS=$CFLAGS
-  lt_save_LD=$LD
-  lt_save_GCC=$GCC
-  GCC=$GXX
-  lt_save_with_gnu_ld=$with_gnu_ld
-  lt_save_path_LD=$lt_cv_path_LD
-  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
-    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
-  else
-    $as_unset lt_cv_prog_gnu_ld
-  fi
-  if test -n "${lt_cv_path_LDCXX+set}"; then
-    lt_cv_path_LD=$lt_cv_path_LDCXX
-  else
-    $as_unset lt_cv_path_LD
-  fi
-  test -z "${LDCXX+set}" || LD=$LDCXX
-  CC=${CXX-"c++"}
-  CFLAGS=$CXXFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    # We don't want -fno-exception when compiling C++ code, so set the
-    # no_builtin_flag separately
-    if test yes = "$GXX"; then
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
-    else
-      _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
-    fi
-
-    if test yes = "$GXX"; then
-      # Set up default GNU C++ configuration
-
-      LT_PATH_LD
-
-      # Check if GNU C++ uses GNU ld as the underlying linker, since the
-      # archiving commands below assume that GNU ld is being used.
-      if test yes = "$with_gnu_ld"; then
-        _LT_TAGVAR(archive_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(archive_expsym_cmds, $1)='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-        # If archive_cmds runs LD, not CC, wlarc should be empty
-        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
-        #     investigate it a little bit more. (MM)
-        wlarc='$wl'
-
-        # ancient GNU ld didn't support --whole-archive et. al.
-        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
-	  $GREP 'no-whole-archive' > /dev/null; then
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-        else
-          _LT_TAGVAR(whole_archive_flag_spec, $1)=
-        fi
-      else
-        with_gnu_ld=no
-        wlarc=
-
-        # A generic and very simple default shared library creation
-        # command for GNU C++ for the case where it uses the native
-        # linker, instead of GNU ld.  If possible, this setting should
-        # overridden to take advantage of the native linker features on
-        # the platform it is being used on.
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-      fi
-
-      # Commands to make compiler produce verbose output that lists
-      # what "hidden" libraries, object files and flags are used when
-      # linking a shared library.
-      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-    else
-      GXX=no
-      with_gnu_ld=no
-      wlarc=
-    fi
-
-    # PORTME: fill in a description of your system's C++ link characteristics
-    AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
-    _LT_TAGVAR(ld_shlibs, $1)=yes
-    case $host_os in
-      aix3*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-      aix[[4-9]]*)
-        if test ia64 = "$host_cpu"; then
-          # On IA64, the linker does run time linking by default, so we don't
-          # have to do anything special.
-          aix_use_runtimelinking=no
-          exp_sym_flag='-Bexport'
-          no_entry_flag=
-        else
-          aix_use_runtimelinking=no
-
-          # Test if we are trying to use run time linking or normal
-          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
-          # have runtime linking enabled, and use it for executables.
-          # For shared libraries, we enable/disable runtime linking
-          # depending on the kind of the shared library created -
-          # when "with_aix_soname,aix_use_runtimelinking" is:
-          # "aix,no"   lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "aix,yes"  lib.so          shared, rtl:yes, for executables
-          #            lib.a           static archive
-          # "both,no"  lib.so.V(shr.o) shared, rtl:yes
-          #            lib.a(lib.so.V) shared, rtl:no,  for executables
-          # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a(lib.so.V) shared, rtl:no
-          # "svr4,*"   lib.so.V(shr.o) shared, rtl:yes, for executables
-          #            lib.a           static archive
-          case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
-	    for ld_flag in $LDFLAGS; do
-	      case $ld_flag in
-	      *-brtl*)
-	        aix_use_runtimelinking=yes
-	        break
-	        ;;
-	      esac
-	    done
-	    if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then
-	      # With aix-soname=svr4, we create the lib.so.V shared archives only,
-	      # so we don't have lib.a shared libs to link our executables.
-	      # We have to force runtime linking in this case.
-	      aix_use_runtimelinking=yes
-	      LDFLAGS="$LDFLAGS -Wl,-brtl"
-	    fi
-	    ;;
-          esac
-
-          exp_sym_flag='-bexport'
-          no_entry_flag='-bnoentry'
-        fi
-
-        # When large executables or shared objects are built, AIX ld can
-        # have problems creating the table of contents.  If linking a library
-        # or program results in "error TOC overflow" add -mminimal-toc to
-        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
-        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
-
-        _LT_TAGVAR(archive_cmds, $1)=''
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        _LT_TAGVAR(file_list_spec, $1)='$wl-f,'
-        case $with_aix_soname,$aix_use_runtimelinking in
-        aix,*) ;;	# no import file
-        svr4,* | *,yes) # use import file
-          # The Import File defines what to hardcode.
-          _LT_TAGVAR(hardcode_direct, $1)=no
-          _LT_TAGVAR(hardcode_direct_absolute, $1)=no
-          ;;
-        esac
-
-        if test yes = "$GXX"; then
-          case $host_os in aix4.[[012]]|aix4.[[012]].*)
-          # We only want to do this on AIX 4.2 and lower, the check
-          # below for broken collect2 doesn't work under 4.3+
-	  collect2name=`$CC -print-prog-name=collect2`
-	  if test -f "$collect2name" &&
-	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
-	  then
-	    # We have reworked collect2
-	    :
-	  else
-	    # We have old collect2
-	    _LT_TAGVAR(hardcode_direct, $1)=unsupported
-	    # It fails to find uninstalled libraries when the uninstalled
-	    # path is not listed in the libpath.  Setting hardcode_minus_L
-	    # to unsupported forces relinking
-	    _LT_TAGVAR(hardcode_minus_L, $1)=yes
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=
-	  fi
-          esac
-          shared_flag='-shared'
-	  if test yes = "$aix_use_runtimelinking"; then
-	    shared_flag=$shared_flag' $wl-G'
-	  fi
-	  # Need to ensure runtime linking is disabled for the traditional
-	  # shared library, or the linker may eventually find shared libraries
-	  # /with/ Import File - we do not want to mix them.
-	  shared_flag_aix='-shared'
-	  shared_flag_svr4='-shared $wl-G'
-        else
-          # not using gcc
-          if test ia64 = "$host_cpu"; then
-	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
-	  # chokes on -Wl,-G. The following line is correct:
-	  shared_flag='-G'
-          else
-	    if test yes = "$aix_use_runtimelinking"; then
-	      shared_flag='$wl-G'
-	    else
-	      shared_flag='$wl-bM:SRE'
-	    fi
-	    shared_flag_aix='$wl-bM:SRE'
-	    shared_flag_svr4='$wl-G'
-          fi
-        fi
-
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-bexpall'
-        # It seems that -bexpall does not export symbols beginning with
-        # underscore (_), so it is better to generate a list of symbols to
-	# export.
-        _LT_TAGVAR(always_export_symbols, $1)=yes
-	if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then
-          # Warning - without using the other runtime loading flags (-brtl),
-          # -berok will link without error, but may produce a broken library.
-          # The "-G" linker flag allows undefined symbols.
-          _LT_TAGVAR(no_undefined_flag, $1)='-bernotok'
-          # Determine the default libpath from the value encoded in an empty
-          # executable.
-          _LT_SYS_MODULE_PATH_AIX([$1])
-          _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-
-          _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag
-        else
-          if test ia64 = "$host_cpu"; then
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $libdir:/usr/lib:/lib'
-	    _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols"
-          else
-	    # Determine the default libpath from the value encoded in an
-	    # empty executable.
-	    _LT_SYS_MODULE_PATH_AIX([$1])
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-blibpath:$libdir:'"$aix_libpath"
-	    # Warning - without using the other run time loading flags,
-	    # -berok will link without error, but may produce a broken library.
-	    _LT_TAGVAR(no_undefined_flag, $1)=' $wl-bernotok'
-	    _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-berok'
-	    if test yes = "$with_gnu_ld"; then
-	      # We only use this code for GNU lds that support --whole-archive.
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    else
-	      # Exported symbols can be pulled into shared objects from archives
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
-	    fi
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d'
-	    # -brtl affects multiple linker settings, -berok does not and is overridden later
-	    compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([[, ]]\\)%-berok\\1%g"`'
-	    if test svr4 != "$with_aix_soname"; then
-	      # This is similar to how AIX traditionally builds its shared
-	      # libraries. Need -bnortl late, we may have -brtl in LDFLAGS.
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname'
-	    fi
-	    if test aix != "$with_aix_soname"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp'
-	    else
-	      # used by -dlpreopen to get the symbols
-	      _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$MV  $output_objdir/$realname.d/$soname $output_objdir'
-	    fi
-	    _LT_TAGVAR(archive_expsym_cmds, $1)="$_LT_TAGVAR(archive_expsym_cmds, $1)"'~$RM -r $output_objdir/$realname.d'
-          fi
-        fi
-        ;;
-
-      beos*)
-	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
-	  # support --undefined.  This deserves some investigation.  FIXME
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      chorus*)
-        case $cc_basename in
-          *)
-	  # FIXME: insert proper C++ library support
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	  ;;
-        esac
-        ;;
-
-      cygwin* | mingw* | pw32* | cegcc*)
-	case $GXX,$cc_basename in
-	,cl* | no,cl*)
-	  # Native MSVC
-	  # hardcode_libdir_flag_spec is actually meaningless, as there is
-	  # no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=yes
-	  _LT_TAGVAR(file_list_spec, $1)='@'
-	  # Tell ltmain to make .lib files, not .a files.
-	  libext=lib
-	  # Tell ltmain to make .dll files, not .so files.
-	  shrext_cmds=.dll
-	  # FIXME: Setting linknames here is a bad hack.
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames='
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp "$export_symbols" "$output_objdir/$soname.def";
-              echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp";
-            else
-              $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp;
-            fi~
-            $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~
-            linknames='
-	  # The linker will not automatically build a static lib if we build a DLL.
-	  # _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	  # Don't use ranlib
-	  _LT_TAGVAR(old_postinstall_cmds, $1)='chmod 644 $oldlib'
-	  _LT_TAGVAR(postlink_cmds, $1)='lt_outputfile="@OUTPUT@"~
-            lt_tool_outputfile="@TOOL_OUTPUT@"~
-            case $lt_outputfile in
-              *.exe|*.EXE) ;;
-              *)
-                lt_outputfile=$lt_outputfile.exe
-                lt_tool_outputfile=$lt_tool_outputfile.exe
-                ;;
-            esac~
-            func_to_tool_file "$lt_outputfile"~
-            if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then
-              $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1;
-              $RM "$lt_outputfile.manifest";
-            fi'
-	  ;;
-	*)
-	  # g++
-	  # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
-	  # as there is no search path for DLLs.
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	  _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-all-symbols'
-	  _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	  _LT_TAGVAR(always_export_symbols, $1)=no
-	  _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-
-	  if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	    # If the export-symbols file already is a .def file, use it as
-	    # is; otherwise, prepend EXPORTS...
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='if _LT_DLL_DEF_P([$export_symbols]); then
-              cp $export_symbols $output_objdir/$soname.def;
-            else
-              echo EXPORTS > $output_objdir/$soname.def;
-              cat $export_symbols >> $output_objdir/$soname.def;
-            fi~
-            $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
-	  else
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	  fi
-	  ;;
-	esac
-	;;
-      darwin* | rhapsody*)
-        _LT_DARWIN_LINKER_FEATURES($1)
-	;;
-
-      os2*)
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
-	_LT_TAGVAR(hardcode_minus_L, $1)=yes
-	_LT_TAGVAR(allow_undefined_flag, $1)=unsupported
-	shrext_cmds=.dll
-	_LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~
-	  $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~
-	  $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~
-	  $ECHO EXPORTS >> $output_objdir/$libname.def~
-	  prefix_cmds="$SED"~
-	  if test EXPORTS = "`$SED 1q $export_symbols`"; then
-	    prefix_cmds="$prefix_cmds -e 1d";
-	  fi~
-	  prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~
-	  cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~
-	  $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~
-	  emximp -o $lib $output_objdir/$libname.def'
-	_LT_TAGVAR(old_archive_From_new_cmds, $1)='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def'
-	_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
-	;;
-
-      dgux*)
-        case $cc_basename in
-          ec++*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          ghcx*)
-	    # Green Hills C++ Compiler
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      freebsd2.*)
-        # C++ shared libraries reported to be fairly broken before
-	# switch to ELF
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      freebsd-elf*)
-        _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-        ;;
-
-      freebsd* | dragonfly*)
-        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
-        # conventions
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-        ;;
-
-      haiku*)
-        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-        _LT_TAGVAR(link_all_deplibs, $1)=yes
-        ;;
-
-      hpux9*)
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-        _LT_TAGVAR(hardcode_direct, $1)=yes
-        _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-				             # but as the default
-				             # location of the library.
-
-        case $cc_basename in
-          CC*)
-            # FIXME: insert proper C++ library support
-            _LT_TAGVAR(ld_shlibs, $1)=no
-            ;;
-          aCC*)
-            _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            # Commands to make compiler produce verbose output that lists
-            # what "hidden" libraries, object files and flags are used when
-            # linking a shared library.
-            #
-            # There doesn't appear to be a way to prevent this compiler from
-            # explicitly linking system object files so we need to strip them
-            # from the output so that they don't get included in the library
-            # dependencies.
-            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-            ;;
-          *)
-            if test yes = "$GXX"; then
-              _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib'
-            else
-              # FIXME: insert proper C++ library support
-              _LT_TAGVAR(ld_shlibs, $1)=no
-            fi
-            ;;
-        esac
-        ;;
-
-      hpux10*|hpux11*)
-        if test no = "$with_gnu_ld"; then
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl+b $wl$libdir'
-	  _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-          case $host_cpu in
-            hppa*64*|ia64*)
-              ;;
-            *)
-	      _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-              ;;
-          esac
-        fi
-        case $host_cpu in
-          hppa*64*|ia64*)
-            _LT_TAGVAR(hardcode_direct, $1)=no
-            _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-            ;;
-          *)
-            _LT_TAGVAR(hardcode_direct, $1)=yes
-            _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-            _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
-					         # but as the default
-					         # location of the library.
-            ;;
-        esac
-
-        case $cc_basename in
-          CC*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          aCC*)
-	    case $host_cpu in
-	      hppa*64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      ia64*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	      *)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	        ;;
-	    esac
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        case $host_cpu in
-	          hppa*64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          ia64*)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	          *)
-	            _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	            ;;
-	        esac
-	      fi
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      interix[[3-9]]*)
-	_LT_TAGVAR(hardcode_direct, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
-	# Instead, shared libraries are loaded at an image base (0x10000000 by
-	# default) and relocated if they conflict, which is a slow very memory
-	# consuming and fragmenting process.  To avoid this, we pick a random,
-	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
-	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
-	_LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	_LT_TAGVAR(archive_expsym_cmds, $1)='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
-	;;
-      irix5* | irix6*)
-        case $cc_basename in
-          CC*)
-	    # SGI C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    if test yes = "$GXX"; then
-	      if test no = "$with_gnu_ld"; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-	      else
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib'
-	      fi
-	    fi
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-	    ;;
-        esac
-        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-        _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-        _LT_TAGVAR(inherit_rpath, $1)=yes
-        ;;
-
-      linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib'
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
-	    ;;
-	  icpc* | ecpc* )
-	    # Intel C++
-	    with_gnu_ld=yes
-	    # version 8.0 and above of icpc choke on multiply defined symbols
-	    # if we add $predep_objects and $postdep_objects, however 7.1 and
-	    # earlier do not add the objects themselves.
-	    case `$CC -V 2>&1` in
-	      *"Version 7."*)
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	      *)  # Version 8.0 or newer
-	        tmp_idyn=
-	        case $host_cpu in
-		  ia64*) tmp_idyn=' -i_dynamic';;
-		esac
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-		_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-		;;
-	    esac
-	    _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive$convenience $wl--no-whole-archive'
-	    ;;
-          pgCC* | pgcpp*)
-            # Portland Group C++ compiler
-	    case `$CC -V` in
-	    *pgCC\ [[1-5]].* | *pgcpp\ [[1-5]].*)
-	      _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
-               rm -rf $tpldir~
-               $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
-               compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"'
-	      _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
-                $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~
-                $RANLIB $oldlib'
-	      _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
-                rm -rf $tpldir~
-                $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
-                $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    *) # Version 6 and above use weak symbols
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib'
-	      ;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl--rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-            ;;
-	  cxx*)
-	    # Compaq C++
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname  -o $lib $wl-retain-symbols-file $wl$export_symbols'
-
-	    runpath_var=LD_RUN_PATH
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed'
-	    ;;
-	  xl* | mpixl* | bgxl*)
-	    # IBM XL 8.0 on PPC, with GNU ld
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl--export-dynamic'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib'
-	    if test yes = "$supports_anon_versioning"; then
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
-                cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
-                echo "local: *; };" >> $output_objdir/$libname.ver~
-                $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib'
-	    fi
-	    ;;
-	  *)
-	    case `$CC -V 2>&1 | sed 5q` in
-	    *Sun\ C*)
-	      # Sun C++ 5.9
-	      _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	      _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	      _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols'
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	      _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive'
-	      _LT_TAGVAR(compiler_needs_object, $1)=yes
-
-	      # Not sure whether something based on
-	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
-	      # would be better.
-	      output_verbose_link_cmd='func_echo_all'
-
-	      # Archives containing C++ object files must be created using
-	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	      # necessary to make sure instantiated templates are included
-	      # in the archive.
-	      _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	      ;;
-	    esac
-	    ;;
-	esac
-	;;
-
-      lynxos*)
-        # FIXME: insert proper C++ library support
-	_LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      m88k*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-	;;
-
-      mvs*)
-        case $cc_basename in
-          cxx*)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	  *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-	esac
-	;;
-
-      netbsd*)
-        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
-	  _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
-	  wlarc=
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	fi
-	# Workaround some broken pre-1.5 toolchains
-	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
-	;;
-
-      *nto* | *qnx*)
-        _LT_TAGVAR(ld_shlibs, $1)=yes
-	;;
-
-      openbsd* | bitrig*)
-	if test -f /usr/libexec/ld.so; then
-	  _LT_TAGVAR(hardcode_direct, $1)=yes
-	  _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	  _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
-	  _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib'
-	    _LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-E'
-	    _LT_TAGVAR(whole_archive_flag_spec, $1)=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive'
-	  fi
-	  output_verbose_link_cmd=func_echo_all
-	else
-	  _LT_TAGVAR(ld_shlibs, $1)=no
-	fi
-	;;
-
-      osf3* | osf4* | osf5*)
-        case $cc_basename in
-          KCC*)
-	    # Kuck and Associates, Inc. (KAI) C++ Compiler
-
-	    # KCC will only create a shared library if the output file
-	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
-	    # to its proper name (with version) after linking.
-	    _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath,$libdir'
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Archives containing C++ object files must be created using
-	    # the KAI C++ compiler.
-	    case $host in
-	      osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
-	      *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
-	    esac
-	    ;;
-          RCC*)
-	    # Rational C++ 2.4.1
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          cxx*)
-	    case $host in
-	      osf3*)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-		;;
-	      *)
-	        _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
-                  echo "-hidden">> $lib.exp~
-                  $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp  `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~
-                  $RM $lib.exp'
-	        _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
-		;;
-	    esac
-
-	    _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	    # Commands to make compiler produce verbose output that lists
-	    # what "hidden" libraries, object files and flags are used when
-	    # linking a shared library.
-	    #
-	    # There doesn't appear to be a way to prevent this compiler from
-	    # explicitly linking system object files so we need to strip them
-	    # from the output so that they don't get included in the library
-	    # dependencies.
-	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"'
-	    ;;
-	  *)
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(allow_undefined_flag, $1)=' $wl-expect_unresolved $wl\*'
-	      case $host in
-	        osf3*)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	        *)
-	          _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib'
-		  ;;
-	      esac
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-rpath $wl$libdir'
-	      _LT_TAGVAR(hardcode_libdir_separator, $1)=:
-
-	      # Commands to make compiler produce verbose output that lists
-	      # what "hidden" libraries, object files and flags are used when
-	      # linking a shared library.
-	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-
-	    else
-	      # FIXME: insert proper C++ library support
-	      _LT_TAGVAR(ld_shlibs, $1)=no
-	    fi
-	    ;;
-        esac
-        ;;
-
-      psos*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      sunos4*)
-        case $cc_basename in
-          CC*)
-	    # Sun C++ 4.x
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          lcc*)
-	    # Lucid
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      solaris*)
-        case $cc_basename in
-          CC* | sunCC*)
-	    # Sun C++ 4.2, 5.x and Centerline C++
-            _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
-	    _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-              $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	    _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
-	    _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	    case $host_os in
-	      solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-	      *)
-		# The compiler driver will combine and reorder linker options,
-		# but understands '-z linker_flag'.
-	        # Supported since Solaris 2.6 (maybe 2.5.1?)
-		_LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
-	        ;;
-	    esac
-	    _LT_TAGVAR(link_all_deplibs, $1)=yes
-
-	    output_verbose_link_cmd='func_echo_all'
-
-	    # Archives containing C++ object files must be created using
-	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
-	    # necessary to make sure instantiated templates are included
-	    # in the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
-	    ;;
-          gcx*)
-	    # Green Hills C++ Compiler
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-
-	    # The C++ compiler must be used to create the archive.
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
-	    ;;
-          *)
-	    # GNU C++ compiler with Solaris linker
-	    if test yes,no = "$GXX,$with_gnu_ld"; then
-	      _LT_TAGVAR(no_undefined_flag, $1)=' $wl-z ${wl}defs'
-	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      else
-	        # g++ 2.7 appears to require '-G' NOT '-shared' on this
-	        # platform.
-	        _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib'
-	        _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
-                  $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
-
-	        # Commands to make compiler produce verbose output that lists
-	        # what "hidden" libraries, object files and flags are used when
-	        # linking a shared library.
-	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"'
-	      fi
-
-	      _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R $wl$libdir'
-	      case $host_os in
-		solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
-		*)
-		  _LT_TAGVAR(whole_archive_flag_spec, $1)='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract'
-		  ;;
-	      esac
-	    fi
-	    ;;
-        esac
-        ;;
-
-    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
-      _LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-      _LT_TAGVAR(archive_cmds_need_lc, $1)=no
-      _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-      runpath_var='LD_RUN_PATH'
-
-      case $cc_basename in
-        CC*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-	*)
-	  _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	  ;;
-      esac
-      ;;
-
-      sysv5* | sco3.2v5* | sco5v6*)
-	# Note: We CANNOT use -z defs as we might desire, because we do not
-	# link with -lc, and that would cause any symbols used from libc to
-	# always be unresolved, which means just about no library would
-	# ever link correctly.  If we're not using GNU ld we use -z text
-	# though, which does catch some bad symbols but isn't as heavy-handed
-	# as -z defs.
-	_LT_TAGVAR(no_undefined_flag, $1)='$wl-z,text'
-	_LT_TAGVAR(allow_undefined_flag, $1)='$wl-z,nodefs'
-	_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-	_LT_TAGVAR(hardcode_shlibpath_var, $1)=no
-	_LT_TAGVAR(hardcode_libdir_flag_spec, $1)='$wl-R,$libdir'
-	_LT_TAGVAR(hardcode_libdir_separator, $1)=':'
-	_LT_TAGVAR(link_all_deplibs, $1)=yes
-	_LT_TAGVAR(export_dynamic_flag_spec, $1)='$wl-Bexport'
-	runpath_var='LD_RUN_PATH'
-
-	case $cc_basename in
-          CC*)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(old_archive_cmds, $1)='$CC -Tprelink_objects $oldobjs~
-              '"$_LT_TAGVAR(old_archive_cmds, $1)"
-	    _LT_TAGVAR(reload_cmds, $1)='$CC -Tprelink_objects $reload_objs~
-              '"$_LT_TAGVAR(reload_cmds, $1)"
-	    ;;
-	  *)
-	    _LT_TAGVAR(archive_cmds, $1)='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
-	    ;;
-	esac
-      ;;
-
-      tandem*)
-        case $cc_basename in
-          NCC*)
-	    # NonStop-UX NCC 3.20
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-          *)
-	    # FIXME: insert proper C++ library support
-	    _LT_TAGVAR(ld_shlibs, $1)=no
-	    ;;
-        esac
-        ;;
-
-      vxworks*)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-
-      *)
-        # FIXME: insert proper C++ library support
-        _LT_TAGVAR(ld_shlibs, $1)=no
-        ;;
-    esac
-
-    AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
-    test no = "$_LT_TAGVAR(ld_shlibs, $1)" && can_build_shared=no
-
-    _LT_TAGVAR(GCC, $1)=$GXX
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-  LDCXX=$LD
-  LD=$lt_save_LD
-  GCC=$lt_save_GCC
-  with_gnu_ld=$lt_save_with_gnu_ld
-  lt_cv_path_LDCXX=$lt_cv_path_LD
-  lt_cv_path_LD=$lt_save_path_LD
-  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
-  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
-fi # test yes != "$_lt_caught_CXX_error"
-
-AC_LANG_POP
-])# _LT_LANG_CXX_CONFIG
-
-
-# _LT_FUNC_STRIPNAME_CNF
-# ----------------------
-# func_stripname_cnf prefix suffix name
-# strip PREFIX and SUFFIX off of NAME.
-# PREFIX and SUFFIX must not contain globbing or regex special
-# characters, hashes, percent signs, but SUFFIX may contain a leading
-# dot (in which case that matches only a dot).
-#
-# This function is identical to the (non-XSI) version of func_stripname,
-# except this one can be used by m4 code that may be executed by configure,
-# rather than the libtool script.
-m4_defun([_LT_FUNC_STRIPNAME_CNF],[dnl
-AC_REQUIRE([_LT_DECL_SED])
-AC_REQUIRE([_LT_PROG_ECHO_BACKSLASH])
-func_stripname_cnf ()
-{
-  case @S|@2 in
-  .*) func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%\\\\@S|@2\$%%"`;;
-  *)  func_stripname_result=`$ECHO "@S|@3" | $SED "s%^@S|@1%%; s%@S|@2\$%%"`;;
-  esac
-} # func_stripname_cnf
-])# _LT_FUNC_STRIPNAME_CNF
-
-
-# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
-# ---------------------------------
-# Figure out "hidden" library dependencies from verbose
-# compiler output when linking a shared library.
-# Parse the compiler output and extract the necessary
-# objects, libraries and library flags.
-m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
-[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
-AC_REQUIRE([_LT_FUNC_STRIPNAME_CNF])dnl
-# Dependencies to place before and after the object being linked:
-_LT_TAGVAR(predep_objects, $1)=
-_LT_TAGVAR(postdep_objects, $1)=
-_LT_TAGVAR(predeps, $1)=
-_LT_TAGVAR(postdeps, $1)=
-_LT_TAGVAR(compiler_lib_search_path, $1)=
-
-dnl we can't use the lt_simple_compile_test_code here,
-dnl because it contains code intended for an executable,
-dnl not a library.  It's possible we should let each
-dnl tag define a new lt_????_link_test_code variable,
-dnl but it's only used here...
-m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
-int a;
-void foo (void) { a = 0; }
-_LT_EOF
-], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
-class Foo
-{
-public:
-  Foo (void) { a = 0; }
-private:
-  int a;
-};
-_LT_EOF
-], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer*4 a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
-      subroutine foo
-      implicit none
-      integer a
-      a=0
-      return
-      end
-_LT_EOF
-], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
-public class foo {
-  private int a;
-  public void bar (void) {
-    a = 0;
-  }
-};
-_LT_EOF
-], [$1], [GO], [cat > conftest.$ac_ext <<_LT_EOF
-package foo
-func foo() {
-}
-_LT_EOF
-])
-
-_lt_libdeps_save_CFLAGS=$CFLAGS
-case "$CC $CFLAGS " in #(
-*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;;
-*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;;
-*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;;
-esac
-
-dnl Parse the compiler output and extract the necessary
-dnl objects, libraries and library flags.
-if AC_TRY_EVAL(ac_compile); then
-  # Parse the compiler output and extract the necessary
-  # objects, libraries and library flags.
-
-  # Sentinel used to keep track of whether or not we are before
-  # the conftest object file.
-  pre_test_object_deps_done=no
-
-  for p in `eval "$output_verbose_link_cmd"`; do
-    case $prev$p in
-
-    -L* | -R* | -l*)
-       # Some compilers place space between "-{L,R}" and the path.
-       # Remove the space.
-       if test x-L = "$p" ||
-          test x-R = "$p"; then
-	 prev=$p
-	 continue
-       fi
-
-       # Expand the sysroot to ease extracting the directories later.
-       if test -z "$prev"; then
-         case $p in
-         -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;;
-         -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;;
-         -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;;
-         esac
-       fi
-       case $p in
-       =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;;
-       esac
-       if test no = "$pre_test_object_deps_done"; then
-	 case $prev in
-	 -L | -R)
-	   # Internal compiler library paths should come after those
-	   # provided the user.  The postdeps already come after the
-	   # user supplied libs so there is no need to process them.
-	   if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
-	     _LT_TAGVAR(compiler_lib_search_path, $1)=$prev$p
-	   else
-	     _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} $prev$p"
-	   fi
-	   ;;
-	 # The "-l" case would never come before the object being
-	 # linked, so don't bother handling this case.
-	 esac
-       else
-	 if test -z "$_LT_TAGVAR(postdeps, $1)"; then
-	   _LT_TAGVAR(postdeps, $1)=$prev$p
-	 else
-	   _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} $prev$p"
-	 fi
-       fi
-       prev=
-       ;;
-
-    *.lto.$objext) ;; # Ignore GCC LTO objects
-    *.$objext)
-       # This assumes that the test object file only shows up
-       # once in the compiler output.
-       if test "$p" = "conftest.$objext"; then
-	 pre_test_object_deps_done=yes
-	 continue
-       fi
-
-       if test no = "$pre_test_object_deps_done"; then
-	 if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
-	   _LT_TAGVAR(predep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
-	 fi
-       else
-	 if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
-	   _LT_TAGVAR(postdep_objects, $1)=$p
-	 else
-	   _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
-	 fi
-       fi
-       ;;
-
-    *) ;; # Ignore the rest.
-
-    esac
-  done
-
-  # Clean up.
-  rm -f a.out a.exe
-else
-  echo "libtool.m4: error: problem compiling $1 test program"
-fi
-
-$RM -f confest.$objext
-CFLAGS=$_lt_libdeps_save_CFLAGS
-
-# PORTME: override above test on systems where it is broken
-m4_if([$1], [CXX],
-[case $host_os in
-interix[[3-9]]*)
-  # Interix 3.5 installs completely hosed .la files for C++, so rather than
-  # hack all around it, let's just trust "g++" to DTRT.
-  _LT_TAGVAR(predep_objects,$1)=
-  _LT_TAGVAR(postdep_objects,$1)=
-  _LT_TAGVAR(postdeps,$1)=
-  ;;
-esac
-])
-
-case " $_LT_TAGVAR(postdeps, $1) " in
-*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
-esac
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=
-if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
- _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | $SED -e 's! -L! !g' -e 's!^ !!'`
-fi
-_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
-    [The directories searched by this compiler when creating a shared library])
-_LT_TAGDECL([], [predep_objects], [1],
-    [Dependencies to place before and after the objects being linked to
-    create a shared library])
-_LT_TAGDECL([], [postdep_objects], [1])
-_LT_TAGDECL([], [predeps], [1])
-_LT_TAGDECL([], [postdeps], [1])
-_LT_TAGDECL([], [compiler_lib_search_path], [1],
-    [The library search path used internally by the compiler when linking
-    a shared library])
-])# _LT_SYS_HIDDEN_LIBDEPS
-
-
-# _LT_LANG_F77_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for a Fortran 77 compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_F77_CONFIG],
-[AC_LANG_PUSH(Fortran 77)
-if test -z "$F77" || test no = "$F77"; then
-  _lt_disable_F77=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for f77 test sources.
-ac_ext=f
-
-# Object file extension for compiled f77 test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the F77 compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_F77"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${F77-"f77"}
-  CFLAGS=$FFLAGS
-  compiler=$CC
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-  GCC=$G77
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$G77
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_F77"
-
-AC_LANG_POP
-])# _LT_LANG_F77_CONFIG
-
-
-# _LT_LANG_FC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for a Fortran compiler are
-# suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_FC_CONFIG],
-[AC_LANG_PUSH(Fortran)
-
-if test -z "$FC" || test no = "$FC"; then
-  _lt_disable_FC=yes
-fi
-
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-_LT_TAGVAR(allow_undefined_flag, $1)=
-_LT_TAGVAR(always_export_symbols, $1)=no
-_LT_TAGVAR(archive_expsym_cmds, $1)=
-_LT_TAGVAR(export_dynamic_flag_spec, $1)=
-_LT_TAGVAR(hardcode_direct, $1)=no
-_LT_TAGVAR(hardcode_direct_absolute, $1)=no
-_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
-_LT_TAGVAR(hardcode_libdir_separator, $1)=
-_LT_TAGVAR(hardcode_minus_L, $1)=no
-_LT_TAGVAR(hardcode_automatic, $1)=no
-_LT_TAGVAR(inherit_rpath, $1)=no
-_LT_TAGVAR(module_cmds, $1)=
-_LT_TAGVAR(module_expsym_cmds, $1)=
-_LT_TAGVAR(link_all_deplibs, $1)=unknown
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-_LT_TAGVAR(no_undefined_flag, $1)=
-_LT_TAGVAR(whole_archive_flag_spec, $1)=
-_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
-
-# Source file extension for fc test sources.
-ac_ext=${ac_fc_srcext-f}
-
-# Object file extension for compiled fc test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# No sense in running all these tests if we already determined that
-# the FC compiler isn't working.  Some variables (like enable_shared)
-# are currently assumed to apply to all compilers on this platform,
-# and will be corrupted by setting them based on a non-working compiler.
-if test yes != "$_lt_disable_FC"; then
-  # Code to be used in simple compile tests
-  lt_simple_compile_test_code="\
-      subroutine t
-      return
-      end
-"
-
-  # Code to be used in simple link tests
-  lt_simple_link_test_code="\
-      program t
-      end
-"
-
-  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
-  _LT_TAG_COMPILER
-
-  # save warnings/boilerplate of simple test code
-  _LT_COMPILER_BOILERPLATE
-  _LT_LINKER_BOILERPLATE
-
-  # Allow CC to be a program name with arguments.
-  lt_save_CC=$CC
-  lt_save_GCC=$GCC
-  lt_save_CFLAGS=$CFLAGS
-  CC=${FC-"f95"}
-  CFLAGS=$FCFLAGS
-  compiler=$CC
-  GCC=$ac_cv_fc_compiler_gnu
-
-  _LT_TAGVAR(compiler, $1)=$CC
-  _LT_CC_BASENAME([$compiler])
-
-  if test -n "$compiler"; then
-    AC_MSG_CHECKING([if libtool supports shared libraries])
-    AC_MSG_RESULT([$can_build_shared])
-
-    AC_MSG_CHECKING([whether to build shared libraries])
-    test no = "$can_build_shared" && enable_shared=no
-
-    # On AIX, shared libraries and static libraries use the same namespace, and
-    # are all built from PIC.
-    case $host_os in
-      aix3*)
-        test yes = "$enable_shared" && enable_static=no
-        if test -n "$RANLIB"; then
-          archive_cmds="$archive_cmds~\$RANLIB \$lib"
-          postinstall_cmds='$RANLIB $lib'
-        fi
-        ;;
-      aix[[4-9]]*)
-	if test ia64 != "$host_cpu"; then
-	  case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in
-	  yes,aix,yes) ;;		# shared object as lib.so file only
-	  yes,svr4,*) ;;		# shared object as lib.so archive member only
-	  yes,*) enable_static=no ;;	# shared object in lib.a archive as well
-	  esac
-	fi
-        ;;
-    esac
-    AC_MSG_RESULT([$enable_shared])
-
-    AC_MSG_CHECKING([whether to build static libraries])
-    # Make sure either enable_shared or enable_static is yes.
-    test yes = "$enable_shared" || enable_static=yes
-    AC_MSG_RESULT([$enable_static])
-
-    _LT_TAGVAR(GCC, $1)=$ac_cv_fc_compiler_gnu
-    _LT_TAGVAR(LD, $1)=$LD
-
-    ## CAVEAT EMPTOR:
-    ## There is no encapsulation within the following macros, do not change
-    ## the running order or otherwise move them around unless you know exactly
-    ## what you are doing...
-    _LT_SYS_HIDDEN_LIBDEPS($1)
-    _LT_COMPILER_PIC($1)
-    _LT_COMPILER_C_O($1)
-    _LT_COMPILER_FILE_LOCKS($1)
-    _LT_LINKER_SHLIBS($1)
-    _LT_SYS_DYNAMIC_LINKER($1)
-    _LT_LINKER_HARDCODE_LIBPATH($1)
-
-    _LT_CONFIG($1)
-  fi # test -n "$compiler"
-
-  GCC=$lt_save_GCC
-  CC=$lt_save_CC
-  CFLAGS=$lt_save_CFLAGS
-fi # test yes != "$_lt_disable_FC"
-
-AC_LANG_POP
-])# _LT_LANG_FC_CONFIG
-
-
-# _LT_LANG_GCJ_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Java Compiler compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GCJ_CONFIG],
-[AC_REQUIRE([LT_PROG_GCJ])dnl
-AC_LANG_SAVE
-
-# Source file extension for Java test sources.
-ac_ext=java
-
-# Object file extension for compiled Java test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="class foo {}"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GCJ-"gcj"}
-CFLAGS=$GCJFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# GCJ did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GCJ_CONFIG
-
-
-# _LT_LANG_GO_CONFIG([TAG])
-# --------------------------
-# Ensure that the configuration variables for the GNU Go compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_GO_CONFIG],
-[AC_REQUIRE([LT_PROG_GO])dnl
-AC_LANG_SAVE
-
-# Source file extension for Go test sources.
-ac_ext=go
-
-# Object file extension for compiled Go test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code="package main; func main() { }"
-
-# Code to be used in simple link tests
-lt_simple_link_test_code='package main; func main() { }'
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=yes
-CC=${GOC-"gccgo"}
-CFLAGS=$GOFLAGS
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_TAGVAR(LD, $1)=$LD
-_LT_CC_BASENAME([$compiler])
-
-# Go did not exist at the time GCC didn't implicitly link libc in.
-_LT_TAGVAR(archive_cmds_need_lc, $1)=no
-
-_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
-_LT_TAGVAR(reload_flag, $1)=$reload_flag
-_LT_TAGVAR(reload_cmds, $1)=$reload_cmds
-
-## CAVEAT EMPTOR:
-## There is no encapsulation within the following macros, do not change
-## the running order or otherwise move them around unless you know exactly
-## what you are doing...
-if test -n "$compiler"; then
-  _LT_COMPILER_NO_RTTI($1)
-  _LT_COMPILER_PIC($1)
-  _LT_COMPILER_C_O($1)
-  _LT_COMPILER_FILE_LOCKS($1)
-  _LT_LINKER_SHLIBS($1)
-  _LT_LINKER_HARDCODE_LIBPATH($1)
-
-  _LT_CONFIG($1)
-fi
-
-AC_LANG_RESTORE
-
-GCC=$lt_save_GCC
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_GO_CONFIG
-
-
-# _LT_LANG_RC_CONFIG([TAG])
-# -------------------------
-# Ensure that the configuration variables for the Windows resource compiler
-# are suitably defined.  These variables are subsequently used by _LT_CONFIG
-# to write the compiler configuration to 'libtool'.
-m4_defun([_LT_LANG_RC_CONFIG],
-[AC_REQUIRE([LT_PROG_RC])dnl
-AC_LANG_SAVE
-
-# Source file extension for RC test sources.
-ac_ext=rc
-
-# Object file extension for compiled RC test sources.
-objext=o
-_LT_TAGVAR(objext, $1)=$objext
-
-# Code to be used in simple compile tests
-lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
-
-# Code to be used in simple link tests
-lt_simple_link_test_code=$lt_simple_compile_test_code
-
-# ltmain only uses $CC for tagged configurations so make sure $CC is set.
-_LT_TAG_COMPILER
-
-# save warnings/boilerplate of simple test code
-_LT_COMPILER_BOILERPLATE
-_LT_LINKER_BOILERPLATE
-
-# Allow CC to be a program name with arguments.
-lt_save_CC=$CC
-lt_save_CFLAGS=$CFLAGS
-lt_save_GCC=$GCC
-GCC=
-CC=${RC-"windres"}
-CFLAGS=
-compiler=$CC
-_LT_TAGVAR(compiler, $1)=$CC
-_LT_CC_BASENAME([$compiler])
-_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
-
-if test -n "$compiler"; then
-  :
-  _LT_CONFIG($1)
-fi
-
-GCC=$lt_save_GCC
-AC_LANG_RESTORE
-CC=$lt_save_CC
-CFLAGS=$lt_save_CFLAGS
-])# _LT_LANG_RC_CONFIG
-
-
-# LT_PROG_GCJ
-# -----------
-AC_DEFUN([LT_PROG_GCJ],
-[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
-  [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
-    [AC_CHECK_TOOL(GCJ, gcj,)
-      test set = "${GCJFLAGS+set}" || GCJFLAGS="-g -O2"
-      AC_SUBST(GCJFLAGS)])])[]dnl
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
-
-
-# LT_PROG_GO
-# ----------
-AC_DEFUN([LT_PROG_GO],
-[AC_CHECK_TOOL(GOC, gccgo,)
-])
-
-
-# LT_PROG_RC
-# ----------
-AC_DEFUN([LT_PROG_RC],
-[AC_CHECK_TOOL(RC, windres,)
-])
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_RC], [])
-
-
-# _LT_DECL_EGREP
-# --------------
-# If we don't have a new enough Autoconf to choose the best grep
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_EGREP],
-[AC_REQUIRE([AC_PROG_EGREP])dnl
-AC_REQUIRE([AC_PROG_FGREP])dnl
-test -z "$GREP" && GREP=grep
-_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
-_LT_DECL([], [EGREP], [1], [An ERE matcher])
-_LT_DECL([], [FGREP], [1], [A literal string matcher])
-dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
-AC_SUBST([GREP])
-])
-
-
-# _LT_DECL_OBJDUMP
-# --------------
-# If we don't have a new enough Autoconf to choose the best objdump
-# available, choose the one first in the user's PATH.
-m4_defun([_LT_DECL_OBJDUMP],
-[AC_CHECK_TOOL(OBJDUMP, objdump, false)
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
-AC_SUBST([OBJDUMP])
-])
-
-# _LT_DECL_DLLTOOL
-# ----------------
-# Ensure DLLTOOL variable is set.
-m4_defun([_LT_DECL_DLLTOOL],
-[AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])
-AC_SUBST([DLLTOOL])
-])
-
-# _LT_DECL_SED
-# ------------
-# Check for a fully-functional sed program, that truncates
-# as few characters as possible.  Prefer GNU sed if found.
-m4_defun([_LT_DECL_SED],
-[AC_PROG_SED
-test -z "$SED" && SED=sed
-Xsed="$SED -e 1s/^X//"
-_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
-_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
-    [Sed that helps us avoid accidentally triggering echo(1) options like -n])
-])# _LT_DECL_SED
-
-m4_ifndef([AC_PROG_SED], [
-############################################################
-# NOTE: This macro has been submitted for inclusion into   #
-#  GNU Autoconf as AC_PROG_SED.  When it is available in   #
-#  a released version of Autoconf we should remove this    #
-#  macro and use it instead.                               #
-############################################################
-
-m4_defun([AC_PROG_SED],
-[AC_MSG_CHECKING([for a sed that does not truncate output])
-AC_CACHE_VAL(lt_cv_path_SED,
-[# Loop through the user's path and test for sed and gsed.
-# Then use that list of sed's as ones to test for truncation.
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-  for lt_ac_prog in sed gsed; do
-    for ac_exec_ext in '' $ac_executable_extensions; do
-      if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
-        lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
-      fi
-    done
-  done
-done
-IFS=$as_save_IFS
-lt_ac_max=0
-lt_ac_count=0
-# Add /usr/xpg4/bin/sed as it is typically found on Solaris
-# along with /bin/sed that truncates output.
-for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
-  test ! -f "$lt_ac_sed" && continue
-  cat /dev/null > conftest.in
-  lt_ac_count=0
-  echo $ECHO_N "0123456789$ECHO_C" >conftest.in
-  # Check for GNU sed and select it if it is found.
-  if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
-    lt_cv_path_SED=$lt_ac_sed
-    break
-  fi
-  while true; do
-    cat conftest.in conftest.in >conftest.tmp
-    mv conftest.tmp conftest.in
-    cp conftest.in conftest.nl
-    echo >>conftest.nl
-    $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
-    cmp -s conftest.out conftest.nl || break
-    # 10000 chars as input seems more than enough
-    test 10 -lt "$lt_ac_count" && break
-    lt_ac_count=`expr $lt_ac_count + 1`
-    if test "$lt_ac_count" -gt "$lt_ac_max"; then
-      lt_ac_max=$lt_ac_count
-      lt_cv_path_SED=$lt_ac_sed
-    fi
-  done
-done
-])
-SED=$lt_cv_path_SED
-AC_SUBST([SED])
-AC_MSG_RESULT([$SED])
-])#AC_PROG_SED
-])#m4_ifndef
-
-# Old name:
-AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([LT_AC_PROG_SED], [])
-
-
-# _LT_CHECK_SHELL_FEATURES
-# ------------------------
-# Find out whether the shell is Bourne or XSI compatible,
-# or has some other useful features.
-m4_defun([_LT_CHECK_SHELL_FEATURES],
-[if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
-  lt_unset=unset
-else
-  lt_unset=false
-fi
-_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
-
-# test EBCDIC or ASCII
-case `echo X|tr X '\101'` in
- A) # ASCII based system
-    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
-  lt_SP2NL='tr \040 \012'
-  lt_NL2SP='tr \015\012 \040\040'
-  ;;
- *) # EBCDIC based system
-  lt_SP2NL='tr \100 \n'
-  lt_NL2SP='tr \r\n \100\100'
-  ;;
-esac
-_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
-_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
-])# _LT_CHECK_SHELL_FEATURES
-
-
-# _LT_PATH_CONVERSION_FUNCTIONS
-# -----------------------------
-# Determine what file name conversion functions should be used by
-# func_to_host_file (and, implicitly, by func_to_host_path).  These are needed
-# for certain cross-compile configurations and native mingw.
-m4_defun([_LT_PATH_CONVERSION_FUNCTIONS],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-AC_REQUIRE([AC_CANONICAL_BUILD])dnl
-AC_MSG_CHECKING([how to convert $build file names to $host format])
-AC_CACHE_VAL(lt_cv_to_host_file_cmd,
-[case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32
-        ;;
-    esac
-    ;;
-  *-*-cygwin* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin
-        ;;
-      *-*-cygwin* )
-        lt_cv_to_host_file_cmd=func_convert_file_noop
-        ;;
-      * ) # otherwise, assume *nix
-        lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin
-        ;;
-    esac
-    ;;
-  * ) # unhandled hosts (and "normal" native builds)
-    lt_cv_to_host_file_cmd=func_convert_file_noop
-    ;;
-esac
-])
-to_host_file_cmd=$lt_cv_to_host_file_cmd
-AC_MSG_RESULT([$lt_cv_to_host_file_cmd])
-_LT_DECL([to_host_file_cmd], [lt_cv_to_host_file_cmd],
-         [0], [convert $build file names to $host format])dnl
-
-AC_MSG_CHECKING([how to convert $build file names to toolchain format])
-AC_CACHE_VAL(lt_cv_to_tool_file_cmd,
-[#assume ordinary cross tools, or native build.
-lt_cv_to_tool_file_cmd=func_convert_file_noop
-case $host in
-  *-*-mingw* )
-    case $build in
-      *-*-mingw* ) # actually msys
-        lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32
-        ;;
-    esac
-    ;;
-esac
-])
-to_tool_file_cmd=$lt_cv_to_tool_file_cmd
-AC_MSG_RESULT([$lt_cv_to_tool_file_cmd])
-_LT_DECL([to_tool_file_cmd], [lt_cv_to_tool_file_cmd],
-         [0], [convert $build files to toolchain format])dnl
-])# _LT_PATH_CONVERSION_FUNCTIONS
diff --git a/vmidentity/m4/ltoptions.m4 b/vmidentity/m4/ltoptions.m4
deleted file mode 100644
index 94b082976..000000000
--- a/vmidentity/m4/ltoptions.m4
+++ /dev/null
@@ -1,437 +0,0 @@
-# Helper functions for option handling.                    -*- Autoconf -*-
-#
-#   Copyright (C) 2004-2005, 2007-2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 8 ltoptions.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
-
-
-# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
-# ------------------------------------------
-m4_define([_LT_MANGLE_OPTION],
-[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
-
-
-# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
-# ---------------------------------------
-# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
-# matching handler defined, dispatch to it.  Other OPTION-NAMEs are
-# saved as a flag.
-m4_define([_LT_SET_OPTION],
-[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
-m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
-        _LT_MANGLE_DEFUN([$1], [$2]),
-    [m4_warning([Unknown $1 option '$2'])])[]dnl
-])
-
-
-# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
-# ------------------------------------------------------------
-# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
-m4_define([_LT_IF_OPTION],
-[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
-
-
-# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
-# -------------------------------------------------------
-# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
-# are set.
-m4_define([_LT_UNLESS_OPTIONS],
-[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-	    [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
-		      [m4_define([$0_found])])])[]dnl
-m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
-])[]dnl
-])
-
-
-# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
-# ----------------------------------------
-# OPTION-LIST is a space-separated list of Libtool options associated
-# with MACRO-NAME.  If any OPTION has a matching handler declared with
-# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
-# the unknown option and exit.
-m4_defun([_LT_SET_OPTIONS],
-[# Set options
-m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
-    [_LT_SET_OPTION([$1], _LT_Option)])
-
-m4_if([$1],[LT_INIT],[
-  dnl
-  dnl Simply set some default values (i.e off) if boolean options were not
-  dnl specified:
-  _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
-  ])
-  _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
-  ])
-  dnl
-  dnl If no reference was made to various pairs of opposing options, then
-  dnl we run the default mode handler for the pair.  For example, if neither
-  dnl 'shared' nor 'disable-shared' was passed, we enable building of shared
-  dnl archives by default:
-  _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
-  _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
-  _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
-		   [_LT_ENABLE_FAST_INSTALL])
-  _LT_UNLESS_OPTIONS([LT_INIT], [aix-soname=aix aix-soname=both aix-soname=svr4],
-		   [_LT_WITH_AIX_SONAME([aix])])
-  ])
-])# _LT_SET_OPTIONS
-
-
-## --------------------------------- ##
-## Macros to handle LT_INIT options. ##
-## --------------------------------- ##
-
-# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
-# -----------------------------------------
-m4_define([_LT_MANGLE_DEFUN],
-[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
-
-
-# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
-# -----------------------------------------------
-m4_define([LT_OPTION_DEFINE],
-[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
-])# LT_OPTION_DEFINE
-
-
-# dlopen
-# ------
-LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
-])
-
-AU_DEFUN([AC_LIBTOOL_DLOPEN],
-[_LT_SET_OPTION([LT_INIT], [dlopen])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'dlopen' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
-
-
-# win32-dll
-# ---------
-# Declare package support for building win32 dll's.
-LT_OPTION_DEFINE([LT_INIT], [win32-dll],
-[enable_win32_dll=yes
-
-case $host in
-*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-cegcc*)
-  AC_CHECK_TOOL(AS, as, false)
-  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
-  AC_CHECK_TOOL(OBJDUMP, objdump, false)
-  ;;
-esac
-
-test -z "$AS" && AS=as
-_LT_DECL([], [AS],      [1], [Assembler program])dnl
-
-test -z "$DLLTOOL" && DLLTOOL=dlltool
-_LT_DECL([], [DLLTOOL], [1], [DLL creation program])dnl
-
-test -z "$OBJDUMP" && OBJDUMP=objdump
-_LT_DECL([], [OBJDUMP], [1], [Object dumper program])dnl
-])# win32-dll
-
-AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
-[AC_REQUIRE([AC_CANONICAL_HOST])dnl
-_LT_SET_OPTION([LT_INIT], [win32-dll])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'win32-dll' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
-
-
-# _LT_ENABLE_SHARED([DEFAULT])
-# ----------------------------
-# implement the --enable-shared flag, and supports the 'shared' and
-# 'disable-shared' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_SHARED],
-[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([shared],
-    [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
-	[build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_shared=yes ;;
-    no) enable_shared=no ;;
-    *)
-      enable_shared=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_shared=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
-
-    _LT_DECL([build_libtool_libs], [enable_shared], [0],
-	[Whether or not to build shared libraries])
-])# _LT_ENABLE_SHARED
-
-LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
-])
-
-AC_DEFUN([AC_DISABLE_SHARED],
-[_LT_SET_OPTION([LT_INIT], [disable-shared])
-])
-
-AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
-AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_SHARED], [])
-dnl AC_DEFUN([AM_DISABLE_SHARED], [])
-
-
-
-# _LT_ENABLE_STATIC([DEFAULT])
-# ----------------------------
-# implement the --enable-static flag, and support the 'static' and
-# 'disable-static' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_STATIC],
-[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([static],
-    [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
-	[build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_static=yes ;;
-    no) enable_static=no ;;
-    *)
-     enable_static=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_static=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
-
-    _LT_DECL([build_old_libs], [enable_static], [0],
-	[Whether or not to build static libraries])
-])# _LT_ENABLE_STATIC
-
-LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
-
-# Old names:
-AC_DEFUN([AC_ENABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
-])
-
-AC_DEFUN([AC_DISABLE_STATIC],
-[_LT_SET_OPTION([LT_INIT], [disable-static])
-])
-
-AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
-AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AM_ENABLE_STATIC], [])
-dnl AC_DEFUN([AM_DISABLE_STATIC], [])
-
-
-
-# _LT_ENABLE_FAST_INSTALL([DEFAULT])
-# ----------------------------------
-# implement the --enable-fast-install flag, and support the 'fast-install'
-# and 'disable-fast-install' LT_INIT options.
-# DEFAULT is either 'yes' or 'no'.  If omitted, it defaults to 'yes'.
-m4_define([_LT_ENABLE_FAST_INSTALL],
-[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
-AC_ARG_ENABLE([fast-install],
-    [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
-    [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
-    [p=${PACKAGE-default}
-    case $enableval in
-    yes) enable_fast_install=yes ;;
-    no) enable_fast_install=no ;;
-    *)
-      enable_fast_install=no
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for pkg in $enableval; do
-	IFS=$lt_save_ifs
-	if test "X$pkg" = "X$p"; then
-	  enable_fast_install=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
-
-_LT_DECL([fast_install], [enable_fast_install], [0],
-	 [Whether or not to optimize for fast installation])dnl
-])# _LT_ENABLE_FAST_INSTALL
-
-LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
-LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
-
-# Old names:
-AU_DEFUN([AC_ENABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'fast-install' option into LT_INIT's first parameter.])
-])
-
-AU_DEFUN([AC_DISABLE_FAST_INSTALL],
-[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you put
-the 'disable-fast-install' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
-dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
-
-
-# _LT_WITH_AIX_SONAME([DEFAULT])
-# ----------------------------------
-# implement the --with-aix-soname flag, and support the `aix-soname=aix'
-# and `aix-soname=both' and `aix-soname=svr4' LT_INIT options. DEFAULT
-# is either `aix', `both' or `svr4'.  If omitted, it defaults to `aix'.
-m4_define([_LT_WITH_AIX_SONAME],
-[m4_define([_LT_WITH_AIX_SONAME_DEFAULT], [m4_if($1, svr4, svr4, m4_if($1, both, both, aix))])dnl
-shared_archive_member_spec=
-case $host,$enable_shared in
-power*-*-aix[[5-9]]*,yes)
-  AC_MSG_CHECKING([which variant of shared library versioning to provide])
-  AC_ARG_WITH([aix-soname],
-    [AS_HELP_STRING([--with-aix-soname=aix|svr4|both],
-      [shared library versioning (aka "SONAME") variant to provide on AIX, @<:@default=]_LT_WITH_AIX_SONAME_DEFAULT[@:>@.])],
-    [case $withval in
-    aix|svr4|both)
-      ;;
-    *)
-      AC_MSG_ERROR([Unknown argument to --with-aix-soname])
-      ;;
-    esac
-    lt_cv_with_aix_soname=$with_aix_soname],
-    [AC_CACHE_VAL([lt_cv_with_aix_soname],
-      [lt_cv_with_aix_soname=]_LT_WITH_AIX_SONAME_DEFAULT)
-    with_aix_soname=$lt_cv_with_aix_soname])
-  AC_MSG_RESULT([$with_aix_soname])
-  if test aix != "$with_aix_soname"; then
-    # For the AIX way of multilib, we name the shared archive member
-    # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o',
-    # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File.
-    # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag,
-    # the AIX toolchain works better with OBJECT_MODE set (default 32).
-    if test 64 = "${OBJECT_MODE-32}"; then
-      shared_archive_member_spec=shr_64
-    else
-      shared_archive_member_spec=shr
-    fi
-  fi
-  ;;
-*)
-  with_aix_soname=aix
-  ;;
-esac
-
-_LT_DECL([], [shared_archive_member_spec], [0],
-    [Shared archive member basename, for filename based shared library versioning on AIX])dnl
-])# _LT_WITH_AIX_SONAME
-
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=aix], [_LT_WITH_AIX_SONAME([aix])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=both], [_LT_WITH_AIX_SONAME([both])])
-LT_OPTION_DEFINE([LT_INIT], [aix-soname=svr4], [_LT_WITH_AIX_SONAME([svr4])])
-
-
-# _LT_WITH_PIC([MODE])
-# --------------------
-# implement the --with-pic flag, and support the 'pic-only' and 'no-pic'
-# LT_INIT options.
-# MODE is either 'yes' or 'no'.  If omitted, it defaults to 'both'.
-m4_define([_LT_WITH_PIC],
-[AC_ARG_WITH([pic],
-    [AS_HELP_STRING([--with-pic@<:@=PKGS@:>@],
-	[try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
-    [lt_p=${PACKAGE-default}
-    case $withval in
-    yes|no) pic_mode=$withval ;;
-    *)
-      pic_mode=default
-      # Look at the argument we got.  We use all the common list separators.
-      lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR,
-      for lt_pkg in $withval; do
-	IFS=$lt_save_ifs
-	if test "X$lt_pkg" = "X$lt_p"; then
-	  pic_mode=yes
-	fi
-      done
-      IFS=$lt_save_ifs
-      ;;
-    esac],
-    [pic_mode=m4_default([$1], [default])])
-
-_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
-])# _LT_WITH_PIC
-
-LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
-LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
-
-# Old name:
-AU_DEFUN([AC_LIBTOOL_PICMODE],
-[_LT_SET_OPTION([LT_INIT], [pic-only])
-AC_DIAGNOSE([obsolete],
-[$0: Remove this warning and the call to _LT_SET_OPTION when you
-put the 'pic-only' option into LT_INIT's first parameter.])
-])
-
-dnl aclocal-1.4 backwards compatibility:
-dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
-
-## ----------------- ##
-## LTDL_INIT Options ##
-## ----------------- ##
-
-m4_define([_LTDL_MODE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
-		 [m4_define([_LTDL_MODE], [nonrecursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [recursive],
-		 [m4_define([_LTDL_MODE], [recursive])])
-LT_OPTION_DEFINE([LTDL_INIT], [subproject],
-		 [m4_define([_LTDL_MODE], [subproject])])
-
-m4_define([_LTDL_TYPE], [])
-LT_OPTION_DEFINE([LTDL_INIT], [installable],
-		 [m4_define([_LTDL_TYPE], [installable])])
-LT_OPTION_DEFINE([LTDL_INIT], [convenience],
-		 [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/vmidentity/m4/ltsugar.m4 b/vmidentity/m4/ltsugar.m4
deleted file mode 100644
index 48bc9344a..000000000
--- a/vmidentity/m4/ltsugar.m4
+++ /dev/null
@@ -1,124 +0,0 @@
-# ltsugar.m4 -- libtool m4 base layer.                         -*-Autoconf-*-
-#
-# Copyright (C) 2004-2005, 2007-2008, 2011-2015 Free Software
-# Foundation, Inc.
-# Written by Gary V. Vaughan, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 6 ltsugar.m4
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
-
-
-# lt_join(SEP, ARG1, [ARG2...])
-# -----------------------------
-# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
-# associated separator.
-# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
-# versions in m4sugar had bugs.
-m4_define([lt_join],
-[m4_if([$#], [1], [],
-       [$#], [2], [[$2]],
-       [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
-m4_define([_lt_join],
-[m4_if([$#$2], [2], [],
-       [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
-
-
-# lt_car(LIST)
-# lt_cdr(LIST)
-# ------------
-# Manipulate m4 lists.
-# These macros are necessary as long as will still need to support
-# Autoconf-2.59, which quotes differently.
-m4_define([lt_car], [[$1]])
-m4_define([lt_cdr],
-[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
-       [$#], 1, [],
-       [m4_dquote(m4_shift($@))])])
-m4_define([lt_unquote], $1)
-
-
-# lt_append(MACRO-NAME, STRING, [SEPARATOR])
-# ------------------------------------------
-# Redefine MACRO-NAME to hold its former content plus 'SEPARATOR''STRING'.
-# Note that neither SEPARATOR nor STRING are expanded; they are appended
-# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
-# No SEPARATOR is output if MACRO-NAME was previously undefined (different
-# than defined and empty).
-#
-# This macro is needed until we can rely on Autoconf 2.62, since earlier
-# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
-m4_define([lt_append],
-[m4_define([$1],
-	   m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
-
-
-
-# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
-# ----------------------------------------------------------
-# Produce a SEP delimited list of all paired combinations of elements of
-# PREFIX-LIST with SUFFIX1 through SUFFIXn.  Each element of the list
-# has the form PREFIXmINFIXSUFFIXn.
-# Needed until we can rely on m4_combine added in Autoconf 2.62.
-m4_define([lt_combine],
-[m4_if(m4_eval([$# > 3]), [1],
-       [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
-[[m4_foreach([_Lt_prefix], [$2],
-	     [m4_foreach([_Lt_suffix],
-		]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
-	[_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
-
-
-# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
-# -----------------------------------------------------------------------
-# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
-# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
-m4_define([lt_if_append_uniq],
-[m4_ifdef([$1],
-	  [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
-		 [lt_append([$1], [$2], [$3])$4],
-		 [$5])],
-	  [lt_append([$1], [$2], [$3])$4])])
-
-
-# lt_dict_add(DICT, KEY, VALUE)
-# -----------------------------
-m4_define([lt_dict_add],
-[m4_define([$1($2)], [$3])])
-
-
-# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
-# --------------------------------------------
-m4_define([lt_dict_add_subkey],
-[m4_define([$1($2:$3)], [$4])])
-
-
-# lt_dict_fetch(DICT, KEY, [SUBKEY])
-# ----------------------------------
-m4_define([lt_dict_fetch],
-[m4_ifval([$3],
-	m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
-    m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
-
-
-# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
-# -----------------------------------------------------------------
-m4_define([lt_if_dict_fetch],
-[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
-	[$5],
-    [$6])])
-
-
-# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
-# --------------------------------------------------------------
-m4_define([lt_dict_filter],
-[m4_if([$5], [], [],
-  [lt_join(m4_quote(m4_default([$4], [[, ]])),
-           lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
-		      [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
-])
diff --git a/vmidentity/m4/ltversion.m4 b/vmidentity/m4/ltversion.m4
deleted file mode 100644
index fa04b52a3..000000000
--- a/vmidentity/m4/ltversion.m4
+++ /dev/null
@@ -1,23 +0,0 @@
-# ltversion.m4 -- version numbers			-*- Autoconf -*-
-#
-#   Copyright (C) 2004, 2011-2015 Free Software Foundation, Inc.
-#   Written by Scott James Remnant, 2004
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# @configure_input@
-
-# serial 4179 ltversion.m4
-# This file is part of GNU Libtool
-
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
-
-AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
-_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
-_LT_DECL(, macro_revision, 0)
-])
diff --git a/vmidentity/m4/lt~obsolete.m4 b/vmidentity/m4/lt~obsolete.m4
deleted file mode 100644
index c6b26f88f..000000000
--- a/vmidentity/m4/lt~obsolete.m4
+++ /dev/null
@@ -1,99 +0,0 @@
-# lt~obsolete.m4 -- aclocal satisfying obsolete definitions.    -*-Autoconf-*-
-#
-#   Copyright (C) 2004-2005, 2007, 2009, 2011-2015 Free Software
-#   Foundation, Inc.
-#   Written by Scott James Remnant, 2004.
-#
-# This file is free software; the Free Software Foundation gives
-# unlimited permission to copy and/or distribute it, with or without
-# modifications, as long as this notice is preserved.
-
-# serial 5 lt~obsolete.m4
-
-# These exist entirely to fool aclocal when bootstrapping libtool.
-#
-# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN),
-# which have later been changed to m4_define as they aren't part of the
-# exported API, or moved to Autoconf or Automake where they belong.
-#
-# The trouble is, aclocal is a bit thick.  It'll see the old AC_DEFUN
-# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
-# using a macro with the same name in our local m4/libtool.m4 it'll
-# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
-# and doesn't know about Autoconf macros at all.)
-#
-# So we provide this file, which has a silly filename so it's always
-# included after everything else.  This provides aclocal with the
-# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
-# because those macros already exist, or will be overwritten later.
-# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
-#
-# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
-# Yes, that means every name once taken will need to remain here until
-# we give up compatibility with versions before 1.7, at which point
-# we need to keep only those names which we still refer to.
-
-# This is to help aclocal find these macros, as it can't see m4_define.
-AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
-
-m4_ifndef([AC_LIBTOOL_LINKER_OPTION],	[AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
-m4_ifndef([AC_PROG_EGREP],		[AC_DEFUN([AC_PROG_EGREP])])
-m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_AC_SHELL_INIT],		[AC_DEFUN([_LT_AC_SHELL_INIT])])
-m4_ifndef([_LT_AC_SYS_LIBPATH_AIX],	[AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
-m4_ifndef([_LT_PROG_LTMAIN],		[AC_DEFUN([_LT_PROG_LTMAIN])])
-m4_ifndef([_LT_AC_TAGVAR],		[AC_DEFUN([_LT_AC_TAGVAR])])
-m4_ifndef([AC_LTDL_ENABLE_INSTALL],	[AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
-m4_ifndef([AC_LTDL_PREOPEN],		[AC_DEFUN([AC_LTDL_PREOPEN])])
-m4_ifndef([_LT_AC_SYS_COMPILER],	[AC_DEFUN([_LT_AC_SYS_COMPILER])])
-m4_ifndef([_LT_AC_LOCK],		[AC_DEFUN([_LT_AC_LOCK])])
-m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE],	[AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
-m4_ifndef([_LT_AC_TRY_DLOPEN_SELF],	[AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
-m4_ifndef([AC_LIBTOOL_PROG_CC_C_O],	[AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
-m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
-m4_ifndef([AC_LIBTOOL_OBJDIR],		[AC_DEFUN([AC_LIBTOOL_OBJDIR])])
-m4_ifndef([AC_LTDL_OBJDIR],		[AC_DEFUN([AC_LTDL_OBJDIR])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
-m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP],	[AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
-m4_ifndef([AC_PATH_MAGIC],		[AC_DEFUN([AC_PATH_MAGIC])])
-m4_ifndef([AC_PROG_LD_GNU],		[AC_DEFUN([AC_PROG_LD_GNU])])
-m4_ifndef([AC_PROG_LD_RELOAD_FLAG],	[AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
-m4_ifndef([AC_DEPLIBS_CHECK_METHOD],	[AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
-m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
-m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
-m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS],	[AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
-m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP],	[AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
-m4_ifndef([LT_AC_PROG_EGREP],		[AC_DEFUN([LT_AC_PROG_EGREP])])
-m4_ifndef([LT_AC_PROG_SED],		[AC_DEFUN([LT_AC_PROG_SED])])
-m4_ifndef([_LT_CC_BASENAME],		[AC_DEFUN([_LT_CC_BASENAME])])
-m4_ifndef([_LT_COMPILER_BOILERPLATE],	[AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
-m4_ifndef([_LT_LINKER_BOILERPLATE],	[AC_DEFUN([_LT_LINKER_BOILERPLATE])])
-m4_ifndef([_AC_PROG_LIBTOOL],		[AC_DEFUN([_AC_PROG_LIBTOOL])])
-m4_ifndef([AC_LIBTOOL_SETUP],		[AC_DEFUN([AC_LIBTOOL_SETUP])])
-m4_ifndef([_LT_AC_CHECK_DLFCN],		[AC_DEFUN([_LT_AC_CHECK_DLFCN])])
-m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER],	[AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
-m4_ifndef([_LT_AC_TAGCONFIG],		[AC_DEFUN([_LT_AC_TAGCONFIG])])
-m4_ifndef([AC_DISABLE_FAST_INSTALL],	[AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
-m4_ifndef([_LT_AC_LANG_CXX],		[AC_DEFUN([_LT_AC_LANG_CXX])])
-m4_ifndef([_LT_AC_LANG_F77],		[AC_DEFUN([_LT_AC_LANG_F77])])
-m4_ifndef([_LT_AC_LANG_GCJ],		[AC_DEFUN([_LT_AC_LANG_GCJ])])
-m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
-m4_ifndef([_LT_AC_LANG_C_CONFIG],	[AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
-m4_ifndef([_LT_AC_LANG_CXX_CONFIG],	[AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
-m4_ifndef([_LT_AC_LANG_F77_CONFIG],	[AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
-m4_ifndef([_LT_AC_LANG_GCJ_CONFIG],	[AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
-m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG],	[AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
-m4_ifndef([_LT_AC_LANG_RC_CONFIG],	[AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
-m4_ifndef([AC_LIBTOOL_CONFIG],		[AC_DEFUN([AC_LIBTOOL_CONFIG])])
-m4_ifndef([_LT_AC_FILE_LTDLL_C],	[AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
-m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS],	[AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
-m4_ifndef([_LT_AC_PROG_CXXCPP],		[AC_DEFUN([_LT_AC_PROG_CXXCPP])])
-m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS],	[AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
-m4_ifndef([_LT_PROG_ECHO_BACKSLASH],	[AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
-m4_ifndef([_LT_PROG_F77],		[AC_DEFUN([_LT_PROG_F77])])
-m4_ifndef([_LT_PROG_FC],		[AC_DEFUN([_LT_PROG_FC])])
-m4_ifndef([_LT_PROG_CXX],		[AC_DEFUN([_LT_PROG_CXX])])
diff --git a/vmidentity/make-target/Makefile.am b/vmidentity/make-target/Makefile.am
index 14cce440e..07621fdea 100644
--- a/vmidentity/make-target/Makefile.am
+++ b/vmidentity/make-target/Makefile.am
@@ -1,69 +1,74 @@
 
 vmstsjars_DATA= \
-    @top_builddir@/vmware-sts/packages/vmware-identity-depends.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-diagnostics.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-platform.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-idm-client.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-idm-interface.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-idm-server.jar \
-    @top_builddir@/vmware-sts/packages/samltoken.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-websso-client.jar \
-    @top_builddir@/vmware-sts/packages/samlauthority.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-install.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-wsTrustClient.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-idm-server.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-idm-common.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-afd-server.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-afd-common.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-core-server.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-core-common.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-core-client.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-idm-client.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-afd-client.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-rest-idm-samples.jar \
-    @top_builddir@/vmware-sts/packages/vmware-directory-rest-client.jar \
-    @top_builddir@/vmware-sts/packages/vmware-directory-rest-server.jar \
-    @top_builddir@/vmware-sts/packages/vmware-directory-rest-common.jar \
-    @top_builddir@/vmware-sts/packages/openidconnect-client-lib.jar \
-    @top_builddir@/vmware-sts/packages/openidconnect-common.jar \
-    @top_builddir@/vmware-sts/packages/openidconnect-protocol.jar \
-    @top_builddir@/vmware-sts/packages/openidconnect-server.jar \
-    @top_builddir@/vmware-sts/packages/vmware-identity-sso-config.jar \
-    @top_builddir@/vmware-sts/packages/websso.jar \
-    @top_builddir@/vmware-sts/packages/sts.jar
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-diagnostics.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-platform.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-idm-client.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-idm-interface.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-idm-server.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/samltoken.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-websso-client.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/samlauthority.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-install.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-wsTrustClient.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-idm-server.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-idm-common.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-afd-server.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-afd-common.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-core-server.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-core-common.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-core-client.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-idm-client.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-afd-client.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-rest-idm-samples.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-directory-rest-client.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-directory-rest-server.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-directory-rest-common.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/openidconnect-client-lib.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/openidconnect-common.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/openidconnect-protocol.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/openidconnect-server.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-sso-config.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/websso.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/sts.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/commons-lang-2.6.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/jna-4.2.1.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/commons-logging-1.2.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/httpclient-4.5.1.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/slf4j-api-1.7.25.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/log4j-api-2.8.2.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/log4j-slf4j-impl-2.8.2.jar \
+    @top_builddir@/vmidentity/vmware-sts/packages/lib/log4j-core-2.8.2.jar
 
 vmstswebapps_DATA= \
-    @top_builddir@/vmware-sts/packages/openidconnect-sample-rp.war \
-    @top_builddir@/vmware-sts/packages/ROOT.war \
-    @top_builddir@/vmware-sts/packages/lightwaveui.war \
-    @top_builddir@/vmware-sts/packages/uaa-api.war \
-    @top_builddir@/vmware-sts/packages/uaa-app.war \
-    @top_builddir@/vmware-sts/packages/uaa-manager.war
+    @top_builddir@/vmidentity/vmware-sts/packages/openidconnect-sample-rp.war \
+    @top_builddir@/vmidentity/vmware-sts/packages/ROOT.war \
+    @top_builddir@/vmidentity/vmware-sts/packages/lightwaveui.war
 
 sbin_SCRIPTS = \
-    @top_srcdir@/websso/src/main/resources/sso-config.sh \
-    @top_builddir@/config/vmware-stsd.sh \
-    @top_builddir@/config/configure-build.sh
+    @top_srcdir@/vmidentity/websso/src/main/resources/sso-config.sh \
+    @top_builddir@/vmidentity/config/vmware-stsd.sh \
+    @top_builddir@/vmidentity/config/configure-build.sh
 
 vmstsconf_DATA = \
-    @top_builddir@/config/server.xml \
-    @top_builddir@/config/catalina.properties \
-    @top_builddir@/config/web.xml \
-    @top_builddir@/config/logging.properties \
-    @top_builddir@/config/catalina.policy \
-    @top_builddir@/config/context.xml \
-    @top_builddir@/config/tomcat-users.xml
+    @top_builddir@/vmidentity/config/server.xml \
+    @top_builddir@/vmidentity/config/catalina.properties \
+    @top_builddir@/vmidentity/config/web.xml \
+    @top_builddir@/vmidentity/config/logging.properties \
+    @top_builddir@/vmidentity/config/catalina.policy \
+    @top_builddir@/vmidentity/config/context.xml \
+    @top_builddir@/vmidentity/config/tomcat-users.xml \
+    @top_builddir@/vmidentity/config/vmsts-telegraf.conf
 
 vmidmconf_DATA= \
-    @top_srcdir@/sso-config/src/main/resources/ssoconfig.log4j2.xml \
-    @top_srcdir@/idm/server/src/main/resources/log4j2.xml \
-    @top_srcdir@/idm/server/src/main/resources/server.policy \
-    @top_srcdir@/idm/server/src/main/resources/idm.reg
+    @top_srcdir@/vmidentity/sso-config/src/main/resources/ssoconfig.log4j2.xml \
+    @top_srcdir@/vmidentity/idm/server/src/main/resources/log4j2.xml \
+    @top_srcdir@/vmidentity/idm/server/src/main/resources/server.policy \
+    @top_srcdir@/vmidentity/idm/server/src/main/resources/idm.reg
 
 vmstsbin_DATA = \
-    @top_builddir@/config/setenv.sh \
-    @top_builddir@/vmware-sts/packages/vmware-identity-tomcat-extensions.jar
+    @top_builddir@/vmidentity/config/setenv.sh \
+    @top_builddir@/vmidentity/vmware-sts/packages/vmware-identity-tomcat-extensions.jar
 
 systemd_DATA = \
-    @top_builddir@/config/vmware-stsd.service
+    @top_builddir@/vmidentity/config/vmware-stsd.service
 
diff --git a/vmidentity/openidconnect/client/pom.xml b/vmidentity/openidconnect/client/pom.xml
index e2528e088..bc0be1f2b 100644
--- a/vmidentity/openidconnect/client/pom.xml
+++ b/vmidentity/openidconnect/client/pom.xml
@@ -5,13 +5,28 @@
   <parent>
     <groupId>com.vmware.identity.oidc</groupId>
     <artifactId>vmware-identity-oidc</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>openidconnect-client-lib</artifactId>
   <packaging>jar</packaging>
   <name>OpenID Connect - Client</name>
 
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-failsafe-plugin</artifactId>
+        <version>${maven.failsafe.plugin.version}</version>
+        <configuration>
+          <excludes>
+            <exclude>**/OIDCClientGssIT.java</exclude>
+          </excludes>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
   <dependencies>
     <!-- VMware Dependencies -->
     <dependency>
@@ -101,9 +116,15 @@
 
     <dependency>
       <groupId>org.powermock</groupId>
-      <artifactId>powermock-easymock-release-full</artifactId>
+      <artifactId>powermock-module-junit4</artifactId>
+      <version>${powermock.version}</version>
+      <scope>test</scope>
+    </dependency>
+
+    <dependency>
+      <groupId>org.powermock</groupId>
+      <artifactId>powermock-api-easymock</artifactId>
       <version>${powermock.version}</version>
-      <classifier>full</classifier>
       <scope>test</scope>
     </dependency>
   </dependencies>
diff --git a/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/IDToken.java b/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/IDToken.java
index bcb3f8f73..a3f56b311 100644
--- a/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/IDToken.java
+++ b/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/IDToken.java
@@ -89,8 +89,11 @@ static IDToken build(
         Date now = new Date();
         Date notBefore = new Date(idToken.getIssueTime().getTime() - clockToleranceInSeconds * 1000L);
         Date notAfter = new Date(idToken.getExpirationTime().getTime() + clockToleranceInSeconds * 1000L);
-        if (now.before(notBefore) || now.after(notAfter)) {
-            throw new TokenValidationException(TokenValidationError.EXPIRED_TOKEN, "Token is expired.");
+        if (now.before(notBefore)) {
+            throw new TokenValidationException(TokenValidationError.TOKEN_NOT_YET_VALID, "Token is not yet valid.");
+        }
+        if (now.after(notAfter)) {
+            throw new TokenValidationException(TokenValidationError.EXPIRED_TOKEN, "Token has expired.");
         }
 
         return new IDToken(idToken);
diff --git a/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/ResourceServerAccessToken.java b/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/ResourceServerAccessToken.java
index 558500f0d..360209d03 100644
--- a/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/ResourceServerAccessToken.java
+++ b/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/ResourceServerAccessToken.java
@@ -90,8 +90,11 @@ public static ResourceServerAccessToken build(
         Date now = new Date();
         Date notBefore = new Date(accessToken.getIssueTime().getTime() - clockToleranceInSeconds * 1000L);
         Date notAfter = new Date(accessToken.getExpirationTime().getTime() + clockToleranceInSeconds * 1000L);
-        if (now.before(notBefore) || now.after(notAfter)) {
-            throw new TokenValidationException(TokenValidationError.EXPIRED_TOKEN, "Token is expired.");
+        if (now.before(notBefore)) {
+            throw new TokenValidationException(TokenValidationError.TOKEN_NOT_YET_VALID, "Token is not yet valid.");
+        }
+        if (now.after(notAfter)) {
+            throw new TokenValidationException(TokenValidationError.EXPIRED_TOKEN, "Token has expired.");
         }
 
         return new ResourceServerAccessToken(accessToken);
diff --git a/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/TokenValidationError.java b/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/TokenValidationError.java
index 00fa71103..f43044ffe 100644
--- a/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/TokenValidationError.java
+++ b/vmidentity/openidconnect/client/src/main/java/com/vmware/identity/openidconnect/client/TokenValidationError.java
@@ -23,6 +23,7 @@
 public enum TokenValidationError {
     INVALID_SIGNATURE,
     EXPIRED_TOKEN,
+    TOKEN_NOT_YET_VALID,
     PARSE_ERROR,
     INVALID_ISSUER,
     INVALID_AUDIENCE;
diff --git a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/IDTokenTest.java b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/IDTokenTest.java
index 5a8736bf5..d159418d9 100644
--- a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/IDTokenTest.java
+++ b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/IDTokenTest.java
@@ -131,7 +131,7 @@ public void testBuildIdTokenWrongAudience() throws Exception {
     }
 
     @Test
-    public void testBuildIdTokenExpiredTokenNotBefore() throws Exception {
+    public void testBuildIdTokenNotYetValid() throws Exception {
 
         Date now = new Date();
         Date issueTime = new Date(now.getTime() + 1*60*1000L); // issued in the future
@@ -141,12 +141,12 @@ public void testBuildIdTokenExpiredTokenNotBefore() throws Exception {
             IDToken.build(idTokenString, providerPublicKey, issuer, clientID, 0L);
             Assert.fail("expecting TokenValidationException");
         } catch (TokenValidationException e) {
-            Assert.assertEquals(TokenValidationError.EXPIRED_TOKEN, e.getTokenValidationError());
+            Assert.assertEquals(TokenValidationError.TOKEN_NOT_YET_VALID, e.getTokenValidationError());
         }
     }
 
     @Test
-    public void testBuildIdTokenExpiredTokenNotAfter() throws Exception {
+    public void testBuildIdTokenExpired() throws Exception {
 
         Date now = new Date();
         Date issueTime = new Date(now.getTime() - 2*60*1000L);
diff --git a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientGssIT.java b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientGssIT.java
index 125ab1d2a..65ecdedb6 100644
--- a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientGssIT.java
+++ b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientGssIT.java
@@ -27,7 +27,7 @@ public class OIDCClientGssIT extends OIDCClientITBase {
 
     @BeforeClass
     public static void setUp() throws Exception {
-        setUp("resources/config.properties");
+        setUp("config.properties");
     }
 
     // NonRegNoHOKConfigClient, GssGrant
diff --git a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientITBase.java b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientITBase.java
index 60f2d8dd4..8928e9c0c 100644
--- a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientITBase.java
+++ b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/OIDCClientITBase.java
@@ -36,7 +36,6 @@
 import com.vmware.directory.rest.common.data.SolutionUserDTO;
 import com.vmware.identity.openidconnect.common.ClientID;
 import com.vmware.identity.openidconnect.common.ProviderMetadata;
-import com.vmware.identity.openidconnect.common.TokenType;
 import com.vmware.identity.openidconnect.protocol.ClientCredentialsGrant;
 import com.vmware.identity.openidconnect.protocol.PasswordGrant;
 import com.vmware.identity.openidconnect.protocol.SolutionUserCredentialsGrant;
@@ -86,7 +85,7 @@ public static void setUp(String config) throws Exception {
         domainControllerPort = Integer.parseInt(properties.getProperty("oidc.op.port"));
         domainControllerFQDN = System.getProperty("host");
         if (domainControllerFQDN == null || domainControllerFQDN.length() == 0) {
-            throw new IllegalStateException("missing host argument, invoke with mvn verify -P integration-test -Dhost=<host>");
+            throw new IllegalStateException("missing host argument, invoke with mvn verify -DskipIntegrationTests=false -Dhost=<host>");
         }
 
         // create admin client with STS token
diff --git a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/ResourceServerAccessTokenTest.java b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/ResourceServerAccessTokenTest.java
index d362a14a3..46497d545 100644
--- a/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/ResourceServerAccessTokenTest.java
+++ b/vmidentity/openidconnect/client/src/test/java/com/vmware/identity/openidconnect/client/ResourceServerAccessTokenTest.java
@@ -159,7 +159,7 @@ public void testBuildAccessTokenWrongAudience() throws Exception {
     }
 
     @Test
-    public void testBuildAccessTokenExpiredTokenNotBefore() throws Exception {
+    public void testBuildAccessTokenNotYetValid() throws Exception {
 
         Date now = new Date();
         Date issueTime = new Date(now.getTime() + 1*60*1000L); // issued in the future
@@ -174,12 +174,12 @@ public void testBuildAccessTokenExpiredTokenNotBefore() throws Exception {
                     0L);
             Assert.fail("expecting TokenValidationException");
         } catch (TokenValidationException e) {
-            Assert.assertEquals(TokenValidationError.EXPIRED_TOKEN, e.getTokenValidationError());
+            Assert.assertEquals(TokenValidationError.TOKEN_NOT_YET_VALID, e.getTokenValidationError());
         }
     }
 
     @Test
-    public void testBuildAccessTokenExpiredTokenNotAfter() throws Exception {
+    public void testBuildAccessTokenExpired() throws Exception {
 
         Date now = new Date();
         Date issueTime = new Date(now.getTime() - 2*60*1000L);
diff --git a/vmidentity/openidconnect/common/pom.xml b/vmidentity/openidconnect/common/pom.xml
index e57440942..40e7c1b86 100644
--- a/vmidentity/openidconnect/common/pom.xml
+++ b/vmidentity/openidconnect/common/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.oidc</groupId>
     <artifactId>vmware-identity-oidc</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>openidconnect-common</artifactId>
diff --git a/vmidentity/openidconnect/oidc_spec.docx b/vmidentity/openidconnect/oidc_spec.docx
new file mode 100644
index 000000000..3fa91c837
Binary files /dev/null and b/vmidentity/openidconnect/oidc_spec.docx differ
diff --git a/vmidentity/openidconnect/pom.xml b/vmidentity/openidconnect/pom.xml
index ad926356c..ba2ce115d 100644
--- a/vmidentity/openidconnect/pom.xml
+++ b/vmidentity/openidconnect/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.oidc</groupId>
diff --git a/vmidentity/openidconnect/protocol/pom.xml b/vmidentity/openidconnect/protocol/pom.xml
index d9dc9898b..9a9071a55 100644
--- a/vmidentity/openidconnect/protocol/pom.xml
+++ b/vmidentity/openidconnect/protocol/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.oidc</groupId>
     <artifactId>vmware-identity-oidc</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>openidconnect-protocol</artifactId>
diff --git a/vmidentity/openidconnect/protocol/src/main/java/com/vmware/identity/openidconnect/protocol/ClientIssuedAssertion.java b/vmidentity/openidconnect/protocol/src/main/java/com/vmware/identity/openidconnect/protocol/ClientIssuedAssertion.java
index 9608cda31..63c92aa3e 100644
--- a/vmidentity/openidconnect/protocol/src/main/java/com/vmware/identity/openidconnect/protocol/ClientIssuedAssertion.java
+++ b/vmidentity/openidconnect/protocol/src/main/java/com/vmware/identity/openidconnect/protocol/ClientIssuedAssertion.java
@@ -86,12 +86,15 @@ public String validate(
 
         Date now = new Date();
         Date issueTime = this.getIssueTime();
-        Date notBefore = new Date(now.getTime() - clockToleranceMS - assertionLifetimeMs);
-        Date notAfter = new Date(now.getTime() + clockToleranceMS);
-        if (issueTime.before(notBefore) || issueTime.after(notAfter)) {
-            return String.format("stale_%s", this.getTokenClass().getValue());
+        Date expirationTime = new Date(issueTime.getTime() + assertionLifetimeMs);
+        Date notBefore = new Date(issueTime.getTime() - clockToleranceMS);
+        Date notAfter = new Date(expirationTime.getTime() + clockToleranceMS);
+        if (now.before(notBefore)) {
+            return String.format("%s is not yet valid", this.getTokenClass().getValue());
+        }
+        if (now.after(notAfter)) {
+            return String.format("%s has expired", this.getTokenClass().getValue());
         }
-
         return null;
     }
 }
\ No newline at end of file
diff --git a/vmidentity/openidconnect/protocol_specification.xlsx b/vmidentity/openidconnect/protocol_specification.xlsx
index b3ae29f69..45b20eeb1 100644
Binary files a/vmidentity/openidconnect/protocol_specification.xlsx and b/vmidentity/openidconnect/protocol_specification.xlsx differ
diff --git a/vmidentity/openidconnect/sample/pom.xml b/vmidentity/openidconnect/sample/pom.xml
index 1cf3e9165..4b8b45afb 100644
--- a/vmidentity/openidconnect/sample/pom.xml
+++ b/vmidentity/openidconnect/sample/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.oidc</groupId>
     <artifactId>vmware-identity-oidc</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>openidconnect-sample-rp</artifactId>
@@ -107,16 +107,9 @@
     </dependency>
 
     <!-- Runtime Dependencies -->
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>jstl-api</artifactId>
-      <version>${jstl.version}</version>
-      <scope>runtime</scope>
-    </dependency>
-
     <dependency>
       <groupId>org.glassfish.web</groupId>
-      <artifactId>jstl-impl</artifactId>
+      <artifactId>javax.servlet.jsp.jstl</artifactId>
       <version>${jstl.version}</version>
       <scope>runtime</scope>
     </dependency>
diff --git a/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/relyingpartyServlet/servlet-context.xml b/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/relyingpartyServlet/servlet-context.xml
index a3f8861dd..ab895535d 100755
--- a/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/relyingpartyServlet/servlet-context.xml
+++ b/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/relyingpartyServlet/servlet-context.xml
@@ -3,9 +3,9 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xmlns:beans="http://www.springframework.org/schema/beans"
 	xmlns:context="http://www.springframework.org/schema/context"
-	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
+	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
 
 	<annotation-driven />
 	<context:annotation-config />
diff --git a/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/root-context.xml b/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/root-context.xml
index 4aa7cb26d..bc15d46b9 100755
--- a/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/root-context.xml
+++ b/vmidentity/openidconnect/sample/src/main/webapp/WEB-INF/spring/root-context.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd">
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">
 
 	<!-- Root Context: defines shared resources visible to all other web components -->
 
diff --git a/vmidentity/openidconnect/server/pom.xml b/vmidentity/openidconnect/server/pom.xml
index e45342b92..b39d93b18 100644
--- a/vmidentity/openidconnect/server/pom.xml
+++ b/vmidentity/openidconnect/server/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.oidc</groupId>
     <artifactId>vmware-identity-oidc</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>openidconnect-server</artifactId>
@@ -98,16 +98,9 @@
     </dependency>
 
     <!-- Runtime Dependencies -->
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>jstl-api</artifactId>
-      <version>${jstl.version}</version>
-      <scope>runtime</scope>
-    </dependency>
-
     <dependency>
       <groupId>org.glassfish.web</groupId>
-      <artifactId>jstl-impl</artifactId>
+      <artifactId>javax.servlet.jsp.jstl</artifactId>
       <version>${jstl.version}</version>
       <scope>runtime</scope>
     </dependency>
diff --git a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/JWKSController.java b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/JWKSController.java
index 0435120c7..53c842327 100644
--- a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/JWKSController.java
+++ b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/JWKSController.java
@@ -23,6 +23,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -59,14 +60,16 @@ public JWKSController(CasIdmClient idmClient) {
         this.idmClient = idmClient;
     }
 
-    @RequestMapping(value = Endpoints.JWKS, method = RequestMethod.GET)
+    @CrossOrigin(allowCredentials = "false")
+    @RequestMapping(value = Endpoints.BASE + Endpoints.JWKS, method = RequestMethod.GET)
     public void jwks(
             HttpServletRequest httpServletRequest,
             HttpServletResponse httpServletResponse) throws IOException {
         jwks(httpServletRequest, httpServletResponse, null);
     }
 
-    @RequestMapping(value = Endpoints.JWKS + "/{tenant:.*}", method = RequestMethod.GET)
+    @CrossOrigin(allowCredentials = "false")
+    @RequestMapping(value = Endpoints.BASE + Endpoints.JWKS + "/{tenant:.*}", method = RequestMethod.GET)
     public void jwks(
             HttpServletRequest httpServletRequest,
             HttpServletResponse httpServletResponse,
diff --git a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/MetadataController.java b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/MetadataController.java
index 64ec1381c..0da707c8a 100644
--- a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/MetadataController.java
+++ b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/MetadataController.java
@@ -24,6 +24,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -64,14 +65,16 @@ public MetadataController(CasIdmClient idmClient) {
         this.idmClient = idmClient;
     }
 
-    @RequestMapping(value = Endpoints.METADATA, method = RequestMethod.GET)
+    @CrossOrigin(allowCredentials = "false")
+    @RequestMapping(value = Endpoints.BASE + Endpoints.METADATA, method = RequestMethod.GET)
     public void metadata(
             HttpServletRequest httpServletRequest,
             HttpServletResponse httpServletResponse) throws IOException {
         metadata(httpServletRequest, httpServletResponse, null);
     }
 
-    @RequestMapping(value = "/{tenant:.*}" + Endpoints.METADATA, method = RequestMethod.GET)
+    @CrossOrigin(allowCredentials = "false")
+    @RequestMapping(value = Endpoints.BASE + "/{tenant:.*}" + Endpoints.METADATA, method = RequestMethod.GET)
     public void metadata(
             HttpServletRequest httpServletRequest,
             HttpServletResponse httpServletResponse,
diff --git a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/TokenRequestProcessor.java b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/TokenRequestProcessor.java
index b393dedd3..cc79592e2 100755
--- a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/TokenRequestProcessor.java
+++ b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/TokenRequestProcessor.java
@@ -448,7 +448,10 @@ private void validateRefreshToken(RefreshToken refreshToken, SolutionUser soluti
         Date now = new Date();
         Date notBefore = new Date(refreshToken.getIssueTime().getTime() - this.tenantInfo.getClockToleranceMs());
         Date notAfter = new Date(refreshToken.getExpirationTime().getTime() + this.tenantInfo.getClockToleranceMs());
-        if (now.before(notBefore) || now.after(notAfter)) {
+        if (now.before(notBefore)) {
+            throw new ServerException(ErrorObject.invalidGrant("refresh_token is not yet valid"));
+        }
+        if (now.after(notAfter)) {
             throw new ServerException(ErrorObject.invalidGrant("refresh_token has expired"));
         }
     }
diff --git a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/UserInfoRetriever.java b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/UserInfoRetriever.java
index 0f3772c20..4be2010c8 100644
--- a/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/UserInfoRetriever.java
+++ b/vmidentity/openidconnect/server/src/main/java/com/vmware/identity/openidconnect/server/UserInfoRetriever.java
@@ -169,13 +169,16 @@ private List<String> computeGroupMembership(User user) throws ServerException {
     private String computeAdminServerRole(User user, List<String> groupMembership) throws ServerException {
         String systemDomainName = getSystemDomainName(user);
         String groupNamePrefix = systemDomainName.toLowerCase() + "\\";
+        String systemTenantGroupNamePrefix = getSystemDomainName(getSystemTenantName()).toLowerCase() + "\\";
         Set<String> groupMembershipLowerCase = toLowerCase(groupMembership);
 
         String role;
         if (groupMembershipLowerCase.contains(groupNamePrefix + "administrators")) {
             role = "Administrator";
-        } else if (groupMembershipLowerCase.contains(groupNamePrefix + "systemconfiguration.administrators")) {
+        } else if (groupMembershipLowerCase.contains(systemTenantGroupNamePrefix + "systemconfiguration.administrators")) {
             role = "ConfigurationUser";
+        } else if (groupMembershipLowerCase.contains(groupNamePrefix + "trustedusers")) {
+            role = "TrustedUser";
         } else if (groupMembershipLowerCase.contains(groupNamePrefix + "users")) {
             role = "RegularUser";
         } else {
@@ -185,9 +188,24 @@ private String computeAdminServerRole(User user, List<String> groupMembership) t
     }
 
     private String getSystemDomainName(User user) throws ServerException {
+        return getSystemDomainName(user.getTenant());
+    }
+
+    private String getSystemTenantName() throws ServerException {
+        String systemTenant;
+        try {
+            systemTenant = this.idmClient.getSystemTenant();
+        } catch (Exception e) {
+            throw new ServerException(ErrorObject.serverError("idm error while retrieving system tenant"), e);
+        }
+
+        return systemTenant;
+    }
+
+    private String getSystemDomainName(String tenant) throws ServerException {
         Collection<IIdentityStoreData> identityStores;
         try {
-            identityStores = this.idmClient.getProviders(user.getTenant(), EnumSet.of(DomainType.SYSTEM_DOMAIN));
+            identityStores = this.idmClient.getProviders(tenant, EnumSet.of(DomainType.SYSTEM_DOMAIN));
         } catch (Exception e) {
             throw new ServerException(ErrorObject.serverError("idm error while retrieving system domain"), e);
         }
diff --git a/vmidentity/openidconnect/server/src/main/webapp/WEB-INF/spring/root-context.xml b/vmidentity/openidconnect/server/src/main/webapp/WEB-INF/spring/root-context.xml
index 4aa7cb26d..bc15d46b9 100755
--- a/vmidentity/openidconnect/server/src/main/webapp/WEB-INF/spring/root-context.xml
+++ b/vmidentity/openidconnect/server/src/main/webapp/WEB-INF/spring/root-context.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd">
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">
 
 	<!-- Root Context: defines shared resources visible to all other web components -->
 
diff --git a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/AuthenticationControllerTest.java b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/AuthenticationControllerTest.java
index c42b51c89..f5f6364e0 100755
--- a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/AuthenticationControllerTest.java
+++ b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/AuthenticationControllerTest.java
@@ -350,7 +350,7 @@ public void testImplicitFlowClientAssertionStale() throws Exception {
         Date issuedAt = new Date(now.getTime() - (2 * 60 * 60 * 1000L)); // issued 2 hrs ago
         claimsBuilder = claimsBuilder.issueTime(issuedAt);
         params.put("client_assertion", TestUtil.sign(claimsBuilder.build(), CLIENT_PRIVATE_KEY).serialize());
-        assertErrorResponse(flow, params, "invalid_client", "stale_client_assertion");
+        assertErrorResponse(flow, params, "invalid_client", "client_assertion has expired");
     }
 
     @Test
diff --git a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/LogoutControllerTest.java b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/LogoutControllerTest.java
index 9adcf99d1..3eab555ae 100755
--- a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/LogoutControllerTest.java
+++ b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/LogoutControllerTest.java
@@ -189,7 +189,7 @@ public void testLogoutClientAssertionStale() throws Exception {
         Date issuedAt = new Date(now.getTime() - (5 * 60 * 1000L)); // issued 5 mins ago
         claimsBuilder = claimsBuilder.issueTime(issuedAt);
         params.put("client_assertion", TestUtil.sign(claimsBuilder.build(), CLIENT_PRIVATE_KEY).serialize());
-        assertErrorResponse(params, "invalid_client", "stale_client_assertion");
+        assertErrorResponse(params, "invalid_client", "client_assertion has expired");
     }
 
     @Test
diff --git a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/MockIdmClient.java b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/MockIdmClient.java
index 31da787d5..3e393beb8 100644
--- a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/MockIdmClient.java
+++ b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/MockIdmClient.java
@@ -310,6 +310,11 @@ public String getDefaultTenant() throws Exception {
         return this.tenantName;
     }
 
+    @Override
+    public String getSystemTenant() throws Exception {
+        return this.tenantName;
+    }
+
     @Override
     public PrivateKey getTenantPrivateKey(String tenantName) throws Exception {
         validateTenant(tenantName);
diff --git a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/TokenControllerTest.java b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/TokenControllerTest.java
index 6dd7c8c5b..52e7d88f6 100755
--- a/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/TokenControllerTest.java
+++ b/vmidentity/openidconnect/server/src/test/java/com/vmware/identity/openidconnect/server/TokenControllerTest.java
@@ -806,7 +806,7 @@ public void testRefreshTokenFlowJwtInvalidScope() throws Exception {
     }
 
     @Test
-    public void testRefreshTokenFlowJwtExpiredNotBefore() throws Exception {
+    public void testRefreshTokenFlowJwtNotYetValid() throws Exception {
         Flow flow = Flow.REFRESH_TOKEN;
         Map<String, String> params = tokenRequestParameters(flow);
         JWTClaimsSet.Builder claimsBuilder = refreshTokenClaims();
@@ -814,11 +814,11 @@ public void testRefreshTokenFlowJwtExpiredNotBefore() throws Exception {
         claimsBuilder = claimsBuilder.issueTime(new Date(now.getTime() + 8*1000L)); // issued 8 seconds in the future
         claimsBuilder = claimsBuilder.expirationTime(new Date(now.getTime() + 9*1000L)); // expires 9 seconds in the future
         params.put("refresh_token", TestUtil.sign(claimsBuilder.build(), TENANT_PRIVATE_KEY).serialize());
-        assertErrorResponse(flow, params, "invalid_grant", "refresh_token has expired");
+        assertErrorResponse(flow, params, "invalid_grant", "refresh_token is not yet valid");
     }
 
     @Test
-    public void testRefreshTokenFlowJwtExpiredNotAfter() throws Exception {
+    public void testRefreshTokenFlowJwtExpired() throws Exception {
         Flow flow = Flow.REFRESH_TOKEN;
         Map<String, String> params = tokenRequestParameters(flow);
         JWTClaimsSet.Builder claimsBuilder = refreshTokenClaims();
@@ -1300,7 +1300,7 @@ public void testAssertionIssuedAtTooFarInThePast() throws Exception {
         Date issuedAt = new Date(now.getTime() - 5 * 60 * 1000L); // issued 5 mins ago
         claimsBuilder = claimsBuilder.issueTime(issuedAt);
         Map<String, String> params = tokenRequestParametersClient(flow, claimsBuilder.build());
-        String expectedErrorMessage = "stale_client_assertion";
+        String expectedErrorMessage = "client_assertion has expired";
         assertErrorResponse(flow, params, "invalid_client", expectedErrorMessage);
     }
 
@@ -1312,7 +1312,7 @@ public void testAssertionIssuedAtTooFarInTheFuture() throws Exception {
         Date issuedAt = new Date(now.getTime() + 5 * 60 * 1000L); // issued 5 mins in the future
         claimsBuilder = claimsBuilder.issueTime(issuedAt);
         Map<String, String> params = tokenRequestParametersClient(flow, claimsBuilder.build());
-        String expectedErrorMessage = "stale_client_assertion";
+        String expectedErrorMessage = "client_assertion is not yet valid";
         assertErrorResponse(flow, params, "invalid_client", expectedErrorMessage);
     }
 
diff --git a/vmidentity/platform/pom.xml b/vmidentity/platform/pom.xml
index 58657e420..ee0aa7fd3 100644
--- a/vmidentity/platform/pom.xml
+++ b/vmidentity/platform/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-platform</artifactId>
diff --git a/vmidentity/platform/src/main/resources/MANIFEST.MF b/vmidentity/platform/src/main/resources/MANIFEST.MF
index eb7076fef..08c3710c7 100644
--- a/vmidentity/platform/src/main/resources/MANIFEST.MF
+++ b/vmidentity/platform/src/main/resources/MANIFEST.MF
@@ -3,4 +3,4 @@ Name: com/vmware/identity/platform
 Specification-Title: Common utility used by VMSTS components - IDM and STS
 Specification-Vendor: VMware Inc.
 Specification-Version: 6.6.1
-Class-Path: vmware-identity-platform-6.6.1.jar log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar jna.jar platform.jar commons-logging-1.1.jar httpclient-4.3.3.jar httpcore-4.3.3.jar commons-lang-2.5.jar
+Class-Path: vmware-identity-platform-6.6.1.jar log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar jna.jar platform.jar commons-logging-1.1.jar httpclient-4.3.3.jar httpcore-4.3.3.jar commons-lang-2.5.jar
diff --git a/vmidentity/pom.xml b/vmidentity/pom.xml
index be2baaf3b..6560aa45c 100644
--- a/vmidentity/pom.xml
+++ b/vmidentity/pom.xml
@@ -4,7 +4,7 @@
 
   <groupId>com.vmware.identity</groupId>
   <artifactId>vmware-identity</artifactId>
-  <version>1.2.0-SNAPSHOT</version>
+  <version>1.3.0-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <name>VMware Identity Services</name>
@@ -40,7 +40,6 @@
         <module>sso-config</module>
         <module>uaa</module>
         <module>service</module>
-        <module>jdepends</module>
       </modules>
     </profile>
 
@@ -95,7 +94,7 @@
     <repository>
       <id>lightwave</id>
       <name>lightwave</name>
-      <url>http://artifactory.ec.eng.vmware.com:8081/artifactory/lightwave</url>
+      <url>http://artifactory.ec.eng.vmware.com:8081/artifactory/lightwave-testmaven</url>
     </repository>
   </distributionManagement>
 
@@ -210,6 +209,13 @@
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-failsafe-plugin</artifactId>
         <version>${maven.failsafe.plugin.version}</version>
+        <dependencies>
+          <dependency>
+            <groupId>org.apache.maven.surefire</groupId>
+            <artifactId>surefire-junit47</artifactId>
+            <version>${maven.failsafe.plugin.version}</version>
+          </dependency>
+        </dependencies>
         <configuration>
           <skipTests>${skipIntegrationTests}</skipTests>
           <groups>${test.integration.group}</groups>
@@ -272,6 +278,27 @@
           </execution>
         </executions>
       </plugin>
+      <!-- copy dependencies to target folder -->
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <version>3.0.0</version>
+        <executions>
+          <execution>
+            <id>copy-dependencies</id>
+            <phase>package</phase>
+            <goals>
+              <goal>copy-dependencies</goal>
+            </goals>
+            <configuration>
+              <outputDirectory>${outputDirectory}/lib</outputDirectory>
+              <overWriteReleases>false</overWriteReleases>
+              <overWriteSnapshots>true</overWriteSnapshots>
+              <excludeTransitive>true</excludeTransitive>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
   </build>
 
@@ -283,8 +310,8 @@
     <skipIntegrationTests>true</skipIntegrationTests>
 
     <!-- Output Directories -->
-    <cleanDirectory>${rootDirectory}/build/vmware-sts/</cleanDirectory>
-    <outputDirectory>${rootDirectory}/build/vmware-sts/packages</outputDirectory>
+    <cleanDirectory>${buildDir}/</cleanDirectory>
+    <outputDirectory>${buildDir}/packages</outputDirectory>
     <rootDirectory>${basedir}</rootDirectory>
 
     <!-- Maven Plugin Versions -->
@@ -309,17 +336,19 @@
     <!-- Dependency Versions -->
     <FastInfoset.version>1.2.8</FastInfoset.version>
     <activation.version>1.1.1</activation.version>
-    <apache.log4j.version>2.2</apache.log4j.version>
+    <apache.log4j.version>2.8.2</apache.log4j.version>
     <args4j.version>2.33</args4j.version>
     <asm.version>5.0.3</asm.version>
     <aspect.version>1.6.9</aspect.version>
     <bouncycastle.version>1.50</bouncycastle.version>
     <cglib.version>2.2</cglib.version>
     <commons-ssl.version>0.3.9</commons-ssl.version>
+    <commons.beanutils.version>1.9.3</commons.beanutils.version>
     <commons.cli.version>1.2</commons.cli.version>
     <commons.codec.version>1.9</commons.codec.version>
     <commons.collection.version>3.2.2</commons.collection.version>
     <commons.daemon.version>1.0.8</commons.daemon.version>
+    <commons.fileupload.version>1.3.3</commons.fileupload.version>
     <commons.httpclient.version>3.1</commons.httpclient.version>
     <commons.io.version>2.4</commons.io.version>
     <commons.lang.version>2.6</commons.lang.version>
@@ -327,7 +356,7 @@
     <commons.logging.version>1.2</commons.logging.version>
     <commons.pool2.version>2.4.2</commons.pool2.version>
     <easymock.version>3.2</easymock.version>
-    <esapi.version>2.0.1</esapi.version>
+    <esapi.version>2.1.0.1</esapi.version>
     <gmbal-api-only.version>3.1.0-b001</gmbal-api-only.version>
     <ha-api.version>3.1.9</ha-api.version>
     <httpclient.version>4.5.1</httpclient.version>
@@ -348,10 +377,10 @@
     <jsr173_api.version>1.0</jsr173_api.version>
     <jsr181-api.version>1.0-MR1</jsr181-api.version>
     <jsr250-api.version>1.0</jsr250-api.version>
-    <jstl.version>1.2</jstl.version>
+    <jstl.version>1.2.4</jstl.version>
     <junit.version>4.12</junit.version>
-    <log4j.12.api.version>2.0.2</log4j.12.api.version>
-    <log4j.version>1.2.16</log4j.version>
+    <log4j.12.api.version>2.8.2</log4j.12.api.version>
+    <log4j.version>1.2.17</log4j.version>
     <management-api.version>3.1.0-b001</management-api.version>
     <mimepull.version>1.9.3</mimepull.version>
     <net.dev.jna>4.2.1</net.dev.jna>
@@ -365,16 +394,16 @@
     <saaj-api.version>1.3.5</saaj-api.version>
     <saaj-impl.version>1.3</saaj-impl.version>
     <scim.version>1.6.0</scim.version>
-    <serializer.version>2.7.1</serializer.version>
-    <slf4j.version>1.7.10</slf4j.version> 
-    <spring.release.version>4.3.1.RELEASE</spring.release.version>
+    <serializer.version>2.7.2</serializer.version>
+    <slf4j.version>1.7.25</slf4j.version>
+    <spring.release.version>4.3.5.RELEASE</spring.release.version>
     <stax-ex.version>1.7.7</stax-ex.version>
     <streambuffer.version>1.5.3</streambuffer.version>
-    <tomat.coyote.version>8.5.5</tomat.coyote.version>
+    <tomat.coyote.version>8.5.19</tomat.coyote.version>
     <tomcat.catalina.version>8.5.8</tomcat.catalina.version>
     <uaa.version>3.9.3</uaa.version>
     <velocity.version>1.7</velocity.version>
-    <xalan.version>2.7.1</xalan.version>
+    <xalan.version>2.7.2</xalan.version>
     <xerces.impl.version>2.10.0</xerces.impl.version>
     <xml.api.version>1.4.01</xml.api.version>
     <xml.resolver.version>1.2</xml.resolver.version>
diff --git a/vmidentity/rest/afd/client/pom.xml b/vmidentity/rest/afd/client/pom.xml
index bf8886a67..42c782bc0 100644
--- a/vmidentity/rest/afd/client/pom.xml
+++ b/vmidentity/rest/afd/client/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.afd</groupId>
     <artifactId>vmware-identity-rest-afd</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-afd-client</artifactId>
diff --git a/vmidentity/rest/afd/common/pom.xml b/vmidentity/rest/afd/common/pom.xml
index 4b3fecd34..3adc006c4 100644
--- a/vmidentity/rest/afd/common/pom.xml
+++ b/vmidentity/rest/afd/common/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.afd</groupId>
     <artifactId>vmware-identity-rest-afd</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-afd-common</artifactId>
diff --git a/vmidentity/rest/afd/pom.xml b/vmidentity/rest/afd/pom.xml
index 7f6523d12..eca917144 100644
--- a/vmidentity/rest/afd/pom.xml
+++ b/vmidentity/rest/afd/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.rest</groupId>
     <artifactId>vmware-identity-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.rest.afd</groupId>
diff --git a/vmidentity/rest/afd/server/pom.xml b/vmidentity/rest/afd/server/pom.xml
index 50c1970f4..5b243509a 100644
--- a/vmidentity/rest/afd/server/pom.xml
+++ b/vmidentity/rest/afd/server/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.afd</groupId>
     <artifactId>vmware-identity-rest-afd</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-afd-server</artifactId>
diff --git a/vmidentity/rest/build-client.xml b/vmidentity/rest/build-client.xml
deleted file mode 100644
index 0d53a4b2f..000000000
--- a/vmidentity/rest/build-client.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project name="vmware-identity-rest" default="build" >
-  <property file="../product.properties" />
-  <import file="../../ant/defaults.xml" />
-
-  <property name="relBuildRoot" location="../../build/${PRODUCT_NAME}" />
-  <property name="PACKAGE_BASE" value="${relBuildRoot}/packages" />
-  <property name="GROUP_BASE" value="com.vmware.identity" />
-  <property name="IDM_VERSION" value="6.0.0" />
-  <property name="VERSION" value="1.0-SNAPSHOT" />
-  <property name="idmClient" value="vmware-identity-idm-client.jar"/>
-  <property name="idmInterface" value="vmware-identity-idm-interface.jar"/>
-  <property name="diagnostics" value="vmware-identity-diagnostics.jar"/>
-  <property name="samltoken" value="samltoken.jar"/>
-  <property name="vmware-identity-rest-authz" value="vmware-identity-rest-authz.jar"/>
-
-  <condition property="maven" value="${tcRoot}/noarch/apache-maven-3.0.3/bin/mvn.bat" else="${tcRoot}/noarch/apache-maven-3.0.3/bin/mvn">
-    <os family="windows" />
-  </condition>
-
-  <condition property="isWindows">
-    <os family="windows" />
-  </condition>
-
-  <condition property="isUnix">
-    <os family="unix" />
-  </condition>
-
-  <target name="install.vmware-dependencies">
-    <exec executable="${maven}" failonerror="true">
-      <env key="M2_HOME" value="${tcRoot}/noarch/apache-maven-3.0.3" />
-      <arg line="install:install-file -Dfile=${LIGHTWAVE_VMAFD_ROOT}/lib64/client-domain-controller-cache.jar -DgroupId=${GROUP_BASE} -DartifactId=client-domain-controller-cache -Dversion=${IDM_VERSION} -Dpackaging=jar" />
-    </exec>
-  </target>
-
-  <target name="module.clients">
-    <exec executable="${maven}" failonerror="true">
-      <env key="M2_HOME" value="${tcRoot}/noarch/apache-maven-3.0.3" />
-      <arg line="install -pl idm/client -am" />
-    </exec>
-    <exec executable="${maven}" failonerror="true">
-      <env key="M2_HOME" value="${tcRoot}/noarch/apache-maven-3.0.3" />
-      <arg line="install -pl afd/client -am" />
-     </exec>
-  </target>
-
-  <target name="build" depends="install.vmware-dependencies,module.clients">
-  </target>
-
-</project>
-
diff --git a/vmidentity/rest/core/client/pom.xml b/vmidentity/rest/core/client/pom.xml
index 8fc82d7ae..e8a3c72a7 100644
--- a/vmidentity/rest/core/client/pom.xml
+++ b/vmidentity/rest/core/client/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.core</groupId>
     <artifactId>vmware-identity-rest-core</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-core-client</artifactId>
diff --git a/vmidentity/rest/core/client/src/integration-test/java/com/vmware/identity/rest/core/client/test/integration/IntegrationTestProperties.java b/vmidentity/rest/core/client/src/integration-test/java/com/vmware/identity/rest/core/client/test/integration/IntegrationTestProperties.java
index e2fd29660..c1620911f 100644
--- a/vmidentity/rest/core/client/src/integration-test/java/com/vmware/identity/rest/core/client/test/integration/IntegrationTestProperties.java
+++ b/vmidentity/rest/core/client/src/integration-test/java/com/vmware/identity/rest/core/client/test/integration/IntegrationTestProperties.java
@@ -47,6 +47,8 @@ public IntegrationTestProperties() {
         } catch (IOException e) {
             throw new IllegalArgumentException("Error loading config", e);
         }
+
+        properties.putAll(System.getProperties());
     }
 
     public String getHost() {
diff --git a/vmidentity/rest/core/common/pom.xml b/vmidentity/rest/core/common/pom.xml
index 5d3e59f70..9ae940f1e 100644
--- a/vmidentity/rest/core/common/pom.xml
+++ b/vmidentity/rest/core/common/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.core</groupId>
     <artifactId>vmware-identity-rest-core</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-core-common</artifactId>
diff --git a/vmidentity/rest/core/pom.xml b/vmidentity/rest/core/pom.xml
index 84c87ada6..03367ad18 100644
--- a/vmidentity/rest/core/pom.xml
+++ b/vmidentity/rest/core/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.rest</groupId>
     <artifactId>vmware-identity-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.rest.core</groupId>
diff --git a/vmidentity/rest/core/server/pom.xml b/vmidentity/rest/core/server/pom.xml
index 51019cf4b..dd27b01cf 100644
--- a/vmidentity/rest/core/server/pom.xml
+++ b/vmidentity/rest/core/server/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.core</groupId>
     <artifactId>vmware-identity-rest-core</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-core-server</artifactId>
diff --git a/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/Role.java b/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/Role.java
index 6b0e1c6bd..1fca5f108 100644
--- a/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/Role.java
+++ b/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/Role.java
@@ -33,12 +33,17 @@ public enum Role {
      */
     REGULAR_USER("RegularUser"),
 
+    /**
+     * A trusted user with more permissions than a regular user.
+     */
+    TRUSTED_USER("TrustedUser"),
+
     /**
      * A configuration user with slightly elevated permissions.
      *
      * <p>This role should <b>only</b> be valid on the system tenant.
      */
-    CONFIGURATION_USER("SystemConfiguration.Administrator"),
+    CONFIGURATION_USER("ConfigurationUser"),
 
     /**
      * An administrative user with full permissions.
diff --git a/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/RoleMapper.java b/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/RoleMapper.java
index 35dae5bb5..2b668bd32 100644
--- a/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/RoleMapper.java
+++ b/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/RoleMapper.java
@@ -19,6 +19,7 @@
  * <ul>
  *  <li>{@link Role.ADMINISTRATOR} => tenantDomain</li>
  *  <li>{@link Role.CONFIGURATION_USER} => systemTenantDomain</li>
+ *  <li>{@link Role.TRUSTED_USER} => tenantDomain</li>
  *  <li>{@link Role.REGULAR_USER} => tenantDomain</li>
  *  <li>{@link Role.GUEST_USER} => tenantDomain</li>
  * </ul>
@@ -47,6 +48,8 @@ public RoleGroup getRoleGroup(Role role) {
             return new RoleGroup(role, "Administrators", tenantDomain);
         case CONFIGURATION_USER:
             return new RoleGroup(role, "SystemConfiguration.Administrators", systemTenantDomain);
+        case TRUSTED_USER:
+            return new RoleGroup(role, "TrustedUsers", tenantDomain);
         case REGULAR_USER:
             return new RoleGroup(role, "Users", tenantDomain);
         case GUEST_USER:
diff --git a/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/request/ResourceAccessRequest.java b/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/request/ResourceAccessRequest.java
index 93f9b2bb4..a7d78f34c 100644
--- a/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/request/ResourceAccessRequest.java
+++ b/vmidentity/rest/core/server/src/main/java/com/vmware/identity/rest/core/server/authorization/request/ResourceAccessRequest.java
@@ -25,7 +25,6 @@
 import com.vmware.identity.idm.client.CasIdmClient;
 import com.vmware.identity.rest.core.server.authorization.Config;
 import com.vmware.identity.rest.core.server.authorization.Role;
-import com.vmware.identity.rest.core.server.authorization.RoleGroup;
 import com.vmware.identity.rest.core.server.authorization.RoleMapper;
 import com.vmware.identity.rest.core.server.authorization.exception.InsufficientRoleException;
 import com.vmware.identity.rest.core.server.authorization.exception.InvalidTokenException;
@@ -165,7 +164,7 @@ public void validateRole(Role requiredRole) throws InsufficientRoleException {
         if (token.getRole() != null) {
             checkRoleField(requiredRole);
         } else {
-            checkGroupsField(roleMapper.getRoleGroup(requiredRole));
+            checkGroupsField(requiredRole);
         }
     }
 
@@ -179,11 +178,24 @@ private void checkRoleField(Role requiredRole) throws InsufficientRoleException
         }
     }
 
-    private void checkGroupsField(RoleGroup requiredRole) throws InsufficientRoleException {
+    private void checkGroupsField(Role requiredRole) throws InsufficientRoleException {
         List<String> groupList = token.getGroupList();
-        if (groupList == null || groupList.isEmpty() || !checkIfGroupExists(groupList, requiredRole.getGroupNetbios())) {
-            throw new InsufficientRoleException(sm.getString("auth.ise.wrong.role", requiredRole.getRole()));
+        if (groupList != null && !groupList.isEmpty()) {
+            Role[] roles = Role.values();
+
+            // Start at the highest role and work our way down until we've gone too low
+            int i = roles.length - 1;
+
+            Role role = roles[i];
+            while (role.is(requiredRole)) {
+                if (checkIfGroupExists(groupList, roleMapper.getRoleGroup(role).getGroupNetbios())) {
+                    return;
+                }
+                role = roles[--i];
+            }
         }
+
+        throw new InsufficientRoleException(sm.getString("auth.ise.wrong.role", requiredRole));
     }
 
     private boolean checkIfGroupExists(List<String> groupList, String group) {
diff --git a/vmidentity/rest/core/server/src/test/java/com/vmware/identity/rest/core/server/test/authorization/token/request/RoleCheckTest.java b/vmidentity/rest/core/server/src/test/java/com/vmware/identity/rest/core/server/test/authorization/token/request/RoleCheckTest.java
index 4bca7df58..0d21da0b0 100644
--- a/vmidentity/rest/core/server/src/test/java/com/vmware/identity/rest/core/server/test/authorization/token/request/RoleCheckTest.java
+++ b/vmidentity/rest/core/server/src/test/java/com/vmware/identity/rest/core/server/test/authorization/token/request/RoleCheckTest.java
@@ -61,31 +61,67 @@ public void testRoleField() throws Exception {
 
         ResourceAccessRequest request = new ResourceAccessRequest(TokenStyle.HEADER, TokenType.BEARER, token, null, false, null);
 
+        request.validateRole(Role.ADMINISTRATOR);
+        request.validateRole(Role.CONFIGURATION_USER);
+        request.validateRole(Role.REGULAR_USER);
+    }
+
+    public void testRoleField_WrongRole() throws Exception {
+        SignedJWT jwt = new JWTBuilder(privateKey)
+            .subject("configuration_user")
+            .issuer("OAUTH")
+            .audience(Config.RESOURCE_SERVER_AUDIENCE)
+            .role(Role.CONFIGURATION_USER.getRoleName())
+            .build();
+
+        AccessToken token = new JWTBearerToken(jwt, Config.JWT_TYPE_FIELD, Config.JWT_ROLE_FIELD, Config.JWT_GROUPS_FIELD);
+
+        ResourceAccessRequest request = new ResourceAccessRequest(TokenStyle.HEADER, TokenType.BEARER, token, null, false, null);
+
         request.validateRole(Role.ADMINISTRATOR);
     }
 
     @Test
     public void testGroupsField() throws Exception {
-        try {
-            RoleMapper mapper = new RoleMapper("vsphere.local", "vsphere.local");
+        RoleMapper mapper = new RoleMapper("vsphere.local", "vsphere.local");
+
+        List<String> groups = Arrays.asList( new String[] { mapper.getRoleGroup(Role.ADMINISTRATOR).getGroupNetbios() } );
+
+        SignedJWT jwt = new JWTBuilder(privateKey)
+            .subject("administrator")
+            .issuer("OAUTH")
+            .audience(Config.RESOURCE_SERVER_AUDIENCE)
+            .groups(groups)
+            .build();
 
-            List<String> groups = Arrays.asList( new String[] { mapper.getRoleGroup(Role.ADMINISTRATOR).getGroupNetbios() } );
+        AccessToken token = new JWTBearerToken(jwt, Config.JWT_TYPE_FIELD, Config.JWT_ROLE_FIELD, Config.JWT_GROUPS_FIELD);
 
-            SignedJWT jwt = new JWTBuilder(privateKey)
-                .subject("administrator")
-                .issuer("OAUTH")
-                .audience(Config.RESOURCE_SERVER_AUDIENCE)
-                .groups(groups)
-                .build();
+        ResourceAccessRequest request = new ResourceAccessRequest(TokenStyle.HEADER, TokenType.BEARER, token, null, false, mapper);
 
-            AccessToken token = new JWTBearerToken(jwt, Config.JWT_TYPE_FIELD, Config.JWT_ROLE_FIELD, Config.JWT_GROUPS_FIELD);
+        request.validateRole(Role.ADMINISTRATOR);
+        request.validateRole(Role.CONFIGURATION_USER);
+        request.validateRole(Role.REGULAR_USER);
+        request.validateRole(Role.GUEST_USER);
+    }
 
-            ResourceAccessRequest request = new ResourceAccessRequest(TokenStyle.HEADER, TokenType.BEARER, token, null, false, mapper);
+    @Test(expected = InsufficientRoleException.class)
+    public void testGroupsField_WrongRole() throws Exception {
+        RoleMapper mapper = new RoleMapper("vsphere.local", "vsphere.local");
 
-            request.validateRole(Role.ADMINISTRATOR);
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
+        List<String> groups = Arrays.asList( new String[] { mapper.getRoleGroup(Role.CONFIGURATION_USER).getGroupNetbios() } );
+
+        SignedJWT jwt = new JWTBuilder(privateKey)
+            .subject("administrator")
+            .issuer("OAUTH")
+            .audience(Config.RESOURCE_SERVER_AUDIENCE)
+            .groups(groups)
+            .build();
+
+        AccessToken token = new JWTBearerToken(jwt, Config.JWT_TYPE_FIELD, Config.JWT_ROLE_FIELD, Config.JWT_GROUPS_FIELD);
+
+        ResourceAccessRequest request = new ResourceAccessRequest(TokenStyle.HEADER, TokenType.BEARER, token, null, false, mapper);
+
+        request.validateRole(Role.ADMINISTRATOR);
     }
 
     @Test
diff --git a/vmidentity/rest/idm/client/pom.xml b/vmidentity/rest/idm/client/pom.xml
index f115c30a6..90baff1ca 100644
--- a/vmidentity/rest/idm/client/pom.xml
+++ b/vmidentity/rest/idm/client/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.idm</groupId>
     <artifactId>vmware-identity-rest-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-idm-client</artifactId>
@@ -63,6 +63,13 @@
       <scope>test</scope>
     </dependency>
 
+    <dependency>
+      <groupId>com.vmware.vmdir.rest</groupId>
+      <artifactId>vmware-directory-rest-client</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk15on</artifactId>
diff --git a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/UserResourceIT.java b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/UserResourceIT.java
index 3894fb21a..0ce255bb6 100644
--- a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/UserResourceIT.java
+++ b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/UserResourceIT.java
@@ -14,33 +14,41 @@
 package com.vmware.identity.rest.idm.client.test.integration;
 
 import static com.vmware.identity.rest.idm.client.test.integration.util.Assert.assertUsersEqual;
-import static org.junit.Assert.assertEquals;
+import static com.vmware.identity.rest.idm.client.test.integration.util.Assert.assertVmdirUsersEqual;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+
 import org.apache.http.HttpException;
 import org.apache.http.client.ClientProtocolException;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
+import com.vmware.directory.rest.client.VmdirClient;
 import com.vmware.identity.rest.core.client.exceptions.ClientException;
 import com.vmware.identity.rest.core.client.exceptions.client.NotFoundException;
+import com.vmware.identity.rest.idm.client.test.integration.util.TestClientFactory;
 import com.vmware.identity.rest.idm.client.test.integration.util.TestGenerator;
-import com.vmware.identity.rest.idm.client.test.integration.util.UserGenerator;
 import com.vmware.identity.rest.idm.data.UserDTO;
-import com.vmware.identity.rest.idm.data.UserDetailsDTO;
 
 public class UserResourceIT extends IntegrationTestBase {
 
     private static final String TEST_USER_NAME = "testUser";
     private static final String TEST_USER_DESCRIPTION = "This is a description";
 
+    private static VmdirClient testAdminVmdirClient;
+
     @BeforeClass
     public static void init() throws HttpException, IOException, GeneralSecurityException, ClientException {
         IntegrationTestBase.init(true);
+
+        testAdminVmdirClient = TestClientFactory.createVmdirClient(properties.getHost(),
+                testTenant.getName(),
+                testTenant.getUsername(),
+                testTenant.getPassword());
     }
 
     @AfterClass
@@ -48,72 +56,28 @@ public static void cleanup() throws ClientProtocolException, HttpException, Clie
         IntegrationTestBase.cleanup(true);
     }
 
-    @Test
-    public void testCreateAndDelete() throws ClientProtocolException, ClientException, HttpException, IOException {
-        UserDTO user = createUser(TEST_USER_NAME, TEST_USER_DESCRIPTION);
-        deleteUser(user);
-    }
-
     @Test
     public void testGet() throws ClientProtocolException, ClientException, HttpException, IOException {
-        UserDTO testUser = createUser(TEST_USER_NAME, TEST_USER_DESCRIPTION);
+        com.vmware.directory.rest.common.data.UserDTO testUser = createVmdirUser(TEST_USER_NAME, TEST_USER_DESCRIPTION);
 
         UserDTO user = testAdminClient.user().get(testTenant.getName(), testUser.getName(), testUser.getDomain());
 
         assertNotNull(user);
         assertUsersEqual(testUser, user);
 
-        deleteUser(testUser);
+        deleteVmdirUser(testUser);
     }
 
-    @Test
-    public void testUpdate() throws ClientProtocolException, ClientException, HttpException, IOException {
-        UserDTO testUser = createUser(TEST_USER_NAME, TEST_USER_DESCRIPTION);
-
-        UserDetailsDTO updatedDetails = new UserDetailsDTO.Builder()
-            .withDescription(testUser.getDetails().getDescription() + " that we've updated")
-            .build();
-
-        UserDTO updatedUser = new UserDTO.Builder()
-            .withDetails(updatedDetails)
-            .build();
-
-        UserDTO up = testAdminClient.user().update(testTenant.getName(), testUser.getName(), testUser.getDomain(), updatedUser);
-
-        assertEquals(updatedDetails.getDescription(), up.getDetails().getDescription());
-
-        deleteUser(testUser);
-    }
+    private static com.vmware.directory.rest.common.data.UserDTO createVmdirUser(String name, String description) throws ClientProtocolException, ClientException, HttpException, IOException {
+        com.vmware.directory.rest.common.data.UserDTO testUser = TestGenerator.generateVmdirUser(name, testTenant.getName(), description);
+        com.vmware.directory.rest.common.data.UserDTO user = testAdminVmdirClient.user().create(testTenant.getName(), testUser);
 
-    @Test
-    public void testUpdatePassword() throws ClientProtocolException, ClientException, HttpException, IOException {
-        UserDTO testUser = createUser(TEST_USER_NAME, TEST_USER_DESCRIPTION);
-
-        testAdminClient.user().updatePassword(testTenant.getName(), testUser.getName(), testUser.getDomain(),
-                testUser.getPasswordDetails().getPassword(), UserGenerator.PASSWORD + "a");
-
-        deleteUser(testUser);
-    }
-
-    @Test
-    public void testResetPassword() throws ClientProtocolException, ClientException, HttpException, IOException {
-        UserDTO testUser = createUser(TEST_USER_NAME, TEST_USER_DESCRIPTION);
-
-        testAdminClient.user().resetPassword(testTenant.getName(), testUser.getName(), testUser.getDomain(), UserGenerator.PASSWORD + "a");
-
-        deleteUser(testUser);
-    }
-
-    private static UserDTO createUser(String name, String description) throws ClientProtocolException, ClientException, HttpException, IOException {
-        UserDTO testUser = TestGenerator.generateUser(name, testTenant.getName(), description);
-        UserDTO user = testAdminClient.user().create(testTenant.getName(), testUser);
-
-        assertUsersEqual(testUser, user);
+        assertVmdirUsersEqual(testUser, user);
         return user;
     }
 
-    private static void deleteUser(UserDTO user) throws ClientProtocolException, ClientException, HttpException, IOException {
-        testAdminClient.user().delete(testTenant.getName(), user.getName(), user.getDomain());
+    private static void deleteVmdirUser(com.vmware.directory.rest.common.data.UserDTO user) throws ClientProtocolException, ClientException, HttpException, IOException {
+        testAdminVmdirClient.user().delete(testTenant.getName(), user.getName(), user.getDomain());
 
         try {
             testAdminClient.user().get(testTenant.getName(), user.getName(), user.getDomain());
diff --git a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/Assert.java b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/Assert.java
index bdcaf87d5..99cf13e00 100644
--- a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/Assert.java
+++ b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/Assert.java
@@ -160,4 +160,22 @@ public static void assertUsersEqual(UserDTO expected, UserDTO actual) {
         assertEquals(expected.getDetails().getEmail(), actual.getDetails().getEmail());
     }
 
+    public static void assertUsersEqual(com.vmware.directory.rest.common.data.UserDTO expected, UserDTO actual) {
+        assertEquals(expected.getName(), actual.getName());
+        assertEquals(expected.getDomain(), actual.getDomain());
+        assertEquals(expected.getDetails().getDescription(), actual.getDetails().getDescription());
+        assertEquals(expected.getDetails().getFirstName(), actual.getDetails().getFirstName());
+        assertEquals(expected.getDetails().getLastName(), actual.getDetails().getLastName());
+        assertEquals(expected.getDetails().getEmail(), actual.getDetails().getEmail());
+    }
+
+    public static void assertVmdirUsersEqual(com.vmware.directory.rest.common.data.UserDTO expected, com.vmware.directory.rest.common.data.UserDTO actual) {
+        assertEquals(expected.getName(), actual.getName());
+        assertEquals(expected.getDomain(), actual.getDomain());
+        assertEquals(expected.getDetails().getDescription(), actual.getDetails().getDescription());
+        assertEquals(expected.getDetails().getFirstName(), actual.getDetails().getFirstName());
+        assertEquals(expected.getDetails().getLastName(), actual.getDetails().getLastName());
+        assertEquals(expected.getDetails().getEmail(), actual.getDetails().getEmail());
+    }
+
 }
diff --git a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestClientFactory.java b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestClientFactory.java
index 3f67c23e5..13a88a098 100644
--- a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestClientFactory.java
+++ b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestClientFactory.java
@@ -25,6 +25,7 @@
 import org.apache.http.conn.ssl.TrustStrategy;
 import org.apache.http.ssl.SSLContextBuilder;
 
+import com.vmware.directory.rest.client.VmdirClient;
 import com.vmware.identity.rest.core.client.AccessToken;
 import com.vmware.identity.rest.core.client.HostRetriever;
 import com.vmware.identity.rest.core.client.SimpleHostRetriever;
@@ -74,4 +75,24 @@ public static IdmClient createClient(String host, String tenant, String username
         return createClient(host, tenant, UPNUtil.buildUPN(username, domain), password);
     }
 
+    public static VmdirClient createVmdirClient(String host, String tenant, String username, String password) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, ClientProtocolException, ClientException, IOException {
+        HostRetriever hostRetriever = new SimpleHostRetriever(host, true);
+        VmdirClient client = new VmdirClient(hostRetriever,
+                NoopHostnameVerifier.INSTANCE,
+                new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
+
+                    @Override
+                    public boolean isTrusted(X509Certificate[] chain, String authType)
+                            throws CertificateException {
+                        return true;
+                    }
+                }).build());
+
+        String token = TokenFactory.getAccessToken(host, tenant, username, password);
+
+        client.setToken(new AccessToken(token, AccessToken.Type.JWT));
+        return client;
+    }
+
+
 }
diff --git a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestGenerator.java b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestGenerator.java
index 565b59048..0c90823cb 100644
--- a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestGenerator.java
+++ b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/TestGenerator.java
@@ -27,9 +27,10 @@
 import com.vmware.identity.rest.idm.data.GroupDTO;
 import com.vmware.identity.rest.idm.data.OIDCClientDTO;
 import com.vmware.identity.rest.idm.data.OIDCClientMetadataDTO;
-import com.vmware.identity.rest.idm.data.ResourceServerDTO;
+import com.vmware.identity.rest.idm.data.PrincipalDTO;
 import com.vmware.identity.rest.idm.data.PrivateKeyDTO;
 import com.vmware.identity.rest.idm.data.RelyingPartyDTO;
+import com.vmware.identity.rest.idm.data.ResourceServerDTO;
 import com.vmware.identity.rest.idm.data.SolutionUserDTO;
 import com.vmware.identity.rest.idm.data.TenantCredentialsDTO;
 import com.vmware.identity.rest.idm.data.TenantDTO;
@@ -105,6 +106,14 @@ public static UserDTO generateUser(String name, String domain, String descriptio
         return UserGenerator.generateUser(name, domain, description);
     }
 
+    public static PrincipalDTO generatePrincipal(String name, String domain) {
+        return new PrincipalDTO(name, domain);
+    }
+
+    public static com.vmware.directory.rest.common.data.UserDTO generateVmdirUser(String name, String domain, String description) {
+        return UserGenerator.generateVmdirUser(name, domain, description);
+    }
+
     private static TenantCredentialsDTO generateTenantCredentials() throws GeneralSecurityException, IOException {
         return new TenantCredentialsDTO.Builder()
             .withCertificates(getTrustedCertificates())
diff --git a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/UserGenerator.java b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/UserGenerator.java
index 0e06add00..27ddd6d7e 100644
--- a/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/UserGenerator.java
+++ b/vmidentity/rest/idm/client/src/integration-test/java/com/vmware/identity/rest/idm/client/test/integration/util/UserGenerator.java
@@ -35,6 +35,17 @@ public static UserDTO generateUser(String name, String domain, String descriptio
             .build();
     }
 
+    public static com.vmware.directory.rest.common.data.UserDTO generateVmdirUser(String name, String domain, String description) {
+        return new com.vmware.directory.rest.common.data.UserDTO.Builder()
+                .withName(name)
+                .withDomain(domain)
+                .withDetails(generateVmdirUserDetails(description))
+                .withPasswordDetails(generateVmdirPasswordDetails())
+                .withLocked(false)
+                .withDisabled(false)
+                .build();
+    }
+
     private static UserDetailsDTO generateUserDetails(String description) {
         return new UserDetailsDTO.Builder()
             .withFirstName(FIRST_NAME)
@@ -44,10 +55,25 @@ private static UserDetailsDTO generateUserDetails(String description) {
             .build();
     }
 
+    private static com.vmware.directory.rest.common.data.UserDetailsDTO generateVmdirUserDetails(String description) {
+        return new com.vmware.directory.rest.common.data.UserDetailsDTO.Builder()
+            .withFirstName(FIRST_NAME)
+            .withLastName(LAST_NAME)
+            .withDescription(description)
+            .withEmail(EMAIL)
+            .build();
+    }
+
     private static PasswordDetailsDTO generatePasswordDetails() {
         return new PasswordDetailsDTO.Builder()
             .withPassword(PASSWORD)
             .build();
     }
 
+    private static com.vmware.directory.rest.common.data.PasswordDetailsDTO generateVmdirPasswordDetails() {
+        return new com.vmware.directory.rest.common.data.PasswordDetailsDTO.Builder()
+            .withPassword(PASSWORD)
+            .build();
+    }
+
 }
diff --git a/vmidentity/rest/idm/client/src/integration-test/resources/config.properties b/vmidentity/rest/idm/client/src/integration-test/resources/config.properties
index 28424791a..08b3c99c3 100644
--- a/vmidentity/rest/idm/client/src/integration-test/resources/config.properties
+++ b/vmidentity/rest/idm/client/src/integration-test/resources/config.properties
@@ -12,4 +12,4 @@ system.domain=lw-testdom.com
 # System Tenant's Admininistrator credentials
 ##
 system.admin.username=Administrator
-system.admin.password=Admin!23
+system.admin.password=Ca$hc0w1
diff --git a/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/OidcClientResource.java b/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/OidcClientResource.java
index e228cf6fd..1346f249b 100644
--- a/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/OidcClientResource.java
+++ b/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/OidcClientResource.java
@@ -55,7 +55,7 @@ public OidcClientResource(BaseClient parent) {
     /**
      * Register a new Open ID Connect client using only metadata.
      *
-     * <p><b>Required Role:</b> {@code administrator}.
+     * <p><b>Required Role:</b> {@code TrustedUser}.
      *
      * @param tenant the name of the tenant to register the client with.
      * @param metadata the metadata necessary for registering the client.
@@ -99,7 +99,7 @@ public OIDCClientDTO register(String tenant, OIDCClientDTO client) throws Client
     /**
      * Request the list of Open ID Connect clients associated with a tenant.
      *
-     * <p><b>Required Role:</b> {@code administrator}.
+     * <p><b>Required Role:</b> {@code TrustedUser}.
      *
      * @param tenant the name of the tenant to request the clients from.
      * @return a list of OIDC clients.
@@ -119,7 +119,7 @@ public List<OIDCClientDTO> getAll(String tenant) throws ClientException, ClientP
     /**
      * Request a specific Open ID Connect client.
      *
-     * <p><b>Required Role:</b> {@code administrator}.
+     * <p><b>Required Role:</b> {@code TrustedUser}.
      *
      * @param tenant the name of the tenant to request the client from.
      * @param clientId the identifier of the client to request.
@@ -140,7 +140,7 @@ public OIDCClientDTO get(String tenant, String clientId) throws ClientException,
     /**
      * Update an Open ID Connect client.
      *
-     * <p><b>Required Role:</b> {@code administrator}.
+     * <p><b>Required Role:</b> {@code TrustedUser}.
      *
      * @param tenant the name of the tenant containing the client.
      * @param clientId the identifier of the client being updated.
@@ -162,7 +162,7 @@ public OIDCClientDTO update(String tenant, String clientId, OIDCClientMetadataDT
     /**
      * Delete an Open ID Connect client.
      *
-     * <p><b>Required Role:</b> {@code administrator}.
+     * <p><b>Required Role:</b> {@code TrustedUser}.
      *
      * @param tenant the name of the tenant containing the client.
      * @param clientId the identifier of the client being deleted.
diff --git a/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/UserResource.java b/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/UserResource.java
index f8a2ac7fb..9e77edec8 100644
--- a/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/UserResource.java
+++ b/vmidentity/rest/idm/client/src/main/java/com/vmware/identity/rest/idm/client/UserResource.java
@@ -26,7 +26,6 @@
 import org.apache.http.HttpException;
 import org.apache.http.client.ClientProtocolException;
 import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpPut;
 
 import com.vmware.identity.rest.core.client.BaseClient;
 import com.vmware.identity.rest.core.client.ClientResource;
@@ -34,9 +33,7 @@
 import com.vmware.identity.rest.core.client.UPNUtil;
 import com.vmware.identity.rest.core.client.exceptions.ClientException;
 import com.vmware.identity.rest.core.client.exceptions.WebApplicationException;
-import com.vmware.identity.rest.core.client.methods.HttpDeleteWithBody;
 import com.vmware.identity.rest.idm.data.GroupDTO;
-import com.vmware.identity.rest.idm.data.PasswordResetRequestDTO;
 import com.vmware.identity.rest.idm.data.UserDTO;
 
 /**
@@ -46,10 +43,6 @@
  */
 public class UserResource extends ClientResource {
 
-    private static final String USER_URI = "/idm/tenant/%s/users";
-    private static final String USER_NAME_URI = USER_URI + "/%s";
-    private static final String USER_NAME_PASSWORD_URI = USER_NAME_URI + "/password";
-
     private static final String USER_POST_URI = "/idm/post/tenant/%s/users";
     private static final String USER_NAME_POST_URI = USER_POST_URI + "/%s";
     private static final String USER_NAME_GROUPS_POST_URI = USER_NAME_POST_URI + "/groups";
@@ -58,27 +51,6 @@ public UserResource(BaseClient parent) {
         super(parent);
     }
 
-    /**
-     * Create a new user.
-     *
-     * <p><b>Required Role:</b> {@code administrator}.
-     *
-     * @param tenant the tenant to create the user on.
-     * @param user the user to be created.
-     * @return the newly created user.
-     * @throws ClientException if a client side error occurs.
-     * @throws ClientProtocolException in case of an http protocol error.
-     * @throws WebApplicationException in the event of an application error.
-     * @throws HttpException if there was a generic error with the remote call.
-     * @throws IOException if there was an error with the IO stream.
-     */
-    public UserDTO create(String tenant, UserDTO user) throws ClientException, ClientProtocolException, WebApplicationException, HttpException, IOException {
-        URI uri = buildURI(parent.getHostRetriever(), USER_URI, tenant);
-
-        HttpPost post = RequestFactory.createPostRequest(uri, parent.getToken(), user);
-        return execute(parent.getClient(), post, UserDTO.class);
-    }
-
     /**
      * Request a specific user.
      *
@@ -128,103 +100,4 @@ public List<GroupDTO> getGroups(String tenant, String name, String domain, boole
         return executeAndReturnList(parent.getClient(), post, GroupDTO.class);
     }
 
-    /**
-     * Update a user.
-     *
-     * <p><b>Required Role:</b> {@code administrator}.
-     *
-     * @param tenant the name of the tenant containing the user.
-     * @param name the name of the user.
-     * @param domain the domain of the user.
-     * @param user the contents of the user to update.
-     * @return the newly updated user.
-     * @throws ClientException if a client side error occurs.
-     * @throws ClientProtocolException in case of an http protocol error.
-     * @throws WebApplicationException in the event of an application error.
-     * @throws HttpException if there was a generic error with the remote call.
-     * @throws IOException if there was an error with the IO stream.
-     */
-    public UserDTO update(String tenant, String name, String domain, UserDTO user) throws ClientException, ClientProtocolException, WebApplicationException, HttpException, IOException {
-        String upn = UPNUtil.buildUPN(name, domain);
-        URI uri = buildURI(parent.getHostRetriever(), USER_NAME_URI, tenant, upn);
-
-        HttpPut put = RequestFactory.createPutRequest(uri, parent.getToken(), user);
-        return execute(parent.getClient(), put, UserDTO.class);
-    }
-
-    /**
-     * Update a user's password.
-     *
-     * <p><b>Required Role:</b> {@code user}.
-     *
-     * @param tenant the name of the tenant containing the user.
-     * @param name the name of the user.
-     * @param domain the domain of the user.
-     * @param currentPassword the user's current password.
-     * @param newPassword the new password to set for the user.
-     * @return the newly updated user.
-     * @throws ClientException if a client side error occurs.
-     * @throws ClientProtocolException in case of an http protocol error.
-     * @throws WebApplicationException in the event of an application error.
-     * @throws HttpException if there was a generic error with the remote call.
-     * @throws IOException if there was an error with the IO stream.
-     */
-    public UserDTO updatePassword(String tenant, String name, String domain, String currentPassword, String newPassword) throws ClientException, ClientProtocolException, WebApplicationException, HttpException, IOException {
-        String upn = UPNUtil.buildUPN(name, domain);
-        PasswordResetRequestDTO reset = new PasswordResetRequestDTO(currentPassword, newPassword);
-
-        URI uri = buildURI(parent.getHostRetriever(), USER_NAME_PASSWORD_URI, tenant, upn);
-
-        HttpPut put = RequestFactory.createPutRequest(uri, parent.getToken(), reset);
-        return execute(parent.getClient(), put, UserDTO.class);
-    }
-
-    /**
-     * Reset a user's password.
-     *
-     * <p><b>Required Role:</b> {@code administrator}.
-     *
-     * @param tenant the name of the tenant containing the user.
-     * @param name the name of the user.
-     * @param domain the domain of the user.
-     * @param newPassword the new password to set for the user.
-     * @return the newly updated user.
-     * @throws ClientException if a client side error occurs.
-     * @throws ClientProtocolException in case of an http protocol error.
-     * @throws WebApplicationException in the event of an application error.
-     * @throws HttpException if there was a generic error with the remote call.
-     * @throws IOException if there was an error with the IO stream.
-     */
-    public UserDTO resetPassword(String tenant, String name, String domain, String newPassword) throws ClientException, ClientProtocolException, WebApplicationException, HttpException, IOException {
-        String upn = UPNUtil.buildUPN(name, domain);
-        PasswordResetRequestDTO reset = new PasswordResetRequestDTO(null, newPassword);
-
-        URI uri = buildURI(parent.getHostRetriever(), USER_NAME_PASSWORD_URI, tenant, upn);
-
-        HttpPut put = RequestFactory.createPutRequest(uri, parent.getToken(), reset);
-        return execute(parent.getClient(), put, UserDTO.class);
-    }
-
-    /**
-     * Delete a user.
-     *
-     * <p><b>Required Role:</b> {@code administrator}.
-     *
-     * @param tenant the name of the tenant containing the user.
-     * @param name the name of the user.
-     * @param domain the domain of the user.
-     * @throws ClientException if a client side error occurs.
-     * @throws ClientProtocolException in case of an http protocol error.
-     * @throws WebApplicationException in the event of an application error.
-     * @throws HttpException if there was a generic error with the remote call.
-     * @throws IOException if there was an error with the IO stream.
-     */
-    public void delete(String tenant, String name, String domain) throws ClientException, ClientProtocolException, WebApplicationException, HttpException, IOException {
-        String upn = UPNUtil.buildUPN(name, domain);
-        URI uri = buildURI(parent.getHostRetriever(), USER_NAME_URI, tenant, upn);
-
-        HttpDeleteWithBody delete = RequestFactory.createDeleteRequest(uri, parent.getToken());
-        execute(parent.getClient(), delete);
-    }
-
 }
diff --git a/vmidentity/rest/idm/common/pom.xml b/vmidentity/rest/idm/common/pom.xml
index 45c68bca2..80cf7fbb2 100644
--- a/vmidentity/rest/idm/common/pom.xml
+++ b/vmidentity/rest/idm/common/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.idm</groupId>
     <artifactId>vmware-identity-rest-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-idm-common</artifactId>
diff --git a/vmidentity/rest/idm/pom.xml b/vmidentity/rest/idm/pom.xml
index 946f1ac62..619ae5cb8 100644
--- a/vmidentity/rest/idm/pom.xml
+++ b/vmidentity/rest/idm/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.rest</groupId>
     <artifactId>vmware-identity-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.rest.idm</groupId>
diff --git a/vmidentity/rest/idm/samples/pom.xml b/vmidentity/rest/idm/samples/pom.xml
index 46f1369c3..0d39d4754 100644
--- a/vmidentity/rest/idm/samples/pom.xml
+++ b/vmidentity/rest/idm/samples/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.idm</groupId>
     <artifactId>vmware-identity-rest-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-idm-samples</artifactId>
diff --git a/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/drivers/UserSampleHandler.java b/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/drivers/UserSampleHandler.java
index 949fffadb..b46d3bb86 100644
--- a/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/drivers/UserSampleHandler.java
+++ b/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/drivers/UserSampleHandler.java
@@ -31,7 +31,7 @@
 
 /**
  * Class for handling calls to UserSample from command line.
- * 
+ *
  * @author abapat
  *
  */
@@ -63,11 +63,9 @@ public void callSample(String operation, String json) {
 				Gson g = new GsonBuilder().create();
 				UserDTO user = g.fromJson(payload, UserDTO.class);
 				if (operation.equalsIgnoreCase("create")) {
-					log.info("Creating User: " + payload);
-					sample.createUser(user, tenant);
+					log.info("Creating User (Not Implemented): " + payload);
 				} else {
-					log.info("Updating User: " + payload);
-					sample.updateUser(user, tenant);
+					log.info("Updating User (Not Implemented): " + payload);
 				}
 				log.info(user.toPrettyString());
 			} else if (operation.equalsIgnoreCase("read") || operation.equalsIgnoreCase("delete")) {
@@ -77,8 +75,7 @@ public void callSample(String operation, String json) {
 					UserDTO user = sample.getUser(JSON.getString("name"), JSON.getString("domain"), tenant);
 					log.info(user.toPrettyString());
 				} else {
-					log.info("Deleting User: " + payload);
-					sample.deleteUser(JSON.getString("name"), JSON.getString("domain"), tenant);
+					log.info("Deleting User (Not Implemented): " + payload);
 				}
 			} else {
 				log.fatal("Invalid command: " + operation);
diff --git a/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/samples/UserSample.java b/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/samples/UserSample.java
index b33591dd4..2cd36d840 100644
--- a/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/samples/UserSample.java
+++ b/vmidentity/rest/idm/samples/src/main/java/com/vmware/identity/rest/idm/samples/UserSample.java
@@ -26,13 +26,11 @@
 import com.vmware.identity.rest.core.client.exceptions.ClientException;
 import com.vmware.identity.rest.core.client.exceptions.WebApplicationException;
 import com.vmware.identity.rest.idm.client.UserResource;
-import com.vmware.identity.rest.idm.data.PasswordDetailsDTO;
 import com.vmware.identity.rest.idm.data.UserDTO;
-import com.vmware.identity.rest.idm.data.UserDetailsDTO;
 
 /**
  * Samples for using {@code UserResource}. The User Resource is a container that gathers all of the commands related to a tenant's users.
- * 
+ *
  * @author abapat
  *
  */
@@ -41,7 +39,7 @@ public class UserSample extends SampleBase {
 
 	/**
 	 * Initializes IDM client and UserResource.
-	 * 
+	 *
 	 * @throws KeyManagementException if an error occurs when making SSL request.
 	 * @throws NoSuchAlgorithmException if an error occurs when making SSL request.
 	 * @throws KeyStoreException if an error occurs building making SSL request.
@@ -55,11 +53,6 @@ public UserSample()
 		resource = new UserResource(client);
 	}
 
-	public UserDTO createUser(UserDTO user, String tenant)
-			throws ClientProtocolException, WebApplicationException, ClientException, HttpException, IOException {
-		return resource.create(tenant, user);
-	}
-
 	/**
 	 * Request a specific user.
 	 *
@@ -82,69 +75,4 @@ public UserDTO getUser(String name, String domain, String tenant)
 		return resource.get(tenant, name, domain);
 	}
 
-	/**
-	 * Delete a user.
-	 *
-	 * <p>
-	 * <b>Required Role:</b> {@code administrator}.
-	 *
-	 * @param name the name of the user.
-	 * @param domain the domain of the user.
-	 * @param tenant the name of the tenant containing the user.
-	 * @throws ClientException if a client side error occurs.
-	 * @throws ClientProtocolException in case of an http protocol error.
-	 * @throws WebApplicationException in the event of an application error.
-	 * @throws HttpException if there was a generic error with the remote call.
-	 * @throws IOException if there was an error with the IO stream.
-	 */
-	public void deleteUser(String name, String domain, String tenant)
-			throws ClientProtocolException, WebApplicationException, ClientException, HttpException, IOException {
-		resource.delete(tenant, name, domain);
-	}
-
-	/**
-	 * Update a user.
-	 *
-	 * <p>
-	 * <b>Required Role:</b> {@code administrator}.
-	 *
-	 * @param name the name for the user.
-	 * @param firstName the first name of the user.
-	 * @param lastName the last name of the user.
-	 * @param email the email of the user.
-	 * @param password the password of the user.
-	 * @param description the description of the user.
-	 * @param domain the domain of the user.
-	 * @param tenant the name of the tenant containing the user.
-	 * @return the newly updated user.
-	 * @throws ClientException if a client side error occurs.
-	 * @throws ClientProtocolException in case of an http protocol error.
-	 * @throws WebApplicationException in the event of an application error.
-	 * @throws HttpException if there was a generic error with the remote call.
-	 * @throws IOException if there was an error with the IO stream.
-	 */
-	public UserDTO updateUser(String name, String firstName, String lastName, String email, String password, String description, String domain,
-			String tenant) throws ClientProtocolException, WebApplicationException, ClientException, HttpException, IOException {
-		UserDTO user = generateUser(name, firstName, lastName, email, domain, password, description);
-		return resource.update(tenant, name, domain, user);
-	}
-
-	public UserDTO updateUser(UserDTO user, String tenant)
-			throws ClientProtocolException, WebApplicationException, ClientException, HttpException, IOException {
-		return resource.update(tenant, user.getName(), user.getDomain(), user);
-	}
-
-	private UserDTO generateUser(String name, String firstName, String lastName, String email, String domain, String password, String description) {
-		return new UserDTO.Builder().withName(name).withDomain(domain).withDetails(generateUserDetails(firstName, lastName, email, description))
-				.withPasswordDetails(generatePasswordDetails(password)).withLocked(false).withDisabled(false).build();
-	}
-
-	private UserDetailsDTO generateUserDetails(String firstName, String lastName, String email, String description) {
-		return new UserDetailsDTO.Builder().withFirstName(firstName).withLastName(lastName).withDescription(description).withEmail(email).build();
-	}
-
-	private PasswordDetailsDTO generatePasswordDetails(String password) {
-		return new PasswordDetailsDTO.Builder().withPassword(password).build();
-	}
-
 }
diff --git a/vmidentity/rest/idm/server/pom.xml b/vmidentity/rest/idm/server/pom.xml
index 63dfa8222..4ece7aa50 100644
--- a/vmidentity/rest/idm/server/pom.xml
+++ b/vmidentity/rest/idm/server/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity.rest.idm</groupId>
     <artifactId>vmware-identity-rest-idm</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-rest-idm-server</artifactId>
diff --git a/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/OIDCClientResource.java b/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/OIDCClientResource.java
index 3eac13f04..6e2d06484 100644
--- a/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/OIDCClientResource.java
+++ b/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/OIDCClientResource.java
@@ -70,7 +70,7 @@ public OIDCClientResource(String tenant, @Context ContainerRequestContext reques
      */
     @POST
     @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
-    @RequiresRole(role=Role.ADMINISTRATOR)
+    @RequiresRole(role=Role.TRUSTED_USER)
     public OIDCClientDTO add(String json) throws IOException {
         ObjectMapper mapper = new ObjectMapper();
         JsonNode obj = mapper.readTree(json);
@@ -106,7 +106,7 @@ private OIDCClientDTO add(String clientId, OIDCClientMetadataDTO oidcClientMetad
      */
     @GET
     @Produces(MediaType.APPLICATION_JSON)
-    @RequiresRole(role=Role.ADMINISTRATOR)
+    @RequiresRole(role=Role.TRUSTED_USER)
     public Collection<OIDCClientDTO> getAll() {
         try {
             Collection<OIDCClient> oidcClients = getIDMClient().getOIDCClients(this.tenant);
@@ -129,7 +129,7 @@ public Collection<OIDCClientDTO> getAll() {
      */
     @GET @Path("/{clientId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @RequiresRole(role=Role.ADMINISTRATOR)
+    @RequiresRole(role=Role.TRUSTED_USER)
     public OIDCClientDTO get(@PathParam("clientId") String clientId) {
         try {
             OIDCClient oidcClient = getIDMClient().getOIDCClient(this.tenant, clientId);
@@ -156,7 +156,7 @@ public OIDCClientDTO get(@PathParam("clientId") String clientId) {
      * Delete an OIDC client from requested tenant.
      */
     @DELETE @Path("/{clientId}")
-    @RequiresRole(role=Role.ADMINISTRATOR)
+    @RequiresRole(role=Role.TRUSTED_USER)
     public void delete(@PathParam("clientId") String clientId) {
         try {
             getIDMClient().deleteOIDCClient(this.tenant, clientId);
@@ -177,7 +177,7 @@ public void delete(@PathParam("clientId") String clientId) {
      */
     @PUT @Path("/{clientId}")
     @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
-    @RequiresRole(role=Role.ADMINISTRATOR)
+    @RequiresRole(role=Role.TRUSTED_USER)
     public OIDCClientDTO update(@PathParam("clientId") String clientId, OIDCClientMetadataDTO oidcClientMetadataDTO) {
         try {
             OIDCClientDTO oidcClientDTO = new OIDCClientDTO.Builder().
diff --git a/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/TenantResource.java b/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/TenantResource.java
index a066884c2..5e6117997 100644
--- a/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/TenantResource.java
+++ b/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/TenantResource.java
@@ -108,8 +108,7 @@ public TenantResource(@Context ContainerRequestContext request, @Context Securit
     /**
      * Creates new tenant
      *
-     * @param tenantName Name of tenant to create
-     * @param longTenantName (Optional - long name of tenant )
+     * @param tenant The new tenant to be created
      * @return
      * <code> 200 </code> If tenant was created successfully.
      * <code> 500 </code> Otherwise
@@ -120,21 +119,23 @@ public TenantResource(@Context ContainerRequestContext request, @Context Securit
     @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
     @RequiresRole(role = Role.ADMINISTRATOR)
     public TenantDTO create(TenantDTO tenantDTO) {
-
-        Validate.notNull(tenantDTO.getCredentials(), sm.getString("valid.not.null", "tenant credentials"));
-        Validate.notEmpty(tenantDTO.getCredentials().getCertificates(), sm.getString("valid.not.empty", "trusted certificates"));
-        Validate.notNull(tenantDTO.getCredentials().getPrivateKey(), sm.getString("valid.not.null", "signing certificate"));
         try {
             // Create tenant
             Tenant tenantToCreate = TenantMapper.getTenant(tenantDTO);
             PrincipalId adminId = PrincipalUtil.fromName(tenantDTO.getUsername());
             getIDMClient().addTenant(tenantToCreate, adminId.getName(), tenantDTO.getPassword().toCharArray());
 
-            // Set tenant credentials (signing + trusted certs) to above created tenant
             try {
-                List<CertificateDTO> signatureCerts = tenantDTO.getCredentials().getCertificates();
-                PrivateKeyDTO tenantPrivateKey = tenantDTO.getCredentials().getPrivateKey();
-                getIDMClient().setTenantCredentials(tenantDTO.getName(), CertificateMapper.getCertificates(signatureCerts), tenantPrivateKey.getPrivateKey());
+                if (tenantDTO.getCredentials() == null || tenantDTO.getCredentials().getCertificates() == null || tenantDTO.getCredentials().getPrivateKey() == null) {
+                    log.info("Attempting to create tenant with no provided credentials - using root credentials instead");
+                    getIDMClient().setTenantCredentials(tenantDTO.getName());
+                } else {
+                    log.info("Attempting to create tenant with user provided credentials");
+                    // Set tenant credentials (signing + trusted certs) to above created tenant
+                    List<CertificateDTO> signatureCerts = tenantDTO.getCredentials().getCertificates();
+                    PrivateKeyDTO tenantPrivateKey = tenantDTO.getCredentials().getPrivateKey();
+                    getIDMClient().setTenantCredentials(tenantDTO.getName(), CertificateMapper.getCertificates(signatureCerts), tenantPrivateKey.getPrivateKey());
+                }
             } catch (Exception e) {
                 // Exception occurred while setting credentials - delete the tenant we created so it
                 // doesn't wind up in a bizarre state
diff --git a/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/UserResource.java b/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/UserResource.java
index 1a576b5de..25e3394ba 100644
--- a/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/UserResource.java
+++ b/vmidentity/rest/idm/server/src/main/java/com/vmware/identity/rest/idm/server/resources/UserResource.java
@@ -17,11 +17,8 @@
 import java.util.Collections;
 import java.util.Set;
 
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
-import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
@@ -38,7 +35,6 @@
 import com.vmware.identity.idm.InvalidPrincipalException;
 import com.vmware.identity.idm.NoSuchIdpException;
 import com.vmware.identity.idm.NoSuchTenantException;
-import com.vmware.identity.idm.PasswordPolicyViolationException;
 import com.vmware.identity.idm.PersonUser;
 import com.vmware.identity.idm.PrincipalId;
 import com.vmware.identity.rest.core.server.authorization.Role;
@@ -48,12 +44,9 @@
 import com.vmware.identity.rest.core.server.exception.client.NotFoundException;
 import com.vmware.identity.rest.core.server.exception.server.InternalServerErrorException;
 import com.vmware.identity.rest.core.server.util.PrincipalUtil;
-import com.vmware.identity.rest.core.server.util.Validate;
 import com.vmware.identity.rest.idm.data.GroupDTO;
-import com.vmware.identity.rest.idm.data.PrincipalDTO;
 import com.vmware.identity.rest.idm.data.UserDTO;
 import com.vmware.identity.rest.idm.server.mapper.GroupMapper;
-import com.vmware.identity.rest.idm.server.mapper.PrincipalMapper;
 import com.vmware.identity.rest.idm.server.mapper.UserMapper;
 import com.vmware.identity.rest.idm.server.util.Config;
 
@@ -74,60 +67,6 @@ public UserResource(String tenant, @Context ContainerRequestContext request, @Co
         super(tenant, request, Config.LOCALIZATION_PACKAGE_NAME, securityContext);
     }
 
-    /**
-     * Creates FSP(Foreign Security Principal) or external IDP user for a provided tenant
-     * @param externalUser Details of the FSP user to be created.
-     * @return true On successfull creation of external user.
-     *         false On failure
-     */
-    @POST
-    @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON)
-    @RequiresRole(role=Role.ADMINISTRATOR)
-    public Boolean createExternalUser(PrincipalDTO externalUser) {
-        Boolean registrationStatus = false;
-        try {
-            PrincipalId externalUserId = PrincipalMapper.getPrincipal(externalUser);
-            registrationStatus = getIDMClient().registerThirdPartyIDPUser(getTenant(), externalUserId);
-            return registrationStatus;
-        } catch (NoSuchTenantException e) {
-            log.debug("Failed to create external IDP user(FSP) '{}'", externalUser.getName(), e);
-            throw new NotFoundException(sm.getString("ec.404"), e);
-        } catch (PasswordPolicyViolationException | DTOMapperException | InvalidArgumentException | InvalidPrincipalException | NoSuchIdpException e) {
-            log.debug("Failed to create external IDP user(FSP) '{}' on tenant '{}' due to a client side error", externalUser.getName(), tenant, e);
-            throw new BadRequestException(sm.getString("res.user.create.failed", externalUser.getName(), tenant), e);
-        } catch (Exception e) {
-            log.error("Failed to create external IDP user(FSP) '{}' on tenant '{}' due to a server side error", externalUser.getName(), tenant, e);
-            throw new InternalServerErrorException(sm.getString("ec.500"), e);
-        }
-    }
-
-    /**
-     * Deletes FSP(Foreign Security Principal) or external IDP user for a given tenant
-     *
-     * @param name Username of third party user to be deleted.
-     * @return
-     *      Return 200 (OK) if update operation succeeds.
-     *      Return 500 (Internal Server Error) if update operation fails.
-     */
-    @DELETE @Path("/{userName}")
-    @RequiresRole(role=Role.ADMINISTRATOR)
-    public void delete(@PathParam("userName") String name) {
-        PrincipalId id = PrincipalUtil.fromName(name);
-        Validate.isTrue(getSystemDomain().equalsIgnoreCase(id.getDomain()), sm.getString("valid.not.systemdomain", id.getDomain(), tenant));
-        try {
-            getIDMClient().removeThirdPartyIDPUser(getTenant(), id);
-        } catch (NoSuchTenantException | InvalidPrincipalException e) {
-            log.debug("Failed to delete external IDP user (FSP) '{}' from tenant '{}'", name, tenant, e);
-            throw new NotFoundException(sm.getString("ec.404"), e);
-        } catch (InvalidArgumentException e) {
-            log.debug("Failed to delete external IDP user (FSP) '{}' from tenant '{}' due to a client side error", name, tenant, e);
-            throw new BadRequestException(sm.getString("res.user.delete.failed", name, tenant), e);
-        } catch (Exception e) {
-            log.error("Failed to delete external IDP user (FSP) '{}' from tenant '{}' due to a server side error", name, tenant, e);
-            throw new InternalServerErrorException(sm.getString("ec.500"), e);
-        }
-    }
-
     /**
      * Get the details of the given user
      *
diff --git a/vmidentity/rest/pom.xml b/vmidentity/rest/pom.xml
index 64111b8bb..b08c0ec32 100644
--- a/vmidentity/rest/pom.xml
+++ b/vmidentity/rest/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.identity.rest</groupId>
diff --git a/vmidentity/rest/vmdir/client/pom.xml b/vmidentity/rest/vmdir/client/pom.xml
index cb7fc53ac..a94fe10db 100644
--- a/vmidentity/rest/vmdir/client/pom.xml
+++ b/vmidentity/rest/vmdir/client/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.vmdir.rest</groupId>
     <artifactId>vmware-directory-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-directory-rest-client</artifactId>
diff --git a/vmidentity/rest/vmdir/common/pom.xml b/vmidentity/rest/vmdir/common/pom.xml
index 79e3aba53..48f335649 100644
--- a/vmidentity/rest/vmdir/common/pom.xml
+++ b/vmidentity/rest/vmdir/common/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>com.vmware.vmdir.rest</groupId>
     <artifactId>vmware-directory-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-directory-rest-common</artifactId>
diff --git a/vmidentity/rest/vmdir/pom.xml b/vmidentity/rest/vmdir/pom.xml
index 6e1750ddf..0c4f013c8 100644
--- a/vmidentity/rest/vmdir/pom.xml
+++ b/vmidentity/rest/vmdir/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>com.vmware.identity.rest</groupId>
     <artifactId>vmware-identity-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <groupId>com.vmware.vmdir.rest</groupId>
diff --git a/vmidentity/rest/vmdir/server/pom.xml b/vmidentity/rest/vmdir/server/pom.xml
index 91496acf0..3e4e74b26 100644
--- a/vmidentity/rest/vmdir/server/pom.xml
+++ b/vmidentity/rest/vmdir/server/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.vmdir.rest</groupId>
     <artifactId>vmware-directory-rest</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-directory-rest-server</artifactId>
diff --git a/vmidentity/rest/vmdir/server/src/main/java/com/vmware/directory/rest/server/resources/UserResource.java b/vmidentity/rest/vmdir/server/src/main/java/com/vmware/directory/rest/server/resources/UserResource.java
index d934de56b..ddf95b5fa 100644
--- a/vmidentity/rest/vmdir/server/src/main/java/com/vmware/directory/rest/server/resources/UserResource.java
+++ b/vmidentity/rest/vmdir/server/src/main/java/com/vmware/directory/rest/server/resources/UserResource.java
@@ -135,7 +135,7 @@ public UserDTO get(@PathParam("userName") String name) {
         try {
             PersonUser idmPersonUser = getIDMClient().findPersonUser(tenant, id);
             if (idmPersonUser == null) {
-                throw new InvalidPrincipalException(String.format("User '%s' does not exist in tenant '%s'", name, tenant));
+                throw new InvalidPrincipalException(String.format("User '%s' does not exist in tenant '%s'", name, tenant), name);
             }
             return UserMapper.getUserDTO(idmPersonUser, includePasswordDetails(name));
         } catch (NoSuchIdpException | NoSuchTenantException | InvalidPrincipalException e) {
diff --git a/vmidentity/samlauthority/pom.xml b/vmidentity/samlauthority/pom.xml
index fa3d6709e..73964414c 100644
--- a/vmidentity/samlauthority/pom.xml
+++ b/vmidentity/samlauthority/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>samlauthority</artifactId>
@@ -45,6 +45,11 @@
       <artifactId>bcprov-jdk15on</artifactId>
       <version>${bouncycastle.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-beanutils</groupId>
+      <artifactId>commons-beanutils</artifactId>
+      <version>${commons.beanutils.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
@@ -55,6 +60,11 @@
       <artifactId>commons-collections</artifactId>
       <version>${commons.collection.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-fileupload</groupId>
+      <artifactId>commons-fileupload</artifactId>
+      <version>${commons.fileupload.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-httpclient</groupId>
       <artifactId>commons-httpclient</artifactId>
@@ -64,6 +74,12 @@
       <groupId>org.owasp.esapi</groupId>
       <artifactId>esapi</artifactId>
       <version>${esapi.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>net.jcip</groupId>
@@ -123,7 +139,7 @@
     <dependency>
       <groupId>org.opensaml</groupId>
       <artifactId>xmltooling</artifactId>
-      <version>1.3.4</version>
+      <version>${xml.tooling.version}</version>
     </dependency>
 
     <!-- Logger Dependencies -->
diff --git a/vmidentity/service/pom.xml b/vmidentity/service/pom.xml
index 921c87ab6..d7158e04a 100644
--- a/vmidentity/service/pom.xml
+++ b/vmidentity/service/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>ROOT</artifactId>
@@ -102,6 +102,22 @@
       <artifactId>vmware-directory-rest-server</artifactId>
       <version>${vmware.version}</version>
     </dependency>
+ <!-- Jackson Dependencies -->
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-databind</artifactId>
+      <version>${jackson.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-core</artifactId>
+      <version>${jackson.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.fasterxml.jackson.core</groupId>
+      <artifactId>jackson-annotations</artifactId>
+      <version>${jackson.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.cloudfoundry.identity</groupId>
       <artifactId>cloudfoundry-identity-uaa</artifactId>
diff --git a/vmidentity/service/src/main/webapp/WEB-INF/views/unpentry.jsp b/vmidentity/service/src/main/webapp/WEB-INF/views/unpentry.jsp
index 77328415d..4a85a0fce 100755
--- a/vmidentity/service/src/main/webapp/WEB-INF/views/unpentry.jsp
+++ b/vmidentity/service/src/main/webapp/WEB-INF/views/unpentry.jsp
@@ -58,34 +58,34 @@
 
    </script>
 
-   <script type="text/javascript" src="/resources/js/assets/csd_api_common.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_connection.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_base.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_factory.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_config.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_logging.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_session.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_sspi.js"></script>
-   <script type="text/javascript" src="/resources/js/assets/csd_api_sso.js"></script>
-
-   <script type="text/javascript" src="/resources/js/Base64.js"></script>
-   <script type="text/javascript" src="/resources/js/VmrcPluginUtil.js"></script>
-   <script type="text/javascript" src="/resources/js/jquery-2.1.4.min.js"></script>
-   <script type="text/javascript" src="/resources/js/jquery-ui.min.js"></script>
-   <script type="text/javascript" src="/resources/js/websso.js"></script>
-
-   <link rel="icon" type="image/x-icon" href="/resources/img/favicon.ico" />
-   <link rel="SHORTCUT ICON" href="/resources/img/favicon.ico" />
-   <link rel="stylesheet" type="text/css" href="/resources/css/jquery-ui.min.css">
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_common.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_connection.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_base.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_factory.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_config.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_logging.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_session.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_sspi.js"></script>
+   <script type="text/javascript" src="../../resources/js/assets/csd_api_sso.js"></script>
+
+   <script type="text/javascript" src="../../resources/js/Base64.js"></script>
+   <script type="text/javascript" src="../../resources/js/VmrcPluginUtil.js"></script>
+   <script type="text/javascript" src="../../resources/js/jquery-2.1.4.min.js"></script>
+   <script type="text/javascript" src="../../resources/js/jquery-ui.min.js"></script>
+   <script type="text/javascript" src="../../resources/js/websso.js"></script>
+
+   <link rel="icon" type="image/x-icon" href="../../resources/img/favicon.ico" />
+   <link rel="SHORTCUT ICON" href="../../resources/img/favicon.ico" />
+   <link rel="stylesheet" type="text/css" href="../../resources/css/jquery-ui.min.css">
 </head>
 <body>
 
 <script type="text/javascript">
     if (!isVCLogin()) {
-        document.write('<link rel="stylesheet" type="text/css" href="/resources/css/login_generic.css">');
+        document.write('<link rel="stylesheet" type="text/css" href="../../resources/css/login_generic.css">');
     }
     else {
-        document.write('<link rel="stylesheet" type="text/css" href="/resources/css/login.css">');
+        document.write('<link rel="stylesheet" type="text/css" href="../../resources/css/login.css">');
     }
 </script>
 
@@ -96,11 +96,11 @@
 //var _cspId = createCspPluginObject();
 
 if (isVCLogin()) {
-    document.write("<img id=\"topSplash\" src=\"/resources/img/AppBgPattern.png\"/>");
-
-    document.write("<img id=\"brand\" src=\"/resources/img/vmwareLogoBigger.png\" />");
+    document.write("<img id=\"topSplash\" src=\"../../resources/img/AppBgPattern.png\"/>");
+    document.write("<img id=\"brand\" src=\"../../resources/img/vmwareLogoBigger.png\" />");
 }
 else {
+    document.write("<p id=\"welcomeText\">Welcome to</p>");
     document.write("<p id=\"tenantBrand\">"+tenant_brandname+"</p>");
 }
 
@@ -108,6 +108,7 @@ else {
 </script>
 <div id="bg-banner"></div>
 <div id="loginForm">
+   <span>Please sign-in here</span>
    <p id="usernameID" class="loginRow" >
       <span class="loginLabel">${username}:</span>
       <input id="username" class="margeTextInput" type="text" placeholder="${username_placeholder}"/>
@@ -140,11 +141,11 @@ else {
 <div id="productName">
    <script type="text/javascript">
         if (isVCLogin()) {
-           document.write("<img id=\"VCSSO-Title\" src=\"/resources/img/VCSSO-title.png\" />");
+           document.write("<img id=\"VCSSO-Title\" src=\"../../resources/img/VCSSO-title.png\" />");
            }
    </script>
    <div id="response" style="display:none"></div>
-   <div id="progressBar" style="display:none"><img src="/resources/img/Marge-anim-progressbar.gif"></div>
+   <div id="progressBar" style="display:none"><img src="../../resources/img/Marge-anim-progressbar.gif"></div>
 </div>
 
 <div id="footer" class="footer">
diff --git a/vmidentity/service/src/main/webapp/resources/css/login_generic.css b/vmidentity/service/src/main/webapp/resources/css/login_generic.css
index 0a7389995..ab4c8b8d2 100644
--- a/vmidentity/service/src/main/webapp/resources/css/login_generic.css
+++ b/vmidentity/service/src/main/webapp/resources/css/login_generic.css
@@ -28,6 +28,16 @@ input [type=checkbox] {
  border: 1px solid black;
 }
 
+#welcomeText {
+   position: absolute;
+   top: 180px;
+   left: 96px;
+   font-size: 20px;
+   line-height: 12px;
+   margin-top: 24px;
+   font-weight: 200;
+   color: black;
+}
 
 #tenantBrand {
    position: absolute;
@@ -41,7 +51,7 @@ input [type=checkbox] {
 }
 
 #loginForm {
-   width: 312px;
+   width: 280px;
    position: relative;
    margin-left:96px;
    top:308px;
@@ -369,4 +379,4 @@ input [type=checkbox] {
   -ms-hyphens: auto;
   -moz-hyphens: auto;
   hyphens: auto;
-}
\ No newline at end of file
+}
diff --git a/vmidentity/service/src/main/webapp/resources/img/favicon.ico b/vmidentity/service/src/main/webapp/resources/img/favicon.ico
index ab4b5802e..2ebdba1e7 100644
Binary files a/vmidentity/service/src/main/webapp/resources/img/favicon.ico and b/vmidentity/service/src/main/webapp/resources/img/favicon.ico differ
diff --git a/vmidentity/service/src/main/webapp/resources/js/websso.js b/vmidentity/service/src/main/webapp/resources/js/websso.js
index eae318cf9..bfc660f0f 100644
--- a/vmidentity/service/src/main/webapp/resources/js/websso.js
+++ b/vmidentity/service/src/main/webapp/resources/js/websso.js
@@ -90,16 +90,8 @@
       }
 
       //Remove windows session or smartcard authn checkbox if the corresponding authn type was not turned on
-      if (windows_auth == "false") {
-         var sspiEle = document.getElementById("sessionID");
-         sspiEle.parentNode.removeChild(sspiEle);
-      } else {
-         //disbable username pw field when password authn is not available
-         if (password_auth == "false" && rsa_am_auth == "false" && tlsclient_auth == "false") {
-             $('#username').prop('disabled',true);
-             $('#password').prop('disabled',true);
-         }
-      }
+      var sspiEle = document.getElementById("sessionID");
+      sspiEle.parentNode.removeChild(sspiEle);
 
       if (rsa_am_auth == "false") {
           var rsaamIDEle = document.getElementById("rsaamID");
diff --git a/vmidentity/sso-config/pom.xml b/vmidentity/sso-config/pom.xml
index 2a8401b5c..00f8feb9e 100644
--- a/vmidentity/sso-config/pom.xml
+++ b/vmidentity/sso-config/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-sso-config</artifactId>
diff --git a/vmidentity/sso-config/src/main/java/com/vmware/identity/ssoconfig/SsoConfig.java b/vmidentity/sso-config/src/main/java/com/vmware/identity/ssoconfig/SsoConfig.java
index 8350dae8f..87ee37e59 100644
--- a/vmidentity/sso-config/src/main/java/com/vmware/identity/ssoconfig/SsoConfig.java
+++ b/vmidentity/sso-config/src/main/java/com/vmware/identity/ssoconfig/SsoConfig.java
@@ -760,15 +760,16 @@ private static String getTcStsInstanceConfDir() {
                 : tomcatConfLocation;
     }
 
-    // Decision factor : The RPM name is vmware-sts in lightwave and vmware-identity-sts in Vsphere.
+    // Decision factor : The RPM name is lightwave in lightwave and vmware-identity-sts in Vsphere.
     // TODO : Add the product release in registry entry.
+    // TODO : Add support for non-RPM package Linux distributions
     private static boolean isLightwave() {
 
         boolean lightwave = true;
         String rpmInfo = null;
         Process p = null;
         try{
-            p = Runtime.getRuntime().exec("rpm -qa vmware-sts");
+            p = Runtime.getRuntime().exec("rpm -qa lightwave");
             try (BufferedReader reader = new BufferedReader(new InputStreamReader(
                     p.getInputStream()))) {
                 rpmInfo = reader.readLine();
diff --git a/vmidentity/ssoclients/common/include/common.h b/vmidentity/ssoclients/common/include/common.h
index da8f64983..a03553d6f 100644
--- a/vmidentity/ssoclients/common/include/common.h
+++ b/vmidentity/ssoclients/common/include/common.h
@@ -17,15 +17,27 @@
 
 // SSO_HTTP_CLIENT
 
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
 SSOERROR
 SSOHttpClientGlobalInit();
 
+// this function is not thread safe. Call it right before process exit
 void
 SSOHttpClientGlobalCleanup();
 
+// make sure you call SSOHttpClientGlobalInit once per process before calling this
 SSOERROR
 SSOHttpClientNew(
-    PSSO_HTTP_CLIENT* pp);
+    PSSO_HTTP_CLIENT* pp,
+    PCSTRING pszTlsCAPath /* OPT, NULL means skip TLS validation */);
 
 void
 SSOHttpClientDelete(
@@ -208,10 +220,6 @@ SSOStringEqual(
     PCSTRING psz1, /* OPT */
     PCSTRING psz2  /* OPT */);
 
-void
-SSOStringFree(
-    PSTRING psz /* OPT */);
-
 void
 SSOStringFreeAndClear(
     PSTRING psz /* OPT */);
@@ -261,6 +269,11 @@ SSOJsonIsObject(
     PCSSO_JSON pJson,
     bool* pBool);
 
+SSOERROR
+SSOJsonIsArray(
+    PCSSO_JSON pJson,
+    bool* pBool);
+
 SSOERROR
 SSOJsonObjectSize(
     PCSSO_JSON pJson,
@@ -407,6 +420,12 @@ SSOJwtHasClaim(
     PCSTRING pszKey,
     bool* pHasClaim);
 
+SSOERROR
+SSOJwtHasArrayClaim(
+    PCSSO_JWT p,
+    PCSTRING pszKey,
+    bool* pHasClaim);
+
 SSOERROR
 SSOJwtVerifySignature(
     PCSSO_JWT p,
diff --git a/vmidentity/ssoclients/common/include/defines.h b/vmidentity/ssoclients/common/include/defines.h
index e0ba71264..ce5dfeda5 100644
--- a/vmidentity/ssoclients/common/include/defines.h
+++ b/vmidentity/ssoclients/common/include/defines.h
@@ -21,6 +21,9 @@
 #define BAIL_ON_NULL_ARGUMENT(x) \
     { if (NULL == (x)) { fprintf(stderr, "NULL argument! variable [%s] in function [%s]", #x, __FUNCTION__); e = SSOERROR_INVALID_ARGUMENT; goto error; } }
 
+#define ASSERT_TRUE(x) \
+    { if (!(x)) { fprintf(stderr, "assertion violation! expression [%s] in function [%s]", #x, __FUNCTION__); } }
+
 #define ASSERT_NOT_NULL(x) \
     { if (NULL == (x)) { fprintf(stderr, "NULL argument! variable [%s] in function [%s]", #x, __FUNCTION__); } }
 
diff --git a/vmidentity/ssoclients/common/include/public/Makefile.am b/vmidentity/ssoclients/common/include/public/Makefile.am
index 0fc89174a..24146b77d 100644
--- a/vmidentity/ssoclients/common/include/public/Makefile.am
+++ b/vmidentity/ssoclients/common/include/public/Makefile.am
@@ -1,3 +1,4 @@
 ssoclientsincludedir=$(includedir)
 ssoclientsinclude_HEADERS=ssoerrors.h \
-                          ssotypes.h
+                          ssotypes.h \
+                          ssocommon.h
diff --git a/vmidentity/ssoclients/common/include/public/ssocommon.h b/vmidentity/ssoclients/common/include/public/ssocommon.h
new file mode 100644
index 000000000..1daf46478
--- /dev/null
+++ b/vmidentity/ssoclients/common/include/public/ssocommon.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright © 2012-2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _SSOCOMMON_H_
+#define _SSOCOMMON_H_
+
+extern const PCSTRING LIGHTWAVE_TLS_CA_PATH;
+
+void
+SSOStringFree(
+    PSTRING psz /* OPT */);
+
+PCSTRING
+SSOErrorToString(
+    SSOERROR code);
+
+#endif
diff --git a/vmidentity/ssoclients/common/include/public/ssoerrors.h b/vmidentity/ssoclients/common/include/public/ssoerrors.h
index 796685655..2e48a39e9 100644
--- a/vmidentity/ssoclients/common/include/public/ssoerrors.h
+++ b/vmidentity/ssoclients/common/include/public/ssoerrors.h
@@ -55,8 +55,4 @@
 #define SSOERROR_REST_SERVER_INVALID_REQUEST            208
 #define SSOERROR_REST_SERVER_INVALID_TOKEN              209
 
-PCSTRING
-SSOErrorToString(
-    SSOERROR code);
-
 #endif
diff --git a/vmidentity/ssoclients/common/src/Makefile.am b/vmidentity/ssoclients/common/src/Makefile.am
index eaf76fe92..773fbaad0 100644
--- a/vmidentity/ssoclients/common/src/Makefile.am
+++ b/vmidentity/ssoclients/common/src/Makefile.am
@@ -16,12 +16,12 @@ libssocommon_la_SOURCES = \
     errors.c
 
 libssocommon_la_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public \
+    -I$(top_srcdir)/vmafd/include/public \
     @JANSSON_INCLUDES@ \
     @CURL_INCLUDES@ \
     @OPENSSL_INCLUDES@ \
-    @VMAFD_INCLUDES@ \
     @LW_INCLUDES@
 
 libssocommon_la_LIBADD = \
diff --git a/vmidentity/ssoclients/common/src/http_client.c b/vmidentity/ssoclients/common/src/http_client.c
index 4b77fd5dd..8d5f6da52 100644
--- a/vmidentity/ssoclients/common/src/http_client.c
+++ b/vmidentity/ssoclients/common/src/http_client.c
@@ -14,6 +14,9 @@
 
 #include "includes.h"
 
+// keep this in sync with LIGHTWAVE_TLS_CA_PATH in oidc_client.go
+const PCSTRING LIGHTWAVE_TLS_CA_PATH = "/etc/ssl/certs/";
+
 static
 SSOERROR
 SSOHttpClientSetCurlOptionInt(
@@ -107,6 +110,15 @@ SSOHttpClientBuildForm(
     return e;
 }
 
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
 SSOERROR
 SSOHttpClientGlobalInit()
 {
@@ -123,15 +135,18 @@ SSOHttpClientGlobalInit()
     return e;
 }
 
+// this function is not thread safe. Call it right before process exit
 void
 SSOHttpClientGlobalCleanup()
 {
     curl_global_cleanup();
 }
 
+// make sure you call SSOHttpClientGlobalInit once per process before calling this
 SSOERROR
 SSOHttpClientNew(
-    PSSO_HTTP_CLIENT* pp)
+    PSSO_HTTP_CLIENT* pp,
+    PCSTRING pszTlsCAPath /* OPT, NULL means skip TLS validation */)
 {
     SSOERROR e = SSOERROR_NONE;
     PSSO_HTTP_CLIENT p = NULL;
@@ -148,6 +163,12 @@ SSOHttpClientNew(
         BAIL_ON_ERROR(e);
     }
 
+    if (pszTlsCAPath != NULL)
+    {
+        e = SSOStringAllocate(pszTlsCAPath, &p->pszTlsCAPath);
+        BAIL_ON_ERROR(e);
+    }
+
     *pp = p;
 
 error:
@@ -168,6 +189,7 @@ SSOHttpClientDelete(
         {
             curl_easy_cleanup(p->pCurl);
         }
+        SSOStringFree(p->pszTlsCAPath);
         SSOMemoryFree(p, sizeof(SSO_HTTP_CLIENT));
     }
 }
@@ -233,10 +255,24 @@ SSOHttpClientSend(
     BAIL_ON_ERROR(e);
     e = SSOHttpClientSetCurlOptionPointer(p, CURLOPT_HTTPHEADER, pHeaderList);
     BAIL_ON_ERROR(e);
-    e = SSOHttpClientSetCurlOptionInt(p, CURLOPT_SSL_VERIFYPEER, 0); // TODO: enable TLS verification
-    BAIL_ON_ERROR(e);
-    e = SSOHttpClientSetCurlOptionInt(p, CURLOPT_SSL_VERIFYHOST, 0);
-    BAIL_ON_ERROR(e);
+
+    if (p->pszTlsCAPath != NULL)
+    {
+        e = SSOHttpClientSetCurlOptionInt(p, CURLOPT_SSL_VERIFYPEER, 1); // 1 means verify
+        BAIL_ON_ERROR(e);
+        e = SSOHttpClientSetCurlOptionInt(p, CURLOPT_SSL_VERIFYHOST, 2); // 2 means verify (cert subject or san matches name in url)
+        BAIL_ON_ERROR(e);
+        e = SSOHttpClientSetCurlOptionPointer(p, CURLOPT_CAPATH, p->pszTlsCAPath);
+        BAIL_ON_ERROR(e);
+    }
+    else
+    {
+        // skip TLS validation
+        e = SSOHttpClientSetCurlOptionInt(p, CURLOPT_SSL_VERIFYPEER, 0);
+        BAIL_ON_ERROR(e);
+        e = SSOHttpClientSetCurlOptionInt(p, CURLOPT_SSL_VERIFYHOST, 0);
+        BAIL_ON_ERROR(e);
+    }
 
     code = curl_easy_perform(p->pCurl);
     if (code != CURLE_OK)
diff --git a/vmidentity/ssoclients/common/src/includes.h b/vmidentity/ssoclients/common/src/includes.h
index 45dd3e1ec..1b0819049 100644
--- a/vmidentity/ssoclients/common/src/includes.h
+++ b/vmidentity/ssoclients/common/src/includes.h
@@ -37,6 +37,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // headers from components the current component depends on
 
diff --git a/vmidentity/ssoclients/common/src/json.c b/vmidentity/ssoclients/common/src/json.c
index 3fd127ed6..42889c2a0 100644
--- a/vmidentity/ssoclients/common/src/json.c
+++ b/vmidentity/ssoclients/common/src/json.c
@@ -290,6 +290,26 @@ SSOJsonIsObject(
     return e;
 }
 
+SSOERROR
+SSOJsonIsArray(
+    PCSSO_JSON pJson,
+    bool* pBool)
+{
+    SSOERROR e = SSOERROR_NONE;
+
+    if (pJson == NULL || pBool == NULL)
+    {
+        e = SSOERROR_INVALID_ARGUMENT;
+        BAIL_ON_ERROR(e);
+    }
+
+    *pBool = json_is_array(pJson->pJson_t) != 0;
+
+    error:
+
+    return e;
+}
+
 SSOERROR
 SSOJsonObjectSize(
     PCSSO_JSON pJson,
diff --git a/vmidentity/ssoclients/common/src/jwt.c b/vmidentity/ssoclients/common/src/jwt.c
index e0ed0ca1e..c9283b299 100644
--- a/vmidentity/ssoclients/common/src/jwt.c
+++ b/vmidentity/ssoclients/common/src/jwt.c
@@ -360,6 +360,35 @@ SSOJwtHasClaim(
     return e;
 }
 
+SSOERROR
+SSOJwtHasArrayClaim(
+    PCSSO_JWT p,
+    PCSTRING pszKey,
+    bool* pHasClaim)
+{
+    SSOERROR e = SSOERROR_NONE;
+    bool isArray = false;
+    PSSO_JSON pJsonValue = NULL;
+
+    ASSERT_NOT_NULL(p);
+    ASSERT_NOT_NULL(pszKey);
+    ASSERT_NOT_NULL(pHasClaim);
+
+    e = SSOJsonObjectGet(p->pJsonPayload, pszKey, &pJsonValue);
+    BAIL_ON_ERROR(e);
+
+    e = SSOJsonIsArray(pJsonValue, &isArray);
+    BAIL_ON_ERROR(e);
+
+    *pHasClaim = isArray;
+
+error:
+
+    SSOJsonDelete(pJsonValue);
+
+    return e;
+}
+
 SSOERROR
 SSOJwtVerifySignature(
     PCSSO_JWT p,
diff --git a/vmidentity/ssoclients/common/src/structs.h b/vmidentity/ssoclients/common/src/structs.h
index 3b9750575..b3554fe2b 100644
--- a/vmidentity/ssoclients/common/src/structs.h
+++ b/vmidentity/ssoclients/common/src/structs.h
@@ -18,6 +18,7 @@
 typedef struct SSO_HTTP_CLIENT
 {
     CURL* pCurl;
+    PSTRING pszTlsCAPath;
 } SSO_HTTP_CLIENT;
 
 typedef struct SSO_KEY_VALUE_PAIR
diff --git a/vmidentity/ssoclients/common/test/Makefile.am b/vmidentity/ssoclients/common/test/Makefile.am
index 1310fa700..49e70865c 100644
--- a/vmidentity/ssoclients/common/test/Makefile.am
+++ b/vmidentity/ssoclients/common/test/Makefile.am
@@ -5,8 +5,16 @@ ssocommontest_SOURCES = \
     test_cases.c
 
 ssocommontest_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/
 
 ssocommontest_LDADD = \
-    @top_builddir@/ssoclients/common/src/libssocommon.la
+    @top_builddir@/vmidentity/ssoclients/common/src/libssocommon.la \
+    @JANSSON_LIBS@ \
+    @CURL_LIBS@ \
+    @CRYPTO_LIBS@
+
+ssocommontest_LDFLAGS = \
+    @JANSSON_LDFLAGS@ \
+    @CURL_LDFLAGS@ \
+    @OPENSSL_LDFLAGS@
diff --git a/vmidentity/ssoclients/common/test/test_cases.h b/vmidentity/ssoclients/common/test/test_cases.h
index f275a79a1..2078cda9d 100644
--- a/vmidentity/ssoclients/common/test/test_cases.h
+++ b/vmidentity/ssoclients/common/test/test_cases.h
@@ -27,6 +27,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 bool
 TestStringAllocate();
diff --git a/vmidentity/ssoclients/oidc/include/public/oidc.h b/vmidentity/ssoclients/oidc/include/public/oidc.h
index b485a539e..5714f602e 100644
--- a/vmidentity/ssoclients/oidc/include/public/oidc.h
+++ b/vmidentity/ssoclients/oidc/include/public/oidc.h
@@ -17,24 +17,41 @@
 
 // OIDC_CLIENT
 
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
 SSOERROR
 OidcClientGlobalInit();
 
+// this function is not thread safe. Call it right before process exit
 void
 OidcClientGlobalCleanup();
 
+// make sure you call OidcClientGlobalInit once per process before calling this
+// on success, pp will be non-null, when done, OidcClientDelete it
+// psztlsCAPath: NULL means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
 SSOERROR
 OidcClientBuild(
     POIDC_CLIENT* pp,
     PCSTRING pszServer, // OPT: null means use HA to get affinitized host
     int portNumber,
     PCSTRING pszTenant,
-    SSO_LONG clockToleranceInSeconds);
+    PCSTRING pszClientID /* OPT */,
+    PCSTRING pszTlsCAPath /* OPT, see comment above */);
 
 void
 OidcClientDelete(
     POIDC_CLIENT p);
 
+// on success, ppOutTokenSuccessResponse will be non-null
+// on error, ppOutTokenErrorResponse might be non-null (it will carry error info returned by the server if any)
+// delete both when done, whether invocation is successful or not, using OidcTokenSuccessResponseDelete and OidcErrorResponseDelete
 SSOERROR
 OidcClientAcquireTokensByPassword(
     PCOIDC_CLIENT p,
@@ -44,6 +61,9 @@ OidcClientAcquireTokensByPassword(
     POIDC_TOKEN_SUCCESS_RESPONSE* ppOutTokenSuccessResponse, /* OUT */
     POIDC_ERROR_RESPONSE* ppOutTokenErrorResponse /* OUT */);
 
+// on success, ppOutTokenSuccessResponse will be non-null
+// on error, ppOutTokenErrorResponse might be non-null (it will carry error info returned by the server if any)
+// delete both when done, whether invocation is successful or not, using OidcTokenSuccessResponseDelete and OidcErrorResponseDelete
 SSOERROR
 OidcClientAcquireTokensByRefreshToken(
     PCOIDC_CLIENT p,
@@ -51,6 +71,9 @@ OidcClientAcquireTokensByRefreshToken(
     POIDC_TOKEN_SUCCESS_RESPONSE* ppOutTokenSuccessResponse, /* OUT */
     POIDC_ERROR_RESPONSE* ppOutTokenErrorResponse /* OUT */);
 
+// on success, ppOutTokenSuccessResponse will be non-null
+// on error, ppOutTokenErrorResponse might be non-null (it will carry error info returned by the server if any)
+// delete both when done, whether invocation is successful or not, using OidcTokenSuccessResponseDelete and OidcErrorResponseDelete
 SSOERROR
 OidcClientAcquireTokensBySolutionUserCredentials(
     PCOIDC_CLIENT p,
@@ -66,12 +89,16 @@ OidcClientGetSigningCertificatePEM(
 
 // OIDC_SERVER_METADATA
 
+// make sure you call OidcClientGlobalInit once per process before calling this
+// on success, pp will be non-null, when done, OidcServerMetadataDelete it
+// psztlsCAPath: NULL means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
 SSOERROR
 OidcServerMetadataAcquire(
     POIDC_SERVER_METADATA* pp,
     PCSTRING pszServer,
     int portNumber,
-    PCSTRING pszTenant);
+    PCSTRING pszTenant,
+    PCSTRING pszTlsCAPath /* OPT, see comment above */);
 
 void
 OidcServerMetadataDelete(
@@ -87,6 +114,7 @@ OidcServerMetadataGetSigningCertificatePEM(
 
 // OIDC_ID_TOKEN
 
+// (TODO) Deprecated
 SSOERROR
 OidcIDTokenBuild(
     POIDC_ID_TOKEN* pp,
@@ -95,10 +123,27 @@ OidcIDTokenBuild(
     PCSTRING pszIssuer, // not used for now
     SSO_LONG clockToleranceInSeconds);
 
+// on success, pp will be non-null, when done, OidcIDTokenDelete it
+SSOERROR
+OidcIDTokenParse(
+    POIDC_ID_TOKEN* pp,
+    PCSTRING psz);
+
+SSOERROR
+OidcIDTokenValidate(
+    POIDC_ID_TOKEN p,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    SSO_LONG clockToleranceInSeconds);
+
 void
 OidcIDTokenDelete(
     POIDC_ID_TOKEN p);
 
+OIDC_TOKEN_TYPE
+OidcIDTokenGetTokenType(
+    PCOIDC_ID_TOKEN p);
+
 PCSTRING
 OidcIDTokenGetIssuer(
     PCOIDC_ID_TOKEN p);
@@ -107,10 +152,21 @@ PCSTRING
 OidcIDTokenGetSubject(
     PCOIDC_ID_TOKEN p);
 
-PCSTRING
+void
 OidcIDTokenGetAudience(
+    PCOIDC_ID_TOKEN p,
+    const PSTRING** pppszAudience,
+    size_t* pAudienceSize);
+
+size_t
+OidcIDTokenGetAudienceSize(
     PCOIDC_ID_TOKEN p);
 
+PCSTRING
+OidcIDTokenGetAudienceEntry(
+    PCOIDC_ID_TOKEN p,
+    int index);
+
 SSO_LONG
 OidcIDTokenGetIssueTime(
     PCOIDC_ID_TOKEN p);
@@ -129,6 +185,19 @@ OidcIDTokenGetGroups(
     const PSTRING** pppszGroups,
     size_t* pGroupsSize);
 
+size_t
+OidcIDTokenGetGroupsSize(
+    PCOIDC_ID_TOKEN p);
+
+PCSTRING
+OidcIDTokenGetGroupsEntry(
+    PCOIDC_ID_TOKEN p,
+    int index);
+
+PCSTRING
+OidcIDTokenGetTenant(
+    PCOIDC_ID_TOKEN p);
+
 SSOERROR
 OidcIDTokenGetStringClaim(
     PCOIDC_ID_TOKEN p,
@@ -137,6 +206,7 @@ OidcIDTokenGetStringClaim(
 
 // OIDC_ACCESS_TOKEN
 
+// (TODO) Deprecated
 SSOERROR
 OidcAccessTokenBuild(
     POIDC_ACCESS_TOKEN* pp,
@@ -146,10 +216,28 @@ OidcAccessTokenBuild(
     PCSTRING pszResourceServerName,
     SSO_LONG clockToleranceInSeconds);
 
+// on success, pp will be non-null, when done, OidcAccessTokenDelete it
+SSOERROR
+OidcAccessTokenParse(
+    POIDC_ACCESS_TOKEN* pp,
+    PCSTRING psz);
+
+SSOERROR
+OidcAccessTokenValidate(
+    POIDC_ACCESS_TOKEN p,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    PCSTRING pszResourceServerName,
+    SSO_LONG clockToleranceInSeconds);
+
 void
 OidcAccessTokenDelete(
     POIDC_ACCESS_TOKEN p);
 
+OIDC_TOKEN_TYPE
+OidcAccessTokenGetTokenType(
+    PCOIDC_ACCESS_TOKEN p);
+
 PCSTRING
 OidcAccessTokenGetIssuer(
     PCOIDC_ACCESS_TOKEN p);
@@ -164,6 +252,15 @@ OidcAccessTokenGetAudience(
     const PSTRING** pppzAudience,
     size_t* pAudienceSize);
 
+size_t
+OidcAccessTokenGetAudienceSize(
+    PCOIDC_ACCESS_TOKEN p);
+
+PCSTRING
+OidcAccessTokenGetAudienceEntry(
+    PCOIDC_ACCESS_TOKEN p,
+    int index);
+
 SSO_LONG
 OidcAccessTokenGetIssueTime(
     PCOIDC_ACCESS_TOKEN p);
@@ -182,6 +279,19 @@ OidcAccessTokenGetGroups(
     const PSTRING** pppszGroups,
     size_t* pGroupsSize);
 
+size_t
+OidcAccessTokenGetGroupsSize(
+    PCOIDC_ACCESS_TOKEN p);
+
+PCSTRING
+OidcAccessTokenGetGroupsEntry(
+    PCOIDC_ACCESS_TOKEN p,
+    int index);
+
+PCSTRING
+OidcAccessTokenGetTenant(
+    PCOIDC_ACCESS_TOKEN p);
+
 SSOERROR
 OidcAccessTokenGetStringClaim(
     PCOIDC_ACCESS_TOKEN p,
@@ -194,7 +304,7 @@ void
 OidcTokenSuccessResponseDelete(
     POIDC_TOKEN_SUCCESS_RESPONSE p);
 
-PCOIDC_ID_TOKEN
+PCSTRING
 OidcTokenSuccessResponseGetIDToken(
     PCOIDC_TOKEN_SUCCESS_RESPONSE p);
 
@@ -212,6 +322,10 @@ void
 OidcErrorResponseDelete(
     POIDC_ERROR_RESPONSE p);
 
+PCSTRING
+OidcErrorResponseGetError(
+    PCOIDC_ERROR_RESPONSE p);
+
 PCSTRING
 OidcErrorResponseGetErrorDescription(
     PCOIDC_ERROR_RESPONSE p);
diff --git a/vmidentity/ssoclients/oidc/include/public/oidc_types.h b/vmidentity/ssoclients/oidc/include/public/oidc_types.h
index 11b2fa9b8..373dbae56 100644
--- a/vmidentity/ssoclients/oidc/include/public/oidc_types.h
+++ b/vmidentity/ssoclients/oidc/include/public/oidc_types.h
@@ -33,4 +33,9 @@ typedef const struct OIDC_ID_TOKEN* PCOIDC_ID_TOKEN;
 typedef       struct OIDC_ACCESS_TOKEN*  POIDC_ACCESS_TOKEN;
 typedef const struct OIDC_ACCESS_TOKEN* PCOIDC_ACCESS_TOKEN;
 
+typedef enum OIDC_TOKEN_TYPE {
+    OIDC_TOKEN_TYPE_BEARER,
+    OIDC_TOKEN_TYPE_HOK
+} OIDC_TOKEN_TYPE;
+
 #endif
diff --git a/vmidentity/ssoclients/oidc/oidc.def b/vmidentity/ssoclients/oidc/oidc.def
index ea0df59fb..13cafa974 100644
--- a/vmidentity/ssoclients/oidc/oidc.def
+++ b/vmidentity/ssoclients/oidc/oidc.def
@@ -3,6 +3,7 @@ LIBRARY "libssooidc"
 EXPORTS
 OidcAccessTokenBuild
 OidcAccessTokenParse
+OidcAccessTokenValidate
 OidcAccessTokenDelete
 OidcAccessTokenGetIssuer
 OidcAccessTokenGetSubject
@@ -21,10 +22,12 @@ OidcClientAcquireTokensBySolutionUserCredentials
 OidcClientGetSigningCertificatePEM
 OidcErrorResponseParse
 OidcErrorResponseDelete
+OidcErrorResponseGetError
 OidcErrorResponseGetErrorDescription
-OidcErrorResponseGetSSOErrorCode
+OidcErrorResponseGetErrorCode
 OidcIDTokenBuild
 OidcIDTokenParse
+OidcIDTokenValidate
 OidcIDTokenDelete
 OidcIDTokenGetIssuer
 OidcIDTokenGetSubject
diff --git a/vmidentity/ssoclients/oidc/src/Makefile.am b/vmidentity/ssoclients/oidc/src/Makefile.am
index 3c7a8108b..bb703e4c4 100644
--- a/vmidentity/ssoclients/oidc/src/Makefile.am
+++ b/vmidentity/ssoclients/oidc/src/Makefile.am
@@ -3,15 +3,16 @@ lib_LTLIBRARIES = libssooidc.la
 libssooidc_la_SOURCES = \
     oidc_client.c \
     oidc_server_metadata.c \
+    oidc_token.c \
     oidc_id_token.c \
     oidc_access_token.c \
     oidc_token_success_response.c \
     oidc_error_response.c
 
 libssooidc_la_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/oidc/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public/
 
 libssooidc_la_LIBADD = \
-    @top_builddir@/ssoclients/common/src/libssocommon.la
+    @top_builddir@/vmidentity/ssoclients/common/src/libssocommon.la
diff --git a/vmidentity/ssoclients/oidc/src/includes.h b/vmidentity/ssoclients/oidc/src/includes.h
index afd501a00..bc55bbfeb 100644
--- a/vmidentity/ssoclients/oidc/src/includes.h
+++ b/vmidentity/ssoclients/oidc/src/includes.h
@@ -33,6 +33,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // project public headers
 #include "oidc_types.h"
diff --git a/vmidentity/ssoclients/oidc/src/oidc_access_token.c b/vmidentity/ssoclients/oidc/src/oidc_access_token.c
index 4196a2140..f08895bc3 100644
--- a/vmidentity/ssoclients/oidc/src/oidc_access_token.c
+++ b/vmidentity/ssoclients/oidc/src/oidc_access_token.c
@@ -14,71 +14,29 @@
 
 #include "includes.h"
 
-static const SSO_LONG MAX_CLOCK_TOLERANCE_IN_SECONDS = 10 * 60; // 10 minutes
-
+// (TODO) Deprecated
 SSOERROR
 OidcAccessTokenBuild(
     POIDC_ACCESS_TOKEN* pp,
     PCSTRING psz,
     PCSTRING pszSigningCertificatePEM,
     PCSTRING pszIssuer, // not used for now
-    PCSTRING pszResourceServerName,
+    PCSTRING pszResourceServerName, /* OPT */
     SSO_LONG clockToleranceInSeconds)
 {
     SSOERROR e = SSOERROR_NONE;
     POIDC_ACCESS_TOKEN p = NULL;
-    time_t now = time(NULL);
-    bool validSignature = false;
-    bool resourceServerFound = false;
-    size_t i = 0;
-
-    ASSERT_NOT_NULL(pp);
-    ASSERT_NOT_NULL(psz);
-    ASSERT_NOT_NULL(pszSigningCertificatePEM);
-    // pszResourceServerName is nullable
 
-    if (clockToleranceInSeconds < 0 || clockToleranceInSeconds > MAX_CLOCK_TOLERANCE_IN_SECONDS)
-    {
-        e = SSOERROR_INVALID_ARGUMENT;
-        BAIL_ON_ERROR(e);
-    }
+    BAIL_ON_NULL_ARGUMENT(pp);
+    BAIL_ON_NULL_ARGUMENT(psz);
+    BAIL_ON_NULL_ARGUMENT(pszSigningCertificatePEM);
+    // pszResourceServerName is nullable
 
-    e = OidcAccessTokenParse(&p, psz);
+    e = SSOMemoryAllocate(sizeof(OIDC_ACCESS_TOKEN), (void**) &p);
     BAIL_ON_ERROR(e);
 
-    // validate signature
-    e = SSOJwtVerifySignature(p->pJwt, pszSigningCertificatePEM, &validSignature);
+    e = OidcTokenBuild(&p->pToken, psz, pszSigningCertificatePEM, pszIssuer, pszResourceServerName, clockToleranceInSeconds, "access_token");
     BAIL_ON_ERROR(e);
-    if (!validSignature)
-    {
-        e = SSOERROR_TOKEN_INVALID_SIGNATURE;
-        BAIL_ON_ERROR(e);
-    }
-
-    // validate resource server name appears in audience
-    if (pszResourceServerName != NULL)
-    {
-        for (i = 0; i < p->audienceSize; i++)
-        {
-            if (SSOStringEqual(p->ppszAudience[i], pszResourceServerName))
-            {
-                resourceServerFound = true;
-                break;
-            }
-        }
-        if (!resourceServerFound)
-        {
-            e = SSOERROR_TOKEN_INVALID_AUDIENCE;
-            BAIL_ON_ERROR(e);
-        }
-    }
-
-    // check for notBefore and notAfter
-    if (now < p->issueTime - clockToleranceInSeconds || now > p->expirationTime + clockToleranceInSeconds)
-    {
-        e = SSOERROR_TOKEN_EXPIRED;
-        BAIL_ON_ERROR(e);
-    }
 
     *pp = p;
 
@@ -92,6 +50,7 @@ OidcAccessTokenBuild(
     return e;
 }
 
+// on success, pp will be non-null, when done, OidcAccessTokenDelete it
 SSOERROR
 OidcAccessTokenParse(
     POIDC_ACCESS_TOKEN* pp,
@@ -99,86 +58,44 @@ OidcAccessTokenParse(
 {
     SSOERROR e = SSOERROR_NONE;
     POIDC_ACCESS_TOKEN p = NULL;
-    PSTRING pszTokenClass = NULL;
-    PSTRING pszHolderOfKeyJWKS = NULL;
-    PSSO_JWK pJwk = NULL;
-    bool hasHokJwksClaim = false;
-    bool hasGroupsClaim = false;
 
-    ASSERT_NOT_NULL(pp);
-    ASSERT_NOT_NULL(psz);
+    BAIL_ON_NULL_ARGUMENT(pp);
+    BAIL_ON_NULL_ARGUMENT(psz);
 
     e = SSOMemoryAllocate(sizeof(OIDC_ACCESS_TOKEN), (void**) &p);
     BAIL_ON_ERROR(e);
 
-    e = SSOJwtParse(&p->pJwt, psz);
+    e = OidcTokenParse(&p->pToken, psz, "access_token");
     BAIL_ON_ERROR(e);
 
-    e = SSOJwtGetStringClaim(p->pJwt, "token_class", &pszTokenClass);
-    BAIL_ON_ERROR(e);
-    if (!SSOStringEqual(pszTokenClass, "access_token"))
-    {
-        e = SSOERROR_INVALID_ARGUMENT;
-        BAIL_ON_ERROR(e);
-    }
+    *pp = p;
 
-    e = SSOJwtGetStringClaim(p->pJwt, "iss", &p->pszIssuer);
-    BAIL_ON_ERROR(e);
-    e = SSOJwtGetStringClaim(p->pJwt, "sub", &p->pszSubject);
-    BAIL_ON_ERROR(e);
+error:
 
-    // aud claim might be a string or an array of strings
-    e = SSOJwtGetStringArrayClaim(p->pJwt, "aud", &p->ppszAudience, &p->audienceSize);
     if (e != SSOERROR_NONE)
     {
-        e = SSOMemoryAllocateArray(1, sizeof(PSTRING), (void**) &p->ppszAudience);
-        BAIL_ON_ERROR(e);
-        p->audienceSize = 1;
-
-        e = SSOJwtGetStringClaim(p->pJwt, "aud", &p->ppszAudience[0]);
-        BAIL_ON_ERROR(e);
+        OidcAccessTokenDelete(p);
     }
 
-    e = SSOJwtGetLongClaim(p->pJwt, "iat", &p->issueTime);
-    BAIL_ON_ERROR(e);
-    e = SSOJwtGetLongClaim(p->pJwt, "exp", &p->expirationTime);
-    BAIL_ON_ERROR(e);
-
-    e = SSOJwtHasClaim(p->pJwt, "hotk", &hasHokJwksClaim);
-    BAIL_ON_ERROR(e);
-    if (hasHokJwksClaim)
-    {
-        e = SSOJwtGetJsonClaim(p->pJwt, "hotk", &pszHolderOfKeyJWKS);
-        BAIL_ON_ERROR(e);
+    return e;
+}
 
-        e = SSOJwkParseFromSet(&pJwk, pszHolderOfKeyJWKS);
-        BAIL_ON_ERROR(e);
+SSOERROR
+OidcAccessTokenValidate(
+    POIDC_ACCESS_TOKEN p,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    PCSTRING pszResourceServerName,
+    SSO_LONG clockToleranceInSeconds)
+{
+    SSOERROR e = SSOERROR_NONE;
 
-        e = SSOJwkToPublicKeyPEM(pJwk, &p->pszHolderOfKeyPEM);
-        BAIL_ON_ERROR(e);
-    }
+    BAIL_ON_NULL_ARGUMENT(p);
 
-    e = SSOJwtHasClaim(p->pJwt, "groups", &hasGroupsClaim);
+    e = OidcTokenValidate(p->pToken, pszSigningCertificatePEM, pszIssuer, pszResourceServerName, clockToleranceInSeconds);
     BAIL_ON_ERROR(e);
-    if (hasGroupsClaim)
-    {
-        e = SSOJwtGetStringArrayClaim(p->pJwt, "groups", &p->ppszGroups, &p->groupsSize);
-        BAIL_ON_ERROR(e);
-    }
-
-    *pp = p;
 
 error:
-
-    if (e != SSOERROR_NONE)
-    {
-        OidcAccessTokenDelete(p);
-    }
-
-    SSOStringFree(pszTokenClass);
-    SSOStringFree(pszHolderOfKeyJWKS);
-    SSOJwkDelete(pJwk);
-
     return e;
 }
 
@@ -188,22 +105,25 @@ OidcAccessTokenDelete(
 {
     if (p != NULL)
     {
-        SSOJwtDelete(p->pJwt);
-        SSOStringFree(p->pszIssuer);
-        SSOStringFree(p->pszSubject);
-        SSOStringFree(p->pszHolderOfKeyPEM);
-        SSOMemoryFreeArrayOfObjects((void**) p->ppszAudience, p->audienceSize, (GenericDestructorFunction) SSOStringFree);
-        SSOMemoryFreeArrayOfObjects((void**) p->ppszGroups, p->groupsSize, (GenericDestructorFunction) SSOStringFree);
+        OidcTokenDelete(p->pToken);
         SSOMemoryFree(p, sizeof(OIDC_ACCESS_TOKEN));
     }
 }
 
+OIDC_TOKEN_TYPE
+OidcAccessTokenGetTokenType(
+    PCOIDC_ACCESS_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->tokenType;
+}
+
 PCSTRING
 OidcAccessTokenGetIssuer(
     PCOIDC_ACCESS_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszIssuer;
+    return p->pToken->pszIssuer;
 }
 
 PCSTRING
@@ -211,7 +131,7 @@ OidcAccessTokenGetSubject(
     PCOIDC_ACCESS_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszSubject;
+    return p->pToken->pszSubject;
 }
 
 void
@@ -224,8 +144,26 @@ OidcAccessTokenGetAudience(
     ASSERT_NOT_NULL(pppszAudience);
     ASSERT_NOT_NULL(pAudienceSize);
 
-    *pppszAudience = p->ppszAudience;
-    *pAudienceSize = p->audienceSize;
+    *pppszAudience = p->pToken->ppszAudience;
+    *pAudienceSize = p->pToken->audienceSize;
+}
+
+size_t
+OidcAccessTokenGetAudienceSize(
+    PCOIDC_ACCESS_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->audienceSize;
+}
+
+PCSTRING
+OidcAccessTokenGetAudienceEntry(
+    PCOIDC_ACCESS_TOKEN p,
+    int index)
+{
+    ASSERT_NOT_NULL(p);
+    ASSERT_TRUE(0 <= index && index < p->pToken->audienceSize);
+    return p->pToken->ppszAudience[index];
 }
 
 SSO_LONG
@@ -233,7 +171,7 @@ OidcAccessTokenGetIssueTime(
     PCOIDC_ACCESS_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->issueTime;
+    return p->pToken->issueTime;
 }
 
 SSO_LONG
@@ -241,7 +179,7 @@ OidcAccessTokenGetExpirationTime(
     PCOIDC_ACCESS_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->expirationTime;
+    return p->pToken->expirationTime;
 }
 
 PCSTRING
@@ -249,7 +187,7 @@ OidcAccessTokenGetHolderOfKeyPEM(
     PCOIDC_ACCESS_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszHolderOfKeyPEM;
+    return p->pToken->pszHolderOfKeyPEM;
 }
 
 void
@@ -262,8 +200,35 @@ OidcAccessTokenGetGroups(
     ASSERT_NOT_NULL(pppszGroups);
     ASSERT_NOT_NULL(pGroupsSize);
 
-    *pppszGroups = p->ppszGroups;
-    *pGroupsSize = p->groupsSize;
+    *pppszGroups = p->pToken->ppszGroups;
+    *pGroupsSize = p->pToken->groupsSize;
+}
+
+size_t
+OidcAccessTokenGetGroupsSize(
+    PCOIDC_ACCESS_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->groupsSize;
+}
+
+PCSTRING
+OidcAccessTokenGetGroupsEntry(
+    PCOIDC_ACCESS_TOKEN p,
+    int index)
+{
+    ASSERT_NOT_NULL(p);
+    ASSERT_TRUE(0 <= index && index < p->pToken->groupsSize);
+    return p->pToken->ppszGroups[index];
+
+}
+
+PCSTRING
+OidcAccessTokenGetTenant(
+    PCOIDC_ACCESS_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->pszTenant;
 }
 
 SSOERROR
@@ -275,5 +240,5 @@ OidcAccessTokenGetStringClaim(
     ASSERT_NOT_NULL(p);
     ASSERT_NOT_NULL(pszKey);
     ASSERT_NOT_NULL(ppszValue);
-    return SSOJwtGetStringClaim(p->pJwt, pszKey, ppszValue);
+    return SSOJwtGetStringClaim(p->pToken->pJwt, pszKey, ppszValue);
 }
diff --git a/vmidentity/ssoclients/oidc/src/oidc_client.c b/vmidentity/ssoclients/oidc/src/oidc_client.c
index 82c0cd156..f51a6bab2 100644
--- a/vmidentity/ssoclients/oidc/src/oidc_client.c
+++ b/vmidentity/ssoclients/oidc/src/oidc_client.c
@@ -14,25 +14,39 @@
 
 #include "includes.h"
 
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
 SSOERROR
 OidcClientGlobalInit()
 {
     return SSOHttpClientGlobalInit();
 }
 
+// this function is not thread safe. Call it right before process exit
 void
 OidcClientGlobalCleanup()
 {
     SSOHttpClientGlobalCleanup();
 }
 
+// make sure you call OidcClientGlobalInit once per process before calling this
+// on success, pp will be non-null, when done, OidcClientDelete it
+// psztlsCAPath: NULL means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
 SSOERROR
 OidcClientBuild(
     POIDC_CLIENT* pp,
     PCSTRING pszServer, // OPT: null means use HA to get affinitized host
     int portNumber,
     PCSTRING pszTenant,
-    SSO_LONG clockToleranceInSeconds)
+    PCSTRING pszClientID /* OPT */,
+    PCSTRING pszTlsCAPath /* OPT, see comment above */)
 {
     SSOERROR e = SSOERROR_NONE;
     POIDC_CLIENT p = NULL;
@@ -44,8 +58,6 @@ OidcClientBuild(
     e = SSOMemoryAllocate(sizeof(OIDC_CLIENT), (void**) &p);
     BAIL_ON_ERROR(e);
 
-    p->clockToleranceInSeconds = clockToleranceInSeconds;
-
     if (NULL == pszServer)
     {
         e = SSOCdcNew(&p->pClientDCCache);
@@ -64,7 +76,19 @@ OidcClientBuild(
         BAIL_ON_ERROR(e);
     }
 
-    e = OidcServerMetadataAcquire(&pServerMetadata, p->pszServer, portNumber, pszTenant);
+    if (pszClientID != NULL)
+    {
+        e = SSOStringAllocate(pszClientID, &p->pszClientID);
+        BAIL_ON_ERROR(e);
+    }
+
+    if (pszTlsCAPath != NULL)
+    {
+        e = SSOStringAllocate(pszTlsCAPath, &p->pszTlsCAPath);
+        BAIL_ON_ERROR(e);
+    }
+
+    e = OidcServerMetadataAcquire(&pServerMetadata, p->pszServer, portNumber, pszTenant, p->pszTlsCAPath);
     BAIL_ON_ERROR(e);
 
     e = SSOStringAllocate(OidcServerMetadataGetTokenEndpointUrl(pServerMetadata), &p->pszTokenEndpointUrl);
@@ -94,6 +118,8 @@ OidcClientDelete(
     if (p != NULL)
     {
         SSOStringFree(p->pszServer);
+        SSOStringFree(p->pszClientID);
+        SSOStringFree(p->pszTlsCAPath);
         SSOStringFree(p->pszTokenEndpointUrl);
         SSOStringFree(p->pszSigningCertificatePEM);
         SSOCdcDelete(p->pClientDCCache);
@@ -226,7 +252,7 @@ OidcClientAcquireTokens(
         }
     }
 
-    e = SSOHttpClientNew(&pHttpClient);
+    e = SSOHttpClientNew(&pHttpClient, p->pszTlsCAPath);
     BAIL_ON_ERROR(e);
     e = SSOHttpClientSendPostForm(
         pHttpClient,
@@ -241,7 +267,7 @@ OidcClientAcquireTokens(
 
     if (200 == httpStatusCode)
     {
-        e = OidcTokenSuccessResponseParse(&pOutTokenSuccessResponse, pszJsonResponse, p->pszSigningCertificatePEM, p->clockToleranceInSeconds);
+        e = OidcTokenSuccessResponseParse(&pOutTokenSuccessResponse, pszJsonResponse);
         BAIL_ON_ERROR(e);
     }
     else
@@ -255,7 +281,7 @@ OidcClientAcquireTokens(
     if (pOutTokenErrorResponse != NULL)
     {
         // if server return error response, we translate that into an SSOERROR code
-        e = OidcErrorResponseGetSSOErrorCode(pOutTokenErrorResponse);
+        e = OidcErrorResponseGetErrorCode(pOutTokenErrorResponse);
     }
 
 error:
@@ -266,6 +292,9 @@ OidcClientAcquireTokens(
     return e;
 }
 
+// on success, ppOutTokenSuccessResponse will be non-null
+// on error, ppOutTokenErrorResponse might be non-null (it will carry error info returned by the server if any)
+// delete both when done, whether invocation is successful or not, using OidcTokenSuccessResponseDelete and OidcErrorResponseDelete
 SSOERROR
 OidcClientAcquireTokensByPassword(
     PCOIDC_CLIENT p,
@@ -277,7 +306,7 @@ OidcClientAcquireTokensByPassword(
 {
     SSOERROR e = SSOERROR_NONE;
     PSSO_KEY_VALUE_PAIR* ppPairs = NULL;
-    const int parameterCount = 4;
+    int parameterCount = 4;
 
     BAIL_ON_NULL_ARGUMENT(p);
     BAIL_ON_NULL_ARGUMENT(pszUsername);
@@ -286,6 +315,11 @@ OidcClientAcquireTokensByPassword(
     BAIL_ON_NULL_ARGUMENT(ppOutTokenSuccessResponse);
     BAIL_ON_NULL_ARGUMENT(ppOutTokenErrorResponse);
 
+    if (p->pszClientID != NULL)
+    {
+        parameterCount++;
+    }
+
     e = SSOMemoryAllocateArray(parameterCount, sizeof(PSSO_KEY_VALUE_PAIR), (void**) &ppPairs);
     BAIL_ON_ERROR(e);
     e = SSOKeyValuePairNew(&ppPairs[0], "grant_type", "password");
@@ -296,6 +330,11 @@ OidcClientAcquireTokensByPassword(
     BAIL_ON_ERROR(e);
     e = SSOKeyValuePairNew(&ppPairs[3], "scope", pszScope);
     BAIL_ON_ERROR(e);
+    if (p->pszClientID != NULL)
+    {
+        e = SSOKeyValuePairNew(&ppPairs[4], "client_id", p->pszClientID);
+        BAIL_ON_ERROR(e);
+    }
 
     e = OidcClientAcquireTokens(p, ppPairs, parameterCount, ppOutTokenSuccessResponse, ppOutTokenErrorResponse);
     BAIL_ON_ERROR(e);
@@ -305,6 +344,9 @@ OidcClientAcquireTokensByPassword(
     return e;
 }
 
+// on success, ppOutTokenSuccessResponse will be non-null
+// on error, ppOutTokenErrorResponse might be non-null (it will carry error info returned by the server if any)
+// delete both when done, whether invocation is successful or not, using OidcTokenSuccessResponseDelete and OidcErrorResponseDelete
 SSOERROR
 OidcClientAcquireTokensByRefreshToken(
     PCOIDC_CLIENT p,
@@ -314,19 +356,29 @@ OidcClientAcquireTokensByRefreshToken(
 {
     SSOERROR e = SSOERROR_NONE;
     PSSO_KEY_VALUE_PAIR* ppPairs = NULL;
-    const int parameterCount = 2;
+    int parameterCount = 2;
 
     BAIL_ON_NULL_ARGUMENT(p);
     BAIL_ON_NULL_ARGUMENT(pszRefreshToken);
     BAIL_ON_NULL_ARGUMENT(ppOutTokenSuccessResponse);
     BAIL_ON_NULL_ARGUMENT(ppOutTokenErrorResponse);
 
+    if (p->pszClientID != NULL)
+    {
+        parameterCount++;
+    }
+
     e = SSOMemoryAllocateArray(parameterCount, sizeof(PSSO_KEY_VALUE_PAIR), (void**) &ppPairs);
     BAIL_ON_ERROR(e);
     e = SSOKeyValuePairNew(&ppPairs[0], "grant_type", "refresh_token");
     BAIL_ON_ERROR(e);
     e = SSOKeyValuePairNew(&ppPairs[1], "refresh_token", pszRefreshToken);
     BAIL_ON_ERROR(e);
+    if (p->pszClientID != NULL)
+    {
+        e = SSOKeyValuePairNew(&ppPairs[2], "client_id", p->pszClientID);
+        BAIL_ON_ERROR(e);
+    }
 
     e = OidcClientAcquireTokens(p, ppPairs, parameterCount, ppOutTokenSuccessResponse, ppOutTokenErrorResponse);
     BAIL_ON_ERROR(e);
@@ -336,6 +388,9 @@ OidcClientAcquireTokensByRefreshToken(
     return e;
 }
 
+// on success, ppOutTokenSuccessResponse will be non-null
+// on error, ppOutTokenErrorResponse might be non-null (it will carry error info returned by the server if any)
+// delete both when done, whether invocation is successful or not, using OidcTokenSuccessResponseDelete and OidcErrorResponseDelete
 SSOERROR
 OidcClientAcquireTokensBySolutionUserCredentials(
     PCOIDC_CLIENT p,
@@ -347,7 +402,7 @@ OidcClientAcquireTokensBySolutionUserCredentials(
 {
     SSOERROR e = SSOERROR_NONE;
     PSSO_KEY_VALUE_PAIR* ppPairs = NULL;
-    const int parameterCount = 3;
+    int parameterCount = 3;
     PSTRING pszAssertionPayload = NULL;
     PSTRING pszAssertionJwtString = NULL;
 
@@ -358,6 +413,11 @@ OidcClientAcquireTokensBySolutionUserCredentials(
     BAIL_ON_NULL_ARGUMENT(ppOutTokenSuccessResponse);
     BAIL_ON_NULL_ARGUMENT(ppOutTokenErrorResponse);
 
+    if (p->pszClientID != NULL)
+    {
+        parameterCount++;
+    }
+
     e = OidcClientBuildSolutionUserAssertionPayload(p, pszCertificateSubjectDN, &pszAssertionPayload);
     BAIL_ON_ERROR(e);
 
@@ -372,6 +432,11 @@ OidcClientAcquireTokensBySolutionUserCredentials(
     BAIL_ON_ERROR(e);
     e = SSOKeyValuePairNew(&ppPairs[2], "scope", pszScope);
     BAIL_ON_ERROR(e);
+    if (p->pszClientID != NULL)
+    {
+        e = SSOKeyValuePairNew(&ppPairs[3], "client_id", p->pszClientID);
+        BAIL_ON_ERROR(e);
+    }
 
     e = OidcClientAcquireTokens(p, ppPairs, parameterCount, ppOutTokenSuccessResponse, ppOutTokenErrorResponse);
     BAIL_ON_ERROR(e);
diff --git a/vmidentity/ssoclients/oidc/src/oidc_error_response.c b/vmidentity/ssoclients/oidc/src/oidc_error_response.c
index 9281c9a1a..728fabcd6 100644
--- a/vmidentity/ssoclients/oidc/src/oidc_error_response.c
+++ b/vmidentity/ssoclients/oidc/src/oidc_error_response.c
@@ -90,6 +90,14 @@ OidcErrorResponseDelete(
     }
 }
 
+PCSTRING
+OidcErrorResponseGetError(
+    PCOIDC_ERROR_RESPONSE p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pszError;
+}
+
 PCSTRING
 OidcErrorResponseGetErrorDescription(
     PCOIDC_ERROR_RESPONSE p)
@@ -99,7 +107,7 @@ OidcErrorResponseGetErrorDescription(
 }
 
 SSOERROR
-OidcErrorResponseGetSSOErrorCode(
+OidcErrorResponseGetErrorCode(
     PCOIDC_ERROR_RESPONSE p)
 {
     SSOERROR result = SSOERROR_OIDC_SERVER;
diff --git a/vmidentity/ssoclients/oidc/src/oidc_id_token.c b/vmidentity/ssoclients/oidc/src/oidc_id_token.c
index ceccdff35..d938abcfb 100644
--- a/vmidentity/ssoclients/oidc/src/oidc_id_token.c
+++ b/vmidentity/ssoclients/oidc/src/oidc_id_token.c
@@ -14,8 +14,7 @@
 
 #include "includes.h"
 
-static const SSO_LONG MAX_CLOCK_TOLERANCE_IN_SECONDS = 10 * 60; // 10 minutes
-
+// (TODO) Deprecated
 SSOERROR
 OidcIDTokenBuild(
     POIDC_ID_TOKEN* pp,
@@ -26,36 +25,16 @@ OidcIDTokenBuild(
 {
     SSOERROR e = SSOERROR_NONE;
     POIDC_ID_TOKEN p = NULL;
-    time_t now = time(NULL);
-    bool validSignature = false;
 
-    ASSERT_NOT_NULL(pp);
-    ASSERT_NOT_NULL(psz);
-    ASSERT_NOT_NULL(pszSigningCertificatePEM);
+    BAIL_ON_NULL_ARGUMENT(pp);
+    BAIL_ON_NULL_ARGUMENT(psz);
+    BAIL_ON_NULL_ARGUMENT(pszSigningCertificatePEM);
 
-    if (clockToleranceInSeconds < 0 || clockToleranceInSeconds > MAX_CLOCK_TOLERANCE_IN_SECONDS)
-    {
-        e = SSOERROR_INVALID_ARGUMENT;
-        BAIL_ON_ERROR(e);
-    }
-
-    e = OidcIDTokenParse(&p, psz);
+    e = SSOMemoryAllocate(sizeof(OIDC_ID_TOKEN), (void**) &p);
     BAIL_ON_ERROR(e);
 
-    e = SSOJwtVerifySignature(p->pJwt, pszSigningCertificatePEM, &validSignature);
+    e = OidcTokenBuild(&p->pToken, psz, pszSigningCertificatePEM, pszIssuer, NULL /* pszResourceServerName */, clockToleranceInSeconds, "id_token");
     BAIL_ON_ERROR(e);
-    if (!validSignature)
-    {
-        e = SSOERROR_TOKEN_INVALID_SIGNATURE;
-        BAIL_ON_ERROR(e);
-    }
-
-    // check for notBefore and notAfter
-    if (now < p->issueTime - clockToleranceInSeconds || now > p->expirationTime + clockToleranceInSeconds)
-    {
-        e = SSOERROR_TOKEN_EXPIRED;
-        BAIL_ON_ERROR(e);
-    }
 
     *pp = p;
 
@@ -69,6 +48,7 @@ OidcIDTokenBuild(
     return e;
 }
 
+// on success, pp will be non-null, when done, OidcIDTokenDelete it
 SSOERROR
 OidcIDTokenParse(
     POIDC_ID_TOKEN* pp,
@@ -76,61 +56,15 @@ OidcIDTokenParse(
 {
     SSOERROR e = SSOERROR_NONE;
     POIDC_ID_TOKEN p = NULL;
-    PSTRING pszTokenClass = NULL;
-    PSTRING pszHolderOfKeyJWKS = NULL;
-    PSSO_JWK pJwk = NULL;
-    bool hasHokJwksClaim = false;
-    bool hasGroupsClaim = false;
 
-    ASSERT_NOT_NULL(pp);
-    ASSERT_NOT_NULL(psz);
+    BAIL_ON_NULL_ARGUMENT(pp);
+    BAIL_ON_NULL_ARGUMENT(psz);
 
     e = SSOMemoryAllocate(sizeof(OIDC_ID_TOKEN), (void**) &p);
     BAIL_ON_ERROR(e);
 
-    e = SSOJwtParse(&p->pJwt, psz);
-    BAIL_ON_ERROR(e);
-
-    e = SSOJwtGetStringClaim(p->pJwt, "token_class", &pszTokenClass);
-    BAIL_ON_ERROR(e);
-    if (!SSOStringEqual(pszTokenClass, "id_token"))
-    {
-        e = SSOERROR_INVALID_ARGUMENT;
-        BAIL_ON_ERROR(e);
-    }
-
-    e = SSOJwtGetStringClaim(p->pJwt, "iss", &p->pszIssuer);
-    BAIL_ON_ERROR(e);
-    e = SSOJwtGetStringClaim(p->pJwt, "sub", &p->pszSubject);
-    BAIL_ON_ERROR(e);
-    e = SSOJwtGetStringClaim(p->pJwt, "aud", &p->pszAudience);
-    BAIL_ON_ERROR(e);
-    e = SSOJwtGetLongClaim(p->pJwt, "iat", &p->issueTime);
-    BAIL_ON_ERROR(e);
-    e = SSOJwtGetLongClaim(p->pJwt, "exp", &p->expirationTime);
-    BAIL_ON_ERROR(e);
-
-    e = SSOJwtHasClaim(p->pJwt, "groups", &hasGroupsClaim);
-    BAIL_ON_ERROR(e);
-    if (hasGroupsClaim)
-    {
-        e = SSOJwtGetStringArrayClaim(p->pJwt, "groups", &p->ppszGroups, &p->groupsSize);
-        BAIL_ON_ERROR(e);
-    }
-
-    e = SSOJwtHasClaim(p->pJwt, "hotk", &hasHokJwksClaim);
+    e = OidcTokenParse(&p->pToken, psz, "id_token");
     BAIL_ON_ERROR(e);
-    if (hasHokJwksClaim)
-    {
-        e = SSOJwtGetJsonClaim(p->pJwt, "hotk", &pszHolderOfKeyJWKS);
-        BAIL_ON_ERROR(e);
-
-        e = SSOJwkParseFromSet(&pJwk, pszHolderOfKeyJWKS);
-        BAIL_ON_ERROR(e);
-
-        e = SSOJwkToPublicKeyPEM(pJwk, &p->pszHolderOfKeyPEM);
-        BAIL_ON_ERROR(e);
-    }
 
     *pp = p;
 
@@ -141,10 +75,24 @@ OidcIDTokenParse(
         OidcIDTokenDelete(p);
     }
 
-    SSOStringFree(pszTokenClass);
-    SSOStringFree(pszHolderOfKeyJWKS);
-    SSOJwkDelete(pJwk);
+    return e;
+}
+
+SSOERROR
+OidcIDTokenValidate(
+    POIDC_ID_TOKEN p,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    SSO_LONG clockToleranceInSeconds)
+{
+    SSOERROR e = SSOERROR_NONE;
+
+    BAIL_ON_NULL_ARGUMENT(p);
 
+    e = OidcTokenValidate(p->pToken, pszSigningCertificatePEM, pszIssuer, NULL, clockToleranceInSeconds);
+    BAIL_ON_ERROR(e);
+
+error:
     return e;
 }
 
@@ -154,22 +102,25 @@ OidcIDTokenDelete(
 {
     if (p != NULL)
     {
-        SSOJwtDelete(p->pJwt);
-        SSOStringFree(p->pszIssuer);
-        SSOStringFree(p->pszSubject);
-        SSOStringFree(p->pszAudience);
-        SSOStringFree(p->pszHolderOfKeyPEM);
-        SSOMemoryFreeArrayOfObjects((void**) p->ppszGroups, p->groupsSize, (GenericDestructorFunction) SSOStringFree);
+        OidcTokenDelete(p->pToken);
         SSOMemoryFree(p, sizeof(OIDC_ID_TOKEN));
     }
 }
 
+OIDC_TOKEN_TYPE
+OidcIDTokenGetTokenType(
+    PCOIDC_ID_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->tokenType;
+}
+
 PCSTRING
 OidcIDTokenGetIssuer(
     PCOIDC_ID_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszIssuer;
+    return p->pToken->pszIssuer;
 }
 
 PCSTRING
@@ -177,15 +128,39 @@ OidcIDTokenGetSubject(
     PCOIDC_ID_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszSubject;
+    return p->pToken->pszSubject;
 }
 
-PCSTRING
+void
 OidcIDTokenGetAudience(
+    PCOIDC_ID_TOKEN p,
+    const PSTRING** pppszAudience,
+    size_t* pAudienceSize)
+{
+    ASSERT_NOT_NULL(p);
+    ASSERT_NOT_NULL(pppszAudience);
+    ASSERT_NOT_NULL(pAudienceSize);
+
+    *pppszAudience = p->pToken->ppszAudience;
+    *pAudienceSize = p->pToken->audienceSize;
+}
+
+size_t
+OidcIDTokenGetAudienceSize(
     PCOIDC_ID_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszAudience;
+    return p->pToken->audienceSize;
+}
+
+PCSTRING
+OidcIDTokenGetAudienceEntry(
+    PCOIDC_ID_TOKEN p,
+    int index)
+{
+    ASSERT_NOT_NULL(p);
+    ASSERT_TRUE(0 <= index && index < p->pToken->audienceSize);
+    return p->pToken->ppszAudience[index];
 }
 
 SSO_LONG
@@ -193,7 +168,7 @@ OidcIDTokenGetIssueTime(
     PCOIDC_ID_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->issueTime;
+    return p->pToken->issueTime;
 }
 
 SSO_LONG
@@ -201,7 +176,7 @@ OidcIDTokenGetExpirationTime(
     PCOIDC_ID_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->expirationTime;
+    return p->pToken->expirationTime;
 }
 
 PCSTRING
@@ -209,7 +184,7 @@ OidcIDTokenGetHolderOfKeyPEM(
     PCOIDC_ID_TOKEN p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pszHolderOfKeyPEM;
+    return p->pToken->pszHolderOfKeyPEM;
 }
 
 void
@@ -222,8 +197,35 @@ OidcIDTokenGetGroups(
     ASSERT_NOT_NULL(pppszGroups);
     ASSERT_NOT_NULL(pGroupsSize);
 
-    *pppszGroups = p->ppszGroups;
-    *pGroupsSize = p->groupsSize;
+    *pppszGroups = p->pToken->ppszGroups;
+    *pGroupsSize = p->pToken->groupsSize;
+}
+
+size_t
+OidcIDTokenGetGroupsSize(
+    PCOIDC_ID_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->groupsSize;
+}
+
+PCSTRING
+OidcIDTokenGetGroupsEntry(
+    PCOIDC_ID_TOKEN p,
+    int index)
+{
+    ASSERT_NOT_NULL(p);
+    ASSERT_TRUE(0 <= index && index < p->pToken->groupsSize);
+    return p->pToken->ppszGroups[index];
+
+}
+
+PCSTRING
+OidcIDTokenGetTenant(
+    PCOIDC_ID_TOKEN p)
+{
+    ASSERT_NOT_NULL(p);
+    return p->pToken->pszTenant;
 }
 
 SSOERROR
@@ -235,5 +237,5 @@ OidcIDTokenGetStringClaim(
     ASSERT_NOT_NULL(p);
     ASSERT_NOT_NULL(pszKey);
     ASSERT_NOT_NULL(ppszValue);
-    return SSOJwtGetStringClaim(p->pJwt, pszKey, ppszValue);
+    return SSOJwtGetStringClaim(p->pToken->pJwt, pszKey, ppszValue);
 }
diff --git a/vmidentity/ssoclients/oidc/src/oidc_server_metadata.c b/vmidentity/ssoclients/oidc/src/oidc_server_metadata.c
index bdc7ef36f..cdc1dcfe7 100644
--- a/vmidentity/ssoclients/oidc/src/oidc_server_metadata.c
+++ b/vmidentity/ssoclients/oidc/src/oidc_server_metadata.c
@@ -85,6 +85,7 @@ OidcServerMetadataAcquireEndpoints(
     PSSO_JSON pJson = NULL;
     PSSO_JSON pJsonTokenEndpoint = NULL;
     PSSO_JSON pJsonJwksEndpoint = NULL;
+    POIDC_ERROR_RESPONSE pErrorResponse = NULL;
 
     e = SSOHttpClientSendGet(
         pHttpClient,
@@ -95,6 +96,15 @@ OidcServerMetadataAcquireEndpoints(
         &httpStatusCode);
     BAIL_ON_ERROR(e);
 
+    if (httpStatusCode != 200)
+    {
+        e = OidcErrorResponseParse(&pErrorResponse, pszResponse);
+        BAIL_ON_ERROR(e);
+
+        e = OidcErrorResponseGetErrorCode(pErrorResponse);
+        goto error; // do not use BAIL_ON_ERROR because it will log a misleading error message
+    }
+
     e = SSOJsonParse(&pJson, pszResponse);
     BAIL_ON_ERROR(e);
 
@@ -123,6 +133,7 @@ OidcServerMetadataAcquireEndpoints(
     SSOJsonDelete(pJson);
     SSOJsonDelete(pJsonTokenEndpoint);
     SSOJsonDelete(pJsonJwksEndpoint);
+    OidcErrorResponseDelete(pErrorResponse);
 
     return e;
 }
@@ -140,6 +151,7 @@ OidcServerMetadataAcquireSigningCertificatePEM(
     PSSO_JWK pJwk = NULL;
     PSTRING pszResponse = NULL;
     long httpStatusCode = 0;
+    POIDC_ERROR_RESPONSE pErrorResponse = NULL;
 
     e = SSOHttpClientSendGet(
         pHttpClient,
@@ -150,6 +162,15 @@ OidcServerMetadataAcquireSigningCertificatePEM(
         &httpStatusCode);
     BAIL_ON_ERROR(e);
 
+    if (httpStatusCode != 200)
+    {
+        e = OidcErrorResponseParse(&pErrorResponse, pszResponse);
+        BAIL_ON_ERROR(e);
+
+        e = OidcErrorResponseGetErrorCode(pErrorResponse);
+        goto error; // do not use BAIL_ON_ERROR because it will log a misleading error message
+    }
+
     e = SSOJwkParseFromSet(&pJwk, pszResponse);
     BAIL_ON_ERROR(e);
 
@@ -167,16 +188,21 @@ OidcServerMetadataAcquireSigningCertificatePEM(
 
     SSOJwkDelete(pJwk);
     SSOStringFree(pszResponse);
+    OidcErrorResponseDelete(pErrorResponse);
 
     return e;
 }
 
+// make sure you call OidcClientGlobalInit once per process before calling this
+// on success, pp will be non-null, when done, OidcServerMetadataDelete it
+// psztlsCAPath: NULL means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
 SSOERROR
 OidcServerMetadataAcquire(
     POIDC_SERVER_METADATA* pp,
     PCSTRING pszServer,
     int portNumber,
-    PCSTRING pszTenant)
+    PCSTRING pszTenant,
+    PCSTRING pszTlsCAPath /* OPT, see comment above */)
 {
     SSOERROR e = SSOERROR_NONE;
     POIDC_SERVER_METADATA p = NULL;
@@ -191,7 +217,7 @@ OidcServerMetadataAcquire(
     e = SSOMemoryAllocate(sizeof(OIDC_SERVER_METADATA), (void**) &p);
     BAIL_ON_ERROR(e);
 
-    e = SSOHttpClientNew(&pHttpClient);
+    e = SSOHttpClientNew(&pHttpClient, pszTlsCAPath);
     BAIL_ON_ERROR(e);
 
     e = OidcServerMetadataConstructMetadataEndpoint(pszServer, portNumber, pszTenant, &pszMetadataEndpoint);
diff --git a/vmidentity/ssoclients/oidc/src/oidc_token.c b/vmidentity/ssoclients/oidc/src/oidc_token.c
new file mode 100644
index 000000000..5480a6fcc
--- /dev/null
+++ b/vmidentity/ssoclients/oidc/src/oidc_token.c
@@ -0,0 +1,294 @@
+/*
+ * Copyright © 2012-2016 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static const SSO_LONG MAX_CLOCK_TOLERANCE_IN_SECONDS = 10 * 60; // 10 minutes
+
+SSOERROR
+OidcTokenBuild(
+    POIDC_TOKEN* pp,
+    PCSTRING psz,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    PCSTRING pszResourceServerName, /* OPT */
+    SSO_LONG clockToleranceInSeconds,
+    PCSTRING pszExpectedTokenClass)
+{
+    SSOERROR e = SSOERROR_NONE;
+    POIDC_TOKEN p = NULL;
+    time_t now = time(NULL);
+    bool validSignature = false;
+    bool resourceServerFound = false;
+    size_t i = 0;
+
+    BAIL_ON_NULL_ARGUMENT(pp);
+    BAIL_ON_NULL_ARGUMENT(psz);
+    BAIL_ON_NULL_ARGUMENT(pszSigningCertificatePEM);
+    // pszResourceServerName is nullable
+    BAIL_ON_NULL_ARGUMENT(pszExpectedTokenClass);
+
+    if (clockToleranceInSeconds < 0 || clockToleranceInSeconds > MAX_CLOCK_TOLERANCE_IN_SECONDS)
+    {
+        e = SSOERROR_INVALID_ARGUMENT;
+        BAIL_ON_ERROR(e);
+    }
+
+    e = OidcTokenParse(&p, psz, pszExpectedTokenClass);
+    BAIL_ON_ERROR(e);
+
+    // validate signature
+    e = SSOJwtVerifySignature(p->pJwt, pszSigningCertificatePEM, &validSignature);
+    BAIL_ON_ERROR(e);
+    if (!validSignature)
+    {
+        e = SSOERROR_TOKEN_INVALID_SIGNATURE;
+        BAIL_ON_ERROR(e);
+    }
+
+    // validate resource server name appears in audience
+    if (pszResourceServerName != NULL)
+    {
+        for (i = 0; i < p->audienceSize; i++)
+        {
+            if (SSOStringEqual(p->ppszAudience[i], pszResourceServerName))
+            {
+                resourceServerFound = true;
+                break;
+            }
+        }
+        if (!resourceServerFound)
+        {
+            e = SSOERROR_TOKEN_INVALID_AUDIENCE;
+            BAIL_ON_ERROR(e);
+        }
+    }
+
+    // check for notBefore and notAfter
+    if (now < p->issueTime - clockToleranceInSeconds || now > p->expirationTime + clockToleranceInSeconds)
+    {
+        e = SSOERROR_TOKEN_EXPIRED;
+        BAIL_ON_ERROR(e);
+    }
+
+    *pp = p;
+
+error:
+
+    if (e != SSOERROR_NONE)
+    {
+        OidcTokenDelete(p);
+    }
+
+    return e;
+}
+
+SSOERROR
+OidcTokenParse(
+    POIDC_TOKEN* pp,
+    PCSTRING psz,
+    PCSTRING pszExpectedTokenClass)
+{
+    SSOERROR e = SSOERROR_NONE;
+    POIDC_TOKEN p = NULL;
+    PSTRING pszTokenClass = NULL;
+    PSTRING pszTokenType = NULL;
+    PSTRING pszHolderOfKeyJWKS = NULL;
+    PSSO_JWK pJwk = NULL;
+    bool hasAudienceArrayClaim = false;
+    bool hasHokJwksClaim = false;
+    bool hasGroupsClaim = false;
+
+    BAIL_ON_NULL_ARGUMENT(pp);
+    BAIL_ON_NULL_ARGUMENT(psz);
+    BAIL_ON_NULL_ARGUMENT(pszExpectedTokenClass);
+
+    e = SSOMemoryAllocate(sizeof(OIDC_TOKEN), (void**) &p);
+    BAIL_ON_ERROR(e);
+
+    e = SSOJwtParse(&p->pJwt, psz);
+    BAIL_ON_ERROR(e);
+
+    e = SSOJwtGetStringClaim(p->pJwt, "token_class", &pszTokenClass);
+    BAIL_ON_ERROR(e);
+    if (!SSOStringEqual(pszTokenClass, pszExpectedTokenClass))
+    {
+        e = SSOERROR_INVALID_ARGUMENT;
+        BAIL_ON_ERROR(e);
+    }
+
+    e = SSOJwtGetStringClaim(p->pJwt, "token_type", &pszTokenType);
+    BAIL_ON_ERROR(e);
+    if (SSOStringEqual(pszTokenType, "Bearer"))
+    {
+        p->tokenType = OIDC_TOKEN_TYPE_BEARER;
+    }
+    else if (SSOStringEqual(pszTokenType, "hotk-pk"))
+    {
+        p->tokenType = OIDC_TOKEN_TYPE_HOK;
+    }
+    else
+    {
+        e = SSOERROR_INVALID_ARGUMENT;
+        BAIL_ON_ERROR(e);
+    }
+
+    e = SSOJwtGetStringClaim(p->pJwt, "iss", &p->pszIssuer);
+    BAIL_ON_ERROR(e);
+    e = SSOJwtGetStringClaim(p->pJwt, "sub", &p->pszSubject);
+    BAIL_ON_ERROR(e);
+
+    // aud claim might be a string or an array of strings
+    e = SSOJwtHasArrayClaim(p->pJwt, "aud", &hasAudienceArrayClaim);
+    BAIL_ON_ERROR(e);
+    if (hasAudienceArrayClaim)
+    {
+        e = SSOJwtGetStringArrayClaim(p->pJwt, "aud", &p->ppszAudience, &p->audienceSize);
+        BAIL_ON_ERROR(e);
+    }
+    else
+    {
+        e = SSOMemoryAllocateArray(1, sizeof(PSTRING), (void**) &p->ppszAudience);
+        BAIL_ON_ERROR(e);
+        p->audienceSize = 1;
+
+        e = SSOJwtGetStringClaim(p->pJwt, "aud", &p->ppszAudience[0]);
+        BAIL_ON_ERROR(e);
+    }
+
+    e = SSOJwtGetLongClaim(p->pJwt, "iat", &p->issueTime);
+    BAIL_ON_ERROR(e);
+    e = SSOJwtGetLongClaim(p->pJwt, "exp", &p->expirationTime);
+    BAIL_ON_ERROR(e);
+
+    e = SSOJwtHasClaim(p->pJwt, "hotk", &hasHokJwksClaim);
+    BAIL_ON_ERROR(e);
+    if (hasHokJwksClaim)
+    {
+        e = SSOJwtGetJsonClaim(p->pJwt, "hotk", &pszHolderOfKeyJWKS);
+        BAIL_ON_ERROR(e);
+
+        e = SSOJwkParseFromSet(&pJwk, pszHolderOfKeyJWKS);
+        BAIL_ON_ERROR(e);
+
+        e = SSOJwkToPublicKeyPEM(pJwk, &p->pszHolderOfKeyPEM);
+        BAIL_ON_ERROR(e);
+    }
+
+    e = SSOJwtHasClaim(p->pJwt, "groups", &hasGroupsClaim);
+    BAIL_ON_ERROR(e);
+    if (hasGroupsClaim)
+    {
+        e = SSOJwtGetStringArrayClaim(p->pJwt, "groups", &p->ppszGroups, &p->groupsSize);
+        BAIL_ON_ERROR(e);
+    }
+
+    e = SSOJwtGetStringClaim(p->pJwt, "tenant", &p->pszTenant);
+    BAIL_ON_ERROR(e);
+
+    *pp = p;
+
+error:
+
+    if (e != SSOERROR_NONE)
+    {
+        OidcTokenDelete(p);
+    }
+
+    SSOStringFree(pszTokenClass);
+    SSOStringFree(pszTokenType);
+    SSOStringFree(pszHolderOfKeyJWKS);
+    SSOJwkDelete(pJwk);
+
+    return e;
+}
+
+SSOERROR
+OidcTokenValidate(
+    POIDC_TOKEN p,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    PCSTRING pszResourceServerName, /* OPT */
+    SSO_LONG clockToleranceInSeconds)
+{
+    SSOERROR e = SSOERROR_NONE;
+    time_t now = time(NULL);
+    bool validSignature = false;
+
+    BAIL_ON_NULL_ARGUMENT(p);
+    BAIL_ON_NULL_ARGUMENT(pszSigningCertificatePEM);
+    // pszResourceServerName is nullable
+
+    if (clockToleranceInSeconds < 0 || clockToleranceInSeconds > MAX_CLOCK_TOLERANCE_IN_SECONDS)
+    {
+        e = SSOERROR_INVALID_ARGUMENT;
+        BAIL_ON_ERROR(e);
+    }
+
+    // validate signature
+    e = SSOJwtVerifySignature(p->pJwt, pszSigningCertificatePEM, &validSignature);
+    BAIL_ON_ERROR(e);
+    if (!validSignature)
+    {
+        e = SSOERROR_TOKEN_INVALID_SIGNATURE;
+        BAIL_ON_ERROR(e);
+    }
+
+    // validate resource server name appears in audience
+    if (pszResourceServerName != NULL)
+    {
+        bool resourceServerFound = false;
+        size_t i = 0;
+        for (i = 0; i < p->audienceSize; i++)
+        {
+            if (SSOStringEqual(p->ppszAudience[i], pszResourceServerName))
+            {
+                resourceServerFound = true;
+                break;
+            }
+        }
+        if (!resourceServerFound)
+        {
+            e = SSOERROR_TOKEN_INVALID_AUDIENCE;
+            BAIL_ON_ERROR(e);
+        }
+    }
+
+    // check for notBefore and notAfter
+    if (now < p->issueTime - clockToleranceInSeconds || now > p->expirationTime + clockToleranceInSeconds)
+    {
+        e = SSOERROR_TOKEN_EXPIRED;
+        BAIL_ON_ERROR(e);
+    }
+
+error:
+    return e;
+}
+
+void
+OidcTokenDelete(
+    POIDC_TOKEN p)
+{
+    if (p != NULL)
+    {
+        SSOJwtDelete(p->pJwt);
+        SSOStringFree(p->pszIssuer);
+        SSOStringFree(p->pszSubject);
+        SSOStringFree(p->pszHolderOfKeyPEM);
+        SSOStringFree(p->pszTenant);
+        SSOMemoryFreeArrayOfObjects((void**) p->ppszAudience, p->audienceSize, (GenericDestructorFunction) SSOStringFree);
+        SSOMemoryFreeArrayOfObjects((void**) p->ppszGroups, p->groupsSize, (GenericDestructorFunction) SSOStringFree);
+        SSOMemoryFree(p, sizeof(OIDC_TOKEN));
+    }
+}
diff --git a/vmidentity/ssoclients/oidc/src/oidc_token_success_response.c b/vmidentity/ssoclients/oidc/src/oidc_token_success_response.c
index 38b46d7ba..904f2963f 100644
--- a/vmidentity/ssoclients/oidc/src/oidc_token_success_response.c
+++ b/vmidentity/ssoclients/oidc/src/oidc_token_success_response.c
@@ -17,20 +17,16 @@
 SSOERROR
 OidcTokenSuccessResponseParse(
     POIDC_TOKEN_SUCCESS_RESPONSE* pp,
-    PCSTRING pszJsonResponse,
-    PCSTRING pszSigningCertificatePEM,
-    SSO_LONG clockToleranceInSeconds)
+    PCSTRING pszJsonResponse)
 {
     SSOERROR e = SSOERROR_NONE;
     PSSO_JSON pJson = NULL;
     PSSO_JSON pJsonValue = NULL;
-    PSTRING pszJsonString = NULL;
     bool isNullRefreshToken = false;
     POIDC_TOKEN_SUCCESS_RESPONSE p = NULL;
 
     ASSERT_NOT_NULL(pp);
     ASSERT_NOT_NULL(pszJsonResponse);
-    ASSERT_NOT_NULL(pszSigningCertificatePEM);
 
     e = SSOMemoryAllocate(sizeof(OIDC_TOKEN_SUCCESS_RESPONSE), (void**) &p);
     BAIL_ON_ERROR(e);
@@ -40,9 +36,7 @@ OidcTokenSuccessResponseParse(
 
     e = SSOJsonObjectGet(pJson, "id_token", &pJsonValue);
     BAIL_ON_ERROR(e);
-    e = SSOJsonStringValue(pJsonValue, &pszJsonString);
-    BAIL_ON_ERROR(e);
-    e = OidcIDTokenBuild(&p->pIDToken, pszJsonString, pszSigningCertificatePEM, NULL /* pszIssuer */, clockToleranceInSeconds);
+    e = SSOJsonStringValue(pJsonValue, &p->pszIDToken);
     BAIL_ON_ERROR(e);
     SSOJsonDelete(pJsonValue);
     pJsonValue = NULL;
@@ -71,7 +65,6 @@ OidcTokenSuccessResponseParse(
 error:
     SSOJsonDelete(pJson);
     SSOJsonDelete(pJsonValue);
-    SSOStringFree(pszJsonString);
 
     if (e != SSOERROR_NONE)
     {
@@ -86,19 +79,19 @@ OidcTokenSuccessResponseDelete(
 {
     if (p != NULL)
     {
-        OidcIDTokenDelete(p->pIDToken);
+        SSOStringFree(p->pszIDToken);
         SSOStringFree(p->pszAccessToken);
         SSOStringFree(p->pszRefreshToken);
         SSOMemoryFree(p, sizeof(OIDC_TOKEN_SUCCESS_RESPONSE));
     }
 }
 
-PCOIDC_ID_TOKEN
+PCSTRING
 OidcTokenSuccessResponseGetIDToken(
     PCOIDC_TOKEN_SUCCESS_RESPONSE p)
 {
     ASSERT_NOT_NULL(p);
-    return p->pIDToken;
+    return p->pszIDToken;
 }
 
 PCSTRING
diff --git a/vmidentity/ssoclients/oidc/src/prototypes.h b/vmidentity/ssoclients/oidc/src/prototypes.h
index 3fa0c71b8..8dd8b6c4d 100644
--- a/vmidentity/ssoclients/oidc/src/prototypes.h
+++ b/vmidentity/ssoclients/oidc/src/prototypes.h
@@ -15,28 +15,42 @@
 #ifndef _PROTOTYPES_H_
 #define _PROTOTYPES_H_
 
-// OIDC_ID_TOKEN
+// OIDC_TOKEN
 
 SSOERROR
-OidcIDTokenParse(
-    POIDC_ID_TOKEN* pp,
-    PCSTRING psz);
+OidcTokenBuild(
+    POIDC_TOKEN* pp,
+    PCSTRING psz,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    PCSTRING pszResourceServerName, /* OPT */
+    SSO_LONG clockToleranceInSeconds,
+    PCSTRING pszExpectedTokenClass);
 
-// OIDC_ACCESS_TOKEN
+SSOERROR
+OidcTokenParse(
+    POIDC_TOKEN* pp,
+    PCSTRING psz,
+    PCSTRING pszExpectedTokenClass);
 
 SSOERROR
-OidcAccessTokenParse(
-    POIDC_ACCESS_TOKEN* pp,
-    PCSTRING psz);
+OidcTokenValidate(
+    POIDC_TOKEN p,
+    PCSTRING pszSigningCertificatePEM,
+    PCSTRING pszIssuer, // not used for now
+    PCSTRING pszResourceServerName, /* OPT */
+    SSO_LONG clockToleranceInSeconds);
+
+void
+OidcTokenDelete(
+    POIDC_TOKEN p);
 
 // OIDC_TOKEN_SUCCESS_RESPONSE
 
 SSOERROR
 OidcTokenSuccessResponseParse(
     POIDC_TOKEN_SUCCESS_RESPONSE* pp,
-    PCSTRING pszJsonResponse,
-    PCSTRING pszSigningCertificatePEM,
-    SSO_LONG clockToleranceInSeconds);
+    PCSTRING pszJsonResponse);
 
 // OIDC_ERROR_RESPONSE
 
@@ -46,7 +60,7 @@ OidcErrorResponseParse(
     PCSTRING pszJsonResponse);
 
 SSOERROR
-OidcErrorResponseGetSSOErrorCode(
+OidcErrorResponseGetErrorCode(
     PCOIDC_ERROR_RESPONSE p);
 
 #endif
diff --git a/vmidentity/ssoclients/oidc/src/structs.h b/vmidentity/ssoclients/oidc/src/structs.h
index 58f816289..bebdc9a37 100644
--- a/vmidentity/ssoclients/oidc/src/structs.h
+++ b/vmidentity/ssoclients/oidc/src/structs.h
@@ -18,9 +18,10 @@
 typedef struct OIDC_CLIENT
 {
     PSTRING pszServer;
+    PSTRING pszClientID;
+    PSTRING pszTlsCAPath;
     PSTRING pszTokenEndpointUrl;
     PSTRING pszSigningCertificatePEM;
-    SSO_LONG clockToleranceInSeconds;
     PSSO_CDC pClientDCCache;
 } OIDC_CLIENT;
 
@@ -30,36 +31,35 @@ typedef struct OIDC_SERVER_METADATA
     PSTRING pszSigningCertificatePEM;
 } OIDC_SERVER_METADATA;
 
-typedef struct OIDC_ID_TOKEN
+typedef struct OIDC_TOKEN
 {
     PSSO_JWT pJwt;
+    OIDC_TOKEN_TYPE tokenType;
     PSTRING pszIssuer;
     PSTRING pszSubject;
-    PSTRING pszAudience;
+    PSTRING* ppszAudience;
+    size_t audienceSize;
     SSO_LONG issueTime;
     SSO_LONG expirationTime;
     PSTRING pszHolderOfKeyPEM;
     PSTRING* ppszGroups;
     size_t groupsSize;
+    PSTRING pszTenant;
+} OIDC_TOKEN, *POIDC_TOKEN;
+
+typedef struct OIDC_ID_TOKEN
+{
+    POIDC_TOKEN pToken;
 } OIDC_ID_TOKEN;
 
 typedef struct OIDC_ACCESS_TOKEN
 {
-    PSSO_JWT pJwt;
-    PSTRING pszIssuer;
-    PSTRING pszSubject;
-    PSTRING* ppszAudience;
-    size_t audienceSize;
-    SSO_LONG issueTime;
-    SSO_LONG expirationTime;
-    PSTRING pszHolderOfKeyPEM;
-    PSTRING* ppszGroups;
-    size_t groupsSize;
+    POIDC_TOKEN pToken;
 } OIDC_ACCESS_TOKEN;
 
 typedef struct OIDC_TOKEN_SUCCESS_RESPONSE
 {
-    OIDC_ID_TOKEN* pIDToken;
+    PSTRING pszIDToken;
     PSTRING pszAccessToken;
     PSTRING pszRefreshToken;
 } OIDC_TOKEN_SUCCESS_RESPONSE;
diff --git a/vmidentity/ssoclients/oidc/test/Makefile.am b/vmidentity/ssoclients/oidc/test/Makefile.am
index 3ec6b6427..8ddc3d62b 100644
--- a/vmidentity/ssoclients/oidc/test/Makefile.am
+++ b/vmidentity/ssoclients/oidc/test/Makefile.am
@@ -5,10 +5,11 @@ ssooidctest_SOURCES = \
     test_cases.c
 
 ssooidctest_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/oidc/include/public/ \
-    -I$(top_srcdir)/ssoclients/oidc/src/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/src/
 
 ssooidctest_LDADD = \
-    @top_builddir@/ssoclients/oidc/src/libssooidc.la
+    @top_builddir@/vmidentity/ssoclients/common/src/libssocommon.la \
+    @top_builddir@/vmidentity/ssoclients/oidc/src/libssooidc.la
diff --git a/vmidentity/ssoclients/oidc/test/main.c b/vmidentity/ssoclients/oidc/test/main.c
index fd660ad51..c1a914dfd 100644
--- a/vmidentity/ssoclients/oidc/test/main.c
+++ b/vmidentity/ssoclients/oidc/test/main.c
@@ -43,16 +43,18 @@ main(
     PCSTRING pszTenant = NULL;
     PCSTRING pszUsername = NULL;
     PCSTRING pszPassword = NULL;
+    PCSTRING pszClientID = NULL;
     bool highAvailabilityEnabled = false;
+    bool validateTls = false;
     SSOERROR e = SSOERROR_NONE;
     bool allSucceeded = true;
     size_t i = 0;
     size_t numTestCases = 0;
     bool success = false;
 
-    if (argc != 6)
+    if (argc != 7 && argc != 8)
     {
-        printf("usage: >oidctest server tenant username password enableHA\n");
+        printf("usage: >oidctest server tenant username password enableHA validateTls [client_id]\n");
         return -1;
     }
 
@@ -61,8 +63,13 @@ main(
     pszUsername = argv[3];
     pszPassword = argv[4];
     highAvailabilityEnabled = SSOStringEqual(argv[5], "true");
+    validateTls = SSOStringEqual(argv[6], "true");
+    if (argc == 8)
+    {
+        pszClientID = argv[7];
+    }
 
-    e = TestInit(pszServer, pszTenant, pszUsername, pszPassword, highAvailabilityEnabled);
+    e = TestInit(pszServer, pszTenant, pszUsername, pszPassword, pszClientID, highAvailabilityEnabled, validateTls);
     if (e != SSOERROR_NONE)
     {
         printf("failed with %s\n", SSOErrorToString(e));
diff --git a/vmidentity/ssoclients/oidc/test/test_cases.c b/vmidentity/ssoclients/oidc/test/test_cases.c
index dc2e7835a..253645cd1 100644
--- a/vmidentity/ssoclients/oidc/test/test_cases.c
+++ b/vmidentity/ssoclients/oidc/test/test_cases.c
@@ -19,6 +19,7 @@ static PCSTRING                 s_pszServer = NULL;
 static PCSTRING                 s_pszTenant = NULL;
 static PCSTRING                 s_pszUsername = NULL;
 static PCSTRING                 s_pszPassword = NULL;
+static PCSTRING                 s_pszClientID = NULL;
 
 static const PCSTRING s_pszIDTokenWithGroups = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbmlzdHJhdG9yQHZzcGhlcmUubG9jYWwiLCJpc3MiOiJodHRwczpcL1wvc2MtcmRvcHMtdm0xOC1kaGNwLTYyLTY0LmVuZy52bXdhcmUuY29tXC9vcGVuaWRjb25uZWN0XC92c3BoZXJlLmxvY2FsIiwiZ3JvdXBzIjpbInZzcGhlcmUubG9jYWxcXFVzZXJzIiwidnNwaGVyZS5sb2NhbFxcQWRtaW5pc3RyYXRvcnMiLCJ2c3BoZXJlLmxvY2FsXFxDQUFkbWlucyIsInZzcGhlcmUubG9jYWxcXENvbXBvbmVudE1hbmFnZXIuQWRtaW5pc3RyYXRvcnMiLCJ2c3BoZXJlLmxvY2FsXFxTeXN0ZW1Db25maWd1cmF0aW9uLkJhc2hTaGVsbEFkbWluaXN0cmF0b3JzIiwidnNwaGVyZS5sb2NhbFxcU3lzdGVtQ29uZmlndXJhdGlvbi5BZG1pbmlzdHJhdG9ycyIsInZzcGhlcmUubG9jYWxcXExpY2Vuc2VTZXJ2aWNlLkFkbWluaXN0cmF0b3JzIiwidnNwaGVyZS5sb2NhbFxcRXZlcnlvbmUiXSwidG9rZW5fY2xhc3MiOiJpZF90b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJnaXZlbl9uYW1lIjoiQWRtaW5pc3RyYXRvciIsImF1ZCI6ImFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbCIsInNjb3BlIjoicnNfYWRtaW5fc2VydmVyIGF0X2dyb3VwcyBvcGVuaWQgaWRfZ3JvdXBzIiwiZXhwIjoxNDc3NTI2NTEwLCJpYXQiOjE0Nzc1MjYyMTAsImZhbWlseV9uYW1lIjoidnNwaGVyZS5sb2NhbCIsImp0aSI6IjlqZUpQXzg2dmt1QnhNMl96Z0s5dXBENDFzRms1cXRZbUVnMTNWRTdHSk0iLCJ0ZW5hbnQiOiJ2c3BoZXJlLmxvY2FsIn0.PE4ddqkx6sly9J6wfV9ZcquYp-0xrSBPSP_toZe6v4PP9DS0zGJDJvmgK7uEKJKyCSEIGe0F9IfZXhWW4fbh7ishztiqY8U9utPB01ciPotA7uLTn8jJsydZQt70IoqCh1zhwEXmr1MfOLTtM5uPn3BlHoZREdeLoQ7BLgbwNwcl3j4SDZQKqOQCzIXwVA4KBg20cVqLoy_hxbO2ri3WpzfFbgs5xV5hIL-8FUldW2AZ0rp-PGu7CUxwYPLVSyuwEOjI8_IaUv6M7YSXDILNBNqSstNturDlDg6utw2P-wSZnsHL1fvj9hJ3u8uWVu-vevwwgHSte4swxr0P0LOTGA";
 static const PCSTRING s_pszIDTokenWithoutGroups = "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbmlzdHJhdG9yQHZzcGhlcmUubG9jYWwiLCJhdWQiOiJhZG1pbmlzdHJhdG9yQHZzcGhlcmUubG9jYWwiLCJzY29wZSI6InJzX2FkbWluX3NlcnZlciBvcGVuaWQiLCJpc3MiOiJodHRwczpcL1wvc2MtcmRvcHMtdm0xOC1kaGNwLTYyLTY0LmVuZy52bXdhcmUuY29tXC9vcGVuaWRjb25uZWN0XC92c3BoZXJlLmxvY2FsIiwidG9rZW5fY2xhc3MiOiJpZF90b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJleHAiOjE0Nzc1MjY0NzMsImdpdmVuX25hbWUiOiJBZG1pbmlzdHJhdG9yIiwiaWF0IjoxNDc3NTI2MTczLCJmYW1pbHlfbmFtZSI6InZzcGhlcmUubG9jYWwiLCJqdGkiOiItS1RUODNoX0pJbXNKWTVTeTBSS2M0aVlWbEJyc1ZVNlI3ek9yZWJURElNIiwidGVuYW50IjoidnNwaGVyZS5sb2NhbCJ9.P0s2Nr_IvrJ_5TFcyRbFeuIz0vthSdo0rQKYtaXjfaU0qQcB318xeMVOsFGGoxxvZaNE7iGBA61K-LARUJ1MBvw1LqthSBRi8lyplJNEG3xByS-kuBNyjdXIx3FdGf7fpDLQqKYih8SSehckMT7Rqwdms5yPMq816Nw0Ctx7FpOl1Md4Enosp9DQ-CMjOM9ceoFE7Rg8JQmOHTHWa6Io_d253gZThUafvsBuAD00INTZjanqmiJXYyQkbisnDYX7S8cIv8-Rqg7IP_tFwSJ6F8F9EKlff56MPs2cSvUastjOLrJxqMCvLFjM2IheqAlp-d03GjidlRzN-M4vXGiOlQ";
@@ -34,7 +35,9 @@ TestInit(
     PCSTRING pszTenant,
     PCSTRING pszUsername,
     PCSTRING pszPassword,
-    bool highAvailabilityEnabled)
+    PCSTRING pszClientID,
+    bool highAvailabilityEnabled,
+    bool validateTls)
 {
     SSOERROR e = SSOERROR_NONE;
 
@@ -42,11 +45,18 @@ TestInit(
     s_pszTenant = pszTenant;
     s_pszUsername = pszUsername;
     s_pszPassword = pszPassword;
+    s_pszClientID = pszClientID;
 
     e = OidcClientGlobalInit();
     BAIL_ON_ERROR(e);
 
-    e = OidcClientBuild(&s_pClient, highAvailabilityEnabled ? NULL : s_pszServer, 443, s_pszTenant, CLOCK_TOLERANCE_IN_SECONDS);
+    e = OidcClientBuild(
+        &s_pClient,
+        highAvailabilityEnabled ? NULL : s_pszServer,
+        443,
+        s_pszTenant,
+        s_pszClientID,
+        validateTls ? LIGHTWAVE_TLS_CA_PATH : NULL);
     BAIL_ON_ERROR(e);
 
 error:
@@ -68,11 +78,12 @@ TestPasswordGrantSuccessResponse()
 
     POIDC_TOKEN_SUCCESS_RESPONSE pTokenSuccessResponse = NULL;
     POIDC_ERROR_RESPONSE pTokenErrorResponse = NULL;
-    PCOIDC_ID_TOKEN pIDToken = NULL;
+    POIDC_ID_TOKEN pIDToken = NULL;
     POIDC_ACCESS_TOKEN pAccessToken = NULL;
     PSTRING pszStringClaim = NULL;
     const PSTRING* ppszAudience = NULL;
     size_t audienceSize = 0;
+    PCSTRING pszExpectedAudience = (s_pszClientID != NULL) ? s_pszClientID: s_pszUsername;
 
     e = OidcClientAcquireTokensByPassword(
         s_pClient,
@@ -83,10 +94,23 @@ TestPasswordGrantSuccessResponse()
         &pTokenErrorResponse);
     TEST_ASSERT_SUCCESS(e);
 
-    pIDToken = OidcTokenSuccessResponseGetIDToken(pTokenSuccessResponse);
+    e = OidcIDTokenBuild(
+        &pIDToken,
+        OidcTokenSuccessResponseGetIDToken(pTokenSuccessResponse),
+        OidcClientGetSigningCertificatePEM(s_pClient),
+        "issuer",
+        CLOCK_TOLERANCE_IN_SECONDS);
+    TEST_ASSERT_SUCCESS(e);
     TEST_ASSERT_TRUE(OidcIDTokenGetIssuer(pIDToken) != NULL);
     TEST_ASSERT_EQUAL_STRINGS(s_pszUsername, OidcIDTokenGetSubject(pIDToken));
-    TEST_ASSERT_EQUAL_STRINGS(s_pszUsername, OidcIDTokenGetAudience(pIDToken));
+
+    OidcIDTokenGetAudience(pIDToken, &ppszAudience, &audienceSize);
+    TEST_ASSERT_TRUE(ppszAudience != NULL);
+    TEST_ASSERT_TRUE(audienceSize == 1);
+    TEST_ASSERT_EQUAL_STRINGS(pszExpectedAudience, ppszAudience[0]);
+    TEST_ASSERT_TRUE(OidcIDTokenGetAudienceSize(pIDToken) == audienceSize);
+    TEST_ASSERT_EQUAL_STRINGS(pszExpectedAudience, OidcIDTokenGetAudienceEntry(pIDToken, 0));
+
     TEST_ASSERT_TRUE(OidcIDTokenGetIssueTime(pIDToken) > 0);
     TEST_ASSERT_TRUE(OidcIDTokenGetExpirationTime(pIDToken) > 0);
 
@@ -109,7 +133,9 @@ TestPasswordGrantSuccessResponse()
     OidcAccessTokenGetAudience(pAccessToken, &ppszAudience, &audienceSize);
     TEST_ASSERT_TRUE(ppszAudience != NULL);
     TEST_ASSERT_TRUE(audienceSize == 1);
-    TEST_ASSERT_EQUAL_STRINGS(s_pszUsername, ppszAudience[0]);
+    TEST_ASSERT_EQUAL_STRINGS(pszExpectedAudience, ppszAudience[0]);
+    TEST_ASSERT_TRUE(OidcAccessTokenGetAudienceSize(pAccessToken) == audienceSize);
+    TEST_ASSERT_EQUAL_STRINGS(pszExpectedAudience, OidcAccessTokenGetAudienceEntry(pAccessToken, 0));
 
     e = OidcAccessTokenGetStringClaim(pAccessToken, "token_class", &pszStringClaim);
     TEST_ASSERT_SUCCESS(e);
@@ -121,6 +147,7 @@ TestPasswordGrantSuccessResponse()
 
     OidcTokenSuccessResponseDelete(pTokenSuccessResponse);
     OidcErrorResponseDelete(pTokenErrorResponse);
+    OidcIDTokenDelete(pIDToken);
     OidcAccessTokenDelete(pAccessToken);
 
     return true;
diff --git a/vmidentity/ssoclients/oidc/test/test_cases.h b/vmidentity/ssoclients/oidc/test/test_cases.h
index 8ac2cf9d5..a63650052 100644
--- a/vmidentity/ssoclients/oidc/test/test_cases.h
+++ b/vmidentity/ssoclients/oidc/test/test_cases.h
@@ -27,9 +27,11 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 #include "oidc_types.h"
 #include "oidc.h"
+#include "structs.h"
 #include "prototypes.h"
 
 SSOERROR
@@ -38,7 +40,9 @@ TestInit(
     PCSTRING pszTenant,
     PCSTRING pszUsername,
     PCSTRING pszPassword,
-    bool highAvailabilityEnabled);
+    PCSTRING pszClientID,
+    bool highAvailabilityEnabled,
+    bool validateTls);
 
 void
 TestCleanup();
diff --git a/vmidentity/ssoclients/restclient/afdclient/src/Makefile.am b/vmidentity/ssoclients/restclient/afdclient/src/Makefile.am
index 7020abdfc..c8796a839 100644
--- a/vmidentity/ssoclients/restclient/afdclient/src/Makefile.am
+++ b/vmidentity/ssoclients/restclient/afdclient/src/Makefile.am
@@ -7,11 +7,11 @@ libssoafdclient_la_SOURCES = \
     vecs_resource.c
 
 libssoafdclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/afdclient/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/afdclient/include/public/
 
 libssoafdclient_la_LIBADD = \
-    @top_builddir@/ssoclients/restclient/coreclient/src/libssocoreclient.la
+    @top_builddir@/vmidentity/ssoclients/restclient/coreclient/src/libssocoreclient.la
diff --git a/vmidentity/ssoclients/restclient/afdclient/src/ad_provider_resource.c b/vmidentity/ssoclients/restclient/afdclient/src/ad_provider_resource.c
index 4e732c924..17bb17a72 100644
--- a/vmidentity/ssoclients/restclient/afdclient/src/ad_provider_resource.c
+++ b/vmidentity/ssoclients/restclient/afdclient/src/ad_provider_resource.c
@@ -54,6 +54,7 @@ AfdAdProviderJoin(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) AfdJsonToActiveDirectoryJoinInfoData,
         (void**) &pActiveDirectoryJoinInfoReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -115,6 +116,7 @@ AfdAdProviderLeave(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -166,6 +168,7 @@ AfdAdProviderGetStatus(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) AfdJsonToActiveDirectoryJoinInfoData,
         (void**) &pActiveDirectoryJoinInfoReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/afdclient/src/includes.h b/vmidentity/ssoclients/restclient/afdclient/src/includes.h
index 6db71ebcd..6eddf7341 100644
--- a/vmidentity/ssoclients/restclient/afdclient/src/includes.h
+++ b/vmidentity/ssoclients/restclient/afdclient/src/includes.h
@@ -32,6 +32,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // core client headers
 #include "ssocoreclient.h"
diff --git a/vmidentity/ssoclients/restclient/afdclient/src/vecs_resource.c b/vmidentity/ssoclients/restclient/afdclient/src/vecs_resource.c
index 353633a63..34947e1b0 100644
--- a/vmidentity/ssoclients/restclient/afdclient/src/vecs_resource.c
+++ b/vmidentity/ssoclients/restclient/afdclient/src/vecs_resource.c
@@ -51,6 +51,7 @@ AfdVecsGetSSLCertificates(
         REST_HTTP_METHOD_TYPE_GET,
         (JsonToDataObjectFunc) RestJsonToCertificateArrayData,
         (void**) &pCertificateArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/coreclient/include/coreclient_prototypes.h b/vmidentity/ssoclients/restclient/coreclient/include/coreclient_prototypes.h
index b90a378f6..5c18c75d3 100644
--- a/vmidentity/ssoclients/restclient/coreclient/include/coreclient_prototypes.h
+++ b/vmidentity/ssoclients/restclient/coreclient/include/coreclient_prototypes.h
@@ -101,6 +101,7 @@ RestBuildAndExecuteHttp(
     REST_HTTP_METHOD_TYPE httpMethodType,
     JsonToDataObjectFunc fJsonToDataObject,
     void** ppDataObjectReturn,
+    PCSTRING tlsCAPath,
     REST_SERVER_ERROR** ppError);
 
 SSOERROR
diff --git a/vmidentity/ssoclients/restclient/coreclient/include/coreclient_structs.h b/vmidentity/ssoclients/restclient/coreclient/include/coreclient_structs.h
index b3690e059..3534981ed 100644
--- a/vmidentity/ssoclients/restclient/coreclient/include/coreclient_structs.h
+++ b/vmidentity/ssoclients/restclient/coreclient/include/coreclient_structs.h
@@ -29,6 +29,7 @@ typedef struct REST_CLIENT
     PSSO_CDC pCdc;
     size_t serverPort;
     REST_SCHEME_TYPE schemeType;
+    PSTRING tlsCAPath;
     REST_ACCESS_TOKEN* pAccessToken;
 } REST_CLIENT;
 
diff --git a/vmidentity/ssoclients/restclient/coreclient/include/public/ssocoreclient.h b/vmidentity/ssoclients/restclient/coreclient/include/public/ssocoreclient.h
index db35e2493..d45f73a94 100644
--- a/vmidentity/ssoclients/restclient/coreclient/include/public/ssocoreclient.h
+++ b/vmidentity/ssoclients/restclient/coreclient/include/public/ssocoreclient.h
@@ -80,12 +80,24 @@ void
 RestAccessTokenDelete(
     PREST_ACCESS_TOKEN pAccessToken);
 
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
 SSOERROR
 RestClientGlobalInit();
 
+// this function is not thread safe. Call it right before process exit
 void
 RestClientGlobalCleanup();
 
+// make sure you call RestClientGlobalInit once per process before calling this
+// tlsCAPath: NULL means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
 SSOERROR
 RestClientNew(
     PREST_CLIENT* ppClient,
@@ -93,6 +105,7 @@ RestClientNew(
     bool highAvailabilityEnabled,
     size_t serverPort,
     REST_SCHEME_TYPE schemeType,
+    PCSTRING tlsCAPath, // optional, see comment above
     PCREST_ACCESS_TOKEN pAccessToken);
 
 void
diff --git a/vmidentity/ssoclients/restclient/coreclient/src/Makefile.am b/vmidentity/ssoclients/restclient/coreclient/src/Makefile.am
index a8b561261..f2d84c6eb 100644
--- a/vmidentity/ssoclients/restclient/coreclient/src/Makefile.am
+++ b/vmidentity/ssoclients/restclient/coreclient/src/Makefile.am
@@ -18,10 +18,10 @@ libssocoreclient_la_SOURCES = \
     utils.c
 
 libssocoreclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/public/
 
 libssocoreclient_la_LIBADD = \
-    @top_builddir@/ssoclients/common/src/libssocommon.la
+    @top_builddir@/vmidentity/ssoclients/common/src/libssocommon.la
diff --git a/vmidentity/ssoclients/restclient/coreclient/src/includes.h b/vmidentity/ssoclients/restclient/coreclient/src/includes.h
index cccfa4a11..5e3242016 100644
--- a/vmidentity/ssoclients/restclient/coreclient/src/includes.h
+++ b/vmidentity/ssoclients/restclient/coreclient/src/includes.h
@@ -32,6 +32,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // project headers
 #include "ssocoreclient.h"
diff --git a/vmidentity/ssoclients/restclient/coreclient/src/rest_client.c b/vmidentity/ssoclients/restclient/coreclient/src/rest_client.c
index e87f9081a..482b4a1d3 100644
--- a/vmidentity/ssoclients/restclient/coreclient/src/rest_client.c
+++ b/vmidentity/ssoclients/restclient/coreclient/src/rest_client.c
@@ -14,18 +14,30 @@
 
 #include "includes.h"
 
+/*
+ * IMPORTANT: you must call this function at process startup while there is only a single thread running
+ * This is a wrapper for curl_global_init, from its documentation:
+ * This function is not thread safe.
+ * You must not call it when any other thread in the program (i.e. a thread sharing the same memory) is running.
+ * This doesn't just mean no other thread that is using libcurl.
+ * Because curl_global_init calls functions of other libraries that are similarly thread unsafe,
+ * it could conflict with any other thread that uses these other libraries.
+ */
 SSOERROR
 RestClientGlobalInit()
 {
     return SSOHttpClientGlobalInit();
 }
 
+// this function is not thread safe. Call it right before process exit
 void
 RestClientGlobalCleanup()
 {
     SSOHttpClientGlobalCleanup();
 }
 
+// make sure you call RestClientGlobalInit once per process before calling this
+// tlsCAPath: NULL means skip tls validation, otherwise LIGHTWAVE_TLS_CA_PATH will work on lightwave client and server
 SSOERROR
 RestClientNew(
     PREST_CLIENT* ppClient,
@@ -33,6 +45,7 @@ RestClientNew(
     bool highAvailabilityEnabled,
     size_t serverPort,
     REST_SCHEME_TYPE schemeType,
+    PCSTRING tlsCAPath, // optional, see comment above
     PCREST_ACCESS_TOKEN pAccessToken)
 {
     SSOERROR e = SSOERROR_NONE;
@@ -65,6 +78,12 @@ RestClientNew(
 
     pClient->schemeType = schemeType;
 
+    if (tlsCAPath != NULL)
+    {
+        e = RestStringDataNew(&(pClient->tlsCAPath), tlsCAPath);
+        BAIL_ON_ERROR(e);
+    }
+
     if (pAccessToken != NULL)
     {
         e = RestAccessTokenNew(
@@ -94,6 +113,7 @@ RestClientDelete(
     if (pClient != NULL)
     {
         RestStringDataDelete(pClient->serverHost);
+        RestStringDataDelete(pClient->tlsCAPath);
         SSOCdcDelete(pClient->pCdc);
         RestAccessTokenDelete(pClient->pAccessToken);
         SSOMemoryFree(pClient, sizeof(REST_CLIENT));
diff --git a/vmidentity/ssoclients/restclient/coreclient/src/utils.c b/vmidentity/ssoclients/restclient/coreclient/src/utils.c
index abf39b87a..c9a49abbb 100644
--- a/vmidentity/ssoclients/restclient/coreclient/src/utils.c
+++ b/vmidentity/ssoclients/restclient/coreclient/src/utils.c
@@ -160,6 +160,7 @@ RestBuildAndExecuteHttp(
     REST_HTTP_METHOD_TYPE httpMethodType,
     JsonToDataObjectFunc fJsonToDataObject,
     void** ppDataObjectReturn,
+    PCSTRING tlsCAPath,
     REST_SERVER_ERROR** ppError)
 {
     SSOERROR e = SSOERROR_NONE;
@@ -198,7 +199,7 @@ RestBuildAndExecuteHttp(
     e = RestBuildPostEntity(pAccessToken, httpMethodType, pJson, httpFormattedDate, resourceUri, &post);
     BAIL_ON_ERROR(e);
 
-    e = SSOHttpClientNew(&pHttpClient);
+    e = SSOHttpClientNew(&pHttpClient, tlsCAPath);
     BAIL_ON_ERROR(e);
 
     if (httpMethodType == REST_HTTP_METHOD_TYPE_POST)
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/Makefile.am b/vmidentity/ssoclients/restclient/idmclient/src/Makefile.am
index bca02a1db..4dba1fd33 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/Makefile.am
+++ b/vmidentity/ssoclients/restclient/idmclient/src/Makefile.am
@@ -78,11 +78,11 @@ libssoidmclient_la_SOURCES = \
     user_resource.c
 
 libssoidmclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/idmclient/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/idmclient/include/public/
 
 libssoidmclient_la_LIBADD = \
-    @top_builddir@/ssoclients/restclient/coreclient/src/libssocoreclient.la
+    @top_builddir@/vmidentity/ssoclients/restclient/coreclient/src/libssocoreclient.la
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/certificate_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/certificate_resource.c
index e1dedf70b..c48d856ad 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/certificate_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/certificate_resource.c
@@ -69,6 +69,7 @@ IdmCertificateGet(
         REST_HTTP_METHOD_TYPE_GET,
         (JsonToDataObjectFunc) IdmJsonToCertificateChainArrayData,
         (void**) &pCertificateChainArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -133,6 +134,7 @@ IdmCertificateDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -186,6 +188,7 @@ IdmCertificateGetPrivateKey(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToPrivateKeyData,
         (void**) &pPrivateKeyReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -247,6 +250,7 @@ IdmCertificateSetCredentials(
         REST_HTTP_METHOD_TYPE_POST,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/diagnostics_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/diagnostics_resource.c
index 7f2074df2..0cdbf8488 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/diagnostics_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/diagnostics_resource.c
@@ -51,6 +51,7 @@ IdmDiagnosticsClearEventLog(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -104,6 +105,7 @@ IdmDiagnosticsGetEventLog(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToEventLogArrayData,
         (void**) &pEventLogArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -166,6 +168,7 @@ IdmDiagnosticsGetEventLogStatus(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToEventLogStatusData,
         (void**) &pEventLogStatusReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -233,6 +236,7 @@ IdmDiagnosticsStartEventLog(
         REST_HTTP_METHOD_TYPE_POST,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -284,6 +288,7 @@ IdmDiagnosticsStopEventLog(
         REST_HTTP_METHOD_TYPE_POST,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/external_idp_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/external_idp_resource.c
index ee2e53821..b3a2f811b 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/external_idp_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/external_idp_resource.c
@@ -55,6 +55,7 @@ IdmExternalIdpRegister(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToExternalIdpData,
         (void**) &pExternalIdpReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -118,6 +119,7 @@ IdmExternalIdpRegisterByMetadata(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToExternalIdpData,
         (void**) &pExternalIdpReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -180,6 +182,7 @@ IdmExternalIdpGetAll(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToExternalIdpArrayData,
         (void**) &pExternalIdpArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -243,6 +246,7 @@ IdmExternalIdpGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToExternalIdpData,
         (void**) &pExternalIdpReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -304,6 +308,7 @@ IdmExternalIdpDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/group_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/group_resource.c
index 639b4f595..26a26fe0d 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/group_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/group_resource.c
@@ -67,6 +67,7 @@ IdmGroupGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToGroupData,
         (void**) &pGroupReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -148,6 +149,7 @@ IdmGroupGetMembers(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToSearchResultData,
         (void**) &pSearchResultReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -218,6 +220,7 @@ IdmGroupGetParents(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToGroupArrayData,
         (void**) &pGroupArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/identity_provider_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/identity_provider_resource.c
index b1d84b5ff..769361d21 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/identity_provider_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/identity_provider_resource.c
@@ -67,6 +67,7 @@ IdmIdentityProviderCreateInternal(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToIdentityProviderData,
         (void**) &pIdentityProviderReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -189,6 +190,7 @@ IdmIdentityProviderGetAll(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToIdentityProviderArrayData,
         (void**) &pIdentityProviderArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -252,6 +254,7 @@ IdmIdentityProviderGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToIdentityProviderData,
         (void**) &pIdentityProviderReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -316,6 +319,7 @@ IdmIdentityProviderUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) IdmJsonToIdentityProviderData,
         (void**) &pIdentityProviderReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -377,6 +381,7 @@ IdmIdentityProviderDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/includes.h b/vmidentity/ssoclients/restclient/idmclient/src/includes.h
index 57230fcbe..9bcec2faf 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/includes.h
+++ b/vmidentity/ssoclients/restclient/idmclient/src/includes.h
@@ -32,6 +32,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // core client headers
 #include "ssocoreclient.h"
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/oidc_client_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/oidc_client_resource.c
index c637e31a8..3c3df40bb 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/oidc_client_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/oidc_client_resource.c
@@ -55,6 +55,7 @@ IdmOidcClientRegister(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToOidcClientData,
         (void**) &pOidcClientReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -117,6 +118,7 @@ IdmOidcClientGetAll(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToOidcClientArrayData,
         (void**) &pOidcClientArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -180,6 +182,7 @@ IdmOidcClientGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToOidcClientData,
         (void**) &pOidcClientReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -244,6 +247,7 @@ IdmOidcClientUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) IdmJsonToOidcClientData,
         (void**) &pOidcClientReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -305,6 +309,7 @@ IdmOidcClientDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/relying_party_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/relying_party_resource.c
index 4981cfbd7..829da7b46 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/relying_party_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/relying_party_resource.c
@@ -55,6 +55,7 @@ IdmRelyingPartyRegister(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToRelyingPartyData,
         (void**) &pRelyingPartyReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -117,6 +118,7 @@ IdmRelyingPartyGetAll(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToRelyingPartyArrayData,
         (void**) &pRelyingPartyArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -180,6 +182,7 @@ IdmRelyingPartyGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToRelyingPartyData,
         (void**) &pRelyingPartyReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -244,6 +247,7 @@ IdmRelyingPartyUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) IdmJsonToRelyingPartyData,
         (void**) &pRelyingPartyReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -305,6 +309,7 @@ IdmRelyingPartyDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/resource_server_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/resource_server_resource.c
index 1986ffa78..11d873952 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/resource_server_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/resource_server_resource.c
@@ -55,6 +55,7 @@ IdmResourceServerRegister(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToResourceServerData,
         (void**) &pResourceServerReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -117,6 +118,7 @@ IdmResourceServerGetAll(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToResourceServerArrayData,
         (void**) &pResourceServerArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -180,6 +182,7 @@ IdmResourceServerGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToResourceServerData,
         (void**) &pResourceServerReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -244,6 +247,7 @@ IdmResourceServerUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) IdmJsonToResourceServerData,
         (void**) &pResourceServerReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -305,6 +309,7 @@ IdmResourceServerDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/server_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/server_resource.c
index 8329cd061..bb0814ffd 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/server_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/server_resource.c
@@ -62,6 +62,7 @@ IdmServerGetComputers(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToServerDetailsArrayData,
         (void**) &pServerDetailsArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/solution_user_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/solution_user_resource.c
index 622eaa9f2..c1f1a36ae 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/solution_user_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/solution_user_resource.c
@@ -54,6 +54,7 @@ IdmSolutionUserGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToSolutionUserData,
         (void**) &pSolutionUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/tenant_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/tenant_resource.c
index 225fc7efb..f8b622896 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/tenant_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/tenant_resource.c
@@ -78,6 +78,7 @@ IdmTenantCreate(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToTenantData,
         (void**) &pTenantReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -140,6 +141,7 @@ IdmTenantGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToTenantData,
         (void**) &pTenantReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -199,6 +201,7 @@ IdmTenantDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -265,6 +268,7 @@ IdmTenantGetConfig(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToTenantConfigurationData,
         (void**) &pTenantConfigurationReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -328,6 +332,7 @@ IdmTenantUpdateConfig(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) IdmJsonToTenantConfigurationData,
         (void**) &pTenantConfigurationReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -413,6 +418,7 @@ IdmTenantSearch(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToSearchResultData,
         (void**) &pSearchResultReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/idmclient/src/user_resource.c b/vmidentity/ssoclients/restclient/idmclient/src/user_resource.c
index 6eab50c31..257400bd3 100644
--- a/vmidentity/ssoclients/restclient/idmclient/src/user_resource.c
+++ b/vmidentity/ssoclients/restclient/idmclient/src/user_resource.c
@@ -55,6 +55,7 @@ IdmExternalUserCreate(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) RestJsonToBooleanData,
         (void**) &pCreated,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -123,6 +124,7 @@ IdmUserGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToUserData,
         (void**) &pUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -196,6 +198,7 @@ IdmUserGetGroups(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) IdmJsonToGroupArrayData,
         (void**) &pGroupArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -263,6 +266,7 @@ IdmExternalUserDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/test/src/Makefile.am b/vmidentity/ssoclients/restclient/test/src/Makefile.am
index 22ae8f56b..21cc0eee1 100644
--- a/vmidentity/ssoclients/restclient/test/src/Makefile.am
+++ b/vmidentity/ssoclients/restclient/test/src/Makefile.am
@@ -19,17 +19,19 @@ ssorestclienttest_SOURCES = \
     vecs_resource_test.c
 
 ssorestclienttest_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/idmclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/vmdirclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/afdclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/oidc/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/idmclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/vmdirclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/afdclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/oidc/include/public/
 
 ssorestclienttest_LDADD = \
-    @top_builddir@/ssoclients/restclient/idmclient/src/libssoidmclient.la \
-    @top_builddir@/ssoclients/restclient/vmdirclient/src/libssovmdirclient.la \
-    @top_builddir@/ssoclients/restclient/afdclient/src/libssoafdclient.la \
-    @top_builddir@/ssoclients/oidc/src/libssooidc.la
+    @top_builddir@/vmidentity/ssoclients/common/src/libssocommon.la \
+    @top_builddir@/vmidentity/ssoclients/restclient/idmclient/src/libssoidmclient.la \
+    @top_builddir@/vmidentity/ssoclients/restclient/vmdirclient/src/libssovmdirclient.la \
+    @top_builddir@/vmidentity/ssoclients/restclient/afdclient/src/libssoafdclient.la \
+    @top_builddir@/vmidentity/ssoclients/restclient/coreclient/src/libssocoreclient.la \
+    @top_builddir@/vmidentity/ssoclients/oidc/src/libssooidc.la
diff --git a/vmidentity/ssoclients/restclient/test/src/globals.h b/vmidentity/ssoclients/restclient/test/src/globals.h
index 393dbe28d..2676318fa 100644
--- a/vmidentity/ssoclients/restclient/test/src/globals.h
+++ b/vmidentity/ssoclients/restclient/test/src/globals.h
@@ -23,6 +23,7 @@ extern PSTRING systemTenantPassword;
 extern PCSTRING testTenant;
 extern PCSTRING testTenantUsername;
 extern PCSTRING testTenantPassword;
+extern PCSTRING tlsCAPath;
 
 extern PSTRING testOIDCClientId;
 
diff --git a/vmidentity/ssoclients/restclient/test/src/group_resource_test.c b/vmidentity/ssoclients/restclient/test/src/group_resource_test.c
index 3ebd8291c..fd2638288 100644
--- a/vmidentity/ssoclients/restclient/test/src/group_resource_test.c
+++ b/vmidentity/ssoclients/restclient/test/src/group_resource_test.c
@@ -248,7 +248,7 @@ VmdirGroupAddMembersTest()
 
     PSTRING pMemberArray[] =
     {
-        "Administrator@test_tenant_name"
+        "Administrator@my-test-tenant.com"
     };
     VMDIR_STRING_ARRAY_DATA* pMembers = NULL;
 
@@ -313,7 +313,7 @@ VmdirGroupRemoveMembersTest()
 
     PSTRING pMemberArray[] =
     {
-        "Administrator@test_tenant_name"
+        "Administrator@my-test-tenant.com"
     };
     VMDIR_STRING_ARRAY_DATA* pMembers = NULL;
 
diff --git a/vmidentity/ssoclients/restclient/test/src/identity_provider_resource_test.c b/vmidentity/ssoclients/restclient/test/src/identity_provider_resource_test.c
index 124b6a795..31609b76d 100644
--- a/vmidentity/ssoclients/restclient/test/src/identity_provider_resource_test.c
+++ b/vmidentity/ssoclients/restclient/test/src/identity_provider_resource_test.c
@@ -72,12 +72,12 @@ IdmIdentityProviderCreateTest()
     PCSTRING authenticationType = "PASSWORD";
     PCSTRING friendlyName = "test_friendlyName";
     SSO_LONG searchTimeOutInSeconds = 10000;
-    PCSTRING username = "cn=Administrator, cn=users, dc=vSphere, dc=local";
-    PCSTRING password = "Admin!23";
+    PCSTRING username = "cn=Administrator, cn=users, dc=lw-testdom, dc=com";
+    PCSTRING password = "Ca$hc0w1";
     bool machineAccount = false;
     PCSTRING servicePrincipalName = "test_servicePrincipalName";
-    PCSTRING userBaseDN = "cn=users, dc=vSphere, dc=local";
-    PCSTRING groupBaseDN = "cn=solutionusers, dc=vSphere, dc=local";
+    PCSTRING userBaseDN = "cn=users, dc=lw-testdom, dc=com";
+    PCSTRING groupBaseDN = "cn=solutionusers, dc=lw-testdom, dc=com";
     bool matchingRuleInChainEnabled = true;
     bool baseDnForNestedGroupsEnabled = true;
     bool directGroupsSearchEnabled = true;
@@ -282,12 +282,12 @@ IdmIdentityProviderProbeTest()
     PCSTRING authenticationType = "PASSWORD";
     PCSTRING friendlyName = "test_friendlyName";
     SSO_LONG searchTimeOutInSeconds = 10000;
-    PCSTRING username = "cn=Administrator, cn=users, dc=vSphere, dc=local";
-    PCSTRING password = "Admin!23";
+    PCSTRING username = "cn=Administrator, cn=users, dc=lw-testdom, dc=com";
+    PCSTRING password = "Ca$hc0w1";
     bool machineAccount = false;
     PCSTRING servicePrincipalName = "test_servicePrincipalName";
-    PCSTRING userBaseDN = "cn=users, dc=vSphere, dc=local";
-    PCSTRING groupBaseDN = "cn=solutionusers, dc=vSphere, dc=local";
+    PCSTRING userBaseDN = "cn=users, dc=lw-testdom, dc=com";
+    PCSTRING groupBaseDN = "cn=solutionusers, dc=lw-testdom, dc=com";
     bool matchingRuleInChainEnabled = true;
     bool baseDnForNestedGroupsEnabled = true;
     bool directGroupsSearchEnabled = true;
@@ -543,12 +543,12 @@ IdmIdentityProviderUpdateTest()
     PCSTRING authenticationType = "PASSWORD";
     PCSTRING friendlyName = "test_friendlyName";
     SSO_LONG searchTimeOutInSeconds = 10000;
-    PCSTRING username = "cn=Administrator, cn=users, dc=vSphere, dc=local";
-    PCSTRING password = "Admin!23";
+    PCSTRING username = "cn=Administrator, cn=users, dc=lw-testdom, dc=com";
+    PCSTRING password = "Ca$hc0w1";
     bool machineAccount = false;
     PCSTRING servicePrincipalName = "test_servicePrincipalName";
-    PCSTRING userBaseDN = "cn=users, dc=vSphere, dc=local";
-    PCSTRING groupBaseDN = "cn=solutionusers, dc=vSphere, dc=local";
+    PCSTRING userBaseDN = "cn=users, dc=lw-testdom, dc=com";
+    PCSTRING groupBaseDN = "cn=solutionusers, dc=lw-testdom, dc=com";
     bool matchingRuleInChainEnabled = true;
     bool baseDnForNestedGroupsEnabled = true;
     bool directGroupsSearchEnabled = true;
diff --git a/vmidentity/ssoclients/restclient/test/src/includes.h b/vmidentity/ssoclients/restclient/test/src/includes.h
index fb6b81cff..51c9a7ab1 100644
--- a/vmidentity/ssoclients/restclient/test/src/includes.h
+++ b/vmidentity/ssoclients/restclient/test/src/includes.h
@@ -32,6 +32,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // OIDC client headers
 #include "oidc_types.h"
diff --git a/vmidentity/ssoclients/restclient/test/src/resource_server_resource_test.c b/vmidentity/ssoclients/restclient/test/src/resource_server_resource_test.c
index 0d8cd0652..14fc5c878 100644
--- a/vmidentity/ssoclients/restclient/test/src/resource_server_resource_test.c
+++ b/vmidentity/ssoclients/restclient/test/src/resource_server_resource_test.c
@@ -28,8 +28,8 @@ IdmResourceServerRegisterTest()
 
     PSTRING pGroupFilterArray[] =
     {
-        "test_tenant_name\\group1",
-        "test_tenant_name\\group2"
+        "my-test-tenant.com\\group1",
+        "my-test-tenant.com\\group2"
     };
     IDM_STRING_ARRAY_DATA* pGroupFilter = NULL;
 
@@ -121,8 +121,8 @@ IdmResourceServerUpdateTest()
 
     PSTRING pGroupFilterArray[] =
     {
-        "test_tenant_name\\group3",
-        "test_tenant_name\\group4"
+        "my-test-tenant.com\\group3",
+        "my-test-tenant.com\\group4"
     };
     IDM_STRING_ARRAY_DATA* pGroupFilter = NULL;
 
diff --git a/vmidentity/ssoclients/restclient/test/src/tenant_resource_test.c b/vmidentity/ssoclients/restclient/test/src/tenant_resource_test.c
index b370dfbdc..d8209d8bb 100644
--- a/vmidentity/ssoclients/restclient/test/src/tenant_resource_test.c
+++ b/vmidentity/ssoclients/restclient/test/src/tenant_resource_test.c
@@ -44,8 +44,8 @@ IdmTenantCreateTest()
     PCSTRING key = "test_tenant_key";
     PCSTRING guid = "test_tenant_guid";
     PCSTRING issuer = "test_tenant_issuer";
-    PCSTRING username = "administrator@vsphere.local";
-    PCSTRING password = "Admin!23";
+    PCSTRING username = "administrator@lw-testdom.com";
+    PCSTRING password = "Ca$hc0w1";
 
     // create private key
     e = IdmPrivateKeyDataNew(&pPrivateKey, privateKeyEncoded, privateKeyAlgorithm);
@@ -360,7 +360,7 @@ IdmTenantSearchTest()
 
     REST_SERVER_ERROR* pServerError = NULL;
 
-    PCSTRING domain = "test_tenant_name";
+    PCSTRING domain = "my-test-tenant.com";
     PCSTRING query = "Administrator";
     IDM_MEMBER_TYPE memberType = IDM_MEMBER_TYPE_ALL;
     IDM_SEARCH_TYPE searchBy = IDM_SEARCH_TYPE_NAME;
diff --git a/vmidentity/ssoclients/restclient/test/src/test.c b/vmidentity/ssoclients/restclient/test/src/test.c
index ac0c74814..6a5f507a5 100644
--- a/vmidentity/ssoclients/restclient/test/src/test.c
+++ b/vmidentity/ssoclients/restclient/test/src/test.c
@@ -22,9 +22,10 @@ size_t pscPort;
 PSTRING systemTenant;
 PSTRING systemTenantUsername;
 PSTRING systemTenantPassword;
-PCSTRING testTenant = "test_tenant_name";
-PCSTRING testTenantUsername = "Administrator@test_tenant_name";
-PCSTRING testTenantPassword = "Admin!23";
+PCSTRING testTenant = "my-test-tenant.com";
+PCSTRING testTenantUsername = "Administrator@my-test-tenant.com";
+PCSTRING testTenantPassword = "Ca$hc0w1";
+PCSTRING tlsCAPath;
 
 static
 PCSTRING
@@ -137,7 +138,7 @@ main(
     SSOERROR e = SSOERROR_NONE;
     PCSTRING ret = NULL;
 
-    if (argc == 6)
+    if (argc == 7)
     {
         e = SSOStringAllocate(argv[1], &pscHost);
         BAIL_ON_ERROR(e)
@@ -153,6 +154,8 @@ main(
         e = SSOStringAllocate(argv[5], &systemTenantPassword);
         BAIL_ON_ERROR(e)
 
+        tlsCAPath = SSOStringEqual(argv[6], "true") ? LIGHTWAVE_TLS_CA_PATH : NULL;
+
         ret = run_all_tests();
 
         if (ret)
@@ -168,8 +171,8 @@ main(
     }
     else
     {
-        fprintf(stdout, "%s\n", "Command to run test: ssorestclienttest ip port systemTenant systemTenantAdminUsername systemTenantAdminPassword");
-        fprintf(stdout, "%s\n", "        for example: ssorestclienttest 1.2.3.4 7444 coke admin@coke cokeword");
+        fprintf(stdout, "%s\n", "Command to run test: ssorestclienttest ip port systemTenant systemTenantAdminUsername systemTenantAdminPassword validateTls");
+        fprintf(stdout, "%s\n", "        for example: ssorestclienttest 1.2.3.4 7444 coke admin@coke cokeword false");
     }
 
     error:
diff --git a/vmidentity/ssoclients/restclient/test/src/test_util.c b/vmidentity/ssoclients/restclient/test/src/test_util.c
index 40d757856..139c59845 100644
--- a/vmidentity/ssoclients/restclient/test/src/test_util.c
+++ b/vmidentity/ssoclients/restclient/test/src/test_util.c
@@ -106,7 +106,7 @@ RestTestBearerTokenClientNew(
     e = OidcClientGlobalInit();
     BAIL_ON_ERROR(e);
 
-    e = OidcClientBuild(&pOIDCClient, pscHost, pscPort, tenant, 5 * 60L);
+    e = OidcClientBuild(&pOIDCClient, pscHost, pscPort, tenant, NULL /* pszClientID */, tlsCAPath);
     BAIL_ON_ERROR(e);
 
     e = OidcClientAcquireTokensByPassword(
@@ -123,7 +123,7 @@ RestTestBearerTokenClientNew(
     BAIL_ON_ERROR(e);
 
     // create bearer token client
-    e = RestClientNew(&pRestBearerTokenClient, pscHost, useHA, pscPort, REST_SCHEME_TYPE_HTTPS, pBearerAccessToken);
+    e = RestClientNew(&pRestBearerTokenClient, pscHost, useHA, pscPort, REST_SCHEME_TYPE_HTTPS, tlsCAPath, pBearerAccessToken);
     BAIL_ON_ERROR(e);
 
     *ppRestBearerTokenClient = pRestBearerTokenClient;
@@ -186,7 +186,7 @@ RestTestHOKTokenClientNew(
 
     PSTRING pMemberArray[] =
     {
-        "oidc-client-test-723693c9-bff6-4bce-ad25-e654179f7448@test_tenant_name"
+        "oidc-client-test-723693c9-bff6-4bce-ad25-e654179f7448@my-test-tenant.com"
     };
     VMDIR_STRING_ARRAY_DATA* pMembers = NULL;
     VMDIR_MEMBER_TYPE memberType = VMDIR_MEMBER_TYPE_SOLUTIONUSER;
@@ -196,7 +196,7 @@ RestTestHOKTokenClientNew(
     e = OidcClientGlobalInit();
     BAIL_ON_ERROR(e);
 
-    e = OidcClientBuild(&pOIDCClient, pscHost, pscPort, tenant, 5 * 60L);
+    e = OidcClientBuild(&pOIDCClient, pscHost, pscPort, tenant, NULL /* pszClientID */, tlsCAPath);
     BAIL_ON_ERROR(e);
 
     e = OidcClientAcquireTokensByPassword(
@@ -213,7 +213,7 @@ RestTestHOKTokenClientNew(
     BAIL_ON_ERROR(e);
 
     // create bearer token client
-    e = RestClientNew(&pRestBearerTokenClient, pscHost, useHA, pscPort, REST_SCHEME_TYPE_HTTPS, pBearerAccessToken);
+    e = RestClientNew(&pRestBearerTokenClient, pscHost, useHA, pscPort, REST_SCHEME_TYPE_HTTPS, tlsCAPath, pBearerAccessToken);
     BAIL_ON_ERROR(e);
 
     // create solution user which is used to obtain HOK token
@@ -251,7 +251,7 @@ RestTestHOKTokenClientNew(
     BAIL_ON_ERROR(e);
 
     // create HOK token client
-    e = RestClientNew(&pRestHOKTokenClient, pscHost, useHA, pscPort, REST_SCHEME_TYPE_HTTPS, pHOKAccessToken);
+    e = RestClientNew(&pRestHOKTokenClient, pscHost, useHA, pscPort, REST_SCHEME_TYPE_HTTPS, tlsCAPath, pHOKAccessToken);
     BAIL_ON_ERROR(e);
 
     *ppRestHOKTokenClient = pRestHOKTokenClient;
diff --git a/vmidentity/ssoclients/restclient/test/src/user_resource_test.c b/vmidentity/ssoclients/restclient/test/src/user_resource_test.c
index be198a3fb..51e364f69 100644
--- a/vmidentity/ssoclients/restclient/test/src/user_resource_test.c
+++ b/vmidentity/ssoclients/restclient/test/src/user_resource_test.c
@@ -156,13 +156,13 @@ VmdirUserCreateTest()
     e = VmdirUserDetailsDataNew(
         &pDetails,
         "name@domain.com",
-        "name@test_tenant_name",
+        "name@my-test-tenant.com",
         "firstName",
         "lastName",
         "description");
     BAIL_ON_ERROR(e);
 
-    e = VmdirPasswordDetailsDataNew(&pPasswordDetails, "Admin!23", &lastSet, &lifetime);
+    e = VmdirPasswordDetailsDataNew(&pPasswordDetails, "Ca$hc0w1", &lastSet, &lifetime);
     BAIL_ON_ERROR(e);
 
     e = VmdirUserDataNew(&pUser, name, domain, pAlias, pDetails, &disabled, &locked, objectId, pPasswordDetails);
@@ -298,13 +298,13 @@ VmdirUserUpdateTest()
     e = VmdirUserDetailsDataNew(
         &pDetails,
         "name2@domain.com",
-        "name2@test_tenant_name",
+        "name2@my-test-tenant.com",
         "firstName2",
         "lastName2",
         "description2");
     BAIL_ON_ERROR(e);
 
-    e = VmdirPasswordDetailsDataNew(&pPasswordDetails, "Admin!23", &lastSet, &lifetime);
+    e = VmdirPasswordDetailsDataNew(&pPasswordDetails, "Ca$hc0w1", &lastSet, &lifetime);
     BAIL_ON_ERROR(e);
 
     e = VmdirUserDataNew(&pUser, name, domain, pAlias, pDetails, &disabled, &locked, objectId, pPasswordDetails);
@@ -340,7 +340,7 @@ VmdirUserUpdatePasswordTest()
 
     VMDIR_USER_DATA* pUserReturn = NULL;
 
-    PCSTRING currentPassword = "Admin!23";
+    PCSTRING currentPassword = "Ca$hc0w1";
     PCSTRING newPassword = "Admin!56";
 
     PCSTRING domain = testTenant;
diff --git a/vmidentity/ssoclients/restclient/vmdirclient/src/Makefile.am b/vmidentity/ssoclients/restclient/vmdirclient/src/Makefile.am
index 6c0cac35b..3b97f613b 100644
--- a/vmidentity/ssoclients/restclient/vmdirclient/src/Makefile.am
+++ b/vmidentity/ssoclients/restclient/vmdirclient/src/Makefile.am
@@ -19,11 +19,11 @@ libssovmdirclient_la_SOURCES = \
     user_resource.c
 
 libssovmdirclient_la_CPPFLAGS = \
-    -I$(top_srcdir)/ssoclients/common/include/ \
-    -I$(top_srcdir)/ssoclients/common/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/ \
-    -I$(top_srcdir)/ssoclients/restclient/coreclient/include/public/ \
-    -I$(top_srcdir)/ssoclients/restclient/vmdirclient/include/public/
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/common/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/coreclient/include/public/ \
+    -I$(top_srcdir)/vmidentity/ssoclients/restclient/vmdirclient/include/public/
 
 libssovmdirclient_la_LIBADD = \
-    @top_builddir@/ssoclients/restclient/coreclient/src/libssocoreclient.la
+    @top_builddir@/vmidentity/ssoclients/restclient/coreclient/src/libssocoreclient.la
diff --git a/vmidentity/ssoclients/restclient/vmdirclient/src/group_resource.c b/vmidentity/ssoclients/restclient/vmdirclient/src/group_resource.c
index 235fec619..65727cbcc 100644
--- a/vmidentity/ssoclients/restclient/vmdirclient/src/group_resource.c
+++ b/vmidentity/ssoclients/restclient/vmdirclient/src/group_resource.c
@@ -63,6 +63,7 @@ VmdirGroupCreate(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToGroupData,
         (void**) &pGroupReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -131,6 +132,7 @@ VmdirGroupGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToGroupData,
         (void**) &pGroupReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -202,6 +204,7 @@ VmdirGroupUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) VmdirJsonToGroupData,
         (void**) &pGroupReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -269,6 +272,7 @@ VmdirGroupDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -339,6 +343,7 @@ VmdirGroupAddMembers(
         REST_HTTP_METHOD_TYPE_PUT,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -411,6 +416,7 @@ VmdirGroupGetMembers(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToSearchResultData,
         (void**) &pSearchResultReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -491,6 +497,7 @@ VmdirGroupRemoveMembers(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -551,6 +558,7 @@ VmdirGroupGetParents(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToGroupArrayData,
         (void**) &pGroupArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/vmdirclient/src/includes.h b/vmidentity/ssoclients/restclient/vmdirclient/src/includes.h
index e79a25675..6f9264b6c 100644
--- a/vmidentity/ssoclients/restclient/vmdirclient/src/includes.h
+++ b/vmidentity/ssoclients/restclient/vmdirclient/src/includes.h
@@ -32,6 +32,7 @@
 #include "common_types.h"
 #include "common.h"
 #include "ssoerrors.h"
+#include "ssocommon.h"
 
 // core client headers
 #include "ssocoreclient.h"
diff --git a/vmidentity/ssoclients/restclient/vmdirclient/src/solution_user_resource.c b/vmidentity/ssoclients/restclient/vmdirclient/src/solution_user_resource.c
index 83e046a55..cfff69fe7 100644
--- a/vmidentity/ssoclients/restclient/vmdirclient/src/solution_user_resource.c
+++ b/vmidentity/ssoclients/restclient/vmdirclient/src/solution_user_resource.c
@@ -55,6 +55,7 @@ VmdirSolutionUserCreate(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToSolutionUserData,
         (void**) &pSolutionUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -118,6 +119,7 @@ VmdirSolutionUserGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToSolutionUserData,
         (void**) &pSolutionUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -182,6 +184,7 @@ VmdirSolutionUserUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) VmdirJsonToSolutionUserData,
         (void**) &pSolutionUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -243,6 +246,7 @@ VmdirSolutionUserDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssoclients/restclient/vmdirclient/src/user_resource.c b/vmidentity/ssoclients/restclient/vmdirclient/src/user_resource.c
index 41a4cbbdf..bea50ab96 100644
--- a/vmidentity/ssoclients/restclient/vmdirclient/src/user_resource.c
+++ b/vmidentity/ssoclients/restclient/vmdirclient/src/user_resource.c
@@ -55,6 +55,7 @@ VmdirUserCreate(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToUserData,
         (void**) &pUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -123,6 +124,7 @@ VmdirUserGet(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToUserData,
         (void**) &pUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -196,6 +198,7 @@ VmdirUserGetGroups(
         REST_HTTP_METHOD_TYPE_POST,
         (JsonToDataObjectFunc) VmdirJsonToGroupArrayData,
         (void**) &pGroupArrayReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -267,6 +270,7 @@ VmdirUserUpdate(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) VmdirJsonToUserData,
         (void**) &pUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -343,6 +347,7 @@ VmdirUserUpdatePasswordInternal(
         REST_HTTP_METHOD_TYPE_PUT,
         (JsonToDataObjectFunc) VmdirJsonToUserData,
         (void**) &pUserReturn,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
@@ -486,6 +491,7 @@ VmdirUserDelete(
         REST_HTTP_METHOD_TYPE_DELETE,
         NULL,
         NULL,
+        pClient->tlsCAPath,
         &pError);
     BAIL_ON_ERROR(e);
 
diff --git a/vmidentity/ssolib/pom.xml b/vmidentity/ssolib/pom.xml
index 1cdfe9373..574718035 100644
--- a/vmidentity/ssolib/pom.xml
+++ b/vmidentity/ssolib/pom.xml
@@ -6,21 +6,40 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-websso-client</artifactId>
-  <packaging>bundle</packaging>
+  <packaging>jar</packaging>
   <name>WebSSO Client</name>
 
   <build>
     <plugins>
+
+     <plugin>
+      <artifactId>maven-jar-plugin</artifactId>
+      <configuration>
+        <archive>
+        <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+        </archive>
+      </configuration>
+     </plugin>
+
       <!-- Build OSGi Manifest -->
       <plugin>
         <groupId>org.apache.felix</groupId>
         <artifactId>maven-bundle-plugin</artifactId>
         <version>${maven.bundle.plugin.version}</version>
         <extensions>true</extensions>
+         <executions>
+          <execution>
+            <id>bundle-manifest</id>
+            <phase>process-classes</phase>
+            <goals> 
+              <goal>manifest</goal>
+            </goals>
+          </execution>
+        </executions>
       </plugin>
     </plugins>
   </build>
@@ -31,6 +50,11 @@
       <artifactId>client-domain-controller-cache</artifactId>
       <version>${vmware.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-beanutils</groupId>
+      <artifactId>commons-beanutils</artifactId>
+      <version>${commons.beanutils.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
@@ -41,6 +65,11 @@
       <artifactId>commons-collections</artifactId>
       <version>${commons.collection.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-fileupload</groupId>
+      <artifactId>commons-fileupload</artifactId>
+      <version>${commons.fileupload.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-httpclient</groupId>
       <artifactId>commons-httpclient</artifactId>
@@ -50,6 +79,12 @@
       <groupId>org.owasp.esapi</groupId>
       <artifactId>esapi</artifactId>
       <version>${esapi.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>net.jcip</groupId>
diff --git a/vmidentity/ssolib/src/main/resources/MANIFEST.MF b/vmidentity/ssolib/src/main/resources/MANIFEST.MF
index a2a9863f3..306c9ddf3 100644
--- a/vmidentity/ssolib/src/main/resources/MANIFEST.MF
+++ b/vmidentity/ssolib/src/main/resources/MANIFEST.MF
@@ -3,5 +3,5 @@ Name: Websso client
 Specification-Title: VMSTS component - websso-client
 Specification-Vendor: VMware Inc.
 Specification-Version: 6.6.0
-Class-Path: commons-lang-2.5.jar xalan-2.7.1.jar opensaml-2.5.3.jar xmltooling-1.3.4.jar openws-1.4.4.jar joda-time-1.6.2.jar spring-aop-4.0.6.RELEAE.jar spring-bean-4.0.6.RELEASE.jar spring-context-4.0.6.RELEASE.jar spring-core-4.0.6.RELEASE.jar spring-expression-4.0.6.RELEASE.jar spring-test-4.0.6.RELEASE.jar spring-web-4.0.6.RELEASE.jar spring-webmvc-4.0.6.RELEASE.jar spring-asm-4.0.6.RELEASE.jar  serializer-2.7.1.jar xercesImpl-2.10.0.jar xml-apis-1.4.01.jar xml-resolver-1.2.jar commons-loggong-1.2.jar xmltooling-1.4.4.jar log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar
+Class-Path: commons-lang-2.5.jar xalan-2.7.2.jar opensaml-2.5.3.jar xmltooling-1.3.4.jar openws-1.4.4.jar joda-time-1.6.2.jar spring-aop-4.3.4.RELEASE.jar spring-bean-4.3.4.RELEASE.jar spring-context-4.3.4.RELEASE.jar spring-core-4.3.4.RELEASE.jar spring-expression-4.3.4.RELEASE.jar spring-test-4.3.4.RELEASE.jar spring-web-4.3.4.RELEASE.jar spring-webmvc-4.3.4.RELEASE.jar spring-asm-4.3.4.RELEASE.jar  serializer-2.7.2.jar xercesImpl-2.10.0.jar xml-apis-1.4.01.jar xml-resolver-1.2.jar commons-loggong-1.2.jar xmltooling-1.4.4.jar log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar
 
diff --git a/vmidentity/sts/build.properties b/vmidentity/sts/build.properties
index 94f12c03e..bf3c4f68b 100644
--- a/vmidentity/sts/build.properties
+++ b/vmidentity/sts/build.properties
@@ -1 +1 @@
-lib.excludes.pattern=WEB-INF/lib/ant*.jar,WEB-INF/lib/asm*.jar,WEB-INF/lib/aop*.jar,WEB-INF/lib/bat*.jar,WEB-INF/lib/bcpkix*.jar,WEB-INF/lib/bcprov-jdk15on*.jar,WEB-INF/lib/bsh*.jar,WEB-INF/lib/cglib*.jar,WEB-INF/lib/commons-bean*.jar,WEB-INF/lib/commons-conf*.jar,WEB-INF/lib/commons-digest*.jar,WEB-INF/lib/commons-file*.jar,WEB-INF/lib/commons-log*.jar,WEB-INF/lib/commons-validator*.jar,WEB-INF/lib/dom*.jar,WEB-INF/lib/ejb*.jar,WEB-INF/lib/istack*.jar,WEB-INF/lib/javax*.jar,WEB-INF/lib/jaxb-jxc*.jar,WEB-INF/lib/jaxen*.jar,WEB-INF/lib/jax-rpc*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/neko*.jar,WEB-INF/lib/objenesis*.jar,WEB-INF/lib/oro*.jar,WEB-INF/lib/relax*.jar,WEB-INF/lib/serializer*.jar,WEB-INF/lib/stax*-api*.jar,WEB-INF/lib/t*.jar,WEB-INF/lib/wood*.jar,WEB-INF/lib/xalan*.jar,WEB-INF/lib/servlet-api*.jar,WEB-INF/lib/xml-*-*.jar,WEB-INF/lib/xerces*.jar,WEB-INF/lib/xmlParser*.jar,WEB-INF/lib/xom*.jar,WEB-INF/lib/log4j-1.2.16.jar,WEB-INF/lib/slf4j-log4j*.jar
+lib.excludes.pattern=WEB-INF/lib/ant*.jar,WEB-INF/lib/asm*.jar,WEB-INF/lib/aop*.jar,WEB-INF/lib/bat*.jar,WEB-INF/lib/bcpkix*.jar,WEB-INF/lib/bcprov-jdk15on*.jar,WEB-INF/lib/bsh*.jar,WEB-INF/lib/cglib*.jar,WEB-INF/lib/commons-bean*.jar,WEB-INF/lib/commons-conf*.jar,WEB-INF/lib/commons-digest*.jar,WEB-INF/lib/commons-file*.jar,WEB-INF/lib/commons-log*.jar,WEB-INF/lib/commons-validator*.jar,WEB-INF/lib/dom*.jar,WEB-INF/lib/ejb*.jar,WEB-INF/lib/istack*.jar,WEB-INF/lib/javax*.jar,WEB-INF/lib/jaxb-jxc*.jar,WEB-INF/lib/jaxen*.jar,WEB-INF/lib/jax-rpc*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/neko*.jar,WEB-INF/lib/objenesis*.jar,WEB-INF/lib/oro*.jar,WEB-INF/lib/relax*.jar,WEB-INF/lib/serializer*.jar,WEB-INF/lib/stax*-api*.jar,WEB-INF/lib/t*.jar,WEB-INF/lib/wood*.jar,WEB-INF/lib/xalan*.jar,WEB-INF/lib/servlet-api*.jar,WEB-INF/lib/xml-*-*.jar,WEB-INF/lib/xerces*.jar,WEB-INF/lib/xmlParser*.jar,WEB-INF/lib/xom*.jar,WEB-INF/lib/log4j-1.2.17.jar,WEB-INF/lib/slf4j-log4j*.jar
diff --git a/vmidentity/sts/pom.xml b/vmidentity/sts/pom.xml
index 880d9ba9d..81f22889c 100644
--- a/vmidentity/sts/pom.xml
+++ b/vmidentity/sts/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>sts</artifactId>
@@ -136,6 +136,11 @@
       <version>${bouncycastle.version}</version>
     </dependency>
     <!-- common and opensaml dependencies -->
+    <dependency>
+      <groupId>commons-beanutils</groupId>
+      <artifactId>commons-beanutils</artifactId>
+      <version>${commons.beanutils.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
@@ -146,6 +151,11 @@
       <artifactId>commons-collections</artifactId>
       <version>${commons.collection.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-fileupload</groupId>
+      <artifactId>commons-fileupload</artifactId>
+      <version>${commons.fileupload.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-httpclient</groupId>
       <artifactId>commons-httpclient</artifactId>
@@ -160,6 +170,12 @@
       <groupId>org.owasp.esapi</groupId>
       <artifactId>esapi</artifactId>
       <version>${esapi.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>net.jcip</groupId>
diff --git a/vmidentity/tomcat-extensions/pom.xml b/vmidentity/tomcat-extensions/pom.xml
index 379afec24..16cb63c96 100644
--- a/vmidentity/tomcat-extensions/pom.xml
+++ b/vmidentity/tomcat-extensions/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-tomcat-extensions</artifactId>
diff --git a/vmidentity/tomcat-extensions/src/main/java/com/vmware/identity/tomcat/VECSAwareHttp11NioProtocol.java b/vmidentity/tomcat-extensions/src/main/java/com/vmware/identity/tomcat/VECSAwareHttp11NioProtocol.java
index b11d1c875..cab4b74c7 100644
--- a/vmidentity/tomcat-extensions/src/main/java/com/vmware/identity/tomcat/VECSAwareHttp11NioProtocol.java
+++ b/vmidentity/tomcat-extensions/src/main/java/com/vmware/identity/tomcat/VECSAwareHttp11NioProtocol.java
@@ -5,7 +5,7 @@
 public class VECSAwareHttp11NioProtocol extends Http11NioProtocol {
 
     @Override
-    protected String getSslImplemenationShortName() {
+    protected String getSslImplementationShortName() {
         return "Vecs Aware JSSE";
     }
 
diff --git a/vmidentity/uaa b/vmidentity/uaa
index 451d52474..6493af37b 160000
--- a/vmidentity/uaa
+++ b/vmidentity/uaa
@@ -1 +1 @@
-Subproject commit 451d524749d44bc56a6be150077ade04d09ee016
+Subproject commit 6493af37b23bf3ca4a92396036e97a7a3c1cc6c4
diff --git a/vmidentity/websso/build.properties b/vmidentity/websso/build.properties
index 2608192a2..29e30f405 100644
--- a/vmidentity/websso/build.properties
+++ b/vmidentity/websso/build.properties
@@ -1,2 +1,2 @@
-lib.excludes.pattern=WEB-INF/lib/afd-heartbeat*.jar,WEB-INF/lib/ant*.jar,WEB-INF/lib/asm-tree*.jar,WEB-INF/lib/aopalliance-1.0*.jar,WEB-INF/lib/bat*.jar,WEB-INF/lib/bcprov-jdk15-1.46*.jar,WEB-INF/lib/bsh*.jar,WEB-INF/lib/client-domain-controller*.jar,WEB-INF/lib/cobertura*.jar,WEB-INF/lib/commons-beanutils-core*.jar,WEB-INF/lib/commons-conf*.jar,WEB-INF/lib/commons-configuration*.jar,WEB-INF/lib/commons-file*.jar,WEB-INF/lib/commons-fileupload*.jar,WEB-INF/lib/dom4j*.jar,WEB-INF/lib/istack*.jar,WEB-INF/lib/javax.annotation-3.1*.jar,WEB-INF/lib/javax.inject-1*.jar,WEB-INF/lib/jaxen*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/jstl-1.2*.jar,WEB-INF/lib/log4j-1.2.16*.jar,WEB-INF/lib/neko*.jar,WEB-INF/lib/objenesis*.jar,WEB-INF/lib/oro*.jar,WEB-INF/lib/relax*.jar,WEB-INF/lib/samltoken*tests*.jar,WEB-INF/lib/serializer-2.7.2*.jar,WEB-INF/lib/stax-api*.jar,WEB-INF/lib/t*.jar,WEB-INF/lib/xmlParser*.jar,WEB-INF/lib/xom*.jar,WEB-INF/lib/xml-apis-ext*.jar
+lib.excludes.pattern=WEB-INF/lib/afd-heartbeat*.jar,WEB-INF/lib/ant*.jar,WEB-INF/lib/asm-tree*.jar,WEB-INF/lib/aopalliance-1.0*.jar,WEB-INF/lib/bat*.jar,WEB-INF/lib/bcprov-jdk15-1.46*.jar,WEB-INF/lib/bsh*.jar,WEB-INF/lib/client-domain-controller*.jar,WEB-INF/lib/cobertura*.jar,WEB-INF/lib/commons-beanutils*.jar,WEB-INF/lib/commons-conf*.jar,WEB-INF/lib/commons-configuration*.jar,WEB-INF/lib/commons-file*.jar,WEB-INF/lib/commons-fileupload*.jar,WEB-INF/lib/dom4j*.jar,WEB-INF/lib/istack*.jar,WEB-INF/lib/javax.annotation-3.1*.jar,WEB-INF/lib/javax.inject-1*.jar,WEB-INF/lib/jaxen*.jar,WEB-INF/lib/jdom*.jar,WEB-INF/lib/jstl-1.2*.jar,WEB-INF/lib/log4j-1.2.17*.jar,WEB-INF/lib/neko*.jar,WEB-INF/lib/objenesis*.jar,WEB-INF/lib/oro*.jar,WEB-INF/lib/relax*.jar,WEB-INF/lib/samltoken*tests*.jar,WEB-INF/lib/serializer-2.7.2*.jar,WEB-INF/lib/stax-api*.jar,WEB-INF/lib/t*.jar,WEB-INF/lib/xmlParser*.jar,WEB-INF/lib/xom*.jar,WEB-INF/lib/xml-apis-ext*.jar
 
diff --git a/vmidentity/websso/pom.xml b/vmidentity/websso/pom.xml
index 955a1e31f..e2f48fde1 100644
--- a/vmidentity/websso/pom.xml
+++ b/vmidentity/websso/pom.xml
@@ -6,7 +6,7 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>websso</artifactId>
@@ -129,21 +129,9 @@
       <artifactId>spring-webmvc</artifactId>
       <version>${spring.release.version}</version>
     </dependency>
-
-    <dependency>
-      <groupId>javax.servlet.jsp.jstl</groupId>
-      <artifactId>jstl-api</artifactId>
-      <version>${jstl.version}</version>
-      <exclusions>
-        <exclusion>
-          <groupId>javax.servlet</groupId>
-          <artifactId>servlet-api</artifactId>
-        </exclusion>
-      </exclusions>
-    </dependency>
     <dependency>
       <groupId>org.glassfish.web</groupId>
-      <artifactId>jstl-impl</artifactId>
+      <artifactId>javax.servlet.jsp.jstl</artifactId>
       <version>${jstl.version}</version>
       <exclusions>
         <exclusion>
@@ -206,6 +194,11 @@
     </dependency>
 
     <!-- Opensaml dependencies -->
+    <dependency>
+      <groupId>commons-beanutils</groupId>
+      <artifactId>commons-beanutils</artifactId>
+      <version>${commons.beanutils.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
@@ -216,6 +209,11 @@
       <artifactId>commons-collections</artifactId>
       <version>${commons.collection.version}</version>
     </dependency>
+    <dependency>
+      <groupId>commons-fileupload</groupId>
+      <artifactId>commons-fileupload</artifactId>
+      <version>${commons.fileupload.version}</version>
+    </dependency>
     <dependency>
       <groupId>commons-httpclient</groupId>
       <artifactId>commons-httpclient</artifactId>
@@ -230,6 +228,12 @@
       <groupId>org.owasp.esapi</groupId>
       <artifactId>esapi</artifactId>
       <version>${esapi.version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>commons-beanutils</groupId>
+          <artifactId>commons-beanutils-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
     <dependency>
       <groupId>net.jcip</groupId>
diff --git a/vmidentity/wsTrustClient/pom.xml b/vmidentity/wsTrustClient/pom.xml
index cb2deb975..3e6d44f26 100644
--- a/vmidentity/wsTrustClient/pom.xml
+++ b/vmidentity/wsTrustClient/pom.xml
@@ -6,21 +6,40 @@
   <parent>
     <groupId>com.vmware.identity</groupId>
     <artifactId>vmware-identity</artifactId>
-    <version>1.2.0-SNAPSHOT</version>
+    <version>1.3.0-SNAPSHOT</version>
   </parent>
 
   <artifactId>vmware-identity-wsTrustClient</artifactId>
-  <packaging>bundle</packaging>
+  <packaging>jar</packaging>
   <name>WS-Trust Client</name>
 
   <build>
     <plugins>
+
+     <plugin>
+      <artifactId>maven-jar-plugin</artifactId>
+      <configuration>
+        <archive>
+        <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+        </archive>
+      </configuration>
+     </plugin>
+
       <!-- Build OSGi Manifest -->
       <plugin>
         <groupId>org.apache.felix</groupId>
         <artifactId>maven-bundle-plugin</artifactId>
         <version>${maven.bundle.plugin.version}</version>
         <extensions>true</extensions>
+         <executions>
+          <execution>
+            <id>bundle-manifest</id>
+            <phase>process-classes</phase>
+            <goals>
+              <goal>manifest</goal>
+            </goals>
+          </execution>
+        </executions>
       </plugin>
     </plugins>
   </build>
diff --git a/vmidentity/wsTrustClient/src/main/resources/MANIFEST.MF b/vmidentity/wsTrustClient/src/main/resources/MANIFEST.MF
index cdc8a47d3..5a1de2464 100644
--- a/vmidentity/wsTrustClient/src/main/resources/MANIFEST.MF
+++ b/vmidentity/wsTrustClient/src/main/resources/MANIFEST.MF
@@ -3,5 +3,5 @@ Name : WSTrustClient
 Specification-Title : VMSTS component - WSTrustClient
 Specification-Vendor : VMware Inc.
 Specification-Version : 6.6.0
-Class-Path: samltoken-6.6.0.jar log4j-1.2-api-2.0.2.jar log4j-core-2.2.jar log4j-core-2.2.jar log4j-slf4j-impl-2.2.jar slf4j-api-1.7.10.jar commons-codec-1.4.jar
+Class-Path: samltoken-6.6.0.jar log4j-1.2-api-2.8.2.jar log4j-core-2.8.2.jar log4j-core-2.8.2.jar log4j-slf4j-impl-2.8.2.jar slf4j-api-1.7.25.jar commons-codec-1.4.jar
 
diff --git a/vmmetrics/Makefile.am b/vmmetrics/Makefile.am
new file mode 100644
index 000000000..67b442064
--- /dev/null
+++ b/vmmetrics/Makefile.am
@@ -0,0 +1,23 @@
+SUBDIRS = \
+    include \
+    . \
+    config \
+    testing
+
+lib_LTLIBRARIES = libvmmetrics.la
+
+libvmmetrics_la_CPPFLAGS = \
+    -I$(top_srcdir)/vmmetrics/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
+    @LW_INCLUDES@
+
+libvmmetrics_la_SOURCES = \
+    memory.c \
+    vmmetrics.c
+
+libvmmetrics_la_LIBADD = \
+    @LWBASE_LIBS@ \
+    @PTHREAD_LIBS@
+
+libvmmetrics_la_LDFLAGS = \
+    @LW_LDFLAGS@
diff --git a/vmmetrics/config/Makefile.am b/vmmetrics/config/Makefile.am
new file mode 100644
index 000000000..6d5a06ef0
--- /dev/null
+++ b/vmmetrics/config/Makefile.am
@@ -0,0 +1,2 @@
+vmmetricsconf_DATA = \
+    telegraf.conf
diff --git a/vmmetrics/config/telegraf.conf b/vmmetrics/config/telegraf.conf
new file mode 100644
index 000000000..548edb9bc
--- /dev/null
+++ b/vmmetrics/config/telegraf.conf
@@ -0,0 +1,44 @@
+#
+# Telegraf Configuration
+#
+
+[global_tags]
+
+[agent]
+  interval = "10s"
+  round_interval = true
+  metric_batch_size = 1000
+  metric_buffer_limit = 10000
+  collection_jitter = "0s"
+  flush_interval = "10s"
+  flush_jitter = "0s"
+  precision = ""
+  debug = false
+  quiet = false
+  logfile = ""
+  hostname = ""
+  omit_hostname = false
+
+[[outputs.wavefront]]
+  prefix = "lightwave."
+  host = "@@WAVEFRONT_PROXY@@"
+  port = 2878
+  metric_separator = "."
+  source_override = ["hostname", "snmp_host", "node_host"]
+  convert_paths = true
+  use_regex = false
+
+[[inputs.cpu]]
+  percpu = true
+  totalcpu = true
+  collect_cpu_time = false
+
+[[inputs.mem]]
+
+[[inputs.disk]]
+
+[[inputs.diskio]]
+
+[[inputs.swap]]
+
+[[inputs.net]]
diff --git a/vmmetrics/include/Makefile.am b/vmmetrics/include/Makefile.am
new file mode 100644
index 000000000..7123c3d0a
--- /dev/null
+++ b/vmmetrics/include/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = public
diff --git a/vmmetrics/include/defines.h b/vmmetrics/include/defines.h
new file mode 100644
index 000000000..c13c455d1
--- /dev/null
+++ b/vmmetrics/include/defines.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef __VM_METRICS_DEFINE_H__
+#define __VM_METRICS_DEFINE_H__
+
+#define BUFFER_SIZE 1024
+
+#define VM_METRICS_SAFE_FREE_MEMORY(PTR)       \
+    do {                                       \
+        if ((PTR)) {                           \
+            VmMetricsFreeMemory(PTR);          \
+            (PTR) = NULL;                      \
+        }                                      \
+    } while(0)
+
+#define BAIL_ON_VM_METRICS_ERROR(dwError)      \
+    if (dwError)                               \
+    {                                          \
+        goto error;                            \
+    }
+
+#endif /* __VM_METRICS_DEFINE_H__ */
diff --git a/vmmetrics/include/errorcode.h b/vmmetrics/include/errorcode.h
new file mode 100644
index 000000000..d8dbc9aaf
--- /dev/null
+++ b/vmmetrics/include/errorcode.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _VM_METRICS_ERRORCODE_H__
+#define _VM_METRICS_ERRORCODE_H__
+
+#define VM_METRICS_ERROR_NO_MEMORY            8         // ERROR_NOT_ENOUGH_MEMORY windows code
+#define VM_METRICS_ERROR_INVALID_PARAMETER    87        // ERROR_INVALID_PARAMETER windows code
+
+#endif /* __VM_METRICS_ERRORCODE_H__ */
diff --git a/vmmetrics/include/includes.h b/vmmetrics/include/includes.h
new file mode 100644
index 000000000..2855a4fbd
--- /dev/null
+++ b/vmmetrics/include/includes.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <pthread.h>
+#include <errno.h>
+
+#include <lw/types.h>
+#include <lw/hash.h>
+
+#include "memory.h"
+#include "defines.h"
+#include "errorcode.h"
+#include "structs.h"
+#include "vmmetrics.h"
diff --git a/vmmetrics/include/memory.h b/vmmetrics/include/memory.h
new file mode 100644
index 000000000..1c20fd2ed
--- /dev/null
+++ b/vmmetrics/include/memory.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _VM_METRICS_MEMORY_H__
+#define _VM_METRICS_MEMORY_H__
+
+DWORD
+VmMetricsAllocateMemory(
+    size_t  dwSize,
+    PVOID*  ppMemory
+    );
+
+DWORD
+VmMetricsReallocateMemory(
+    PVOID  ppMemory,
+    PVOID*  ppNewMemory,
+    size_t  dwSize
+    );
+
+VOID
+VmMetricsFreeMemory(
+    PVOID   pMemory
+    );
+
+#endif /* __VM_METRICS_MEMORY_H__ */
diff --git a/vmmetrics/include/public/Makefile.am b/vmmetrics/include/public/Makefile.am
new file mode 100644
index 000000000..1802db8b7
--- /dev/null
+++ b/vmmetrics/include/public/Makefile.am
@@ -0,0 +1,2 @@
+vmwincludedir=$(includedir)
+vmwinclude_HEADERS=vmmetrics.h
diff --git a/vmmetrics/include/public/vmmetrics.h b/vmmetrics/include/public/vmmetrics.h
new file mode 100644
index 000000000..5c8487b89
--- /dev/null
+++ b/vmmetrics/include/public/vmmetrics.h
@@ -0,0 +1,218 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef VM_METRICS_H_
+#define VM_METRICS_H_
+
+/* Metrics context identifier */
+typedef struct _VM_METRICS_CONTEXT VM_METRICS_CONTEXT, *PVM_METRICS_CONTEXT;
+
+/* Counter metrics identifier */
+typedef struct _VM_METRICS_COUNTER VM_METRICS_COUNTER, *PVM_METRICS_COUNTER;
+
+/* Gauge metrics identifier */
+typedef struct _VM_METRICS_GAUGE VM_METRICS_GAUGE, *PVM_METRICS_GAUGE;
+
+/* Histogram metrics identifier */
+typedef struct _VM_METRICS_HISTOGRAM VM_METRICS_HISTOGRAM, *PVM_METRICS_HISTOGRAM;
+
+/*
+ * Structure for Label
+ */
+typedef struct _VM_METRICS_LABEL
+{
+    PSTR pszKey;
+    PSTR pszValue;
+} VM_METRICS_LABEL, *PVM_METRICS_LABEL;
+
+/*
+ * Initialize the metrics context
+ */
+DWORD
+VmMetricsInit(
+    PVM_METRICS_CONTEXT* ppContext
+    );
+
+/*
+ * Add a new counter metric
+ */
+DWORD
+VmMetricsCounterNew(
+    PVM_METRICS_CONTEXT pContext,
+    PCSTR pszName,
+    const PVM_METRICS_LABEL pLabel,
+    const DWORD iLabelCount,
+    PCSTR pszDescription,
+    PVM_METRICS_COUNTER* ppCounter
+    );
+
+/*
+ * Add a new gauge metric
+ */
+DWORD
+VmMetricsGaugeNew(
+    PVM_METRICS_CONTEXT pContext,
+    PCSTR pszName,
+    const PVM_METRICS_LABEL pLabel,
+    const DWORD iLabelCount,
+    PCSTR pszDescription,
+    PVM_METRICS_GAUGE* ppGauge
+    );
+
+/*
+ * Add a new histogram metric
+ */
+DWORD
+VmMetricsHistogramNew(
+    PVM_METRICS_CONTEXT pContext,
+    PCSTR pszName,
+    const PVM_METRICS_LABEL pLabel,
+    const DWORD iLabelCount,
+    PCSTR pszDescription,
+    const uint64_t iBuckets[],
+    const DWORD iBucketSize,
+    PVM_METRICS_HISTOGRAM* ppHistogram
+    );
+
+/*
+ * Increment the counter by 1
+ */
+VOID
+VmMetricsCounterIncrement(
+    PVM_METRICS_COUNTER pCounter
+    );
+
+/*
+ * Add the value to the counter
+ */
+VOID
+VmMetricsCounterAdd(
+    PVM_METRICS_COUNTER pCounter,
+    uint64_t value
+    );
+
+/*
+ * Set the value of the gague
+ */
+VOID
+VmMetricsGaugeSet(
+    PVM_METRICS_GAUGE pGauge,
+    int64_t value
+    );
+
+/*
+ * Increment the gauge by 1
+ */
+VOID
+VmMetricsGaugeIncrement(
+    PVM_METRICS_GAUGE pGauge
+    );
+
+/*
+ * Decrement the gauge by 1
+ */
+VOID
+VmMetricsGaugeDecrement(
+    PVM_METRICS_GAUGE pGauge
+    );
+
+/*
+ * Add the value to the gauge
+ */
+VOID
+VmMetricsGaugeAdd(
+    PVM_METRICS_GAUGE pGauge,
+    uint64_t value
+    );
+
+/*
+ * Subtract the value from the gauge
+ */
+VOID
+VmMetricsGaugeSubtract(
+    PVM_METRICS_GAUGE pGauge,
+    uint64_t value
+    );
+
+/*
+ * Set the value of the gauge to the current Unix time in secondss
+ */
+VOID
+VmMetricsGaugeSetToCurrentTime(
+    PVM_METRICS_GAUGE pGauge
+    );
+
+/*
+ * Add the given value to the histogram
+ */
+VOID
+VmMetricsHistogramUpdate(
+    PVM_METRICS_HISTOGRAM pHistogram,
+    uint64_t value
+    );
+
+/*
+ * Return the list of all metrics data in Prometheus format (string/text)
+ */
+DWORD
+VmMetricsGetPrometheusData(
+    PVM_METRICS_CONTEXT pContext,
+    PSTR* ppszData,
+    DWORD* pDataLen
+    );
+
+/*
+ * Free the data returned by VmMetricsGetPrometheusData()
+ */
+VOID
+VmMetricsFreePrometheusData(
+    PSTR pszData
+    );
+
+/*
+ * Delete a counter metric
+ */
+DWORD
+VmMetricsCounterDelete(
+    PVM_METRICS_CONTEXT pContext,
+    PVM_METRICS_COUNTER pCounter
+    );
+
+/*
+ * Delete a gauge metric
+ */
+DWORD
+VmMetricsGaugeDelete(
+    PVM_METRICS_CONTEXT pContext,
+    PVM_METRICS_GAUGE pGauge
+    );
+
+/*
+ * Delete a histogram metric
+ */
+DWORD
+VmMetricsHistogramDelete(
+    PVM_METRICS_CONTEXT pContext,
+    PVM_METRICS_HISTOGRAM pHistogram
+    );
+
+/*
+ * Destroy the metrics context structure
+ */
+VOID
+VmMetricsDestroy(
+    PVM_METRICS_CONTEXT pContext
+    );
+
+#endif /* VM_METRICS_H_ */
diff --git a/vmmetrics/include/structs.h b/vmmetrics/include/structs.h
new file mode 100644
index 000000000..d7a8b9a97
--- /dev/null
+++ b/vmmetrics/include/structs.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the “License”); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an “AS IS” BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+/*
+ * Counter metrics data
+ */
+typedef struct _VM_METRICS_COUNTER
+{
+    PSTR                            pszName;
+    PSTR                            pszLabel;
+    PSTR                            pszDescription;
+    int64_t                         value;
+
+} VM_METRICS_COUNTER, *PVM_METRICS_COUNTER;
+
+/*
+ * Gauge metrics data
+ */
+typedef struct _VM_METRICS_GAUGE
+{
+    PSTR                            pszName;
+    PSTR                            pszLabel;
+    PSTR                            pszDescription;
+    int64_t                         value;
+
+} VM_METRICS_GAUGE, *PVM_METRICS_GAUGE;
+
+/*
+ * Histogram metrics data
+ */
+typedef struct _VM_METRICS_HISTOGRAM
+{
+    PSTR                            pszName;
+    PSTR                            pszLabel;
+    PSTR                            pszDescription;
+    DWORD                           bucketSize;
+    int64_t*                        pBucketKeys;
+    int64_t*                        pBucketValues;
+    int64_t                         count;
+    int64_t                         sum;
+
+} VM_METRICS_HISTOGRAM, *PVM_METRICS_HISTOGRAM;
+
+/*
+ * Enumerator for Metrics Type
+ */
+typedef enum
+{
+    VM_METRICS_TYPE_COUNTER,
+    VM_METRICS_TYPE_GAUGE,
+    VM_METRICS_TYPE_HISTOGRAM
+
+} VM_METRICS_TYPE;
+
+/*
+ * Linked List Entry
+ */
+typedef struct _VM_METRICS_LIST_ENTRY
+{
+    PVOID                           pData;
+    VM_METRICS_TYPE                 type;
+    struct _VM_METRICS_LIST_ENTRY*  pNext;
+
+} VM_METRICS_LIST_ENTRY, *PVM_METRICS_LIST_ENTRY;
+
+/*
+ * Metrics context structure
+ */
+typedef struct _VM_METRICS_CONTEXT
+{
+    PVM_METRICS_LIST_ENTRY          pMetrics;
+    pthread_rwlock_t                rwLock;
+
+} VM_METRICS_CONTEXT, *PVM_METRICS_CONTEXT;
diff --git a/vmmetrics/memory.c b/vmmetrics/memory.c
new file mode 100644
index 000000000..6fc7b253d
--- /dev/null
+++ b/vmmetrics/memory.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+DWORD
+VmMetricsAllocateMemory(
+    size_t   dwSize,
+    PVOID*   ppMemory
+    )
+{
+    DWORD dwError = 0;
+    void* pMemory = NULL;
+
+    if (!ppMemory || !dwSize)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pMemory = calloc(1, dwSize);
+
+    if (!pMemory)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+cleanup:
+    *ppMemory = pMemory;
+
+    return dwError;
+
+error:
+    VM_METRICS_SAFE_FREE_MEMORY(pMemory);
+    pMemory = NULL;
+
+    goto cleanup;
+}
+
+DWORD
+VmMetricsReallocateMemory(
+    PVOID        pMemory,
+    PVOID*       ppNewMemory,
+    size_t       dwSize
+    )
+{
+    DWORD dwError = 0;
+    void*    pNewMemory = NULL;
+
+    if (!ppNewMemory)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    if (pMemory)
+    {
+        pNewMemory = realloc(pMemory, dwSize);
+    }
+    else
+    {
+        dwError = VmMetricsAllocateMemory(dwSize, &pNewMemory);
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    if (!pNewMemory)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    *ppNewMemory = pNewMemory;
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+VOID
+VmMetricsFreeMemory(
+    PVOID   pMemory
+    )
+{
+    if (pMemory)
+    {
+        free(pMemory);
+    }
+
+    return;
+}
diff --git a/vmmetrics/testing/Makefile.am b/vmmetrics/testing/Makefile.am
new file mode 100644
index 000000000..7099b6e42
--- /dev/null
+++ b/vmmetrics/testing/Makefile.am
@@ -0,0 +1,20 @@
+noinst_PROGRAMS = vmmetrics_test
+
+vmmetrics_test_SOURCES = \
+    countertest.c \
+    gaugetest.c \
+    histogramtest.c \
+    mixedtest.c \
+    main.c
+
+vmmetrics_test_CPPFLAGS = \
+    -I$(top_srcdir)/vmmetrics/include \
+    -I$(top_srcdir)/vmmetrics/include/public \
+    @LW_INCLUDES@
+
+vmmetrics_test_LDADD = \
+    $(top_builddir)/vmmetrics/libvmmetrics.la \
+    @LWBASE_LIBS@
+
+vmmetrics_test_LDFLAGS = \
+    @LW_LDFLAGS@
diff --git a/vmmetrics/testing/countertest.c b/vmmetrics/testing/countertest.c
new file mode 100644
index 000000000..bb0d07da8
--- /dev/null
+++ b/vmmetrics/testing/countertest.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+#include "vmmetrics.h"
+
+static
+DWORD
+VmMetricsCounterWithLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1","value1"},
+                                    {"label2","value2"}
+                                 };
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: CounterWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsCounterNew(pContext,
+                        "counter_with_label_count",
+                        pLabel,
+                        2,
+                        "Test for counter with label",
+                        &pCounter);
+    if (dwError)
+    {
+        printf("FAIL: Error in CounterNew for test: CounterWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsCounterIncrement(pCounter);
+
+    VmMetricsCounterAdd(pCounter, 34);
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: CounterWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP counter_with_label_count Test for counter with label\n" \
+                    "# TYPE counter_with_label_count counter\n" \
+                    "counter_with_label_count{label1=\"value1\",label2=\"value2\"} 35\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: CounterWithLabel\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: CounterWithLabel\n");
+        goto error;
+    }
+
+cleanup:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    VmMetricsDestroy(pContext);
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+static
+DWORD
+VmMetricsCounterWithoutLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: CounterWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsCounterNew(pContext,
+                        "counter_without_label_count",
+                        NULL,
+                        0,
+                        "Test for counter without label",
+                        &pCounter);
+    if (dwError)
+    {
+        printf("FAIL: Error in CounterNew for test: CounterWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsCounterAdd(pCounter, 23);
+
+    VmMetricsCounterIncrement(pCounter);
+
+    VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: CounterWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP counter_without_label_count Test for counter without label\n" \
+                    "# TYPE counter_without_label_count counter\n" \
+                    "counter_without_label_count 24\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: CounterWithoutLabel\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: CounterWithoutLabel\n");
+        goto error;
+    }
+
+cleanup:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    VmMetricsDestroy(pContext);
+
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+static
+DWORD
+VmMetricsCounterWithInvalidLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1","value1"},
+                                    {"label2",NULL}
+                                 };
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: CounterWithInvalidLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsCounterNew(pContext,
+                        "counter_with_invalid_label_count",
+                        pLabel,
+                        2,
+                        "Test for counter with invalid label",
+                        &pCounter);
+    switch (dwError)
+    {
+        case VM_METRICS_ERROR_INVALID_PARAMETER:
+            printf("PASS: Expected Result for test: CounterWithInvalidLabel\n");
+            dwError = 0;
+            break;
+
+        case 0:
+            printf("FAIL: Unexpected Result in CounterNew for test: CounterWithInvalidLabel, Error Code = %d\n", dwError);
+            goto error;
+            break;
+
+        default:
+            printf("FAIL: Unexpected Error in CounterNew for test: CounterWithInvalidLabel, Error Code = %d\n", dwError);
+            goto error;
+            break;
+    }
+
+cleanup:
+    VmMetricsDestroy(pContext);
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+DWORD
+VmMetricsCounterTest()
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsCounterWithLabelTest();
+    dwError += VmMetricsCounterWithoutLabelTest();
+    dwError += VmMetricsCounterWithInvalidLabelTest();
+
+    return dwError;
+}
diff --git a/vmmetrics/testing/gaugetest.c b/vmmetrics/testing/gaugetest.c
new file mode 100644
index 000000000..6d5cc8932
--- /dev/null
+++ b/vmmetrics/testing/gaugetest.c
@@ -0,0 +1,230 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+#include "vmmetrics.h"
+
+static
+DWORD
+VmMetricsGaugeWithLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1","value1"},
+                                    {"label2","value2"}
+                                 };
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: GaugeWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsGaugeNew(pContext,
+                        "gauge_with_label_value",
+                        pLabel,
+                        2,
+                        "Test for gauge with label",
+                        &pGauge);
+    if (dwError)
+    {
+        printf("FAIL: Error in GaugeNew for test: GaugeWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsGaugeSubtract(pGauge, 9);
+
+    VmMetricsGaugeIncrement(pGauge);
+
+    VmMetricsGaugeSet(pGauge, -4);
+
+    VmMetricsGaugeAdd(pGauge, 40);
+
+    VmMetricsGaugeDecrement(pGauge);
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: GaugeWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP gauge_with_label_value Test for gauge with label\n" \
+                    "# TYPE gauge_with_label_value gauge\n" \
+                    "gauge_with_label_value{label1=\"value1\",label2=\"value2\"} 35\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: GaugeWithLabel\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: GaugeWithLabel\n");
+        goto error;
+    }
+
+cleanup:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    VmMetricsDestroy(pContext);
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+static
+DWORD
+VmMetricsGaugeWithoutLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: GaugeWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsGaugeNew(pContext,
+                        "gauge_without_label_value",
+                        NULL,
+                        0,
+                        "Test for gauge without label",
+                        &pGauge);
+    if (dwError)
+    {
+        printf("FAIL: Error in GaugeNew for test: GaugeWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsGaugeSetToCurrentTime(pGauge);
+
+    VmMetricsGaugeSet(pGauge, 10);
+
+    VmMetricsGaugeIncrement(pGauge);
+
+    VmMetricsGaugeSubtract(pGauge, 9);
+
+    VmMetricsGaugeAdd(pGauge, 34);
+
+    VmMetricsGaugeSubtract(pGauge, 9);
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: GaugeWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP gauge_without_label_value Test for gauge without label\n" \
+                    "# TYPE gauge_without_label_value gauge\n" \
+                    "gauge_without_label_value 27\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: GaugeWithoutLabel\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: GaugeWithoutLabel\n");
+        goto error;
+    }
+
+cleanup:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    VmMetricsDestroy(pContext);
+
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+static
+DWORD
+VmMetricsGaugeWithInvalidLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1",NULL},
+                                    {"label2","value2"}
+                                 };
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: GaugeWithInvalidLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsGaugeNew(pContext,
+                        "gauge_with_invalid_label_value",
+                        pLabel,
+                        2,
+                        "Test for gauge with invalid label",
+                        &pGauge);
+    switch (dwError)
+    {
+        case VM_METRICS_ERROR_INVALID_PARAMETER:
+            printf("PASS: Expected Result for test: GaugeWithInvalidLabel\n");
+            dwError = 0;
+            break;
+
+        case 0:
+            printf("FAIL: Unexpected Result in GaugeNew for test: GaugeWithInvalidLabel, Error Code = %d\n", dwError);
+            goto error;
+            break;
+
+        default:
+            printf("FAIL: Unexpected Error in GaugeNew for test: GaugeWithInvalidLabel, Error Code = %d\n", dwError);
+            goto error;
+            break;
+    }
+
+cleanup:
+    VmMetricsDestroy(pContext);
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+DWORD
+VmMetricsGaugeTest()
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsGaugeWithLabelTest();
+    dwError += VmMetricsGaugeWithoutLabelTest();
+    dwError += VmMetricsGaugeWithInvalidLabelTest();
+
+    return dwError;
+}
diff --git a/vmmetrics/testing/histogramtest.c b/vmmetrics/testing/histogramtest.c
new file mode 100644
index 000000000..e5770c06d
--- /dev/null
+++ b/vmmetrics/testing/histogramtest.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+#include "vmmetrics.h"
+
+static
+DWORD
+VmMetricsHistogramWithLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram = NULL;
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1","value1"},
+                                    {"label2","value2"}
+                                 };
+
+    uint64_t buckets[] = {1, 5, 10};
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: HistogramWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsHistogramNew(pContext,
+                        "histogram_with_label_duration_milliseconds",
+                        pLabel,
+                        2,
+                        "Test for histogram with label",
+                        buckets,
+                        3,
+                        &pHistogram);
+    if (dwError)
+    {
+        printf("FAIL: Error in HistogramNew for test: HistogramWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsHistogramUpdate(pHistogram, 3);
+
+    VmMetricsHistogramUpdate(pHistogram, 7);
+
+    VmMetricsHistogramUpdate(pHistogram, 2);
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: HistogramWithLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP histogram_with_label_duration_milliseconds Test for histogram with label\n" \
+                    "# TYPE histogram_with_label_duration_milliseconds histogram\n" \
+                    "histogram_with_label_duration_milliseconds_bucket{le=\"1\",label1=\"value1\",label2=\"value2\"} 0\n" \
+                    "histogram_with_label_duration_milliseconds_bucket{le=\"5\",label1=\"value1\",label2=\"value2\"} 2\n" \
+                    "histogram_with_label_duration_milliseconds_bucket{le=\"10\",label1=\"value1\",label2=\"value2\"} 3\n" \
+                    "histogram_with_label_duration_milliseconds_bucket{le=\"+Inf\",label1=\"value1\",label2=\"value2\"} 3\n" \
+                    "histogram_with_label_duration_milliseconds_count{label1=\"value1\",label2=\"value2\"} 3\n" \
+                    "histogram_with_label_duration_milliseconds_sum{label1=\"value1\",label2=\"value2\"} 12\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: HistogramWithLabel\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: HistogramWithLabel\n");
+        goto error;
+    }
+
+cleanup:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    VmMetricsDestroy(pContext);
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+static
+DWORD
+VmMetricsHistogramWithoutLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram = NULL;
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    uint64_t buckets[] = {1, 10, 100};
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: HistogramWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsHistogramNew(pContext,
+                        "histogram_without_label_duration_milliseconds",
+                        NULL,
+                        0,
+                        "Test for histogram without label",
+                        buckets,
+                        3,
+                        &pHistogram);
+    if (dwError)
+    {
+        printf("FAIL: Error in HistogramNew for test: HistogramWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsHistogramUpdate(pHistogram, 1);
+
+    VmMetricsHistogramUpdate(pHistogram, 123);
+
+    VmMetricsHistogramUpdate(pHistogram, 20);
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: HistogramWithoutLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP histogram_without_label_duration_milliseconds Test for histogram without label\n" \
+                    "# TYPE histogram_without_label_duration_milliseconds histogram\n" \
+                    "histogram_without_label_duration_milliseconds_bucket{le=\"1\"} 1\n" \
+                    "histogram_without_label_duration_milliseconds_bucket{le=\"10\"} 1\n" \
+                    "histogram_without_label_duration_milliseconds_bucket{le=\"100\"} 2\n" \
+                    "histogram_without_label_duration_milliseconds_bucket{le=\"+Inf\"} 3\n" \
+                    "histogram_without_label_duration_milliseconds_count 3\n" \
+                    "histogram_without_label_duration_milliseconds_sum 144\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: HistogramWithoutLabel\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: HistogramWithoutLabel\n");
+        goto error;
+    }
+
+cleanup:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    VmMetricsDestroy(pContext);
+
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+static
+DWORD
+VmMetricsHistogramWithInvalidLabelTest()
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram = NULL;
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1","value1"},
+                                    {NULL,"value2"}
+                                 };
+
+    uint64_t buckets[] = {1, 10, 100};
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: HistogramWithInvalidLabel, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsHistogramNew(pContext,
+                        "histogram_with_invalid_label_duration_milliseconds",
+                        pLabel,
+                        2,
+                        "Test for histogram with invalid label",
+                        buckets,
+                        3,
+                        &pHistogram);
+    switch (dwError)
+    {
+        case VM_METRICS_ERROR_INVALID_PARAMETER:
+            printf("PASS: Expected Result for test: HistogramWithInvalidLabel\n");
+            dwError = 0;
+            break;
+
+        case 0:
+            printf("FAIL: Unexpected Result in HistogramNew for test: HistogramWithInvalidLabel, Error Code = %d\n", dwError);
+            goto error;
+            break;
+
+        default:
+            printf("FAIL: Unexpected Error in HistogramNew for test: HistogramWithInvalidLabel, Error Code = %d\n", dwError);
+            goto error;
+            break;
+    }
+
+cleanup:
+    VmMetricsDestroy(pContext);
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
+
+DWORD
+VmMetricsHistogramTest()
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsHistogramWithLabelTest();
+    dwError += VmMetricsHistogramWithoutLabelTest();
+    dwError += VmMetricsHistogramWithInvalidLabelTest();
+
+    return dwError;
+}
diff --git a/vmmetrics/testing/main.c b/vmmetrics/testing/main.c
new file mode 100644
index 000000000..5f7cb6602
--- /dev/null
+++ b/vmmetrics/testing/main.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+#include "vmmetricstest.h"
+
+int main(int argc, char *argv[])
+{
+    DWORD dwError = 0;
+
+    dwError = VmMetricsCounterTest();
+    dwError += VmMetricsGaugeTest();
+    dwError += VmMetricsHistogramTest();
+    dwError += VmMetricsMixedTest();
+
+    if (dwError == 0)
+    {
+        printf("\nTEST PASSED\n");
+    }
+    else
+    {
+        printf("\nTEST FAILED. %d test failures\n", dwError);
+    }
+    return dwError;
+}
diff --git a/vmmetrics/testing/mixedtest.c b/vmmetrics/testing/mixedtest.c
new file mode 100644
index 000000000..cc8fef888
--- /dev/null
+++ b/vmmetrics/testing/mixedtest.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+#include "vmmetrics.h"
+
+DWORD
+VmMetricsMixedTest()
+{
+    DWORD dwError = 0;
+
+    PVM_METRICS_CONTEXT pContext = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram1 = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram2 = NULL;
+
+    PSTR pszData = NULL;
+    PSTR pszExpected = NULL;
+    DWORD dataLen = 0;
+
+    VM_METRICS_LABEL pLabel[2] = {
+                                    {"label1","value1"},
+                                    {"label2","value2"}
+                                 };
+
+    uint64_t buckets1[] = {1, 5, 10};
+    uint64_t buckets2[] = {1, 10, 100};
+
+    dwError = VmMetricsInit(&pContext);
+    if (dwError)
+    {
+        printf("FAIL: Error in MetricsInit for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsHistogramNew(pContext,
+                        "histogram1_duration_milliseconds",
+                        pLabel,
+                        2,
+                        "Mixed Test histogram 1",
+                        buckets1,
+                        3,
+                        &pHistogram1);
+    if (dwError)
+    {
+        printf("FAIL: Error in HistogramNew for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsGaugeNew(pContext,
+                        "gauge1_value",
+                        NULL,
+                        0,
+                        "Mixed Test gauge",
+                        &pGauge);
+    if (dwError)
+    {
+        printf("FAIL: Error in GaugeNew for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsHistogramUpdate(pHistogram1, 3);
+
+    VmMetricsGaugeSet(pGauge, -4);
+
+    VmMetricsGaugeIncrement(pGauge);
+
+    dwError = VmMetricsHistogramNew(pContext,
+                        "histogram2_duration_milliseconds",
+                        NULL,
+                        0,
+                        "Mixed Test histogram 2",
+                        buckets2,
+                        3,
+                        &pHistogram2);
+    if (dwError)
+    {
+        printf("FAIL: Error in HistogramNew for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsCounterNew(pContext,
+                        "counter1_count",
+                        NULL,
+                        0,
+                        "Mixed Test counter",
+                        &pCounter);
+    if (dwError)
+    {
+        printf("FAIL: Error in CounterNew for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsHistogramUpdate(pHistogram2, 34);
+
+    VmMetricsCounterIncrement(pCounter);
+
+    VmMetricsGaugeAdd(pGauge, 5);
+
+    dwError = VmMetricsHistogramDelete(pContext, pHistogram1);
+    if (dwError)
+    {
+        printf("FAIL: Error in HistogramDelete for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    VmMetricsHistogramUpdate(pHistogram2, 2);
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP counter1_count Mixed Test counter\n" \
+                    "# TYPE counter1_count counter\n" \
+                    "counter1_count 1\n" \
+                     "# HELP histogram2_duration_milliseconds Mixed Test histogram 2\n" \
+                    "# TYPE histogram2_duration_milliseconds histogram\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"1\"} 0\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"10\"} 1\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"100\"} 2\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"+Inf\"} 2\n" \
+                    "histogram2_duration_milliseconds_count 2\n" \
+                    "histogram2_duration_milliseconds_sum 36\n" \
+                    "# HELP gauge1_value Mixed Test gauge\n" \
+                    "# TYPE gauge1_value gauge\n" \
+                    "gauge1_value 2\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: MixedTest1\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: MixedTest1\n");
+        goto error;
+    }
+
+    VmMetricsFreePrometheusData(pszData);
+
+    dwError = VmMetricsGaugeDelete(pContext, pGauge);
+    if (dwError)
+    {
+        printf("FAIL: Error in GaugeDelete for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsCounterDelete(pContext, pCounter);
+    if (dwError)
+    {
+        printf("FAIL: Error in CounterDelete for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    dwError = VmMetricsGetPrometheusData(pContext, &pszData, &dataLen);
+    if (dwError)
+    {
+        printf("FAIL: Error in GetPrometheusData for test: MixedTest, Error Code = %d\n", dwError);
+        goto error;
+    }
+
+    pszExpected = "# HELP histogram2_duration_milliseconds Mixed Test histogram 2\n" \
+                    "# TYPE histogram2_duration_milliseconds histogram\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"1\"} 0\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"10\"} 1\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"100\"} 2\n" \
+                    "histogram2_duration_milliseconds_bucket{le=\"+Inf\"} 2\n" \
+                    "histogram2_duration_milliseconds_count 2\n" \
+                    "histogram2_duration_milliseconds_sum 36\n";
+
+    if (strcmp(pszData, pszExpected) == 0)
+    {
+        printf("PASS: Expected Data received for test: MixedTest2\n");
+    }
+    else
+    {
+        printf("FAIL: Unexpected Data received for test: MixedTest2\n");
+        goto error;
+    }
+
+cleanup:
+    VmMetricsFreePrometheusData(pszData);
+    VmMetricsDestroy(pContext);
+
+    return dwError;
+
+error:
+    dwError = 1;
+    goto cleanup;
+}
diff --git a/vmmetrics/testing/vmmetricstest.h b/vmmetrics/testing/vmmetricstest.h
new file mode 100644
index 000000000..0302f8738
--- /dev/null
+++ b/vmmetrics/testing/vmmetricstest.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef _VM_METRICS_TEST_H__
+#define _VM_METRICS_TEST_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+DWORD VmMetricsCounterTest();
+
+DWORD VmMetricsGaugeTest();
+
+DWORD VmMetricsHistogramTest();
+
+DWORD VmMetricsMixedTest();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __VM_METRICS_TEST_H__ */
diff --git a/vmmetrics/vmmetrics.c b/vmmetrics/vmmetrics.c
new file mode 100644
index 000000000..4310ec117
--- /dev/null
+++ b/vmmetrics/vmmetrics.c
@@ -0,0 +1,1134 @@
+/*
+ * Copyright © 2017 VMware, Inc.  All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the ?~@~\License?~@~]); you may not
+ * use this file except in compliance with the License.  You may obtain a copy
+ * of the License at http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an ?~@~\AS IS?~@~] BASIS, without
+ * warranties or conditions of any kind, EITHER EXPRESS OR IMPLIED.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "includes.h"
+
+static
+DWORD
+_VmMetricsMakeLabel(
+    PVM_METRICS_LABEL pLabel,
+    DWORD dwLabelCount,
+    PSTR* pszLabelOut
+    );
+
+static
+DWORD
+_VmMetricsGetCounterData(
+    PVM_METRICS_COUNTER pCounter,
+    PSTR pszData,
+    DWORD dwDataLen,
+    DWORD dwBufLen,
+    BOOLEAN bNameUsed
+    );
+
+static
+DWORD
+_VmMetricsGetGaugeData(
+    PVM_METRICS_GAUGE pGauge,
+    PSTR pszData,
+    DWORD dwDataLen,
+    DWORD dwBufLen,
+    BOOLEAN bNameUsed
+    );
+
+static
+DWORD
+_VmMetricsGetHistogramData(
+    PVM_METRICS_HISTOGRAM pHistogram,
+    PSTR pszData,
+    DWORD dwDataLen,
+    DWORD dwBufLen,
+    BOOLEAN bNameUsed
+    );
+
+static
+VOID
+_VmMetricsNoopHashMapPairFree(
+    PLW_HASHMAP_PAIR pPair,
+    LW_PVOID pUnused
+    );
+
+/*
+ * Initialize the metrics context
+ */
+DWORD
+VmMetricsInit(
+    PVM_METRICS_CONTEXT* ppContext
+    )
+{
+    DWORD dwError = 0;
+    PVM_METRICS_CONTEXT pContext = NULL;
+
+    if (!ppContext)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_CONTEXT),
+            (PVOID*)&pContext);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    pContext->pMetrics = NULL;
+
+    dwError = pthread_rwlock_init(&pContext->rwLock, NULL);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    *ppContext = pContext;
+
+cleanup:
+    return dwError;
+
+error:
+    VM_METRICS_SAFE_FREE_MEMORY(pContext);
+    goto cleanup;
+}
+
+/*
+ * Add a new counter metric
+ */
+DWORD
+VmMetricsCounterNew(
+    PVM_METRICS_CONTEXT pContext,
+    PCSTR pszName,
+    const PVM_METRICS_LABEL pLabel,
+    const DWORD iLabelCount,
+    PCSTR pszDescription,
+    PVM_METRICS_COUNTER* ppCounter
+    )
+{
+    DWORD dwError = 0;
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+
+    if (!ppCounter || !pContext || !pszName || !pszDescription)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_LIST_ENTRY),
+            (PVOID*)&pEntry);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_COUNTER),
+            (PVOID*)&pCounter);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    pCounter->pszName = strdup(pszName);
+    if (!pCounter->pszName)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    if (pLabel && iLabelCount)
+    {
+        dwError = _VmMetricsMakeLabel(pLabel, iLabelCount, &pCounter->pszLabel);
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+    else
+    {
+        pCounter->pszLabel = NULL;
+    }
+
+    pCounter->pszDescription = strdup(pszDescription);
+    if (!pCounter->pszDescription)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pCounter->value = 0;
+
+    pEntry->pData = (PVOID)pCounter;
+    pEntry->type = VM_METRICS_TYPE_COUNTER;
+    pEntry->pNext = NULL;
+
+    pthread_rwlock_wrlock(&pContext->rwLock);
+    if (pContext->pMetrics)
+    {
+        pEntry->pNext = pContext->pMetrics;
+    }
+
+    pContext->pMetrics = pEntry;
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+    *ppCounter = pCounter;
+
+cleanup:
+    return dwError;
+
+error:
+    if (pCounter)
+    {
+        VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszName);
+        VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszLabel);
+        VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszDescription);
+        VM_METRICS_SAFE_FREE_MEMORY(pCounter);
+    }
+    VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+
+    goto cleanup;
+}
+
+/*
+ * Add a new gauge metric
+ */
+DWORD
+VmMetricsGaugeNew(
+    PVM_METRICS_CONTEXT pContext,
+    PCSTR pszName,
+    const PVM_METRICS_LABEL pLabel,
+    const DWORD iLabelCount,
+    PCSTR pszDescription,
+    PVM_METRICS_GAUGE* ppGauge
+    )
+{
+    DWORD dwError = 0;
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+
+    if (!ppGauge || !pContext || !pszName || !pszDescription)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_LIST_ENTRY),
+            (PVOID*)&pEntry);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_GAUGE),
+            (PVOID*)&pGauge);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    pGauge->pszName = strdup(pszName);
+    if (!pGauge->pszName)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    if (pLabel && iLabelCount)
+    {
+        dwError = _VmMetricsMakeLabel(pLabel, iLabelCount, &pGauge->pszLabel);
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+    else
+    {
+        pGauge->pszLabel = NULL;
+    }
+
+    pGauge->pszDescription = strdup(pszDescription);
+    if (!pGauge->pszDescription)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pGauge->value = 0;
+
+    pEntry->pData = (PVOID)pGauge;
+    pEntry->type = VM_METRICS_TYPE_GAUGE;
+    pEntry->pNext = NULL;
+
+    pthread_rwlock_wrlock(&pContext->rwLock);
+    if (pContext->pMetrics)
+    {
+        pEntry->pNext = pContext->pMetrics;
+    }
+
+    pContext->pMetrics = pEntry;
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+    *ppGauge = pGauge;
+
+cleanup:
+    return dwError;
+
+error:
+    if (pGauge)
+    {
+        VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszName);
+        VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszLabel);
+        VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszDescription);
+        VM_METRICS_SAFE_FREE_MEMORY(pGauge);
+    }
+    VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+
+    goto cleanup;
+}
+
+/*
+ * Add a new histogram metric
+ */
+DWORD
+VmMetricsHistogramNew(
+    PVM_METRICS_CONTEXT pContext,
+    PCSTR pszName,
+    const PVM_METRICS_LABEL pLabel,
+    const DWORD iLabelCount,
+    PCSTR pszDescription,
+    const uint64_t iBuckets[],
+    const DWORD iBucketSize,
+    PVM_METRICS_HISTOGRAM* ppHistogram
+    )
+{
+    DWORD dwError = 0;
+    DWORD i = 0;
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram = NULL;
+
+    if (!ppHistogram || !pContext || !pszName || !pszDescription)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_LIST_ENTRY),
+            (PVOID*)&pEntry);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    dwError = VmMetricsAllocateMemory(
+            sizeof(VM_METRICS_HISTOGRAM),
+            (PVOID*)&pHistogram);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    pHistogram->pszName = strdup(pszName);
+    if (!pHistogram->pszName)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    if (pLabel && iLabelCount)
+    {
+        dwError = _VmMetricsMakeLabel(pLabel, iLabelCount, &pHistogram->pszLabel);
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+    else
+    {
+        pHistogram->pszLabel = NULL;
+    }
+    pHistogram->pszDescription = strdup(pszDescription);
+    if (!pHistogram->pszDescription)
+    {
+        dwError = VM_METRICS_ERROR_NO_MEMORY;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pHistogram->bucketSize = iBucketSize;
+
+    dwError = VmMetricsAllocateMemory(
+            iBucketSize * sizeof(int64_t),
+            (PVOID*)&pHistogram->pBucketKeys);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    dwError = VmMetricsAllocateMemory(
+            iBucketSize * sizeof(int64_t),
+            (PVOID*)&pHistogram->pBucketValues);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    for (i=0; i<pHistogram->bucketSize; i++)
+    {
+        pHistogram->pBucketKeys[i] = (int64_t)iBuckets[i];
+        pHistogram->pBucketValues[i] = 0;
+    }
+
+    pEntry->pData = (PVOID)pHistogram;
+    pEntry->type = VM_METRICS_TYPE_HISTOGRAM;
+    pEntry->pNext = NULL;
+
+    pthread_rwlock_wrlock(&pContext->rwLock);
+    if (pContext->pMetrics)
+    {
+        pEntry->pNext = pContext->pMetrics;
+    }
+
+    pContext->pMetrics = pEntry;
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+    *ppHistogram = pHistogram;
+
+cleanup:
+    return dwError;
+
+error:
+    if (pHistogram)
+    {
+        VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszName);
+        VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszLabel);
+        VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszDescription);
+        VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pBucketKeys);
+        VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pBucketValues);
+        VM_METRICS_SAFE_FREE_MEMORY(pHistogram);
+    }
+    VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+
+    goto cleanup;
+}
+
+/*
+ * Increment the counter by 1
+ */
+VOID
+VmMetricsCounterIncrement(
+    PVM_METRICS_COUNTER pCounter
+    )
+{
+    LwInterlockedIncrement64(&pCounter->value);
+}
+
+/*
+ * Add the value to the counter
+ */
+VOID
+VmMetricsCounterAdd(
+    PVM_METRICS_COUNTER pCounter,
+    uint64_t value
+    )
+{
+    LwInterlockedAdd64(&pCounter->value, (int64_t)value);
+}
+
+/*
+ * Set the value of the gague
+ */
+VOID
+VmMetricsGaugeSet(
+    PVM_METRICS_GAUGE pGauge,
+    int64_t value
+    )
+{
+    LwInterlockedExchange64(&pGauge->value, value);
+}
+
+/*
+ * Increment the gauge by 1
+ */
+VOID
+VmMetricsGaugeIncrement(
+    PVM_METRICS_GAUGE pGauge
+    )
+{
+    LwInterlockedIncrement64(&pGauge->value);
+}
+
+/*
+ * Decrement the gauge by 1
+ */
+VOID
+VmMetricsGaugeDecrement(
+    PVM_METRICS_GAUGE pGauge
+    )
+{
+    LwInterlockedDecrement64(&pGauge->value);
+}
+
+/*
+ * Add the value to the gauge
+ */
+VOID
+VmMetricsGaugeAdd(
+    PVM_METRICS_GAUGE pGauge,
+    uint64_t value
+    )
+{
+    LwInterlockedAdd64(&pGauge->value, (int64_t)value);
+}
+
+/*
+ * Subtract the value from the gauge
+ */
+VOID
+VmMetricsGaugeSubtract(
+    PVM_METRICS_GAUGE pGauge,
+    uint64_t value
+    )
+{
+    LwInterlockedSubtract64(&pGauge->value, (int64_t)value);
+}
+
+/*
+ * Set the value of the gauge to the current Unix time in secondss
+ */
+VOID
+VmMetricsGaugeSetToCurrentTime(
+    PVM_METRICS_GAUGE pGauge
+    )
+{
+    LwInterlockedExchange64(&pGauge->value, (int64_t)time(NULL));
+}
+
+/*
+ * Add the given value to the histogram
+ */
+VOID
+VmMetricsHistogramUpdate(
+    PVM_METRICS_HISTOGRAM pHistogram,
+    uint64_t value
+    )
+{
+    DWORD i = 0;
+
+    for (i=0; i<pHistogram->bucketSize; i++)
+    {
+        if (value <= pHistogram->pBucketKeys[i])
+        {
+            LwInterlockedIncrement64(&pHistogram->pBucketValues[i]);
+        }
+    }
+
+    LwInterlockedIncrement64(&pHistogram->count);
+    LwInterlockedAdd64(&pHistogram->sum, (int64_t)value);
+}
+
+/*
+ * Return the list of all metrics data in Prometheus format (string/text)
+ */
+DWORD
+VmMetricsGetPrometheusData(
+    PVM_METRICS_CONTEXT pContext,
+    PSTR* ppszData,
+    DWORD* pDataLen
+    )
+{
+    DWORD dwError = 0;
+    DWORD bufLen = 0;
+    BOOLEAN realloc = FALSE;
+    BOOLEAN bNameUsed = FALSE;
+    PLW_HASHMAP pNamesMap = NULL;
+
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram = NULL;
+
+    PSTR pszData = NULL;
+    DWORD allocatedSize = BUFFER_SIZE;
+    DWORD dataLen = 0;
+
+    dwError = LwRtlCreateHashMap(&pNamesMap,
+            LwRtlHashDigestPstrCaseless,
+            LwRtlHashEqualPstrCaseless,
+            NULL);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    dwError = VmMetricsAllocateMemory(
+            BUFFER_SIZE,
+            (PVOID*)&pszData);
+    BAIL_ON_VM_METRICS_ERROR(dwError);
+
+    pthread_rwlock_rdlock(&pContext->rwLock);
+    pEntry = pContext->pMetrics;
+    while (pEntry)
+    {
+        switch (pEntry->type)
+        {
+            case VM_METRICS_TYPE_COUNTER:
+            {
+                pCounter = (PVM_METRICS_COUNTER)pEntry->pData;
+
+                if (LwRtlHashMapFindKey(pNamesMap, NULL, pCounter->pszName) == 0)
+                {
+                    bNameUsed = TRUE;
+                }
+                else
+                {
+                    dwError = LwRtlHashMapInsert(pNamesMap, pCounter->pszName, 0, NULL);
+                    BAIL_ON_VM_METRICS_ERROR(dwError);
+                }
+
+                bufLen = _VmMetricsGetCounterData(pCounter, NULL, 0, 0, bNameUsed);
+
+                while (dataLen + bufLen > allocatedSize)
+                {
+                    allocatedSize += BUFFER_SIZE;
+                    realloc = TRUE;
+                }
+                if (realloc)
+                {
+                    dwError = VmMetricsReallocateMemory(
+                                (PVOID)pszData,
+                                (PVOID*)&pszData,
+                                allocatedSize);
+                    BAIL_ON_VM_METRICS_ERROR(dwError);
+                    realloc = FALSE;
+                }
+
+                dataLen += _VmMetricsGetCounterData(pCounter, pszData, dataLen, bufLen, bNameUsed);
+                dataLen--;
+                bNameUsed = FALSE;
+
+                break;
+            }
+
+            case VM_METRICS_TYPE_GAUGE:
+            {
+                pGauge = (PVM_METRICS_GAUGE)pEntry->pData;
+
+                if (LwRtlHashMapFindKey(pNamesMap, NULL, pGauge->pszName) == 0)
+                {
+                    bNameUsed = TRUE;
+                }
+                else
+                {
+                    dwError = LwRtlHashMapInsert(pNamesMap, pGauge->pszName, 0, NULL);
+                    BAIL_ON_VM_METRICS_ERROR(dwError);
+                }
+
+                bufLen = _VmMetricsGetGaugeData(pGauge, NULL, 0, 0, bNameUsed);
+
+                while (dataLen + bufLen > allocatedSize)
+                {
+                    allocatedSize += BUFFER_SIZE;
+                    realloc = TRUE;
+                }
+                if (realloc)
+                {
+                    dwError = VmMetricsReallocateMemory(
+                                (PVOID)pszData,
+                                (PVOID*)&pszData,
+                                allocatedSize);
+                    BAIL_ON_VM_METRICS_ERROR(dwError);
+                    realloc = FALSE;
+                }
+
+                dataLen += _VmMetricsGetGaugeData(pGauge, pszData, dataLen, bufLen, bNameUsed);
+                dataLen--;
+                bNameUsed = FALSE;
+
+                break;
+            }
+
+            case VM_METRICS_TYPE_HISTOGRAM:
+            {
+                pHistogram = (PVM_METRICS_HISTOGRAM)pEntry->pData;
+
+                if (LwRtlHashMapFindKey(pNamesMap, NULL, pHistogram->pszName) == 0)
+                {
+                    bNameUsed = TRUE;
+                }
+                else
+                {
+                    dwError = LwRtlHashMapInsert(pNamesMap, pHistogram->pszName, 0, NULL);
+                    BAIL_ON_VM_METRICS_ERROR(dwError);
+                }
+
+                bufLen = _VmMetricsGetHistogramData(pHistogram, NULL, 0, 0, bNameUsed);
+
+                while (dataLen + bufLen > allocatedSize)
+                {
+                    allocatedSize += BUFFER_SIZE;
+                    realloc = TRUE;
+                }
+                if (realloc)
+                {
+                    dwError = VmMetricsReallocateMemory(
+                                (PVOID)pszData,
+                                (PVOID*)&pszData,
+                                allocatedSize);
+                    BAIL_ON_VM_METRICS_ERROR(dwError);
+                    realloc = FALSE;
+                }
+
+                dataLen += _VmMetricsGetHistogramData(pHistogram, pszData, dataLen, bufLen, bNameUsed);
+                dataLen--;
+                bNameUsed = FALSE;
+
+                break;
+            }
+
+            default:
+                break;
+        }
+
+        pEntry = pEntry->pNext;
+    }
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+    *ppszData = pszData;
+    *pDataLen = dataLen;
+
+cleanup:
+    LwRtlHashMapClear(pNamesMap, _VmMetricsNoopHashMapPairFree, NULL);
+    LwRtlFreeHashMap(&pNamesMap);
+    return dwError;
+
+error:
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+    goto cleanup;
+}
+
+/*
+ * Free the data returned by VmMetricsGetPrometheusData()
+ */
+VOID
+VmMetricsFreePrometheusData(
+    PSTR pszData
+    )
+{
+    VM_METRICS_SAFE_FREE_MEMORY(pszData);
+}
+
+/*
+ * Delete a counter metric
+ */
+DWORD
+VmMetricsCounterDelete(
+    PVM_METRICS_CONTEXT pContext,
+    PVM_METRICS_COUNTER pCounter
+    )
+{
+    DWORD dwError = 0;
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_LIST_ENTRY pPrev = NULL;
+
+    if (!pContext || !pCounter)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pthread_rwlock_wrlock(&pContext->rwLock);
+    pEntry = pContext->pMetrics;
+    while (pEntry)
+    {
+        if (pEntry->type == VM_METRICS_TYPE_COUNTER && pEntry->pData == pCounter)
+        {
+            if (!pPrev)
+            {
+                pContext->pMetrics = pEntry->pNext;
+            }
+            else
+            {
+                pPrev->pNext = pEntry->pNext;
+            }
+            VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszName);
+            VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszLabel);
+            VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszDescription);
+            VM_METRICS_SAFE_FREE_MEMORY(pCounter);
+            VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+            break;
+        }
+        pPrev = pEntry;
+        pEntry = pEntry->pNext;
+    }
+
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+/*
+ * Delete a gauge metric
+ */
+DWORD
+VmMetricsGaugeDelete(
+    PVM_METRICS_CONTEXT pContext,
+    PVM_METRICS_GAUGE pGauge
+    )
+{
+    DWORD dwError = 0;
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_LIST_ENTRY pPrev = NULL;
+
+    if (!pContext || !pGauge)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pthread_rwlock_wrlock(&pContext->rwLock);
+    pEntry = pContext->pMetrics;
+    while (pEntry)
+    {
+        if (pEntry->type == VM_METRICS_TYPE_GAUGE && pEntry->pData == pGauge)
+        {
+            if (!pPrev)
+            {
+                pContext->pMetrics = pEntry->pNext;
+            }
+            else
+            {
+                pPrev->pNext = pEntry->pNext;
+            }
+            VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszName);
+            VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszLabel);
+            VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszDescription);
+            VM_METRICS_SAFE_FREE_MEMORY(pGauge);
+            VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+            break;
+        }
+        pPrev = pEntry;
+        pEntry = pEntry->pNext;
+    }
+
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+/*
+ * Delete a histogram metric
+ */
+DWORD
+VmMetricsHistogramDelete(
+    PVM_METRICS_CONTEXT pContext,
+    PVM_METRICS_HISTOGRAM pHistogram
+    )
+{
+    DWORD dwError = 0;
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_LIST_ENTRY pPrev = NULL;
+
+    if (!pContext || !pHistogram)
+    {
+        dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+    }
+
+    pthread_rwlock_wrlock(&pContext->rwLock);
+    pEntry = pContext->pMetrics;
+    while (pEntry)
+    {
+        if (pEntry->type == VM_METRICS_TYPE_HISTOGRAM && pEntry->pData == pHistogram)
+        {
+            if (!pPrev)
+            {
+                pContext->pMetrics = pEntry->pNext;
+            }
+            else
+            {
+                pPrev->pNext = pEntry->pNext;
+            }
+            VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszName);
+            VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszLabel);
+            VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszDescription);
+            VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pBucketKeys);
+            VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pBucketValues);
+            VM_METRICS_SAFE_FREE_MEMORY(pHistogram);
+            VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+            break;
+        }
+        pPrev = pEntry;
+        pEntry = pEntry->pNext;
+    }
+
+    pthread_rwlock_unlock(&pContext->rwLock);
+
+cleanup:
+    return dwError;
+
+error:
+    goto cleanup;
+}
+
+/*
+ * Destroy the metrics context structure
+ */
+VOID
+VmMetricsDestroy(
+    PVM_METRICS_CONTEXT pContext
+    )
+{
+    PVM_METRICS_LIST_ENTRY pEntry = NULL;
+    PVM_METRICS_COUNTER pCounter = NULL;
+    PVM_METRICS_GAUGE pGauge = NULL;
+    PVM_METRICS_HISTOGRAM pHistogram = NULL;
+
+    if (pContext)
+    {
+        while (pContext->pMetrics)
+        {
+            pEntry = pContext->pMetrics;
+
+            switch (pEntry->type)
+            {
+                case VM_METRICS_TYPE_COUNTER:
+                {
+                    pCounter = pEntry->pData;
+                    VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszName);
+                    VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszLabel);
+                    VM_METRICS_SAFE_FREE_MEMORY(pCounter->pszDescription);
+                    VM_METRICS_SAFE_FREE_MEMORY(pCounter);
+                    break;
+                }
+                case VM_METRICS_TYPE_GAUGE:
+                {
+                    pGauge = pEntry->pData;
+                    VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszName);
+                    VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszLabel);
+                    VM_METRICS_SAFE_FREE_MEMORY(pGauge->pszDescription);
+                    VM_METRICS_SAFE_FREE_MEMORY(pGauge);
+                    break;
+                }
+                case VM_METRICS_TYPE_HISTOGRAM:
+                {
+                    pHistogram = pEntry->pData;
+                    VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszName);
+                    VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszLabel);
+                    VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pszDescription);
+                    VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pBucketKeys);
+                    VM_METRICS_SAFE_FREE_MEMORY(pHistogram->pBucketValues);
+                    VM_METRICS_SAFE_FREE_MEMORY(pHistogram);
+                    break;
+                }
+                default:
+                {
+                    break;
+                }
+            }
+
+            pContext->pMetrics = pEntry->pNext;
+            pEntry->pNext = NULL;
+            VM_METRICS_SAFE_FREE_MEMORY(pEntry);
+        }
+
+        pthread_rwlock_destroy(&pContext->rwLock);
+        VM_METRICS_SAFE_FREE_MEMORY(pContext);
+    }
+}
+
+/*
+ * Converting PVM_METRICS_LABEL into String Label
+ */
+static
+DWORD
+_VmMetricsMakeLabel(
+    PVM_METRICS_LABEL pLabel,
+    DWORD dwLabelCount,
+    PSTR* pszLabelOut
+    )
+{
+    PSTR pszLabel = NULL;
+    DWORD dwError = 0;
+    DWORD len = 0;
+    DWORD extraLen = 0;
+    PSTR appendExtra = "";  // Null or comma character
+
+    while (dwLabelCount)
+    {
+        if (!pLabel->pszKey || !pLabel->pszValue)
+        {
+            dwError = VM_METRICS_ERROR_INVALID_PARAMETER;
+            BAIL_ON_VM_METRICS_ERROR(dwError);
+        }
+        if (!appendExtra)
+        {
+            // +4 in below line is for the characters '=' and 2 quotes '"' and '\0'
+            len = strlen(pLabel->pszKey) + strlen(pLabel->pszValue) + 4;
+        }
+        else
+        {
+            // +5 in below line is for the characters appendExtra ',' and '=' and 2 quotes '"' and '\0'
+            extraLen = strlen(pLabel->pszKey) + strlen(pLabel->pszValue) + 5;
+        }
+        len = len + extraLen;
+
+        dwError = VmMetricsReallocateMemory(
+                (PVOID)pszLabel,
+                (PVOID*)&pszLabel,
+                len);
+        BAIL_ON_VM_METRICS_ERROR(dwError);
+
+        snprintf( pszLabel+strlen(pszLabel), extraLen, "%s%s=\"%s\"",
+                    appendExtra,
+                    pLabel->pszKey,
+                    pLabel->pszValue);
+
+        appendExtra = ",";
+        pLabel++;
+        dwLabelCount--;
+    }
+
+    *pszLabelOut = pszLabel;
+
+cleanup:
+    return dwError;
+
+error:
+    VM_METRICS_SAFE_FREE_MEMORY(pszLabel);
+    goto cleanup;
+}
+
+static
+DWORD
+_VmMetricsGetCounterData(
+    PVM_METRICS_COUNTER pCounter,
+    PSTR pszData,
+    DWORD dwDataLen,
+    DWORD dwBufLen,
+    BOOLEAN bNameUsed
+    )
+{
+    DWORD len = 0;
+
+    if (!bNameUsed)
+    {
+        len += snprintf( pszData+dwDataLen, dwBufLen, "# HELP %s %s\n# TYPE %s counter\n",
+                    pCounter->pszName,
+                    pCounter->pszDescription,
+                    pCounter->pszName);
+    }
+
+    if (pCounter->pszLabel)
+    {
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s{%s} %" PRIu64 "\n",
+                    pCounter->pszName,
+                    pCounter->pszLabel,
+                    pCounter->value);
+    }
+    else
+    {
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s %" PRIu64 "\n",
+                    pCounter->pszName,
+                    pCounter->value);
+    }
+
+    return len+1;
+}
+
+static
+DWORD
+_VmMetricsGetGaugeData(
+    PVM_METRICS_GAUGE pGauge,
+    PSTR pszData,
+    DWORD dwDataLen,
+    DWORD dwBufLen,
+    BOOLEAN bNameUsed
+    )
+{
+    DWORD len = 0;
+
+    if (!bNameUsed)
+    {
+        len += snprintf( pszData+dwDataLen, dwBufLen, "# HELP %s %s\n# TYPE %s gauge\n",
+                    pGauge->pszName,
+                    pGauge->pszDescription,
+                    pGauge->pszName);
+    }
+
+    if (pGauge->pszLabel)
+    {
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s{%s} %" PRIu64 "\n",
+                    pGauge->pszName,
+                    pGauge->pszLabel,
+                    pGauge->value);
+    }
+    else
+    {
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s %" PRIu64 "\n",
+                    pGauge->pszName,
+                    pGauge->value);
+    }
+
+    return len+1;
+}
+
+static
+DWORD
+_VmMetricsGetHistogramData(
+    PVM_METRICS_HISTOGRAM pHistogram,
+    PSTR pszData,
+    DWORD dwDataLen,
+    DWORD dwBufLen,
+    BOOLEAN bNameUsed
+    )
+{
+    DWORD len = 0;
+    int i = 0;
+
+    if (!bNameUsed)
+    {
+        len += snprintf( pszData+dwDataLen, dwBufLen, "# HELP %s %s\n# TYPE %s histogram\n",
+                    pHistogram->pszName,
+                    pHistogram->pszDescription,
+                    pHistogram->pszName);
+    }
+
+    for (i=0; i<pHistogram->bucketSize; i++)
+    {
+        if (pHistogram->pszLabel)
+        {
+            len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_bucket{le=\"%" PRIu64 "\",%s} %" PRIu64 "\n",
+                        pHistogram->pszName,
+                        pHistogram->pBucketKeys[i],
+                        pHistogram->pszLabel,
+                        pHistogram->pBucketValues[i]);
+        }
+        else
+        {
+            len +=snprintf( pszData+dwDataLen+len, dwBufLen, "%s_bucket{le=\"%" PRIu64 "\"} %" PRIu64 "\n",
+                        pHistogram->pszName,
+                        pHistogram->pBucketKeys[i],
+                        pHistogram->pBucketValues[i]);
+        }
+    }
+
+    if (pHistogram->pszLabel)
+    {
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_bucket{le=\"+Inf\",%s} %" PRIu64 "\n",
+                    pHistogram->pszName,
+                    pHistogram->pszLabel,
+                    pHistogram->count);
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_count{%s} %" PRIu64 "\n",
+                    pHistogram->pszName,
+                    pHistogram->pszLabel,
+                    pHistogram->count);
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_sum{%s} %" PRIu64 "\n",
+                    pHistogram->pszName,
+                    pHistogram->pszLabel,
+                    pHistogram->sum);
+    }
+    else
+    {
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_bucket{le=\"+Inf\"} %" PRIu64 "\n",
+                    pHistogram->pszName,
+                    pHistogram->count);
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_count %" PRIu64 "\n",
+                    pHistogram->pszName,
+                    pHistogram->count);
+        len += snprintf( pszData+dwDataLen+len, dwBufLen, "%s_sum %" PRIu64 "\n",
+                    pHistogram->pszName,
+                    pHistogram->sum);
+    }
+
+    return len+1;
+}
+
+static
+VOID
+_VmMetricsNoopHashMapPairFree(
+    PLW_HASHMAP_PAIR pPair,
+    LW_PVOID pUnused
+    )
+{
+    return;
+}